Bug Summary

File:ui/vnc.c
Location:line 143, column 5
Description:Function call argument is an uninitialized value

Annotated Source Code

1/*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27#include "vnc.h"
28#include "vnc-jobs.h"
29#include "sysemu/sysemu.h"
30#include "qemu/sockets.h"
31#include "qemu/timer.h"
32#include "qemu/acl.h"
33#include "qapi/qmp/types.h"
34#include "qmp-commands.h"
35#include "qemu/osdep.h"
36
37#define VNC_REFRESH_INTERVAL_BASE30 GUI_REFRESH_INTERVAL_DEFAULT30
38#define VNC_REFRESH_INTERVAL_INC50 50
39#define VNC_REFRESH_INTERVAL_MAX3000 GUI_REFRESH_INTERVAL_IDLE3000
40static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
42
43#include "vnc_keysym.h"
44#include "d3des.h"
45
46static VncDisplay *vnc_display; /* needed for info vnc */
47
48static int vnc_cursor_define(VncState *vs);
49static void vnc_release_modifiers(VncState *vs);
50
51static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
52{
53#ifdef _VNC_DEBUG
54 static const char *mn[] = {
55 [0] = "undefined",
56 [VNC_SHARE_MODE_CONNECTING] = "connecting",
57 [VNC_SHARE_MODE_SHARED] = "shared",
58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
60 };
61 fprintf(stderrstderr, "%s/%d: %s -> %s\n", __func__,
62 vs->csock, mn[vs->share_mode], mn[mode]);
63#endif
64
65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
66 vs->vd->num_exclusive--;
67 }
68 vs->share_mode = mode;
69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
70 vs->vd->num_exclusive++;
71 }
72}
73
74static char *addr_to_string(const char *format,
75 struct sockaddr_storage *sa,
76 socklen_t salen) {
77 char *addr;
78 char host[NI_MAXHOST1025];
79 char serv[NI_MAXSERV32];
80 int err;
81 size_t addrlen;
82
83 if ((err = getnameinfo((struct sockaddr *)sa, salen,
84 host, sizeof(host),
85 serv, sizeof(serv),
86 NI_NUMERICHOST1 | NI_NUMERICSERV2)) != 0) {
87 VNC_DEBUG("Cannot resolve address %d: %s\n",do { } while (0)
88 err, gai_strerror(err))do { } while (0);
89 return NULL((void*)0);
90 }
91
92 /* Enough for the existing format + the 2 vars we're
93 * substituting in. */
94 addrlen = strlen(format) + strlen(host) + strlen(serv);
95 addr = g_malloc(addrlen + 1);
96 snprintf(addr, addrlen, format, host, serv);
97 addr[addrlen] = '\0';
98
99 return addr;
100}
101
102
103char *vnc_socket_local_addr(const char *format, int fd) {
104 struct sockaddr_storage sa;
105 socklen_t salen;
106
107 salen = sizeof(sa);
108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
109 return NULL((void*)0);
110
111 return addr_to_string(format, &sa, salen);
112}
113
114char *vnc_socket_remote_addr(const char *format, int fd) {
115 struct sockaddr_storage sa;
116 socklen_t salen;
117
118 salen = sizeof(sa);
119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
120 return NULL((void*)0);
121
122 return addr_to_string(format, &sa, salen);
123}
124
125static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
126 socklen_t salen)
127{
128 char host[NI_MAXHOST1025];
129 char serv[NI_MAXSERV32];
130 int err;
131
132 if ((err = getnameinfo((struct sockaddr *)sa, salen,
4
Taking false branch
133 host, sizeof(host),
134 serv, sizeof(serv),
135 NI_NUMERICHOST1 | NI_NUMERICSERV2)) != 0) {
136 VNC_DEBUG("Cannot resolve address %d: %s\n",do { } while (0)
137 err, gai_strerror(err))do { } while (0);
138 return -1;
139 }
140
141 qdict_put(qdict, "host", qstring_from_str(host))qdict_put_obj(qdict, "host", (&(qstring_from_str(host))->
base));
142 qdict_put(qdict, "service", qstring_from_str(serv))qdict_put_obj(qdict, "service", (&(qstring_from_str(serv)
)->base));
143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)))qdict_put_obj(qdict, "family", (&(qstring_from_str(inet_strfamily
(sa->ss_family)))->base));
5
Within the expansion of the macro 'qdict_put':
a
Function call argument is an uninitialized value
144
145 return 0;
146}
147
148static int vnc_server_addr_put(QDict *qdict, int fd)
149{
150 struct sockaddr_storage sa;
151 socklen_t salen;
152
153 salen = sizeof(sa);
154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
155 return -1;
156 }
157
158 return put_addr_qdict(qdict, &sa, salen);
159}
160
161static int vnc_qdict_remote_addr(QDict *qdict, int fd)
162{
163 struct sockaddr_storage sa;
164 socklen_t salen;
165
166 salen = sizeof(sa);
167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
2
Taking false branch
168 return -1;
169 }
170
171 return put_addr_qdict(qdict, &sa, salen);
3
Calling 'put_addr_qdict'
172}
173
174static const char *vnc_auth_name(VncDisplay *vd) {
175 switch (vd->auth) {
176 case VNC_AUTH_INVALID:
177 return "invalid";
178 case VNC_AUTH_NONE:
179 return "none";
180 case VNC_AUTH_VNC:
181 return "vnc";
182 case VNC_AUTH_RA2:
183 return "ra2";
184 case VNC_AUTH_RA2NE:
185 return "ra2ne";
186 case VNC_AUTH_TIGHT:
187 return "tight";
188 case VNC_AUTH_ULTRA:
189 return "ultra";
190 case VNC_AUTH_TLS:
191 return "tls";
192 case VNC_AUTH_VENCRYPT:
193#ifdef CONFIG_VNC_TLS1
194 switch (vd->subauth) {
195 case VNC_AUTH_VENCRYPT_PLAIN:
196 return "vencrypt+plain";
197 case VNC_AUTH_VENCRYPT_TLSNONE:
198 return "vencrypt+tls+none";
199 case VNC_AUTH_VENCRYPT_TLSVNC:
200 return "vencrypt+tls+vnc";
201 case VNC_AUTH_VENCRYPT_TLSPLAIN:
202 return "vencrypt+tls+plain";
203 case VNC_AUTH_VENCRYPT_X509NONE:
204 return "vencrypt+x509+none";
205 case VNC_AUTH_VENCRYPT_X509VNC:
206 return "vencrypt+x509+vnc";
207 case VNC_AUTH_VENCRYPT_X509PLAIN:
208 return "vencrypt+x509+plain";
209 case VNC_AUTH_VENCRYPT_TLSSASL:
210 return "vencrypt+tls+sasl";
211 case VNC_AUTH_VENCRYPT_X509SASL:
212 return "vencrypt+x509+sasl";
213 default:
214 return "vencrypt";
215 }
216#else
217 return "vencrypt";
218#endif
219 case VNC_AUTH_SASL:
220 return "sasl";
221 }
222 return "unknown";
223}
224
225static int vnc_server_info_put(QDict *qdict)
226{
227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
228 return -1;
229 }
230
231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)))qdict_put_obj(qdict, "auth", (&(qstring_from_str(vnc_auth_name
(vnc_display)))->base));
232 return 0;
233}
234
235static void vnc_client_cache_auth(VncState *client)
236{
237#if defined(CONFIG_VNC_TLS1) || defined(CONFIG_VNC_SASL1)
238 QDict *qdict;
239#endif
240
241 if (!client->info) {
242 return;
243 }
244
245#if defined(CONFIG_VNC_TLS1) || defined(CONFIG_VNC_SASL1)
246 qdict = qobject_to_qdict(client->info);
247#endif
248
249#ifdef CONFIG_VNC_TLS1
250 if (client->tls.session &&
251 client->tls.dname) {
252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname))qdict_put_obj(qdict, "x509_dname", (&(qstring_from_str(client
->tls.dname))->base));
253 }
254#endif
255#ifdef CONFIG_VNC_SASL1
256 if (client->sasl.conn &&
257 client->sasl.username) {
258 qdict_put(qdict, "sasl_username",qdict_put_obj(qdict, "sasl_username", (&(qstring_from_str
(client->sasl.username))->base))
259 qstring_from_str(client->sasl.username))qdict_put_obj(qdict, "sasl_username", (&(qstring_from_str
(client->sasl.username))->base));
260 }
261#endif
262}
263
264static void vnc_client_cache_addr(VncState *client)
265{
266 QDict *qdict;
267
268 qdict = qdict_new();
269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
1
Calling 'vnc_qdict_remote_addr'
270 QDECREF(qdict)qobject_decref(qdict ? (&(qdict)->base) : ((void*)0));
271 /* XXX: how to report the error? */
272 return;
273 }
274
275 client->info = QOBJECT(qdict)(&(qdict)->base);
276}
277
278static void vnc_qmp_event(VncState *vs, MonitorEvent event)
279{
280 QDict *server;
281 QObject *data;
282
283 if (!vs->info) {
284 return;
285 }
286
287 server = qdict_new();
288 if (vnc_server_info_put(server) < 0) {
289 QDECREF(server)qobject_decref(server ? (&(server)->base) : ((void*)0)
);
290 return;
291 }
292
293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
294 vs->info, QOBJECT(server)(&(server)->base));
295
296 monitor_protocol_event(event, data);
297
298 qobject_incref(vs->info);
299 qobject_decref(data);
300}
301
302static VncClientInfo *qmp_query_vnc_client(const VncState *client)
303{
304 struct sockaddr_storage sa;
305 socklen_t salen = sizeof(sa);
306 char host[NI_MAXHOST1025];
307 char serv[NI_MAXSERV32];
308 VncClientInfo *info;
309
310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
311 return NULL((void*)0);
312 }
313
314 if (getnameinfo((struct sockaddr *)&sa, salen,
315 host, sizeof(host),
316 serv, sizeof(serv),
317 NI_NUMERICHOST1 | NI_NUMERICSERV2) < 0) {
318 return NULL((void*)0);
319 }
320
321 info = g_malloc0(sizeof(*info));
322 info->host = g_strdup(host);
323 info->service = g_strdup(serv);
324 info->family = g_strdup(inet_strfamily(sa.ss_family));
325
326#ifdef CONFIG_VNC_TLS1
327 if (client->tls.session && client->tls.dname) {
328 info->has_x509_dname = true1;
329 info->x509_dname = g_strdup(client->tls.dname);
330 }
331#endif
332#ifdef CONFIG_VNC_SASL1
333 if (client->sasl.conn && client->sasl.username) {
334 info->has_sasl_username = true1;
335 info->sasl_username = g_strdup(client->sasl.username);
336 }
337#endif
338
339 return info;
340}
341
342VncInfo *qmp_query_vnc(Error **errp)
343{
344 VncInfo *info = g_malloc0(sizeof(*info));
345
346 if (vnc_display == NULL((void*)0) || vnc_display->display == NULL((void*)0)) {
347 info->enabled = false0;
348 } else {
349 VncClientInfoList *cur_item = NULL((void*)0);
350 struct sockaddr_storage sa;
351 socklen_t salen = sizeof(sa);
352 char host[NI_MAXHOST1025];
353 char serv[NI_MAXSERV32];
354 VncState *client;
355
356 info->enabled = true1;
357
358 /* for compatibility with the original command */
359 info->has_clients = true1;
360
361 QTAILQ_FOREACH(client, &vnc_display->clients, next)for ((client) = ((&vnc_display->clients)->tqh_first
); (client); (client) = ((client)->next.tqe_next)) {
362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
363 cinfo->value = qmp_query_vnc_client(client);
364
365 /* XXX: waiting for the qapi to support GSList */
366 if (!cur_item) {
367 info->clients = cur_item = cinfo;
368 } else {
369 cur_item->next = cinfo;
370 cur_item = cinfo;
371 }
372 }
373
374 if (vnc_display->lsock == -1) {
375 return info;
376 }
377
378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
379 &salen) == -1) {
380 error_set(errp, QERR_UNDEFINED_ERRORERROR_CLASS_GENERIC_ERROR, "An undefined error has occurred");
381 goto out_error;
382 }
383
384 if (getnameinfo((struct sockaddr *)&sa, salen,
385 host, sizeof(host),
386 serv, sizeof(serv),
387 NI_NUMERICHOST1 | NI_NUMERICSERV2) < 0) {
388 error_set(errp, QERR_UNDEFINED_ERRORERROR_CLASS_GENERIC_ERROR, "An undefined error has occurred");
389 goto out_error;
390 }
391
392 info->has_host = true1;
393 info->host = g_strdup(host);
394
395 info->has_service = true1;
396 info->service = g_strdup(serv);
397
398 info->has_family = true1;
399 info->family = g_strdup(inet_strfamily(sa.ss_family));
400
401 info->has_auth = true1;
402 info->auth = g_strdup(vnc_auth_name(vnc_display));
403 }
404
405 return info;
406
407out_error:
408 qapi_free_VncInfo(info);
409 return NULL((void*)0);
410}
411
412/* TODO
413 1) Get the queue working for IO.
414 2) there is some weirdness when using the -S option (the screen is grey
415 and not totally invalidated
416 3) resolutions > 1024
417*/
418
419static int vnc_update_client(VncState *vs, int has_dirty);
420static int vnc_update_client_sync(VncState *vs, int has_dirty);
421static void vnc_disconnect_start(VncState *vs);
422
423static void vnc_colordepth(VncState *vs);
424static void framebuffer_update_request(VncState *vs, int incremental,
425 int x_position, int y_position,
426 int w, int h);
427static void vnc_refresh(DisplayChangeListener *dcl);
428static int vnc_refresh_server_surface(VncDisplay *vd);
429
430static void vnc_dpy_update(DisplayChangeListener *dcl,
431 int x, int y, int w, int h)
432{
433 int i;
434 VncDisplay *vd = container_of(dcl, VncDisplay, dcl)({ const typeof(((VncDisplay *) 0)->dcl) *__mptr = (dcl); (
VncDisplay *) ((char *) __mptr - __builtin_offsetof(VncDisplay
, dcl));});
435 struct VncSurface *s = &vd->guest;
436 int width = surface_width(vd->ds);
437 int height = surface_height(vd->ds);
438
439 h += y;
440
441 /* round x down to ensure the loop only spans one 16-pixel block per,
442 iteration. otherwise, if (x % 16) != 0, the last iteration may span
443 two 16-pixel blocks but we only mark the first as dirty
444 */
445 w += (x % 16);
446 x -= (x % 16);
447
448 x = MIN(x, width)(((x) < (width)) ? (x) : (width));
449 y = MIN(y, height)(((y) < (height)) ? (y) : (height));
450 w = MIN(x + w, width)(((x + w) < (width)) ? (x + w) : (width)) - x;
451 h = MIN(h, height)(((h) < (height)) ? (h) : (height));
452
453 for (; y < h; y++)
454 for (i = 0; i < w; i += 16)
455 set_bit((x + i) / 16, s->dirty[y]);
456}
457
458void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
459 int32_t encoding)
460{
461 vnc_write_u16(vs, x);
462 vnc_write_u16(vs, y);
463 vnc_write_u16(vs, w);
464 vnc_write_u16(vs, h);
465
466 vnc_write_s32(vs, encoding);
467}
468
469void buffer_reserve(Buffer *buffer, size_t len)
470{
471 if ((buffer->capacity - buffer->offset) < len) {
472 buffer->capacity += (len + 1024);
473 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
474 if (buffer->buffer == NULL((void*)0)) {
475 fprintf(stderrstderr, "vnc: out of memory\n");
476 exit(1);
477 }
478 }
479}
480
481static int buffer_empty(Buffer *buffer)
482{
483 return buffer->offset == 0;
484}
485
486uint8_t *buffer_end(Buffer *buffer)
487{
488 return buffer->buffer + buffer->offset;
489}
490
491void buffer_reset(Buffer *buffer)
492{
493 buffer->offset = 0;
494}
495
496void buffer_free(Buffer *buffer)
497{
498 g_free(buffer->buffer);
499 buffer->offset = 0;
500 buffer->capacity = 0;
501 buffer->buffer = NULL((void*)0);
502}
503
504void buffer_append(Buffer *buffer, const void *data, size_t len)
505{
506 memcpy(buffer->buffer + buffer->offset, data, len);
507 buffer->offset += len;
508}
509
510void buffer_advance(Buffer *buf, size_t len)
511{
512 memmove(buf->buffer, buf->buffer + len,
513 (buf->offset - len));
514 buf->offset -= len;
515}
516
517static void vnc_desktop_resize(VncState *vs)
518{
519 DisplaySurface *ds = vs->vd->ds;
520
521 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE0)) {
522 return;
523 }
524 if (vs->client_width == surface_width(ds) &&
525 vs->client_height == surface_height(ds)) {
526 return;
527 }
528 vs->client_width = surface_width(ds);
529 vs->client_height = surface_height(ds);
530 vnc_lock_output(vs);
531 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
532 vnc_write_u8(vs, 0);
533 vnc_write_u16(vs, 1); /* number of rects */
534 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
535 VNC_ENCODING_DESKTOPRESIZE0xFFFFFF21);
536 vnc_unlock_output(vs);
537 vnc_flush(vs);
538}
539
540static void vnc_abort_display_jobs(VncDisplay *vd)
541{
542 VncState *vs;
543
544 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
545 vnc_lock_output(vs);
546 vs->abort = true1;
547 vnc_unlock_output(vs);
548 }
549 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
550 vnc_jobs_join(vs);
551 }
552 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
553 vnc_lock_output(vs);
554 vs->abort = false0;
555 vnc_unlock_output(vs);
556 }
557}
558
559int vnc_server_fb_stride(VncDisplay *vd)
560{
561 return pixman_image_get_stride(vd->server);
562}
563
564void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
565{
566 uint8_t *ptr;
567
568 ptr = (uint8_t *)pixman_image_get_data(vd->server);
569 ptr += y * vnc_server_fb_stride(vd);
570 ptr += x * VNC_SERVER_FB_BYTES(((((((((32) << 24) | ((2) << 16) | ((0) <<
12) | ((8) << 8) | ((8) << 4) | ((8)))) >>
24) ))+7)/8);
571 return ptr;
572}
573
574static void vnc_dpy_switch(DisplayChangeListener *dcl,
575 DisplaySurface *surface)
576{
577 VncDisplay *vd = container_of(dcl, VncDisplay, dcl)({ const typeof(((VncDisplay *) 0)->dcl) *__mptr = (dcl); (
VncDisplay *) ((char *) __mptr - __builtin_offsetof(VncDisplay
, dcl));});
578 VncState *vs;
579
580 vnc_abort_display_jobs(vd);
581
582 /* server surface */
583 qemu_pixman_image_unref(vd->server);
584 vd->ds = surface;
585 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8))),
586 surface_width(vd->ds),
587 surface_height(vd->ds),
588 NULL((void*)0), 0);
589
590 /* guest surface */
591#if 0 /* FIXME */
592 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
593 console_color_init(ds);
594#endif
595 qemu_pixman_image_unref(vd->guest.fb);
596 vd->guest.fb = pixman_image_ref(surface->image);
597 vd->guest.format = surface->format;
598 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
599
600 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
601 vnc_colordepth(vs);
602 vnc_desktop_resize(vs);
603 if (vs->vd->cursor) {
604 vnc_cursor_define(vs);
605 }
606 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
607 }
608}
609
610/* fastest code */
611static void vnc_write_pixels_copy(VncState *vs,
612 void *pixels, int size)
613{
614 vnc_write(vs, pixels, size);
615}
616
617/* slowest but generic code. */
618void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
619{
620 uint8_t r, g, b;
621
622#if VNC_SERVER_FB_FORMAT(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8))) == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8)))
623 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
624 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
625 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
626#else
627# error need some bits here if you change VNC_SERVER_FB_FORMAT(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8)))
628#endif
629 v = (r << vs->client_pf.rshift) |
630 (g << vs->client_pf.gshift) |
631 (b << vs->client_pf.bshift);
632 switch (vs->client_pf.bytes_per_pixel) {
633 case 1:
634 buf[0] = v;
635 break;
636 case 2:
637 if (vs->client_be) {
638 buf[0] = v >> 8;
639 buf[1] = v;
640 } else {
641 buf[1] = v >> 8;
642 buf[0] = v;
643 }
644 break;
645 default:
646 case 4:
647 if (vs->client_be) {
648 buf[0] = v >> 24;
649 buf[1] = v >> 16;
650 buf[2] = v >> 8;
651 buf[3] = v;
652 } else {
653 buf[3] = v >> 24;
654 buf[2] = v >> 16;
655 buf[1] = v >> 8;
656 buf[0] = v;
657 }
658 break;
659 }
660}
661
662static void vnc_write_pixels_generic(VncState *vs,
663 void *pixels1, int size)
664{
665 uint8_t buf[4];
666
667 if (VNC_SERVER_FB_BYTES(((((((((32) << 24) | ((2) << 16) | ((0) <<
12) | ((8) << 8) | ((8) << 4) | ((8)))) >>
24) ))+7)/8) == 4) {
668 uint32_t *pixels = pixels1;
669 int n, i;
670 n = size >> 2;
671 for (i = 0; i < n; i++) {
672 vnc_convert_pixel(vs, buf, pixels[i]);
673 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
674 }
675 }
676}
677
678int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
679{
680 int i;
681 uint8_t *row;
682 VncDisplay *vd = vs->vd;
683
684 row = vnc_server_fb_ptr(vd, x, y);
685 for (i = 0; i < h; i++) {
686 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES(((((((((32) << 24) | ((2) << 16) | ((0) <<
12) | ((8) << 8) | ((8) << 4) | ((8)))) >>
24) ))+7)/8));
687 row += vnc_server_fb_stride(vd);
688 }
689 return 1;
690}
691
692int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
693{
694 int n = 0;
695
696 switch(vs->vnc_encoding) {
697 case VNC_ENCODING_ZLIB0x00000006:
698 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
699 break;
700 case VNC_ENCODING_HEXTILE0x00000005:
701 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE0x00000005);
702 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
703 break;
704 case VNC_ENCODING_TIGHT0x00000007:
705 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
706 break;
707 case VNC_ENCODING_TIGHT_PNG0xFFFFFEFC:
708 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
709 break;
710 case VNC_ENCODING_ZRLE0x00000010:
711 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
712 break;
713 case VNC_ENCODING_ZYWRLE0x00000011:
714 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
715 break;
716 default:
717 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW0x00000000);
718 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
719 break;
720 }
721 return n;
722}
723
724static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
725{
726 /* send bitblit op to the vnc client */
727 vnc_lock_output(vs);
728 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
729 vnc_write_u8(vs, 0);
730 vnc_write_u16(vs, 1); /* number of rects */
731 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT0x00000001);
732 vnc_write_u16(vs, src_x);
733 vnc_write_u16(vs, src_y);
734 vnc_unlock_output(vs);
735 vnc_flush(vs);
736}
737
738static void vnc_dpy_copy(DisplayChangeListener *dcl,
739 int src_x, int src_y,
740 int dst_x, int dst_y, int w, int h)
741{
742 VncDisplay *vd = container_of(dcl, VncDisplay, dcl)({ const typeof(((VncDisplay *) 0)->dcl) *__mptr = (dcl); (
VncDisplay *) ((char *) __mptr - __builtin_offsetof(VncDisplay
, dcl));});
743 VncState *vs, *vn;
744 uint8_t *src_row;
745 uint8_t *dst_row;
746 int i, x, y, pitch, inc, w_lim, s;
747 int cmp_bytes;
748
749 vnc_refresh_server_surface(vd);
750 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn)for ((vs) = ((&vd->clients)->tqh_first); (vs) &&
((vn) = ((vs)->next.tqe_next), 1); (vs) = (vn)) {
751 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT6)) {
752 vs->force_update = 1;
753 vnc_update_client_sync(vs, 1);
754 /* vs might be free()ed here */
755 }
756 }
757
758 /* do bitblit op on the local surface too */
759 pitch = vnc_server_fb_stride(vd);
760 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
761 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
762 y = dst_y;
763 inc = 1;
764 if (dst_y > src_y) {
765 /* copy backwards */
766 src_row += pitch * (h-1);
767 dst_row += pitch * (h-1);
768 pitch = -pitch;
769 y = dst_y + h - 1;
770 inc = -1;
771 }
772 w_lim = w - (16 - (dst_x % 16));
773 if (w_lim < 0)
774 w_lim = w;
775 else
776 w_lim = w - (w_lim % 16);
777 for (i = 0; i < h; i++) {
778 for (x = 0; x <= w_lim;
779 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
780 if (x == w_lim) {
781 if ((s = w - w_lim) == 0)
782 break;
783 } else if (!x) {
784 s = (16 - (dst_x % 16));
785 s = MIN(s, w_lim)(((s) < (w_lim)) ? (s) : (w_lim));
786 } else {
787 s = 16;
788 }
789 cmp_bytes = s * VNC_SERVER_FB_BYTES(((((((((32) << 24) | ((2) << 16) | ((0) <<
12) | ((8) << 8) | ((8) << 4) | ((8)))) >>
24) ))+7)/8);
790 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
791 continue;
792 memmove(dst_row, src_row, cmp_bytes);
793 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
794 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT6)) {
795 set_bit(((x + dst_x) / 16), vs->dirty[y]);
796 }
797 }
798 }
799 src_row += pitch - w * VNC_SERVER_FB_BYTES(((((((((32) << 24) | ((2) << 16) | ((0) <<
12) | ((8) << 8) | ((8) << 4) | ((8)))) >>
24) ))+7)/8);
800 dst_row += pitch - w * VNC_SERVER_FB_BYTES(((((((((32) << 24) | ((2) << 16) | ((0) <<
12) | ((8) << 8) | ((8) << 4) | ((8)))) >>
24) ))+7)/8);
801 y += inc;
802 }
803
804 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
805 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT6)) {
806 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
807 }
808 }
809}
810
811static void vnc_mouse_set(DisplayChangeListener *dcl,
812 int x, int y, int visible)
813{
814 /* can we ask the client(s) to move the pointer ??? */
815}
816
817static int vnc_cursor_define(VncState *vs)
818{
819 QEMUCursor *c = vs->vd->cursor;
820 int isize;
821
822 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR7)) {
823 vnc_lock_output(vs);
824 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
825 vnc_write_u8(vs, 0); /* padding */
826 vnc_write_u16(vs, 1); /* # of rects */
827 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
828 VNC_ENCODING_RICH_CURSOR0xFFFFFF11);
829 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
830 vnc_write_pixels_generic(vs, c->data, isize);
831 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
832 vnc_unlock_output(vs);
833 return 0;
834 }
835 return -1;
836}
837
838static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
839 QEMUCursor *c)
840{
841 VncDisplay *vd = vnc_display;
842 VncState *vs;
843
844 cursor_put(vd->cursor);
845 g_free(vd->cursor_mask);
846
847 vd->cursor = c;
848 cursor_get(vd->cursor);
849 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
850 vd->cursor_mask = g_malloc0(vd->cursor_msize);
851 cursor_get_mono_mask(c, 0, vd->cursor_mask);
852
853 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
854 vnc_cursor_define(vs);
855 }
856}
857
858static int find_and_clear_dirty_height(struct VncState *vs,
859 int y, int last_x, int x, int height)
860{
861 int h;
862
863 for (h = 1; h < (height - y); h++) {
864 int tmp_x;
865 if (!test_bit(last_x, vs->dirty[y + h])) {
866 break;
867 }
868 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
869 clear_bit(tmp_x, vs->dirty[y + h]);
870 }
871 }
872
873 return h;
874}
875
876static int vnc_update_client_sync(VncState *vs, int has_dirty)
877{
878 int ret = vnc_update_client(vs, has_dirty);
879 vnc_jobs_join(vs);
880 return ret;
881}
882
883static int vnc_update_client(VncState *vs, int has_dirty)
884{
885 if (vs->need_update && vs->csock != -1) {
886 VncDisplay *vd = vs->vd;
887 VncJob *job;
888 int y;
889 int width, height;
890 int n = 0;
891
892
893 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
894 /* kernel send buffers are full -> drop frames to throttle */
895 return 0;
896
897 if (!has_dirty && !vs->audio_cap && !vs->force_update)
898 return 0;
899
900 /*
901 * Send screen updates to the vnc client using the server
902 * surface and server dirty map. guest surface updates
903 * happening in parallel don't disturb us, the next pass will
904 * send them to the client.
905 */
906 job = vnc_job_new(vs);
907
908 width = MIN(pixman_image_get_width(vd->server), vs->client_width)(((pixman_image_get_width(vd->server)) < (vs->client_width
)) ? (pixman_image_get_width(vd->server)) : (vs->client_width
));
909 height = MIN(pixman_image_get_height(vd->server), vs->client_height)(((pixman_image_get_height(vd->server)) < (vs->client_height
)) ? (pixman_image_get_height(vd->server)) : (vs->client_height
));
910
911 for (y = 0; y < height; y++) {
912 int x;
913 int last_x = -1;
914 for (x = 0; x < width / 16; x++) {
915 if (test_and_clear_bit(x, vs->dirty[y])) {
916 if (last_x == -1) {
917 last_x = x;
918 }
919 } else {
920 if (last_x != -1) {
921 int h = find_and_clear_dirty_height(vs, y, last_x, x,
922 height);
923
924 n += vnc_job_add_rect(job, last_x * 16, y,
925 (x - last_x) * 16, h);
926 }
927 last_x = -1;
928 }
929 }
930 if (last_x != -1) {
931 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
932 n += vnc_job_add_rect(job, last_x * 16, y,
933 (x - last_x) * 16, h);
934 }
935 }
936
937 vnc_job_push(job);
938 vs->force_update = 0;
939 return n;
940 }
941
942 if (vs->csock == -1)
943 vnc_disconnect_finish(vs);
944
945 return 0;
946}
947
948/* audio */
949static void audio_capture_notify(void *opaque, audcnotification_e cmd)
950{
951 VncState *vs = opaque;
952
953 switch (cmd) {
954 case AUD_CNOTIFY_DISABLE:
955 vnc_lock_output(vs);
956 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU255);
957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO1);
958 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END0);
959 vnc_unlock_output(vs);
960 vnc_flush(vs);
961 break;
962
963 case AUD_CNOTIFY_ENABLE:
964 vnc_lock_output(vs);
965 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU255);
966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO1);
967 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN1);
968 vnc_unlock_output(vs);
969 vnc_flush(vs);
970 break;
971 }
972}
973
974static void audio_capture_destroy(void *opaque)
975{
976}
977
978static void audio_capture(void *opaque, void *buf, int size)
979{
980 VncState *vs = opaque;
981
982 vnc_lock_output(vs);
983 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU255);
984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO1);
985 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA2);
986 vnc_write_u32(vs, size);
987 vnc_write(vs, buf, size);
988 vnc_unlock_output(vs);
989 vnc_flush(vs);
990}
991
992static void audio_add(VncState *vs)
993{
994 struct audio_capture_ops ops;
995
996 if (vs->audio_cap) {
997 monitor_printf(default_mon, "audio already running\n");
998 return;
999 }
1000
1001 ops.notify = audio_capture_notify;
1002 ops.destroy = audio_capture_destroy;
1003 ops.capture = audio_capture;
1004
1005 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1006 if (!vs->audio_cap) {
1007 monitor_printf(default_mon, "Failed to add audio capture\n");
1008 }
1009}
1010
1011static void audio_del(VncState *vs)
1012{
1013 if (vs->audio_cap) {
1014 AUD_del_capture(vs->audio_cap, vs);
1015 vs->audio_cap = NULL((void*)0);
1016 }
1017}
1018
1019static void vnc_disconnect_start(VncState *vs)
1020{
1021 if (vs->csock == -1)
1022 return;
1023 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1024 qemu_set_fd_handler2(vs->csock, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0));
1025 closesocket(vs->csock)close(vs->csock);
1026 vs->csock = -1;
1027}
1028
1029void vnc_disconnect_finish(VncState *vs)
1030{
1031 int i;
1032
1033 vnc_jobs_join(vs); /* Wait encoding jobs */
1034
1035 vnc_lock_output(vs);
1036 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1037
1038 buffer_free(&vs->input);
1039 buffer_free(&vs->output);
1040#ifdef CONFIG_VNC_WS1
1041 buffer_free(&vs->ws_input);
1042 buffer_free(&vs->ws_output);
1043#endif /* CONFIG_VNC_WS */
1044
1045 qobject_decref(vs->info);
1046
1047 vnc_zlib_clear(vs);
1048 vnc_tight_clear(vs);
1049 vnc_zrle_clear(vs);
1050
1051#ifdef CONFIG_VNC_TLS1
1052 vnc_tls_client_cleanup(vs);
1053#endif /* CONFIG_VNC_TLS */
1054#ifdef CONFIG_VNC_SASL1
1055 vnc_sasl_client_cleanup(vs);
1056#endif /* CONFIG_VNC_SASL */
1057 audio_del(vs);
1058 vnc_release_modifiers(vs);
1059
1060 if (vs->initialized) {
1061 QTAILQ_REMOVE(&vs->vd->clients, vs, next)do { if (((vs)->next.tqe_next) != ((void*)0)) (vs)->next
.tqe_next->next.tqe_prev = (vs)->next.tqe_prev; else (&
vs->vd->clients)->tqh_last = (vs)->next.tqe_prev;
*(vs)->next.tqe_prev = (vs)->next.tqe_next; } while ( 0
);
1062 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1063 }
1064
1065 if (vs->vd->lock_key_sync)
1066 qemu_remove_led_event_handler(vs->led);
1067 vnc_unlock_output(vs);
1068
1069 qemu_mutex_destroy(&vs->output_mutex);
1070 if (vs->bh != NULL((void*)0)) {
1071 qemu_bh_delete(vs->bh);
1072 }
1073 buffer_free(&vs->jobs_buffer);
1074
1075 for (i = 0; i < VNC_STAT_ROWS(2048 / 64); ++i) {
1076 g_free(vs->lossy_rect[i]);
1077 }
1078 g_free(vs->lossy_rect);
1079 g_free(vs);
1080}
1081
1082int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1083{
1084 if (ret == 0 || ret == -1) {
1085 if (ret == -1) {
1086 switch (last_errno) {
1087 case EINTR4:
1088 case EAGAIN11:
1089#ifdef _WIN32
1090 case WSAEWOULDBLOCK:
1091#endif
1092 return 0;
1093 default:
1094 break;
1095 }
1096 }
1097
1098 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",do { } while (0)
1099 ret, ret < 0 ? last_errno : 0)do { } while (0);
1100 vnc_disconnect_start(vs);
1101
1102 return 0;
1103 }
1104 return ret;
1105}
1106
1107
1108void vnc_client_error(VncState *vs)
1109{
1110 VNC_DEBUG("Closing down client sock: protocol error\n")do { } while (0);
1111 vnc_disconnect_start(vs);
1112}
1113
1114#ifdef CONFIG_VNC_TLS1
1115static long vnc_client_write_tls(gnutls_session_t *session,
1116 const uint8_t *data,
1117 size_t datalen)
1118{
1119 long ret = gnutls_writegnutls_record_send(*session, data, datalen);
1120 if (ret < 0) {
1121 if (ret == GNUTLS_E_AGAIN-28) {
1122 errno(*__errno_location ()) = EAGAIN11;
1123 } else {
1124 errno(*__errno_location ()) = EIO5;
1125 }
1126 ret = -1;
1127 }
1128 return ret;
1129}
1130#endif /* CONFIG_VNC_TLS */
1131
1132/*
1133 * Called to write a chunk of data to the client socket. The data may
1134 * be the raw data, or may have already been encoded by SASL.
1135 * The data will be written either straight onto the socket, or
1136 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1137 *
1138 * NB, it is theoretically possible to have 2 layers of encryption,
1139 * both SASL, and this TLS layer. It is highly unlikely in practice
1140 * though, since SASL encryption will typically be a no-op if TLS
1141 * is active
1142 *
1143 * Returns the number of bytes written, which may be less than
1144 * the requested 'datalen' if the socket would block. Returns
1145 * -1 on error, and disconnects the client socket.
1146 */
1147long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1148{
1149 long ret;
1150#ifdef CONFIG_VNC_TLS1
1151 if (vs->tls.session) {
1152 ret = vnc_client_write_tls(&vs->tls.session, data, datalen);
1153 } else {
1154#ifdef CONFIG_VNC_WS1
1155 if (vs->ws_tls.session) {
1156 ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen);
1157 } else
1158#endif /* CONFIG_VNC_WS */
1159#endif /* CONFIG_VNC_TLS */
1160 {
1161 ret = send(vs->csock, (const void *)data, datalen, 0);
1162 }
1163#ifdef CONFIG_VNC_TLS1
1164 }
1165#endif /* CONFIG_VNC_TLS */
1166 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret)do { } while (0);
1167 return vnc_client_io_error(vs, ret, socket_error()(*__errno_location ()));
1168}
1169
1170
1171/*
1172 * Called to write buffered data to the client socket, when not
1173 * using any SASL SSF encryption layers. Will write as much data
1174 * as possible without blocking. If all buffered data is written,
1175 * will switch the FD poll() handler back to read monitoring.
1176 *
1177 * Returns the number of bytes written, which may be less than
1178 * the buffered output data if the socket would block. Returns
1179 * -1 on error, and disconnects the client socket.
1180 */
1181static long vnc_client_write_plain(VncState *vs)
1182{
1183 long ret;
1184
1185#ifdef CONFIG_VNC_SASL1
1186 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",do { } while (0)
1187 vs->output.buffer, vs->output.capacity, vs->output.offset,do { } while (0)
1188 vs->sasl.waitWriteSSF)do { } while (0);
1189
1190 if (vs->sasl.conn &&
1191 vs->sasl.runSSF &&
1192 vs->sasl.waitWriteSSF) {
1193 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1194 if (ret)
1195 vs->sasl.waitWriteSSF -= ret;
1196 } else
1197#endif /* CONFIG_VNC_SASL */
1198 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1199 if (!ret)
1200 return 0;
1201
1202 buffer_advance(&vs->output, ret);
1203
1204 if (vs->output.offset == 0) {
1205 qemu_set_fd_handler2(vs->csock, NULL((void*)0), vnc_client_read, NULL((void*)0), vs);
1206 }
1207
1208 return ret;
1209}
1210
1211
1212/*
1213 * First function called whenever there is data to be written to
1214 * the client socket. Will delegate actual work according to whether
1215 * SASL SSF layers are enabled (thus requiring encryption calls)
1216 */
1217static void vnc_client_write_locked(void *opaque)
1218{
1219 VncState *vs = opaque;
1220
1221#ifdef CONFIG_VNC_SASL1
1222 if (vs->sasl.conn &&
1223 vs->sasl.runSSF &&
1224 !vs->sasl.waitWriteSSF) {
1225 vnc_client_write_sasl(vs);
1226 } else
1227#endif /* CONFIG_VNC_SASL */
1228 {
1229#ifdef CONFIG_VNC_WS1
1230 if (vs->encode_ws) {
1231 vnc_client_write_ws(vs);
1232 } else
1233#endif /* CONFIG_VNC_WS */
1234 {
1235 vnc_client_write_plain(vs);
1236 }
1237 }
1238}
1239
1240void vnc_client_write(void *opaque)
1241{
1242 VncState *vs = opaque;
1243
1244 vnc_lock_output(vs);
1245 if (vs->output.offset
1246#ifdef CONFIG_VNC_WS1
1247 || vs->ws_output.offset
1248#endif
1249 ) {
1250 vnc_client_write_locked(opaque);
1251 } else if (vs->csock != -1) {
1252 qemu_set_fd_handler2(vs->csock, NULL((void*)0), vnc_client_read, NULL((void*)0), vs);
1253 }
1254 vnc_unlock_output(vs);
1255}
1256
1257void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1258{
1259 vs->read_handler = func;
1260 vs->read_handler_expect = expecting;
1261}
1262
1263#ifdef CONFIG_VNC_TLS1
1264static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data,
1265 size_t datalen)
1266{
1267 long ret = gnutls_readgnutls_record_recv(*session, data, datalen);
1268 if (ret < 0) {
1269 if (ret == GNUTLS_E_AGAIN-28) {
1270 errno(*__errno_location ()) = EAGAIN11;
1271 } else {
1272 errno(*__errno_location ()) = EIO5;
1273 }
1274 ret = -1;
1275 }
1276 return ret;
1277}
1278#endif /* CONFIG_VNC_TLS */
1279
1280/*
1281 * Called to read a chunk of data from the client socket. The data may
1282 * be the raw data, or may need to be further decoded by SASL.
1283 * The data will be read either straight from to the socket, or
1284 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1285 *
1286 * NB, it is theoretically possible to have 2 layers of encryption,
1287 * both SASL, and this TLS layer. It is highly unlikely in practice
1288 * though, since SASL encryption will typically be a no-op if TLS
1289 * is active
1290 *
1291 * Returns the number of bytes read, which may be less than
1292 * the requested 'datalen' if the socket would block. Returns
1293 * -1 on error, and disconnects the client socket.
1294 */
1295long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1296{
1297 long ret;
1298#ifdef CONFIG_VNC_TLS1
1299 if (vs->tls.session) {
1300 ret = vnc_client_read_tls(&vs->tls.session, data, datalen);
1301 } else {
1302#ifdef CONFIG_VNC_WS1
1303 if (vs->ws_tls.session) {
1304 ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen);
1305 } else
1306#endif /* CONFIG_VNC_WS */
1307#endif /* CONFIG_VNC_TLS */
1308 {
1309 ret = qemu_recv(vs->csock, data, datalen, 0)recv(vs->csock, data, datalen, 0);
1310 }
1311#ifdef CONFIG_VNC_TLS1
1312 }
1313#endif /* CONFIG_VNC_TLS */
1314 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret)do { } while (0);
1315 return vnc_client_io_error(vs, ret, socket_error()(*__errno_location ()));
1316}
1317
1318
1319/*
1320 * Called to read data from the client socket to the input buffer,
1321 * when not using any SASL SSF encryption layers. Will read as much
1322 * data as possible without blocking.
1323 *
1324 * Returns the number of bytes read. Returns -1 on error, and
1325 * disconnects the client socket.
1326 */
1327static long vnc_client_read_plain(VncState *vs)
1328{
1329 int ret;
1330 VNC_DEBUG("Read plain %p size %zd offset %zd\n",do { } while (0)
1331 vs->input.buffer, vs->input.capacity, vs->input.offset)do { } while (0);
1332 buffer_reserve(&vs->input, 4096);
1333 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1334 if (!ret)
1335 return 0;
1336 vs->input.offset += ret;
1337 return ret;
1338}
1339
1340static void vnc_jobs_bh(void *opaque)
1341{
1342 VncState *vs = opaque;
1343
1344 vnc_jobs_consume_buffer(vs);
1345}
1346
1347/*
1348 * First function called whenever there is more data to be read from
1349 * the client socket. Will delegate actual work according to whether
1350 * SASL SSF layers are enabled (thus requiring decryption calls)
1351 */
1352void vnc_client_read(void *opaque)
1353{
1354 VncState *vs = opaque;
1355 long ret;
1356
1357#ifdef CONFIG_VNC_SASL1
1358 if (vs->sasl.conn && vs->sasl.runSSF)
1359 ret = vnc_client_read_sasl(vs);
1360 else
1361#endif /* CONFIG_VNC_SASL */
1362#ifdef CONFIG_VNC_WS1
1363 if (vs->encode_ws) {
1364 ret = vnc_client_read_ws(vs);
1365 if (ret == -1) {
1366 vnc_disconnect_start(vs);
1367 return;
1368 } else if (ret == -2) {
1369 vnc_client_error(vs);
1370 return;
1371 }
1372 } else
1373#endif /* CONFIG_VNC_WS */
1374 {
1375 ret = vnc_client_read_plain(vs);
1376 }
1377 if (!ret) {
1378 if (vs->csock == -1)
1379 vnc_disconnect_finish(vs);
1380 return;
1381 }
1382
1383 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1384 size_t len = vs->read_handler_expect;
1385 int ret;
1386
1387 ret = vs->read_handler(vs, vs->input.buffer, len);
1388 if (vs->csock == -1) {
1389 vnc_disconnect_finish(vs);
1390 return;
1391 }
1392
1393 if (!ret) {
1394 buffer_advance(&vs->input, len);
1395 } else {
1396 vs->read_handler_expect = ret;
1397 }
1398 }
1399}
1400
1401void vnc_write(VncState *vs, const void *data, size_t len)
1402{
1403 buffer_reserve(&vs->output, len);
1404
1405 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1406 qemu_set_fd_handler2(vs->csock, NULL((void*)0), vnc_client_read, vnc_client_write, vs);
1407 }
1408
1409 buffer_append(&vs->output, data, len);
1410}
1411
1412void vnc_write_s32(VncState *vs, int32_t value)
1413{
1414 vnc_write_u32(vs, *(uint32_t *)&value);
1415}
1416
1417void vnc_write_u32(VncState *vs, uint32_t value)
1418{
1419 uint8_t buf[4];
1420
1421 buf[0] = (value >> 24) & 0xFF;
1422 buf[1] = (value >> 16) & 0xFF;
1423 buf[2] = (value >> 8) & 0xFF;
1424 buf[3] = value & 0xFF;
1425
1426 vnc_write(vs, buf, 4);
1427}
1428
1429void vnc_write_u16(VncState *vs, uint16_t value)
1430{
1431 uint8_t buf[2];
1432
1433 buf[0] = (value >> 8) & 0xFF;
1434 buf[1] = value & 0xFF;
1435
1436 vnc_write(vs, buf, 2);
1437}
1438
1439void vnc_write_u8(VncState *vs, uint8_t value)
1440{
1441 vnc_write(vs, (char *)&value, 1);
1442}
1443
1444void vnc_flush(VncState *vs)
1445{
1446 vnc_lock_output(vs);
1447 if (vs->csock != -1 && (vs->output.offset
1448#ifdef CONFIG_VNC_WS1
1449 || vs->ws_output.offset
1450#endif
1451 )) {
1452 vnc_client_write_locked(vs);
1453 }
1454 vnc_unlock_output(vs);
1455}
1456
1457static uint8_t read_u8(uint8_t *data, size_t offset)
1458{
1459 return data[offset];
1460}
1461
1462static uint16_t read_u16(uint8_t *data, size_t offset)
1463{
1464 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1465}
1466
1467static int32_t read_s32(uint8_t *data, size_t offset)
1468{
1469 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1470 (data[offset + 2] << 8) | data[offset + 3]);
1471}
1472
1473uint32_t read_u32(uint8_t *data, size_t offset)
1474{
1475 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1476 (data[offset + 2] << 8) | data[offset + 3]);
1477}
1478
1479static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1480{
1481}
1482
1483static void check_pointer_type_change(Notifier *notifier, void *data)
1484{
1485 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier)({ const typeof(((VncState *) 0)->mouse_mode_notifier) *__mptr
= (notifier); (VncState *) ((char *) __mptr - __builtin_offsetof
(VncState, mouse_mode_notifier));});
1486 int absolute = kbd_mouse_is_absolute();
1487
1488 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE2) && vs->absolute != absolute) {
1489 vnc_lock_output(vs);
1490 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
1491 vnc_write_u8(vs, 0);
1492 vnc_write_u16(vs, 1);
1493 vnc_framebuffer_update(vs, absolute, 0,
1494 surface_width(vs->vd->ds),
1495 surface_height(vs->vd->ds),
1496 VNC_ENCODING_POINTER_TYPE_CHANGE0XFFFFFEFF);
1497 vnc_unlock_output(vs);
1498 vnc_flush(vs);
1499 }
1500 vs->absolute = absolute;
1501}
1502
1503static void pointer_event(VncState *vs, int button_mask, int x, int y)
1504{
1505 int buttons = 0;
1506 int dz = 0;
1507 int width = surface_width(vs->vd->ds);
1508 int height = surface_height(vs->vd->ds);
1509
1510 if (button_mask & 0x01)
1511 buttons |= MOUSE_EVENT_LBUTTON0x01;
1512 if (button_mask & 0x02)
1513 buttons |= MOUSE_EVENT_MBUTTON0x04;
1514 if (button_mask & 0x04)
1515 buttons |= MOUSE_EVENT_RBUTTON0x02;
1516 if (button_mask & 0x08)
1517 dz = -1;
1518 if (button_mask & 0x10)
1519 dz = 1;
1520
1521 if (vs->absolute) {
1522 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000,
1523 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000,
1524 dz, buttons);
1525 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE2)) {
1526 x -= 0x7FFF;
1527 y -= 0x7FFF;
1528
1529 kbd_mouse_event(x, y, dz, buttons);
1530 } else {
1531 if (vs->last_x != -1)
1532 kbd_mouse_event(x - vs->last_x,
1533 y - vs->last_y,
1534 dz, buttons);
1535 vs->last_x = x;
1536 vs->last_y = y;
1537 }
1538}
1539
1540static void reset_keys(VncState *vs)
1541{
1542 int i;
1543 for(i = 0; i < 256; i++) {
1544 if (vs->modifiers_state[i]) {
1545 if (i & SCANCODE_GREY0x80)
1546 kbd_put_keycode(SCANCODE_EMUL00xE0);
1547 kbd_put_keycode(i | SCANCODE_UP0x80);
1548 vs->modifiers_state[i] = 0;
1549 }
1550 }
1551}
1552
1553static void press_key(VncState *vs, int keysym)
1554{
1555 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK0xff;
1556 if (keycode & SCANCODE_GREY0x80)
1557 kbd_put_keycode(SCANCODE_EMUL00xE0);
1558 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK0x7f);
1559 if (keycode & SCANCODE_GREY0x80)
1560 kbd_put_keycode(SCANCODE_EMUL00xE0);
1561 kbd_put_keycode(keycode | SCANCODE_UP0x80);
1562}
1563
1564static int current_led_state(VncState *vs)
1565{
1566 int ledstate = 0;
1567
1568 if (vs->modifiers_state[0x46]) {
1569 ledstate |= QEMU_SCROLL_LOCK_LED(1 << 0);
1570 }
1571 if (vs->modifiers_state[0x45]) {
1572 ledstate |= QEMU_NUM_LOCK_LED(1 << 1);
1573 }
1574 if (vs->modifiers_state[0x3a]) {
1575 ledstate |= QEMU_CAPS_LOCK_LED(1 << 2);
1576 }
1577
1578 return ledstate;
1579}
1580
1581static void vnc_led_state_change(VncState *vs)
1582{
1583 int ledstate = 0;
1584
1585 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE11)) {
1586 return;
1587 }
1588
1589 ledstate = current_led_state(vs);
1590 vnc_lock_output(vs);
1591 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
1592 vnc_write_u8(vs, 0);
1593 vnc_write_u16(vs, 1);
1594 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE0XFFFFFEFB);
1595 vnc_write_u8(vs, ledstate);
1596 vnc_unlock_output(vs);
1597 vnc_flush(vs);
1598}
1599
1600static void kbd_leds(void *opaque, int ledstate)
1601{
1602 VncState *vs = opaque;
1603 int caps, num, scr;
1604 bool_Bool has_changed = (ledstate != current_led_state(vs));
1605
1606 caps = ledstate & QEMU_CAPS_LOCK_LED(1 << 2) ? 1 : 0;
1607 num = ledstate & QEMU_NUM_LOCK_LED(1 << 1) ? 1 : 0;
1608 scr = ledstate & QEMU_SCROLL_LOCK_LED(1 << 0) ? 1 : 0;
1609
1610 if (vs->modifiers_state[0x3a] != caps) {
1611 vs->modifiers_state[0x3a] = caps;
1612 }
1613 if (vs->modifiers_state[0x45] != num) {
1614 vs->modifiers_state[0x45] = num;
1615 }
1616 if (vs->modifiers_state[0x46] != scr) {
1617 vs->modifiers_state[0x46] = scr;
1618 }
1619
1620 /* Sending the current led state message to the client */
1621 if (has_changed) {
1622 vnc_led_state_change(vs);
1623 }
1624}
1625
1626static void do_key_event(VncState *vs, int down, int keycode, int sym)
1627{
1628 /* QEMU console switch */
1629 switch(keycode) {
1630 case 0x2a: /* Left Shift */
1631 case 0x36: /* Right Shift */
1632 case 0x1d: /* Left CTRL */
1633 case 0x9d: /* Right CTRL */
1634 case 0x38: /* Left ALT */
1635 case 0xb8: /* Right ALT */
1636 if (down)
1637 vs->modifiers_state[keycode] = 1;
1638 else
1639 vs->modifiers_state[keycode] = 0;
1640 break;
1641 case 0x02 ... 0x0a: /* '1' to '9' keys */
1642 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1643 /* Reset the modifiers sent to the current console */
1644 reset_keys(vs);
1645 console_select(keycode - 0x02);
1646 return;
1647 }
1648 break;
1649 case 0x3a: /* CapsLock */
1650 case 0x45: /* NumLock */
1651 if (down)
1652 vs->modifiers_state[keycode] ^= 1;
1653 break;
1654 }
1655
1656 /* Turn off the lock state sync logic if the client support the led
1657 state extension.
1658 */
1659 if (down && vs->vd->lock_key_sync &&
1660 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE11) &&
1661 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1662 /* If the numlock state needs to change then simulate an additional
1663 keypress before sending this one. This will happen if the user
1664 toggles numlock away from the VNC window.
1665 */
1666 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1667 if (!vs->modifiers_state[0x45]) {
1668 vs->modifiers_state[0x45] = 1;
1669 press_key(vs, 0xff7f);
1670 }
1671 } else {
1672 if (vs->modifiers_state[0x45]) {
1673 vs->modifiers_state[0x45] = 0;
1674 press_key(vs, 0xff7f);
1675 }
1676 }
1677 }
1678
1679 if (down && vs->vd->lock_key_sync &&
1680 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE11) &&
1681 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1682 /* If the capslock state needs to change then simulate an additional
1683 keypress before sending this one. This will happen if the user
1684 toggles capslock away from the VNC window.
1685 */
1686 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1687 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1688 int capslock = !!(vs->modifiers_state[0x3a]);
1689 if (capslock) {
1690 if (uppercase == shift) {
1691 vs->modifiers_state[0x3a] = 0;
1692 press_key(vs, 0xffe5);
1693 }
1694 } else {
1695 if (uppercase != shift) {
1696 vs->modifiers_state[0x3a] = 1;
1697 press_key(vs, 0xffe5);
1698 }
1699 }
1700 }
1701
1702 if (qemu_console_is_graphic(NULL((void*)0))) {
1703 if (keycode & SCANCODE_GREY0x80)
1704 kbd_put_keycode(SCANCODE_EMUL00xE0);
1705 if (down)
1706 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK0x7f);
1707 else
1708 kbd_put_keycode(keycode | SCANCODE_UP0x80);
1709 } else {
1710 bool_Bool numlock = vs->modifiers_state[0x45];
1711 bool_Bool control = (vs->modifiers_state[0x1d] ||
1712 vs->modifiers_state[0x9d]);
1713 /* QEMU console emulation */
1714 if (down) {
1715 switch (keycode) {
1716 case 0x2a: /* Left Shift */
1717 case 0x36: /* Right Shift */
1718 case 0x1d: /* Left CTRL */
1719 case 0x9d: /* Right CTRL */
1720 case 0x38: /* Left ALT */
1721 case 0xb8: /* Right ALT */
1722 break;
1723 case 0xc8:
1724 kbd_put_keysym(QEMU_KEY_UP(('A') | 0xe100));
1725 break;
1726 case 0xd0:
1727 kbd_put_keysym(QEMU_KEY_DOWN(('B') | 0xe100));
1728 break;
1729 case 0xcb:
1730 kbd_put_keysym(QEMU_KEY_LEFT(('D') | 0xe100));
1731 break;
1732 case 0xcd:
1733 kbd_put_keysym(QEMU_KEY_RIGHT(('C') | 0xe100));
1734 break;
1735 case 0xd3:
1736 kbd_put_keysym(QEMU_KEY_DELETE((3) | 0xe100));
1737 break;
1738 case 0xc7:
1739 kbd_put_keysym(QEMU_KEY_HOME((1) | 0xe100));
1740 break;
1741 case 0xcf:
1742 kbd_put_keysym(QEMU_KEY_END((4) | 0xe100));
1743 break;
1744 case 0xc9:
1745 kbd_put_keysym(QEMU_KEY_PAGEUP((5) | 0xe100));
1746 break;
1747 case 0xd1:
1748 kbd_put_keysym(QEMU_KEY_PAGEDOWN((6) | 0xe100));
1749 break;
1750
1751 case 0x47:
1752 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME((1) | 0xe100));
1753 break;
1754 case 0x48:
1755 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP(('A') | 0xe100));
1756 break;
1757 case 0x49:
1758 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP((5) | 0xe100));
1759 break;
1760 case 0x4b:
1761 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT(('D') | 0xe100));
1762 break;
1763 case 0x4c:
1764 kbd_put_keysym('5');
1765 break;
1766 case 0x4d:
1767 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT(('C') | 0xe100));
1768 break;
1769 case 0x4f:
1770 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END((4) | 0xe100));
1771 break;
1772 case 0x50:
1773 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN(('B') | 0xe100));
1774 break;
1775 case 0x51:
1776 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN((6) | 0xe100));
1777 break;
1778 case 0x52:
1779 kbd_put_keysym('0');
1780 break;
1781 case 0x53:
1782 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE((3) | 0xe100));
1783 break;
1784
1785 case 0xb5:
1786 kbd_put_keysym('/');
1787 break;
1788 case 0x37:
1789 kbd_put_keysym('*');
1790 break;
1791 case 0x4a:
1792 kbd_put_keysym('-');
1793 break;
1794 case 0x4e:
1795 kbd_put_keysym('+');
1796 break;
1797 case 0x9c:
1798 kbd_put_keysym('\n');
1799 break;
1800
1801 default:
1802 if (control) {
1803 kbd_put_keysym(sym & 0x1f);
1804 } else {
1805 kbd_put_keysym(sym);
1806 }
1807 break;
1808 }
1809 }
1810 }
1811}
1812
1813static void vnc_release_modifiers(VncState *vs)
1814{
1815 static const int keycodes[] = {
1816 /* shift, control, alt keys, both left & right */
1817 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1818 };
1819 int i, keycode;
1820
1821 if (!qemu_console_is_graphic(NULL((void*)0))) {
1822 return;
1823 }
1824 for (i = 0; i < ARRAY_SIZE(keycodes)(sizeof(keycodes) / sizeof((keycodes)[0])); i++) {
1825 keycode = keycodes[i];
1826 if (!vs->modifiers_state[keycode]) {
1827 continue;
1828 }
1829 if (keycode & SCANCODE_GREY0x80) {
1830 kbd_put_keycode(SCANCODE_EMUL00xE0);
1831 }
1832 kbd_put_keycode(keycode | SCANCODE_UP0x80);
1833 }
1834}
1835
1836static void key_event(VncState *vs, int down, uint32_t sym)
1837{
1838 int keycode;
1839 int lsym = sym;
1840
1841 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL((void*)0))) {
1842 lsym = lsym - 'A' + 'a';
1843 }
1844
1845 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK0xff;
1846 do_key_event(vs, down, keycode, sym);
1847}
1848
1849static void ext_key_event(VncState *vs, int down,
1850 uint32_t sym, uint16_t keycode)
1851{
1852 /* if the user specifies a keyboard layout, always use it */
1853 if (keyboard_layout)
1854 key_event(vs, down, sym);
1855 else
1856 do_key_event(vs, down, keycode, sym);
1857}
1858
1859static void framebuffer_update_request(VncState *vs, int incremental,
1860 int x_position, int y_position,
1861 int w, int h)
1862{
1863 int i;
1864 const size_t width = surface_width(vs->vd->ds) / 16;
1865 const size_t height = surface_height(vs->vd->ds);
1866
1867 if (y_position > height) {
1868 y_position = height;
1869 }
1870 if (y_position + h >= height) {
1871 h = height - y_position;
1872 }
1873
1874 vs->need_update = 1;
1875 if (!incremental) {
1876 vs->force_update = 1;
1877 for (i = 0; i < h; i++) {
1878 bitmap_set(vs->dirty[y_position + i], 0, width);
1879 bitmap_clear(vs->dirty[y_position + i], width,
1880 VNC_DIRTY_BITS(2560 / 16) - width);
1881 }
1882 }
1883}
1884
1885static void send_ext_key_event_ack(VncState *vs)
1886{
1887 vnc_lock_output(vs);
1888 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
1889 vnc_write_u8(vs, 0);
1890 vnc_write_u16(vs, 1);
1891 vnc_framebuffer_update(vs, 0, 0,
1892 surface_width(vs->vd->ds),
1893 surface_height(vs->vd->ds),
1894 VNC_ENCODING_EXT_KEY_EVENT0XFFFFFEFE);
1895 vnc_unlock_output(vs);
1896 vnc_flush(vs);
1897}
1898
1899static void send_ext_audio_ack(VncState *vs)
1900{
1901 vnc_lock_output(vs);
1902 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
1903 vnc_write_u8(vs, 0);
1904 vnc_write_u16(vs, 1);
1905 vnc_framebuffer_update(vs, 0, 0,
1906 surface_width(vs->vd->ds),
1907 surface_height(vs->vd->ds),
1908 VNC_ENCODING_AUDIO0XFFFFFEFD);
1909 vnc_unlock_output(vs);
1910 vnc_flush(vs);
1911}
1912
1913static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1914{
1915 int i;
1916 unsigned int enc = 0;
1917
1918 vs->features = 0;
1919 vs->vnc_encoding = 0;
1920 vs->tight.compression = 9;
1921 vs->tight.quality = -1; /* Lossless by default */
1922 vs->absolute = -1;
1923
1924 /*
1925 * Start from the end because the encodings are sent in order of preference.
1926 * This way the preferred encoding (first encoding defined in the array)
1927 * will be set at the end of the loop.
1928 */
1929 for (i = n_encodings - 1; i >= 0; i--) {
1930 enc = encodings[i];
1931 switch (enc) {
1932 case VNC_ENCODING_RAW0x00000000:
1933 vs->vnc_encoding = enc;
1934 break;
1935 case VNC_ENCODING_COPYRECT0x00000001:
1936 vs->features |= VNC_FEATURE_COPYRECT_MASK(1 << 6);
1937 break;
1938 case VNC_ENCODING_HEXTILE0x00000005:
1939 vs->features |= VNC_FEATURE_HEXTILE_MASK(1 << 1);
1940 vs->vnc_encoding = enc;
1941 break;
1942 case VNC_ENCODING_TIGHT0x00000007:
1943 vs->features |= VNC_FEATURE_TIGHT_MASK(1 << 4);
1944 vs->vnc_encoding = enc;
1945 break;
1946#ifdef CONFIG_VNC_PNG1
1947 case VNC_ENCODING_TIGHT_PNG0xFFFFFEFC:
1948 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK(1 << 8);
1949 vs->vnc_encoding = enc;
1950 break;
1951#endif
1952 case VNC_ENCODING_ZLIB0x00000006:
1953 vs->features |= VNC_FEATURE_ZLIB_MASK(1 << 5);
1954 vs->vnc_encoding = enc;
1955 break;
1956 case VNC_ENCODING_ZRLE0x00000010:
1957 vs->features |= VNC_FEATURE_ZRLE_MASK(1 << 9);
1958 vs->vnc_encoding = enc;
1959 break;
1960 case VNC_ENCODING_ZYWRLE0x00000011:
1961 vs->features |= VNC_FEATURE_ZYWRLE_MASK(1 << 10);
1962 vs->vnc_encoding = enc;
1963 break;
1964 case VNC_ENCODING_DESKTOPRESIZE0xFFFFFF21:
1965 vs->features |= VNC_FEATURE_RESIZE_MASK(1 << 0);
1966 break;
1967 case VNC_ENCODING_POINTER_TYPE_CHANGE0XFFFFFEFF:
1968 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK(1 << 2);
1969 break;
1970 case VNC_ENCODING_RICH_CURSOR0xFFFFFF11:
1971 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK(1 << 7);
1972 break;
1973 case VNC_ENCODING_EXT_KEY_EVENT0XFFFFFEFE:
1974 send_ext_key_event_ack(vs);
1975 break;
1976 case VNC_ENCODING_AUDIO0XFFFFFEFD:
1977 send_ext_audio_ack(vs);
1978 break;
1979 case VNC_ENCODING_WMVi0x574D5669:
1980 vs->features |= VNC_FEATURE_WMVI_MASK(1 << 3);
1981 break;
1982 case VNC_ENCODING_LED_STATE0XFFFFFEFB:
1983 vs->features |= VNC_FEATURE_LED_STATE_MASK(1 << 11);
1984 break;
1985 case VNC_ENCODING_COMPRESSLEVEL00xFFFFFF00 ... VNC_ENCODING_COMPRESSLEVEL00xFFFFFF00 + 9:
1986 vs->tight.compression = (enc & 0x0F);
1987 break;
1988 case VNC_ENCODING_QUALITYLEVEL00xFFFFFFE0 ... VNC_ENCODING_QUALITYLEVEL00xFFFFFFE0 + 9:
1989 if (vs->vd->lossy) {
1990 vs->tight.quality = (enc & 0x0F);
1991 }
1992 break;
1993 default:
1994 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc)do { } while (0);
1995 break;
1996 }
1997 }
1998 vnc_desktop_resize(vs);
1999 check_pointer_type_change(&vs->mouse_mode_notifier, NULL((void*)0));
2000 vnc_led_state_change(vs);
2001}
2002
2003static void set_pixel_conversion(VncState *vs)
2004{
2005 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2006
2007 if (fmt == VNC_SERVER_FB_FORMAT(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8)))) {
2008 vs->write_pixels = vnc_write_pixels_copy;
2009 vnc_hextile_set_pixel_conversion(vs, 0);
2010 } else {
2011 vs->write_pixels = vnc_write_pixels_generic;
2012 vnc_hextile_set_pixel_conversion(vs, 1);
2013 }
2014}
2015
2016static void set_pixel_format(VncState *vs,
2017 int bits_per_pixel, int depth,
2018 int big_endian_flag, int true_color_flag,
2019 int red_max, int green_max, int blue_max,
2020 int red_shift, int green_shift, int blue_shift)
2021{
2022 if (!true_color_flag) {
2023 vnc_client_error(vs);
2024 return;
2025 }
2026
2027 vs->client_pf.rmax = red_max;
2028 vs->client_pf.rbits = hweight_long(red_max);
2029 vs->client_pf.rshift = red_shift;
2030 vs->client_pf.rmask = red_max << red_shift;
2031 vs->client_pf.gmax = green_max;
2032 vs->client_pf.gbits = hweight_long(green_max);
2033 vs->client_pf.gshift = green_shift;
2034 vs->client_pf.gmask = green_max << green_shift;
2035 vs->client_pf.bmax = blue_max;
2036 vs->client_pf.bbits = hweight_long(blue_max);
2037 vs->client_pf.bshift = blue_shift;
2038 vs->client_pf.bmask = blue_max << blue_shift;
2039 vs->client_pf.bits_per_pixel = bits_per_pixel;
2040 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2041 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2042 vs->client_be = big_endian_flag;
2043
2044 set_pixel_conversion(vs);
2045
2046 graphic_hw_invalidate(NULL((void*)0));
2047 graphic_hw_update(NULL((void*)0));
2048}
2049
2050static void pixel_format_message (VncState *vs) {
2051 char pad[3] = { 0, 0, 0 };
2052
2053 vs->client_pf = qemu_default_pixelformat(32);
2054
2055 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2056 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2057
2058#ifdef HOST_WORDS_BIGENDIAN
2059 vnc_write_u8(vs, 1); /* big-endian-flag */
2060#else
2061 vnc_write_u8(vs, 0); /* big-endian-flag */
2062#endif
2063 vnc_write_u8(vs, 1); /* true-color-flag */
2064 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2065 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2066 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2067 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2068 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2069 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2070 vnc_write(vs, pad, 3); /* padding */
2071
2072 vnc_hextile_set_pixel_conversion(vs, 0);
2073 vs->write_pixels = vnc_write_pixels_copy;
2074}
2075
2076static void vnc_colordepth(VncState *vs)
2077{
2078 if (vnc_has_feature(vs, VNC_FEATURE_WMVI3)) {
2079 /* Sending a WMVi message to notify the client*/
2080 vnc_lock_output(vs);
2081 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE0);
2082 vnc_write_u8(vs, 0);
2083 vnc_write_u16(vs, 1); /* number of rects */
2084 vnc_framebuffer_update(vs, 0, 0,
2085 surface_width(vs->vd->ds),
2086 surface_height(vs->vd->ds),
2087 VNC_ENCODING_WMVi0x574D5669);
2088 pixel_format_message(vs);
2089 vnc_unlock_output(vs);
2090 vnc_flush(vs);
2091 } else {
2092 set_pixel_conversion(vs);
2093 }
2094}
2095
2096static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2097{
2098 int i;
2099 uint16_t limit;
2100 VncDisplay *vd = vs->vd;
2101
2102 if (data[0] > 3) {
2103 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE30);
2104 }
2105
2106 switch (data[0]) {
2107 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT0:
2108 if (len == 1)
2109 return 20;
2110
2111 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2112 read_u8(data, 6), read_u8(data, 7),
2113 read_u16(data, 8), read_u16(data, 10),
2114 read_u16(data, 12), read_u8(data, 14),
2115 read_u8(data, 15), read_u8(data, 16));
2116 break;
2117 case VNC_MSG_CLIENT_SET_ENCODINGS2:
2118 if (len == 1)
2119 return 4;
2120
2121 if (len == 4) {
2122 limit = read_u16(data, 2);
2123 if (limit > 0)
2124 return 4 + (limit * 4);
2125 } else
2126 limit = read_u16(data, 2);
2127
2128 for (i = 0; i < limit; i++) {
2129 int32_t val = read_s32(data, 4 + (i * 4));
2130 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2131 }
2132
2133 set_encodings(vs, (int32_t *)(data + 4), limit);
2134 break;
2135 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST3:
2136 if (len == 1)
2137 return 10;
2138
2139 framebuffer_update_request(vs,
2140 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2141 read_u16(data, 6), read_u16(data, 8));
2142 break;
2143 case VNC_MSG_CLIENT_KEY_EVENT4:
2144 if (len == 1)
2145 return 8;
2146
2147 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2148 break;
2149 case VNC_MSG_CLIENT_POINTER_EVENT5:
2150 if (len == 1)
2151 return 6;
2152
2153 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2154 break;
2155 case VNC_MSG_CLIENT_CUT_TEXT6:
2156 if (len == 1)
2157 return 8;
2158
2159 if (len == 8) {
2160 uint32_t dlen = read_u32(data, 4);
2161 if (dlen > 0)
2162 return 8 + dlen;
2163 }
2164
2165 client_cut_text(vs, read_u32(data, 4), data + 8);
2166 break;
2167 case VNC_MSG_CLIENT_QEMU255:
2168 if (len == 1)
2169 return 2;
2170
2171 switch (read_u8(data, 1)) {
2172 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT0:
2173 if (len == 2)
2174 return 12;
2175
2176 ext_key_event(vs, read_u16(data, 2),
2177 read_u32(data, 4), read_u32(data, 8));
2178 break;
2179 case VNC_MSG_CLIENT_QEMU_AUDIO1:
2180 if (len == 2)
2181 return 4;
2182
2183 switch (read_u16 (data, 2)) {
2184 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE0:
2185 audio_add(vs);
2186 break;
2187 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE1:
2188 audio_del(vs);
2189 break;
2190 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT2:
2191 if (len == 4)
2192 return 10;
2193 switch (read_u8(data, 4)) {
2194 case 0: vs->as.fmt = AUD_FMT_U8; break;
2195 case 1: vs->as.fmt = AUD_FMT_S8; break;
2196 case 2: vs->as.fmt = AUD_FMT_U16; break;
2197 case 3: vs->as.fmt = AUD_FMT_S16; break;
2198 case 4: vs->as.fmt = AUD_FMT_U32; break;
2199 case 5: vs->as.fmt = AUD_FMT_S32; break;
2200 default:
2201 printf("Invalid audio format %d\n", read_u8(data, 4));
2202 vnc_client_error(vs);
2203 break;
2204 }
2205 vs->as.nchannels = read_u8(data, 5);
2206 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2207 printf("Invalid audio channel coount %d\n",
2208 read_u8(data, 5));
2209 vnc_client_error(vs);
2210 break;
2211 }
2212 vs->as.freq = read_u32(data, 6);
2213 break;
2214 default:
2215 printf ("Invalid audio message %d\n", read_u8(data, 4));
2216 vnc_client_error(vs);
2217 break;
2218 }
2219 break;
2220
2221 default:
2222 printf("Msg: %d\n", read_u16(data, 0));
2223 vnc_client_error(vs);
2224 break;
2225 }
2226 break;
2227 default:
2228 printf("Msg: %d\n", data[0]);
2229 vnc_client_error(vs);
2230 break;
2231 }
2232
2233 vnc_read_when(vs, protocol_client_msg, 1);
2234 return 0;
2235}
2236
2237static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2238{
2239 char buf[1024];
2240 VncShareMode mode;
2241 int size;
2242
2243 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2244 switch (vs->vd->share_policy) {
2245 case VNC_SHARE_POLICY_IGNORE:
2246 /*
2247 * Ignore the shared flag. Nothing to do here.
2248 *
2249 * Doesn't conform to the rfb spec but is traditional qemu
2250 * behavior, thus left here as option for compatibility
2251 * reasons.
2252 */
2253 break;
2254 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2255 /*
2256 * Policy: Allow clients ask for exclusive access.
2257 *
2258 * Implementation: When a client asks for exclusive access,
2259 * disconnect all others. Shared connects are allowed as long
2260 * as no exclusive connection exists.
2261 *
2262 * This is how the rfb spec suggests to handle the shared flag.
2263 */
2264 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2265 VncState *client;
2266 QTAILQ_FOREACH(client, &vs->vd->clients, next)for ((client) = ((&vs->vd->clients)->tqh_first);
(client); (client) = ((client)->next.tqe_next)) {
2267 if (vs == client) {
2268 continue;
2269 }
2270 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2271 client->share_mode != VNC_SHARE_MODE_SHARED) {
2272 continue;
2273 }
2274 vnc_disconnect_start(client);
2275 }
2276 }
2277 if (mode == VNC_SHARE_MODE_SHARED) {
2278 if (vs->vd->num_exclusive > 0) {
2279 vnc_disconnect_start(vs);
2280 return 0;
2281 }
2282 }
2283 break;
2284 case VNC_SHARE_POLICY_FORCE_SHARED:
2285 /*
2286 * Policy: Shared connects only.
2287 * Implementation: Disallow clients asking for exclusive access.
2288 *
2289 * Useful for shared desktop sessions where you don't want
2290 * someone forgetting to say -shared when running the vnc
2291 * client disconnect everybody else.
2292 */
2293 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2294 vnc_disconnect_start(vs);
2295 return 0;
2296 }
2297 break;
2298 }
2299 vnc_set_share_mode(vs, mode);
2300
2301 vs->client_width = surface_width(vs->vd->ds);
2302 vs->client_height = surface_height(vs->vd->ds);
2303 vnc_write_u16(vs, vs->client_width);
2304 vnc_write_u16(vs, vs->client_height);
2305
2306 pixel_format_message(vs);
2307
2308 if (qemu_name)
2309 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2310 else
2311 size = snprintf(buf, sizeof(buf), "QEMU");
2312
2313 vnc_write_u32(vs, size);
2314 vnc_write(vs, buf, size);
2315 vnc_flush(vs);
2316
2317 vnc_client_cache_auth(vs);
2318 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2319
2320 vnc_read_when(vs, protocol_client_msg, 1);
2321
2322 return 0;
2323}
2324
2325void start_client_init(VncState *vs)
2326{
2327 vnc_read_when(vs, protocol_client_init, 1);
2328}
2329
2330static void make_challenge(VncState *vs)
2331{
2332 int i;
2333
2334 srand(time(NULL((void*)0))+getpid()+getpid()*987654+rand());
2335
2336 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2337 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX2147483647+1.0));
2338}
2339
2340static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2341{
2342 unsigned char response[VNC_AUTH_CHALLENGE_SIZE16];
2343 int i, j, pwlen;
2344 unsigned char key[8];
2345 time_t now = time(NULL((void*)0));
2346
2347 if (!vs->vd->password) {
2348 VNC_DEBUG("No password configured on server")do { } while (0);
2349 goto reject;
2350 }
2351 if (vs->vd->expires < now) {
2352 VNC_DEBUG("Password is expired")do { } while (0);
2353 goto reject;
2354 }
2355
2356 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE16);
2357
2358 /* Calculate the expected challenge response */
2359 pwlen = strlen(vs->vd->password);
2360 for (i=0; i<sizeof(key); i++)
2361 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2362 deskey(key, EN00);
2363 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE16; j += 8)
2364 des(response+j, response+j);
2365
2366 /* Compare expected vs actual challenge response */
2367 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE16) != 0) {
2368 VNC_DEBUG("Client challenge response did not match\n")do { } while (0);
2369 goto reject;
2370 } else {
2371 VNC_DEBUG("Accepting VNC challenge response\n")do { } while (0);
2372 vnc_write_u32(vs, 0); /* Accept auth */
2373 vnc_flush(vs);
2374
2375 start_client_init(vs);
2376 }
2377 return 0;
2378
2379reject:
2380 vnc_write_u32(vs, 1); /* Reject auth */
2381 if (vs->minor >= 8) {
2382 static const char err[] = "Authentication failed";
2383 vnc_write_u32(vs, sizeof(err));
2384 vnc_write(vs, err, sizeof(err));
2385 }
2386 vnc_flush(vs);
2387 vnc_client_error(vs);
2388 return 0;
2389}
2390
2391void start_auth_vnc(VncState *vs)
2392{
2393 make_challenge(vs);
2394 /* Send client a 'random' challenge */
2395 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2396 vnc_flush(vs);
2397
2398 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2399}
2400
2401
2402static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2403{
2404 /* We only advertise 1 auth scheme at a time, so client
2405 * must pick the one we sent. Verify this */
2406 if (data[0] != vs->auth) { /* Reject auth */
2407 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0])do { } while (0);
2408 vnc_write_u32(vs, 1);
2409 if (vs->minor >= 8) {
2410 static const char err[] = "Authentication failed";
2411 vnc_write_u32(vs, sizeof(err));
2412 vnc_write(vs, err, sizeof(err));
2413 }
2414 vnc_client_error(vs);
2415 } else { /* Accept requested auth */
2416 VNC_DEBUG("Client requested auth %d\n", (int)data[0])do { } while (0);
2417 switch (vs->auth) {
2418 case VNC_AUTH_NONE:
2419 VNC_DEBUG("Accept auth none\n")do { } while (0);
2420 if (vs->minor >= 8) {
2421 vnc_write_u32(vs, 0); /* Accept auth completion */
2422 vnc_flush(vs);
2423 }
2424 start_client_init(vs);
2425 break;
2426
2427 case VNC_AUTH_VNC:
2428 VNC_DEBUG("Start VNC auth\n")do { } while (0);
2429 start_auth_vnc(vs);
2430 break;
2431
2432#ifdef CONFIG_VNC_TLS1
2433 case VNC_AUTH_VENCRYPT:
2434 VNC_DEBUG("Accept VeNCrypt auth\n")do { } while (0);
2435 start_auth_vencrypt(vs);
2436 break;
2437#endif /* CONFIG_VNC_TLS */
2438
2439#ifdef CONFIG_VNC_SASL1
2440 case VNC_AUTH_SASL:
2441 VNC_DEBUG("Accept SASL auth\n")do { } while (0);
2442 start_auth_sasl(vs);
2443 break;
2444#endif /* CONFIG_VNC_SASL */
2445
2446 default: /* Should not be possible, but just in case */
2447 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth)do { } while (0);
2448 vnc_write_u8(vs, 1);
2449 if (vs->minor >= 8) {
2450 static const char err[] = "Authentication failed";
2451 vnc_write_u32(vs, sizeof(err));
2452 vnc_write(vs, err, sizeof(err));
2453 }
2454 vnc_client_error(vs);
2455 }
2456 }
2457 return 0;
2458}
2459
2460static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2461{
2462 char local[13];
2463
2464 memcpy(local, version, 12);
2465 local[12] = 0;
2466
2467 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2468 VNC_DEBUG("Malformed protocol version %s\n", local)do { } while (0);
2469 vnc_client_error(vs);
2470 return 0;
2471 }
2472 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor)do { } while (0);
2473 if (vs->major != 3 ||
2474 (vs->minor != 3 &&
2475 vs->minor != 4 &&
2476 vs->minor != 5 &&
2477 vs->minor != 7 &&
2478 vs->minor != 8)) {
2479 VNC_DEBUG("Unsupported client version\n")do { } while (0);
2480 vnc_write_u32(vs, VNC_AUTH_INVALID);
2481 vnc_flush(vs);
2482 vnc_client_error(vs);
2483 return 0;
2484 }
2485 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2486 * as equivalent to v3.3 by servers
2487 */
2488 if (vs->minor == 4 || vs->minor == 5)
2489 vs->minor = 3;
2490
2491 if (vs->minor == 3) {
2492 if (vs->auth == VNC_AUTH_NONE) {
2493 VNC_DEBUG("Tell client auth none\n")do { } while (0);
2494 vnc_write_u32(vs, vs->auth);
2495 vnc_flush(vs);
2496 start_client_init(vs);
2497 } else if (vs->auth == VNC_AUTH_VNC) {
2498 VNC_DEBUG("Tell client VNC auth\n")do { } while (0);
2499 vnc_write_u32(vs, vs->auth);
2500 vnc_flush(vs);
2501 start_auth_vnc(vs);
2502 } else {
2503 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth)do { } while (0);
2504 vnc_write_u32(vs, VNC_AUTH_INVALID);
2505 vnc_flush(vs);
2506 vnc_client_error(vs);
2507 }
2508 } else {
2509 VNC_DEBUG("Telling client we support auth %d\n", vs->auth)do { } while (0);
2510 vnc_write_u8(vs, 1); /* num auth */
2511 vnc_write_u8(vs, vs->auth);
2512 vnc_read_when(vs, protocol_client_auth, 1);
2513 vnc_flush(vs);
2514 }
2515
2516 return 0;
2517}
2518
2519static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2520{
2521 struct VncSurface *vs = &vd->guest;
2522
2523 return &vs->stats[y / VNC_STAT_RECT64][x / VNC_STAT_RECT64];
2524}
2525
2526void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2527{
2528 int i, j;
2529
2530 w = (x + w) / VNC_STAT_RECT64;
2531 h = (y + h) / VNC_STAT_RECT64;
2532 x /= VNC_STAT_RECT64;
2533 y /= VNC_STAT_RECT64;
2534
2535 for (j = y; j <= h; j++) {
2536 for (i = x; i <= w; i++) {
2537 vs->lossy_rect[j][i] = 1;
2538 }
2539 }
2540}
2541
2542static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2543{
2544 VncState *vs;
2545 int sty = y / VNC_STAT_RECT64;
2546 int stx = x / VNC_STAT_RECT64;
2547 int has_dirty = 0;
2548
2549 y = y / VNC_STAT_RECT64 * VNC_STAT_RECT64;
2550 x = x / VNC_STAT_RECT64 * VNC_STAT_RECT64;
2551
2552 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
2553 int j;
2554
2555 /* kernel send buffers are full -> refresh later */
2556 if (vs->output.offset) {
2557 continue;
2558 }
2559
2560 if (!vs->lossy_rect[sty][stx]) {
2561 continue;
2562 }
2563
2564 vs->lossy_rect[sty][stx] = 0;
2565 for (j = 0; j < VNC_STAT_RECT64; ++j) {
2566 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT64 / 16);
2567 }
2568 has_dirty++;
2569 }
2570
2571 return has_dirty;
2572}
2573
2574static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2575{
2576 int width = pixman_image_get_width(vd->guest.fb);
2577 int height = pixman_image_get_height(vd->guest.fb);
2578 int x, y;
2579 struct timeval res;
2580 int has_dirty = 0;
2581
2582 for (y = 0; y < height; y += VNC_STAT_RECT64) {
2583 for (x = 0; x < width; x += VNC_STAT_RECT64) {
2584 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2585
2586 rect->updated = false0;
2587 }
2588 }
2589
2590 qemu_timersub(tv, &VNC_REFRESH_STATS, &res)do { (&res)->tv_sec = (tv)->tv_sec - (&VNC_REFRESH_STATS
)->tv_sec; (&res)->tv_usec = (tv)->tv_usec - (&
VNC_REFRESH_STATS)->tv_usec; if ((&res)->tv_usec <
0) { --(&res)->tv_sec; (&res)->tv_usec += 1000000
; } } while (0);
2591
2592 if (timercmp(&vd->guest.last_freq_check, &res, >)(((&vd->guest.last_freq_check)->tv_sec == (&res
)->tv_sec) ? ((&vd->guest.last_freq_check)->tv_usec
> (&res)->tv_usec) : ((&vd->guest.last_freq_check
)->tv_sec > (&res)->tv_sec))) {
2593 return has_dirty;
2594 }
2595 vd->guest.last_freq_check = *tv;
2596
2597 for (y = 0; y < height; y += VNC_STAT_RECT64) {
2598 for (x = 0; x < width; x += VNC_STAT_RECT64) {
2599 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2600 int count = ARRAY_SIZE(rect->times)(sizeof(rect->times) / sizeof((rect->times)[0]));
2601 struct timeval min, max;
2602
2603 if (!timerisset(&rect->times[count - 1])((&rect->times[count - 1])->tv_sec || (&rect->
times[count - 1])->tv_usec)) {
2604 continue ;
2605 }
2606
2607 max = rect->times[(rect->idx + count - 1) % count];
2608 qemu_timersub(tv, &max, &res)do { (&res)->tv_sec = (tv)->tv_sec - (&max)->
tv_sec; (&res)->tv_usec = (tv)->tv_usec - (&max
)->tv_usec; if ((&res)->tv_usec < 0) { --(&res
)->tv_sec; (&res)->tv_usec += 1000000; } } while (0
);
2609
2610 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)(((&res)->tv_sec == (&VNC_REFRESH_LOSSY)->tv_sec
) ? ((&res)->tv_usec > (&VNC_REFRESH_LOSSY)->
tv_usec) : ((&res)->tv_sec > (&VNC_REFRESH_LOSSY
)->tv_sec))) {
2611 rect->freq = 0;
2612 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2613 memset(rect->times, 0, sizeof (rect->times));
2614 continue ;
2615 }
2616
2617 min = rect->times[rect->idx];
2618 max = rect->times[(rect->idx + count - 1) % count];
2619 qemu_timersub(&max, &min, &res)do { (&res)->tv_sec = (&max)->tv_sec - (&min
)->tv_sec; (&res)->tv_usec = (&max)->tv_usec
- (&min)->tv_usec; if ((&res)->tv_usec < 0)
{ --(&res)->tv_sec; (&res)->tv_usec += 1000000
; } } while (0);
2620
2621 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2622 rect->freq /= count;
2623 rect->freq = 1. / rect->freq;
2624 }
2625 }
2626 return has_dirty;
2627}
2628
2629double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2630{
2631 int i, j;
2632 double total = 0;
2633 int num = 0;
2634
2635 x = (x / VNC_STAT_RECT64) * VNC_STAT_RECT64;
2636 y = (y / VNC_STAT_RECT64) * VNC_STAT_RECT64;
2637
2638 for (j = y; j <= y + h; j += VNC_STAT_RECT64) {
2639 for (i = x; i <= x + w; i += VNC_STAT_RECT64) {
2640 total += vnc_stat_rect(vs->vd, i, j)->freq;
2641 num++;
2642 }
2643 }
2644
2645 if (num) {
2646 return total / num;
2647 } else {
2648 return 0;
2649 }
2650}
2651
2652static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2653{
2654 VncRectStat *rect;
2655
2656 rect = vnc_stat_rect(vd, x, y);
2657 if (rect->updated) {
2658 return ;
2659 }
2660 rect->times[rect->idx] = *tv;
2661 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times)(sizeof(rect->times) / sizeof((rect->times)[0]));
2662 rect->updated = true1;
2663}
2664
2665static int vnc_refresh_server_surface(VncDisplay *vd)
2666{
2667 int width = pixman_image_get_width(vd->guest.fb);
2668 int height = pixman_image_get_height(vd->guest.fb);
2669 int y;
2670 uint8_t *guest_row;
2671 uint8_t *server_row;
2672 int cmp_bytes;
2673 VncState *vs;
2674 int has_dirty = 0;
2675 pixman_image_t *tmpbuf = NULL((void*)0);
2676
2677 struct timeval tv = { 0, 0 };
2678
2679 if (!vd->non_adaptive) {
2680 gettimeofday(&tv, NULL((void*)0));
2681 has_dirty = vnc_update_stats(vd, &tv);
2682 }
2683
2684 /*
2685 * Walk through the guest dirty map.
2686 * Check and copy modified bits from guest to server surface.
2687 * Update server dirty map.
2688 */
2689 cmp_bytes = 64;
2690 if (cmp_bytes > vnc_server_fb_stride(vd)) {
2691 cmp_bytes = vnc_server_fb_stride(vd);
2692 }
2693 if (vd->guest.format != VNC_SERVER_FB_FORMAT(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8)))) {
2694 int width = pixman_image_get_width(vd->server);
2695 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8))), width);
2696 }
2697 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2698 server_row = (uint8_t *)pixman_image_get_data(vd->server);
2699 for (y = 0; y < height; y++) {
2700 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS(2560 / 16))) {
2701 int x;
2702 uint8_t *guest_ptr;
2703 uint8_t *server_ptr;
2704
2705 if (vd->guest.format != VNC_SERVER_FB_FORMAT(((32) << 24) | ((2) << 16) | ((0) << 12) |
((8) << 8) | ((8) << 4) | ((8)))) {
2706 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2707 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2708 } else {
2709 guest_ptr = guest_row;
2710 }
2711 server_ptr = server_row;
2712
2713 for (x = 0; x + 15 < width;
2714 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2715 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2716 continue;
2717 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2718 continue;
2719 memcpy(server_ptr, guest_ptr, cmp_bytes);
2720 if (!vd->non_adaptive)
2721 vnc_rect_updated(vd, x, y, &tv);
2722 QTAILQ_FOREACH(vs, &vd->clients, next)for ((vs) = ((&vd->clients)->tqh_first); (vs); (vs)
= ((vs)->next.tqe_next)) {
2723 set_bit((x / 16), vs->dirty[y]);
2724 }
2725 has_dirty++;
2726 }
2727 }
2728 guest_row += pixman_image_get_stride(vd->guest.fb);
2729 server_row += pixman_image_get_stride(vd->server);
2730 }
2731 qemu_pixman_image_unref(tmpbuf);
2732 return has_dirty;
2733}
2734
2735static void vnc_refresh(DisplayChangeListener *dcl)
2736{
2737 VncDisplay *vd = container_of(dcl, VncDisplay, dcl)({ const typeof(((VncDisplay *) 0)->dcl) *__mptr = (dcl); (
VncDisplay *) ((char *) __mptr - __builtin_offsetof(VncDisplay
, dcl));});
2738 VncState *vs, *vn;
2739 int has_dirty, rects = 0;
2740
2741 graphic_hw_update(NULL((void*)0));
2742
2743 if (vnc_trylock_display(vd)) {
2744 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE30);
2745 return;
2746 }
2747
2748 has_dirty = vnc_refresh_server_surface(vd);
2749 vnc_unlock_display(vd);
2750
2751 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn)for ((vs) = ((&vd->clients)->tqh_first); (vs) &&
((vn) = ((vs)->next.tqe_next), 1); (vs) = (vn)) {
2752 rects += vnc_update_client(vs, has_dirty);
2753 /* vs might be free()ed here */
2754 }
2755
2756 if (QTAILQ_EMPTY(&vd->clients)((&vd->clients)->tqh_first == ((void*)0))) {
2757 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX3000);
2758 return;
2759 }
2760
2761 if (has_dirty && rects) {
2762 vd->dcl.update_interval /= 2;
2763 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE30) {
2764 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE30;
2765 }
2766 } else {
2767 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC50;
2768 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX3000) {
2769 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX3000;
2770 }
2771 }
2772}
2773
2774static void vnc_connect(VncDisplay *vd, int csock,
2775 bool_Bool skipauth, bool_Bool websocket)
2776{
2777 VncState *vs = g_malloc0(sizeof(VncState));
2778 int i;
2779
2780 vs->csock = csock;
2781
2782 if (skipauth) {
2783 vs->auth = VNC_AUTH_NONE;
2784#ifdef CONFIG_VNC_TLS1
2785 vs->subauth = VNC_AUTH_INVALID;
2786#endif
2787 } else {
2788 vs->auth = vd->auth;
2789#ifdef CONFIG_VNC_TLS1
2790 vs->subauth = vd->subauth;
2791#endif
2792 }
2793
2794 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS(2048 / 64) * sizeof (*vs->lossy_rect));
2795 for (i = 0; i < VNC_STAT_ROWS(2048 / 64); ++i) {
2796 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS(2560 / 64) * sizeof (uint8_t));
2797 }
2798
2799 VNC_DEBUG("New client on socket %d\n", csock)do { } while (0);
2800 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE30);
2801 qemu_set_nonblock(vs->csock);
2802#ifdef CONFIG_VNC_WS1
2803 if (websocket) {
2804 vs->websocket = 1;
2805#ifdef CONFIG_VNC_TLS1
2806 if (vd->tls.x509cert) {
2807 qemu_set_fd_handler2(vs->csock, NULL((void*)0), vncws_tls_handshake_peek,
2808 NULL((void*)0), vs);
2809 } else
2810#endif /* CONFIG_VNC_TLS */
2811 {
2812 qemu_set_fd_handler2(vs->csock, NULL((void*)0), vncws_handshake_read,
2813 NULL((void*)0), vs);
2814 }
2815 } else
2816#endif /* CONFIG_VNC_WS */
2817 {
2818 qemu_set_fd_handler2(vs->csock, NULL((void*)0), vnc_client_read, NULL((void*)0), vs);
2819 }
2820
2821 vnc_client_cache_addr(vs);
2822 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2823 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2824
2825 vs->vd = vd;
2826
2827#ifdef CONFIG_VNC_WS1
2828 if (!vs->websocket)
2829#endif
2830 {
2831 vnc_init_state(vs);
2832 }
2833}
2834
2835void vnc_init_state(VncState *vs)
2836{
2837 vs->initialized = true1;
2838 VncDisplay *vd = vs->vd;
2839
2840 vs->last_x = -1;
2841 vs->last_y = -1;
2842
2843 vs->as.freq = 44100;
2844 vs->as.nchannels = 2;
2845 vs->as.fmt = AUD_FMT_S16;
2846 vs->as.endianness = 0;
2847
2848 qemu_mutex_init(&vs->output_mutex);
2849 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2850
2851 QTAILQ_INSERT_HEAD(&vd->clients, vs, next)do { if (((vs)->next.tqe_next = (&vd->clients)->
tqh_first) != ((void*)0)) (&vd->clients)->tqh_first
->next.tqe_prev = &(vs)->next.tqe_next; else (&
vd->clients)->tqh_last = &(vs)->next.tqe_next; (
&vd->clients)->tqh_first = (vs); (vs)->next.tqe_prev
= &(&vd->clients)->tqh_first; } while ( 0);
2852
2853 graphic_hw_update(NULL((void*)0));
2854
2855 vnc_write(vs, "RFB 003.008\n", 12);
2856 vnc_flush(vs);
2857 vnc_read_when(vs, protocol_version, 12);
2858 reset_keys(vs);
2859 if (vs->vd->lock_key_sync)
2860 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2861
2862 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2863 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2864
2865 /* vs might be free()ed here */
2866}
2867
2868static void vnc_listen_read(void *opaque, bool_Bool websocket)
2869{
2870 VncDisplay *vs = opaque;
2871 struct sockaddr_in addr;
2872 socklen_t addrlen = sizeof(addr);
2873 int csock;
2874
2875 /* Catch-up */
2876 graphic_hw_update(NULL((void*)0));
2877#ifdef CONFIG_VNC_WS1
2878 if (websocket) {
2879 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen);
2880 } else
2881#endif /* CONFIG_VNC_WS */
2882 {
2883 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2884 }
2885
2886 if (csock != -1) {
2887 vnc_connect(vs, csock, false0, websocket);
2888 }
2889}
2890
2891static void vnc_listen_regular_read(void *opaque)
2892{
2893 vnc_listen_read(opaque, false0);
2894}
2895
2896#ifdef CONFIG_VNC_WS1
2897static void vnc_listen_websocket_read(void *opaque)
2898{
2899 vnc_listen_read(opaque, true1);
2900}
2901#endif /* CONFIG_VNC_WS */
2902
2903static const DisplayChangeListenerOps dcl_ops = {
2904 .dpy_name = "vnc",
2905 .dpy_refresh = vnc_refresh,
2906 .dpy_gfx_copy = vnc_dpy_copy,
2907 .dpy_gfx_update = vnc_dpy_update,
2908 .dpy_gfx_switch = vnc_dpy_switch,
2909 .dpy_mouse_set = vnc_mouse_set,
2910 .dpy_cursor_define = vnc_dpy_cursor_define,
2911};
2912
2913void vnc_display_init(DisplayState *ds)
2914{
2915 VncDisplay *vs = g_malloc0(sizeof(*vs));
2916
2917 vnc_display = vs;
2918
2919 vs->lsock = -1;
2920#ifdef CONFIG_VNC_WS1
2921 vs->lwebsock = -1;
2922#endif
2923
2924 QTAILQ_INIT(&vs->clients)do { (&vs->clients)->tqh_first = ((void*)0); (&
vs->clients)->tqh_last = &(&vs->clients)->
tqh_first; } while ( 0);
2925 vs->expires = TIME_MAX9223372036854775807L;
2926
2927 if (keyboard_layout)
2928 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2929 else
2930 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2931
2932 if (!vs->kbd_layout)
2933 exit(1);
2934
2935 qemu_mutex_init(&vs->mutex);
2936 vnc_start_worker_thread();
2937
2938 vs->dcl.ops = &dcl_ops;
2939 register_displaychangelistener(&vs->dcl);
2940}
2941
2942
2943static void vnc_display_close(DisplayState *ds)
2944{
2945 VncDisplay *vs = vnc_display;
2946
2947 if (!vs)
2948 return;
2949 if (vs->display) {
2950 g_free(vs->display);
2951 vs->display = NULL((void*)0);
2952 }
2953 if (vs->lsock != -1) {
2954 qemu_set_fd_handler2(vs->lsock, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0));
2955 close(vs->lsock);
2956 vs->lsock = -1;
2957 }
2958#ifdef CONFIG_VNC_WS1
2959 g_free(vs->ws_display);
2960 vs->ws_display = NULL((void*)0);
2961 if (vs->lwebsock != -1) {
2962 qemu_set_fd_handler2(vs->lwebsock, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0));
2963 close(vs->lwebsock);
2964 vs->lwebsock = -1;
2965 }
2966#endif /* CONFIG_VNC_WS */
2967 vs->auth = VNC_AUTH_INVALID;
2968#ifdef CONFIG_VNC_TLS1
2969 vs->subauth = VNC_AUTH_INVALID;
2970 vs->tls.x509verify = 0;
2971#endif
2972}
2973
2974static int vnc_display_disable_login(DisplayState *ds)
2975{
2976 VncDisplay *vs = vnc_display;
2977
2978 if (!vs) {
2979 return -1;
2980 }
2981
2982 if (vs->password) {
2983 g_free(vs->password);
2984 }
2985
2986 vs->password = NULL((void*)0);
2987 if (vs->auth == VNC_AUTH_NONE) {
2988 vs->auth = VNC_AUTH_VNC;
2989 }
2990
2991 return 0;
2992}
2993
2994int vnc_display_password(DisplayState *ds, const char *password)
2995{
2996 VncDisplay *vs = vnc_display;
2997
2998 if (!vs) {
2999 return -EINVAL22;
3000 }
3001
3002 if (!password) {
3003 /* This is not the intention of this interface but err on the side
3004 of being safe */
3005 return vnc_display_disable_login(ds);
3006 }
3007
3008 if (vs->password) {
3009 g_free(vs->password);
3010 vs->password = NULL((void*)0);
3011 }
3012 vs->password = g_strdup(password);
3013 if (vs->auth == VNC_AUTH_NONE) {
3014 vs->auth = VNC_AUTH_VNC;
3015 }
3016
3017 return 0;
3018}
3019
3020int vnc_display_pw_expire(DisplayState *ds, time_t expires)
3021{
3022 VncDisplay *vs = vnc_display;
3023
3024 if (!vs) {
3025 return -EINVAL22;
3026 }
3027
3028 vs->expires = expires;
3029 return 0;
3030}
3031
3032char *vnc_display_local_addr(DisplayState *ds)
3033{
3034 VncDisplay *vs = vnc_display;
3035
3036 return vnc_socket_local_addr("%s:%s", vs->lsock);
3037}
3038
3039void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
3040{
3041 VncDisplay *vs = vnc_display;
3042 const char *options;
3043 int password = 0;
3044 int reverse = 0;
3045#ifdef CONFIG_VNC_TLS1
3046 int tls = 0, x509 = 0;
3047#endif
3048#ifdef CONFIG_VNC_SASL1
3049 int sasl = 0;
3050 int saslErr;
3051#endif
3052#if defined(CONFIG_VNC_TLS1) || defined(CONFIG_VNC_SASL1)
3053 int acl = 0;
3054#endif
3055 int lock_key_sync = 1;
3056
3057 if (!vnc_display) {
3058 error_setg(errp, "VNC display not active")error_set(errp, ERROR_CLASS_GENERIC_ERROR, "VNC display not active"
);
3059 return;
3060 }
3061 vnc_display_close(ds);
3062 if (strcmp(display, "none") == 0)
3063 return;
3064
3065 vs->display = g_strdup(display);
3066 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3067
3068 options = display;
3069 while ((options = strchr(options, ','))) {
3070 options++;
3071 if (strncmp(options, "password", 8) == 0) {
3072 if (fips_get_state()) {
3073 error_setg(errp,error_set(errp, ERROR_CLASS_GENERIC_ERROR, "VNC password auth disabled due to FIPS mode, "
"consider using the VeNCrypt or SASL authentication " "methods as an alternative"
)
3074 "VNC password auth disabled due to FIPS mode, "error_set(errp, ERROR_CLASS_GENERIC_ERROR, "VNC password auth disabled due to FIPS mode, "
"consider using the VeNCrypt or SASL authentication " "methods as an alternative"
)
3075 "consider using the VeNCrypt or SASL authentication "error_set(errp, ERROR_CLASS_GENERIC_ERROR, "VNC password auth disabled due to FIPS mode, "
"consider using the VeNCrypt or SASL authentication " "methods as an alternative"
)
3076 "methods as an alternative")error_set(errp, ERROR_CLASS_GENERIC_ERROR, "VNC password auth disabled due to FIPS mode, "
"consider using the VeNCrypt or SASL authentication " "methods as an alternative"
);
3077 goto fail;
3078 }
3079 password = 1; /* Require password auth */
3080 } else if (strncmp(options, "reverse", 7) == 0) {
3081 reverse = 1;
3082 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
3083 lock_key_sync = 0;
3084#ifdef CONFIG_VNC_SASL1
3085 } else if (strncmp(options, "sasl", 4) == 0) {
3086 sasl = 1; /* Require SASL auth */
3087#endif
3088#ifdef CONFIG_VNC_WS1
3089 } else if (strncmp(options, "websocket", 9) == 0) {
3090 char *start, *end;
3091 vs->websocket = 1;
3092
3093 /* Check for 'websocket=<port>' */
3094 start = strchr(options, '=');
3095 end = strchr(options, ',');
3096 if (start && (!end || (start < end))) {
3097 int len = end ? end-(start+1) : strlen(start+1);
3098 if (len < 6) {
3099 /* extract the host specification from display */
3100 char *host = NULL((void*)0), *port = NULL((void*)0), *host_end = NULL((void*)0);
3101 port = g_strndup(start + 1, len);
3102
3103 /* ipv6 hosts have colons */
3104 end = strchr(display, ',');
3105 host_end = g_strrstr_len(display, end - display, ":");
3106
3107 if (host_end) {
3108 host = g_strndup(display, host_end - display + 1);
3109 } else {
3110 host = g_strndup(":", 1);
3111 }
3112 vs->ws_display = g_strconcat(host, port, NULL((void*)0));
3113 g_free(host);
3114 g_free(port);
3115 }
3116 }
3117#endif /* CONFIG_VNC_WS */
3118#ifdef CONFIG_VNC_TLS1
3119 } else if (strncmp(options, "tls", 3) == 0) {
3120 tls = 1; /* Require TLS */
3121 } else if (strncmp(options, "x509", 4) == 0) {
3122 char *start, *end;
3123 x509 = 1; /* Require x509 certificates */
3124 if (strncmp(options, "x509verify", 10) == 0)
3125 vs->tls.x509verify = 1; /* ...and verify client certs */
3126
3127 /* Now check for 'x509=/some/path' postfix
3128 * and use that to setup x509 certificate/key paths */
3129 start = strchr(options, '=');
3130 end = strchr(options, ',');
3131 if (start && (!end || (start < end))) {
3132 int len = end ? end-(start+1) : strlen(start+1);
3133 char *path = g_strndup(start + 1, len);
3134
3135 VNC_DEBUG("Trying certificate path '%s'\n", path)do { } while (0);
3136 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
3137 error_setg(errp, "Failed to find x509 certificates/keys in %s", path)error_set(errp, ERROR_CLASS_GENERIC_ERROR, "Failed to find x509 certificates/keys in %s"
, path);
3138 g_free(path);
3139 goto fail;
3140 }
3141 g_free(path);
3142 } else {
3143 error_setg(errp, "No certificate path provided")error_set(errp, ERROR_CLASS_GENERIC_ERROR, "No certificate path provided"
);
3144 goto fail;
3145 }
3146#endif
3147#if defined(CONFIG_VNC_TLS1) || defined(CONFIG_VNC_SASL1)
3148 } else if (strncmp(options, "acl", 3) == 0) {
3149 acl = 1;
3150#endif
3151 } else if (strncmp(options, "lossy", 5) == 0) {
3152 vs->lossy = true1;
3153 } else if (strncmp(options, "non-adaptive", 12) == 0) {
3154 vs->non_adaptive = true1;
3155 } else if (strncmp(options, "share=", 6) == 0) {
3156 if (strncmp(options+6, "ignore", 6) == 0) {
3157 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3158 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
3159 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3160 } else if (strncmp(options+6, "force-shared", 12) == 0) {
3161 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3162 } else {
3163 error_setg(errp, "unknown vnc share= option")error_set(errp, ERROR_CLASS_GENERIC_ERROR, "unknown vnc share= option"
);
3164 goto fail;
3165 }
3166 }
3167 }
3168
3169#ifdef CONFIG_VNC_TLS1
3170 if (acl && x509 && vs->tls.x509verify) {
3171 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
3172 fprintf(stderrstderr, "Failed to create x509 dname ACL\n");
3173 exit(1);
3174 }
3175 }
3176#endif
3177#ifdef CONFIG_VNC_SASL1
3178 if (acl && sasl) {
3179 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
3180 fprintf(stderrstderr, "Failed to create username ACL\n");
3181 exit(1);
3182 }
3183 }
3184#endif
3185
3186 /*
3187 * Combinations we support here:
3188 *
3189 * - no-auth (clear text, no auth)
3190 * - password (clear text, weak auth)
3191 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3192 * - tls (encrypt, weak anonymous creds, no auth)
3193 * - tls + password (encrypt, weak anonymous creds, weak auth)
3194 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3195 * - tls + x509 (encrypt, good x509 creds, no auth)
3196 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3197 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3198 *
3199 * NB1. TLS is a stackable auth scheme.
3200 * NB2. the x509 schemes have option to validate a client cert dname
3201 */
3202 if (password) {
3203#ifdef CONFIG_VNC_TLS1
3204 if (tls) {
3205 vs->auth = VNC_AUTH_VENCRYPT;
3206 if (x509) {
3207 VNC_DEBUG("Initializing VNC server with x509 password auth\n")do { } while (0);
3208 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3209 } else {
3210 VNC_DEBUG("Initializing VNC server with TLS password auth\n")do { } while (0);
3211 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3212 }
3213 } else {
3214#endif /* CONFIG_VNC_TLS */
3215 VNC_DEBUG("Initializing VNC server with password auth\n")do { } while (0);
3216 vs->auth = VNC_AUTH_VNC;
3217#ifdef CONFIG_VNC_TLS1
3218 vs->subauth = VNC_AUTH_INVALID;
3219 }
3220#endif /* CONFIG_VNC_TLS */
3221#ifdef CONFIG_VNC_SASL1
3222 } else if (sasl) {
3223#ifdef CONFIG_VNC_TLS1
3224 if (tls) {
3225 vs->auth = VNC_AUTH_VENCRYPT;
3226 if (x509) {
3227 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n")do { } while (0);
3228 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3229 } else {
3230 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n")do { } while (0);
3231 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3232 }
3233 } else {
3234#endif /* CONFIG_VNC_TLS */
3235 VNC_DEBUG("Initializing VNC server with SASL auth\n")do { } while (0);
3236 vs->auth = VNC_AUTH_SASL;
3237#ifdef CONFIG_VNC_TLS1
3238 vs->subauth = VNC_AUTH_INVALID;
3239 }
3240#endif /* CONFIG_VNC_TLS */
3241#endif /* CONFIG_VNC_SASL */
3242 } else {
3243#ifdef CONFIG_VNC_TLS1
3244 if (tls) {
3245 vs->auth = VNC_AUTH_VENCRYPT;
3246 if (x509) {
3247 VNC_DEBUG("Initializing VNC server with x509 no auth\n")do { } while (0);
3248 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3249 } else {
3250 VNC_DEBUG("Initializing VNC server with TLS no auth\n")do { } while (0);
3251 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3252 }
3253 } else {
3254#endif
3255 VNC_DEBUG("Initializing VNC server with no auth\n")do { } while (0);
3256 vs->auth = VNC_AUTH_NONE;
3257#ifdef CONFIG_VNC_TLS1
3258 vs->subauth = VNC_AUTH_INVALID;
3259 }
3260#endif
3261 }
3262
3263#ifdef CONFIG_VNC_SASL1
3264 if ((saslErr = sasl_server_init(NULL((void*)0), "qemu")) != SASL_OK0) {
3265 error_setg(errp, "Failed to initialize SASL auth: %s",error_set(errp, ERROR_CLASS_GENERIC_ERROR, "Failed to initialize SASL auth: %s"
, sasl_errstring(saslErr, ((void*)0), ((void*)0)))
3266 sasl_errstring(saslErr, NULL, NULL))error_set(errp, ERROR_CLASS_GENERIC_ERROR, "Failed to initialize SASL auth: %s"
, sasl_errstring(saslErr, ((void*)0), ((void*)0)));
3267 goto fail;
3268 }
3269#endif
3270 vs->lock_key_sync = lock_key_sync;
3271
3272 if (reverse) {
3273 /* connect to viewer */
3274 int csock;
3275 vs->lsock = -1;
3276#ifdef CONFIG_VNC_WS1
3277 vs->lwebsock = -1;
3278#endif
3279 if (strncmp(display, "unix:", 5) == 0) {
3280 csock = unix_connect(display+5, errp);
3281 } else {
3282 csock = inet_connect(display, errp);
3283 }
3284 if (csock < 0) {
3285 goto fail;
3286 }
3287 vnc_connect(vs, csock, false0, false0);
3288 } else {
3289 /* listen for connects */
3290 char *dpy;
3291 dpy = g_malloc(256);
3292 if (strncmp(display, "unix:", 5) == 0) {
3293 pstrcpy(dpy, 256, "unix:");
3294 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp);
3295 } else {
3296 vs->lsock = inet_listen(display, dpy, 256,
3297 SOCK_STREAMSOCK_STREAM, 5900, errp);
3298 if (vs->lsock < 0) {
3299 g_free(dpy);
3300 goto fail;
3301 }
3302#ifdef CONFIG_VNC_WS1
3303 if (vs->websocket) {
3304 if (vs->ws_display) {
3305 vs->lwebsock = inet_listen(vs->ws_display, NULL((void*)0), 256,
3306 SOCK_STREAMSOCK_STREAM, 0, errp);
3307 } else {
3308 vs->lwebsock = inet_listen(vs->display, NULL((void*)0), 256,
3309 SOCK_STREAMSOCK_STREAM, 5700, errp);
3310 }
3311
3312 if (vs->lwebsock < 0) {
3313 if (vs->lsock) {
3314 close(vs->lsock);
3315 vs->lsock = -1;
3316 }
3317 g_free(dpy);
3318 goto fail;
3319 }
3320 }
3321#endif /* CONFIG_VNC_WS */
3322 }
3323 g_free(vs->display);
3324 vs->display = dpy;
3325 qemu_set_fd_handler2(vs->lsock, NULL((void*)0),
3326 vnc_listen_regular_read, NULL((void*)0), vs);
3327#ifdef CONFIG_VNC_WS1
3328 if (vs->websocket) {
3329 qemu_set_fd_handler2(vs->lwebsock, NULL((void*)0),
3330 vnc_listen_websocket_read, NULL((void*)0), vs);
3331 }
3332#endif /* CONFIG_VNC_WS */
3333 }
3334 return;
3335
3336fail:
3337 g_free(vs->display);
3338 vs->display = NULL((void*)0);
3339#ifdef CONFIG_VNC_WS1
3340 g_free(vs->ws_display);
3341 vs->ws_display = NULL((void*)0);
3342#endif /* CONFIG_VNC_WS */
3343}
3344
3345void vnc_display_add_client(DisplayState *ds, int csock, bool_Bool skipauth)
3346{
3347 VncDisplay *vs = vnc_display;
3348
3349 vnc_connect(vs, csock, skipauth, false0);
3350}