1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "trace.h" 30 #include "hw/qdev.h" 31 #include "sysemu/sysemu.h" 32 #include "qemu/error-report.h" 33 #include "qemu/sockets.h" 34 #include "qemu/timer.h" 35 #include "qemu/acl.h" 36 #include "qemu/config-file.h" 37 #include "qapi/qmp/qerror.h" 38 #include "qapi/qmp/types.h" 39 #include "qmp-commands.h" 40 #include "qemu/osdep.h" 41 #include "ui/input.h" 42 #include "qapi-event.h" 43 #include "crypto/hash.h" 44 #include "crypto/tlscredsanon.h" 45 #include "crypto/tlscredsx509.h" 46 #include "qom/object_interfaces.h" 47 48 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 49 #define VNC_REFRESH_INTERVAL_INC 50 50 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 51 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 52 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 53 54 #include "vnc_keysym.h" 55 #include "crypto/cipher.h" 56 57 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 58 QTAILQ_HEAD_INITIALIZER(vnc_displays); 59 60 static int vnc_cursor_define(VncState *vs); 61 static void vnc_release_modifiers(VncState *vs); 62 63 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 64 { 65 #ifdef _VNC_DEBUG 66 static const char *mn[] = { 67 [0] = "undefined", 68 [VNC_SHARE_MODE_CONNECTING] = "connecting", 69 [VNC_SHARE_MODE_SHARED] = "shared", 70 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 71 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 72 }; 73 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 74 vs->csock, mn[vs->share_mode], mn[mode]); 75 #endif 76 77 switch (vs->share_mode) { 78 case VNC_SHARE_MODE_CONNECTING: 79 vs->vd->num_connecting--; 80 break; 81 case VNC_SHARE_MODE_SHARED: 82 vs->vd->num_shared--; 83 break; 84 case VNC_SHARE_MODE_EXCLUSIVE: 85 vs->vd->num_exclusive--; 86 break; 87 default: 88 break; 89 } 90 91 vs->share_mode = mode; 92 93 switch (vs->share_mode) { 94 case VNC_SHARE_MODE_CONNECTING: 95 vs->vd->num_connecting++; 96 break; 97 case VNC_SHARE_MODE_SHARED: 98 vs->vd->num_shared++; 99 break; 100 case VNC_SHARE_MODE_EXCLUSIVE: 101 vs->vd->num_exclusive++; 102 break; 103 default: 104 break; 105 } 106 } 107 108 static char *addr_to_string(const char *format, 109 struct sockaddr_storage *sa, 110 socklen_t salen) { 111 char *addr; 112 char host[NI_MAXHOST]; 113 char serv[NI_MAXSERV]; 114 int err; 115 size_t addrlen; 116 117 if ((err = getnameinfo((struct sockaddr *)sa, salen, 118 host, sizeof(host), 119 serv, sizeof(serv), 120 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 121 VNC_DEBUG("Cannot resolve address %d: %s\n", 122 err, gai_strerror(err)); 123 return NULL; 124 } 125 126 /* Enough for the existing format + the 2 vars we're 127 * substituting in. */ 128 addrlen = strlen(format) + strlen(host) + strlen(serv); 129 addr = g_malloc(addrlen + 1); 130 snprintf(addr, addrlen, format, host, serv); 131 addr[addrlen] = '\0'; 132 133 return addr; 134 } 135 136 137 char *vnc_socket_local_addr(const char *format, int fd) { 138 struct sockaddr_storage sa; 139 socklen_t salen; 140 141 salen = sizeof(sa); 142 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 143 return NULL; 144 145 return addr_to_string(format, &sa, salen); 146 } 147 148 char *vnc_socket_remote_addr(const char *format, int fd) { 149 struct sockaddr_storage sa; 150 socklen_t salen; 151 152 salen = sizeof(sa); 153 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 154 return NULL; 155 156 return addr_to_string(format, &sa, salen); 157 } 158 159 static VncBasicInfo *vnc_basic_info_get(struct sockaddr_storage *sa, 160 socklen_t salen) 161 { 162 VncBasicInfo *info; 163 char host[NI_MAXHOST]; 164 char serv[NI_MAXSERV]; 165 int err; 166 167 if ((err = getnameinfo((struct sockaddr *)sa, salen, 168 host, sizeof(host), 169 serv, sizeof(serv), 170 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 171 VNC_DEBUG("Cannot resolve address %d: %s\n", 172 err, gai_strerror(err)); 173 return NULL; 174 } 175 176 info = g_malloc0(sizeof(VncBasicInfo)); 177 info->host = g_strdup(host); 178 info->service = g_strdup(serv); 179 info->family = inet_netfamily(sa->ss_family); 180 return info; 181 } 182 183 static VncBasicInfo *vnc_basic_info_get_from_server_addr(int fd) 184 { 185 struct sockaddr_storage sa; 186 socklen_t salen; 187 188 salen = sizeof(sa); 189 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 190 return NULL; 191 } 192 193 return vnc_basic_info_get(&sa, salen); 194 } 195 196 static VncBasicInfo *vnc_basic_info_get_from_remote_addr(int fd) 197 { 198 struct sockaddr_storage sa; 199 socklen_t salen; 200 201 salen = sizeof(sa); 202 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 203 return NULL; 204 } 205 206 return vnc_basic_info_get(&sa, salen); 207 } 208 209 static const char *vnc_auth_name(VncDisplay *vd) { 210 switch (vd->auth) { 211 case VNC_AUTH_INVALID: 212 return "invalid"; 213 case VNC_AUTH_NONE: 214 return "none"; 215 case VNC_AUTH_VNC: 216 return "vnc"; 217 case VNC_AUTH_RA2: 218 return "ra2"; 219 case VNC_AUTH_RA2NE: 220 return "ra2ne"; 221 case VNC_AUTH_TIGHT: 222 return "tight"; 223 case VNC_AUTH_ULTRA: 224 return "ultra"; 225 case VNC_AUTH_TLS: 226 return "tls"; 227 case VNC_AUTH_VENCRYPT: 228 switch (vd->subauth) { 229 case VNC_AUTH_VENCRYPT_PLAIN: 230 return "vencrypt+plain"; 231 case VNC_AUTH_VENCRYPT_TLSNONE: 232 return "vencrypt+tls+none"; 233 case VNC_AUTH_VENCRYPT_TLSVNC: 234 return "vencrypt+tls+vnc"; 235 case VNC_AUTH_VENCRYPT_TLSPLAIN: 236 return "vencrypt+tls+plain"; 237 case VNC_AUTH_VENCRYPT_X509NONE: 238 return "vencrypt+x509+none"; 239 case VNC_AUTH_VENCRYPT_X509VNC: 240 return "vencrypt+x509+vnc"; 241 case VNC_AUTH_VENCRYPT_X509PLAIN: 242 return "vencrypt+x509+plain"; 243 case VNC_AUTH_VENCRYPT_TLSSASL: 244 return "vencrypt+tls+sasl"; 245 case VNC_AUTH_VENCRYPT_X509SASL: 246 return "vencrypt+x509+sasl"; 247 default: 248 return "vencrypt"; 249 } 250 case VNC_AUTH_SASL: 251 return "sasl"; 252 } 253 return "unknown"; 254 } 255 256 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 257 { 258 VncServerInfo *info; 259 VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vd->lsock); 260 if (!bi) { 261 return NULL; 262 } 263 264 info = g_malloc(sizeof(*info)); 265 info->base = bi; 266 info->has_auth = true; 267 info->auth = g_strdup(vnc_auth_name(vd)); 268 return info; 269 } 270 271 static void vnc_client_cache_auth(VncState *client) 272 { 273 if (!client->info) { 274 return; 275 } 276 277 if (client->tls) { 278 client->info->x509_dname = 279 qcrypto_tls_session_get_peer_name(client->tls); 280 client->info->has_x509_dname = 281 client->info->x509_dname != NULL; 282 } 283 #ifdef CONFIG_VNC_SASL 284 if (client->sasl.conn && 285 client->sasl.username) { 286 client->info->has_sasl_username = true; 287 client->info->sasl_username = g_strdup(client->sasl.username); 288 } 289 #endif 290 } 291 292 static void vnc_client_cache_addr(VncState *client) 293 { 294 VncBasicInfo *bi = vnc_basic_info_get_from_remote_addr(client->csock); 295 296 if (bi) { 297 client->info = g_malloc0(sizeof(*client->info)); 298 client->info->base = bi; 299 } 300 } 301 302 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 303 { 304 VncServerInfo *si; 305 306 if (!vs->info) { 307 return; 308 } 309 g_assert(vs->info->base); 310 311 si = vnc_server_info_get(vs->vd); 312 if (!si) { 313 return; 314 } 315 316 switch (event) { 317 case QAPI_EVENT_VNC_CONNECTED: 318 qapi_event_send_vnc_connected(si, vs->info->base, &error_abort); 319 break; 320 case QAPI_EVENT_VNC_INITIALIZED: 321 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 322 break; 323 case QAPI_EVENT_VNC_DISCONNECTED: 324 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 325 break; 326 default: 327 break; 328 } 329 330 qapi_free_VncServerInfo(si); 331 } 332 333 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 334 { 335 struct sockaddr_storage sa; 336 socklen_t salen = sizeof(sa); 337 char host[NI_MAXHOST]; 338 char serv[NI_MAXSERV]; 339 VncClientInfo *info; 340 341 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 342 return NULL; 343 } 344 345 if (getnameinfo((struct sockaddr *)&sa, salen, 346 host, sizeof(host), 347 serv, sizeof(serv), 348 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 349 return NULL; 350 } 351 352 info = g_malloc0(sizeof(*info)); 353 info->base = g_malloc0(sizeof(*info->base)); 354 info->base->host = g_strdup(host); 355 info->base->service = g_strdup(serv); 356 info->base->family = inet_netfamily(sa.ss_family); 357 info->base->websocket = client->websocket; 358 359 if (client->tls) { 360 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 361 info->has_x509_dname = info->x509_dname != NULL; 362 } 363 #ifdef CONFIG_VNC_SASL 364 if (client->sasl.conn && client->sasl.username) { 365 info->has_sasl_username = true; 366 info->sasl_username = g_strdup(client->sasl.username); 367 } 368 #endif 369 370 return info; 371 } 372 373 static VncDisplay *vnc_display_find(const char *id) 374 { 375 VncDisplay *vd; 376 377 if (id == NULL) { 378 return QTAILQ_FIRST(&vnc_displays); 379 } 380 QTAILQ_FOREACH(vd, &vnc_displays, next) { 381 if (strcmp(id, vd->id) == 0) { 382 return vd; 383 } 384 } 385 return NULL; 386 } 387 388 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 389 { 390 VncClientInfoList *cinfo, *prev = NULL; 391 VncState *client; 392 393 QTAILQ_FOREACH(client, &vd->clients, next) { 394 cinfo = g_new0(VncClientInfoList, 1); 395 cinfo->value = qmp_query_vnc_client(client); 396 cinfo->next = prev; 397 prev = cinfo; 398 } 399 return prev; 400 } 401 402 VncInfo *qmp_query_vnc(Error **errp) 403 { 404 VncInfo *info = g_malloc0(sizeof(*info)); 405 VncDisplay *vd = vnc_display_find(NULL); 406 407 if (vd == NULL || !vd->enabled) { 408 info->enabled = false; 409 } else { 410 struct sockaddr_storage sa; 411 socklen_t salen = sizeof(sa); 412 char host[NI_MAXHOST]; 413 char serv[NI_MAXSERV]; 414 415 info->enabled = true; 416 417 /* for compatibility with the original command */ 418 info->has_clients = true; 419 info->clients = qmp_query_client_list(vd); 420 421 if (vd->lsock == -1) { 422 return info; 423 } 424 425 if (getsockname(vd->lsock, (struct sockaddr *)&sa, 426 &salen) == -1) { 427 error_setg(errp, QERR_UNDEFINED_ERROR); 428 goto out_error; 429 } 430 431 if (getnameinfo((struct sockaddr *)&sa, salen, 432 host, sizeof(host), 433 serv, sizeof(serv), 434 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 435 error_setg(errp, QERR_UNDEFINED_ERROR); 436 goto out_error; 437 } 438 439 info->has_host = true; 440 info->host = g_strdup(host); 441 442 info->has_service = true; 443 info->service = g_strdup(serv); 444 445 info->has_family = true; 446 info->family = inet_netfamily(sa.ss_family); 447 448 info->has_auth = true; 449 info->auth = g_strdup(vnc_auth_name(vd)); 450 } 451 452 return info; 453 454 out_error: 455 qapi_free_VncInfo(info); 456 return NULL; 457 } 458 459 static VncBasicInfoList *qmp_query_server_entry(int socket, 460 bool websocket, 461 VncBasicInfoList *prev) 462 { 463 VncBasicInfoList *list; 464 VncBasicInfo *info; 465 struct sockaddr_storage sa; 466 socklen_t salen = sizeof(sa); 467 char host[NI_MAXHOST]; 468 char serv[NI_MAXSERV]; 469 470 if (getsockname(socket, (struct sockaddr *)&sa, &salen) < 0 || 471 getnameinfo((struct sockaddr *)&sa, salen, 472 host, sizeof(host), serv, sizeof(serv), 473 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 474 return prev; 475 } 476 477 info = g_new0(VncBasicInfo, 1); 478 info->host = g_strdup(host); 479 info->service = g_strdup(serv); 480 info->family = inet_netfamily(sa.ss_family); 481 info->websocket = websocket; 482 483 list = g_new0(VncBasicInfoList, 1); 484 list->value = info; 485 list->next = prev; 486 return list; 487 } 488 489 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info) 490 { 491 switch (vd->auth) { 492 case VNC_AUTH_VNC: 493 info->auth = VNC_PRIMARY_AUTH_VNC; 494 break; 495 case VNC_AUTH_RA2: 496 info->auth = VNC_PRIMARY_AUTH_RA2; 497 break; 498 case VNC_AUTH_RA2NE: 499 info->auth = VNC_PRIMARY_AUTH_RA2NE; 500 break; 501 case VNC_AUTH_TIGHT: 502 info->auth = VNC_PRIMARY_AUTH_TIGHT; 503 break; 504 case VNC_AUTH_ULTRA: 505 info->auth = VNC_PRIMARY_AUTH_ULTRA; 506 break; 507 case VNC_AUTH_TLS: 508 info->auth = VNC_PRIMARY_AUTH_TLS; 509 break; 510 case VNC_AUTH_VENCRYPT: 511 info->auth = VNC_PRIMARY_AUTH_VENCRYPT; 512 info->has_vencrypt = true; 513 switch (vd->subauth) { 514 case VNC_AUTH_VENCRYPT_PLAIN: 515 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 516 break; 517 case VNC_AUTH_VENCRYPT_TLSNONE: 518 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 519 break; 520 case VNC_AUTH_VENCRYPT_TLSVNC: 521 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 522 break; 523 case VNC_AUTH_VENCRYPT_TLSPLAIN: 524 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 525 break; 526 case VNC_AUTH_VENCRYPT_X509NONE: 527 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 528 break; 529 case VNC_AUTH_VENCRYPT_X509VNC: 530 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 531 break; 532 case VNC_AUTH_VENCRYPT_X509PLAIN: 533 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 534 break; 535 case VNC_AUTH_VENCRYPT_TLSSASL: 536 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 537 break; 538 case VNC_AUTH_VENCRYPT_X509SASL: 539 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 540 break; 541 default: 542 info->has_vencrypt = false; 543 break; 544 } 545 break; 546 case VNC_AUTH_SASL: 547 info->auth = VNC_PRIMARY_AUTH_SASL; 548 break; 549 case VNC_AUTH_NONE: 550 default: 551 info->auth = VNC_PRIMARY_AUTH_NONE; 552 break; 553 } 554 } 555 556 VncInfo2List *qmp_query_vnc_servers(Error **errp) 557 { 558 VncInfo2List *item, *prev = NULL; 559 VncInfo2 *info; 560 VncDisplay *vd; 561 DeviceState *dev; 562 563 QTAILQ_FOREACH(vd, &vnc_displays, next) { 564 info = g_new0(VncInfo2, 1); 565 info->id = g_strdup(vd->id); 566 info->clients = qmp_query_client_list(vd); 567 qmp_query_auth(vd, info); 568 if (vd->dcl.con) { 569 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 570 "device", NULL)); 571 info->has_display = true; 572 info->display = g_strdup(dev->id); 573 } 574 if (vd->lsock != -1) { 575 info->server = qmp_query_server_entry(vd->lsock, false, 576 info->server); 577 } 578 if (vd->lwebsock != -1) { 579 info->server = qmp_query_server_entry(vd->lwebsock, true, 580 info->server); 581 } 582 583 item = g_new0(VncInfo2List, 1); 584 item->value = info; 585 item->next = prev; 586 prev = item; 587 } 588 return prev; 589 } 590 591 /* TODO 592 1) Get the queue working for IO. 593 2) there is some weirdness when using the -S option (the screen is grey 594 and not totally invalidated 595 3) resolutions > 1024 596 */ 597 598 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 599 static void vnc_disconnect_start(VncState *vs); 600 601 static void vnc_colordepth(VncState *vs); 602 static void framebuffer_update_request(VncState *vs, int incremental, 603 int x_position, int y_position, 604 int w, int h); 605 static void vnc_refresh(DisplayChangeListener *dcl); 606 static int vnc_refresh_server_surface(VncDisplay *vd); 607 608 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 609 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 610 int width, int height, 611 int x, int y, int w, int h) { 612 /* this is needed this to ensure we updated all affected 613 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 614 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 615 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 616 617 x = MIN(x, width); 618 y = MIN(y, height); 619 w = MIN(x + w, width) - x; 620 h = MIN(y + h, height); 621 622 for (; y < h; y++) { 623 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 624 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 625 } 626 } 627 628 static void vnc_dpy_update(DisplayChangeListener *dcl, 629 int x, int y, int w, int h) 630 { 631 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 632 struct VncSurface *s = &vd->guest; 633 int width = pixman_image_get_width(vd->server); 634 int height = pixman_image_get_height(vd->server); 635 636 vnc_set_area_dirty(s->dirty, width, height, x, y, w, h); 637 } 638 639 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 640 int32_t encoding) 641 { 642 vnc_write_u16(vs, x); 643 vnc_write_u16(vs, y); 644 vnc_write_u16(vs, w); 645 vnc_write_u16(vs, h); 646 647 vnc_write_s32(vs, encoding); 648 } 649 650 651 static void vnc_desktop_resize(VncState *vs) 652 { 653 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 654 return; 655 } 656 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 657 vs->client_height == pixman_image_get_height(vs->vd->server)) { 658 return; 659 } 660 vs->client_width = pixman_image_get_width(vs->vd->server); 661 vs->client_height = pixman_image_get_height(vs->vd->server); 662 vnc_lock_output(vs); 663 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 664 vnc_write_u8(vs, 0); 665 vnc_write_u16(vs, 1); /* number of rects */ 666 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 667 VNC_ENCODING_DESKTOPRESIZE); 668 vnc_unlock_output(vs); 669 vnc_flush(vs); 670 } 671 672 static void vnc_abort_display_jobs(VncDisplay *vd) 673 { 674 VncState *vs; 675 676 QTAILQ_FOREACH(vs, &vd->clients, next) { 677 vnc_lock_output(vs); 678 vs->abort = true; 679 vnc_unlock_output(vs); 680 } 681 QTAILQ_FOREACH(vs, &vd->clients, next) { 682 vnc_jobs_join(vs); 683 } 684 QTAILQ_FOREACH(vs, &vd->clients, next) { 685 vnc_lock_output(vs); 686 vs->abort = false; 687 vnc_unlock_output(vs); 688 } 689 } 690 691 int vnc_server_fb_stride(VncDisplay *vd) 692 { 693 return pixman_image_get_stride(vd->server); 694 } 695 696 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 697 { 698 uint8_t *ptr; 699 700 ptr = (uint8_t *)pixman_image_get_data(vd->server); 701 ptr += y * vnc_server_fb_stride(vd); 702 ptr += x * VNC_SERVER_FB_BYTES; 703 return ptr; 704 } 705 706 static void vnc_dpy_switch(DisplayChangeListener *dcl, 707 DisplaySurface *surface) 708 { 709 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 710 VncState *vs; 711 int width, height; 712 713 vnc_abort_display_jobs(vd); 714 715 /* server surface */ 716 qemu_pixman_image_unref(vd->server); 717 vd->ds = surface; 718 width = MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 719 VNC_DIRTY_PIXELS_PER_BIT)); 720 height = MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 721 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 722 width, height, NULL, 0); 723 724 /* guest surface */ 725 #if 0 /* FIXME */ 726 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 727 console_color_init(ds); 728 #endif 729 qemu_pixman_image_unref(vd->guest.fb); 730 vd->guest.fb = pixman_image_ref(surface->image); 731 vd->guest.format = surface->format; 732 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 733 vnc_set_area_dirty(vd->guest.dirty, width, height, 0, 0, 734 width, height); 735 736 QTAILQ_FOREACH(vs, &vd->clients, next) { 737 vnc_colordepth(vs); 738 vnc_desktop_resize(vs); 739 if (vs->vd->cursor) { 740 vnc_cursor_define(vs); 741 } 742 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 743 vnc_set_area_dirty(vs->dirty, width, height, 0, 0, 744 width, height); 745 } 746 } 747 748 /* fastest code */ 749 static void vnc_write_pixels_copy(VncState *vs, 750 void *pixels, int size) 751 { 752 vnc_write(vs, pixels, size); 753 } 754 755 /* slowest but generic code. */ 756 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 757 { 758 uint8_t r, g, b; 759 760 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 761 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 762 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 763 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 764 #else 765 # error need some bits here if you change VNC_SERVER_FB_FORMAT 766 #endif 767 v = (r << vs->client_pf.rshift) | 768 (g << vs->client_pf.gshift) | 769 (b << vs->client_pf.bshift); 770 switch (vs->client_pf.bytes_per_pixel) { 771 case 1: 772 buf[0] = v; 773 break; 774 case 2: 775 if (vs->client_be) { 776 buf[0] = v >> 8; 777 buf[1] = v; 778 } else { 779 buf[1] = v >> 8; 780 buf[0] = v; 781 } 782 break; 783 default: 784 case 4: 785 if (vs->client_be) { 786 buf[0] = v >> 24; 787 buf[1] = v >> 16; 788 buf[2] = v >> 8; 789 buf[3] = v; 790 } else { 791 buf[3] = v >> 24; 792 buf[2] = v >> 16; 793 buf[1] = v >> 8; 794 buf[0] = v; 795 } 796 break; 797 } 798 } 799 800 static void vnc_write_pixels_generic(VncState *vs, 801 void *pixels1, int size) 802 { 803 uint8_t buf[4]; 804 805 if (VNC_SERVER_FB_BYTES == 4) { 806 uint32_t *pixels = pixels1; 807 int n, i; 808 n = size >> 2; 809 for (i = 0; i < n; i++) { 810 vnc_convert_pixel(vs, buf, pixels[i]); 811 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 812 } 813 } 814 } 815 816 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 817 { 818 int i; 819 uint8_t *row; 820 VncDisplay *vd = vs->vd; 821 822 row = vnc_server_fb_ptr(vd, x, y); 823 for (i = 0; i < h; i++) { 824 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 825 row += vnc_server_fb_stride(vd); 826 } 827 return 1; 828 } 829 830 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 831 { 832 int n = 0; 833 834 switch(vs->vnc_encoding) { 835 case VNC_ENCODING_ZLIB: 836 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 837 break; 838 case VNC_ENCODING_HEXTILE: 839 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 840 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 841 break; 842 case VNC_ENCODING_TIGHT: 843 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 844 break; 845 case VNC_ENCODING_TIGHT_PNG: 846 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 847 break; 848 case VNC_ENCODING_ZRLE: 849 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 850 break; 851 case VNC_ENCODING_ZYWRLE: 852 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 853 break; 854 default: 855 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 856 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 857 break; 858 } 859 return n; 860 } 861 862 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 863 { 864 /* send bitblit op to the vnc client */ 865 vnc_lock_output(vs); 866 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 867 vnc_write_u8(vs, 0); 868 vnc_write_u16(vs, 1); /* number of rects */ 869 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 870 vnc_write_u16(vs, src_x); 871 vnc_write_u16(vs, src_y); 872 vnc_unlock_output(vs); 873 vnc_flush(vs); 874 } 875 876 static void vnc_dpy_copy(DisplayChangeListener *dcl, 877 int src_x, int src_y, 878 int dst_x, int dst_y, int w, int h) 879 { 880 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 881 VncState *vs, *vn; 882 uint8_t *src_row; 883 uint8_t *dst_row; 884 int i, x, y, pitch, inc, w_lim, s; 885 int cmp_bytes; 886 887 vnc_refresh_server_surface(vd); 888 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 889 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 890 vs->force_update = 1; 891 vnc_update_client(vs, 1, true); 892 /* vs might be free()ed here */ 893 } 894 } 895 896 /* do bitblit op on the local surface too */ 897 pitch = vnc_server_fb_stride(vd); 898 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 899 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 900 y = dst_y; 901 inc = 1; 902 if (dst_y > src_y) { 903 /* copy backwards */ 904 src_row += pitch * (h-1); 905 dst_row += pitch * (h-1); 906 pitch = -pitch; 907 y = dst_y + h - 1; 908 inc = -1; 909 } 910 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 911 if (w_lim < 0) { 912 w_lim = w; 913 } else { 914 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 915 } 916 for (i = 0; i < h; i++) { 917 for (x = 0; x <= w_lim; 918 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 919 if (x == w_lim) { 920 if ((s = w - w_lim) == 0) 921 break; 922 } else if (!x) { 923 s = (VNC_DIRTY_PIXELS_PER_BIT - 924 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 925 s = MIN(s, w_lim); 926 } else { 927 s = VNC_DIRTY_PIXELS_PER_BIT; 928 } 929 cmp_bytes = s * VNC_SERVER_FB_BYTES; 930 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 931 continue; 932 memmove(dst_row, src_row, cmp_bytes); 933 QTAILQ_FOREACH(vs, &vd->clients, next) { 934 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 935 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 936 vs->dirty[y]); 937 } 938 } 939 } 940 src_row += pitch - w * VNC_SERVER_FB_BYTES; 941 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 942 y += inc; 943 } 944 945 QTAILQ_FOREACH(vs, &vd->clients, next) { 946 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 947 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 948 } 949 } 950 } 951 952 static void vnc_mouse_set(DisplayChangeListener *dcl, 953 int x, int y, int visible) 954 { 955 /* can we ask the client(s) to move the pointer ??? */ 956 } 957 958 static int vnc_cursor_define(VncState *vs) 959 { 960 QEMUCursor *c = vs->vd->cursor; 961 int isize; 962 963 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 964 vnc_lock_output(vs); 965 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 966 vnc_write_u8(vs, 0); /* padding */ 967 vnc_write_u16(vs, 1); /* # of rects */ 968 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 969 VNC_ENCODING_RICH_CURSOR); 970 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 971 vnc_write_pixels_generic(vs, c->data, isize); 972 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 973 vnc_unlock_output(vs); 974 return 0; 975 } 976 return -1; 977 } 978 979 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 980 QEMUCursor *c) 981 { 982 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 983 VncState *vs; 984 985 cursor_put(vd->cursor); 986 g_free(vd->cursor_mask); 987 988 vd->cursor = c; 989 cursor_get(vd->cursor); 990 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 991 vd->cursor_mask = g_malloc0(vd->cursor_msize); 992 cursor_get_mono_mask(c, 0, vd->cursor_mask); 993 994 QTAILQ_FOREACH(vs, &vd->clients, next) { 995 vnc_cursor_define(vs); 996 } 997 } 998 999 static int find_and_clear_dirty_height(VncState *vs, 1000 int y, int last_x, int x, int height) 1001 { 1002 int h; 1003 1004 for (h = 1; h < (height - y); h++) { 1005 if (!test_bit(last_x, vs->dirty[y + h])) { 1006 break; 1007 } 1008 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1009 } 1010 1011 return h; 1012 } 1013 1014 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 1015 { 1016 vs->has_dirty += has_dirty; 1017 if (vs->need_update && vs->csock != -1) { 1018 VncDisplay *vd = vs->vd; 1019 VncJob *job; 1020 int y; 1021 int height, width; 1022 int n = 0; 1023 1024 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 1025 /* kernel send buffers are full -> drop frames to throttle */ 1026 return 0; 1027 1028 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 1029 return 0; 1030 1031 /* 1032 * Send screen updates to the vnc client using the server 1033 * surface and server dirty map. guest surface updates 1034 * happening in parallel don't disturb us, the next pass will 1035 * send them to the client. 1036 */ 1037 job = vnc_job_new(vs); 1038 1039 height = pixman_image_get_height(vd->server); 1040 width = pixman_image_get_width(vd->server); 1041 1042 y = 0; 1043 for (;;) { 1044 int x, h; 1045 unsigned long x2; 1046 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1047 height * VNC_DIRTY_BPL(vs), 1048 y * VNC_DIRTY_BPL(vs)); 1049 if (offset == height * VNC_DIRTY_BPL(vs)) { 1050 /* no more dirty bits */ 1051 break; 1052 } 1053 y = offset / VNC_DIRTY_BPL(vs); 1054 x = offset % VNC_DIRTY_BPL(vs); 1055 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1056 VNC_DIRTY_BPL(vs), x); 1057 bitmap_clear(vs->dirty[y], x, x2 - x); 1058 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1059 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1060 if (x2 > x) { 1061 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1062 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1063 } 1064 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1065 y += h; 1066 if (y == height) { 1067 break; 1068 } 1069 } 1070 } 1071 1072 vnc_job_push(job); 1073 if (sync) { 1074 vnc_jobs_join(vs); 1075 } 1076 vs->force_update = 0; 1077 vs->has_dirty = 0; 1078 return n; 1079 } 1080 1081 if (vs->csock == -1) { 1082 vnc_disconnect_finish(vs); 1083 } else if (sync) { 1084 vnc_jobs_join(vs); 1085 } 1086 1087 return 0; 1088 } 1089 1090 /* audio */ 1091 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1092 { 1093 VncState *vs = opaque; 1094 1095 switch (cmd) { 1096 case AUD_CNOTIFY_DISABLE: 1097 vnc_lock_output(vs); 1098 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1099 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1100 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1101 vnc_unlock_output(vs); 1102 vnc_flush(vs); 1103 break; 1104 1105 case AUD_CNOTIFY_ENABLE: 1106 vnc_lock_output(vs); 1107 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1108 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1109 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1110 vnc_unlock_output(vs); 1111 vnc_flush(vs); 1112 break; 1113 } 1114 } 1115 1116 static void audio_capture_destroy(void *opaque) 1117 { 1118 } 1119 1120 static void audio_capture(void *opaque, void *buf, int size) 1121 { 1122 VncState *vs = opaque; 1123 1124 vnc_lock_output(vs); 1125 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1126 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1127 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1128 vnc_write_u32(vs, size); 1129 vnc_write(vs, buf, size); 1130 vnc_unlock_output(vs); 1131 vnc_flush(vs); 1132 } 1133 1134 static void audio_add(VncState *vs) 1135 { 1136 struct audio_capture_ops ops; 1137 1138 if (vs->audio_cap) { 1139 error_report("audio already running"); 1140 return; 1141 } 1142 1143 ops.notify = audio_capture_notify; 1144 ops.destroy = audio_capture_destroy; 1145 ops.capture = audio_capture; 1146 1147 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1148 if (!vs->audio_cap) { 1149 error_report("Failed to add audio capture"); 1150 } 1151 } 1152 1153 static void audio_del(VncState *vs) 1154 { 1155 if (vs->audio_cap) { 1156 AUD_del_capture(vs->audio_cap, vs); 1157 vs->audio_cap = NULL; 1158 } 1159 } 1160 1161 static void vnc_disconnect_start(VncState *vs) 1162 { 1163 if (vs->csock == -1) 1164 return; 1165 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1166 qemu_set_fd_handler(vs->csock, NULL, NULL, NULL); 1167 closesocket(vs->csock); 1168 vs->csock = -1; 1169 } 1170 1171 void vnc_disconnect_finish(VncState *vs) 1172 { 1173 int i; 1174 1175 vnc_jobs_join(vs); /* Wait encoding jobs */ 1176 1177 vnc_lock_output(vs); 1178 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1179 1180 buffer_free(&vs->input); 1181 buffer_free(&vs->output); 1182 buffer_free(&vs->ws_input); 1183 buffer_free(&vs->ws_output); 1184 1185 qapi_free_VncClientInfo(vs->info); 1186 1187 vnc_zlib_clear(vs); 1188 vnc_tight_clear(vs); 1189 vnc_zrle_clear(vs); 1190 1191 qcrypto_tls_session_free(vs->tls); 1192 #ifdef CONFIG_VNC_SASL 1193 vnc_sasl_client_cleanup(vs); 1194 #endif /* CONFIG_VNC_SASL */ 1195 audio_del(vs); 1196 vnc_release_modifiers(vs); 1197 1198 if (vs->initialized) { 1199 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1200 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1201 } 1202 1203 if (vs->vd->lock_key_sync) 1204 qemu_remove_led_event_handler(vs->led); 1205 vnc_unlock_output(vs); 1206 1207 qemu_mutex_destroy(&vs->output_mutex); 1208 if (vs->bh != NULL) { 1209 qemu_bh_delete(vs->bh); 1210 } 1211 buffer_free(&vs->jobs_buffer); 1212 1213 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1214 g_free(vs->lossy_rect[i]); 1215 } 1216 g_free(vs->lossy_rect); 1217 g_free(vs); 1218 } 1219 1220 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, int last_errno) 1221 { 1222 if (ret == 0 || ret == -1) { 1223 if (ret == -1) { 1224 switch (last_errno) { 1225 case EINTR: 1226 case EAGAIN: 1227 #ifdef _WIN32 1228 case WSAEWOULDBLOCK: 1229 #endif 1230 return 0; 1231 default: 1232 break; 1233 } 1234 } 1235 1236 VNC_DEBUG("Closing down client sock: ret %zd, errno %d\n", 1237 ret, ret < 0 ? last_errno : 0); 1238 vnc_disconnect_start(vs); 1239 1240 return 0; 1241 } 1242 return ret; 1243 } 1244 1245 1246 void vnc_client_error(VncState *vs) 1247 { 1248 VNC_DEBUG("Closing down client sock: protocol error\n"); 1249 vnc_disconnect_start(vs); 1250 } 1251 1252 1253 ssize_t vnc_tls_pull(char *buf, size_t len, void *opaque) 1254 { 1255 VncState *vs = opaque; 1256 ssize_t ret; 1257 1258 retry: 1259 ret = qemu_recv(vs->csock, buf, len, 0); 1260 if (ret < 0) { 1261 if (errno == EINTR) { 1262 goto retry; 1263 } 1264 return -1; 1265 } 1266 return ret; 1267 } 1268 1269 1270 ssize_t vnc_tls_push(const char *buf, size_t len, void *opaque) 1271 { 1272 VncState *vs = opaque; 1273 ssize_t ret; 1274 1275 retry: 1276 ret = send(vs->csock, buf, len, 0); 1277 if (ret < 0) { 1278 if (errno == EINTR) { 1279 goto retry; 1280 } 1281 return -1; 1282 } 1283 return ret; 1284 } 1285 1286 1287 /* 1288 * Called to write a chunk of data to the client socket. The data may 1289 * be the raw data, or may have already been encoded by SASL. 1290 * The data will be written either straight onto the socket, or 1291 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1292 * 1293 * NB, it is theoretically possible to have 2 layers of encryption, 1294 * both SASL, and this TLS layer. It is highly unlikely in practice 1295 * though, since SASL encryption will typically be a no-op if TLS 1296 * is active 1297 * 1298 * Returns the number of bytes written, which may be less than 1299 * the requested 'datalen' if the socket would block. Returns 1300 * -1 on error, and disconnects the client socket. 1301 */ 1302 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1303 { 1304 ssize_t ret; 1305 int err = 0; 1306 if (vs->tls) { 1307 ret = qcrypto_tls_session_write(vs->tls, (const char *)data, datalen); 1308 if (ret < 0) { 1309 err = errno; 1310 } 1311 } else { 1312 ret = send(vs->csock, (const void *)data, datalen, 0); 1313 if (ret < 0) { 1314 err = socket_error(); 1315 } 1316 } 1317 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1318 return vnc_client_io_error(vs, ret, err); 1319 } 1320 1321 1322 /* 1323 * Called to write buffered data to the client socket, when not 1324 * using any SASL SSF encryption layers. Will write as much data 1325 * as possible without blocking. If all buffered data is written, 1326 * will switch the FD poll() handler back to read monitoring. 1327 * 1328 * Returns the number of bytes written, which may be less than 1329 * the buffered output data if the socket would block. Returns 1330 * -1 on error, and disconnects the client socket. 1331 */ 1332 static ssize_t vnc_client_write_plain(VncState *vs) 1333 { 1334 ssize_t ret; 1335 1336 #ifdef CONFIG_VNC_SASL 1337 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1338 vs->output.buffer, vs->output.capacity, vs->output.offset, 1339 vs->sasl.waitWriteSSF); 1340 1341 if (vs->sasl.conn && 1342 vs->sasl.runSSF && 1343 vs->sasl.waitWriteSSF) { 1344 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1345 if (ret) 1346 vs->sasl.waitWriteSSF -= ret; 1347 } else 1348 #endif /* CONFIG_VNC_SASL */ 1349 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1350 if (!ret) 1351 return 0; 1352 1353 buffer_advance(&vs->output, ret); 1354 1355 if (vs->output.offset == 0) { 1356 qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); 1357 } 1358 1359 return ret; 1360 } 1361 1362 1363 /* 1364 * First function called whenever there is data to be written to 1365 * the client socket. Will delegate actual work according to whether 1366 * SASL SSF layers are enabled (thus requiring encryption calls) 1367 */ 1368 static void vnc_client_write_locked(void *opaque) 1369 { 1370 VncState *vs = opaque; 1371 1372 #ifdef CONFIG_VNC_SASL 1373 if (vs->sasl.conn && 1374 vs->sasl.runSSF && 1375 !vs->sasl.waitWriteSSF) { 1376 vnc_client_write_sasl(vs); 1377 } else 1378 #endif /* CONFIG_VNC_SASL */ 1379 { 1380 if (vs->encode_ws) { 1381 vnc_client_write_ws(vs); 1382 } else { 1383 vnc_client_write_plain(vs); 1384 } 1385 } 1386 } 1387 1388 void vnc_client_write(void *opaque) 1389 { 1390 VncState *vs = opaque; 1391 1392 vnc_lock_output(vs); 1393 if (vs->output.offset || vs->ws_output.offset) { 1394 vnc_client_write_locked(opaque); 1395 } else if (vs->csock != -1) { 1396 qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); 1397 } 1398 vnc_unlock_output(vs); 1399 } 1400 1401 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1402 { 1403 vs->read_handler = func; 1404 vs->read_handler_expect = expecting; 1405 } 1406 1407 1408 /* 1409 * Called to read a chunk of data from the client socket. The data may 1410 * be the raw data, or may need to be further decoded by SASL. 1411 * The data will be read either straight from to the socket, or 1412 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1413 * 1414 * NB, it is theoretically possible to have 2 layers of encryption, 1415 * both SASL, and this TLS layer. It is highly unlikely in practice 1416 * though, since SASL encryption will typically be a no-op if TLS 1417 * is active 1418 * 1419 * Returns the number of bytes read, which may be less than 1420 * the requested 'datalen' if the socket would block. Returns 1421 * -1 on error, and disconnects the client socket. 1422 */ 1423 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1424 { 1425 ssize_t ret; 1426 int err = -1; 1427 if (vs->tls) { 1428 ret = qcrypto_tls_session_read(vs->tls, (char *)data, datalen); 1429 if (ret < 0) { 1430 err = errno; 1431 } 1432 } else { 1433 ret = qemu_recv(vs->csock, data, datalen, 0); 1434 if (ret < 0) { 1435 err = socket_error(); 1436 } 1437 } 1438 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1439 return vnc_client_io_error(vs, ret, err); 1440 } 1441 1442 1443 /* 1444 * Called to read data from the client socket to the input buffer, 1445 * when not using any SASL SSF encryption layers. Will read as much 1446 * data as possible without blocking. 1447 * 1448 * Returns the number of bytes read. Returns -1 on error, and 1449 * disconnects the client socket. 1450 */ 1451 static ssize_t vnc_client_read_plain(VncState *vs) 1452 { 1453 ssize_t ret; 1454 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1455 vs->input.buffer, vs->input.capacity, vs->input.offset); 1456 buffer_reserve(&vs->input, 4096); 1457 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1458 if (!ret) 1459 return 0; 1460 vs->input.offset += ret; 1461 return ret; 1462 } 1463 1464 static void vnc_jobs_bh(void *opaque) 1465 { 1466 VncState *vs = opaque; 1467 1468 vnc_jobs_consume_buffer(vs); 1469 } 1470 1471 /* 1472 * First function called whenever there is more data to be read from 1473 * the client socket. Will delegate actual work according to whether 1474 * SASL SSF layers are enabled (thus requiring decryption calls) 1475 */ 1476 void vnc_client_read(void *opaque) 1477 { 1478 VncState *vs = opaque; 1479 ssize_t ret; 1480 1481 #ifdef CONFIG_VNC_SASL 1482 if (vs->sasl.conn && vs->sasl.runSSF) 1483 ret = vnc_client_read_sasl(vs); 1484 else 1485 #endif /* CONFIG_VNC_SASL */ 1486 if (vs->encode_ws) { 1487 ret = vnc_client_read_ws(vs); 1488 if (ret == -1) { 1489 vnc_disconnect_start(vs); 1490 return; 1491 } else if (ret == -2) { 1492 vnc_client_error(vs); 1493 return; 1494 } 1495 } else { 1496 ret = vnc_client_read_plain(vs); 1497 } 1498 if (!ret) { 1499 if (vs->csock == -1) 1500 vnc_disconnect_finish(vs); 1501 return; 1502 } 1503 1504 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1505 size_t len = vs->read_handler_expect; 1506 int ret; 1507 1508 ret = vs->read_handler(vs, vs->input.buffer, len); 1509 if (vs->csock == -1) { 1510 vnc_disconnect_finish(vs); 1511 return; 1512 } 1513 1514 if (!ret) { 1515 buffer_advance(&vs->input, len); 1516 } else { 1517 vs->read_handler_expect = ret; 1518 } 1519 } 1520 } 1521 1522 void vnc_write(VncState *vs, const void *data, size_t len) 1523 { 1524 buffer_reserve(&vs->output, len); 1525 1526 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1527 qemu_set_fd_handler(vs->csock, vnc_client_read, vnc_client_write, vs); 1528 } 1529 1530 buffer_append(&vs->output, data, len); 1531 } 1532 1533 void vnc_write_s32(VncState *vs, int32_t value) 1534 { 1535 vnc_write_u32(vs, *(uint32_t *)&value); 1536 } 1537 1538 void vnc_write_u32(VncState *vs, uint32_t value) 1539 { 1540 uint8_t buf[4]; 1541 1542 buf[0] = (value >> 24) & 0xFF; 1543 buf[1] = (value >> 16) & 0xFF; 1544 buf[2] = (value >> 8) & 0xFF; 1545 buf[3] = value & 0xFF; 1546 1547 vnc_write(vs, buf, 4); 1548 } 1549 1550 void vnc_write_u16(VncState *vs, uint16_t value) 1551 { 1552 uint8_t buf[2]; 1553 1554 buf[0] = (value >> 8) & 0xFF; 1555 buf[1] = value & 0xFF; 1556 1557 vnc_write(vs, buf, 2); 1558 } 1559 1560 void vnc_write_u8(VncState *vs, uint8_t value) 1561 { 1562 vnc_write(vs, (char *)&value, 1); 1563 } 1564 1565 void vnc_flush(VncState *vs) 1566 { 1567 vnc_lock_output(vs); 1568 if (vs->csock != -1 && (vs->output.offset || 1569 vs->ws_output.offset)) { 1570 vnc_client_write_locked(vs); 1571 } 1572 vnc_unlock_output(vs); 1573 } 1574 1575 static uint8_t read_u8(uint8_t *data, size_t offset) 1576 { 1577 return data[offset]; 1578 } 1579 1580 static uint16_t read_u16(uint8_t *data, size_t offset) 1581 { 1582 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1583 } 1584 1585 static int32_t read_s32(uint8_t *data, size_t offset) 1586 { 1587 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1588 (data[offset + 2] << 8) | data[offset + 3]); 1589 } 1590 1591 uint32_t read_u32(uint8_t *data, size_t offset) 1592 { 1593 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1594 (data[offset + 2] << 8) | data[offset + 3]); 1595 } 1596 1597 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1598 { 1599 } 1600 1601 static void check_pointer_type_change(Notifier *notifier, void *data) 1602 { 1603 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1604 int absolute = qemu_input_is_absolute(); 1605 1606 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1607 vnc_lock_output(vs); 1608 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1609 vnc_write_u8(vs, 0); 1610 vnc_write_u16(vs, 1); 1611 vnc_framebuffer_update(vs, absolute, 0, 1612 pixman_image_get_width(vs->vd->server), 1613 pixman_image_get_height(vs->vd->server), 1614 VNC_ENCODING_POINTER_TYPE_CHANGE); 1615 vnc_unlock_output(vs); 1616 vnc_flush(vs); 1617 } 1618 vs->absolute = absolute; 1619 } 1620 1621 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1622 { 1623 static uint32_t bmap[INPUT_BUTTON_MAX] = { 1624 [INPUT_BUTTON_LEFT] = 0x01, 1625 [INPUT_BUTTON_MIDDLE] = 0x02, 1626 [INPUT_BUTTON_RIGHT] = 0x04, 1627 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1628 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1629 }; 1630 QemuConsole *con = vs->vd->dcl.con; 1631 int width = pixman_image_get_width(vs->vd->server); 1632 int height = pixman_image_get_height(vs->vd->server); 1633 1634 if (vs->last_bmask != button_mask) { 1635 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1636 vs->last_bmask = button_mask; 1637 } 1638 1639 if (vs->absolute) { 1640 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1641 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1642 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1643 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1644 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1645 } else { 1646 if (vs->last_x != -1) { 1647 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1648 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1649 } 1650 vs->last_x = x; 1651 vs->last_y = y; 1652 } 1653 qemu_input_event_sync(); 1654 } 1655 1656 static void reset_keys(VncState *vs) 1657 { 1658 int i; 1659 for(i = 0; i < 256; i++) { 1660 if (vs->modifiers_state[i]) { 1661 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1662 vs->modifiers_state[i] = 0; 1663 } 1664 } 1665 } 1666 1667 static void press_key(VncState *vs, int keysym) 1668 { 1669 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1670 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1671 qemu_input_event_send_key_delay(0); 1672 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1673 qemu_input_event_send_key_delay(0); 1674 } 1675 1676 static int current_led_state(VncState *vs) 1677 { 1678 int ledstate = 0; 1679 1680 if (vs->modifiers_state[0x46]) { 1681 ledstate |= QEMU_SCROLL_LOCK_LED; 1682 } 1683 if (vs->modifiers_state[0x45]) { 1684 ledstate |= QEMU_NUM_LOCK_LED; 1685 } 1686 if (vs->modifiers_state[0x3a]) { 1687 ledstate |= QEMU_CAPS_LOCK_LED; 1688 } 1689 1690 return ledstate; 1691 } 1692 1693 static void vnc_led_state_change(VncState *vs) 1694 { 1695 int ledstate = 0; 1696 1697 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1698 return; 1699 } 1700 1701 ledstate = current_led_state(vs); 1702 vnc_lock_output(vs); 1703 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1704 vnc_write_u8(vs, 0); 1705 vnc_write_u16(vs, 1); 1706 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1707 vnc_write_u8(vs, ledstate); 1708 vnc_unlock_output(vs); 1709 vnc_flush(vs); 1710 } 1711 1712 static void kbd_leds(void *opaque, int ledstate) 1713 { 1714 VncState *vs = opaque; 1715 int caps, num, scr; 1716 bool has_changed = (ledstate != current_led_state(vs)); 1717 1718 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1719 (ledstate & QEMU_NUM_LOCK_LED), 1720 (ledstate & QEMU_SCROLL_LOCK_LED)); 1721 1722 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1723 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1724 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1725 1726 if (vs->modifiers_state[0x3a] != caps) { 1727 vs->modifiers_state[0x3a] = caps; 1728 } 1729 if (vs->modifiers_state[0x45] != num) { 1730 vs->modifiers_state[0x45] = num; 1731 } 1732 if (vs->modifiers_state[0x46] != scr) { 1733 vs->modifiers_state[0x46] = scr; 1734 } 1735 1736 /* Sending the current led state message to the client */ 1737 if (has_changed) { 1738 vnc_led_state_change(vs); 1739 } 1740 } 1741 1742 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1743 { 1744 /* QEMU console switch */ 1745 switch(keycode) { 1746 case 0x2a: /* Left Shift */ 1747 case 0x36: /* Right Shift */ 1748 case 0x1d: /* Left CTRL */ 1749 case 0x9d: /* Right CTRL */ 1750 case 0x38: /* Left ALT */ 1751 case 0xb8: /* Right ALT */ 1752 if (down) 1753 vs->modifiers_state[keycode] = 1; 1754 else 1755 vs->modifiers_state[keycode] = 0; 1756 break; 1757 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1758 if (vs->vd->dcl.con == NULL && 1759 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1760 /* Reset the modifiers sent to the current console */ 1761 reset_keys(vs); 1762 console_select(keycode - 0x02); 1763 return; 1764 } 1765 break; 1766 case 0x3a: /* CapsLock */ 1767 case 0x45: /* NumLock */ 1768 if (down) 1769 vs->modifiers_state[keycode] ^= 1; 1770 break; 1771 } 1772 1773 /* Turn off the lock state sync logic if the client support the led 1774 state extension. 1775 */ 1776 if (down && vs->vd->lock_key_sync && 1777 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1778 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1779 /* If the numlock state needs to change then simulate an additional 1780 keypress before sending this one. This will happen if the user 1781 toggles numlock away from the VNC window. 1782 */ 1783 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1784 if (!vs->modifiers_state[0x45]) { 1785 trace_vnc_key_sync_numlock(true); 1786 vs->modifiers_state[0x45] = 1; 1787 press_key(vs, 0xff7f); 1788 } 1789 } else { 1790 if (vs->modifiers_state[0x45]) { 1791 trace_vnc_key_sync_numlock(false); 1792 vs->modifiers_state[0x45] = 0; 1793 press_key(vs, 0xff7f); 1794 } 1795 } 1796 } 1797 1798 if (down && vs->vd->lock_key_sync && 1799 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1800 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1801 /* If the capslock state needs to change then simulate an additional 1802 keypress before sending this one. This will happen if the user 1803 toggles capslock away from the VNC window. 1804 */ 1805 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1806 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1807 int capslock = !!(vs->modifiers_state[0x3a]); 1808 if (capslock) { 1809 if (uppercase == shift) { 1810 trace_vnc_key_sync_capslock(false); 1811 vs->modifiers_state[0x3a] = 0; 1812 press_key(vs, 0xffe5); 1813 } 1814 } else { 1815 if (uppercase != shift) { 1816 trace_vnc_key_sync_capslock(true); 1817 vs->modifiers_state[0x3a] = 1; 1818 press_key(vs, 0xffe5); 1819 } 1820 } 1821 } 1822 1823 if (qemu_console_is_graphic(NULL)) { 1824 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1825 } else { 1826 bool numlock = vs->modifiers_state[0x45]; 1827 bool control = (vs->modifiers_state[0x1d] || 1828 vs->modifiers_state[0x9d]); 1829 /* QEMU console emulation */ 1830 if (down) { 1831 switch (keycode) { 1832 case 0x2a: /* Left Shift */ 1833 case 0x36: /* Right Shift */ 1834 case 0x1d: /* Left CTRL */ 1835 case 0x9d: /* Right CTRL */ 1836 case 0x38: /* Left ALT */ 1837 case 0xb8: /* Right ALT */ 1838 break; 1839 case 0xc8: 1840 kbd_put_keysym(QEMU_KEY_UP); 1841 break; 1842 case 0xd0: 1843 kbd_put_keysym(QEMU_KEY_DOWN); 1844 break; 1845 case 0xcb: 1846 kbd_put_keysym(QEMU_KEY_LEFT); 1847 break; 1848 case 0xcd: 1849 kbd_put_keysym(QEMU_KEY_RIGHT); 1850 break; 1851 case 0xd3: 1852 kbd_put_keysym(QEMU_KEY_DELETE); 1853 break; 1854 case 0xc7: 1855 kbd_put_keysym(QEMU_KEY_HOME); 1856 break; 1857 case 0xcf: 1858 kbd_put_keysym(QEMU_KEY_END); 1859 break; 1860 case 0xc9: 1861 kbd_put_keysym(QEMU_KEY_PAGEUP); 1862 break; 1863 case 0xd1: 1864 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1865 break; 1866 1867 case 0x47: 1868 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1869 break; 1870 case 0x48: 1871 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1872 break; 1873 case 0x49: 1874 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1875 break; 1876 case 0x4b: 1877 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1878 break; 1879 case 0x4c: 1880 kbd_put_keysym('5'); 1881 break; 1882 case 0x4d: 1883 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1884 break; 1885 case 0x4f: 1886 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1887 break; 1888 case 0x50: 1889 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1890 break; 1891 case 0x51: 1892 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1893 break; 1894 case 0x52: 1895 kbd_put_keysym('0'); 1896 break; 1897 case 0x53: 1898 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1899 break; 1900 1901 case 0xb5: 1902 kbd_put_keysym('/'); 1903 break; 1904 case 0x37: 1905 kbd_put_keysym('*'); 1906 break; 1907 case 0x4a: 1908 kbd_put_keysym('-'); 1909 break; 1910 case 0x4e: 1911 kbd_put_keysym('+'); 1912 break; 1913 case 0x9c: 1914 kbd_put_keysym('\n'); 1915 break; 1916 1917 default: 1918 if (control) { 1919 kbd_put_keysym(sym & 0x1f); 1920 } else { 1921 kbd_put_keysym(sym); 1922 } 1923 break; 1924 } 1925 } 1926 } 1927 } 1928 1929 static void vnc_release_modifiers(VncState *vs) 1930 { 1931 static const int keycodes[] = { 1932 /* shift, control, alt keys, both left & right */ 1933 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1934 }; 1935 int i, keycode; 1936 1937 if (!qemu_console_is_graphic(NULL)) { 1938 return; 1939 } 1940 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1941 keycode = keycodes[i]; 1942 if (!vs->modifiers_state[keycode]) { 1943 continue; 1944 } 1945 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1946 } 1947 } 1948 1949 static const char *code2name(int keycode) 1950 { 1951 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1952 } 1953 1954 static void key_event(VncState *vs, int down, uint32_t sym) 1955 { 1956 int keycode; 1957 int lsym = sym; 1958 1959 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1960 lsym = lsym - 'A' + 'a'; 1961 } 1962 1963 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1964 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1965 do_key_event(vs, down, keycode, sym); 1966 } 1967 1968 static void ext_key_event(VncState *vs, int down, 1969 uint32_t sym, uint16_t keycode) 1970 { 1971 /* if the user specifies a keyboard layout, always use it */ 1972 if (keyboard_layout) { 1973 key_event(vs, down, sym); 1974 } else { 1975 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1976 do_key_event(vs, down, keycode, sym); 1977 } 1978 } 1979 1980 static void framebuffer_update_request(VncState *vs, int incremental, 1981 int x, int y, int w, int h) 1982 { 1983 int width = pixman_image_get_width(vs->vd->server); 1984 int height = pixman_image_get_height(vs->vd->server); 1985 1986 vs->need_update = 1; 1987 1988 if (incremental) { 1989 return; 1990 } 1991 1992 vs->force_update = 1; 1993 vnc_set_area_dirty(vs->dirty, width, height, x, y, w, h); 1994 } 1995 1996 static void send_ext_key_event_ack(VncState *vs) 1997 { 1998 vnc_lock_output(vs); 1999 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2000 vnc_write_u8(vs, 0); 2001 vnc_write_u16(vs, 1); 2002 vnc_framebuffer_update(vs, 0, 0, 2003 pixman_image_get_width(vs->vd->server), 2004 pixman_image_get_height(vs->vd->server), 2005 VNC_ENCODING_EXT_KEY_EVENT); 2006 vnc_unlock_output(vs); 2007 vnc_flush(vs); 2008 } 2009 2010 static void send_ext_audio_ack(VncState *vs) 2011 { 2012 vnc_lock_output(vs); 2013 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2014 vnc_write_u8(vs, 0); 2015 vnc_write_u16(vs, 1); 2016 vnc_framebuffer_update(vs, 0, 0, 2017 pixman_image_get_width(vs->vd->server), 2018 pixman_image_get_height(vs->vd->server), 2019 VNC_ENCODING_AUDIO); 2020 vnc_unlock_output(vs); 2021 vnc_flush(vs); 2022 } 2023 2024 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2025 { 2026 int i; 2027 unsigned int enc = 0; 2028 2029 vs->features = 0; 2030 vs->vnc_encoding = 0; 2031 vs->tight.compression = 9; 2032 vs->tight.quality = -1; /* Lossless by default */ 2033 vs->absolute = -1; 2034 2035 /* 2036 * Start from the end because the encodings are sent in order of preference. 2037 * This way the preferred encoding (first encoding defined in the array) 2038 * will be set at the end of the loop. 2039 */ 2040 for (i = n_encodings - 1; i >= 0; i--) { 2041 enc = encodings[i]; 2042 switch (enc) { 2043 case VNC_ENCODING_RAW: 2044 vs->vnc_encoding = enc; 2045 break; 2046 case VNC_ENCODING_COPYRECT: 2047 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2048 break; 2049 case VNC_ENCODING_HEXTILE: 2050 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2051 vs->vnc_encoding = enc; 2052 break; 2053 case VNC_ENCODING_TIGHT: 2054 vs->features |= VNC_FEATURE_TIGHT_MASK; 2055 vs->vnc_encoding = enc; 2056 break; 2057 #ifdef CONFIG_VNC_PNG 2058 case VNC_ENCODING_TIGHT_PNG: 2059 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2060 vs->vnc_encoding = enc; 2061 break; 2062 #endif 2063 case VNC_ENCODING_ZLIB: 2064 vs->features |= VNC_FEATURE_ZLIB_MASK; 2065 vs->vnc_encoding = enc; 2066 break; 2067 case VNC_ENCODING_ZRLE: 2068 vs->features |= VNC_FEATURE_ZRLE_MASK; 2069 vs->vnc_encoding = enc; 2070 break; 2071 case VNC_ENCODING_ZYWRLE: 2072 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2073 vs->vnc_encoding = enc; 2074 break; 2075 case VNC_ENCODING_DESKTOPRESIZE: 2076 vs->features |= VNC_FEATURE_RESIZE_MASK; 2077 break; 2078 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2079 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2080 break; 2081 case VNC_ENCODING_RICH_CURSOR: 2082 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2083 break; 2084 case VNC_ENCODING_EXT_KEY_EVENT: 2085 send_ext_key_event_ack(vs); 2086 break; 2087 case VNC_ENCODING_AUDIO: 2088 send_ext_audio_ack(vs); 2089 break; 2090 case VNC_ENCODING_WMVi: 2091 vs->features |= VNC_FEATURE_WMVI_MASK; 2092 break; 2093 case VNC_ENCODING_LED_STATE: 2094 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2095 break; 2096 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2097 vs->tight.compression = (enc & 0x0F); 2098 break; 2099 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2100 if (vs->vd->lossy) { 2101 vs->tight.quality = (enc & 0x0F); 2102 } 2103 break; 2104 default: 2105 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2106 break; 2107 } 2108 } 2109 vnc_desktop_resize(vs); 2110 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2111 vnc_led_state_change(vs); 2112 } 2113 2114 static void set_pixel_conversion(VncState *vs) 2115 { 2116 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2117 2118 if (fmt == VNC_SERVER_FB_FORMAT) { 2119 vs->write_pixels = vnc_write_pixels_copy; 2120 vnc_hextile_set_pixel_conversion(vs, 0); 2121 } else { 2122 vs->write_pixels = vnc_write_pixels_generic; 2123 vnc_hextile_set_pixel_conversion(vs, 1); 2124 } 2125 } 2126 2127 static void set_pixel_format(VncState *vs, 2128 int bits_per_pixel, int depth, 2129 int big_endian_flag, int true_color_flag, 2130 int red_max, int green_max, int blue_max, 2131 int red_shift, int green_shift, int blue_shift) 2132 { 2133 if (!true_color_flag) { 2134 vnc_client_error(vs); 2135 return; 2136 } 2137 2138 switch (bits_per_pixel) { 2139 case 8: 2140 case 16: 2141 case 32: 2142 break; 2143 default: 2144 vnc_client_error(vs); 2145 return; 2146 } 2147 2148 vs->client_pf.rmax = red_max; 2149 vs->client_pf.rbits = hweight_long(red_max); 2150 vs->client_pf.rshift = red_shift; 2151 vs->client_pf.rmask = red_max << red_shift; 2152 vs->client_pf.gmax = green_max; 2153 vs->client_pf.gbits = hweight_long(green_max); 2154 vs->client_pf.gshift = green_shift; 2155 vs->client_pf.gmask = green_max << green_shift; 2156 vs->client_pf.bmax = blue_max; 2157 vs->client_pf.bbits = hweight_long(blue_max); 2158 vs->client_pf.bshift = blue_shift; 2159 vs->client_pf.bmask = blue_max << blue_shift; 2160 vs->client_pf.bits_per_pixel = bits_per_pixel; 2161 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2162 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2163 vs->client_be = big_endian_flag; 2164 2165 set_pixel_conversion(vs); 2166 2167 graphic_hw_invalidate(vs->vd->dcl.con); 2168 graphic_hw_update(vs->vd->dcl.con); 2169 } 2170 2171 static void pixel_format_message (VncState *vs) { 2172 char pad[3] = { 0, 0, 0 }; 2173 2174 vs->client_pf = qemu_default_pixelformat(32); 2175 2176 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2177 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2178 2179 #ifdef HOST_WORDS_BIGENDIAN 2180 vnc_write_u8(vs, 1); /* big-endian-flag */ 2181 #else 2182 vnc_write_u8(vs, 0); /* big-endian-flag */ 2183 #endif 2184 vnc_write_u8(vs, 1); /* true-color-flag */ 2185 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2186 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2187 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2188 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2189 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2190 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2191 vnc_write(vs, pad, 3); /* padding */ 2192 2193 vnc_hextile_set_pixel_conversion(vs, 0); 2194 vs->write_pixels = vnc_write_pixels_copy; 2195 } 2196 2197 static void vnc_colordepth(VncState *vs) 2198 { 2199 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2200 /* Sending a WMVi message to notify the client*/ 2201 vnc_lock_output(vs); 2202 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2203 vnc_write_u8(vs, 0); 2204 vnc_write_u16(vs, 1); /* number of rects */ 2205 vnc_framebuffer_update(vs, 0, 0, 2206 pixman_image_get_width(vs->vd->server), 2207 pixman_image_get_height(vs->vd->server), 2208 VNC_ENCODING_WMVi); 2209 pixel_format_message(vs); 2210 vnc_unlock_output(vs); 2211 vnc_flush(vs); 2212 } else { 2213 set_pixel_conversion(vs); 2214 } 2215 } 2216 2217 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2218 { 2219 int i; 2220 uint16_t limit; 2221 VncDisplay *vd = vs->vd; 2222 2223 if (data[0] > 3) { 2224 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2225 } 2226 2227 switch (data[0]) { 2228 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2229 if (len == 1) 2230 return 20; 2231 2232 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2233 read_u8(data, 6), read_u8(data, 7), 2234 read_u16(data, 8), read_u16(data, 10), 2235 read_u16(data, 12), read_u8(data, 14), 2236 read_u8(data, 15), read_u8(data, 16)); 2237 break; 2238 case VNC_MSG_CLIENT_SET_ENCODINGS: 2239 if (len == 1) 2240 return 4; 2241 2242 if (len == 4) { 2243 limit = read_u16(data, 2); 2244 if (limit > 0) 2245 return 4 + (limit * 4); 2246 } else 2247 limit = read_u16(data, 2); 2248 2249 for (i = 0; i < limit; i++) { 2250 int32_t val = read_s32(data, 4 + (i * 4)); 2251 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2252 } 2253 2254 set_encodings(vs, (int32_t *)(data + 4), limit); 2255 break; 2256 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2257 if (len == 1) 2258 return 10; 2259 2260 framebuffer_update_request(vs, 2261 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2262 read_u16(data, 6), read_u16(data, 8)); 2263 break; 2264 case VNC_MSG_CLIENT_KEY_EVENT: 2265 if (len == 1) 2266 return 8; 2267 2268 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2269 break; 2270 case VNC_MSG_CLIENT_POINTER_EVENT: 2271 if (len == 1) 2272 return 6; 2273 2274 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2275 break; 2276 case VNC_MSG_CLIENT_CUT_TEXT: 2277 if (len == 1) { 2278 return 8; 2279 } 2280 if (len == 8) { 2281 uint32_t dlen = read_u32(data, 4); 2282 if (dlen > (1 << 20)) { 2283 error_report("vnc: client_cut_text msg payload has %u bytes" 2284 " which exceeds our limit of 1MB.", dlen); 2285 vnc_client_error(vs); 2286 break; 2287 } 2288 if (dlen > 0) { 2289 return 8 + dlen; 2290 } 2291 } 2292 2293 client_cut_text(vs, read_u32(data, 4), data + 8); 2294 break; 2295 case VNC_MSG_CLIENT_QEMU: 2296 if (len == 1) 2297 return 2; 2298 2299 switch (read_u8(data, 1)) { 2300 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2301 if (len == 2) 2302 return 12; 2303 2304 ext_key_event(vs, read_u16(data, 2), 2305 read_u32(data, 4), read_u32(data, 8)); 2306 break; 2307 case VNC_MSG_CLIENT_QEMU_AUDIO: 2308 if (len == 2) 2309 return 4; 2310 2311 switch (read_u16 (data, 2)) { 2312 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2313 audio_add(vs); 2314 break; 2315 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2316 audio_del(vs); 2317 break; 2318 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2319 if (len == 4) 2320 return 10; 2321 switch (read_u8(data, 4)) { 2322 case 0: vs->as.fmt = AUD_FMT_U8; break; 2323 case 1: vs->as.fmt = AUD_FMT_S8; break; 2324 case 2: vs->as.fmt = AUD_FMT_U16; break; 2325 case 3: vs->as.fmt = AUD_FMT_S16; break; 2326 case 4: vs->as.fmt = AUD_FMT_U32; break; 2327 case 5: vs->as.fmt = AUD_FMT_S32; break; 2328 default: 2329 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2330 vnc_client_error(vs); 2331 break; 2332 } 2333 vs->as.nchannels = read_u8(data, 5); 2334 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2335 VNC_DEBUG("Invalid audio channel coount %d\n", 2336 read_u8(data, 5)); 2337 vnc_client_error(vs); 2338 break; 2339 } 2340 vs->as.freq = read_u32(data, 6); 2341 break; 2342 default: 2343 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2344 vnc_client_error(vs); 2345 break; 2346 } 2347 break; 2348 2349 default: 2350 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2351 vnc_client_error(vs); 2352 break; 2353 } 2354 break; 2355 default: 2356 VNC_DEBUG("Msg: %d\n", data[0]); 2357 vnc_client_error(vs); 2358 break; 2359 } 2360 2361 vnc_read_when(vs, protocol_client_msg, 1); 2362 return 0; 2363 } 2364 2365 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2366 { 2367 char buf[1024]; 2368 VncShareMode mode; 2369 int size; 2370 2371 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2372 switch (vs->vd->share_policy) { 2373 case VNC_SHARE_POLICY_IGNORE: 2374 /* 2375 * Ignore the shared flag. Nothing to do here. 2376 * 2377 * Doesn't conform to the rfb spec but is traditional qemu 2378 * behavior, thus left here as option for compatibility 2379 * reasons. 2380 */ 2381 break; 2382 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2383 /* 2384 * Policy: Allow clients ask for exclusive access. 2385 * 2386 * Implementation: When a client asks for exclusive access, 2387 * disconnect all others. Shared connects are allowed as long 2388 * as no exclusive connection exists. 2389 * 2390 * This is how the rfb spec suggests to handle the shared flag. 2391 */ 2392 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2393 VncState *client; 2394 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2395 if (vs == client) { 2396 continue; 2397 } 2398 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2399 client->share_mode != VNC_SHARE_MODE_SHARED) { 2400 continue; 2401 } 2402 vnc_disconnect_start(client); 2403 } 2404 } 2405 if (mode == VNC_SHARE_MODE_SHARED) { 2406 if (vs->vd->num_exclusive > 0) { 2407 vnc_disconnect_start(vs); 2408 return 0; 2409 } 2410 } 2411 break; 2412 case VNC_SHARE_POLICY_FORCE_SHARED: 2413 /* 2414 * Policy: Shared connects only. 2415 * Implementation: Disallow clients asking for exclusive access. 2416 * 2417 * Useful for shared desktop sessions where you don't want 2418 * someone forgetting to say -shared when running the vnc 2419 * client disconnect everybody else. 2420 */ 2421 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2422 vnc_disconnect_start(vs); 2423 return 0; 2424 } 2425 break; 2426 } 2427 vnc_set_share_mode(vs, mode); 2428 2429 if (vs->vd->num_shared > vs->vd->connections_limit) { 2430 vnc_disconnect_start(vs); 2431 return 0; 2432 } 2433 2434 vs->client_width = pixman_image_get_width(vs->vd->server); 2435 vs->client_height = pixman_image_get_height(vs->vd->server); 2436 vnc_write_u16(vs, vs->client_width); 2437 vnc_write_u16(vs, vs->client_height); 2438 2439 pixel_format_message(vs); 2440 2441 if (qemu_name) 2442 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2443 else 2444 size = snprintf(buf, sizeof(buf), "QEMU"); 2445 2446 vnc_write_u32(vs, size); 2447 vnc_write(vs, buf, size); 2448 vnc_flush(vs); 2449 2450 vnc_client_cache_auth(vs); 2451 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2452 2453 vnc_read_when(vs, protocol_client_msg, 1); 2454 2455 return 0; 2456 } 2457 2458 void start_client_init(VncState *vs) 2459 { 2460 vnc_read_when(vs, protocol_client_init, 1); 2461 } 2462 2463 static void make_challenge(VncState *vs) 2464 { 2465 int i; 2466 2467 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2468 2469 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2470 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2471 } 2472 2473 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2474 { 2475 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2476 size_t i, pwlen; 2477 unsigned char key[8]; 2478 time_t now = time(NULL); 2479 QCryptoCipher *cipher = NULL; 2480 Error *err = NULL; 2481 2482 if (!vs->vd->password) { 2483 VNC_DEBUG("No password configured on server"); 2484 goto reject; 2485 } 2486 if (vs->vd->expires < now) { 2487 VNC_DEBUG("Password is expired"); 2488 goto reject; 2489 } 2490 2491 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2492 2493 /* Calculate the expected challenge response */ 2494 pwlen = strlen(vs->vd->password); 2495 for (i=0; i<sizeof(key); i++) 2496 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2497 2498 cipher = qcrypto_cipher_new( 2499 QCRYPTO_CIPHER_ALG_DES_RFB, 2500 QCRYPTO_CIPHER_MODE_ECB, 2501 key, G_N_ELEMENTS(key), 2502 &err); 2503 if (!cipher) { 2504 VNC_DEBUG("Cannot initialize cipher %s", 2505 error_get_pretty(err)); 2506 error_free(err); 2507 goto reject; 2508 } 2509 2510 if (qcrypto_cipher_encrypt(cipher, 2511 vs->challenge, 2512 response, 2513 VNC_AUTH_CHALLENGE_SIZE, 2514 &err) < 0) { 2515 VNC_DEBUG("Cannot encrypt challenge %s", 2516 error_get_pretty(err)); 2517 error_free(err); 2518 goto reject; 2519 } 2520 2521 /* Compare expected vs actual challenge response */ 2522 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2523 VNC_DEBUG("Client challenge response did not match\n"); 2524 goto reject; 2525 } else { 2526 VNC_DEBUG("Accepting VNC challenge response\n"); 2527 vnc_write_u32(vs, 0); /* Accept auth */ 2528 vnc_flush(vs); 2529 2530 start_client_init(vs); 2531 } 2532 2533 qcrypto_cipher_free(cipher); 2534 return 0; 2535 2536 reject: 2537 vnc_write_u32(vs, 1); /* Reject auth */ 2538 if (vs->minor >= 8) { 2539 static const char err[] = "Authentication failed"; 2540 vnc_write_u32(vs, sizeof(err)); 2541 vnc_write(vs, err, sizeof(err)); 2542 } 2543 vnc_flush(vs); 2544 vnc_client_error(vs); 2545 qcrypto_cipher_free(cipher); 2546 return 0; 2547 } 2548 2549 void start_auth_vnc(VncState *vs) 2550 { 2551 make_challenge(vs); 2552 /* Send client a 'random' challenge */ 2553 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2554 vnc_flush(vs); 2555 2556 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2557 } 2558 2559 2560 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2561 { 2562 /* We only advertise 1 auth scheme at a time, so client 2563 * must pick the one we sent. Verify this */ 2564 if (data[0] != vs->auth) { /* Reject auth */ 2565 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2566 vnc_write_u32(vs, 1); 2567 if (vs->minor >= 8) { 2568 static const char err[] = "Authentication failed"; 2569 vnc_write_u32(vs, sizeof(err)); 2570 vnc_write(vs, err, sizeof(err)); 2571 } 2572 vnc_client_error(vs); 2573 } else { /* Accept requested auth */ 2574 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2575 switch (vs->auth) { 2576 case VNC_AUTH_NONE: 2577 VNC_DEBUG("Accept auth none\n"); 2578 if (vs->minor >= 8) { 2579 vnc_write_u32(vs, 0); /* Accept auth completion */ 2580 vnc_flush(vs); 2581 } 2582 start_client_init(vs); 2583 break; 2584 2585 case VNC_AUTH_VNC: 2586 VNC_DEBUG("Start VNC auth\n"); 2587 start_auth_vnc(vs); 2588 break; 2589 2590 case VNC_AUTH_VENCRYPT: 2591 VNC_DEBUG("Accept VeNCrypt auth\n"); 2592 start_auth_vencrypt(vs); 2593 break; 2594 2595 #ifdef CONFIG_VNC_SASL 2596 case VNC_AUTH_SASL: 2597 VNC_DEBUG("Accept SASL auth\n"); 2598 start_auth_sasl(vs); 2599 break; 2600 #endif /* CONFIG_VNC_SASL */ 2601 2602 default: /* Should not be possible, but just in case */ 2603 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2604 vnc_write_u8(vs, 1); 2605 if (vs->minor >= 8) { 2606 static const char err[] = "Authentication failed"; 2607 vnc_write_u32(vs, sizeof(err)); 2608 vnc_write(vs, err, sizeof(err)); 2609 } 2610 vnc_client_error(vs); 2611 } 2612 } 2613 return 0; 2614 } 2615 2616 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2617 { 2618 char local[13]; 2619 2620 memcpy(local, version, 12); 2621 local[12] = 0; 2622 2623 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2624 VNC_DEBUG("Malformed protocol version %s\n", local); 2625 vnc_client_error(vs); 2626 return 0; 2627 } 2628 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2629 if (vs->major != 3 || 2630 (vs->minor != 3 && 2631 vs->minor != 4 && 2632 vs->minor != 5 && 2633 vs->minor != 7 && 2634 vs->minor != 8)) { 2635 VNC_DEBUG("Unsupported client version\n"); 2636 vnc_write_u32(vs, VNC_AUTH_INVALID); 2637 vnc_flush(vs); 2638 vnc_client_error(vs); 2639 return 0; 2640 } 2641 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2642 * as equivalent to v3.3 by servers 2643 */ 2644 if (vs->minor == 4 || vs->minor == 5) 2645 vs->minor = 3; 2646 2647 if (vs->minor == 3) { 2648 if (vs->auth == VNC_AUTH_NONE) { 2649 VNC_DEBUG("Tell client auth none\n"); 2650 vnc_write_u32(vs, vs->auth); 2651 vnc_flush(vs); 2652 start_client_init(vs); 2653 } else if (vs->auth == VNC_AUTH_VNC) { 2654 VNC_DEBUG("Tell client VNC auth\n"); 2655 vnc_write_u32(vs, vs->auth); 2656 vnc_flush(vs); 2657 start_auth_vnc(vs); 2658 } else { 2659 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2660 vnc_write_u32(vs, VNC_AUTH_INVALID); 2661 vnc_flush(vs); 2662 vnc_client_error(vs); 2663 } 2664 } else { 2665 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2666 vnc_write_u8(vs, 1); /* num auth */ 2667 vnc_write_u8(vs, vs->auth); 2668 vnc_read_when(vs, protocol_client_auth, 1); 2669 vnc_flush(vs); 2670 } 2671 2672 return 0; 2673 } 2674 2675 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2676 { 2677 struct VncSurface *vs = &vd->guest; 2678 2679 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2680 } 2681 2682 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2683 { 2684 int i, j; 2685 2686 w = (x + w) / VNC_STAT_RECT; 2687 h = (y + h) / VNC_STAT_RECT; 2688 x /= VNC_STAT_RECT; 2689 y /= VNC_STAT_RECT; 2690 2691 for (j = y; j <= h; j++) { 2692 for (i = x; i <= w; i++) { 2693 vs->lossy_rect[j][i] = 1; 2694 } 2695 } 2696 } 2697 2698 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2699 { 2700 VncState *vs; 2701 int sty = y / VNC_STAT_RECT; 2702 int stx = x / VNC_STAT_RECT; 2703 int has_dirty = 0; 2704 2705 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2706 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2707 2708 QTAILQ_FOREACH(vs, &vd->clients, next) { 2709 int j; 2710 2711 /* kernel send buffers are full -> refresh later */ 2712 if (vs->output.offset) { 2713 continue; 2714 } 2715 2716 if (!vs->lossy_rect[sty][stx]) { 2717 continue; 2718 } 2719 2720 vs->lossy_rect[sty][stx] = 0; 2721 for (j = 0; j < VNC_STAT_RECT; ++j) { 2722 bitmap_set(vs->dirty[y + j], 2723 x / VNC_DIRTY_PIXELS_PER_BIT, 2724 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2725 } 2726 has_dirty++; 2727 } 2728 2729 return has_dirty; 2730 } 2731 2732 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2733 { 2734 int width = pixman_image_get_width(vd->guest.fb); 2735 int height = pixman_image_get_height(vd->guest.fb); 2736 int x, y; 2737 struct timeval res; 2738 int has_dirty = 0; 2739 2740 for (y = 0; y < height; y += VNC_STAT_RECT) { 2741 for (x = 0; x < width; x += VNC_STAT_RECT) { 2742 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2743 2744 rect->updated = false; 2745 } 2746 } 2747 2748 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2749 2750 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2751 return has_dirty; 2752 } 2753 vd->guest.last_freq_check = *tv; 2754 2755 for (y = 0; y < height; y += VNC_STAT_RECT) { 2756 for (x = 0; x < width; x += VNC_STAT_RECT) { 2757 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2758 int count = ARRAY_SIZE(rect->times); 2759 struct timeval min, max; 2760 2761 if (!timerisset(&rect->times[count - 1])) { 2762 continue ; 2763 } 2764 2765 max = rect->times[(rect->idx + count - 1) % count]; 2766 qemu_timersub(tv, &max, &res); 2767 2768 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2769 rect->freq = 0; 2770 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2771 memset(rect->times, 0, sizeof (rect->times)); 2772 continue ; 2773 } 2774 2775 min = rect->times[rect->idx]; 2776 max = rect->times[(rect->idx + count - 1) % count]; 2777 qemu_timersub(&max, &min, &res); 2778 2779 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2780 rect->freq /= count; 2781 rect->freq = 1. / rect->freq; 2782 } 2783 } 2784 return has_dirty; 2785 } 2786 2787 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2788 { 2789 int i, j; 2790 double total = 0; 2791 int num = 0; 2792 2793 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2794 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2795 2796 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2797 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2798 total += vnc_stat_rect(vs->vd, i, j)->freq; 2799 num++; 2800 } 2801 } 2802 2803 if (num) { 2804 return total / num; 2805 } else { 2806 return 0; 2807 } 2808 } 2809 2810 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2811 { 2812 VncRectStat *rect; 2813 2814 rect = vnc_stat_rect(vd, x, y); 2815 if (rect->updated) { 2816 return ; 2817 } 2818 rect->times[rect->idx] = *tv; 2819 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2820 rect->updated = true; 2821 } 2822 2823 static int vnc_refresh_server_surface(VncDisplay *vd) 2824 { 2825 int width = MIN(pixman_image_get_width(vd->guest.fb), 2826 pixman_image_get_width(vd->server)); 2827 int height = MIN(pixman_image_get_height(vd->guest.fb), 2828 pixman_image_get_height(vd->server)); 2829 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 2830 uint8_t *guest_row0 = NULL, *server_row0; 2831 VncState *vs; 2832 int has_dirty = 0; 2833 pixman_image_t *tmpbuf = NULL; 2834 2835 struct timeval tv = { 0, 0 }; 2836 2837 if (!vd->non_adaptive) { 2838 gettimeofday(&tv, NULL); 2839 has_dirty = vnc_update_stats(vd, &tv); 2840 } 2841 2842 /* 2843 * Walk through the guest dirty map. 2844 * Check and copy modified bits from guest to server surface. 2845 * Update server dirty map. 2846 */ 2847 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2848 server_stride = guest_stride = guest_ll = 2849 pixman_image_get_stride(vd->server); 2850 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2851 server_stride); 2852 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2853 int width = pixman_image_get_width(vd->server); 2854 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2855 } else { 2856 int guest_bpp = 2857 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 2858 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2859 guest_stride = pixman_image_get_stride(vd->guest.fb); 2860 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8); 2861 } 2862 line_bytes = MIN(server_stride, guest_ll); 2863 2864 for (;;) { 2865 int x; 2866 uint8_t *guest_ptr, *server_ptr; 2867 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2868 height * VNC_DIRTY_BPL(&vd->guest), 2869 y * VNC_DIRTY_BPL(&vd->guest)); 2870 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2871 /* no more dirty bits */ 2872 break; 2873 } 2874 y = offset / VNC_DIRTY_BPL(&vd->guest); 2875 x = offset % VNC_DIRTY_BPL(&vd->guest); 2876 2877 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2878 2879 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2880 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2881 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2882 } else { 2883 guest_ptr = guest_row0 + y * guest_stride; 2884 } 2885 guest_ptr += x * cmp_bytes; 2886 2887 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2888 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2889 int _cmp_bytes = cmp_bytes; 2890 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2891 continue; 2892 } 2893 if ((x + 1) * cmp_bytes > line_bytes) { 2894 _cmp_bytes = line_bytes - x * cmp_bytes; 2895 } 2896 assert(_cmp_bytes >= 0); 2897 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2898 continue; 2899 } 2900 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2901 if (!vd->non_adaptive) { 2902 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2903 y, &tv); 2904 } 2905 QTAILQ_FOREACH(vs, &vd->clients, next) { 2906 set_bit(x, vs->dirty[y]); 2907 } 2908 has_dirty++; 2909 } 2910 2911 y++; 2912 } 2913 qemu_pixman_image_unref(tmpbuf); 2914 return has_dirty; 2915 } 2916 2917 static void vnc_refresh(DisplayChangeListener *dcl) 2918 { 2919 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2920 VncState *vs, *vn; 2921 int has_dirty, rects = 0; 2922 2923 if (QTAILQ_EMPTY(&vd->clients)) { 2924 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2925 return; 2926 } 2927 2928 graphic_hw_update(vd->dcl.con); 2929 2930 if (vnc_trylock_display(vd)) { 2931 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2932 return; 2933 } 2934 2935 has_dirty = vnc_refresh_server_surface(vd); 2936 vnc_unlock_display(vd); 2937 2938 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2939 rects += vnc_update_client(vs, has_dirty, false); 2940 /* vs might be free()ed here */ 2941 } 2942 2943 if (has_dirty && rects) { 2944 vd->dcl.update_interval /= 2; 2945 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2946 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2947 } 2948 } else { 2949 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2950 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2951 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2952 } 2953 } 2954 } 2955 2956 static void vnc_connect(VncDisplay *vd, int csock, 2957 bool skipauth, bool websocket) 2958 { 2959 VncState *vs = g_malloc0(sizeof(VncState)); 2960 int i; 2961 2962 vs->csock = csock; 2963 vs->vd = vd; 2964 2965 if (skipauth) { 2966 vs->auth = VNC_AUTH_NONE; 2967 vs->subauth = VNC_AUTH_INVALID; 2968 } else { 2969 if (websocket) { 2970 vs->auth = vd->ws_auth; 2971 vs->subauth = VNC_AUTH_INVALID; 2972 } else { 2973 vs->auth = vd->auth; 2974 vs->subauth = vd->subauth; 2975 } 2976 } 2977 VNC_DEBUG("Client sock=%d ws=%d auth=%d subauth=%d\n", 2978 csock, websocket, vs->auth, vs->subauth); 2979 2980 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2981 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2982 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2983 } 2984 2985 VNC_DEBUG("New client on socket %d\n", csock); 2986 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2987 qemu_set_nonblock(vs->csock); 2988 if (websocket) { 2989 vs->websocket = 1; 2990 if (vd->ws_tls) { 2991 qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io, NULL, vs); 2992 } else { 2993 qemu_set_fd_handler(vs->csock, vncws_handshake_read, NULL, vs); 2994 } 2995 } else 2996 { 2997 qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); 2998 } 2999 3000 vnc_client_cache_addr(vs); 3001 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3002 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3003 3004 if (!vs->websocket) { 3005 vnc_init_state(vs); 3006 } 3007 3008 if (vd->num_connecting > vd->connections_limit) { 3009 QTAILQ_FOREACH(vs, &vd->clients, next) { 3010 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3011 vnc_disconnect_start(vs); 3012 return; 3013 } 3014 } 3015 } 3016 } 3017 3018 void vnc_init_state(VncState *vs) 3019 { 3020 vs->initialized = true; 3021 VncDisplay *vd = vs->vd; 3022 3023 vs->last_x = -1; 3024 vs->last_y = -1; 3025 3026 vs->as.freq = 44100; 3027 vs->as.nchannels = 2; 3028 vs->as.fmt = AUD_FMT_S16; 3029 vs->as.endianness = 0; 3030 3031 qemu_mutex_init(&vs->output_mutex); 3032 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3033 3034 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3035 3036 graphic_hw_update(vd->dcl.con); 3037 3038 vnc_write(vs, "RFB 003.008\n", 12); 3039 vnc_flush(vs); 3040 vnc_read_when(vs, protocol_version, 12); 3041 reset_keys(vs); 3042 if (vs->vd->lock_key_sync) 3043 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 3044 3045 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3046 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3047 3048 /* vs might be free()ed here */ 3049 } 3050 3051 static void vnc_listen_read(void *opaque, bool websocket) 3052 { 3053 VncDisplay *vs = opaque; 3054 struct sockaddr_in addr; 3055 socklen_t addrlen = sizeof(addr); 3056 int csock; 3057 3058 /* Catch-up */ 3059 graphic_hw_update(vs->dcl.con); 3060 if (websocket) { 3061 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 3062 } else { 3063 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 3064 } 3065 3066 if (csock != -1) { 3067 socket_set_nodelay(csock); 3068 vnc_connect(vs, csock, false, websocket); 3069 } 3070 } 3071 3072 static void vnc_listen_regular_read(void *opaque) 3073 { 3074 vnc_listen_read(opaque, false); 3075 } 3076 3077 static void vnc_listen_websocket_read(void *opaque) 3078 { 3079 vnc_listen_read(opaque, true); 3080 } 3081 3082 static const DisplayChangeListenerOps dcl_ops = { 3083 .dpy_name = "vnc", 3084 .dpy_refresh = vnc_refresh, 3085 .dpy_gfx_copy = vnc_dpy_copy, 3086 .dpy_gfx_update = vnc_dpy_update, 3087 .dpy_gfx_switch = vnc_dpy_switch, 3088 .dpy_gfx_check_format = qemu_pixman_check_format, 3089 .dpy_mouse_set = vnc_mouse_set, 3090 .dpy_cursor_define = vnc_dpy_cursor_define, 3091 }; 3092 3093 void vnc_display_init(const char *id) 3094 { 3095 VncDisplay *vs; 3096 3097 if (vnc_display_find(id) != NULL) { 3098 return; 3099 } 3100 vs = g_malloc0(sizeof(*vs)); 3101 3102 vs->id = strdup(id); 3103 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next); 3104 3105 vs->lsock = -1; 3106 vs->lwebsock = -1; 3107 3108 QTAILQ_INIT(&vs->clients); 3109 vs->expires = TIME_MAX; 3110 3111 if (keyboard_layout) { 3112 trace_vnc_key_map_init(keyboard_layout); 3113 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 3114 } else { 3115 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 3116 } 3117 3118 if (!vs->kbd_layout) 3119 exit(1); 3120 3121 qemu_mutex_init(&vs->mutex); 3122 vnc_start_worker_thread(); 3123 3124 vs->dcl.ops = &dcl_ops; 3125 register_displaychangelistener(&vs->dcl); 3126 } 3127 3128 3129 static void vnc_display_close(VncDisplay *vs) 3130 { 3131 if (!vs) 3132 return; 3133 vs->enabled = false; 3134 vs->is_unix = false; 3135 if (vs->lsock != -1) { 3136 qemu_set_fd_handler(vs->lsock, NULL, NULL, NULL); 3137 close(vs->lsock); 3138 vs->lsock = -1; 3139 } 3140 vs->ws_enabled = false; 3141 if (vs->lwebsock != -1) { 3142 qemu_set_fd_handler(vs->lwebsock, NULL, NULL, NULL); 3143 close(vs->lwebsock); 3144 vs->lwebsock = -1; 3145 } 3146 vs->auth = VNC_AUTH_INVALID; 3147 vs->subauth = VNC_AUTH_INVALID; 3148 if (vs->tlscreds) { 3149 object_unparent(OBJECT(vs->tlscreds)); 3150 } 3151 g_free(vs->tlsaclname); 3152 vs->tlsaclname = NULL; 3153 } 3154 3155 int vnc_display_password(const char *id, const char *password) 3156 { 3157 VncDisplay *vs = vnc_display_find(id); 3158 3159 if (!vs) { 3160 return -EINVAL; 3161 } 3162 if (vs->auth == VNC_AUTH_NONE) { 3163 error_printf_unless_qmp("If you want use passwords please enable " 3164 "password auth using '-vnc ${dpy},password'."); 3165 return -EINVAL; 3166 } 3167 3168 g_free(vs->password); 3169 vs->password = g_strdup(password); 3170 3171 return 0; 3172 } 3173 3174 int vnc_display_pw_expire(const char *id, time_t expires) 3175 { 3176 VncDisplay *vs = vnc_display_find(id); 3177 3178 if (!vs) { 3179 return -EINVAL; 3180 } 3181 3182 vs->expires = expires; 3183 return 0; 3184 } 3185 3186 char *vnc_display_local_addr(const char *id) 3187 { 3188 VncDisplay *vs = vnc_display_find(id); 3189 3190 assert(vs); 3191 return vnc_socket_local_addr("%s:%s", vs->lsock); 3192 } 3193 3194 static QemuOptsList qemu_vnc_opts = { 3195 .name = "vnc", 3196 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3197 .implied_opt_name = "vnc", 3198 .desc = { 3199 { 3200 .name = "vnc", 3201 .type = QEMU_OPT_STRING, 3202 },{ 3203 .name = "websocket", 3204 .type = QEMU_OPT_STRING, 3205 },{ 3206 .name = "tls-creds", 3207 .type = QEMU_OPT_STRING, 3208 },{ 3209 /* Deprecated in favour of tls-creds */ 3210 .name = "x509", 3211 .type = QEMU_OPT_STRING, 3212 },{ 3213 .name = "share", 3214 .type = QEMU_OPT_STRING, 3215 },{ 3216 .name = "display", 3217 .type = QEMU_OPT_STRING, 3218 },{ 3219 .name = "head", 3220 .type = QEMU_OPT_NUMBER, 3221 },{ 3222 .name = "connections", 3223 .type = QEMU_OPT_NUMBER, 3224 },{ 3225 .name = "to", 3226 .type = QEMU_OPT_NUMBER, 3227 },{ 3228 .name = "ipv4", 3229 .type = QEMU_OPT_BOOL, 3230 },{ 3231 .name = "ipv6", 3232 .type = QEMU_OPT_BOOL, 3233 },{ 3234 .name = "password", 3235 .type = QEMU_OPT_BOOL, 3236 },{ 3237 .name = "reverse", 3238 .type = QEMU_OPT_BOOL, 3239 },{ 3240 .name = "lock-key-sync", 3241 .type = QEMU_OPT_BOOL, 3242 },{ 3243 .name = "sasl", 3244 .type = QEMU_OPT_BOOL, 3245 },{ 3246 /* Deprecated in favour of tls-creds */ 3247 .name = "tls", 3248 .type = QEMU_OPT_BOOL, 3249 },{ 3250 /* Deprecated in favour of tls-creds */ 3251 .name = "x509verify", 3252 .type = QEMU_OPT_STRING, 3253 },{ 3254 .name = "acl", 3255 .type = QEMU_OPT_BOOL, 3256 },{ 3257 .name = "lossy", 3258 .type = QEMU_OPT_BOOL, 3259 },{ 3260 .name = "non-adaptive", 3261 .type = QEMU_OPT_BOOL, 3262 }, 3263 { /* end of list */ } 3264 }, 3265 }; 3266 3267 3268 static int 3269 vnc_display_setup_auth(VncDisplay *vs, 3270 bool password, 3271 bool sasl, 3272 bool websocket, 3273 Error **errp) 3274 { 3275 /* 3276 * We have a choice of 3 authentication options 3277 * 3278 * 1. none 3279 * 2. vnc 3280 * 3. sasl 3281 * 3282 * The channel can be run in 2 modes 3283 * 3284 * 1. clear 3285 * 2. tls 3286 * 3287 * And TLS can use 2 types of credentials 3288 * 3289 * 1. anon 3290 * 2. x509 3291 * 3292 * We thus have 9 possible logical combinations 3293 * 3294 * 1. clear + none 3295 * 2. clear + vnc 3296 * 3. clear + sasl 3297 * 4. tls + anon + none 3298 * 5. tls + anon + vnc 3299 * 6. tls + anon + sasl 3300 * 7. tls + x509 + none 3301 * 8. tls + x509 + vnc 3302 * 9. tls + x509 + sasl 3303 * 3304 * These need to be mapped into the VNC auth schemes 3305 * in an appropriate manner. In regular VNC, all the 3306 * TLS options get mapped into VNC_AUTH_VENCRYPT 3307 * sub-auth types. 3308 * 3309 * In websockets, the https:// protocol already provides 3310 * TLS support, so there is no need to make use of the 3311 * VeNCrypt extension. Furthermore, websockets browser 3312 * clients could not use VeNCrypt even if they wanted to, 3313 * as they cannot control when the TLS handshake takes 3314 * place. Thus there is no option but to rely on https://, 3315 * meaning combinations 4->6 and 7->9 will be mapped to 3316 * VNC auth schemes in the same way as combos 1->3. 3317 * 3318 * Regardless of fact that we have a different mapping to 3319 * VNC auth mechs for plain VNC vs websockets VNC, the end 3320 * result has the same security characteristics. 3321 */ 3322 if (password) { 3323 if (vs->tlscreds) { 3324 vs->auth = VNC_AUTH_VENCRYPT; 3325 if (websocket) { 3326 vs->ws_tls = true; 3327 } 3328 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3329 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3330 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3331 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3332 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3333 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3334 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3335 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3336 } else { 3337 error_setg(errp, 3338 "Unsupported TLS cred type %s", 3339 object_get_typename(OBJECT(vs->tlscreds))); 3340 return -1; 3341 } 3342 } else { 3343 VNC_DEBUG("Initializing VNC server with password auth\n"); 3344 vs->auth = VNC_AUTH_VNC; 3345 vs->subauth = VNC_AUTH_INVALID; 3346 } 3347 if (websocket) { 3348 vs->ws_auth = VNC_AUTH_VNC; 3349 } else { 3350 vs->ws_auth = VNC_AUTH_INVALID; 3351 } 3352 } else if (sasl) { 3353 if (vs->tlscreds) { 3354 vs->auth = VNC_AUTH_VENCRYPT; 3355 if (websocket) { 3356 vs->ws_tls = true; 3357 } 3358 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3359 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3360 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3361 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3362 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3363 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3364 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3365 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3366 } else { 3367 error_setg(errp, 3368 "Unsupported TLS cred type %s", 3369 object_get_typename(OBJECT(vs->tlscreds))); 3370 return -1; 3371 } 3372 } else { 3373 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3374 vs->auth = VNC_AUTH_SASL; 3375 vs->subauth = VNC_AUTH_INVALID; 3376 } 3377 if (websocket) { 3378 vs->ws_auth = VNC_AUTH_SASL; 3379 } else { 3380 vs->ws_auth = VNC_AUTH_INVALID; 3381 } 3382 } else { 3383 if (vs->tlscreds) { 3384 vs->auth = VNC_AUTH_VENCRYPT; 3385 if (websocket) { 3386 vs->ws_tls = true; 3387 } 3388 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3389 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3390 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3391 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3392 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3393 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3394 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3395 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3396 } else { 3397 error_setg(errp, 3398 "Unsupported TLS cred type %s", 3399 object_get_typename(OBJECT(vs->tlscreds))); 3400 return -1; 3401 } 3402 } else { 3403 VNC_DEBUG("Initializing VNC server with no auth\n"); 3404 vs->auth = VNC_AUTH_NONE; 3405 vs->subauth = VNC_AUTH_INVALID; 3406 } 3407 if (websocket) { 3408 vs->ws_auth = VNC_AUTH_NONE; 3409 } else { 3410 vs->ws_auth = VNC_AUTH_INVALID; 3411 } 3412 } 3413 return 0; 3414 } 3415 3416 3417 /* 3418 * Handle back compat with old CLI syntax by creating some 3419 * suitable QCryptoTLSCreds objects 3420 */ 3421 static QCryptoTLSCreds * 3422 vnc_display_create_creds(bool x509, 3423 bool x509verify, 3424 const char *dir, 3425 const char *id, 3426 Error **errp) 3427 { 3428 gchar *credsid = g_strdup_printf("tlsvnc%s", id); 3429 Object *parent = object_get_objects_root(); 3430 Object *creds; 3431 Error *err = NULL; 3432 3433 if (x509) { 3434 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509, 3435 parent, 3436 credsid, 3437 &err, 3438 "endpoint", "server", 3439 "dir", dir, 3440 "verify-peer", x509verify ? "yes" : "no", 3441 NULL); 3442 } else { 3443 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON, 3444 parent, 3445 credsid, 3446 &err, 3447 "endpoint", "server", 3448 NULL); 3449 } 3450 3451 g_free(credsid); 3452 3453 if (err) { 3454 error_propagate(errp, err); 3455 return NULL; 3456 } 3457 3458 return QCRYPTO_TLS_CREDS(creds); 3459 } 3460 3461 3462 void vnc_display_open(const char *id, Error **errp) 3463 { 3464 VncDisplay *vs = vnc_display_find(id); 3465 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3466 SocketAddress *saddr = NULL, *wsaddr = NULL; 3467 const char *share, *device_id; 3468 QemuConsole *con; 3469 bool password = false; 3470 bool reverse = false; 3471 const char *vnc; 3472 char *h; 3473 const char *credid; 3474 bool sasl = false; 3475 #ifdef CONFIG_VNC_SASL 3476 int saslErr; 3477 #endif 3478 int acl = 0; 3479 int lock_key_sync = 1; 3480 3481 if (!vs) { 3482 error_setg(errp, "VNC display not active"); 3483 return; 3484 } 3485 vnc_display_close(vs); 3486 3487 if (!opts) { 3488 return; 3489 } 3490 vnc = qemu_opt_get(opts, "vnc"); 3491 if (!vnc || strcmp(vnc, "none") == 0) { 3492 return; 3493 } 3494 3495 h = strrchr(vnc, ':'); 3496 if (h) { 3497 size_t hlen = h - vnc; 3498 3499 const char *websocket = qemu_opt_get(opts, "websocket"); 3500 int to = qemu_opt_get_number(opts, "to", 0); 3501 bool has_ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3502 bool has_ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3503 3504 saddr = g_new0(SocketAddress, 1); 3505 if (websocket) { 3506 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { 3507 error_setg(errp, 3508 "SHA1 hash support is required for websockets"); 3509 goto fail; 3510 } 3511 3512 wsaddr = g_new0(SocketAddress, 1); 3513 vs->ws_enabled = true; 3514 } 3515 3516 if (strncmp(vnc, "unix:", 5) == 0) { 3517 saddr->kind = SOCKET_ADDRESS_KIND_UNIX; 3518 saddr->q_unix = g_new0(UnixSocketAddress, 1); 3519 saddr->q_unix->path = g_strdup(vnc + 5); 3520 3521 if (vs->ws_enabled) { 3522 error_setg(errp, "UNIX sockets not supported with websock"); 3523 goto fail; 3524 } 3525 } else { 3526 unsigned long long baseport; 3527 saddr->kind = SOCKET_ADDRESS_KIND_INET; 3528 saddr->inet = g_new0(InetSocketAddress, 1); 3529 if (vnc[0] == '[' && vnc[hlen - 1] == ']') { 3530 saddr->inet->host = g_strndup(vnc + 1, hlen - 2); 3531 } else { 3532 saddr->inet->host = g_strndup(vnc, hlen); 3533 } 3534 if (parse_uint_full(h + 1, &baseport, 10) < 0) { 3535 error_setg(errp, "can't convert to a number: %s", h + 1); 3536 goto fail; 3537 } 3538 if (baseport > 65535 || 3539 baseport + 5900 > 65535) { 3540 error_setg(errp, "port %s out of range", h + 1); 3541 goto fail; 3542 } 3543 saddr->inet->port = g_strdup_printf( 3544 "%d", (int)baseport + 5900); 3545 3546 if (to) { 3547 saddr->inet->has_to = true; 3548 saddr->inet->to = to; 3549 } 3550 saddr->inet->ipv4 = saddr->inet->has_ipv4 = has_ipv4; 3551 saddr->inet->ipv6 = saddr->inet->has_ipv6 = has_ipv6; 3552 3553 if (vs->ws_enabled) { 3554 wsaddr->kind = SOCKET_ADDRESS_KIND_INET; 3555 wsaddr->inet = g_new0(InetSocketAddress, 1); 3556 wsaddr->inet->host = g_strdup(saddr->inet->host); 3557 wsaddr->inet->port = g_strdup(websocket); 3558 3559 if (to) { 3560 wsaddr->inet->has_to = true; 3561 wsaddr->inet->to = to; 3562 } 3563 wsaddr->inet->ipv4 = wsaddr->inet->has_ipv4 = has_ipv4; 3564 wsaddr->inet->ipv6 = wsaddr->inet->has_ipv6 = has_ipv6; 3565 } 3566 } 3567 } else { 3568 error_setg(errp, "no vnc port specified"); 3569 goto fail; 3570 } 3571 3572 password = qemu_opt_get_bool(opts, "password", false); 3573 if (password) { 3574 if (fips_get_state()) { 3575 error_setg(errp, 3576 "VNC password auth disabled due to FIPS mode, " 3577 "consider using the VeNCrypt or SASL authentication " 3578 "methods as an alternative"); 3579 goto fail; 3580 } 3581 if (!qcrypto_cipher_supports( 3582 QCRYPTO_CIPHER_ALG_DES_RFB)) { 3583 error_setg(errp, 3584 "Cipher backend does not support DES RFB algorithm"); 3585 goto fail; 3586 } 3587 } 3588 3589 reverse = qemu_opt_get_bool(opts, "reverse", false); 3590 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3591 sasl = qemu_opt_get_bool(opts, "sasl", false); 3592 #ifndef CONFIG_VNC_SASL 3593 if (sasl) { 3594 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3595 goto fail; 3596 } 3597 #endif /* CONFIG_VNC_SASL */ 3598 credid = qemu_opt_get(opts, "tls-creds"); 3599 if (credid) { 3600 Object *creds; 3601 if (qemu_opt_get(opts, "tls") || 3602 qemu_opt_get(opts, "x509") || 3603 qemu_opt_get(opts, "x509verify")) { 3604 error_setg(errp, 3605 "'credid' parameter is mutually exclusive with " 3606 "'tls', 'x509' and 'x509verify' parameters"); 3607 goto fail; 3608 } 3609 3610 creds = object_resolve_path_component( 3611 object_get_objects_root(), credid); 3612 if (!creds) { 3613 error_setg(errp, "No TLS credentials with id '%s'", 3614 credid); 3615 goto fail; 3616 } 3617 vs->tlscreds = (QCryptoTLSCreds *) 3618 object_dynamic_cast(creds, 3619 TYPE_QCRYPTO_TLS_CREDS); 3620 if (!vs->tlscreds) { 3621 error_setg(errp, "Object with id '%s' is not TLS credentials", 3622 credid); 3623 goto fail; 3624 } 3625 object_ref(OBJECT(vs->tlscreds)); 3626 3627 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 3628 error_setg(errp, 3629 "Expecting TLS credentials with a server endpoint"); 3630 goto fail; 3631 } 3632 } else { 3633 const char *path; 3634 bool tls = false, x509 = false, x509verify = false; 3635 tls = qemu_opt_get_bool(opts, "tls", false); 3636 if (tls) { 3637 path = qemu_opt_get(opts, "x509"); 3638 3639 if (path) { 3640 x509 = true; 3641 } else { 3642 path = qemu_opt_get(opts, "x509verify"); 3643 if (path) { 3644 x509 = true; 3645 x509verify = true; 3646 } 3647 } 3648 vs->tlscreds = vnc_display_create_creds(x509, 3649 x509verify, 3650 path, 3651 vs->id, 3652 errp); 3653 if (!vs->tlscreds) { 3654 goto fail; 3655 } 3656 } 3657 } 3658 acl = qemu_opt_get_bool(opts, "acl", false); 3659 3660 share = qemu_opt_get(opts, "share"); 3661 if (share) { 3662 if (strcmp(share, "ignore") == 0) { 3663 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3664 } else if (strcmp(share, "allow-exclusive") == 0) { 3665 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3666 } else if (strcmp(share, "force-shared") == 0) { 3667 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3668 } else { 3669 error_setg(errp, "unknown vnc share= option"); 3670 goto fail; 3671 } 3672 } else { 3673 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3674 } 3675 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3676 3677 #ifdef CONFIG_VNC_JPEG 3678 vs->lossy = qemu_opt_get_bool(opts, "lossy", false); 3679 #endif 3680 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3681 /* adaptive updates are only used with tight encoding and 3682 * if lossy updates are enabled so we can disable all the 3683 * calculations otherwise */ 3684 if (!vs->lossy) { 3685 vs->non_adaptive = true; 3686 } 3687 3688 if (acl) { 3689 if (strcmp(vs->id, "default") == 0) { 3690 vs->tlsaclname = g_strdup("vnc.x509dname"); 3691 } else { 3692 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id); 3693 } 3694 qemu_acl_init(vs->tlsaclname); 3695 } 3696 #ifdef CONFIG_VNC_SASL 3697 if (acl && sasl) { 3698 char *aclname; 3699 3700 if (strcmp(vs->id, "default") == 0) { 3701 aclname = g_strdup("vnc.username"); 3702 } else { 3703 aclname = g_strdup_printf("vnc.%s.username", vs->id); 3704 } 3705 vs->sasl.acl = qemu_acl_init(aclname); 3706 g_free(aclname); 3707 } 3708 #endif 3709 3710 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) { 3711 goto fail; 3712 } 3713 3714 #ifdef CONFIG_VNC_SASL 3715 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3716 error_setg(errp, "Failed to initialize SASL auth: %s", 3717 sasl_errstring(saslErr, NULL, NULL)); 3718 goto fail; 3719 } 3720 #endif 3721 vs->lock_key_sync = lock_key_sync; 3722 3723 device_id = qemu_opt_get(opts, "display"); 3724 if (device_id) { 3725 DeviceState *dev; 3726 int head = qemu_opt_get_number(opts, "head", 0); 3727 3728 dev = qdev_find_recursive(sysbus_get_default(), device_id); 3729 if (dev == NULL) { 3730 error_setg(errp, "Device '%s' not found", device_id); 3731 goto fail; 3732 } 3733 3734 con = qemu_console_lookup_by_device(dev, head); 3735 if (con == NULL) { 3736 error_setg(errp, "Device %s is not bound to a QemuConsole", 3737 device_id); 3738 goto fail; 3739 } 3740 } else { 3741 con = NULL; 3742 } 3743 3744 if (con != vs->dcl.con) { 3745 unregister_displaychangelistener(&vs->dcl); 3746 vs->dcl.con = con; 3747 register_displaychangelistener(&vs->dcl); 3748 } 3749 3750 if (reverse) { 3751 /* connect to viewer */ 3752 int csock; 3753 vs->lsock = -1; 3754 vs->lwebsock = -1; 3755 if (vs->ws_enabled) { 3756 error_setg(errp, "Cannot use websockets in reverse mode"); 3757 goto fail; 3758 } 3759 csock = socket_connect(saddr, errp, NULL, NULL); 3760 if (csock < 0) { 3761 goto fail; 3762 } 3763 vs->is_unix = saddr->kind == SOCKET_ADDRESS_KIND_UNIX; 3764 vnc_connect(vs, csock, false, false); 3765 } else { 3766 /* listen for connects */ 3767 vs->lsock = socket_listen(saddr, errp); 3768 if (vs->lsock < 0) { 3769 goto fail; 3770 } 3771 vs->is_unix = saddr->kind == SOCKET_ADDRESS_KIND_UNIX; 3772 if (vs->ws_enabled) { 3773 vs->lwebsock = socket_listen(wsaddr, errp); 3774 if (vs->lwebsock < 0) { 3775 if (vs->lsock != -1) { 3776 close(vs->lsock); 3777 vs->lsock = -1; 3778 } 3779 goto fail; 3780 } 3781 } 3782 vs->enabled = true; 3783 qemu_set_fd_handler(vs->lsock, vnc_listen_regular_read, NULL, vs); 3784 if (vs->ws_enabled) { 3785 qemu_set_fd_handler(vs->lwebsock, vnc_listen_websocket_read, 3786 NULL, vs); 3787 } 3788 } 3789 3790 qapi_free_SocketAddress(saddr); 3791 qapi_free_SocketAddress(wsaddr); 3792 return; 3793 3794 fail: 3795 qapi_free_SocketAddress(saddr); 3796 qapi_free_SocketAddress(wsaddr); 3797 vs->enabled = false; 3798 vs->ws_enabled = false; 3799 } 3800 3801 void vnc_display_add_client(const char *id, int csock, bool skipauth) 3802 { 3803 VncDisplay *vs = vnc_display_find(id); 3804 3805 if (!vs) { 3806 return; 3807 } 3808 vnc_connect(vs, csock, skipauth, false); 3809 } 3810 3811 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 3812 { 3813 int i = 2; 3814 char *id; 3815 3816 id = g_strdup("default"); 3817 while (qemu_opts_find(olist, id)) { 3818 g_free(id); 3819 id = g_strdup_printf("vnc%d", i++); 3820 } 3821 qemu_opts_set_id(opts, id); 3822 } 3823 3824 QemuOpts *vnc_parse(const char *str, Error **errp) 3825 { 3826 QemuOptsList *olist = qemu_find_opts("vnc"); 3827 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 3828 const char *id; 3829 3830 if (!opts) { 3831 return NULL; 3832 } 3833 3834 id = qemu_opts_id(opts); 3835 if (!id) { 3836 /* auto-assign id if not present */ 3837 vnc_auto_assign_id(olist, opts); 3838 } 3839 return opts; 3840 } 3841 3842 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 3843 { 3844 Error *local_err = NULL; 3845 char *id = (char *)qemu_opts_id(opts); 3846 3847 assert(id); 3848 vnc_display_init(id); 3849 vnc_display_open(id, &local_err); 3850 if (local_err != NULL) { 3851 error_report("Failed to start VNC server: %s", 3852 error_get_pretty(local_err)); 3853 error_free(local_err); 3854 exit(1); 3855 } 3856 return 0; 3857 } 3858 3859 static void vnc_register_config(void) 3860 { 3861 qemu_add_opts(&qemu_vnc_opts); 3862 } 3863 machine_init(vnc_register_config); 3864