1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "trace.h" 30 #include "hw/qdev.h" 31 #include "sysemu/sysemu.h" 32 #include "qemu/error-report.h" 33 #include "qemu/sockets.h" 34 #include "qemu/timer.h" 35 #include "qemu/acl.h" 36 #include "qemu/config-file.h" 37 #include "qapi/qmp/qerror.h" 38 #include "qapi/qmp/types.h" 39 #include "qmp-commands.h" 40 #include "qemu/osdep.h" 41 #include "ui/input.h" 42 #include "qapi-event.h" 43 #include "crypto/hash.h" 44 #include "crypto/tlscredsanon.h" 45 #include "crypto/tlscredsx509.h" 46 #include "qom/object_interfaces.h" 47 48 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 49 #define VNC_REFRESH_INTERVAL_INC 50 50 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 51 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 52 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 53 54 #include "vnc_keysym.h" 55 #include "crypto/cipher.h" 56 57 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 58 QTAILQ_HEAD_INITIALIZER(vnc_displays); 59 60 static int vnc_cursor_define(VncState *vs); 61 static void vnc_release_modifiers(VncState *vs); 62 63 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 64 { 65 #ifdef _VNC_DEBUG 66 static const char *mn[] = { 67 [0] = "undefined", 68 [VNC_SHARE_MODE_CONNECTING] = "connecting", 69 [VNC_SHARE_MODE_SHARED] = "shared", 70 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 71 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 72 }; 73 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 74 vs->ioc, mn[vs->share_mode], mn[mode]); 75 #endif 76 77 switch (vs->share_mode) { 78 case VNC_SHARE_MODE_CONNECTING: 79 vs->vd->num_connecting--; 80 break; 81 case VNC_SHARE_MODE_SHARED: 82 vs->vd->num_shared--; 83 break; 84 case VNC_SHARE_MODE_EXCLUSIVE: 85 vs->vd->num_exclusive--; 86 break; 87 default: 88 break; 89 } 90 91 vs->share_mode = mode; 92 93 switch (vs->share_mode) { 94 case VNC_SHARE_MODE_CONNECTING: 95 vs->vd->num_connecting++; 96 break; 97 case VNC_SHARE_MODE_SHARED: 98 vs->vd->num_shared++; 99 break; 100 case VNC_SHARE_MODE_EXCLUSIVE: 101 vs->vd->num_exclusive++; 102 break; 103 default: 104 break; 105 } 106 } 107 108 109 static void vnc_init_basic_info(SocketAddress *addr, 110 VncBasicInfo *info, 111 Error **errp) 112 { 113 switch (addr->type) { 114 case SOCKET_ADDRESS_KIND_INET: 115 info->host = g_strdup(addr->u.inet->host); 116 info->service = g_strdup(addr->u.inet->port); 117 if (addr->u.inet->ipv6) { 118 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 119 } else { 120 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 121 } 122 break; 123 124 case SOCKET_ADDRESS_KIND_UNIX: 125 info->host = g_strdup(""); 126 info->service = g_strdup(addr->u.q_unix->path); 127 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 128 break; 129 130 default: 131 error_setg(errp, "Unsupported socket kind %d", 132 addr->type); 133 break; 134 } 135 136 return; 137 } 138 139 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 140 VncBasicInfo *info, 141 Error **errp) 142 { 143 SocketAddress *addr = NULL; 144 145 addr = qio_channel_socket_get_local_address(ioc, errp); 146 if (!addr) { 147 return; 148 } 149 150 vnc_init_basic_info(addr, info, errp); 151 qapi_free_SocketAddress(addr); 152 } 153 154 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 155 VncBasicInfo *info, 156 Error **errp) 157 { 158 SocketAddress *addr = NULL; 159 160 addr = qio_channel_socket_get_remote_address(ioc, errp); 161 if (!addr) { 162 return; 163 } 164 165 vnc_init_basic_info(addr, info, errp); 166 qapi_free_SocketAddress(addr); 167 } 168 169 static const char *vnc_auth_name(VncDisplay *vd) { 170 switch (vd->auth) { 171 case VNC_AUTH_INVALID: 172 return "invalid"; 173 case VNC_AUTH_NONE: 174 return "none"; 175 case VNC_AUTH_VNC: 176 return "vnc"; 177 case VNC_AUTH_RA2: 178 return "ra2"; 179 case VNC_AUTH_RA2NE: 180 return "ra2ne"; 181 case VNC_AUTH_TIGHT: 182 return "tight"; 183 case VNC_AUTH_ULTRA: 184 return "ultra"; 185 case VNC_AUTH_TLS: 186 return "tls"; 187 case VNC_AUTH_VENCRYPT: 188 switch (vd->subauth) { 189 case VNC_AUTH_VENCRYPT_PLAIN: 190 return "vencrypt+plain"; 191 case VNC_AUTH_VENCRYPT_TLSNONE: 192 return "vencrypt+tls+none"; 193 case VNC_AUTH_VENCRYPT_TLSVNC: 194 return "vencrypt+tls+vnc"; 195 case VNC_AUTH_VENCRYPT_TLSPLAIN: 196 return "vencrypt+tls+plain"; 197 case VNC_AUTH_VENCRYPT_X509NONE: 198 return "vencrypt+x509+none"; 199 case VNC_AUTH_VENCRYPT_X509VNC: 200 return "vencrypt+x509+vnc"; 201 case VNC_AUTH_VENCRYPT_X509PLAIN: 202 return "vencrypt+x509+plain"; 203 case VNC_AUTH_VENCRYPT_TLSSASL: 204 return "vencrypt+tls+sasl"; 205 case VNC_AUTH_VENCRYPT_X509SASL: 206 return "vencrypt+x509+sasl"; 207 default: 208 return "vencrypt"; 209 } 210 case VNC_AUTH_SASL: 211 return "sasl"; 212 } 213 return "unknown"; 214 } 215 216 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 217 { 218 VncServerInfo *info; 219 Error *err = NULL; 220 221 info = g_malloc(sizeof(*info)); 222 vnc_init_basic_info_from_server_addr(vd->lsock, 223 qapi_VncServerInfo_base(info), &err); 224 info->has_auth = true; 225 info->auth = g_strdup(vnc_auth_name(vd)); 226 if (err) { 227 qapi_free_VncServerInfo(info); 228 info = NULL; 229 error_free(err); 230 } 231 return info; 232 } 233 234 static void vnc_client_cache_auth(VncState *client) 235 { 236 if (!client->info) { 237 return; 238 } 239 240 if (client->tls) { 241 client->info->x509_dname = 242 qcrypto_tls_session_get_peer_name(client->tls); 243 client->info->has_x509_dname = 244 client->info->x509_dname != NULL; 245 } 246 #ifdef CONFIG_VNC_SASL 247 if (client->sasl.conn && 248 client->sasl.username) { 249 client->info->has_sasl_username = true; 250 client->info->sasl_username = g_strdup(client->sasl.username); 251 } 252 #endif 253 } 254 255 static void vnc_client_cache_addr(VncState *client) 256 { 257 Error *err = NULL; 258 259 client->info = g_malloc0(sizeof(*client->info)); 260 vnc_init_basic_info_from_remote_addr(client->sioc, 261 qapi_VncClientInfo_base(client->info), 262 &err); 263 if (err) { 264 qapi_free_VncClientInfo(client->info); 265 client->info = NULL; 266 error_free(err); 267 } 268 } 269 270 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 271 { 272 VncServerInfo *si; 273 274 if (!vs->info) { 275 return; 276 } 277 278 si = vnc_server_info_get(vs->vd); 279 if (!si) { 280 return; 281 } 282 283 switch (event) { 284 case QAPI_EVENT_VNC_CONNECTED: 285 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info), 286 &error_abort); 287 break; 288 case QAPI_EVENT_VNC_INITIALIZED: 289 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 290 break; 291 case QAPI_EVENT_VNC_DISCONNECTED: 292 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 293 break; 294 default: 295 break; 296 } 297 298 qapi_free_VncServerInfo(si); 299 } 300 301 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 302 { 303 VncClientInfo *info; 304 Error *err = NULL; 305 306 info = g_malloc0(sizeof(*info)); 307 308 vnc_init_basic_info_from_remote_addr(client->sioc, 309 qapi_VncClientInfo_base(info), 310 &err); 311 if (err) { 312 error_free(err); 313 qapi_free_VncClientInfo(info); 314 return NULL; 315 } 316 317 info->websocket = client->websocket; 318 319 if (client->tls) { 320 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 321 info->has_x509_dname = info->x509_dname != NULL; 322 } 323 #ifdef CONFIG_VNC_SASL 324 if (client->sasl.conn && client->sasl.username) { 325 info->has_sasl_username = true; 326 info->sasl_username = g_strdup(client->sasl.username); 327 } 328 #endif 329 330 return info; 331 } 332 333 static VncDisplay *vnc_display_find(const char *id) 334 { 335 VncDisplay *vd; 336 337 if (id == NULL) { 338 return QTAILQ_FIRST(&vnc_displays); 339 } 340 QTAILQ_FOREACH(vd, &vnc_displays, next) { 341 if (strcmp(id, vd->id) == 0) { 342 return vd; 343 } 344 } 345 return NULL; 346 } 347 348 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 349 { 350 VncClientInfoList *cinfo, *prev = NULL; 351 VncState *client; 352 353 QTAILQ_FOREACH(client, &vd->clients, next) { 354 cinfo = g_new0(VncClientInfoList, 1); 355 cinfo->value = qmp_query_vnc_client(client); 356 cinfo->next = prev; 357 prev = cinfo; 358 } 359 return prev; 360 } 361 362 VncInfo *qmp_query_vnc(Error **errp) 363 { 364 VncInfo *info = g_malloc0(sizeof(*info)); 365 VncDisplay *vd = vnc_display_find(NULL); 366 SocketAddress *addr = NULL; 367 368 if (vd == NULL || !vd->enabled) { 369 info->enabled = false; 370 } else { 371 info->enabled = true; 372 373 /* for compatibility with the original command */ 374 info->has_clients = true; 375 info->clients = qmp_query_client_list(vd); 376 377 if (vd->lsock == NULL) { 378 return info; 379 } 380 381 addr = qio_channel_socket_get_local_address(vd->lsock, errp); 382 if (!addr) { 383 goto out_error; 384 } 385 386 switch (addr->type) { 387 case SOCKET_ADDRESS_KIND_INET: 388 info->host = g_strdup(addr->u.inet->host); 389 info->service = g_strdup(addr->u.inet->port); 390 if (addr->u.inet->ipv6) { 391 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 392 } else { 393 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 394 } 395 break; 396 397 case SOCKET_ADDRESS_KIND_UNIX: 398 info->host = g_strdup(""); 399 info->service = g_strdup(addr->u.q_unix->path); 400 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 401 break; 402 403 default: 404 error_setg(errp, "Unsupported socket kind %d", 405 addr->type); 406 goto out_error; 407 } 408 409 info->has_host = true; 410 info->has_service = true; 411 info->has_family = true; 412 413 info->has_auth = true; 414 info->auth = g_strdup(vnc_auth_name(vd)); 415 } 416 417 qapi_free_SocketAddress(addr); 418 return info; 419 420 out_error: 421 qapi_free_SocketAddress(addr); 422 qapi_free_VncInfo(info); 423 return NULL; 424 } 425 426 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc, 427 bool websocket, 428 VncBasicInfoList *prev) 429 { 430 VncBasicInfoList *list; 431 VncBasicInfo *info; 432 Error *err = NULL; 433 SocketAddress *addr; 434 435 addr = qio_channel_socket_get_local_address(ioc, &err); 436 if (!addr) { 437 error_free(err); 438 return prev; 439 } 440 441 info = g_new0(VncBasicInfo, 1); 442 vnc_init_basic_info(addr, info, &err); 443 qapi_free_SocketAddress(addr); 444 if (err) { 445 qapi_free_VncBasicInfo(info); 446 error_free(err); 447 return prev; 448 } 449 info->websocket = websocket; 450 451 list = g_new0(VncBasicInfoList, 1); 452 list->value = info; 453 list->next = prev; 454 return list; 455 } 456 457 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info) 458 { 459 switch (vd->auth) { 460 case VNC_AUTH_VNC: 461 info->auth = VNC_PRIMARY_AUTH_VNC; 462 break; 463 case VNC_AUTH_RA2: 464 info->auth = VNC_PRIMARY_AUTH_RA2; 465 break; 466 case VNC_AUTH_RA2NE: 467 info->auth = VNC_PRIMARY_AUTH_RA2NE; 468 break; 469 case VNC_AUTH_TIGHT: 470 info->auth = VNC_PRIMARY_AUTH_TIGHT; 471 break; 472 case VNC_AUTH_ULTRA: 473 info->auth = VNC_PRIMARY_AUTH_ULTRA; 474 break; 475 case VNC_AUTH_TLS: 476 info->auth = VNC_PRIMARY_AUTH_TLS; 477 break; 478 case VNC_AUTH_VENCRYPT: 479 info->auth = VNC_PRIMARY_AUTH_VENCRYPT; 480 info->has_vencrypt = true; 481 switch (vd->subauth) { 482 case VNC_AUTH_VENCRYPT_PLAIN: 483 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 484 break; 485 case VNC_AUTH_VENCRYPT_TLSNONE: 486 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 487 break; 488 case VNC_AUTH_VENCRYPT_TLSVNC: 489 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 490 break; 491 case VNC_AUTH_VENCRYPT_TLSPLAIN: 492 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 493 break; 494 case VNC_AUTH_VENCRYPT_X509NONE: 495 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 496 break; 497 case VNC_AUTH_VENCRYPT_X509VNC: 498 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 499 break; 500 case VNC_AUTH_VENCRYPT_X509PLAIN: 501 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 502 break; 503 case VNC_AUTH_VENCRYPT_TLSSASL: 504 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 505 break; 506 case VNC_AUTH_VENCRYPT_X509SASL: 507 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 508 break; 509 default: 510 info->has_vencrypt = false; 511 break; 512 } 513 break; 514 case VNC_AUTH_SASL: 515 info->auth = VNC_PRIMARY_AUTH_SASL; 516 break; 517 case VNC_AUTH_NONE: 518 default: 519 info->auth = VNC_PRIMARY_AUTH_NONE; 520 break; 521 } 522 } 523 524 VncInfo2List *qmp_query_vnc_servers(Error **errp) 525 { 526 VncInfo2List *item, *prev = NULL; 527 VncInfo2 *info; 528 VncDisplay *vd; 529 DeviceState *dev; 530 531 QTAILQ_FOREACH(vd, &vnc_displays, next) { 532 info = g_new0(VncInfo2, 1); 533 info->id = g_strdup(vd->id); 534 info->clients = qmp_query_client_list(vd); 535 qmp_query_auth(vd, info); 536 if (vd->dcl.con) { 537 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 538 "device", NULL)); 539 info->has_display = true; 540 info->display = g_strdup(dev->id); 541 } 542 if (vd->lsock != NULL) { 543 info->server = qmp_query_server_entry( 544 vd->lsock, false, info->server); 545 } 546 if (vd->lwebsock != NULL) { 547 info->server = qmp_query_server_entry( 548 vd->lwebsock, true, info->server); 549 } 550 551 item = g_new0(VncInfo2List, 1); 552 item->value = info; 553 item->next = prev; 554 prev = item; 555 } 556 return prev; 557 } 558 559 /* TODO 560 1) Get the queue working for IO. 561 2) there is some weirdness when using the -S option (the screen is grey 562 and not totally invalidated 563 3) resolutions > 1024 564 */ 565 566 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 567 static void vnc_disconnect_start(VncState *vs); 568 569 static void vnc_colordepth(VncState *vs); 570 static void framebuffer_update_request(VncState *vs, int incremental, 571 int x_position, int y_position, 572 int w, int h); 573 static void vnc_refresh(DisplayChangeListener *dcl); 574 static int vnc_refresh_server_surface(VncDisplay *vd); 575 576 static int vnc_width(VncDisplay *vd) 577 { 578 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 579 VNC_DIRTY_PIXELS_PER_BIT)); 580 } 581 582 static int vnc_height(VncDisplay *vd) 583 { 584 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 585 } 586 587 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 588 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 589 VncDisplay *vd, 590 int x, int y, int w, int h) 591 { 592 int width = vnc_width(vd); 593 int height = vnc_height(vd); 594 595 /* this is needed this to ensure we updated all affected 596 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 597 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 598 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 599 600 x = MIN(x, width); 601 y = MIN(y, height); 602 w = MIN(x + w, width) - x; 603 h = MIN(y + h, height); 604 605 for (; y < h; y++) { 606 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 607 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 608 } 609 } 610 611 static void vnc_dpy_update(DisplayChangeListener *dcl, 612 int x, int y, int w, int h) 613 { 614 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 615 struct VncSurface *s = &vd->guest; 616 617 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 618 } 619 620 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 621 int32_t encoding) 622 { 623 vnc_write_u16(vs, x); 624 vnc_write_u16(vs, y); 625 vnc_write_u16(vs, w); 626 vnc_write_u16(vs, h); 627 628 vnc_write_s32(vs, encoding); 629 } 630 631 632 static void vnc_desktop_resize(VncState *vs) 633 { 634 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 635 return; 636 } 637 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 638 vs->client_height == pixman_image_get_height(vs->vd->server)) { 639 return; 640 } 641 vs->client_width = pixman_image_get_width(vs->vd->server); 642 vs->client_height = pixman_image_get_height(vs->vd->server); 643 vnc_lock_output(vs); 644 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 645 vnc_write_u8(vs, 0); 646 vnc_write_u16(vs, 1); /* number of rects */ 647 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 648 VNC_ENCODING_DESKTOPRESIZE); 649 vnc_unlock_output(vs); 650 vnc_flush(vs); 651 } 652 653 static void vnc_abort_display_jobs(VncDisplay *vd) 654 { 655 VncState *vs; 656 657 QTAILQ_FOREACH(vs, &vd->clients, next) { 658 vnc_lock_output(vs); 659 vs->abort = true; 660 vnc_unlock_output(vs); 661 } 662 QTAILQ_FOREACH(vs, &vd->clients, next) { 663 vnc_jobs_join(vs); 664 } 665 QTAILQ_FOREACH(vs, &vd->clients, next) { 666 vnc_lock_output(vs); 667 vs->abort = false; 668 vnc_unlock_output(vs); 669 } 670 } 671 672 int vnc_server_fb_stride(VncDisplay *vd) 673 { 674 return pixman_image_get_stride(vd->server); 675 } 676 677 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 678 { 679 uint8_t *ptr; 680 681 ptr = (uint8_t *)pixman_image_get_data(vd->server); 682 ptr += y * vnc_server_fb_stride(vd); 683 ptr += x * VNC_SERVER_FB_BYTES; 684 return ptr; 685 } 686 687 static void vnc_update_server_surface(VncDisplay *vd) 688 { 689 qemu_pixman_image_unref(vd->server); 690 vd->server = NULL; 691 692 if (QTAILQ_EMPTY(&vd->clients)) { 693 return; 694 } 695 696 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 697 vnc_width(vd), 698 vnc_height(vd), 699 NULL, 0); 700 } 701 702 static void vnc_dpy_switch(DisplayChangeListener *dcl, 703 DisplaySurface *surface) 704 { 705 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 706 VncState *vs; 707 int width, height; 708 709 vnc_abort_display_jobs(vd); 710 vd->ds = surface; 711 712 /* server surface */ 713 vnc_update_server_surface(vd); 714 715 /* guest surface */ 716 qemu_pixman_image_unref(vd->guest.fb); 717 vd->guest.fb = pixman_image_ref(surface->image); 718 vd->guest.format = surface->format; 719 width = vnc_width(vd); 720 height = vnc_height(vd); 721 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 722 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 723 width, height); 724 725 QTAILQ_FOREACH(vs, &vd->clients, next) { 726 vnc_colordepth(vs); 727 vnc_desktop_resize(vs); 728 if (vs->vd->cursor) { 729 vnc_cursor_define(vs); 730 } 731 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 732 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 733 width, height); 734 } 735 } 736 737 /* fastest code */ 738 static void vnc_write_pixels_copy(VncState *vs, 739 void *pixels, int size) 740 { 741 vnc_write(vs, pixels, size); 742 } 743 744 /* slowest but generic code. */ 745 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 746 { 747 uint8_t r, g, b; 748 749 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 750 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 751 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 752 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 753 #else 754 # error need some bits here if you change VNC_SERVER_FB_FORMAT 755 #endif 756 v = (r << vs->client_pf.rshift) | 757 (g << vs->client_pf.gshift) | 758 (b << vs->client_pf.bshift); 759 switch (vs->client_pf.bytes_per_pixel) { 760 case 1: 761 buf[0] = v; 762 break; 763 case 2: 764 if (vs->client_be) { 765 buf[0] = v >> 8; 766 buf[1] = v; 767 } else { 768 buf[1] = v >> 8; 769 buf[0] = v; 770 } 771 break; 772 default: 773 case 4: 774 if (vs->client_be) { 775 buf[0] = v >> 24; 776 buf[1] = v >> 16; 777 buf[2] = v >> 8; 778 buf[3] = v; 779 } else { 780 buf[3] = v >> 24; 781 buf[2] = v >> 16; 782 buf[1] = v >> 8; 783 buf[0] = v; 784 } 785 break; 786 } 787 } 788 789 static void vnc_write_pixels_generic(VncState *vs, 790 void *pixels1, int size) 791 { 792 uint8_t buf[4]; 793 794 if (VNC_SERVER_FB_BYTES == 4) { 795 uint32_t *pixels = pixels1; 796 int n, i; 797 n = size >> 2; 798 for (i = 0; i < n; i++) { 799 vnc_convert_pixel(vs, buf, pixels[i]); 800 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 801 } 802 } 803 } 804 805 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 806 { 807 int i; 808 uint8_t *row; 809 VncDisplay *vd = vs->vd; 810 811 row = vnc_server_fb_ptr(vd, x, y); 812 for (i = 0; i < h; i++) { 813 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 814 row += vnc_server_fb_stride(vd); 815 } 816 return 1; 817 } 818 819 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 820 { 821 int n = 0; 822 bool encode_raw = false; 823 size_t saved_offs = vs->output.offset; 824 825 switch(vs->vnc_encoding) { 826 case VNC_ENCODING_ZLIB: 827 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 828 break; 829 case VNC_ENCODING_HEXTILE: 830 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 831 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 832 break; 833 case VNC_ENCODING_TIGHT: 834 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 835 break; 836 case VNC_ENCODING_TIGHT_PNG: 837 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 838 break; 839 case VNC_ENCODING_ZRLE: 840 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 841 break; 842 case VNC_ENCODING_ZYWRLE: 843 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 844 break; 845 default: 846 encode_raw = true; 847 break; 848 } 849 850 /* If the client has the same pixel format as our internal buffer and 851 * a RAW encoding would need less space fall back to RAW encoding to 852 * save bandwidth and processing power in the client. */ 853 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && 854 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { 855 vs->output.offset = saved_offs; 856 encode_raw = true; 857 } 858 859 if (encode_raw) { 860 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 861 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 862 } 863 864 return n; 865 } 866 867 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 868 { 869 /* send bitblit op to the vnc client */ 870 vnc_lock_output(vs); 871 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 872 vnc_write_u8(vs, 0); 873 vnc_write_u16(vs, 1); /* number of rects */ 874 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 875 vnc_write_u16(vs, src_x); 876 vnc_write_u16(vs, src_y); 877 vnc_unlock_output(vs); 878 vnc_flush(vs); 879 } 880 881 static void vnc_dpy_copy(DisplayChangeListener *dcl, 882 int src_x, int src_y, 883 int dst_x, int dst_y, int w, int h) 884 { 885 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 886 VncState *vs, *vn; 887 uint8_t *src_row; 888 uint8_t *dst_row; 889 int i, x, y, pitch, inc, w_lim, s; 890 int cmp_bytes; 891 892 if (!vd->server) { 893 /* no client connected */ 894 return; 895 } 896 897 vnc_refresh_server_surface(vd); 898 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 899 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 900 vs->force_update = 1; 901 vnc_update_client(vs, 1, true); 902 /* vs might be free()ed here */ 903 } 904 } 905 906 /* do bitblit op on the local surface too */ 907 pitch = vnc_server_fb_stride(vd); 908 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 909 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 910 y = dst_y; 911 inc = 1; 912 if (dst_y > src_y) { 913 /* copy backwards */ 914 src_row += pitch * (h-1); 915 dst_row += pitch * (h-1); 916 pitch = -pitch; 917 y = dst_y + h - 1; 918 inc = -1; 919 } 920 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 921 if (w_lim < 0) { 922 w_lim = w; 923 } else { 924 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 925 } 926 for (i = 0; i < h; i++) { 927 for (x = 0; x <= w_lim; 928 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 929 if (x == w_lim) { 930 if ((s = w - w_lim) == 0) 931 break; 932 } else if (!x) { 933 s = (VNC_DIRTY_PIXELS_PER_BIT - 934 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 935 s = MIN(s, w_lim); 936 } else { 937 s = VNC_DIRTY_PIXELS_PER_BIT; 938 } 939 cmp_bytes = s * VNC_SERVER_FB_BYTES; 940 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 941 continue; 942 memmove(dst_row, src_row, cmp_bytes); 943 QTAILQ_FOREACH(vs, &vd->clients, next) { 944 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 945 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 946 vs->dirty[y]); 947 } 948 } 949 } 950 src_row += pitch - w * VNC_SERVER_FB_BYTES; 951 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 952 y += inc; 953 } 954 955 QTAILQ_FOREACH(vs, &vd->clients, next) { 956 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 957 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 958 } 959 } 960 } 961 962 static void vnc_mouse_set(DisplayChangeListener *dcl, 963 int x, int y, int visible) 964 { 965 /* can we ask the client(s) to move the pointer ??? */ 966 } 967 968 static int vnc_cursor_define(VncState *vs) 969 { 970 QEMUCursor *c = vs->vd->cursor; 971 int isize; 972 973 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 974 vnc_lock_output(vs); 975 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 976 vnc_write_u8(vs, 0); /* padding */ 977 vnc_write_u16(vs, 1); /* # of rects */ 978 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 979 VNC_ENCODING_RICH_CURSOR); 980 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 981 vnc_write_pixels_generic(vs, c->data, isize); 982 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 983 vnc_unlock_output(vs); 984 return 0; 985 } 986 return -1; 987 } 988 989 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 990 QEMUCursor *c) 991 { 992 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 993 VncState *vs; 994 995 cursor_put(vd->cursor); 996 g_free(vd->cursor_mask); 997 998 vd->cursor = c; 999 cursor_get(vd->cursor); 1000 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1001 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1002 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1003 1004 QTAILQ_FOREACH(vs, &vd->clients, next) { 1005 vnc_cursor_define(vs); 1006 } 1007 } 1008 1009 static int find_and_clear_dirty_height(VncState *vs, 1010 int y, int last_x, int x, int height) 1011 { 1012 int h; 1013 1014 for (h = 1; h < (height - y); h++) { 1015 if (!test_bit(last_x, vs->dirty[y + h])) { 1016 break; 1017 } 1018 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1019 } 1020 1021 return h; 1022 } 1023 1024 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 1025 { 1026 vs->has_dirty += has_dirty; 1027 if (vs->need_update && vs->ioc != NULL) { 1028 VncDisplay *vd = vs->vd; 1029 VncJob *job; 1030 int y; 1031 int height, width; 1032 int n = 0; 1033 1034 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 1035 /* kernel send buffers are full -> drop frames to throttle */ 1036 return 0; 1037 1038 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 1039 return 0; 1040 1041 /* 1042 * Send screen updates to the vnc client using the server 1043 * surface and server dirty map. guest surface updates 1044 * happening in parallel don't disturb us, the next pass will 1045 * send them to the client. 1046 */ 1047 job = vnc_job_new(vs); 1048 1049 height = pixman_image_get_height(vd->server); 1050 width = pixman_image_get_width(vd->server); 1051 1052 y = 0; 1053 for (;;) { 1054 int x, h; 1055 unsigned long x2; 1056 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1057 height * VNC_DIRTY_BPL(vs), 1058 y * VNC_DIRTY_BPL(vs)); 1059 if (offset == height * VNC_DIRTY_BPL(vs)) { 1060 /* no more dirty bits */ 1061 break; 1062 } 1063 y = offset / VNC_DIRTY_BPL(vs); 1064 x = offset % VNC_DIRTY_BPL(vs); 1065 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1066 VNC_DIRTY_BPL(vs), x); 1067 bitmap_clear(vs->dirty[y], x, x2 - x); 1068 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1069 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1070 if (x2 > x) { 1071 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1072 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1073 } 1074 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1075 y += h; 1076 if (y == height) { 1077 break; 1078 } 1079 } 1080 } 1081 1082 vnc_job_push(job); 1083 if (sync) { 1084 vnc_jobs_join(vs); 1085 } 1086 vs->force_update = 0; 1087 vs->has_dirty = 0; 1088 return n; 1089 } 1090 1091 if (vs->disconnecting) { 1092 vnc_disconnect_finish(vs); 1093 } else if (sync) { 1094 vnc_jobs_join(vs); 1095 } 1096 1097 return 0; 1098 } 1099 1100 /* audio */ 1101 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1102 { 1103 VncState *vs = opaque; 1104 1105 switch (cmd) { 1106 case AUD_CNOTIFY_DISABLE: 1107 vnc_lock_output(vs); 1108 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1110 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1111 vnc_unlock_output(vs); 1112 vnc_flush(vs); 1113 break; 1114 1115 case AUD_CNOTIFY_ENABLE: 1116 vnc_lock_output(vs); 1117 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1119 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1120 vnc_unlock_output(vs); 1121 vnc_flush(vs); 1122 break; 1123 } 1124 } 1125 1126 static void audio_capture_destroy(void *opaque) 1127 { 1128 } 1129 1130 static void audio_capture(void *opaque, void *buf, int size) 1131 { 1132 VncState *vs = opaque; 1133 1134 vnc_lock_output(vs); 1135 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1137 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1138 vnc_write_u32(vs, size); 1139 vnc_write(vs, buf, size); 1140 vnc_unlock_output(vs); 1141 vnc_flush(vs); 1142 } 1143 1144 static void audio_add(VncState *vs) 1145 { 1146 struct audio_capture_ops ops; 1147 1148 if (vs->audio_cap) { 1149 error_report("audio already running"); 1150 return; 1151 } 1152 1153 ops.notify = audio_capture_notify; 1154 ops.destroy = audio_capture_destroy; 1155 ops.capture = audio_capture; 1156 1157 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1158 if (!vs->audio_cap) { 1159 error_report("Failed to add audio capture"); 1160 } 1161 } 1162 1163 static void audio_del(VncState *vs) 1164 { 1165 if (vs->audio_cap) { 1166 AUD_del_capture(vs->audio_cap, vs); 1167 vs->audio_cap = NULL; 1168 } 1169 } 1170 1171 static void vnc_disconnect_start(VncState *vs) 1172 { 1173 if (vs->disconnecting) { 1174 return; 1175 } 1176 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1177 if (vs->ioc_tag) { 1178 g_source_remove(vs->ioc_tag); 1179 } 1180 qio_channel_close(vs->ioc, NULL); 1181 vs->disconnecting = TRUE; 1182 } 1183 1184 void vnc_disconnect_finish(VncState *vs) 1185 { 1186 int i; 1187 1188 vnc_jobs_join(vs); /* Wait encoding jobs */ 1189 1190 vnc_lock_output(vs); 1191 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1192 1193 buffer_free(&vs->input); 1194 buffer_free(&vs->output); 1195 1196 qapi_free_VncClientInfo(vs->info); 1197 1198 vnc_zlib_clear(vs); 1199 vnc_tight_clear(vs); 1200 vnc_zrle_clear(vs); 1201 1202 #ifdef CONFIG_VNC_SASL 1203 vnc_sasl_client_cleanup(vs); 1204 #endif /* CONFIG_VNC_SASL */ 1205 audio_del(vs); 1206 vnc_release_modifiers(vs); 1207 1208 if (vs->initialized) { 1209 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1210 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1211 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1212 /* last client gone */ 1213 vnc_update_server_surface(vs->vd); 1214 } 1215 } 1216 1217 if (vs->vd->lock_key_sync) 1218 qemu_remove_led_event_handler(vs->led); 1219 vnc_unlock_output(vs); 1220 1221 qemu_mutex_destroy(&vs->output_mutex); 1222 if (vs->bh != NULL) { 1223 qemu_bh_delete(vs->bh); 1224 } 1225 buffer_free(&vs->jobs_buffer); 1226 1227 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1228 g_free(vs->lossy_rect[i]); 1229 } 1230 g_free(vs->lossy_rect); 1231 1232 object_unref(OBJECT(vs->ioc)); 1233 vs->ioc = NULL; 1234 object_unref(OBJECT(vs->sioc)); 1235 vs->sioc = NULL; 1236 g_free(vs); 1237 } 1238 1239 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) 1240 { 1241 if (ret <= 0) { 1242 if (ret == 0) { 1243 VNC_DEBUG("Closing down client sock: EOF\n"); 1244 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1245 VNC_DEBUG("Closing down client sock: ret %d (%s)\n", 1246 ret, errp ? error_get_pretty(*errp) : "Unknown"); 1247 } 1248 1249 vnc_disconnect_start(vs); 1250 if (errp) { 1251 error_free(*errp); 1252 *errp = NULL; 1253 } 1254 return 0; 1255 } 1256 return ret; 1257 } 1258 1259 1260 void vnc_client_error(VncState *vs) 1261 { 1262 VNC_DEBUG("Closing down client sock: protocol error\n"); 1263 vnc_disconnect_start(vs); 1264 } 1265 1266 1267 /* 1268 * Called to write a chunk of data to the client socket. The data may 1269 * be the raw data, or may have already been encoded by SASL. 1270 * The data will be written either straight onto the socket, or 1271 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1272 * 1273 * NB, it is theoretically possible to have 2 layers of encryption, 1274 * both SASL, and this TLS layer. It is highly unlikely in practice 1275 * though, since SASL encryption will typically be a no-op if TLS 1276 * is active 1277 * 1278 * Returns the number of bytes written, which may be less than 1279 * the requested 'datalen' if the socket would block. Returns 1280 * -1 on error, and disconnects the client socket. 1281 */ 1282 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1283 { 1284 Error *err = NULL; 1285 ssize_t ret; 1286 ret = qio_channel_write( 1287 vs->ioc, (const char *)data, datalen, &err); 1288 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1289 return vnc_client_io_error(vs, ret, &err); 1290 } 1291 1292 1293 /* 1294 * Called to write buffered data to the client socket, when not 1295 * using any SASL SSF encryption layers. Will write as much data 1296 * as possible without blocking. If all buffered data is written, 1297 * will switch the FD poll() handler back to read monitoring. 1298 * 1299 * Returns the number of bytes written, which may be less than 1300 * the buffered output data if the socket would block. Returns 1301 * -1 on error, and disconnects the client socket. 1302 */ 1303 static ssize_t vnc_client_write_plain(VncState *vs) 1304 { 1305 ssize_t ret; 1306 1307 #ifdef CONFIG_VNC_SASL 1308 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1309 vs->output.buffer, vs->output.capacity, vs->output.offset, 1310 vs->sasl.waitWriteSSF); 1311 1312 if (vs->sasl.conn && 1313 vs->sasl.runSSF && 1314 vs->sasl.waitWriteSSF) { 1315 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1316 if (ret) 1317 vs->sasl.waitWriteSSF -= ret; 1318 } else 1319 #endif /* CONFIG_VNC_SASL */ 1320 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1321 if (!ret) 1322 return 0; 1323 1324 buffer_advance(&vs->output, ret); 1325 1326 if (vs->output.offset == 0) { 1327 if (vs->ioc_tag) { 1328 g_source_remove(vs->ioc_tag); 1329 } 1330 vs->ioc_tag = qio_channel_add_watch( 1331 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1332 } 1333 1334 return ret; 1335 } 1336 1337 1338 /* 1339 * First function called whenever there is data to be written to 1340 * the client socket. Will delegate actual work according to whether 1341 * SASL SSF layers are enabled (thus requiring encryption calls) 1342 */ 1343 static void vnc_client_write_locked(VncState *vs) 1344 { 1345 #ifdef CONFIG_VNC_SASL 1346 if (vs->sasl.conn && 1347 vs->sasl.runSSF && 1348 !vs->sasl.waitWriteSSF) { 1349 vnc_client_write_sasl(vs); 1350 } else 1351 #endif /* CONFIG_VNC_SASL */ 1352 { 1353 vnc_client_write_plain(vs); 1354 } 1355 } 1356 1357 static void vnc_client_write(VncState *vs) 1358 { 1359 1360 vnc_lock_output(vs); 1361 if (vs->output.offset) { 1362 vnc_client_write_locked(vs); 1363 } else if (vs->ioc != NULL) { 1364 if (vs->ioc_tag) { 1365 g_source_remove(vs->ioc_tag); 1366 } 1367 vs->ioc_tag = qio_channel_add_watch( 1368 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1369 } 1370 vnc_unlock_output(vs); 1371 } 1372 1373 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1374 { 1375 vs->read_handler = func; 1376 vs->read_handler_expect = expecting; 1377 } 1378 1379 1380 /* 1381 * Called to read a chunk of data from the client socket. The data may 1382 * be the raw data, or may need to be further decoded by SASL. 1383 * The data will be read either straight from to the socket, or 1384 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1385 * 1386 * NB, it is theoretically possible to have 2 layers of encryption, 1387 * both SASL, and this TLS layer. It is highly unlikely in practice 1388 * though, since SASL encryption will typically be a no-op if TLS 1389 * is active 1390 * 1391 * Returns the number of bytes read, which may be less than 1392 * the requested 'datalen' if the socket would block. Returns 1393 * -1 on error, and disconnects the client socket. 1394 */ 1395 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1396 { 1397 ssize_t ret; 1398 Error *err = NULL; 1399 ret = qio_channel_read( 1400 vs->ioc, (char *)data, datalen, &err); 1401 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1402 return vnc_client_io_error(vs, ret, &err); 1403 } 1404 1405 1406 /* 1407 * Called to read data from the client socket to the input buffer, 1408 * when not using any SASL SSF encryption layers. Will read as much 1409 * data as possible without blocking. 1410 * 1411 * Returns the number of bytes read. Returns -1 on error, and 1412 * disconnects the client socket. 1413 */ 1414 static ssize_t vnc_client_read_plain(VncState *vs) 1415 { 1416 ssize_t ret; 1417 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1418 vs->input.buffer, vs->input.capacity, vs->input.offset); 1419 buffer_reserve(&vs->input, 4096); 1420 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1421 if (!ret) 1422 return 0; 1423 vs->input.offset += ret; 1424 return ret; 1425 } 1426 1427 static void vnc_jobs_bh(void *opaque) 1428 { 1429 VncState *vs = opaque; 1430 1431 vnc_jobs_consume_buffer(vs); 1432 } 1433 1434 /* 1435 * First function called whenever there is more data to be read from 1436 * the client socket. Will delegate actual work according to whether 1437 * SASL SSF layers are enabled (thus requiring decryption calls) 1438 */ 1439 static void vnc_client_read(VncState *vs) 1440 { 1441 ssize_t ret; 1442 1443 #ifdef CONFIG_VNC_SASL 1444 if (vs->sasl.conn && vs->sasl.runSSF) 1445 ret = vnc_client_read_sasl(vs); 1446 else 1447 #endif /* CONFIG_VNC_SASL */ 1448 ret = vnc_client_read_plain(vs); 1449 if (!ret) { 1450 if (vs->disconnecting) { 1451 vnc_disconnect_finish(vs); 1452 } 1453 return; 1454 } 1455 1456 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1457 size_t len = vs->read_handler_expect; 1458 int ret; 1459 1460 ret = vs->read_handler(vs, vs->input.buffer, len); 1461 if (vs->disconnecting) { 1462 vnc_disconnect_finish(vs); 1463 return; 1464 } 1465 1466 if (!ret) { 1467 buffer_advance(&vs->input, len); 1468 } else { 1469 vs->read_handler_expect = ret; 1470 } 1471 } 1472 } 1473 1474 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1475 GIOCondition condition, void *opaque) 1476 { 1477 VncState *vs = opaque; 1478 if (condition & G_IO_IN) { 1479 vnc_client_read(vs); 1480 } 1481 if (condition & G_IO_OUT) { 1482 vnc_client_write(vs); 1483 } 1484 return TRUE; 1485 } 1486 1487 1488 void vnc_write(VncState *vs, const void *data, size_t len) 1489 { 1490 buffer_reserve(&vs->output, len); 1491 1492 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1493 if (vs->ioc_tag) { 1494 g_source_remove(vs->ioc_tag); 1495 } 1496 vs->ioc_tag = qio_channel_add_watch( 1497 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL); 1498 } 1499 1500 buffer_append(&vs->output, data, len); 1501 } 1502 1503 void vnc_write_s32(VncState *vs, int32_t value) 1504 { 1505 vnc_write_u32(vs, *(uint32_t *)&value); 1506 } 1507 1508 void vnc_write_u32(VncState *vs, uint32_t value) 1509 { 1510 uint8_t buf[4]; 1511 1512 buf[0] = (value >> 24) & 0xFF; 1513 buf[1] = (value >> 16) & 0xFF; 1514 buf[2] = (value >> 8) & 0xFF; 1515 buf[3] = value & 0xFF; 1516 1517 vnc_write(vs, buf, 4); 1518 } 1519 1520 void vnc_write_u16(VncState *vs, uint16_t value) 1521 { 1522 uint8_t buf[2]; 1523 1524 buf[0] = (value >> 8) & 0xFF; 1525 buf[1] = value & 0xFF; 1526 1527 vnc_write(vs, buf, 2); 1528 } 1529 1530 void vnc_write_u8(VncState *vs, uint8_t value) 1531 { 1532 vnc_write(vs, (char *)&value, 1); 1533 } 1534 1535 void vnc_flush(VncState *vs) 1536 { 1537 vnc_lock_output(vs); 1538 if (vs->ioc != NULL && vs->output.offset) { 1539 vnc_client_write_locked(vs); 1540 } 1541 vnc_unlock_output(vs); 1542 } 1543 1544 static uint8_t read_u8(uint8_t *data, size_t offset) 1545 { 1546 return data[offset]; 1547 } 1548 1549 static uint16_t read_u16(uint8_t *data, size_t offset) 1550 { 1551 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1552 } 1553 1554 static int32_t read_s32(uint8_t *data, size_t offset) 1555 { 1556 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1557 (data[offset + 2] << 8) | data[offset + 3]); 1558 } 1559 1560 uint32_t read_u32(uint8_t *data, size_t offset) 1561 { 1562 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1563 (data[offset + 2] << 8) | data[offset + 3]); 1564 } 1565 1566 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1567 { 1568 } 1569 1570 static void check_pointer_type_change(Notifier *notifier, void *data) 1571 { 1572 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1573 int absolute = qemu_input_is_absolute(); 1574 1575 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1576 vnc_lock_output(vs); 1577 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1578 vnc_write_u8(vs, 0); 1579 vnc_write_u16(vs, 1); 1580 vnc_framebuffer_update(vs, absolute, 0, 1581 pixman_image_get_width(vs->vd->server), 1582 pixman_image_get_height(vs->vd->server), 1583 VNC_ENCODING_POINTER_TYPE_CHANGE); 1584 vnc_unlock_output(vs); 1585 vnc_flush(vs); 1586 } 1587 vs->absolute = absolute; 1588 } 1589 1590 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1591 { 1592 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1593 [INPUT_BUTTON_LEFT] = 0x01, 1594 [INPUT_BUTTON_MIDDLE] = 0x02, 1595 [INPUT_BUTTON_RIGHT] = 0x04, 1596 [INPUT_BUTTON_WHEELUP] = 0x08, 1597 [INPUT_BUTTON_WHEELDOWN] = 0x10, 1598 }; 1599 QemuConsole *con = vs->vd->dcl.con; 1600 int width = pixman_image_get_width(vs->vd->server); 1601 int height = pixman_image_get_height(vs->vd->server); 1602 1603 if (vs->last_bmask != button_mask) { 1604 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1605 vs->last_bmask = button_mask; 1606 } 1607 1608 if (vs->absolute) { 1609 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1610 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1611 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1612 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1613 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1614 } else { 1615 if (vs->last_x != -1) { 1616 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1617 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1618 } 1619 vs->last_x = x; 1620 vs->last_y = y; 1621 } 1622 qemu_input_event_sync(); 1623 } 1624 1625 static void reset_keys(VncState *vs) 1626 { 1627 int i; 1628 for(i = 0; i < 256; i++) { 1629 if (vs->modifiers_state[i]) { 1630 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1631 vs->modifiers_state[i] = 0; 1632 } 1633 } 1634 } 1635 1636 static void press_key(VncState *vs, int keysym) 1637 { 1638 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1639 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1640 qemu_input_event_send_key_delay(0); 1641 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1642 qemu_input_event_send_key_delay(0); 1643 } 1644 1645 static int current_led_state(VncState *vs) 1646 { 1647 int ledstate = 0; 1648 1649 if (vs->modifiers_state[0x46]) { 1650 ledstate |= QEMU_SCROLL_LOCK_LED; 1651 } 1652 if (vs->modifiers_state[0x45]) { 1653 ledstate |= QEMU_NUM_LOCK_LED; 1654 } 1655 if (vs->modifiers_state[0x3a]) { 1656 ledstate |= QEMU_CAPS_LOCK_LED; 1657 } 1658 1659 return ledstate; 1660 } 1661 1662 static void vnc_led_state_change(VncState *vs) 1663 { 1664 int ledstate = 0; 1665 1666 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1667 return; 1668 } 1669 1670 ledstate = current_led_state(vs); 1671 vnc_lock_output(vs); 1672 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1673 vnc_write_u8(vs, 0); 1674 vnc_write_u16(vs, 1); 1675 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1676 vnc_write_u8(vs, ledstate); 1677 vnc_unlock_output(vs); 1678 vnc_flush(vs); 1679 } 1680 1681 static void kbd_leds(void *opaque, int ledstate) 1682 { 1683 VncState *vs = opaque; 1684 int caps, num, scr; 1685 bool has_changed = (ledstate != current_led_state(vs)); 1686 1687 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1688 (ledstate & QEMU_NUM_LOCK_LED), 1689 (ledstate & QEMU_SCROLL_LOCK_LED)); 1690 1691 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1692 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1693 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1694 1695 if (vs->modifiers_state[0x3a] != caps) { 1696 vs->modifiers_state[0x3a] = caps; 1697 } 1698 if (vs->modifiers_state[0x45] != num) { 1699 vs->modifiers_state[0x45] = num; 1700 } 1701 if (vs->modifiers_state[0x46] != scr) { 1702 vs->modifiers_state[0x46] = scr; 1703 } 1704 1705 /* Sending the current led state message to the client */ 1706 if (has_changed) { 1707 vnc_led_state_change(vs); 1708 } 1709 } 1710 1711 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1712 { 1713 /* QEMU console switch */ 1714 switch(keycode) { 1715 case 0x2a: /* Left Shift */ 1716 case 0x36: /* Right Shift */ 1717 case 0x1d: /* Left CTRL */ 1718 case 0x9d: /* Right CTRL */ 1719 case 0x38: /* Left ALT */ 1720 case 0xb8: /* Right ALT */ 1721 if (down) 1722 vs->modifiers_state[keycode] = 1; 1723 else 1724 vs->modifiers_state[keycode] = 0; 1725 break; 1726 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1727 if (vs->vd->dcl.con == NULL && 1728 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1729 /* Reset the modifiers sent to the current console */ 1730 reset_keys(vs); 1731 console_select(keycode - 0x02); 1732 return; 1733 } 1734 break; 1735 case 0x3a: /* CapsLock */ 1736 case 0x45: /* NumLock */ 1737 if (down) 1738 vs->modifiers_state[keycode] ^= 1; 1739 break; 1740 } 1741 1742 /* Turn off the lock state sync logic if the client support the led 1743 state extension. 1744 */ 1745 if (down && vs->vd->lock_key_sync && 1746 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1747 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1748 /* If the numlock state needs to change then simulate an additional 1749 keypress before sending this one. This will happen if the user 1750 toggles numlock away from the VNC window. 1751 */ 1752 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1753 if (!vs->modifiers_state[0x45]) { 1754 trace_vnc_key_sync_numlock(true); 1755 vs->modifiers_state[0x45] = 1; 1756 press_key(vs, 0xff7f); 1757 } 1758 } else { 1759 if (vs->modifiers_state[0x45]) { 1760 trace_vnc_key_sync_numlock(false); 1761 vs->modifiers_state[0x45] = 0; 1762 press_key(vs, 0xff7f); 1763 } 1764 } 1765 } 1766 1767 if (down && vs->vd->lock_key_sync && 1768 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1769 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1770 /* If the capslock state needs to change then simulate an additional 1771 keypress before sending this one. This will happen if the user 1772 toggles capslock away from the VNC window. 1773 */ 1774 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1775 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1776 int capslock = !!(vs->modifiers_state[0x3a]); 1777 if (capslock) { 1778 if (uppercase == shift) { 1779 trace_vnc_key_sync_capslock(false); 1780 vs->modifiers_state[0x3a] = 0; 1781 press_key(vs, 0xffe5); 1782 } 1783 } else { 1784 if (uppercase != shift) { 1785 trace_vnc_key_sync_capslock(true); 1786 vs->modifiers_state[0x3a] = 1; 1787 press_key(vs, 0xffe5); 1788 } 1789 } 1790 } 1791 1792 if (qemu_console_is_graphic(NULL)) { 1793 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1794 } else { 1795 bool numlock = vs->modifiers_state[0x45]; 1796 bool control = (vs->modifiers_state[0x1d] || 1797 vs->modifiers_state[0x9d]); 1798 /* QEMU console emulation */ 1799 if (down) { 1800 switch (keycode) { 1801 case 0x2a: /* Left Shift */ 1802 case 0x36: /* Right Shift */ 1803 case 0x1d: /* Left CTRL */ 1804 case 0x9d: /* Right CTRL */ 1805 case 0x38: /* Left ALT */ 1806 case 0xb8: /* Right ALT */ 1807 break; 1808 case 0xc8: 1809 kbd_put_keysym(QEMU_KEY_UP); 1810 break; 1811 case 0xd0: 1812 kbd_put_keysym(QEMU_KEY_DOWN); 1813 break; 1814 case 0xcb: 1815 kbd_put_keysym(QEMU_KEY_LEFT); 1816 break; 1817 case 0xcd: 1818 kbd_put_keysym(QEMU_KEY_RIGHT); 1819 break; 1820 case 0xd3: 1821 kbd_put_keysym(QEMU_KEY_DELETE); 1822 break; 1823 case 0xc7: 1824 kbd_put_keysym(QEMU_KEY_HOME); 1825 break; 1826 case 0xcf: 1827 kbd_put_keysym(QEMU_KEY_END); 1828 break; 1829 case 0xc9: 1830 kbd_put_keysym(QEMU_KEY_PAGEUP); 1831 break; 1832 case 0xd1: 1833 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1834 break; 1835 1836 case 0x47: 1837 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1838 break; 1839 case 0x48: 1840 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1841 break; 1842 case 0x49: 1843 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1844 break; 1845 case 0x4b: 1846 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1847 break; 1848 case 0x4c: 1849 kbd_put_keysym('5'); 1850 break; 1851 case 0x4d: 1852 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1853 break; 1854 case 0x4f: 1855 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1856 break; 1857 case 0x50: 1858 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1859 break; 1860 case 0x51: 1861 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1862 break; 1863 case 0x52: 1864 kbd_put_keysym('0'); 1865 break; 1866 case 0x53: 1867 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1868 break; 1869 1870 case 0xb5: 1871 kbd_put_keysym('/'); 1872 break; 1873 case 0x37: 1874 kbd_put_keysym('*'); 1875 break; 1876 case 0x4a: 1877 kbd_put_keysym('-'); 1878 break; 1879 case 0x4e: 1880 kbd_put_keysym('+'); 1881 break; 1882 case 0x9c: 1883 kbd_put_keysym('\n'); 1884 break; 1885 1886 default: 1887 if (control) { 1888 kbd_put_keysym(sym & 0x1f); 1889 } else { 1890 kbd_put_keysym(sym); 1891 } 1892 break; 1893 } 1894 } 1895 } 1896 } 1897 1898 static void vnc_release_modifiers(VncState *vs) 1899 { 1900 static const int keycodes[] = { 1901 /* shift, control, alt keys, both left & right */ 1902 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1903 }; 1904 int i, keycode; 1905 1906 if (!qemu_console_is_graphic(NULL)) { 1907 return; 1908 } 1909 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1910 keycode = keycodes[i]; 1911 if (!vs->modifiers_state[keycode]) { 1912 continue; 1913 } 1914 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1915 } 1916 } 1917 1918 static const char *code2name(int keycode) 1919 { 1920 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1921 } 1922 1923 static void key_event(VncState *vs, int down, uint32_t sym) 1924 { 1925 int keycode; 1926 int lsym = sym; 1927 1928 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1929 lsym = lsym - 'A' + 'a'; 1930 } 1931 1932 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1933 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1934 do_key_event(vs, down, keycode, sym); 1935 } 1936 1937 static void ext_key_event(VncState *vs, int down, 1938 uint32_t sym, uint16_t keycode) 1939 { 1940 /* if the user specifies a keyboard layout, always use it */ 1941 if (keyboard_layout) { 1942 key_event(vs, down, sym); 1943 } else { 1944 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1945 do_key_event(vs, down, keycode, sym); 1946 } 1947 } 1948 1949 static void framebuffer_update_request(VncState *vs, int incremental, 1950 int x, int y, int w, int h) 1951 { 1952 vs->need_update = 1; 1953 1954 if (incremental) { 1955 return; 1956 } 1957 1958 vs->force_update = 1; 1959 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 1960 } 1961 1962 static void send_ext_key_event_ack(VncState *vs) 1963 { 1964 vnc_lock_output(vs); 1965 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1966 vnc_write_u8(vs, 0); 1967 vnc_write_u16(vs, 1); 1968 vnc_framebuffer_update(vs, 0, 0, 1969 pixman_image_get_width(vs->vd->server), 1970 pixman_image_get_height(vs->vd->server), 1971 VNC_ENCODING_EXT_KEY_EVENT); 1972 vnc_unlock_output(vs); 1973 vnc_flush(vs); 1974 } 1975 1976 static void send_ext_audio_ack(VncState *vs) 1977 { 1978 vnc_lock_output(vs); 1979 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1980 vnc_write_u8(vs, 0); 1981 vnc_write_u16(vs, 1); 1982 vnc_framebuffer_update(vs, 0, 0, 1983 pixman_image_get_width(vs->vd->server), 1984 pixman_image_get_height(vs->vd->server), 1985 VNC_ENCODING_AUDIO); 1986 vnc_unlock_output(vs); 1987 vnc_flush(vs); 1988 } 1989 1990 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1991 { 1992 int i; 1993 unsigned int enc = 0; 1994 1995 vs->features = 0; 1996 vs->vnc_encoding = 0; 1997 vs->tight.compression = 9; 1998 vs->tight.quality = -1; /* Lossless by default */ 1999 vs->absolute = -1; 2000 2001 /* 2002 * Start from the end because the encodings are sent in order of preference. 2003 * This way the preferred encoding (first encoding defined in the array) 2004 * will be set at the end of the loop. 2005 */ 2006 for (i = n_encodings - 1; i >= 0; i--) { 2007 enc = encodings[i]; 2008 switch (enc) { 2009 case VNC_ENCODING_RAW: 2010 vs->vnc_encoding = enc; 2011 break; 2012 case VNC_ENCODING_COPYRECT: 2013 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2014 break; 2015 case VNC_ENCODING_HEXTILE: 2016 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2017 vs->vnc_encoding = enc; 2018 break; 2019 case VNC_ENCODING_TIGHT: 2020 vs->features |= VNC_FEATURE_TIGHT_MASK; 2021 vs->vnc_encoding = enc; 2022 break; 2023 #ifdef CONFIG_VNC_PNG 2024 case VNC_ENCODING_TIGHT_PNG: 2025 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2026 vs->vnc_encoding = enc; 2027 break; 2028 #endif 2029 case VNC_ENCODING_ZLIB: 2030 vs->features |= VNC_FEATURE_ZLIB_MASK; 2031 vs->vnc_encoding = enc; 2032 break; 2033 case VNC_ENCODING_ZRLE: 2034 vs->features |= VNC_FEATURE_ZRLE_MASK; 2035 vs->vnc_encoding = enc; 2036 break; 2037 case VNC_ENCODING_ZYWRLE: 2038 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2039 vs->vnc_encoding = enc; 2040 break; 2041 case VNC_ENCODING_DESKTOPRESIZE: 2042 vs->features |= VNC_FEATURE_RESIZE_MASK; 2043 break; 2044 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2045 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2046 break; 2047 case VNC_ENCODING_RICH_CURSOR: 2048 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2049 break; 2050 case VNC_ENCODING_EXT_KEY_EVENT: 2051 send_ext_key_event_ack(vs); 2052 break; 2053 case VNC_ENCODING_AUDIO: 2054 send_ext_audio_ack(vs); 2055 break; 2056 case VNC_ENCODING_WMVi: 2057 vs->features |= VNC_FEATURE_WMVI_MASK; 2058 break; 2059 case VNC_ENCODING_LED_STATE: 2060 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2061 break; 2062 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2063 vs->tight.compression = (enc & 0x0F); 2064 break; 2065 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2066 if (vs->vd->lossy) { 2067 vs->tight.quality = (enc & 0x0F); 2068 } 2069 break; 2070 default: 2071 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2072 break; 2073 } 2074 } 2075 vnc_desktop_resize(vs); 2076 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2077 vnc_led_state_change(vs); 2078 } 2079 2080 static void set_pixel_conversion(VncState *vs) 2081 { 2082 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2083 2084 if (fmt == VNC_SERVER_FB_FORMAT) { 2085 vs->write_pixels = vnc_write_pixels_copy; 2086 vnc_hextile_set_pixel_conversion(vs, 0); 2087 } else { 2088 vs->write_pixels = vnc_write_pixels_generic; 2089 vnc_hextile_set_pixel_conversion(vs, 1); 2090 } 2091 } 2092 2093 static void set_pixel_format(VncState *vs, 2094 int bits_per_pixel, int depth, 2095 int big_endian_flag, int true_color_flag, 2096 int red_max, int green_max, int blue_max, 2097 int red_shift, int green_shift, int blue_shift) 2098 { 2099 if (!true_color_flag) { 2100 vnc_client_error(vs); 2101 return; 2102 } 2103 2104 switch (bits_per_pixel) { 2105 case 8: 2106 case 16: 2107 case 32: 2108 break; 2109 default: 2110 vnc_client_error(vs); 2111 return; 2112 } 2113 2114 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2115 vs->client_pf.rbits = hweight_long(red_max); 2116 vs->client_pf.rshift = red_shift; 2117 vs->client_pf.rmask = red_max << red_shift; 2118 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2119 vs->client_pf.gbits = hweight_long(green_max); 2120 vs->client_pf.gshift = green_shift; 2121 vs->client_pf.gmask = green_max << green_shift; 2122 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2123 vs->client_pf.bbits = hweight_long(blue_max); 2124 vs->client_pf.bshift = blue_shift; 2125 vs->client_pf.bmask = blue_max << blue_shift; 2126 vs->client_pf.bits_per_pixel = bits_per_pixel; 2127 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2128 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2129 vs->client_be = big_endian_flag; 2130 2131 set_pixel_conversion(vs); 2132 2133 graphic_hw_invalidate(vs->vd->dcl.con); 2134 graphic_hw_update(vs->vd->dcl.con); 2135 } 2136 2137 static void pixel_format_message (VncState *vs) { 2138 char pad[3] = { 0, 0, 0 }; 2139 2140 vs->client_pf = qemu_default_pixelformat(32); 2141 2142 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2143 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2144 2145 #ifdef HOST_WORDS_BIGENDIAN 2146 vnc_write_u8(vs, 1); /* big-endian-flag */ 2147 #else 2148 vnc_write_u8(vs, 0); /* big-endian-flag */ 2149 #endif 2150 vnc_write_u8(vs, 1); /* true-color-flag */ 2151 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2152 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2153 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2154 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2155 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2156 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2157 vnc_write(vs, pad, 3); /* padding */ 2158 2159 vnc_hextile_set_pixel_conversion(vs, 0); 2160 vs->write_pixels = vnc_write_pixels_copy; 2161 } 2162 2163 static void vnc_colordepth(VncState *vs) 2164 { 2165 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2166 /* Sending a WMVi message to notify the client*/ 2167 vnc_lock_output(vs); 2168 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2169 vnc_write_u8(vs, 0); 2170 vnc_write_u16(vs, 1); /* number of rects */ 2171 vnc_framebuffer_update(vs, 0, 0, 2172 pixman_image_get_width(vs->vd->server), 2173 pixman_image_get_height(vs->vd->server), 2174 VNC_ENCODING_WMVi); 2175 pixel_format_message(vs); 2176 vnc_unlock_output(vs); 2177 vnc_flush(vs); 2178 } else { 2179 set_pixel_conversion(vs); 2180 } 2181 } 2182 2183 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2184 { 2185 int i; 2186 uint16_t limit; 2187 VncDisplay *vd = vs->vd; 2188 2189 if (data[0] > 3) { 2190 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2191 } 2192 2193 switch (data[0]) { 2194 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2195 if (len == 1) 2196 return 20; 2197 2198 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2199 read_u8(data, 6), read_u8(data, 7), 2200 read_u16(data, 8), read_u16(data, 10), 2201 read_u16(data, 12), read_u8(data, 14), 2202 read_u8(data, 15), read_u8(data, 16)); 2203 break; 2204 case VNC_MSG_CLIENT_SET_ENCODINGS: 2205 if (len == 1) 2206 return 4; 2207 2208 if (len == 4) { 2209 limit = read_u16(data, 2); 2210 if (limit > 0) 2211 return 4 + (limit * 4); 2212 } else 2213 limit = read_u16(data, 2); 2214 2215 for (i = 0; i < limit; i++) { 2216 int32_t val = read_s32(data, 4 + (i * 4)); 2217 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2218 } 2219 2220 set_encodings(vs, (int32_t *)(data + 4), limit); 2221 break; 2222 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2223 if (len == 1) 2224 return 10; 2225 2226 framebuffer_update_request(vs, 2227 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2228 read_u16(data, 6), read_u16(data, 8)); 2229 break; 2230 case VNC_MSG_CLIENT_KEY_EVENT: 2231 if (len == 1) 2232 return 8; 2233 2234 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2235 break; 2236 case VNC_MSG_CLIENT_POINTER_EVENT: 2237 if (len == 1) 2238 return 6; 2239 2240 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2241 break; 2242 case VNC_MSG_CLIENT_CUT_TEXT: 2243 if (len == 1) { 2244 return 8; 2245 } 2246 if (len == 8) { 2247 uint32_t dlen = read_u32(data, 4); 2248 if (dlen > (1 << 20)) { 2249 error_report("vnc: client_cut_text msg payload has %u bytes" 2250 " which exceeds our limit of 1MB.", dlen); 2251 vnc_client_error(vs); 2252 break; 2253 } 2254 if (dlen > 0) { 2255 return 8 + dlen; 2256 } 2257 } 2258 2259 client_cut_text(vs, read_u32(data, 4), data + 8); 2260 break; 2261 case VNC_MSG_CLIENT_QEMU: 2262 if (len == 1) 2263 return 2; 2264 2265 switch (read_u8(data, 1)) { 2266 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2267 if (len == 2) 2268 return 12; 2269 2270 ext_key_event(vs, read_u16(data, 2), 2271 read_u32(data, 4), read_u32(data, 8)); 2272 break; 2273 case VNC_MSG_CLIENT_QEMU_AUDIO: 2274 if (len == 2) 2275 return 4; 2276 2277 switch (read_u16 (data, 2)) { 2278 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2279 audio_add(vs); 2280 break; 2281 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2282 audio_del(vs); 2283 break; 2284 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2285 if (len == 4) 2286 return 10; 2287 switch (read_u8(data, 4)) { 2288 case 0: vs->as.fmt = AUD_FMT_U8; break; 2289 case 1: vs->as.fmt = AUD_FMT_S8; break; 2290 case 2: vs->as.fmt = AUD_FMT_U16; break; 2291 case 3: vs->as.fmt = AUD_FMT_S16; break; 2292 case 4: vs->as.fmt = AUD_FMT_U32; break; 2293 case 5: vs->as.fmt = AUD_FMT_S32; break; 2294 default: 2295 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2296 vnc_client_error(vs); 2297 break; 2298 } 2299 vs->as.nchannels = read_u8(data, 5); 2300 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2301 VNC_DEBUG("Invalid audio channel coount %d\n", 2302 read_u8(data, 5)); 2303 vnc_client_error(vs); 2304 break; 2305 } 2306 vs->as.freq = read_u32(data, 6); 2307 break; 2308 default: 2309 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2310 vnc_client_error(vs); 2311 break; 2312 } 2313 break; 2314 2315 default: 2316 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2317 vnc_client_error(vs); 2318 break; 2319 } 2320 break; 2321 default: 2322 VNC_DEBUG("Msg: %d\n", data[0]); 2323 vnc_client_error(vs); 2324 break; 2325 } 2326 2327 vnc_read_when(vs, protocol_client_msg, 1); 2328 return 0; 2329 } 2330 2331 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2332 { 2333 char buf[1024]; 2334 VncShareMode mode; 2335 int size; 2336 2337 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2338 switch (vs->vd->share_policy) { 2339 case VNC_SHARE_POLICY_IGNORE: 2340 /* 2341 * Ignore the shared flag. Nothing to do here. 2342 * 2343 * Doesn't conform to the rfb spec but is traditional qemu 2344 * behavior, thus left here as option for compatibility 2345 * reasons. 2346 */ 2347 break; 2348 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2349 /* 2350 * Policy: Allow clients ask for exclusive access. 2351 * 2352 * Implementation: When a client asks for exclusive access, 2353 * disconnect all others. Shared connects are allowed as long 2354 * as no exclusive connection exists. 2355 * 2356 * This is how the rfb spec suggests to handle the shared flag. 2357 */ 2358 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2359 VncState *client; 2360 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2361 if (vs == client) { 2362 continue; 2363 } 2364 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2365 client->share_mode != VNC_SHARE_MODE_SHARED) { 2366 continue; 2367 } 2368 vnc_disconnect_start(client); 2369 } 2370 } 2371 if (mode == VNC_SHARE_MODE_SHARED) { 2372 if (vs->vd->num_exclusive > 0) { 2373 vnc_disconnect_start(vs); 2374 return 0; 2375 } 2376 } 2377 break; 2378 case VNC_SHARE_POLICY_FORCE_SHARED: 2379 /* 2380 * Policy: Shared connects only. 2381 * Implementation: Disallow clients asking for exclusive access. 2382 * 2383 * Useful for shared desktop sessions where you don't want 2384 * someone forgetting to say -shared when running the vnc 2385 * client disconnect everybody else. 2386 */ 2387 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2388 vnc_disconnect_start(vs); 2389 return 0; 2390 } 2391 break; 2392 } 2393 vnc_set_share_mode(vs, mode); 2394 2395 if (vs->vd->num_shared > vs->vd->connections_limit) { 2396 vnc_disconnect_start(vs); 2397 return 0; 2398 } 2399 2400 vs->client_width = pixman_image_get_width(vs->vd->server); 2401 vs->client_height = pixman_image_get_height(vs->vd->server); 2402 vnc_write_u16(vs, vs->client_width); 2403 vnc_write_u16(vs, vs->client_height); 2404 2405 pixel_format_message(vs); 2406 2407 if (qemu_name) 2408 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2409 else 2410 size = snprintf(buf, sizeof(buf), "QEMU"); 2411 2412 vnc_write_u32(vs, size); 2413 vnc_write(vs, buf, size); 2414 vnc_flush(vs); 2415 2416 vnc_client_cache_auth(vs); 2417 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2418 2419 vnc_read_when(vs, protocol_client_msg, 1); 2420 2421 return 0; 2422 } 2423 2424 void start_client_init(VncState *vs) 2425 { 2426 vnc_read_when(vs, protocol_client_init, 1); 2427 } 2428 2429 static void make_challenge(VncState *vs) 2430 { 2431 int i; 2432 2433 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2434 2435 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2436 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2437 } 2438 2439 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2440 { 2441 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2442 size_t i, pwlen; 2443 unsigned char key[8]; 2444 time_t now = time(NULL); 2445 QCryptoCipher *cipher = NULL; 2446 Error *err = NULL; 2447 2448 if (!vs->vd->password) { 2449 VNC_DEBUG("No password configured on server"); 2450 goto reject; 2451 } 2452 if (vs->vd->expires < now) { 2453 VNC_DEBUG("Password is expired"); 2454 goto reject; 2455 } 2456 2457 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2458 2459 /* Calculate the expected challenge response */ 2460 pwlen = strlen(vs->vd->password); 2461 for (i=0; i<sizeof(key); i++) 2462 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2463 2464 cipher = qcrypto_cipher_new( 2465 QCRYPTO_CIPHER_ALG_DES_RFB, 2466 QCRYPTO_CIPHER_MODE_ECB, 2467 key, G_N_ELEMENTS(key), 2468 &err); 2469 if (!cipher) { 2470 VNC_DEBUG("Cannot initialize cipher %s", 2471 error_get_pretty(err)); 2472 error_free(err); 2473 goto reject; 2474 } 2475 2476 if (qcrypto_cipher_encrypt(cipher, 2477 vs->challenge, 2478 response, 2479 VNC_AUTH_CHALLENGE_SIZE, 2480 &err) < 0) { 2481 VNC_DEBUG("Cannot encrypt challenge %s", 2482 error_get_pretty(err)); 2483 error_free(err); 2484 goto reject; 2485 } 2486 2487 /* Compare expected vs actual challenge response */ 2488 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2489 VNC_DEBUG("Client challenge response did not match\n"); 2490 goto reject; 2491 } else { 2492 VNC_DEBUG("Accepting VNC challenge response\n"); 2493 vnc_write_u32(vs, 0); /* Accept auth */ 2494 vnc_flush(vs); 2495 2496 start_client_init(vs); 2497 } 2498 2499 qcrypto_cipher_free(cipher); 2500 return 0; 2501 2502 reject: 2503 vnc_write_u32(vs, 1); /* Reject auth */ 2504 if (vs->minor >= 8) { 2505 static const char err[] = "Authentication failed"; 2506 vnc_write_u32(vs, sizeof(err)); 2507 vnc_write(vs, err, sizeof(err)); 2508 } 2509 vnc_flush(vs); 2510 vnc_client_error(vs); 2511 qcrypto_cipher_free(cipher); 2512 return 0; 2513 } 2514 2515 void start_auth_vnc(VncState *vs) 2516 { 2517 make_challenge(vs); 2518 /* Send client a 'random' challenge */ 2519 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2520 vnc_flush(vs); 2521 2522 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2523 } 2524 2525 2526 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2527 { 2528 /* We only advertise 1 auth scheme at a time, so client 2529 * must pick the one we sent. Verify this */ 2530 if (data[0] != vs->auth) { /* Reject auth */ 2531 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2532 vnc_write_u32(vs, 1); 2533 if (vs->minor >= 8) { 2534 static const char err[] = "Authentication failed"; 2535 vnc_write_u32(vs, sizeof(err)); 2536 vnc_write(vs, err, sizeof(err)); 2537 } 2538 vnc_client_error(vs); 2539 } else { /* Accept requested auth */ 2540 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2541 switch (vs->auth) { 2542 case VNC_AUTH_NONE: 2543 VNC_DEBUG("Accept auth none\n"); 2544 if (vs->minor >= 8) { 2545 vnc_write_u32(vs, 0); /* Accept auth completion */ 2546 vnc_flush(vs); 2547 } 2548 start_client_init(vs); 2549 break; 2550 2551 case VNC_AUTH_VNC: 2552 VNC_DEBUG("Start VNC auth\n"); 2553 start_auth_vnc(vs); 2554 break; 2555 2556 case VNC_AUTH_VENCRYPT: 2557 VNC_DEBUG("Accept VeNCrypt auth\n"); 2558 start_auth_vencrypt(vs); 2559 break; 2560 2561 #ifdef CONFIG_VNC_SASL 2562 case VNC_AUTH_SASL: 2563 VNC_DEBUG("Accept SASL auth\n"); 2564 start_auth_sasl(vs); 2565 break; 2566 #endif /* CONFIG_VNC_SASL */ 2567 2568 default: /* Should not be possible, but just in case */ 2569 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2570 vnc_write_u8(vs, 1); 2571 if (vs->minor >= 8) { 2572 static const char err[] = "Authentication failed"; 2573 vnc_write_u32(vs, sizeof(err)); 2574 vnc_write(vs, err, sizeof(err)); 2575 } 2576 vnc_client_error(vs); 2577 } 2578 } 2579 return 0; 2580 } 2581 2582 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2583 { 2584 char local[13]; 2585 2586 memcpy(local, version, 12); 2587 local[12] = 0; 2588 2589 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2590 VNC_DEBUG("Malformed protocol version %s\n", local); 2591 vnc_client_error(vs); 2592 return 0; 2593 } 2594 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2595 if (vs->major != 3 || 2596 (vs->minor != 3 && 2597 vs->minor != 4 && 2598 vs->minor != 5 && 2599 vs->minor != 7 && 2600 vs->minor != 8)) { 2601 VNC_DEBUG("Unsupported client version\n"); 2602 vnc_write_u32(vs, VNC_AUTH_INVALID); 2603 vnc_flush(vs); 2604 vnc_client_error(vs); 2605 return 0; 2606 } 2607 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2608 * as equivalent to v3.3 by servers 2609 */ 2610 if (vs->minor == 4 || vs->minor == 5) 2611 vs->minor = 3; 2612 2613 if (vs->minor == 3) { 2614 if (vs->auth == VNC_AUTH_NONE) { 2615 VNC_DEBUG("Tell client auth none\n"); 2616 vnc_write_u32(vs, vs->auth); 2617 vnc_flush(vs); 2618 start_client_init(vs); 2619 } else if (vs->auth == VNC_AUTH_VNC) { 2620 VNC_DEBUG("Tell client VNC auth\n"); 2621 vnc_write_u32(vs, vs->auth); 2622 vnc_flush(vs); 2623 start_auth_vnc(vs); 2624 } else { 2625 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2626 vnc_write_u32(vs, VNC_AUTH_INVALID); 2627 vnc_flush(vs); 2628 vnc_client_error(vs); 2629 } 2630 } else { 2631 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2632 vnc_write_u8(vs, 1); /* num auth */ 2633 vnc_write_u8(vs, vs->auth); 2634 vnc_read_when(vs, protocol_client_auth, 1); 2635 vnc_flush(vs); 2636 } 2637 2638 return 0; 2639 } 2640 2641 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2642 { 2643 struct VncSurface *vs = &vd->guest; 2644 2645 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2646 } 2647 2648 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2649 { 2650 int i, j; 2651 2652 w = (x + w) / VNC_STAT_RECT; 2653 h = (y + h) / VNC_STAT_RECT; 2654 x /= VNC_STAT_RECT; 2655 y /= VNC_STAT_RECT; 2656 2657 for (j = y; j <= h; j++) { 2658 for (i = x; i <= w; i++) { 2659 vs->lossy_rect[j][i] = 1; 2660 } 2661 } 2662 } 2663 2664 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2665 { 2666 VncState *vs; 2667 int sty = y / VNC_STAT_RECT; 2668 int stx = x / VNC_STAT_RECT; 2669 int has_dirty = 0; 2670 2671 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2672 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2673 2674 QTAILQ_FOREACH(vs, &vd->clients, next) { 2675 int j; 2676 2677 /* kernel send buffers are full -> refresh later */ 2678 if (vs->output.offset) { 2679 continue; 2680 } 2681 2682 if (!vs->lossy_rect[sty][stx]) { 2683 continue; 2684 } 2685 2686 vs->lossy_rect[sty][stx] = 0; 2687 for (j = 0; j < VNC_STAT_RECT; ++j) { 2688 bitmap_set(vs->dirty[y + j], 2689 x / VNC_DIRTY_PIXELS_PER_BIT, 2690 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2691 } 2692 has_dirty++; 2693 } 2694 2695 return has_dirty; 2696 } 2697 2698 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2699 { 2700 int width = pixman_image_get_width(vd->guest.fb); 2701 int height = pixman_image_get_height(vd->guest.fb); 2702 int x, y; 2703 struct timeval res; 2704 int has_dirty = 0; 2705 2706 for (y = 0; y < height; y += VNC_STAT_RECT) { 2707 for (x = 0; x < width; x += VNC_STAT_RECT) { 2708 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2709 2710 rect->updated = false; 2711 } 2712 } 2713 2714 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2715 2716 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2717 return has_dirty; 2718 } 2719 vd->guest.last_freq_check = *tv; 2720 2721 for (y = 0; y < height; y += VNC_STAT_RECT) { 2722 for (x = 0; x < width; x += VNC_STAT_RECT) { 2723 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2724 int count = ARRAY_SIZE(rect->times); 2725 struct timeval min, max; 2726 2727 if (!timerisset(&rect->times[count - 1])) { 2728 continue ; 2729 } 2730 2731 max = rect->times[(rect->idx + count - 1) % count]; 2732 qemu_timersub(tv, &max, &res); 2733 2734 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2735 rect->freq = 0; 2736 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2737 memset(rect->times, 0, sizeof (rect->times)); 2738 continue ; 2739 } 2740 2741 min = rect->times[rect->idx]; 2742 max = rect->times[(rect->idx + count - 1) % count]; 2743 qemu_timersub(&max, &min, &res); 2744 2745 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2746 rect->freq /= count; 2747 rect->freq = 1. / rect->freq; 2748 } 2749 } 2750 return has_dirty; 2751 } 2752 2753 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2754 { 2755 int i, j; 2756 double total = 0; 2757 int num = 0; 2758 2759 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2760 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2761 2762 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2763 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2764 total += vnc_stat_rect(vs->vd, i, j)->freq; 2765 num++; 2766 } 2767 } 2768 2769 if (num) { 2770 return total / num; 2771 } else { 2772 return 0; 2773 } 2774 } 2775 2776 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2777 { 2778 VncRectStat *rect; 2779 2780 rect = vnc_stat_rect(vd, x, y); 2781 if (rect->updated) { 2782 return ; 2783 } 2784 rect->times[rect->idx] = *tv; 2785 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2786 rect->updated = true; 2787 } 2788 2789 static int vnc_refresh_server_surface(VncDisplay *vd) 2790 { 2791 int width = MIN(pixman_image_get_width(vd->guest.fb), 2792 pixman_image_get_width(vd->server)); 2793 int height = MIN(pixman_image_get_height(vd->guest.fb), 2794 pixman_image_get_height(vd->server)); 2795 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 2796 uint8_t *guest_row0 = NULL, *server_row0; 2797 VncState *vs; 2798 int has_dirty = 0; 2799 pixman_image_t *tmpbuf = NULL; 2800 2801 struct timeval tv = { 0, 0 }; 2802 2803 if (!vd->non_adaptive) { 2804 gettimeofday(&tv, NULL); 2805 has_dirty = vnc_update_stats(vd, &tv); 2806 } 2807 2808 /* 2809 * Walk through the guest dirty map. 2810 * Check and copy modified bits from guest to server surface. 2811 * Update server dirty map. 2812 */ 2813 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2814 server_stride = guest_stride = guest_ll = 2815 pixman_image_get_stride(vd->server); 2816 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2817 server_stride); 2818 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2819 int width = pixman_image_get_width(vd->server); 2820 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2821 } else { 2822 int guest_bpp = 2823 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 2824 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2825 guest_stride = pixman_image_get_stride(vd->guest.fb); 2826 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8); 2827 } 2828 line_bytes = MIN(server_stride, guest_ll); 2829 2830 for (;;) { 2831 int x; 2832 uint8_t *guest_ptr, *server_ptr; 2833 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2834 height * VNC_DIRTY_BPL(&vd->guest), 2835 y * VNC_DIRTY_BPL(&vd->guest)); 2836 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2837 /* no more dirty bits */ 2838 break; 2839 } 2840 y = offset / VNC_DIRTY_BPL(&vd->guest); 2841 x = offset % VNC_DIRTY_BPL(&vd->guest); 2842 2843 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2844 2845 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2846 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2847 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2848 } else { 2849 guest_ptr = guest_row0 + y * guest_stride; 2850 } 2851 guest_ptr += x * cmp_bytes; 2852 2853 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2854 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2855 int _cmp_bytes = cmp_bytes; 2856 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2857 continue; 2858 } 2859 if ((x + 1) * cmp_bytes > line_bytes) { 2860 _cmp_bytes = line_bytes - x * cmp_bytes; 2861 } 2862 assert(_cmp_bytes >= 0); 2863 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2864 continue; 2865 } 2866 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2867 if (!vd->non_adaptive) { 2868 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2869 y, &tv); 2870 } 2871 QTAILQ_FOREACH(vs, &vd->clients, next) { 2872 set_bit(x, vs->dirty[y]); 2873 } 2874 has_dirty++; 2875 } 2876 2877 y++; 2878 } 2879 qemu_pixman_image_unref(tmpbuf); 2880 return has_dirty; 2881 } 2882 2883 static void vnc_refresh(DisplayChangeListener *dcl) 2884 { 2885 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2886 VncState *vs, *vn; 2887 int has_dirty, rects = 0; 2888 2889 if (QTAILQ_EMPTY(&vd->clients)) { 2890 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2891 return; 2892 } 2893 2894 graphic_hw_update(vd->dcl.con); 2895 2896 if (vnc_trylock_display(vd)) { 2897 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2898 return; 2899 } 2900 2901 has_dirty = vnc_refresh_server_surface(vd); 2902 vnc_unlock_display(vd); 2903 2904 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2905 rects += vnc_update_client(vs, has_dirty, false); 2906 /* vs might be free()ed here */ 2907 } 2908 2909 if (has_dirty && rects) { 2910 vd->dcl.update_interval /= 2; 2911 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2912 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2913 } 2914 } else { 2915 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2916 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2917 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2918 } 2919 } 2920 } 2921 2922 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 2923 bool skipauth, bool websocket) 2924 { 2925 VncState *vs = g_new0(VncState, 1); 2926 int i; 2927 2928 vs->sioc = sioc; 2929 object_ref(OBJECT(vs->sioc)); 2930 vs->ioc = QIO_CHANNEL(sioc); 2931 object_ref(OBJECT(vs->ioc)); 2932 vs->vd = vd; 2933 2934 buffer_init(&vs->input, "vnc-input/%p", sioc); 2935 buffer_init(&vs->output, "vnc-output/%p", sioc); 2936 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 2937 2938 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc); 2939 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc); 2940 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc); 2941 #ifdef CONFIG_VNC_JPEG 2942 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc); 2943 #endif 2944 #ifdef CONFIG_VNC_PNG 2945 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc); 2946 #endif 2947 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 2948 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc); 2949 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc); 2950 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc); 2951 2952 if (skipauth) { 2953 vs->auth = VNC_AUTH_NONE; 2954 vs->subauth = VNC_AUTH_INVALID; 2955 } else { 2956 if (websocket) { 2957 vs->auth = vd->ws_auth; 2958 vs->subauth = VNC_AUTH_INVALID; 2959 } else { 2960 vs->auth = vd->auth; 2961 vs->subauth = vd->subauth; 2962 } 2963 } 2964 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 2965 sioc, websocket, vs->auth, vs->subauth); 2966 2967 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2968 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2969 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 2970 } 2971 2972 VNC_DEBUG("New client on socket %p\n", vs->sioc); 2973 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2974 qio_channel_set_blocking(vs->ioc, false, NULL); 2975 if (websocket) { 2976 vs->websocket = 1; 2977 if (vd->ws_tls) { 2978 vs->ioc_tag = qio_channel_add_watch( 2979 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); 2980 } else { 2981 vs->ioc_tag = qio_channel_add_watch( 2982 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); 2983 } 2984 } else { 2985 vs->ioc_tag = qio_channel_add_watch( 2986 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 2987 } 2988 2989 vnc_client_cache_addr(vs); 2990 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 2991 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2992 2993 if (!vs->websocket) { 2994 vnc_init_state(vs); 2995 } 2996 2997 if (vd->num_connecting > vd->connections_limit) { 2998 QTAILQ_FOREACH(vs, &vd->clients, next) { 2999 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3000 vnc_disconnect_start(vs); 3001 return; 3002 } 3003 } 3004 } 3005 } 3006 3007 void vnc_init_state(VncState *vs) 3008 { 3009 vs->initialized = true; 3010 VncDisplay *vd = vs->vd; 3011 bool first_client = QTAILQ_EMPTY(&vd->clients); 3012 3013 vs->last_x = -1; 3014 vs->last_y = -1; 3015 3016 vs->as.freq = 44100; 3017 vs->as.nchannels = 2; 3018 vs->as.fmt = AUD_FMT_S16; 3019 vs->as.endianness = 0; 3020 3021 qemu_mutex_init(&vs->output_mutex); 3022 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3023 3024 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3025 if (first_client) { 3026 vnc_update_server_surface(vd); 3027 } 3028 3029 graphic_hw_update(vd->dcl.con); 3030 3031 vnc_write(vs, "RFB 003.008\n", 12); 3032 vnc_flush(vs); 3033 vnc_read_when(vs, protocol_version, 12); 3034 reset_keys(vs); 3035 if (vs->vd->lock_key_sync) 3036 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 3037 3038 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3039 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3040 3041 /* vs might be free()ed here */ 3042 } 3043 3044 static gboolean vnc_listen_io(QIOChannel *ioc, 3045 GIOCondition condition, 3046 void *opaque) 3047 { 3048 VncDisplay *vs = opaque; 3049 QIOChannelSocket *sioc = NULL; 3050 Error *err = NULL; 3051 3052 /* Catch-up */ 3053 graphic_hw_update(vs->dcl.con); 3054 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err); 3055 if (sioc != NULL) { 3056 qio_channel_set_delay(QIO_CHANNEL(sioc), false); 3057 vnc_connect(vs, sioc, false, 3058 ioc != QIO_CHANNEL(vs->lsock)); 3059 object_unref(OBJECT(sioc)); 3060 } else { 3061 /* client probably closed connection before we got there */ 3062 error_free(err); 3063 } 3064 3065 return TRUE; 3066 } 3067 3068 static const DisplayChangeListenerOps dcl_ops = { 3069 .dpy_name = "vnc", 3070 .dpy_refresh = vnc_refresh, 3071 .dpy_gfx_copy = vnc_dpy_copy, 3072 .dpy_gfx_update = vnc_dpy_update, 3073 .dpy_gfx_switch = vnc_dpy_switch, 3074 .dpy_gfx_check_format = qemu_pixman_check_format, 3075 .dpy_mouse_set = vnc_mouse_set, 3076 .dpy_cursor_define = vnc_dpy_cursor_define, 3077 }; 3078 3079 void vnc_display_init(const char *id) 3080 { 3081 VncDisplay *vs; 3082 3083 if (vnc_display_find(id) != NULL) { 3084 return; 3085 } 3086 vs = g_malloc0(sizeof(*vs)); 3087 3088 vs->id = strdup(id); 3089 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next); 3090 3091 QTAILQ_INIT(&vs->clients); 3092 vs->expires = TIME_MAX; 3093 3094 if (keyboard_layout) { 3095 trace_vnc_key_map_init(keyboard_layout); 3096 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 3097 } else { 3098 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 3099 } 3100 3101 if (!vs->kbd_layout) 3102 exit(1); 3103 3104 qemu_mutex_init(&vs->mutex); 3105 vnc_start_worker_thread(); 3106 3107 vs->dcl.ops = &dcl_ops; 3108 register_displaychangelistener(&vs->dcl); 3109 } 3110 3111 3112 static void vnc_display_close(VncDisplay *vs) 3113 { 3114 if (!vs) 3115 return; 3116 vs->enabled = false; 3117 vs->is_unix = false; 3118 if (vs->lsock != NULL) { 3119 if (vs->lsock_tag) { 3120 g_source_remove(vs->lsock_tag); 3121 } 3122 object_unref(OBJECT(vs->lsock)); 3123 vs->lsock = NULL; 3124 } 3125 vs->ws_enabled = false; 3126 if (vs->lwebsock != NULL) { 3127 if (vs->lwebsock_tag) { 3128 g_source_remove(vs->lwebsock_tag); 3129 } 3130 object_unref(OBJECT(vs->lwebsock)); 3131 vs->lwebsock = NULL; 3132 } 3133 vs->auth = VNC_AUTH_INVALID; 3134 vs->subauth = VNC_AUTH_INVALID; 3135 if (vs->tlscreds) { 3136 object_unparent(OBJECT(vs->tlscreds)); 3137 } 3138 g_free(vs->tlsaclname); 3139 vs->tlsaclname = NULL; 3140 } 3141 3142 int vnc_display_password(const char *id, const char *password) 3143 { 3144 VncDisplay *vs = vnc_display_find(id); 3145 3146 if (!vs) { 3147 return -EINVAL; 3148 } 3149 if (vs->auth == VNC_AUTH_NONE) { 3150 error_printf_unless_qmp("If you want use passwords please enable " 3151 "password auth using '-vnc ${dpy},password'."); 3152 return -EINVAL; 3153 } 3154 3155 g_free(vs->password); 3156 vs->password = g_strdup(password); 3157 3158 return 0; 3159 } 3160 3161 int vnc_display_pw_expire(const char *id, time_t expires) 3162 { 3163 VncDisplay *vs = vnc_display_find(id); 3164 3165 if (!vs) { 3166 return -EINVAL; 3167 } 3168 3169 vs->expires = expires; 3170 return 0; 3171 } 3172 3173 char *vnc_display_local_addr(const char *id) 3174 { 3175 VncDisplay *vs = vnc_display_find(id); 3176 SocketAddress *addr; 3177 char *ret; 3178 Error *err = NULL; 3179 3180 assert(vs); 3181 3182 addr = qio_channel_socket_get_local_address(vs->lsock, &err); 3183 if (!addr) { 3184 return NULL; 3185 } 3186 3187 if (addr->type != SOCKET_ADDRESS_KIND_INET) { 3188 qapi_free_SocketAddress(addr); 3189 return NULL; 3190 } 3191 ret = g_strdup_printf("%s;%s", addr->u.inet->host, addr->u.inet->port); 3192 qapi_free_SocketAddress(addr); 3193 3194 return ret; 3195 } 3196 3197 static QemuOptsList qemu_vnc_opts = { 3198 .name = "vnc", 3199 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3200 .implied_opt_name = "vnc", 3201 .desc = { 3202 { 3203 .name = "vnc", 3204 .type = QEMU_OPT_STRING, 3205 },{ 3206 .name = "websocket", 3207 .type = QEMU_OPT_STRING, 3208 },{ 3209 .name = "tls-creds", 3210 .type = QEMU_OPT_STRING, 3211 },{ 3212 /* Deprecated in favour of tls-creds */ 3213 .name = "x509", 3214 .type = QEMU_OPT_STRING, 3215 },{ 3216 .name = "share", 3217 .type = QEMU_OPT_STRING, 3218 },{ 3219 .name = "display", 3220 .type = QEMU_OPT_STRING, 3221 },{ 3222 .name = "head", 3223 .type = QEMU_OPT_NUMBER, 3224 },{ 3225 .name = "connections", 3226 .type = QEMU_OPT_NUMBER, 3227 },{ 3228 .name = "to", 3229 .type = QEMU_OPT_NUMBER, 3230 },{ 3231 .name = "ipv4", 3232 .type = QEMU_OPT_BOOL, 3233 },{ 3234 .name = "ipv6", 3235 .type = QEMU_OPT_BOOL, 3236 },{ 3237 .name = "password", 3238 .type = QEMU_OPT_BOOL, 3239 },{ 3240 .name = "reverse", 3241 .type = QEMU_OPT_BOOL, 3242 },{ 3243 .name = "lock-key-sync", 3244 .type = QEMU_OPT_BOOL, 3245 },{ 3246 .name = "sasl", 3247 .type = QEMU_OPT_BOOL, 3248 },{ 3249 /* Deprecated in favour of tls-creds */ 3250 .name = "tls", 3251 .type = QEMU_OPT_BOOL, 3252 },{ 3253 /* Deprecated in favour of tls-creds */ 3254 .name = "x509verify", 3255 .type = QEMU_OPT_STRING, 3256 },{ 3257 .name = "acl", 3258 .type = QEMU_OPT_BOOL, 3259 },{ 3260 .name = "lossy", 3261 .type = QEMU_OPT_BOOL, 3262 },{ 3263 .name = "non-adaptive", 3264 .type = QEMU_OPT_BOOL, 3265 }, 3266 { /* end of list */ } 3267 }, 3268 }; 3269 3270 3271 static int 3272 vnc_display_setup_auth(VncDisplay *vs, 3273 bool password, 3274 bool sasl, 3275 bool websocket, 3276 Error **errp) 3277 { 3278 /* 3279 * We have a choice of 3 authentication options 3280 * 3281 * 1. none 3282 * 2. vnc 3283 * 3. sasl 3284 * 3285 * The channel can be run in 2 modes 3286 * 3287 * 1. clear 3288 * 2. tls 3289 * 3290 * And TLS can use 2 types of credentials 3291 * 3292 * 1. anon 3293 * 2. x509 3294 * 3295 * We thus have 9 possible logical combinations 3296 * 3297 * 1. clear + none 3298 * 2. clear + vnc 3299 * 3. clear + sasl 3300 * 4. tls + anon + none 3301 * 5. tls + anon + vnc 3302 * 6. tls + anon + sasl 3303 * 7. tls + x509 + none 3304 * 8. tls + x509 + vnc 3305 * 9. tls + x509 + sasl 3306 * 3307 * These need to be mapped into the VNC auth schemes 3308 * in an appropriate manner. In regular VNC, all the 3309 * TLS options get mapped into VNC_AUTH_VENCRYPT 3310 * sub-auth types. 3311 * 3312 * In websockets, the https:// protocol already provides 3313 * TLS support, so there is no need to make use of the 3314 * VeNCrypt extension. Furthermore, websockets browser 3315 * clients could not use VeNCrypt even if they wanted to, 3316 * as they cannot control when the TLS handshake takes 3317 * place. Thus there is no option but to rely on https://, 3318 * meaning combinations 4->6 and 7->9 will be mapped to 3319 * VNC auth schemes in the same way as combos 1->3. 3320 * 3321 * Regardless of fact that we have a different mapping to 3322 * VNC auth mechs for plain VNC vs websockets VNC, the end 3323 * result has the same security characteristics. 3324 */ 3325 if (password) { 3326 if (vs->tlscreds) { 3327 vs->auth = VNC_AUTH_VENCRYPT; 3328 if (websocket) { 3329 vs->ws_tls = true; 3330 } 3331 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3332 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3333 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3334 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3335 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3336 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3337 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3338 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3339 } else { 3340 error_setg(errp, 3341 "Unsupported TLS cred type %s", 3342 object_get_typename(OBJECT(vs->tlscreds))); 3343 return -1; 3344 } 3345 } else { 3346 VNC_DEBUG("Initializing VNC server with password auth\n"); 3347 vs->auth = VNC_AUTH_VNC; 3348 vs->subauth = VNC_AUTH_INVALID; 3349 } 3350 if (websocket) { 3351 vs->ws_auth = VNC_AUTH_VNC; 3352 } else { 3353 vs->ws_auth = VNC_AUTH_INVALID; 3354 } 3355 } else if (sasl) { 3356 if (vs->tlscreds) { 3357 vs->auth = VNC_AUTH_VENCRYPT; 3358 if (websocket) { 3359 vs->ws_tls = true; 3360 } 3361 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3362 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3363 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3364 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3365 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3366 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3367 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3368 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3369 } else { 3370 error_setg(errp, 3371 "Unsupported TLS cred type %s", 3372 object_get_typename(OBJECT(vs->tlscreds))); 3373 return -1; 3374 } 3375 } else { 3376 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3377 vs->auth = VNC_AUTH_SASL; 3378 vs->subauth = VNC_AUTH_INVALID; 3379 } 3380 if (websocket) { 3381 vs->ws_auth = VNC_AUTH_SASL; 3382 } else { 3383 vs->ws_auth = VNC_AUTH_INVALID; 3384 } 3385 } else { 3386 if (vs->tlscreds) { 3387 vs->auth = VNC_AUTH_VENCRYPT; 3388 if (websocket) { 3389 vs->ws_tls = true; 3390 } 3391 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3392 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3393 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3394 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3395 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3396 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3397 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3398 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3399 } else { 3400 error_setg(errp, 3401 "Unsupported TLS cred type %s", 3402 object_get_typename(OBJECT(vs->tlscreds))); 3403 return -1; 3404 } 3405 } else { 3406 VNC_DEBUG("Initializing VNC server with no auth\n"); 3407 vs->auth = VNC_AUTH_NONE; 3408 vs->subauth = VNC_AUTH_INVALID; 3409 } 3410 if (websocket) { 3411 vs->ws_auth = VNC_AUTH_NONE; 3412 } else { 3413 vs->ws_auth = VNC_AUTH_INVALID; 3414 } 3415 } 3416 return 0; 3417 } 3418 3419 3420 /* 3421 * Handle back compat with old CLI syntax by creating some 3422 * suitable QCryptoTLSCreds objects 3423 */ 3424 static QCryptoTLSCreds * 3425 vnc_display_create_creds(bool x509, 3426 bool x509verify, 3427 const char *dir, 3428 const char *id, 3429 Error **errp) 3430 { 3431 gchar *credsid = g_strdup_printf("tlsvnc%s", id); 3432 Object *parent = object_get_objects_root(); 3433 Object *creds; 3434 Error *err = NULL; 3435 3436 if (x509) { 3437 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509, 3438 parent, 3439 credsid, 3440 &err, 3441 "endpoint", "server", 3442 "dir", dir, 3443 "verify-peer", x509verify ? "yes" : "no", 3444 NULL); 3445 } else { 3446 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON, 3447 parent, 3448 credsid, 3449 &err, 3450 "endpoint", "server", 3451 NULL); 3452 } 3453 3454 g_free(credsid); 3455 3456 if (err) { 3457 error_propagate(errp, err); 3458 return NULL; 3459 } 3460 3461 return QCRYPTO_TLS_CREDS(creds); 3462 } 3463 3464 3465 void vnc_display_open(const char *id, Error **errp) 3466 { 3467 VncDisplay *vs = vnc_display_find(id); 3468 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3469 SocketAddress *saddr = NULL, *wsaddr = NULL; 3470 const char *share, *device_id; 3471 QemuConsole *con; 3472 bool password = false; 3473 bool reverse = false; 3474 const char *vnc; 3475 char *h; 3476 const char *credid; 3477 bool sasl = false; 3478 #ifdef CONFIG_VNC_SASL 3479 int saslErr; 3480 #endif 3481 int acl = 0; 3482 int lock_key_sync = 1; 3483 3484 if (!vs) { 3485 error_setg(errp, "VNC display not active"); 3486 return; 3487 } 3488 vnc_display_close(vs); 3489 3490 if (!opts) { 3491 return; 3492 } 3493 vnc = qemu_opt_get(opts, "vnc"); 3494 if (!vnc || strcmp(vnc, "none") == 0) { 3495 return; 3496 } 3497 3498 h = strrchr(vnc, ':'); 3499 if (h) { 3500 size_t hlen = h - vnc; 3501 3502 const char *websocket = qemu_opt_get(opts, "websocket"); 3503 int to = qemu_opt_get_number(opts, "to", 0); 3504 bool has_ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3505 bool has_ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3506 3507 saddr = g_new0(SocketAddress, 1); 3508 if (websocket) { 3509 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { 3510 error_setg(errp, 3511 "SHA1 hash support is required for websockets"); 3512 goto fail; 3513 } 3514 3515 wsaddr = g_new0(SocketAddress, 1); 3516 vs->ws_enabled = true; 3517 } 3518 3519 if (strncmp(vnc, "unix:", 5) == 0) { 3520 saddr->type = SOCKET_ADDRESS_KIND_UNIX; 3521 saddr->u.q_unix = g_new0(UnixSocketAddress, 1); 3522 saddr->u.q_unix->path = g_strdup(vnc + 5); 3523 3524 if (vs->ws_enabled) { 3525 error_setg(errp, "UNIX sockets not supported with websock"); 3526 goto fail; 3527 } 3528 } else { 3529 unsigned long long baseport; 3530 saddr->type = SOCKET_ADDRESS_KIND_INET; 3531 saddr->u.inet = g_new0(InetSocketAddress, 1); 3532 if (vnc[0] == '[' && vnc[hlen - 1] == ']') { 3533 saddr->u.inet->host = g_strndup(vnc + 1, hlen - 2); 3534 } else { 3535 saddr->u.inet->host = g_strndup(vnc, hlen); 3536 } 3537 if (parse_uint_full(h + 1, &baseport, 10) < 0) { 3538 error_setg(errp, "can't convert to a number: %s", h + 1); 3539 goto fail; 3540 } 3541 if (baseport > 65535 || 3542 baseport + 5900 > 65535) { 3543 error_setg(errp, "port %s out of range", h + 1); 3544 goto fail; 3545 } 3546 saddr->u.inet->port = g_strdup_printf( 3547 "%d", (int)baseport + 5900); 3548 3549 if (to) { 3550 saddr->u.inet->has_to = true; 3551 saddr->u.inet->to = to + 5900; 3552 } 3553 saddr->u.inet->ipv4 = saddr->u.inet->has_ipv4 = has_ipv4; 3554 saddr->u.inet->ipv6 = saddr->u.inet->has_ipv6 = has_ipv6; 3555 3556 if (vs->ws_enabled) { 3557 wsaddr->type = SOCKET_ADDRESS_KIND_INET; 3558 wsaddr->u.inet = g_new0(InetSocketAddress, 1); 3559 wsaddr->u.inet->host = g_strdup(saddr->u.inet->host); 3560 wsaddr->u.inet->port = g_strdup(websocket); 3561 3562 if (to) { 3563 wsaddr->u.inet->has_to = true; 3564 wsaddr->u.inet->to = to; 3565 } 3566 wsaddr->u.inet->ipv4 = wsaddr->u.inet->has_ipv4 = has_ipv4; 3567 wsaddr->u.inet->ipv6 = wsaddr->u.inet->has_ipv6 = has_ipv6; 3568 } 3569 } 3570 } else { 3571 error_setg(errp, "no vnc port specified"); 3572 goto fail; 3573 } 3574 3575 password = qemu_opt_get_bool(opts, "password", false); 3576 if (password) { 3577 if (fips_get_state()) { 3578 error_setg(errp, 3579 "VNC password auth disabled due to FIPS mode, " 3580 "consider using the VeNCrypt or SASL authentication " 3581 "methods as an alternative"); 3582 goto fail; 3583 } 3584 if (!qcrypto_cipher_supports( 3585 QCRYPTO_CIPHER_ALG_DES_RFB)) { 3586 error_setg(errp, 3587 "Cipher backend does not support DES RFB algorithm"); 3588 goto fail; 3589 } 3590 } 3591 3592 reverse = qemu_opt_get_bool(opts, "reverse", false); 3593 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3594 sasl = qemu_opt_get_bool(opts, "sasl", false); 3595 #ifndef CONFIG_VNC_SASL 3596 if (sasl) { 3597 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3598 goto fail; 3599 } 3600 #endif /* CONFIG_VNC_SASL */ 3601 credid = qemu_opt_get(opts, "tls-creds"); 3602 if (credid) { 3603 Object *creds; 3604 if (qemu_opt_get(opts, "tls") || 3605 qemu_opt_get(opts, "x509") || 3606 qemu_opt_get(opts, "x509verify")) { 3607 error_setg(errp, 3608 "'credid' parameter is mutually exclusive with " 3609 "'tls', 'x509' and 'x509verify' parameters"); 3610 goto fail; 3611 } 3612 3613 creds = object_resolve_path_component( 3614 object_get_objects_root(), credid); 3615 if (!creds) { 3616 error_setg(errp, "No TLS credentials with id '%s'", 3617 credid); 3618 goto fail; 3619 } 3620 vs->tlscreds = (QCryptoTLSCreds *) 3621 object_dynamic_cast(creds, 3622 TYPE_QCRYPTO_TLS_CREDS); 3623 if (!vs->tlscreds) { 3624 error_setg(errp, "Object with id '%s' is not TLS credentials", 3625 credid); 3626 goto fail; 3627 } 3628 object_ref(OBJECT(vs->tlscreds)); 3629 3630 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 3631 error_setg(errp, 3632 "Expecting TLS credentials with a server endpoint"); 3633 goto fail; 3634 } 3635 } else { 3636 const char *path; 3637 bool tls = false, x509 = false, x509verify = false; 3638 tls = qemu_opt_get_bool(opts, "tls", false); 3639 if (tls) { 3640 path = qemu_opt_get(opts, "x509"); 3641 3642 if (path) { 3643 x509 = true; 3644 } else { 3645 path = qemu_opt_get(opts, "x509verify"); 3646 if (path) { 3647 x509 = true; 3648 x509verify = true; 3649 } 3650 } 3651 vs->tlscreds = vnc_display_create_creds(x509, 3652 x509verify, 3653 path, 3654 vs->id, 3655 errp); 3656 if (!vs->tlscreds) { 3657 goto fail; 3658 } 3659 } 3660 } 3661 acl = qemu_opt_get_bool(opts, "acl", false); 3662 3663 share = qemu_opt_get(opts, "share"); 3664 if (share) { 3665 if (strcmp(share, "ignore") == 0) { 3666 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3667 } else if (strcmp(share, "allow-exclusive") == 0) { 3668 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3669 } else if (strcmp(share, "force-shared") == 0) { 3670 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3671 } else { 3672 error_setg(errp, "unknown vnc share= option"); 3673 goto fail; 3674 } 3675 } else { 3676 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3677 } 3678 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3679 3680 #ifdef CONFIG_VNC_JPEG 3681 vs->lossy = qemu_opt_get_bool(opts, "lossy", false); 3682 #endif 3683 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3684 /* adaptive updates are only used with tight encoding and 3685 * if lossy updates are enabled so we can disable all the 3686 * calculations otherwise */ 3687 if (!vs->lossy) { 3688 vs->non_adaptive = true; 3689 } 3690 3691 if (acl) { 3692 if (strcmp(vs->id, "default") == 0) { 3693 vs->tlsaclname = g_strdup("vnc.x509dname"); 3694 } else { 3695 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id); 3696 } 3697 qemu_acl_init(vs->tlsaclname); 3698 } 3699 #ifdef CONFIG_VNC_SASL 3700 if (acl && sasl) { 3701 char *aclname; 3702 3703 if (strcmp(vs->id, "default") == 0) { 3704 aclname = g_strdup("vnc.username"); 3705 } else { 3706 aclname = g_strdup_printf("vnc.%s.username", vs->id); 3707 } 3708 vs->sasl.acl = qemu_acl_init(aclname); 3709 g_free(aclname); 3710 } 3711 #endif 3712 3713 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) { 3714 goto fail; 3715 } 3716 3717 #ifdef CONFIG_VNC_SASL 3718 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3719 error_setg(errp, "Failed to initialize SASL auth: %s", 3720 sasl_errstring(saslErr, NULL, NULL)); 3721 goto fail; 3722 } 3723 #endif 3724 vs->lock_key_sync = lock_key_sync; 3725 3726 device_id = qemu_opt_get(opts, "display"); 3727 if (device_id) { 3728 DeviceState *dev; 3729 int head = qemu_opt_get_number(opts, "head", 0); 3730 3731 dev = qdev_find_recursive(sysbus_get_default(), device_id); 3732 if (dev == NULL) { 3733 error_setg(errp, "Device '%s' not found", device_id); 3734 goto fail; 3735 } 3736 3737 con = qemu_console_lookup_by_device(dev, head); 3738 if (con == NULL) { 3739 error_setg(errp, "Device %s is not bound to a QemuConsole", 3740 device_id); 3741 goto fail; 3742 } 3743 } else { 3744 con = NULL; 3745 } 3746 3747 if (con != vs->dcl.con) { 3748 unregister_displaychangelistener(&vs->dcl); 3749 vs->dcl.con = con; 3750 register_displaychangelistener(&vs->dcl); 3751 } 3752 3753 if (reverse) { 3754 /* connect to viewer */ 3755 QIOChannelSocket *sioc = NULL; 3756 vs->lsock = NULL; 3757 vs->lwebsock = NULL; 3758 if (vs->ws_enabled) { 3759 error_setg(errp, "Cannot use websockets in reverse mode"); 3760 goto fail; 3761 } 3762 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3763 sioc = qio_channel_socket_new(); 3764 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) { 3765 goto fail; 3766 } 3767 vnc_connect(vs, sioc, false, false); 3768 object_unref(OBJECT(sioc)); 3769 } else { 3770 vs->lsock = qio_channel_socket_new(); 3771 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) { 3772 goto fail; 3773 } 3774 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3775 vs->enabled = true; 3776 3777 if (vs->ws_enabled) { 3778 vs->lwebsock = qio_channel_socket_new(); 3779 if (qio_channel_socket_listen_sync(vs->lwebsock, 3780 wsaddr, errp) < 0) { 3781 object_unref(OBJECT(vs->lsock)); 3782 vs->lsock = NULL; 3783 goto fail; 3784 } 3785 } 3786 3787 vs->lsock_tag = qio_channel_add_watch( 3788 QIO_CHANNEL(vs->lsock), 3789 G_IO_IN, vnc_listen_io, vs, NULL); 3790 if (vs->ws_enabled) { 3791 vs->lwebsock_tag = qio_channel_add_watch( 3792 QIO_CHANNEL(vs->lwebsock), 3793 G_IO_IN, vnc_listen_io, vs, NULL); 3794 } 3795 } 3796 3797 qapi_free_SocketAddress(saddr); 3798 qapi_free_SocketAddress(wsaddr); 3799 return; 3800 3801 fail: 3802 qapi_free_SocketAddress(saddr); 3803 qapi_free_SocketAddress(wsaddr); 3804 vs->enabled = false; 3805 vs->ws_enabled = false; 3806 } 3807 3808 void vnc_display_add_client(const char *id, int csock, bool skipauth) 3809 { 3810 VncDisplay *vs = vnc_display_find(id); 3811 QIOChannelSocket *sioc; 3812 3813 if (!vs) { 3814 return; 3815 } 3816 3817 sioc = qio_channel_socket_new_fd(csock, NULL); 3818 if (sioc) { 3819 vnc_connect(vs, sioc, skipauth, false); 3820 object_unref(OBJECT(sioc)); 3821 } 3822 } 3823 3824 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 3825 { 3826 int i = 2; 3827 char *id; 3828 3829 id = g_strdup("default"); 3830 while (qemu_opts_find(olist, id)) { 3831 g_free(id); 3832 id = g_strdup_printf("vnc%d", i++); 3833 } 3834 qemu_opts_set_id(opts, id); 3835 } 3836 3837 QemuOpts *vnc_parse(const char *str, Error **errp) 3838 { 3839 QemuOptsList *olist = qemu_find_opts("vnc"); 3840 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 3841 const char *id; 3842 3843 if (!opts) { 3844 return NULL; 3845 } 3846 3847 id = qemu_opts_id(opts); 3848 if (!id) { 3849 /* auto-assign id if not present */ 3850 vnc_auto_assign_id(olist, opts); 3851 } 3852 return opts; 3853 } 3854 3855 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 3856 { 3857 Error *local_err = NULL; 3858 char *id = (char *)qemu_opts_id(opts); 3859 3860 assert(id); 3861 vnc_display_init(id); 3862 vnc_display_open(id, &local_err); 3863 if (local_err != NULL) { 3864 error_report("Failed to start VNC server: %s", 3865 error_get_pretty(local_err)); 3866 error_free(local_err); 3867 exit(1); 3868 } 3869 return 0; 3870 } 3871 3872 static void vnc_register_config(void) 3873 { 3874 qemu_add_opts(&qemu_vnc_opts); 3875 } 3876 machine_init(vnc_register_config); 3877