1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev.h" 32 #include "sysemu/sysemu.h" 33 #include "qemu/error-report.h" 34 #include "qemu/sockets.h" 35 #include "qemu/timer.h" 36 #include "qemu/acl.h" 37 #include "qemu/config-file.h" 38 #include "qapi/qmp/qerror.h" 39 #include "qapi/qmp/types.h" 40 #include "qmp-commands.h" 41 #include "ui/input.h" 42 #include "qapi-event.h" 43 #include "crypto/hash.h" 44 #include "crypto/tlscredsanon.h" 45 #include "crypto/tlscredsx509.h" 46 #include "qom/object_interfaces.h" 47 48 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 49 #define VNC_REFRESH_INTERVAL_INC 50 50 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 51 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 52 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 53 54 #include "vnc_keysym.h" 55 #include "crypto/cipher.h" 56 57 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 58 QTAILQ_HEAD_INITIALIZER(vnc_displays); 59 60 static int vnc_cursor_define(VncState *vs); 61 static void vnc_release_modifiers(VncState *vs); 62 63 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 64 { 65 #ifdef _VNC_DEBUG 66 static const char *mn[] = { 67 [0] = "undefined", 68 [VNC_SHARE_MODE_CONNECTING] = "connecting", 69 [VNC_SHARE_MODE_SHARED] = "shared", 70 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 71 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 72 }; 73 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 74 vs->ioc, mn[vs->share_mode], mn[mode]); 75 #endif 76 77 switch (vs->share_mode) { 78 case VNC_SHARE_MODE_CONNECTING: 79 vs->vd->num_connecting--; 80 break; 81 case VNC_SHARE_MODE_SHARED: 82 vs->vd->num_shared--; 83 break; 84 case VNC_SHARE_MODE_EXCLUSIVE: 85 vs->vd->num_exclusive--; 86 break; 87 default: 88 break; 89 } 90 91 vs->share_mode = mode; 92 93 switch (vs->share_mode) { 94 case VNC_SHARE_MODE_CONNECTING: 95 vs->vd->num_connecting++; 96 break; 97 case VNC_SHARE_MODE_SHARED: 98 vs->vd->num_shared++; 99 break; 100 case VNC_SHARE_MODE_EXCLUSIVE: 101 vs->vd->num_exclusive++; 102 break; 103 default: 104 break; 105 } 106 } 107 108 109 static void vnc_init_basic_info(SocketAddress *addr, 110 VncBasicInfo *info, 111 Error **errp) 112 { 113 switch (addr->type) { 114 case SOCKET_ADDRESS_KIND_INET: 115 info->host = g_strdup(addr->u.inet->host); 116 info->service = g_strdup(addr->u.inet->port); 117 if (addr->u.inet->ipv6) { 118 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 119 } else { 120 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 121 } 122 break; 123 124 case SOCKET_ADDRESS_KIND_UNIX: 125 info->host = g_strdup(""); 126 info->service = g_strdup(addr->u.q_unix->path); 127 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 128 break; 129 130 default: 131 error_setg(errp, "Unsupported socket kind %d", 132 addr->type); 133 break; 134 } 135 136 return; 137 } 138 139 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 140 VncBasicInfo *info, 141 Error **errp) 142 { 143 SocketAddress *addr = NULL; 144 145 addr = qio_channel_socket_get_local_address(ioc, errp); 146 if (!addr) { 147 return; 148 } 149 150 vnc_init_basic_info(addr, info, errp); 151 qapi_free_SocketAddress(addr); 152 } 153 154 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 155 VncBasicInfo *info, 156 Error **errp) 157 { 158 SocketAddress *addr = NULL; 159 160 addr = qio_channel_socket_get_remote_address(ioc, errp); 161 if (!addr) { 162 return; 163 } 164 165 vnc_init_basic_info(addr, info, errp); 166 qapi_free_SocketAddress(addr); 167 } 168 169 static const char *vnc_auth_name(VncDisplay *vd) { 170 switch (vd->auth) { 171 case VNC_AUTH_INVALID: 172 return "invalid"; 173 case VNC_AUTH_NONE: 174 return "none"; 175 case VNC_AUTH_VNC: 176 return "vnc"; 177 case VNC_AUTH_RA2: 178 return "ra2"; 179 case VNC_AUTH_RA2NE: 180 return "ra2ne"; 181 case VNC_AUTH_TIGHT: 182 return "tight"; 183 case VNC_AUTH_ULTRA: 184 return "ultra"; 185 case VNC_AUTH_TLS: 186 return "tls"; 187 case VNC_AUTH_VENCRYPT: 188 switch (vd->subauth) { 189 case VNC_AUTH_VENCRYPT_PLAIN: 190 return "vencrypt+plain"; 191 case VNC_AUTH_VENCRYPT_TLSNONE: 192 return "vencrypt+tls+none"; 193 case VNC_AUTH_VENCRYPT_TLSVNC: 194 return "vencrypt+tls+vnc"; 195 case VNC_AUTH_VENCRYPT_TLSPLAIN: 196 return "vencrypt+tls+plain"; 197 case VNC_AUTH_VENCRYPT_X509NONE: 198 return "vencrypt+x509+none"; 199 case VNC_AUTH_VENCRYPT_X509VNC: 200 return "vencrypt+x509+vnc"; 201 case VNC_AUTH_VENCRYPT_X509PLAIN: 202 return "vencrypt+x509+plain"; 203 case VNC_AUTH_VENCRYPT_TLSSASL: 204 return "vencrypt+tls+sasl"; 205 case VNC_AUTH_VENCRYPT_X509SASL: 206 return "vencrypt+x509+sasl"; 207 default: 208 return "vencrypt"; 209 } 210 case VNC_AUTH_SASL: 211 return "sasl"; 212 } 213 return "unknown"; 214 } 215 216 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 217 { 218 VncServerInfo *info; 219 Error *err = NULL; 220 221 info = g_malloc(sizeof(*info)); 222 vnc_init_basic_info_from_server_addr(vd->lsock, 223 qapi_VncServerInfo_base(info), &err); 224 info->has_auth = true; 225 info->auth = g_strdup(vnc_auth_name(vd)); 226 if (err) { 227 qapi_free_VncServerInfo(info); 228 info = NULL; 229 error_free(err); 230 } 231 return info; 232 } 233 234 static void vnc_client_cache_auth(VncState *client) 235 { 236 if (!client->info) { 237 return; 238 } 239 240 if (client->tls) { 241 client->info->x509_dname = 242 qcrypto_tls_session_get_peer_name(client->tls); 243 client->info->has_x509_dname = 244 client->info->x509_dname != NULL; 245 } 246 #ifdef CONFIG_VNC_SASL 247 if (client->sasl.conn && 248 client->sasl.username) { 249 client->info->has_sasl_username = true; 250 client->info->sasl_username = g_strdup(client->sasl.username); 251 } 252 #endif 253 } 254 255 static void vnc_client_cache_addr(VncState *client) 256 { 257 Error *err = NULL; 258 259 client->info = g_malloc0(sizeof(*client->info)); 260 vnc_init_basic_info_from_remote_addr(client->sioc, 261 qapi_VncClientInfo_base(client->info), 262 &err); 263 if (err) { 264 qapi_free_VncClientInfo(client->info); 265 client->info = NULL; 266 error_free(err); 267 } 268 } 269 270 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 271 { 272 VncServerInfo *si; 273 274 if (!vs->info) { 275 return; 276 } 277 278 si = vnc_server_info_get(vs->vd); 279 if (!si) { 280 return; 281 } 282 283 switch (event) { 284 case QAPI_EVENT_VNC_CONNECTED: 285 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info), 286 &error_abort); 287 break; 288 case QAPI_EVENT_VNC_INITIALIZED: 289 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 290 break; 291 case QAPI_EVENT_VNC_DISCONNECTED: 292 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 293 break; 294 default: 295 break; 296 } 297 298 qapi_free_VncServerInfo(si); 299 } 300 301 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 302 { 303 VncClientInfo *info; 304 Error *err = NULL; 305 306 info = g_malloc0(sizeof(*info)); 307 308 vnc_init_basic_info_from_remote_addr(client->sioc, 309 qapi_VncClientInfo_base(info), 310 &err); 311 if (err) { 312 error_free(err); 313 qapi_free_VncClientInfo(info); 314 return NULL; 315 } 316 317 info->websocket = client->websocket; 318 319 if (client->tls) { 320 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 321 info->has_x509_dname = info->x509_dname != NULL; 322 } 323 #ifdef CONFIG_VNC_SASL 324 if (client->sasl.conn && client->sasl.username) { 325 info->has_sasl_username = true; 326 info->sasl_username = g_strdup(client->sasl.username); 327 } 328 #endif 329 330 return info; 331 } 332 333 static VncDisplay *vnc_display_find(const char *id) 334 { 335 VncDisplay *vd; 336 337 if (id == NULL) { 338 return QTAILQ_FIRST(&vnc_displays); 339 } 340 QTAILQ_FOREACH(vd, &vnc_displays, next) { 341 if (strcmp(id, vd->id) == 0) { 342 return vd; 343 } 344 } 345 return NULL; 346 } 347 348 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 349 { 350 VncClientInfoList *cinfo, *prev = NULL; 351 VncState *client; 352 353 QTAILQ_FOREACH(client, &vd->clients, next) { 354 cinfo = g_new0(VncClientInfoList, 1); 355 cinfo->value = qmp_query_vnc_client(client); 356 cinfo->next = prev; 357 prev = cinfo; 358 } 359 return prev; 360 } 361 362 VncInfo *qmp_query_vnc(Error **errp) 363 { 364 VncInfo *info = g_malloc0(sizeof(*info)); 365 VncDisplay *vd = vnc_display_find(NULL); 366 SocketAddress *addr = NULL; 367 368 if (vd == NULL || !vd->enabled) { 369 info->enabled = false; 370 } else { 371 info->enabled = true; 372 373 /* for compatibility with the original command */ 374 info->has_clients = true; 375 info->clients = qmp_query_client_list(vd); 376 377 if (vd->lsock == NULL) { 378 return info; 379 } 380 381 addr = qio_channel_socket_get_local_address(vd->lsock, errp); 382 if (!addr) { 383 goto out_error; 384 } 385 386 switch (addr->type) { 387 case SOCKET_ADDRESS_KIND_INET: 388 info->host = g_strdup(addr->u.inet->host); 389 info->service = g_strdup(addr->u.inet->port); 390 if (addr->u.inet->ipv6) { 391 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 392 } else { 393 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 394 } 395 break; 396 397 case SOCKET_ADDRESS_KIND_UNIX: 398 info->host = g_strdup(""); 399 info->service = g_strdup(addr->u.q_unix->path); 400 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 401 break; 402 403 default: 404 error_setg(errp, "Unsupported socket kind %d", 405 addr->type); 406 goto out_error; 407 } 408 409 info->has_host = true; 410 info->has_service = true; 411 info->has_family = true; 412 413 info->has_auth = true; 414 info->auth = g_strdup(vnc_auth_name(vd)); 415 } 416 417 qapi_free_SocketAddress(addr); 418 return info; 419 420 out_error: 421 qapi_free_SocketAddress(addr); 422 qapi_free_VncInfo(info); 423 return NULL; 424 } 425 426 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc, 427 bool websocket, 428 VncBasicInfoList *prev) 429 { 430 VncBasicInfoList *list; 431 VncBasicInfo *info; 432 Error *err = NULL; 433 SocketAddress *addr; 434 435 addr = qio_channel_socket_get_local_address(ioc, &err); 436 if (!addr) { 437 error_free(err); 438 return prev; 439 } 440 441 info = g_new0(VncBasicInfo, 1); 442 vnc_init_basic_info(addr, info, &err); 443 qapi_free_SocketAddress(addr); 444 if (err) { 445 qapi_free_VncBasicInfo(info); 446 error_free(err); 447 return prev; 448 } 449 info->websocket = websocket; 450 451 list = g_new0(VncBasicInfoList, 1); 452 list->value = info; 453 list->next = prev; 454 return list; 455 } 456 457 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info) 458 { 459 switch (vd->auth) { 460 case VNC_AUTH_VNC: 461 info->auth = VNC_PRIMARY_AUTH_VNC; 462 break; 463 case VNC_AUTH_RA2: 464 info->auth = VNC_PRIMARY_AUTH_RA2; 465 break; 466 case VNC_AUTH_RA2NE: 467 info->auth = VNC_PRIMARY_AUTH_RA2NE; 468 break; 469 case VNC_AUTH_TIGHT: 470 info->auth = VNC_PRIMARY_AUTH_TIGHT; 471 break; 472 case VNC_AUTH_ULTRA: 473 info->auth = VNC_PRIMARY_AUTH_ULTRA; 474 break; 475 case VNC_AUTH_TLS: 476 info->auth = VNC_PRIMARY_AUTH_TLS; 477 break; 478 case VNC_AUTH_VENCRYPT: 479 info->auth = VNC_PRIMARY_AUTH_VENCRYPT; 480 info->has_vencrypt = true; 481 switch (vd->subauth) { 482 case VNC_AUTH_VENCRYPT_PLAIN: 483 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 484 break; 485 case VNC_AUTH_VENCRYPT_TLSNONE: 486 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 487 break; 488 case VNC_AUTH_VENCRYPT_TLSVNC: 489 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 490 break; 491 case VNC_AUTH_VENCRYPT_TLSPLAIN: 492 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 493 break; 494 case VNC_AUTH_VENCRYPT_X509NONE: 495 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 496 break; 497 case VNC_AUTH_VENCRYPT_X509VNC: 498 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 499 break; 500 case VNC_AUTH_VENCRYPT_X509PLAIN: 501 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 502 break; 503 case VNC_AUTH_VENCRYPT_TLSSASL: 504 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 505 break; 506 case VNC_AUTH_VENCRYPT_X509SASL: 507 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 508 break; 509 default: 510 info->has_vencrypt = false; 511 break; 512 } 513 break; 514 case VNC_AUTH_SASL: 515 info->auth = VNC_PRIMARY_AUTH_SASL; 516 break; 517 case VNC_AUTH_NONE: 518 default: 519 info->auth = VNC_PRIMARY_AUTH_NONE; 520 break; 521 } 522 } 523 524 VncInfo2List *qmp_query_vnc_servers(Error **errp) 525 { 526 VncInfo2List *item, *prev = NULL; 527 VncInfo2 *info; 528 VncDisplay *vd; 529 DeviceState *dev; 530 531 QTAILQ_FOREACH(vd, &vnc_displays, next) { 532 info = g_new0(VncInfo2, 1); 533 info->id = g_strdup(vd->id); 534 info->clients = qmp_query_client_list(vd); 535 qmp_query_auth(vd, info); 536 if (vd->dcl.con) { 537 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 538 "device", NULL)); 539 info->has_display = true; 540 info->display = g_strdup(dev->id); 541 } 542 if (vd->lsock != NULL) { 543 info->server = qmp_query_server_entry( 544 vd->lsock, false, info->server); 545 } 546 if (vd->lwebsock != NULL) { 547 info->server = qmp_query_server_entry( 548 vd->lwebsock, true, info->server); 549 } 550 551 item = g_new0(VncInfo2List, 1); 552 item->value = info; 553 item->next = prev; 554 prev = item; 555 } 556 return prev; 557 } 558 559 /* TODO 560 1) Get the queue working for IO. 561 2) there is some weirdness when using the -S option (the screen is grey 562 and not totally invalidated 563 3) resolutions > 1024 564 */ 565 566 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 567 static void vnc_disconnect_start(VncState *vs); 568 569 static void vnc_colordepth(VncState *vs); 570 static void framebuffer_update_request(VncState *vs, int incremental, 571 int x_position, int y_position, 572 int w, int h); 573 static void vnc_refresh(DisplayChangeListener *dcl); 574 static int vnc_refresh_server_surface(VncDisplay *vd); 575 576 static int vnc_width(VncDisplay *vd) 577 { 578 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 579 VNC_DIRTY_PIXELS_PER_BIT)); 580 } 581 582 static int vnc_height(VncDisplay *vd) 583 { 584 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 585 } 586 587 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 588 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 589 VncDisplay *vd, 590 int x, int y, int w, int h) 591 { 592 int width = vnc_width(vd); 593 int height = vnc_height(vd); 594 595 /* this is needed this to ensure we updated all affected 596 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 597 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 598 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 599 600 x = MIN(x, width); 601 y = MIN(y, height); 602 w = MIN(x + w, width) - x; 603 h = MIN(y + h, height); 604 605 for (; y < h; y++) { 606 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 607 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 608 } 609 } 610 611 static void vnc_dpy_update(DisplayChangeListener *dcl, 612 int x, int y, int w, int h) 613 { 614 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 615 struct VncSurface *s = &vd->guest; 616 617 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 618 } 619 620 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 621 int32_t encoding) 622 { 623 vnc_write_u16(vs, x); 624 vnc_write_u16(vs, y); 625 vnc_write_u16(vs, w); 626 vnc_write_u16(vs, h); 627 628 vnc_write_s32(vs, encoding); 629 } 630 631 632 static void vnc_desktop_resize(VncState *vs) 633 { 634 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 635 return; 636 } 637 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 638 vs->client_height == pixman_image_get_height(vs->vd->server)) { 639 return; 640 } 641 vs->client_width = pixman_image_get_width(vs->vd->server); 642 vs->client_height = pixman_image_get_height(vs->vd->server); 643 vnc_lock_output(vs); 644 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 645 vnc_write_u8(vs, 0); 646 vnc_write_u16(vs, 1); /* number of rects */ 647 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 648 VNC_ENCODING_DESKTOPRESIZE); 649 vnc_unlock_output(vs); 650 vnc_flush(vs); 651 } 652 653 static void vnc_abort_display_jobs(VncDisplay *vd) 654 { 655 VncState *vs; 656 657 QTAILQ_FOREACH(vs, &vd->clients, next) { 658 vnc_lock_output(vs); 659 vs->abort = true; 660 vnc_unlock_output(vs); 661 } 662 QTAILQ_FOREACH(vs, &vd->clients, next) { 663 vnc_jobs_join(vs); 664 } 665 QTAILQ_FOREACH(vs, &vd->clients, next) { 666 vnc_lock_output(vs); 667 vs->abort = false; 668 vnc_unlock_output(vs); 669 } 670 } 671 672 int vnc_server_fb_stride(VncDisplay *vd) 673 { 674 return pixman_image_get_stride(vd->server); 675 } 676 677 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 678 { 679 uint8_t *ptr; 680 681 ptr = (uint8_t *)pixman_image_get_data(vd->server); 682 ptr += y * vnc_server_fb_stride(vd); 683 ptr += x * VNC_SERVER_FB_BYTES; 684 return ptr; 685 } 686 687 static void vnc_update_server_surface(VncDisplay *vd) 688 { 689 qemu_pixman_image_unref(vd->server); 690 vd->server = NULL; 691 692 if (QTAILQ_EMPTY(&vd->clients)) { 693 return; 694 } 695 696 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 697 vnc_width(vd), 698 vnc_height(vd), 699 NULL, 0); 700 } 701 702 static void vnc_dpy_switch(DisplayChangeListener *dcl, 703 DisplaySurface *surface) 704 { 705 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 706 VncState *vs; 707 int width, height; 708 709 vnc_abort_display_jobs(vd); 710 vd->ds = surface; 711 712 /* server surface */ 713 vnc_update_server_surface(vd); 714 715 /* guest surface */ 716 qemu_pixman_image_unref(vd->guest.fb); 717 vd->guest.fb = pixman_image_ref(surface->image); 718 vd->guest.format = surface->format; 719 width = vnc_width(vd); 720 height = vnc_height(vd); 721 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 722 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 723 width, height); 724 725 QTAILQ_FOREACH(vs, &vd->clients, next) { 726 vnc_colordepth(vs); 727 vnc_desktop_resize(vs); 728 if (vs->vd->cursor) { 729 vnc_cursor_define(vs); 730 } 731 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 732 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 733 width, height); 734 } 735 } 736 737 /* fastest code */ 738 static void vnc_write_pixels_copy(VncState *vs, 739 void *pixels, int size) 740 { 741 vnc_write(vs, pixels, size); 742 } 743 744 /* slowest but generic code. */ 745 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 746 { 747 uint8_t r, g, b; 748 749 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 750 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 751 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 752 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 753 #else 754 # error need some bits here if you change VNC_SERVER_FB_FORMAT 755 #endif 756 v = (r << vs->client_pf.rshift) | 757 (g << vs->client_pf.gshift) | 758 (b << vs->client_pf.bshift); 759 switch (vs->client_pf.bytes_per_pixel) { 760 case 1: 761 buf[0] = v; 762 break; 763 case 2: 764 if (vs->client_be) { 765 buf[0] = v >> 8; 766 buf[1] = v; 767 } else { 768 buf[1] = v >> 8; 769 buf[0] = v; 770 } 771 break; 772 default: 773 case 4: 774 if (vs->client_be) { 775 buf[0] = v >> 24; 776 buf[1] = v >> 16; 777 buf[2] = v >> 8; 778 buf[3] = v; 779 } else { 780 buf[3] = v >> 24; 781 buf[2] = v >> 16; 782 buf[1] = v >> 8; 783 buf[0] = v; 784 } 785 break; 786 } 787 } 788 789 static void vnc_write_pixels_generic(VncState *vs, 790 void *pixels1, int size) 791 { 792 uint8_t buf[4]; 793 794 if (VNC_SERVER_FB_BYTES == 4) { 795 uint32_t *pixels = pixels1; 796 int n, i; 797 n = size >> 2; 798 for (i = 0; i < n; i++) { 799 vnc_convert_pixel(vs, buf, pixels[i]); 800 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 801 } 802 } 803 } 804 805 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 806 { 807 int i; 808 uint8_t *row; 809 VncDisplay *vd = vs->vd; 810 811 row = vnc_server_fb_ptr(vd, x, y); 812 for (i = 0; i < h; i++) { 813 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 814 row += vnc_server_fb_stride(vd); 815 } 816 return 1; 817 } 818 819 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 820 { 821 int n = 0; 822 bool encode_raw = false; 823 size_t saved_offs = vs->output.offset; 824 825 switch(vs->vnc_encoding) { 826 case VNC_ENCODING_ZLIB: 827 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 828 break; 829 case VNC_ENCODING_HEXTILE: 830 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 831 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 832 break; 833 case VNC_ENCODING_TIGHT: 834 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 835 break; 836 case VNC_ENCODING_TIGHT_PNG: 837 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 838 break; 839 case VNC_ENCODING_ZRLE: 840 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 841 break; 842 case VNC_ENCODING_ZYWRLE: 843 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 844 break; 845 default: 846 encode_raw = true; 847 break; 848 } 849 850 /* If the client has the same pixel format as our internal buffer and 851 * a RAW encoding would need less space fall back to RAW encoding to 852 * save bandwidth and processing power in the client. */ 853 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && 854 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { 855 vs->output.offset = saved_offs; 856 encode_raw = true; 857 } 858 859 if (encode_raw) { 860 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 861 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 862 } 863 864 return n; 865 } 866 867 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 868 { 869 /* send bitblit op to the vnc client */ 870 vnc_lock_output(vs); 871 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 872 vnc_write_u8(vs, 0); 873 vnc_write_u16(vs, 1); /* number of rects */ 874 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 875 vnc_write_u16(vs, src_x); 876 vnc_write_u16(vs, src_y); 877 vnc_unlock_output(vs); 878 vnc_flush(vs); 879 } 880 881 static void vnc_dpy_copy(DisplayChangeListener *dcl, 882 int src_x, int src_y, 883 int dst_x, int dst_y, int w, int h) 884 { 885 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 886 VncState *vs, *vn; 887 uint8_t *src_row; 888 uint8_t *dst_row; 889 int i, x, y, pitch, inc, w_lim, s; 890 int cmp_bytes; 891 892 if (!vd->server) { 893 /* no client connected */ 894 return; 895 } 896 897 vnc_refresh_server_surface(vd); 898 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 899 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 900 vs->force_update = 1; 901 vnc_update_client(vs, 1, true); 902 /* vs might be free()ed here */ 903 } 904 } 905 906 /* do bitblit op on the local surface too */ 907 pitch = vnc_server_fb_stride(vd); 908 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 909 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 910 y = dst_y; 911 inc = 1; 912 if (dst_y > src_y) { 913 /* copy backwards */ 914 src_row += pitch * (h-1); 915 dst_row += pitch * (h-1); 916 pitch = -pitch; 917 y = dst_y + h - 1; 918 inc = -1; 919 } 920 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 921 if (w_lim < 0) { 922 w_lim = w; 923 } else { 924 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 925 } 926 for (i = 0; i < h; i++) { 927 for (x = 0; x <= w_lim; 928 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 929 if (x == w_lim) { 930 if ((s = w - w_lim) == 0) 931 break; 932 } else if (!x) { 933 s = (VNC_DIRTY_PIXELS_PER_BIT - 934 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 935 s = MIN(s, w_lim); 936 } else { 937 s = VNC_DIRTY_PIXELS_PER_BIT; 938 } 939 cmp_bytes = s * VNC_SERVER_FB_BYTES; 940 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 941 continue; 942 memmove(dst_row, src_row, cmp_bytes); 943 QTAILQ_FOREACH(vs, &vd->clients, next) { 944 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 945 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 946 vs->dirty[y]); 947 } 948 } 949 } 950 src_row += pitch - w * VNC_SERVER_FB_BYTES; 951 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 952 y += inc; 953 } 954 955 QTAILQ_FOREACH(vs, &vd->clients, next) { 956 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 957 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 958 } 959 } 960 } 961 962 static void vnc_mouse_set(DisplayChangeListener *dcl, 963 int x, int y, int visible) 964 { 965 /* can we ask the client(s) to move the pointer ??? */ 966 } 967 968 static int vnc_cursor_define(VncState *vs) 969 { 970 QEMUCursor *c = vs->vd->cursor; 971 int isize; 972 973 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 974 vnc_lock_output(vs); 975 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 976 vnc_write_u8(vs, 0); /* padding */ 977 vnc_write_u16(vs, 1); /* # of rects */ 978 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 979 VNC_ENCODING_RICH_CURSOR); 980 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 981 vnc_write_pixels_generic(vs, c->data, isize); 982 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 983 vnc_unlock_output(vs); 984 return 0; 985 } 986 return -1; 987 } 988 989 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 990 QEMUCursor *c) 991 { 992 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 993 VncState *vs; 994 995 cursor_put(vd->cursor); 996 g_free(vd->cursor_mask); 997 998 vd->cursor = c; 999 cursor_get(vd->cursor); 1000 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1001 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1002 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1003 1004 QTAILQ_FOREACH(vs, &vd->clients, next) { 1005 vnc_cursor_define(vs); 1006 } 1007 } 1008 1009 static int find_and_clear_dirty_height(VncState *vs, 1010 int y, int last_x, int x, int height) 1011 { 1012 int h; 1013 1014 for (h = 1; h < (height - y); h++) { 1015 if (!test_bit(last_x, vs->dirty[y + h])) { 1016 break; 1017 } 1018 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1019 } 1020 1021 return h; 1022 } 1023 1024 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 1025 { 1026 vs->has_dirty += has_dirty; 1027 if (vs->need_update && vs->ioc != NULL) { 1028 VncDisplay *vd = vs->vd; 1029 VncJob *job; 1030 int y; 1031 int height, width; 1032 int n = 0; 1033 1034 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 1035 /* kernel send buffers are full -> drop frames to throttle */ 1036 return 0; 1037 1038 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 1039 return 0; 1040 1041 /* 1042 * Send screen updates to the vnc client using the server 1043 * surface and server dirty map. guest surface updates 1044 * happening in parallel don't disturb us, the next pass will 1045 * send them to the client. 1046 */ 1047 job = vnc_job_new(vs); 1048 1049 height = pixman_image_get_height(vd->server); 1050 width = pixman_image_get_width(vd->server); 1051 1052 y = 0; 1053 for (;;) { 1054 int x, h; 1055 unsigned long x2; 1056 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1057 height * VNC_DIRTY_BPL(vs), 1058 y * VNC_DIRTY_BPL(vs)); 1059 if (offset == height * VNC_DIRTY_BPL(vs)) { 1060 /* no more dirty bits */ 1061 break; 1062 } 1063 y = offset / VNC_DIRTY_BPL(vs); 1064 x = offset % VNC_DIRTY_BPL(vs); 1065 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1066 VNC_DIRTY_BPL(vs), x); 1067 bitmap_clear(vs->dirty[y], x, x2 - x); 1068 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1069 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1070 if (x2 > x) { 1071 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1072 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1073 } 1074 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1075 y += h; 1076 if (y == height) { 1077 break; 1078 } 1079 } 1080 } 1081 1082 vnc_job_push(job); 1083 if (sync) { 1084 vnc_jobs_join(vs); 1085 } 1086 vs->force_update = 0; 1087 vs->has_dirty = 0; 1088 return n; 1089 } 1090 1091 if (vs->disconnecting) { 1092 vnc_disconnect_finish(vs); 1093 } else if (sync) { 1094 vnc_jobs_join(vs); 1095 } 1096 1097 return 0; 1098 } 1099 1100 /* audio */ 1101 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1102 { 1103 VncState *vs = opaque; 1104 1105 switch (cmd) { 1106 case AUD_CNOTIFY_DISABLE: 1107 vnc_lock_output(vs); 1108 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1110 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1111 vnc_unlock_output(vs); 1112 vnc_flush(vs); 1113 break; 1114 1115 case AUD_CNOTIFY_ENABLE: 1116 vnc_lock_output(vs); 1117 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1119 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1120 vnc_unlock_output(vs); 1121 vnc_flush(vs); 1122 break; 1123 } 1124 } 1125 1126 static void audio_capture_destroy(void *opaque) 1127 { 1128 } 1129 1130 static void audio_capture(void *opaque, void *buf, int size) 1131 { 1132 VncState *vs = opaque; 1133 1134 vnc_lock_output(vs); 1135 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1137 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1138 vnc_write_u32(vs, size); 1139 vnc_write(vs, buf, size); 1140 vnc_unlock_output(vs); 1141 vnc_flush(vs); 1142 } 1143 1144 static void audio_add(VncState *vs) 1145 { 1146 struct audio_capture_ops ops; 1147 1148 if (vs->audio_cap) { 1149 error_report("audio already running"); 1150 return; 1151 } 1152 1153 ops.notify = audio_capture_notify; 1154 ops.destroy = audio_capture_destroy; 1155 ops.capture = audio_capture; 1156 1157 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1158 if (!vs->audio_cap) { 1159 error_report("Failed to add audio capture"); 1160 } 1161 } 1162 1163 static void audio_del(VncState *vs) 1164 { 1165 if (vs->audio_cap) { 1166 AUD_del_capture(vs->audio_cap, vs); 1167 vs->audio_cap = NULL; 1168 } 1169 } 1170 1171 static void vnc_disconnect_start(VncState *vs) 1172 { 1173 if (vs->disconnecting) { 1174 return; 1175 } 1176 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1177 if (vs->ioc_tag) { 1178 g_source_remove(vs->ioc_tag); 1179 } 1180 qio_channel_close(vs->ioc, NULL); 1181 vs->disconnecting = TRUE; 1182 } 1183 1184 void vnc_disconnect_finish(VncState *vs) 1185 { 1186 int i; 1187 1188 vnc_jobs_join(vs); /* Wait encoding jobs */ 1189 1190 vnc_lock_output(vs); 1191 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1192 1193 buffer_free(&vs->input); 1194 buffer_free(&vs->output); 1195 1196 qapi_free_VncClientInfo(vs->info); 1197 1198 vnc_zlib_clear(vs); 1199 vnc_tight_clear(vs); 1200 vnc_zrle_clear(vs); 1201 1202 #ifdef CONFIG_VNC_SASL 1203 vnc_sasl_client_cleanup(vs); 1204 #endif /* CONFIG_VNC_SASL */ 1205 audio_del(vs); 1206 vnc_release_modifiers(vs); 1207 1208 if (vs->initialized) { 1209 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1210 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1211 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1212 /* last client gone */ 1213 vnc_update_server_surface(vs->vd); 1214 } 1215 } 1216 1217 if (vs->vd->lock_key_sync) 1218 qemu_remove_led_event_handler(vs->led); 1219 vnc_unlock_output(vs); 1220 1221 qemu_mutex_destroy(&vs->output_mutex); 1222 if (vs->bh != NULL) { 1223 qemu_bh_delete(vs->bh); 1224 } 1225 buffer_free(&vs->jobs_buffer); 1226 1227 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1228 g_free(vs->lossy_rect[i]); 1229 } 1230 g_free(vs->lossy_rect); 1231 1232 object_unref(OBJECT(vs->ioc)); 1233 vs->ioc = NULL; 1234 object_unref(OBJECT(vs->sioc)); 1235 vs->sioc = NULL; 1236 g_free(vs); 1237 } 1238 1239 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) 1240 { 1241 if (ret <= 0) { 1242 if (ret == 0) { 1243 VNC_DEBUG("Closing down client sock: EOF\n"); 1244 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1245 VNC_DEBUG("Closing down client sock: ret %d (%s)\n", 1246 ret, errp ? error_get_pretty(*errp) : "Unknown"); 1247 } 1248 1249 vnc_disconnect_start(vs); 1250 if (errp) { 1251 error_free(*errp); 1252 *errp = NULL; 1253 } 1254 return 0; 1255 } 1256 return ret; 1257 } 1258 1259 1260 void vnc_client_error(VncState *vs) 1261 { 1262 VNC_DEBUG("Closing down client sock: protocol error\n"); 1263 vnc_disconnect_start(vs); 1264 } 1265 1266 1267 /* 1268 * Called to write a chunk of data to the client socket. The data may 1269 * be the raw data, or may have already been encoded by SASL. 1270 * The data will be written either straight onto the socket, or 1271 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1272 * 1273 * NB, it is theoretically possible to have 2 layers of encryption, 1274 * both SASL, and this TLS layer. It is highly unlikely in practice 1275 * though, since SASL encryption will typically be a no-op if TLS 1276 * is active 1277 * 1278 * Returns the number of bytes written, which may be less than 1279 * the requested 'datalen' if the socket would block. Returns 1280 * -1 on error, and disconnects the client socket. 1281 */ 1282 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1283 { 1284 Error *err = NULL; 1285 ssize_t ret; 1286 ret = qio_channel_write( 1287 vs->ioc, (const char *)data, datalen, &err); 1288 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1289 return vnc_client_io_error(vs, ret, &err); 1290 } 1291 1292 1293 /* 1294 * Called to write buffered data to the client socket, when not 1295 * using any SASL SSF encryption layers. Will write as much data 1296 * as possible without blocking. If all buffered data is written, 1297 * will switch the FD poll() handler back to read monitoring. 1298 * 1299 * Returns the number of bytes written, which may be less than 1300 * the buffered output data if the socket would block. Returns 1301 * -1 on error, and disconnects the client socket. 1302 */ 1303 static ssize_t vnc_client_write_plain(VncState *vs) 1304 { 1305 ssize_t ret; 1306 1307 #ifdef CONFIG_VNC_SASL 1308 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1309 vs->output.buffer, vs->output.capacity, vs->output.offset, 1310 vs->sasl.waitWriteSSF); 1311 1312 if (vs->sasl.conn && 1313 vs->sasl.runSSF && 1314 vs->sasl.waitWriteSSF) { 1315 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1316 if (ret) 1317 vs->sasl.waitWriteSSF -= ret; 1318 } else 1319 #endif /* CONFIG_VNC_SASL */ 1320 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1321 if (!ret) 1322 return 0; 1323 1324 buffer_advance(&vs->output, ret); 1325 1326 if (vs->output.offset == 0) { 1327 if (vs->ioc_tag) { 1328 g_source_remove(vs->ioc_tag); 1329 } 1330 vs->ioc_tag = qio_channel_add_watch( 1331 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1332 } 1333 1334 return ret; 1335 } 1336 1337 1338 /* 1339 * First function called whenever there is data to be written to 1340 * the client socket. Will delegate actual work according to whether 1341 * SASL SSF layers are enabled (thus requiring encryption calls) 1342 */ 1343 static void vnc_client_write_locked(VncState *vs) 1344 { 1345 #ifdef CONFIG_VNC_SASL 1346 if (vs->sasl.conn && 1347 vs->sasl.runSSF && 1348 !vs->sasl.waitWriteSSF) { 1349 vnc_client_write_sasl(vs); 1350 } else 1351 #endif /* CONFIG_VNC_SASL */ 1352 { 1353 vnc_client_write_plain(vs); 1354 } 1355 } 1356 1357 static void vnc_client_write(VncState *vs) 1358 { 1359 1360 vnc_lock_output(vs); 1361 if (vs->output.offset) { 1362 vnc_client_write_locked(vs); 1363 } else if (vs->ioc != NULL) { 1364 if (vs->ioc_tag) { 1365 g_source_remove(vs->ioc_tag); 1366 } 1367 vs->ioc_tag = qio_channel_add_watch( 1368 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1369 } 1370 vnc_unlock_output(vs); 1371 } 1372 1373 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1374 { 1375 vs->read_handler = func; 1376 vs->read_handler_expect = expecting; 1377 } 1378 1379 1380 /* 1381 * Called to read a chunk of data from the client socket. The data may 1382 * be the raw data, or may need to be further decoded by SASL. 1383 * The data will be read either straight from to the socket, or 1384 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1385 * 1386 * NB, it is theoretically possible to have 2 layers of encryption, 1387 * both SASL, and this TLS layer. It is highly unlikely in practice 1388 * though, since SASL encryption will typically be a no-op if TLS 1389 * is active 1390 * 1391 * Returns the number of bytes read, which may be less than 1392 * the requested 'datalen' if the socket would block. Returns 1393 * -1 on error, and disconnects the client socket. 1394 */ 1395 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1396 { 1397 ssize_t ret; 1398 Error *err = NULL; 1399 ret = qio_channel_read( 1400 vs->ioc, (char *)data, datalen, &err); 1401 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1402 return vnc_client_io_error(vs, ret, &err); 1403 } 1404 1405 1406 /* 1407 * Called to read data from the client socket to the input buffer, 1408 * when not using any SASL SSF encryption layers. Will read as much 1409 * data as possible without blocking. 1410 * 1411 * Returns the number of bytes read. Returns -1 on error, and 1412 * disconnects the client socket. 1413 */ 1414 static ssize_t vnc_client_read_plain(VncState *vs) 1415 { 1416 ssize_t ret; 1417 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1418 vs->input.buffer, vs->input.capacity, vs->input.offset); 1419 buffer_reserve(&vs->input, 4096); 1420 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1421 if (!ret) 1422 return 0; 1423 vs->input.offset += ret; 1424 return ret; 1425 } 1426 1427 static void vnc_jobs_bh(void *opaque) 1428 { 1429 VncState *vs = opaque; 1430 1431 vnc_jobs_consume_buffer(vs); 1432 } 1433 1434 /* 1435 * First function called whenever there is more data to be read from 1436 * the client socket. Will delegate actual work according to whether 1437 * SASL SSF layers are enabled (thus requiring decryption calls) 1438 */ 1439 static void vnc_client_read(VncState *vs) 1440 { 1441 ssize_t ret; 1442 1443 #ifdef CONFIG_VNC_SASL 1444 if (vs->sasl.conn && vs->sasl.runSSF) 1445 ret = vnc_client_read_sasl(vs); 1446 else 1447 #endif /* CONFIG_VNC_SASL */ 1448 ret = vnc_client_read_plain(vs); 1449 if (!ret) { 1450 if (vs->disconnecting) { 1451 vnc_disconnect_finish(vs); 1452 } 1453 return; 1454 } 1455 1456 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1457 size_t len = vs->read_handler_expect; 1458 int ret; 1459 1460 ret = vs->read_handler(vs, vs->input.buffer, len); 1461 if (vs->disconnecting) { 1462 vnc_disconnect_finish(vs); 1463 return; 1464 } 1465 1466 if (!ret) { 1467 buffer_advance(&vs->input, len); 1468 } else { 1469 vs->read_handler_expect = ret; 1470 } 1471 } 1472 } 1473 1474 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1475 GIOCondition condition, void *opaque) 1476 { 1477 VncState *vs = opaque; 1478 if (condition & G_IO_IN) { 1479 vnc_client_read(vs); 1480 } 1481 if (condition & G_IO_OUT) { 1482 vnc_client_write(vs); 1483 } 1484 return TRUE; 1485 } 1486 1487 1488 void vnc_write(VncState *vs, const void *data, size_t len) 1489 { 1490 buffer_reserve(&vs->output, len); 1491 1492 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1493 if (vs->ioc_tag) { 1494 g_source_remove(vs->ioc_tag); 1495 } 1496 vs->ioc_tag = qio_channel_add_watch( 1497 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL); 1498 } 1499 1500 buffer_append(&vs->output, data, len); 1501 } 1502 1503 void vnc_write_s32(VncState *vs, int32_t value) 1504 { 1505 vnc_write_u32(vs, *(uint32_t *)&value); 1506 } 1507 1508 void vnc_write_u32(VncState *vs, uint32_t value) 1509 { 1510 uint8_t buf[4]; 1511 1512 buf[0] = (value >> 24) & 0xFF; 1513 buf[1] = (value >> 16) & 0xFF; 1514 buf[2] = (value >> 8) & 0xFF; 1515 buf[3] = value & 0xFF; 1516 1517 vnc_write(vs, buf, 4); 1518 } 1519 1520 void vnc_write_u16(VncState *vs, uint16_t value) 1521 { 1522 uint8_t buf[2]; 1523 1524 buf[0] = (value >> 8) & 0xFF; 1525 buf[1] = value & 0xFF; 1526 1527 vnc_write(vs, buf, 2); 1528 } 1529 1530 void vnc_write_u8(VncState *vs, uint8_t value) 1531 { 1532 vnc_write(vs, (char *)&value, 1); 1533 } 1534 1535 void vnc_flush(VncState *vs) 1536 { 1537 vnc_lock_output(vs); 1538 if (vs->ioc != NULL && vs->output.offset) { 1539 vnc_client_write_locked(vs); 1540 } 1541 vnc_unlock_output(vs); 1542 } 1543 1544 static uint8_t read_u8(uint8_t *data, size_t offset) 1545 { 1546 return data[offset]; 1547 } 1548 1549 static uint16_t read_u16(uint8_t *data, size_t offset) 1550 { 1551 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1552 } 1553 1554 static int32_t read_s32(uint8_t *data, size_t offset) 1555 { 1556 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1557 (data[offset + 2] << 8) | data[offset + 3]); 1558 } 1559 1560 uint32_t read_u32(uint8_t *data, size_t offset) 1561 { 1562 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1563 (data[offset + 2] << 8) | data[offset + 3]); 1564 } 1565 1566 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1567 { 1568 } 1569 1570 static void check_pointer_type_change(Notifier *notifier, void *data) 1571 { 1572 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1573 int absolute = qemu_input_is_absolute(); 1574 1575 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1576 vnc_lock_output(vs); 1577 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1578 vnc_write_u8(vs, 0); 1579 vnc_write_u16(vs, 1); 1580 vnc_framebuffer_update(vs, absolute, 0, 1581 pixman_image_get_width(vs->vd->server), 1582 pixman_image_get_height(vs->vd->server), 1583 VNC_ENCODING_POINTER_TYPE_CHANGE); 1584 vnc_unlock_output(vs); 1585 vnc_flush(vs); 1586 } 1587 vs->absolute = absolute; 1588 } 1589 1590 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1591 { 1592 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1593 [INPUT_BUTTON_LEFT] = 0x01, 1594 [INPUT_BUTTON_MIDDLE] = 0x02, 1595 [INPUT_BUTTON_RIGHT] = 0x04, 1596 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1597 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1598 }; 1599 QemuConsole *con = vs->vd->dcl.con; 1600 int width = pixman_image_get_width(vs->vd->server); 1601 int height = pixman_image_get_height(vs->vd->server); 1602 1603 if (vs->last_bmask != button_mask) { 1604 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1605 vs->last_bmask = button_mask; 1606 } 1607 1608 if (vs->absolute) { 1609 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1610 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1611 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1612 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1613 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1614 } else { 1615 if (vs->last_x != -1) { 1616 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1617 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1618 } 1619 vs->last_x = x; 1620 vs->last_y = y; 1621 } 1622 qemu_input_event_sync(); 1623 } 1624 1625 static void reset_keys(VncState *vs) 1626 { 1627 int i; 1628 for(i = 0; i < 256; i++) { 1629 if (vs->modifiers_state[i]) { 1630 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1631 vs->modifiers_state[i] = 0; 1632 } 1633 } 1634 } 1635 1636 static void press_key(VncState *vs, int keysym) 1637 { 1638 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1639 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1640 qemu_input_event_send_key_delay(0); 1641 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1642 qemu_input_event_send_key_delay(0); 1643 } 1644 1645 static int current_led_state(VncState *vs) 1646 { 1647 int ledstate = 0; 1648 1649 if (vs->modifiers_state[0x46]) { 1650 ledstate |= QEMU_SCROLL_LOCK_LED; 1651 } 1652 if (vs->modifiers_state[0x45]) { 1653 ledstate |= QEMU_NUM_LOCK_LED; 1654 } 1655 if (vs->modifiers_state[0x3a]) { 1656 ledstate |= QEMU_CAPS_LOCK_LED; 1657 } 1658 1659 return ledstate; 1660 } 1661 1662 static void vnc_led_state_change(VncState *vs) 1663 { 1664 int ledstate = 0; 1665 1666 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1667 return; 1668 } 1669 1670 ledstate = current_led_state(vs); 1671 vnc_lock_output(vs); 1672 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1673 vnc_write_u8(vs, 0); 1674 vnc_write_u16(vs, 1); 1675 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1676 vnc_write_u8(vs, ledstate); 1677 vnc_unlock_output(vs); 1678 vnc_flush(vs); 1679 } 1680 1681 static void kbd_leds(void *opaque, int ledstate) 1682 { 1683 VncState *vs = opaque; 1684 int caps, num, scr; 1685 bool has_changed = (ledstate != current_led_state(vs)); 1686 1687 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1688 (ledstate & QEMU_NUM_LOCK_LED), 1689 (ledstate & QEMU_SCROLL_LOCK_LED)); 1690 1691 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1692 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1693 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1694 1695 if (vs->modifiers_state[0x3a] != caps) { 1696 vs->modifiers_state[0x3a] = caps; 1697 } 1698 if (vs->modifiers_state[0x45] != num) { 1699 vs->modifiers_state[0x45] = num; 1700 } 1701 if (vs->modifiers_state[0x46] != scr) { 1702 vs->modifiers_state[0x46] = scr; 1703 } 1704 1705 /* Sending the current led state message to the client */ 1706 if (has_changed) { 1707 vnc_led_state_change(vs); 1708 } 1709 } 1710 1711 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1712 { 1713 /* QEMU console switch */ 1714 switch(keycode) { 1715 case 0x2a: /* Left Shift */ 1716 case 0x36: /* Right Shift */ 1717 case 0x1d: /* Left CTRL */ 1718 case 0x9d: /* Right CTRL */ 1719 case 0x38: /* Left ALT */ 1720 case 0xb8: /* Right ALT */ 1721 if (down) 1722 vs->modifiers_state[keycode] = 1; 1723 else 1724 vs->modifiers_state[keycode] = 0; 1725 break; 1726 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1727 if (vs->vd->dcl.con == NULL && 1728 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1729 /* Reset the modifiers sent to the current console */ 1730 reset_keys(vs); 1731 console_select(keycode - 0x02); 1732 return; 1733 } 1734 break; 1735 case 0x3a: /* CapsLock */ 1736 case 0x45: /* NumLock */ 1737 if (down) 1738 vs->modifiers_state[keycode] ^= 1; 1739 break; 1740 } 1741 1742 /* Turn off the lock state sync logic if the client support the led 1743 state extension. 1744 */ 1745 if (down && vs->vd->lock_key_sync && 1746 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1747 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1748 /* If the numlock state needs to change then simulate an additional 1749 keypress before sending this one. This will happen if the user 1750 toggles numlock away from the VNC window. 1751 */ 1752 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1753 if (!vs->modifiers_state[0x45]) { 1754 trace_vnc_key_sync_numlock(true); 1755 vs->modifiers_state[0x45] = 1; 1756 press_key(vs, 0xff7f); 1757 } 1758 } else { 1759 if (vs->modifiers_state[0x45]) { 1760 trace_vnc_key_sync_numlock(false); 1761 vs->modifiers_state[0x45] = 0; 1762 press_key(vs, 0xff7f); 1763 } 1764 } 1765 } 1766 1767 if (down && vs->vd->lock_key_sync && 1768 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1769 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1770 /* If the capslock state needs to change then simulate an additional 1771 keypress before sending this one. This will happen if the user 1772 toggles capslock away from the VNC window. 1773 */ 1774 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1775 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1776 int capslock = !!(vs->modifiers_state[0x3a]); 1777 if (capslock) { 1778 if (uppercase == shift) { 1779 trace_vnc_key_sync_capslock(false); 1780 vs->modifiers_state[0x3a] = 0; 1781 press_key(vs, 0xffe5); 1782 } 1783 } else { 1784 if (uppercase != shift) { 1785 trace_vnc_key_sync_capslock(true); 1786 vs->modifiers_state[0x3a] = 1; 1787 press_key(vs, 0xffe5); 1788 } 1789 } 1790 } 1791 1792 if (qemu_console_is_graphic(NULL)) { 1793 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1794 } else { 1795 bool numlock = vs->modifiers_state[0x45]; 1796 bool control = (vs->modifiers_state[0x1d] || 1797 vs->modifiers_state[0x9d]); 1798 /* QEMU console emulation */ 1799 if (down) { 1800 switch (keycode) { 1801 case 0x2a: /* Left Shift */ 1802 case 0x36: /* Right Shift */ 1803 case 0x1d: /* Left CTRL */ 1804 case 0x9d: /* Right CTRL */ 1805 case 0x38: /* Left ALT */ 1806 case 0xb8: /* Right ALT */ 1807 break; 1808 case 0xc8: 1809 kbd_put_keysym(QEMU_KEY_UP); 1810 break; 1811 case 0xd0: 1812 kbd_put_keysym(QEMU_KEY_DOWN); 1813 break; 1814 case 0xcb: 1815 kbd_put_keysym(QEMU_KEY_LEFT); 1816 break; 1817 case 0xcd: 1818 kbd_put_keysym(QEMU_KEY_RIGHT); 1819 break; 1820 case 0xd3: 1821 kbd_put_keysym(QEMU_KEY_DELETE); 1822 break; 1823 case 0xc7: 1824 kbd_put_keysym(QEMU_KEY_HOME); 1825 break; 1826 case 0xcf: 1827 kbd_put_keysym(QEMU_KEY_END); 1828 break; 1829 case 0xc9: 1830 kbd_put_keysym(QEMU_KEY_PAGEUP); 1831 break; 1832 case 0xd1: 1833 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1834 break; 1835 1836 case 0x47: 1837 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1838 break; 1839 case 0x48: 1840 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1841 break; 1842 case 0x49: 1843 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1844 break; 1845 case 0x4b: 1846 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1847 break; 1848 case 0x4c: 1849 kbd_put_keysym('5'); 1850 break; 1851 case 0x4d: 1852 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1853 break; 1854 case 0x4f: 1855 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1856 break; 1857 case 0x50: 1858 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1859 break; 1860 case 0x51: 1861 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1862 break; 1863 case 0x52: 1864 kbd_put_keysym('0'); 1865 break; 1866 case 0x53: 1867 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1868 break; 1869 1870 case 0xb5: 1871 kbd_put_keysym('/'); 1872 break; 1873 case 0x37: 1874 kbd_put_keysym('*'); 1875 break; 1876 case 0x4a: 1877 kbd_put_keysym('-'); 1878 break; 1879 case 0x4e: 1880 kbd_put_keysym('+'); 1881 break; 1882 case 0x9c: 1883 kbd_put_keysym('\n'); 1884 break; 1885 1886 default: 1887 if (control) { 1888 kbd_put_keysym(sym & 0x1f); 1889 } else { 1890 kbd_put_keysym(sym); 1891 } 1892 break; 1893 } 1894 } 1895 } 1896 } 1897 1898 static void vnc_release_modifiers(VncState *vs) 1899 { 1900 static const int keycodes[] = { 1901 /* shift, control, alt keys, both left & right */ 1902 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1903 }; 1904 int i, keycode; 1905 1906 if (!qemu_console_is_graphic(NULL)) { 1907 return; 1908 } 1909 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1910 keycode = keycodes[i]; 1911 if (!vs->modifiers_state[keycode]) { 1912 continue; 1913 } 1914 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1915 } 1916 } 1917 1918 static const char *code2name(int keycode) 1919 { 1920 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1921 } 1922 1923 static void key_event(VncState *vs, int down, uint32_t sym) 1924 { 1925 int keycode; 1926 int lsym = sym; 1927 1928 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1929 lsym = lsym - 'A' + 'a'; 1930 } 1931 1932 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1933 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1934 do_key_event(vs, down, keycode, sym); 1935 } 1936 1937 static void ext_key_event(VncState *vs, int down, 1938 uint32_t sym, uint16_t keycode) 1939 { 1940 /* if the user specifies a keyboard layout, always use it */ 1941 if (keyboard_layout) { 1942 key_event(vs, down, sym); 1943 } else { 1944 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1945 do_key_event(vs, down, keycode, sym); 1946 } 1947 } 1948 1949 static void framebuffer_update_request(VncState *vs, int incremental, 1950 int x, int y, int w, int h) 1951 { 1952 vs->need_update = 1; 1953 1954 if (incremental) { 1955 return; 1956 } 1957 1958 vs->force_update = 1; 1959 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 1960 } 1961 1962 static void send_ext_key_event_ack(VncState *vs) 1963 { 1964 vnc_lock_output(vs); 1965 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1966 vnc_write_u8(vs, 0); 1967 vnc_write_u16(vs, 1); 1968 vnc_framebuffer_update(vs, 0, 0, 1969 pixman_image_get_width(vs->vd->server), 1970 pixman_image_get_height(vs->vd->server), 1971 VNC_ENCODING_EXT_KEY_EVENT); 1972 vnc_unlock_output(vs); 1973 vnc_flush(vs); 1974 } 1975 1976 static void send_ext_audio_ack(VncState *vs) 1977 { 1978 vnc_lock_output(vs); 1979 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1980 vnc_write_u8(vs, 0); 1981 vnc_write_u16(vs, 1); 1982 vnc_framebuffer_update(vs, 0, 0, 1983 pixman_image_get_width(vs->vd->server), 1984 pixman_image_get_height(vs->vd->server), 1985 VNC_ENCODING_AUDIO); 1986 vnc_unlock_output(vs); 1987 vnc_flush(vs); 1988 } 1989 1990 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1991 { 1992 int i; 1993 unsigned int enc = 0; 1994 1995 vs->features = 0; 1996 vs->vnc_encoding = 0; 1997 vs->tight.compression = 9; 1998 vs->tight.quality = -1; /* Lossless by default */ 1999 vs->absolute = -1; 2000 2001 /* 2002 * Start from the end because the encodings are sent in order of preference. 2003 * This way the preferred encoding (first encoding defined in the array) 2004 * will be set at the end of the loop. 2005 */ 2006 for (i = n_encodings - 1; i >= 0; i--) { 2007 enc = encodings[i]; 2008 switch (enc) { 2009 case VNC_ENCODING_RAW: 2010 vs->vnc_encoding = enc; 2011 break; 2012 case VNC_ENCODING_COPYRECT: 2013 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2014 break; 2015 case VNC_ENCODING_HEXTILE: 2016 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2017 vs->vnc_encoding = enc; 2018 break; 2019 case VNC_ENCODING_TIGHT: 2020 vs->features |= VNC_FEATURE_TIGHT_MASK; 2021 vs->vnc_encoding = enc; 2022 break; 2023 #ifdef CONFIG_VNC_PNG 2024 case VNC_ENCODING_TIGHT_PNG: 2025 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2026 vs->vnc_encoding = enc; 2027 break; 2028 #endif 2029 case VNC_ENCODING_ZLIB: 2030 vs->features |= VNC_FEATURE_ZLIB_MASK; 2031 vs->vnc_encoding = enc; 2032 break; 2033 case VNC_ENCODING_ZRLE: 2034 vs->features |= VNC_FEATURE_ZRLE_MASK; 2035 vs->vnc_encoding = enc; 2036 break; 2037 case VNC_ENCODING_ZYWRLE: 2038 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2039 vs->vnc_encoding = enc; 2040 break; 2041 case VNC_ENCODING_DESKTOPRESIZE: 2042 vs->features |= VNC_FEATURE_RESIZE_MASK; 2043 break; 2044 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2045 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2046 break; 2047 case VNC_ENCODING_RICH_CURSOR: 2048 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2049 if (vs->vd->cursor) { 2050 vnc_cursor_define(vs); 2051 } 2052 break; 2053 case VNC_ENCODING_EXT_KEY_EVENT: 2054 send_ext_key_event_ack(vs); 2055 break; 2056 case VNC_ENCODING_AUDIO: 2057 send_ext_audio_ack(vs); 2058 break; 2059 case VNC_ENCODING_WMVi: 2060 vs->features |= VNC_FEATURE_WMVI_MASK; 2061 break; 2062 case VNC_ENCODING_LED_STATE: 2063 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2064 break; 2065 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2066 vs->tight.compression = (enc & 0x0F); 2067 break; 2068 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2069 if (vs->vd->lossy) { 2070 vs->tight.quality = (enc & 0x0F); 2071 } 2072 break; 2073 default: 2074 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2075 break; 2076 } 2077 } 2078 vnc_desktop_resize(vs); 2079 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2080 vnc_led_state_change(vs); 2081 } 2082 2083 static void set_pixel_conversion(VncState *vs) 2084 { 2085 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2086 2087 if (fmt == VNC_SERVER_FB_FORMAT) { 2088 vs->write_pixels = vnc_write_pixels_copy; 2089 vnc_hextile_set_pixel_conversion(vs, 0); 2090 } else { 2091 vs->write_pixels = vnc_write_pixels_generic; 2092 vnc_hextile_set_pixel_conversion(vs, 1); 2093 } 2094 } 2095 2096 static void set_pixel_format(VncState *vs, 2097 int bits_per_pixel, int depth, 2098 int big_endian_flag, int true_color_flag, 2099 int red_max, int green_max, int blue_max, 2100 int red_shift, int green_shift, int blue_shift) 2101 { 2102 if (!true_color_flag) { 2103 vnc_client_error(vs); 2104 return; 2105 } 2106 2107 switch (bits_per_pixel) { 2108 case 8: 2109 case 16: 2110 case 32: 2111 break; 2112 default: 2113 vnc_client_error(vs); 2114 return; 2115 } 2116 2117 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2118 vs->client_pf.rbits = hweight_long(red_max); 2119 vs->client_pf.rshift = red_shift; 2120 vs->client_pf.rmask = red_max << red_shift; 2121 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2122 vs->client_pf.gbits = hweight_long(green_max); 2123 vs->client_pf.gshift = green_shift; 2124 vs->client_pf.gmask = green_max << green_shift; 2125 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2126 vs->client_pf.bbits = hweight_long(blue_max); 2127 vs->client_pf.bshift = blue_shift; 2128 vs->client_pf.bmask = blue_max << blue_shift; 2129 vs->client_pf.bits_per_pixel = bits_per_pixel; 2130 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2131 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2132 vs->client_be = big_endian_flag; 2133 2134 set_pixel_conversion(vs); 2135 2136 graphic_hw_invalidate(vs->vd->dcl.con); 2137 graphic_hw_update(vs->vd->dcl.con); 2138 } 2139 2140 static void pixel_format_message (VncState *vs) { 2141 char pad[3] = { 0, 0, 0 }; 2142 2143 vs->client_pf = qemu_default_pixelformat(32); 2144 2145 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2146 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2147 2148 #ifdef HOST_WORDS_BIGENDIAN 2149 vnc_write_u8(vs, 1); /* big-endian-flag */ 2150 #else 2151 vnc_write_u8(vs, 0); /* big-endian-flag */ 2152 #endif 2153 vnc_write_u8(vs, 1); /* true-color-flag */ 2154 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2155 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2156 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2157 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2158 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2159 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2160 vnc_write(vs, pad, 3); /* padding */ 2161 2162 vnc_hextile_set_pixel_conversion(vs, 0); 2163 vs->write_pixels = vnc_write_pixels_copy; 2164 } 2165 2166 static void vnc_colordepth(VncState *vs) 2167 { 2168 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2169 /* Sending a WMVi message to notify the client*/ 2170 vnc_lock_output(vs); 2171 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2172 vnc_write_u8(vs, 0); 2173 vnc_write_u16(vs, 1); /* number of rects */ 2174 vnc_framebuffer_update(vs, 0, 0, 2175 pixman_image_get_width(vs->vd->server), 2176 pixman_image_get_height(vs->vd->server), 2177 VNC_ENCODING_WMVi); 2178 pixel_format_message(vs); 2179 vnc_unlock_output(vs); 2180 vnc_flush(vs); 2181 } else { 2182 set_pixel_conversion(vs); 2183 } 2184 } 2185 2186 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2187 { 2188 int i; 2189 uint16_t limit; 2190 VncDisplay *vd = vs->vd; 2191 2192 if (data[0] > 3) { 2193 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2194 } 2195 2196 switch (data[0]) { 2197 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2198 if (len == 1) 2199 return 20; 2200 2201 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2202 read_u8(data, 6), read_u8(data, 7), 2203 read_u16(data, 8), read_u16(data, 10), 2204 read_u16(data, 12), read_u8(data, 14), 2205 read_u8(data, 15), read_u8(data, 16)); 2206 break; 2207 case VNC_MSG_CLIENT_SET_ENCODINGS: 2208 if (len == 1) 2209 return 4; 2210 2211 if (len == 4) { 2212 limit = read_u16(data, 2); 2213 if (limit > 0) 2214 return 4 + (limit * 4); 2215 } else 2216 limit = read_u16(data, 2); 2217 2218 for (i = 0; i < limit; i++) { 2219 int32_t val = read_s32(data, 4 + (i * 4)); 2220 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2221 } 2222 2223 set_encodings(vs, (int32_t *)(data + 4), limit); 2224 break; 2225 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2226 if (len == 1) 2227 return 10; 2228 2229 framebuffer_update_request(vs, 2230 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2231 read_u16(data, 6), read_u16(data, 8)); 2232 break; 2233 case VNC_MSG_CLIENT_KEY_EVENT: 2234 if (len == 1) 2235 return 8; 2236 2237 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2238 break; 2239 case VNC_MSG_CLIENT_POINTER_EVENT: 2240 if (len == 1) 2241 return 6; 2242 2243 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2244 break; 2245 case VNC_MSG_CLIENT_CUT_TEXT: 2246 if (len == 1) { 2247 return 8; 2248 } 2249 if (len == 8) { 2250 uint32_t dlen = read_u32(data, 4); 2251 if (dlen > (1 << 20)) { 2252 error_report("vnc: client_cut_text msg payload has %u bytes" 2253 " which exceeds our limit of 1MB.", dlen); 2254 vnc_client_error(vs); 2255 break; 2256 } 2257 if (dlen > 0) { 2258 return 8 + dlen; 2259 } 2260 } 2261 2262 client_cut_text(vs, read_u32(data, 4), data + 8); 2263 break; 2264 case VNC_MSG_CLIENT_QEMU: 2265 if (len == 1) 2266 return 2; 2267 2268 switch (read_u8(data, 1)) { 2269 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2270 if (len == 2) 2271 return 12; 2272 2273 ext_key_event(vs, read_u16(data, 2), 2274 read_u32(data, 4), read_u32(data, 8)); 2275 break; 2276 case VNC_MSG_CLIENT_QEMU_AUDIO: 2277 if (len == 2) 2278 return 4; 2279 2280 switch (read_u16 (data, 2)) { 2281 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2282 audio_add(vs); 2283 break; 2284 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2285 audio_del(vs); 2286 break; 2287 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2288 if (len == 4) 2289 return 10; 2290 switch (read_u8(data, 4)) { 2291 case 0: vs->as.fmt = AUD_FMT_U8; break; 2292 case 1: vs->as.fmt = AUD_FMT_S8; break; 2293 case 2: vs->as.fmt = AUD_FMT_U16; break; 2294 case 3: vs->as.fmt = AUD_FMT_S16; break; 2295 case 4: vs->as.fmt = AUD_FMT_U32; break; 2296 case 5: vs->as.fmt = AUD_FMT_S32; break; 2297 default: 2298 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2299 vnc_client_error(vs); 2300 break; 2301 } 2302 vs->as.nchannels = read_u8(data, 5); 2303 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2304 VNC_DEBUG("Invalid audio channel coount %d\n", 2305 read_u8(data, 5)); 2306 vnc_client_error(vs); 2307 break; 2308 } 2309 vs->as.freq = read_u32(data, 6); 2310 break; 2311 default: 2312 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2313 vnc_client_error(vs); 2314 break; 2315 } 2316 break; 2317 2318 default: 2319 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2320 vnc_client_error(vs); 2321 break; 2322 } 2323 break; 2324 default: 2325 VNC_DEBUG("Msg: %d\n", data[0]); 2326 vnc_client_error(vs); 2327 break; 2328 } 2329 2330 vnc_read_when(vs, protocol_client_msg, 1); 2331 return 0; 2332 } 2333 2334 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2335 { 2336 char buf[1024]; 2337 VncShareMode mode; 2338 int size; 2339 2340 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2341 switch (vs->vd->share_policy) { 2342 case VNC_SHARE_POLICY_IGNORE: 2343 /* 2344 * Ignore the shared flag. Nothing to do here. 2345 * 2346 * Doesn't conform to the rfb spec but is traditional qemu 2347 * behavior, thus left here as option for compatibility 2348 * reasons. 2349 */ 2350 break; 2351 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2352 /* 2353 * Policy: Allow clients ask for exclusive access. 2354 * 2355 * Implementation: When a client asks for exclusive access, 2356 * disconnect all others. Shared connects are allowed as long 2357 * as no exclusive connection exists. 2358 * 2359 * This is how the rfb spec suggests to handle the shared flag. 2360 */ 2361 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2362 VncState *client; 2363 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2364 if (vs == client) { 2365 continue; 2366 } 2367 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2368 client->share_mode != VNC_SHARE_MODE_SHARED) { 2369 continue; 2370 } 2371 vnc_disconnect_start(client); 2372 } 2373 } 2374 if (mode == VNC_SHARE_MODE_SHARED) { 2375 if (vs->vd->num_exclusive > 0) { 2376 vnc_disconnect_start(vs); 2377 return 0; 2378 } 2379 } 2380 break; 2381 case VNC_SHARE_POLICY_FORCE_SHARED: 2382 /* 2383 * Policy: Shared connects only. 2384 * Implementation: Disallow clients asking for exclusive access. 2385 * 2386 * Useful for shared desktop sessions where you don't want 2387 * someone forgetting to say -shared when running the vnc 2388 * client disconnect everybody else. 2389 */ 2390 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2391 vnc_disconnect_start(vs); 2392 return 0; 2393 } 2394 break; 2395 } 2396 vnc_set_share_mode(vs, mode); 2397 2398 if (vs->vd->num_shared > vs->vd->connections_limit) { 2399 vnc_disconnect_start(vs); 2400 return 0; 2401 } 2402 2403 vs->client_width = pixman_image_get_width(vs->vd->server); 2404 vs->client_height = pixman_image_get_height(vs->vd->server); 2405 vnc_write_u16(vs, vs->client_width); 2406 vnc_write_u16(vs, vs->client_height); 2407 2408 pixel_format_message(vs); 2409 2410 if (qemu_name) 2411 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2412 else 2413 size = snprintf(buf, sizeof(buf), "QEMU"); 2414 2415 vnc_write_u32(vs, size); 2416 vnc_write(vs, buf, size); 2417 vnc_flush(vs); 2418 2419 vnc_client_cache_auth(vs); 2420 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2421 2422 vnc_read_when(vs, protocol_client_msg, 1); 2423 2424 return 0; 2425 } 2426 2427 void start_client_init(VncState *vs) 2428 { 2429 vnc_read_when(vs, protocol_client_init, 1); 2430 } 2431 2432 static void make_challenge(VncState *vs) 2433 { 2434 int i; 2435 2436 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2437 2438 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2439 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2440 } 2441 2442 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2443 { 2444 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2445 size_t i, pwlen; 2446 unsigned char key[8]; 2447 time_t now = time(NULL); 2448 QCryptoCipher *cipher = NULL; 2449 Error *err = NULL; 2450 2451 if (!vs->vd->password) { 2452 VNC_DEBUG("No password configured on server"); 2453 goto reject; 2454 } 2455 if (vs->vd->expires < now) { 2456 VNC_DEBUG("Password is expired"); 2457 goto reject; 2458 } 2459 2460 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2461 2462 /* Calculate the expected challenge response */ 2463 pwlen = strlen(vs->vd->password); 2464 for (i=0; i<sizeof(key); i++) 2465 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2466 2467 cipher = qcrypto_cipher_new( 2468 QCRYPTO_CIPHER_ALG_DES_RFB, 2469 QCRYPTO_CIPHER_MODE_ECB, 2470 key, G_N_ELEMENTS(key), 2471 &err); 2472 if (!cipher) { 2473 VNC_DEBUG("Cannot initialize cipher %s", 2474 error_get_pretty(err)); 2475 error_free(err); 2476 goto reject; 2477 } 2478 2479 if (qcrypto_cipher_encrypt(cipher, 2480 vs->challenge, 2481 response, 2482 VNC_AUTH_CHALLENGE_SIZE, 2483 &err) < 0) { 2484 VNC_DEBUG("Cannot encrypt challenge %s", 2485 error_get_pretty(err)); 2486 error_free(err); 2487 goto reject; 2488 } 2489 2490 /* Compare expected vs actual challenge response */ 2491 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2492 VNC_DEBUG("Client challenge response did not match\n"); 2493 goto reject; 2494 } else { 2495 VNC_DEBUG("Accepting VNC challenge response\n"); 2496 vnc_write_u32(vs, 0); /* Accept auth */ 2497 vnc_flush(vs); 2498 2499 start_client_init(vs); 2500 } 2501 2502 qcrypto_cipher_free(cipher); 2503 return 0; 2504 2505 reject: 2506 vnc_write_u32(vs, 1); /* Reject auth */ 2507 if (vs->minor >= 8) { 2508 static const char err[] = "Authentication failed"; 2509 vnc_write_u32(vs, sizeof(err)); 2510 vnc_write(vs, err, sizeof(err)); 2511 } 2512 vnc_flush(vs); 2513 vnc_client_error(vs); 2514 qcrypto_cipher_free(cipher); 2515 return 0; 2516 } 2517 2518 void start_auth_vnc(VncState *vs) 2519 { 2520 make_challenge(vs); 2521 /* Send client a 'random' challenge */ 2522 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2523 vnc_flush(vs); 2524 2525 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2526 } 2527 2528 2529 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2530 { 2531 /* We only advertise 1 auth scheme at a time, so client 2532 * must pick the one we sent. Verify this */ 2533 if (data[0] != vs->auth) { /* Reject auth */ 2534 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2535 vnc_write_u32(vs, 1); 2536 if (vs->minor >= 8) { 2537 static const char err[] = "Authentication failed"; 2538 vnc_write_u32(vs, sizeof(err)); 2539 vnc_write(vs, err, sizeof(err)); 2540 } 2541 vnc_client_error(vs); 2542 } else { /* Accept requested auth */ 2543 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2544 switch (vs->auth) { 2545 case VNC_AUTH_NONE: 2546 VNC_DEBUG("Accept auth none\n"); 2547 if (vs->minor >= 8) { 2548 vnc_write_u32(vs, 0); /* Accept auth completion */ 2549 vnc_flush(vs); 2550 } 2551 start_client_init(vs); 2552 break; 2553 2554 case VNC_AUTH_VNC: 2555 VNC_DEBUG("Start VNC auth\n"); 2556 start_auth_vnc(vs); 2557 break; 2558 2559 case VNC_AUTH_VENCRYPT: 2560 VNC_DEBUG("Accept VeNCrypt auth\n"); 2561 start_auth_vencrypt(vs); 2562 break; 2563 2564 #ifdef CONFIG_VNC_SASL 2565 case VNC_AUTH_SASL: 2566 VNC_DEBUG("Accept SASL auth\n"); 2567 start_auth_sasl(vs); 2568 break; 2569 #endif /* CONFIG_VNC_SASL */ 2570 2571 default: /* Should not be possible, but just in case */ 2572 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2573 vnc_write_u8(vs, 1); 2574 if (vs->minor >= 8) { 2575 static const char err[] = "Authentication failed"; 2576 vnc_write_u32(vs, sizeof(err)); 2577 vnc_write(vs, err, sizeof(err)); 2578 } 2579 vnc_client_error(vs); 2580 } 2581 } 2582 return 0; 2583 } 2584 2585 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2586 { 2587 char local[13]; 2588 2589 memcpy(local, version, 12); 2590 local[12] = 0; 2591 2592 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2593 VNC_DEBUG("Malformed protocol version %s\n", local); 2594 vnc_client_error(vs); 2595 return 0; 2596 } 2597 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2598 if (vs->major != 3 || 2599 (vs->minor != 3 && 2600 vs->minor != 4 && 2601 vs->minor != 5 && 2602 vs->minor != 7 && 2603 vs->minor != 8)) { 2604 VNC_DEBUG("Unsupported client version\n"); 2605 vnc_write_u32(vs, VNC_AUTH_INVALID); 2606 vnc_flush(vs); 2607 vnc_client_error(vs); 2608 return 0; 2609 } 2610 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2611 * as equivalent to v3.3 by servers 2612 */ 2613 if (vs->minor == 4 || vs->minor == 5) 2614 vs->minor = 3; 2615 2616 if (vs->minor == 3) { 2617 if (vs->auth == VNC_AUTH_NONE) { 2618 VNC_DEBUG("Tell client auth none\n"); 2619 vnc_write_u32(vs, vs->auth); 2620 vnc_flush(vs); 2621 start_client_init(vs); 2622 } else if (vs->auth == VNC_AUTH_VNC) { 2623 VNC_DEBUG("Tell client VNC auth\n"); 2624 vnc_write_u32(vs, vs->auth); 2625 vnc_flush(vs); 2626 start_auth_vnc(vs); 2627 } else { 2628 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2629 vnc_write_u32(vs, VNC_AUTH_INVALID); 2630 vnc_flush(vs); 2631 vnc_client_error(vs); 2632 } 2633 } else { 2634 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2635 vnc_write_u8(vs, 1); /* num auth */ 2636 vnc_write_u8(vs, vs->auth); 2637 vnc_read_when(vs, protocol_client_auth, 1); 2638 vnc_flush(vs); 2639 } 2640 2641 return 0; 2642 } 2643 2644 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2645 { 2646 struct VncSurface *vs = &vd->guest; 2647 2648 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2649 } 2650 2651 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2652 { 2653 int i, j; 2654 2655 w = (x + w) / VNC_STAT_RECT; 2656 h = (y + h) / VNC_STAT_RECT; 2657 x /= VNC_STAT_RECT; 2658 y /= VNC_STAT_RECT; 2659 2660 for (j = y; j <= h; j++) { 2661 for (i = x; i <= w; i++) { 2662 vs->lossy_rect[j][i] = 1; 2663 } 2664 } 2665 } 2666 2667 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2668 { 2669 VncState *vs; 2670 int sty = y / VNC_STAT_RECT; 2671 int stx = x / VNC_STAT_RECT; 2672 int has_dirty = 0; 2673 2674 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2675 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2676 2677 QTAILQ_FOREACH(vs, &vd->clients, next) { 2678 int j; 2679 2680 /* kernel send buffers are full -> refresh later */ 2681 if (vs->output.offset) { 2682 continue; 2683 } 2684 2685 if (!vs->lossy_rect[sty][stx]) { 2686 continue; 2687 } 2688 2689 vs->lossy_rect[sty][stx] = 0; 2690 for (j = 0; j < VNC_STAT_RECT; ++j) { 2691 bitmap_set(vs->dirty[y + j], 2692 x / VNC_DIRTY_PIXELS_PER_BIT, 2693 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2694 } 2695 has_dirty++; 2696 } 2697 2698 return has_dirty; 2699 } 2700 2701 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2702 { 2703 int width = pixman_image_get_width(vd->guest.fb); 2704 int height = pixman_image_get_height(vd->guest.fb); 2705 int x, y; 2706 struct timeval res; 2707 int has_dirty = 0; 2708 2709 for (y = 0; y < height; y += VNC_STAT_RECT) { 2710 for (x = 0; x < width; x += VNC_STAT_RECT) { 2711 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2712 2713 rect->updated = false; 2714 } 2715 } 2716 2717 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2718 2719 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2720 return has_dirty; 2721 } 2722 vd->guest.last_freq_check = *tv; 2723 2724 for (y = 0; y < height; y += VNC_STAT_RECT) { 2725 for (x = 0; x < width; x += VNC_STAT_RECT) { 2726 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2727 int count = ARRAY_SIZE(rect->times); 2728 struct timeval min, max; 2729 2730 if (!timerisset(&rect->times[count - 1])) { 2731 continue ; 2732 } 2733 2734 max = rect->times[(rect->idx + count - 1) % count]; 2735 qemu_timersub(tv, &max, &res); 2736 2737 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2738 rect->freq = 0; 2739 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2740 memset(rect->times, 0, sizeof (rect->times)); 2741 continue ; 2742 } 2743 2744 min = rect->times[rect->idx]; 2745 max = rect->times[(rect->idx + count - 1) % count]; 2746 qemu_timersub(&max, &min, &res); 2747 2748 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2749 rect->freq /= count; 2750 rect->freq = 1. / rect->freq; 2751 } 2752 } 2753 return has_dirty; 2754 } 2755 2756 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2757 { 2758 int i, j; 2759 double total = 0; 2760 int num = 0; 2761 2762 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2763 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2764 2765 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2766 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2767 total += vnc_stat_rect(vs->vd, i, j)->freq; 2768 num++; 2769 } 2770 } 2771 2772 if (num) { 2773 return total / num; 2774 } else { 2775 return 0; 2776 } 2777 } 2778 2779 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2780 { 2781 VncRectStat *rect; 2782 2783 rect = vnc_stat_rect(vd, x, y); 2784 if (rect->updated) { 2785 return ; 2786 } 2787 rect->times[rect->idx] = *tv; 2788 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2789 rect->updated = true; 2790 } 2791 2792 static int vnc_refresh_server_surface(VncDisplay *vd) 2793 { 2794 int width = MIN(pixman_image_get_width(vd->guest.fb), 2795 pixman_image_get_width(vd->server)); 2796 int height = MIN(pixman_image_get_height(vd->guest.fb), 2797 pixman_image_get_height(vd->server)); 2798 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 2799 uint8_t *guest_row0 = NULL, *server_row0; 2800 VncState *vs; 2801 int has_dirty = 0; 2802 pixman_image_t *tmpbuf = NULL; 2803 2804 struct timeval tv = { 0, 0 }; 2805 2806 if (!vd->non_adaptive) { 2807 gettimeofday(&tv, NULL); 2808 has_dirty = vnc_update_stats(vd, &tv); 2809 } 2810 2811 /* 2812 * Walk through the guest dirty map. 2813 * Check and copy modified bits from guest to server surface. 2814 * Update server dirty map. 2815 */ 2816 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2817 server_stride = guest_stride = guest_ll = 2818 pixman_image_get_stride(vd->server); 2819 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2820 server_stride); 2821 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2822 int width = pixman_image_get_width(vd->server); 2823 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2824 } else { 2825 int guest_bpp = 2826 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 2827 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2828 guest_stride = pixman_image_get_stride(vd->guest.fb); 2829 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8); 2830 } 2831 line_bytes = MIN(server_stride, guest_ll); 2832 2833 for (;;) { 2834 int x; 2835 uint8_t *guest_ptr, *server_ptr; 2836 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2837 height * VNC_DIRTY_BPL(&vd->guest), 2838 y * VNC_DIRTY_BPL(&vd->guest)); 2839 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2840 /* no more dirty bits */ 2841 break; 2842 } 2843 y = offset / VNC_DIRTY_BPL(&vd->guest); 2844 x = offset % VNC_DIRTY_BPL(&vd->guest); 2845 2846 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2847 2848 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2849 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2850 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2851 } else { 2852 guest_ptr = guest_row0 + y * guest_stride; 2853 } 2854 guest_ptr += x * cmp_bytes; 2855 2856 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2857 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2858 int _cmp_bytes = cmp_bytes; 2859 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2860 continue; 2861 } 2862 if ((x + 1) * cmp_bytes > line_bytes) { 2863 _cmp_bytes = line_bytes - x * cmp_bytes; 2864 } 2865 assert(_cmp_bytes >= 0); 2866 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2867 continue; 2868 } 2869 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2870 if (!vd->non_adaptive) { 2871 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2872 y, &tv); 2873 } 2874 QTAILQ_FOREACH(vs, &vd->clients, next) { 2875 set_bit(x, vs->dirty[y]); 2876 } 2877 has_dirty++; 2878 } 2879 2880 y++; 2881 } 2882 qemu_pixman_image_unref(tmpbuf); 2883 return has_dirty; 2884 } 2885 2886 static void vnc_refresh(DisplayChangeListener *dcl) 2887 { 2888 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2889 VncState *vs, *vn; 2890 int has_dirty, rects = 0; 2891 2892 if (QTAILQ_EMPTY(&vd->clients)) { 2893 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2894 return; 2895 } 2896 2897 graphic_hw_update(vd->dcl.con); 2898 2899 if (vnc_trylock_display(vd)) { 2900 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2901 return; 2902 } 2903 2904 has_dirty = vnc_refresh_server_surface(vd); 2905 vnc_unlock_display(vd); 2906 2907 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2908 rects += vnc_update_client(vs, has_dirty, false); 2909 /* vs might be free()ed here */ 2910 } 2911 2912 if (has_dirty && rects) { 2913 vd->dcl.update_interval /= 2; 2914 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2915 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2916 } 2917 } else { 2918 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2919 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2920 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2921 } 2922 } 2923 } 2924 2925 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 2926 bool skipauth, bool websocket) 2927 { 2928 VncState *vs = g_new0(VncState, 1); 2929 int i; 2930 2931 vs->sioc = sioc; 2932 object_ref(OBJECT(vs->sioc)); 2933 vs->ioc = QIO_CHANNEL(sioc); 2934 object_ref(OBJECT(vs->ioc)); 2935 vs->vd = vd; 2936 2937 buffer_init(&vs->input, "vnc-input/%p", sioc); 2938 buffer_init(&vs->output, "vnc-output/%p", sioc); 2939 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 2940 2941 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc); 2942 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc); 2943 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc); 2944 #ifdef CONFIG_VNC_JPEG 2945 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc); 2946 #endif 2947 #ifdef CONFIG_VNC_PNG 2948 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc); 2949 #endif 2950 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 2951 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc); 2952 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc); 2953 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc); 2954 2955 if (skipauth) { 2956 vs->auth = VNC_AUTH_NONE; 2957 vs->subauth = VNC_AUTH_INVALID; 2958 } else { 2959 if (websocket) { 2960 vs->auth = vd->ws_auth; 2961 vs->subauth = VNC_AUTH_INVALID; 2962 } else { 2963 vs->auth = vd->auth; 2964 vs->subauth = vd->subauth; 2965 } 2966 } 2967 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 2968 sioc, websocket, vs->auth, vs->subauth); 2969 2970 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2971 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2972 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 2973 } 2974 2975 VNC_DEBUG("New client on socket %p\n", vs->sioc); 2976 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2977 qio_channel_set_blocking(vs->ioc, false, NULL); 2978 if (websocket) { 2979 vs->websocket = 1; 2980 if (vd->ws_tls) { 2981 vs->ioc_tag = qio_channel_add_watch( 2982 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); 2983 } else { 2984 vs->ioc_tag = qio_channel_add_watch( 2985 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); 2986 } 2987 } else { 2988 vs->ioc_tag = qio_channel_add_watch( 2989 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 2990 } 2991 2992 vnc_client_cache_addr(vs); 2993 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 2994 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2995 2996 if (!vs->websocket) { 2997 vnc_init_state(vs); 2998 } 2999 3000 if (vd->num_connecting > vd->connections_limit) { 3001 QTAILQ_FOREACH(vs, &vd->clients, next) { 3002 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3003 vnc_disconnect_start(vs); 3004 return; 3005 } 3006 } 3007 } 3008 } 3009 3010 void vnc_init_state(VncState *vs) 3011 { 3012 vs->initialized = true; 3013 VncDisplay *vd = vs->vd; 3014 bool first_client = QTAILQ_EMPTY(&vd->clients); 3015 3016 vs->last_x = -1; 3017 vs->last_y = -1; 3018 3019 vs->as.freq = 44100; 3020 vs->as.nchannels = 2; 3021 vs->as.fmt = AUD_FMT_S16; 3022 vs->as.endianness = 0; 3023 3024 qemu_mutex_init(&vs->output_mutex); 3025 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3026 3027 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3028 if (first_client) { 3029 vnc_update_server_surface(vd); 3030 } 3031 3032 graphic_hw_update(vd->dcl.con); 3033 3034 vnc_write(vs, "RFB 003.008\n", 12); 3035 vnc_flush(vs); 3036 vnc_read_when(vs, protocol_version, 12); 3037 reset_keys(vs); 3038 if (vs->vd->lock_key_sync) 3039 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 3040 3041 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3042 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3043 3044 /* vs might be free()ed here */ 3045 } 3046 3047 static gboolean vnc_listen_io(QIOChannel *ioc, 3048 GIOCondition condition, 3049 void *opaque) 3050 { 3051 VncDisplay *vs = opaque; 3052 QIOChannelSocket *sioc = NULL; 3053 Error *err = NULL; 3054 3055 /* Catch-up */ 3056 graphic_hw_update(vs->dcl.con); 3057 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err); 3058 if (sioc != NULL) { 3059 qio_channel_set_delay(QIO_CHANNEL(sioc), false); 3060 vnc_connect(vs, sioc, false, 3061 ioc != QIO_CHANNEL(vs->lsock)); 3062 object_unref(OBJECT(sioc)); 3063 } else { 3064 /* client probably closed connection before we got there */ 3065 error_free(err); 3066 } 3067 3068 return TRUE; 3069 } 3070 3071 static const DisplayChangeListenerOps dcl_ops = { 3072 .dpy_name = "vnc", 3073 .dpy_refresh = vnc_refresh, 3074 .dpy_gfx_copy = vnc_dpy_copy, 3075 .dpy_gfx_update = vnc_dpy_update, 3076 .dpy_gfx_switch = vnc_dpy_switch, 3077 .dpy_gfx_check_format = qemu_pixman_check_format, 3078 .dpy_mouse_set = vnc_mouse_set, 3079 .dpy_cursor_define = vnc_dpy_cursor_define, 3080 }; 3081 3082 void vnc_display_init(const char *id) 3083 { 3084 VncDisplay *vs; 3085 3086 if (vnc_display_find(id) != NULL) { 3087 return; 3088 } 3089 vs = g_malloc0(sizeof(*vs)); 3090 3091 vs->id = strdup(id); 3092 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next); 3093 3094 QTAILQ_INIT(&vs->clients); 3095 vs->expires = TIME_MAX; 3096 3097 if (keyboard_layout) { 3098 trace_vnc_key_map_init(keyboard_layout); 3099 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 3100 } else { 3101 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 3102 } 3103 3104 if (!vs->kbd_layout) 3105 exit(1); 3106 3107 qemu_mutex_init(&vs->mutex); 3108 vnc_start_worker_thread(); 3109 3110 vs->dcl.ops = &dcl_ops; 3111 register_displaychangelistener(&vs->dcl); 3112 } 3113 3114 3115 static void vnc_display_close(VncDisplay *vs) 3116 { 3117 if (!vs) 3118 return; 3119 vs->enabled = false; 3120 vs->is_unix = false; 3121 if (vs->lsock != NULL) { 3122 if (vs->lsock_tag) { 3123 g_source_remove(vs->lsock_tag); 3124 } 3125 object_unref(OBJECT(vs->lsock)); 3126 vs->lsock = NULL; 3127 } 3128 vs->ws_enabled = false; 3129 if (vs->lwebsock != NULL) { 3130 if (vs->lwebsock_tag) { 3131 g_source_remove(vs->lwebsock_tag); 3132 } 3133 object_unref(OBJECT(vs->lwebsock)); 3134 vs->lwebsock = NULL; 3135 } 3136 vs->auth = VNC_AUTH_INVALID; 3137 vs->subauth = VNC_AUTH_INVALID; 3138 if (vs->tlscreds) { 3139 object_unparent(OBJECT(vs->tlscreds)); 3140 vs->tlscreds = NULL; 3141 } 3142 g_free(vs->tlsaclname); 3143 vs->tlsaclname = NULL; 3144 } 3145 3146 int vnc_display_password(const char *id, const char *password) 3147 { 3148 VncDisplay *vs = vnc_display_find(id); 3149 3150 if (!vs) { 3151 return -EINVAL; 3152 } 3153 if (vs->auth == VNC_AUTH_NONE) { 3154 error_printf_unless_qmp("If you want use passwords please enable " 3155 "password auth using '-vnc ${dpy},password'."); 3156 return -EINVAL; 3157 } 3158 3159 g_free(vs->password); 3160 vs->password = g_strdup(password); 3161 3162 return 0; 3163 } 3164 3165 int vnc_display_pw_expire(const char *id, time_t expires) 3166 { 3167 VncDisplay *vs = vnc_display_find(id); 3168 3169 if (!vs) { 3170 return -EINVAL; 3171 } 3172 3173 vs->expires = expires; 3174 return 0; 3175 } 3176 3177 char *vnc_display_local_addr(const char *id) 3178 { 3179 VncDisplay *vs = vnc_display_find(id); 3180 SocketAddress *addr; 3181 char *ret; 3182 Error *err = NULL; 3183 3184 assert(vs); 3185 3186 addr = qio_channel_socket_get_local_address(vs->lsock, &err); 3187 if (!addr) { 3188 return NULL; 3189 } 3190 3191 if (addr->type != SOCKET_ADDRESS_KIND_INET) { 3192 qapi_free_SocketAddress(addr); 3193 return NULL; 3194 } 3195 ret = g_strdup_printf("%s;%s", addr->u.inet->host, addr->u.inet->port); 3196 qapi_free_SocketAddress(addr); 3197 3198 return ret; 3199 } 3200 3201 static QemuOptsList qemu_vnc_opts = { 3202 .name = "vnc", 3203 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3204 .implied_opt_name = "vnc", 3205 .desc = { 3206 { 3207 .name = "vnc", 3208 .type = QEMU_OPT_STRING, 3209 },{ 3210 .name = "websocket", 3211 .type = QEMU_OPT_STRING, 3212 },{ 3213 .name = "tls-creds", 3214 .type = QEMU_OPT_STRING, 3215 },{ 3216 /* Deprecated in favour of tls-creds */ 3217 .name = "x509", 3218 .type = QEMU_OPT_STRING, 3219 },{ 3220 .name = "share", 3221 .type = QEMU_OPT_STRING, 3222 },{ 3223 .name = "display", 3224 .type = QEMU_OPT_STRING, 3225 },{ 3226 .name = "head", 3227 .type = QEMU_OPT_NUMBER, 3228 },{ 3229 .name = "connections", 3230 .type = QEMU_OPT_NUMBER, 3231 },{ 3232 .name = "to", 3233 .type = QEMU_OPT_NUMBER, 3234 },{ 3235 .name = "ipv4", 3236 .type = QEMU_OPT_BOOL, 3237 },{ 3238 .name = "ipv6", 3239 .type = QEMU_OPT_BOOL, 3240 },{ 3241 .name = "password", 3242 .type = QEMU_OPT_BOOL, 3243 },{ 3244 .name = "reverse", 3245 .type = QEMU_OPT_BOOL, 3246 },{ 3247 .name = "lock-key-sync", 3248 .type = QEMU_OPT_BOOL, 3249 },{ 3250 .name = "sasl", 3251 .type = QEMU_OPT_BOOL, 3252 },{ 3253 /* Deprecated in favour of tls-creds */ 3254 .name = "tls", 3255 .type = QEMU_OPT_BOOL, 3256 },{ 3257 /* Deprecated in favour of tls-creds */ 3258 .name = "x509verify", 3259 .type = QEMU_OPT_STRING, 3260 },{ 3261 .name = "acl", 3262 .type = QEMU_OPT_BOOL, 3263 },{ 3264 .name = "lossy", 3265 .type = QEMU_OPT_BOOL, 3266 },{ 3267 .name = "non-adaptive", 3268 .type = QEMU_OPT_BOOL, 3269 }, 3270 { /* end of list */ } 3271 }, 3272 }; 3273 3274 3275 static int 3276 vnc_display_setup_auth(VncDisplay *vs, 3277 bool password, 3278 bool sasl, 3279 bool websocket, 3280 Error **errp) 3281 { 3282 /* 3283 * We have a choice of 3 authentication options 3284 * 3285 * 1. none 3286 * 2. vnc 3287 * 3. sasl 3288 * 3289 * The channel can be run in 2 modes 3290 * 3291 * 1. clear 3292 * 2. tls 3293 * 3294 * And TLS can use 2 types of credentials 3295 * 3296 * 1. anon 3297 * 2. x509 3298 * 3299 * We thus have 9 possible logical combinations 3300 * 3301 * 1. clear + none 3302 * 2. clear + vnc 3303 * 3. clear + sasl 3304 * 4. tls + anon + none 3305 * 5. tls + anon + vnc 3306 * 6. tls + anon + sasl 3307 * 7. tls + x509 + none 3308 * 8. tls + x509 + vnc 3309 * 9. tls + x509 + sasl 3310 * 3311 * These need to be mapped into the VNC auth schemes 3312 * in an appropriate manner. In regular VNC, all the 3313 * TLS options get mapped into VNC_AUTH_VENCRYPT 3314 * sub-auth types. 3315 * 3316 * In websockets, the https:// protocol already provides 3317 * TLS support, so there is no need to make use of the 3318 * VeNCrypt extension. Furthermore, websockets browser 3319 * clients could not use VeNCrypt even if they wanted to, 3320 * as they cannot control when the TLS handshake takes 3321 * place. Thus there is no option but to rely on https://, 3322 * meaning combinations 4->6 and 7->9 will be mapped to 3323 * VNC auth schemes in the same way as combos 1->3. 3324 * 3325 * Regardless of fact that we have a different mapping to 3326 * VNC auth mechs for plain VNC vs websockets VNC, the end 3327 * result has the same security characteristics. 3328 */ 3329 if (password) { 3330 if (vs->tlscreds) { 3331 vs->auth = VNC_AUTH_VENCRYPT; 3332 if (websocket) { 3333 vs->ws_tls = true; 3334 } 3335 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3336 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3337 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3338 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3339 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3340 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3341 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3342 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3343 } else { 3344 error_setg(errp, 3345 "Unsupported TLS cred type %s", 3346 object_get_typename(OBJECT(vs->tlscreds))); 3347 return -1; 3348 } 3349 } else { 3350 VNC_DEBUG("Initializing VNC server with password auth\n"); 3351 vs->auth = VNC_AUTH_VNC; 3352 vs->subauth = VNC_AUTH_INVALID; 3353 } 3354 if (websocket) { 3355 vs->ws_auth = VNC_AUTH_VNC; 3356 } else { 3357 vs->ws_auth = VNC_AUTH_INVALID; 3358 } 3359 } else if (sasl) { 3360 if (vs->tlscreds) { 3361 vs->auth = VNC_AUTH_VENCRYPT; 3362 if (websocket) { 3363 vs->ws_tls = true; 3364 } 3365 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3366 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3367 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3368 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3369 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3370 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3371 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3372 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3373 } else { 3374 error_setg(errp, 3375 "Unsupported TLS cred type %s", 3376 object_get_typename(OBJECT(vs->tlscreds))); 3377 return -1; 3378 } 3379 } else { 3380 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3381 vs->auth = VNC_AUTH_SASL; 3382 vs->subauth = VNC_AUTH_INVALID; 3383 } 3384 if (websocket) { 3385 vs->ws_auth = VNC_AUTH_SASL; 3386 } else { 3387 vs->ws_auth = VNC_AUTH_INVALID; 3388 } 3389 } else { 3390 if (vs->tlscreds) { 3391 vs->auth = VNC_AUTH_VENCRYPT; 3392 if (websocket) { 3393 vs->ws_tls = true; 3394 } 3395 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3396 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3397 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3398 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3399 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3400 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3401 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3402 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3403 } else { 3404 error_setg(errp, 3405 "Unsupported TLS cred type %s", 3406 object_get_typename(OBJECT(vs->tlscreds))); 3407 return -1; 3408 } 3409 } else { 3410 VNC_DEBUG("Initializing VNC server with no auth\n"); 3411 vs->auth = VNC_AUTH_NONE; 3412 vs->subauth = VNC_AUTH_INVALID; 3413 } 3414 if (websocket) { 3415 vs->ws_auth = VNC_AUTH_NONE; 3416 } else { 3417 vs->ws_auth = VNC_AUTH_INVALID; 3418 } 3419 } 3420 return 0; 3421 } 3422 3423 3424 /* 3425 * Handle back compat with old CLI syntax by creating some 3426 * suitable QCryptoTLSCreds objects 3427 */ 3428 static QCryptoTLSCreds * 3429 vnc_display_create_creds(bool x509, 3430 bool x509verify, 3431 const char *dir, 3432 const char *id, 3433 Error **errp) 3434 { 3435 gchar *credsid = g_strdup_printf("tlsvnc%s", id); 3436 Object *parent = object_get_objects_root(); 3437 Object *creds; 3438 Error *err = NULL; 3439 3440 if (x509) { 3441 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509, 3442 parent, 3443 credsid, 3444 &err, 3445 "endpoint", "server", 3446 "dir", dir, 3447 "verify-peer", x509verify ? "yes" : "no", 3448 NULL); 3449 } else { 3450 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON, 3451 parent, 3452 credsid, 3453 &err, 3454 "endpoint", "server", 3455 NULL); 3456 } 3457 3458 g_free(credsid); 3459 3460 if (err) { 3461 error_propagate(errp, err); 3462 return NULL; 3463 } 3464 3465 return QCRYPTO_TLS_CREDS(creds); 3466 } 3467 3468 3469 void vnc_display_open(const char *id, Error **errp) 3470 { 3471 VncDisplay *vs = vnc_display_find(id); 3472 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3473 SocketAddress *saddr = NULL, *wsaddr = NULL; 3474 const char *share, *device_id; 3475 QemuConsole *con; 3476 bool password = false; 3477 bool reverse = false; 3478 const char *vnc; 3479 char *h; 3480 const char *credid; 3481 bool sasl = false; 3482 #ifdef CONFIG_VNC_SASL 3483 int saslErr; 3484 #endif 3485 int acl = 0; 3486 int lock_key_sync = 1; 3487 3488 if (!vs) { 3489 error_setg(errp, "VNC display not active"); 3490 return; 3491 } 3492 vnc_display_close(vs); 3493 3494 if (!opts) { 3495 return; 3496 } 3497 vnc = qemu_opt_get(opts, "vnc"); 3498 if (!vnc || strcmp(vnc, "none") == 0) { 3499 return; 3500 } 3501 3502 h = strrchr(vnc, ':'); 3503 if (h) { 3504 size_t hlen = h - vnc; 3505 3506 const char *websocket = qemu_opt_get(opts, "websocket"); 3507 int to = qemu_opt_get_number(opts, "to", 0); 3508 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3509 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3510 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3511 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3512 3513 saddr = g_new0(SocketAddress, 1); 3514 if (websocket) { 3515 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { 3516 error_setg(errp, 3517 "SHA1 hash support is required for websockets"); 3518 goto fail; 3519 } 3520 3521 wsaddr = g_new0(SocketAddress, 1); 3522 vs->ws_enabled = true; 3523 } 3524 3525 if (strncmp(vnc, "unix:", 5) == 0) { 3526 saddr->type = SOCKET_ADDRESS_KIND_UNIX; 3527 saddr->u.q_unix = g_new0(UnixSocketAddress, 1); 3528 saddr->u.q_unix->path = g_strdup(vnc + 5); 3529 3530 if (vs->ws_enabled) { 3531 error_setg(errp, "UNIX sockets not supported with websock"); 3532 goto fail; 3533 } 3534 } else { 3535 unsigned long long baseport; 3536 InetSocketAddress *inet; 3537 saddr->type = SOCKET_ADDRESS_KIND_INET; 3538 inet = saddr->u.inet = g_new0(InetSocketAddress, 1); 3539 if (vnc[0] == '[' && vnc[hlen - 1] == ']') { 3540 inet->host = g_strndup(vnc + 1, hlen - 2); 3541 } else { 3542 inet->host = g_strndup(vnc, hlen); 3543 } 3544 if (parse_uint_full(h + 1, &baseport, 10) < 0) { 3545 error_setg(errp, "can't convert to a number: %s", h + 1); 3546 goto fail; 3547 } 3548 if (baseport > 65535 || 3549 baseport + 5900 > 65535) { 3550 error_setg(errp, "port %s out of range", h + 1); 3551 goto fail; 3552 } 3553 inet->port = g_strdup_printf( 3554 "%d", (int)baseport + 5900); 3555 3556 if (to) { 3557 inet->has_to = true; 3558 inet->to = to + 5900; 3559 } 3560 inet->ipv4 = ipv4; 3561 inet->has_ipv4 = has_ipv4; 3562 inet->ipv6 = ipv6; 3563 inet->has_ipv6 = has_ipv6; 3564 3565 if (vs->ws_enabled) { 3566 wsaddr->type = SOCKET_ADDRESS_KIND_INET; 3567 inet = wsaddr->u.inet = g_new0(InetSocketAddress, 1); 3568 inet->host = g_strdup(saddr->u.inet->host); 3569 inet->port = g_strdup(websocket); 3570 3571 if (to) { 3572 inet->has_to = true; 3573 inet->to = to; 3574 } 3575 inet->ipv4 = ipv4; 3576 inet->has_ipv4 = has_ipv4; 3577 inet->ipv6 = ipv6; 3578 inet->has_ipv6 = has_ipv6; 3579 } 3580 } 3581 } else { 3582 error_setg(errp, "no vnc port specified"); 3583 goto fail; 3584 } 3585 3586 password = qemu_opt_get_bool(opts, "password", false); 3587 if (password) { 3588 if (fips_get_state()) { 3589 error_setg(errp, 3590 "VNC password auth disabled due to FIPS mode, " 3591 "consider using the VeNCrypt or SASL authentication " 3592 "methods as an alternative"); 3593 goto fail; 3594 } 3595 if (!qcrypto_cipher_supports( 3596 QCRYPTO_CIPHER_ALG_DES_RFB)) { 3597 error_setg(errp, 3598 "Cipher backend does not support DES RFB algorithm"); 3599 goto fail; 3600 } 3601 } 3602 3603 reverse = qemu_opt_get_bool(opts, "reverse", false); 3604 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3605 sasl = qemu_opt_get_bool(opts, "sasl", false); 3606 #ifndef CONFIG_VNC_SASL 3607 if (sasl) { 3608 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3609 goto fail; 3610 } 3611 #endif /* CONFIG_VNC_SASL */ 3612 credid = qemu_opt_get(opts, "tls-creds"); 3613 if (credid) { 3614 Object *creds; 3615 if (qemu_opt_get(opts, "tls") || 3616 qemu_opt_get(opts, "x509") || 3617 qemu_opt_get(opts, "x509verify")) { 3618 error_setg(errp, 3619 "'tls-creds' parameter is mutually exclusive with " 3620 "'tls', 'x509' and 'x509verify' parameters"); 3621 goto fail; 3622 } 3623 3624 creds = object_resolve_path_component( 3625 object_get_objects_root(), credid); 3626 if (!creds) { 3627 error_setg(errp, "No TLS credentials with id '%s'", 3628 credid); 3629 goto fail; 3630 } 3631 vs->tlscreds = (QCryptoTLSCreds *) 3632 object_dynamic_cast(creds, 3633 TYPE_QCRYPTO_TLS_CREDS); 3634 if (!vs->tlscreds) { 3635 error_setg(errp, "Object with id '%s' is not TLS credentials", 3636 credid); 3637 goto fail; 3638 } 3639 object_ref(OBJECT(vs->tlscreds)); 3640 3641 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 3642 error_setg(errp, 3643 "Expecting TLS credentials with a server endpoint"); 3644 goto fail; 3645 } 3646 } else { 3647 const char *path; 3648 bool tls = false, x509 = false, x509verify = false; 3649 tls = qemu_opt_get_bool(opts, "tls", false); 3650 if (tls) { 3651 path = qemu_opt_get(opts, "x509"); 3652 3653 if (path) { 3654 x509 = true; 3655 } else { 3656 path = qemu_opt_get(opts, "x509verify"); 3657 if (path) { 3658 x509 = true; 3659 x509verify = true; 3660 } 3661 } 3662 vs->tlscreds = vnc_display_create_creds(x509, 3663 x509verify, 3664 path, 3665 vs->id, 3666 errp); 3667 if (!vs->tlscreds) { 3668 goto fail; 3669 } 3670 } 3671 } 3672 acl = qemu_opt_get_bool(opts, "acl", false); 3673 3674 share = qemu_opt_get(opts, "share"); 3675 if (share) { 3676 if (strcmp(share, "ignore") == 0) { 3677 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3678 } else if (strcmp(share, "allow-exclusive") == 0) { 3679 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3680 } else if (strcmp(share, "force-shared") == 0) { 3681 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3682 } else { 3683 error_setg(errp, "unknown vnc share= option"); 3684 goto fail; 3685 } 3686 } else { 3687 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3688 } 3689 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3690 3691 #ifdef CONFIG_VNC_JPEG 3692 vs->lossy = qemu_opt_get_bool(opts, "lossy", false); 3693 #endif 3694 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3695 /* adaptive updates are only used with tight encoding and 3696 * if lossy updates are enabled so we can disable all the 3697 * calculations otherwise */ 3698 if (!vs->lossy) { 3699 vs->non_adaptive = true; 3700 } 3701 3702 if (acl) { 3703 if (strcmp(vs->id, "default") == 0) { 3704 vs->tlsaclname = g_strdup("vnc.x509dname"); 3705 } else { 3706 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id); 3707 } 3708 qemu_acl_init(vs->tlsaclname); 3709 } 3710 #ifdef CONFIG_VNC_SASL 3711 if (acl && sasl) { 3712 char *aclname; 3713 3714 if (strcmp(vs->id, "default") == 0) { 3715 aclname = g_strdup("vnc.username"); 3716 } else { 3717 aclname = g_strdup_printf("vnc.%s.username", vs->id); 3718 } 3719 vs->sasl.acl = qemu_acl_init(aclname); 3720 g_free(aclname); 3721 } 3722 #endif 3723 3724 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) { 3725 goto fail; 3726 } 3727 3728 #ifdef CONFIG_VNC_SASL 3729 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3730 error_setg(errp, "Failed to initialize SASL auth: %s", 3731 sasl_errstring(saslErr, NULL, NULL)); 3732 goto fail; 3733 } 3734 #endif 3735 vs->lock_key_sync = lock_key_sync; 3736 3737 device_id = qemu_opt_get(opts, "display"); 3738 if (device_id) { 3739 int head = qemu_opt_get_number(opts, "head", 0); 3740 Error *err = NULL; 3741 3742 con = qemu_console_lookup_by_device_name(device_id, head, &err); 3743 if (err) { 3744 error_propagate(errp, err); 3745 goto fail; 3746 } 3747 } else { 3748 con = NULL; 3749 } 3750 3751 if (con != vs->dcl.con) { 3752 unregister_displaychangelistener(&vs->dcl); 3753 vs->dcl.con = con; 3754 register_displaychangelistener(&vs->dcl); 3755 } 3756 3757 if (reverse) { 3758 /* connect to viewer */ 3759 QIOChannelSocket *sioc = NULL; 3760 vs->lsock = NULL; 3761 vs->lwebsock = NULL; 3762 if (vs->ws_enabled) { 3763 error_setg(errp, "Cannot use websockets in reverse mode"); 3764 goto fail; 3765 } 3766 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3767 sioc = qio_channel_socket_new(); 3768 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) { 3769 goto fail; 3770 } 3771 vnc_connect(vs, sioc, false, false); 3772 object_unref(OBJECT(sioc)); 3773 } else { 3774 vs->lsock = qio_channel_socket_new(); 3775 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) { 3776 goto fail; 3777 } 3778 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3779 vs->enabled = true; 3780 3781 if (vs->ws_enabled) { 3782 vs->lwebsock = qio_channel_socket_new(); 3783 if (qio_channel_socket_listen_sync(vs->lwebsock, 3784 wsaddr, errp) < 0) { 3785 object_unref(OBJECT(vs->lsock)); 3786 vs->lsock = NULL; 3787 goto fail; 3788 } 3789 } 3790 3791 vs->lsock_tag = qio_channel_add_watch( 3792 QIO_CHANNEL(vs->lsock), 3793 G_IO_IN, vnc_listen_io, vs, NULL); 3794 if (vs->ws_enabled) { 3795 vs->lwebsock_tag = qio_channel_add_watch( 3796 QIO_CHANNEL(vs->lwebsock), 3797 G_IO_IN, vnc_listen_io, vs, NULL); 3798 } 3799 } 3800 3801 qapi_free_SocketAddress(saddr); 3802 qapi_free_SocketAddress(wsaddr); 3803 return; 3804 3805 fail: 3806 qapi_free_SocketAddress(saddr); 3807 qapi_free_SocketAddress(wsaddr); 3808 vs->enabled = false; 3809 vs->ws_enabled = false; 3810 } 3811 3812 void vnc_display_add_client(const char *id, int csock, bool skipauth) 3813 { 3814 VncDisplay *vs = vnc_display_find(id); 3815 QIOChannelSocket *sioc; 3816 3817 if (!vs) { 3818 return; 3819 } 3820 3821 sioc = qio_channel_socket_new_fd(csock, NULL); 3822 if (sioc) { 3823 vnc_connect(vs, sioc, skipauth, false); 3824 object_unref(OBJECT(sioc)); 3825 } 3826 } 3827 3828 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 3829 { 3830 int i = 2; 3831 char *id; 3832 3833 id = g_strdup("default"); 3834 while (qemu_opts_find(olist, id)) { 3835 g_free(id); 3836 id = g_strdup_printf("vnc%d", i++); 3837 } 3838 qemu_opts_set_id(opts, id); 3839 } 3840 3841 QemuOpts *vnc_parse(const char *str, Error **errp) 3842 { 3843 QemuOptsList *olist = qemu_find_opts("vnc"); 3844 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 3845 const char *id; 3846 3847 if (!opts) { 3848 return NULL; 3849 } 3850 3851 id = qemu_opts_id(opts); 3852 if (!id) { 3853 /* auto-assign id if not present */ 3854 vnc_auto_assign_id(olist, opts); 3855 } 3856 return opts; 3857 } 3858 3859 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 3860 { 3861 Error *local_err = NULL; 3862 char *id = (char *)qemu_opts_id(opts); 3863 3864 assert(id); 3865 vnc_display_init(id); 3866 vnc_display_open(id, &local_err); 3867 if (local_err != NULL) { 3868 error_reportf_err(local_err, "Failed to start VNC server: "); 3869 exit(1); 3870 } 3871 return 0; 3872 } 3873 3874 static void vnc_register_config(void) 3875 { 3876 qemu_add_opts(&qemu_vnc_opts); 3877 } 3878 opts_init(vnc_register_config); 3879