1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "trace.h" 30 #include "hw/qdev.h" 31 #include "sysemu/sysemu.h" 32 #include "qemu/error-report.h" 33 #include "qemu/sockets.h" 34 #include "qemu/timer.h" 35 #include "qemu/acl.h" 36 #include "qemu/config-file.h" 37 #include "qapi/qmp/qerror.h" 38 #include "qapi/qmp/types.h" 39 #include "qmp-commands.h" 40 #include "qemu/osdep.h" 41 #include "ui/input.h" 42 #include "qapi-event.h" 43 44 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 45 #define VNC_REFRESH_INTERVAL_INC 50 46 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 47 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 48 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 49 50 #include "vnc_keysym.h" 51 #include "d3des.h" 52 53 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 54 QTAILQ_HEAD_INITIALIZER(vnc_displays); 55 56 static int vnc_cursor_define(VncState *vs); 57 static void vnc_release_modifiers(VncState *vs); 58 59 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 60 { 61 #ifdef _VNC_DEBUG 62 static const char *mn[] = { 63 [0] = "undefined", 64 [VNC_SHARE_MODE_CONNECTING] = "connecting", 65 [VNC_SHARE_MODE_SHARED] = "shared", 66 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 67 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 68 }; 69 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 70 vs->csock, mn[vs->share_mode], mn[mode]); 71 #endif 72 73 switch (vs->share_mode) { 74 case VNC_SHARE_MODE_CONNECTING: 75 vs->vd->num_connecting--; 76 break; 77 case VNC_SHARE_MODE_SHARED: 78 vs->vd->num_shared--; 79 break; 80 case VNC_SHARE_MODE_EXCLUSIVE: 81 vs->vd->num_exclusive--; 82 break; 83 default: 84 break; 85 } 86 87 vs->share_mode = mode; 88 89 switch (vs->share_mode) { 90 case VNC_SHARE_MODE_CONNECTING: 91 vs->vd->num_connecting++; 92 break; 93 case VNC_SHARE_MODE_SHARED: 94 vs->vd->num_shared++; 95 break; 96 case VNC_SHARE_MODE_EXCLUSIVE: 97 vs->vd->num_exclusive++; 98 break; 99 default: 100 break; 101 } 102 } 103 104 static char *addr_to_string(const char *format, 105 struct sockaddr_storage *sa, 106 socklen_t salen) { 107 char *addr; 108 char host[NI_MAXHOST]; 109 char serv[NI_MAXSERV]; 110 int err; 111 size_t addrlen; 112 113 if ((err = getnameinfo((struct sockaddr *)sa, salen, 114 host, sizeof(host), 115 serv, sizeof(serv), 116 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 117 VNC_DEBUG("Cannot resolve address %d: %s\n", 118 err, gai_strerror(err)); 119 return NULL; 120 } 121 122 /* Enough for the existing format + the 2 vars we're 123 * substituting in. */ 124 addrlen = strlen(format) + strlen(host) + strlen(serv); 125 addr = g_malloc(addrlen + 1); 126 snprintf(addr, addrlen, format, host, serv); 127 addr[addrlen] = '\0'; 128 129 return addr; 130 } 131 132 133 char *vnc_socket_local_addr(const char *format, int fd) { 134 struct sockaddr_storage sa; 135 socklen_t salen; 136 137 salen = sizeof(sa); 138 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 139 return NULL; 140 141 return addr_to_string(format, &sa, salen); 142 } 143 144 char *vnc_socket_remote_addr(const char *format, int fd) { 145 struct sockaddr_storage sa; 146 socklen_t salen; 147 148 salen = sizeof(sa); 149 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 150 return NULL; 151 152 return addr_to_string(format, &sa, salen); 153 } 154 155 static VncBasicInfo *vnc_basic_info_get(struct sockaddr_storage *sa, 156 socklen_t salen) 157 { 158 VncBasicInfo *info; 159 char host[NI_MAXHOST]; 160 char serv[NI_MAXSERV]; 161 int err; 162 163 if ((err = getnameinfo((struct sockaddr *)sa, salen, 164 host, sizeof(host), 165 serv, sizeof(serv), 166 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 167 VNC_DEBUG("Cannot resolve address %d: %s\n", 168 err, gai_strerror(err)); 169 return NULL; 170 } 171 172 info = g_malloc0(sizeof(VncBasicInfo)); 173 info->host = g_strdup(host); 174 info->service = g_strdup(serv); 175 info->family = inet_netfamily(sa->ss_family); 176 return info; 177 } 178 179 static VncBasicInfo *vnc_basic_info_get_from_server_addr(int fd) 180 { 181 struct sockaddr_storage sa; 182 socklen_t salen; 183 184 salen = sizeof(sa); 185 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 186 return NULL; 187 } 188 189 return vnc_basic_info_get(&sa, salen); 190 } 191 192 static VncBasicInfo *vnc_basic_info_get_from_remote_addr(int fd) 193 { 194 struct sockaddr_storage sa; 195 socklen_t salen; 196 197 salen = sizeof(sa); 198 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 199 return NULL; 200 } 201 202 return vnc_basic_info_get(&sa, salen); 203 } 204 205 static const char *vnc_auth_name(VncDisplay *vd) { 206 switch (vd->auth) { 207 case VNC_AUTH_INVALID: 208 return "invalid"; 209 case VNC_AUTH_NONE: 210 return "none"; 211 case VNC_AUTH_VNC: 212 return "vnc"; 213 case VNC_AUTH_RA2: 214 return "ra2"; 215 case VNC_AUTH_RA2NE: 216 return "ra2ne"; 217 case VNC_AUTH_TIGHT: 218 return "tight"; 219 case VNC_AUTH_ULTRA: 220 return "ultra"; 221 case VNC_AUTH_TLS: 222 return "tls"; 223 case VNC_AUTH_VENCRYPT: 224 #ifdef CONFIG_VNC_TLS 225 switch (vd->subauth) { 226 case VNC_AUTH_VENCRYPT_PLAIN: 227 return "vencrypt+plain"; 228 case VNC_AUTH_VENCRYPT_TLSNONE: 229 return "vencrypt+tls+none"; 230 case VNC_AUTH_VENCRYPT_TLSVNC: 231 return "vencrypt+tls+vnc"; 232 case VNC_AUTH_VENCRYPT_TLSPLAIN: 233 return "vencrypt+tls+plain"; 234 case VNC_AUTH_VENCRYPT_X509NONE: 235 return "vencrypt+x509+none"; 236 case VNC_AUTH_VENCRYPT_X509VNC: 237 return "vencrypt+x509+vnc"; 238 case VNC_AUTH_VENCRYPT_X509PLAIN: 239 return "vencrypt+x509+plain"; 240 case VNC_AUTH_VENCRYPT_TLSSASL: 241 return "vencrypt+tls+sasl"; 242 case VNC_AUTH_VENCRYPT_X509SASL: 243 return "vencrypt+x509+sasl"; 244 default: 245 return "vencrypt"; 246 } 247 #else 248 return "vencrypt"; 249 #endif 250 case VNC_AUTH_SASL: 251 return "sasl"; 252 } 253 return "unknown"; 254 } 255 256 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 257 { 258 VncServerInfo *info; 259 VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vd->lsock); 260 if (!bi) { 261 return NULL; 262 } 263 264 info = g_malloc(sizeof(*info)); 265 info->base = bi; 266 info->has_auth = true; 267 info->auth = g_strdup(vnc_auth_name(vd)); 268 return info; 269 } 270 271 static void vnc_client_cache_auth(VncState *client) 272 { 273 if (!client->info) { 274 return; 275 } 276 277 #ifdef CONFIG_VNC_TLS 278 if (client->tls.session && 279 client->tls.dname) { 280 client->info->has_x509_dname = true; 281 client->info->x509_dname = g_strdup(client->tls.dname); 282 } 283 #endif 284 #ifdef CONFIG_VNC_SASL 285 if (client->sasl.conn && 286 client->sasl.username) { 287 client->info->has_sasl_username = true; 288 client->info->sasl_username = g_strdup(client->sasl.username); 289 } 290 #endif 291 } 292 293 static void vnc_client_cache_addr(VncState *client) 294 { 295 VncBasicInfo *bi = vnc_basic_info_get_from_remote_addr(client->csock); 296 297 if (bi) { 298 client->info = g_malloc0(sizeof(*client->info)); 299 client->info->base = bi; 300 } 301 } 302 303 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 304 { 305 VncServerInfo *si; 306 307 if (!vs->info) { 308 return; 309 } 310 g_assert(vs->info->base); 311 312 si = vnc_server_info_get(vs->vd); 313 if (!si) { 314 return; 315 } 316 317 switch (event) { 318 case QAPI_EVENT_VNC_CONNECTED: 319 qapi_event_send_vnc_connected(si, vs->info->base, &error_abort); 320 break; 321 case QAPI_EVENT_VNC_INITIALIZED: 322 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 323 break; 324 case QAPI_EVENT_VNC_DISCONNECTED: 325 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 326 break; 327 default: 328 break; 329 } 330 331 qapi_free_VncServerInfo(si); 332 } 333 334 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 335 { 336 struct sockaddr_storage sa; 337 socklen_t salen = sizeof(sa); 338 char host[NI_MAXHOST]; 339 char serv[NI_MAXSERV]; 340 VncClientInfo *info; 341 342 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 343 return NULL; 344 } 345 346 if (getnameinfo((struct sockaddr *)&sa, salen, 347 host, sizeof(host), 348 serv, sizeof(serv), 349 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 350 return NULL; 351 } 352 353 info = g_malloc0(sizeof(*info)); 354 info->base = g_malloc0(sizeof(*info->base)); 355 info->base->host = g_strdup(host); 356 info->base->service = g_strdup(serv); 357 info->base->family = inet_netfamily(sa.ss_family); 358 #ifdef CONFIG_VNC_WS 359 info->base->websocket = client->websocket; 360 #endif 361 362 #ifdef CONFIG_VNC_TLS 363 if (client->tls.session && client->tls.dname) { 364 info->has_x509_dname = true; 365 info->x509_dname = g_strdup(client->tls.dname); 366 } 367 #endif 368 #ifdef CONFIG_VNC_SASL 369 if (client->sasl.conn && client->sasl.username) { 370 info->has_sasl_username = true; 371 info->sasl_username = g_strdup(client->sasl.username); 372 } 373 #endif 374 375 return info; 376 } 377 378 static VncDisplay *vnc_display_find(const char *id) 379 { 380 VncDisplay *vd; 381 382 if (id == NULL) { 383 return QTAILQ_FIRST(&vnc_displays); 384 } 385 QTAILQ_FOREACH(vd, &vnc_displays, next) { 386 if (strcmp(id, vd->id) == 0) { 387 return vd; 388 } 389 } 390 return NULL; 391 } 392 393 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 394 { 395 VncClientInfoList *cinfo, *prev = NULL; 396 VncState *client; 397 398 QTAILQ_FOREACH(client, &vd->clients, next) { 399 cinfo = g_new0(VncClientInfoList, 1); 400 cinfo->value = qmp_query_vnc_client(client); 401 cinfo->next = prev; 402 prev = cinfo; 403 } 404 return prev; 405 } 406 407 VncInfo *qmp_query_vnc(Error **errp) 408 { 409 VncInfo *info = g_malloc0(sizeof(*info)); 410 VncDisplay *vd = vnc_display_find(NULL); 411 412 if (vd == NULL || !vd->enabled) { 413 info->enabled = false; 414 } else { 415 struct sockaddr_storage sa; 416 socklen_t salen = sizeof(sa); 417 char host[NI_MAXHOST]; 418 char serv[NI_MAXSERV]; 419 420 info->enabled = true; 421 422 /* for compatibility with the original command */ 423 info->has_clients = true; 424 info->clients = qmp_query_client_list(vd); 425 426 if (vd->lsock == -1) { 427 return info; 428 } 429 430 if (getsockname(vd->lsock, (struct sockaddr *)&sa, 431 &salen) == -1) { 432 error_setg(errp, QERR_UNDEFINED_ERROR); 433 goto out_error; 434 } 435 436 if (getnameinfo((struct sockaddr *)&sa, salen, 437 host, sizeof(host), 438 serv, sizeof(serv), 439 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 440 error_setg(errp, QERR_UNDEFINED_ERROR); 441 goto out_error; 442 } 443 444 info->has_host = true; 445 info->host = g_strdup(host); 446 447 info->has_service = true; 448 info->service = g_strdup(serv); 449 450 info->has_family = true; 451 info->family = inet_netfamily(sa.ss_family); 452 453 info->has_auth = true; 454 info->auth = g_strdup(vnc_auth_name(vd)); 455 } 456 457 return info; 458 459 out_error: 460 qapi_free_VncInfo(info); 461 return NULL; 462 } 463 464 static VncBasicInfoList *qmp_query_server_entry(int socket, 465 bool websocket, 466 VncBasicInfoList *prev) 467 { 468 VncBasicInfoList *list; 469 VncBasicInfo *info; 470 struct sockaddr_storage sa; 471 socklen_t salen = sizeof(sa); 472 char host[NI_MAXHOST]; 473 char serv[NI_MAXSERV]; 474 475 if (getsockname(socket, (struct sockaddr *)&sa, &salen) < 0 || 476 getnameinfo((struct sockaddr *)&sa, salen, 477 host, sizeof(host), serv, sizeof(serv), 478 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 479 return prev; 480 } 481 482 info = g_new0(VncBasicInfo, 1); 483 info->host = g_strdup(host); 484 info->service = g_strdup(serv); 485 info->family = inet_netfamily(sa.ss_family); 486 info->websocket = websocket; 487 488 list = g_new0(VncBasicInfoList, 1); 489 list->value = info; 490 list->next = prev; 491 return list; 492 } 493 494 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info) 495 { 496 switch (vd->auth) { 497 case VNC_AUTH_VNC: 498 info->auth = VNC_PRIMARY_AUTH_VNC; 499 break; 500 case VNC_AUTH_RA2: 501 info->auth = VNC_PRIMARY_AUTH_RA2; 502 break; 503 case VNC_AUTH_RA2NE: 504 info->auth = VNC_PRIMARY_AUTH_RA2NE; 505 break; 506 case VNC_AUTH_TIGHT: 507 info->auth = VNC_PRIMARY_AUTH_TIGHT; 508 break; 509 case VNC_AUTH_ULTRA: 510 info->auth = VNC_PRIMARY_AUTH_ULTRA; 511 break; 512 case VNC_AUTH_TLS: 513 info->auth = VNC_PRIMARY_AUTH_TLS; 514 break; 515 case VNC_AUTH_VENCRYPT: 516 info->auth = VNC_PRIMARY_AUTH_VENCRYPT; 517 #ifdef CONFIG_VNC_TLS 518 info->has_vencrypt = true; 519 switch (vd->subauth) { 520 case VNC_AUTH_VENCRYPT_PLAIN: 521 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 522 break; 523 case VNC_AUTH_VENCRYPT_TLSNONE: 524 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 525 break; 526 case VNC_AUTH_VENCRYPT_TLSVNC: 527 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 528 break; 529 case VNC_AUTH_VENCRYPT_TLSPLAIN: 530 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 531 break; 532 case VNC_AUTH_VENCRYPT_X509NONE: 533 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 534 break; 535 case VNC_AUTH_VENCRYPT_X509VNC: 536 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 537 break; 538 case VNC_AUTH_VENCRYPT_X509PLAIN: 539 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 540 break; 541 case VNC_AUTH_VENCRYPT_TLSSASL: 542 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 543 break; 544 case VNC_AUTH_VENCRYPT_X509SASL: 545 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 546 break; 547 default: 548 info->has_vencrypt = false; 549 break; 550 } 551 #endif 552 break; 553 case VNC_AUTH_SASL: 554 info->auth = VNC_PRIMARY_AUTH_SASL; 555 break; 556 case VNC_AUTH_NONE: 557 default: 558 info->auth = VNC_PRIMARY_AUTH_NONE; 559 break; 560 } 561 } 562 563 VncInfo2List *qmp_query_vnc_servers(Error **errp) 564 { 565 VncInfo2List *item, *prev = NULL; 566 VncInfo2 *info; 567 VncDisplay *vd; 568 DeviceState *dev; 569 570 QTAILQ_FOREACH(vd, &vnc_displays, next) { 571 info = g_new0(VncInfo2, 1); 572 info->id = g_strdup(vd->id); 573 info->clients = qmp_query_client_list(vd); 574 qmp_query_auth(vd, info); 575 if (vd->dcl.con) { 576 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 577 "device", NULL)); 578 info->has_display = true; 579 info->display = g_strdup(dev->id); 580 } 581 if (vd->lsock != -1) { 582 info->server = qmp_query_server_entry(vd->lsock, false, 583 info->server); 584 } 585 #ifdef CONFIG_VNC_WS 586 if (vd->lwebsock != -1) { 587 info->server = qmp_query_server_entry(vd->lwebsock, true, 588 info->server); 589 } 590 #endif 591 592 item = g_new0(VncInfo2List, 1); 593 item->value = info; 594 item->next = prev; 595 prev = item; 596 } 597 return prev; 598 } 599 600 /* TODO 601 1) Get the queue working for IO. 602 2) there is some weirdness when using the -S option (the screen is grey 603 and not totally invalidated 604 3) resolutions > 1024 605 */ 606 607 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 608 static void vnc_disconnect_start(VncState *vs); 609 610 static void vnc_colordepth(VncState *vs); 611 static void framebuffer_update_request(VncState *vs, int incremental, 612 int x_position, int y_position, 613 int w, int h); 614 static void vnc_refresh(DisplayChangeListener *dcl); 615 static int vnc_refresh_server_surface(VncDisplay *vd); 616 617 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 618 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 619 int width, int height, 620 int x, int y, int w, int h) { 621 /* this is needed this to ensure we updated all affected 622 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 623 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 624 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 625 626 x = MIN(x, width); 627 y = MIN(y, height); 628 w = MIN(x + w, width) - x; 629 h = MIN(y + h, height); 630 631 for (; y < h; y++) { 632 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 633 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 634 } 635 } 636 637 static void vnc_dpy_update(DisplayChangeListener *dcl, 638 int x, int y, int w, int h) 639 { 640 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 641 struct VncSurface *s = &vd->guest; 642 int width = pixman_image_get_width(vd->server); 643 int height = pixman_image_get_height(vd->server); 644 645 vnc_set_area_dirty(s->dirty, width, height, x, y, w, h); 646 } 647 648 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 649 int32_t encoding) 650 { 651 vnc_write_u16(vs, x); 652 vnc_write_u16(vs, y); 653 vnc_write_u16(vs, w); 654 vnc_write_u16(vs, h); 655 656 vnc_write_s32(vs, encoding); 657 } 658 659 void buffer_reserve(Buffer *buffer, size_t len) 660 { 661 if ((buffer->capacity - buffer->offset) < len) { 662 buffer->capacity += (len + 1024); 663 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 664 } 665 } 666 667 static int buffer_empty(Buffer *buffer) 668 { 669 return buffer->offset == 0; 670 } 671 672 uint8_t *buffer_end(Buffer *buffer) 673 { 674 return buffer->buffer + buffer->offset; 675 } 676 677 void buffer_reset(Buffer *buffer) 678 { 679 buffer->offset = 0; 680 } 681 682 void buffer_free(Buffer *buffer) 683 { 684 g_free(buffer->buffer); 685 buffer->offset = 0; 686 buffer->capacity = 0; 687 buffer->buffer = NULL; 688 } 689 690 void buffer_append(Buffer *buffer, const void *data, size_t len) 691 { 692 memcpy(buffer->buffer + buffer->offset, data, len); 693 buffer->offset += len; 694 } 695 696 void buffer_advance(Buffer *buf, size_t len) 697 { 698 memmove(buf->buffer, buf->buffer + len, 699 (buf->offset - len)); 700 buf->offset -= len; 701 } 702 703 static void vnc_desktop_resize(VncState *vs) 704 { 705 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 706 return; 707 } 708 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 709 vs->client_height == pixman_image_get_height(vs->vd->server)) { 710 return; 711 } 712 vs->client_width = pixman_image_get_width(vs->vd->server); 713 vs->client_height = pixman_image_get_height(vs->vd->server); 714 vnc_lock_output(vs); 715 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 716 vnc_write_u8(vs, 0); 717 vnc_write_u16(vs, 1); /* number of rects */ 718 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 719 VNC_ENCODING_DESKTOPRESIZE); 720 vnc_unlock_output(vs); 721 vnc_flush(vs); 722 } 723 724 static void vnc_abort_display_jobs(VncDisplay *vd) 725 { 726 VncState *vs; 727 728 QTAILQ_FOREACH(vs, &vd->clients, next) { 729 vnc_lock_output(vs); 730 vs->abort = true; 731 vnc_unlock_output(vs); 732 } 733 QTAILQ_FOREACH(vs, &vd->clients, next) { 734 vnc_jobs_join(vs); 735 } 736 QTAILQ_FOREACH(vs, &vd->clients, next) { 737 vnc_lock_output(vs); 738 vs->abort = false; 739 vnc_unlock_output(vs); 740 } 741 } 742 743 int vnc_server_fb_stride(VncDisplay *vd) 744 { 745 return pixman_image_get_stride(vd->server); 746 } 747 748 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 749 { 750 uint8_t *ptr; 751 752 ptr = (uint8_t *)pixman_image_get_data(vd->server); 753 ptr += y * vnc_server_fb_stride(vd); 754 ptr += x * VNC_SERVER_FB_BYTES; 755 return ptr; 756 } 757 758 static void vnc_dpy_switch(DisplayChangeListener *dcl, 759 DisplaySurface *surface) 760 { 761 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 762 VncState *vs; 763 int width, height; 764 765 vnc_abort_display_jobs(vd); 766 767 /* server surface */ 768 qemu_pixman_image_unref(vd->server); 769 vd->ds = surface; 770 width = MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 771 VNC_DIRTY_PIXELS_PER_BIT)); 772 height = MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 773 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 774 width, height, NULL, 0); 775 776 /* guest surface */ 777 #if 0 /* FIXME */ 778 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 779 console_color_init(ds); 780 #endif 781 qemu_pixman_image_unref(vd->guest.fb); 782 vd->guest.fb = pixman_image_ref(surface->image); 783 vd->guest.format = surface->format; 784 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 785 vnc_set_area_dirty(vd->guest.dirty, width, height, 0, 0, 786 width, height); 787 788 QTAILQ_FOREACH(vs, &vd->clients, next) { 789 vnc_colordepth(vs); 790 vnc_desktop_resize(vs); 791 if (vs->vd->cursor) { 792 vnc_cursor_define(vs); 793 } 794 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 795 vnc_set_area_dirty(vs->dirty, width, height, 0, 0, 796 width, height); 797 } 798 } 799 800 /* fastest code */ 801 static void vnc_write_pixels_copy(VncState *vs, 802 void *pixels, int size) 803 { 804 vnc_write(vs, pixels, size); 805 } 806 807 /* slowest but generic code. */ 808 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 809 { 810 uint8_t r, g, b; 811 812 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 813 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 814 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 815 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 816 #else 817 # error need some bits here if you change VNC_SERVER_FB_FORMAT 818 #endif 819 v = (r << vs->client_pf.rshift) | 820 (g << vs->client_pf.gshift) | 821 (b << vs->client_pf.bshift); 822 switch (vs->client_pf.bytes_per_pixel) { 823 case 1: 824 buf[0] = v; 825 break; 826 case 2: 827 if (vs->client_be) { 828 buf[0] = v >> 8; 829 buf[1] = v; 830 } else { 831 buf[1] = v >> 8; 832 buf[0] = v; 833 } 834 break; 835 default: 836 case 4: 837 if (vs->client_be) { 838 buf[0] = v >> 24; 839 buf[1] = v >> 16; 840 buf[2] = v >> 8; 841 buf[3] = v; 842 } else { 843 buf[3] = v >> 24; 844 buf[2] = v >> 16; 845 buf[1] = v >> 8; 846 buf[0] = v; 847 } 848 break; 849 } 850 } 851 852 static void vnc_write_pixels_generic(VncState *vs, 853 void *pixels1, int size) 854 { 855 uint8_t buf[4]; 856 857 if (VNC_SERVER_FB_BYTES == 4) { 858 uint32_t *pixels = pixels1; 859 int n, i; 860 n = size >> 2; 861 for (i = 0; i < n; i++) { 862 vnc_convert_pixel(vs, buf, pixels[i]); 863 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 864 } 865 } 866 } 867 868 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 869 { 870 int i; 871 uint8_t *row; 872 VncDisplay *vd = vs->vd; 873 874 row = vnc_server_fb_ptr(vd, x, y); 875 for (i = 0; i < h; i++) { 876 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 877 row += vnc_server_fb_stride(vd); 878 } 879 return 1; 880 } 881 882 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 883 { 884 int n = 0; 885 886 switch(vs->vnc_encoding) { 887 case VNC_ENCODING_ZLIB: 888 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 889 break; 890 case VNC_ENCODING_HEXTILE: 891 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 892 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 893 break; 894 case VNC_ENCODING_TIGHT: 895 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 896 break; 897 case VNC_ENCODING_TIGHT_PNG: 898 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 899 break; 900 case VNC_ENCODING_ZRLE: 901 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 902 break; 903 case VNC_ENCODING_ZYWRLE: 904 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 905 break; 906 default: 907 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 908 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 909 break; 910 } 911 return n; 912 } 913 914 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 915 { 916 /* send bitblit op to the vnc client */ 917 vnc_lock_output(vs); 918 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 919 vnc_write_u8(vs, 0); 920 vnc_write_u16(vs, 1); /* number of rects */ 921 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 922 vnc_write_u16(vs, src_x); 923 vnc_write_u16(vs, src_y); 924 vnc_unlock_output(vs); 925 vnc_flush(vs); 926 } 927 928 static void vnc_dpy_copy(DisplayChangeListener *dcl, 929 int src_x, int src_y, 930 int dst_x, int dst_y, int w, int h) 931 { 932 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 933 VncState *vs, *vn; 934 uint8_t *src_row; 935 uint8_t *dst_row; 936 int i, x, y, pitch, inc, w_lim, s; 937 int cmp_bytes; 938 939 vnc_refresh_server_surface(vd); 940 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 941 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 942 vs->force_update = 1; 943 vnc_update_client(vs, 1, true); 944 /* vs might be free()ed here */ 945 } 946 } 947 948 /* do bitblit op on the local surface too */ 949 pitch = vnc_server_fb_stride(vd); 950 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 951 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 952 y = dst_y; 953 inc = 1; 954 if (dst_y > src_y) { 955 /* copy backwards */ 956 src_row += pitch * (h-1); 957 dst_row += pitch * (h-1); 958 pitch = -pitch; 959 y = dst_y + h - 1; 960 inc = -1; 961 } 962 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 963 if (w_lim < 0) { 964 w_lim = w; 965 } else { 966 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 967 } 968 for (i = 0; i < h; i++) { 969 for (x = 0; x <= w_lim; 970 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 971 if (x == w_lim) { 972 if ((s = w - w_lim) == 0) 973 break; 974 } else if (!x) { 975 s = (VNC_DIRTY_PIXELS_PER_BIT - 976 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 977 s = MIN(s, w_lim); 978 } else { 979 s = VNC_DIRTY_PIXELS_PER_BIT; 980 } 981 cmp_bytes = s * VNC_SERVER_FB_BYTES; 982 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 983 continue; 984 memmove(dst_row, src_row, cmp_bytes); 985 QTAILQ_FOREACH(vs, &vd->clients, next) { 986 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 987 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 988 vs->dirty[y]); 989 } 990 } 991 } 992 src_row += pitch - w * VNC_SERVER_FB_BYTES; 993 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 994 y += inc; 995 } 996 997 QTAILQ_FOREACH(vs, &vd->clients, next) { 998 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 999 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 1000 } 1001 } 1002 } 1003 1004 static void vnc_mouse_set(DisplayChangeListener *dcl, 1005 int x, int y, int visible) 1006 { 1007 /* can we ask the client(s) to move the pointer ??? */ 1008 } 1009 1010 static int vnc_cursor_define(VncState *vs) 1011 { 1012 QEMUCursor *c = vs->vd->cursor; 1013 int isize; 1014 1015 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 1016 vnc_lock_output(vs); 1017 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1018 vnc_write_u8(vs, 0); /* padding */ 1019 vnc_write_u16(vs, 1); /* # of rects */ 1020 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1021 VNC_ENCODING_RICH_CURSOR); 1022 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 1023 vnc_write_pixels_generic(vs, c->data, isize); 1024 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 1025 vnc_unlock_output(vs); 1026 return 0; 1027 } 1028 return -1; 1029 } 1030 1031 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 1032 QEMUCursor *c) 1033 { 1034 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 1035 VncState *vs; 1036 1037 cursor_put(vd->cursor); 1038 g_free(vd->cursor_mask); 1039 1040 vd->cursor = c; 1041 cursor_get(vd->cursor); 1042 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1043 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1044 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1045 1046 QTAILQ_FOREACH(vs, &vd->clients, next) { 1047 vnc_cursor_define(vs); 1048 } 1049 } 1050 1051 static int find_and_clear_dirty_height(VncState *vs, 1052 int y, int last_x, int x, int height) 1053 { 1054 int h; 1055 1056 for (h = 1; h < (height - y); h++) { 1057 if (!test_bit(last_x, vs->dirty[y + h])) { 1058 break; 1059 } 1060 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1061 } 1062 1063 return h; 1064 } 1065 1066 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 1067 { 1068 vs->has_dirty += has_dirty; 1069 if (vs->need_update && vs->csock != -1) { 1070 VncDisplay *vd = vs->vd; 1071 VncJob *job; 1072 int y; 1073 int height, width; 1074 int n = 0; 1075 1076 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 1077 /* kernel send buffers are full -> drop frames to throttle */ 1078 return 0; 1079 1080 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 1081 return 0; 1082 1083 /* 1084 * Send screen updates to the vnc client using the server 1085 * surface and server dirty map. guest surface updates 1086 * happening in parallel don't disturb us, the next pass will 1087 * send them to the client. 1088 */ 1089 job = vnc_job_new(vs); 1090 1091 height = pixman_image_get_height(vd->server); 1092 width = pixman_image_get_width(vd->server); 1093 1094 y = 0; 1095 for (;;) { 1096 int x, h; 1097 unsigned long x2; 1098 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1099 height * VNC_DIRTY_BPL(vs), 1100 y * VNC_DIRTY_BPL(vs)); 1101 if (offset == height * VNC_DIRTY_BPL(vs)) { 1102 /* no more dirty bits */ 1103 break; 1104 } 1105 y = offset / VNC_DIRTY_BPL(vs); 1106 x = offset % VNC_DIRTY_BPL(vs); 1107 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1108 VNC_DIRTY_BPL(vs), x); 1109 bitmap_clear(vs->dirty[y], x, x2 - x); 1110 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1111 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1112 if (x2 > x) { 1113 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1114 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1115 } 1116 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1117 y += h; 1118 if (y == height) { 1119 break; 1120 } 1121 } 1122 } 1123 1124 vnc_job_push(job); 1125 if (sync) { 1126 vnc_jobs_join(vs); 1127 } 1128 vs->force_update = 0; 1129 vs->has_dirty = 0; 1130 return n; 1131 } 1132 1133 if (vs->csock == -1) { 1134 vnc_disconnect_finish(vs); 1135 } else if (sync) { 1136 vnc_jobs_join(vs); 1137 } 1138 1139 return 0; 1140 } 1141 1142 /* audio */ 1143 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1144 { 1145 VncState *vs = opaque; 1146 1147 switch (cmd) { 1148 case AUD_CNOTIFY_DISABLE: 1149 vnc_lock_output(vs); 1150 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1151 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1152 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1153 vnc_unlock_output(vs); 1154 vnc_flush(vs); 1155 break; 1156 1157 case AUD_CNOTIFY_ENABLE: 1158 vnc_lock_output(vs); 1159 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1160 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1161 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1162 vnc_unlock_output(vs); 1163 vnc_flush(vs); 1164 break; 1165 } 1166 } 1167 1168 static void audio_capture_destroy(void *opaque) 1169 { 1170 } 1171 1172 static void audio_capture(void *opaque, void *buf, int size) 1173 { 1174 VncState *vs = opaque; 1175 1176 vnc_lock_output(vs); 1177 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1178 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1179 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1180 vnc_write_u32(vs, size); 1181 vnc_write(vs, buf, size); 1182 vnc_unlock_output(vs); 1183 vnc_flush(vs); 1184 } 1185 1186 static void audio_add(VncState *vs) 1187 { 1188 struct audio_capture_ops ops; 1189 1190 if (vs->audio_cap) { 1191 error_report("audio already running"); 1192 return; 1193 } 1194 1195 ops.notify = audio_capture_notify; 1196 ops.destroy = audio_capture_destroy; 1197 ops.capture = audio_capture; 1198 1199 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1200 if (!vs->audio_cap) { 1201 error_report("Failed to add audio capture"); 1202 } 1203 } 1204 1205 static void audio_del(VncState *vs) 1206 { 1207 if (vs->audio_cap) { 1208 AUD_del_capture(vs->audio_cap, vs); 1209 vs->audio_cap = NULL; 1210 } 1211 } 1212 1213 static void vnc_disconnect_start(VncState *vs) 1214 { 1215 if (vs->csock == -1) 1216 return; 1217 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1218 qemu_set_fd_handler(vs->csock, NULL, NULL, NULL); 1219 closesocket(vs->csock); 1220 vs->csock = -1; 1221 } 1222 1223 void vnc_disconnect_finish(VncState *vs) 1224 { 1225 int i; 1226 1227 vnc_jobs_join(vs); /* Wait encoding jobs */ 1228 1229 vnc_lock_output(vs); 1230 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1231 1232 buffer_free(&vs->input); 1233 buffer_free(&vs->output); 1234 #ifdef CONFIG_VNC_WS 1235 buffer_free(&vs->ws_input); 1236 buffer_free(&vs->ws_output); 1237 #endif /* CONFIG_VNC_WS */ 1238 1239 qapi_free_VncClientInfo(vs->info); 1240 1241 vnc_zlib_clear(vs); 1242 vnc_tight_clear(vs); 1243 vnc_zrle_clear(vs); 1244 1245 #ifdef CONFIG_VNC_TLS 1246 vnc_tls_client_cleanup(vs); 1247 #endif /* CONFIG_VNC_TLS */ 1248 #ifdef CONFIG_VNC_SASL 1249 vnc_sasl_client_cleanup(vs); 1250 #endif /* CONFIG_VNC_SASL */ 1251 audio_del(vs); 1252 vnc_release_modifiers(vs); 1253 1254 if (vs->initialized) { 1255 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1256 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1257 } 1258 1259 if (vs->vd->lock_key_sync) 1260 qemu_remove_led_event_handler(vs->led); 1261 vnc_unlock_output(vs); 1262 1263 qemu_mutex_destroy(&vs->output_mutex); 1264 if (vs->bh != NULL) { 1265 qemu_bh_delete(vs->bh); 1266 } 1267 buffer_free(&vs->jobs_buffer); 1268 1269 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1270 g_free(vs->lossy_rect[i]); 1271 } 1272 g_free(vs->lossy_rect); 1273 g_free(vs); 1274 } 1275 1276 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1277 { 1278 if (ret == 0 || ret == -1) { 1279 if (ret == -1) { 1280 switch (last_errno) { 1281 case EINTR: 1282 case EAGAIN: 1283 #ifdef _WIN32 1284 case WSAEWOULDBLOCK: 1285 #endif 1286 return 0; 1287 default: 1288 break; 1289 } 1290 } 1291 1292 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1293 ret, ret < 0 ? last_errno : 0); 1294 vnc_disconnect_start(vs); 1295 1296 return 0; 1297 } 1298 return ret; 1299 } 1300 1301 1302 void vnc_client_error(VncState *vs) 1303 { 1304 VNC_DEBUG("Closing down client sock: protocol error\n"); 1305 vnc_disconnect_start(vs); 1306 } 1307 1308 #ifdef CONFIG_VNC_TLS 1309 static long vnc_client_write_tls(gnutls_session_t *session, 1310 const uint8_t *data, 1311 size_t datalen) 1312 { 1313 long ret = gnutls_write(*session, data, datalen); 1314 if (ret < 0) { 1315 if (ret == GNUTLS_E_AGAIN) { 1316 errno = EAGAIN; 1317 } else { 1318 errno = EIO; 1319 } 1320 ret = -1; 1321 } 1322 return ret; 1323 } 1324 #endif /* CONFIG_VNC_TLS */ 1325 1326 /* 1327 * Called to write a chunk of data to the client socket. The data may 1328 * be the raw data, or may have already been encoded by SASL. 1329 * The data will be written either straight onto the socket, or 1330 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1331 * 1332 * NB, it is theoretically possible to have 2 layers of encryption, 1333 * both SASL, and this TLS layer. It is highly unlikely in practice 1334 * though, since SASL encryption will typically be a no-op if TLS 1335 * is active 1336 * 1337 * Returns the number of bytes written, which may be less than 1338 * the requested 'datalen' if the socket would block. Returns 1339 * -1 on error, and disconnects the client socket. 1340 */ 1341 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1342 { 1343 long ret; 1344 #ifdef CONFIG_VNC_TLS 1345 if (vs->tls.session) { 1346 ret = vnc_client_write_tls(&vs->tls.session, data, datalen); 1347 } else { 1348 #endif /* CONFIG_VNC_TLS */ 1349 ret = send(vs->csock, (const void *)data, datalen, 0); 1350 #ifdef CONFIG_VNC_TLS 1351 } 1352 #endif /* CONFIG_VNC_TLS */ 1353 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1354 return vnc_client_io_error(vs, ret, socket_error()); 1355 } 1356 1357 1358 /* 1359 * Called to write buffered data to the client socket, when not 1360 * using any SASL SSF encryption layers. Will write as much data 1361 * as possible without blocking. If all buffered data is written, 1362 * will switch the FD poll() handler back to read monitoring. 1363 * 1364 * Returns the number of bytes written, which may be less than 1365 * the buffered output data if the socket would block. Returns 1366 * -1 on error, and disconnects the client socket. 1367 */ 1368 static long vnc_client_write_plain(VncState *vs) 1369 { 1370 long ret; 1371 1372 #ifdef CONFIG_VNC_SASL 1373 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1374 vs->output.buffer, vs->output.capacity, vs->output.offset, 1375 vs->sasl.waitWriteSSF); 1376 1377 if (vs->sasl.conn && 1378 vs->sasl.runSSF && 1379 vs->sasl.waitWriteSSF) { 1380 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1381 if (ret) 1382 vs->sasl.waitWriteSSF -= ret; 1383 } else 1384 #endif /* CONFIG_VNC_SASL */ 1385 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1386 if (!ret) 1387 return 0; 1388 1389 buffer_advance(&vs->output, ret); 1390 1391 if (vs->output.offset == 0) { 1392 qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); 1393 } 1394 1395 return ret; 1396 } 1397 1398 1399 /* 1400 * First function called whenever there is data to be written to 1401 * the client socket. Will delegate actual work according to whether 1402 * SASL SSF layers are enabled (thus requiring encryption calls) 1403 */ 1404 static void vnc_client_write_locked(void *opaque) 1405 { 1406 VncState *vs = opaque; 1407 1408 #ifdef CONFIG_VNC_SASL 1409 if (vs->sasl.conn && 1410 vs->sasl.runSSF && 1411 !vs->sasl.waitWriteSSF) { 1412 vnc_client_write_sasl(vs); 1413 } else 1414 #endif /* CONFIG_VNC_SASL */ 1415 { 1416 #ifdef CONFIG_VNC_WS 1417 if (vs->encode_ws) { 1418 vnc_client_write_ws(vs); 1419 } else 1420 #endif /* CONFIG_VNC_WS */ 1421 { 1422 vnc_client_write_plain(vs); 1423 } 1424 } 1425 } 1426 1427 void vnc_client_write(void *opaque) 1428 { 1429 VncState *vs = opaque; 1430 1431 vnc_lock_output(vs); 1432 if (vs->output.offset 1433 #ifdef CONFIG_VNC_WS 1434 || vs->ws_output.offset 1435 #endif 1436 ) { 1437 vnc_client_write_locked(opaque); 1438 } else if (vs->csock != -1) { 1439 qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); 1440 } 1441 vnc_unlock_output(vs); 1442 } 1443 1444 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1445 { 1446 vs->read_handler = func; 1447 vs->read_handler_expect = expecting; 1448 } 1449 1450 #ifdef CONFIG_VNC_TLS 1451 static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data, 1452 size_t datalen) 1453 { 1454 long ret = gnutls_read(*session, data, datalen); 1455 if (ret < 0) { 1456 if (ret == GNUTLS_E_AGAIN) { 1457 errno = EAGAIN; 1458 } else { 1459 errno = EIO; 1460 } 1461 ret = -1; 1462 } 1463 return ret; 1464 } 1465 #endif /* CONFIG_VNC_TLS */ 1466 1467 /* 1468 * Called to read a chunk of data from the client socket. The data may 1469 * be the raw data, or may need to be further decoded by SASL. 1470 * The data will be read either straight from to the socket, or 1471 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1472 * 1473 * NB, it is theoretically possible to have 2 layers of encryption, 1474 * both SASL, and this TLS layer. It is highly unlikely in practice 1475 * though, since SASL encryption will typically be a no-op if TLS 1476 * is active 1477 * 1478 * Returns the number of bytes read, which may be less than 1479 * the requested 'datalen' if the socket would block. Returns 1480 * -1 on error, and disconnects the client socket. 1481 */ 1482 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1483 { 1484 long ret; 1485 #ifdef CONFIG_VNC_TLS 1486 if (vs->tls.session) { 1487 ret = vnc_client_read_tls(&vs->tls.session, data, datalen); 1488 } else { 1489 #endif /* CONFIG_VNC_TLS */ 1490 ret = qemu_recv(vs->csock, data, datalen, 0); 1491 #ifdef CONFIG_VNC_TLS 1492 } 1493 #endif /* CONFIG_VNC_TLS */ 1494 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1495 return vnc_client_io_error(vs, ret, socket_error()); 1496 } 1497 1498 1499 /* 1500 * Called to read data from the client socket to the input buffer, 1501 * when not using any SASL SSF encryption layers. Will read as much 1502 * data as possible without blocking. 1503 * 1504 * Returns the number of bytes read. Returns -1 on error, and 1505 * disconnects the client socket. 1506 */ 1507 static long vnc_client_read_plain(VncState *vs) 1508 { 1509 int ret; 1510 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1511 vs->input.buffer, vs->input.capacity, vs->input.offset); 1512 buffer_reserve(&vs->input, 4096); 1513 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1514 if (!ret) 1515 return 0; 1516 vs->input.offset += ret; 1517 return ret; 1518 } 1519 1520 static void vnc_jobs_bh(void *opaque) 1521 { 1522 VncState *vs = opaque; 1523 1524 vnc_jobs_consume_buffer(vs); 1525 } 1526 1527 /* 1528 * First function called whenever there is more data to be read from 1529 * the client socket. Will delegate actual work according to whether 1530 * SASL SSF layers are enabled (thus requiring decryption calls) 1531 */ 1532 void vnc_client_read(void *opaque) 1533 { 1534 VncState *vs = opaque; 1535 long ret; 1536 1537 #ifdef CONFIG_VNC_SASL 1538 if (vs->sasl.conn && vs->sasl.runSSF) 1539 ret = vnc_client_read_sasl(vs); 1540 else 1541 #endif /* CONFIG_VNC_SASL */ 1542 #ifdef CONFIG_VNC_WS 1543 if (vs->encode_ws) { 1544 ret = vnc_client_read_ws(vs); 1545 if (ret == -1) { 1546 vnc_disconnect_start(vs); 1547 return; 1548 } else if (ret == -2) { 1549 vnc_client_error(vs); 1550 return; 1551 } 1552 } else 1553 #endif /* CONFIG_VNC_WS */ 1554 { 1555 ret = vnc_client_read_plain(vs); 1556 } 1557 if (!ret) { 1558 if (vs->csock == -1) 1559 vnc_disconnect_finish(vs); 1560 return; 1561 } 1562 1563 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1564 size_t len = vs->read_handler_expect; 1565 int ret; 1566 1567 ret = vs->read_handler(vs, vs->input.buffer, len); 1568 if (vs->csock == -1) { 1569 vnc_disconnect_finish(vs); 1570 return; 1571 } 1572 1573 if (!ret) { 1574 buffer_advance(&vs->input, len); 1575 } else { 1576 vs->read_handler_expect = ret; 1577 } 1578 } 1579 } 1580 1581 void vnc_write(VncState *vs, const void *data, size_t len) 1582 { 1583 buffer_reserve(&vs->output, len); 1584 1585 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1586 qemu_set_fd_handler(vs->csock, vnc_client_read, vnc_client_write, vs); 1587 } 1588 1589 buffer_append(&vs->output, data, len); 1590 } 1591 1592 void vnc_write_s32(VncState *vs, int32_t value) 1593 { 1594 vnc_write_u32(vs, *(uint32_t *)&value); 1595 } 1596 1597 void vnc_write_u32(VncState *vs, uint32_t value) 1598 { 1599 uint8_t buf[4]; 1600 1601 buf[0] = (value >> 24) & 0xFF; 1602 buf[1] = (value >> 16) & 0xFF; 1603 buf[2] = (value >> 8) & 0xFF; 1604 buf[3] = value & 0xFF; 1605 1606 vnc_write(vs, buf, 4); 1607 } 1608 1609 void vnc_write_u16(VncState *vs, uint16_t value) 1610 { 1611 uint8_t buf[2]; 1612 1613 buf[0] = (value >> 8) & 0xFF; 1614 buf[1] = value & 0xFF; 1615 1616 vnc_write(vs, buf, 2); 1617 } 1618 1619 void vnc_write_u8(VncState *vs, uint8_t value) 1620 { 1621 vnc_write(vs, (char *)&value, 1); 1622 } 1623 1624 void vnc_flush(VncState *vs) 1625 { 1626 vnc_lock_output(vs); 1627 if (vs->csock != -1 && (vs->output.offset 1628 #ifdef CONFIG_VNC_WS 1629 || vs->ws_output.offset 1630 #endif 1631 )) { 1632 vnc_client_write_locked(vs); 1633 } 1634 vnc_unlock_output(vs); 1635 } 1636 1637 static uint8_t read_u8(uint8_t *data, size_t offset) 1638 { 1639 return data[offset]; 1640 } 1641 1642 static uint16_t read_u16(uint8_t *data, size_t offset) 1643 { 1644 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1645 } 1646 1647 static int32_t read_s32(uint8_t *data, size_t offset) 1648 { 1649 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1650 (data[offset + 2] << 8) | data[offset + 3]); 1651 } 1652 1653 uint32_t read_u32(uint8_t *data, size_t offset) 1654 { 1655 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1656 (data[offset + 2] << 8) | data[offset + 3]); 1657 } 1658 1659 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1660 { 1661 } 1662 1663 static void check_pointer_type_change(Notifier *notifier, void *data) 1664 { 1665 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1666 int absolute = qemu_input_is_absolute(); 1667 1668 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1669 vnc_lock_output(vs); 1670 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1671 vnc_write_u8(vs, 0); 1672 vnc_write_u16(vs, 1); 1673 vnc_framebuffer_update(vs, absolute, 0, 1674 pixman_image_get_width(vs->vd->server), 1675 pixman_image_get_height(vs->vd->server), 1676 VNC_ENCODING_POINTER_TYPE_CHANGE); 1677 vnc_unlock_output(vs); 1678 vnc_flush(vs); 1679 } 1680 vs->absolute = absolute; 1681 } 1682 1683 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1684 { 1685 static uint32_t bmap[INPUT_BUTTON_MAX] = { 1686 [INPUT_BUTTON_LEFT] = 0x01, 1687 [INPUT_BUTTON_MIDDLE] = 0x02, 1688 [INPUT_BUTTON_RIGHT] = 0x04, 1689 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1690 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1691 }; 1692 QemuConsole *con = vs->vd->dcl.con; 1693 int width = pixman_image_get_width(vs->vd->server); 1694 int height = pixman_image_get_height(vs->vd->server); 1695 1696 if (vs->last_bmask != button_mask) { 1697 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1698 vs->last_bmask = button_mask; 1699 } 1700 1701 if (vs->absolute) { 1702 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1703 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1704 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1705 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1706 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1707 } else { 1708 if (vs->last_x != -1) { 1709 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1710 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1711 } 1712 vs->last_x = x; 1713 vs->last_y = y; 1714 } 1715 qemu_input_event_sync(); 1716 } 1717 1718 static void reset_keys(VncState *vs) 1719 { 1720 int i; 1721 for(i = 0; i < 256; i++) { 1722 if (vs->modifiers_state[i]) { 1723 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1724 vs->modifiers_state[i] = 0; 1725 } 1726 } 1727 } 1728 1729 static void press_key(VncState *vs, int keysym) 1730 { 1731 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1732 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1733 qemu_input_event_send_key_delay(0); 1734 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1735 qemu_input_event_send_key_delay(0); 1736 } 1737 1738 static int current_led_state(VncState *vs) 1739 { 1740 int ledstate = 0; 1741 1742 if (vs->modifiers_state[0x46]) { 1743 ledstate |= QEMU_SCROLL_LOCK_LED; 1744 } 1745 if (vs->modifiers_state[0x45]) { 1746 ledstate |= QEMU_NUM_LOCK_LED; 1747 } 1748 if (vs->modifiers_state[0x3a]) { 1749 ledstate |= QEMU_CAPS_LOCK_LED; 1750 } 1751 1752 return ledstate; 1753 } 1754 1755 static void vnc_led_state_change(VncState *vs) 1756 { 1757 int ledstate = 0; 1758 1759 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1760 return; 1761 } 1762 1763 ledstate = current_led_state(vs); 1764 vnc_lock_output(vs); 1765 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1766 vnc_write_u8(vs, 0); 1767 vnc_write_u16(vs, 1); 1768 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1769 vnc_write_u8(vs, ledstate); 1770 vnc_unlock_output(vs); 1771 vnc_flush(vs); 1772 } 1773 1774 static void kbd_leds(void *opaque, int ledstate) 1775 { 1776 VncState *vs = opaque; 1777 int caps, num, scr; 1778 bool has_changed = (ledstate != current_led_state(vs)); 1779 1780 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1781 (ledstate & QEMU_NUM_LOCK_LED), 1782 (ledstate & QEMU_SCROLL_LOCK_LED)); 1783 1784 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1785 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1786 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1787 1788 if (vs->modifiers_state[0x3a] != caps) { 1789 vs->modifiers_state[0x3a] = caps; 1790 } 1791 if (vs->modifiers_state[0x45] != num) { 1792 vs->modifiers_state[0x45] = num; 1793 } 1794 if (vs->modifiers_state[0x46] != scr) { 1795 vs->modifiers_state[0x46] = scr; 1796 } 1797 1798 /* Sending the current led state message to the client */ 1799 if (has_changed) { 1800 vnc_led_state_change(vs); 1801 } 1802 } 1803 1804 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1805 { 1806 /* QEMU console switch */ 1807 switch(keycode) { 1808 case 0x2a: /* Left Shift */ 1809 case 0x36: /* Right Shift */ 1810 case 0x1d: /* Left CTRL */ 1811 case 0x9d: /* Right CTRL */ 1812 case 0x38: /* Left ALT */ 1813 case 0xb8: /* Right ALT */ 1814 if (down) 1815 vs->modifiers_state[keycode] = 1; 1816 else 1817 vs->modifiers_state[keycode] = 0; 1818 break; 1819 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1820 if (vs->vd->dcl.con == NULL && 1821 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1822 /* Reset the modifiers sent to the current console */ 1823 reset_keys(vs); 1824 console_select(keycode - 0x02); 1825 return; 1826 } 1827 break; 1828 case 0x3a: /* CapsLock */ 1829 case 0x45: /* NumLock */ 1830 if (down) 1831 vs->modifiers_state[keycode] ^= 1; 1832 break; 1833 } 1834 1835 /* Turn off the lock state sync logic if the client support the led 1836 state extension. 1837 */ 1838 if (down && vs->vd->lock_key_sync && 1839 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1840 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1841 /* If the numlock state needs to change then simulate an additional 1842 keypress before sending this one. This will happen if the user 1843 toggles numlock away from the VNC window. 1844 */ 1845 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1846 if (!vs->modifiers_state[0x45]) { 1847 trace_vnc_key_sync_numlock(true); 1848 vs->modifiers_state[0x45] = 1; 1849 press_key(vs, 0xff7f); 1850 } 1851 } else { 1852 if (vs->modifiers_state[0x45]) { 1853 trace_vnc_key_sync_numlock(false); 1854 vs->modifiers_state[0x45] = 0; 1855 press_key(vs, 0xff7f); 1856 } 1857 } 1858 } 1859 1860 if (down && vs->vd->lock_key_sync && 1861 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1862 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1863 /* If the capslock state needs to change then simulate an additional 1864 keypress before sending this one. This will happen if the user 1865 toggles capslock away from the VNC window. 1866 */ 1867 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1868 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1869 int capslock = !!(vs->modifiers_state[0x3a]); 1870 if (capslock) { 1871 if (uppercase == shift) { 1872 trace_vnc_key_sync_capslock(false); 1873 vs->modifiers_state[0x3a] = 0; 1874 press_key(vs, 0xffe5); 1875 } 1876 } else { 1877 if (uppercase != shift) { 1878 trace_vnc_key_sync_capslock(true); 1879 vs->modifiers_state[0x3a] = 1; 1880 press_key(vs, 0xffe5); 1881 } 1882 } 1883 } 1884 1885 if (qemu_console_is_graphic(NULL)) { 1886 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1887 } else { 1888 bool numlock = vs->modifiers_state[0x45]; 1889 bool control = (vs->modifiers_state[0x1d] || 1890 vs->modifiers_state[0x9d]); 1891 /* QEMU console emulation */ 1892 if (down) { 1893 switch (keycode) { 1894 case 0x2a: /* Left Shift */ 1895 case 0x36: /* Right Shift */ 1896 case 0x1d: /* Left CTRL */ 1897 case 0x9d: /* Right CTRL */ 1898 case 0x38: /* Left ALT */ 1899 case 0xb8: /* Right ALT */ 1900 break; 1901 case 0xc8: 1902 kbd_put_keysym(QEMU_KEY_UP); 1903 break; 1904 case 0xd0: 1905 kbd_put_keysym(QEMU_KEY_DOWN); 1906 break; 1907 case 0xcb: 1908 kbd_put_keysym(QEMU_KEY_LEFT); 1909 break; 1910 case 0xcd: 1911 kbd_put_keysym(QEMU_KEY_RIGHT); 1912 break; 1913 case 0xd3: 1914 kbd_put_keysym(QEMU_KEY_DELETE); 1915 break; 1916 case 0xc7: 1917 kbd_put_keysym(QEMU_KEY_HOME); 1918 break; 1919 case 0xcf: 1920 kbd_put_keysym(QEMU_KEY_END); 1921 break; 1922 case 0xc9: 1923 kbd_put_keysym(QEMU_KEY_PAGEUP); 1924 break; 1925 case 0xd1: 1926 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1927 break; 1928 1929 case 0x47: 1930 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1931 break; 1932 case 0x48: 1933 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1934 break; 1935 case 0x49: 1936 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1937 break; 1938 case 0x4b: 1939 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1940 break; 1941 case 0x4c: 1942 kbd_put_keysym('5'); 1943 break; 1944 case 0x4d: 1945 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1946 break; 1947 case 0x4f: 1948 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1949 break; 1950 case 0x50: 1951 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1952 break; 1953 case 0x51: 1954 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1955 break; 1956 case 0x52: 1957 kbd_put_keysym('0'); 1958 break; 1959 case 0x53: 1960 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1961 break; 1962 1963 case 0xb5: 1964 kbd_put_keysym('/'); 1965 break; 1966 case 0x37: 1967 kbd_put_keysym('*'); 1968 break; 1969 case 0x4a: 1970 kbd_put_keysym('-'); 1971 break; 1972 case 0x4e: 1973 kbd_put_keysym('+'); 1974 break; 1975 case 0x9c: 1976 kbd_put_keysym('\n'); 1977 break; 1978 1979 default: 1980 if (control) { 1981 kbd_put_keysym(sym & 0x1f); 1982 } else { 1983 kbd_put_keysym(sym); 1984 } 1985 break; 1986 } 1987 } 1988 } 1989 } 1990 1991 static void vnc_release_modifiers(VncState *vs) 1992 { 1993 static const int keycodes[] = { 1994 /* shift, control, alt keys, both left & right */ 1995 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1996 }; 1997 int i, keycode; 1998 1999 if (!qemu_console_is_graphic(NULL)) { 2000 return; 2001 } 2002 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 2003 keycode = keycodes[i]; 2004 if (!vs->modifiers_state[keycode]) { 2005 continue; 2006 } 2007 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 2008 } 2009 } 2010 2011 static const char *code2name(int keycode) 2012 { 2013 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 2014 } 2015 2016 static void key_event(VncState *vs, int down, uint32_t sym) 2017 { 2018 int keycode; 2019 int lsym = sym; 2020 2021 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 2022 lsym = lsym - 'A' + 'a'; 2023 } 2024 2025 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 2026 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 2027 do_key_event(vs, down, keycode, sym); 2028 } 2029 2030 static void ext_key_event(VncState *vs, int down, 2031 uint32_t sym, uint16_t keycode) 2032 { 2033 /* if the user specifies a keyboard layout, always use it */ 2034 if (keyboard_layout) { 2035 key_event(vs, down, sym); 2036 } else { 2037 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 2038 do_key_event(vs, down, keycode, sym); 2039 } 2040 } 2041 2042 static void framebuffer_update_request(VncState *vs, int incremental, 2043 int x, int y, int w, int h) 2044 { 2045 int width = pixman_image_get_width(vs->vd->server); 2046 int height = pixman_image_get_height(vs->vd->server); 2047 2048 vs->need_update = 1; 2049 2050 if (incremental) { 2051 return; 2052 } 2053 2054 vs->force_update = 1; 2055 vnc_set_area_dirty(vs->dirty, width, height, x, y, w, h); 2056 } 2057 2058 static void send_ext_key_event_ack(VncState *vs) 2059 { 2060 vnc_lock_output(vs); 2061 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2062 vnc_write_u8(vs, 0); 2063 vnc_write_u16(vs, 1); 2064 vnc_framebuffer_update(vs, 0, 0, 2065 pixman_image_get_width(vs->vd->server), 2066 pixman_image_get_height(vs->vd->server), 2067 VNC_ENCODING_EXT_KEY_EVENT); 2068 vnc_unlock_output(vs); 2069 vnc_flush(vs); 2070 } 2071 2072 static void send_ext_audio_ack(VncState *vs) 2073 { 2074 vnc_lock_output(vs); 2075 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2076 vnc_write_u8(vs, 0); 2077 vnc_write_u16(vs, 1); 2078 vnc_framebuffer_update(vs, 0, 0, 2079 pixman_image_get_width(vs->vd->server), 2080 pixman_image_get_height(vs->vd->server), 2081 VNC_ENCODING_AUDIO); 2082 vnc_unlock_output(vs); 2083 vnc_flush(vs); 2084 } 2085 2086 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2087 { 2088 int i; 2089 unsigned int enc = 0; 2090 2091 vs->features = 0; 2092 vs->vnc_encoding = 0; 2093 vs->tight.compression = 9; 2094 vs->tight.quality = -1; /* Lossless by default */ 2095 vs->absolute = -1; 2096 2097 /* 2098 * Start from the end because the encodings are sent in order of preference. 2099 * This way the preferred encoding (first encoding defined in the array) 2100 * will be set at the end of the loop. 2101 */ 2102 for (i = n_encodings - 1; i >= 0; i--) { 2103 enc = encodings[i]; 2104 switch (enc) { 2105 case VNC_ENCODING_RAW: 2106 vs->vnc_encoding = enc; 2107 break; 2108 case VNC_ENCODING_COPYRECT: 2109 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2110 break; 2111 case VNC_ENCODING_HEXTILE: 2112 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2113 vs->vnc_encoding = enc; 2114 break; 2115 case VNC_ENCODING_TIGHT: 2116 vs->features |= VNC_FEATURE_TIGHT_MASK; 2117 vs->vnc_encoding = enc; 2118 break; 2119 #ifdef CONFIG_VNC_PNG 2120 case VNC_ENCODING_TIGHT_PNG: 2121 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2122 vs->vnc_encoding = enc; 2123 break; 2124 #endif 2125 case VNC_ENCODING_ZLIB: 2126 vs->features |= VNC_FEATURE_ZLIB_MASK; 2127 vs->vnc_encoding = enc; 2128 break; 2129 case VNC_ENCODING_ZRLE: 2130 vs->features |= VNC_FEATURE_ZRLE_MASK; 2131 vs->vnc_encoding = enc; 2132 break; 2133 case VNC_ENCODING_ZYWRLE: 2134 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2135 vs->vnc_encoding = enc; 2136 break; 2137 case VNC_ENCODING_DESKTOPRESIZE: 2138 vs->features |= VNC_FEATURE_RESIZE_MASK; 2139 break; 2140 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2141 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2142 break; 2143 case VNC_ENCODING_RICH_CURSOR: 2144 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2145 break; 2146 case VNC_ENCODING_EXT_KEY_EVENT: 2147 send_ext_key_event_ack(vs); 2148 break; 2149 case VNC_ENCODING_AUDIO: 2150 send_ext_audio_ack(vs); 2151 break; 2152 case VNC_ENCODING_WMVi: 2153 vs->features |= VNC_FEATURE_WMVI_MASK; 2154 break; 2155 case VNC_ENCODING_LED_STATE: 2156 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2157 break; 2158 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2159 vs->tight.compression = (enc & 0x0F); 2160 break; 2161 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2162 if (vs->vd->lossy) { 2163 vs->tight.quality = (enc & 0x0F); 2164 } 2165 break; 2166 default: 2167 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2168 break; 2169 } 2170 } 2171 vnc_desktop_resize(vs); 2172 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2173 vnc_led_state_change(vs); 2174 } 2175 2176 static void set_pixel_conversion(VncState *vs) 2177 { 2178 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2179 2180 if (fmt == VNC_SERVER_FB_FORMAT) { 2181 vs->write_pixels = vnc_write_pixels_copy; 2182 vnc_hextile_set_pixel_conversion(vs, 0); 2183 } else { 2184 vs->write_pixels = vnc_write_pixels_generic; 2185 vnc_hextile_set_pixel_conversion(vs, 1); 2186 } 2187 } 2188 2189 static void set_pixel_format(VncState *vs, 2190 int bits_per_pixel, int depth, 2191 int big_endian_flag, int true_color_flag, 2192 int red_max, int green_max, int blue_max, 2193 int red_shift, int green_shift, int blue_shift) 2194 { 2195 if (!true_color_flag) { 2196 vnc_client_error(vs); 2197 return; 2198 } 2199 2200 switch (bits_per_pixel) { 2201 case 8: 2202 case 16: 2203 case 32: 2204 break; 2205 default: 2206 vnc_client_error(vs); 2207 return; 2208 } 2209 2210 vs->client_pf.rmax = red_max; 2211 vs->client_pf.rbits = hweight_long(red_max); 2212 vs->client_pf.rshift = red_shift; 2213 vs->client_pf.rmask = red_max << red_shift; 2214 vs->client_pf.gmax = green_max; 2215 vs->client_pf.gbits = hweight_long(green_max); 2216 vs->client_pf.gshift = green_shift; 2217 vs->client_pf.gmask = green_max << green_shift; 2218 vs->client_pf.bmax = blue_max; 2219 vs->client_pf.bbits = hweight_long(blue_max); 2220 vs->client_pf.bshift = blue_shift; 2221 vs->client_pf.bmask = blue_max << blue_shift; 2222 vs->client_pf.bits_per_pixel = bits_per_pixel; 2223 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2224 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2225 vs->client_be = big_endian_flag; 2226 2227 set_pixel_conversion(vs); 2228 2229 graphic_hw_invalidate(vs->vd->dcl.con); 2230 graphic_hw_update(vs->vd->dcl.con); 2231 } 2232 2233 static void pixel_format_message (VncState *vs) { 2234 char pad[3] = { 0, 0, 0 }; 2235 2236 vs->client_pf = qemu_default_pixelformat(32); 2237 2238 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2239 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2240 2241 #ifdef HOST_WORDS_BIGENDIAN 2242 vnc_write_u8(vs, 1); /* big-endian-flag */ 2243 #else 2244 vnc_write_u8(vs, 0); /* big-endian-flag */ 2245 #endif 2246 vnc_write_u8(vs, 1); /* true-color-flag */ 2247 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2248 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2249 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2250 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2251 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2252 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2253 vnc_write(vs, pad, 3); /* padding */ 2254 2255 vnc_hextile_set_pixel_conversion(vs, 0); 2256 vs->write_pixels = vnc_write_pixels_copy; 2257 } 2258 2259 static void vnc_colordepth(VncState *vs) 2260 { 2261 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2262 /* Sending a WMVi message to notify the client*/ 2263 vnc_lock_output(vs); 2264 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2265 vnc_write_u8(vs, 0); 2266 vnc_write_u16(vs, 1); /* number of rects */ 2267 vnc_framebuffer_update(vs, 0, 0, 2268 pixman_image_get_width(vs->vd->server), 2269 pixman_image_get_height(vs->vd->server), 2270 VNC_ENCODING_WMVi); 2271 pixel_format_message(vs); 2272 vnc_unlock_output(vs); 2273 vnc_flush(vs); 2274 } else { 2275 set_pixel_conversion(vs); 2276 } 2277 } 2278 2279 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2280 { 2281 int i; 2282 uint16_t limit; 2283 VncDisplay *vd = vs->vd; 2284 2285 if (data[0] > 3) { 2286 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2287 } 2288 2289 switch (data[0]) { 2290 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2291 if (len == 1) 2292 return 20; 2293 2294 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2295 read_u8(data, 6), read_u8(data, 7), 2296 read_u16(data, 8), read_u16(data, 10), 2297 read_u16(data, 12), read_u8(data, 14), 2298 read_u8(data, 15), read_u8(data, 16)); 2299 break; 2300 case VNC_MSG_CLIENT_SET_ENCODINGS: 2301 if (len == 1) 2302 return 4; 2303 2304 if (len == 4) { 2305 limit = read_u16(data, 2); 2306 if (limit > 0) 2307 return 4 + (limit * 4); 2308 } else 2309 limit = read_u16(data, 2); 2310 2311 for (i = 0; i < limit; i++) { 2312 int32_t val = read_s32(data, 4 + (i * 4)); 2313 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2314 } 2315 2316 set_encodings(vs, (int32_t *)(data + 4), limit); 2317 break; 2318 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2319 if (len == 1) 2320 return 10; 2321 2322 framebuffer_update_request(vs, 2323 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2324 read_u16(data, 6), read_u16(data, 8)); 2325 break; 2326 case VNC_MSG_CLIENT_KEY_EVENT: 2327 if (len == 1) 2328 return 8; 2329 2330 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2331 break; 2332 case VNC_MSG_CLIENT_POINTER_EVENT: 2333 if (len == 1) 2334 return 6; 2335 2336 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2337 break; 2338 case VNC_MSG_CLIENT_CUT_TEXT: 2339 if (len == 1) { 2340 return 8; 2341 } 2342 if (len == 8) { 2343 uint32_t dlen = read_u32(data, 4); 2344 if (dlen > (1 << 20)) { 2345 error_report("vnc: client_cut_text msg payload has %u bytes" 2346 " which exceeds our limit of 1MB.", dlen); 2347 vnc_client_error(vs); 2348 break; 2349 } 2350 if (dlen > 0) { 2351 return 8 + dlen; 2352 } 2353 } 2354 2355 client_cut_text(vs, read_u32(data, 4), data + 8); 2356 break; 2357 case VNC_MSG_CLIENT_QEMU: 2358 if (len == 1) 2359 return 2; 2360 2361 switch (read_u8(data, 1)) { 2362 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2363 if (len == 2) 2364 return 12; 2365 2366 ext_key_event(vs, read_u16(data, 2), 2367 read_u32(data, 4), read_u32(data, 8)); 2368 break; 2369 case VNC_MSG_CLIENT_QEMU_AUDIO: 2370 if (len == 2) 2371 return 4; 2372 2373 switch (read_u16 (data, 2)) { 2374 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2375 audio_add(vs); 2376 break; 2377 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2378 audio_del(vs); 2379 break; 2380 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2381 if (len == 4) 2382 return 10; 2383 switch (read_u8(data, 4)) { 2384 case 0: vs->as.fmt = AUD_FMT_U8; break; 2385 case 1: vs->as.fmt = AUD_FMT_S8; break; 2386 case 2: vs->as.fmt = AUD_FMT_U16; break; 2387 case 3: vs->as.fmt = AUD_FMT_S16; break; 2388 case 4: vs->as.fmt = AUD_FMT_U32; break; 2389 case 5: vs->as.fmt = AUD_FMT_S32; break; 2390 default: 2391 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2392 vnc_client_error(vs); 2393 break; 2394 } 2395 vs->as.nchannels = read_u8(data, 5); 2396 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2397 VNC_DEBUG("Invalid audio channel coount %d\n", 2398 read_u8(data, 5)); 2399 vnc_client_error(vs); 2400 break; 2401 } 2402 vs->as.freq = read_u32(data, 6); 2403 break; 2404 default: 2405 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2406 vnc_client_error(vs); 2407 break; 2408 } 2409 break; 2410 2411 default: 2412 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2413 vnc_client_error(vs); 2414 break; 2415 } 2416 break; 2417 default: 2418 VNC_DEBUG("Msg: %d\n", data[0]); 2419 vnc_client_error(vs); 2420 break; 2421 } 2422 2423 vnc_read_when(vs, protocol_client_msg, 1); 2424 return 0; 2425 } 2426 2427 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2428 { 2429 char buf[1024]; 2430 VncShareMode mode; 2431 int size; 2432 2433 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2434 switch (vs->vd->share_policy) { 2435 case VNC_SHARE_POLICY_IGNORE: 2436 /* 2437 * Ignore the shared flag. Nothing to do here. 2438 * 2439 * Doesn't conform to the rfb spec but is traditional qemu 2440 * behavior, thus left here as option for compatibility 2441 * reasons. 2442 */ 2443 break; 2444 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2445 /* 2446 * Policy: Allow clients ask for exclusive access. 2447 * 2448 * Implementation: When a client asks for exclusive access, 2449 * disconnect all others. Shared connects are allowed as long 2450 * as no exclusive connection exists. 2451 * 2452 * This is how the rfb spec suggests to handle the shared flag. 2453 */ 2454 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2455 VncState *client; 2456 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2457 if (vs == client) { 2458 continue; 2459 } 2460 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2461 client->share_mode != VNC_SHARE_MODE_SHARED) { 2462 continue; 2463 } 2464 vnc_disconnect_start(client); 2465 } 2466 } 2467 if (mode == VNC_SHARE_MODE_SHARED) { 2468 if (vs->vd->num_exclusive > 0) { 2469 vnc_disconnect_start(vs); 2470 return 0; 2471 } 2472 } 2473 break; 2474 case VNC_SHARE_POLICY_FORCE_SHARED: 2475 /* 2476 * Policy: Shared connects only. 2477 * Implementation: Disallow clients asking for exclusive access. 2478 * 2479 * Useful for shared desktop sessions where you don't want 2480 * someone forgetting to say -shared when running the vnc 2481 * client disconnect everybody else. 2482 */ 2483 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2484 vnc_disconnect_start(vs); 2485 return 0; 2486 } 2487 break; 2488 } 2489 vnc_set_share_mode(vs, mode); 2490 2491 if (vs->vd->num_shared > vs->vd->connections_limit) { 2492 vnc_disconnect_start(vs); 2493 return 0; 2494 } 2495 2496 vs->client_width = pixman_image_get_width(vs->vd->server); 2497 vs->client_height = pixman_image_get_height(vs->vd->server); 2498 vnc_write_u16(vs, vs->client_width); 2499 vnc_write_u16(vs, vs->client_height); 2500 2501 pixel_format_message(vs); 2502 2503 if (qemu_name) 2504 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2505 else 2506 size = snprintf(buf, sizeof(buf), "QEMU"); 2507 2508 vnc_write_u32(vs, size); 2509 vnc_write(vs, buf, size); 2510 vnc_flush(vs); 2511 2512 vnc_client_cache_auth(vs); 2513 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2514 2515 vnc_read_when(vs, protocol_client_msg, 1); 2516 2517 return 0; 2518 } 2519 2520 void start_client_init(VncState *vs) 2521 { 2522 vnc_read_when(vs, protocol_client_init, 1); 2523 } 2524 2525 static void make_challenge(VncState *vs) 2526 { 2527 int i; 2528 2529 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2530 2531 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2532 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2533 } 2534 2535 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2536 { 2537 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2538 int i, j, pwlen; 2539 unsigned char key[8]; 2540 time_t now = time(NULL); 2541 2542 if (!vs->vd->password) { 2543 VNC_DEBUG("No password configured on server"); 2544 goto reject; 2545 } 2546 if (vs->vd->expires < now) { 2547 VNC_DEBUG("Password is expired"); 2548 goto reject; 2549 } 2550 2551 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2552 2553 /* Calculate the expected challenge response */ 2554 pwlen = strlen(vs->vd->password); 2555 for (i=0; i<sizeof(key); i++) 2556 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2557 deskey(key, EN0); 2558 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2559 des(response+j, response+j); 2560 2561 /* Compare expected vs actual challenge response */ 2562 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2563 VNC_DEBUG("Client challenge response did not match\n"); 2564 goto reject; 2565 } else { 2566 VNC_DEBUG("Accepting VNC challenge response\n"); 2567 vnc_write_u32(vs, 0); /* Accept auth */ 2568 vnc_flush(vs); 2569 2570 start_client_init(vs); 2571 } 2572 return 0; 2573 2574 reject: 2575 vnc_write_u32(vs, 1); /* Reject auth */ 2576 if (vs->minor >= 8) { 2577 static const char err[] = "Authentication failed"; 2578 vnc_write_u32(vs, sizeof(err)); 2579 vnc_write(vs, err, sizeof(err)); 2580 } 2581 vnc_flush(vs); 2582 vnc_client_error(vs); 2583 return 0; 2584 } 2585 2586 void start_auth_vnc(VncState *vs) 2587 { 2588 make_challenge(vs); 2589 /* Send client a 'random' challenge */ 2590 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2591 vnc_flush(vs); 2592 2593 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2594 } 2595 2596 2597 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2598 { 2599 /* We only advertise 1 auth scheme at a time, so client 2600 * must pick the one we sent. Verify this */ 2601 if (data[0] != vs->auth) { /* Reject auth */ 2602 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2603 vnc_write_u32(vs, 1); 2604 if (vs->minor >= 8) { 2605 static const char err[] = "Authentication failed"; 2606 vnc_write_u32(vs, sizeof(err)); 2607 vnc_write(vs, err, sizeof(err)); 2608 } 2609 vnc_client_error(vs); 2610 } else { /* Accept requested auth */ 2611 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2612 switch (vs->auth) { 2613 case VNC_AUTH_NONE: 2614 VNC_DEBUG("Accept auth none\n"); 2615 if (vs->minor >= 8) { 2616 vnc_write_u32(vs, 0); /* Accept auth completion */ 2617 vnc_flush(vs); 2618 } 2619 start_client_init(vs); 2620 break; 2621 2622 case VNC_AUTH_VNC: 2623 VNC_DEBUG("Start VNC auth\n"); 2624 start_auth_vnc(vs); 2625 break; 2626 2627 #ifdef CONFIG_VNC_TLS 2628 case VNC_AUTH_VENCRYPT: 2629 VNC_DEBUG("Accept VeNCrypt auth\n"); 2630 start_auth_vencrypt(vs); 2631 break; 2632 #endif /* CONFIG_VNC_TLS */ 2633 2634 #ifdef CONFIG_VNC_SASL 2635 case VNC_AUTH_SASL: 2636 VNC_DEBUG("Accept SASL auth\n"); 2637 start_auth_sasl(vs); 2638 break; 2639 #endif /* CONFIG_VNC_SASL */ 2640 2641 default: /* Should not be possible, but just in case */ 2642 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2643 vnc_write_u8(vs, 1); 2644 if (vs->minor >= 8) { 2645 static const char err[] = "Authentication failed"; 2646 vnc_write_u32(vs, sizeof(err)); 2647 vnc_write(vs, err, sizeof(err)); 2648 } 2649 vnc_client_error(vs); 2650 } 2651 } 2652 return 0; 2653 } 2654 2655 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2656 { 2657 char local[13]; 2658 2659 memcpy(local, version, 12); 2660 local[12] = 0; 2661 2662 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2663 VNC_DEBUG("Malformed protocol version %s\n", local); 2664 vnc_client_error(vs); 2665 return 0; 2666 } 2667 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2668 if (vs->major != 3 || 2669 (vs->minor != 3 && 2670 vs->minor != 4 && 2671 vs->minor != 5 && 2672 vs->minor != 7 && 2673 vs->minor != 8)) { 2674 VNC_DEBUG("Unsupported client version\n"); 2675 vnc_write_u32(vs, VNC_AUTH_INVALID); 2676 vnc_flush(vs); 2677 vnc_client_error(vs); 2678 return 0; 2679 } 2680 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2681 * as equivalent to v3.3 by servers 2682 */ 2683 if (vs->minor == 4 || vs->minor == 5) 2684 vs->minor = 3; 2685 2686 if (vs->minor == 3) { 2687 if (vs->auth == VNC_AUTH_NONE) { 2688 VNC_DEBUG("Tell client auth none\n"); 2689 vnc_write_u32(vs, vs->auth); 2690 vnc_flush(vs); 2691 start_client_init(vs); 2692 } else if (vs->auth == VNC_AUTH_VNC) { 2693 VNC_DEBUG("Tell client VNC auth\n"); 2694 vnc_write_u32(vs, vs->auth); 2695 vnc_flush(vs); 2696 start_auth_vnc(vs); 2697 } else { 2698 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2699 vnc_write_u32(vs, VNC_AUTH_INVALID); 2700 vnc_flush(vs); 2701 vnc_client_error(vs); 2702 } 2703 } else { 2704 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2705 vnc_write_u8(vs, 1); /* num auth */ 2706 vnc_write_u8(vs, vs->auth); 2707 vnc_read_when(vs, protocol_client_auth, 1); 2708 vnc_flush(vs); 2709 } 2710 2711 return 0; 2712 } 2713 2714 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2715 { 2716 struct VncSurface *vs = &vd->guest; 2717 2718 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2719 } 2720 2721 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2722 { 2723 int i, j; 2724 2725 w = (x + w) / VNC_STAT_RECT; 2726 h = (y + h) / VNC_STAT_RECT; 2727 x /= VNC_STAT_RECT; 2728 y /= VNC_STAT_RECT; 2729 2730 for (j = y; j <= h; j++) { 2731 for (i = x; i <= w; i++) { 2732 vs->lossy_rect[j][i] = 1; 2733 } 2734 } 2735 } 2736 2737 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2738 { 2739 VncState *vs; 2740 int sty = y / VNC_STAT_RECT; 2741 int stx = x / VNC_STAT_RECT; 2742 int has_dirty = 0; 2743 2744 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2745 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2746 2747 QTAILQ_FOREACH(vs, &vd->clients, next) { 2748 int j; 2749 2750 /* kernel send buffers are full -> refresh later */ 2751 if (vs->output.offset) { 2752 continue; 2753 } 2754 2755 if (!vs->lossy_rect[sty][stx]) { 2756 continue; 2757 } 2758 2759 vs->lossy_rect[sty][stx] = 0; 2760 for (j = 0; j < VNC_STAT_RECT; ++j) { 2761 bitmap_set(vs->dirty[y + j], 2762 x / VNC_DIRTY_PIXELS_PER_BIT, 2763 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2764 } 2765 has_dirty++; 2766 } 2767 2768 return has_dirty; 2769 } 2770 2771 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2772 { 2773 int width = pixman_image_get_width(vd->guest.fb); 2774 int height = pixman_image_get_height(vd->guest.fb); 2775 int x, y; 2776 struct timeval res; 2777 int has_dirty = 0; 2778 2779 for (y = 0; y < height; y += VNC_STAT_RECT) { 2780 for (x = 0; x < width; x += VNC_STAT_RECT) { 2781 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2782 2783 rect->updated = false; 2784 } 2785 } 2786 2787 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2788 2789 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2790 return has_dirty; 2791 } 2792 vd->guest.last_freq_check = *tv; 2793 2794 for (y = 0; y < height; y += VNC_STAT_RECT) { 2795 for (x = 0; x < width; x += VNC_STAT_RECT) { 2796 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2797 int count = ARRAY_SIZE(rect->times); 2798 struct timeval min, max; 2799 2800 if (!timerisset(&rect->times[count - 1])) { 2801 continue ; 2802 } 2803 2804 max = rect->times[(rect->idx + count - 1) % count]; 2805 qemu_timersub(tv, &max, &res); 2806 2807 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2808 rect->freq = 0; 2809 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2810 memset(rect->times, 0, sizeof (rect->times)); 2811 continue ; 2812 } 2813 2814 min = rect->times[rect->idx]; 2815 max = rect->times[(rect->idx + count - 1) % count]; 2816 qemu_timersub(&max, &min, &res); 2817 2818 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2819 rect->freq /= count; 2820 rect->freq = 1. / rect->freq; 2821 } 2822 } 2823 return has_dirty; 2824 } 2825 2826 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2827 { 2828 int i, j; 2829 double total = 0; 2830 int num = 0; 2831 2832 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2833 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2834 2835 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2836 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2837 total += vnc_stat_rect(vs->vd, i, j)->freq; 2838 num++; 2839 } 2840 } 2841 2842 if (num) { 2843 return total / num; 2844 } else { 2845 return 0; 2846 } 2847 } 2848 2849 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2850 { 2851 VncRectStat *rect; 2852 2853 rect = vnc_stat_rect(vd, x, y); 2854 if (rect->updated) { 2855 return ; 2856 } 2857 rect->times[rect->idx] = *tv; 2858 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2859 rect->updated = true; 2860 } 2861 2862 static int vnc_refresh_server_surface(VncDisplay *vd) 2863 { 2864 int width = MIN(pixman_image_get_width(vd->guest.fb), 2865 pixman_image_get_width(vd->server)); 2866 int height = MIN(pixman_image_get_height(vd->guest.fb), 2867 pixman_image_get_height(vd->server)); 2868 int cmp_bytes, server_stride, min_stride, guest_stride, y = 0; 2869 uint8_t *guest_row0 = NULL, *server_row0; 2870 VncState *vs; 2871 int has_dirty = 0; 2872 pixman_image_t *tmpbuf = NULL; 2873 2874 struct timeval tv = { 0, 0 }; 2875 2876 if (!vd->non_adaptive) { 2877 gettimeofday(&tv, NULL); 2878 has_dirty = vnc_update_stats(vd, &tv); 2879 } 2880 2881 /* 2882 * Walk through the guest dirty map. 2883 * Check and copy modified bits from guest to server surface. 2884 * Update server dirty map. 2885 */ 2886 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2887 server_stride = guest_stride = pixman_image_get_stride(vd->server); 2888 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2889 server_stride); 2890 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2891 int width = pixman_image_get_width(vd->server); 2892 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2893 } else { 2894 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2895 guest_stride = pixman_image_get_stride(vd->guest.fb); 2896 } 2897 min_stride = MIN(server_stride, guest_stride); 2898 2899 for (;;) { 2900 int x; 2901 uint8_t *guest_ptr, *server_ptr; 2902 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2903 height * VNC_DIRTY_BPL(&vd->guest), 2904 y * VNC_DIRTY_BPL(&vd->guest)); 2905 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2906 /* no more dirty bits */ 2907 break; 2908 } 2909 y = offset / VNC_DIRTY_BPL(&vd->guest); 2910 x = offset % VNC_DIRTY_BPL(&vd->guest); 2911 2912 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2913 2914 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2915 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2916 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2917 } else { 2918 guest_ptr = guest_row0 + y * guest_stride; 2919 } 2920 guest_ptr += x * cmp_bytes; 2921 2922 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2923 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2924 int _cmp_bytes = cmp_bytes; 2925 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2926 continue; 2927 } 2928 if ((x + 1) * cmp_bytes > min_stride) { 2929 _cmp_bytes = min_stride - x * cmp_bytes; 2930 } 2931 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2932 continue; 2933 } 2934 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2935 if (!vd->non_adaptive) { 2936 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2937 y, &tv); 2938 } 2939 QTAILQ_FOREACH(vs, &vd->clients, next) { 2940 set_bit(x, vs->dirty[y]); 2941 } 2942 has_dirty++; 2943 } 2944 2945 y++; 2946 } 2947 qemu_pixman_image_unref(tmpbuf); 2948 return has_dirty; 2949 } 2950 2951 static void vnc_refresh(DisplayChangeListener *dcl) 2952 { 2953 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2954 VncState *vs, *vn; 2955 int has_dirty, rects = 0; 2956 2957 if (QTAILQ_EMPTY(&vd->clients)) { 2958 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2959 return; 2960 } 2961 2962 graphic_hw_update(vd->dcl.con); 2963 2964 if (vnc_trylock_display(vd)) { 2965 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2966 return; 2967 } 2968 2969 has_dirty = vnc_refresh_server_surface(vd); 2970 vnc_unlock_display(vd); 2971 2972 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2973 rects += vnc_update_client(vs, has_dirty, false); 2974 /* vs might be free()ed here */ 2975 } 2976 2977 if (has_dirty && rects) { 2978 vd->dcl.update_interval /= 2; 2979 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2980 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2981 } 2982 } else { 2983 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2984 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2985 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2986 } 2987 } 2988 } 2989 2990 static void vnc_connect(VncDisplay *vd, int csock, 2991 bool skipauth, bool websocket) 2992 { 2993 VncState *vs = g_malloc0(sizeof(VncState)); 2994 int i; 2995 2996 vs->csock = csock; 2997 vs->vd = vd; 2998 2999 if (skipauth) { 3000 vs->auth = VNC_AUTH_NONE; 3001 vs->subauth = VNC_AUTH_INVALID; 3002 } else { 3003 if (websocket) { 3004 vs->auth = vd->ws_auth; 3005 vs->subauth = VNC_AUTH_INVALID; 3006 } else { 3007 vs->auth = vd->auth; 3008 vs->subauth = vd->subauth; 3009 } 3010 } 3011 VNC_DEBUG("Client sock=%d ws=%d auth=%d subauth=%d\n", 3012 csock, websocket, vs->auth, vs->subauth); 3013 3014 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 3015 for (i = 0; i < VNC_STAT_ROWS; ++i) { 3016 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 3017 } 3018 3019 VNC_DEBUG("New client on socket %d\n", csock); 3020 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3021 qemu_set_nonblock(vs->csock); 3022 #ifdef CONFIG_VNC_WS 3023 if (websocket) { 3024 vs->websocket = 1; 3025 #ifdef CONFIG_VNC_TLS 3026 if (vd->ws_tls) { 3027 qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io, NULL, vs); 3028 } else 3029 #endif /* CONFIG_VNC_TLS */ 3030 { 3031 qemu_set_fd_handler(vs->csock, vncws_handshake_read, NULL, vs); 3032 } 3033 } else 3034 #endif /* CONFIG_VNC_WS */ 3035 { 3036 qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); 3037 } 3038 3039 vnc_client_cache_addr(vs); 3040 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3041 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3042 3043 #ifdef CONFIG_VNC_WS 3044 if (!vs->websocket) 3045 #endif 3046 { 3047 vnc_init_state(vs); 3048 } 3049 3050 if (vd->num_connecting > vd->connections_limit) { 3051 QTAILQ_FOREACH(vs, &vd->clients, next) { 3052 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3053 vnc_disconnect_start(vs); 3054 return; 3055 } 3056 } 3057 } 3058 } 3059 3060 void vnc_init_state(VncState *vs) 3061 { 3062 vs->initialized = true; 3063 VncDisplay *vd = vs->vd; 3064 3065 vs->last_x = -1; 3066 vs->last_y = -1; 3067 3068 vs->as.freq = 44100; 3069 vs->as.nchannels = 2; 3070 vs->as.fmt = AUD_FMT_S16; 3071 vs->as.endianness = 0; 3072 3073 qemu_mutex_init(&vs->output_mutex); 3074 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3075 3076 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3077 3078 graphic_hw_update(vd->dcl.con); 3079 3080 vnc_write(vs, "RFB 003.008\n", 12); 3081 vnc_flush(vs); 3082 vnc_read_when(vs, protocol_version, 12); 3083 reset_keys(vs); 3084 if (vs->vd->lock_key_sync) 3085 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 3086 3087 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3088 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3089 3090 /* vs might be free()ed here */ 3091 } 3092 3093 static void vnc_listen_read(void *opaque, bool websocket) 3094 { 3095 VncDisplay *vs = opaque; 3096 struct sockaddr_in addr; 3097 socklen_t addrlen = sizeof(addr); 3098 int csock; 3099 3100 /* Catch-up */ 3101 graphic_hw_update(vs->dcl.con); 3102 #ifdef CONFIG_VNC_WS 3103 if (websocket) { 3104 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 3105 } else 3106 #endif /* CONFIG_VNC_WS */ 3107 { 3108 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 3109 } 3110 3111 if (csock != -1) { 3112 socket_set_nodelay(csock); 3113 vnc_connect(vs, csock, false, websocket); 3114 } 3115 } 3116 3117 static void vnc_listen_regular_read(void *opaque) 3118 { 3119 vnc_listen_read(opaque, false); 3120 } 3121 3122 #ifdef CONFIG_VNC_WS 3123 static void vnc_listen_websocket_read(void *opaque) 3124 { 3125 vnc_listen_read(opaque, true); 3126 } 3127 #endif /* CONFIG_VNC_WS */ 3128 3129 static const DisplayChangeListenerOps dcl_ops = { 3130 .dpy_name = "vnc", 3131 .dpy_refresh = vnc_refresh, 3132 .dpy_gfx_copy = vnc_dpy_copy, 3133 .dpy_gfx_update = vnc_dpy_update, 3134 .dpy_gfx_switch = vnc_dpy_switch, 3135 .dpy_gfx_check_format = qemu_pixman_check_format, 3136 .dpy_mouse_set = vnc_mouse_set, 3137 .dpy_cursor_define = vnc_dpy_cursor_define, 3138 }; 3139 3140 void vnc_display_init(const char *id) 3141 { 3142 VncDisplay *vs; 3143 3144 if (vnc_display_find(id) != NULL) { 3145 return; 3146 } 3147 vs = g_malloc0(sizeof(*vs)); 3148 3149 vs->id = strdup(id); 3150 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next); 3151 3152 vs->lsock = -1; 3153 #ifdef CONFIG_VNC_WS 3154 vs->lwebsock = -1; 3155 #endif 3156 3157 QTAILQ_INIT(&vs->clients); 3158 vs->expires = TIME_MAX; 3159 3160 if (keyboard_layout) { 3161 trace_vnc_key_map_init(keyboard_layout); 3162 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 3163 } else { 3164 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 3165 } 3166 3167 if (!vs->kbd_layout) 3168 exit(1); 3169 3170 qemu_mutex_init(&vs->mutex); 3171 vnc_start_worker_thread(); 3172 3173 vs->dcl.ops = &dcl_ops; 3174 register_displaychangelistener(&vs->dcl); 3175 } 3176 3177 3178 static void vnc_display_close(VncDisplay *vs) 3179 { 3180 if (!vs) 3181 return; 3182 vs->enabled = false; 3183 vs->is_unix = false; 3184 if (vs->lsock != -1) { 3185 qemu_set_fd_handler(vs->lsock, NULL, NULL, NULL); 3186 close(vs->lsock); 3187 vs->lsock = -1; 3188 } 3189 #ifdef CONFIG_VNC_WS 3190 vs->ws_enabled = false; 3191 if (vs->lwebsock != -1) { 3192 qemu_set_fd_handler(vs->lwebsock, NULL, NULL, NULL); 3193 close(vs->lwebsock); 3194 vs->lwebsock = -1; 3195 } 3196 #endif /* CONFIG_VNC_WS */ 3197 vs->auth = VNC_AUTH_INVALID; 3198 vs->subauth = VNC_AUTH_INVALID; 3199 #ifdef CONFIG_VNC_TLS 3200 vs->tls.x509verify = 0; 3201 #endif 3202 } 3203 3204 int vnc_display_password(const char *id, const char *password) 3205 { 3206 VncDisplay *vs = vnc_display_find(id); 3207 3208 if (!vs) { 3209 return -EINVAL; 3210 } 3211 if (vs->auth == VNC_AUTH_NONE) { 3212 error_printf_unless_qmp("If you want use passwords please enable " 3213 "password auth using '-vnc ${dpy},password'."); 3214 return -EINVAL; 3215 } 3216 3217 g_free(vs->password); 3218 vs->password = g_strdup(password); 3219 3220 return 0; 3221 } 3222 3223 int vnc_display_pw_expire(const char *id, time_t expires) 3224 { 3225 VncDisplay *vs = vnc_display_find(id); 3226 3227 if (!vs) { 3228 return -EINVAL; 3229 } 3230 3231 vs->expires = expires; 3232 return 0; 3233 } 3234 3235 char *vnc_display_local_addr(const char *id) 3236 { 3237 VncDisplay *vs = vnc_display_find(id); 3238 3239 assert(vs); 3240 return vnc_socket_local_addr("%s:%s", vs->lsock); 3241 } 3242 3243 static QemuOptsList qemu_vnc_opts = { 3244 .name = "vnc", 3245 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3246 .implied_opt_name = "vnc", 3247 .desc = { 3248 { 3249 .name = "vnc", 3250 .type = QEMU_OPT_STRING, 3251 },{ 3252 .name = "websocket", 3253 .type = QEMU_OPT_STRING, 3254 },{ 3255 .name = "x509", 3256 .type = QEMU_OPT_STRING, 3257 },{ 3258 .name = "share", 3259 .type = QEMU_OPT_STRING, 3260 },{ 3261 .name = "display", 3262 .type = QEMU_OPT_STRING, 3263 },{ 3264 .name = "head", 3265 .type = QEMU_OPT_NUMBER, 3266 },{ 3267 .name = "connections", 3268 .type = QEMU_OPT_NUMBER, 3269 },{ 3270 .name = "to", 3271 .type = QEMU_OPT_NUMBER, 3272 },{ 3273 .name = "ipv4", 3274 .type = QEMU_OPT_BOOL, 3275 },{ 3276 .name = "ipv6", 3277 .type = QEMU_OPT_BOOL, 3278 },{ 3279 .name = "password", 3280 .type = QEMU_OPT_BOOL, 3281 },{ 3282 .name = "reverse", 3283 .type = QEMU_OPT_BOOL, 3284 },{ 3285 .name = "lock-key-sync", 3286 .type = QEMU_OPT_BOOL, 3287 },{ 3288 .name = "sasl", 3289 .type = QEMU_OPT_BOOL, 3290 },{ 3291 .name = "tls", 3292 .type = QEMU_OPT_BOOL, 3293 },{ 3294 .name = "x509verify", 3295 .type = QEMU_OPT_STRING, 3296 },{ 3297 .name = "acl", 3298 .type = QEMU_OPT_BOOL, 3299 },{ 3300 .name = "lossy", 3301 .type = QEMU_OPT_BOOL, 3302 },{ 3303 .name = "non-adaptive", 3304 .type = QEMU_OPT_BOOL, 3305 }, 3306 { /* end of list */ } 3307 }, 3308 }; 3309 3310 3311 static void 3312 vnc_display_setup_auth(VncDisplay *vs, 3313 bool password, 3314 bool sasl, 3315 bool tls, 3316 bool x509, 3317 bool websocket) 3318 { 3319 /* 3320 * We have a choice of 3 authentication options 3321 * 3322 * 1. none 3323 * 2. vnc 3324 * 3. sasl 3325 * 3326 * The channel can be run in 2 modes 3327 * 3328 * 1. clear 3329 * 2. tls 3330 * 3331 * And TLS can use 2 types of credentials 3332 * 3333 * 1. anon 3334 * 2. x509 3335 * 3336 * We thus have 9 possible logical combinations 3337 * 3338 * 1. clear + none 3339 * 2. clear + vnc 3340 * 3. clear + sasl 3341 * 4. tls + anon + none 3342 * 5. tls + anon + vnc 3343 * 6. tls + anon + sasl 3344 * 7. tls + x509 + none 3345 * 8. tls + x509 + vnc 3346 * 9. tls + x509 + sasl 3347 * 3348 * These need to be mapped into the VNC auth schemes 3349 * in an appropriate manner. In regular VNC, all the 3350 * TLS options get mapped into VNC_AUTH_VENCRYPT 3351 * sub-auth types. 3352 * 3353 * In websockets, the https:// protocol already provides 3354 * TLS support, so there is no need to make use of the 3355 * VeNCrypt extension. Furthermore, websockets browser 3356 * clients could not use VeNCrypt even if they wanted to, 3357 * as they cannot control when the TLS handshake takes 3358 * place. Thus there is no option but to rely on https://, 3359 * meaning combinations 4->6 and 7->9 will be mapped to 3360 * VNC auth schemes in the same way as combos 1->3. 3361 * 3362 * Regardless of fact that we have a different mapping to 3363 * VNC auth mechs for plain VNC vs websockets VNC, the end 3364 * result has the same security characteristics. 3365 */ 3366 if (password) { 3367 if (tls) { 3368 vs->auth = VNC_AUTH_VENCRYPT; 3369 if (websocket) { 3370 vs->ws_tls = true; 3371 } 3372 if (x509) { 3373 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3374 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3375 } else { 3376 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3377 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3378 } 3379 } else { 3380 VNC_DEBUG("Initializing VNC server with password auth\n"); 3381 vs->auth = VNC_AUTH_VNC; 3382 vs->subauth = VNC_AUTH_INVALID; 3383 } 3384 if (websocket) { 3385 vs->ws_auth = VNC_AUTH_VNC; 3386 } else { 3387 vs->ws_auth = VNC_AUTH_INVALID; 3388 } 3389 } else if (sasl) { 3390 if (tls) { 3391 vs->auth = VNC_AUTH_VENCRYPT; 3392 if (websocket) { 3393 vs->ws_tls = true; 3394 } 3395 if (x509) { 3396 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3397 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3398 } else { 3399 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3400 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3401 } 3402 } else { 3403 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3404 vs->auth = VNC_AUTH_SASL; 3405 vs->subauth = VNC_AUTH_INVALID; 3406 } 3407 if (websocket) { 3408 vs->ws_auth = VNC_AUTH_SASL; 3409 } else { 3410 vs->ws_auth = VNC_AUTH_INVALID; 3411 } 3412 } else { 3413 if (tls) { 3414 vs->auth = VNC_AUTH_VENCRYPT; 3415 if (websocket) { 3416 vs->ws_tls = true; 3417 } 3418 if (x509) { 3419 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3420 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3421 } else { 3422 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3423 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3424 } 3425 } else { 3426 VNC_DEBUG("Initializing VNC server with no auth\n"); 3427 vs->auth = VNC_AUTH_NONE; 3428 vs->subauth = VNC_AUTH_INVALID; 3429 } 3430 if (websocket) { 3431 vs->ws_auth = VNC_AUTH_NONE; 3432 } else { 3433 vs->ws_auth = VNC_AUTH_INVALID; 3434 } 3435 } 3436 } 3437 3438 void vnc_display_open(const char *id, Error **errp) 3439 { 3440 VncDisplay *vs = vnc_display_find(id); 3441 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3442 QemuOpts *sopts, *wsopts; 3443 const char *share, *device_id; 3444 QemuConsole *con; 3445 bool password = false; 3446 bool reverse = false; 3447 const char *vnc; 3448 const char *has_to; 3449 char *h; 3450 bool has_ipv4 = false; 3451 bool has_ipv6 = false; 3452 const char *websocket; 3453 bool tls = false, x509 = false; 3454 #ifdef CONFIG_VNC_TLS 3455 const char *path; 3456 #endif 3457 bool sasl = false; 3458 #ifdef CONFIG_VNC_SASL 3459 int saslErr; 3460 #endif 3461 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3462 int acl = 0; 3463 #endif 3464 int lock_key_sync = 1; 3465 3466 if (!vs) { 3467 error_setg(errp, "VNC display not active"); 3468 return; 3469 } 3470 vnc_display_close(vs); 3471 3472 if (!opts) { 3473 return; 3474 } 3475 vnc = qemu_opt_get(opts, "vnc"); 3476 if (!vnc || strcmp(vnc, "none") == 0) { 3477 return; 3478 } 3479 3480 sopts = qemu_opts_create(&socket_optslist, NULL, 0, &error_abort); 3481 wsopts = qemu_opts_create(&socket_optslist, NULL, 0, &error_abort); 3482 3483 h = strrchr(vnc, ':'); 3484 if (h) { 3485 char *host; 3486 size_t hlen = h - vnc; 3487 3488 if (vnc[0] == '[' && vnc[hlen - 1] == ']') { 3489 host = g_strndup(vnc + 1, hlen - 2); 3490 } else { 3491 host = g_strndup(vnc, hlen); 3492 } 3493 qemu_opt_set(sopts, "host", host, &error_abort); 3494 qemu_opt_set(wsopts, "host", host, &error_abort); 3495 qemu_opt_set(sopts, "port", h+1, &error_abort); 3496 g_free(host); 3497 } else { 3498 error_setg(errp, "no vnc port specified"); 3499 goto fail; 3500 } 3501 3502 has_to = qemu_opt_get(opts, "to"); 3503 has_ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3504 has_ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3505 if (has_to) { 3506 qemu_opt_set(sopts, "to", has_to, &error_abort); 3507 qemu_opt_set(wsopts, "to", has_to, &error_abort); 3508 } 3509 if (has_ipv4) { 3510 qemu_opt_set(sopts, "ipv4", "on", &error_abort); 3511 qemu_opt_set(wsopts, "ipv4", "on", &error_abort); 3512 } 3513 if (has_ipv6) { 3514 qemu_opt_set(sopts, "ipv6", "on", &error_abort); 3515 qemu_opt_set(wsopts, "ipv6", "on", &error_abort); 3516 } 3517 3518 password = qemu_opt_get_bool(opts, "password", false); 3519 if (password && fips_get_state()) { 3520 error_setg(errp, 3521 "VNC password auth disabled due to FIPS mode, " 3522 "consider using the VeNCrypt or SASL authentication " 3523 "methods as an alternative"); 3524 goto fail; 3525 } 3526 3527 reverse = qemu_opt_get_bool(opts, "reverse", false); 3528 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3529 sasl = qemu_opt_get_bool(opts, "sasl", false); 3530 #ifndef CONFIG_VNC_SASL 3531 if (sasl) { 3532 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3533 goto fail; 3534 } 3535 #endif /* CONFIG_VNC_SASL */ 3536 tls = qemu_opt_get_bool(opts, "tls", false); 3537 #ifdef CONFIG_VNC_TLS 3538 path = qemu_opt_get(opts, "x509"); 3539 if (!path) { 3540 path = qemu_opt_get(opts, "x509verify"); 3541 if (path) { 3542 vs->tls.x509verify = true; 3543 } 3544 } 3545 if (path) { 3546 x509 = true; 3547 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3548 error_setg(errp, "Failed to find x509 certificates/keys in %s", 3549 path); 3550 goto fail; 3551 } 3552 } 3553 #else /* ! CONFIG_VNC_TLS */ 3554 if (tls) { 3555 error_setg(errp, "VNC TLS auth requires gnutls support"); 3556 goto fail; 3557 } 3558 #endif /* ! CONFIG_VNC_TLS */ 3559 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3560 acl = qemu_opt_get_bool(opts, "acl", false); 3561 #endif 3562 3563 share = qemu_opt_get(opts, "share"); 3564 if (share) { 3565 if (strcmp(share, "ignore") == 0) { 3566 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3567 } else if (strcmp(share, "allow-exclusive") == 0) { 3568 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3569 } else if (strcmp(share, "force-shared") == 0) { 3570 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3571 } else { 3572 error_setg(errp, "unknown vnc share= option"); 3573 goto fail; 3574 } 3575 } else { 3576 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3577 } 3578 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3579 3580 websocket = qemu_opt_get(opts, "websocket"); 3581 if (websocket) { 3582 #ifdef CONFIG_VNC_WS 3583 vs->ws_enabled = true; 3584 qemu_opt_set(wsopts, "port", websocket, &error_abort); 3585 #else /* ! CONFIG_VNC_WS */ 3586 error_setg(errp, "Websockets protocol requires gnutls support"); 3587 goto fail; 3588 #endif /* ! CONFIG_VNC_WS */ 3589 } 3590 3591 #ifdef CONFIG_VNC_JPEG 3592 vs->lossy = qemu_opt_get_bool(opts, "lossy", false); 3593 #endif 3594 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3595 /* adaptive updates are only used with tight encoding and 3596 * if lossy updates are enabled so we can disable all the 3597 * calculations otherwise */ 3598 if (!vs->lossy) { 3599 vs->non_adaptive = true; 3600 } 3601 3602 #ifdef CONFIG_VNC_TLS 3603 if (acl && x509 && vs->tls.x509verify) { 3604 char *aclname; 3605 3606 if (strcmp(vs->id, "default") == 0) { 3607 aclname = g_strdup("vnc.x509dname"); 3608 } else { 3609 aclname = g_strdup_printf("vnc.%s.x509dname", vs->id); 3610 } 3611 vs->tls.acl = qemu_acl_init(aclname); 3612 g_free(aclname); 3613 } 3614 #endif 3615 #ifdef CONFIG_VNC_SASL 3616 if (acl && sasl) { 3617 char *aclname; 3618 3619 if (strcmp(vs->id, "default") == 0) { 3620 aclname = g_strdup("vnc.username"); 3621 } else { 3622 aclname = g_strdup_printf("vnc.%s.username", vs->id); 3623 } 3624 vs->sasl.acl = qemu_acl_init(aclname); 3625 g_free(aclname); 3626 } 3627 #endif 3628 3629 vnc_display_setup_auth(vs, password, sasl, tls, x509, websocket); 3630 3631 #ifdef CONFIG_VNC_SASL 3632 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3633 error_setg(errp, "Failed to initialize SASL auth: %s", 3634 sasl_errstring(saslErr, NULL, NULL)); 3635 goto fail; 3636 } 3637 #endif 3638 vs->lock_key_sync = lock_key_sync; 3639 3640 device_id = qemu_opt_get(opts, "display"); 3641 if (device_id) { 3642 DeviceState *dev; 3643 int head = qemu_opt_get_number(opts, "head", 0); 3644 3645 dev = qdev_find_recursive(sysbus_get_default(), device_id); 3646 if (dev == NULL) { 3647 error_setg(errp, "Device '%s' not found", device_id); 3648 goto fail; 3649 } 3650 3651 con = qemu_console_lookup_by_device(dev, head); 3652 if (con == NULL) { 3653 error_setg(errp, "Device %s is not bound to a QemuConsole", 3654 device_id); 3655 goto fail; 3656 } 3657 } else { 3658 con = NULL; 3659 } 3660 3661 if (con != vs->dcl.con) { 3662 unregister_displaychangelistener(&vs->dcl); 3663 vs->dcl.con = con; 3664 register_displaychangelistener(&vs->dcl); 3665 } 3666 3667 if (reverse) { 3668 /* connect to viewer */ 3669 int csock; 3670 vs->lsock = -1; 3671 #ifdef CONFIG_VNC_WS 3672 vs->lwebsock = -1; 3673 #endif 3674 if (strncmp(vnc, "unix:", 5) == 0) { 3675 csock = unix_connect(vnc+5, errp); 3676 } else { 3677 csock = inet_connect(vnc, errp); 3678 } 3679 if (csock < 0) { 3680 goto fail; 3681 } 3682 vnc_connect(vs, csock, false, false); 3683 } else { 3684 /* listen for connects */ 3685 if (strncmp(vnc, "unix:", 5) == 0) { 3686 vs->lsock = unix_listen(vnc+5, NULL, 0, errp); 3687 if (vs->lsock < 0) { 3688 goto fail; 3689 } 3690 vs->is_unix = true; 3691 } else { 3692 vs->lsock = inet_listen_opts(sopts, 5900, errp); 3693 if (vs->lsock < 0) { 3694 goto fail; 3695 } 3696 #ifdef CONFIG_VNC_WS 3697 if (vs->ws_enabled) { 3698 vs->lwebsock = inet_listen_opts(wsopts, 0, errp); 3699 if (vs->lwebsock < 0) { 3700 if (vs->lsock != -1) { 3701 close(vs->lsock); 3702 vs->lsock = -1; 3703 } 3704 goto fail; 3705 } 3706 } 3707 #endif /* CONFIG_VNC_WS */ 3708 } 3709 vs->enabled = true; 3710 qemu_set_fd_handler(vs->lsock, vnc_listen_regular_read, NULL, vs); 3711 #ifdef CONFIG_VNC_WS 3712 if (vs->ws_enabled) { 3713 qemu_set_fd_handler(vs->lwebsock, vnc_listen_websocket_read, 3714 NULL, vs); 3715 } 3716 #endif /* CONFIG_VNC_WS */ 3717 } 3718 qemu_opts_del(sopts); 3719 qemu_opts_del(wsopts); 3720 return; 3721 3722 fail: 3723 qemu_opts_del(sopts); 3724 qemu_opts_del(wsopts); 3725 vs->enabled = false; 3726 #ifdef CONFIG_VNC_WS 3727 vs->ws_enabled = false; 3728 #endif /* CONFIG_VNC_WS */ 3729 } 3730 3731 void vnc_display_add_client(const char *id, int csock, bool skipauth) 3732 { 3733 VncDisplay *vs = vnc_display_find(id); 3734 3735 if (!vs) { 3736 return; 3737 } 3738 vnc_connect(vs, csock, skipauth, false); 3739 } 3740 3741 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 3742 { 3743 int i = 2; 3744 char *id; 3745 3746 id = g_strdup("default"); 3747 while (qemu_opts_find(olist, id)) { 3748 g_free(id); 3749 id = g_strdup_printf("vnc%d", i++); 3750 } 3751 qemu_opts_set_id(opts, id); 3752 } 3753 3754 QemuOpts *vnc_parse(const char *str, Error **errp) 3755 { 3756 QemuOptsList *olist = qemu_find_opts("vnc"); 3757 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 3758 const char *id; 3759 3760 if (!opts) { 3761 return NULL; 3762 } 3763 3764 id = qemu_opts_id(opts); 3765 if (!id) { 3766 /* auto-assign id if not present */ 3767 vnc_auto_assign_id(olist, opts); 3768 } 3769 return opts; 3770 } 3771 3772 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 3773 { 3774 Error *local_err = NULL; 3775 char *id = (char *)qemu_opts_id(opts); 3776 3777 assert(id); 3778 vnc_display_init(id); 3779 vnc_display_open(id, &local_err); 3780 if (local_err != NULL) { 3781 error_report("Failed to start VNC server: %s", 3782 error_get_pretty(local_err)); 3783 error_free(local_err); 3784 exit(1); 3785 } 3786 return 0; 3787 } 3788 3789 static void vnc_register_config(void) 3790 { 3791 qemu_add_opts(&qemu_vnc_opts); 3792 } 3793 machine_init(vnc_register_config); 3794