1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "sysemu/sysemu.h" 32 #include "qemu/error-report.h" 33 #include "qemu/option.h" 34 #include "qemu/sockets.h" 35 #include "qemu/timer.h" 36 #include "qemu/acl.h" 37 #include "qemu/config-file.h" 38 #include "qapi/qapi-events.h" 39 #include "qapi/error.h" 40 #include "qapi/qapi-commands-ui.h" 41 #include "ui/input.h" 42 #include "crypto/hash.h" 43 #include "crypto/tlscredsanon.h" 44 #include "crypto/tlscredsx509.h" 45 #include "qom/object_interfaces.h" 46 #include "qemu/cutils.h" 47 #include "io/dns-resolver.h" 48 49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 50 #define VNC_REFRESH_INTERVAL_INC 50 51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 54 55 #include "vnc_keysym.h" 56 #include "crypto/cipher.h" 57 58 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 59 QTAILQ_HEAD_INITIALIZER(vnc_displays); 60 61 static int vnc_cursor_define(VncState *vs); 62 static void vnc_release_modifiers(VncState *vs); 63 static void vnc_update_throttle_offset(VncState *vs); 64 65 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 66 { 67 #ifdef _VNC_DEBUG 68 static const char *mn[] = { 69 [0] = "undefined", 70 [VNC_SHARE_MODE_CONNECTING] = "connecting", 71 [VNC_SHARE_MODE_SHARED] = "shared", 72 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 73 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 74 }; 75 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 76 vs->ioc, mn[vs->share_mode], mn[mode]); 77 #endif 78 79 switch (vs->share_mode) { 80 case VNC_SHARE_MODE_CONNECTING: 81 vs->vd->num_connecting--; 82 break; 83 case VNC_SHARE_MODE_SHARED: 84 vs->vd->num_shared--; 85 break; 86 case VNC_SHARE_MODE_EXCLUSIVE: 87 vs->vd->num_exclusive--; 88 break; 89 default: 90 break; 91 } 92 93 vs->share_mode = mode; 94 95 switch (vs->share_mode) { 96 case VNC_SHARE_MODE_CONNECTING: 97 vs->vd->num_connecting++; 98 break; 99 case VNC_SHARE_MODE_SHARED: 100 vs->vd->num_shared++; 101 break; 102 case VNC_SHARE_MODE_EXCLUSIVE: 103 vs->vd->num_exclusive++; 104 break; 105 default: 106 break; 107 } 108 } 109 110 111 static void vnc_init_basic_info(SocketAddress *addr, 112 VncBasicInfo *info, 113 Error **errp) 114 { 115 switch (addr->type) { 116 case SOCKET_ADDRESS_TYPE_INET: 117 info->host = g_strdup(addr->u.inet.host); 118 info->service = g_strdup(addr->u.inet.port); 119 if (addr->u.inet.ipv6) { 120 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 121 } else { 122 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 123 } 124 break; 125 126 case SOCKET_ADDRESS_TYPE_UNIX: 127 info->host = g_strdup(""); 128 info->service = g_strdup(addr->u.q_unix.path); 129 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 130 break; 131 132 case SOCKET_ADDRESS_TYPE_VSOCK: 133 case SOCKET_ADDRESS_TYPE_FD: 134 error_setg(errp, "Unsupported socket address type %s", 135 SocketAddressType_str(addr->type)); 136 break; 137 default: 138 abort(); 139 } 140 141 return; 142 } 143 144 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 145 VncBasicInfo *info, 146 Error **errp) 147 { 148 SocketAddress *addr = NULL; 149 150 if (!ioc) { 151 error_setg(errp, "No listener socket available"); 152 return; 153 } 154 155 addr = qio_channel_socket_get_local_address(ioc, errp); 156 if (!addr) { 157 return; 158 } 159 160 vnc_init_basic_info(addr, info, errp); 161 qapi_free_SocketAddress(addr); 162 } 163 164 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 165 VncBasicInfo *info, 166 Error **errp) 167 { 168 SocketAddress *addr = NULL; 169 170 addr = qio_channel_socket_get_remote_address(ioc, errp); 171 if (!addr) { 172 return; 173 } 174 175 vnc_init_basic_info(addr, info, errp); 176 qapi_free_SocketAddress(addr); 177 } 178 179 static const char *vnc_auth_name(VncDisplay *vd) { 180 switch (vd->auth) { 181 case VNC_AUTH_INVALID: 182 return "invalid"; 183 case VNC_AUTH_NONE: 184 return "none"; 185 case VNC_AUTH_VNC: 186 return "vnc"; 187 case VNC_AUTH_RA2: 188 return "ra2"; 189 case VNC_AUTH_RA2NE: 190 return "ra2ne"; 191 case VNC_AUTH_TIGHT: 192 return "tight"; 193 case VNC_AUTH_ULTRA: 194 return "ultra"; 195 case VNC_AUTH_TLS: 196 return "tls"; 197 case VNC_AUTH_VENCRYPT: 198 switch (vd->subauth) { 199 case VNC_AUTH_VENCRYPT_PLAIN: 200 return "vencrypt+plain"; 201 case VNC_AUTH_VENCRYPT_TLSNONE: 202 return "vencrypt+tls+none"; 203 case VNC_AUTH_VENCRYPT_TLSVNC: 204 return "vencrypt+tls+vnc"; 205 case VNC_AUTH_VENCRYPT_TLSPLAIN: 206 return "vencrypt+tls+plain"; 207 case VNC_AUTH_VENCRYPT_X509NONE: 208 return "vencrypt+x509+none"; 209 case VNC_AUTH_VENCRYPT_X509VNC: 210 return "vencrypt+x509+vnc"; 211 case VNC_AUTH_VENCRYPT_X509PLAIN: 212 return "vencrypt+x509+plain"; 213 case VNC_AUTH_VENCRYPT_TLSSASL: 214 return "vencrypt+tls+sasl"; 215 case VNC_AUTH_VENCRYPT_X509SASL: 216 return "vencrypt+x509+sasl"; 217 default: 218 return "vencrypt"; 219 } 220 case VNC_AUTH_SASL: 221 return "sasl"; 222 } 223 return "unknown"; 224 } 225 226 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 227 { 228 VncServerInfo *info; 229 Error *err = NULL; 230 231 if (!vd->listener || !vd->listener->nsioc) { 232 return NULL; 233 } 234 235 info = g_malloc0(sizeof(*info)); 236 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0], 237 qapi_VncServerInfo_base(info), &err); 238 info->has_auth = true; 239 info->auth = g_strdup(vnc_auth_name(vd)); 240 if (err) { 241 qapi_free_VncServerInfo(info); 242 info = NULL; 243 error_free(err); 244 } 245 return info; 246 } 247 248 static void vnc_client_cache_auth(VncState *client) 249 { 250 if (!client->info) { 251 return; 252 } 253 254 if (client->tls) { 255 client->info->x509_dname = 256 qcrypto_tls_session_get_peer_name(client->tls); 257 client->info->has_x509_dname = 258 client->info->x509_dname != NULL; 259 } 260 #ifdef CONFIG_VNC_SASL 261 if (client->sasl.conn && 262 client->sasl.username) { 263 client->info->has_sasl_username = true; 264 client->info->sasl_username = g_strdup(client->sasl.username); 265 } 266 #endif 267 } 268 269 static void vnc_client_cache_addr(VncState *client) 270 { 271 Error *err = NULL; 272 273 client->info = g_malloc0(sizeof(*client->info)); 274 vnc_init_basic_info_from_remote_addr(client->sioc, 275 qapi_VncClientInfo_base(client->info), 276 &err); 277 if (err) { 278 qapi_free_VncClientInfo(client->info); 279 client->info = NULL; 280 error_free(err); 281 } 282 } 283 284 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 285 { 286 VncServerInfo *si; 287 288 if (!vs->info) { 289 return; 290 } 291 292 si = vnc_server_info_get(vs->vd); 293 if (!si) { 294 return; 295 } 296 297 switch (event) { 298 case QAPI_EVENT_VNC_CONNECTED: 299 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info)); 300 break; 301 case QAPI_EVENT_VNC_INITIALIZED: 302 qapi_event_send_vnc_initialized(si, vs->info); 303 break; 304 case QAPI_EVENT_VNC_DISCONNECTED: 305 qapi_event_send_vnc_disconnected(si, vs->info); 306 break; 307 default: 308 break; 309 } 310 311 qapi_free_VncServerInfo(si); 312 } 313 314 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 315 { 316 VncClientInfo *info; 317 Error *err = NULL; 318 319 info = g_malloc0(sizeof(*info)); 320 321 vnc_init_basic_info_from_remote_addr(client->sioc, 322 qapi_VncClientInfo_base(info), 323 &err); 324 if (err) { 325 error_free(err); 326 qapi_free_VncClientInfo(info); 327 return NULL; 328 } 329 330 info->websocket = client->websocket; 331 332 if (client->tls) { 333 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 334 info->has_x509_dname = info->x509_dname != NULL; 335 } 336 #ifdef CONFIG_VNC_SASL 337 if (client->sasl.conn && client->sasl.username) { 338 info->has_sasl_username = true; 339 info->sasl_username = g_strdup(client->sasl.username); 340 } 341 #endif 342 343 return info; 344 } 345 346 static VncDisplay *vnc_display_find(const char *id) 347 { 348 VncDisplay *vd; 349 350 if (id == NULL) { 351 return QTAILQ_FIRST(&vnc_displays); 352 } 353 QTAILQ_FOREACH(vd, &vnc_displays, next) { 354 if (strcmp(id, vd->id) == 0) { 355 return vd; 356 } 357 } 358 return NULL; 359 } 360 361 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 362 { 363 VncClientInfoList *cinfo, *prev = NULL; 364 VncState *client; 365 366 QTAILQ_FOREACH(client, &vd->clients, next) { 367 cinfo = g_new0(VncClientInfoList, 1); 368 cinfo->value = qmp_query_vnc_client(client); 369 cinfo->next = prev; 370 prev = cinfo; 371 } 372 return prev; 373 } 374 375 VncInfo *qmp_query_vnc(Error **errp) 376 { 377 VncInfo *info = g_malloc0(sizeof(*info)); 378 VncDisplay *vd = vnc_display_find(NULL); 379 SocketAddress *addr = NULL; 380 381 if (vd == NULL || !vd->listener || !vd->listener->nsioc) { 382 info->enabled = false; 383 } else { 384 info->enabled = true; 385 386 /* for compatibility with the original command */ 387 info->has_clients = true; 388 info->clients = qmp_query_client_list(vd); 389 390 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], 391 errp); 392 if (!addr) { 393 goto out_error; 394 } 395 396 switch (addr->type) { 397 case SOCKET_ADDRESS_TYPE_INET: 398 info->host = g_strdup(addr->u.inet.host); 399 info->service = g_strdup(addr->u.inet.port); 400 if (addr->u.inet.ipv6) { 401 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 402 } else { 403 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 404 } 405 break; 406 407 case SOCKET_ADDRESS_TYPE_UNIX: 408 info->host = g_strdup(""); 409 info->service = g_strdup(addr->u.q_unix.path); 410 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 411 break; 412 413 case SOCKET_ADDRESS_TYPE_VSOCK: 414 case SOCKET_ADDRESS_TYPE_FD: 415 error_setg(errp, "Unsupported socket address type %s", 416 SocketAddressType_str(addr->type)); 417 goto out_error; 418 default: 419 abort(); 420 } 421 422 info->has_host = true; 423 info->has_service = true; 424 info->has_family = true; 425 426 info->has_auth = true; 427 info->auth = g_strdup(vnc_auth_name(vd)); 428 } 429 430 qapi_free_SocketAddress(addr); 431 return info; 432 433 out_error: 434 qapi_free_SocketAddress(addr); 435 qapi_free_VncInfo(info); 436 return NULL; 437 } 438 439 440 static void qmp_query_auth(int auth, int subauth, 441 VncPrimaryAuth *qmp_auth, 442 VncVencryptSubAuth *qmp_vencrypt, 443 bool *qmp_has_vencrypt); 444 445 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc, 446 bool websocket, 447 int auth, 448 int subauth, 449 VncServerInfo2List *prev) 450 { 451 VncServerInfo2List *list; 452 VncServerInfo2 *info; 453 Error *err = NULL; 454 SocketAddress *addr; 455 456 addr = qio_channel_socket_get_local_address(ioc, &err); 457 if (!addr) { 458 error_free(err); 459 return prev; 460 } 461 462 info = g_new0(VncServerInfo2, 1); 463 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err); 464 qapi_free_SocketAddress(addr); 465 if (err) { 466 qapi_free_VncServerInfo2(info); 467 error_free(err); 468 return prev; 469 } 470 info->websocket = websocket; 471 472 qmp_query_auth(auth, subauth, &info->auth, 473 &info->vencrypt, &info->has_vencrypt); 474 475 list = g_new0(VncServerInfo2List, 1); 476 list->value = info; 477 list->next = prev; 478 return list; 479 } 480 481 static void qmp_query_auth(int auth, int subauth, 482 VncPrimaryAuth *qmp_auth, 483 VncVencryptSubAuth *qmp_vencrypt, 484 bool *qmp_has_vencrypt) 485 { 486 switch (auth) { 487 case VNC_AUTH_VNC: 488 *qmp_auth = VNC_PRIMARY_AUTH_VNC; 489 break; 490 case VNC_AUTH_RA2: 491 *qmp_auth = VNC_PRIMARY_AUTH_RA2; 492 break; 493 case VNC_AUTH_RA2NE: 494 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE; 495 break; 496 case VNC_AUTH_TIGHT: 497 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT; 498 break; 499 case VNC_AUTH_ULTRA: 500 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA; 501 break; 502 case VNC_AUTH_TLS: 503 *qmp_auth = VNC_PRIMARY_AUTH_TLS; 504 break; 505 case VNC_AUTH_VENCRYPT: 506 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT; 507 *qmp_has_vencrypt = true; 508 switch (subauth) { 509 case VNC_AUTH_VENCRYPT_PLAIN: 510 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 511 break; 512 case VNC_AUTH_VENCRYPT_TLSNONE: 513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 514 break; 515 case VNC_AUTH_VENCRYPT_TLSVNC: 516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 517 break; 518 case VNC_AUTH_VENCRYPT_TLSPLAIN: 519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 520 break; 521 case VNC_AUTH_VENCRYPT_X509NONE: 522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 523 break; 524 case VNC_AUTH_VENCRYPT_X509VNC: 525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 526 break; 527 case VNC_AUTH_VENCRYPT_X509PLAIN: 528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 529 break; 530 case VNC_AUTH_VENCRYPT_TLSSASL: 531 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 532 break; 533 case VNC_AUTH_VENCRYPT_X509SASL: 534 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 535 break; 536 default: 537 *qmp_has_vencrypt = false; 538 break; 539 } 540 break; 541 case VNC_AUTH_SASL: 542 *qmp_auth = VNC_PRIMARY_AUTH_SASL; 543 break; 544 case VNC_AUTH_NONE: 545 default: 546 *qmp_auth = VNC_PRIMARY_AUTH_NONE; 547 break; 548 } 549 } 550 551 VncInfo2List *qmp_query_vnc_servers(Error **errp) 552 { 553 VncInfo2List *item, *prev = NULL; 554 VncInfo2 *info; 555 VncDisplay *vd; 556 DeviceState *dev; 557 size_t i; 558 559 QTAILQ_FOREACH(vd, &vnc_displays, next) { 560 info = g_new0(VncInfo2, 1); 561 info->id = g_strdup(vd->id); 562 info->clients = qmp_query_client_list(vd); 563 qmp_query_auth(vd->auth, vd->subauth, &info->auth, 564 &info->vencrypt, &info->has_vencrypt); 565 if (vd->dcl.con) { 566 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 567 "device", NULL)); 568 info->has_display = true; 569 info->display = g_strdup(dev->id); 570 } 571 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) { 572 info->server = qmp_query_server_entry( 573 vd->listener->sioc[i], false, vd->auth, vd->subauth, 574 info->server); 575 } 576 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) { 577 info->server = qmp_query_server_entry( 578 vd->wslistener->sioc[i], true, vd->ws_auth, 579 vd->ws_subauth, info->server); 580 } 581 582 item = g_new0(VncInfo2List, 1); 583 item->value = info; 584 item->next = prev; 585 prev = item; 586 } 587 return prev; 588 } 589 590 /* TODO 591 1) Get the queue working for IO. 592 2) there is some weirdness when using the -S option (the screen is grey 593 and not totally invalidated 594 3) resolutions > 1024 595 */ 596 597 static int vnc_update_client(VncState *vs, int has_dirty); 598 static void vnc_disconnect_start(VncState *vs); 599 600 static void vnc_colordepth(VncState *vs); 601 static void framebuffer_update_request(VncState *vs, int incremental, 602 int x_position, int y_position, 603 int w, int h); 604 static void vnc_refresh(DisplayChangeListener *dcl); 605 static int vnc_refresh_server_surface(VncDisplay *vd); 606 607 static int vnc_width(VncDisplay *vd) 608 { 609 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 610 VNC_DIRTY_PIXELS_PER_BIT)); 611 } 612 613 static int vnc_height(VncDisplay *vd) 614 { 615 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 616 } 617 618 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 619 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 620 VncDisplay *vd, 621 int x, int y, int w, int h) 622 { 623 int width = vnc_width(vd); 624 int height = vnc_height(vd); 625 626 /* this is needed this to ensure we updated all affected 627 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 628 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 629 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 630 631 x = MIN(x, width); 632 y = MIN(y, height); 633 w = MIN(x + w, width) - x; 634 h = MIN(y + h, height); 635 636 for (; y < h; y++) { 637 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 638 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 639 } 640 } 641 642 static void vnc_dpy_update(DisplayChangeListener *dcl, 643 int x, int y, int w, int h) 644 { 645 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 646 struct VncSurface *s = &vd->guest; 647 648 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 649 } 650 651 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 652 int32_t encoding) 653 { 654 vnc_write_u16(vs, x); 655 vnc_write_u16(vs, y); 656 vnc_write_u16(vs, w); 657 vnc_write_u16(vs, h); 658 659 vnc_write_s32(vs, encoding); 660 } 661 662 663 static void vnc_desktop_resize(VncState *vs) 664 { 665 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 666 return; 667 } 668 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 669 vs->client_height == pixman_image_get_height(vs->vd->server)) { 670 return; 671 } 672 673 assert(pixman_image_get_width(vs->vd->server) < 65536 && 674 pixman_image_get_width(vs->vd->server) >= 0); 675 assert(pixman_image_get_height(vs->vd->server) < 65536 && 676 pixman_image_get_height(vs->vd->server) >= 0); 677 vs->client_width = pixman_image_get_width(vs->vd->server); 678 vs->client_height = pixman_image_get_height(vs->vd->server); 679 vnc_lock_output(vs); 680 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 681 vnc_write_u8(vs, 0); 682 vnc_write_u16(vs, 1); /* number of rects */ 683 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 684 VNC_ENCODING_DESKTOPRESIZE); 685 vnc_unlock_output(vs); 686 vnc_flush(vs); 687 } 688 689 static void vnc_abort_display_jobs(VncDisplay *vd) 690 { 691 VncState *vs; 692 693 QTAILQ_FOREACH(vs, &vd->clients, next) { 694 vnc_lock_output(vs); 695 vs->abort = true; 696 vnc_unlock_output(vs); 697 } 698 QTAILQ_FOREACH(vs, &vd->clients, next) { 699 vnc_jobs_join(vs); 700 } 701 QTAILQ_FOREACH(vs, &vd->clients, next) { 702 vnc_lock_output(vs); 703 vs->abort = false; 704 vnc_unlock_output(vs); 705 } 706 } 707 708 int vnc_server_fb_stride(VncDisplay *vd) 709 { 710 return pixman_image_get_stride(vd->server); 711 } 712 713 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 714 { 715 uint8_t *ptr; 716 717 ptr = (uint8_t *)pixman_image_get_data(vd->server); 718 ptr += y * vnc_server_fb_stride(vd); 719 ptr += x * VNC_SERVER_FB_BYTES; 720 return ptr; 721 } 722 723 static void vnc_update_server_surface(VncDisplay *vd) 724 { 725 int width, height; 726 727 qemu_pixman_image_unref(vd->server); 728 vd->server = NULL; 729 730 if (QTAILQ_EMPTY(&vd->clients)) { 731 return; 732 } 733 734 width = vnc_width(vd); 735 height = vnc_height(vd); 736 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 737 width, height, 738 NULL, 0); 739 740 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 741 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 742 width, height); 743 } 744 745 static void vnc_dpy_switch(DisplayChangeListener *dcl, 746 DisplaySurface *surface) 747 { 748 static const char placeholder_msg[] = 749 "Display output is not active."; 750 static DisplaySurface *placeholder; 751 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 752 VncState *vs; 753 754 if (surface == NULL) { 755 if (placeholder == NULL) { 756 placeholder = qemu_create_message_surface(640, 480, placeholder_msg); 757 } 758 surface = placeholder; 759 } 760 761 vnc_abort_display_jobs(vd); 762 vd->ds = surface; 763 764 /* server surface */ 765 vnc_update_server_surface(vd); 766 767 /* guest surface */ 768 qemu_pixman_image_unref(vd->guest.fb); 769 vd->guest.fb = pixman_image_ref(surface->image); 770 vd->guest.format = surface->format; 771 772 QTAILQ_FOREACH(vs, &vd->clients, next) { 773 vnc_colordepth(vs); 774 vnc_desktop_resize(vs); 775 if (vs->vd->cursor) { 776 vnc_cursor_define(vs); 777 } 778 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 779 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 780 vnc_width(vd), 781 vnc_height(vd)); 782 vnc_update_throttle_offset(vs); 783 } 784 } 785 786 /* fastest code */ 787 static void vnc_write_pixels_copy(VncState *vs, 788 void *pixels, int size) 789 { 790 vnc_write(vs, pixels, size); 791 } 792 793 /* slowest but generic code. */ 794 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 795 { 796 uint8_t r, g, b; 797 798 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 799 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 800 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 801 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 802 #else 803 # error need some bits here if you change VNC_SERVER_FB_FORMAT 804 #endif 805 v = (r << vs->client_pf.rshift) | 806 (g << vs->client_pf.gshift) | 807 (b << vs->client_pf.bshift); 808 switch (vs->client_pf.bytes_per_pixel) { 809 case 1: 810 buf[0] = v; 811 break; 812 case 2: 813 if (vs->client_be) { 814 buf[0] = v >> 8; 815 buf[1] = v; 816 } else { 817 buf[1] = v >> 8; 818 buf[0] = v; 819 } 820 break; 821 default: 822 case 4: 823 if (vs->client_be) { 824 buf[0] = v >> 24; 825 buf[1] = v >> 16; 826 buf[2] = v >> 8; 827 buf[3] = v; 828 } else { 829 buf[3] = v >> 24; 830 buf[2] = v >> 16; 831 buf[1] = v >> 8; 832 buf[0] = v; 833 } 834 break; 835 } 836 } 837 838 static void vnc_write_pixels_generic(VncState *vs, 839 void *pixels1, int size) 840 { 841 uint8_t buf[4]; 842 843 if (VNC_SERVER_FB_BYTES == 4) { 844 uint32_t *pixels = pixels1; 845 int n, i; 846 n = size >> 2; 847 for (i = 0; i < n; i++) { 848 vnc_convert_pixel(vs, buf, pixels[i]); 849 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 850 } 851 } 852 } 853 854 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 855 { 856 int i; 857 uint8_t *row; 858 VncDisplay *vd = vs->vd; 859 860 row = vnc_server_fb_ptr(vd, x, y); 861 for (i = 0; i < h; i++) { 862 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 863 row += vnc_server_fb_stride(vd); 864 } 865 return 1; 866 } 867 868 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 869 { 870 int n = 0; 871 bool encode_raw = false; 872 size_t saved_offs = vs->output.offset; 873 874 switch(vs->vnc_encoding) { 875 case VNC_ENCODING_ZLIB: 876 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 877 break; 878 case VNC_ENCODING_HEXTILE: 879 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 880 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 881 break; 882 case VNC_ENCODING_TIGHT: 883 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 884 break; 885 case VNC_ENCODING_TIGHT_PNG: 886 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 887 break; 888 case VNC_ENCODING_ZRLE: 889 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 890 break; 891 case VNC_ENCODING_ZYWRLE: 892 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 893 break; 894 default: 895 encode_raw = true; 896 break; 897 } 898 899 /* If the client has the same pixel format as our internal buffer and 900 * a RAW encoding would need less space fall back to RAW encoding to 901 * save bandwidth and processing power in the client. */ 902 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && 903 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { 904 vs->output.offset = saved_offs; 905 encode_raw = true; 906 } 907 908 if (encode_raw) { 909 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 910 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 911 } 912 913 return n; 914 } 915 916 static void vnc_mouse_set(DisplayChangeListener *dcl, 917 int x, int y, int visible) 918 { 919 /* can we ask the client(s) to move the pointer ??? */ 920 } 921 922 static int vnc_cursor_define(VncState *vs) 923 { 924 QEMUCursor *c = vs->vd->cursor; 925 int isize; 926 927 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 928 vnc_lock_output(vs); 929 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 930 vnc_write_u8(vs, 0); /* padding */ 931 vnc_write_u16(vs, 1); /* # of rects */ 932 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 933 VNC_ENCODING_RICH_CURSOR); 934 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 935 vnc_write_pixels_generic(vs, c->data, isize); 936 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 937 vnc_unlock_output(vs); 938 return 0; 939 } 940 return -1; 941 } 942 943 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 944 QEMUCursor *c) 945 { 946 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 947 VncState *vs; 948 949 cursor_put(vd->cursor); 950 g_free(vd->cursor_mask); 951 952 vd->cursor = c; 953 cursor_get(vd->cursor); 954 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 955 vd->cursor_mask = g_malloc0(vd->cursor_msize); 956 cursor_get_mono_mask(c, 0, vd->cursor_mask); 957 958 QTAILQ_FOREACH(vs, &vd->clients, next) { 959 vnc_cursor_define(vs); 960 } 961 } 962 963 static int find_and_clear_dirty_height(VncState *vs, 964 int y, int last_x, int x, int height) 965 { 966 int h; 967 968 for (h = 1; h < (height - y); h++) { 969 if (!test_bit(last_x, vs->dirty[y + h])) { 970 break; 971 } 972 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 973 } 974 975 return h; 976 } 977 978 /* 979 * Figure out how much pending data we should allow in the output 980 * buffer before we throttle incremental display updates, and/or 981 * drop audio samples. 982 * 983 * We allow for equiv of 1 full display's worth of FB updates, 984 * and 1 second of audio samples. If audio backlog was larger 985 * than that the client would already suffering awful audio 986 * glitches, so dropping samples is no worse really). 987 */ 988 static void vnc_update_throttle_offset(VncState *vs) 989 { 990 size_t offset = 991 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel; 992 993 if (vs->audio_cap) { 994 int bps; 995 switch (vs->as.fmt) { 996 default: 997 case AUD_FMT_U8: 998 case AUD_FMT_S8: 999 bps = 1; 1000 break; 1001 case AUD_FMT_U16: 1002 case AUD_FMT_S16: 1003 bps = 2; 1004 break; 1005 case AUD_FMT_U32: 1006 case AUD_FMT_S32: 1007 bps = 4; 1008 break; 1009 } 1010 offset += vs->as.freq * bps * vs->as.nchannels; 1011 } 1012 1013 /* Put a floor of 1MB on offset, so that if we have a large pending 1014 * buffer and the display is resized to a small size & back again 1015 * we don't suddenly apply a tiny send limit 1016 */ 1017 offset = MAX(offset, 1024 * 1024); 1018 1019 if (vs->throttle_output_offset != offset) { 1020 trace_vnc_client_throttle_threshold( 1021 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width, 1022 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap); 1023 } 1024 1025 vs->throttle_output_offset = offset; 1026 } 1027 1028 static bool vnc_should_update(VncState *vs) 1029 { 1030 switch (vs->update) { 1031 case VNC_STATE_UPDATE_NONE: 1032 break; 1033 case VNC_STATE_UPDATE_INCREMENTAL: 1034 /* Only allow incremental updates if the pending send queue 1035 * is less than the permitted threshold, and the job worker 1036 * is completely idle. 1037 */ 1038 if (vs->output.offset < vs->throttle_output_offset && 1039 vs->job_update == VNC_STATE_UPDATE_NONE) { 1040 return true; 1041 } 1042 trace_vnc_client_throttle_incremental( 1043 vs, vs->ioc, vs->job_update, vs->output.offset); 1044 break; 1045 case VNC_STATE_UPDATE_FORCE: 1046 /* Only allow forced updates if the pending send queue 1047 * does not contain a previous forced update, and the 1048 * job worker is completely idle. 1049 * 1050 * Note this means we'll queue a forced update, even if 1051 * the output buffer size is otherwise over the throttle 1052 * output limit. 1053 */ 1054 if (vs->force_update_offset == 0 && 1055 vs->job_update == VNC_STATE_UPDATE_NONE) { 1056 return true; 1057 } 1058 trace_vnc_client_throttle_forced( 1059 vs, vs->ioc, vs->job_update, vs->force_update_offset); 1060 break; 1061 } 1062 return false; 1063 } 1064 1065 static int vnc_update_client(VncState *vs, int has_dirty) 1066 { 1067 VncDisplay *vd = vs->vd; 1068 VncJob *job; 1069 int y; 1070 int height, width; 1071 int n = 0; 1072 1073 if (vs->disconnecting) { 1074 vnc_disconnect_finish(vs); 1075 return 0; 1076 } 1077 1078 vs->has_dirty += has_dirty; 1079 if (!vnc_should_update(vs)) { 1080 return 0; 1081 } 1082 1083 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) { 1084 return 0; 1085 } 1086 1087 /* 1088 * Send screen updates to the vnc client using the server 1089 * surface and server dirty map. guest surface updates 1090 * happening in parallel don't disturb us, the next pass will 1091 * send them to the client. 1092 */ 1093 job = vnc_job_new(vs); 1094 1095 height = pixman_image_get_height(vd->server); 1096 width = pixman_image_get_width(vd->server); 1097 1098 y = 0; 1099 for (;;) { 1100 int x, h; 1101 unsigned long x2; 1102 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1103 height * VNC_DIRTY_BPL(vs), 1104 y * VNC_DIRTY_BPL(vs)); 1105 if (offset == height * VNC_DIRTY_BPL(vs)) { 1106 /* no more dirty bits */ 1107 break; 1108 } 1109 y = offset / VNC_DIRTY_BPL(vs); 1110 x = offset % VNC_DIRTY_BPL(vs); 1111 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1112 VNC_DIRTY_BPL(vs), x); 1113 bitmap_clear(vs->dirty[y], x, x2 - x); 1114 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1115 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1116 if (x2 > x) { 1117 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1118 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1119 } 1120 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1121 y += h; 1122 if (y == height) { 1123 break; 1124 } 1125 } 1126 } 1127 1128 vs->job_update = vs->update; 1129 vs->update = VNC_STATE_UPDATE_NONE; 1130 vnc_job_push(job); 1131 vs->has_dirty = 0; 1132 return n; 1133 } 1134 1135 /* audio */ 1136 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1137 { 1138 VncState *vs = opaque; 1139 1140 assert(vs->magic == VNC_MAGIC); 1141 switch (cmd) { 1142 case AUD_CNOTIFY_DISABLE: 1143 vnc_lock_output(vs); 1144 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1145 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1146 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1147 vnc_unlock_output(vs); 1148 vnc_flush(vs); 1149 break; 1150 1151 case AUD_CNOTIFY_ENABLE: 1152 vnc_lock_output(vs); 1153 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1154 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1155 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1156 vnc_unlock_output(vs); 1157 vnc_flush(vs); 1158 break; 1159 } 1160 } 1161 1162 static void audio_capture_destroy(void *opaque) 1163 { 1164 } 1165 1166 static void audio_capture(void *opaque, void *buf, int size) 1167 { 1168 VncState *vs = opaque; 1169 1170 assert(vs->magic == VNC_MAGIC); 1171 vnc_lock_output(vs); 1172 if (vs->output.offset < vs->throttle_output_offset) { 1173 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1174 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1175 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1176 vnc_write_u32(vs, size); 1177 vnc_write(vs, buf, size); 1178 } else { 1179 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset); 1180 } 1181 vnc_unlock_output(vs); 1182 vnc_flush(vs); 1183 } 1184 1185 static void audio_add(VncState *vs) 1186 { 1187 struct audio_capture_ops ops; 1188 1189 if (vs->audio_cap) { 1190 error_report("audio already running"); 1191 return; 1192 } 1193 1194 ops.notify = audio_capture_notify; 1195 ops.destroy = audio_capture_destroy; 1196 ops.capture = audio_capture; 1197 1198 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1199 if (!vs->audio_cap) { 1200 error_report("Failed to add audio capture"); 1201 } 1202 } 1203 1204 static void audio_del(VncState *vs) 1205 { 1206 if (vs->audio_cap) { 1207 AUD_del_capture(vs->audio_cap, vs); 1208 vs->audio_cap = NULL; 1209 } 1210 } 1211 1212 static void vnc_disconnect_start(VncState *vs) 1213 { 1214 if (vs->disconnecting) { 1215 return; 1216 } 1217 trace_vnc_client_disconnect_start(vs, vs->ioc); 1218 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1219 if (vs->ioc_tag) { 1220 g_source_remove(vs->ioc_tag); 1221 vs->ioc_tag = 0; 1222 } 1223 qio_channel_close(vs->ioc, NULL); 1224 vs->disconnecting = TRUE; 1225 } 1226 1227 void vnc_disconnect_finish(VncState *vs) 1228 { 1229 int i; 1230 1231 trace_vnc_client_disconnect_finish(vs, vs->ioc); 1232 1233 vnc_jobs_join(vs); /* Wait encoding jobs */ 1234 1235 vnc_lock_output(vs); 1236 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1237 1238 buffer_free(&vs->input); 1239 buffer_free(&vs->output); 1240 1241 qapi_free_VncClientInfo(vs->info); 1242 1243 vnc_zlib_clear(vs); 1244 vnc_tight_clear(vs); 1245 vnc_zrle_clear(vs); 1246 1247 #ifdef CONFIG_VNC_SASL 1248 vnc_sasl_client_cleanup(vs); 1249 #endif /* CONFIG_VNC_SASL */ 1250 audio_del(vs); 1251 vnc_release_modifiers(vs); 1252 1253 if (vs->mouse_mode_notifier.notify != NULL) { 1254 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1255 } 1256 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1257 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1258 /* last client gone */ 1259 vnc_update_server_surface(vs->vd); 1260 } 1261 1262 vnc_unlock_output(vs); 1263 1264 qemu_mutex_destroy(&vs->output_mutex); 1265 if (vs->bh != NULL) { 1266 qemu_bh_delete(vs->bh); 1267 } 1268 buffer_free(&vs->jobs_buffer); 1269 1270 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1271 g_free(vs->lossy_rect[i]); 1272 } 1273 g_free(vs->lossy_rect); 1274 1275 object_unref(OBJECT(vs->ioc)); 1276 vs->ioc = NULL; 1277 object_unref(OBJECT(vs->sioc)); 1278 vs->sioc = NULL; 1279 vs->magic = 0; 1280 g_free(vs); 1281 } 1282 1283 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) 1284 { 1285 if (ret <= 0) { 1286 if (ret == 0) { 1287 trace_vnc_client_eof(vs, vs->ioc); 1288 vnc_disconnect_start(vs); 1289 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1290 trace_vnc_client_io_error(vs, vs->ioc, 1291 errp ? error_get_pretty(*errp) : 1292 "Unknown"); 1293 vnc_disconnect_start(vs); 1294 } 1295 1296 if (errp) { 1297 error_free(*errp); 1298 *errp = NULL; 1299 } 1300 return 0; 1301 } 1302 return ret; 1303 } 1304 1305 1306 void vnc_client_error(VncState *vs) 1307 { 1308 VNC_DEBUG("Closing down client sock: protocol error\n"); 1309 vnc_disconnect_start(vs); 1310 } 1311 1312 1313 /* 1314 * Called to write a chunk of data to the client socket. The data may 1315 * be the raw data, or may have already been encoded by SASL. 1316 * The data will be written either straight onto the socket, or 1317 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1318 * 1319 * NB, it is theoretically possible to have 2 layers of encryption, 1320 * both SASL, and this TLS layer. It is highly unlikely in practice 1321 * though, since SASL encryption will typically be a no-op if TLS 1322 * is active 1323 * 1324 * Returns the number of bytes written, which may be less than 1325 * the requested 'datalen' if the socket would block. Returns 1326 * 0 on I/O error, and disconnects the client socket. 1327 */ 1328 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1329 { 1330 Error *err = NULL; 1331 ssize_t ret; 1332 ret = qio_channel_write( 1333 vs->ioc, (const char *)data, datalen, &err); 1334 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1335 return vnc_client_io_error(vs, ret, &err); 1336 } 1337 1338 1339 /* 1340 * Called to write buffered data to the client socket, when not 1341 * using any SASL SSF encryption layers. Will write as much data 1342 * as possible without blocking. If all buffered data is written, 1343 * will switch the FD poll() handler back to read monitoring. 1344 * 1345 * Returns the number of bytes written, which may be less than 1346 * the buffered output data if the socket would block. Returns 1347 * 0 on I/O error, and disconnects the client socket. 1348 */ 1349 static size_t vnc_client_write_plain(VncState *vs) 1350 { 1351 size_t offset; 1352 size_t ret; 1353 1354 #ifdef CONFIG_VNC_SASL 1355 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1356 vs->output.buffer, vs->output.capacity, vs->output.offset, 1357 vs->sasl.waitWriteSSF); 1358 1359 if (vs->sasl.conn && 1360 vs->sasl.runSSF && 1361 vs->sasl.waitWriteSSF) { 1362 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1363 if (ret) 1364 vs->sasl.waitWriteSSF -= ret; 1365 } else 1366 #endif /* CONFIG_VNC_SASL */ 1367 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1368 if (!ret) 1369 return 0; 1370 1371 if (ret >= vs->force_update_offset) { 1372 if (vs->force_update_offset != 0) { 1373 trace_vnc_client_unthrottle_forced(vs, vs->ioc); 1374 } 1375 vs->force_update_offset = 0; 1376 } else { 1377 vs->force_update_offset -= ret; 1378 } 1379 offset = vs->output.offset; 1380 buffer_advance(&vs->output, ret); 1381 if (offset >= vs->throttle_output_offset && 1382 vs->output.offset < vs->throttle_output_offset) { 1383 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset); 1384 } 1385 1386 if (vs->output.offset == 0) { 1387 if (vs->ioc_tag) { 1388 g_source_remove(vs->ioc_tag); 1389 } 1390 vs->ioc_tag = qio_channel_add_watch( 1391 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1392 } 1393 1394 return ret; 1395 } 1396 1397 1398 /* 1399 * First function called whenever there is data to be written to 1400 * the client socket. Will delegate actual work according to whether 1401 * SASL SSF layers are enabled (thus requiring encryption calls) 1402 */ 1403 static void vnc_client_write_locked(VncState *vs) 1404 { 1405 #ifdef CONFIG_VNC_SASL 1406 if (vs->sasl.conn && 1407 vs->sasl.runSSF && 1408 !vs->sasl.waitWriteSSF) { 1409 vnc_client_write_sasl(vs); 1410 } else 1411 #endif /* CONFIG_VNC_SASL */ 1412 { 1413 vnc_client_write_plain(vs); 1414 } 1415 } 1416 1417 static void vnc_client_write(VncState *vs) 1418 { 1419 assert(vs->magic == VNC_MAGIC); 1420 vnc_lock_output(vs); 1421 if (vs->output.offset) { 1422 vnc_client_write_locked(vs); 1423 } else if (vs->ioc != NULL) { 1424 if (vs->ioc_tag) { 1425 g_source_remove(vs->ioc_tag); 1426 } 1427 vs->ioc_tag = qio_channel_add_watch( 1428 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1429 } 1430 vnc_unlock_output(vs); 1431 } 1432 1433 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1434 { 1435 vs->read_handler = func; 1436 vs->read_handler_expect = expecting; 1437 } 1438 1439 1440 /* 1441 * Called to read a chunk of data from the client socket. The data may 1442 * be the raw data, or may need to be further decoded by SASL. 1443 * The data will be read either straight from to the socket, or 1444 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1445 * 1446 * NB, it is theoretically possible to have 2 layers of encryption, 1447 * both SASL, and this TLS layer. It is highly unlikely in practice 1448 * though, since SASL encryption will typically be a no-op if TLS 1449 * is active 1450 * 1451 * Returns the number of bytes read, which may be less than 1452 * the requested 'datalen' if the socket would block. Returns 1453 * 0 on I/O error or EOF, and disconnects the client socket. 1454 */ 1455 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1456 { 1457 ssize_t ret; 1458 Error *err = NULL; 1459 ret = qio_channel_read( 1460 vs->ioc, (char *)data, datalen, &err); 1461 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1462 return vnc_client_io_error(vs, ret, &err); 1463 } 1464 1465 1466 /* 1467 * Called to read data from the client socket to the input buffer, 1468 * when not using any SASL SSF encryption layers. Will read as much 1469 * data as possible without blocking. 1470 * 1471 * Returns the number of bytes read, which may be less than 1472 * the requested 'datalen' if the socket would block. Returns 1473 * 0 on I/O error or EOF, and disconnects the client socket. 1474 */ 1475 static size_t vnc_client_read_plain(VncState *vs) 1476 { 1477 size_t ret; 1478 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1479 vs->input.buffer, vs->input.capacity, vs->input.offset); 1480 buffer_reserve(&vs->input, 4096); 1481 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1482 if (!ret) 1483 return 0; 1484 vs->input.offset += ret; 1485 return ret; 1486 } 1487 1488 static void vnc_jobs_bh(void *opaque) 1489 { 1490 VncState *vs = opaque; 1491 1492 assert(vs->magic == VNC_MAGIC); 1493 vnc_jobs_consume_buffer(vs); 1494 } 1495 1496 /* 1497 * First function called whenever there is more data to be read from 1498 * the client socket. Will delegate actual work according to whether 1499 * SASL SSF layers are enabled (thus requiring decryption calls) 1500 * Returns 0 on success, -1 if client disconnected 1501 */ 1502 static int vnc_client_read(VncState *vs) 1503 { 1504 size_t ret; 1505 1506 #ifdef CONFIG_VNC_SASL 1507 if (vs->sasl.conn && vs->sasl.runSSF) 1508 ret = vnc_client_read_sasl(vs); 1509 else 1510 #endif /* CONFIG_VNC_SASL */ 1511 ret = vnc_client_read_plain(vs); 1512 if (!ret) { 1513 if (vs->disconnecting) { 1514 vnc_disconnect_finish(vs); 1515 return -1; 1516 } 1517 return 0; 1518 } 1519 1520 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1521 size_t len = vs->read_handler_expect; 1522 int ret; 1523 1524 ret = vs->read_handler(vs, vs->input.buffer, len); 1525 if (vs->disconnecting) { 1526 vnc_disconnect_finish(vs); 1527 return -1; 1528 } 1529 1530 if (!ret) { 1531 buffer_advance(&vs->input, len); 1532 } else { 1533 vs->read_handler_expect = ret; 1534 } 1535 } 1536 return 0; 1537 } 1538 1539 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1540 GIOCondition condition, void *opaque) 1541 { 1542 VncState *vs = opaque; 1543 1544 assert(vs->magic == VNC_MAGIC); 1545 if (condition & G_IO_IN) { 1546 if (vnc_client_read(vs) < 0) { 1547 /* vs is free()ed here */ 1548 return TRUE; 1549 } 1550 } 1551 if (condition & G_IO_OUT) { 1552 vnc_client_write(vs); 1553 } 1554 1555 if (vs->disconnecting) { 1556 if (vs->ioc_tag != 0) { 1557 g_source_remove(vs->ioc_tag); 1558 } 1559 vs->ioc_tag = 0; 1560 } 1561 return TRUE; 1562 } 1563 1564 1565 /* 1566 * Scale factor to apply to vs->throttle_output_offset when checking for 1567 * hard limit. Worst case normal usage could be x2, if we have a complete 1568 * incremental update and complete forced update in the output buffer. 1569 * So x3 should be good enough, but we pick x5 to be conservative and thus 1570 * (hopefully) never trigger incorrectly. 1571 */ 1572 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5 1573 1574 void vnc_write(VncState *vs, const void *data, size_t len) 1575 { 1576 assert(vs->magic == VNC_MAGIC); 1577 if (vs->disconnecting) { 1578 return; 1579 } 1580 /* Protection against malicious client/guest to prevent our output 1581 * buffer growing without bound if client stops reading data. This 1582 * should rarely trigger, because we have earlier throttling code 1583 * which stops issuing framebuffer updates and drops audio data 1584 * if the throttle_output_offset value is exceeded. So we only reach 1585 * this higher level if a huge number of pseudo-encodings get 1586 * triggered while data can't be sent on the socket. 1587 * 1588 * NB throttle_output_offset can be zero during early protocol 1589 * handshake, or from the job thread's VncState clone 1590 */ 1591 if (vs->throttle_output_offset != 0 && 1592 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) > 1593 vs->throttle_output_offset) { 1594 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset, 1595 vs->throttle_output_offset); 1596 vnc_disconnect_start(vs); 1597 return; 1598 } 1599 buffer_reserve(&vs->output, len); 1600 1601 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1602 if (vs->ioc_tag) { 1603 g_source_remove(vs->ioc_tag); 1604 } 1605 vs->ioc_tag = qio_channel_add_watch( 1606 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL); 1607 } 1608 1609 buffer_append(&vs->output, data, len); 1610 } 1611 1612 void vnc_write_s32(VncState *vs, int32_t value) 1613 { 1614 vnc_write_u32(vs, *(uint32_t *)&value); 1615 } 1616 1617 void vnc_write_u32(VncState *vs, uint32_t value) 1618 { 1619 uint8_t buf[4]; 1620 1621 buf[0] = (value >> 24) & 0xFF; 1622 buf[1] = (value >> 16) & 0xFF; 1623 buf[2] = (value >> 8) & 0xFF; 1624 buf[3] = value & 0xFF; 1625 1626 vnc_write(vs, buf, 4); 1627 } 1628 1629 void vnc_write_u16(VncState *vs, uint16_t value) 1630 { 1631 uint8_t buf[2]; 1632 1633 buf[0] = (value >> 8) & 0xFF; 1634 buf[1] = value & 0xFF; 1635 1636 vnc_write(vs, buf, 2); 1637 } 1638 1639 void vnc_write_u8(VncState *vs, uint8_t value) 1640 { 1641 vnc_write(vs, (char *)&value, 1); 1642 } 1643 1644 void vnc_flush(VncState *vs) 1645 { 1646 vnc_lock_output(vs); 1647 if (vs->ioc != NULL && vs->output.offset) { 1648 vnc_client_write_locked(vs); 1649 } 1650 if (vs->disconnecting) { 1651 if (vs->ioc_tag != 0) { 1652 g_source_remove(vs->ioc_tag); 1653 } 1654 vs->ioc_tag = 0; 1655 } 1656 vnc_unlock_output(vs); 1657 } 1658 1659 static uint8_t read_u8(uint8_t *data, size_t offset) 1660 { 1661 return data[offset]; 1662 } 1663 1664 static uint16_t read_u16(uint8_t *data, size_t offset) 1665 { 1666 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1667 } 1668 1669 static int32_t read_s32(uint8_t *data, size_t offset) 1670 { 1671 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1672 (data[offset + 2] << 8) | data[offset + 3]); 1673 } 1674 1675 uint32_t read_u32(uint8_t *data, size_t offset) 1676 { 1677 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1678 (data[offset + 2] << 8) | data[offset + 3]); 1679 } 1680 1681 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1682 { 1683 } 1684 1685 static void check_pointer_type_change(Notifier *notifier, void *data) 1686 { 1687 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1688 int absolute = qemu_input_is_absolute(); 1689 1690 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1691 vnc_lock_output(vs); 1692 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1693 vnc_write_u8(vs, 0); 1694 vnc_write_u16(vs, 1); 1695 vnc_framebuffer_update(vs, absolute, 0, 1696 pixman_image_get_width(vs->vd->server), 1697 pixman_image_get_height(vs->vd->server), 1698 VNC_ENCODING_POINTER_TYPE_CHANGE); 1699 vnc_unlock_output(vs); 1700 vnc_flush(vs); 1701 } 1702 vs->absolute = absolute; 1703 } 1704 1705 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1706 { 1707 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1708 [INPUT_BUTTON_LEFT] = 0x01, 1709 [INPUT_BUTTON_MIDDLE] = 0x02, 1710 [INPUT_BUTTON_RIGHT] = 0x04, 1711 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1712 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1713 }; 1714 QemuConsole *con = vs->vd->dcl.con; 1715 int width = pixman_image_get_width(vs->vd->server); 1716 int height = pixman_image_get_height(vs->vd->server); 1717 1718 if (vs->last_bmask != button_mask) { 1719 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1720 vs->last_bmask = button_mask; 1721 } 1722 1723 if (vs->absolute) { 1724 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width); 1725 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height); 1726 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1727 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1728 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1729 } else { 1730 if (vs->last_x != -1) { 1731 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1732 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1733 } 1734 vs->last_x = x; 1735 vs->last_y = y; 1736 } 1737 qemu_input_event_sync(); 1738 } 1739 1740 static void reset_keys(VncState *vs) 1741 { 1742 int i; 1743 for(i = 0; i < 256; i++) { 1744 if (vs->modifiers_state[i]) { 1745 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1746 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1747 vs->modifiers_state[i] = 0; 1748 } 1749 } 1750 } 1751 1752 static void press_key(VncState *vs, int keysym) 1753 { 1754 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym, 1755 false, false, false) & SCANCODE_KEYMASK; 1756 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1757 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1758 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1759 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1760 } 1761 1762 static void vnc_led_state_change(VncState *vs) 1763 { 1764 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1765 return; 1766 } 1767 1768 vnc_lock_output(vs); 1769 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1770 vnc_write_u8(vs, 0); 1771 vnc_write_u16(vs, 1); 1772 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1773 vnc_write_u8(vs, vs->vd->ledstate); 1774 vnc_unlock_output(vs); 1775 vnc_flush(vs); 1776 } 1777 1778 static void kbd_leds(void *opaque, int ledstate) 1779 { 1780 VncDisplay *vd = opaque; 1781 VncState *client; 1782 1783 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1784 (ledstate & QEMU_NUM_LOCK_LED), 1785 (ledstate & QEMU_SCROLL_LOCK_LED)); 1786 1787 if (ledstate == vd->ledstate) { 1788 return; 1789 } 1790 1791 vd->ledstate = ledstate; 1792 1793 QTAILQ_FOREACH(client, &vd->clients, next) { 1794 vnc_led_state_change(client); 1795 } 1796 } 1797 1798 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1799 { 1800 /* QEMU console switch */ 1801 switch(keycode) { 1802 case 0x2a: /* Left Shift */ 1803 case 0x36: /* Right Shift */ 1804 case 0x1d: /* Left CTRL */ 1805 case 0x9d: /* Right CTRL */ 1806 case 0x38: /* Left ALT */ 1807 case 0xb8: /* Right ALT */ 1808 if (down) 1809 vs->modifiers_state[keycode] = 1; 1810 else 1811 vs->modifiers_state[keycode] = 0; 1812 break; 1813 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1814 if (vs->vd->dcl.con == NULL && 1815 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1816 /* Reset the modifiers sent to the current console */ 1817 reset_keys(vs); 1818 console_select(keycode - 0x02); 1819 return; 1820 } 1821 break; 1822 case 0x3a: /* CapsLock */ 1823 case 0x45: /* NumLock */ 1824 if (down) 1825 vs->modifiers_state[keycode] ^= 1; 1826 break; 1827 } 1828 1829 /* Turn off the lock state sync logic if the client support the led 1830 state extension. 1831 */ 1832 if (down && vs->vd->lock_key_sync && 1833 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1834 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1835 /* If the numlock state needs to change then simulate an additional 1836 keypress before sending this one. This will happen if the user 1837 toggles numlock away from the VNC window. 1838 */ 1839 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1840 if (!vs->modifiers_state[0x45]) { 1841 trace_vnc_key_sync_numlock(true); 1842 vs->modifiers_state[0x45] = 1; 1843 press_key(vs, 0xff7f); 1844 } 1845 } else { 1846 if (vs->modifiers_state[0x45]) { 1847 trace_vnc_key_sync_numlock(false); 1848 vs->modifiers_state[0x45] = 0; 1849 press_key(vs, 0xff7f); 1850 } 1851 } 1852 } 1853 1854 if (down && vs->vd->lock_key_sync && 1855 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1856 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1857 /* If the capslock state needs to change then simulate an additional 1858 keypress before sending this one. This will happen if the user 1859 toggles capslock away from the VNC window. 1860 */ 1861 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1862 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1863 int capslock = !!(vs->modifiers_state[0x3a]); 1864 if (capslock) { 1865 if (uppercase == shift) { 1866 trace_vnc_key_sync_capslock(false); 1867 vs->modifiers_state[0x3a] = 0; 1868 press_key(vs, 0xffe5); 1869 } 1870 } else { 1871 if (uppercase != shift) { 1872 trace_vnc_key_sync_capslock(true); 1873 vs->modifiers_state[0x3a] = 1; 1874 press_key(vs, 0xffe5); 1875 } 1876 } 1877 } 1878 1879 if (qemu_console_is_graphic(NULL)) { 1880 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1881 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1882 } else { 1883 bool numlock = vs->modifiers_state[0x45]; 1884 bool control = (vs->modifiers_state[0x1d] || 1885 vs->modifiers_state[0x9d]); 1886 /* QEMU console emulation */ 1887 if (down) { 1888 switch (keycode) { 1889 case 0x2a: /* Left Shift */ 1890 case 0x36: /* Right Shift */ 1891 case 0x1d: /* Left CTRL */ 1892 case 0x9d: /* Right CTRL */ 1893 case 0x38: /* Left ALT */ 1894 case 0xb8: /* Right ALT */ 1895 break; 1896 case 0xc8: 1897 kbd_put_keysym(QEMU_KEY_UP); 1898 break; 1899 case 0xd0: 1900 kbd_put_keysym(QEMU_KEY_DOWN); 1901 break; 1902 case 0xcb: 1903 kbd_put_keysym(QEMU_KEY_LEFT); 1904 break; 1905 case 0xcd: 1906 kbd_put_keysym(QEMU_KEY_RIGHT); 1907 break; 1908 case 0xd3: 1909 kbd_put_keysym(QEMU_KEY_DELETE); 1910 break; 1911 case 0xc7: 1912 kbd_put_keysym(QEMU_KEY_HOME); 1913 break; 1914 case 0xcf: 1915 kbd_put_keysym(QEMU_KEY_END); 1916 break; 1917 case 0xc9: 1918 kbd_put_keysym(QEMU_KEY_PAGEUP); 1919 break; 1920 case 0xd1: 1921 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1922 break; 1923 1924 case 0x47: 1925 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1926 break; 1927 case 0x48: 1928 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1929 break; 1930 case 0x49: 1931 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1932 break; 1933 case 0x4b: 1934 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1935 break; 1936 case 0x4c: 1937 kbd_put_keysym('5'); 1938 break; 1939 case 0x4d: 1940 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1941 break; 1942 case 0x4f: 1943 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1944 break; 1945 case 0x50: 1946 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1947 break; 1948 case 0x51: 1949 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1950 break; 1951 case 0x52: 1952 kbd_put_keysym('0'); 1953 break; 1954 case 0x53: 1955 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1956 break; 1957 1958 case 0xb5: 1959 kbd_put_keysym('/'); 1960 break; 1961 case 0x37: 1962 kbd_put_keysym('*'); 1963 break; 1964 case 0x4a: 1965 kbd_put_keysym('-'); 1966 break; 1967 case 0x4e: 1968 kbd_put_keysym('+'); 1969 break; 1970 case 0x9c: 1971 kbd_put_keysym('\n'); 1972 break; 1973 1974 default: 1975 if (control) { 1976 kbd_put_keysym(sym & 0x1f); 1977 } else { 1978 kbd_put_keysym(sym); 1979 } 1980 break; 1981 } 1982 } 1983 } 1984 } 1985 1986 static void vnc_release_modifiers(VncState *vs) 1987 { 1988 static const int keycodes[] = { 1989 /* shift, control, alt keys, both left & right */ 1990 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1991 }; 1992 int i, keycode; 1993 1994 if (!qemu_console_is_graphic(NULL)) { 1995 return; 1996 } 1997 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1998 keycode = keycodes[i]; 1999 if (!vs->modifiers_state[keycode]) { 2000 continue; 2001 } 2002 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 2003 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 2004 } 2005 } 2006 2007 static const char *code2name(int keycode) 2008 { 2009 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode)); 2010 } 2011 2012 static void key_event(VncState *vs, int down, uint32_t sym) 2013 { 2014 bool shift = vs->modifiers_state[0x2a] || vs->modifiers_state[0x36]; 2015 bool altgr = vs->modifiers_state[0xb8]; 2016 bool ctrl = vs->modifiers_state[0x1d] || vs->modifiers_state[0x9d]; 2017 int keycode; 2018 int lsym = sym; 2019 2020 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 2021 lsym = lsym - 'A' + 'a'; 2022 } 2023 2024 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF, 2025 shift, altgr, ctrl) & SCANCODE_KEYMASK; 2026 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 2027 do_key_event(vs, down, keycode, sym); 2028 } 2029 2030 static void ext_key_event(VncState *vs, int down, 2031 uint32_t sym, uint16_t keycode) 2032 { 2033 /* if the user specifies a keyboard layout, always use it */ 2034 if (keyboard_layout) { 2035 key_event(vs, down, sym); 2036 } else { 2037 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 2038 do_key_event(vs, down, keycode, sym); 2039 } 2040 } 2041 2042 static void framebuffer_update_request(VncState *vs, int incremental, 2043 int x, int y, int w, int h) 2044 { 2045 if (incremental) { 2046 if (vs->update != VNC_STATE_UPDATE_FORCE) { 2047 vs->update = VNC_STATE_UPDATE_INCREMENTAL; 2048 } 2049 } else { 2050 vs->update = VNC_STATE_UPDATE_FORCE; 2051 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 2052 } 2053 } 2054 2055 static void send_ext_key_event_ack(VncState *vs) 2056 { 2057 vnc_lock_output(vs); 2058 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2059 vnc_write_u8(vs, 0); 2060 vnc_write_u16(vs, 1); 2061 vnc_framebuffer_update(vs, 0, 0, 2062 pixman_image_get_width(vs->vd->server), 2063 pixman_image_get_height(vs->vd->server), 2064 VNC_ENCODING_EXT_KEY_EVENT); 2065 vnc_unlock_output(vs); 2066 vnc_flush(vs); 2067 } 2068 2069 static void send_ext_audio_ack(VncState *vs) 2070 { 2071 vnc_lock_output(vs); 2072 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2073 vnc_write_u8(vs, 0); 2074 vnc_write_u16(vs, 1); 2075 vnc_framebuffer_update(vs, 0, 0, 2076 pixman_image_get_width(vs->vd->server), 2077 pixman_image_get_height(vs->vd->server), 2078 VNC_ENCODING_AUDIO); 2079 vnc_unlock_output(vs); 2080 vnc_flush(vs); 2081 } 2082 2083 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2084 { 2085 int i; 2086 unsigned int enc = 0; 2087 2088 vs->features = 0; 2089 vs->vnc_encoding = 0; 2090 vs->tight.compression = 9; 2091 vs->tight.quality = -1; /* Lossless by default */ 2092 vs->absolute = -1; 2093 2094 /* 2095 * Start from the end because the encodings are sent in order of preference. 2096 * This way the preferred encoding (first encoding defined in the array) 2097 * will be set at the end of the loop. 2098 */ 2099 for (i = n_encodings - 1; i >= 0; i--) { 2100 enc = encodings[i]; 2101 switch (enc) { 2102 case VNC_ENCODING_RAW: 2103 vs->vnc_encoding = enc; 2104 break; 2105 case VNC_ENCODING_COPYRECT: 2106 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2107 break; 2108 case VNC_ENCODING_HEXTILE: 2109 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2110 vs->vnc_encoding = enc; 2111 break; 2112 case VNC_ENCODING_TIGHT: 2113 vs->features |= VNC_FEATURE_TIGHT_MASK; 2114 vs->vnc_encoding = enc; 2115 break; 2116 #ifdef CONFIG_VNC_PNG 2117 case VNC_ENCODING_TIGHT_PNG: 2118 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2119 vs->vnc_encoding = enc; 2120 break; 2121 #endif 2122 case VNC_ENCODING_ZLIB: 2123 vs->features |= VNC_FEATURE_ZLIB_MASK; 2124 vs->vnc_encoding = enc; 2125 break; 2126 case VNC_ENCODING_ZRLE: 2127 vs->features |= VNC_FEATURE_ZRLE_MASK; 2128 vs->vnc_encoding = enc; 2129 break; 2130 case VNC_ENCODING_ZYWRLE: 2131 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2132 vs->vnc_encoding = enc; 2133 break; 2134 case VNC_ENCODING_DESKTOPRESIZE: 2135 vs->features |= VNC_FEATURE_RESIZE_MASK; 2136 break; 2137 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2138 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2139 break; 2140 case VNC_ENCODING_RICH_CURSOR: 2141 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2142 if (vs->vd->cursor) { 2143 vnc_cursor_define(vs); 2144 } 2145 break; 2146 case VNC_ENCODING_EXT_KEY_EVENT: 2147 send_ext_key_event_ack(vs); 2148 break; 2149 case VNC_ENCODING_AUDIO: 2150 send_ext_audio_ack(vs); 2151 break; 2152 case VNC_ENCODING_WMVi: 2153 vs->features |= VNC_FEATURE_WMVI_MASK; 2154 break; 2155 case VNC_ENCODING_LED_STATE: 2156 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2157 break; 2158 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2159 vs->tight.compression = (enc & 0x0F); 2160 break; 2161 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2162 if (vs->vd->lossy) { 2163 vs->tight.quality = (enc & 0x0F); 2164 } 2165 break; 2166 default: 2167 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2168 break; 2169 } 2170 } 2171 vnc_desktop_resize(vs); 2172 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2173 vnc_led_state_change(vs); 2174 } 2175 2176 static void set_pixel_conversion(VncState *vs) 2177 { 2178 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2179 2180 if (fmt == VNC_SERVER_FB_FORMAT) { 2181 vs->write_pixels = vnc_write_pixels_copy; 2182 vnc_hextile_set_pixel_conversion(vs, 0); 2183 } else { 2184 vs->write_pixels = vnc_write_pixels_generic; 2185 vnc_hextile_set_pixel_conversion(vs, 1); 2186 } 2187 } 2188 2189 static void send_color_map(VncState *vs) 2190 { 2191 int i; 2192 2193 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); 2194 vnc_write_u8(vs, 0); /* padding */ 2195 vnc_write_u16(vs, 0); /* first color */ 2196 vnc_write_u16(vs, 256); /* # of colors */ 2197 2198 for (i = 0; i < 256; i++) { 2199 PixelFormat *pf = &vs->client_pf; 2200 2201 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); 2202 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); 2203 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); 2204 } 2205 } 2206 2207 static void set_pixel_format(VncState *vs, int bits_per_pixel, 2208 int big_endian_flag, int true_color_flag, 2209 int red_max, int green_max, int blue_max, 2210 int red_shift, int green_shift, int blue_shift) 2211 { 2212 if (!true_color_flag) { 2213 /* Expose a reasonable default 256 color map */ 2214 bits_per_pixel = 8; 2215 red_max = 7; 2216 green_max = 7; 2217 blue_max = 3; 2218 red_shift = 0; 2219 green_shift = 3; 2220 blue_shift = 6; 2221 } 2222 2223 switch (bits_per_pixel) { 2224 case 8: 2225 case 16: 2226 case 32: 2227 break; 2228 default: 2229 vnc_client_error(vs); 2230 return; 2231 } 2232 2233 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2234 vs->client_pf.rbits = ctpopl(red_max); 2235 vs->client_pf.rshift = red_shift; 2236 vs->client_pf.rmask = red_max << red_shift; 2237 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2238 vs->client_pf.gbits = ctpopl(green_max); 2239 vs->client_pf.gshift = green_shift; 2240 vs->client_pf.gmask = green_max << green_shift; 2241 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2242 vs->client_pf.bbits = ctpopl(blue_max); 2243 vs->client_pf.bshift = blue_shift; 2244 vs->client_pf.bmask = blue_max << blue_shift; 2245 vs->client_pf.bits_per_pixel = bits_per_pixel; 2246 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2247 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2248 vs->client_be = big_endian_flag; 2249 2250 if (!true_color_flag) { 2251 send_color_map(vs); 2252 } 2253 2254 set_pixel_conversion(vs); 2255 2256 graphic_hw_invalidate(vs->vd->dcl.con); 2257 graphic_hw_update(vs->vd->dcl.con); 2258 } 2259 2260 static void pixel_format_message (VncState *vs) { 2261 char pad[3] = { 0, 0, 0 }; 2262 2263 vs->client_pf = qemu_default_pixelformat(32); 2264 2265 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2266 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2267 2268 #ifdef HOST_WORDS_BIGENDIAN 2269 vnc_write_u8(vs, 1); /* big-endian-flag */ 2270 #else 2271 vnc_write_u8(vs, 0); /* big-endian-flag */ 2272 #endif 2273 vnc_write_u8(vs, 1); /* true-color-flag */ 2274 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2275 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2276 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2277 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2278 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2279 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2280 vnc_write(vs, pad, 3); /* padding */ 2281 2282 vnc_hextile_set_pixel_conversion(vs, 0); 2283 vs->write_pixels = vnc_write_pixels_copy; 2284 } 2285 2286 static void vnc_colordepth(VncState *vs) 2287 { 2288 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2289 /* Sending a WMVi message to notify the client*/ 2290 vnc_lock_output(vs); 2291 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2292 vnc_write_u8(vs, 0); 2293 vnc_write_u16(vs, 1); /* number of rects */ 2294 vnc_framebuffer_update(vs, 0, 0, 2295 pixman_image_get_width(vs->vd->server), 2296 pixman_image_get_height(vs->vd->server), 2297 VNC_ENCODING_WMVi); 2298 pixel_format_message(vs); 2299 vnc_unlock_output(vs); 2300 vnc_flush(vs); 2301 } else { 2302 set_pixel_conversion(vs); 2303 } 2304 } 2305 2306 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2307 { 2308 int i; 2309 uint16_t limit; 2310 uint32_t freq; 2311 VncDisplay *vd = vs->vd; 2312 2313 if (data[0] > 3) { 2314 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2315 } 2316 2317 switch (data[0]) { 2318 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2319 if (len == 1) 2320 return 20; 2321 2322 set_pixel_format(vs, read_u8(data, 4), 2323 read_u8(data, 6), read_u8(data, 7), 2324 read_u16(data, 8), read_u16(data, 10), 2325 read_u16(data, 12), read_u8(data, 14), 2326 read_u8(data, 15), read_u8(data, 16)); 2327 break; 2328 case VNC_MSG_CLIENT_SET_ENCODINGS: 2329 if (len == 1) 2330 return 4; 2331 2332 if (len == 4) { 2333 limit = read_u16(data, 2); 2334 if (limit > 0) 2335 return 4 + (limit * 4); 2336 } else 2337 limit = read_u16(data, 2); 2338 2339 for (i = 0; i < limit; i++) { 2340 int32_t val = read_s32(data, 4 + (i * 4)); 2341 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2342 } 2343 2344 set_encodings(vs, (int32_t *)(data + 4), limit); 2345 break; 2346 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2347 if (len == 1) 2348 return 10; 2349 2350 framebuffer_update_request(vs, 2351 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2352 read_u16(data, 6), read_u16(data, 8)); 2353 break; 2354 case VNC_MSG_CLIENT_KEY_EVENT: 2355 if (len == 1) 2356 return 8; 2357 2358 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2359 break; 2360 case VNC_MSG_CLIENT_POINTER_EVENT: 2361 if (len == 1) 2362 return 6; 2363 2364 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2365 break; 2366 case VNC_MSG_CLIENT_CUT_TEXT: 2367 if (len == 1) { 2368 return 8; 2369 } 2370 if (len == 8) { 2371 uint32_t dlen = read_u32(data, 4); 2372 if (dlen > (1 << 20)) { 2373 error_report("vnc: client_cut_text msg payload has %u bytes" 2374 " which exceeds our limit of 1MB.", dlen); 2375 vnc_client_error(vs); 2376 break; 2377 } 2378 if (dlen > 0) { 2379 return 8 + dlen; 2380 } 2381 } 2382 2383 client_cut_text(vs, read_u32(data, 4), data + 8); 2384 break; 2385 case VNC_MSG_CLIENT_QEMU: 2386 if (len == 1) 2387 return 2; 2388 2389 switch (read_u8(data, 1)) { 2390 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2391 if (len == 2) 2392 return 12; 2393 2394 ext_key_event(vs, read_u16(data, 2), 2395 read_u32(data, 4), read_u32(data, 8)); 2396 break; 2397 case VNC_MSG_CLIENT_QEMU_AUDIO: 2398 if (len == 2) 2399 return 4; 2400 2401 switch (read_u16 (data, 2)) { 2402 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2403 audio_add(vs); 2404 break; 2405 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2406 audio_del(vs); 2407 break; 2408 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2409 if (len == 4) 2410 return 10; 2411 switch (read_u8(data, 4)) { 2412 case 0: vs->as.fmt = AUD_FMT_U8; break; 2413 case 1: vs->as.fmt = AUD_FMT_S8; break; 2414 case 2: vs->as.fmt = AUD_FMT_U16; break; 2415 case 3: vs->as.fmt = AUD_FMT_S16; break; 2416 case 4: vs->as.fmt = AUD_FMT_U32; break; 2417 case 5: vs->as.fmt = AUD_FMT_S32; break; 2418 default: 2419 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2420 vnc_client_error(vs); 2421 break; 2422 } 2423 vs->as.nchannels = read_u8(data, 5); 2424 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2425 VNC_DEBUG("Invalid audio channel count %d\n", 2426 read_u8(data, 5)); 2427 vnc_client_error(vs); 2428 break; 2429 } 2430 freq = read_u32(data, 6); 2431 /* No official limit for protocol, but 48khz is a sensible 2432 * upper bound for trustworthy clients, and this limit 2433 * protects calculations involving 'vs->as.freq' later. 2434 */ 2435 if (freq > 48000) { 2436 VNC_DEBUG("Invalid audio frequency %u > 48000", freq); 2437 vnc_client_error(vs); 2438 break; 2439 } 2440 vs->as.freq = freq; 2441 break; 2442 default: 2443 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2444 vnc_client_error(vs); 2445 break; 2446 } 2447 break; 2448 2449 default: 2450 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2451 vnc_client_error(vs); 2452 break; 2453 } 2454 break; 2455 default: 2456 VNC_DEBUG("Msg: %d\n", data[0]); 2457 vnc_client_error(vs); 2458 break; 2459 } 2460 2461 vnc_update_throttle_offset(vs); 2462 vnc_read_when(vs, protocol_client_msg, 1); 2463 return 0; 2464 } 2465 2466 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2467 { 2468 char buf[1024]; 2469 VncShareMode mode; 2470 int size; 2471 2472 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2473 switch (vs->vd->share_policy) { 2474 case VNC_SHARE_POLICY_IGNORE: 2475 /* 2476 * Ignore the shared flag. Nothing to do here. 2477 * 2478 * Doesn't conform to the rfb spec but is traditional qemu 2479 * behavior, thus left here as option for compatibility 2480 * reasons. 2481 */ 2482 break; 2483 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2484 /* 2485 * Policy: Allow clients ask for exclusive access. 2486 * 2487 * Implementation: When a client asks for exclusive access, 2488 * disconnect all others. Shared connects are allowed as long 2489 * as no exclusive connection exists. 2490 * 2491 * This is how the rfb spec suggests to handle the shared flag. 2492 */ 2493 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2494 VncState *client; 2495 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2496 if (vs == client) { 2497 continue; 2498 } 2499 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2500 client->share_mode != VNC_SHARE_MODE_SHARED) { 2501 continue; 2502 } 2503 vnc_disconnect_start(client); 2504 } 2505 } 2506 if (mode == VNC_SHARE_MODE_SHARED) { 2507 if (vs->vd->num_exclusive > 0) { 2508 vnc_disconnect_start(vs); 2509 return 0; 2510 } 2511 } 2512 break; 2513 case VNC_SHARE_POLICY_FORCE_SHARED: 2514 /* 2515 * Policy: Shared connects only. 2516 * Implementation: Disallow clients asking for exclusive access. 2517 * 2518 * Useful for shared desktop sessions where you don't want 2519 * someone forgetting to say -shared when running the vnc 2520 * client disconnect everybody else. 2521 */ 2522 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2523 vnc_disconnect_start(vs); 2524 return 0; 2525 } 2526 break; 2527 } 2528 vnc_set_share_mode(vs, mode); 2529 2530 if (vs->vd->num_shared > vs->vd->connections_limit) { 2531 vnc_disconnect_start(vs); 2532 return 0; 2533 } 2534 2535 assert(pixman_image_get_width(vs->vd->server) < 65536 && 2536 pixman_image_get_width(vs->vd->server) >= 0); 2537 assert(pixman_image_get_height(vs->vd->server) < 65536 && 2538 pixman_image_get_height(vs->vd->server) >= 0); 2539 vs->client_width = pixman_image_get_width(vs->vd->server); 2540 vs->client_height = pixman_image_get_height(vs->vd->server); 2541 vnc_write_u16(vs, vs->client_width); 2542 vnc_write_u16(vs, vs->client_height); 2543 2544 pixel_format_message(vs); 2545 2546 if (qemu_name) { 2547 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2548 if (size > sizeof(buf)) { 2549 size = sizeof(buf); 2550 } 2551 } else { 2552 size = snprintf(buf, sizeof(buf), "QEMU"); 2553 } 2554 2555 vnc_write_u32(vs, size); 2556 vnc_write(vs, buf, size); 2557 vnc_flush(vs); 2558 2559 vnc_client_cache_auth(vs); 2560 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2561 2562 vnc_read_when(vs, protocol_client_msg, 1); 2563 2564 return 0; 2565 } 2566 2567 void start_client_init(VncState *vs) 2568 { 2569 vnc_read_when(vs, protocol_client_init, 1); 2570 } 2571 2572 static void make_challenge(VncState *vs) 2573 { 2574 int i; 2575 2576 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2577 2578 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2579 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2580 } 2581 2582 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2583 { 2584 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2585 size_t i, pwlen; 2586 unsigned char key[8]; 2587 time_t now = time(NULL); 2588 QCryptoCipher *cipher = NULL; 2589 Error *err = NULL; 2590 2591 if (!vs->vd->password) { 2592 trace_vnc_auth_fail(vs, vs->auth, "password is not set", ""); 2593 goto reject; 2594 } 2595 if (vs->vd->expires < now) { 2596 trace_vnc_auth_fail(vs, vs->auth, "password is expired", ""); 2597 goto reject; 2598 } 2599 2600 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2601 2602 /* Calculate the expected challenge response */ 2603 pwlen = strlen(vs->vd->password); 2604 for (i=0; i<sizeof(key); i++) 2605 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2606 2607 cipher = qcrypto_cipher_new( 2608 QCRYPTO_CIPHER_ALG_DES_RFB, 2609 QCRYPTO_CIPHER_MODE_ECB, 2610 key, G_N_ELEMENTS(key), 2611 &err); 2612 if (!cipher) { 2613 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher", 2614 error_get_pretty(err)); 2615 error_free(err); 2616 goto reject; 2617 } 2618 2619 if (qcrypto_cipher_encrypt(cipher, 2620 vs->challenge, 2621 response, 2622 VNC_AUTH_CHALLENGE_SIZE, 2623 &err) < 0) { 2624 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response", 2625 error_get_pretty(err)); 2626 error_free(err); 2627 goto reject; 2628 } 2629 2630 /* Compare expected vs actual challenge response */ 2631 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2632 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", ""); 2633 goto reject; 2634 } else { 2635 trace_vnc_auth_pass(vs, vs->auth); 2636 vnc_write_u32(vs, 0); /* Accept auth */ 2637 vnc_flush(vs); 2638 2639 start_client_init(vs); 2640 } 2641 2642 qcrypto_cipher_free(cipher); 2643 return 0; 2644 2645 reject: 2646 vnc_write_u32(vs, 1); /* Reject auth */ 2647 if (vs->minor >= 8) { 2648 static const char err[] = "Authentication failed"; 2649 vnc_write_u32(vs, sizeof(err)); 2650 vnc_write(vs, err, sizeof(err)); 2651 } 2652 vnc_flush(vs); 2653 vnc_client_error(vs); 2654 qcrypto_cipher_free(cipher); 2655 return 0; 2656 } 2657 2658 void start_auth_vnc(VncState *vs) 2659 { 2660 make_challenge(vs); 2661 /* Send client a 'random' challenge */ 2662 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2663 vnc_flush(vs); 2664 2665 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2666 } 2667 2668 2669 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2670 { 2671 /* We only advertise 1 auth scheme at a time, so client 2672 * must pick the one we sent. Verify this */ 2673 if (data[0] != vs->auth) { /* Reject auth */ 2674 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]); 2675 vnc_write_u32(vs, 1); 2676 if (vs->minor >= 8) { 2677 static const char err[] = "Authentication failed"; 2678 vnc_write_u32(vs, sizeof(err)); 2679 vnc_write(vs, err, sizeof(err)); 2680 } 2681 vnc_client_error(vs); 2682 } else { /* Accept requested auth */ 2683 trace_vnc_auth_start(vs, vs->auth); 2684 switch (vs->auth) { 2685 case VNC_AUTH_NONE: 2686 if (vs->minor >= 8) { 2687 vnc_write_u32(vs, 0); /* Accept auth completion */ 2688 vnc_flush(vs); 2689 } 2690 trace_vnc_auth_pass(vs, vs->auth); 2691 start_client_init(vs); 2692 break; 2693 2694 case VNC_AUTH_VNC: 2695 start_auth_vnc(vs); 2696 break; 2697 2698 case VNC_AUTH_VENCRYPT: 2699 start_auth_vencrypt(vs); 2700 break; 2701 2702 #ifdef CONFIG_VNC_SASL 2703 case VNC_AUTH_SASL: 2704 start_auth_sasl(vs); 2705 break; 2706 #endif /* CONFIG_VNC_SASL */ 2707 2708 default: /* Should not be possible, but just in case */ 2709 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", ""); 2710 vnc_write_u8(vs, 1); 2711 if (vs->minor >= 8) { 2712 static const char err[] = "Authentication failed"; 2713 vnc_write_u32(vs, sizeof(err)); 2714 vnc_write(vs, err, sizeof(err)); 2715 } 2716 vnc_client_error(vs); 2717 } 2718 } 2719 return 0; 2720 } 2721 2722 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2723 { 2724 char local[13]; 2725 2726 memcpy(local, version, 12); 2727 local[12] = 0; 2728 2729 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2730 VNC_DEBUG("Malformed protocol version %s\n", local); 2731 vnc_client_error(vs); 2732 return 0; 2733 } 2734 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2735 if (vs->major != 3 || 2736 (vs->minor != 3 && 2737 vs->minor != 4 && 2738 vs->minor != 5 && 2739 vs->minor != 7 && 2740 vs->minor != 8)) { 2741 VNC_DEBUG("Unsupported client version\n"); 2742 vnc_write_u32(vs, VNC_AUTH_INVALID); 2743 vnc_flush(vs); 2744 vnc_client_error(vs); 2745 return 0; 2746 } 2747 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2748 * as equivalent to v3.3 by servers 2749 */ 2750 if (vs->minor == 4 || vs->minor == 5) 2751 vs->minor = 3; 2752 2753 if (vs->minor == 3) { 2754 trace_vnc_auth_start(vs, vs->auth); 2755 if (vs->auth == VNC_AUTH_NONE) { 2756 vnc_write_u32(vs, vs->auth); 2757 vnc_flush(vs); 2758 trace_vnc_auth_pass(vs, vs->auth); 2759 start_client_init(vs); 2760 } else if (vs->auth == VNC_AUTH_VNC) { 2761 VNC_DEBUG("Tell client VNC auth\n"); 2762 vnc_write_u32(vs, vs->auth); 2763 vnc_flush(vs); 2764 start_auth_vnc(vs); 2765 } else { 2766 trace_vnc_auth_fail(vs, vs->auth, 2767 "Unsupported auth method for v3.3", ""); 2768 vnc_write_u32(vs, VNC_AUTH_INVALID); 2769 vnc_flush(vs); 2770 vnc_client_error(vs); 2771 } 2772 } else { 2773 vnc_write_u8(vs, 1); /* num auth */ 2774 vnc_write_u8(vs, vs->auth); 2775 vnc_read_when(vs, protocol_client_auth, 1); 2776 vnc_flush(vs); 2777 } 2778 2779 return 0; 2780 } 2781 2782 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2783 { 2784 struct VncSurface *vs = &vd->guest; 2785 2786 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2787 } 2788 2789 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2790 { 2791 int i, j; 2792 2793 w = (x + w) / VNC_STAT_RECT; 2794 h = (y + h) / VNC_STAT_RECT; 2795 x /= VNC_STAT_RECT; 2796 y /= VNC_STAT_RECT; 2797 2798 for (j = y; j <= h; j++) { 2799 for (i = x; i <= w; i++) { 2800 vs->lossy_rect[j][i] = 1; 2801 } 2802 } 2803 } 2804 2805 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2806 { 2807 VncState *vs; 2808 int sty = y / VNC_STAT_RECT; 2809 int stx = x / VNC_STAT_RECT; 2810 int has_dirty = 0; 2811 2812 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 2813 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 2814 2815 QTAILQ_FOREACH(vs, &vd->clients, next) { 2816 int j; 2817 2818 /* kernel send buffers are full -> refresh later */ 2819 if (vs->output.offset) { 2820 continue; 2821 } 2822 2823 if (!vs->lossy_rect[sty][stx]) { 2824 continue; 2825 } 2826 2827 vs->lossy_rect[sty][stx] = 0; 2828 for (j = 0; j < VNC_STAT_RECT; ++j) { 2829 bitmap_set(vs->dirty[y + j], 2830 x / VNC_DIRTY_PIXELS_PER_BIT, 2831 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2832 } 2833 has_dirty++; 2834 } 2835 2836 return has_dirty; 2837 } 2838 2839 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2840 { 2841 int width = MIN(pixman_image_get_width(vd->guest.fb), 2842 pixman_image_get_width(vd->server)); 2843 int height = MIN(pixman_image_get_height(vd->guest.fb), 2844 pixman_image_get_height(vd->server)); 2845 int x, y; 2846 struct timeval res; 2847 int has_dirty = 0; 2848 2849 for (y = 0; y < height; y += VNC_STAT_RECT) { 2850 for (x = 0; x < width; x += VNC_STAT_RECT) { 2851 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2852 2853 rect->updated = false; 2854 } 2855 } 2856 2857 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2858 2859 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2860 return has_dirty; 2861 } 2862 vd->guest.last_freq_check = *tv; 2863 2864 for (y = 0; y < height; y += VNC_STAT_RECT) { 2865 for (x = 0; x < width; x += VNC_STAT_RECT) { 2866 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2867 int count = ARRAY_SIZE(rect->times); 2868 struct timeval min, max; 2869 2870 if (!timerisset(&rect->times[count - 1])) { 2871 continue ; 2872 } 2873 2874 max = rect->times[(rect->idx + count - 1) % count]; 2875 qemu_timersub(tv, &max, &res); 2876 2877 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2878 rect->freq = 0; 2879 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2880 memset(rect->times, 0, sizeof (rect->times)); 2881 continue ; 2882 } 2883 2884 min = rect->times[rect->idx]; 2885 max = rect->times[(rect->idx + count - 1) % count]; 2886 qemu_timersub(&max, &min, &res); 2887 2888 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2889 rect->freq /= count; 2890 rect->freq = 1. / rect->freq; 2891 } 2892 } 2893 return has_dirty; 2894 } 2895 2896 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2897 { 2898 int i, j; 2899 double total = 0; 2900 int num = 0; 2901 2902 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 2903 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 2904 2905 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2906 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2907 total += vnc_stat_rect(vs->vd, i, j)->freq; 2908 num++; 2909 } 2910 } 2911 2912 if (num) { 2913 return total / num; 2914 } else { 2915 return 0; 2916 } 2917 } 2918 2919 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2920 { 2921 VncRectStat *rect; 2922 2923 rect = vnc_stat_rect(vd, x, y); 2924 if (rect->updated) { 2925 return ; 2926 } 2927 rect->times[rect->idx] = *tv; 2928 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2929 rect->updated = true; 2930 } 2931 2932 static int vnc_refresh_server_surface(VncDisplay *vd) 2933 { 2934 int width = MIN(pixman_image_get_width(vd->guest.fb), 2935 pixman_image_get_width(vd->server)); 2936 int height = MIN(pixman_image_get_height(vd->guest.fb), 2937 pixman_image_get_height(vd->server)); 2938 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 2939 uint8_t *guest_row0 = NULL, *server_row0; 2940 VncState *vs; 2941 int has_dirty = 0; 2942 pixman_image_t *tmpbuf = NULL; 2943 2944 struct timeval tv = { 0, 0 }; 2945 2946 if (!vd->non_adaptive) { 2947 gettimeofday(&tv, NULL); 2948 has_dirty = vnc_update_stats(vd, &tv); 2949 } 2950 2951 /* 2952 * Walk through the guest dirty map. 2953 * Check and copy modified bits from guest to server surface. 2954 * Update server dirty map. 2955 */ 2956 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2957 server_stride = guest_stride = guest_ll = 2958 pixman_image_get_stride(vd->server); 2959 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2960 server_stride); 2961 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2962 int width = pixman_image_get_width(vd->server); 2963 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2964 } else { 2965 int guest_bpp = 2966 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 2967 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2968 guest_stride = pixman_image_get_stride(vd->guest.fb); 2969 guest_ll = pixman_image_get_width(vd->guest.fb) 2970 * DIV_ROUND_UP(guest_bpp, 8); 2971 } 2972 line_bytes = MIN(server_stride, guest_ll); 2973 2974 for (;;) { 2975 int x; 2976 uint8_t *guest_ptr, *server_ptr; 2977 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2978 height * VNC_DIRTY_BPL(&vd->guest), 2979 y * VNC_DIRTY_BPL(&vd->guest)); 2980 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2981 /* no more dirty bits */ 2982 break; 2983 } 2984 y = offset / VNC_DIRTY_BPL(&vd->guest); 2985 x = offset % VNC_DIRTY_BPL(&vd->guest); 2986 2987 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2988 2989 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2990 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2991 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2992 } else { 2993 guest_ptr = guest_row0 + y * guest_stride; 2994 } 2995 guest_ptr += x * cmp_bytes; 2996 2997 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2998 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2999 int _cmp_bytes = cmp_bytes; 3000 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 3001 continue; 3002 } 3003 if ((x + 1) * cmp_bytes > line_bytes) { 3004 _cmp_bytes = line_bytes - x * cmp_bytes; 3005 } 3006 assert(_cmp_bytes >= 0); 3007 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 3008 continue; 3009 } 3010 memcpy(server_ptr, guest_ptr, _cmp_bytes); 3011 if (!vd->non_adaptive) { 3012 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 3013 y, &tv); 3014 } 3015 QTAILQ_FOREACH(vs, &vd->clients, next) { 3016 set_bit(x, vs->dirty[y]); 3017 } 3018 has_dirty++; 3019 } 3020 3021 y++; 3022 } 3023 qemu_pixman_image_unref(tmpbuf); 3024 return has_dirty; 3025 } 3026 3027 static void vnc_refresh(DisplayChangeListener *dcl) 3028 { 3029 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 3030 VncState *vs, *vn; 3031 int has_dirty, rects = 0; 3032 3033 if (QTAILQ_EMPTY(&vd->clients)) { 3034 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 3035 return; 3036 } 3037 3038 graphic_hw_update(vd->dcl.con); 3039 3040 if (vnc_trylock_display(vd)) { 3041 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3042 return; 3043 } 3044 3045 has_dirty = vnc_refresh_server_surface(vd); 3046 vnc_unlock_display(vd); 3047 3048 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 3049 rects += vnc_update_client(vs, has_dirty); 3050 /* vs might be free()ed here */ 3051 } 3052 3053 if (has_dirty && rects) { 3054 vd->dcl.update_interval /= 2; 3055 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 3056 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 3057 } 3058 } else { 3059 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 3060 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 3061 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 3062 } 3063 } 3064 } 3065 3066 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 3067 bool skipauth, bool websocket) 3068 { 3069 VncState *vs = g_new0(VncState, 1); 3070 bool first_client = QTAILQ_EMPTY(&vd->clients); 3071 int i; 3072 3073 trace_vnc_client_connect(vs, sioc); 3074 vs->magic = VNC_MAGIC; 3075 vs->sioc = sioc; 3076 object_ref(OBJECT(vs->sioc)); 3077 vs->ioc = QIO_CHANNEL(sioc); 3078 object_ref(OBJECT(vs->ioc)); 3079 vs->vd = vd; 3080 3081 buffer_init(&vs->input, "vnc-input/%p", sioc); 3082 buffer_init(&vs->output, "vnc-output/%p", sioc); 3083 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 3084 3085 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc); 3086 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc); 3087 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc); 3088 #ifdef CONFIG_VNC_JPEG 3089 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc); 3090 #endif 3091 #ifdef CONFIG_VNC_PNG 3092 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc); 3093 #endif 3094 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 3095 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc); 3096 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc); 3097 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc); 3098 3099 if (skipauth) { 3100 vs->auth = VNC_AUTH_NONE; 3101 vs->subauth = VNC_AUTH_INVALID; 3102 } else { 3103 if (websocket) { 3104 vs->auth = vd->ws_auth; 3105 vs->subauth = VNC_AUTH_INVALID; 3106 } else { 3107 vs->auth = vd->auth; 3108 vs->subauth = vd->subauth; 3109 } 3110 } 3111 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 3112 sioc, websocket, vs->auth, vs->subauth); 3113 3114 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 3115 for (i = 0; i < VNC_STAT_ROWS; ++i) { 3116 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 3117 } 3118 3119 VNC_DEBUG("New client on socket %p\n", vs->sioc); 3120 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3121 qio_channel_set_blocking(vs->ioc, false, NULL); 3122 if (vs->ioc_tag) { 3123 g_source_remove(vs->ioc_tag); 3124 } 3125 if (websocket) { 3126 vs->websocket = 1; 3127 if (vd->tlscreds) { 3128 vs->ioc_tag = qio_channel_add_watch( 3129 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); 3130 } else { 3131 vs->ioc_tag = qio_channel_add_watch( 3132 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); 3133 } 3134 } else { 3135 vs->ioc_tag = qio_channel_add_watch( 3136 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 3137 } 3138 3139 vnc_client_cache_addr(vs); 3140 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3141 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3142 3143 vs->last_x = -1; 3144 vs->last_y = -1; 3145 3146 vs->as.freq = 44100; 3147 vs->as.nchannels = 2; 3148 vs->as.fmt = AUD_FMT_S16; 3149 vs->as.endianness = 0; 3150 3151 qemu_mutex_init(&vs->output_mutex); 3152 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3153 3154 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3155 if (first_client) { 3156 vnc_update_server_surface(vd); 3157 } 3158 3159 graphic_hw_update(vd->dcl.con); 3160 3161 if (!vs->websocket) { 3162 vnc_start_protocol(vs); 3163 } 3164 3165 if (vd->num_connecting > vd->connections_limit) { 3166 QTAILQ_FOREACH(vs, &vd->clients, next) { 3167 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3168 vnc_disconnect_start(vs); 3169 return; 3170 } 3171 } 3172 } 3173 } 3174 3175 void vnc_start_protocol(VncState *vs) 3176 { 3177 vnc_write(vs, "RFB 003.008\n", 12); 3178 vnc_flush(vs); 3179 vnc_read_when(vs, protocol_version, 12); 3180 3181 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3182 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3183 } 3184 3185 static void vnc_listen_io(QIONetListener *listener, 3186 QIOChannelSocket *cioc, 3187 void *opaque) 3188 { 3189 VncDisplay *vd = opaque; 3190 bool isWebsock = listener == vd->wslistener; 3191 3192 qio_channel_set_name(QIO_CHANNEL(cioc), 3193 isWebsock ? "vnc-ws-server" : "vnc-server"); 3194 qio_channel_set_delay(QIO_CHANNEL(cioc), false); 3195 vnc_connect(vd, cioc, false, isWebsock); 3196 } 3197 3198 static const DisplayChangeListenerOps dcl_ops = { 3199 .dpy_name = "vnc", 3200 .dpy_refresh = vnc_refresh, 3201 .dpy_gfx_update = vnc_dpy_update, 3202 .dpy_gfx_switch = vnc_dpy_switch, 3203 .dpy_gfx_check_format = qemu_pixman_check_format, 3204 .dpy_mouse_set = vnc_mouse_set, 3205 .dpy_cursor_define = vnc_dpy_cursor_define, 3206 }; 3207 3208 void vnc_display_init(const char *id, Error **errp) 3209 { 3210 VncDisplay *vd; 3211 3212 if (vnc_display_find(id) != NULL) { 3213 return; 3214 } 3215 vd = g_malloc0(sizeof(*vd)); 3216 3217 vd->id = strdup(id); 3218 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next); 3219 3220 QTAILQ_INIT(&vd->clients); 3221 vd->expires = TIME_MAX; 3222 3223 if (keyboard_layout) { 3224 trace_vnc_key_map_init(keyboard_layout); 3225 vd->kbd_layout = init_keyboard_layout(name2keysym, 3226 keyboard_layout, errp); 3227 } else { 3228 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp); 3229 } 3230 3231 if (!vd->kbd_layout) { 3232 return; 3233 } 3234 3235 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3236 vd->connections_limit = 32; 3237 3238 qemu_mutex_init(&vd->mutex); 3239 vnc_start_worker_thread(); 3240 3241 vd->dcl.ops = &dcl_ops; 3242 register_displaychangelistener(&vd->dcl); 3243 } 3244 3245 3246 static void vnc_display_close(VncDisplay *vd) 3247 { 3248 if (!vd) { 3249 return; 3250 } 3251 vd->is_unix = false; 3252 3253 if (vd->listener) { 3254 qio_net_listener_disconnect(vd->listener); 3255 object_unref(OBJECT(vd->listener)); 3256 } 3257 vd->listener = NULL; 3258 3259 if (vd->wslistener) { 3260 qio_net_listener_disconnect(vd->wslistener); 3261 object_unref(OBJECT(vd->wslistener)); 3262 } 3263 vd->wslistener = NULL; 3264 3265 vd->auth = VNC_AUTH_INVALID; 3266 vd->subauth = VNC_AUTH_INVALID; 3267 if (vd->tlscreds) { 3268 object_unparent(OBJECT(vd->tlscreds)); 3269 vd->tlscreds = NULL; 3270 } 3271 g_free(vd->tlsaclname); 3272 vd->tlsaclname = NULL; 3273 if (vd->lock_key_sync) { 3274 qemu_remove_led_event_handler(vd->led); 3275 vd->led = NULL; 3276 } 3277 } 3278 3279 int vnc_display_password(const char *id, const char *password) 3280 { 3281 VncDisplay *vd = vnc_display_find(id); 3282 3283 if (!vd) { 3284 return -EINVAL; 3285 } 3286 if (vd->auth == VNC_AUTH_NONE) { 3287 error_printf_unless_qmp("If you want use passwords please enable " 3288 "password auth using '-vnc ${dpy},password'.\n"); 3289 return -EINVAL; 3290 } 3291 3292 g_free(vd->password); 3293 vd->password = g_strdup(password); 3294 3295 return 0; 3296 } 3297 3298 int vnc_display_pw_expire(const char *id, time_t expires) 3299 { 3300 VncDisplay *vd = vnc_display_find(id); 3301 3302 if (!vd) { 3303 return -EINVAL; 3304 } 3305 3306 vd->expires = expires; 3307 return 0; 3308 } 3309 3310 static void vnc_display_print_local_addr(VncDisplay *vd) 3311 { 3312 SocketAddress *addr; 3313 Error *err = NULL; 3314 3315 if (!vd->listener || !vd->listener->nsioc) { 3316 return; 3317 } 3318 3319 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err); 3320 if (!addr) { 3321 return; 3322 } 3323 3324 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 3325 qapi_free_SocketAddress(addr); 3326 return; 3327 } 3328 error_printf_unless_qmp("VNC server running on %s:%s\n", 3329 addr->u.inet.host, 3330 addr->u.inet.port); 3331 qapi_free_SocketAddress(addr); 3332 } 3333 3334 static QemuOptsList qemu_vnc_opts = { 3335 .name = "vnc", 3336 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3337 .implied_opt_name = "vnc", 3338 .desc = { 3339 { 3340 .name = "vnc", 3341 .type = QEMU_OPT_STRING, 3342 },{ 3343 .name = "websocket", 3344 .type = QEMU_OPT_STRING, 3345 },{ 3346 .name = "tls-creds", 3347 .type = QEMU_OPT_STRING, 3348 },{ 3349 .name = "share", 3350 .type = QEMU_OPT_STRING, 3351 },{ 3352 .name = "display", 3353 .type = QEMU_OPT_STRING, 3354 },{ 3355 .name = "head", 3356 .type = QEMU_OPT_NUMBER, 3357 },{ 3358 .name = "connections", 3359 .type = QEMU_OPT_NUMBER, 3360 },{ 3361 .name = "to", 3362 .type = QEMU_OPT_NUMBER, 3363 },{ 3364 .name = "ipv4", 3365 .type = QEMU_OPT_BOOL, 3366 },{ 3367 .name = "ipv6", 3368 .type = QEMU_OPT_BOOL, 3369 },{ 3370 .name = "password", 3371 .type = QEMU_OPT_BOOL, 3372 },{ 3373 .name = "reverse", 3374 .type = QEMU_OPT_BOOL, 3375 },{ 3376 .name = "lock-key-sync", 3377 .type = QEMU_OPT_BOOL, 3378 },{ 3379 .name = "key-delay-ms", 3380 .type = QEMU_OPT_NUMBER, 3381 },{ 3382 .name = "sasl", 3383 .type = QEMU_OPT_BOOL, 3384 },{ 3385 .name = "acl", 3386 .type = QEMU_OPT_BOOL, 3387 },{ 3388 .name = "lossy", 3389 .type = QEMU_OPT_BOOL, 3390 },{ 3391 .name = "non-adaptive", 3392 .type = QEMU_OPT_BOOL, 3393 }, 3394 { /* end of list */ } 3395 }, 3396 }; 3397 3398 3399 static int 3400 vnc_display_setup_auth(int *auth, 3401 int *subauth, 3402 QCryptoTLSCreds *tlscreds, 3403 bool password, 3404 bool sasl, 3405 bool websocket, 3406 Error **errp) 3407 { 3408 /* 3409 * We have a choice of 3 authentication options 3410 * 3411 * 1. none 3412 * 2. vnc 3413 * 3. sasl 3414 * 3415 * The channel can be run in 2 modes 3416 * 3417 * 1. clear 3418 * 2. tls 3419 * 3420 * And TLS can use 2 types of credentials 3421 * 3422 * 1. anon 3423 * 2. x509 3424 * 3425 * We thus have 9 possible logical combinations 3426 * 3427 * 1. clear + none 3428 * 2. clear + vnc 3429 * 3. clear + sasl 3430 * 4. tls + anon + none 3431 * 5. tls + anon + vnc 3432 * 6. tls + anon + sasl 3433 * 7. tls + x509 + none 3434 * 8. tls + x509 + vnc 3435 * 9. tls + x509 + sasl 3436 * 3437 * These need to be mapped into the VNC auth schemes 3438 * in an appropriate manner. In regular VNC, all the 3439 * TLS options get mapped into VNC_AUTH_VENCRYPT 3440 * sub-auth types. 3441 * 3442 * In websockets, the https:// protocol already provides 3443 * TLS support, so there is no need to make use of the 3444 * VeNCrypt extension. Furthermore, websockets browser 3445 * clients could not use VeNCrypt even if they wanted to, 3446 * as they cannot control when the TLS handshake takes 3447 * place. Thus there is no option but to rely on https://, 3448 * meaning combinations 4->6 and 7->9 will be mapped to 3449 * VNC auth schemes in the same way as combos 1->3. 3450 * 3451 * Regardless of fact that we have a different mapping to 3452 * VNC auth mechs for plain VNC vs websockets VNC, the end 3453 * result has the same security characteristics. 3454 */ 3455 if (websocket || !tlscreds) { 3456 if (password) { 3457 VNC_DEBUG("Initializing VNC server with password auth\n"); 3458 *auth = VNC_AUTH_VNC; 3459 } else if (sasl) { 3460 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3461 *auth = VNC_AUTH_SASL; 3462 } else { 3463 VNC_DEBUG("Initializing VNC server with no auth\n"); 3464 *auth = VNC_AUTH_NONE; 3465 } 3466 *subauth = VNC_AUTH_INVALID; 3467 } else { 3468 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds), 3469 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL; 3470 bool is_anon = object_dynamic_cast(OBJECT(tlscreds), 3471 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL; 3472 3473 if (!is_x509 && !is_anon) { 3474 error_setg(errp, 3475 "Unsupported TLS cred type %s", 3476 object_get_typename(OBJECT(tlscreds))); 3477 return -1; 3478 } 3479 *auth = VNC_AUTH_VENCRYPT; 3480 if (password) { 3481 if (is_x509) { 3482 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3483 *subauth = VNC_AUTH_VENCRYPT_X509VNC; 3484 } else { 3485 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3486 *subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3487 } 3488 3489 } else if (sasl) { 3490 if (is_x509) { 3491 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3492 *subauth = VNC_AUTH_VENCRYPT_X509SASL; 3493 } else { 3494 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3495 *subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3496 } 3497 } else { 3498 if (is_x509) { 3499 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3500 *subauth = VNC_AUTH_VENCRYPT_X509NONE; 3501 } else { 3502 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3503 *subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3504 } 3505 } 3506 } 3507 return 0; 3508 } 3509 3510 3511 static int vnc_display_get_address(const char *addrstr, 3512 bool websocket, 3513 bool reverse, 3514 int displaynum, 3515 int to, 3516 bool has_ipv4, 3517 bool has_ipv6, 3518 bool ipv4, 3519 bool ipv6, 3520 SocketAddress **retaddr, 3521 Error **errp) 3522 { 3523 int ret = -1; 3524 SocketAddress *addr = NULL; 3525 3526 addr = g_new0(SocketAddress, 1); 3527 3528 if (strncmp(addrstr, "unix:", 5) == 0) { 3529 addr->type = SOCKET_ADDRESS_TYPE_UNIX; 3530 addr->u.q_unix.path = g_strdup(addrstr + 5); 3531 3532 if (websocket) { 3533 error_setg(errp, "UNIX sockets not supported with websock"); 3534 goto cleanup; 3535 } 3536 3537 if (to) { 3538 error_setg(errp, "Port range not support with UNIX socket"); 3539 goto cleanup; 3540 } 3541 ret = 0; 3542 } else { 3543 const char *port; 3544 size_t hostlen; 3545 unsigned long long baseport = 0; 3546 InetSocketAddress *inet; 3547 3548 port = strrchr(addrstr, ':'); 3549 if (!port) { 3550 if (websocket) { 3551 hostlen = 0; 3552 port = addrstr; 3553 } else { 3554 error_setg(errp, "no vnc port specified"); 3555 goto cleanup; 3556 } 3557 } else { 3558 hostlen = port - addrstr; 3559 port++; 3560 if (*port == '\0') { 3561 error_setg(errp, "vnc port cannot be empty"); 3562 goto cleanup; 3563 } 3564 } 3565 3566 addr->type = SOCKET_ADDRESS_TYPE_INET; 3567 inet = &addr->u.inet; 3568 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') { 3569 inet->host = g_strndup(addrstr + 1, hostlen - 2); 3570 } else { 3571 inet->host = g_strndup(addrstr, hostlen); 3572 } 3573 /* plain VNC port is just an offset, for websocket 3574 * port is absolute */ 3575 if (websocket) { 3576 if (g_str_equal(addrstr, "") || 3577 g_str_equal(addrstr, "on")) { 3578 if (displaynum == -1) { 3579 error_setg(errp, "explicit websocket port is required"); 3580 goto cleanup; 3581 } 3582 inet->port = g_strdup_printf( 3583 "%d", displaynum + 5700); 3584 if (to) { 3585 inet->has_to = true; 3586 inet->to = to + 5700; 3587 } 3588 } else { 3589 inet->port = g_strdup(port); 3590 } 3591 } else { 3592 int offset = reverse ? 0 : 5900; 3593 if (parse_uint_full(port, &baseport, 10) < 0) { 3594 error_setg(errp, "can't convert to a number: %s", port); 3595 goto cleanup; 3596 } 3597 if (baseport > 65535 || 3598 baseport + offset > 65535) { 3599 error_setg(errp, "port %s out of range", port); 3600 goto cleanup; 3601 } 3602 inet->port = g_strdup_printf( 3603 "%d", (int)baseport + offset); 3604 3605 if (to) { 3606 inet->has_to = true; 3607 inet->to = to + offset; 3608 } 3609 } 3610 3611 inet->ipv4 = ipv4; 3612 inet->has_ipv4 = has_ipv4; 3613 inet->ipv6 = ipv6; 3614 inet->has_ipv6 = has_ipv6; 3615 3616 ret = baseport; 3617 } 3618 3619 *retaddr = addr; 3620 3621 cleanup: 3622 if (ret < 0) { 3623 qapi_free_SocketAddress(addr); 3624 } 3625 return ret; 3626 } 3627 3628 static void vnc_free_addresses(SocketAddress ***retsaddr, 3629 size_t *retnsaddr) 3630 { 3631 size_t i; 3632 3633 for (i = 0; i < *retnsaddr; i++) { 3634 qapi_free_SocketAddress((*retsaddr)[i]); 3635 } 3636 g_free(*retsaddr); 3637 3638 *retsaddr = NULL; 3639 *retnsaddr = 0; 3640 } 3641 3642 static int vnc_display_get_addresses(QemuOpts *opts, 3643 bool reverse, 3644 SocketAddress ***retsaddr, 3645 size_t *retnsaddr, 3646 SocketAddress ***retwsaddr, 3647 size_t *retnwsaddr, 3648 Error **errp) 3649 { 3650 SocketAddress *saddr = NULL; 3651 SocketAddress *wsaddr = NULL; 3652 QemuOptsIter addriter; 3653 const char *addr; 3654 int to = qemu_opt_get_number(opts, "to", 0); 3655 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3656 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3657 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3658 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3659 int displaynum = -1; 3660 int ret = -1; 3661 3662 *retsaddr = NULL; 3663 *retnsaddr = 0; 3664 *retwsaddr = NULL; 3665 *retnwsaddr = 0; 3666 3667 addr = qemu_opt_get(opts, "vnc"); 3668 if (addr == NULL || g_str_equal(addr, "none")) { 3669 ret = 0; 3670 goto cleanup; 3671 } 3672 if (qemu_opt_get(opts, "websocket") && 3673 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { 3674 error_setg(errp, 3675 "SHA1 hash support is required for websockets"); 3676 goto cleanup; 3677 } 3678 3679 qemu_opt_iter_init(&addriter, opts, "vnc"); 3680 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3681 int rv; 3682 rv = vnc_display_get_address(addr, false, reverse, 0, to, 3683 has_ipv4, has_ipv6, 3684 ipv4, ipv6, 3685 &saddr, errp); 3686 if (rv < 0) { 3687 goto cleanup; 3688 } 3689 /* Historical compat - first listen address can be used 3690 * to set the default websocket port 3691 */ 3692 if (displaynum == -1) { 3693 displaynum = rv; 3694 } 3695 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1); 3696 (*retsaddr)[(*retnsaddr)++] = saddr; 3697 } 3698 3699 /* If we had multiple primary displays, we don't do defaults 3700 * for websocket, and require explicit config instead. */ 3701 if (*retnsaddr > 1) { 3702 displaynum = -1; 3703 } 3704 3705 qemu_opt_iter_init(&addriter, opts, "websocket"); 3706 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3707 if (vnc_display_get_address(addr, true, reverse, displaynum, to, 3708 has_ipv4, has_ipv6, 3709 ipv4, ipv6, 3710 &wsaddr, errp) < 0) { 3711 goto cleanup; 3712 } 3713 3714 /* Historical compat - if only a single listen address was 3715 * provided, then this is used to set the default listen 3716 * address for websocket too 3717 */ 3718 if (*retnsaddr == 1 && 3719 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET && 3720 wsaddr->type == SOCKET_ADDRESS_TYPE_INET && 3721 g_str_equal(wsaddr->u.inet.host, "") && 3722 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) { 3723 g_free(wsaddr->u.inet.host); 3724 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host); 3725 } 3726 3727 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1); 3728 (*retwsaddr)[(*retnwsaddr)++] = wsaddr; 3729 } 3730 3731 ret = 0; 3732 cleanup: 3733 if (ret < 0) { 3734 vnc_free_addresses(retsaddr, retnsaddr); 3735 vnc_free_addresses(retwsaddr, retnwsaddr); 3736 } 3737 return ret; 3738 } 3739 3740 static int vnc_display_connect(VncDisplay *vd, 3741 SocketAddress **saddr, 3742 size_t nsaddr, 3743 SocketAddress **wsaddr, 3744 size_t nwsaddr, 3745 Error **errp) 3746 { 3747 /* connect to viewer */ 3748 QIOChannelSocket *sioc = NULL; 3749 if (nwsaddr != 0) { 3750 error_setg(errp, "Cannot use websockets in reverse mode"); 3751 return -1; 3752 } 3753 if (nsaddr != 1) { 3754 error_setg(errp, "Expected a single address in reverse mode"); 3755 return -1; 3756 } 3757 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */ 3758 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX; 3759 sioc = qio_channel_socket_new(); 3760 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse"); 3761 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) { 3762 return -1; 3763 } 3764 vnc_connect(vd, sioc, false, false); 3765 object_unref(OBJECT(sioc)); 3766 return 0; 3767 } 3768 3769 3770 static int vnc_display_listen(VncDisplay *vd, 3771 SocketAddress **saddr, 3772 size_t nsaddr, 3773 SocketAddress **wsaddr, 3774 size_t nwsaddr, 3775 Error **errp) 3776 { 3777 size_t i; 3778 3779 if (nsaddr) { 3780 vd->listener = qio_net_listener_new(); 3781 qio_net_listener_set_name(vd->listener, "vnc-listen"); 3782 for (i = 0; i < nsaddr; i++) { 3783 if (qio_net_listener_open_sync(vd->listener, 3784 saddr[i], 3785 errp) < 0) { 3786 return -1; 3787 } 3788 } 3789 3790 qio_net_listener_set_client_func(vd->listener, 3791 vnc_listen_io, vd, NULL); 3792 } 3793 3794 if (nwsaddr) { 3795 vd->wslistener = qio_net_listener_new(); 3796 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen"); 3797 for (i = 0; i < nwsaddr; i++) { 3798 if (qio_net_listener_open_sync(vd->wslistener, 3799 wsaddr[i], 3800 errp) < 0) { 3801 return -1; 3802 } 3803 } 3804 3805 qio_net_listener_set_client_func(vd->wslistener, 3806 vnc_listen_io, vd, NULL); 3807 } 3808 3809 return 0; 3810 } 3811 3812 3813 void vnc_display_open(const char *id, Error **errp) 3814 { 3815 VncDisplay *vd = vnc_display_find(id); 3816 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3817 SocketAddress **saddr = NULL, **wsaddr = NULL; 3818 size_t nsaddr, nwsaddr; 3819 const char *share, *device_id; 3820 QemuConsole *con; 3821 bool password = false; 3822 bool reverse = false; 3823 const char *credid; 3824 bool sasl = false; 3825 int acl = 0; 3826 int lock_key_sync = 1; 3827 int key_delay_ms; 3828 3829 if (!vd) { 3830 error_setg(errp, "VNC display not active"); 3831 return; 3832 } 3833 vnc_display_close(vd); 3834 3835 if (!opts) { 3836 return; 3837 } 3838 3839 reverse = qemu_opt_get_bool(opts, "reverse", false); 3840 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr, 3841 &wsaddr, &nwsaddr, errp) < 0) { 3842 goto fail; 3843 } 3844 3845 password = qemu_opt_get_bool(opts, "password", false); 3846 if (password) { 3847 if (fips_get_state()) { 3848 error_setg(errp, 3849 "VNC password auth disabled due to FIPS mode, " 3850 "consider using the VeNCrypt or SASL authentication " 3851 "methods as an alternative"); 3852 goto fail; 3853 } 3854 if (!qcrypto_cipher_supports( 3855 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { 3856 error_setg(errp, 3857 "Cipher backend does not support DES RFB algorithm"); 3858 goto fail; 3859 } 3860 } 3861 3862 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3863 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10); 3864 sasl = qemu_opt_get_bool(opts, "sasl", false); 3865 #ifndef CONFIG_VNC_SASL 3866 if (sasl) { 3867 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3868 goto fail; 3869 } 3870 #endif /* CONFIG_VNC_SASL */ 3871 credid = qemu_opt_get(opts, "tls-creds"); 3872 if (credid) { 3873 Object *creds; 3874 creds = object_resolve_path_component( 3875 object_get_objects_root(), credid); 3876 if (!creds) { 3877 error_setg(errp, "No TLS credentials with id '%s'", 3878 credid); 3879 goto fail; 3880 } 3881 vd->tlscreds = (QCryptoTLSCreds *) 3882 object_dynamic_cast(creds, 3883 TYPE_QCRYPTO_TLS_CREDS); 3884 if (!vd->tlscreds) { 3885 error_setg(errp, "Object with id '%s' is not TLS credentials", 3886 credid); 3887 goto fail; 3888 } 3889 object_ref(OBJECT(vd->tlscreds)); 3890 3891 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 3892 error_setg(errp, 3893 "Expecting TLS credentials with a server endpoint"); 3894 goto fail; 3895 } 3896 } 3897 acl = qemu_opt_get_bool(opts, "acl", false); 3898 3899 share = qemu_opt_get(opts, "share"); 3900 if (share) { 3901 if (strcmp(share, "ignore") == 0) { 3902 vd->share_policy = VNC_SHARE_POLICY_IGNORE; 3903 } else if (strcmp(share, "allow-exclusive") == 0) { 3904 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3905 } else if (strcmp(share, "force-shared") == 0) { 3906 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3907 } else { 3908 error_setg(errp, "unknown vnc share= option"); 3909 goto fail; 3910 } 3911 } else { 3912 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3913 } 3914 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3915 3916 #ifdef CONFIG_VNC_JPEG 3917 vd->lossy = qemu_opt_get_bool(opts, "lossy", false); 3918 #endif 3919 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3920 /* adaptive updates are only used with tight encoding and 3921 * if lossy updates are enabled so we can disable all the 3922 * calculations otherwise */ 3923 if (!vd->lossy) { 3924 vd->non_adaptive = true; 3925 } 3926 3927 if (acl) { 3928 if (strcmp(vd->id, "default") == 0) { 3929 vd->tlsaclname = g_strdup("vnc.x509dname"); 3930 } else { 3931 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id); 3932 } 3933 qemu_acl_init(vd->tlsaclname); 3934 } 3935 #ifdef CONFIG_VNC_SASL 3936 if (acl && sasl) { 3937 char *aclname; 3938 3939 if (strcmp(vd->id, "default") == 0) { 3940 aclname = g_strdup("vnc.username"); 3941 } else { 3942 aclname = g_strdup_printf("vnc.%s.username", vd->id); 3943 } 3944 vd->sasl.acl = qemu_acl_init(aclname); 3945 g_free(aclname); 3946 } 3947 #endif 3948 3949 if (vnc_display_setup_auth(&vd->auth, &vd->subauth, 3950 vd->tlscreds, password, 3951 sasl, false, errp) < 0) { 3952 goto fail; 3953 } 3954 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth); 3955 3956 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth, 3957 vd->tlscreds, password, 3958 sasl, true, errp) < 0) { 3959 goto fail; 3960 } 3961 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth); 3962 3963 #ifdef CONFIG_VNC_SASL 3964 if (sasl) { 3965 int saslErr = sasl_server_init(NULL, "qemu"); 3966 3967 if (saslErr != SASL_OK) { 3968 error_setg(errp, "Failed to initialize SASL auth: %s", 3969 sasl_errstring(saslErr, NULL, NULL)); 3970 goto fail; 3971 } 3972 } 3973 #endif 3974 vd->lock_key_sync = lock_key_sync; 3975 if (lock_key_sync) { 3976 vd->led = qemu_add_led_event_handler(kbd_leds, vd); 3977 } 3978 vd->ledstate = 0; 3979 vd->key_delay_ms = key_delay_ms; 3980 3981 device_id = qemu_opt_get(opts, "display"); 3982 if (device_id) { 3983 int head = qemu_opt_get_number(opts, "head", 0); 3984 Error *err = NULL; 3985 3986 con = qemu_console_lookup_by_device_name(device_id, head, &err); 3987 if (err) { 3988 error_propagate(errp, err); 3989 goto fail; 3990 } 3991 } else { 3992 con = NULL; 3993 } 3994 3995 if (con != vd->dcl.con) { 3996 unregister_displaychangelistener(&vd->dcl); 3997 vd->dcl.con = con; 3998 register_displaychangelistener(&vd->dcl); 3999 } 4000 4001 if (saddr == NULL) { 4002 goto cleanup; 4003 } 4004 4005 if (reverse) { 4006 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) { 4007 goto fail; 4008 } 4009 } else { 4010 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) { 4011 goto fail; 4012 } 4013 } 4014 4015 if (qemu_opt_get(opts, "to")) { 4016 vnc_display_print_local_addr(vd); 4017 } 4018 4019 cleanup: 4020 vnc_free_addresses(&saddr, &nsaddr); 4021 vnc_free_addresses(&wsaddr, &nwsaddr); 4022 return; 4023 4024 fail: 4025 vnc_display_close(vd); 4026 goto cleanup; 4027 } 4028 4029 void vnc_display_add_client(const char *id, int csock, bool skipauth) 4030 { 4031 VncDisplay *vd = vnc_display_find(id); 4032 QIOChannelSocket *sioc; 4033 4034 if (!vd) { 4035 return; 4036 } 4037 4038 sioc = qio_channel_socket_new_fd(csock, NULL); 4039 if (sioc) { 4040 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server"); 4041 vnc_connect(vd, sioc, skipauth, false); 4042 object_unref(OBJECT(sioc)); 4043 } 4044 } 4045 4046 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 4047 { 4048 int i = 2; 4049 char *id; 4050 4051 id = g_strdup("default"); 4052 while (qemu_opts_find(olist, id)) { 4053 g_free(id); 4054 id = g_strdup_printf("vnc%d", i++); 4055 } 4056 qemu_opts_set_id(opts, id); 4057 } 4058 4059 QemuOpts *vnc_parse(const char *str, Error **errp) 4060 { 4061 QemuOptsList *olist = qemu_find_opts("vnc"); 4062 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 4063 const char *id; 4064 4065 if (!opts) { 4066 return NULL; 4067 } 4068 4069 id = qemu_opts_id(opts); 4070 if (!id) { 4071 /* auto-assign id if not present */ 4072 vnc_auto_assign_id(olist, opts); 4073 } 4074 return opts; 4075 } 4076 4077 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 4078 { 4079 Error *local_err = NULL; 4080 char *id = (char *)qemu_opts_id(opts); 4081 4082 assert(id); 4083 vnc_display_init(id, &local_err); 4084 if (local_err) { 4085 error_propagate(errp, local_err); 4086 return -1; 4087 } 4088 vnc_display_open(id, &local_err); 4089 if (local_err != NULL) { 4090 error_propagate(errp, local_err); 4091 return -1; 4092 } 4093 return 0; 4094 } 4095 4096 static void vnc_register_config(void) 4097 { 4098 qemu_add_opts(&qemu_vnc_opts); 4099 } 4100 opts_init(vnc_register_config); 4101