1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev-core.h" 32 #include "system/system.h" 33 #include "system/runstate.h" 34 #include "qemu/error-report.h" 35 #include "qemu/main-loop.h" 36 #include "qemu/module.h" 37 #include "qemu/option.h" 38 #include "qemu/sockets.h" 39 #include "qemu/timer.h" 40 #include "authz/list.h" 41 #include "qemu/config-file.h" 42 #include "qapi/qapi-emit-events.h" 43 #include "qapi/qapi-events-ui.h" 44 #include "qapi/error.h" 45 #include "qapi/qapi-commands-ui.h" 46 #include "ui/input.h" 47 #include "crypto/hash.h" 48 #include "crypto/tlscreds.h" 49 #include "crypto/tlscredsanon.h" 50 #include "crypto/tlscredsx509.h" 51 #include "crypto/random.h" 52 #include "crypto/secret_common.h" 53 #include "qom/object_interfaces.h" 54 #include "qemu/cutils.h" 55 #include "qemu/help_option.h" 56 #include "io/dns-resolver.h" 57 #include "monitor/monitor.h" 58 59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 60 #define VNC_REFRESH_INTERVAL_INC 50 61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 64 65 #include "vnc_keysym.h" 66 #include "crypto/cipher.h" 67 68 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 69 QTAILQ_HEAD_INITIALIZER(vnc_displays); 70 71 static int vnc_cursor_define(VncState *vs); 72 static void vnc_update_throttle_offset(VncState *vs); 73 74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 75 { 76 #ifdef _VNC_DEBUG 77 static const char *mn[] = { 78 [0] = "undefined", 79 [VNC_SHARE_MODE_CONNECTING] = "connecting", 80 [VNC_SHARE_MODE_SHARED] = "shared", 81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 83 }; 84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 85 vs->ioc, mn[vs->share_mode], mn[mode]); 86 #endif 87 88 switch (vs->share_mode) { 89 case VNC_SHARE_MODE_CONNECTING: 90 vs->vd->num_connecting--; 91 break; 92 case VNC_SHARE_MODE_SHARED: 93 vs->vd->num_shared--; 94 break; 95 case VNC_SHARE_MODE_EXCLUSIVE: 96 vs->vd->num_exclusive--; 97 break; 98 default: 99 break; 100 } 101 102 vs->share_mode = mode; 103 104 switch (vs->share_mode) { 105 case VNC_SHARE_MODE_CONNECTING: 106 vs->vd->num_connecting++; 107 break; 108 case VNC_SHARE_MODE_SHARED: 109 vs->vd->num_shared++; 110 break; 111 case VNC_SHARE_MODE_EXCLUSIVE: 112 vs->vd->num_exclusive++; 113 break; 114 default: 115 break; 116 } 117 } 118 119 120 static void vnc_init_basic_info(SocketAddress *addr, 121 VncBasicInfo *info, 122 Error **errp) 123 { 124 switch (addr->type) { 125 case SOCKET_ADDRESS_TYPE_INET: 126 info->host = g_strdup(addr->u.inet.host); 127 info->service = g_strdup(addr->u.inet.port); 128 if (addr->u.inet.ipv6) { 129 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 130 } else { 131 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 132 } 133 break; 134 135 case SOCKET_ADDRESS_TYPE_UNIX: 136 info->host = g_strdup(""); 137 info->service = g_strdup(addr->u.q_unix.path); 138 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 139 break; 140 141 case SOCKET_ADDRESS_TYPE_VSOCK: 142 case SOCKET_ADDRESS_TYPE_FD: 143 error_setg(errp, "Unsupported socket address type %s", 144 SocketAddressType_str(addr->type)); 145 break; 146 default: 147 abort(); 148 } 149 } 150 151 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 152 VncBasicInfo *info, 153 Error **errp) 154 { 155 SocketAddress *addr = NULL; 156 157 if (!ioc) { 158 error_setg(errp, "No listener socket available"); 159 return; 160 } 161 162 addr = qio_channel_socket_get_local_address(ioc, errp); 163 if (!addr) { 164 return; 165 } 166 167 vnc_init_basic_info(addr, info, errp); 168 qapi_free_SocketAddress(addr); 169 } 170 171 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 172 VncBasicInfo *info, 173 Error **errp) 174 { 175 SocketAddress *addr = NULL; 176 177 addr = qio_channel_socket_get_remote_address(ioc, errp); 178 if (!addr) { 179 return; 180 } 181 182 vnc_init_basic_info(addr, info, errp); 183 qapi_free_SocketAddress(addr); 184 } 185 186 static const char *vnc_auth_name(VncDisplay *vd) { 187 switch (vd->auth) { 188 case VNC_AUTH_INVALID: 189 return "invalid"; 190 case VNC_AUTH_NONE: 191 return "none"; 192 case VNC_AUTH_VNC: 193 return "vnc"; 194 case VNC_AUTH_RA2: 195 return "ra2"; 196 case VNC_AUTH_RA2NE: 197 return "ra2ne"; 198 case VNC_AUTH_TIGHT: 199 return "tight"; 200 case VNC_AUTH_ULTRA: 201 return "ultra"; 202 case VNC_AUTH_TLS: 203 return "tls"; 204 case VNC_AUTH_VENCRYPT: 205 switch (vd->subauth) { 206 case VNC_AUTH_VENCRYPT_PLAIN: 207 return "vencrypt+plain"; 208 case VNC_AUTH_VENCRYPT_TLSNONE: 209 return "vencrypt+tls+none"; 210 case VNC_AUTH_VENCRYPT_TLSVNC: 211 return "vencrypt+tls+vnc"; 212 case VNC_AUTH_VENCRYPT_TLSPLAIN: 213 return "vencrypt+tls+plain"; 214 case VNC_AUTH_VENCRYPT_X509NONE: 215 return "vencrypt+x509+none"; 216 case VNC_AUTH_VENCRYPT_X509VNC: 217 return "vencrypt+x509+vnc"; 218 case VNC_AUTH_VENCRYPT_X509PLAIN: 219 return "vencrypt+x509+plain"; 220 case VNC_AUTH_VENCRYPT_TLSSASL: 221 return "vencrypt+tls+sasl"; 222 case VNC_AUTH_VENCRYPT_X509SASL: 223 return "vencrypt+x509+sasl"; 224 default: 225 return "vencrypt"; 226 } 227 case VNC_AUTH_SASL: 228 return "sasl"; 229 } 230 return "unknown"; 231 } 232 233 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 234 { 235 VncServerInfo *info; 236 Error *err = NULL; 237 238 if (!vd->listener || !vd->listener->nsioc) { 239 return NULL; 240 } 241 242 info = g_malloc0(sizeof(*info)); 243 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0], 244 qapi_VncServerInfo_base(info), &err); 245 info->auth = g_strdup(vnc_auth_name(vd)); 246 if (err) { 247 qapi_free_VncServerInfo(info); 248 info = NULL; 249 error_free(err); 250 } 251 return info; 252 } 253 254 static void vnc_client_cache_auth(VncState *client) 255 { 256 if (!client->info) { 257 return; 258 } 259 260 if (client->tls) { 261 client->info->x509_dname = 262 qcrypto_tls_session_get_peer_name(client->tls); 263 } 264 #ifdef CONFIG_VNC_SASL 265 if (client->sasl.conn && 266 client->sasl.username) { 267 client->info->sasl_username = g_strdup(client->sasl.username); 268 } 269 #endif 270 } 271 272 static void vnc_client_cache_addr(VncState *client) 273 { 274 Error *err = NULL; 275 276 client->info = g_malloc0(sizeof(*client->info)); 277 vnc_init_basic_info_from_remote_addr(client->sioc, 278 qapi_VncClientInfo_base(client->info), 279 &err); 280 client->info->websocket = client->websocket; 281 if (err) { 282 qapi_free_VncClientInfo(client->info); 283 client->info = NULL; 284 error_free(err); 285 } 286 } 287 288 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 289 { 290 VncServerInfo *si; 291 292 if (!vs->info) { 293 return; 294 } 295 296 si = vnc_server_info_get(vs->vd); 297 if (!si) { 298 return; 299 } 300 301 switch (event) { 302 case QAPI_EVENT_VNC_CONNECTED: 303 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info)); 304 break; 305 case QAPI_EVENT_VNC_INITIALIZED: 306 qapi_event_send_vnc_initialized(si, vs->info); 307 break; 308 case QAPI_EVENT_VNC_DISCONNECTED: 309 qapi_event_send_vnc_disconnected(si, vs->info); 310 break; 311 default: 312 break; 313 } 314 315 qapi_free_VncServerInfo(si); 316 } 317 318 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 319 { 320 VncClientInfo *info; 321 Error *err = NULL; 322 323 info = g_malloc0(sizeof(*info)); 324 325 vnc_init_basic_info_from_remote_addr(client->sioc, 326 qapi_VncClientInfo_base(info), 327 &err); 328 if (err) { 329 error_free(err); 330 qapi_free_VncClientInfo(info); 331 return NULL; 332 } 333 334 info->websocket = client->websocket; 335 336 if (client->tls) { 337 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 338 } 339 #ifdef CONFIG_VNC_SASL 340 if (client->sasl.conn && client->sasl.username) { 341 info->sasl_username = g_strdup(client->sasl.username); 342 } 343 #endif 344 345 return info; 346 } 347 348 static VncDisplay *vnc_display_find(const char *id) 349 { 350 VncDisplay *vd; 351 352 if (id == NULL) { 353 return QTAILQ_FIRST(&vnc_displays); 354 } 355 QTAILQ_FOREACH(vd, &vnc_displays, next) { 356 if (strcmp(id, vd->id) == 0) { 357 return vd; 358 } 359 } 360 return NULL; 361 } 362 363 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 364 { 365 VncClientInfoList *prev = NULL; 366 VncState *client; 367 368 QTAILQ_FOREACH(client, &vd->clients, next) { 369 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client)); 370 } 371 return prev; 372 } 373 374 VncInfo *qmp_query_vnc(Error **errp) 375 { 376 VncInfo *info = g_malloc0(sizeof(*info)); 377 VncDisplay *vd = vnc_display_find(NULL); 378 SocketAddress *addr = NULL; 379 380 if (vd == NULL || !vd->listener || !vd->listener->nsioc) { 381 info->enabled = false; 382 } else { 383 info->enabled = true; 384 385 /* for compatibility with the original command */ 386 info->has_clients = true; 387 info->clients = qmp_query_client_list(vd); 388 389 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], 390 errp); 391 if (!addr) { 392 goto out_error; 393 } 394 395 switch (addr->type) { 396 case SOCKET_ADDRESS_TYPE_INET: 397 info->host = g_strdup(addr->u.inet.host); 398 info->service = g_strdup(addr->u.inet.port); 399 if (addr->u.inet.ipv6) { 400 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 401 } else { 402 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 403 } 404 break; 405 406 case SOCKET_ADDRESS_TYPE_UNIX: 407 info->host = g_strdup(""); 408 info->service = g_strdup(addr->u.q_unix.path); 409 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 410 break; 411 412 case SOCKET_ADDRESS_TYPE_VSOCK: 413 case SOCKET_ADDRESS_TYPE_FD: 414 error_setg(errp, "Unsupported socket address type %s", 415 SocketAddressType_str(addr->type)); 416 goto out_error; 417 default: 418 abort(); 419 } 420 421 info->has_family = true; 422 423 info->auth = g_strdup(vnc_auth_name(vd)); 424 } 425 426 qapi_free_SocketAddress(addr); 427 return info; 428 429 out_error: 430 qapi_free_SocketAddress(addr); 431 qapi_free_VncInfo(info); 432 return NULL; 433 } 434 435 436 static void qmp_query_auth(int auth, int subauth, 437 VncPrimaryAuth *qmp_auth, 438 VncVencryptSubAuth *qmp_vencrypt, 439 bool *qmp_has_vencrypt); 440 441 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc, 442 bool websocket, 443 int auth, 444 int subauth, 445 VncServerInfo2List *prev) 446 { 447 VncServerInfo2 *info; 448 Error *err = NULL; 449 SocketAddress *addr; 450 451 addr = qio_channel_socket_get_local_address(ioc, NULL); 452 if (!addr) { 453 return prev; 454 } 455 456 info = g_new0(VncServerInfo2, 1); 457 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err); 458 qapi_free_SocketAddress(addr); 459 if (err) { 460 qapi_free_VncServerInfo2(info); 461 error_free(err); 462 return prev; 463 } 464 info->websocket = websocket; 465 466 qmp_query_auth(auth, subauth, &info->auth, 467 &info->vencrypt, &info->has_vencrypt); 468 469 QAPI_LIST_PREPEND(prev, info); 470 return prev; 471 } 472 473 static void qmp_query_auth(int auth, int subauth, 474 VncPrimaryAuth *qmp_auth, 475 VncVencryptSubAuth *qmp_vencrypt, 476 bool *qmp_has_vencrypt) 477 { 478 switch (auth) { 479 case VNC_AUTH_VNC: 480 *qmp_auth = VNC_PRIMARY_AUTH_VNC; 481 break; 482 case VNC_AUTH_RA2: 483 *qmp_auth = VNC_PRIMARY_AUTH_RA2; 484 break; 485 case VNC_AUTH_RA2NE: 486 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE; 487 break; 488 case VNC_AUTH_TIGHT: 489 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT; 490 break; 491 case VNC_AUTH_ULTRA: 492 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA; 493 break; 494 case VNC_AUTH_TLS: 495 *qmp_auth = VNC_PRIMARY_AUTH_TLS; 496 break; 497 case VNC_AUTH_VENCRYPT: 498 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT; 499 *qmp_has_vencrypt = true; 500 switch (subauth) { 501 case VNC_AUTH_VENCRYPT_PLAIN: 502 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 503 break; 504 case VNC_AUTH_VENCRYPT_TLSNONE: 505 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 506 break; 507 case VNC_AUTH_VENCRYPT_TLSVNC: 508 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 509 break; 510 case VNC_AUTH_VENCRYPT_TLSPLAIN: 511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 512 break; 513 case VNC_AUTH_VENCRYPT_X509NONE: 514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 515 break; 516 case VNC_AUTH_VENCRYPT_X509VNC: 517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 518 break; 519 case VNC_AUTH_VENCRYPT_X509PLAIN: 520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 521 break; 522 case VNC_AUTH_VENCRYPT_TLSSASL: 523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 524 break; 525 case VNC_AUTH_VENCRYPT_X509SASL: 526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 527 break; 528 default: 529 *qmp_has_vencrypt = false; 530 break; 531 } 532 break; 533 case VNC_AUTH_SASL: 534 *qmp_auth = VNC_PRIMARY_AUTH_SASL; 535 break; 536 case VNC_AUTH_NONE: 537 default: 538 *qmp_auth = VNC_PRIMARY_AUTH_NONE; 539 break; 540 } 541 } 542 543 VncInfo2List *qmp_query_vnc_servers(Error **errp) 544 { 545 VncInfo2List *prev = NULL; 546 VncInfo2 *info; 547 VncDisplay *vd; 548 DeviceState *dev; 549 size_t i; 550 551 QTAILQ_FOREACH(vd, &vnc_displays, next) { 552 info = g_new0(VncInfo2, 1); 553 info->id = g_strdup(vd->id); 554 info->clients = qmp_query_client_list(vd); 555 qmp_query_auth(vd->auth, vd->subauth, &info->auth, 556 &info->vencrypt, &info->has_vencrypt); 557 if (vd->dcl.con) { 558 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 559 "device", &error_abort)); 560 info->display = g_strdup(dev->id); 561 } 562 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) { 563 info->server = qmp_query_server_entry( 564 vd->listener->sioc[i], false, vd->auth, vd->subauth, 565 info->server); 566 } 567 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) { 568 info->server = qmp_query_server_entry( 569 vd->wslistener->sioc[i], true, vd->ws_auth, 570 vd->ws_subauth, info->server); 571 } 572 573 QAPI_LIST_PREPEND(prev, info); 574 } 575 return prev; 576 } 577 578 bool vnc_display_reload_certs(const char *id, Error **errp) 579 { 580 VncDisplay *vd = vnc_display_find(id); 581 QCryptoTLSCredsClass *creds = NULL; 582 583 if (!vd) { 584 error_setg(errp, "Can not find vnc display"); 585 return false; 586 } 587 588 if (!vd->tlscreds) { 589 error_setg(errp, "vnc tls is not enabled"); 590 return false; 591 } 592 593 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds)); 594 if (creds->reload == NULL) { 595 error_setg(errp, "%s doesn't support to reload TLS credential", 596 object_get_typename(OBJECT(vd->tlscreds))); 597 return false; 598 } 599 if (!creds->reload(vd->tlscreds, errp)) { 600 return false; 601 } 602 603 return true; 604 } 605 606 /* TODO 607 1) Get the queue working for IO. 608 2) there is some weirdness when using the -S option (the screen is grey 609 and not totally invalidated 610 3) resolutions > 1024 611 */ 612 613 static int vnc_update_client(VncState *vs, int has_dirty); 614 static void vnc_disconnect_start(VncState *vs); 615 616 static void vnc_colordepth(VncState *vs); 617 static void framebuffer_update_request(VncState *vs, int incremental, 618 int x_position, int y_position, 619 int w, int h); 620 static void vnc_refresh(DisplayChangeListener *dcl); 621 static int vnc_refresh_server_surface(VncDisplay *vd); 622 623 static int vnc_width(VncDisplay *vd) 624 { 625 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 626 VNC_DIRTY_PIXELS_PER_BIT)); 627 } 628 629 static int vnc_true_width(VncDisplay *vd) 630 { 631 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds)); 632 } 633 634 static int vnc_height(VncDisplay *vd) 635 { 636 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 637 } 638 639 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 640 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 641 VncDisplay *vd, 642 int x, int y, int w, int h) 643 { 644 int width = vnc_width(vd); 645 int height = vnc_height(vd); 646 647 /* this is needed this to ensure we updated all affected 648 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 649 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 650 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 651 652 x = MIN(x, width); 653 y = MIN(y, height); 654 w = MIN(x + w, width) - x; 655 h = MIN(y + h, height); 656 657 for (; y < h; y++) { 658 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 659 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 660 } 661 } 662 663 static void vnc_dpy_update(DisplayChangeListener *dcl, 664 int x, int y, int w, int h) 665 { 666 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 667 struct VncSurface *s = &vd->guest; 668 669 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 670 } 671 672 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 673 int32_t encoding) 674 { 675 vnc_write_u16(vs, x); 676 vnc_write_u16(vs, y); 677 vnc_write_u16(vs, w); 678 vnc_write_u16(vs, h); 679 680 vnc_write_s32(vs, encoding); 681 } 682 683 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason) 684 { 685 trace_vnc_msg_server_ext_desktop_resize( 686 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason); 687 688 vnc_lock_output(vs); 689 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 690 vnc_write_u8(vs, 0); 691 vnc_write_u16(vs, 1); /* number of rects */ 692 vnc_framebuffer_update(vs, 693 reject_reason ? 1 : 0, 694 reject_reason, 695 vs->client_width, vs->client_height, 696 VNC_ENCODING_DESKTOP_RESIZE_EXT); 697 vnc_write_u8(vs, 1); /* number of screens */ 698 vnc_write_u8(vs, 0); /* padding */ 699 vnc_write_u8(vs, 0); /* padding */ 700 vnc_write_u8(vs, 0); /* padding */ 701 vnc_write_u32(vs, 0); /* screen id */ 702 vnc_write_u16(vs, 0); /* screen x-pos */ 703 vnc_write_u16(vs, 0); /* screen y-pos */ 704 vnc_write_u16(vs, vs->client_width); 705 vnc_write_u16(vs, vs->client_height); 706 vnc_write_u32(vs, 0); /* screen flags */ 707 vnc_unlock_output(vs); 708 vnc_flush(vs); 709 } 710 711 static void vnc_desktop_resize(VncState *vs) 712 { 713 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) && 714 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) { 715 return; 716 } 717 if (vs->client_width == vs->vd->true_width && 718 vs->client_height == pixman_image_get_height(vs->vd->server)) { 719 return; 720 } 721 722 assert(vs->vd->true_width < 65536 && 723 vs->vd->true_width >= 0); 724 assert(pixman_image_get_height(vs->vd->server) < 65536 && 725 pixman_image_get_height(vs->vd->server) >= 0); 726 vs->client_width = vs->vd->true_width; 727 vs->client_height = pixman_image_get_height(vs->vd->server); 728 729 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 730 vnc_desktop_resize_ext(vs, 0); 731 return; 732 } 733 734 trace_vnc_msg_server_desktop_resize( 735 vs, vs->ioc, vs->client_width, vs->client_height); 736 737 vnc_lock_output(vs); 738 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 739 vnc_write_u8(vs, 0); 740 vnc_write_u16(vs, 1); /* number of rects */ 741 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 742 VNC_ENCODING_DESKTOPRESIZE); 743 vnc_unlock_output(vs); 744 vnc_flush(vs); 745 } 746 747 static void vnc_abort_display_jobs(VncDisplay *vd) 748 { 749 VncState *vs; 750 751 QTAILQ_FOREACH(vs, &vd->clients, next) { 752 vnc_lock_output(vs); 753 vs->abort = true; 754 vnc_unlock_output(vs); 755 } 756 QTAILQ_FOREACH(vs, &vd->clients, next) { 757 vnc_jobs_join(vs); 758 } 759 QTAILQ_FOREACH(vs, &vd->clients, next) { 760 vnc_lock_output(vs); 761 if (vs->update == VNC_STATE_UPDATE_NONE && 762 vs->job_update != VNC_STATE_UPDATE_NONE) { 763 /* job aborted before completion */ 764 vs->update = vs->job_update; 765 vs->job_update = VNC_STATE_UPDATE_NONE; 766 } 767 vs->abort = false; 768 vnc_unlock_output(vs); 769 } 770 } 771 772 int vnc_server_fb_stride(VncDisplay *vd) 773 { 774 return pixman_image_get_stride(vd->server); 775 } 776 777 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 778 { 779 uint8_t *ptr; 780 781 ptr = (uint8_t *)pixman_image_get_data(vd->server); 782 ptr += y * vnc_server_fb_stride(vd); 783 ptr += x * VNC_SERVER_FB_BYTES; 784 return ptr; 785 } 786 787 static void vnc_update_server_surface(VncDisplay *vd) 788 { 789 int width, height; 790 791 qemu_pixman_image_unref(vd->server); 792 vd->server = NULL; 793 794 if (QTAILQ_EMPTY(&vd->clients)) { 795 return; 796 } 797 798 width = vnc_width(vd); 799 height = vnc_height(vd); 800 vd->true_width = vnc_true_width(vd); 801 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 802 width, height, 803 NULL, 0); 804 805 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 806 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 807 width, height); 808 } 809 810 static bool vnc_check_pageflip(DisplaySurface *s1, 811 DisplaySurface *s2) 812 { 813 return (s1 != NULL && 814 s2 != NULL && 815 surface_width(s1) == surface_width(s2) && 816 surface_height(s1) == surface_height(s2) && 817 surface_format(s1) == surface_format(s2)); 818 819 } 820 821 static void vnc_dpy_switch(DisplayChangeListener *dcl, 822 DisplaySurface *surface) 823 { 824 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 825 bool pageflip = vnc_check_pageflip(vd->ds, surface); 826 VncState *vs; 827 828 vnc_abort_display_jobs(vd); 829 vd->ds = surface; 830 831 /* guest surface */ 832 qemu_pixman_image_unref(vd->guest.fb); 833 vd->guest.fb = pixman_image_ref(surface->image); 834 vd->guest.format = surface_format(surface); 835 836 837 if (pageflip) { 838 trace_vnc_server_dpy_pageflip(vd, 839 surface_width(surface), 840 surface_height(surface), 841 surface_format(surface)); 842 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 843 surface_width(surface), 844 surface_height(surface)); 845 return; 846 } 847 848 trace_vnc_server_dpy_recreate(vd, 849 surface_width(surface), 850 surface_height(surface), 851 surface_format(surface)); 852 /* server surface */ 853 vnc_update_server_surface(vd); 854 855 QTAILQ_FOREACH(vs, &vd->clients, next) { 856 vnc_colordepth(vs); 857 vnc_desktop_resize(vs); 858 vnc_cursor_define(vs); 859 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 860 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 861 vnc_width(vd), 862 vnc_height(vd)); 863 vnc_update_throttle_offset(vs); 864 } 865 } 866 867 /* fastest code */ 868 static void vnc_write_pixels_copy(VncState *vs, 869 void *pixels, int size) 870 { 871 vnc_write(vs, pixels, size); 872 } 873 874 /* slowest but generic code. */ 875 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 876 { 877 uint8_t r, g, b; 878 879 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 880 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 881 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 882 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 883 #else 884 # error need some bits here if you change VNC_SERVER_FB_FORMAT 885 #endif 886 v = (r << vs->client_pf.rshift) | 887 (g << vs->client_pf.gshift) | 888 (b << vs->client_pf.bshift); 889 switch (vs->client_pf.bytes_per_pixel) { 890 case 1: 891 buf[0] = v; 892 break; 893 case 2: 894 if (vs->client_endian == G_BIG_ENDIAN) { 895 buf[0] = v >> 8; 896 buf[1] = v; 897 } else { 898 buf[1] = v >> 8; 899 buf[0] = v; 900 } 901 break; 902 default: 903 case 4: 904 if (vs->client_endian == G_BIG_ENDIAN) { 905 buf[0] = v >> 24; 906 buf[1] = v >> 16; 907 buf[2] = v >> 8; 908 buf[3] = v; 909 } else { 910 buf[3] = v >> 24; 911 buf[2] = v >> 16; 912 buf[1] = v >> 8; 913 buf[0] = v; 914 } 915 break; 916 } 917 } 918 919 static void vnc_write_pixels_generic(VncState *vs, 920 void *pixels1, int size) 921 { 922 uint8_t buf[4]; 923 924 if (VNC_SERVER_FB_BYTES == 4) { 925 uint32_t *pixels = pixels1; 926 int n, i; 927 n = size >> 2; 928 for (i = 0; i < n; i++) { 929 vnc_convert_pixel(vs, buf, pixels[i]); 930 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 931 } 932 } 933 } 934 935 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 936 { 937 int i; 938 uint8_t *row; 939 VncDisplay *vd = vs->vd; 940 941 row = vnc_server_fb_ptr(vd, x, y); 942 for (i = 0; i < h; i++) { 943 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 944 row += vnc_server_fb_stride(vd); 945 } 946 return 1; 947 } 948 949 int vnc_send_framebuffer_update(VncState *vs, VncWorker *worker, 950 int x, int y, int w, int h) 951 { 952 int n = 0; 953 954 switch(vs->vnc_encoding) { 955 case VNC_ENCODING_ZLIB: 956 n = vnc_zlib_send_framebuffer_update(vs, worker, x, y, w, h); 957 break; 958 case VNC_ENCODING_HEXTILE: 959 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 960 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 961 break; 962 case VNC_ENCODING_TIGHT: 963 n = vnc_tight_send_framebuffer_update(vs, worker, x, y, w, h); 964 break; 965 case VNC_ENCODING_TIGHT_PNG: 966 n = vnc_tight_png_send_framebuffer_update(vs, worker, x, y, w, h); 967 break; 968 case VNC_ENCODING_ZRLE: 969 n = vnc_zrle_send_framebuffer_update(vs, worker, x, y, w, h); 970 break; 971 case VNC_ENCODING_ZYWRLE: 972 n = vnc_zywrle_send_framebuffer_update(vs, worker, x, y, w, h); 973 break; 974 default: 975 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 976 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 977 break; 978 } 979 return n; 980 } 981 982 static void vnc_mouse_set(DisplayChangeListener *dcl, 983 int x, int y, bool visible) 984 { 985 /* can we ask the client(s) to move the pointer ??? */ 986 } 987 988 static int vnc_cursor_define(VncState *vs) 989 { 990 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con); 991 int isize; 992 993 if (!c) { 994 return -1; 995 } 996 997 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) { 998 vnc_lock_output(vs); 999 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1000 vnc_write_u8(vs, 0); /* padding */ 1001 vnc_write_u16(vs, 1); /* # of rects */ 1002 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1003 VNC_ENCODING_ALPHA_CURSOR); 1004 vnc_write_s32(vs, VNC_ENCODING_RAW); 1005 vnc_write(vs, c->data, c->width * c->height * 4); 1006 vnc_unlock_output(vs); 1007 return 0; 1008 } 1009 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 1010 vnc_lock_output(vs); 1011 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1012 vnc_write_u8(vs, 0); /* padding */ 1013 vnc_write_u16(vs, 1); /* # of rects */ 1014 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1015 VNC_ENCODING_RICH_CURSOR); 1016 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 1017 vnc_write_pixels_generic(vs, c->data, isize); 1018 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 1019 vnc_unlock_output(vs); 1020 return 0; 1021 } 1022 return -1; 1023 } 1024 1025 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 1026 QEMUCursor *c) 1027 { 1028 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 1029 VncState *vs; 1030 1031 g_free(vd->cursor_mask); 1032 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1033 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1034 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1035 1036 QTAILQ_FOREACH(vs, &vd->clients, next) { 1037 vnc_cursor_define(vs); 1038 } 1039 } 1040 1041 static int find_and_clear_dirty_height(VncState *vs, 1042 int y, int last_x, int x, int height) 1043 { 1044 int h; 1045 1046 for (h = 1; h < (height - y); h++) { 1047 if (!test_bit(last_x, vs->dirty[y + h])) { 1048 break; 1049 } 1050 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1051 } 1052 1053 return h; 1054 } 1055 1056 /* 1057 * Figure out how much pending data we should allow in the output 1058 * buffer before we throttle incremental display updates, and/or 1059 * drop audio samples. 1060 * 1061 * We allow for equiv of 1 full display's worth of FB updates, 1062 * and 1 second of audio samples. If audio backlog was larger 1063 * than that the client would already suffering awful audio 1064 * glitches, so dropping samples is no worse really). 1065 */ 1066 static void vnc_update_throttle_offset(VncState *vs) 1067 { 1068 size_t offset = 1069 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel; 1070 1071 if (vs->audio_cap) { 1072 int bps; 1073 switch (vs->as.fmt) { 1074 default: 1075 case AUDIO_FORMAT_U8: 1076 case AUDIO_FORMAT_S8: 1077 bps = 1; 1078 break; 1079 case AUDIO_FORMAT_U16: 1080 case AUDIO_FORMAT_S16: 1081 bps = 2; 1082 break; 1083 case AUDIO_FORMAT_U32: 1084 case AUDIO_FORMAT_S32: 1085 bps = 4; 1086 break; 1087 } 1088 offset += vs->as.freq * bps * vs->as.nchannels; 1089 } 1090 1091 /* Put a floor of 1MB on offset, so that if we have a large pending 1092 * buffer and the display is resized to a small size & back again 1093 * we don't suddenly apply a tiny send limit 1094 */ 1095 offset = MAX(offset, 1024 * 1024); 1096 1097 if (vs->throttle_output_offset != offset) { 1098 trace_vnc_client_throttle_threshold( 1099 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width, 1100 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap); 1101 } 1102 1103 vs->throttle_output_offset = offset; 1104 } 1105 1106 static bool vnc_should_update(VncState *vs) 1107 { 1108 switch (vs->update) { 1109 case VNC_STATE_UPDATE_NONE: 1110 break; 1111 case VNC_STATE_UPDATE_INCREMENTAL: 1112 /* Only allow incremental updates if the pending send queue 1113 * is less than the permitted threshold, and the job worker 1114 * is completely idle. 1115 */ 1116 if (vs->output.offset < vs->throttle_output_offset && 1117 vs->job_update == VNC_STATE_UPDATE_NONE) { 1118 return true; 1119 } 1120 trace_vnc_client_throttle_incremental( 1121 vs, vs->ioc, vs->job_update, vs->output.offset); 1122 break; 1123 case VNC_STATE_UPDATE_FORCE: 1124 /* Only allow forced updates if the pending send queue 1125 * does not contain a previous forced update, and the 1126 * job worker is completely idle. 1127 * 1128 * Note this means we'll queue a forced update, even if 1129 * the output buffer size is otherwise over the throttle 1130 * output limit. 1131 */ 1132 if (vs->force_update_offset == 0 && 1133 vs->job_update == VNC_STATE_UPDATE_NONE) { 1134 return true; 1135 } 1136 trace_vnc_client_throttle_forced( 1137 vs, vs->ioc, vs->job_update, vs->force_update_offset); 1138 break; 1139 } 1140 return false; 1141 } 1142 1143 static int vnc_update_client(VncState *vs, int has_dirty) 1144 { 1145 VncDisplay *vd = vs->vd; 1146 VncJob *job; 1147 int y; 1148 int height, width; 1149 int n = 0; 1150 1151 if (vs->disconnecting) { 1152 vnc_disconnect_finish(vs); 1153 return 0; 1154 } 1155 1156 vs->has_dirty += has_dirty; 1157 if (!vnc_should_update(vs)) { 1158 return 0; 1159 } 1160 1161 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) { 1162 return 0; 1163 } 1164 1165 /* 1166 * Send screen updates to the vnc client using the server 1167 * surface and server dirty map. guest surface updates 1168 * happening in parallel don't disturb us, the next pass will 1169 * send them to the client. 1170 */ 1171 job = vnc_job_new(vs); 1172 1173 height = pixman_image_get_height(vd->server); 1174 width = pixman_image_get_width(vd->server); 1175 1176 y = 0; 1177 for (;;) { 1178 int x, h; 1179 unsigned long x2; 1180 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1181 height * VNC_DIRTY_BPL(vs), 1182 y * VNC_DIRTY_BPL(vs)); 1183 if (offset == height * VNC_DIRTY_BPL(vs)) { 1184 /* no more dirty bits */ 1185 break; 1186 } 1187 y = offset / VNC_DIRTY_BPL(vs); 1188 x = offset % VNC_DIRTY_BPL(vs); 1189 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1190 VNC_DIRTY_BPL(vs), x); 1191 bitmap_clear(vs->dirty[y], x, x2 - x); 1192 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1193 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1194 if (x2 > x) { 1195 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1196 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1197 } 1198 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1199 y += h; 1200 if (y == height) { 1201 break; 1202 } 1203 } 1204 } 1205 1206 vs->job_update = vs->update; 1207 vs->update = VNC_STATE_UPDATE_NONE; 1208 vnc_job_push(job); 1209 vs->has_dirty = 0; 1210 return n; 1211 } 1212 1213 /* audio */ 1214 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1215 { 1216 VncState *vs = opaque; 1217 1218 assert(vs->magic == VNC_MAGIC); 1219 switch (cmd) { 1220 case AUD_CNOTIFY_DISABLE: 1221 trace_vnc_msg_server_audio_end(vs, vs->ioc); 1222 vnc_lock_output(vs); 1223 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1224 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1225 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1226 vnc_unlock_output(vs); 1227 vnc_flush(vs); 1228 break; 1229 1230 case AUD_CNOTIFY_ENABLE: 1231 trace_vnc_msg_server_audio_begin(vs, vs->ioc); 1232 vnc_lock_output(vs); 1233 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1234 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1235 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1236 vnc_unlock_output(vs); 1237 vnc_flush(vs); 1238 break; 1239 } 1240 } 1241 1242 static void audio_capture_destroy(void *opaque) 1243 { 1244 } 1245 1246 static void audio_capture(void *opaque, const void *buf, int size) 1247 { 1248 VncState *vs = opaque; 1249 1250 assert(vs->magic == VNC_MAGIC); 1251 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size); 1252 vnc_lock_output(vs); 1253 if (vs->output.offset < vs->throttle_output_offset) { 1254 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1255 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1256 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1257 vnc_write_u32(vs, size); 1258 vnc_write(vs, buf, size); 1259 } else { 1260 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset); 1261 } 1262 vnc_unlock_output(vs); 1263 vnc_flush(vs); 1264 } 1265 1266 static void audio_add(VncState *vs) 1267 { 1268 struct audio_capture_ops ops; 1269 1270 if (vs->audio_cap) { 1271 error_report("audio already running"); 1272 return; 1273 } 1274 1275 ops.notify = audio_capture_notify; 1276 ops.destroy = audio_capture_destroy; 1277 ops.capture = audio_capture; 1278 1279 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs); 1280 if (!vs->audio_cap) { 1281 error_report("Failed to add audio capture"); 1282 } 1283 } 1284 1285 static void audio_del(VncState *vs) 1286 { 1287 if (vs->audio_cap) { 1288 AUD_del_capture(vs->audio_cap, vs); 1289 vs->audio_cap = NULL; 1290 } 1291 } 1292 1293 static void vnc_disconnect_start(VncState *vs) 1294 { 1295 if (vs->disconnecting) { 1296 return; 1297 } 1298 trace_vnc_client_disconnect_start(vs, vs->ioc); 1299 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1300 if (vs->ioc_tag) { 1301 g_source_remove(vs->ioc_tag); 1302 vs->ioc_tag = 0; 1303 } 1304 qio_channel_close(vs->ioc, NULL); 1305 vs->disconnecting = TRUE; 1306 } 1307 1308 void vnc_disconnect_finish(VncState *vs) 1309 { 1310 VncConnection *vc = container_of(vs, VncConnection, vs); 1311 1312 trace_vnc_client_disconnect_finish(vs, vs->ioc); 1313 1314 vnc_jobs_join(vs); /* Wait encoding jobs */ 1315 1316 vnc_lock_output(vs); 1317 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1318 1319 buffer_free(&vs->input); 1320 buffer_free(&vs->output); 1321 1322 qapi_free_VncClientInfo(vs->info); 1323 1324 vnc_zlib_clear(&vc->worker); 1325 vnc_tight_clear(&vc->worker); 1326 vnc_zrle_clear(&vc->worker); 1327 1328 #ifdef CONFIG_VNC_SASL 1329 vnc_sasl_client_cleanup(vs); 1330 #endif /* CONFIG_VNC_SASL */ 1331 audio_del(vs); 1332 qkbd_state_lift_all_keys(vs->vd->kbd); 1333 1334 if (vs->mouse_mode_notifier.notify != NULL) { 1335 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1336 } 1337 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1338 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1339 /* last client gone */ 1340 vnc_update_server_surface(vs->vd); 1341 } 1342 vnc_unlock_output(vs); 1343 1344 if (vs->cbpeer.notifier.notify) { 1345 qemu_clipboard_peer_unregister(&vs->cbpeer); 1346 } 1347 1348 qemu_mutex_destroy(&vs->output_mutex); 1349 if (vs->bh != NULL) { 1350 qemu_bh_delete(vs->bh); 1351 } 1352 buffer_free(&vs->jobs_buffer); 1353 1354 object_unref(OBJECT(vs->ioc)); 1355 vs->ioc = NULL; 1356 object_unref(OBJECT(vs->sioc)); 1357 vs->sioc = NULL; 1358 vs->magic = 0; 1359 g_free(vc); 1360 } 1361 1362 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err) 1363 { 1364 if (ret <= 0) { 1365 if (ret == 0) { 1366 trace_vnc_client_eof(vs, vs->ioc); 1367 vnc_disconnect_start(vs); 1368 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1369 trace_vnc_client_io_error(vs, vs->ioc, 1370 err ? error_get_pretty(err) : "Unknown"); 1371 vnc_disconnect_start(vs); 1372 } 1373 1374 error_free(err); 1375 return 0; 1376 } 1377 return ret; 1378 } 1379 1380 1381 void vnc_client_error(VncState *vs) 1382 { 1383 VNC_DEBUG("Closing down client sock: protocol error\n"); 1384 vnc_disconnect_start(vs); 1385 } 1386 1387 1388 /* 1389 * Called to write a chunk of data to the client socket. The data may 1390 * be the raw data, or may have already been encoded by SASL. 1391 * The data will be written either straight onto the socket, or 1392 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1393 * 1394 * NB, it is theoretically possible to have 2 layers of encryption, 1395 * both SASL, and this TLS layer. It is highly unlikely in practice 1396 * though, since SASL encryption will typically be a no-op if TLS 1397 * is active 1398 * 1399 * Returns the number of bytes written, which may be less than 1400 * the requested 'datalen' if the socket would block. Returns 1401 * 0 on I/O error, and disconnects the client socket. 1402 */ 1403 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1404 { 1405 Error *err = NULL; 1406 ssize_t ret; 1407 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err); 1408 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1409 return vnc_client_io_error(vs, ret, err); 1410 } 1411 1412 1413 /* 1414 * Called to write buffered data to the client socket, when not 1415 * using any SASL SSF encryption layers. Will write as much data 1416 * as possible without blocking. If all buffered data is written, 1417 * will switch the FD poll() handler back to read monitoring. 1418 * 1419 * Returns the number of bytes written, which may be less than 1420 * the buffered output data if the socket would block. Returns 1421 * 0 on I/O error, and disconnects the client socket. 1422 */ 1423 static size_t vnc_client_write_plain(VncState *vs) 1424 { 1425 size_t offset; 1426 size_t ret; 1427 1428 #ifdef CONFIG_VNC_SASL 1429 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1430 vs->output.buffer, vs->output.capacity, vs->output.offset, 1431 vs->sasl.waitWriteSSF); 1432 1433 if (vs->sasl.conn && 1434 vs->sasl.runSSF && 1435 vs->sasl.waitWriteSSF) { 1436 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1437 if (ret) 1438 vs->sasl.waitWriteSSF -= ret; 1439 } else 1440 #endif /* CONFIG_VNC_SASL */ 1441 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1442 if (!ret) 1443 return 0; 1444 1445 if (ret >= vs->force_update_offset) { 1446 if (vs->force_update_offset != 0) { 1447 trace_vnc_client_unthrottle_forced(vs, vs->ioc); 1448 } 1449 vs->force_update_offset = 0; 1450 } else { 1451 vs->force_update_offset -= ret; 1452 } 1453 offset = vs->output.offset; 1454 buffer_advance(&vs->output, ret); 1455 if (offset >= vs->throttle_output_offset && 1456 vs->output.offset < vs->throttle_output_offset) { 1457 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset); 1458 } 1459 1460 if (vs->output.offset == 0) { 1461 if (vs->ioc_tag) { 1462 g_source_remove(vs->ioc_tag); 1463 } 1464 vs->ioc_tag = qio_channel_add_watch( 1465 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1466 vnc_client_io, vs, NULL); 1467 } 1468 1469 return ret; 1470 } 1471 1472 1473 /* 1474 * First function called whenever there is data to be written to 1475 * the client socket. Will delegate actual work according to whether 1476 * SASL SSF layers are enabled (thus requiring encryption calls) 1477 */ 1478 static void vnc_client_write_locked(VncState *vs) 1479 { 1480 #ifdef CONFIG_VNC_SASL 1481 if (vs->sasl.conn && 1482 vs->sasl.runSSF && 1483 !vs->sasl.waitWriteSSF) { 1484 vnc_client_write_sasl(vs); 1485 } else 1486 #endif /* CONFIG_VNC_SASL */ 1487 { 1488 vnc_client_write_plain(vs); 1489 } 1490 } 1491 1492 static void vnc_client_write(VncState *vs) 1493 { 1494 assert(vs->magic == VNC_MAGIC); 1495 vnc_lock_output(vs); 1496 if (vs->output.offset) { 1497 vnc_client_write_locked(vs); 1498 } else if (vs->ioc != NULL) { 1499 if (vs->ioc_tag) { 1500 g_source_remove(vs->ioc_tag); 1501 } 1502 vs->ioc_tag = qio_channel_add_watch( 1503 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1504 vnc_client_io, vs, NULL); 1505 } 1506 vnc_unlock_output(vs); 1507 } 1508 1509 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1510 { 1511 vs->read_handler = func; 1512 vs->read_handler_expect = expecting; 1513 } 1514 1515 1516 /* 1517 * Called to read a chunk of data from the client socket. The data may 1518 * be the raw data, or may need to be further decoded by SASL. 1519 * The data will be read either straight from to the socket, or 1520 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1521 * 1522 * NB, it is theoretically possible to have 2 layers of encryption, 1523 * both SASL, and this TLS layer. It is highly unlikely in practice 1524 * though, since SASL encryption will typically be a no-op if TLS 1525 * is active 1526 * 1527 * Returns the number of bytes read, which may be less than 1528 * the requested 'datalen' if the socket would block. Returns 1529 * 0 on I/O error or EOF, and disconnects the client socket. 1530 */ 1531 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1532 { 1533 ssize_t ret; 1534 Error *err = NULL; 1535 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err); 1536 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1537 return vnc_client_io_error(vs, ret, err); 1538 } 1539 1540 1541 /* 1542 * Called to read data from the client socket to the input buffer, 1543 * when not using any SASL SSF encryption layers. Will read as much 1544 * data as possible without blocking. 1545 * 1546 * Returns the number of bytes read, which may be less than 1547 * the requested 'datalen' if the socket would block. Returns 1548 * 0 on I/O error or EOF, and disconnects the client socket. 1549 */ 1550 static size_t vnc_client_read_plain(VncState *vs) 1551 { 1552 size_t ret; 1553 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1554 vs->input.buffer, vs->input.capacity, vs->input.offset); 1555 buffer_reserve(&vs->input, 4096); 1556 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1557 if (!ret) 1558 return 0; 1559 vs->input.offset += ret; 1560 return ret; 1561 } 1562 1563 static void vnc_jobs_bh(void *opaque) 1564 { 1565 VncState *vs = opaque; 1566 1567 assert(vs->magic == VNC_MAGIC); 1568 vnc_jobs_consume_buffer(vs); 1569 } 1570 1571 /* 1572 * First function called whenever there is more data to be read from 1573 * the client socket. Will delegate actual work according to whether 1574 * SASL SSF layers are enabled (thus requiring decryption calls) 1575 * Returns 0 on success, -1 if client disconnected 1576 */ 1577 static int vnc_client_read(VncState *vs) 1578 { 1579 size_t sz; 1580 1581 #ifdef CONFIG_VNC_SASL 1582 if (vs->sasl.conn && vs->sasl.runSSF) 1583 sz = vnc_client_read_sasl(vs); 1584 else 1585 #endif /* CONFIG_VNC_SASL */ 1586 sz = vnc_client_read_plain(vs); 1587 if (!sz) { 1588 if (vs->disconnecting) { 1589 vnc_disconnect_finish(vs); 1590 return -1; 1591 } 1592 return 0; 1593 } 1594 1595 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1596 size_t len = vs->read_handler_expect; 1597 int ret; 1598 1599 ret = vs->read_handler(vs, vs->input.buffer, len); 1600 if (vs->disconnecting) { 1601 vnc_disconnect_finish(vs); 1602 return -1; 1603 } 1604 1605 if (!ret) { 1606 buffer_advance(&vs->input, len); 1607 } else { 1608 vs->read_handler_expect = ret; 1609 } 1610 } 1611 return 0; 1612 } 1613 1614 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1615 GIOCondition condition, void *opaque) 1616 { 1617 VncState *vs = opaque; 1618 1619 assert(vs->magic == VNC_MAGIC); 1620 1621 if (condition & (G_IO_HUP | G_IO_ERR)) { 1622 vnc_disconnect_start(vs); 1623 return TRUE; 1624 } 1625 1626 if (condition & G_IO_IN) { 1627 if (vnc_client_read(vs) < 0) { 1628 /* vs is free()ed here */ 1629 return TRUE; 1630 } 1631 } 1632 if (condition & G_IO_OUT) { 1633 vnc_client_write(vs); 1634 } 1635 1636 if (vs->disconnecting) { 1637 if (vs->ioc_tag != 0) { 1638 g_source_remove(vs->ioc_tag); 1639 } 1640 vs->ioc_tag = 0; 1641 } 1642 return TRUE; 1643 } 1644 1645 1646 /* 1647 * Scale factor to apply to vs->throttle_output_offset when checking for 1648 * hard limit. Worst case normal usage could be x2, if we have a complete 1649 * incremental update and complete forced update in the output buffer. 1650 * So x3 should be good enough, but we pick x5 to be conservative and thus 1651 * (hopefully) never trigger incorrectly. 1652 */ 1653 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5 1654 1655 void vnc_write(VncState *vs, const void *data, size_t len) 1656 { 1657 assert(vs->magic == VNC_MAGIC); 1658 if (vs->disconnecting) { 1659 return; 1660 } 1661 /* Protection against malicious client/guest to prevent our output 1662 * buffer growing without bound if client stops reading data. This 1663 * should rarely trigger, because we have earlier throttling code 1664 * which stops issuing framebuffer updates and drops audio data 1665 * if the throttle_output_offset value is exceeded. So we only reach 1666 * this higher level if a huge number of pseudo-encodings get 1667 * triggered while data can't be sent on the socket. 1668 * 1669 * NB throttle_output_offset can be zero during early protocol 1670 * handshake, or from the job thread's VncState clone 1671 */ 1672 if (vs->throttle_output_offset != 0 && 1673 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) > 1674 vs->throttle_output_offset) { 1675 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset, 1676 vs->throttle_output_offset); 1677 vnc_disconnect_start(vs); 1678 return; 1679 } 1680 buffer_reserve(&vs->output, len); 1681 1682 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1683 if (vs->ioc_tag) { 1684 g_source_remove(vs->ioc_tag); 1685 } 1686 vs->ioc_tag = qio_channel_add_watch( 1687 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT, 1688 vnc_client_io, vs, NULL); 1689 } 1690 1691 buffer_append(&vs->output, data, len); 1692 } 1693 1694 void vnc_write_s32(VncState *vs, int32_t value) 1695 { 1696 vnc_write_u32(vs, *(uint32_t *)&value); 1697 } 1698 1699 void vnc_write_u32(VncState *vs, uint32_t value) 1700 { 1701 uint8_t buf[4]; 1702 1703 buf[0] = (value >> 24) & 0xFF; 1704 buf[1] = (value >> 16) & 0xFF; 1705 buf[2] = (value >> 8) & 0xFF; 1706 buf[3] = value & 0xFF; 1707 1708 vnc_write(vs, buf, 4); 1709 } 1710 1711 void vnc_write_u16(VncState *vs, uint16_t value) 1712 { 1713 uint8_t buf[2]; 1714 1715 buf[0] = (value >> 8) & 0xFF; 1716 buf[1] = value & 0xFF; 1717 1718 vnc_write(vs, buf, 2); 1719 } 1720 1721 void vnc_write_u8(VncState *vs, uint8_t value) 1722 { 1723 vnc_write(vs, (char *)&value, 1); 1724 } 1725 1726 void vnc_flush(VncState *vs) 1727 { 1728 vnc_lock_output(vs); 1729 if (vs->ioc != NULL && vs->output.offset) { 1730 vnc_client_write_locked(vs); 1731 } 1732 if (vs->disconnecting) { 1733 if (vs->ioc_tag != 0) { 1734 g_source_remove(vs->ioc_tag); 1735 } 1736 vs->ioc_tag = 0; 1737 } 1738 vnc_unlock_output(vs); 1739 } 1740 1741 static uint8_t read_u8(uint8_t *data, size_t offset) 1742 { 1743 return data[offset]; 1744 } 1745 1746 static uint16_t read_u16(uint8_t *data, size_t offset) 1747 { 1748 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1749 } 1750 1751 static int32_t read_s32(uint8_t *data, size_t offset) 1752 { 1753 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1754 (data[offset + 2] << 8) | data[offset + 3]); 1755 } 1756 1757 uint32_t read_u32(uint8_t *data, size_t offset) 1758 { 1759 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1760 (data[offset + 2] << 8) | data[offset + 3]); 1761 } 1762 1763 static void check_pointer_type_change(Notifier *notifier, void *data) 1764 { 1765 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1766 int absolute = qemu_input_is_absolute(vs->vd->dcl.con); 1767 1768 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1769 vnc_lock_output(vs); 1770 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1771 vnc_write_u8(vs, 0); 1772 vnc_write_u16(vs, 1); 1773 vnc_framebuffer_update(vs, absolute, 0, 1774 pixman_image_get_width(vs->vd->server), 1775 pixman_image_get_height(vs->vd->server), 1776 VNC_ENCODING_POINTER_TYPE_CHANGE); 1777 vnc_unlock_output(vs); 1778 vnc_flush(vs); 1779 } 1780 vs->absolute = absolute; 1781 } 1782 1783 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1784 { 1785 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1786 [INPUT_BUTTON_LEFT] = 0x01, 1787 [INPUT_BUTTON_MIDDLE] = 0x02, 1788 [INPUT_BUTTON_RIGHT] = 0x04, 1789 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1790 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1791 }; 1792 QemuConsole *con = vs->vd->dcl.con; 1793 int width = pixman_image_get_width(vs->vd->server); 1794 int height = pixman_image_get_height(vs->vd->server); 1795 1796 if (vs->last_bmask != button_mask) { 1797 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1798 vs->last_bmask = button_mask; 1799 } 1800 1801 if (vs->absolute) { 1802 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width); 1803 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height); 1804 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1805 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1806 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1807 } else { 1808 if (vs->last_x != -1) { 1809 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1810 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1811 } 1812 vs->last_x = x; 1813 vs->last_y = y; 1814 } 1815 qemu_input_event_sync(); 1816 } 1817 1818 static void press_key(VncState *vs, QKeyCode qcode) 1819 { 1820 qkbd_state_key_event(vs->vd->kbd, qcode, true); 1821 qkbd_state_key_event(vs->vd->kbd, qcode, false); 1822 } 1823 1824 static void vnc_led_state_change(VncState *vs) 1825 { 1826 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1827 return; 1828 } 1829 1830 vnc_lock_output(vs); 1831 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1832 vnc_write_u8(vs, 0); 1833 vnc_write_u16(vs, 1); 1834 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1835 vnc_write_u8(vs, vs->vd->ledstate); 1836 vnc_unlock_output(vs); 1837 vnc_flush(vs); 1838 } 1839 1840 static void kbd_leds(void *opaque, int ledstate) 1841 { 1842 VncDisplay *vd = opaque; 1843 VncState *client; 1844 1845 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1846 (ledstate & QEMU_NUM_LOCK_LED), 1847 (ledstate & QEMU_SCROLL_LOCK_LED)); 1848 1849 if (ledstate == vd->ledstate) { 1850 return; 1851 } 1852 1853 vd->ledstate = ledstate; 1854 1855 QTAILQ_FOREACH(client, &vd->clients, next) { 1856 vnc_led_state_change(client); 1857 } 1858 } 1859 1860 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1861 { 1862 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode); 1863 1864 /* QEMU console switch */ 1865 switch (qcode) { 1866 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */ 1867 if (down && 1868 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) && 1869 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) { 1870 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1); 1871 if (con) { 1872 unregister_displaychangelistener(&vs->vd->dcl); 1873 qkbd_state_switch_console(vs->vd->kbd, con); 1874 vs->vd->dcl.con = con; 1875 register_displaychangelistener(&vs->vd->dcl); 1876 } 1877 return; 1878 } 1879 default: 1880 break; 1881 } 1882 1883 /* Turn off the lock state sync logic if the client support the led 1884 state extension. 1885 */ 1886 if (down && vs->vd->lock_key_sync && 1887 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1888 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1889 /* If the numlock state needs to change then simulate an additional 1890 keypress before sending this one. This will happen if the user 1891 toggles numlock away from the VNC window. 1892 */ 1893 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1894 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1895 trace_vnc_key_sync_numlock(true); 1896 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1897 } 1898 } else { 1899 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1900 trace_vnc_key_sync_numlock(false); 1901 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1902 } 1903 } 1904 } 1905 1906 if (down && vs->vd->lock_key_sync && 1907 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1908 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1909 /* If the capslock state needs to change then simulate an additional 1910 keypress before sending this one. This will happen if the user 1911 toggles capslock away from the VNC window. 1912 */ 1913 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1914 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT); 1915 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK); 1916 if (capslock) { 1917 if (uppercase == shift) { 1918 trace_vnc_key_sync_capslock(false); 1919 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1920 } 1921 } else { 1922 if (uppercase != shift) { 1923 trace_vnc_key_sync_capslock(true); 1924 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1925 } 1926 } 1927 } 1928 1929 qkbd_state_key_event(vs->vd->kbd, qcode, down); 1930 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) { 1931 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con); 1932 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK); 1933 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL); 1934 /* QEMU console emulation */ 1935 if (down) { 1936 switch (keycode) { 1937 case 0x2a: /* Left Shift */ 1938 case 0x36: /* Right Shift */ 1939 case 0x1d: /* Left CTRL */ 1940 case 0x9d: /* Right CTRL */ 1941 case 0x38: /* Left ALT */ 1942 case 0xb8: /* Right ALT */ 1943 break; 1944 case 0xc8: 1945 qemu_text_console_put_keysym(con, QEMU_KEY_UP); 1946 break; 1947 case 0xd0: 1948 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN); 1949 break; 1950 case 0xcb: 1951 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT); 1952 break; 1953 case 0xcd: 1954 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT); 1955 break; 1956 case 0xd3: 1957 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE); 1958 break; 1959 case 0xc7: 1960 qemu_text_console_put_keysym(con, QEMU_KEY_HOME); 1961 break; 1962 case 0xcf: 1963 qemu_text_console_put_keysym(con, QEMU_KEY_END); 1964 break; 1965 case 0xc9: 1966 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP); 1967 break; 1968 case 0xd1: 1969 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN); 1970 break; 1971 1972 case 0x47: 1973 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME); 1974 break; 1975 case 0x48: 1976 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP); 1977 break; 1978 case 0x49: 1979 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP); 1980 break; 1981 case 0x4b: 1982 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT); 1983 break; 1984 case 0x4c: 1985 qemu_text_console_put_keysym(con, '5'); 1986 break; 1987 case 0x4d: 1988 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT); 1989 break; 1990 case 0x4f: 1991 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END); 1992 break; 1993 case 0x50: 1994 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN); 1995 break; 1996 case 0x51: 1997 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN); 1998 break; 1999 case 0x52: 2000 qemu_text_console_put_keysym(con, '0'); 2001 break; 2002 case 0x53: 2003 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE); 2004 break; 2005 2006 case 0xb5: 2007 qemu_text_console_put_keysym(con, '/'); 2008 break; 2009 case 0x37: 2010 qemu_text_console_put_keysym(con, '*'); 2011 break; 2012 case 0x4a: 2013 qemu_text_console_put_keysym(con, '-'); 2014 break; 2015 case 0x4e: 2016 qemu_text_console_put_keysym(con, '+'); 2017 break; 2018 case 0x9c: 2019 qemu_text_console_put_keysym(con, '\n'); 2020 break; 2021 2022 default: 2023 if (control) { 2024 qemu_text_console_put_keysym(con, sym & 0x1f); 2025 } else { 2026 qemu_text_console_put_keysym(con, sym); 2027 } 2028 break; 2029 } 2030 } 2031 } 2032 } 2033 2034 static const char *code2name(int keycode) 2035 { 2036 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode)); 2037 } 2038 2039 static void key_event(VncState *vs, int down, uint32_t sym) 2040 { 2041 int keycode; 2042 int lsym = sym; 2043 2044 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) { 2045 lsym = lsym - 'A' + 'a'; 2046 } 2047 2048 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF, 2049 vs->vd->kbd, down) & SCANCODE_KEYMASK; 2050 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 2051 do_key_event(vs, down, keycode, sym); 2052 } 2053 2054 static void ext_key_event(VncState *vs, int down, 2055 uint32_t sym, uint16_t keycode) 2056 { 2057 /* if the user specifies a keyboard layout, always use it */ 2058 if (keyboard_layout) { 2059 key_event(vs, down, sym); 2060 } else { 2061 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 2062 do_key_event(vs, down, keycode, sym); 2063 } 2064 } 2065 2066 static void framebuffer_update_request(VncState *vs, int incremental, 2067 int x, int y, int w, int h) 2068 { 2069 if (incremental) { 2070 if (vs->update != VNC_STATE_UPDATE_FORCE) { 2071 vs->update = VNC_STATE_UPDATE_INCREMENTAL; 2072 } 2073 } else { 2074 vs->update = VNC_STATE_UPDATE_FORCE; 2075 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 2076 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 2077 vnc_desktop_resize_ext(vs, 0); 2078 } 2079 } 2080 } 2081 2082 static void send_ext_key_event_ack(VncState *vs) 2083 { 2084 vnc_lock_output(vs); 2085 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2086 vnc_write_u8(vs, 0); 2087 vnc_write_u16(vs, 1); 2088 vnc_framebuffer_update(vs, 0, 0, 2089 pixman_image_get_width(vs->vd->server), 2090 pixman_image_get_height(vs->vd->server), 2091 VNC_ENCODING_EXT_KEY_EVENT); 2092 vnc_unlock_output(vs); 2093 vnc_flush(vs); 2094 } 2095 2096 static void send_ext_audio_ack(VncState *vs) 2097 { 2098 vnc_lock_output(vs); 2099 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2100 vnc_write_u8(vs, 0); 2101 vnc_write_u16(vs, 1); 2102 vnc_framebuffer_update(vs, 0, 0, 2103 pixman_image_get_width(vs->vd->server), 2104 pixman_image_get_height(vs->vd->server), 2105 VNC_ENCODING_AUDIO); 2106 vnc_unlock_output(vs); 2107 vnc_flush(vs); 2108 } 2109 2110 static void send_xvp_message(VncState *vs, int code) 2111 { 2112 vnc_lock_output(vs); 2113 vnc_write_u8(vs, VNC_MSG_SERVER_XVP); 2114 vnc_write_u8(vs, 0); /* pad */ 2115 vnc_write_u8(vs, 1); /* version */ 2116 vnc_write_u8(vs, code); 2117 vnc_unlock_output(vs); 2118 vnc_flush(vs); 2119 } 2120 2121 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2122 { 2123 VncConnection *vc = container_of(vs, VncConnection, vs); 2124 int i; 2125 unsigned int enc = 0; 2126 2127 vs->features = 0; 2128 vs->vnc_encoding = 0; 2129 vc->worker.tight.compression = 9; 2130 vc->worker.tight.quality = -1; /* Lossless by default */ 2131 vs->absolute = -1; 2132 2133 /* 2134 * Start from the end because the encodings are sent in order of preference. 2135 * This way the preferred encoding (first encoding defined in the array) 2136 * will be set at the end of the loop. 2137 */ 2138 for (i = n_encodings - 1; i >= 0; i--) { 2139 enc = encodings[i]; 2140 switch (enc) { 2141 case VNC_ENCODING_RAW: 2142 vs->vnc_encoding = enc; 2143 break; 2144 case VNC_ENCODING_HEXTILE: 2145 vnc_set_feature(vs, VNC_FEATURE_HEXTILE); 2146 vs->vnc_encoding = enc; 2147 break; 2148 case VNC_ENCODING_TIGHT: 2149 vnc_set_feature(vs, VNC_FEATURE_TIGHT); 2150 vs->vnc_encoding = enc; 2151 break; 2152 #ifdef CONFIG_PNG 2153 case VNC_ENCODING_TIGHT_PNG: 2154 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG); 2155 vs->vnc_encoding = enc; 2156 break; 2157 #endif 2158 case VNC_ENCODING_ZLIB: 2159 /* 2160 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB. 2161 * So prioritize ZRLE, even if the client hints that it prefers 2162 * ZLIB. 2163 */ 2164 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) { 2165 vnc_set_feature(vs, VNC_FEATURE_ZLIB); 2166 vs->vnc_encoding = enc; 2167 } 2168 break; 2169 case VNC_ENCODING_ZRLE: 2170 vnc_set_feature(vs, VNC_FEATURE_ZRLE); 2171 vs->vnc_encoding = enc; 2172 break; 2173 case VNC_ENCODING_ZYWRLE: 2174 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE); 2175 vs->vnc_encoding = enc; 2176 break; 2177 case VNC_ENCODING_DESKTOPRESIZE: 2178 vnc_set_feature(vs, VNC_FEATURE_RESIZE); 2179 break; 2180 case VNC_ENCODING_DESKTOP_RESIZE_EXT: 2181 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT); 2182 break; 2183 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2184 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE); 2185 break; 2186 case VNC_ENCODING_RICH_CURSOR: 2187 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR); 2188 break; 2189 case VNC_ENCODING_ALPHA_CURSOR: 2190 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR); 2191 break; 2192 case VNC_ENCODING_EXT_KEY_EVENT: 2193 send_ext_key_event_ack(vs); 2194 break; 2195 case VNC_ENCODING_AUDIO: 2196 if (vs->vd->audio_state) { 2197 vnc_set_feature(vs, VNC_FEATURE_AUDIO); 2198 send_ext_audio_ack(vs); 2199 } 2200 break; 2201 case VNC_ENCODING_WMVi: 2202 vnc_set_feature(vs, VNC_FEATURE_WMVI); 2203 break; 2204 case VNC_ENCODING_LED_STATE: 2205 vnc_set_feature(vs, VNC_FEATURE_LED_STATE); 2206 break; 2207 case VNC_ENCODING_XVP: 2208 if (vs->vd->power_control) { 2209 vnc_set_feature(vs, VNC_FEATURE_XVP); 2210 send_xvp_message(vs, VNC_XVP_CODE_INIT); 2211 } 2212 break; 2213 case VNC_ENCODING_CLIPBOARD_EXT: 2214 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT); 2215 vnc_server_cut_text_caps(vs); 2216 break; 2217 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2218 vc->worker.tight.compression = (enc & 0x0F); 2219 break; 2220 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2221 if (vs->vd->lossy) { 2222 vc->worker.tight.quality = (enc & 0x0F); 2223 } 2224 break; 2225 default: 2226 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2227 break; 2228 } 2229 } 2230 vnc_desktop_resize(vs); 2231 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2232 vnc_led_state_change(vs); 2233 vnc_cursor_define(vs); 2234 } 2235 2236 static void set_pixel_conversion(VncState *vs) 2237 { 2238 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf, 2239 vs->client_endian); 2240 2241 if (fmt == VNC_SERVER_FB_FORMAT) { 2242 vs->write_pixels = vnc_write_pixels_copy; 2243 vnc_hextile_set_pixel_conversion(vs, 0); 2244 } else { 2245 vs->write_pixels = vnc_write_pixels_generic; 2246 vnc_hextile_set_pixel_conversion(vs, 1); 2247 } 2248 } 2249 2250 static void send_color_map(VncState *vs) 2251 { 2252 int i; 2253 2254 vnc_lock_output(vs); 2255 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); 2256 vnc_write_u8(vs, 0); /* padding */ 2257 vnc_write_u16(vs, 0); /* first color */ 2258 vnc_write_u16(vs, 256); /* # of colors */ 2259 2260 for (i = 0; i < 256; i++) { 2261 PixelFormat *pf = &vs->client_pf; 2262 2263 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); 2264 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); 2265 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); 2266 } 2267 vnc_unlock_output(vs); 2268 } 2269 2270 static void set_pixel_format(VncState *vs, int bits_per_pixel, 2271 int big_endian_flag, int true_color_flag, 2272 int red_max, int green_max, int blue_max, 2273 int red_shift, int green_shift, int blue_shift) 2274 { 2275 if (!true_color_flag) { 2276 /* Expose a reasonable default 256 color map */ 2277 bits_per_pixel = 8; 2278 red_max = 7; 2279 green_max = 7; 2280 blue_max = 3; 2281 red_shift = 0; 2282 green_shift = 3; 2283 blue_shift = 6; 2284 } 2285 2286 switch (bits_per_pixel) { 2287 case 8: 2288 case 16: 2289 case 32: 2290 break; 2291 default: 2292 vnc_client_error(vs); 2293 return; 2294 } 2295 2296 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2297 vs->client_pf.rbits = ctpopl(red_max); 2298 vs->client_pf.rshift = red_shift; 2299 vs->client_pf.rmask = red_max << red_shift; 2300 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2301 vs->client_pf.gbits = ctpopl(green_max); 2302 vs->client_pf.gshift = green_shift; 2303 vs->client_pf.gmask = green_max << green_shift; 2304 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2305 vs->client_pf.bbits = ctpopl(blue_max); 2306 vs->client_pf.bshift = blue_shift; 2307 vs->client_pf.bmask = blue_max << blue_shift; 2308 vs->client_pf.bits_per_pixel = bits_per_pixel; 2309 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2310 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2311 vs->client_endian = big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN; 2312 2313 if (!true_color_flag) { 2314 send_color_map(vs); 2315 } 2316 2317 set_pixel_conversion(vs); 2318 2319 graphic_hw_invalidate(vs->vd->dcl.con); 2320 graphic_hw_update(vs->vd->dcl.con); 2321 } 2322 2323 static void pixel_format_message (VncState *vs) { 2324 char pad[3] = { 0, 0, 0 }; 2325 2326 vs->client_pf = qemu_default_pixelformat(32); 2327 2328 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2329 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2330 2331 #if HOST_BIG_ENDIAN 2332 vnc_write_u8(vs, 1); /* big-endian-flag */ 2333 #else 2334 vnc_write_u8(vs, 0); /* big-endian-flag */ 2335 #endif 2336 vnc_write_u8(vs, 1); /* true-color-flag */ 2337 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2338 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2339 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2340 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2341 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2342 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2343 vnc_write(vs, pad, 3); /* padding */ 2344 2345 vnc_hextile_set_pixel_conversion(vs, 0); 2346 vs->write_pixels = vnc_write_pixels_copy; 2347 } 2348 2349 static void vnc_colordepth(VncState *vs) 2350 { 2351 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2352 /* Sending a WMVi message to notify the client*/ 2353 vnc_lock_output(vs); 2354 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2355 vnc_write_u8(vs, 0); 2356 vnc_write_u16(vs, 1); /* number of rects */ 2357 vnc_framebuffer_update(vs, 0, 0, 2358 vs->client_width, 2359 vs->client_height, 2360 VNC_ENCODING_WMVi); 2361 pixel_format_message(vs); 2362 vnc_unlock_output(vs); 2363 vnc_flush(vs); 2364 } else { 2365 set_pixel_conversion(vs); 2366 } 2367 } 2368 2369 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2370 { 2371 int i; 2372 uint16_t limit; 2373 uint32_t freq; 2374 VncDisplay *vd = vs->vd; 2375 2376 if (data[0] > 3) { 2377 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2378 } 2379 2380 switch (data[0]) { 2381 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2382 if (len == 1) 2383 return 20; 2384 2385 set_pixel_format(vs, read_u8(data, 4), 2386 read_u8(data, 6), read_u8(data, 7), 2387 read_u16(data, 8), read_u16(data, 10), 2388 read_u16(data, 12), read_u8(data, 14), 2389 read_u8(data, 15), read_u8(data, 16)); 2390 break; 2391 case VNC_MSG_CLIENT_SET_ENCODINGS: 2392 if (len == 1) 2393 return 4; 2394 2395 if (len == 4) { 2396 limit = read_u16(data, 2); 2397 if (limit > 0) 2398 return 4 + (limit * 4); 2399 } else 2400 limit = read_u16(data, 2); 2401 2402 for (i = 0; i < limit; i++) { 2403 int32_t val = read_s32(data, 4 + (i * 4)); 2404 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2405 } 2406 2407 set_encodings(vs, (int32_t *)(data + 4), limit); 2408 break; 2409 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2410 if (len == 1) 2411 return 10; 2412 2413 framebuffer_update_request(vs, 2414 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2415 read_u16(data, 6), read_u16(data, 8)); 2416 break; 2417 case VNC_MSG_CLIENT_KEY_EVENT: 2418 if (len == 1) 2419 return 8; 2420 2421 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2422 break; 2423 case VNC_MSG_CLIENT_POINTER_EVENT: 2424 if (len == 1) 2425 return 6; 2426 2427 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2428 break; 2429 case VNC_MSG_CLIENT_CUT_TEXT: 2430 if (len == 1) { 2431 return 8; 2432 } 2433 uint32_t dlen = abs(read_s32(data, 4)); 2434 if (len == 8) { 2435 if (dlen > (1 << 20)) { 2436 error_report("vnc: client_cut_text msg payload has %u bytes" 2437 " which exceeds our limit of 1MB.", dlen); 2438 vnc_client_error(vs); 2439 break; 2440 } 2441 if (dlen > 0) { 2442 return 8 + dlen; 2443 } 2444 } 2445 2446 if (read_s32(data, 4) < 0) { 2447 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) { 2448 error_report("vnc: extended clipboard message while disabled"); 2449 vnc_client_error(vs); 2450 break; 2451 } 2452 if (dlen < 4) { 2453 error_report("vnc: malformed payload (header less than 4 bytes)" 2454 " in extended clipboard pseudo-encoding."); 2455 vnc_client_error(vs); 2456 break; 2457 } 2458 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12); 2459 break; 2460 } 2461 vnc_client_cut_text(vs, read_u32(data, 4), data + 8); 2462 break; 2463 case VNC_MSG_CLIENT_XVP: 2464 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) { 2465 error_report("vnc: xvp client message while disabled"); 2466 vnc_client_error(vs); 2467 break; 2468 } 2469 if (len == 1) { 2470 return 4; 2471 } 2472 if (len == 4) { 2473 uint8_t version = read_u8(data, 2); 2474 uint8_t action = read_u8(data, 3); 2475 2476 if (version != 1) { 2477 error_report("vnc: xvp client message version %d != 1", 2478 version); 2479 vnc_client_error(vs); 2480 break; 2481 } 2482 2483 switch (action) { 2484 case VNC_XVP_ACTION_SHUTDOWN: 2485 qemu_system_powerdown_request(); 2486 break; 2487 case VNC_XVP_ACTION_REBOOT: 2488 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2489 break; 2490 case VNC_XVP_ACTION_RESET: 2491 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET); 2492 break; 2493 default: 2494 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2495 break; 2496 } 2497 } 2498 break; 2499 case VNC_MSG_CLIENT_QEMU: 2500 if (len == 1) 2501 return 2; 2502 2503 switch (read_u8(data, 1)) { 2504 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2505 if (len == 2) 2506 return 12; 2507 2508 ext_key_event(vs, read_u16(data, 2), 2509 read_u32(data, 4), read_u32(data, 8)); 2510 break; 2511 case VNC_MSG_CLIENT_QEMU_AUDIO: 2512 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) { 2513 error_report("Audio message %d with audio disabled", read_u8(data, 2)); 2514 vnc_client_error(vs); 2515 break; 2516 } 2517 2518 if (len == 2) 2519 return 4; 2520 2521 switch (read_u16 (data, 2)) { 2522 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2523 trace_vnc_msg_client_audio_enable(vs, vs->ioc); 2524 audio_add(vs); 2525 break; 2526 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2527 trace_vnc_msg_client_audio_disable(vs, vs->ioc); 2528 audio_del(vs); 2529 break; 2530 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2531 if (len == 4) 2532 return 10; 2533 switch (read_u8(data, 4)) { 2534 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break; 2535 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break; 2536 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break; 2537 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break; 2538 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break; 2539 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break; 2540 default: 2541 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2542 vnc_client_error(vs); 2543 break; 2544 } 2545 vs->as.nchannels = read_u8(data, 5); 2546 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2547 VNC_DEBUG("Invalid audio channel count %d\n", 2548 read_u8(data, 5)); 2549 vnc_client_error(vs); 2550 break; 2551 } 2552 freq = read_u32(data, 6); 2553 /* No official limit for protocol, but 48khz is a sensible 2554 * upper bound for trustworthy clients, and this limit 2555 * protects calculations involving 'vs->as.freq' later. 2556 */ 2557 if (freq > 48000) { 2558 VNC_DEBUG("Invalid audio frequency %u > 48000", freq); 2559 vnc_client_error(vs); 2560 break; 2561 } 2562 vs->as.freq = freq; 2563 trace_vnc_msg_client_audio_format( 2564 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq); 2565 break; 2566 default: 2567 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2)); 2568 vnc_client_error(vs); 2569 break; 2570 } 2571 break; 2572 2573 default: 2574 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2575 vnc_client_error(vs); 2576 break; 2577 } 2578 break; 2579 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE: 2580 { 2581 size_t size; 2582 uint8_t screens; 2583 int w, h; 2584 2585 if (len < 8) { 2586 return 8; 2587 } 2588 2589 screens = read_u8(data, 6); 2590 size = 8 + screens * 16; 2591 if (len < size) { 2592 return size; 2593 } 2594 w = read_u16(data, 2); 2595 h = read_u16(data, 4); 2596 2597 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens); 2598 if (dpy_ui_info_supported(vs->vd->dcl.con)) { 2599 QemuUIInfo info; 2600 memset(&info, 0, sizeof(info)); 2601 info.width = w; 2602 info.height = h; 2603 dpy_set_ui_info(vs->vd->dcl.con, &info, false); 2604 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */); 2605 } else { 2606 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */); 2607 } 2608 2609 break; 2610 } 2611 default: 2612 VNC_DEBUG("Msg: %d\n", data[0]); 2613 vnc_client_error(vs); 2614 break; 2615 } 2616 2617 vnc_update_throttle_offset(vs); 2618 vnc_read_when(vs, protocol_client_msg, 1); 2619 return 0; 2620 } 2621 2622 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2623 { 2624 char buf[1024]; 2625 VncShareMode mode; 2626 int size; 2627 2628 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2629 switch (vs->vd->share_policy) { 2630 case VNC_SHARE_POLICY_IGNORE: 2631 /* 2632 * Ignore the shared flag. Nothing to do here. 2633 * 2634 * Doesn't conform to the rfb spec but is traditional qemu 2635 * behavior, thus left here as option for compatibility 2636 * reasons. 2637 */ 2638 break; 2639 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2640 /* 2641 * Policy: Allow clients ask for exclusive access. 2642 * 2643 * Implementation: When a client asks for exclusive access, 2644 * disconnect all others. Shared connects are allowed as long 2645 * as no exclusive connection exists. 2646 * 2647 * This is how the rfb spec suggests to handle the shared flag. 2648 */ 2649 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2650 VncState *client; 2651 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2652 if (vs == client) { 2653 continue; 2654 } 2655 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2656 client->share_mode != VNC_SHARE_MODE_SHARED) { 2657 continue; 2658 } 2659 vnc_disconnect_start(client); 2660 } 2661 } 2662 if (mode == VNC_SHARE_MODE_SHARED) { 2663 if (vs->vd->num_exclusive > 0) { 2664 vnc_disconnect_start(vs); 2665 return 0; 2666 } 2667 } 2668 break; 2669 case VNC_SHARE_POLICY_FORCE_SHARED: 2670 /* 2671 * Policy: Shared connects only. 2672 * Implementation: Disallow clients asking for exclusive access. 2673 * 2674 * Useful for shared desktop sessions where you don't want 2675 * someone forgetting to say -shared when running the vnc 2676 * client disconnect everybody else. 2677 */ 2678 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2679 vnc_disconnect_start(vs); 2680 return 0; 2681 } 2682 break; 2683 } 2684 vnc_set_share_mode(vs, mode); 2685 2686 if (vs->vd->num_shared > vs->vd->connections_limit) { 2687 vnc_disconnect_start(vs); 2688 return 0; 2689 } 2690 2691 assert(pixman_image_get_width(vs->vd->server) < 65536 && 2692 pixman_image_get_width(vs->vd->server) >= 0); 2693 assert(pixman_image_get_height(vs->vd->server) < 65536 && 2694 pixman_image_get_height(vs->vd->server) >= 0); 2695 vs->client_width = pixman_image_get_width(vs->vd->server); 2696 vs->client_height = pixman_image_get_height(vs->vd->server); 2697 vnc_write_u16(vs, vs->client_width); 2698 vnc_write_u16(vs, vs->client_height); 2699 2700 pixel_format_message(vs); 2701 2702 if (qemu_name) { 2703 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2704 if (size > sizeof(buf)) { 2705 size = sizeof(buf); 2706 } 2707 } else { 2708 size = snprintf(buf, sizeof(buf), "QEMU"); 2709 } 2710 2711 vnc_write_u32(vs, size); 2712 vnc_write(vs, buf, size); 2713 vnc_flush(vs); 2714 2715 vnc_client_cache_auth(vs); 2716 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2717 2718 vnc_read_when(vs, protocol_client_msg, 1); 2719 2720 return 0; 2721 } 2722 2723 void start_client_init(VncState *vs) 2724 { 2725 vnc_read_when(vs, protocol_client_init, 1); 2726 } 2727 2728 static void authentication_failed(VncState *vs) 2729 { 2730 vnc_write_u32(vs, 1); /* Reject auth */ 2731 if (vs->minor >= 8) { 2732 static const char err[] = "Authentication failed"; 2733 vnc_write_u32(vs, sizeof(err)); 2734 vnc_write(vs, err, sizeof(err)); 2735 } 2736 vnc_flush(vs); 2737 vnc_client_error(vs); 2738 } 2739 2740 static void 2741 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey) 2742 { 2743 size_t i; 2744 for (i = 0; i < nkey; i++) { 2745 uint8_t r = key[i]; 2746 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; 2747 r = (r & 0xcc) >> 2 | (r & 0x33) << 2; 2748 r = (r & 0xaa) >> 1 | (r & 0x55) << 1; 2749 key[i] = r; 2750 } 2751 } 2752 2753 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2754 { 2755 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2756 size_t i, pwlen; 2757 unsigned char key[8]; 2758 time_t now = time(NULL); 2759 QCryptoCipher *cipher = NULL; 2760 Error *err = NULL; 2761 2762 if (!vs->vd->password) { 2763 trace_vnc_auth_fail(vs, vs->auth, "password is not set", ""); 2764 goto reject; 2765 } 2766 if (vs->vd->expires < now) { 2767 trace_vnc_auth_fail(vs, vs->auth, "password is expired", ""); 2768 goto reject; 2769 } 2770 2771 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2772 2773 /* Calculate the expected challenge response */ 2774 pwlen = strlen(vs->vd->password); 2775 for (i=0; i<sizeof(key); i++) 2776 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2777 vnc_munge_des_rfb_key(key, sizeof(key)); 2778 2779 cipher = qcrypto_cipher_new( 2780 QCRYPTO_CIPHER_ALGO_DES, 2781 QCRYPTO_CIPHER_MODE_ECB, 2782 key, G_N_ELEMENTS(key), 2783 &err); 2784 if (!cipher) { 2785 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher", 2786 error_get_pretty(err)); 2787 error_free(err); 2788 goto reject; 2789 } 2790 2791 if (qcrypto_cipher_encrypt(cipher, 2792 vs->challenge, 2793 response, 2794 VNC_AUTH_CHALLENGE_SIZE, 2795 &err) < 0) { 2796 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response", 2797 error_get_pretty(err)); 2798 error_free(err); 2799 goto reject; 2800 } 2801 2802 /* Compare expected vs actual challenge response */ 2803 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2804 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", ""); 2805 goto reject; 2806 } else { 2807 trace_vnc_auth_pass(vs, vs->auth); 2808 vnc_write_u32(vs, 0); /* Accept auth */ 2809 vnc_flush(vs); 2810 2811 start_client_init(vs); 2812 } 2813 2814 qcrypto_cipher_free(cipher); 2815 return 0; 2816 2817 reject: 2818 authentication_failed(vs); 2819 qcrypto_cipher_free(cipher); 2820 return 0; 2821 } 2822 2823 void start_auth_vnc(VncState *vs) 2824 { 2825 Error *err = NULL; 2826 2827 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) { 2828 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes", 2829 error_get_pretty(err)); 2830 error_free(err); 2831 authentication_failed(vs); 2832 return; 2833 } 2834 2835 /* Send client a 'random' challenge */ 2836 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2837 vnc_flush(vs); 2838 2839 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2840 } 2841 2842 2843 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2844 { 2845 /* We only advertise 1 auth scheme at a time, so client 2846 * must pick the one we sent. Verify this */ 2847 if (data[0] != vs->auth) { /* Reject auth */ 2848 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]); 2849 authentication_failed(vs); 2850 } else { /* Accept requested auth */ 2851 trace_vnc_auth_start(vs, vs->auth); 2852 switch (vs->auth) { 2853 case VNC_AUTH_NONE: 2854 if (vs->minor >= 8) { 2855 vnc_write_u32(vs, 0); /* Accept auth completion */ 2856 vnc_flush(vs); 2857 } 2858 trace_vnc_auth_pass(vs, vs->auth); 2859 start_client_init(vs); 2860 break; 2861 2862 case VNC_AUTH_VNC: 2863 start_auth_vnc(vs); 2864 break; 2865 2866 case VNC_AUTH_VENCRYPT: 2867 start_auth_vencrypt(vs); 2868 break; 2869 2870 #ifdef CONFIG_VNC_SASL 2871 case VNC_AUTH_SASL: 2872 start_auth_sasl(vs); 2873 break; 2874 #endif /* CONFIG_VNC_SASL */ 2875 2876 default: /* Should not be possible, but just in case */ 2877 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", ""); 2878 authentication_failed(vs); 2879 } 2880 } 2881 return 0; 2882 } 2883 2884 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2885 { 2886 char local[13]; 2887 2888 memcpy(local, version, 12); 2889 local[12] = 0; 2890 2891 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2892 VNC_DEBUG("Malformed protocol version %s\n", local); 2893 vnc_client_error(vs); 2894 return 0; 2895 } 2896 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2897 if (vs->major != 3 || 2898 (vs->minor != 3 && 2899 vs->minor != 4 && 2900 vs->minor != 5 && 2901 vs->minor != 7 && 2902 vs->minor != 8)) { 2903 VNC_DEBUG("Unsupported client version\n"); 2904 vnc_write_u32(vs, VNC_AUTH_INVALID); 2905 vnc_flush(vs); 2906 vnc_client_error(vs); 2907 return 0; 2908 } 2909 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2910 * as equivalent to v3.3 by servers 2911 */ 2912 if (vs->minor == 4 || vs->minor == 5) 2913 vs->minor = 3; 2914 2915 if (vs->minor == 3) { 2916 trace_vnc_auth_start(vs, vs->auth); 2917 if (vs->auth == VNC_AUTH_NONE) { 2918 vnc_write_u32(vs, vs->auth); 2919 vnc_flush(vs); 2920 trace_vnc_auth_pass(vs, vs->auth); 2921 start_client_init(vs); 2922 } else if (vs->auth == VNC_AUTH_VNC) { 2923 VNC_DEBUG("Tell client VNC auth\n"); 2924 vnc_write_u32(vs, vs->auth); 2925 vnc_flush(vs); 2926 start_auth_vnc(vs); 2927 } else { 2928 trace_vnc_auth_fail(vs, vs->auth, 2929 "Unsupported auth method for v3.3", ""); 2930 vnc_write_u32(vs, VNC_AUTH_INVALID); 2931 vnc_flush(vs); 2932 vnc_client_error(vs); 2933 } 2934 } else { 2935 vnc_write_u8(vs, 1); /* num auth */ 2936 vnc_write_u8(vs, vs->auth); 2937 vnc_read_when(vs, protocol_client_auth, 1); 2938 vnc_flush(vs); 2939 } 2940 2941 return 0; 2942 } 2943 2944 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2945 { 2946 struct VncSurface *vs = &vd->guest; 2947 2948 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2949 } 2950 2951 void vnc_sent_lossy_rect(VncWorker *worker, int x, int y, int w, int h) 2952 { 2953 int i, j; 2954 2955 w = (x + w) / VNC_STAT_RECT; 2956 h = (y + h) / VNC_STAT_RECT; 2957 x /= VNC_STAT_RECT; 2958 y /= VNC_STAT_RECT; 2959 2960 for (j = y; j <= h; j++) { 2961 for (i = x; i <= w; i++) { 2962 worker->lossy_rect[j][i] = 1; 2963 } 2964 } 2965 } 2966 2967 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2968 { 2969 VncState *vs; 2970 int sty = y / VNC_STAT_RECT; 2971 int stx = x / VNC_STAT_RECT; 2972 int has_dirty = 0; 2973 2974 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 2975 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 2976 2977 QTAILQ_FOREACH(vs, &vd->clients, next) { 2978 VncConnection *vc = container_of(vs, VncConnection, vs); 2979 int j; 2980 2981 /* kernel send buffers are full -> refresh later */ 2982 if (vs->output.offset) { 2983 continue; 2984 } 2985 2986 if (!vc->worker.lossy_rect[sty][stx]) { 2987 continue; 2988 } 2989 2990 vc->worker.lossy_rect[sty][stx] = 0; 2991 for (j = 0; j < VNC_STAT_RECT; ++j) { 2992 bitmap_set(vs->dirty[y + j], 2993 x / VNC_DIRTY_PIXELS_PER_BIT, 2994 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2995 } 2996 has_dirty++; 2997 } 2998 2999 return has_dirty; 3000 } 3001 3002 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 3003 { 3004 int width = MIN(pixman_image_get_width(vd->guest.fb), 3005 pixman_image_get_width(vd->server)); 3006 int height = MIN(pixman_image_get_height(vd->guest.fb), 3007 pixman_image_get_height(vd->server)); 3008 int x, y; 3009 struct timeval res; 3010 int has_dirty = 0; 3011 3012 for (y = 0; y < height; y += VNC_STAT_RECT) { 3013 for (x = 0; x < width; x += VNC_STAT_RECT) { 3014 VncRectStat *rect = vnc_stat_rect(vd, x, y); 3015 3016 rect->updated = false; 3017 } 3018 } 3019 3020 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 3021 3022 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 3023 return has_dirty; 3024 } 3025 vd->guest.last_freq_check = *tv; 3026 3027 for (y = 0; y < height; y += VNC_STAT_RECT) { 3028 for (x = 0; x < width; x += VNC_STAT_RECT) { 3029 VncRectStat *rect= vnc_stat_rect(vd, x, y); 3030 int count = ARRAY_SIZE(rect->times); 3031 struct timeval min, max; 3032 3033 if (!timerisset(&rect->times[count - 1])) { 3034 continue ; 3035 } 3036 3037 max = rect->times[(rect->idx + count - 1) % count]; 3038 qemu_timersub(tv, &max, &res); 3039 3040 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 3041 rect->freq = 0; 3042 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 3043 memset(rect->times, 0, sizeof (rect->times)); 3044 continue ; 3045 } 3046 3047 min = rect->times[rect->idx]; 3048 max = rect->times[(rect->idx + count - 1) % count]; 3049 qemu_timersub(&max, &min, &res); 3050 3051 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 3052 rect->freq /= count; 3053 rect->freq = 1. / rect->freq; 3054 } 3055 } 3056 return has_dirty; 3057 } 3058 3059 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 3060 { 3061 int i, j; 3062 double total = 0; 3063 int num = 0; 3064 3065 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 3066 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 3067 3068 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 3069 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 3070 total += vnc_stat_rect(vs->vd, i, j)->freq; 3071 num++; 3072 } 3073 } 3074 3075 if (num) { 3076 return total / num; 3077 } else { 3078 return 0; 3079 } 3080 } 3081 3082 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 3083 { 3084 VncRectStat *rect; 3085 3086 rect = vnc_stat_rect(vd, x, y); 3087 if (rect->updated) { 3088 return; 3089 } 3090 rect->times[rect->idx] = *tv; 3091 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 3092 rect->updated = true; 3093 } 3094 3095 static int vnc_refresh_server_surface(VncDisplay *vd) 3096 { 3097 int width = MIN(pixman_image_get_width(vd->guest.fb), 3098 pixman_image_get_width(vd->server)); 3099 int height = MIN(pixman_image_get_height(vd->guest.fb), 3100 pixman_image_get_height(vd->server)); 3101 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 3102 uint8_t *guest_row0 = NULL, *server_row0; 3103 VncState *vs; 3104 int has_dirty = 0; 3105 pixman_image_t *tmpbuf = NULL; 3106 unsigned long offset; 3107 int x; 3108 uint8_t *guest_ptr, *server_ptr; 3109 3110 struct timeval tv = { 0, 0 }; 3111 3112 if (!vd->non_adaptive) { 3113 gettimeofday(&tv, NULL); 3114 has_dirty = vnc_update_stats(vd, &tv); 3115 } 3116 3117 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3118 height * VNC_DIRTY_BPL(&vd->guest), 0); 3119 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3120 /* no dirty bits in guest surface */ 3121 return has_dirty; 3122 } 3123 3124 /* 3125 * Walk through the guest dirty map. 3126 * Check and copy modified bits from guest to server surface. 3127 * Update server dirty map. 3128 */ 3129 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 3130 server_stride = guest_stride = guest_ll = 3131 pixman_image_get_stride(vd->server); 3132 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 3133 server_stride); 3134 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3135 int w = pixman_image_get_width(vd->server); 3136 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w); 3137 } else { 3138 int guest_bpp = 3139 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 3140 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 3141 guest_stride = pixman_image_get_stride(vd->guest.fb); 3142 guest_ll = pixman_image_get_width(vd->guest.fb) 3143 * DIV_ROUND_UP(guest_bpp, 8); 3144 } 3145 line_bytes = MIN(server_stride, guest_ll); 3146 3147 for (;;) { 3148 y = offset / VNC_DIRTY_BPL(&vd->guest); 3149 x = offset % VNC_DIRTY_BPL(&vd->guest); 3150 3151 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 3152 3153 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3154 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 3155 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 3156 } else { 3157 guest_ptr = guest_row0 + y * guest_stride; 3158 } 3159 guest_ptr += x * cmp_bytes; 3160 3161 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 3162 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 3163 int _cmp_bytes = cmp_bytes; 3164 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 3165 continue; 3166 } 3167 if ((x + 1) * cmp_bytes > line_bytes) { 3168 _cmp_bytes = line_bytes - x * cmp_bytes; 3169 } 3170 assert(_cmp_bytes >= 0); 3171 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 3172 continue; 3173 } 3174 memcpy(server_ptr, guest_ptr, _cmp_bytes); 3175 if (!vd->non_adaptive) { 3176 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 3177 y, &tv); 3178 } 3179 QTAILQ_FOREACH(vs, &vd->clients, next) { 3180 set_bit(x, vs->dirty[y]); 3181 } 3182 has_dirty++; 3183 } 3184 3185 y++; 3186 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3187 height * VNC_DIRTY_BPL(&vd->guest), 3188 y * VNC_DIRTY_BPL(&vd->guest)); 3189 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3190 /* no more dirty bits */ 3191 break; 3192 } 3193 } 3194 qemu_pixman_image_unref(tmpbuf); 3195 return has_dirty; 3196 } 3197 3198 static void vnc_refresh(DisplayChangeListener *dcl) 3199 { 3200 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 3201 VncState *vs, *vn; 3202 int has_dirty, rects = 0; 3203 3204 if (QTAILQ_EMPTY(&vd->clients)) { 3205 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 3206 return; 3207 } 3208 3209 graphic_hw_update(vd->dcl.con); 3210 3211 if (vnc_trylock_display(vd)) { 3212 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3213 return; 3214 } 3215 3216 has_dirty = vnc_refresh_server_surface(vd); 3217 vnc_unlock_display(vd); 3218 3219 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 3220 rects += vnc_update_client(vs, has_dirty); 3221 /* vs might be free()ed here */ 3222 } 3223 3224 if (has_dirty && rects) { 3225 vd->dcl.update_interval /= 2; 3226 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 3227 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 3228 } 3229 } else { 3230 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 3231 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 3232 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 3233 } 3234 } 3235 } 3236 3237 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 3238 bool skipauth, bool websocket) 3239 { 3240 VncConnection *vc = g_new0(VncConnection, 1); 3241 VncState *vs = &vc->vs; 3242 bool first_client = QTAILQ_EMPTY(&vd->clients); 3243 3244 trace_vnc_client_connect(vs, sioc); 3245 vs->magic = VNC_MAGIC; 3246 vs->sioc = sioc; 3247 object_ref(OBJECT(vs->sioc)); 3248 vs->ioc = QIO_CHANNEL(sioc); 3249 object_ref(OBJECT(vs->ioc)); 3250 vs->vd = vd; 3251 3252 buffer_init(&vs->input, "vnc-input/%p", sioc); 3253 buffer_init(&vs->output, "vnc-output/%p", sioc); 3254 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 3255 3256 buffer_init(&vc->worker.tight.tight, "vnc-tight/%p", sioc); 3257 buffer_init(&vc->worker.tight.zlib, "vnc-tight-zlib/%p", sioc); 3258 buffer_init(&vc->worker.tight.gradient, "vnc-tight-gradient/%p", sioc); 3259 #ifdef CONFIG_VNC_JPEG 3260 buffer_init(&vc->worker.tight.jpeg, "vnc-tight-jpeg/%p", sioc); 3261 #endif 3262 #ifdef CONFIG_PNG 3263 buffer_init(&vc->worker.tight.png, "vnc-tight-png/%p", sioc); 3264 #endif 3265 buffer_init(&vc->worker.zlib.zlib, "vnc-zlib/%p", sioc); 3266 buffer_init(&vc->worker.zrle.zrle, "vnc-zrle/%p", sioc); 3267 buffer_init(&vc->worker.zrle.fb, "vnc-zrle-fb/%p", sioc); 3268 buffer_init(&vc->worker.zrle.zlib, "vnc-zrle-zlib/%p", sioc); 3269 3270 if (skipauth) { 3271 vs->auth = VNC_AUTH_NONE; 3272 vs->subauth = VNC_AUTH_INVALID; 3273 } else { 3274 if (websocket) { 3275 vs->auth = vd->ws_auth; 3276 vs->subauth = VNC_AUTH_INVALID; 3277 } else { 3278 vs->auth = vd->auth; 3279 vs->subauth = vd->subauth; 3280 } 3281 } 3282 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 3283 sioc, websocket, vs->auth, vs->subauth); 3284 3285 VNC_DEBUG("New client on socket %p\n", vs->sioc); 3286 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3287 qio_channel_set_blocking(vs->ioc, false, NULL); 3288 if (vs->ioc_tag) { 3289 g_source_remove(vs->ioc_tag); 3290 } 3291 if (websocket) { 3292 vs->websocket = 1; 3293 if (vd->tlscreds) { 3294 vs->ioc_tag = qio_channel_add_watch( 3295 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3296 vncws_tls_handshake_io, vs, NULL); 3297 } else { 3298 vs->ioc_tag = qio_channel_add_watch( 3299 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3300 vncws_handshake_io, vs, NULL); 3301 } 3302 } else { 3303 vs->ioc_tag = qio_channel_add_watch( 3304 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3305 vnc_client_io, vs, NULL); 3306 } 3307 3308 vnc_client_cache_addr(vs); 3309 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3310 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3311 3312 vs->last_x = -1; 3313 vs->last_y = -1; 3314 3315 vs->as.freq = 44100; 3316 vs->as.nchannels = 2; 3317 vs->as.fmt = AUDIO_FORMAT_S16; 3318 vs->as.endianness = 0; 3319 3320 qemu_mutex_init(&vs->output_mutex); 3321 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3322 3323 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3324 if (first_client) { 3325 vnc_update_server_surface(vd); 3326 } 3327 3328 graphic_hw_update(vd->dcl.con); 3329 3330 if (!vs->websocket) { 3331 vnc_start_protocol(vs); 3332 } 3333 3334 if (vd->num_connecting > vd->connections_limit) { 3335 QTAILQ_FOREACH(vs, &vd->clients, next) { 3336 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3337 vnc_disconnect_start(vs); 3338 return; 3339 } 3340 } 3341 } 3342 } 3343 3344 void vnc_start_protocol(VncState *vs) 3345 { 3346 vnc_write(vs, "RFB 003.008\n", 12); 3347 vnc_flush(vs); 3348 vnc_read_when(vs, protocol_version, 12); 3349 3350 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3351 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3352 } 3353 3354 static void vnc_listen_io(QIONetListener *listener, 3355 QIOChannelSocket *cioc, 3356 void *opaque) 3357 { 3358 VncDisplay *vd = opaque; 3359 bool isWebsock = listener == vd->wslistener; 3360 3361 qio_channel_set_name(QIO_CHANNEL(cioc), 3362 isWebsock ? "vnc-ws-server" : "vnc-server"); 3363 qio_channel_set_delay(QIO_CHANNEL(cioc), false); 3364 vnc_connect(vd, cioc, false, isWebsock); 3365 } 3366 3367 static const DisplayChangeListenerOps dcl_ops = { 3368 .dpy_name = "vnc", 3369 .dpy_refresh = vnc_refresh, 3370 .dpy_gfx_update = vnc_dpy_update, 3371 .dpy_gfx_switch = vnc_dpy_switch, 3372 .dpy_gfx_check_format = qemu_pixman_check_format, 3373 .dpy_mouse_set = vnc_mouse_set, 3374 .dpy_cursor_define = vnc_dpy_cursor_define, 3375 }; 3376 3377 static void vmstate_change_handler(void *opaque, bool running, RunState state) 3378 { 3379 VncDisplay *vd = opaque; 3380 3381 if (state != RUN_STATE_RUNNING) { 3382 return; 3383 } 3384 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3385 } 3386 3387 void vnc_display_init(const char *id, Error **errp) 3388 { 3389 VncDisplay *vd; 3390 3391 if (vnc_display_find(id) != NULL) { 3392 return; 3393 } 3394 vd = g_malloc0(sizeof(*vd)); 3395 3396 vd->id = strdup(id); 3397 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next); 3398 3399 QTAILQ_INIT(&vd->clients); 3400 vd->expires = TIME_MAX; 3401 3402 if (keyboard_layout) { 3403 trace_vnc_key_map_init(keyboard_layout); 3404 vd->kbd_layout = init_keyboard_layout(name2keysym, 3405 keyboard_layout, errp); 3406 } else { 3407 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp); 3408 } 3409 3410 if (!vd->kbd_layout) { 3411 return; 3412 } 3413 3414 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3415 vd->connections_limit = 32; 3416 3417 qemu_mutex_init(&vd->mutex); 3418 vnc_start_worker_thread(); 3419 3420 vd->dcl.ops = &dcl_ops; 3421 register_displaychangelistener(&vd->dcl); 3422 vd->kbd = qkbd_state_init(vd->dcl.con); 3423 vd->vmstate_handler_entry = qemu_add_vm_change_state_handler( 3424 &vmstate_change_handler, vd); 3425 } 3426 3427 3428 static void vnc_display_close(VncDisplay *vd) 3429 { 3430 if (!vd) { 3431 return; 3432 } 3433 3434 if (vd->listener) { 3435 qio_net_listener_disconnect(vd->listener); 3436 object_unref(OBJECT(vd->listener)); 3437 } 3438 vd->listener = NULL; 3439 3440 if (vd->wslistener) { 3441 qio_net_listener_disconnect(vd->wslistener); 3442 object_unref(OBJECT(vd->wslistener)); 3443 } 3444 vd->wslistener = NULL; 3445 3446 vd->auth = VNC_AUTH_INVALID; 3447 vd->subauth = VNC_AUTH_INVALID; 3448 if (vd->tlscreds) { 3449 object_unref(OBJECT(vd->tlscreds)); 3450 vd->tlscreds = NULL; 3451 } 3452 if (vd->tlsauthz) { 3453 object_unparent(OBJECT(vd->tlsauthz)); 3454 vd->tlsauthz = NULL; 3455 } 3456 g_free(vd->tlsauthzid); 3457 vd->tlsauthzid = NULL; 3458 if (vd->lock_key_sync) { 3459 qemu_remove_led_event_handler(vd->led); 3460 vd->led = NULL; 3461 } 3462 #ifdef CONFIG_VNC_SASL 3463 if (vd->sasl.authz) { 3464 object_unparent(OBJECT(vd->sasl.authz)); 3465 vd->sasl.authz = NULL; 3466 } 3467 g_free(vd->sasl.authzid); 3468 vd->sasl.authzid = NULL; 3469 #endif 3470 } 3471 3472 int vnc_display_password(const char *id, const char *password) 3473 { 3474 VncDisplay *vd = vnc_display_find(id); 3475 3476 if (!vd) { 3477 return -EINVAL; 3478 } 3479 if (vd->auth == VNC_AUTH_NONE) { 3480 error_printf_unless_qmp("If you want use passwords please enable " 3481 "password auth using '-vnc ${dpy},password'.\n"); 3482 return -EINVAL; 3483 } 3484 3485 g_free(vd->password); 3486 vd->password = g_strdup(password); 3487 3488 return 0; 3489 } 3490 3491 int vnc_display_pw_expire(const char *id, time_t expires) 3492 { 3493 VncDisplay *vd = vnc_display_find(id); 3494 3495 if (!vd) { 3496 return -EINVAL; 3497 } 3498 3499 vd->expires = expires; 3500 return 0; 3501 } 3502 3503 static void vnc_display_print_local_addr(VncDisplay *vd) 3504 { 3505 SocketAddress *addr; 3506 3507 if (!vd->listener || !vd->listener->nsioc) { 3508 return; 3509 } 3510 3511 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL); 3512 if (!addr) { 3513 return; 3514 } 3515 3516 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 3517 qapi_free_SocketAddress(addr); 3518 return; 3519 } 3520 error_printf_unless_qmp("VNC server running on %s:%s\n", 3521 addr->u.inet.host, 3522 addr->u.inet.port); 3523 qapi_free_SocketAddress(addr); 3524 } 3525 3526 static QemuOptsList qemu_vnc_opts = { 3527 .name = "vnc", 3528 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3529 .implied_opt_name = "vnc", 3530 .desc = { 3531 { 3532 .name = "vnc", 3533 .type = QEMU_OPT_STRING, 3534 },{ 3535 .name = "websocket", 3536 .type = QEMU_OPT_STRING, 3537 },{ 3538 .name = "tls-creds", 3539 .type = QEMU_OPT_STRING, 3540 },{ 3541 .name = "share", 3542 .type = QEMU_OPT_STRING, 3543 },{ 3544 .name = "display", 3545 .type = QEMU_OPT_STRING, 3546 },{ 3547 .name = "head", 3548 .type = QEMU_OPT_NUMBER, 3549 },{ 3550 .name = "connections", 3551 .type = QEMU_OPT_NUMBER, 3552 },{ 3553 .name = "to", 3554 .type = QEMU_OPT_NUMBER, 3555 },{ 3556 .name = "ipv4", 3557 .type = QEMU_OPT_BOOL, 3558 },{ 3559 .name = "ipv6", 3560 .type = QEMU_OPT_BOOL, 3561 },{ 3562 .name = "password", 3563 .type = QEMU_OPT_BOOL, 3564 },{ 3565 .name = "password-secret", 3566 .type = QEMU_OPT_STRING, 3567 },{ 3568 .name = "reverse", 3569 .type = QEMU_OPT_BOOL, 3570 },{ 3571 .name = "lock-key-sync", 3572 .type = QEMU_OPT_BOOL, 3573 },{ 3574 .name = "key-delay-ms", 3575 .type = QEMU_OPT_NUMBER, 3576 },{ 3577 .name = "sasl", 3578 .type = QEMU_OPT_BOOL, 3579 },{ 3580 .name = "tls-authz", 3581 .type = QEMU_OPT_STRING, 3582 },{ 3583 .name = "sasl-authz", 3584 .type = QEMU_OPT_STRING, 3585 },{ 3586 .name = "lossy", 3587 .type = QEMU_OPT_BOOL, 3588 },{ 3589 .name = "non-adaptive", 3590 .type = QEMU_OPT_BOOL, 3591 },{ 3592 .name = "audiodev", 3593 .type = QEMU_OPT_STRING, 3594 },{ 3595 .name = "power-control", 3596 .type = QEMU_OPT_BOOL, 3597 }, 3598 { /* end of list */ } 3599 }, 3600 }; 3601 3602 3603 static int 3604 vnc_display_setup_auth(int *auth, 3605 int *subauth, 3606 QCryptoTLSCreds *tlscreds, 3607 bool password, 3608 bool sasl, 3609 bool websocket, 3610 Error **errp) 3611 { 3612 /* 3613 * We have a choice of 3 authentication options 3614 * 3615 * 1. none 3616 * 2. vnc 3617 * 3. sasl 3618 * 3619 * The channel can be run in 2 modes 3620 * 3621 * 1. clear 3622 * 2. tls 3623 * 3624 * And TLS can use 2 types of credentials 3625 * 3626 * 1. anon 3627 * 2. x509 3628 * 3629 * We thus have 9 possible logical combinations 3630 * 3631 * 1. clear + none 3632 * 2. clear + vnc 3633 * 3. clear + sasl 3634 * 4. tls + anon + none 3635 * 5. tls + anon + vnc 3636 * 6. tls + anon + sasl 3637 * 7. tls + x509 + none 3638 * 8. tls + x509 + vnc 3639 * 9. tls + x509 + sasl 3640 * 3641 * These need to be mapped into the VNC auth schemes 3642 * in an appropriate manner. In regular VNC, all the 3643 * TLS options get mapped into VNC_AUTH_VENCRYPT 3644 * sub-auth types. 3645 * 3646 * In websockets, the https:// protocol already provides 3647 * TLS support, so there is no need to make use of the 3648 * VeNCrypt extension. Furthermore, websockets browser 3649 * clients could not use VeNCrypt even if they wanted to, 3650 * as they cannot control when the TLS handshake takes 3651 * place. Thus there is no option but to rely on https://, 3652 * meaning combinations 4->6 and 7->9 will be mapped to 3653 * VNC auth schemes in the same way as combos 1->3. 3654 * 3655 * Regardless of fact that we have a different mapping to 3656 * VNC auth mechs for plain VNC vs websockets VNC, the end 3657 * result has the same security characteristics. 3658 */ 3659 if (websocket || !tlscreds) { 3660 if (password) { 3661 VNC_DEBUG("Initializing VNC server with password auth\n"); 3662 *auth = VNC_AUTH_VNC; 3663 } else if (sasl) { 3664 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3665 *auth = VNC_AUTH_SASL; 3666 } else { 3667 VNC_DEBUG("Initializing VNC server with no auth\n"); 3668 *auth = VNC_AUTH_NONE; 3669 } 3670 *subauth = VNC_AUTH_INVALID; 3671 } else { 3672 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds), 3673 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL; 3674 bool is_anon = object_dynamic_cast(OBJECT(tlscreds), 3675 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL; 3676 3677 if (!is_x509 && !is_anon) { 3678 error_setg(errp, 3679 "Unsupported TLS cred type %s", 3680 object_get_typename(OBJECT(tlscreds))); 3681 return -1; 3682 } 3683 *auth = VNC_AUTH_VENCRYPT; 3684 if (password) { 3685 if (is_x509) { 3686 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3687 *subauth = VNC_AUTH_VENCRYPT_X509VNC; 3688 } else { 3689 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3690 *subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3691 } 3692 3693 } else if (sasl) { 3694 if (is_x509) { 3695 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3696 *subauth = VNC_AUTH_VENCRYPT_X509SASL; 3697 } else { 3698 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3699 *subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3700 } 3701 } else { 3702 if (is_x509) { 3703 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3704 *subauth = VNC_AUTH_VENCRYPT_X509NONE; 3705 } else { 3706 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3707 *subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3708 } 3709 } 3710 } 3711 return 0; 3712 } 3713 3714 3715 static int vnc_display_get_address(const char *addrstr, 3716 bool websocket, 3717 bool reverse, 3718 int displaynum, 3719 int to, 3720 bool has_ipv4, 3721 bool has_ipv6, 3722 bool ipv4, 3723 bool ipv6, 3724 SocketAddress **retaddr, 3725 Error **errp) 3726 { 3727 int ret = -1; 3728 SocketAddress *addr = NULL; 3729 3730 addr = g_new0(SocketAddress, 1); 3731 3732 if (strncmp(addrstr, "unix:", 5) == 0) { 3733 addr->type = SOCKET_ADDRESS_TYPE_UNIX; 3734 addr->u.q_unix.path = g_strdup(addrstr + 5); 3735 3736 if (to) { 3737 error_setg(errp, "Port range not support with UNIX socket"); 3738 goto cleanup; 3739 } 3740 ret = 0; 3741 } else { 3742 const char *port; 3743 size_t hostlen; 3744 uint64_t baseport = 0; 3745 InetSocketAddress *inet; 3746 3747 port = strrchr(addrstr, ':'); 3748 if (!port) { 3749 if (websocket) { 3750 hostlen = 0; 3751 port = addrstr; 3752 } else { 3753 error_setg(errp, "no vnc port specified"); 3754 goto cleanup; 3755 } 3756 } else { 3757 hostlen = port - addrstr; 3758 port++; 3759 if (*port == '\0') { 3760 error_setg(errp, "vnc port cannot be empty"); 3761 goto cleanup; 3762 } 3763 } 3764 3765 addr->type = SOCKET_ADDRESS_TYPE_INET; 3766 inet = &addr->u.inet; 3767 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') { 3768 inet->host = g_strndup(addrstr + 1, hostlen - 2); 3769 } else { 3770 inet->host = g_strndup(addrstr, hostlen); 3771 } 3772 /* plain VNC port is just an offset, for websocket 3773 * port is absolute */ 3774 if (websocket) { 3775 if (g_str_equal(addrstr, "") || 3776 g_str_equal(addrstr, "on")) { 3777 if (displaynum == -1) { 3778 error_setg(errp, "explicit websocket port is required"); 3779 goto cleanup; 3780 } 3781 inet->port = g_strdup_printf( 3782 "%d", displaynum + 5700); 3783 if (to) { 3784 inet->has_to = true; 3785 inet->to = to + 5700; 3786 } 3787 } else { 3788 inet->port = g_strdup(port); 3789 } 3790 } else { 3791 int offset = reverse ? 0 : 5900; 3792 if (parse_uint_full(port, 10, &baseport) < 0) { 3793 error_setg(errp, "can't convert to a number: %s", port); 3794 goto cleanup; 3795 } 3796 if (baseport > 65535 || 3797 baseport + offset > 65535) { 3798 error_setg(errp, "port %s out of range", port); 3799 goto cleanup; 3800 } 3801 inet->port = g_strdup_printf( 3802 "%d", (int)baseport + offset); 3803 3804 if (to) { 3805 inet->has_to = true; 3806 inet->to = to + offset; 3807 } 3808 } 3809 3810 inet->ipv4 = ipv4; 3811 inet->has_ipv4 = has_ipv4; 3812 inet->ipv6 = ipv6; 3813 inet->has_ipv6 = has_ipv6; 3814 3815 ret = baseport; 3816 } 3817 3818 *retaddr = addr; 3819 3820 cleanup: 3821 if (ret < 0) { 3822 qapi_free_SocketAddress(addr); 3823 } 3824 return ret; 3825 } 3826 3827 static int vnc_display_get_addresses(QemuOpts *opts, 3828 bool reverse, 3829 SocketAddressList **saddr_list_ret, 3830 SocketAddressList **wsaddr_list_ret, 3831 Error **errp) 3832 { 3833 SocketAddress *saddr = NULL; 3834 SocketAddress *wsaddr = NULL; 3835 g_autoptr(SocketAddressList) saddr_list = NULL; 3836 SocketAddressList **saddr_tail = &saddr_list; 3837 SocketAddress *single_saddr = NULL; 3838 g_autoptr(SocketAddressList) wsaddr_list = NULL; 3839 SocketAddressList **wsaddr_tail = &wsaddr_list; 3840 QemuOptsIter addriter; 3841 const char *addr; 3842 int to = qemu_opt_get_number(opts, "to", 0); 3843 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3844 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3845 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3846 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3847 int displaynum = -1; 3848 3849 addr = qemu_opt_get(opts, "vnc"); 3850 if (addr == NULL || g_str_equal(addr, "none")) { 3851 return 0; 3852 } 3853 if (qemu_opt_get(opts, "websocket") && 3854 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) { 3855 error_setg(errp, 3856 "SHA1 hash support is required for websockets"); 3857 return -1; 3858 } 3859 3860 qemu_opt_iter_init(&addriter, opts, "vnc"); 3861 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3862 int rv; 3863 rv = vnc_display_get_address(addr, false, reverse, 0, to, 3864 has_ipv4, has_ipv6, 3865 ipv4, ipv6, 3866 &saddr, errp); 3867 if (rv < 0) { 3868 return -1; 3869 } 3870 /* Historical compat - first listen address can be used 3871 * to set the default websocket port 3872 */ 3873 if (displaynum == -1) { 3874 displaynum = rv; 3875 } 3876 QAPI_LIST_APPEND(saddr_tail, saddr); 3877 } 3878 3879 if (saddr_list && !saddr_list->next) { 3880 single_saddr = saddr_list->value; 3881 } else { 3882 /* 3883 * If we had multiple primary displays, we don't do defaults 3884 * for websocket, and require explicit config instead. 3885 */ 3886 displaynum = -1; 3887 } 3888 3889 qemu_opt_iter_init(&addriter, opts, "websocket"); 3890 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3891 if (vnc_display_get_address(addr, true, reverse, displaynum, to, 3892 has_ipv4, has_ipv6, 3893 ipv4, ipv6, 3894 &wsaddr, errp) < 0) { 3895 return -1; 3896 } 3897 3898 /* Historical compat - if only a single listen address was 3899 * provided, then this is used to set the default listen 3900 * address for websocket too 3901 */ 3902 if (single_saddr && 3903 single_saddr->type == SOCKET_ADDRESS_TYPE_INET && 3904 wsaddr->type == SOCKET_ADDRESS_TYPE_INET && 3905 g_str_equal(wsaddr->u.inet.host, "") && 3906 !g_str_equal(single_saddr->u.inet.host, "")) { 3907 g_free(wsaddr->u.inet.host); 3908 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host); 3909 } 3910 3911 QAPI_LIST_APPEND(wsaddr_tail, wsaddr); 3912 } 3913 3914 *saddr_list_ret = g_steal_pointer(&saddr_list); 3915 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list); 3916 return 0; 3917 } 3918 3919 static int vnc_display_connect(VncDisplay *vd, 3920 SocketAddressList *saddr_list, 3921 SocketAddressList *wsaddr_list, 3922 Error **errp) 3923 { 3924 /* connect to viewer */ 3925 QIOChannelSocket *sioc = NULL; 3926 if (wsaddr_list) { 3927 error_setg(errp, "Cannot use websockets in reverse mode"); 3928 return -1; 3929 } 3930 if (!saddr_list || saddr_list->next) { 3931 error_setg(errp, "Expected a single address in reverse mode"); 3932 return -1; 3933 } 3934 sioc = qio_channel_socket_new(); 3935 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse"); 3936 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) { 3937 object_unref(OBJECT(sioc)); 3938 return -1; 3939 } 3940 vnc_connect(vd, sioc, false, false); 3941 object_unref(OBJECT(sioc)); 3942 return 0; 3943 } 3944 3945 3946 static int vnc_display_listen(VncDisplay *vd, 3947 SocketAddressList *saddr_list, 3948 SocketAddressList *wsaddr_list, 3949 Error **errp) 3950 { 3951 SocketAddressList *el; 3952 3953 if (saddr_list) { 3954 vd->listener = qio_net_listener_new(); 3955 qio_net_listener_set_name(vd->listener, "vnc-listen"); 3956 for (el = saddr_list; el; el = el->next) { 3957 if (qio_net_listener_open_sync(vd->listener, 3958 el->value, 1, 3959 errp) < 0) { 3960 return -1; 3961 } 3962 } 3963 3964 qio_net_listener_set_client_func(vd->listener, 3965 vnc_listen_io, vd, NULL); 3966 } 3967 3968 if (wsaddr_list) { 3969 vd->wslistener = qio_net_listener_new(); 3970 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen"); 3971 for (el = wsaddr_list; el; el = el->next) { 3972 if (qio_net_listener_open_sync(vd->wslistener, 3973 el->value, 1, 3974 errp) < 0) { 3975 return -1; 3976 } 3977 } 3978 3979 qio_net_listener_set_client_func(vd->wslistener, 3980 vnc_listen_io, vd, NULL); 3981 } 3982 3983 return 0; 3984 } 3985 3986 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp) 3987 { 3988 VncDisplay *vd = vnc_display_find(NULL); 3989 3990 if (!vd) { 3991 error_setg(errp, "Can not find vnc display"); 3992 return false; 3993 } 3994 3995 if (arg->has_addresses) { 3996 if (vd->listener) { 3997 qio_net_listener_disconnect(vd->listener); 3998 object_unref(OBJECT(vd->listener)); 3999 vd->listener = NULL; 4000 } 4001 4002 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) { 4003 return false; 4004 } 4005 } 4006 4007 return true; 4008 } 4009 4010 void vnc_display_open(const char *id, Error **errp) 4011 { 4012 VncDisplay *vd = vnc_display_find(id); 4013 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 4014 g_autoptr(SocketAddressList) saddr_list = NULL; 4015 g_autoptr(SocketAddressList) wsaddr_list = NULL; 4016 const char *share, *device_id; 4017 QemuConsole *con; 4018 bool password = false; 4019 bool reverse = false; 4020 const char *credid; 4021 bool sasl = false; 4022 const char *tlsauthz; 4023 const char *saslauthz; 4024 int lock_key_sync = 1; 4025 int key_delay_ms; 4026 const char *audiodev; 4027 const char *passwordSecret; 4028 4029 if (!vd) { 4030 error_setg(errp, "VNC display not active"); 4031 return; 4032 } 4033 vnc_display_close(vd); 4034 4035 if (!opts) { 4036 return; 4037 } 4038 4039 reverse = qemu_opt_get_bool(opts, "reverse", false); 4040 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list, 4041 errp) < 0) { 4042 goto fail; 4043 } 4044 4045 4046 passwordSecret = qemu_opt_get(opts, "password-secret"); 4047 if (passwordSecret) { 4048 if (qemu_opt_get(opts, "password")) { 4049 error_setg(errp, 4050 "'password' flag is redundant with 'password-secret'"); 4051 goto fail; 4052 } 4053 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret, 4054 errp); 4055 if (!vd->password) { 4056 goto fail; 4057 } 4058 password = true; 4059 } else { 4060 password = qemu_opt_get_bool(opts, "password", false); 4061 } 4062 if (password) { 4063 if (!qcrypto_cipher_supports( 4064 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) { 4065 error_setg(errp, 4066 "Cipher backend does not support DES algorithm"); 4067 goto fail; 4068 } 4069 } 4070 4071 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 4072 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10); 4073 sasl = qemu_opt_get_bool(opts, "sasl", false); 4074 #ifndef CONFIG_VNC_SASL 4075 if (sasl) { 4076 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 4077 goto fail; 4078 } 4079 #endif /* CONFIG_VNC_SASL */ 4080 credid = qemu_opt_get(opts, "tls-creds"); 4081 if (credid) { 4082 Object *creds; 4083 creds = object_resolve_path_component( 4084 object_get_objects_root(), credid); 4085 if (!creds) { 4086 error_setg(errp, "No TLS credentials with id '%s'", 4087 credid); 4088 goto fail; 4089 } 4090 vd->tlscreds = (QCryptoTLSCreds *) 4091 object_dynamic_cast(creds, 4092 TYPE_QCRYPTO_TLS_CREDS); 4093 if (!vd->tlscreds) { 4094 error_setg(errp, "Object with id '%s' is not TLS credentials", 4095 credid); 4096 goto fail; 4097 } 4098 object_ref(OBJECT(vd->tlscreds)); 4099 4100 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds, 4101 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, 4102 errp)) { 4103 goto fail; 4104 } 4105 } 4106 tlsauthz = qemu_opt_get(opts, "tls-authz"); 4107 if (tlsauthz && !vd->tlscreds) { 4108 error_setg(errp, "'tls-authz' provided but TLS is not enabled"); 4109 goto fail; 4110 } 4111 4112 saslauthz = qemu_opt_get(opts, "sasl-authz"); 4113 if (saslauthz && !sasl) { 4114 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled"); 4115 goto fail; 4116 } 4117 4118 share = qemu_opt_get(opts, "share"); 4119 if (share) { 4120 if (strcmp(share, "ignore") == 0) { 4121 vd->share_policy = VNC_SHARE_POLICY_IGNORE; 4122 } else if (strcmp(share, "allow-exclusive") == 0) { 4123 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4124 } else if (strcmp(share, "force-shared") == 0) { 4125 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 4126 } else { 4127 error_setg(errp, "unknown vnc share= option"); 4128 goto fail; 4129 } 4130 } else { 4131 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4132 } 4133 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32); 4134 4135 #ifdef CONFIG_VNC_JPEG 4136 vd->lossy = qemu_opt_get_bool(opts, "lossy", false); 4137 #endif 4138 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 4139 /* adaptive updates are only used with tight encoding and 4140 * if lossy updates are enabled so we can disable all the 4141 * calculations otherwise */ 4142 if (!vd->lossy) { 4143 vd->non_adaptive = true; 4144 } 4145 4146 vd->power_control = qemu_opt_get_bool(opts, "power-control", false); 4147 4148 if (tlsauthz) { 4149 vd->tlsauthzid = g_strdup(tlsauthz); 4150 } 4151 #ifdef CONFIG_VNC_SASL 4152 if (sasl) { 4153 if (saslauthz) { 4154 vd->sasl.authzid = g_strdup(saslauthz); 4155 } 4156 } 4157 #endif 4158 4159 if (vnc_display_setup_auth(&vd->auth, &vd->subauth, 4160 vd->tlscreds, password, 4161 sasl, false, errp) < 0) { 4162 goto fail; 4163 } 4164 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth); 4165 4166 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth, 4167 vd->tlscreds, password, 4168 sasl, true, errp) < 0) { 4169 goto fail; 4170 } 4171 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth); 4172 4173 #ifdef CONFIG_VNC_SASL 4174 if (sasl && !vnc_sasl_server_init(errp)) { 4175 goto fail; 4176 } 4177 #endif 4178 vd->lock_key_sync = lock_key_sync; 4179 if (lock_key_sync) { 4180 vd->led = qemu_add_led_event_handler(kbd_leds, vd); 4181 } 4182 vd->ledstate = 0; 4183 4184 audiodev = qemu_opt_get(opts, "audiodev"); 4185 if (audiodev) { 4186 vd->audio_state = audio_state_by_name(audiodev, errp); 4187 if (!vd->audio_state) { 4188 goto fail; 4189 } 4190 } else { 4191 vd->audio_state = audio_get_default_audio_state(NULL); 4192 } 4193 4194 device_id = qemu_opt_get(opts, "display"); 4195 if (device_id) { 4196 int head = qemu_opt_get_number(opts, "head", 0); 4197 Error *err = NULL; 4198 4199 con = qemu_console_lookup_by_device_name(device_id, head, &err); 4200 if (err) { 4201 error_propagate(errp, err); 4202 goto fail; 4203 } 4204 } else { 4205 con = qemu_console_lookup_default(); 4206 } 4207 4208 if (con != vd->dcl.con) { 4209 qkbd_state_free(vd->kbd); 4210 unregister_displaychangelistener(&vd->dcl); 4211 vd->dcl.con = con; 4212 register_displaychangelistener(&vd->dcl); 4213 vd->kbd = qkbd_state_init(vd->dcl.con); 4214 } 4215 qkbd_state_set_delay(vd->kbd, key_delay_ms); 4216 4217 if (saddr_list == NULL) { 4218 return; 4219 } 4220 4221 if (reverse) { 4222 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) { 4223 goto fail; 4224 } 4225 } else { 4226 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) { 4227 goto fail; 4228 } 4229 } 4230 4231 if (qemu_opt_get(opts, "to")) { 4232 vnc_display_print_local_addr(vd); 4233 } 4234 4235 /* Success */ 4236 return; 4237 4238 fail: 4239 vnc_display_close(vd); 4240 } 4241 4242 void vnc_display_add_client(const char *id, int csock, bool skipauth) 4243 { 4244 VncDisplay *vd = vnc_display_find(id); 4245 QIOChannelSocket *sioc; 4246 4247 if (!vd) { 4248 return; 4249 } 4250 4251 sioc = qio_channel_socket_new_fd(csock, NULL); 4252 if (sioc) { 4253 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server"); 4254 vnc_connect(vd, sioc, skipauth, false); 4255 object_unref(OBJECT(sioc)); 4256 } 4257 } 4258 4259 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 4260 { 4261 int i = 2; 4262 char *id; 4263 4264 id = g_strdup("default"); 4265 while (qemu_opts_find(olist, id)) { 4266 g_free(id); 4267 id = g_strdup_printf("vnc%d", i++); 4268 } 4269 qemu_opts_set_id(opts, id); 4270 } 4271 4272 void vnc_parse(const char *str) 4273 { 4274 QemuOptsList *olist = qemu_find_opts("vnc"); 4275 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str)); 4276 const char *id; 4277 4278 if (!opts) { 4279 exit(1); 4280 } 4281 4282 id = qemu_opts_id(opts); 4283 if (!id) { 4284 /* auto-assign id if not present */ 4285 vnc_auto_assign_id(olist, opts); 4286 } 4287 } 4288 4289 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 4290 { 4291 Error *local_err = NULL; 4292 char *id = (char *)qemu_opts_id(opts); 4293 4294 assert(id); 4295 vnc_display_init(id, &local_err); 4296 if (local_err) { 4297 error_propagate(errp, local_err); 4298 return -1; 4299 } 4300 vnc_display_open(id, &local_err); 4301 if (local_err != NULL) { 4302 error_propagate(errp, local_err); 4303 return -1; 4304 } 4305 return 0; 4306 } 4307 4308 static void vnc_register_config(void) 4309 { 4310 qemu_add_opts(&qemu_vnc_opts); 4311 } 4312 opts_init(vnc_register_config); 4313