1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev-core.h" 32 #include "system/system.h" 33 #include "system/runstate.h" 34 #include "qemu/error-report.h" 35 #include "qemu/main-loop.h" 36 #include "qemu/module.h" 37 #include "qemu/option.h" 38 #include "qemu/sockets.h" 39 #include "qemu/timer.h" 40 #include "authz/list.h" 41 #include "qemu/config-file.h" 42 #include "qapi/qapi-emit-events.h" 43 #include "qapi/qapi-events-ui.h" 44 #include "qapi/error.h" 45 #include "qapi/qapi-commands-ui.h" 46 #include "ui/input.h" 47 #include "crypto/hash.h" 48 #include "crypto/tlscreds.h" 49 #include "crypto/tlscredsanon.h" 50 #include "crypto/tlscredsx509.h" 51 #include "crypto/random.h" 52 #include "crypto/secret_common.h" 53 #include "qom/object_interfaces.h" 54 #include "qemu/cutils.h" 55 #include "qemu/help_option.h" 56 #include "io/dns-resolver.h" 57 #include "monitor/monitor.h" 58 59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 60 #define VNC_REFRESH_INTERVAL_INC 50 61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 64 65 #include "vnc_keysym.h" 66 #include "crypto/cipher.h" 67 68 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 69 QTAILQ_HEAD_INITIALIZER(vnc_displays); 70 71 static int vnc_cursor_define(VncState *vs); 72 static void vnc_update_throttle_offset(VncState *vs); 73 74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 75 { 76 #ifdef _VNC_DEBUG 77 static const char *mn[] = { 78 [0] = "undefined", 79 [VNC_SHARE_MODE_CONNECTING] = "connecting", 80 [VNC_SHARE_MODE_SHARED] = "shared", 81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 83 }; 84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 85 vs->ioc, mn[vs->share_mode], mn[mode]); 86 #endif 87 88 switch (vs->share_mode) { 89 case VNC_SHARE_MODE_CONNECTING: 90 vs->vd->num_connecting--; 91 break; 92 case VNC_SHARE_MODE_SHARED: 93 vs->vd->num_shared--; 94 break; 95 case VNC_SHARE_MODE_EXCLUSIVE: 96 vs->vd->num_exclusive--; 97 break; 98 default: 99 break; 100 } 101 102 vs->share_mode = mode; 103 104 switch (vs->share_mode) { 105 case VNC_SHARE_MODE_CONNECTING: 106 vs->vd->num_connecting++; 107 break; 108 case VNC_SHARE_MODE_SHARED: 109 vs->vd->num_shared++; 110 break; 111 case VNC_SHARE_MODE_EXCLUSIVE: 112 vs->vd->num_exclusive++; 113 break; 114 default: 115 break; 116 } 117 } 118 119 120 static void vnc_init_basic_info(SocketAddress *addr, 121 VncBasicInfo *info, 122 Error **errp) 123 { 124 switch (addr->type) { 125 case SOCKET_ADDRESS_TYPE_INET: 126 info->host = g_strdup(addr->u.inet.host); 127 info->service = g_strdup(addr->u.inet.port); 128 if (addr->u.inet.ipv6) { 129 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 130 } else { 131 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 132 } 133 break; 134 135 case SOCKET_ADDRESS_TYPE_UNIX: 136 info->host = g_strdup(""); 137 info->service = g_strdup(addr->u.q_unix.path); 138 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 139 break; 140 141 case SOCKET_ADDRESS_TYPE_VSOCK: 142 case SOCKET_ADDRESS_TYPE_FD: 143 error_setg(errp, "Unsupported socket address type %s", 144 SocketAddressType_str(addr->type)); 145 break; 146 default: 147 abort(); 148 } 149 } 150 151 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 152 VncBasicInfo *info, 153 Error **errp) 154 { 155 SocketAddress *addr = NULL; 156 157 if (!ioc) { 158 error_setg(errp, "No listener socket available"); 159 return; 160 } 161 162 addr = qio_channel_socket_get_local_address(ioc, errp); 163 if (!addr) { 164 return; 165 } 166 167 vnc_init_basic_info(addr, info, errp); 168 qapi_free_SocketAddress(addr); 169 } 170 171 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 172 VncBasicInfo *info, 173 Error **errp) 174 { 175 SocketAddress *addr = NULL; 176 177 addr = qio_channel_socket_get_remote_address(ioc, errp); 178 if (!addr) { 179 return; 180 } 181 182 vnc_init_basic_info(addr, info, errp); 183 qapi_free_SocketAddress(addr); 184 } 185 186 static const char *vnc_auth_name(VncDisplay *vd) { 187 switch (vd->auth) { 188 case VNC_AUTH_INVALID: 189 return "invalid"; 190 case VNC_AUTH_NONE: 191 return "none"; 192 case VNC_AUTH_VNC: 193 return "vnc"; 194 case VNC_AUTH_RA2: 195 return "ra2"; 196 case VNC_AUTH_RA2NE: 197 return "ra2ne"; 198 case VNC_AUTH_TIGHT: 199 return "tight"; 200 case VNC_AUTH_ULTRA: 201 return "ultra"; 202 case VNC_AUTH_TLS: 203 return "tls"; 204 case VNC_AUTH_VENCRYPT: 205 switch (vd->subauth) { 206 case VNC_AUTH_VENCRYPT_PLAIN: 207 return "vencrypt+plain"; 208 case VNC_AUTH_VENCRYPT_TLSNONE: 209 return "vencrypt+tls+none"; 210 case VNC_AUTH_VENCRYPT_TLSVNC: 211 return "vencrypt+tls+vnc"; 212 case VNC_AUTH_VENCRYPT_TLSPLAIN: 213 return "vencrypt+tls+plain"; 214 case VNC_AUTH_VENCRYPT_X509NONE: 215 return "vencrypt+x509+none"; 216 case VNC_AUTH_VENCRYPT_X509VNC: 217 return "vencrypt+x509+vnc"; 218 case VNC_AUTH_VENCRYPT_X509PLAIN: 219 return "vencrypt+x509+plain"; 220 case VNC_AUTH_VENCRYPT_TLSSASL: 221 return "vencrypt+tls+sasl"; 222 case VNC_AUTH_VENCRYPT_X509SASL: 223 return "vencrypt+x509+sasl"; 224 default: 225 return "vencrypt"; 226 } 227 case VNC_AUTH_SASL: 228 return "sasl"; 229 } 230 return "unknown"; 231 } 232 233 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 234 { 235 VncServerInfo *info; 236 Error *err = NULL; 237 238 if (!vd->listener || !qio_net_listener_nsioc(vd->listener)) { 239 return NULL; 240 } 241 242 info = g_malloc0(sizeof(*info)); 243 vnc_init_basic_info_from_server_addr(qio_net_listener_sioc(vd->listener, 0), 244 qapi_VncServerInfo_base(info), &err); 245 info->auth = g_strdup(vnc_auth_name(vd)); 246 if (err) { 247 qapi_free_VncServerInfo(info); 248 info = NULL; 249 error_free(err); 250 } 251 return info; 252 } 253 254 static void vnc_client_cache_auth(VncState *client) 255 { 256 if (!client->info) { 257 return; 258 } 259 260 if (client->tls) { 261 client->info->x509_dname = 262 qcrypto_tls_session_get_peer_name(client->tls); 263 } 264 #ifdef CONFIG_VNC_SASL 265 if (client->sasl.conn && 266 client->sasl.username) { 267 client->info->sasl_username = g_strdup(client->sasl.username); 268 } 269 #endif 270 } 271 272 static void vnc_client_cache_addr(VncState *client) 273 { 274 Error *err = NULL; 275 276 client->info = g_malloc0(sizeof(*client->info)); 277 vnc_init_basic_info_from_remote_addr(client->sioc, 278 qapi_VncClientInfo_base(client->info), 279 &err); 280 client->info->websocket = client->websocket; 281 if (err) { 282 qapi_free_VncClientInfo(client->info); 283 client->info = NULL; 284 error_free(err); 285 } 286 } 287 288 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 289 { 290 VncServerInfo *si; 291 292 if (!vs->info) { 293 return; 294 } 295 296 si = vnc_server_info_get(vs->vd); 297 if (!si) { 298 return; 299 } 300 301 switch (event) { 302 case QAPI_EVENT_VNC_CONNECTED: 303 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info)); 304 break; 305 case QAPI_EVENT_VNC_INITIALIZED: 306 qapi_event_send_vnc_initialized(si, vs->info); 307 break; 308 case QAPI_EVENT_VNC_DISCONNECTED: 309 qapi_event_send_vnc_disconnected(si, vs->info); 310 break; 311 default: 312 break; 313 } 314 315 qapi_free_VncServerInfo(si); 316 } 317 318 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 319 { 320 VncClientInfo *info; 321 Error *err = NULL; 322 323 info = g_malloc0(sizeof(*info)); 324 325 vnc_init_basic_info_from_remote_addr(client->sioc, 326 qapi_VncClientInfo_base(info), 327 &err); 328 if (err) { 329 error_free(err); 330 qapi_free_VncClientInfo(info); 331 return NULL; 332 } 333 334 info->websocket = client->websocket; 335 336 if (client->tls) { 337 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 338 } 339 #ifdef CONFIG_VNC_SASL 340 if (client->sasl.conn && client->sasl.username) { 341 info->sasl_username = g_strdup(client->sasl.username); 342 } 343 #endif 344 345 return info; 346 } 347 348 static VncDisplay *vnc_display_find(const char *id) 349 { 350 VncDisplay *vd; 351 352 if (id == NULL) { 353 return QTAILQ_FIRST(&vnc_displays); 354 } 355 QTAILQ_FOREACH(vd, &vnc_displays, next) { 356 if (strcmp(id, vd->id) == 0) { 357 return vd; 358 } 359 } 360 return NULL; 361 } 362 363 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 364 { 365 VncClientInfoList *prev = NULL; 366 VncState *client; 367 368 QTAILQ_FOREACH(client, &vd->clients, next) { 369 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client)); 370 } 371 return prev; 372 } 373 374 VncInfo *qmp_query_vnc(Error **errp) 375 { 376 VncInfo *info = g_malloc0(sizeof(*info)); 377 VncDisplay *vd = vnc_display_find(NULL); 378 SocketAddress *addr = NULL; 379 380 if (vd == NULL || !vd->listener || !qio_net_listener_nsioc(vd->listener)) { 381 info->enabled = false; 382 } else { 383 info->enabled = true; 384 385 /* for compatibility with the original command */ 386 info->has_clients = true; 387 info->clients = qmp_query_client_list(vd); 388 389 addr = qio_net_listener_get_local_address(vd->listener, 0, errp); 390 if (!addr) { 391 goto out_error; 392 } 393 394 switch (addr->type) { 395 case SOCKET_ADDRESS_TYPE_INET: 396 info->host = g_strdup(addr->u.inet.host); 397 info->service = g_strdup(addr->u.inet.port); 398 if (addr->u.inet.ipv6) { 399 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 400 } else { 401 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 402 } 403 break; 404 405 case SOCKET_ADDRESS_TYPE_UNIX: 406 info->host = g_strdup(""); 407 info->service = g_strdup(addr->u.q_unix.path); 408 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 409 break; 410 411 case SOCKET_ADDRESS_TYPE_VSOCK: 412 case SOCKET_ADDRESS_TYPE_FD: 413 error_setg(errp, "Unsupported socket address type %s", 414 SocketAddressType_str(addr->type)); 415 goto out_error; 416 default: 417 abort(); 418 } 419 420 info->has_family = true; 421 422 info->auth = g_strdup(vnc_auth_name(vd)); 423 } 424 425 qapi_free_SocketAddress(addr); 426 return info; 427 428 out_error: 429 qapi_free_SocketAddress(addr); 430 qapi_free_VncInfo(info); 431 return NULL; 432 } 433 434 435 static void qmp_query_auth(int auth, int subauth, 436 VncPrimaryAuth *qmp_auth, 437 VncVencryptSubAuth *qmp_vencrypt, 438 bool *qmp_has_vencrypt); 439 440 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc, 441 bool websocket, 442 int auth, 443 int subauth, 444 VncServerInfo2List *prev) 445 { 446 VncServerInfo2 *info; 447 Error *err = NULL; 448 SocketAddress *addr; 449 450 addr = qio_channel_socket_get_local_address(ioc, NULL); 451 if (!addr) { 452 return prev; 453 } 454 455 info = g_new0(VncServerInfo2, 1); 456 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err); 457 qapi_free_SocketAddress(addr); 458 if (err) { 459 qapi_free_VncServerInfo2(info); 460 error_free(err); 461 return prev; 462 } 463 info->websocket = websocket; 464 465 qmp_query_auth(auth, subauth, &info->auth, 466 &info->vencrypt, &info->has_vencrypt); 467 468 QAPI_LIST_PREPEND(prev, info); 469 return prev; 470 } 471 472 static void qmp_query_auth(int auth, int subauth, 473 VncPrimaryAuth *qmp_auth, 474 VncVencryptSubAuth *qmp_vencrypt, 475 bool *qmp_has_vencrypt) 476 { 477 switch (auth) { 478 case VNC_AUTH_VNC: 479 *qmp_auth = VNC_PRIMARY_AUTH_VNC; 480 break; 481 case VNC_AUTH_RA2: 482 *qmp_auth = VNC_PRIMARY_AUTH_RA2; 483 break; 484 case VNC_AUTH_RA2NE: 485 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE; 486 break; 487 case VNC_AUTH_TIGHT: 488 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT; 489 break; 490 case VNC_AUTH_ULTRA: 491 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA; 492 break; 493 case VNC_AUTH_TLS: 494 *qmp_auth = VNC_PRIMARY_AUTH_TLS; 495 break; 496 case VNC_AUTH_VENCRYPT: 497 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT; 498 *qmp_has_vencrypt = true; 499 switch (subauth) { 500 case VNC_AUTH_VENCRYPT_PLAIN: 501 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 502 break; 503 case VNC_AUTH_VENCRYPT_TLSNONE: 504 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 505 break; 506 case VNC_AUTH_VENCRYPT_TLSVNC: 507 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 508 break; 509 case VNC_AUTH_VENCRYPT_TLSPLAIN: 510 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 511 break; 512 case VNC_AUTH_VENCRYPT_X509NONE: 513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 514 break; 515 case VNC_AUTH_VENCRYPT_X509VNC: 516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 517 break; 518 case VNC_AUTH_VENCRYPT_X509PLAIN: 519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 520 break; 521 case VNC_AUTH_VENCRYPT_TLSSASL: 522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 523 break; 524 case VNC_AUTH_VENCRYPT_X509SASL: 525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 526 break; 527 default: 528 *qmp_has_vencrypt = false; 529 break; 530 } 531 break; 532 case VNC_AUTH_SASL: 533 *qmp_auth = VNC_PRIMARY_AUTH_SASL; 534 break; 535 case VNC_AUTH_NONE: 536 default: 537 *qmp_auth = VNC_PRIMARY_AUTH_NONE; 538 break; 539 } 540 } 541 542 VncInfo2List *qmp_query_vnc_servers(Error **errp) 543 { 544 VncInfo2List *prev = NULL; 545 VncInfo2 *info; 546 VncDisplay *vd; 547 DeviceState *dev; 548 size_t i; 549 550 QTAILQ_FOREACH(vd, &vnc_displays, next) { 551 size_t nsioc = 0; 552 553 info = g_new0(VncInfo2, 1); 554 info->id = g_strdup(vd->id); 555 info->clients = qmp_query_client_list(vd); 556 qmp_query_auth(vd->auth, vd->subauth, &info->auth, 557 &info->vencrypt, &info->has_vencrypt); 558 if (vd->dcl.con) { 559 Object *obj = object_property_get_link(OBJECT(vd->dcl.con), 560 "device", NULL); 561 if (obj) { 562 dev = DEVICE(obj); 563 info->display = g_strdup(dev->id); 564 } 565 } 566 if (vd->listener != NULL) { 567 nsioc = qio_net_listener_nsioc(vd->listener); 568 } 569 for (i = 0; i < nsioc; i++) { 570 info->server = qmp_query_server_entry( 571 qio_net_listener_sioc(vd->listener, i), false, vd->auth, 572 vd->subauth, info->server); 573 } 574 nsioc = 0; 575 if (vd->wslistener) { 576 nsioc = qio_net_listener_nsioc(vd->wslistener); 577 } 578 for (i = 0; i < nsioc; i++) { 579 info->server = qmp_query_server_entry( 580 qio_net_listener_sioc(vd->wslistener, i), true, vd->ws_auth, 581 vd->ws_subauth, info->server); 582 } 583 584 QAPI_LIST_PREPEND(prev, info); 585 } 586 return prev; 587 } 588 589 bool vnc_display_reload_certs(const char *id, Error **errp) 590 { 591 VncDisplay *vd = vnc_display_find(id); 592 593 if (!vd) { 594 error_setg(errp, "Can not find vnc display"); 595 return false; 596 } 597 598 if (!vd->tlscreds) { 599 error_setg(errp, "vnc tls is not enabled"); 600 return false; 601 } 602 603 if (!qcrypto_tls_creds_reload(vd->tlscreds, errp)) { 604 return false; 605 } 606 607 return true; 608 } 609 610 /* TODO 611 1) Get the queue working for IO. 612 2) there is some weirdness when using the -S option (the screen is grey 613 and not totally invalidated 614 3) resolutions > 1024 615 */ 616 617 static int vnc_update_client(VncState *vs, int has_dirty); 618 static void vnc_disconnect_start(VncState *vs); 619 620 static void vnc_colordepth(VncState *vs); 621 static void framebuffer_update_request(VncState *vs, int incremental, 622 int x_position, int y_position, 623 int w, int h); 624 static void vnc_refresh(DisplayChangeListener *dcl); 625 static int vnc_refresh_server_surface(VncDisplay *vd); 626 627 static int vnc_width(VncDisplay *vd) 628 { 629 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 630 VNC_DIRTY_PIXELS_PER_BIT)); 631 } 632 633 static int vnc_true_width(VncDisplay *vd) 634 { 635 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds)); 636 } 637 638 static int vnc_height(VncDisplay *vd) 639 { 640 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 641 } 642 643 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 644 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 645 VncDisplay *vd, 646 int x, int y, int w, int h) 647 { 648 int width = vnc_width(vd); 649 int height = vnc_height(vd); 650 651 /* this is needed this to ensure we updated all affected 652 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 653 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 654 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 655 656 x = MIN(x, width); 657 y = MIN(y, height); 658 w = MIN(x + w, width) - x; 659 h = MIN(y + h, height); 660 661 for (; y < h; y++) { 662 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 663 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 664 } 665 } 666 667 static void vnc_dpy_update(DisplayChangeListener *dcl, 668 int x, int y, int w, int h) 669 { 670 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 671 struct VncSurface *s = &vd->guest; 672 673 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 674 } 675 676 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 677 int32_t encoding) 678 { 679 vnc_write_u16(vs, x); 680 vnc_write_u16(vs, y); 681 vnc_write_u16(vs, w); 682 vnc_write_u16(vs, h); 683 684 vnc_write_s32(vs, encoding); 685 } 686 687 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason) 688 { 689 trace_vnc_msg_server_ext_desktop_resize( 690 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason); 691 692 vnc_lock_output(vs); 693 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 694 vnc_write_u8(vs, 0); 695 vnc_write_u16(vs, 1); /* number of rects */ 696 vnc_framebuffer_update(vs, 697 reject_reason ? 1 : 0, 698 reject_reason, 699 vs->client_width, vs->client_height, 700 VNC_ENCODING_DESKTOP_RESIZE_EXT); 701 vnc_write_u8(vs, 1); /* number of screens */ 702 vnc_write_u8(vs, 0); /* padding */ 703 vnc_write_u8(vs, 0); /* padding */ 704 vnc_write_u8(vs, 0); /* padding */ 705 vnc_write_u32(vs, 0); /* screen id */ 706 vnc_write_u16(vs, 0); /* screen x-pos */ 707 vnc_write_u16(vs, 0); /* screen y-pos */ 708 vnc_write_u16(vs, vs->client_width); 709 vnc_write_u16(vs, vs->client_height); 710 vnc_write_u32(vs, 0); /* screen flags */ 711 vnc_unlock_output(vs); 712 vnc_flush(vs); 713 } 714 715 static void vnc_desktop_resize(VncState *vs) 716 { 717 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) && 718 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) { 719 return; 720 } 721 if (vs->client_width == vs->vd->true_width && 722 vs->client_height == pixman_image_get_height(vs->vd->server)) { 723 return; 724 } 725 726 assert(vs->vd->true_width < 65536 && 727 vs->vd->true_width >= 0); 728 assert(pixman_image_get_height(vs->vd->server) < 65536 && 729 pixman_image_get_height(vs->vd->server) >= 0); 730 vs->client_width = vs->vd->true_width; 731 vs->client_height = pixman_image_get_height(vs->vd->server); 732 733 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 734 vnc_desktop_resize_ext(vs, 0); 735 return; 736 } 737 738 trace_vnc_msg_server_desktop_resize( 739 vs, vs->ioc, vs->client_width, vs->client_height); 740 741 vnc_lock_output(vs); 742 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 743 vnc_write_u8(vs, 0); 744 vnc_write_u16(vs, 1); /* number of rects */ 745 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 746 VNC_ENCODING_DESKTOPRESIZE); 747 vnc_unlock_output(vs); 748 vnc_flush(vs); 749 } 750 751 static void vnc_abort_display_jobs(VncDisplay *vd) 752 { 753 VncState *vs; 754 755 QTAILQ_FOREACH(vs, &vd->clients, next) { 756 vnc_lock_output(vs); 757 vs->abort = true; 758 vnc_unlock_output(vs); 759 } 760 QTAILQ_FOREACH(vs, &vd->clients, next) { 761 vnc_jobs_join(vs); 762 } 763 QTAILQ_FOREACH(vs, &vd->clients, next) { 764 vnc_lock_output(vs); 765 if (vs->update == VNC_STATE_UPDATE_NONE && 766 vs->job_update != VNC_STATE_UPDATE_NONE) { 767 /* job aborted before completion */ 768 vs->update = vs->job_update; 769 vs->job_update = VNC_STATE_UPDATE_NONE; 770 } 771 vs->abort = false; 772 vnc_unlock_output(vs); 773 } 774 } 775 776 int vnc_server_fb_stride(VncDisplay *vd) 777 { 778 return pixman_image_get_stride(vd->server); 779 } 780 781 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 782 { 783 uint8_t *ptr; 784 785 ptr = (uint8_t *)pixman_image_get_data(vd->server); 786 ptr += y * vnc_server_fb_stride(vd); 787 ptr += x * VNC_SERVER_FB_BYTES; 788 return ptr; 789 } 790 791 static void vnc_update_server_surface(VncDisplay *vd) 792 { 793 int width, height; 794 795 qemu_pixman_image_unref(vd->server); 796 vd->server = NULL; 797 798 if (QTAILQ_EMPTY(&vd->clients)) { 799 return; 800 } 801 802 width = vnc_width(vd); 803 height = vnc_height(vd); 804 vd->true_width = vnc_true_width(vd); 805 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 806 width, height, 807 NULL, 0); 808 809 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 810 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 811 width, height); 812 } 813 814 static bool vnc_check_pageflip(DisplaySurface *s1, 815 DisplaySurface *s2) 816 { 817 return (s1 != NULL && 818 s2 != NULL && 819 surface_width(s1) == surface_width(s2) && 820 surface_height(s1) == surface_height(s2) && 821 surface_format(s1) == surface_format(s2)); 822 823 } 824 825 static void vnc_dpy_switch(DisplayChangeListener *dcl, 826 DisplaySurface *surface) 827 { 828 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 829 bool pageflip = vnc_check_pageflip(vd->ds, surface); 830 VncState *vs; 831 832 vnc_abort_display_jobs(vd); 833 vd->ds = surface; 834 835 /* guest surface */ 836 qemu_pixman_image_unref(vd->guest.fb); 837 vd->guest.fb = pixman_image_ref(surface->image); 838 vd->guest.format = surface_format(surface); 839 840 841 if (pageflip) { 842 trace_vnc_server_dpy_pageflip(vd, 843 surface_width(surface), 844 surface_height(surface), 845 surface_format(surface)); 846 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 847 surface_width(surface), 848 surface_height(surface)); 849 return; 850 } 851 852 trace_vnc_server_dpy_recreate(vd, 853 surface_width(surface), 854 surface_height(surface), 855 surface_format(surface)); 856 /* server surface */ 857 vnc_update_server_surface(vd); 858 859 QTAILQ_FOREACH(vs, &vd->clients, next) { 860 vnc_colordepth(vs); 861 vnc_desktop_resize(vs); 862 vnc_cursor_define(vs); 863 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 864 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 865 vnc_width(vd), 866 vnc_height(vd)); 867 vnc_update_throttle_offset(vs); 868 } 869 } 870 871 /* fastest code */ 872 static void vnc_write_pixels_copy(VncState *vs, 873 void *pixels, int size) 874 { 875 vnc_write(vs, pixels, size); 876 } 877 878 /* slowest but generic code. */ 879 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 880 { 881 uint8_t r, g, b; 882 883 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 884 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 885 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 886 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 887 #else 888 # error need some bits here if you change VNC_SERVER_FB_FORMAT 889 #endif 890 v = (r << vs->client_pf.rshift) | 891 (g << vs->client_pf.gshift) | 892 (b << vs->client_pf.bshift); 893 switch (vs->client_pf.bytes_per_pixel) { 894 case 1: 895 buf[0] = v; 896 break; 897 case 2: 898 if (vs->client_endian == G_BIG_ENDIAN) { 899 buf[0] = v >> 8; 900 buf[1] = v; 901 } else { 902 buf[1] = v >> 8; 903 buf[0] = v; 904 } 905 break; 906 default: 907 case 4: 908 if (vs->client_endian == G_BIG_ENDIAN) { 909 buf[0] = v >> 24; 910 buf[1] = v >> 16; 911 buf[2] = v >> 8; 912 buf[3] = v; 913 } else { 914 buf[3] = v >> 24; 915 buf[2] = v >> 16; 916 buf[1] = v >> 8; 917 buf[0] = v; 918 } 919 break; 920 } 921 } 922 923 static void vnc_write_pixels_generic(VncState *vs, 924 void *pixels1, int size) 925 { 926 uint8_t buf[4]; 927 928 if (VNC_SERVER_FB_BYTES == 4) { 929 uint32_t *pixels = pixels1; 930 int n, i; 931 n = size >> 2; 932 for (i = 0; i < n; i++) { 933 vnc_convert_pixel(vs, buf, pixels[i]); 934 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 935 } 936 } 937 } 938 939 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 940 { 941 int i; 942 uint8_t *row; 943 VncDisplay *vd = vs->vd; 944 945 row = vnc_server_fb_ptr(vd, x, y); 946 for (i = 0; i < h; i++) { 947 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 948 row += vnc_server_fb_stride(vd); 949 } 950 return 1; 951 } 952 953 int vnc_send_framebuffer_update(VncState *vs, VncWorker *worker, 954 int x, int y, int w, int h) 955 { 956 int n = 0; 957 958 switch(vs->vnc_encoding) { 959 case VNC_ENCODING_ZLIB: 960 n = vnc_zlib_send_framebuffer_update(vs, worker, x, y, w, h); 961 break; 962 case VNC_ENCODING_HEXTILE: 963 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 964 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 965 break; 966 case VNC_ENCODING_TIGHT: 967 n = vnc_tight_send_framebuffer_update(vs, worker, x, y, w, h); 968 break; 969 case VNC_ENCODING_TIGHT_PNG: 970 n = vnc_tight_png_send_framebuffer_update(vs, worker, x, y, w, h); 971 break; 972 case VNC_ENCODING_ZRLE: 973 n = vnc_zrle_send_framebuffer_update(vs, worker, x, y, w, h); 974 break; 975 case VNC_ENCODING_ZYWRLE: 976 n = vnc_zywrle_send_framebuffer_update(vs, worker, x, y, w, h); 977 break; 978 default: 979 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 980 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 981 break; 982 } 983 return n; 984 } 985 986 static void vnc_mouse_set(DisplayChangeListener *dcl, 987 int x, int y, bool visible) 988 { 989 /* can we ask the client(s) to move the pointer ??? */ 990 } 991 992 static int vnc_cursor_define(VncState *vs) 993 { 994 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con); 995 int isize; 996 997 if (!c) { 998 return -1; 999 } 1000 1001 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) { 1002 vnc_lock_output(vs); 1003 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1004 vnc_write_u8(vs, 0); /* padding */ 1005 vnc_write_u16(vs, 1); /* # of rects */ 1006 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1007 VNC_ENCODING_ALPHA_CURSOR); 1008 vnc_write_s32(vs, VNC_ENCODING_RAW); 1009 vnc_write(vs, c->data, c->width * c->height * 4); 1010 vnc_unlock_output(vs); 1011 return 0; 1012 } 1013 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 1014 vnc_lock_output(vs); 1015 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1016 vnc_write_u8(vs, 0); /* padding */ 1017 vnc_write_u16(vs, 1); /* # of rects */ 1018 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1019 VNC_ENCODING_RICH_CURSOR); 1020 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 1021 vnc_write_pixels_generic(vs, c->data, isize); 1022 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 1023 vnc_unlock_output(vs); 1024 return 0; 1025 } 1026 return -1; 1027 } 1028 1029 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 1030 QEMUCursor *c) 1031 { 1032 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 1033 VncState *vs; 1034 1035 g_free(vd->cursor_mask); 1036 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1037 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1038 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1039 1040 QTAILQ_FOREACH(vs, &vd->clients, next) { 1041 vnc_cursor_define(vs); 1042 } 1043 } 1044 1045 static int find_and_clear_dirty_height(VncState *vs, 1046 int y, int last_x, int x, int height) 1047 { 1048 int h; 1049 1050 for (h = 1; h < (height - y); h++) { 1051 if (!test_bit(last_x, vs->dirty[y + h])) { 1052 break; 1053 } 1054 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1055 } 1056 1057 return h; 1058 } 1059 1060 /* 1061 * Figure out how much pending data we should allow in the output 1062 * buffer before we throttle incremental display updates, and/or 1063 * drop audio samples. 1064 * 1065 * We allow for equiv of 1 full display's worth of FB updates, 1066 * and 1 second of audio samples. If audio backlog was larger 1067 * than that the client would already suffering awful audio 1068 * glitches, so dropping samples is no worse really). 1069 */ 1070 static void vnc_update_throttle_offset(VncState *vs) 1071 { 1072 size_t offset = 1073 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel; 1074 1075 if (vs->audio_cap) { 1076 int bps; 1077 switch (vs->as.fmt) { 1078 default: 1079 case AUDIO_FORMAT_U8: 1080 case AUDIO_FORMAT_S8: 1081 bps = 1; 1082 break; 1083 case AUDIO_FORMAT_U16: 1084 case AUDIO_FORMAT_S16: 1085 bps = 2; 1086 break; 1087 case AUDIO_FORMAT_U32: 1088 case AUDIO_FORMAT_S32: 1089 bps = 4; 1090 break; 1091 } 1092 offset += vs->as.freq * bps * vs->as.nchannels; 1093 } 1094 1095 /* Put a floor of 1MB on offset, so that if we have a large pending 1096 * buffer and the display is resized to a small size & back again 1097 * we don't suddenly apply a tiny send limit 1098 */ 1099 offset = MAX(offset, 1024 * 1024); 1100 1101 if (vs->throttle_output_offset != offset) { 1102 trace_vnc_client_throttle_threshold( 1103 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width, 1104 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap); 1105 } 1106 1107 vs->throttle_output_offset = offset; 1108 } 1109 1110 static bool vnc_should_update(VncState *vs) 1111 { 1112 switch (vs->update) { 1113 case VNC_STATE_UPDATE_NONE: 1114 break; 1115 case VNC_STATE_UPDATE_INCREMENTAL: 1116 /* Only allow incremental updates if the pending send queue 1117 * is less than the permitted threshold, and the job worker 1118 * is completely idle. 1119 */ 1120 if (vs->output.offset < vs->throttle_output_offset && 1121 vs->job_update == VNC_STATE_UPDATE_NONE) { 1122 return true; 1123 } 1124 trace_vnc_client_throttle_incremental( 1125 vs, vs->ioc, vs->job_update, vs->output.offset); 1126 break; 1127 case VNC_STATE_UPDATE_FORCE: 1128 /* Only allow forced updates if the pending send queue 1129 * does not contain a previous forced update, and the 1130 * job worker is completely idle. 1131 * 1132 * Note this means we'll queue a forced update, even if 1133 * the output buffer size is otherwise over the throttle 1134 * output limit. 1135 */ 1136 if (vs->force_update_offset == 0 && 1137 vs->job_update == VNC_STATE_UPDATE_NONE) { 1138 return true; 1139 } 1140 trace_vnc_client_throttle_forced( 1141 vs, vs->ioc, vs->job_update, vs->force_update_offset); 1142 break; 1143 } 1144 return false; 1145 } 1146 1147 static int vnc_update_client(VncState *vs, int has_dirty) 1148 { 1149 VncDisplay *vd = vs->vd; 1150 VncJob *job; 1151 int y; 1152 int height, width; 1153 int n = 0; 1154 1155 if (vs->disconnecting) { 1156 vnc_disconnect_finish(vs); 1157 return 0; 1158 } 1159 1160 vs->has_dirty += has_dirty; 1161 if (!vnc_should_update(vs)) { 1162 return 0; 1163 } 1164 1165 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) { 1166 return 0; 1167 } 1168 1169 /* 1170 * Send screen updates to the vnc client using the server 1171 * surface and server dirty map. guest surface updates 1172 * happening in parallel don't disturb us, the next pass will 1173 * send them to the client. 1174 */ 1175 job = vnc_job_new(vs); 1176 1177 height = pixman_image_get_height(vd->server); 1178 width = pixman_image_get_width(vd->server); 1179 1180 y = 0; 1181 for (;;) { 1182 int x, h; 1183 unsigned long x2; 1184 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1185 height * VNC_DIRTY_BPL(vs), 1186 y * VNC_DIRTY_BPL(vs)); 1187 if (offset == height * VNC_DIRTY_BPL(vs)) { 1188 /* no more dirty bits */ 1189 break; 1190 } 1191 y = offset / VNC_DIRTY_BPL(vs); 1192 x = offset % VNC_DIRTY_BPL(vs); 1193 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1194 VNC_DIRTY_BPL(vs), x); 1195 bitmap_clear(vs->dirty[y], x, x2 - x); 1196 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1197 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1198 if (x2 > x) { 1199 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1200 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1201 } 1202 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1203 y += h; 1204 if (y == height) { 1205 break; 1206 } 1207 } 1208 } 1209 1210 vs->job_update = vs->update; 1211 vs->update = VNC_STATE_UPDATE_NONE; 1212 vnc_job_push(job); 1213 vs->has_dirty = 0; 1214 return n; 1215 } 1216 1217 /* audio */ 1218 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1219 { 1220 VncState *vs = opaque; 1221 1222 assert(vs->magic == VNC_MAGIC); 1223 switch (cmd) { 1224 case AUD_CNOTIFY_DISABLE: 1225 trace_vnc_msg_server_audio_end(vs, vs->ioc); 1226 vnc_lock_output(vs); 1227 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1228 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1229 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1230 vnc_unlock_output(vs); 1231 vnc_flush(vs); 1232 break; 1233 1234 case AUD_CNOTIFY_ENABLE: 1235 trace_vnc_msg_server_audio_begin(vs, vs->ioc); 1236 vnc_lock_output(vs); 1237 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1238 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1239 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1240 vnc_unlock_output(vs); 1241 vnc_flush(vs); 1242 break; 1243 } 1244 } 1245 1246 static void audio_capture_destroy(void *opaque) 1247 { 1248 } 1249 1250 static void audio_capture(void *opaque, const void *buf, int size) 1251 { 1252 VncState *vs = opaque; 1253 1254 assert(vs->magic == VNC_MAGIC); 1255 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size); 1256 vnc_lock_output(vs); 1257 if (vs->output.offset < vs->throttle_output_offset) { 1258 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1259 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1260 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1261 vnc_write_u32(vs, size); 1262 vnc_write(vs, buf, size); 1263 } else { 1264 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset); 1265 } 1266 vnc_unlock_output(vs); 1267 vnc_flush(vs); 1268 } 1269 1270 static void audio_add(VncState *vs) 1271 { 1272 struct audio_capture_ops ops; 1273 1274 if (vs->audio_cap) { 1275 error_report("audio already running"); 1276 return; 1277 } 1278 1279 ops.notify = audio_capture_notify; 1280 ops.destroy = audio_capture_destroy; 1281 ops.capture = audio_capture; 1282 1283 vs->audio_cap = AUD_add_capture(vs->vd->audio_be, &vs->as, &ops, vs); 1284 if (!vs->audio_cap) { 1285 error_report("Failed to add audio capture"); 1286 } 1287 } 1288 1289 static void audio_del(VncState *vs) 1290 { 1291 if (vs->audio_cap) { 1292 AUD_del_capture(vs->audio_cap, vs); 1293 vs->audio_cap = NULL; 1294 } 1295 } 1296 1297 static void vnc_disconnect_start(VncState *vs) 1298 { 1299 if (vs->disconnecting) { 1300 return; 1301 } 1302 trace_vnc_client_disconnect_start(vs, vs->ioc); 1303 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1304 if (vs->ioc_tag) { 1305 g_source_remove(vs->ioc_tag); 1306 vs->ioc_tag = 0; 1307 } 1308 qio_channel_close(vs->ioc, NULL); 1309 vs->disconnecting = TRUE; 1310 } 1311 1312 void vnc_disconnect_finish(VncState *vs) 1313 { 1314 VncConnection *vc = container_of(vs, VncConnection, vs); 1315 1316 trace_vnc_client_disconnect_finish(vs, vs->ioc); 1317 1318 vnc_jobs_join(vs); /* Wait encoding jobs */ 1319 1320 vnc_lock_output(vs); 1321 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1322 1323 buffer_free(&vs->input); 1324 buffer_free(&vs->output); 1325 1326 qapi_free_VncClientInfo(vs->info); 1327 1328 vnc_zlib_clear(&vc->worker); 1329 vnc_tight_clear(&vc->worker); 1330 vnc_zrle_clear(&vc->worker); 1331 1332 #ifdef CONFIG_VNC_SASL 1333 vnc_sasl_client_cleanup(vs); 1334 #endif /* CONFIG_VNC_SASL */ 1335 audio_del(vs); 1336 qkbd_state_lift_all_keys(vs->vd->kbd); 1337 1338 if (vs->mouse_mode_notifier.notify != NULL) { 1339 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1340 } 1341 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1342 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1343 /* last client gone */ 1344 vnc_update_server_surface(vs->vd); 1345 } 1346 vnc_unlock_output(vs); 1347 1348 if (vs->cbpeer.notifier.notify) { 1349 qemu_clipboard_peer_unregister(&vs->cbpeer); 1350 } 1351 1352 qemu_mutex_destroy(&vs->output_mutex); 1353 if (vs->bh != NULL) { 1354 qemu_bh_delete(vs->bh); 1355 } 1356 buffer_free(&vs->jobs_buffer); 1357 1358 object_unref(OBJECT(vs->ioc)); 1359 vs->ioc = NULL; 1360 object_unref(OBJECT(vs->sioc)); 1361 vs->sioc = NULL; 1362 vs->magic = 0; 1363 g_free(vc); 1364 } 1365 1366 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err) 1367 { 1368 if (ret <= 0) { 1369 if (ret == 0) { 1370 trace_vnc_client_eof(vs, vs->ioc); 1371 vnc_disconnect_start(vs); 1372 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1373 trace_vnc_client_io_error(vs, vs->ioc, 1374 err ? error_get_pretty(err) : "Unknown"); 1375 vnc_disconnect_start(vs); 1376 } 1377 1378 error_free(err); 1379 return 0; 1380 } 1381 return ret; 1382 } 1383 1384 1385 void vnc_client_error(VncState *vs) 1386 { 1387 VNC_DEBUG("Closing down client sock: protocol error\n"); 1388 vnc_disconnect_start(vs); 1389 } 1390 1391 1392 /* 1393 * Called to write a chunk of data to the client socket. The data may 1394 * be the raw data, or may have already been encoded by SASL. 1395 * The data will be written either straight onto the socket, or 1396 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1397 * 1398 * NB, it is theoretically possible to have 2 layers of encryption, 1399 * both SASL, and this TLS layer. It is highly unlikely in practice 1400 * though, since SASL encryption will typically be a no-op if TLS 1401 * is active 1402 * 1403 * Returns the number of bytes written, which may be less than 1404 * the requested 'datalen' if the socket would block. Returns 1405 * 0 on I/O error, and disconnects the client socket. 1406 */ 1407 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1408 { 1409 Error *err = NULL; 1410 ssize_t ret; 1411 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err); 1412 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1413 return vnc_client_io_error(vs, ret, err); 1414 } 1415 1416 1417 /* 1418 * Called to write buffered data to the client socket, when not 1419 * using any SASL SSF encryption layers. Will write as much data 1420 * as possible without blocking. If all buffered data is written, 1421 * will switch the FD poll() handler back to read monitoring. 1422 * 1423 * Returns the number of bytes written, which may be less than 1424 * the buffered output data if the socket would block. Returns 1425 * 0 on I/O error, and disconnects the client socket. 1426 */ 1427 static size_t vnc_client_write_plain(VncState *vs) 1428 { 1429 size_t offset; 1430 size_t ret; 1431 1432 #ifdef CONFIG_VNC_SASL 1433 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1434 vs->output.buffer, vs->output.capacity, vs->output.offset, 1435 vs->sasl.waitWriteSSF); 1436 1437 if (vs->sasl.conn && 1438 vs->sasl.runSSF && 1439 vs->sasl.waitWriteSSF) { 1440 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1441 if (ret) 1442 vs->sasl.waitWriteSSF -= ret; 1443 } else 1444 #endif /* CONFIG_VNC_SASL */ 1445 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1446 if (!ret) 1447 return 0; 1448 1449 if (ret >= vs->force_update_offset) { 1450 if (vs->force_update_offset != 0) { 1451 trace_vnc_client_unthrottle_forced(vs, vs->ioc); 1452 } 1453 vs->force_update_offset = 0; 1454 } else { 1455 vs->force_update_offset -= ret; 1456 } 1457 offset = vs->output.offset; 1458 buffer_advance(&vs->output, ret); 1459 if (offset >= vs->throttle_output_offset && 1460 vs->output.offset < vs->throttle_output_offset) { 1461 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset); 1462 } 1463 1464 if (vs->output.offset == 0) { 1465 if (vs->ioc_tag) { 1466 g_source_remove(vs->ioc_tag); 1467 } 1468 vs->ioc_tag = qio_channel_add_watch( 1469 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1470 vnc_client_io, vs, NULL); 1471 } 1472 1473 return ret; 1474 } 1475 1476 1477 /* 1478 * First function called whenever there is data to be written to 1479 * the client socket. Will delegate actual work according to whether 1480 * SASL SSF layers are enabled (thus requiring encryption calls) 1481 */ 1482 static void vnc_client_write_locked(VncState *vs) 1483 { 1484 #ifdef CONFIG_VNC_SASL 1485 if (vs->sasl.conn && 1486 vs->sasl.runSSF && 1487 !vs->sasl.waitWriteSSF) { 1488 vnc_client_write_sasl(vs); 1489 } else 1490 #endif /* CONFIG_VNC_SASL */ 1491 { 1492 vnc_client_write_plain(vs); 1493 } 1494 } 1495 1496 static void vnc_client_write(VncState *vs) 1497 { 1498 assert(vs->magic == VNC_MAGIC); 1499 vnc_lock_output(vs); 1500 if (vs->output.offset) { 1501 vnc_client_write_locked(vs); 1502 } else if (vs->ioc != NULL) { 1503 if (vs->ioc_tag) { 1504 g_source_remove(vs->ioc_tag); 1505 } 1506 vs->ioc_tag = qio_channel_add_watch( 1507 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1508 vnc_client_io, vs, NULL); 1509 } 1510 vnc_unlock_output(vs); 1511 } 1512 1513 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1514 { 1515 vs->read_handler = func; 1516 vs->read_handler_expect = expecting; 1517 } 1518 1519 1520 /* 1521 * Called to read a chunk of data from the client socket. The data may 1522 * be the raw data, or may need to be further decoded by SASL. 1523 * The data will be read either straight from to the socket, or 1524 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1525 * 1526 * NB, it is theoretically possible to have 2 layers of encryption, 1527 * both SASL, and this TLS layer. It is highly unlikely in practice 1528 * though, since SASL encryption will typically be a no-op if TLS 1529 * is active 1530 * 1531 * Returns the number of bytes read, which may be less than 1532 * the requested 'datalen' if the socket would block. Returns 1533 * 0 on I/O error or EOF, and disconnects the client socket. 1534 */ 1535 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1536 { 1537 ssize_t ret; 1538 Error *err = NULL; 1539 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err); 1540 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1541 return vnc_client_io_error(vs, ret, err); 1542 } 1543 1544 1545 /* 1546 * Called to read data from the client socket to the input buffer, 1547 * when not using any SASL SSF encryption layers. Will read as much 1548 * data as possible without blocking. 1549 * 1550 * Returns the number of bytes read, which may be less than 1551 * the requested 'datalen' if the socket would block. Returns 1552 * 0 on I/O error or EOF, and disconnects the client socket. 1553 */ 1554 static size_t vnc_client_read_plain(VncState *vs) 1555 { 1556 size_t ret; 1557 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1558 vs->input.buffer, vs->input.capacity, vs->input.offset); 1559 buffer_reserve(&vs->input, 4096); 1560 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1561 if (!ret) 1562 return 0; 1563 vs->input.offset += ret; 1564 return ret; 1565 } 1566 1567 static void vnc_jobs_bh(void *opaque) 1568 { 1569 VncState *vs = opaque; 1570 1571 assert(vs->magic == VNC_MAGIC); 1572 vnc_jobs_consume_buffer(vs); 1573 } 1574 1575 /* 1576 * First function called whenever there is more data to be read from 1577 * the client socket. Will delegate actual work according to whether 1578 * SASL SSF layers are enabled (thus requiring decryption calls) 1579 * Returns 0 on success, -1 if client disconnected 1580 */ 1581 static int vnc_client_read(VncState *vs) 1582 { 1583 size_t sz; 1584 1585 #ifdef CONFIG_VNC_SASL 1586 if (vs->sasl.conn && vs->sasl.runSSF) 1587 sz = vnc_client_read_sasl(vs); 1588 else 1589 #endif /* CONFIG_VNC_SASL */ 1590 sz = vnc_client_read_plain(vs); 1591 if (!sz) { 1592 if (vs->disconnecting) { 1593 vnc_disconnect_finish(vs); 1594 return -1; 1595 } 1596 return 0; 1597 } 1598 1599 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1600 size_t len = vs->read_handler_expect; 1601 int ret; 1602 1603 ret = vs->read_handler(vs, vs->input.buffer, len); 1604 if (vs->disconnecting) { 1605 vnc_disconnect_finish(vs); 1606 return -1; 1607 } 1608 1609 if (!ret) { 1610 buffer_advance(&vs->input, len); 1611 } else { 1612 vs->read_handler_expect = ret; 1613 } 1614 } 1615 return 0; 1616 } 1617 1618 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1619 GIOCondition condition, void *opaque) 1620 { 1621 VncState *vs = opaque; 1622 1623 assert(vs->magic == VNC_MAGIC); 1624 1625 if (condition & (G_IO_HUP | G_IO_ERR)) { 1626 vnc_disconnect_start(vs); 1627 return TRUE; 1628 } 1629 1630 if (condition & G_IO_IN) { 1631 if (vnc_client_read(vs) < 0) { 1632 /* vs is free()ed here */ 1633 return TRUE; 1634 } 1635 } 1636 if (condition & G_IO_OUT) { 1637 vnc_client_write(vs); 1638 } 1639 1640 if (vs->disconnecting) { 1641 if (vs->ioc_tag != 0) { 1642 g_source_remove(vs->ioc_tag); 1643 } 1644 vs->ioc_tag = 0; 1645 } 1646 return TRUE; 1647 } 1648 1649 1650 /* 1651 * Scale factor to apply to vs->throttle_output_offset when checking for 1652 * hard limit. Worst case normal usage could be x2, if we have a complete 1653 * incremental update and complete forced update in the output buffer. 1654 * So x3 should be good enough, but we pick x5 to be conservative and thus 1655 * (hopefully) never trigger incorrectly. 1656 */ 1657 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5 1658 1659 void vnc_write(VncState *vs, const void *data, size_t len) 1660 { 1661 assert(vs->magic == VNC_MAGIC); 1662 if (vs->disconnecting) { 1663 return; 1664 } 1665 /* Protection against malicious client/guest to prevent our output 1666 * buffer growing without bound if client stops reading data. This 1667 * should rarely trigger, because we have earlier throttling code 1668 * which stops issuing framebuffer updates and drops audio data 1669 * if the throttle_output_offset value is exceeded. So we only reach 1670 * this higher level if a huge number of pseudo-encodings get 1671 * triggered while data can't be sent on the socket. 1672 * 1673 * NB throttle_output_offset can be zero during early protocol 1674 * handshake, or from the job thread's VncState clone 1675 */ 1676 if (vs->throttle_output_offset != 0 && 1677 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) > 1678 vs->throttle_output_offset) { 1679 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset, 1680 vs->throttle_output_offset); 1681 vnc_disconnect_start(vs); 1682 return; 1683 } 1684 buffer_reserve(&vs->output, len); 1685 1686 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1687 if (vs->ioc_tag) { 1688 g_source_remove(vs->ioc_tag); 1689 } 1690 vs->ioc_tag = qio_channel_add_watch( 1691 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT, 1692 vnc_client_io, vs, NULL); 1693 } 1694 1695 buffer_append(&vs->output, data, len); 1696 } 1697 1698 void vnc_write_s32(VncState *vs, int32_t value) 1699 { 1700 vnc_write_u32(vs, *(uint32_t *)&value); 1701 } 1702 1703 void vnc_write_u32(VncState *vs, uint32_t value) 1704 { 1705 uint8_t buf[4]; 1706 1707 buf[0] = (value >> 24) & 0xFF; 1708 buf[1] = (value >> 16) & 0xFF; 1709 buf[2] = (value >> 8) & 0xFF; 1710 buf[3] = value & 0xFF; 1711 1712 vnc_write(vs, buf, 4); 1713 } 1714 1715 void vnc_write_u16(VncState *vs, uint16_t value) 1716 { 1717 uint8_t buf[2]; 1718 1719 buf[0] = (value >> 8) & 0xFF; 1720 buf[1] = value & 0xFF; 1721 1722 vnc_write(vs, buf, 2); 1723 } 1724 1725 void vnc_write_u8(VncState *vs, uint8_t value) 1726 { 1727 vnc_write(vs, (char *)&value, 1); 1728 } 1729 1730 void vnc_flush(VncState *vs) 1731 { 1732 vnc_lock_output(vs); 1733 if (vs->ioc != NULL && vs->output.offset) { 1734 vnc_client_write_locked(vs); 1735 } 1736 if (vs->disconnecting) { 1737 if (vs->ioc_tag != 0) { 1738 g_source_remove(vs->ioc_tag); 1739 } 1740 vs->ioc_tag = 0; 1741 } 1742 vnc_unlock_output(vs); 1743 } 1744 1745 static uint8_t read_u8(uint8_t *data, size_t offset) 1746 { 1747 return data[offset]; 1748 } 1749 1750 static uint16_t read_u16(uint8_t *data, size_t offset) 1751 { 1752 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1753 } 1754 1755 static int32_t read_s32(uint8_t *data, size_t offset) 1756 { 1757 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1758 (data[offset + 2] << 8) | data[offset + 3]); 1759 } 1760 1761 uint32_t read_u32(uint8_t *data, size_t offset) 1762 { 1763 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1764 (data[offset + 2] << 8) | data[offset + 3]); 1765 } 1766 1767 static void check_pointer_type_change(Notifier *notifier, void *data) 1768 { 1769 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1770 int absolute = qemu_input_is_absolute(vs->vd->dcl.con); 1771 1772 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1773 vnc_lock_output(vs); 1774 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1775 vnc_write_u8(vs, 0); 1776 vnc_write_u16(vs, 1); 1777 vnc_framebuffer_update(vs, absolute, 0, 1778 pixman_image_get_width(vs->vd->server), 1779 pixman_image_get_height(vs->vd->server), 1780 VNC_ENCODING_POINTER_TYPE_CHANGE); 1781 vnc_unlock_output(vs); 1782 vnc_flush(vs); 1783 } 1784 vs->absolute = absolute; 1785 } 1786 1787 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1788 { 1789 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1790 [INPUT_BUTTON_LEFT] = 0x01, 1791 [INPUT_BUTTON_MIDDLE] = 0x02, 1792 [INPUT_BUTTON_RIGHT] = 0x04, 1793 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1794 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1795 }; 1796 QemuConsole *con = vs->vd->dcl.con; 1797 int width = pixman_image_get_width(vs->vd->server); 1798 int height = pixman_image_get_height(vs->vd->server); 1799 1800 if (vs->last_bmask != button_mask) { 1801 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1802 vs->last_bmask = button_mask; 1803 } 1804 1805 if (vs->absolute) { 1806 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width); 1807 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height); 1808 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1809 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1810 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1811 } else { 1812 if (vs->last_x != -1) { 1813 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1814 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1815 } 1816 vs->last_x = x; 1817 vs->last_y = y; 1818 } 1819 qemu_input_event_sync(); 1820 } 1821 1822 static void press_key(VncState *vs, QKeyCode qcode) 1823 { 1824 qkbd_state_key_event(vs->vd->kbd, qcode, true); 1825 qkbd_state_key_event(vs->vd->kbd, qcode, false); 1826 } 1827 1828 static void vnc_led_state_change(VncState *vs) 1829 { 1830 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1831 return; 1832 } 1833 1834 vnc_lock_output(vs); 1835 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1836 vnc_write_u8(vs, 0); 1837 vnc_write_u16(vs, 1); 1838 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1839 vnc_write_u8(vs, vs->vd->ledstate); 1840 vnc_unlock_output(vs); 1841 vnc_flush(vs); 1842 } 1843 1844 static void kbd_leds(void *opaque, int ledstate) 1845 { 1846 VncDisplay *vd = opaque; 1847 VncState *client; 1848 1849 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1850 (ledstate & QEMU_NUM_LOCK_LED), 1851 (ledstate & QEMU_SCROLL_LOCK_LED)); 1852 1853 if (ledstate == vd->ledstate) { 1854 return; 1855 } 1856 1857 vd->ledstate = ledstate; 1858 1859 QTAILQ_FOREACH(client, &vd->clients, next) { 1860 vnc_led_state_change(client); 1861 } 1862 } 1863 1864 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1865 { 1866 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode); 1867 1868 /* QEMU console switch */ 1869 switch (qcode) { 1870 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */ 1871 if (down && 1872 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) && 1873 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) { 1874 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1); 1875 if (con) { 1876 unregister_displaychangelistener(&vs->vd->dcl); 1877 qkbd_state_switch_console(vs->vd->kbd, con); 1878 vs->vd->dcl.con = con; 1879 register_displaychangelistener(&vs->vd->dcl); 1880 } 1881 return; 1882 } 1883 default: 1884 break; 1885 } 1886 1887 /* Turn off the lock state sync logic if the client support the led 1888 state extension. 1889 */ 1890 if (down && vs->vd->lock_key_sync && 1891 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1892 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1893 /* If the numlock state needs to change then simulate an additional 1894 keypress before sending this one. This will happen if the user 1895 toggles numlock away from the VNC window. 1896 */ 1897 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1898 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1899 trace_vnc_key_sync_numlock(true); 1900 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1901 } 1902 } else { 1903 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1904 trace_vnc_key_sync_numlock(false); 1905 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1906 } 1907 } 1908 } 1909 1910 if (down && vs->vd->lock_key_sync && 1911 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1912 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1913 /* If the capslock state needs to change then simulate an additional 1914 keypress before sending this one. This will happen if the user 1915 toggles capslock away from the VNC window. 1916 */ 1917 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1918 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT); 1919 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK); 1920 if (capslock) { 1921 if (uppercase == shift) { 1922 trace_vnc_key_sync_capslock(false); 1923 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1924 } 1925 } else { 1926 if (uppercase != shift) { 1927 trace_vnc_key_sync_capslock(true); 1928 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1929 } 1930 } 1931 } 1932 1933 qkbd_state_key_event(vs->vd->kbd, qcode, down); 1934 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) { 1935 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con); 1936 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK); 1937 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL); 1938 /* QEMU console emulation */ 1939 if (down) { 1940 switch (keycode) { 1941 case 0x2a: /* Left Shift */ 1942 case 0x36: /* Right Shift */ 1943 case 0x1d: /* Left CTRL */ 1944 case 0x9d: /* Right CTRL */ 1945 case 0x38: /* Left ALT */ 1946 case 0xb8: /* Right ALT */ 1947 break; 1948 case 0xc8: 1949 qemu_text_console_put_keysym(con, QEMU_KEY_UP); 1950 break; 1951 case 0xd0: 1952 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN); 1953 break; 1954 case 0xcb: 1955 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT); 1956 break; 1957 case 0xcd: 1958 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT); 1959 break; 1960 case 0xd3: 1961 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE); 1962 break; 1963 case 0xc7: 1964 qemu_text_console_put_keysym(con, QEMU_KEY_HOME); 1965 break; 1966 case 0xcf: 1967 qemu_text_console_put_keysym(con, QEMU_KEY_END); 1968 break; 1969 case 0xc9: 1970 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP); 1971 break; 1972 case 0xd1: 1973 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN); 1974 break; 1975 1976 case 0x47: 1977 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME); 1978 break; 1979 case 0x48: 1980 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP); 1981 break; 1982 case 0x49: 1983 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP); 1984 break; 1985 case 0x4b: 1986 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT); 1987 break; 1988 case 0x4c: 1989 qemu_text_console_put_keysym(con, '5'); 1990 break; 1991 case 0x4d: 1992 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT); 1993 break; 1994 case 0x4f: 1995 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END); 1996 break; 1997 case 0x50: 1998 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN); 1999 break; 2000 case 0x51: 2001 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN); 2002 break; 2003 case 0x52: 2004 qemu_text_console_put_keysym(con, '0'); 2005 break; 2006 case 0x53: 2007 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE); 2008 break; 2009 2010 case 0xb5: 2011 qemu_text_console_put_keysym(con, '/'); 2012 break; 2013 case 0x37: 2014 qemu_text_console_put_keysym(con, '*'); 2015 break; 2016 case 0x4a: 2017 qemu_text_console_put_keysym(con, '-'); 2018 break; 2019 case 0x4e: 2020 qemu_text_console_put_keysym(con, '+'); 2021 break; 2022 case 0x9c: 2023 qemu_text_console_put_keysym(con, '\n'); 2024 break; 2025 2026 default: 2027 if (control) { 2028 qemu_text_console_put_keysym(con, sym & 0x1f); 2029 } else { 2030 qemu_text_console_put_keysym(con, sym); 2031 } 2032 break; 2033 } 2034 } 2035 } 2036 } 2037 2038 static const char *code2name(int keycode) 2039 { 2040 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode)); 2041 } 2042 2043 static void key_event(VncState *vs, int down, uint32_t sym) 2044 { 2045 int keycode; 2046 int lsym = sym; 2047 2048 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) { 2049 lsym = lsym - 'A' + 'a'; 2050 } 2051 2052 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF, 2053 vs->vd->kbd, down) & SCANCODE_KEYMASK; 2054 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 2055 do_key_event(vs, down, keycode, sym); 2056 } 2057 2058 static void ext_key_event(VncState *vs, int down, 2059 uint32_t sym, uint16_t keycode) 2060 { 2061 /* if the user specifies a keyboard layout, always use it */ 2062 if (keyboard_layout) { 2063 key_event(vs, down, sym); 2064 } else { 2065 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 2066 do_key_event(vs, down, keycode, sym); 2067 } 2068 } 2069 2070 static void framebuffer_update_request(VncState *vs, int incremental, 2071 int x, int y, int w, int h) 2072 { 2073 if (incremental) { 2074 if (vs->update != VNC_STATE_UPDATE_FORCE) { 2075 vs->update = VNC_STATE_UPDATE_INCREMENTAL; 2076 } 2077 } else { 2078 vs->update = VNC_STATE_UPDATE_FORCE; 2079 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 2080 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 2081 vnc_desktop_resize_ext(vs, 0); 2082 } 2083 } 2084 } 2085 2086 static void send_ext_key_event_ack(VncState *vs) 2087 { 2088 vnc_lock_output(vs); 2089 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2090 vnc_write_u8(vs, 0); 2091 vnc_write_u16(vs, 1); 2092 vnc_framebuffer_update(vs, 0, 0, 2093 pixman_image_get_width(vs->vd->server), 2094 pixman_image_get_height(vs->vd->server), 2095 VNC_ENCODING_EXT_KEY_EVENT); 2096 vnc_unlock_output(vs); 2097 vnc_flush(vs); 2098 } 2099 2100 static void send_ext_audio_ack(VncState *vs) 2101 { 2102 vnc_lock_output(vs); 2103 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2104 vnc_write_u8(vs, 0); 2105 vnc_write_u16(vs, 1); 2106 vnc_framebuffer_update(vs, 0, 0, 2107 pixman_image_get_width(vs->vd->server), 2108 pixman_image_get_height(vs->vd->server), 2109 VNC_ENCODING_AUDIO); 2110 vnc_unlock_output(vs); 2111 vnc_flush(vs); 2112 } 2113 2114 static void send_xvp_message(VncState *vs, int code) 2115 { 2116 vnc_lock_output(vs); 2117 vnc_write_u8(vs, VNC_MSG_SERVER_XVP); 2118 vnc_write_u8(vs, 0); /* pad */ 2119 vnc_write_u8(vs, 1); /* version */ 2120 vnc_write_u8(vs, code); 2121 vnc_unlock_output(vs); 2122 vnc_flush(vs); 2123 } 2124 2125 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2126 { 2127 VncConnection *vc = container_of(vs, VncConnection, vs); 2128 int i; 2129 unsigned int enc = 0; 2130 2131 vs->features = 0; 2132 vs->vnc_encoding = 0; 2133 vc->worker.tight.compression = 9; 2134 vc->worker.tight.quality = -1; /* Lossless by default */ 2135 vs->absolute = -1; 2136 2137 /* 2138 * Start from the end because the encodings are sent in order of preference. 2139 * This way the preferred encoding (first encoding defined in the array) 2140 * will be set at the end of the loop. 2141 */ 2142 for (i = n_encodings - 1; i >= 0; i--) { 2143 enc = encodings[i]; 2144 switch (enc) { 2145 case VNC_ENCODING_RAW: 2146 vs->vnc_encoding = enc; 2147 break; 2148 case VNC_ENCODING_HEXTILE: 2149 vnc_set_feature(vs, VNC_FEATURE_HEXTILE); 2150 vs->vnc_encoding = enc; 2151 break; 2152 case VNC_ENCODING_TIGHT: 2153 vnc_set_feature(vs, VNC_FEATURE_TIGHT); 2154 vs->vnc_encoding = enc; 2155 break; 2156 #ifdef CONFIG_PNG 2157 case VNC_ENCODING_TIGHT_PNG: 2158 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG); 2159 vs->vnc_encoding = enc; 2160 break; 2161 #endif 2162 case VNC_ENCODING_ZLIB: 2163 /* 2164 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB. 2165 * So prioritize ZRLE, even if the client hints that it prefers 2166 * ZLIB. 2167 */ 2168 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) { 2169 vnc_set_feature(vs, VNC_FEATURE_ZLIB); 2170 vs->vnc_encoding = enc; 2171 } 2172 break; 2173 case VNC_ENCODING_ZRLE: 2174 vnc_set_feature(vs, VNC_FEATURE_ZRLE); 2175 vs->vnc_encoding = enc; 2176 break; 2177 case VNC_ENCODING_ZYWRLE: 2178 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE); 2179 vs->vnc_encoding = enc; 2180 break; 2181 case VNC_ENCODING_DESKTOPRESIZE: 2182 vnc_set_feature(vs, VNC_FEATURE_RESIZE); 2183 break; 2184 case VNC_ENCODING_DESKTOP_RESIZE_EXT: 2185 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT); 2186 break; 2187 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2188 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE); 2189 break; 2190 case VNC_ENCODING_RICH_CURSOR: 2191 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR); 2192 break; 2193 case VNC_ENCODING_ALPHA_CURSOR: 2194 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR); 2195 break; 2196 case VNC_ENCODING_EXT_KEY_EVENT: 2197 send_ext_key_event_ack(vs); 2198 break; 2199 case VNC_ENCODING_AUDIO: 2200 if (vs->vd->audio_be) { 2201 vnc_set_feature(vs, VNC_FEATURE_AUDIO); 2202 send_ext_audio_ack(vs); 2203 } 2204 break; 2205 case VNC_ENCODING_WMVi: 2206 vnc_set_feature(vs, VNC_FEATURE_WMVI); 2207 break; 2208 case VNC_ENCODING_LED_STATE: 2209 vnc_set_feature(vs, VNC_FEATURE_LED_STATE); 2210 break; 2211 case VNC_ENCODING_XVP: 2212 if (vs->vd->power_control) { 2213 vnc_set_feature(vs, VNC_FEATURE_XVP); 2214 send_xvp_message(vs, VNC_XVP_CODE_INIT); 2215 } 2216 break; 2217 case VNC_ENCODING_CLIPBOARD_EXT: 2218 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT); 2219 vnc_server_cut_text_caps(vs); 2220 break; 2221 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2222 vc->worker.tight.compression = (enc & 0x0F); 2223 break; 2224 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2225 if (vs->vd->lossy) { 2226 vc->worker.tight.quality = (enc & 0x0F); 2227 } 2228 break; 2229 default: 2230 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2231 break; 2232 } 2233 } 2234 vnc_desktop_resize(vs); 2235 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2236 vnc_led_state_change(vs); 2237 vnc_cursor_define(vs); 2238 } 2239 2240 static void set_pixel_conversion(VncState *vs) 2241 { 2242 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf, 2243 vs->client_endian); 2244 2245 if (fmt == VNC_SERVER_FB_FORMAT) { 2246 vs->write_pixels = vnc_write_pixels_copy; 2247 vnc_hextile_set_pixel_conversion(vs, 0); 2248 } else { 2249 vs->write_pixels = vnc_write_pixels_generic; 2250 vnc_hextile_set_pixel_conversion(vs, 1); 2251 } 2252 } 2253 2254 static void send_color_map(VncState *vs) 2255 { 2256 int i; 2257 2258 vnc_lock_output(vs); 2259 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); 2260 vnc_write_u8(vs, 0); /* padding */ 2261 vnc_write_u16(vs, 0); /* first color */ 2262 vnc_write_u16(vs, 256); /* # of colors */ 2263 2264 for (i = 0; i < 256; i++) { 2265 PixelFormat *pf = &vs->client_pf; 2266 2267 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); 2268 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); 2269 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); 2270 } 2271 vnc_unlock_output(vs); 2272 } 2273 2274 static void set_pixel_format(VncState *vs, int bits_per_pixel, 2275 int big_endian_flag, int true_color_flag, 2276 int red_max, int green_max, int blue_max, 2277 int red_shift, int green_shift, int blue_shift) 2278 { 2279 if (!true_color_flag) { 2280 /* Expose a reasonable default 256 color map */ 2281 bits_per_pixel = 8; 2282 red_max = 7; 2283 green_max = 7; 2284 blue_max = 3; 2285 red_shift = 0; 2286 green_shift = 3; 2287 blue_shift = 6; 2288 } 2289 2290 switch (bits_per_pixel) { 2291 case 8: 2292 case 16: 2293 case 32: 2294 break; 2295 default: 2296 vnc_client_error(vs); 2297 return; 2298 } 2299 2300 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2301 vs->client_pf.rbits = ctpopl(red_max); 2302 vs->client_pf.rshift = red_shift; 2303 vs->client_pf.rmask = red_max << red_shift; 2304 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2305 vs->client_pf.gbits = ctpopl(green_max); 2306 vs->client_pf.gshift = green_shift; 2307 vs->client_pf.gmask = green_max << green_shift; 2308 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2309 vs->client_pf.bbits = ctpopl(blue_max); 2310 vs->client_pf.bshift = blue_shift; 2311 vs->client_pf.bmask = blue_max << blue_shift; 2312 vs->client_pf.bits_per_pixel = bits_per_pixel; 2313 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2314 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2315 vs->client_endian = big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN; 2316 trace_vnc_client_pixel_format(vs, vs->ioc, 2317 vs->client_pf.bits_per_pixel, 2318 vs->client_pf.depth, 2319 vs->client_endian); 2320 trace_vnc_client_pixel_format_red(vs, vs->ioc, 2321 vs->client_pf.rmax, 2322 vs->client_pf.rbits, 2323 vs->client_pf.rshift, 2324 vs->client_pf.rmask); 2325 trace_vnc_client_pixel_format_green(vs, vs->ioc, 2326 vs->client_pf.gmax, 2327 vs->client_pf.gbits, 2328 vs->client_pf.gshift, 2329 vs->client_pf.gmask); 2330 trace_vnc_client_pixel_format_blue(vs, vs->ioc, 2331 vs->client_pf.bmax, 2332 vs->client_pf.bbits, 2333 vs->client_pf.bshift, 2334 vs->client_pf.bmask); 2335 2336 if (!true_color_flag) { 2337 send_color_map(vs); 2338 } 2339 2340 set_pixel_conversion(vs); 2341 2342 graphic_hw_invalidate(vs->vd->dcl.con); 2343 graphic_hw_update(vs->vd->dcl.con); 2344 } 2345 2346 static void pixel_format_message (VncState *vs) { 2347 char pad[3] = { 0, 0, 0 }; 2348 2349 vs->client_pf = qemu_default_pixelformat(32); 2350 vs->client_endian = G_BYTE_ORDER; 2351 2352 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2353 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2354 2355 #if HOST_BIG_ENDIAN 2356 vnc_write_u8(vs, 1); /* big-endian-flag */ 2357 #else 2358 vnc_write_u8(vs, 0); /* big-endian-flag */ 2359 #endif 2360 vnc_write_u8(vs, 1); /* true-color-flag */ 2361 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2362 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2363 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2364 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2365 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2366 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2367 vnc_write(vs, pad, 3); /* padding */ 2368 2369 vnc_hextile_set_pixel_conversion(vs, 0); 2370 vs->write_pixels = vnc_write_pixels_copy; 2371 } 2372 2373 static void vnc_colordepth(VncState *vs) 2374 { 2375 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2376 /* Sending a WMVi message to notify the client*/ 2377 vnc_lock_output(vs); 2378 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2379 vnc_write_u8(vs, 0); 2380 vnc_write_u16(vs, 1); /* number of rects */ 2381 vnc_framebuffer_update(vs, 0, 0, 2382 vs->client_width, 2383 vs->client_height, 2384 VNC_ENCODING_WMVi); 2385 pixel_format_message(vs); 2386 vnc_unlock_output(vs); 2387 vnc_flush(vs); 2388 } else { 2389 set_pixel_conversion(vs); 2390 } 2391 } 2392 2393 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2394 { 2395 int i; 2396 uint16_t limit; 2397 uint32_t freq; 2398 VncDisplay *vd = vs->vd; 2399 2400 if (data[0] > 3) { 2401 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2402 } 2403 2404 switch (data[0]) { 2405 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2406 if (len == 1) 2407 return 20; 2408 2409 trace_vnc_msg_client_set_pixel_format(vs, vs->ioc, 2410 read_u8(data, 4), 2411 read_u8(data, 6), 2412 read_u8(data, 7)); 2413 trace_vnc_msg_client_set_pixel_format_rgb(vs, vs->ioc, 2414 read_u16(data, 8), 2415 read_u16(data, 10), 2416 read_u16(data, 12), 2417 read_u8(data, 14), 2418 read_u8(data, 15), 2419 read_u8(data, 16)); 2420 set_pixel_format(vs, read_u8(data, 4), 2421 read_u8(data, 6), read_u8(data, 7), 2422 read_u16(data, 8), read_u16(data, 10), 2423 read_u16(data, 12), read_u8(data, 14), 2424 read_u8(data, 15), read_u8(data, 16)); 2425 break; 2426 case VNC_MSG_CLIENT_SET_ENCODINGS: 2427 if (len == 1) 2428 return 4; 2429 2430 if (len == 4) { 2431 limit = read_u16(data, 2); 2432 if (limit > 0) 2433 return 4 + (limit * 4); 2434 } else 2435 limit = read_u16(data, 2); 2436 2437 for (i = 0; i < limit; i++) { 2438 int32_t val = read_s32(data, 4 + (i * 4)); 2439 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2440 } 2441 2442 trace_vnc_msg_client_set_encodings(vs, vs->ioc, limit); 2443 set_encodings(vs, (int32_t *)(data + 4), limit); 2444 break; 2445 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2446 if (len == 1) 2447 return 10; 2448 2449 trace_vnc_msg_client_framebuffer_update_request(vs, vs->ioc, 2450 read_u8(data, 1), 2451 read_u16(data, 2), 2452 read_u16(data, 4), 2453 read_u16(data, 6), 2454 read_u16(data, 8)); 2455 framebuffer_update_request(vs, 2456 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2457 read_u16(data, 6), read_u16(data, 8)); 2458 break; 2459 case VNC_MSG_CLIENT_KEY_EVENT: 2460 if (len == 1) 2461 return 8; 2462 2463 trace_vnc_msg_client_key_event(vs, vs->ioc, 2464 read_u8(data, 1), 2465 read_u32(data, 4)); 2466 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2467 break; 2468 case VNC_MSG_CLIENT_POINTER_EVENT: 2469 if (len == 1) 2470 return 6; 2471 2472 trace_vnc_msg_client_pointer_event(vs, vs->ioc, 2473 read_u8(data, 1), 2474 read_u16(data, 2), 2475 read_u16(data, 4)); 2476 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2477 break; 2478 case VNC_MSG_CLIENT_CUT_TEXT: 2479 if (len == 1) { 2480 return 8; 2481 } 2482 uint32_t dlen = abs(read_s32(data, 4)); 2483 if (len == 8) { 2484 if (dlen > (1 << 20)) { 2485 error_report("vnc: client_cut_text msg payload has %u bytes" 2486 " which exceeds our limit of 1MB.", dlen); 2487 vnc_client_error(vs); 2488 break; 2489 } 2490 if (dlen > 0) { 2491 return 8 + dlen; 2492 } 2493 } 2494 2495 if (read_s32(data, 4) < 0) { 2496 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) { 2497 error_report("vnc: extended clipboard message while disabled"); 2498 vnc_client_error(vs); 2499 break; 2500 } 2501 if (dlen < 4) { 2502 error_report("vnc: malformed payload (header less than 4 bytes)" 2503 " in extended clipboard pseudo-encoding."); 2504 vnc_client_error(vs); 2505 break; 2506 } 2507 trace_vnc_msg_client_cut_text_ext(vs, vs->ioc, 2508 dlen, read_u32(data, 8)); 2509 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12); 2510 break; 2511 } 2512 trace_vnc_msg_client_cut_text(vs, vs->ioc, read_u32(data, 4)); 2513 vnc_client_cut_text(vs, read_u32(data, 4), data + 8); 2514 break; 2515 case VNC_MSG_CLIENT_XVP: 2516 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) { 2517 error_report("vnc: xvp client message while disabled"); 2518 vnc_client_error(vs); 2519 break; 2520 } 2521 if (len == 1) { 2522 return 4; 2523 } 2524 if (len == 4) { 2525 uint8_t version = read_u8(data, 2); 2526 uint8_t action = read_u8(data, 3); 2527 trace_vnc_msg_client_xvp(vs, vs->ioc, version, action); 2528 2529 if (version != 1) { 2530 error_report("vnc: xvp client message version %d != 1", 2531 version); 2532 vnc_client_error(vs); 2533 break; 2534 } 2535 2536 switch (action) { 2537 case VNC_XVP_ACTION_SHUTDOWN: 2538 qemu_system_powerdown_request(); 2539 break; 2540 case VNC_XVP_ACTION_REBOOT: 2541 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2542 break; 2543 case VNC_XVP_ACTION_RESET: 2544 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET); 2545 break; 2546 default: 2547 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2548 break; 2549 } 2550 } 2551 break; 2552 case VNC_MSG_CLIENT_QEMU: 2553 if (len == 1) 2554 return 2; 2555 2556 switch (read_u8(data, 1)) { 2557 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2558 if (len == 2) 2559 return 12; 2560 2561 trace_vnc_msg_client_ext_key_event(vs, vs->ioc, 2562 read_u16(data, 2), 2563 read_u32(data, 4), 2564 read_u32(data, 8)); 2565 ext_key_event(vs, read_u16(data, 2), 2566 read_u32(data, 4), read_u32(data, 8)); 2567 break; 2568 case VNC_MSG_CLIENT_QEMU_AUDIO: 2569 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) { 2570 error_report("Audio message %d with audio disabled", read_u8(data, 2)); 2571 vnc_client_error(vs); 2572 break; 2573 } 2574 2575 if (len == 2) 2576 return 4; 2577 2578 switch (read_u16 (data, 2)) { 2579 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2580 trace_vnc_msg_client_audio_enable(vs, vs->ioc); 2581 audio_add(vs); 2582 break; 2583 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2584 trace_vnc_msg_client_audio_disable(vs, vs->ioc); 2585 audio_del(vs); 2586 break; 2587 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2588 if (len == 4) 2589 return 10; 2590 switch (read_u8(data, 4)) { 2591 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break; 2592 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break; 2593 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break; 2594 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break; 2595 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break; 2596 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break; 2597 default: 2598 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2599 vnc_client_error(vs); 2600 break; 2601 } 2602 vs->as.nchannels = read_u8(data, 5); 2603 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2604 VNC_DEBUG("Invalid audio channel count %d\n", 2605 read_u8(data, 5)); 2606 vnc_client_error(vs); 2607 break; 2608 } 2609 freq = read_u32(data, 6); 2610 /* No official limit for protocol, but 48khz is a sensible 2611 * upper bound for trustworthy clients, and this limit 2612 * protects calculations involving 'vs->as.freq' later. 2613 */ 2614 if (freq > 48000) { 2615 VNC_DEBUG("Invalid audio frequency %u > 48000", freq); 2616 vnc_client_error(vs); 2617 break; 2618 } 2619 vs->as.freq = freq; 2620 trace_vnc_msg_client_audio_format( 2621 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq); 2622 break; 2623 default: 2624 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2)); 2625 vnc_client_error(vs); 2626 break; 2627 } 2628 break; 2629 2630 default: 2631 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2632 vnc_client_error(vs); 2633 break; 2634 } 2635 break; 2636 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE: 2637 { 2638 size_t size; 2639 uint8_t screens; 2640 int w, h; 2641 2642 if (len < 8) { 2643 return 8; 2644 } 2645 2646 screens = read_u8(data, 6); 2647 size = 8 + screens * 16; 2648 if (len < size) { 2649 return size; 2650 } 2651 w = read_u16(data, 2); 2652 h = read_u16(data, 4); 2653 2654 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens); 2655 if (dpy_ui_info_supported(vs->vd->dcl.con)) { 2656 QemuUIInfo info; 2657 memset(&info, 0, sizeof(info)); 2658 info.width = w; 2659 info.height = h; 2660 dpy_set_ui_info(vs->vd->dcl.con, &info, false); 2661 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */); 2662 } else { 2663 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */); 2664 } 2665 2666 break; 2667 } 2668 default: 2669 VNC_DEBUG("Msg: %d\n", data[0]); 2670 vnc_client_error(vs); 2671 break; 2672 } 2673 2674 vnc_update_throttle_offset(vs); 2675 vnc_read_when(vs, protocol_client_msg, 1); 2676 return 0; 2677 } 2678 2679 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2680 { 2681 char buf[1024]; 2682 VncShareMode mode; 2683 int size; 2684 2685 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2686 switch (vs->vd->share_policy) { 2687 case VNC_SHARE_POLICY_IGNORE: 2688 /* 2689 * Ignore the shared flag. Nothing to do here. 2690 * 2691 * Doesn't conform to the rfb spec but is traditional qemu 2692 * behavior, thus left here as option for compatibility 2693 * reasons. 2694 */ 2695 break; 2696 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2697 /* 2698 * Policy: Allow clients ask for exclusive access. 2699 * 2700 * Implementation: When a client asks for exclusive access, 2701 * disconnect all others. Shared connects are allowed as long 2702 * as no exclusive connection exists. 2703 * 2704 * This is how the rfb spec suggests to handle the shared flag. 2705 */ 2706 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2707 VncState *client; 2708 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2709 if (vs == client) { 2710 continue; 2711 } 2712 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2713 client->share_mode != VNC_SHARE_MODE_SHARED) { 2714 continue; 2715 } 2716 vnc_disconnect_start(client); 2717 } 2718 } 2719 if (mode == VNC_SHARE_MODE_SHARED) { 2720 if (vs->vd->num_exclusive > 0) { 2721 vnc_disconnect_start(vs); 2722 return 0; 2723 } 2724 } 2725 break; 2726 case VNC_SHARE_POLICY_FORCE_SHARED: 2727 /* 2728 * Policy: Shared connects only. 2729 * Implementation: Disallow clients asking for exclusive access. 2730 * 2731 * Useful for shared desktop sessions where you don't want 2732 * someone forgetting to say -shared when running the vnc 2733 * client disconnect everybody else. 2734 */ 2735 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2736 vnc_disconnect_start(vs); 2737 return 0; 2738 } 2739 break; 2740 } 2741 vnc_set_share_mode(vs, mode); 2742 2743 if (vs->vd->num_shared > vs->vd->connections_limit) { 2744 vnc_disconnect_start(vs); 2745 return 0; 2746 } 2747 2748 assert(pixman_image_get_width(vs->vd->server) < 65536 && 2749 pixman_image_get_width(vs->vd->server) >= 0); 2750 assert(pixman_image_get_height(vs->vd->server) < 65536 && 2751 pixman_image_get_height(vs->vd->server) >= 0); 2752 vs->client_width = pixman_image_get_width(vs->vd->server); 2753 vs->client_height = pixman_image_get_height(vs->vd->server); 2754 vnc_write_u16(vs, vs->client_width); 2755 vnc_write_u16(vs, vs->client_height); 2756 2757 pixel_format_message(vs); 2758 2759 if (qemu_name) { 2760 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2761 if (size > sizeof(buf)) { 2762 size = sizeof(buf); 2763 } 2764 } else { 2765 size = snprintf(buf, sizeof(buf), "QEMU"); 2766 } 2767 2768 vnc_write_u32(vs, size); 2769 vnc_write(vs, buf, size); 2770 vnc_flush(vs); 2771 2772 vnc_client_cache_auth(vs); 2773 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2774 2775 vnc_read_when(vs, protocol_client_msg, 1); 2776 2777 return 0; 2778 } 2779 2780 void start_client_init(VncState *vs) 2781 { 2782 vnc_read_when(vs, protocol_client_init, 1); 2783 } 2784 2785 static void authentication_failed(VncState *vs) 2786 { 2787 vnc_write_u32(vs, 1); /* Reject auth */ 2788 if (vs->minor >= 8) { 2789 static const char err[] = "Authentication failed"; 2790 vnc_write_u32(vs, sizeof(err)); 2791 vnc_write(vs, err, sizeof(err)); 2792 } 2793 vnc_flush(vs); 2794 vnc_client_error(vs); 2795 } 2796 2797 static void 2798 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey) 2799 { 2800 size_t i; 2801 for (i = 0; i < nkey; i++) { 2802 uint8_t r = key[i]; 2803 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; 2804 r = (r & 0xcc) >> 2 | (r & 0x33) << 2; 2805 r = (r & 0xaa) >> 1 | (r & 0x55) << 1; 2806 key[i] = r; 2807 } 2808 } 2809 2810 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2811 { 2812 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2813 size_t i, pwlen; 2814 unsigned char key[8]; 2815 time_t now = time(NULL); 2816 QCryptoCipher *cipher = NULL; 2817 Error *err = NULL; 2818 2819 if (!vs->vd->password) { 2820 trace_vnc_auth_fail(vs, vs->auth, "password is not set", ""); 2821 goto reject; 2822 } 2823 if (vs->vd->expires < now) { 2824 trace_vnc_auth_fail(vs, vs->auth, "password is expired", ""); 2825 goto reject; 2826 } 2827 2828 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2829 2830 /* Calculate the expected challenge response */ 2831 pwlen = strlen(vs->vd->password); 2832 for (i=0; i<sizeof(key); i++) 2833 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2834 vnc_munge_des_rfb_key(key, sizeof(key)); 2835 2836 cipher = qcrypto_cipher_new( 2837 QCRYPTO_CIPHER_ALGO_DES, 2838 QCRYPTO_CIPHER_MODE_ECB, 2839 key, G_N_ELEMENTS(key), 2840 &err); 2841 if (!cipher) { 2842 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher", 2843 error_get_pretty(err)); 2844 error_free(err); 2845 goto reject; 2846 } 2847 2848 if (qcrypto_cipher_encrypt(cipher, 2849 vs->challenge, 2850 response, 2851 VNC_AUTH_CHALLENGE_SIZE, 2852 &err) < 0) { 2853 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response", 2854 error_get_pretty(err)); 2855 error_free(err); 2856 goto reject; 2857 } 2858 2859 /* Compare expected vs actual challenge response */ 2860 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2861 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", ""); 2862 goto reject; 2863 } else { 2864 trace_vnc_auth_pass(vs, vs->auth); 2865 vnc_write_u32(vs, 0); /* Accept auth */ 2866 vnc_flush(vs); 2867 2868 start_client_init(vs); 2869 } 2870 2871 qcrypto_cipher_free(cipher); 2872 return 0; 2873 2874 reject: 2875 authentication_failed(vs); 2876 qcrypto_cipher_free(cipher); 2877 return 0; 2878 } 2879 2880 void start_auth_vnc(VncState *vs) 2881 { 2882 Error *err = NULL; 2883 2884 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) { 2885 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes", 2886 error_get_pretty(err)); 2887 error_free(err); 2888 authentication_failed(vs); 2889 return; 2890 } 2891 2892 /* Send client a 'random' challenge */ 2893 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2894 vnc_flush(vs); 2895 2896 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2897 } 2898 2899 2900 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2901 { 2902 /* We only advertise 1 auth scheme at a time, so client 2903 * must pick the one we sent. Verify this */ 2904 if (data[0] != vs->auth) { /* Reject auth */ 2905 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]); 2906 authentication_failed(vs); 2907 } else { /* Accept requested auth */ 2908 trace_vnc_auth_start(vs, vs->auth); 2909 switch (vs->auth) { 2910 case VNC_AUTH_NONE: 2911 if (vs->minor >= 8) { 2912 vnc_write_u32(vs, 0); /* Accept auth completion */ 2913 vnc_flush(vs); 2914 } 2915 trace_vnc_auth_pass(vs, vs->auth); 2916 start_client_init(vs); 2917 break; 2918 2919 case VNC_AUTH_VNC: 2920 start_auth_vnc(vs); 2921 break; 2922 2923 case VNC_AUTH_VENCRYPT: 2924 start_auth_vencrypt(vs); 2925 break; 2926 2927 #ifdef CONFIG_VNC_SASL 2928 case VNC_AUTH_SASL: 2929 start_auth_sasl(vs); 2930 break; 2931 #endif /* CONFIG_VNC_SASL */ 2932 2933 default: /* Should not be possible, but just in case */ 2934 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", ""); 2935 authentication_failed(vs); 2936 } 2937 } 2938 return 0; 2939 } 2940 2941 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2942 { 2943 char local[13]; 2944 2945 memcpy(local, version, 12); 2946 local[12] = 0; 2947 2948 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2949 VNC_DEBUG("Malformed protocol version %s\n", local); 2950 vnc_client_error(vs); 2951 return 0; 2952 } 2953 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2954 if (vs->major != 3 || 2955 (vs->minor != 3 && 2956 vs->minor != 4 && 2957 vs->minor != 5 && 2958 vs->minor != 7 && 2959 vs->minor != 8)) { 2960 VNC_DEBUG("Unsupported client version\n"); 2961 vnc_write_u32(vs, VNC_AUTH_INVALID); 2962 vnc_flush(vs); 2963 vnc_client_error(vs); 2964 return 0; 2965 } 2966 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2967 * as equivalent to v3.3 by servers 2968 */ 2969 if (vs->minor == 4 || vs->minor == 5) 2970 vs->minor = 3; 2971 2972 if (vs->minor == 3) { 2973 trace_vnc_auth_start(vs, vs->auth); 2974 if (vs->auth == VNC_AUTH_NONE) { 2975 vnc_write_u32(vs, vs->auth); 2976 vnc_flush(vs); 2977 trace_vnc_auth_pass(vs, vs->auth); 2978 start_client_init(vs); 2979 } else if (vs->auth == VNC_AUTH_VNC) { 2980 VNC_DEBUG("Tell client VNC auth\n"); 2981 vnc_write_u32(vs, vs->auth); 2982 vnc_flush(vs); 2983 start_auth_vnc(vs); 2984 } else { 2985 trace_vnc_auth_fail(vs, vs->auth, 2986 "Unsupported auth method for v3.3", ""); 2987 vnc_write_u32(vs, VNC_AUTH_INVALID); 2988 vnc_flush(vs); 2989 vnc_client_error(vs); 2990 } 2991 } else { 2992 vnc_write_u8(vs, 1); /* num auth */ 2993 vnc_write_u8(vs, vs->auth); 2994 vnc_read_when(vs, protocol_client_auth, 1); 2995 vnc_flush(vs); 2996 } 2997 2998 return 0; 2999 } 3000 3001 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 3002 { 3003 struct VncSurface *vs = &vd->guest; 3004 3005 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 3006 } 3007 3008 void vnc_sent_lossy_rect(VncWorker *worker, int x, int y, int w, int h) 3009 { 3010 int i, j; 3011 3012 w = (x + w) / VNC_STAT_RECT; 3013 h = (y + h) / VNC_STAT_RECT; 3014 x /= VNC_STAT_RECT; 3015 y /= VNC_STAT_RECT; 3016 3017 for (j = y; j <= h; j++) { 3018 for (i = x; i <= w; i++) { 3019 worker->lossy_rect[j][i] = 1; 3020 } 3021 } 3022 } 3023 3024 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 3025 { 3026 VncState *vs; 3027 int sty = y / VNC_STAT_RECT; 3028 int stx = x / VNC_STAT_RECT; 3029 int has_dirty = 0; 3030 3031 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 3032 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 3033 3034 QTAILQ_FOREACH(vs, &vd->clients, next) { 3035 VncConnection *vc = container_of(vs, VncConnection, vs); 3036 int j; 3037 3038 /* kernel send buffers are full -> refresh later */ 3039 if (vs->output.offset) { 3040 continue; 3041 } 3042 3043 if (!vc->worker.lossy_rect[sty][stx]) { 3044 continue; 3045 } 3046 3047 vc->worker.lossy_rect[sty][stx] = 0; 3048 for (j = 0; j < VNC_STAT_RECT; ++j) { 3049 bitmap_set(vs->dirty[y + j], 3050 x / VNC_DIRTY_PIXELS_PER_BIT, 3051 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 3052 } 3053 has_dirty++; 3054 } 3055 3056 return has_dirty; 3057 } 3058 3059 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 3060 { 3061 int width = MIN(pixman_image_get_width(vd->guest.fb), 3062 pixman_image_get_width(vd->server)); 3063 int height = MIN(pixman_image_get_height(vd->guest.fb), 3064 pixman_image_get_height(vd->server)); 3065 int x, y; 3066 struct timeval res; 3067 int has_dirty = 0; 3068 3069 for (y = 0; y < height; y += VNC_STAT_RECT) { 3070 for (x = 0; x < width; x += VNC_STAT_RECT) { 3071 VncRectStat *rect = vnc_stat_rect(vd, x, y); 3072 3073 rect->updated = false; 3074 } 3075 } 3076 3077 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 3078 3079 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 3080 return has_dirty; 3081 } 3082 vd->guest.last_freq_check = *tv; 3083 3084 for (y = 0; y < height; y += VNC_STAT_RECT) { 3085 for (x = 0; x < width; x += VNC_STAT_RECT) { 3086 VncRectStat *rect= vnc_stat_rect(vd, x, y); 3087 int count = ARRAY_SIZE(rect->times); 3088 struct timeval min, max; 3089 3090 if (!timerisset(&rect->times[count - 1])) { 3091 continue ; 3092 } 3093 3094 max = rect->times[(rect->idx + count - 1) % count]; 3095 qemu_timersub(tv, &max, &res); 3096 3097 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 3098 rect->freq = 0; 3099 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 3100 memset(rect->times, 0, sizeof (rect->times)); 3101 continue ; 3102 } 3103 3104 min = rect->times[rect->idx]; 3105 max = rect->times[(rect->idx + count - 1) % count]; 3106 qemu_timersub(&max, &min, &res); 3107 3108 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 3109 rect->freq /= count; 3110 rect->freq = 1. / rect->freq; 3111 } 3112 } 3113 return has_dirty; 3114 } 3115 3116 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 3117 { 3118 int i, j; 3119 double total = 0; 3120 int num = 0; 3121 3122 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 3123 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 3124 3125 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 3126 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 3127 total += vnc_stat_rect(vs->vd, i, j)->freq; 3128 num++; 3129 } 3130 } 3131 3132 if (num) { 3133 return total / num; 3134 } else { 3135 return 0; 3136 } 3137 } 3138 3139 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 3140 { 3141 VncRectStat *rect; 3142 3143 rect = vnc_stat_rect(vd, x, y); 3144 if (rect->updated) { 3145 return; 3146 } 3147 rect->times[rect->idx] = *tv; 3148 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 3149 rect->updated = true; 3150 } 3151 3152 static int vnc_refresh_server_surface(VncDisplay *vd) 3153 { 3154 int width = MIN(pixman_image_get_width(vd->guest.fb), 3155 pixman_image_get_width(vd->server)); 3156 int height = MIN(pixman_image_get_height(vd->guest.fb), 3157 pixman_image_get_height(vd->server)); 3158 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 3159 uint8_t *guest_row0 = NULL, *server_row0; 3160 VncState *vs; 3161 int has_dirty = 0; 3162 pixman_image_t *tmpbuf = NULL; 3163 unsigned long offset; 3164 int x; 3165 uint8_t *guest_ptr, *server_ptr; 3166 3167 struct timeval tv = { 0, 0 }; 3168 3169 if (!vd->non_adaptive) { 3170 gettimeofday(&tv, NULL); 3171 has_dirty = vnc_update_stats(vd, &tv); 3172 } 3173 3174 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3175 height * VNC_DIRTY_BPL(&vd->guest), 0); 3176 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3177 /* no dirty bits in guest surface */ 3178 return has_dirty; 3179 } 3180 3181 /* 3182 * Walk through the guest dirty map. 3183 * Check and copy modified bits from guest to server surface. 3184 * Update server dirty map. 3185 */ 3186 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 3187 server_stride = guest_stride = guest_ll = 3188 pixman_image_get_stride(vd->server); 3189 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 3190 server_stride); 3191 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3192 int w = pixman_image_get_width(vd->server); 3193 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w); 3194 } else { 3195 int guest_bpp = 3196 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 3197 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 3198 guest_stride = pixman_image_get_stride(vd->guest.fb); 3199 guest_ll = pixman_image_get_width(vd->guest.fb) 3200 * DIV_ROUND_UP(guest_bpp, 8); 3201 } 3202 line_bytes = MIN(server_stride, guest_ll); 3203 3204 for (;;) { 3205 y = offset / VNC_DIRTY_BPL(&vd->guest); 3206 x = offset % VNC_DIRTY_BPL(&vd->guest); 3207 3208 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 3209 3210 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3211 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 3212 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 3213 } else { 3214 guest_ptr = guest_row0 + y * guest_stride; 3215 } 3216 guest_ptr += x * cmp_bytes; 3217 3218 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 3219 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 3220 int _cmp_bytes = cmp_bytes; 3221 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 3222 continue; 3223 } 3224 if ((x + 1) * cmp_bytes > line_bytes) { 3225 _cmp_bytes = line_bytes - x * cmp_bytes; 3226 } 3227 assert(_cmp_bytes >= 0); 3228 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 3229 continue; 3230 } 3231 memcpy(server_ptr, guest_ptr, _cmp_bytes); 3232 if (!vd->non_adaptive) { 3233 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 3234 y, &tv); 3235 } 3236 QTAILQ_FOREACH(vs, &vd->clients, next) { 3237 set_bit(x, vs->dirty[y]); 3238 } 3239 has_dirty++; 3240 } 3241 3242 y++; 3243 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3244 height * VNC_DIRTY_BPL(&vd->guest), 3245 y * VNC_DIRTY_BPL(&vd->guest)); 3246 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3247 /* no more dirty bits */ 3248 break; 3249 } 3250 } 3251 qemu_pixman_image_unref(tmpbuf); 3252 return has_dirty; 3253 } 3254 3255 static void vnc_refresh(DisplayChangeListener *dcl) 3256 { 3257 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 3258 VncState *vs, *vn; 3259 int has_dirty, rects = 0; 3260 3261 if (QTAILQ_EMPTY(&vd->clients)) { 3262 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 3263 return; 3264 } 3265 3266 graphic_hw_update(vd->dcl.con); 3267 3268 if (vnc_trylock_display(vd)) { 3269 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3270 return; 3271 } 3272 3273 has_dirty = vnc_refresh_server_surface(vd); 3274 vnc_unlock_display(vd); 3275 3276 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 3277 rects += vnc_update_client(vs, has_dirty); 3278 /* vs might be free()ed here */ 3279 } 3280 3281 if (has_dirty && rects) { 3282 vd->dcl.update_interval /= 2; 3283 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 3284 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 3285 } 3286 } else { 3287 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 3288 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 3289 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 3290 } 3291 } 3292 } 3293 3294 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 3295 bool skipauth, bool websocket) 3296 { 3297 VncConnection *vc = g_new0(VncConnection, 1); 3298 VncState *vs = &vc->vs; 3299 bool first_client = QTAILQ_EMPTY(&vd->clients); 3300 3301 trace_vnc_client_connect(vs, sioc); 3302 vs->magic = VNC_MAGIC; 3303 vs->sioc = sioc; 3304 object_ref(OBJECT(vs->sioc)); 3305 vs->ioc = QIO_CHANNEL(sioc); 3306 object_ref(OBJECT(vs->ioc)); 3307 vs->vd = vd; 3308 3309 buffer_init(&vs->input, "vnc-input/%p", sioc); 3310 buffer_init(&vs->output, "vnc-output/%p", sioc); 3311 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 3312 3313 buffer_init(&vc->worker.tight.tight, "vnc-tight/%p", sioc); 3314 buffer_init(&vc->worker.tight.zlib, "vnc-tight-zlib/%p", sioc); 3315 buffer_init(&vc->worker.tight.gradient, "vnc-tight-gradient/%p", sioc); 3316 #ifdef CONFIG_VNC_JPEG 3317 buffer_init(&vc->worker.tight.jpeg, "vnc-tight-jpeg/%p", sioc); 3318 #endif 3319 #ifdef CONFIG_PNG 3320 buffer_init(&vc->worker.tight.png, "vnc-tight-png/%p", sioc); 3321 #endif 3322 buffer_init(&vc->worker.zlib.zlib, "vnc-zlib/%p", sioc); 3323 buffer_init(&vc->worker.zrle.zrle, "vnc-zrle/%p", sioc); 3324 buffer_init(&vc->worker.zrle.fb, "vnc-zrle-fb/%p", sioc); 3325 buffer_init(&vc->worker.zrle.zlib, "vnc-zrle-zlib/%p", sioc); 3326 3327 if (skipauth) { 3328 vs->auth = VNC_AUTH_NONE; 3329 vs->subauth = VNC_AUTH_INVALID; 3330 } else { 3331 if (websocket) { 3332 vs->auth = vd->ws_auth; 3333 vs->subauth = VNC_AUTH_INVALID; 3334 } else { 3335 vs->auth = vd->auth; 3336 vs->subauth = vd->subauth; 3337 } 3338 } 3339 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 3340 sioc, websocket, vs->auth, vs->subauth); 3341 3342 VNC_DEBUG("New client on socket %p\n", vs->sioc); 3343 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3344 qio_channel_set_blocking(vs->ioc, false, &error_abort); 3345 if (vs->ioc_tag) { 3346 g_source_remove(vs->ioc_tag); 3347 } 3348 if (websocket) { 3349 vs->websocket = 1; 3350 if (vd->tlscreds) { 3351 vs->ioc_tag = qio_channel_add_watch( 3352 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3353 vncws_tls_handshake_io, vs, NULL); 3354 } else { 3355 vs->ioc_tag = qio_channel_add_watch( 3356 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3357 vncws_handshake_io, vs, NULL); 3358 } 3359 } else { 3360 vs->ioc_tag = qio_channel_add_watch( 3361 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3362 vnc_client_io, vs, NULL); 3363 } 3364 3365 vnc_client_cache_addr(vs); 3366 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3367 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3368 3369 vs->last_x = -1; 3370 vs->last_y = -1; 3371 3372 vs->as.freq = 44100; 3373 vs->as.nchannels = 2; 3374 vs->as.fmt = AUDIO_FORMAT_S16; 3375 vs->as.endianness = 0; 3376 3377 qemu_mutex_init(&vs->output_mutex); 3378 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3379 3380 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3381 if (first_client) { 3382 vnc_update_server_surface(vd); 3383 } 3384 3385 graphic_hw_update(vd->dcl.con); 3386 3387 if (!vs->websocket) { 3388 vnc_start_protocol(vs); 3389 } 3390 3391 if (vd->num_connecting > vd->connections_limit) { 3392 QTAILQ_FOREACH(vs, &vd->clients, next) { 3393 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3394 vnc_disconnect_start(vs); 3395 return; 3396 } 3397 } 3398 } 3399 } 3400 3401 void vnc_start_protocol(VncState *vs) 3402 { 3403 vnc_write(vs, "RFB 003.008\n", 12); 3404 vnc_flush(vs); 3405 vnc_read_when(vs, protocol_version, 12); 3406 3407 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3408 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3409 } 3410 3411 static void vnc_listen_io(QIONetListener *listener, 3412 QIOChannelSocket *cioc, 3413 void *opaque) 3414 { 3415 VncDisplay *vd = opaque; 3416 bool isWebsock = listener == vd->wslistener; 3417 3418 qio_channel_set_name(QIO_CHANNEL(cioc), 3419 isWebsock ? "vnc-ws-server" : "vnc-server"); 3420 qio_channel_set_delay(QIO_CHANNEL(cioc), false); 3421 vnc_connect(vd, cioc, false, isWebsock); 3422 } 3423 3424 static const DisplayChangeListenerOps dcl_ops = { 3425 .dpy_name = "vnc", 3426 .dpy_refresh = vnc_refresh, 3427 .dpy_gfx_update = vnc_dpy_update, 3428 .dpy_gfx_switch = vnc_dpy_switch, 3429 .dpy_gfx_check_format = qemu_pixman_check_format, 3430 .dpy_mouse_set = vnc_mouse_set, 3431 .dpy_cursor_define = vnc_dpy_cursor_define, 3432 }; 3433 3434 static void vmstate_change_handler(void *opaque, bool running, RunState state) 3435 { 3436 VncDisplay *vd = opaque; 3437 3438 if (state != RUN_STATE_RUNNING) { 3439 return; 3440 } 3441 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3442 } 3443 3444 void vnc_display_init(const char *id, Error **errp) 3445 { 3446 VncDisplay *vd; 3447 3448 if (vnc_display_find(id) != NULL) { 3449 return; 3450 } 3451 vd = g_malloc0(sizeof(*vd)); 3452 3453 vd->id = strdup(id); 3454 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next); 3455 3456 QTAILQ_INIT(&vd->clients); 3457 vd->expires = TIME_MAX; 3458 3459 if (keyboard_layout) { 3460 trace_vnc_key_map_init(keyboard_layout); 3461 vd->kbd_layout = init_keyboard_layout(name2keysym, 3462 keyboard_layout, errp); 3463 } else { 3464 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp); 3465 } 3466 3467 if (!vd->kbd_layout) { 3468 return; 3469 } 3470 3471 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3472 vd->connections_limit = 32; 3473 3474 qemu_mutex_init(&vd->mutex); 3475 vnc_start_worker_thread(); 3476 3477 vd->dcl.ops = &dcl_ops; 3478 register_displaychangelistener(&vd->dcl); 3479 vd->kbd = qkbd_state_init(vd->dcl.con); 3480 vd->vmstate_handler_entry = qemu_add_vm_change_state_handler( 3481 &vmstate_change_handler, vd); 3482 } 3483 3484 3485 static void vnc_display_close(VncDisplay *vd) 3486 { 3487 if (!vd) { 3488 return; 3489 } 3490 3491 if (vd->listener) { 3492 qio_net_listener_disconnect(vd->listener); 3493 object_unref(OBJECT(vd->listener)); 3494 } 3495 vd->listener = NULL; 3496 3497 if (vd->wslistener) { 3498 qio_net_listener_disconnect(vd->wslistener); 3499 object_unref(OBJECT(vd->wslistener)); 3500 } 3501 vd->wslistener = NULL; 3502 3503 vd->auth = VNC_AUTH_INVALID; 3504 vd->subauth = VNC_AUTH_INVALID; 3505 if (vd->tlscreds) { 3506 object_unref(OBJECT(vd->tlscreds)); 3507 vd->tlscreds = NULL; 3508 } 3509 if (vd->tlsauthz) { 3510 object_unparent(OBJECT(vd->tlsauthz)); 3511 vd->tlsauthz = NULL; 3512 } 3513 g_free(vd->tlsauthzid); 3514 vd->tlsauthzid = NULL; 3515 if (vd->lock_key_sync) { 3516 qemu_remove_led_event_handler(vd->led); 3517 vd->led = NULL; 3518 } 3519 #ifdef CONFIG_VNC_SASL 3520 if (vd->sasl.authz) { 3521 object_unparent(OBJECT(vd->sasl.authz)); 3522 vd->sasl.authz = NULL; 3523 } 3524 g_free(vd->sasl.authzid); 3525 vd->sasl.authzid = NULL; 3526 #endif 3527 } 3528 3529 int vnc_display_password(const char *id, const char *password) 3530 { 3531 VncDisplay *vd = vnc_display_find(id); 3532 3533 if (!vd) { 3534 return -EINVAL; 3535 } 3536 if (vd->auth == VNC_AUTH_NONE) { 3537 error_printf_unless_qmp("If you want use passwords please enable " 3538 "password auth using '-vnc ${dpy},password'.\n"); 3539 return -EINVAL; 3540 } 3541 3542 g_free(vd->password); 3543 vd->password = g_strdup(password); 3544 3545 return 0; 3546 } 3547 3548 int vnc_display_pw_expire(const char *id, time_t expires) 3549 { 3550 VncDisplay *vd = vnc_display_find(id); 3551 3552 if (!vd) { 3553 return -EINVAL; 3554 } 3555 3556 vd->expires = expires; 3557 return 0; 3558 } 3559 3560 static void vnc_display_print_local_addr(VncDisplay *vd) 3561 { 3562 SocketAddress *addr; 3563 3564 if (!vd->listener || !qio_net_listener_nsioc(vd->listener)) { 3565 return; 3566 } 3567 3568 addr = qio_net_listener_get_local_address(vd->listener, 0, NULL); 3569 if (!addr) { 3570 return; 3571 } 3572 3573 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 3574 qapi_free_SocketAddress(addr); 3575 return; 3576 } 3577 error_printf_unless_qmp("VNC server running on %s:%s\n", 3578 addr->u.inet.host, 3579 addr->u.inet.port); 3580 qapi_free_SocketAddress(addr); 3581 } 3582 3583 static QemuOptsList qemu_vnc_opts = { 3584 .name = "vnc", 3585 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3586 .implied_opt_name = "vnc", 3587 .desc = { 3588 { 3589 .name = "vnc", 3590 .type = QEMU_OPT_STRING, 3591 },{ 3592 .name = "websocket", 3593 .type = QEMU_OPT_STRING, 3594 },{ 3595 .name = "tls-creds", 3596 .type = QEMU_OPT_STRING, 3597 },{ 3598 .name = "share", 3599 .type = QEMU_OPT_STRING, 3600 },{ 3601 .name = "display", 3602 .type = QEMU_OPT_STRING, 3603 },{ 3604 .name = "head", 3605 .type = QEMU_OPT_NUMBER, 3606 },{ 3607 .name = "connections", 3608 .type = QEMU_OPT_NUMBER, 3609 },{ 3610 .name = "to", 3611 .type = QEMU_OPT_NUMBER, 3612 },{ 3613 .name = "ipv4", 3614 .type = QEMU_OPT_BOOL, 3615 },{ 3616 .name = "ipv6", 3617 .type = QEMU_OPT_BOOL, 3618 },{ 3619 .name = "password", 3620 .type = QEMU_OPT_BOOL, 3621 },{ 3622 .name = "password-secret", 3623 .type = QEMU_OPT_STRING, 3624 },{ 3625 .name = "reverse", 3626 .type = QEMU_OPT_BOOL, 3627 },{ 3628 .name = "lock-key-sync", 3629 .type = QEMU_OPT_BOOL, 3630 },{ 3631 .name = "key-delay-ms", 3632 .type = QEMU_OPT_NUMBER, 3633 },{ 3634 .name = "sasl", 3635 .type = QEMU_OPT_BOOL, 3636 },{ 3637 .name = "tls-authz", 3638 .type = QEMU_OPT_STRING, 3639 },{ 3640 .name = "sasl-authz", 3641 .type = QEMU_OPT_STRING, 3642 },{ 3643 .name = "lossy", 3644 .type = QEMU_OPT_BOOL, 3645 },{ 3646 .name = "non-adaptive", 3647 .type = QEMU_OPT_BOOL, 3648 },{ 3649 .name = "audiodev", 3650 .type = QEMU_OPT_STRING, 3651 },{ 3652 .name = "power-control", 3653 .type = QEMU_OPT_BOOL, 3654 }, 3655 { /* end of list */ } 3656 }, 3657 }; 3658 3659 3660 static int 3661 vnc_display_setup_auth(int *auth, 3662 int *subauth, 3663 QCryptoTLSCreds *tlscreds, 3664 bool password, 3665 bool sasl, 3666 bool websocket, 3667 Error **errp) 3668 { 3669 /* 3670 * We have a choice of 3 authentication options 3671 * 3672 * 1. none 3673 * 2. vnc 3674 * 3. sasl 3675 * 3676 * The channel can be run in 2 modes 3677 * 3678 * 1. clear 3679 * 2. tls 3680 * 3681 * And TLS can use 2 types of credentials 3682 * 3683 * 1. anon 3684 * 2. x509 3685 * 3686 * We thus have 9 possible logical combinations 3687 * 3688 * 1. clear + none 3689 * 2. clear + vnc 3690 * 3. clear + sasl 3691 * 4. tls + anon + none 3692 * 5. tls + anon + vnc 3693 * 6. tls + anon + sasl 3694 * 7. tls + x509 + none 3695 * 8. tls + x509 + vnc 3696 * 9. tls + x509 + sasl 3697 * 3698 * These need to be mapped into the VNC auth schemes 3699 * in an appropriate manner. In regular VNC, all the 3700 * TLS options get mapped into VNC_AUTH_VENCRYPT 3701 * sub-auth types. 3702 * 3703 * In websockets, the https:// protocol already provides 3704 * TLS support, so there is no need to make use of the 3705 * VeNCrypt extension. Furthermore, websockets browser 3706 * clients could not use VeNCrypt even if they wanted to, 3707 * as they cannot control when the TLS handshake takes 3708 * place. Thus there is no option but to rely on https://, 3709 * meaning combinations 4->6 and 7->9 will be mapped to 3710 * VNC auth schemes in the same way as combos 1->3. 3711 * 3712 * Regardless of fact that we have a different mapping to 3713 * VNC auth mechs for plain VNC vs websockets VNC, the end 3714 * result has the same security characteristics. 3715 */ 3716 if (websocket || !tlscreds) { 3717 if (password) { 3718 VNC_DEBUG("Initializing VNC server with password auth\n"); 3719 *auth = VNC_AUTH_VNC; 3720 } else if (sasl) { 3721 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3722 *auth = VNC_AUTH_SASL; 3723 } else { 3724 VNC_DEBUG("Initializing VNC server with no auth\n"); 3725 *auth = VNC_AUTH_NONE; 3726 } 3727 *subauth = VNC_AUTH_INVALID; 3728 } else { 3729 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds), 3730 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL; 3731 bool is_anon = object_dynamic_cast(OBJECT(tlscreds), 3732 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL; 3733 3734 if (!is_x509 && !is_anon) { 3735 error_setg(errp, 3736 "Unsupported TLS cred type %s", 3737 object_get_typename(OBJECT(tlscreds))); 3738 return -1; 3739 } 3740 *auth = VNC_AUTH_VENCRYPT; 3741 if (password) { 3742 if (is_x509) { 3743 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3744 *subauth = VNC_AUTH_VENCRYPT_X509VNC; 3745 } else { 3746 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3747 *subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3748 } 3749 3750 } else if (sasl) { 3751 if (is_x509) { 3752 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3753 *subauth = VNC_AUTH_VENCRYPT_X509SASL; 3754 } else { 3755 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3756 *subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3757 } 3758 } else { 3759 if (is_x509) { 3760 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3761 *subauth = VNC_AUTH_VENCRYPT_X509NONE; 3762 } else { 3763 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3764 *subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3765 } 3766 } 3767 } 3768 return 0; 3769 } 3770 3771 3772 static int vnc_display_get_address(const char *addrstr, 3773 bool websocket, 3774 bool reverse, 3775 int displaynum, 3776 int to, 3777 bool has_ipv4, 3778 bool has_ipv6, 3779 bool ipv4, 3780 bool ipv6, 3781 SocketAddress **retaddr, 3782 Error **errp) 3783 { 3784 int ret = -1; 3785 SocketAddress *addr = NULL; 3786 3787 addr = g_new0(SocketAddress, 1); 3788 3789 if (strncmp(addrstr, "unix:", 5) == 0) { 3790 addr->type = SOCKET_ADDRESS_TYPE_UNIX; 3791 addr->u.q_unix.path = g_strdup(addrstr + 5); 3792 3793 if (to) { 3794 error_setg(errp, "Port range not support with UNIX socket"); 3795 goto cleanup; 3796 } 3797 ret = 0; 3798 } else { 3799 const char *port; 3800 size_t hostlen; 3801 uint64_t baseport = 0; 3802 InetSocketAddress *inet; 3803 3804 port = strrchr(addrstr, ':'); 3805 if (!port) { 3806 if (websocket) { 3807 hostlen = 0; 3808 port = addrstr; 3809 } else { 3810 error_setg(errp, "no vnc port specified"); 3811 goto cleanup; 3812 } 3813 } else { 3814 hostlen = port - addrstr; 3815 port++; 3816 if (*port == '\0') { 3817 error_setg(errp, "vnc port cannot be empty"); 3818 goto cleanup; 3819 } 3820 } 3821 3822 addr->type = SOCKET_ADDRESS_TYPE_INET; 3823 inet = &addr->u.inet; 3824 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') { 3825 inet->host = g_strndup(addrstr + 1, hostlen - 2); 3826 } else { 3827 inet->host = g_strndup(addrstr, hostlen); 3828 } 3829 /* plain VNC port is just an offset, for websocket 3830 * port is absolute */ 3831 if (websocket) { 3832 if (g_str_equal(addrstr, "") || 3833 g_str_equal(addrstr, "on")) { 3834 if (displaynum == -1) { 3835 error_setg(errp, "explicit websocket port is required"); 3836 goto cleanup; 3837 } 3838 inet->port = g_strdup_printf( 3839 "%d", displaynum + 5700); 3840 if (to) { 3841 inet->has_to = true; 3842 inet->to = to + 5700; 3843 } 3844 } else { 3845 inet->port = g_strdup(port); 3846 } 3847 } else { 3848 int offset = reverse ? 0 : 5900; 3849 if (parse_uint_full(port, 10, &baseport) < 0) { 3850 error_setg(errp, "can't convert to a number: %s", port); 3851 goto cleanup; 3852 } 3853 if (baseport > 65535 || 3854 baseport + offset > 65535) { 3855 error_setg(errp, "port %s out of range", port); 3856 goto cleanup; 3857 } 3858 inet->port = g_strdup_printf( 3859 "%d", (int)baseport + offset); 3860 3861 if (to) { 3862 inet->has_to = true; 3863 inet->to = to + offset; 3864 } 3865 } 3866 3867 inet->ipv4 = ipv4; 3868 inet->has_ipv4 = has_ipv4; 3869 inet->ipv6 = ipv6; 3870 inet->has_ipv6 = has_ipv6; 3871 3872 ret = baseport; 3873 } 3874 3875 *retaddr = addr; 3876 3877 cleanup: 3878 if (ret < 0) { 3879 qapi_free_SocketAddress(addr); 3880 } 3881 return ret; 3882 } 3883 3884 static int vnc_display_get_addresses(QemuOpts *opts, 3885 bool reverse, 3886 SocketAddressList **saddr_list_ret, 3887 SocketAddressList **wsaddr_list_ret, 3888 Error **errp) 3889 { 3890 SocketAddress *saddr = NULL; 3891 SocketAddress *wsaddr = NULL; 3892 g_autoptr(SocketAddressList) saddr_list = NULL; 3893 SocketAddressList **saddr_tail = &saddr_list; 3894 SocketAddress *single_saddr = NULL; 3895 g_autoptr(SocketAddressList) wsaddr_list = NULL; 3896 SocketAddressList **wsaddr_tail = &wsaddr_list; 3897 QemuOptsIter addriter; 3898 const char *addr; 3899 int to = qemu_opt_get_number(opts, "to", 0); 3900 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3901 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3902 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3903 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3904 int displaynum = -1; 3905 3906 addr = qemu_opt_get(opts, "vnc"); 3907 if (addr == NULL || g_str_equal(addr, "none")) { 3908 return 0; 3909 } 3910 if (qemu_opt_get(opts, "websocket") && 3911 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) { 3912 error_setg(errp, 3913 "SHA1 hash support is required for websockets"); 3914 return -1; 3915 } 3916 3917 qemu_opt_iter_init(&addriter, opts, "vnc"); 3918 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3919 int rv; 3920 rv = vnc_display_get_address(addr, false, reverse, 0, to, 3921 has_ipv4, has_ipv6, 3922 ipv4, ipv6, 3923 &saddr, errp); 3924 if (rv < 0) { 3925 return -1; 3926 } 3927 /* Historical compat - first listen address can be used 3928 * to set the default websocket port 3929 */ 3930 if (displaynum == -1) { 3931 displaynum = rv; 3932 } 3933 QAPI_LIST_APPEND(saddr_tail, saddr); 3934 } 3935 3936 if (saddr_list && !saddr_list->next) { 3937 single_saddr = saddr_list->value; 3938 } else { 3939 /* 3940 * If we had multiple primary displays, we don't do defaults 3941 * for websocket, and require explicit config instead. 3942 */ 3943 displaynum = -1; 3944 } 3945 3946 qemu_opt_iter_init(&addriter, opts, "websocket"); 3947 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3948 if (vnc_display_get_address(addr, true, reverse, displaynum, to, 3949 has_ipv4, has_ipv6, 3950 ipv4, ipv6, 3951 &wsaddr, errp) < 0) { 3952 return -1; 3953 } 3954 3955 /* Historical compat - if only a single listen address was 3956 * provided, then this is used to set the default listen 3957 * address for websocket too 3958 */ 3959 if (single_saddr && 3960 single_saddr->type == SOCKET_ADDRESS_TYPE_INET && 3961 wsaddr->type == SOCKET_ADDRESS_TYPE_INET && 3962 g_str_equal(wsaddr->u.inet.host, "") && 3963 !g_str_equal(single_saddr->u.inet.host, "")) { 3964 g_free(wsaddr->u.inet.host); 3965 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host); 3966 } 3967 3968 QAPI_LIST_APPEND(wsaddr_tail, wsaddr); 3969 } 3970 3971 *saddr_list_ret = g_steal_pointer(&saddr_list); 3972 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list); 3973 return 0; 3974 } 3975 3976 static int vnc_display_connect(VncDisplay *vd, 3977 SocketAddressList *saddr_list, 3978 SocketAddressList *wsaddr_list, 3979 Error **errp) 3980 { 3981 /* connect to viewer */ 3982 QIOChannelSocket *sioc = NULL; 3983 if (wsaddr_list) { 3984 error_setg(errp, "Cannot use websockets in reverse mode"); 3985 return -1; 3986 } 3987 if (!saddr_list || saddr_list->next) { 3988 error_setg(errp, "Expected a single address in reverse mode"); 3989 return -1; 3990 } 3991 sioc = qio_channel_socket_new(); 3992 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse"); 3993 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) { 3994 object_unref(OBJECT(sioc)); 3995 return -1; 3996 } 3997 vnc_connect(vd, sioc, false, false); 3998 object_unref(OBJECT(sioc)); 3999 return 0; 4000 } 4001 4002 4003 static int vnc_display_listen(VncDisplay *vd, 4004 SocketAddressList *saddr_list, 4005 SocketAddressList *wsaddr_list, 4006 Error **errp) 4007 { 4008 SocketAddressList *el; 4009 4010 if (saddr_list) { 4011 vd->listener = qio_net_listener_new(); 4012 qio_net_listener_set_name(vd->listener, "vnc-listen"); 4013 for (el = saddr_list; el; el = el->next) { 4014 if (qio_net_listener_open_sync(vd->listener, 4015 el->value, 1, 4016 errp) < 0) { 4017 return -1; 4018 } 4019 } 4020 4021 qio_net_listener_set_client_func(vd->listener, 4022 vnc_listen_io, vd, NULL); 4023 } 4024 4025 if (wsaddr_list) { 4026 vd->wslistener = qio_net_listener_new(); 4027 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen"); 4028 for (el = wsaddr_list; el; el = el->next) { 4029 if (qio_net_listener_open_sync(vd->wslistener, 4030 el->value, 1, 4031 errp) < 0) { 4032 return -1; 4033 } 4034 } 4035 4036 qio_net_listener_set_client_func(vd->wslistener, 4037 vnc_listen_io, vd, NULL); 4038 } 4039 4040 return 0; 4041 } 4042 4043 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp) 4044 { 4045 VncDisplay *vd = vnc_display_find(NULL); 4046 4047 if (!vd) { 4048 error_setg(errp, "Can not find vnc display"); 4049 return false; 4050 } 4051 4052 if (arg->has_addresses) { 4053 if (vd->listener) { 4054 qio_net_listener_disconnect(vd->listener); 4055 object_unref(OBJECT(vd->listener)); 4056 vd->listener = NULL; 4057 } 4058 4059 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) { 4060 return false; 4061 } 4062 } 4063 4064 return true; 4065 } 4066 4067 void vnc_display_open(const char *id, Error **errp) 4068 { 4069 VncDisplay *vd = vnc_display_find(id); 4070 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 4071 g_autoptr(SocketAddressList) saddr_list = NULL; 4072 g_autoptr(SocketAddressList) wsaddr_list = NULL; 4073 const char *share, *device_id; 4074 QemuConsole *con; 4075 bool password = false; 4076 bool reverse = false; 4077 const char *credid; 4078 bool sasl = false; 4079 const char *tlsauthz; 4080 const char *saslauthz; 4081 int lock_key_sync = 1; 4082 int key_delay_ms; 4083 const char *audiodev; 4084 const char *passwordSecret; 4085 4086 if (!vd) { 4087 error_setg(errp, "VNC display not active"); 4088 return; 4089 } 4090 vnc_display_close(vd); 4091 4092 if (!opts) { 4093 return; 4094 } 4095 4096 reverse = qemu_opt_get_bool(opts, "reverse", false); 4097 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list, 4098 errp) < 0) { 4099 goto fail; 4100 } 4101 4102 4103 passwordSecret = qemu_opt_get(opts, "password-secret"); 4104 if (passwordSecret) { 4105 if (qemu_opt_get(opts, "password")) { 4106 error_setg(errp, 4107 "'password' flag is redundant with 'password-secret'"); 4108 goto fail; 4109 } 4110 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret, 4111 errp); 4112 if (!vd->password) { 4113 goto fail; 4114 } 4115 password = true; 4116 } else { 4117 password = qemu_opt_get_bool(opts, "password", false); 4118 } 4119 if (password) { 4120 if (!qcrypto_cipher_supports( 4121 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) { 4122 error_setg(errp, 4123 "Cipher backend does not support DES algorithm"); 4124 goto fail; 4125 } 4126 } 4127 4128 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 4129 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10); 4130 sasl = qemu_opt_get_bool(opts, "sasl", false); 4131 #ifndef CONFIG_VNC_SASL 4132 if (sasl) { 4133 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 4134 goto fail; 4135 } 4136 #endif /* CONFIG_VNC_SASL */ 4137 credid = qemu_opt_get(opts, "tls-creds"); 4138 if (credid) { 4139 Object *creds; 4140 creds = object_resolve_path_component( 4141 object_get_objects_root(), credid); 4142 if (!creds) { 4143 error_setg(errp, "No TLS credentials with id '%s'", 4144 credid); 4145 goto fail; 4146 } 4147 vd->tlscreds = (QCryptoTLSCreds *) 4148 object_dynamic_cast(creds, 4149 TYPE_QCRYPTO_TLS_CREDS); 4150 if (!vd->tlscreds) { 4151 error_setg(errp, "Object with id '%s' is not TLS credentials", 4152 credid); 4153 goto fail; 4154 } 4155 object_ref(OBJECT(vd->tlscreds)); 4156 4157 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds, 4158 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, 4159 errp)) { 4160 goto fail; 4161 } 4162 } 4163 tlsauthz = qemu_opt_get(opts, "tls-authz"); 4164 if (tlsauthz && !vd->tlscreds) { 4165 error_setg(errp, "'tls-authz' provided but TLS is not enabled"); 4166 goto fail; 4167 } 4168 4169 saslauthz = qemu_opt_get(opts, "sasl-authz"); 4170 if (saslauthz && !sasl) { 4171 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled"); 4172 goto fail; 4173 } 4174 4175 share = qemu_opt_get(opts, "share"); 4176 if (share) { 4177 if (strcmp(share, "ignore") == 0) { 4178 vd->share_policy = VNC_SHARE_POLICY_IGNORE; 4179 } else if (strcmp(share, "allow-exclusive") == 0) { 4180 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4181 } else if (strcmp(share, "force-shared") == 0) { 4182 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 4183 } else { 4184 error_setg(errp, "unknown vnc share= option"); 4185 goto fail; 4186 } 4187 } else { 4188 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4189 } 4190 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32); 4191 4192 #ifdef CONFIG_VNC_JPEG 4193 vd->lossy = qemu_opt_get_bool(opts, "lossy", false); 4194 #endif 4195 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 4196 /* adaptive updates are only used with tight encoding and 4197 * if lossy updates are enabled so we can disable all the 4198 * calculations otherwise */ 4199 if (!vd->lossy) { 4200 vd->non_adaptive = true; 4201 } 4202 4203 vd->power_control = qemu_opt_get_bool(opts, "power-control", false); 4204 4205 if (tlsauthz) { 4206 vd->tlsauthzid = g_strdup(tlsauthz); 4207 } 4208 #ifdef CONFIG_VNC_SASL 4209 if (sasl) { 4210 if (saslauthz) { 4211 vd->sasl.authzid = g_strdup(saslauthz); 4212 } 4213 } 4214 #endif 4215 4216 if (vnc_display_setup_auth(&vd->auth, &vd->subauth, 4217 vd->tlscreds, password, 4218 sasl, false, errp) < 0) { 4219 goto fail; 4220 } 4221 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth); 4222 4223 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth, 4224 vd->tlscreds, password, 4225 sasl, true, errp) < 0) { 4226 goto fail; 4227 } 4228 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth); 4229 4230 #ifdef CONFIG_VNC_SASL 4231 if (sasl && !vnc_sasl_server_init(errp)) { 4232 goto fail; 4233 } 4234 #endif 4235 vd->lock_key_sync = lock_key_sync; 4236 if (lock_key_sync) { 4237 vd->led = qemu_add_led_event_handler(kbd_leds, vd); 4238 } 4239 vd->ledstate = 0; 4240 4241 audiodev = qemu_opt_get(opts, "audiodev"); 4242 if (audiodev) { 4243 vd->audio_be = audio_be_by_name(audiodev, errp); 4244 if (!vd->audio_be) { 4245 goto fail; 4246 } 4247 } else { 4248 vd->audio_be = audio_get_default_audio_be(NULL); 4249 } 4250 4251 device_id = qemu_opt_get(opts, "display"); 4252 if (device_id) { 4253 int head = qemu_opt_get_number(opts, "head", 0); 4254 Error *err = NULL; 4255 4256 con = qemu_console_lookup_by_device_name(device_id, head, &err); 4257 if (err) { 4258 error_propagate(errp, err); 4259 goto fail; 4260 } 4261 } else { 4262 con = qemu_console_lookup_default(); 4263 } 4264 4265 if (con != vd->dcl.con) { 4266 qkbd_state_free(vd->kbd); 4267 unregister_displaychangelistener(&vd->dcl); 4268 vd->dcl.con = con; 4269 register_displaychangelistener(&vd->dcl); 4270 vd->kbd = qkbd_state_init(vd->dcl.con); 4271 } 4272 qkbd_state_set_delay(vd->kbd, key_delay_ms); 4273 4274 if (saddr_list == NULL) { 4275 return; 4276 } 4277 4278 if (reverse) { 4279 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) { 4280 goto fail; 4281 } 4282 } else { 4283 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) { 4284 goto fail; 4285 } 4286 } 4287 4288 if (qemu_opt_get(opts, "to")) { 4289 vnc_display_print_local_addr(vd); 4290 } 4291 4292 /* Success */ 4293 return; 4294 4295 fail: 4296 vnc_display_close(vd); 4297 } 4298 4299 void vnc_display_add_client(const char *id, int csock, bool skipauth) 4300 { 4301 VncDisplay *vd = vnc_display_find(id); 4302 QIOChannelSocket *sioc; 4303 4304 if (!vd) { 4305 return; 4306 } 4307 4308 sioc = qio_channel_socket_new_fd(csock, NULL); 4309 if (sioc) { 4310 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server"); 4311 vnc_connect(vd, sioc, skipauth, false); 4312 object_unref(OBJECT(sioc)); 4313 } 4314 } 4315 4316 static char *vnc_auto_assign_id(QemuOpts *opts) 4317 { 4318 QemuOptsList *olist = qemu_find_opts("vnc"); 4319 int i = 2; 4320 char *id; 4321 4322 id = g_strdup("default"); 4323 while (qemu_opts_find(olist, id)) { 4324 g_free(id); 4325 id = g_strdup_printf("vnc%d", i++); 4326 } 4327 qemu_opts_set_id(opts, id); 4328 4329 return id; 4330 } 4331 4332 void vnc_parse(const char *str) 4333 { 4334 QemuOptsList *olist = qemu_find_opts("vnc"); 4335 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str)); 4336 4337 if (!opts) { 4338 exit(1); 4339 } 4340 } 4341 4342 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 4343 { 4344 Error *local_err = NULL; 4345 char *id = (char *)qemu_opts_id(opts); 4346 4347 if (!id) { 4348 /* auto-assign id if not present */ 4349 id = vnc_auto_assign_id(opts); 4350 } 4351 4352 vnc_display_init(id, &local_err); 4353 if (local_err) { 4354 error_propagate(errp, local_err); 4355 return -1; 4356 } 4357 vnc_display_open(id, &local_err); 4358 if (local_err != NULL) { 4359 error_propagate(errp, local_err); 4360 return -1; 4361 } 4362 return 0; 4363 } 4364 4365 static void vnc_register_config(void) 4366 { 4367 qemu_add_opts(&qemu_vnc_opts); 4368 } 4369 opts_init(vnc_register_config); 4370