1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev.h" 32 #include "sysemu/sysemu.h" 33 #include "qemu/error-report.h" 34 #include "qemu/sockets.h" 35 #include "qemu/timer.h" 36 #include "qemu/acl.h" 37 #include "qemu/config-file.h" 38 #include "qapi/qmp/qerror.h" 39 #include "qapi/qmp/types.h" 40 #include "qmp-commands.h" 41 #include "ui/input.h" 42 #include "qapi-event.h" 43 #include "crypto/hash.h" 44 #include "crypto/tlscredsanon.h" 45 #include "crypto/tlscredsx509.h" 46 #include "qom/object_interfaces.h" 47 #include "qemu/cutils.h" 48 49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 50 #define VNC_REFRESH_INTERVAL_INC 50 51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 54 55 #include "vnc_keysym.h" 56 #include "crypto/cipher.h" 57 58 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 59 QTAILQ_HEAD_INITIALIZER(vnc_displays); 60 61 static int vnc_cursor_define(VncState *vs); 62 static void vnc_release_modifiers(VncState *vs); 63 64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 65 { 66 #ifdef _VNC_DEBUG 67 static const char *mn[] = { 68 [0] = "undefined", 69 [VNC_SHARE_MODE_CONNECTING] = "connecting", 70 [VNC_SHARE_MODE_SHARED] = "shared", 71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 73 }; 74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 75 vs->ioc, mn[vs->share_mode], mn[mode]); 76 #endif 77 78 switch (vs->share_mode) { 79 case VNC_SHARE_MODE_CONNECTING: 80 vs->vd->num_connecting--; 81 break; 82 case VNC_SHARE_MODE_SHARED: 83 vs->vd->num_shared--; 84 break; 85 case VNC_SHARE_MODE_EXCLUSIVE: 86 vs->vd->num_exclusive--; 87 break; 88 default: 89 break; 90 } 91 92 vs->share_mode = mode; 93 94 switch (vs->share_mode) { 95 case VNC_SHARE_MODE_CONNECTING: 96 vs->vd->num_connecting++; 97 break; 98 case VNC_SHARE_MODE_SHARED: 99 vs->vd->num_shared++; 100 break; 101 case VNC_SHARE_MODE_EXCLUSIVE: 102 vs->vd->num_exclusive++; 103 break; 104 default: 105 break; 106 } 107 } 108 109 110 static void vnc_init_basic_info(SocketAddress *addr, 111 VncBasicInfo *info, 112 Error **errp) 113 { 114 switch (addr->type) { 115 case SOCKET_ADDRESS_KIND_INET: 116 info->host = g_strdup(addr->u.inet.data->host); 117 info->service = g_strdup(addr->u.inet.data->port); 118 if (addr->u.inet.data->ipv6) { 119 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 120 } else { 121 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 122 } 123 break; 124 125 case SOCKET_ADDRESS_KIND_UNIX: 126 info->host = g_strdup(""); 127 info->service = g_strdup(addr->u.q_unix.data->path); 128 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 129 break; 130 131 default: 132 error_setg(errp, "Unsupported socket kind %d", 133 addr->type); 134 break; 135 } 136 137 return; 138 } 139 140 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 141 VncBasicInfo *info, 142 Error **errp) 143 { 144 SocketAddress *addr = NULL; 145 146 addr = qio_channel_socket_get_local_address(ioc, errp); 147 if (!addr) { 148 return; 149 } 150 151 vnc_init_basic_info(addr, info, errp); 152 qapi_free_SocketAddress(addr); 153 } 154 155 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 156 VncBasicInfo *info, 157 Error **errp) 158 { 159 SocketAddress *addr = NULL; 160 161 addr = qio_channel_socket_get_remote_address(ioc, errp); 162 if (!addr) { 163 return; 164 } 165 166 vnc_init_basic_info(addr, info, errp); 167 qapi_free_SocketAddress(addr); 168 } 169 170 static const char *vnc_auth_name(VncDisplay *vd) { 171 switch (vd->auth) { 172 case VNC_AUTH_INVALID: 173 return "invalid"; 174 case VNC_AUTH_NONE: 175 return "none"; 176 case VNC_AUTH_VNC: 177 return "vnc"; 178 case VNC_AUTH_RA2: 179 return "ra2"; 180 case VNC_AUTH_RA2NE: 181 return "ra2ne"; 182 case VNC_AUTH_TIGHT: 183 return "tight"; 184 case VNC_AUTH_ULTRA: 185 return "ultra"; 186 case VNC_AUTH_TLS: 187 return "tls"; 188 case VNC_AUTH_VENCRYPT: 189 switch (vd->subauth) { 190 case VNC_AUTH_VENCRYPT_PLAIN: 191 return "vencrypt+plain"; 192 case VNC_AUTH_VENCRYPT_TLSNONE: 193 return "vencrypt+tls+none"; 194 case VNC_AUTH_VENCRYPT_TLSVNC: 195 return "vencrypt+tls+vnc"; 196 case VNC_AUTH_VENCRYPT_TLSPLAIN: 197 return "vencrypt+tls+plain"; 198 case VNC_AUTH_VENCRYPT_X509NONE: 199 return "vencrypt+x509+none"; 200 case VNC_AUTH_VENCRYPT_X509VNC: 201 return "vencrypt+x509+vnc"; 202 case VNC_AUTH_VENCRYPT_X509PLAIN: 203 return "vencrypt+x509+plain"; 204 case VNC_AUTH_VENCRYPT_TLSSASL: 205 return "vencrypt+tls+sasl"; 206 case VNC_AUTH_VENCRYPT_X509SASL: 207 return "vencrypt+x509+sasl"; 208 default: 209 return "vencrypt"; 210 } 211 case VNC_AUTH_SASL: 212 return "sasl"; 213 } 214 return "unknown"; 215 } 216 217 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 218 { 219 VncServerInfo *info; 220 Error *err = NULL; 221 222 info = g_malloc(sizeof(*info)); 223 vnc_init_basic_info_from_server_addr(vd->lsock, 224 qapi_VncServerInfo_base(info), &err); 225 info->has_auth = true; 226 info->auth = g_strdup(vnc_auth_name(vd)); 227 if (err) { 228 qapi_free_VncServerInfo(info); 229 info = NULL; 230 error_free(err); 231 } 232 return info; 233 } 234 235 static void vnc_client_cache_auth(VncState *client) 236 { 237 if (!client->info) { 238 return; 239 } 240 241 if (client->tls) { 242 client->info->x509_dname = 243 qcrypto_tls_session_get_peer_name(client->tls); 244 client->info->has_x509_dname = 245 client->info->x509_dname != NULL; 246 } 247 #ifdef CONFIG_VNC_SASL 248 if (client->sasl.conn && 249 client->sasl.username) { 250 client->info->has_sasl_username = true; 251 client->info->sasl_username = g_strdup(client->sasl.username); 252 } 253 #endif 254 } 255 256 static void vnc_client_cache_addr(VncState *client) 257 { 258 Error *err = NULL; 259 260 client->info = g_malloc0(sizeof(*client->info)); 261 vnc_init_basic_info_from_remote_addr(client->sioc, 262 qapi_VncClientInfo_base(client->info), 263 &err); 264 if (err) { 265 qapi_free_VncClientInfo(client->info); 266 client->info = NULL; 267 error_free(err); 268 } 269 } 270 271 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 272 { 273 VncServerInfo *si; 274 275 if (!vs->info) { 276 return; 277 } 278 279 si = vnc_server_info_get(vs->vd); 280 if (!si) { 281 return; 282 } 283 284 switch (event) { 285 case QAPI_EVENT_VNC_CONNECTED: 286 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info), 287 &error_abort); 288 break; 289 case QAPI_EVENT_VNC_INITIALIZED: 290 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 291 break; 292 case QAPI_EVENT_VNC_DISCONNECTED: 293 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 294 break; 295 default: 296 break; 297 } 298 299 qapi_free_VncServerInfo(si); 300 } 301 302 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 303 { 304 VncClientInfo *info; 305 Error *err = NULL; 306 307 info = g_malloc0(sizeof(*info)); 308 309 vnc_init_basic_info_from_remote_addr(client->sioc, 310 qapi_VncClientInfo_base(info), 311 &err); 312 if (err) { 313 error_free(err); 314 qapi_free_VncClientInfo(info); 315 return NULL; 316 } 317 318 info->websocket = client->websocket; 319 320 if (client->tls) { 321 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 322 info->has_x509_dname = info->x509_dname != NULL; 323 } 324 #ifdef CONFIG_VNC_SASL 325 if (client->sasl.conn && client->sasl.username) { 326 info->has_sasl_username = true; 327 info->sasl_username = g_strdup(client->sasl.username); 328 } 329 #endif 330 331 return info; 332 } 333 334 static VncDisplay *vnc_display_find(const char *id) 335 { 336 VncDisplay *vd; 337 338 if (id == NULL) { 339 return QTAILQ_FIRST(&vnc_displays); 340 } 341 QTAILQ_FOREACH(vd, &vnc_displays, next) { 342 if (strcmp(id, vd->id) == 0) { 343 return vd; 344 } 345 } 346 return NULL; 347 } 348 349 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 350 { 351 VncClientInfoList *cinfo, *prev = NULL; 352 VncState *client; 353 354 QTAILQ_FOREACH(client, &vd->clients, next) { 355 cinfo = g_new0(VncClientInfoList, 1); 356 cinfo->value = qmp_query_vnc_client(client); 357 cinfo->next = prev; 358 prev = cinfo; 359 } 360 return prev; 361 } 362 363 VncInfo *qmp_query_vnc(Error **errp) 364 { 365 VncInfo *info = g_malloc0(sizeof(*info)); 366 VncDisplay *vd = vnc_display_find(NULL); 367 SocketAddress *addr = NULL; 368 369 if (vd == NULL || !vd->enabled) { 370 info->enabled = false; 371 } else { 372 info->enabled = true; 373 374 /* for compatibility with the original command */ 375 info->has_clients = true; 376 info->clients = qmp_query_client_list(vd); 377 378 if (vd->lsock == NULL) { 379 return info; 380 } 381 382 addr = qio_channel_socket_get_local_address(vd->lsock, errp); 383 if (!addr) { 384 goto out_error; 385 } 386 387 switch (addr->type) { 388 case SOCKET_ADDRESS_KIND_INET: 389 info->host = g_strdup(addr->u.inet.data->host); 390 info->service = g_strdup(addr->u.inet.data->port); 391 if (addr->u.inet.data->ipv6) { 392 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 393 } else { 394 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 395 } 396 break; 397 398 case SOCKET_ADDRESS_KIND_UNIX: 399 info->host = g_strdup(""); 400 info->service = g_strdup(addr->u.q_unix.data->path); 401 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 402 break; 403 404 default: 405 error_setg(errp, "Unsupported socket kind %d", 406 addr->type); 407 goto out_error; 408 } 409 410 info->has_host = true; 411 info->has_service = true; 412 info->has_family = true; 413 414 info->has_auth = true; 415 info->auth = g_strdup(vnc_auth_name(vd)); 416 } 417 418 qapi_free_SocketAddress(addr); 419 return info; 420 421 out_error: 422 qapi_free_SocketAddress(addr); 423 qapi_free_VncInfo(info); 424 return NULL; 425 } 426 427 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc, 428 bool websocket, 429 VncBasicInfoList *prev) 430 { 431 VncBasicInfoList *list; 432 VncBasicInfo *info; 433 Error *err = NULL; 434 SocketAddress *addr; 435 436 addr = qio_channel_socket_get_local_address(ioc, &err); 437 if (!addr) { 438 error_free(err); 439 return prev; 440 } 441 442 info = g_new0(VncBasicInfo, 1); 443 vnc_init_basic_info(addr, info, &err); 444 qapi_free_SocketAddress(addr); 445 if (err) { 446 qapi_free_VncBasicInfo(info); 447 error_free(err); 448 return prev; 449 } 450 info->websocket = websocket; 451 452 list = g_new0(VncBasicInfoList, 1); 453 list->value = info; 454 list->next = prev; 455 return list; 456 } 457 458 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info) 459 { 460 switch (vd->auth) { 461 case VNC_AUTH_VNC: 462 info->auth = VNC_PRIMARY_AUTH_VNC; 463 break; 464 case VNC_AUTH_RA2: 465 info->auth = VNC_PRIMARY_AUTH_RA2; 466 break; 467 case VNC_AUTH_RA2NE: 468 info->auth = VNC_PRIMARY_AUTH_RA2NE; 469 break; 470 case VNC_AUTH_TIGHT: 471 info->auth = VNC_PRIMARY_AUTH_TIGHT; 472 break; 473 case VNC_AUTH_ULTRA: 474 info->auth = VNC_PRIMARY_AUTH_ULTRA; 475 break; 476 case VNC_AUTH_TLS: 477 info->auth = VNC_PRIMARY_AUTH_TLS; 478 break; 479 case VNC_AUTH_VENCRYPT: 480 info->auth = VNC_PRIMARY_AUTH_VENCRYPT; 481 info->has_vencrypt = true; 482 switch (vd->subauth) { 483 case VNC_AUTH_VENCRYPT_PLAIN: 484 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 485 break; 486 case VNC_AUTH_VENCRYPT_TLSNONE: 487 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 488 break; 489 case VNC_AUTH_VENCRYPT_TLSVNC: 490 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 491 break; 492 case VNC_AUTH_VENCRYPT_TLSPLAIN: 493 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 494 break; 495 case VNC_AUTH_VENCRYPT_X509NONE: 496 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 497 break; 498 case VNC_AUTH_VENCRYPT_X509VNC: 499 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 500 break; 501 case VNC_AUTH_VENCRYPT_X509PLAIN: 502 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 503 break; 504 case VNC_AUTH_VENCRYPT_TLSSASL: 505 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 506 break; 507 case VNC_AUTH_VENCRYPT_X509SASL: 508 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 509 break; 510 default: 511 info->has_vencrypt = false; 512 break; 513 } 514 break; 515 case VNC_AUTH_SASL: 516 info->auth = VNC_PRIMARY_AUTH_SASL; 517 break; 518 case VNC_AUTH_NONE: 519 default: 520 info->auth = VNC_PRIMARY_AUTH_NONE; 521 break; 522 } 523 } 524 525 VncInfo2List *qmp_query_vnc_servers(Error **errp) 526 { 527 VncInfo2List *item, *prev = NULL; 528 VncInfo2 *info; 529 VncDisplay *vd; 530 DeviceState *dev; 531 532 QTAILQ_FOREACH(vd, &vnc_displays, next) { 533 info = g_new0(VncInfo2, 1); 534 info->id = g_strdup(vd->id); 535 info->clients = qmp_query_client_list(vd); 536 qmp_query_auth(vd, info); 537 if (vd->dcl.con) { 538 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 539 "device", NULL)); 540 info->has_display = true; 541 info->display = g_strdup(dev->id); 542 } 543 if (vd->lsock != NULL) { 544 info->server = qmp_query_server_entry( 545 vd->lsock, false, info->server); 546 } 547 if (vd->lwebsock != NULL) { 548 info->server = qmp_query_server_entry( 549 vd->lwebsock, true, info->server); 550 } 551 552 item = g_new0(VncInfo2List, 1); 553 item->value = info; 554 item->next = prev; 555 prev = item; 556 } 557 return prev; 558 } 559 560 /* TODO 561 1) Get the queue working for IO. 562 2) there is some weirdness when using the -S option (the screen is grey 563 and not totally invalidated 564 3) resolutions > 1024 565 */ 566 567 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 568 static void vnc_disconnect_start(VncState *vs); 569 570 static void vnc_colordepth(VncState *vs); 571 static void framebuffer_update_request(VncState *vs, int incremental, 572 int x_position, int y_position, 573 int w, int h); 574 static void vnc_refresh(DisplayChangeListener *dcl); 575 static int vnc_refresh_server_surface(VncDisplay *vd); 576 577 static int vnc_width(VncDisplay *vd) 578 { 579 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 580 VNC_DIRTY_PIXELS_PER_BIT)); 581 } 582 583 static int vnc_height(VncDisplay *vd) 584 { 585 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 586 } 587 588 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 589 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 590 VncDisplay *vd, 591 int x, int y, int w, int h) 592 { 593 int width = vnc_width(vd); 594 int height = vnc_height(vd); 595 596 /* this is needed this to ensure we updated all affected 597 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 598 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 599 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 600 601 x = MIN(x, width); 602 y = MIN(y, height); 603 w = MIN(x + w, width) - x; 604 h = MIN(y + h, height); 605 606 for (; y < h; y++) { 607 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 608 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 609 } 610 } 611 612 static void vnc_dpy_update(DisplayChangeListener *dcl, 613 int x, int y, int w, int h) 614 { 615 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 616 struct VncSurface *s = &vd->guest; 617 618 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 619 } 620 621 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 622 int32_t encoding) 623 { 624 vnc_write_u16(vs, x); 625 vnc_write_u16(vs, y); 626 vnc_write_u16(vs, w); 627 vnc_write_u16(vs, h); 628 629 vnc_write_s32(vs, encoding); 630 } 631 632 633 static void vnc_desktop_resize(VncState *vs) 634 { 635 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 636 return; 637 } 638 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 639 vs->client_height == pixman_image_get_height(vs->vd->server)) { 640 return; 641 } 642 vs->client_width = pixman_image_get_width(vs->vd->server); 643 vs->client_height = pixman_image_get_height(vs->vd->server); 644 vnc_lock_output(vs); 645 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 646 vnc_write_u8(vs, 0); 647 vnc_write_u16(vs, 1); /* number of rects */ 648 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 649 VNC_ENCODING_DESKTOPRESIZE); 650 vnc_unlock_output(vs); 651 vnc_flush(vs); 652 } 653 654 static void vnc_abort_display_jobs(VncDisplay *vd) 655 { 656 VncState *vs; 657 658 QTAILQ_FOREACH(vs, &vd->clients, next) { 659 vnc_lock_output(vs); 660 vs->abort = true; 661 vnc_unlock_output(vs); 662 } 663 QTAILQ_FOREACH(vs, &vd->clients, next) { 664 vnc_jobs_join(vs); 665 } 666 QTAILQ_FOREACH(vs, &vd->clients, next) { 667 vnc_lock_output(vs); 668 vs->abort = false; 669 vnc_unlock_output(vs); 670 } 671 } 672 673 int vnc_server_fb_stride(VncDisplay *vd) 674 { 675 return pixman_image_get_stride(vd->server); 676 } 677 678 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 679 { 680 uint8_t *ptr; 681 682 ptr = (uint8_t *)pixman_image_get_data(vd->server); 683 ptr += y * vnc_server_fb_stride(vd); 684 ptr += x * VNC_SERVER_FB_BYTES; 685 return ptr; 686 } 687 688 static void vnc_update_server_surface(VncDisplay *vd) 689 { 690 qemu_pixman_image_unref(vd->server); 691 vd->server = NULL; 692 693 if (QTAILQ_EMPTY(&vd->clients)) { 694 return; 695 } 696 697 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 698 vnc_width(vd), 699 vnc_height(vd), 700 NULL, 0); 701 } 702 703 static void vnc_dpy_switch(DisplayChangeListener *dcl, 704 DisplaySurface *surface) 705 { 706 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 707 VncState *vs; 708 int width, height; 709 710 vnc_abort_display_jobs(vd); 711 vd->ds = surface; 712 713 /* server surface */ 714 vnc_update_server_surface(vd); 715 716 /* guest surface */ 717 qemu_pixman_image_unref(vd->guest.fb); 718 vd->guest.fb = pixman_image_ref(surface->image); 719 vd->guest.format = surface->format; 720 width = vnc_width(vd); 721 height = vnc_height(vd); 722 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 723 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 724 width, height); 725 726 QTAILQ_FOREACH(vs, &vd->clients, next) { 727 vnc_colordepth(vs); 728 vnc_desktop_resize(vs); 729 if (vs->vd->cursor) { 730 vnc_cursor_define(vs); 731 } 732 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 733 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 734 width, height); 735 } 736 } 737 738 /* fastest code */ 739 static void vnc_write_pixels_copy(VncState *vs, 740 void *pixels, int size) 741 { 742 vnc_write(vs, pixels, size); 743 } 744 745 /* slowest but generic code. */ 746 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 747 { 748 uint8_t r, g, b; 749 750 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 751 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 752 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 753 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 754 #else 755 # error need some bits here if you change VNC_SERVER_FB_FORMAT 756 #endif 757 v = (r << vs->client_pf.rshift) | 758 (g << vs->client_pf.gshift) | 759 (b << vs->client_pf.bshift); 760 switch (vs->client_pf.bytes_per_pixel) { 761 case 1: 762 buf[0] = v; 763 break; 764 case 2: 765 if (vs->client_be) { 766 buf[0] = v >> 8; 767 buf[1] = v; 768 } else { 769 buf[1] = v >> 8; 770 buf[0] = v; 771 } 772 break; 773 default: 774 case 4: 775 if (vs->client_be) { 776 buf[0] = v >> 24; 777 buf[1] = v >> 16; 778 buf[2] = v >> 8; 779 buf[3] = v; 780 } else { 781 buf[3] = v >> 24; 782 buf[2] = v >> 16; 783 buf[1] = v >> 8; 784 buf[0] = v; 785 } 786 break; 787 } 788 } 789 790 static void vnc_write_pixels_generic(VncState *vs, 791 void *pixels1, int size) 792 { 793 uint8_t buf[4]; 794 795 if (VNC_SERVER_FB_BYTES == 4) { 796 uint32_t *pixels = pixels1; 797 int n, i; 798 n = size >> 2; 799 for (i = 0; i < n; i++) { 800 vnc_convert_pixel(vs, buf, pixels[i]); 801 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 802 } 803 } 804 } 805 806 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 807 { 808 int i; 809 uint8_t *row; 810 VncDisplay *vd = vs->vd; 811 812 row = vnc_server_fb_ptr(vd, x, y); 813 for (i = 0; i < h; i++) { 814 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 815 row += vnc_server_fb_stride(vd); 816 } 817 return 1; 818 } 819 820 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 821 { 822 int n = 0; 823 bool encode_raw = false; 824 size_t saved_offs = vs->output.offset; 825 826 switch(vs->vnc_encoding) { 827 case VNC_ENCODING_ZLIB: 828 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 829 break; 830 case VNC_ENCODING_HEXTILE: 831 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 832 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 833 break; 834 case VNC_ENCODING_TIGHT: 835 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 836 break; 837 case VNC_ENCODING_TIGHT_PNG: 838 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 839 break; 840 case VNC_ENCODING_ZRLE: 841 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 842 break; 843 case VNC_ENCODING_ZYWRLE: 844 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 845 break; 846 default: 847 encode_raw = true; 848 break; 849 } 850 851 /* If the client has the same pixel format as our internal buffer and 852 * a RAW encoding would need less space fall back to RAW encoding to 853 * save bandwidth and processing power in the client. */ 854 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && 855 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { 856 vs->output.offset = saved_offs; 857 encode_raw = true; 858 } 859 860 if (encode_raw) { 861 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 862 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 863 } 864 865 return n; 866 } 867 868 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 869 { 870 /* send bitblit op to the vnc client */ 871 vnc_lock_output(vs); 872 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 873 vnc_write_u8(vs, 0); 874 vnc_write_u16(vs, 1); /* number of rects */ 875 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 876 vnc_write_u16(vs, src_x); 877 vnc_write_u16(vs, src_y); 878 vnc_unlock_output(vs); 879 vnc_flush(vs); 880 } 881 882 static void vnc_dpy_copy(DisplayChangeListener *dcl, 883 int src_x, int src_y, 884 int dst_x, int dst_y, int w, int h) 885 { 886 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 887 VncState *vs, *vn; 888 uint8_t *src_row; 889 uint8_t *dst_row; 890 int i, x, y, pitch, inc, w_lim, s; 891 int cmp_bytes; 892 893 if (!vd->server) { 894 /* no client connected */ 895 return; 896 } 897 898 vnc_refresh_server_surface(vd); 899 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 900 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 901 vs->force_update = 1; 902 vnc_update_client(vs, 1, true); 903 /* vs might be free()ed here */ 904 } 905 } 906 907 /* do bitblit op on the local surface too */ 908 pitch = vnc_server_fb_stride(vd); 909 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 910 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 911 y = dst_y; 912 inc = 1; 913 if (dst_y > src_y) { 914 /* copy backwards */ 915 src_row += pitch * (h-1); 916 dst_row += pitch * (h-1); 917 pitch = -pitch; 918 y = dst_y + h - 1; 919 inc = -1; 920 } 921 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 922 if (w_lim < 0) { 923 w_lim = w; 924 } else { 925 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 926 } 927 for (i = 0; i < h; i++) { 928 for (x = 0; x <= w_lim; 929 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 930 if (x == w_lim) { 931 if ((s = w - w_lim) == 0) 932 break; 933 } else if (!x) { 934 s = (VNC_DIRTY_PIXELS_PER_BIT - 935 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 936 s = MIN(s, w_lim); 937 } else { 938 s = VNC_DIRTY_PIXELS_PER_BIT; 939 } 940 cmp_bytes = s * VNC_SERVER_FB_BYTES; 941 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 942 continue; 943 memmove(dst_row, src_row, cmp_bytes); 944 QTAILQ_FOREACH(vs, &vd->clients, next) { 945 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 946 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 947 vs->dirty[y]); 948 } 949 } 950 } 951 src_row += pitch - w * VNC_SERVER_FB_BYTES; 952 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 953 y += inc; 954 } 955 956 QTAILQ_FOREACH(vs, &vd->clients, next) { 957 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 958 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 959 } 960 } 961 } 962 963 static void vnc_mouse_set(DisplayChangeListener *dcl, 964 int x, int y, int visible) 965 { 966 /* can we ask the client(s) to move the pointer ??? */ 967 } 968 969 static int vnc_cursor_define(VncState *vs) 970 { 971 QEMUCursor *c = vs->vd->cursor; 972 int isize; 973 974 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 975 vnc_lock_output(vs); 976 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 977 vnc_write_u8(vs, 0); /* padding */ 978 vnc_write_u16(vs, 1); /* # of rects */ 979 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 980 VNC_ENCODING_RICH_CURSOR); 981 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 982 vnc_write_pixels_generic(vs, c->data, isize); 983 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 984 vnc_unlock_output(vs); 985 return 0; 986 } 987 return -1; 988 } 989 990 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 991 QEMUCursor *c) 992 { 993 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 994 VncState *vs; 995 996 cursor_put(vd->cursor); 997 g_free(vd->cursor_mask); 998 999 vd->cursor = c; 1000 cursor_get(vd->cursor); 1001 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1002 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1003 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1004 1005 QTAILQ_FOREACH(vs, &vd->clients, next) { 1006 vnc_cursor_define(vs); 1007 } 1008 } 1009 1010 static int find_and_clear_dirty_height(VncState *vs, 1011 int y, int last_x, int x, int height) 1012 { 1013 int h; 1014 1015 for (h = 1; h < (height - y); h++) { 1016 if (!test_bit(last_x, vs->dirty[y + h])) { 1017 break; 1018 } 1019 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1020 } 1021 1022 return h; 1023 } 1024 1025 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 1026 { 1027 vs->has_dirty += has_dirty; 1028 if (vs->need_update && vs->ioc != NULL) { 1029 VncDisplay *vd = vs->vd; 1030 VncJob *job; 1031 int y; 1032 int height, width; 1033 int n = 0; 1034 1035 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 1036 /* kernel send buffers are full -> drop frames to throttle */ 1037 return 0; 1038 1039 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 1040 return 0; 1041 1042 /* 1043 * Send screen updates to the vnc client using the server 1044 * surface and server dirty map. guest surface updates 1045 * happening in parallel don't disturb us, the next pass will 1046 * send them to the client. 1047 */ 1048 job = vnc_job_new(vs); 1049 1050 height = pixman_image_get_height(vd->server); 1051 width = pixman_image_get_width(vd->server); 1052 1053 y = 0; 1054 for (;;) { 1055 int x, h; 1056 unsigned long x2; 1057 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1058 height * VNC_DIRTY_BPL(vs), 1059 y * VNC_DIRTY_BPL(vs)); 1060 if (offset == height * VNC_DIRTY_BPL(vs)) { 1061 /* no more dirty bits */ 1062 break; 1063 } 1064 y = offset / VNC_DIRTY_BPL(vs); 1065 x = offset % VNC_DIRTY_BPL(vs); 1066 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1067 VNC_DIRTY_BPL(vs), x); 1068 bitmap_clear(vs->dirty[y], x, x2 - x); 1069 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1070 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1071 if (x2 > x) { 1072 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1073 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1074 } 1075 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1076 y += h; 1077 if (y == height) { 1078 break; 1079 } 1080 } 1081 } 1082 1083 vnc_job_push(job); 1084 if (sync) { 1085 vnc_jobs_join(vs); 1086 } 1087 vs->force_update = 0; 1088 vs->has_dirty = 0; 1089 return n; 1090 } 1091 1092 if (vs->disconnecting) { 1093 vnc_disconnect_finish(vs); 1094 } else if (sync) { 1095 vnc_jobs_join(vs); 1096 } 1097 1098 return 0; 1099 } 1100 1101 /* audio */ 1102 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1103 { 1104 VncState *vs = opaque; 1105 1106 switch (cmd) { 1107 case AUD_CNOTIFY_DISABLE: 1108 vnc_lock_output(vs); 1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1110 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1111 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1112 vnc_unlock_output(vs); 1113 vnc_flush(vs); 1114 break; 1115 1116 case AUD_CNOTIFY_ENABLE: 1117 vnc_lock_output(vs); 1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1119 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1120 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1121 vnc_unlock_output(vs); 1122 vnc_flush(vs); 1123 break; 1124 } 1125 } 1126 1127 static void audio_capture_destroy(void *opaque) 1128 { 1129 } 1130 1131 static void audio_capture(void *opaque, void *buf, int size) 1132 { 1133 VncState *vs = opaque; 1134 1135 vnc_lock_output(vs); 1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1137 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1138 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1139 vnc_write_u32(vs, size); 1140 vnc_write(vs, buf, size); 1141 vnc_unlock_output(vs); 1142 vnc_flush(vs); 1143 } 1144 1145 static void audio_add(VncState *vs) 1146 { 1147 struct audio_capture_ops ops; 1148 1149 if (vs->audio_cap) { 1150 error_report("audio already running"); 1151 return; 1152 } 1153 1154 ops.notify = audio_capture_notify; 1155 ops.destroy = audio_capture_destroy; 1156 ops.capture = audio_capture; 1157 1158 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1159 if (!vs->audio_cap) { 1160 error_report("Failed to add audio capture"); 1161 } 1162 } 1163 1164 static void audio_del(VncState *vs) 1165 { 1166 if (vs->audio_cap) { 1167 AUD_del_capture(vs->audio_cap, vs); 1168 vs->audio_cap = NULL; 1169 } 1170 } 1171 1172 static void vnc_disconnect_start(VncState *vs) 1173 { 1174 if (vs->disconnecting) { 1175 return; 1176 } 1177 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1178 if (vs->ioc_tag) { 1179 g_source_remove(vs->ioc_tag); 1180 } 1181 qio_channel_close(vs->ioc, NULL); 1182 vs->disconnecting = TRUE; 1183 } 1184 1185 void vnc_disconnect_finish(VncState *vs) 1186 { 1187 int i; 1188 1189 vnc_jobs_join(vs); /* Wait encoding jobs */ 1190 1191 vnc_lock_output(vs); 1192 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1193 1194 buffer_free(&vs->input); 1195 buffer_free(&vs->output); 1196 1197 qapi_free_VncClientInfo(vs->info); 1198 1199 vnc_zlib_clear(vs); 1200 vnc_tight_clear(vs); 1201 vnc_zrle_clear(vs); 1202 1203 #ifdef CONFIG_VNC_SASL 1204 vnc_sasl_client_cleanup(vs); 1205 #endif /* CONFIG_VNC_SASL */ 1206 audio_del(vs); 1207 vnc_release_modifiers(vs); 1208 1209 if (vs->initialized) { 1210 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1211 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1212 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1213 /* last client gone */ 1214 vnc_update_server_surface(vs->vd); 1215 } 1216 } 1217 1218 if (vs->vd->lock_key_sync) 1219 qemu_remove_led_event_handler(vs->led); 1220 vnc_unlock_output(vs); 1221 1222 qemu_mutex_destroy(&vs->output_mutex); 1223 if (vs->bh != NULL) { 1224 qemu_bh_delete(vs->bh); 1225 } 1226 buffer_free(&vs->jobs_buffer); 1227 1228 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1229 g_free(vs->lossy_rect[i]); 1230 } 1231 g_free(vs->lossy_rect); 1232 1233 object_unref(OBJECT(vs->ioc)); 1234 vs->ioc = NULL; 1235 object_unref(OBJECT(vs->sioc)); 1236 vs->sioc = NULL; 1237 g_free(vs); 1238 } 1239 1240 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) 1241 { 1242 if (ret <= 0) { 1243 if (ret == 0) { 1244 VNC_DEBUG("Closing down client sock: EOF\n"); 1245 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1246 VNC_DEBUG("Closing down client sock: ret %d (%s)\n", 1247 ret, errp ? error_get_pretty(*errp) : "Unknown"); 1248 } 1249 1250 vnc_disconnect_start(vs); 1251 if (errp) { 1252 error_free(*errp); 1253 *errp = NULL; 1254 } 1255 return 0; 1256 } 1257 return ret; 1258 } 1259 1260 1261 void vnc_client_error(VncState *vs) 1262 { 1263 VNC_DEBUG("Closing down client sock: protocol error\n"); 1264 vnc_disconnect_start(vs); 1265 } 1266 1267 1268 /* 1269 * Called to write a chunk of data to the client socket. The data may 1270 * be the raw data, or may have already been encoded by SASL. 1271 * The data will be written either straight onto the socket, or 1272 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1273 * 1274 * NB, it is theoretically possible to have 2 layers of encryption, 1275 * both SASL, and this TLS layer. It is highly unlikely in practice 1276 * though, since SASL encryption will typically be a no-op if TLS 1277 * is active 1278 * 1279 * Returns the number of bytes written, which may be less than 1280 * the requested 'datalen' if the socket would block. Returns 1281 * -1 on error, and disconnects the client socket. 1282 */ 1283 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1284 { 1285 Error *err = NULL; 1286 ssize_t ret; 1287 ret = qio_channel_write( 1288 vs->ioc, (const char *)data, datalen, &err); 1289 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1290 return vnc_client_io_error(vs, ret, &err); 1291 } 1292 1293 1294 /* 1295 * Called to write buffered data to the client socket, when not 1296 * using any SASL SSF encryption layers. Will write as much data 1297 * as possible without blocking. If all buffered data is written, 1298 * will switch the FD poll() handler back to read monitoring. 1299 * 1300 * Returns the number of bytes written, which may be less than 1301 * the buffered output data if the socket would block. Returns 1302 * -1 on error, and disconnects the client socket. 1303 */ 1304 static ssize_t vnc_client_write_plain(VncState *vs) 1305 { 1306 ssize_t ret; 1307 1308 #ifdef CONFIG_VNC_SASL 1309 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1310 vs->output.buffer, vs->output.capacity, vs->output.offset, 1311 vs->sasl.waitWriteSSF); 1312 1313 if (vs->sasl.conn && 1314 vs->sasl.runSSF && 1315 vs->sasl.waitWriteSSF) { 1316 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1317 if (ret) 1318 vs->sasl.waitWriteSSF -= ret; 1319 } else 1320 #endif /* CONFIG_VNC_SASL */ 1321 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1322 if (!ret) 1323 return 0; 1324 1325 buffer_advance(&vs->output, ret); 1326 1327 if (vs->output.offset == 0) { 1328 if (vs->ioc_tag) { 1329 g_source_remove(vs->ioc_tag); 1330 } 1331 vs->ioc_tag = qio_channel_add_watch( 1332 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1333 } 1334 1335 return ret; 1336 } 1337 1338 1339 /* 1340 * First function called whenever there is data to be written to 1341 * the client socket. Will delegate actual work according to whether 1342 * SASL SSF layers are enabled (thus requiring encryption calls) 1343 */ 1344 static void vnc_client_write_locked(VncState *vs) 1345 { 1346 #ifdef CONFIG_VNC_SASL 1347 if (vs->sasl.conn && 1348 vs->sasl.runSSF && 1349 !vs->sasl.waitWriteSSF) { 1350 vnc_client_write_sasl(vs); 1351 } else 1352 #endif /* CONFIG_VNC_SASL */ 1353 { 1354 vnc_client_write_plain(vs); 1355 } 1356 } 1357 1358 static void vnc_client_write(VncState *vs) 1359 { 1360 1361 vnc_lock_output(vs); 1362 if (vs->output.offset) { 1363 vnc_client_write_locked(vs); 1364 } else if (vs->ioc != NULL) { 1365 if (vs->ioc_tag) { 1366 g_source_remove(vs->ioc_tag); 1367 } 1368 vs->ioc_tag = qio_channel_add_watch( 1369 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1370 } 1371 vnc_unlock_output(vs); 1372 } 1373 1374 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1375 { 1376 vs->read_handler = func; 1377 vs->read_handler_expect = expecting; 1378 } 1379 1380 1381 /* 1382 * Called to read a chunk of data from the client socket. The data may 1383 * be the raw data, or may need to be further decoded by SASL. 1384 * The data will be read either straight from to the socket, or 1385 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1386 * 1387 * NB, it is theoretically possible to have 2 layers of encryption, 1388 * both SASL, and this TLS layer. It is highly unlikely in practice 1389 * though, since SASL encryption will typically be a no-op if TLS 1390 * is active 1391 * 1392 * Returns the number of bytes read, which may be less than 1393 * the requested 'datalen' if the socket would block. Returns 1394 * -1 on error, and disconnects the client socket. 1395 */ 1396 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1397 { 1398 ssize_t ret; 1399 Error *err = NULL; 1400 ret = qio_channel_read( 1401 vs->ioc, (char *)data, datalen, &err); 1402 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1403 return vnc_client_io_error(vs, ret, &err); 1404 } 1405 1406 1407 /* 1408 * Called to read data from the client socket to the input buffer, 1409 * when not using any SASL SSF encryption layers. Will read as much 1410 * data as possible without blocking. 1411 * 1412 * Returns the number of bytes read. Returns -1 on error, and 1413 * disconnects the client socket. 1414 */ 1415 static ssize_t vnc_client_read_plain(VncState *vs) 1416 { 1417 ssize_t ret; 1418 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1419 vs->input.buffer, vs->input.capacity, vs->input.offset); 1420 buffer_reserve(&vs->input, 4096); 1421 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1422 if (!ret) 1423 return 0; 1424 vs->input.offset += ret; 1425 return ret; 1426 } 1427 1428 static void vnc_jobs_bh(void *opaque) 1429 { 1430 VncState *vs = opaque; 1431 1432 vnc_jobs_consume_buffer(vs); 1433 } 1434 1435 /* 1436 * First function called whenever there is more data to be read from 1437 * the client socket. Will delegate actual work according to whether 1438 * SASL SSF layers are enabled (thus requiring decryption calls) 1439 */ 1440 static void vnc_client_read(VncState *vs) 1441 { 1442 ssize_t ret; 1443 1444 #ifdef CONFIG_VNC_SASL 1445 if (vs->sasl.conn && vs->sasl.runSSF) 1446 ret = vnc_client_read_sasl(vs); 1447 else 1448 #endif /* CONFIG_VNC_SASL */ 1449 ret = vnc_client_read_plain(vs); 1450 if (!ret) { 1451 if (vs->disconnecting) { 1452 vnc_disconnect_finish(vs); 1453 } 1454 return; 1455 } 1456 1457 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1458 size_t len = vs->read_handler_expect; 1459 int ret; 1460 1461 ret = vs->read_handler(vs, vs->input.buffer, len); 1462 if (vs->disconnecting) { 1463 vnc_disconnect_finish(vs); 1464 return; 1465 } 1466 1467 if (!ret) { 1468 buffer_advance(&vs->input, len); 1469 } else { 1470 vs->read_handler_expect = ret; 1471 } 1472 } 1473 } 1474 1475 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1476 GIOCondition condition, void *opaque) 1477 { 1478 VncState *vs = opaque; 1479 if (condition & G_IO_IN) { 1480 vnc_client_read(vs); 1481 } 1482 if (condition & G_IO_OUT) { 1483 vnc_client_write(vs); 1484 } 1485 return TRUE; 1486 } 1487 1488 1489 void vnc_write(VncState *vs, const void *data, size_t len) 1490 { 1491 buffer_reserve(&vs->output, len); 1492 1493 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1494 if (vs->ioc_tag) { 1495 g_source_remove(vs->ioc_tag); 1496 } 1497 vs->ioc_tag = qio_channel_add_watch( 1498 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL); 1499 } 1500 1501 buffer_append(&vs->output, data, len); 1502 } 1503 1504 void vnc_write_s32(VncState *vs, int32_t value) 1505 { 1506 vnc_write_u32(vs, *(uint32_t *)&value); 1507 } 1508 1509 void vnc_write_u32(VncState *vs, uint32_t value) 1510 { 1511 uint8_t buf[4]; 1512 1513 buf[0] = (value >> 24) & 0xFF; 1514 buf[1] = (value >> 16) & 0xFF; 1515 buf[2] = (value >> 8) & 0xFF; 1516 buf[3] = value & 0xFF; 1517 1518 vnc_write(vs, buf, 4); 1519 } 1520 1521 void vnc_write_u16(VncState *vs, uint16_t value) 1522 { 1523 uint8_t buf[2]; 1524 1525 buf[0] = (value >> 8) & 0xFF; 1526 buf[1] = value & 0xFF; 1527 1528 vnc_write(vs, buf, 2); 1529 } 1530 1531 void vnc_write_u8(VncState *vs, uint8_t value) 1532 { 1533 vnc_write(vs, (char *)&value, 1); 1534 } 1535 1536 void vnc_flush(VncState *vs) 1537 { 1538 vnc_lock_output(vs); 1539 if (vs->ioc != NULL && vs->output.offset) { 1540 vnc_client_write_locked(vs); 1541 } 1542 vnc_unlock_output(vs); 1543 } 1544 1545 static uint8_t read_u8(uint8_t *data, size_t offset) 1546 { 1547 return data[offset]; 1548 } 1549 1550 static uint16_t read_u16(uint8_t *data, size_t offset) 1551 { 1552 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1553 } 1554 1555 static int32_t read_s32(uint8_t *data, size_t offset) 1556 { 1557 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1558 (data[offset + 2] << 8) | data[offset + 3]); 1559 } 1560 1561 uint32_t read_u32(uint8_t *data, size_t offset) 1562 { 1563 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1564 (data[offset + 2] << 8) | data[offset + 3]); 1565 } 1566 1567 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1568 { 1569 } 1570 1571 static void check_pointer_type_change(Notifier *notifier, void *data) 1572 { 1573 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1574 int absolute = qemu_input_is_absolute(); 1575 1576 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1577 vnc_lock_output(vs); 1578 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1579 vnc_write_u8(vs, 0); 1580 vnc_write_u16(vs, 1); 1581 vnc_framebuffer_update(vs, absolute, 0, 1582 pixman_image_get_width(vs->vd->server), 1583 pixman_image_get_height(vs->vd->server), 1584 VNC_ENCODING_POINTER_TYPE_CHANGE); 1585 vnc_unlock_output(vs); 1586 vnc_flush(vs); 1587 } 1588 vs->absolute = absolute; 1589 } 1590 1591 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1592 { 1593 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1594 [INPUT_BUTTON_LEFT] = 0x01, 1595 [INPUT_BUTTON_MIDDLE] = 0x02, 1596 [INPUT_BUTTON_RIGHT] = 0x04, 1597 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1598 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1599 }; 1600 QemuConsole *con = vs->vd->dcl.con; 1601 int width = pixman_image_get_width(vs->vd->server); 1602 int height = pixman_image_get_height(vs->vd->server); 1603 1604 if (vs->last_bmask != button_mask) { 1605 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1606 vs->last_bmask = button_mask; 1607 } 1608 1609 if (vs->absolute) { 1610 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1611 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1612 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1613 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1614 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1615 } else { 1616 if (vs->last_x != -1) { 1617 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1618 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1619 } 1620 vs->last_x = x; 1621 vs->last_y = y; 1622 } 1623 qemu_input_event_sync(); 1624 } 1625 1626 static void reset_keys(VncState *vs) 1627 { 1628 int i; 1629 for(i = 0; i < 256; i++) { 1630 if (vs->modifiers_state[i]) { 1631 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1632 vs->modifiers_state[i] = 0; 1633 } 1634 } 1635 } 1636 1637 static void press_key(VncState *vs, int keysym) 1638 { 1639 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1640 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1641 qemu_input_event_send_key_delay(0); 1642 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1643 qemu_input_event_send_key_delay(0); 1644 } 1645 1646 static int current_led_state(VncState *vs) 1647 { 1648 int ledstate = 0; 1649 1650 if (vs->modifiers_state[0x46]) { 1651 ledstate |= QEMU_SCROLL_LOCK_LED; 1652 } 1653 if (vs->modifiers_state[0x45]) { 1654 ledstate |= QEMU_NUM_LOCK_LED; 1655 } 1656 if (vs->modifiers_state[0x3a]) { 1657 ledstate |= QEMU_CAPS_LOCK_LED; 1658 } 1659 1660 return ledstate; 1661 } 1662 1663 static void vnc_led_state_change(VncState *vs) 1664 { 1665 int ledstate = 0; 1666 1667 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1668 return; 1669 } 1670 1671 ledstate = current_led_state(vs); 1672 vnc_lock_output(vs); 1673 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1674 vnc_write_u8(vs, 0); 1675 vnc_write_u16(vs, 1); 1676 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1677 vnc_write_u8(vs, ledstate); 1678 vnc_unlock_output(vs); 1679 vnc_flush(vs); 1680 } 1681 1682 static void kbd_leds(void *opaque, int ledstate) 1683 { 1684 VncState *vs = opaque; 1685 int caps, num, scr; 1686 bool has_changed = (ledstate != current_led_state(vs)); 1687 1688 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1689 (ledstate & QEMU_NUM_LOCK_LED), 1690 (ledstate & QEMU_SCROLL_LOCK_LED)); 1691 1692 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1693 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1694 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1695 1696 if (vs->modifiers_state[0x3a] != caps) { 1697 vs->modifiers_state[0x3a] = caps; 1698 } 1699 if (vs->modifiers_state[0x45] != num) { 1700 vs->modifiers_state[0x45] = num; 1701 } 1702 if (vs->modifiers_state[0x46] != scr) { 1703 vs->modifiers_state[0x46] = scr; 1704 } 1705 1706 /* Sending the current led state message to the client */ 1707 if (has_changed) { 1708 vnc_led_state_change(vs); 1709 } 1710 } 1711 1712 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1713 { 1714 /* QEMU console switch */ 1715 switch(keycode) { 1716 case 0x2a: /* Left Shift */ 1717 case 0x36: /* Right Shift */ 1718 case 0x1d: /* Left CTRL */ 1719 case 0x9d: /* Right CTRL */ 1720 case 0x38: /* Left ALT */ 1721 case 0xb8: /* Right ALT */ 1722 if (down) 1723 vs->modifiers_state[keycode] = 1; 1724 else 1725 vs->modifiers_state[keycode] = 0; 1726 break; 1727 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1728 if (vs->vd->dcl.con == NULL && 1729 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1730 /* Reset the modifiers sent to the current console */ 1731 reset_keys(vs); 1732 console_select(keycode - 0x02); 1733 return; 1734 } 1735 break; 1736 case 0x3a: /* CapsLock */ 1737 case 0x45: /* NumLock */ 1738 if (down) 1739 vs->modifiers_state[keycode] ^= 1; 1740 break; 1741 } 1742 1743 /* Turn off the lock state sync logic if the client support the led 1744 state extension. 1745 */ 1746 if (down && vs->vd->lock_key_sync && 1747 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1748 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1749 /* If the numlock state needs to change then simulate an additional 1750 keypress before sending this one. This will happen if the user 1751 toggles numlock away from the VNC window. 1752 */ 1753 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1754 if (!vs->modifiers_state[0x45]) { 1755 trace_vnc_key_sync_numlock(true); 1756 vs->modifiers_state[0x45] = 1; 1757 press_key(vs, 0xff7f); 1758 } 1759 } else { 1760 if (vs->modifiers_state[0x45]) { 1761 trace_vnc_key_sync_numlock(false); 1762 vs->modifiers_state[0x45] = 0; 1763 press_key(vs, 0xff7f); 1764 } 1765 } 1766 } 1767 1768 if (down && vs->vd->lock_key_sync && 1769 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1770 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1771 /* If the capslock state needs to change then simulate an additional 1772 keypress before sending this one. This will happen if the user 1773 toggles capslock away from the VNC window. 1774 */ 1775 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1776 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1777 int capslock = !!(vs->modifiers_state[0x3a]); 1778 if (capslock) { 1779 if (uppercase == shift) { 1780 trace_vnc_key_sync_capslock(false); 1781 vs->modifiers_state[0x3a] = 0; 1782 press_key(vs, 0xffe5); 1783 } 1784 } else { 1785 if (uppercase != shift) { 1786 trace_vnc_key_sync_capslock(true); 1787 vs->modifiers_state[0x3a] = 1; 1788 press_key(vs, 0xffe5); 1789 } 1790 } 1791 } 1792 1793 if (qemu_console_is_graphic(NULL)) { 1794 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1795 } else { 1796 bool numlock = vs->modifiers_state[0x45]; 1797 bool control = (vs->modifiers_state[0x1d] || 1798 vs->modifiers_state[0x9d]); 1799 /* QEMU console emulation */ 1800 if (down) { 1801 switch (keycode) { 1802 case 0x2a: /* Left Shift */ 1803 case 0x36: /* Right Shift */ 1804 case 0x1d: /* Left CTRL */ 1805 case 0x9d: /* Right CTRL */ 1806 case 0x38: /* Left ALT */ 1807 case 0xb8: /* Right ALT */ 1808 break; 1809 case 0xc8: 1810 kbd_put_keysym(QEMU_KEY_UP); 1811 break; 1812 case 0xd0: 1813 kbd_put_keysym(QEMU_KEY_DOWN); 1814 break; 1815 case 0xcb: 1816 kbd_put_keysym(QEMU_KEY_LEFT); 1817 break; 1818 case 0xcd: 1819 kbd_put_keysym(QEMU_KEY_RIGHT); 1820 break; 1821 case 0xd3: 1822 kbd_put_keysym(QEMU_KEY_DELETE); 1823 break; 1824 case 0xc7: 1825 kbd_put_keysym(QEMU_KEY_HOME); 1826 break; 1827 case 0xcf: 1828 kbd_put_keysym(QEMU_KEY_END); 1829 break; 1830 case 0xc9: 1831 kbd_put_keysym(QEMU_KEY_PAGEUP); 1832 break; 1833 case 0xd1: 1834 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1835 break; 1836 1837 case 0x47: 1838 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1839 break; 1840 case 0x48: 1841 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1842 break; 1843 case 0x49: 1844 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1845 break; 1846 case 0x4b: 1847 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1848 break; 1849 case 0x4c: 1850 kbd_put_keysym('5'); 1851 break; 1852 case 0x4d: 1853 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1854 break; 1855 case 0x4f: 1856 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1857 break; 1858 case 0x50: 1859 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1860 break; 1861 case 0x51: 1862 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1863 break; 1864 case 0x52: 1865 kbd_put_keysym('0'); 1866 break; 1867 case 0x53: 1868 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1869 break; 1870 1871 case 0xb5: 1872 kbd_put_keysym('/'); 1873 break; 1874 case 0x37: 1875 kbd_put_keysym('*'); 1876 break; 1877 case 0x4a: 1878 kbd_put_keysym('-'); 1879 break; 1880 case 0x4e: 1881 kbd_put_keysym('+'); 1882 break; 1883 case 0x9c: 1884 kbd_put_keysym('\n'); 1885 break; 1886 1887 default: 1888 if (control) { 1889 kbd_put_keysym(sym & 0x1f); 1890 } else { 1891 kbd_put_keysym(sym); 1892 } 1893 break; 1894 } 1895 } 1896 } 1897 } 1898 1899 static void vnc_release_modifiers(VncState *vs) 1900 { 1901 static const int keycodes[] = { 1902 /* shift, control, alt keys, both left & right */ 1903 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1904 }; 1905 int i, keycode; 1906 1907 if (!qemu_console_is_graphic(NULL)) { 1908 return; 1909 } 1910 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1911 keycode = keycodes[i]; 1912 if (!vs->modifiers_state[keycode]) { 1913 continue; 1914 } 1915 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1916 } 1917 } 1918 1919 static const char *code2name(int keycode) 1920 { 1921 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1922 } 1923 1924 static void key_event(VncState *vs, int down, uint32_t sym) 1925 { 1926 int keycode; 1927 int lsym = sym; 1928 1929 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1930 lsym = lsym - 'A' + 'a'; 1931 } 1932 1933 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1934 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1935 do_key_event(vs, down, keycode, sym); 1936 } 1937 1938 static void ext_key_event(VncState *vs, int down, 1939 uint32_t sym, uint16_t keycode) 1940 { 1941 /* if the user specifies a keyboard layout, always use it */ 1942 if (keyboard_layout) { 1943 key_event(vs, down, sym); 1944 } else { 1945 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1946 do_key_event(vs, down, keycode, sym); 1947 } 1948 } 1949 1950 static void framebuffer_update_request(VncState *vs, int incremental, 1951 int x, int y, int w, int h) 1952 { 1953 vs->need_update = 1; 1954 1955 if (incremental) { 1956 return; 1957 } 1958 1959 vs->force_update = 1; 1960 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 1961 } 1962 1963 static void send_ext_key_event_ack(VncState *vs) 1964 { 1965 vnc_lock_output(vs); 1966 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1967 vnc_write_u8(vs, 0); 1968 vnc_write_u16(vs, 1); 1969 vnc_framebuffer_update(vs, 0, 0, 1970 pixman_image_get_width(vs->vd->server), 1971 pixman_image_get_height(vs->vd->server), 1972 VNC_ENCODING_EXT_KEY_EVENT); 1973 vnc_unlock_output(vs); 1974 vnc_flush(vs); 1975 } 1976 1977 static void send_ext_audio_ack(VncState *vs) 1978 { 1979 vnc_lock_output(vs); 1980 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1981 vnc_write_u8(vs, 0); 1982 vnc_write_u16(vs, 1); 1983 vnc_framebuffer_update(vs, 0, 0, 1984 pixman_image_get_width(vs->vd->server), 1985 pixman_image_get_height(vs->vd->server), 1986 VNC_ENCODING_AUDIO); 1987 vnc_unlock_output(vs); 1988 vnc_flush(vs); 1989 } 1990 1991 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1992 { 1993 int i; 1994 unsigned int enc = 0; 1995 1996 vs->features = 0; 1997 vs->vnc_encoding = 0; 1998 vs->tight.compression = 9; 1999 vs->tight.quality = -1; /* Lossless by default */ 2000 vs->absolute = -1; 2001 2002 /* 2003 * Start from the end because the encodings are sent in order of preference. 2004 * This way the preferred encoding (first encoding defined in the array) 2005 * will be set at the end of the loop. 2006 */ 2007 for (i = n_encodings - 1; i >= 0; i--) { 2008 enc = encodings[i]; 2009 switch (enc) { 2010 case VNC_ENCODING_RAW: 2011 vs->vnc_encoding = enc; 2012 break; 2013 case VNC_ENCODING_COPYRECT: 2014 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2015 break; 2016 case VNC_ENCODING_HEXTILE: 2017 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2018 vs->vnc_encoding = enc; 2019 break; 2020 case VNC_ENCODING_TIGHT: 2021 vs->features |= VNC_FEATURE_TIGHT_MASK; 2022 vs->vnc_encoding = enc; 2023 break; 2024 #ifdef CONFIG_VNC_PNG 2025 case VNC_ENCODING_TIGHT_PNG: 2026 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2027 vs->vnc_encoding = enc; 2028 break; 2029 #endif 2030 case VNC_ENCODING_ZLIB: 2031 vs->features |= VNC_FEATURE_ZLIB_MASK; 2032 vs->vnc_encoding = enc; 2033 break; 2034 case VNC_ENCODING_ZRLE: 2035 vs->features |= VNC_FEATURE_ZRLE_MASK; 2036 vs->vnc_encoding = enc; 2037 break; 2038 case VNC_ENCODING_ZYWRLE: 2039 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2040 vs->vnc_encoding = enc; 2041 break; 2042 case VNC_ENCODING_DESKTOPRESIZE: 2043 vs->features |= VNC_FEATURE_RESIZE_MASK; 2044 break; 2045 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2046 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2047 break; 2048 case VNC_ENCODING_RICH_CURSOR: 2049 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2050 if (vs->vd->cursor) { 2051 vnc_cursor_define(vs); 2052 } 2053 break; 2054 case VNC_ENCODING_EXT_KEY_EVENT: 2055 send_ext_key_event_ack(vs); 2056 break; 2057 case VNC_ENCODING_AUDIO: 2058 send_ext_audio_ack(vs); 2059 break; 2060 case VNC_ENCODING_WMVi: 2061 vs->features |= VNC_FEATURE_WMVI_MASK; 2062 break; 2063 case VNC_ENCODING_LED_STATE: 2064 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2065 break; 2066 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2067 vs->tight.compression = (enc & 0x0F); 2068 break; 2069 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2070 if (vs->vd->lossy) { 2071 vs->tight.quality = (enc & 0x0F); 2072 } 2073 break; 2074 default: 2075 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2076 break; 2077 } 2078 } 2079 vnc_desktop_resize(vs); 2080 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2081 vnc_led_state_change(vs); 2082 } 2083 2084 static void set_pixel_conversion(VncState *vs) 2085 { 2086 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2087 2088 if (fmt == VNC_SERVER_FB_FORMAT) { 2089 vs->write_pixels = vnc_write_pixels_copy; 2090 vnc_hextile_set_pixel_conversion(vs, 0); 2091 } else { 2092 vs->write_pixels = vnc_write_pixels_generic; 2093 vnc_hextile_set_pixel_conversion(vs, 1); 2094 } 2095 } 2096 2097 static void set_pixel_format(VncState *vs, 2098 int bits_per_pixel, int depth, 2099 int big_endian_flag, int true_color_flag, 2100 int red_max, int green_max, int blue_max, 2101 int red_shift, int green_shift, int blue_shift) 2102 { 2103 if (!true_color_flag) { 2104 vnc_client_error(vs); 2105 return; 2106 } 2107 2108 switch (bits_per_pixel) { 2109 case 8: 2110 case 16: 2111 case 32: 2112 break; 2113 default: 2114 vnc_client_error(vs); 2115 return; 2116 } 2117 2118 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2119 vs->client_pf.rbits = hweight_long(red_max); 2120 vs->client_pf.rshift = red_shift; 2121 vs->client_pf.rmask = red_max << red_shift; 2122 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2123 vs->client_pf.gbits = hweight_long(green_max); 2124 vs->client_pf.gshift = green_shift; 2125 vs->client_pf.gmask = green_max << green_shift; 2126 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2127 vs->client_pf.bbits = hweight_long(blue_max); 2128 vs->client_pf.bshift = blue_shift; 2129 vs->client_pf.bmask = blue_max << blue_shift; 2130 vs->client_pf.bits_per_pixel = bits_per_pixel; 2131 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2132 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2133 vs->client_be = big_endian_flag; 2134 2135 set_pixel_conversion(vs); 2136 2137 graphic_hw_invalidate(vs->vd->dcl.con); 2138 graphic_hw_update(vs->vd->dcl.con); 2139 } 2140 2141 static void pixel_format_message (VncState *vs) { 2142 char pad[3] = { 0, 0, 0 }; 2143 2144 vs->client_pf = qemu_default_pixelformat(32); 2145 2146 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2147 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2148 2149 #ifdef HOST_WORDS_BIGENDIAN 2150 vnc_write_u8(vs, 1); /* big-endian-flag */ 2151 #else 2152 vnc_write_u8(vs, 0); /* big-endian-flag */ 2153 #endif 2154 vnc_write_u8(vs, 1); /* true-color-flag */ 2155 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2156 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2157 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2158 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2159 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2160 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2161 vnc_write(vs, pad, 3); /* padding */ 2162 2163 vnc_hextile_set_pixel_conversion(vs, 0); 2164 vs->write_pixels = vnc_write_pixels_copy; 2165 } 2166 2167 static void vnc_colordepth(VncState *vs) 2168 { 2169 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2170 /* Sending a WMVi message to notify the client*/ 2171 vnc_lock_output(vs); 2172 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2173 vnc_write_u8(vs, 0); 2174 vnc_write_u16(vs, 1); /* number of rects */ 2175 vnc_framebuffer_update(vs, 0, 0, 2176 pixman_image_get_width(vs->vd->server), 2177 pixman_image_get_height(vs->vd->server), 2178 VNC_ENCODING_WMVi); 2179 pixel_format_message(vs); 2180 vnc_unlock_output(vs); 2181 vnc_flush(vs); 2182 } else { 2183 set_pixel_conversion(vs); 2184 } 2185 } 2186 2187 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2188 { 2189 int i; 2190 uint16_t limit; 2191 VncDisplay *vd = vs->vd; 2192 2193 if (data[0] > 3) { 2194 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2195 } 2196 2197 switch (data[0]) { 2198 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2199 if (len == 1) 2200 return 20; 2201 2202 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2203 read_u8(data, 6), read_u8(data, 7), 2204 read_u16(data, 8), read_u16(data, 10), 2205 read_u16(data, 12), read_u8(data, 14), 2206 read_u8(data, 15), read_u8(data, 16)); 2207 break; 2208 case VNC_MSG_CLIENT_SET_ENCODINGS: 2209 if (len == 1) 2210 return 4; 2211 2212 if (len == 4) { 2213 limit = read_u16(data, 2); 2214 if (limit > 0) 2215 return 4 + (limit * 4); 2216 } else 2217 limit = read_u16(data, 2); 2218 2219 for (i = 0; i < limit; i++) { 2220 int32_t val = read_s32(data, 4 + (i * 4)); 2221 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2222 } 2223 2224 set_encodings(vs, (int32_t *)(data + 4), limit); 2225 break; 2226 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2227 if (len == 1) 2228 return 10; 2229 2230 framebuffer_update_request(vs, 2231 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2232 read_u16(data, 6), read_u16(data, 8)); 2233 break; 2234 case VNC_MSG_CLIENT_KEY_EVENT: 2235 if (len == 1) 2236 return 8; 2237 2238 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2239 break; 2240 case VNC_MSG_CLIENT_POINTER_EVENT: 2241 if (len == 1) 2242 return 6; 2243 2244 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2245 break; 2246 case VNC_MSG_CLIENT_CUT_TEXT: 2247 if (len == 1) { 2248 return 8; 2249 } 2250 if (len == 8) { 2251 uint32_t dlen = read_u32(data, 4); 2252 if (dlen > (1 << 20)) { 2253 error_report("vnc: client_cut_text msg payload has %u bytes" 2254 " which exceeds our limit of 1MB.", dlen); 2255 vnc_client_error(vs); 2256 break; 2257 } 2258 if (dlen > 0) { 2259 return 8 + dlen; 2260 } 2261 } 2262 2263 client_cut_text(vs, read_u32(data, 4), data + 8); 2264 break; 2265 case VNC_MSG_CLIENT_QEMU: 2266 if (len == 1) 2267 return 2; 2268 2269 switch (read_u8(data, 1)) { 2270 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2271 if (len == 2) 2272 return 12; 2273 2274 ext_key_event(vs, read_u16(data, 2), 2275 read_u32(data, 4), read_u32(data, 8)); 2276 break; 2277 case VNC_MSG_CLIENT_QEMU_AUDIO: 2278 if (len == 2) 2279 return 4; 2280 2281 switch (read_u16 (data, 2)) { 2282 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2283 audio_add(vs); 2284 break; 2285 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2286 audio_del(vs); 2287 break; 2288 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2289 if (len == 4) 2290 return 10; 2291 switch (read_u8(data, 4)) { 2292 case 0: vs->as.fmt = AUD_FMT_U8; break; 2293 case 1: vs->as.fmt = AUD_FMT_S8; break; 2294 case 2: vs->as.fmt = AUD_FMT_U16; break; 2295 case 3: vs->as.fmt = AUD_FMT_S16; break; 2296 case 4: vs->as.fmt = AUD_FMT_U32; break; 2297 case 5: vs->as.fmt = AUD_FMT_S32; break; 2298 default: 2299 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2300 vnc_client_error(vs); 2301 break; 2302 } 2303 vs->as.nchannels = read_u8(data, 5); 2304 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2305 VNC_DEBUG("Invalid audio channel coount %d\n", 2306 read_u8(data, 5)); 2307 vnc_client_error(vs); 2308 break; 2309 } 2310 vs->as.freq = read_u32(data, 6); 2311 break; 2312 default: 2313 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2314 vnc_client_error(vs); 2315 break; 2316 } 2317 break; 2318 2319 default: 2320 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2321 vnc_client_error(vs); 2322 break; 2323 } 2324 break; 2325 default: 2326 VNC_DEBUG("Msg: %d\n", data[0]); 2327 vnc_client_error(vs); 2328 break; 2329 } 2330 2331 vnc_read_when(vs, protocol_client_msg, 1); 2332 return 0; 2333 } 2334 2335 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2336 { 2337 char buf[1024]; 2338 VncShareMode mode; 2339 int size; 2340 2341 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2342 switch (vs->vd->share_policy) { 2343 case VNC_SHARE_POLICY_IGNORE: 2344 /* 2345 * Ignore the shared flag. Nothing to do here. 2346 * 2347 * Doesn't conform to the rfb spec but is traditional qemu 2348 * behavior, thus left here as option for compatibility 2349 * reasons. 2350 */ 2351 break; 2352 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2353 /* 2354 * Policy: Allow clients ask for exclusive access. 2355 * 2356 * Implementation: When a client asks for exclusive access, 2357 * disconnect all others. Shared connects are allowed as long 2358 * as no exclusive connection exists. 2359 * 2360 * This is how the rfb spec suggests to handle the shared flag. 2361 */ 2362 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2363 VncState *client; 2364 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2365 if (vs == client) { 2366 continue; 2367 } 2368 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2369 client->share_mode != VNC_SHARE_MODE_SHARED) { 2370 continue; 2371 } 2372 vnc_disconnect_start(client); 2373 } 2374 } 2375 if (mode == VNC_SHARE_MODE_SHARED) { 2376 if (vs->vd->num_exclusive > 0) { 2377 vnc_disconnect_start(vs); 2378 return 0; 2379 } 2380 } 2381 break; 2382 case VNC_SHARE_POLICY_FORCE_SHARED: 2383 /* 2384 * Policy: Shared connects only. 2385 * Implementation: Disallow clients asking for exclusive access. 2386 * 2387 * Useful for shared desktop sessions where you don't want 2388 * someone forgetting to say -shared when running the vnc 2389 * client disconnect everybody else. 2390 */ 2391 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2392 vnc_disconnect_start(vs); 2393 return 0; 2394 } 2395 break; 2396 } 2397 vnc_set_share_mode(vs, mode); 2398 2399 if (vs->vd->num_shared > vs->vd->connections_limit) { 2400 vnc_disconnect_start(vs); 2401 return 0; 2402 } 2403 2404 vs->client_width = pixman_image_get_width(vs->vd->server); 2405 vs->client_height = pixman_image_get_height(vs->vd->server); 2406 vnc_write_u16(vs, vs->client_width); 2407 vnc_write_u16(vs, vs->client_height); 2408 2409 pixel_format_message(vs); 2410 2411 if (qemu_name) 2412 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2413 else 2414 size = snprintf(buf, sizeof(buf), "QEMU"); 2415 2416 vnc_write_u32(vs, size); 2417 vnc_write(vs, buf, size); 2418 vnc_flush(vs); 2419 2420 vnc_client_cache_auth(vs); 2421 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2422 2423 vnc_read_when(vs, protocol_client_msg, 1); 2424 2425 return 0; 2426 } 2427 2428 void start_client_init(VncState *vs) 2429 { 2430 vnc_read_when(vs, protocol_client_init, 1); 2431 } 2432 2433 static void make_challenge(VncState *vs) 2434 { 2435 int i; 2436 2437 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2438 2439 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2440 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2441 } 2442 2443 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2444 { 2445 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2446 size_t i, pwlen; 2447 unsigned char key[8]; 2448 time_t now = time(NULL); 2449 QCryptoCipher *cipher = NULL; 2450 Error *err = NULL; 2451 2452 if (!vs->vd->password) { 2453 VNC_DEBUG("No password configured on server"); 2454 goto reject; 2455 } 2456 if (vs->vd->expires < now) { 2457 VNC_DEBUG("Password is expired"); 2458 goto reject; 2459 } 2460 2461 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2462 2463 /* Calculate the expected challenge response */ 2464 pwlen = strlen(vs->vd->password); 2465 for (i=0; i<sizeof(key); i++) 2466 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2467 2468 cipher = qcrypto_cipher_new( 2469 QCRYPTO_CIPHER_ALG_DES_RFB, 2470 QCRYPTO_CIPHER_MODE_ECB, 2471 key, G_N_ELEMENTS(key), 2472 &err); 2473 if (!cipher) { 2474 VNC_DEBUG("Cannot initialize cipher %s", 2475 error_get_pretty(err)); 2476 error_free(err); 2477 goto reject; 2478 } 2479 2480 if (qcrypto_cipher_encrypt(cipher, 2481 vs->challenge, 2482 response, 2483 VNC_AUTH_CHALLENGE_SIZE, 2484 &err) < 0) { 2485 VNC_DEBUG("Cannot encrypt challenge %s", 2486 error_get_pretty(err)); 2487 error_free(err); 2488 goto reject; 2489 } 2490 2491 /* Compare expected vs actual challenge response */ 2492 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2493 VNC_DEBUG("Client challenge response did not match\n"); 2494 goto reject; 2495 } else { 2496 VNC_DEBUG("Accepting VNC challenge response\n"); 2497 vnc_write_u32(vs, 0); /* Accept auth */ 2498 vnc_flush(vs); 2499 2500 start_client_init(vs); 2501 } 2502 2503 qcrypto_cipher_free(cipher); 2504 return 0; 2505 2506 reject: 2507 vnc_write_u32(vs, 1); /* Reject auth */ 2508 if (vs->minor >= 8) { 2509 static const char err[] = "Authentication failed"; 2510 vnc_write_u32(vs, sizeof(err)); 2511 vnc_write(vs, err, sizeof(err)); 2512 } 2513 vnc_flush(vs); 2514 vnc_client_error(vs); 2515 qcrypto_cipher_free(cipher); 2516 return 0; 2517 } 2518 2519 void start_auth_vnc(VncState *vs) 2520 { 2521 make_challenge(vs); 2522 /* Send client a 'random' challenge */ 2523 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2524 vnc_flush(vs); 2525 2526 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2527 } 2528 2529 2530 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2531 { 2532 /* We only advertise 1 auth scheme at a time, so client 2533 * must pick the one we sent. Verify this */ 2534 if (data[0] != vs->auth) { /* Reject auth */ 2535 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2536 vnc_write_u32(vs, 1); 2537 if (vs->minor >= 8) { 2538 static const char err[] = "Authentication failed"; 2539 vnc_write_u32(vs, sizeof(err)); 2540 vnc_write(vs, err, sizeof(err)); 2541 } 2542 vnc_client_error(vs); 2543 } else { /* Accept requested auth */ 2544 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2545 switch (vs->auth) { 2546 case VNC_AUTH_NONE: 2547 VNC_DEBUG("Accept auth none\n"); 2548 if (vs->minor >= 8) { 2549 vnc_write_u32(vs, 0); /* Accept auth completion */ 2550 vnc_flush(vs); 2551 } 2552 start_client_init(vs); 2553 break; 2554 2555 case VNC_AUTH_VNC: 2556 VNC_DEBUG("Start VNC auth\n"); 2557 start_auth_vnc(vs); 2558 break; 2559 2560 case VNC_AUTH_VENCRYPT: 2561 VNC_DEBUG("Accept VeNCrypt auth\n"); 2562 start_auth_vencrypt(vs); 2563 break; 2564 2565 #ifdef CONFIG_VNC_SASL 2566 case VNC_AUTH_SASL: 2567 VNC_DEBUG("Accept SASL auth\n"); 2568 start_auth_sasl(vs); 2569 break; 2570 #endif /* CONFIG_VNC_SASL */ 2571 2572 default: /* Should not be possible, but just in case */ 2573 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2574 vnc_write_u8(vs, 1); 2575 if (vs->minor >= 8) { 2576 static const char err[] = "Authentication failed"; 2577 vnc_write_u32(vs, sizeof(err)); 2578 vnc_write(vs, err, sizeof(err)); 2579 } 2580 vnc_client_error(vs); 2581 } 2582 } 2583 return 0; 2584 } 2585 2586 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2587 { 2588 char local[13]; 2589 2590 memcpy(local, version, 12); 2591 local[12] = 0; 2592 2593 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2594 VNC_DEBUG("Malformed protocol version %s\n", local); 2595 vnc_client_error(vs); 2596 return 0; 2597 } 2598 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2599 if (vs->major != 3 || 2600 (vs->minor != 3 && 2601 vs->minor != 4 && 2602 vs->minor != 5 && 2603 vs->minor != 7 && 2604 vs->minor != 8)) { 2605 VNC_DEBUG("Unsupported client version\n"); 2606 vnc_write_u32(vs, VNC_AUTH_INVALID); 2607 vnc_flush(vs); 2608 vnc_client_error(vs); 2609 return 0; 2610 } 2611 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2612 * as equivalent to v3.3 by servers 2613 */ 2614 if (vs->minor == 4 || vs->minor == 5) 2615 vs->minor = 3; 2616 2617 if (vs->minor == 3) { 2618 if (vs->auth == VNC_AUTH_NONE) { 2619 VNC_DEBUG("Tell client auth none\n"); 2620 vnc_write_u32(vs, vs->auth); 2621 vnc_flush(vs); 2622 start_client_init(vs); 2623 } else if (vs->auth == VNC_AUTH_VNC) { 2624 VNC_DEBUG("Tell client VNC auth\n"); 2625 vnc_write_u32(vs, vs->auth); 2626 vnc_flush(vs); 2627 start_auth_vnc(vs); 2628 } else { 2629 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2630 vnc_write_u32(vs, VNC_AUTH_INVALID); 2631 vnc_flush(vs); 2632 vnc_client_error(vs); 2633 } 2634 } else { 2635 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2636 vnc_write_u8(vs, 1); /* num auth */ 2637 vnc_write_u8(vs, vs->auth); 2638 vnc_read_when(vs, protocol_client_auth, 1); 2639 vnc_flush(vs); 2640 } 2641 2642 return 0; 2643 } 2644 2645 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2646 { 2647 struct VncSurface *vs = &vd->guest; 2648 2649 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2650 } 2651 2652 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2653 { 2654 int i, j; 2655 2656 w = (x + w) / VNC_STAT_RECT; 2657 h = (y + h) / VNC_STAT_RECT; 2658 x /= VNC_STAT_RECT; 2659 y /= VNC_STAT_RECT; 2660 2661 for (j = y; j <= h; j++) { 2662 for (i = x; i <= w; i++) { 2663 vs->lossy_rect[j][i] = 1; 2664 } 2665 } 2666 } 2667 2668 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2669 { 2670 VncState *vs; 2671 int sty = y / VNC_STAT_RECT; 2672 int stx = x / VNC_STAT_RECT; 2673 int has_dirty = 0; 2674 2675 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2676 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2677 2678 QTAILQ_FOREACH(vs, &vd->clients, next) { 2679 int j; 2680 2681 /* kernel send buffers are full -> refresh later */ 2682 if (vs->output.offset) { 2683 continue; 2684 } 2685 2686 if (!vs->lossy_rect[sty][stx]) { 2687 continue; 2688 } 2689 2690 vs->lossy_rect[sty][stx] = 0; 2691 for (j = 0; j < VNC_STAT_RECT; ++j) { 2692 bitmap_set(vs->dirty[y + j], 2693 x / VNC_DIRTY_PIXELS_PER_BIT, 2694 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2695 } 2696 has_dirty++; 2697 } 2698 2699 return has_dirty; 2700 } 2701 2702 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2703 { 2704 int width = pixman_image_get_width(vd->guest.fb); 2705 int height = pixman_image_get_height(vd->guest.fb); 2706 int x, y; 2707 struct timeval res; 2708 int has_dirty = 0; 2709 2710 for (y = 0; y < height; y += VNC_STAT_RECT) { 2711 for (x = 0; x < width; x += VNC_STAT_RECT) { 2712 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2713 2714 rect->updated = false; 2715 } 2716 } 2717 2718 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2719 2720 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2721 return has_dirty; 2722 } 2723 vd->guest.last_freq_check = *tv; 2724 2725 for (y = 0; y < height; y += VNC_STAT_RECT) { 2726 for (x = 0; x < width; x += VNC_STAT_RECT) { 2727 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2728 int count = ARRAY_SIZE(rect->times); 2729 struct timeval min, max; 2730 2731 if (!timerisset(&rect->times[count - 1])) { 2732 continue ; 2733 } 2734 2735 max = rect->times[(rect->idx + count - 1) % count]; 2736 qemu_timersub(tv, &max, &res); 2737 2738 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2739 rect->freq = 0; 2740 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2741 memset(rect->times, 0, sizeof (rect->times)); 2742 continue ; 2743 } 2744 2745 min = rect->times[rect->idx]; 2746 max = rect->times[(rect->idx + count - 1) % count]; 2747 qemu_timersub(&max, &min, &res); 2748 2749 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2750 rect->freq /= count; 2751 rect->freq = 1. / rect->freq; 2752 } 2753 } 2754 return has_dirty; 2755 } 2756 2757 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2758 { 2759 int i, j; 2760 double total = 0; 2761 int num = 0; 2762 2763 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2764 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2765 2766 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2767 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2768 total += vnc_stat_rect(vs->vd, i, j)->freq; 2769 num++; 2770 } 2771 } 2772 2773 if (num) { 2774 return total / num; 2775 } else { 2776 return 0; 2777 } 2778 } 2779 2780 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2781 { 2782 VncRectStat *rect; 2783 2784 rect = vnc_stat_rect(vd, x, y); 2785 if (rect->updated) { 2786 return ; 2787 } 2788 rect->times[rect->idx] = *tv; 2789 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2790 rect->updated = true; 2791 } 2792 2793 static int vnc_refresh_server_surface(VncDisplay *vd) 2794 { 2795 int width = MIN(pixman_image_get_width(vd->guest.fb), 2796 pixman_image_get_width(vd->server)); 2797 int height = MIN(pixman_image_get_height(vd->guest.fb), 2798 pixman_image_get_height(vd->server)); 2799 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 2800 uint8_t *guest_row0 = NULL, *server_row0; 2801 VncState *vs; 2802 int has_dirty = 0; 2803 pixman_image_t *tmpbuf = NULL; 2804 2805 struct timeval tv = { 0, 0 }; 2806 2807 if (!vd->non_adaptive) { 2808 gettimeofday(&tv, NULL); 2809 has_dirty = vnc_update_stats(vd, &tv); 2810 } 2811 2812 /* 2813 * Walk through the guest dirty map. 2814 * Check and copy modified bits from guest to server surface. 2815 * Update server dirty map. 2816 */ 2817 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2818 server_stride = guest_stride = guest_ll = 2819 pixman_image_get_stride(vd->server); 2820 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2821 server_stride); 2822 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2823 int width = pixman_image_get_width(vd->server); 2824 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2825 } else { 2826 int guest_bpp = 2827 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 2828 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2829 guest_stride = pixman_image_get_stride(vd->guest.fb); 2830 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8); 2831 } 2832 line_bytes = MIN(server_stride, guest_ll); 2833 2834 for (;;) { 2835 int x; 2836 uint8_t *guest_ptr, *server_ptr; 2837 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2838 height * VNC_DIRTY_BPL(&vd->guest), 2839 y * VNC_DIRTY_BPL(&vd->guest)); 2840 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2841 /* no more dirty bits */ 2842 break; 2843 } 2844 y = offset / VNC_DIRTY_BPL(&vd->guest); 2845 x = offset % VNC_DIRTY_BPL(&vd->guest); 2846 2847 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2848 2849 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2850 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2851 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2852 } else { 2853 guest_ptr = guest_row0 + y * guest_stride; 2854 } 2855 guest_ptr += x * cmp_bytes; 2856 2857 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2858 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2859 int _cmp_bytes = cmp_bytes; 2860 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2861 continue; 2862 } 2863 if ((x + 1) * cmp_bytes > line_bytes) { 2864 _cmp_bytes = line_bytes - x * cmp_bytes; 2865 } 2866 assert(_cmp_bytes >= 0); 2867 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2868 continue; 2869 } 2870 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2871 if (!vd->non_adaptive) { 2872 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2873 y, &tv); 2874 } 2875 QTAILQ_FOREACH(vs, &vd->clients, next) { 2876 set_bit(x, vs->dirty[y]); 2877 } 2878 has_dirty++; 2879 } 2880 2881 y++; 2882 } 2883 qemu_pixman_image_unref(tmpbuf); 2884 return has_dirty; 2885 } 2886 2887 static void vnc_refresh(DisplayChangeListener *dcl) 2888 { 2889 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2890 VncState *vs, *vn; 2891 int has_dirty, rects = 0; 2892 2893 if (QTAILQ_EMPTY(&vd->clients)) { 2894 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2895 return; 2896 } 2897 2898 graphic_hw_update(vd->dcl.con); 2899 2900 if (vnc_trylock_display(vd)) { 2901 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2902 return; 2903 } 2904 2905 has_dirty = vnc_refresh_server_surface(vd); 2906 vnc_unlock_display(vd); 2907 2908 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2909 rects += vnc_update_client(vs, has_dirty, false); 2910 /* vs might be free()ed here */ 2911 } 2912 2913 if (has_dirty && rects) { 2914 vd->dcl.update_interval /= 2; 2915 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2916 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2917 } 2918 } else { 2919 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2920 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2921 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2922 } 2923 } 2924 } 2925 2926 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 2927 bool skipauth, bool websocket) 2928 { 2929 VncState *vs = g_new0(VncState, 1); 2930 int i; 2931 2932 vs->sioc = sioc; 2933 object_ref(OBJECT(vs->sioc)); 2934 vs->ioc = QIO_CHANNEL(sioc); 2935 object_ref(OBJECT(vs->ioc)); 2936 vs->vd = vd; 2937 2938 buffer_init(&vs->input, "vnc-input/%p", sioc); 2939 buffer_init(&vs->output, "vnc-output/%p", sioc); 2940 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 2941 2942 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc); 2943 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc); 2944 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc); 2945 #ifdef CONFIG_VNC_JPEG 2946 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc); 2947 #endif 2948 #ifdef CONFIG_VNC_PNG 2949 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc); 2950 #endif 2951 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 2952 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc); 2953 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc); 2954 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc); 2955 2956 if (skipauth) { 2957 vs->auth = VNC_AUTH_NONE; 2958 vs->subauth = VNC_AUTH_INVALID; 2959 } else { 2960 if (websocket) { 2961 vs->auth = vd->ws_auth; 2962 vs->subauth = VNC_AUTH_INVALID; 2963 } else { 2964 vs->auth = vd->auth; 2965 vs->subauth = vd->subauth; 2966 } 2967 } 2968 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 2969 sioc, websocket, vs->auth, vs->subauth); 2970 2971 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2972 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2973 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 2974 } 2975 2976 VNC_DEBUG("New client on socket %p\n", vs->sioc); 2977 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2978 qio_channel_set_blocking(vs->ioc, false, NULL); 2979 if (websocket) { 2980 vs->websocket = 1; 2981 if (vd->ws_tls) { 2982 vs->ioc_tag = qio_channel_add_watch( 2983 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); 2984 } else { 2985 vs->ioc_tag = qio_channel_add_watch( 2986 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); 2987 } 2988 } else { 2989 vs->ioc_tag = qio_channel_add_watch( 2990 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 2991 } 2992 2993 vnc_client_cache_addr(vs); 2994 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 2995 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2996 2997 if (!vs->websocket) { 2998 vnc_init_state(vs); 2999 } 3000 3001 if (vd->num_connecting > vd->connections_limit) { 3002 QTAILQ_FOREACH(vs, &vd->clients, next) { 3003 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3004 vnc_disconnect_start(vs); 3005 return; 3006 } 3007 } 3008 } 3009 } 3010 3011 void vnc_init_state(VncState *vs) 3012 { 3013 vs->initialized = true; 3014 VncDisplay *vd = vs->vd; 3015 bool first_client = QTAILQ_EMPTY(&vd->clients); 3016 3017 vs->last_x = -1; 3018 vs->last_y = -1; 3019 3020 vs->as.freq = 44100; 3021 vs->as.nchannels = 2; 3022 vs->as.fmt = AUD_FMT_S16; 3023 vs->as.endianness = 0; 3024 3025 qemu_mutex_init(&vs->output_mutex); 3026 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3027 3028 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3029 if (first_client) { 3030 vnc_update_server_surface(vd); 3031 } 3032 3033 graphic_hw_update(vd->dcl.con); 3034 3035 vnc_write(vs, "RFB 003.008\n", 12); 3036 vnc_flush(vs); 3037 vnc_read_when(vs, protocol_version, 12); 3038 reset_keys(vs); 3039 if (vs->vd->lock_key_sync) 3040 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 3041 3042 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3043 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3044 3045 /* vs might be free()ed here */ 3046 } 3047 3048 static gboolean vnc_listen_io(QIOChannel *ioc, 3049 GIOCondition condition, 3050 void *opaque) 3051 { 3052 VncDisplay *vs = opaque; 3053 QIOChannelSocket *sioc = NULL; 3054 Error *err = NULL; 3055 3056 /* Catch-up */ 3057 graphic_hw_update(vs->dcl.con); 3058 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err); 3059 if (sioc != NULL) { 3060 qio_channel_set_delay(QIO_CHANNEL(sioc), false); 3061 vnc_connect(vs, sioc, false, 3062 ioc != QIO_CHANNEL(vs->lsock)); 3063 object_unref(OBJECT(sioc)); 3064 } else { 3065 /* client probably closed connection before we got there */ 3066 error_free(err); 3067 } 3068 3069 return TRUE; 3070 } 3071 3072 static const DisplayChangeListenerOps dcl_ops = { 3073 .dpy_name = "vnc", 3074 .dpy_refresh = vnc_refresh, 3075 .dpy_gfx_copy = vnc_dpy_copy, 3076 .dpy_gfx_update = vnc_dpy_update, 3077 .dpy_gfx_switch = vnc_dpy_switch, 3078 .dpy_gfx_check_format = qemu_pixman_check_format, 3079 .dpy_mouse_set = vnc_mouse_set, 3080 .dpy_cursor_define = vnc_dpy_cursor_define, 3081 }; 3082 3083 void vnc_display_init(const char *id) 3084 { 3085 VncDisplay *vs; 3086 3087 if (vnc_display_find(id) != NULL) { 3088 return; 3089 } 3090 vs = g_malloc0(sizeof(*vs)); 3091 3092 vs->id = strdup(id); 3093 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next); 3094 3095 QTAILQ_INIT(&vs->clients); 3096 vs->expires = TIME_MAX; 3097 3098 if (keyboard_layout) { 3099 trace_vnc_key_map_init(keyboard_layout); 3100 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 3101 } else { 3102 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 3103 } 3104 3105 if (!vs->kbd_layout) 3106 exit(1); 3107 3108 qemu_mutex_init(&vs->mutex); 3109 vnc_start_worker_thread(); 3110 3111 vs->dcl.ops = &dcl_ops; 3112 register_displaychangelistener(&vs->dcl); 3113 } 3114 3115 3116 static void vnc_display_close(VncDisplay *vs) 3117 { 3118 if (!vs) 3119 return; 3120 vs->enabled = false; 3121 vs->is_unix = false; 3122 if (vs->lsock != NULL) { 3123 if (vs->lsock_tag) { 3124 g_source_remove(vs->lsock_tag); 3125 } 3126 object_unref(OBJECT(vs->lsock)); 3127 vs->lsock = NULL; 3128 } 3129 vs->ws_enabled = false; 3130 if (vs->lwebsock != NULL) { 3131 if (vs->lwebsock_tag) { 3132 g_source_remove(vs->lwebsock_tag); 3133 } 3134 object_unref(OBJECT(vs->lwebsock)); 3135 vs->lwebsock = NULL; 3136 } 3137 vs->auth = VNC_AUTH_INVALID; 3138 vs->subauth = VNC_AUTH_INVALID; 3139 if (vs->tlscreds) { 3140 object_unparent(OBJECT(vs->tlscreds)); 3141 vs->tlscreds = NULL; 3142 } 3143 g_free(vs->tlsaclname); 3144 vs->tlsaclname = NULL; 3145 } 3146 3147 int vnc_display_password(const char *id, const char *password) 3148 { 3149 VncDisplay *vs = vnc_display_find(id); 3150 3151 if (!vs) { 3152 return -EINVAL; 3153 } 3154 if (vs->auth == VNC_AUTH_NONE) { 3155 error_printf_unless_qmp("If you want use passwords please enable " 3156 "password auth using '-vnc ${dpy},password'."); 3157 return -EINVAL; 3158 } 3159 3160 g_free(vs->password); 3161 vs->password = g_strdup(password); 3162 3163 return 0; 3164 } 3165 3166 int vnc_display_pw_expire(const char *id, time_t expires) 3167 { 3168 VncDisplay *vs = vnc_display_find(id); 3169 3170 if (!vs) { 3171 return -EINVAL; 3172 } 3173 3174 vs->expires = expires; 3175 return 0; 3176 } 3177 3178 char *vnc_display_local_addr(const char *id) 3179 { 3180 VncDisplay *vs = vnc_display_find(id); 3181 SocketAddress *addr; 3182 char *ret; 3183 Error *err = NULL; 3184 3185 assert(vs); 3186 3187 addr = qio_channel_socket_get_local_address(vs->lsock, &err); 3188 if (!addr) { 3189 return NULL; 3190 } 3191 3192 if (addr->type != SOCKET_ADDRESS_KIND_INET) { 3193 qapi_free_SocketAddress(addr); 3194 return NULL; 3195 } 3196 ret = g_strdup_printf("%s;%s", addr->u.inet.data->host, 3197 addr->u.inet.data->port); 3198 qapi_free_SocketAddress(addr); 3199 3200 return ret; 3201 } 3202 3203 static QemuOptsList qemu_vnc_opts = { 3204 .name = "vnc", 3205 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3206 .implied_opt_name = "vnc", 3207 .desc = { 3208 { 3209 .name = "vnc", 3210 .type = QEMU_OPT_STRING, 3211 },{ 3212 .name = "websocket", 3213 .type = QEMU_OPT_STRING, 3214 },{ 3215 .name = "tls-creds", 3216 .type = QEMU_OPT_STRING, 3217 },{ 3218 /* Deprecated in favour of tls-creds */ 3219 .name = "x509", 3220 .type = QEMU_OPT_STRING, 3221 },{ 3222 .name = "share", 3223 .type = QEMU_OPT_STRING, 3224 },{ 3225 .name = "display", 3226 .type = QEMU_OPT_STRING, 3227 },{ 3228 .name = "head", 3229 .type = QEMU_OPT_NUMBER, 3230 },{ 3231 .name = "connections", 3232 .type = QEMU_OPT_NUMBER, 3233 },{ 3234 .name = "to", 3235 .type = QEMU_OPT_NUMBER, 3236 },{ 3237 .name = "ipv4", 3238 .type = QEMU_OPT_BOOL, 3239 },{ 3240 .name = "ipv6", 3241 .type = QEMU_OPT_BOOL, 3242 },{ 3243 .name = "password", 3244 .type = QEMU_OPT_BOOL, 3245 },{ 3246 .name = "reverse", 3247 .type = QEMU_OPT_BOOL, 3248 },{ 3249 .name = "lock-key-sync", 3250 .type = QEMU_OPT_BOOL, 3251 },{ 3252 .name = "sasl", 3253 .type = QEMU_OPT_BOOL, 3254 },{ 3255 /* Deprecated in favour of tls-creds */ 3256 .name = "tls", 3257 .type = QEMU_OPT_BOOL, 3258 },{ 3259 /* Deprecated in favour of tls-creds */ 3260 .name = "x509verify", 3261 .type = QEMU_OPT_STRING, 3262 },{ 3263 .name = "acl", 3264 .type = QEMU_OPT_BOOL, 3265 },{ 3266 .name = "lossy", 3267 .type = QEMU_OPT_BOOL, 3268 },{ 3269 .name = "non-adaptive", 3270 .type = QEMU_OPT_BOOL, 3271 }, 3272 { /* end of list */ } 3273 }, 3274 }; 3275 3276 3277 static int 3278 vnc_display_setup_auth(VncDisplay *vs, 3279 bool password, 3280 bool sasl, 3281 bool websocket, 3282 Error **errp) 3283 { 3284 /* 3285 * We have a choice of 3 authentication options 3286 * 3287 * 1. none 3288 * 2. vnc 3289 * 3. sasl 3290 * 3291 * The channel can be run in 2 modes 3292 * 3293 * 1. clear 3294 * 2. tls 3295 * 3296 * And TLS can use 2 types of credentials 3297 * 3298 * 1. anon 3299 * 2. x509 3300 * 3301 * We thus have 9 possible logical combinations 3302 * 3303 * 1. clear + none 3304 * 2. clear + vnc 3305 * 3. clear + sasl 3306 * 4. tls + anon + none 3307 * 5. tls + anon + vnc 3308 * 6. tls + anon + sasl 3309 * 7. tls + x509 + none 3310 * 8. tls + x509 + vnc 3311 * 9. tls + x509 + sasl 3312 * 3313 * These need to be mapped into the VNC auth schemes 3314 * in an appropriate manner. In regular VNC, all the 3315 * TLS options get mapped into VNC_AUTH_VENCRYPT 3316 * sub-auth types. 3317 * 3318 * In websockets, the https:// protocol already provides 3319 * TLS support, so there is no need to make use of the 3320 * VeNCrypt extension. Furthermore, websockets browser 3321 * clients could not use VeNCrypt even if they wanted to, 3322 * as they cannot control when the TLS handshake takes 3323 * place. Thus there is no option but to rely on https://, 3324 * meaning combinations 4->6 and 7->9 will be mapped to 3325 * VNC auth schemes in the same way as combos 1->3. 3326 * 3327 * Regardless of fact that we have a different mapping to 3328 * VNC auth mechs for plain VNC vs websockets VNC, the end 3329 * result has the same security characteristics. 3330 */ 3331 if (password) { 3332 if (vs->tlscreds) { 3333 vs->auth = VNC_AUTH_VENCRYPT; 3334 if (websocket) { 3335 vs->ws_tls = true; 3336 } 3337 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3338 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3339 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3340 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3341 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3342 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3343 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3344 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3345 } else { 3346 error_setg(errp, 3347 "Unsupported TLS cred type %s", 3348 object_get_typename(OBJECT(vs->tlscreds))); 3349 return -1; 3350 } 3351 } else { 3352 VNC_DEBUG("Initializing VNC server with password auth\n"); 3353 vs->auth = VNC_AUTH_VNC; 3354 vs->subauth = VNC_AUTH_INVALID; 3355 } 3356 if (websocket) { 3357 vs->ws_auth = VNC_AUTH_VNC; 3358 } else { 3359 vs->ws_auth = VNC_AUTH_INVALID; 3360 } 3361 } else if (sasl) { 3362 if (vs->tlscreds) { 3363 vs->auth = VNC_AUTH_VENCRYPT; 3364 if (websocket) { 3365 vs->ws_tls = true; 3366 } 3367 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3368 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3369 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3370 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3371 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3372 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3373 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3374 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3375 } else { 3376 error_setg(errp, 3377 "Unsupported TLS cred type %s", 3378 object_get_typename(OBJECT(vs->tlscreds))); 3379 return -1; 3380 } 3381 } else { 3382 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3383 vs->auth = VNC_AUTH_SASL; 3384 vs->subauth = VNC_AUTH_INVALID; 3385 } 3386 if (websocket) { 3387 vs->ws_auth = VNC_AUTH_SASL; 3388 } else { 3389 vs->ws_auth = VNC_AUTH_INVALID; 3390 } 3391 } else { 3392 if (vs->tlscreds) { 3393 vs->auth = VNC_AUTH_VENCRYPT; 3394 if (websocket) { 3395 vs->ws_tls = true; 3396 } 3397 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3398 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3399 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3400 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3401 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3402 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3403 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3404 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3405 } else { 3406 error_setg(errp, 3407 "Unsupported TLS cred type %s", 3408 object_get_typename(OBJECT(vs->tlscreds))); 3409 return -1; 3410 } 3411 } else { 3412 VNC_DEBUG("Initializing VNC server with no auth\n"); 3413 vs->auth = VNC_AUTH_NONE; 3414 vs->subauth = VNC_AUTH_INVALID; 3415 } 3416 if (websocket) { 3417 vs->ws_auth = VNC_AUTH_NONE; 3418 } else { 3419 vs->ws_auth = VNC_AUTH_INVALID; 3420 } 3421 } 3422 return 0; 3423 } 3424 3425 3426 /* 3427 * Handle back compat with old CLI syntax by creating some 3428 * suitable QCryptoTLSCreds objects 3429 */ 3430 static QCryptoTLSCreds * 3431 vnc_display_create_creds(bool x509, 3432 bool x509verify, 3433 const char *dir, 3434 const char *id, 3435 Error **errp) 3436 { 3437 gchar *credsid = g_strdup_printf("tlsvnc%s", id); 3438 Object *parent = object_get_objects_root(); 3439 Object *creds; 3440 Error *err = NULL; 3441 3442 if (x509) { 3443 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509, 3444 parent, 3445 credsid, 3446 &err, 3447 "endpoint", "server", 3448 "dir", dir, 3449 "verify-peer", x509verify ? "yes" : "no", 3450 NULL); 3451 } else { 3452 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON, 3453 parent, 3454 credsid, 3455 &err, 3456 "endpoint", "server", 3457 NULL); 3458 } 3459 3460 g_free(credsid); 3461 3462 if (err) { 3463 error_propagate(errp, err); 3464 return NULL; 3465 } 3466 3467 return QCRYPTO_TLS_CREDS(creds); 3468 } 3469 3470 3471 void vnc_display_open(const char *id, Error **errp) 3472 { 3473 VncDisplay *vs = vnc_display_find(id); 3474 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3475 SocketAddress *saddr = NULL, *wsaddr = NULL; 3476 const char *share, *device_id; 3477 QemuConsole *con; 3478 bool password = false; 3479 bool reverse = false; 3480 const char *vnc; 3481 char *h; 3482 const char *credid; 3483 bool sasl = false; 3484 #ifdef CONFIG_VNC_SASL 3485 int saslErr; 3486 #endif 3487 int acl = 0; 3488 int lock_key_sync = 1; 3489 3490 if (!vs) { 3491 error_setg(errp, "VNC display not active"); 3492 return; 3493 } 3494 vnc_display_close(vs); 3495 3496 if (!opts) { 3497 return; 3498 } 3499 vnc = qemu_opt_get(opts, "vnc"); 3500 if (!vnc || strcmp(vnc, "none") == 0) { 3501 return; 3502 } 3503 3504 h = strrchr(vnc, ':'); 3505 if (h) { 3506 size_t hlen = h - vnc; 3507 3508 const char *websocket = qemu_opt_get(opts, "websocket"); 3509 int to = qemu_opt_get_number(opts, "to", 0); 3510 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3511 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3512 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3513 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3514 3515 saddr = g_new0(SocketAddress, 1); 3516 if (websocket) { 3517 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { 3518 error_setg(errp, 3519 "SHA1 hash support is required for websockets"); 3520 goto fail; 3521 } 3522 3523 wsaddr = g_new0(SocketAddress, 1); 3524 vs->ws_enabled = true; 3525 } 3526 3527 if (strncmp(vnc, "unix:", 5) == 0) { 3528 saddr->type = SOCKET_ADDRESS_KIND_UNIX; 3529 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1); 3530 saddr->u.q_unix.data->path = g_strdup(vnc + 5); 3531 3532 if (vs->ws_enabled) { 3533 error_setg(errp, "UNIX sockets not supported with websock"); 3534 goto fail; 3535 } 3536 } else { 3537 unsigned long long baseport; 3538 InetSocketAddress *inet; 3539 saddr->type = SOCKET_ADDRESS_KIND_INET; 3540 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1); 3541 if (vnc[0] == '[' && vnc[hlen - 1] == ']') { 3542 inet->host = g_strndup(vnc + 1, hlen - 2); 3543 } else { 3544 inet->host = g_strndup(vnc, hlen); 3545 } 3546 if (parse_uint_full(h + 1, &baseport, 10) < 0) { 3547 error_setg(errp, "can't convert to a number: %s", h + 1); 3548 goto fail; 3549 } 3550 if (baseport > 65535 || 3551 baseport + 5900 > 65535) { 3552 error_setg(errp, "port %s out of range", h + 1); 3553 goto fail; 3554 } 3555 inet->port = g_strdup_printf( 3556 "%d", (int)baseport + 5900); 3557 3558 if (to) { 3559 inet->has_to = true; 3560 inet->to = to + 5900; 3561 } 3562 inet->ipv4 = ipv4; 3563 inet->has_ipv4 = has_ipv4; 3564 inet->ipv6 = ipv6; 3565 inet->has_ipv6 = has_ipv6; 3566 3567 if (vs->ws_enabled) { 3568 wsaddr->type = SOCKET_ADDRESS_KIND_INET; 3569 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1); 3570 inet->host = g_strdup(saddr->u.inet.data->host); 3571 inet->port = g_strdup(websocket); 3572 3573 if (to) { 3574 inet->has_to = true; 3575 inet->to = to; 3576 } 3577 inet->ipv4 = ipv4; 3578 inet->has_ipv4 = has_ipv4; 3579 inet->ipv6 = ipv6; 3580 inet->has_ipv6 = has_ipv6; 3581 } 3582 } 3583 } else { 3584 error_setg(errp, "no vnc port specified"); 3585 goto fail; 3586 } 3587 3588 password = qemu_opt_get_bool(opts, "password", false); 3589 if (password) { 3590 if (fips_get_state()) { 3591 error_setg(errp, 3592 "VNC password auth disabled due to FIPS mode, " 3593 "consider using the VeNCrypt or SASL authentication " 3594 "methods as an alternative"); 3595 goto fail; 3596 } 3597 if (!qcrypto_cipher_supports( 3598 QCRYPTO_CIPHER_ALG_DES_RFB)) { 3599 error_setg(errp, 3600 "Cipher backend does not support DES RFB algorithm"); 3601 goto fail; 3602 } 3603 } 3604 3605 reverse = qemu_opt_get_bool(opts, "reverse", false); 3606 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3607 sasl = qemu_opt_get_bool(opts, "sasl", false); 3608 #ifndef CONFIG_VNC_SASL 3609 if (sasl) { 3610 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3611 goto fail; 3612 } 3613 #endif /* CONFIG_VNC_SASL */ 3614 credid = qemu_opt_get(opts, "tls-creds"); 3615 if (credid) { 3616 Object *creds; 3617 if (qemu_opt_get(opts, "tls") || 3618 qemu_opt_get(opts, "x509") || 3619 qemu_opt_get(opts, "x509verify")) { 3620 error_setg(errp, 3621 "'tls-creds' parameter is mutually exclusive with " 3622 "'tls', 'x509' and 'x509verify' parameters"); 3623 goto fail; 3624 } 3625 3626 creds = object_resolve_path_component( 3627 object_get_objects_root(), credid); 3628 if (!creds) { 3629 error_setg(errp, "No TLS credentials with id '%s'", 3630 credid); 3631 goto fail; 3632 } 3633 vs->tlscreds = (QCryptoTLSCreds *) 3634 object_dynamic_cast(creds, 3635 TYPE_QCRYPTO_TLS_CREDS); 3636 if (!vs->tlscreds) { 3637 error_setg(errp, "Object with id '%s' is not TLS credentials", 3638 credid); 3639 goto fail; 3640 } 3641 object_ref(OBJECT(vs->tlscreds)); 3642 3643 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 3644 error_setg(errp, 3645 "Expecting TLS credentials with a server endpoint"); 3646 goto fail; 3647 } 3648 } else { 3649 const char *path; 3650 bool tls = false, x509 = false, x509verify = false; 3651 tls = qemu_opt_get_bool(opts, "tls", false); 3652 if (tls) { 3653 path = qemu_opt_get(opts, "x509"); 3654 3655 if (path) { 3656 x509 = true; 3657 } else { 3658 path = qemu_opt_get(opts, "x509verify"); 3659 if (path) { 3660 x509 = true; 3661 x509verify = true; 3662 } 3663 } 3664 vs->tlscreds = vnc_display_create_creds(x509, 3665 x509verify, 3666 path, 3667 vs->id, 3668 errp); 3669 if (!vs->tlscreds) { 3670 goto fail; 3671 } 3672 } 3673 } 3674 acl = qemu_opt_get_bool(opts, "acl", false); 3675 3676 share = qemu_opt_get(opts, "share"); 3677 if (share) { 3678 if (strcmp(share, "ignore") == 0) { 3679 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3680 } else if (strcmp(share, "allow-exclusive") == 0) { 3681 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3682 } else if (strcmp(share, "force-shared") == 0) { 3683 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3684 } else { 3685 error_setg(errp, "unknown vnc share= option"); 3686 goto fail; 3687 } 3688 } else { 3689 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3690 } 3691 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3692 3693 #ifdef CONFIG_VNC_JPEG 3694 vs->lossy = qemu_opt_get_bool(opts, "lossy", false); 3695 #endif 3696 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3697 /* adaptive updates are only used with tight encoding and 3698 * if lossy updates are enabled so we can disable all the 3699 * calculations otherwise */ 3700 if (!vs->lossy) { 3701 vs->non_adaptive = true; 3702 } 3703 3704 if (acl) { 3705 if (strcmp(vs->id, "default") == 0) { 3706 vs->tlsaclname = g_strdup("vnc.x509dname"); 3707 } else { 3708 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id); 3709 } 3710 qemu_acl_init(vs->tlsaclname); 3711 } 3712 #ifdef CONFIG_VNC_SASL 3713 if (acl && sasl) { 3714 char *aclname; 3715 3716 if (strcmp(vs->id, "default") == 0) { 3717 aclname = g_strdup("vnc.username"); 3718 } else { 3719 aclname = g_strdup_printf("vnc.%s.username", vs->id); 3720 } 3721 vs->sasl.acl = qemu_acl_init(aclname); 3722 g_free(aclname); 3723 } 3724 #endif 3725 3726 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) { 3727 goto fail; 3728 } 3729 3730 #ifdef CONFIG_VNC_SASL 3731 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3732 error_setg(errp, "Failed to initialize SASL auth: %s", 3733 sasl_errstring(saslErr, NULL, NULL)); 3734 goto fail; 3735 } 3736 #endif 3737 vs->lock_key_sync = lock_key_sync; 3738 3739 device_id = qemu_opt_get(opts, "display"); 3740 if (device_id) { 3741 int head = qemu_opt_get_number(opts, "head", 0); 3742 Error *err = NULL; 3743 3744 con = qemu_console_lookup_by_device_name(device_id, head, &err); 3745 if (err) { 3746 error_propagate(errp, err); 3747 goto fail; 3748 } 3749 } else { 3750 con = NULL; 3751 } 3752 3753 if (con != vs->dcl.con) { 3754 unregister_displaychangelistener(&vs->dcl); 3755 vs->dcl.con = con; 3756 register_displaychangelistener(&vs->dcl); 3757 } 3758 3759 if (reverse) { 3760 /* connect to viewer */ 3761 QIOChannelSocket *sioc = NULL; 3762 vs->lsock = NULL; 3763 vs->lwebsock = NULL; 3764 if (vs->ws_enabled) { 3765 error_setg(errp, "Cannot use websockets in reverse mode"); 3766 goto fail; 3767 } 3768 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3769 sioc = qio_channel_socket_new(); 3770 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) { 3771 goto fail; 3772 } 3773 vnc_connect(vs, sioc, false, false); 3774 object_unref(OBJECT(sioc)); 3775 } else { 3776 vs->lsock = qio_channel_socket_new(); 3777 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) { 3778 goto fail; 3779 } 3780 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3781 vs->enabled = true; 3782 3783 if (vs->ws_enabled) { 3784 vs->lwebsock = qio_channel_socket_new(); 3785 if (qio_channel_socket_listen_sync(vs->lwebsock, 3786 wsaddr, errp) < 0) { 3787 object_unref(OBJECT(vs->lsock)); 3788 vs->lsock = NULL; 3789 goto fail; 3790 } 3791 } 3792 3793 vs->lsock_tag = qio_channel_add_watch( 3794 QIO_CHANNEL(vs->lsock), 3795 G_IO_IN, vnc_listen_io, vs, NULL); 3796 if (vs->ws_enabled) { 3797 vs->lwebsock_tag = qio_channel_add_watch( 3798 QIO_CHANNEL(vs->lwebsock), 3799 G_IO_IN, vnc_listen_io, vs, NULL); 3800 } 3801 } 3802 3803 qapi_free_SocketAddress(saddr); 3804 qapi_free_SocketAddress(wsaddr); 3805 return; 3806 3807 fail: 3808 qapi_free_SocketAddress(saddr); 3809 qapi_free_SocketAddress(wsaddr); 3810 vs->enabled = false; 3811 vs->ws_enabled = false; 3812 } 3813 3814 void vnc_display_add_client(const char *id, int csock, bool skipauth) 3815 { 3816 VncDisplay *vs = vnc_display_find(id); 3817 QIOChannelSocket *sioc; 3818 3819 if (!vs) { 3820 return; 3821 } 3822 3823 sioc = qio_channel_socket_new_fd(csock, NULL); 3824 if (sioc) { 3825 vnc_connect(vs, sioc, skipauth, false); 3826 object_unref(OBJECT(sioc)); 3827 } 3828 } 3829 3830 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 3831 { 3832 int i = 2; 3833 char *id; 3834 3835 id = g_strdup("default"); 3836 while (qemu_opts_find(olist, id)) { 3837 g_free(id); 3838 id = g_strdup_printf("vnc%d", i++); 3839 } 3840 qemu_opts_set_id(opts, id); 3841 } 3842 3843 QemuOpts *vnc_parse(const char *str, Error **errp) 3844 { 3845 QemuOptsList *olist = qemu_find_opts("vnc"); 3846 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 3847 const char *id; 3848 3849 if (!opts) { 3850 return NULL; 3851 } 3852 3853 id = qemu_opts_id(opts); 3854 if (!id) { 3855 /* auto-assign id if not present */ 3856 vnc_auto_assign_id(olist, opts); 3857 } 3858 return opts; 3859 } 3860 3861 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 3862 { 3863 Error *local_err = NULL; 3864 char *id = (char *)qemu_opts_id(opts); 3865 3866 assert(id); 3867 vnc_display_init(id); 3868 vnc_display_open(id, &local_err); 3869 if (local_err != NULL) { 3870 error_reportf_err(local_err, "Failed to start VNC server: "); 3871 exit(1); 3872 } 3873 return 0; 3874 } 3875 3876 static void vnc_register_config(void) 3877 { 3878 qemu_add_opts(&qemu_vnc_opts); 3879 } 3880 opts_init(vnc_register_config); 3881