1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev-core.h" 32 #include "system/system.h" 33 #include "system/runstate.h" 34 #include "qemu/error-report.h" 35 #include "qemu/main-loop.h" 36 #include "qemu/module.h" 37 #include "qemu/option.h" 38 #include "qemu/sockets.h" 39 #include "qemu/timer.h" 40 #include "authz/list.h" 41 #include "qemu/config-file.h" 42 #include "qapi/qapi-emit-events.h" 43 #include "qapi/qapi-events-ui.h" 44 #include "qapi/error.h" 45 #include "qapi/qapi-commands-ui.h" 46 #include "ui/input.h" 47 #include "crypto/hash.h" 48 #include "crypto/tlscreds.h" 49 #include "crypto/tlscredsanon.h" 50 #include "crypto/tlscredsx509.h" 51 #include "crypto/random.h" 52 #include "crypto/secret_common.h" 53 #include "qom/object_interfaces.h" 54 #include "qemu/cutils.h" 55 #include "qemu/help_option.h" 56 #include "io/dns-resolver.h" 57 #include "monitor/monitor.h" 58 59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 60 #define VNC_REFRESH_INTERVAL_INC 50 61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 64 65 #include "vnc_keysym.h" 66 #include "crypto/cipher.h" 67 68 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 69 QTAILQ_HEAD_INITIALIZER(vnc_displays); 70 71 static int vnc_cursor_define(VncState *vs); 72 static void vnc_update_throttle_offset(VncState *vs); 73 74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 75 { 76 #ifdef _VNC_DEBUG 77 static const char *mn[] = { 78 [0] = "undefined", 79 [VNC_SHARE_MODE_CONNECTING] = "connecting", 80 [VNC_SHARE_MODE_SHARED] = "shared", 81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 83 }; 84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 85 vs->ioc, mn[vs->share_mode], mn[mode]); 86 #endif 87 88 switch (vs->share_mode) { 89 case VNC_SHARE_MODE_CONNECTING: 90 vs->vd->num_connecting--; 91 break; 92 case VNC_SHARE_MODE_SHARED: 93 vs->vd->num_shared--; 94 break; 95 case VNC_SHARE_MODE_EXCLUSIVE: 96 vs->vd->num_exclusive--; 97 break; 98 default: 99 break; 100 } 101 102 vs->share_mode = mode; 103 104 switch (vs->share_mode) { 105 case VNC_SHARE_MODE_CONNECTING: 106 vs->vd->num_connecting++; 107 break; 108 case VNC_SHARE_MODE_SHARED: 109 vs->vd->num_shared++; 110 break; 111 case VNC_SHARE_MODE_EXCLUSIVE: 112 vs->vd->num_exclusive++; 113 break; 114 default: 115 break; 116 } 117 } 118 119 120 static void vnc_init_basic_info(SocketAddress *addr, 121 VncBasicInfo *info, 122 Error **errp) 123 { 124 switch (addr->type) { 125 case SOCKET_ADDRESS_TYPE_INET: 126 info->host = g_strdup(addr->u.inet.host); 127 info->service = g_strdup(addr->u.inet.port); 128 if (addr->u.inet.ipv6) { 129 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 130 } else { 131 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 132 } 133 break; 134 135 case SOCKET_ADDRESS_TYPE_UNIX: 136 info->host = g_strdup(""); 137 info->service = g_strdup(addr->u.q_unix.path); 138 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 139 break; 140 141 case SOCKET_ADDRESS_TYPE_VSOCK: 142 case SOCKET_ADDRESS_TYPE_FD: 143 error_setg(errp, "Unsupported socket address type %s", 144 SocketAddressType_str(addr->type)); 145 break; 146 default: 147 abort(); 148 } 149 } 150 151 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 152 VncBasicInfo *info, 153 Error **errp) 154 { 155 SocketAddress *addr = NULL; 156 157 if (!ioc) { 158 error_setg(errp, "No listener socket available"); 159 return; 160 } 161 162 addr = qio_channel_socket_get_local_address(ioc, errp); 163 if (!addr) { 164 return; 165 } 166 167 vnc_init_basic_info(addr, info, errp); 168 qapi_free_SocketAddress(addr); 169 } 170 171 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 172 VncBasicInfo *info, 173 Error **errp) 174 { 175 SocketAddress *addr = NULL; 176 177 addr = qio_channel_socket_get_remote_address(ioc, errp); 178 if (!addr) { 179 return; 180 } 181 182 vnc_init_basic_info(addr, info, errp); 183 qapi_free_SocketAddress(addr); 184 } 185 186 static const char *vnc_auth_name(VncDisplay *vd) { 187 switch (vd->auth) { 188 case VNC_AUTH_INVALID: 189 return "invalid"; 190 case VNC_AUTH_NONE: 191 return "none"; 192 case VNC_AUTH_VNC: 193 return "vnc"; 194 case VNC_AUTH_RA2: 195 return "ra2"; 196 case VNC_AUTH_RA2NE: 197 return "ra2ne"; 198 case VNC_AUTH_TIGHT: 199 return "tight"; 200 case VNC_AUTH_ULTRA: 201 return "ultra"; 202 case VNC_AUTH_TLS: 203 return "tls"; 204 case VNC_AUTH_VENCRYPT: 205 switch (vd->subauth) { 206 case VNC_AUTH_VENCRYPT_PLAIN: 207 return "vencrypt+plain"; 208 case VNC_AUTH_VENCRYPT_TLSNONE: 209 return "vencrypt+tls+none"; 210 case VNC_AUTH_VENCRYPT_TLSVNC: 211 return "vencrypt+tls+vnc"; 212 case VNC_AUTH_VENCRYPT_TLSPLAIN: 213 return "vencrypt+tls+plain"; 214 case VNC_AUTH_VENCRYPT_X509NONE: 215 return "vencrypt+x509+none"; 216 case VNC_AUTH_VENCRYPT_X509VNC: 217 return "vencrypt+x509+vnc"; 218 case VNC_AUTH_VENCRYPT_X509PLAIN: 219 return "vencrypt+x509+plain"; 220 case VNC_AUTH_VENCRYPT_TLSSASL: 221 return "vencrypt+tls+sasl"; 222 case VNC_AUTH_VENCRYPT_X509SASL: 223 return "vencrypt+x509+sasl"; 224 default: 225 return "vencrypt"; 226 } 227 case VNC_AUTH_SASL: 228 return "sasl"; 229 } 230 return "unknown"; 231 } 232 233 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 234 { 235 VncServerInfo *info; 236 Error *err = NULL; 237 238 if (!vd->listener || !vd->listener->nsioc) { 239 return NULL; 240 } 241 242 info = g_malloc0(sizeof(*info)); 243 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0], 244 qapi_VncServerInfo_base(info), &err); 245 info->auth = g_strdup(vnc_auth_name(vd)); 246 if (err) { 247 qapi_free_VncServerInfo(info); 248 info = NULL; 249 error_free(err); 250 } 251 return info; 252 } 253 254 static void vnc_client_cache_auth(VncState *client) 255 { 256 if (!client->info) { 257 return; 258 } 259 260 if (client->tls) { 261 client->info->x509_dname = 262 qcrypto_tls_session_get_peer_name(client->tls); 263 } 264 #ifdef CONFIG_VNC_SASL 265 if (client->sasl.conn && 266 client->sasl.username) { 267 client->info->sasl_username = g_strdup(client->sasl.username); 268 } 269 #endif 270 } 271 272 static void vnc_client_cache_addr(VncState *client) 273 { 274 Error *err = NULL; 275 276 client->info = g_malloc0(sizeof(*client->info)); 277 vnc_init_basic_info_from_remote_addr(client->sioc, 278 qapi_VncClientInfo_base(client->info), 279 &err); 280 client->info->websocket = client->websocket; 281 if (err) { 282 qapi_free_VncClientInfo(client->info); 283 client->info = NULL; 284 error_free(err); 285 } 286 } 287 288 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 289 { 290 VncServerInfo *si; 291 292 if (!vs->info) { 293 return; 294 } 295 296 si = vnc_server_info_get(vs->vd); 297 if (!si) { 298 return; 299 } 300 301 switch (event) { 302 case QAPI_EVENT_VNC_CONNECTED: 303 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info)); 304 break; 305 case QAPI_EVENT_VNC_INITIALIZED: 306 qapi_event_send_vnc_initialized(si, vs->info); 307 break; 308 case QAPI_EVENT_VNC_DISCONNECTED: 309 qapi_event_send_vnc_disconnected(si, vs->info); 310 break; 311 default: 312 break; 313 } 314 315 qapi_free_VncServerInfo(si); 316 } 317 318 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 319 { 320 VncClientInfo *info; 321 Error *err = NULL; 322 323 info = g_malloc0(sizeof(*info)); 324 325 vnc_init_basic_info_from_remote_addr(client->sioc, 326 qapi_VncClientInfo_base(info), 327 &err); 328 if (err) { 329 error_free(err); 330 qapi_free_VncClientInfo(info); 331 return NULL; 332 } 333 334 info->websocket = client->websocket; 335 336 if (client->tls) { 337 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 338 } 339 #ifdef CONFIG_VNC_SASL 340 if (client->sasl.conn && client->sasl.username) { 341 info->sasl_username = g_strdup(client->sasl.username); 342 } 343 #endif 344 345 return info; 346 } 347 348 static VncDisplay *vnc_display_find(const char *id) 349 { 350 VncDisplay *vd; 351 352 if (id == NULL) { 353 return QTAILQ_FIRST(&vnc_displays); 354 } 355 QTAILQ_FOREACH(vd, &vnc_displays, next) { 356 if (strcmp(id, vd->id) == 0) { 357 return vd; 358 } 359 } 360 return NULL; 361 } 362 363 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 364 { 365 VncClientInfoList *prev = NULL; 366 VncState *client; 367 368 QTAILQ_FOREACH(client, &vd->clients, next) { 369 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client)); 370 } 371 return prev; 372 } 373 374 VncInfo *qmp_query_vnc(Error **errp) 375 { 376 VncInfo *info = g_malloc0(sizeof(*info)); 377 VncDisplay *vd = vnc_display_find(NULL); 378 SocketAddress *addr = NULL; 379 380 if (vd == NULL || !vd->listener || !vd->listener->nsioc) { 381 info->enabled = false; 382 } else { 383 info->enabled = true; 384 385 /* for compatibility with the original command */ 386 info->has_clients = true; 387 info->clients = qmp_query_client_list(vd); 388 389 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], 390 errp); 391 if (!addr) { 392 goto out_error; 393 } 394 395 switch (addr->type) { 396 case SOCKET_ADDRESS_TYPE_INET: 397 info->host = g_strdup(addr->u.inet.host); 398 info->service = g_strdup(addr->u.inet.port); 399 if (addr->u.inet.ipv6) { 400 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 401 } else { 402 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 403 } 404 break; 405 406 case SOCKET_ADDRESS_TYPE_UNIX: 407 info->host = g_strdup(""); 408 info->service = g_strdup(addr->u.q_unix.path); 409 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 410 break; 411 412 case SOCKET_ADDRESS_TYPE_VSOCK: 413 case SOCKET_ADDRESS_TYPE_FD: 414 error_setg(errp, "Unsupported socket address type %s", 415 SocketAddressType_str(addr->type)); 416 goto out_error; 417 default: 418 abort(); 419 } 420 421 info->has_family = true; 422 423 info->auth = g_strdup(vnc_auth_name(vd)); 424 } 425 426 qapi_free_SocketAddress(addr); 427 return info; 428 429 out_error: 430 qapi_free_SocketAddress(addr); 431 qapi_free_VncInfo(info); 432 return NULL; 433 } 434 435 436 static void qmp_query_auth(int auth, int subauth, 437 VncPrimaryAuth *qmp_auth, 438 VncVencryptSubAuth *qmp_vencrypt, 439 bool *qmp_has_vencrypt); 440 441 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc, 442 bool websocket, 443 int auth, 444 int subauth, 445 VncServerInfo2List *prev) 446 { 447 VncServerInfo2 *info; 448 Error *err = NULL; 449 SocketAddress *addr; 450 451 addr = qio_channel_socket_get_local_address(ioc, NULL); 452 if (!addr) { 453 return prev; 454 } 455 456 info = g_new0(VncServerInfo2, 1); 457 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err); 458 qapi_free_SocketAddress(addr); 459 if (err) { 460 qapi_free_VncServerInfo2(info); 461 error_free(err); 462 return prev; 463 } 464 info->websocket = websocket; 465 466 qmp_query_auth(auth, subauth, &info->auth, 467 &info->vencrypt, &info->has_vencrypt); 468 469 QAPI_LIST_PREPEND(prev, info); 470 return prev; 471 } 472 473 static void qmp_query_auth(int auth, int subauth, 474 VncPrimaryAuth *qmp_auth, 475 VncVencryptSubAuth *qmp_vencrypt, 476 bool *qmp_has_vencrypt) 477 { 478 switch (auth) { 479 case VNC_AUTH_VNC: 480 *qmp_auth = VNC_PRIMARY_AUTH_VNC; 481 break; 482 case VNC_AUTH_RA2: 483 *qmp_auth = VNC_PRIMARY_AUTH_RA2; 484 break; 485 case VNC_AUTH_RA2NE: 486 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE; 487 break; 488 case VNC_AUTH_TIGHT: 489 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT; 490 break; 491 case VNC_AUTH_ULTRA: 492 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA; 493 break; 494 case VNC_AUTH_TLS: 495 *qmp_auth = VNC_PRIMARY_AUTH_TLS; 496 break; 497 case VNC_AUTH_VENCRYPT: 498 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT; 499 *qmp_has_vencrypt = true; 500 switch (subauth) { 501 case VNC_AUTH_VENCRYPT_PLAIN: 502 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 503 break; 504 case VNC_AUTH_VENCRYPT_TLSNONE: 505 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 506 break; 507 case VNC_AUTH_VENCRYPT_TLSVNC: 508 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 509 break; 510 case VNC_AUTH_VENCRYPT_TLSPLAIN: 511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 512 break; 513 case VNC_AUTH_VENCRYPT_X509NONE: 514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 515 break; 516 case VNC_AUTH_VENCRYPT_X509VNC: 517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 518 break; 519 case VNC_AUTH_VENCRYPT_X509PLAIN: 520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 521 break; 522 case VNC_AUTH_VENCRYPT_TLSSASL: 523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 524 break; 525 case VNC_AUTH_VENCRYPT_X509SASL: 526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 527 break; 528 default: 529 *qmp_has_vencrypt = false; 530 break; 531 } 532 break; 533 case VNC_AUTH_SASL: 534 *qmp_auth = VNC_PRIMARY_AUTH_SASL; 535 break; 536 case VNC_AUTH_NONE: 537 default: 538 *qmp_auth = VNC_PRIMARY_AUTH_NONE; 539 break; 540 } 541 } 542 543 VncInfo2List *qmp_query_vnc_servers(Error **errp) 544 { 545 VncInfo2List *prev = NULL; 546 VncInfo2 *info; 547 VncDisplay *vd; 548 DeviceState *dev; 549 size_t i; 550 551 QTAILQ_FOREACH(vd, &vnc_displays, next) { 552 info = g_new0(VncInfo2, 1); 553 info->id = g_strdup(vd->id); 554 info->clients = qmp_query_client_list(vd); 555 qmp_query_auth(vd->auth, vd->subauth, &info->auth, 556 &info->vencrypt, &info->has_vencrypt); 557 if (vd->dcl.con) { 558 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 559 "device", &error_abort)); 560 info->display = g_strdup(dev->id); 561 } 562 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) { 563 info->server = qmp_query_server_entry( 564 vd->listener->sioc[i], false, vd->auth, vd->subauth, 565 info->server); 566 } 567 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) { 568 info->server = qmp_query_server_entry( 569 vd->wslistener->sioc[i], true, vd->ws_auth, 570 vd->ws_subauth, info->server); 571 } 572 573 QAPI_LIST_PREPEND(prev, info); 574 } 575 return prev; 576 } 577 578 bool vnc_display_reload_certs(const char *id, Error **errp) 579 { 580 VncDisplay *vd = vnc_display_find(id); 581 QCryptoTLSCredsClass *creds = NULL; 582 583 if (!vd) { 584 error_setg(errp, "Can not find vnc display"); 585 return false; 586 } 587 588 if (!vd->tlscreds) { 589 error_setg(errp, "vnc tls is not enabled"); 590 return false; 591 } 592 593 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds)); 594 if (creds->reload == NULL) { 595 error_setg(errp, "%s doesn't support to reload TLS credential", 596 object_get_typename(OBJECT(vd->tlscreds))); 597 return false; 598 } 599 if (!creds->reload(vd->tlscreds, errp)) { 600 return false; 601 } 602 603 return true; 604 } 605 606 /* TODO 607 1) Get the queue working for IO. 608 2) there is some weirdness when using the -S option (the screen is grey 609 and not totally invalidated 610 3) resolutions > 1024 611 */ 612 613 static int vnc_update_client(VncState *vs, int has_dirty); 614 static void vnc_disconnect_start(VncState *vs); 615 616 static void vnc_colordepth(VncState *vs); 617 static void framebuffer_update_request(VncState *vs, int incremental, 618 int x_position, int y_position, 619 int w, int h); 620 static void vnc_refresh(DisplayChangeListener *dcl); 621 static int vnc_refresh_server_surface(VncDisplay *vd); 622 623 static int vnc_width(VncDisplay *vd) 624 { 625 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 626 VNC_DIRTY_PIXELS_PER_BIT)); 627 } 628 629 static int vnc_true_width(VncDisplay *vd) 630 { 631 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds)); 632 } 633 634 static int vnc_height(VncDisplay *vd) 635 { 636 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 637 } 638 639 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 640 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 641 VncDisplay *vd, 642 int x, int y, int w, int h) 643 { 644 int width = vnc_width(vd); 645 int height = vnc_height(vd); 646 647 /* this is needed this to ensure we updated all affected 648 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 649 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 650 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 651 652 x = MIN(x, width); 653 y = MIN(y, height); 654 w = MIN(x + w, width) - x; 655 h = MIN(y + h, height); 656 657 for (; y < h; y++) { 658 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 659 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 660 } 661 } 662 663 static void vnc_dpy_update(DisplayChangeListener *dcl, 664 int x, int y, int w, int h) 665 { 666 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 667 struct VncSurface *s = &vd->guest; 668 669 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 670 } 671 672 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 673 int32_t encoding) 674 { 675 vnc_write_u16(vs, x); 676 vnc_write_u16(vs, y); 677 vnc_write_u16(vs, w); 678 vnc_write_u16(vs, h); 679 680 vnc_write_s32(vs, encoding); 681 } 682 683 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason) 684 { 685 trace_vnc_msg_server_ext_desktop_resize( 686 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason); 687 688 vnc_lock_output(vs); 689 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 690 vnc_write_u8(vs, 0); 691 vnc_write_u16(vs, 1); /* number of rects */ 692 vnc_framebuffer_update(vs, 693 reject_reason ? 1 : 0, 694 reject_reason, 695 vs->client_width, vs->client_height, 696 VNC_ENCODING_DESKTOP_RESIZE_EXT); 697 vnc_write_u8(vs, 1); /* number of screens */ 698 vnc_write_u8(vs, 0); /* padding */ 699 vnc_write_u8(vs, 0); /* padding */ 700 vnc_write_u8(vs, 0); /* padding */ 701 vnc_write_u32(vs, 0); /* screen id */ 702 vnc_write_u16(vs, 0); /* screen x-pos */ 703 vnc_write_u16(vs, 0); /* screen y-pos */ 704 vnc_write_u16(vs, vs->client_width); 705 vnc_write_u16(vs, vs->client_height); 706 vnc_write_u32(vs, 0); /* screen flags */ 707 vnc_unlock_output(vs); 708 vnc_flush(vs); 709 } 710 711 static void vnc_desktop_resize(VncState *vs) 712 { 713 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) && 714 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) { 715 return; 716 } 717 if (vs->client_width == vs->vd->true_width && 718 vs->client_height == pixman_image_get_height(vs->vd->server)) { 719 return; 720 } 721 722 assert(vs->vd->true_width < 65536 && 723 vs->vd->true_width >= 0); 724 assert(pixman_image_get_height(vs->vd->server) < 65536 && 725 pixman_image_get_height(vs->vd->server) >= 0); 726 vs->client_width = vs->vd->true_width; 727 vs->client_height = pixman_image_get_height(vs->vd->server); 728 729 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 730 vnc_desktop_resize_ext(vs, 0); 731 return; 732 } 733 734 trace_vnc_msg_server_desktop_resize( 735 vs, vs->ioc, vs->client_width, vs->client_height); 736 737 vnc_lock_output(vs); 738 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 739 vnc_write_u8(vs, 0); 740 vnc_write_u16(vs, 1); /* number of rects */ 741 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 742 VNC_ENCODING_DESKTOPRESIZE); 743 vnc_unlock_output(vs); 744 vnc_flush(vs); 745 } 746 747 static void vnc_abort_display_jobs(VncDisplay *vd) 748 { 749 VncState *vs; 750 751 QTAILQ_FOREACH(vs, &vd->clients, next) { 752 vnc_lock_output(vs); 753 vs->abort = true; 754 vnc_unlock_output(vs); 755 } 756 QTAILQ_FOREACH(vs, &vd->clients, next) { 757 vnc_jobs_join(vs); 758 } 759 QTAILQ_FOREACH(vs, &vd->clients, next) { 760 vnc_lock_output(vs); 761 if (vs->update == VNC_STATE_UPDATE_NONE && 762 vs->job_update != VNC_STATE_UPDATE_NONE) { 763 /* job aborted before completion */ 764 vs->update = vs->job_update; 765 vs->job_update = VNC_STATE_UPDATE_NONE; 766 } 767 vs->abort = false; 768 vnc_unlock_output(vs); 769 } 770 } 771 772 int vnc_server_fb_stride(VncDisplay *vd) 773 { 774 return pixman_image_get_stride(vd->server); 775 } 776 777 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 778 { 779 uint8_t *ptr; 780 781 ptr = (uint8_t *)pixman_image_get_data(vd->server); 782 ptr += y * vnc_server_fb_stride(vd); 783 ptr += x * VNC_SERVER_FB_BYTES; 784 return ptr; 785 } 786 787 static void vnc_update_server_surface(VncDisplay *vd) 788 { 789 int width, height; 790 791 qemu_pixman_image_unref(vd->server); 792 vd->server = NULL; 793 794 if (QTAILQ_EMPTY(&vd->clients)) { 795 return; 796 } 797 798 width = vnc_width(vd); 799 height = vnc_height(vd); 800 vd->true_width = vnc_true_width(vd); 801 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 802 width, height, 803 NULL, 0); 804 805 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 806 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 807 width, height); 808 } 809 810 static bool vnc_check_pageflip(DisplaySurface *s1, 811 DisplaySurface *s2) 812 { 813 return (s1 != NULL && 814 s2 != NULL && 815 surface_width(s1) == surface_width(s2) && 816 surface_height(s1) == surface_height(s2) && 817 surface_format(s1) == surface_format(s2)); 818 819 } 820 821 static void vnc_dpy_switch(DisplayChangeListener *dcl, 822 DisplaySurface *surface) 823 { 824 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 825 bool pageflip = vnc_check_pageflip(vd->ds, surface); 826 VncState *vs; 827 828 vnc_abort_display_jobs(vd); 829 vd->ds = surface; 830 831 /* guest surface */ 832 qemu_pixman_image_unref(vd->guest.fb); 833 vd->guest.fb = pixman_image_ref(surface->image); 834 vd->guest.format = surface_format(surface); 835 836 837 if (pageflip) { 838 trace_vnc_server_dpy_pageflip(vd, 839 surface_width(surface), 840 surface_height(surface), 841 surface_format(surface)); 842 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 843 surface_width(surface), 844 surface_height(surface)); 845 return; 846 } 847 848 trace_vnc_server_dpy_recreate(vd, 849 surface_width(surface), 850 surface_height(surface), 851 surface_format(surface)); 852 /* server surface */ 853 vnc_update_server_surface(vd); 854 855 QTAILQ_FOREACH(vs, &vd->clients, next) { 856 vnc_colordepth(vs); 857 vnc_desktop_resize(vs); 858 vnc_cursor_define(vs); 859 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 860 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 861 vnc_width(vd), 862 vnc_height(vd)); 863 vnc_update_throttle_offset(vs); 864 } 865 } 866 867 /* fastest code */ 868 static void vnc_write_pixels_copy(VncState *vs, 869 void *pixels, int size) 870 { 871 vnc_write(vs, pixels, size); 872 } 873 874 /* slowest but generic code. */ 875 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 876 { 877 uint8_t r, g, b; 878 879 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 880 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 881 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 882 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 883 #else 884 # error need some bits here if you change VNC_SERVER_FB_FORMAT 885 #endif 886 v = (r << vs->client_pf.rshift) | 887 (g << vs->client_pf.gshift) | 888 (b << vs->client_pf.bshift); 889 switch (vs->client_pf.bytes_per_pixel) { 890 case 1: 891 buf[0] = v; 892 break; 893 case 2: 894 if (vs->client_be) { 895 buf[0] = v >> 8; 896 buf[1] = v; 897 } else { 898 buf[1] = v >> 8; 899 buf[0] = v; 900 } 901 break; 902 default: 903 case 4: 904 if (vs->client_be) { 905 buf[0] = v >> 24; 906 buf[1] = v >> 16; 907 buf[2] = v >> 8; 908 buf[3] = v; 909 } else { 910 buf[3] = v >> 24; 911 buf[2] = v >> 16; 912 buf[1] = v >> 8; 913 buf[0] = v; 914 } 915 break; 916 } 917 } 918 919 static void vnc_write_pixels_generic(VncState *vs, 920 void *pixels1, int size) 921 { 922 uint8_t buf[4]; 923 924 if (VNC_SERVER_FB_BYTES == 4) { 925 uint32_t *pixels = pixels1; 926 int n, i; 927 n = size >> 2; 928 for (i = 0; i < n; i++) { 929 vnc_convert_pixel(vs, buf, pixels[i]); 930 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 931 } 932 } 933 } 934 935 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 936 { 937 int i; 938 uint8_t *row; 939 VncDisplay *vd = vs->vd; 940 941 row = vnc_server_fb_ptr(vd, x, y); 942 for (i = 0; i < h; i++) { 943 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 944 row += vnc_server_fb_stride(vd); 945 } 946 return 1; 947 } 948 949 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 950 { 951 int n = 0; 952 953 switch(vs->vnc_encoding) { 954 case VNC_ENCODING_ZLIB: 955 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 956 break; 957 case VNC_ENCODING_HEXTILE: 958 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 959 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 960 break; 961 case VNC_ENCODING_TIGHT: 962 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 963 break; 964 case VNC_ENCODING_TIGHT_PNG: 965 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 966 break; 967 case VNC_ENCODING_ZRLE: 968 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 969 break; 970 case VNC_ENCODING_ZYWRLE: 971 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 972 break; 973 default: 974 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 975 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 976 break; 977 } 978 return n; 979 } 980 981 static void vnc_mouse_set(DisplayChangeListener *dcl, 982 int x, int y, bool visible) 983 { 984 /* can we ask the client(s) to move the pointer ??? */ 985 } 986 987 static int vnc_cursor_define(VncState *vs) 988 { 989 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con); 990 int isize; 991 992 if (!c) { 993 return -1; 994 } 995 996 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) { 997 vnc_lock_output(vs); 998 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 999 vnc_write_u8(vs, 0); /* padding */ 1000 vnc_write_u16(vs, 1); /* # of rects */ 1001 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1002 VNC_ENCODING_ALPHA_CURSOR); 1003 vnc_write_s32(vs, VNC_ENCODING_RAW); 1004 vnc_write(vs, c->data, c->width * c->height * 4); 1005 vnc_unlock_output(vs); 1006 return 0; 1007 } 1008 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 1009 vnc_lock_output(vs); 1010 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1011 vnc_write_u8(vs, 0); /* padding */ 1012 vnc_write_u16(vs, 1); /* # of rects */ 1013 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1014 VNC_ENCODING_RICH_CURSOR); 1015 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 1016 vnc_write_pixels_generic(vs, c->data, isize); 1017 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 1018 vnc_unlock_output(vs); 1019 return 0; 1020 } 1021 return -1; 1022 } 1023 1024 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 1025 QEMUCursor *c) 1026 { 1027 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 1028 VncState *vs; 1029 1030 g_free(vd->cursor_mask); 1031 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1032 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1033 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1034 1035 QTAILQ_FOREACH(vs, &vd->clients, next) { 1036 vnc_cursor_define(vs); 1037 } 1038 } 1039 1040 static int find_and_clear_dirty_height(VncState *vs, 1041 int y, int last_x, int x, int height) 1042 { 1043 int h; 1044 1045 for (h = 1; h < (height - y); h++) { 1046 if (!test_bit(last_x, vs->dirty[y + h])) { 1047 break; 1048 } 1049 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1050 } 1051 1052 return h; 1053 } 1054 1055 /* 1056 * Figure out how much pending data we should allow in the output 1057 * buffer before we throttle incremental display updates, and/or 1058 * drop audio samples. 1059 * 1060 * We allow for equiv of 1 full display's worth of FB updates, 1061 * and 1 second of audio samples. If audio backlog was larger 1062 * than that the client would already suffering awful audio 1063 * glitches, so dropping samples is no worse really). 1064 */ 1065 static void vnc_update_throttle_offset(VncState *vs) 1066 { 1067 size_t offset = 1068 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel; 1069 1070 if (vs->audio_cap) { 1071 int bps; 1072 switch (vs->as.fmt) { 1073 default: 1074 case AUDIO_FORMAT_U8: 1075 case AUDIO_FORMAT_S8: 1076 bps = 1; 1077 break; 1078 case AUDIO_FORMAT_U16: 1079 case AUDIO_FORMAT_S16: 1080 bps = 2; 1081 break; 1082 case AUDIO_FORMAT_U32: 1083 case AUDIO_FORMAT_S32: 1084 bps = 4; 1085 break; 1086 } 1087 offset += vs->as.freq * bps * vs->as.nchannels; 1088 } 1089 1090 /* Put a floor of 1MB on offset, so that if we have a large pending 1091 * buffer and the display is resized to a small size & back again 1092 * we don't suddenly apply a tiny send limit 1093 */ 1094 offset = MAX(offset, 1024 * 1024); 1095 1096 if (vs->throttle_output_offset != offset) { 1097 trace_vnc_client_throttle_threshold( 1098 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width, 1099 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap); 1100 } 1101 1102 vs->throttle_output_offset = offset; 1103 } 1104 1105 static bool vnc_should_update(VncState *vs) 1106 { 1107 switch (vs->update) { 1108 case VNC_STATE_UPDATE_NONE: 1109 break; 1110 case VNC_STATE_UPDATE_INCREMENTAL: 1111 /* Only allow incremental updates if the pending send queue 1112 * is less than the permitted threshold, and the job worker 1113 * is completely idle. 1114 */ 1115 if (vs->output.offset < vs->throttle_output_offset && 1116 vs->job_update == VNC_STATE_UPDATE_NONE) { 1117 return true; 1118 } 1119 trace_vnc_client_throttle_incremental( 1120 vs, vs->ioc, vs->job_update, vs->output.offset); 1121 break; 1122 case VNC_STATE_UPDATE_FORCE: 1123 /* Only allow forced updates if the pending send queue 1124 * does not contain a previous forced update, and the 1125 * job worker is completely idle. 1126 * 1127 * Note this means we'll queue a forced update, even if 1128 * the output buffer size is otherwise over the throttle 1129 * output limit. 1130 */ 1131 if (vs->force_update_offset == 0 && 1132 vs->job_update == VNC_STATE_UPDATE_NONE) { 1133 return true; 1134 } 1135 trace_vnc_client_throttle_forced( 1136 vs, vs->ioc, vs->job_update, vs->force_update_offset); 1137 break; 1138 } 1139 return false; 1140 } 1141 1142 static int vnc_update_client(VncState *vs, int has_dirty) 1143 { 1144 VncDisplay *vd = vs->vd; 1145 VncJob *job; 1146 int y; 1147 int height, width; 1148 int n = 0; 1149 1150 if (vs->disconnecting) { 1151 vnc_disconnect_finish(vs); 1152 return 0; 1153 } 1154 1155 vs->has_dirty += has_dirty; 1156 if (!vnc_should_update(vs)) { 1157 return 0; 1158 } 1159 1160 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) { 1161 return 0; 1162 } 1163 1164 /* 1165 * Send screen updates to the vnc client using the server 1166 * surface and server dirty map. guest surface updates 1167 * happening in parallel don't disturb us, the next pass will 1168 * send them to the client. 1169 */ 1170 job = vnc_job_new(vs); 1171 1172 height = pixman_image_get_height(vd->server); 1173 width = pixman_image_get_width(vd->server); 1174 1175 y = 0; 1176 for (;;) { 1177 int x, h; 1178 unsigned long x2; 1179 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1180 height * VNC_DIRTY_BPL(vs), 1181 y * VNC_DIRTY_BPL(vs)); 1182 if (offset == height * VNC_DIRTY_BPL(vs)) { 1183 /* no more dirty bits */ 1184 break; 1185 } 1186 y = offset / VNC_DIRTY_BPL(vs); 1187 x = offset % VNC_DIRTY_BPL(vs); 1188 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1189 VNC_DIRTY_BPL(vs), x); 1190 bitmap_clear(vs->dirty[y], x, x2 - x); 1191 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1192 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1193 if (x2 > x) { 1194 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1195 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1196 } 1197 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1198 y += h; 1199 if (y == height) { 1200 break; 1201 } 1202 } 1203 } 1204 1205 vs->job_update = vs->update; 1206 vs->update = VNC_STATE_UPDATE_NONE; 1207 vnc_job_push(job); 1208 vs->has_dirty = 0; 1209 return n; 1210 } 1211 1212 /* audio */ 1213 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1214 { 1215 VncState *vs = opaque; 1216 1217 assert(vs->magic == VNC_MAGIC); 1218 switch (cmd) { 1219 case AUD_CNOTIFY_DISABLE: 1220 trace_vnc_msg_server_audio_end(vs, vs->ioc); 1221 vnc_lock_output(vs); 1222 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1223 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1224 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1225 vnc_unlock_output(vs); 1226 vnc_flush(vs); 1227 break; 1228 1229 case AUD_CNOTIFY_ENABLE: 1230 trace_vnc_msg_server_audio_begin(vs, vs->ioc); 1231 vnc_lock_output(vs); 1232 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1233 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1234 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1235 vnc_unlock_output(vs); 1236 vnc_flush(vs); 1237 break; 1238 } 1239 } 1240 1241 static void audio_capture_destroy(void *opaque) 1242 { 1243 } 1244 1245 static void audio_capture(void *opaque, const void *buf, int size) 1246 { 1247 VncState *vs = opaque; 1248 1249 assert(vs->magic == VNC_MAGIC); 1250 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size); 1251 vnc_lock_output(vs); 1252 if (vs->output.offset < vs->throttle_output_offset) { 1253 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1254 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1255 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1256 vnc_write_u32(vs, size); 1257 vnc_write(vs, buf, size); 1258 } else { 1259 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset); 1260 } 1261 vnc_unlock_output(vs); 1262 vnc_flush(vs); 1263 } 1264 1265 static void audio_add(VncState *vs) 1266 { 1267 struct audio_capture_ops ops; 1268 1269 if (vs->audio_cap) { 1270 error_report("audio already running"); 1271 return; 1272 } 1273 1274 ops.notify = audio_capture_notify; 1275 ops.destroy = audio_capture_destroy; 1276 ops.capture = audio_capture; 1277 1278 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs); 1279 if (!vs->audio_cap) { 1280 error_report("Failed to add audio capture"); 1281 } 1282 } 1283 1284 static void audio_del(VncState *vs) 1285 { 1286 if (vs->audio_cap) { 1287 AUD_del_capture(vs->audio_cap, vs); 1288 vs->audio_cap = NULL; 1289 } 1290 } 1291 1292 static void vnc_disconnect_start(VncState *vs) 1293 { 1294 if (vs->disconnecting) { 1295 return; 1296 } 1297 trace_vnc_client_disconnect_start(vs, vs->ioc); 1298 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1299 if (vs->ioc_tag) { 1300 g_source_remove(vs->ioc_tag); 1301 vs->ioc_tag = 0; 1302 } 1303 qio_channel_close(vs->ioc, NULL); 1304 vs->disconnecting = TRUE; 1305 } 1306 1307 void vnc_disconnect_finish(VncState *vs) 1308 { 1309 int i; 1310 1311 trace_vnc_client_disconnect_finish(vs, vs->ioc); 1312 1313 vnc_jobs_join(vs); /* Wait encoding jobs */ 1314 1315 vnc_lock_output(vs); 1316 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1317 1318 buffer_free(&vs->input); 1319 buffer_free(&vs->output); 1320 1321 qapi_free_VncClientInfo(vs->info); 1322 1323 vnc_zlib_clear(vs); 1324 vnc_tight_clear(vs); 1325 vnc_zrle_clear(vs); 1326 1327 #ifdef CONFIG_VNC_SASL 1328 vnc_sasl_client_cleanup(vs); 1329 #endif /* CONFIG_VNC_SASL */ 1330 audio_del(vs); 1331 qkbd_state_lift_all_keys(vs->vd->kbd); 1332 1333 if (vs->mouse_mode_notifier.notify != NULL) { 1334 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1335 } 1336 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1337 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1338 /* last client gone */ 1339 vnc_update_server_surface(vs->vd); 1340 } 1341 vnc_unlock_output(vs); 1342 1343 if (vs->cbpeer.notifier.notify) { 1344 qemu_clipboard_peer_unregister(&vs->cbpeer); 1345 } 1346 1347 qemu_mutex_destroy(&vs->output_mutex); 1348 if (vs->bh != NULL) { 1349 qemu_bh_delete(vs->bh); 1350 } 1351 buffer_free(&vs->jobs_buffer); 1352 1353 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1354 g_free(vs->lossy_rect[i]); 1355 } 1356 g_free(vs->lossy_rect); 1357 1358 object_unref(OBJECT(vs->ioc)); 1359 vs->ioc = NULL; 1360 object_unref(OBJECT(vs->sioc)); 1361 vs->sioc = NULL; 1362 vs->magic = 0; 1363 g_free(vs->zrle); 1364 g_free(vs->tight); 1365 g_free(vs); 1366 } 1367 1368 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err) 1369 { 1370 if (ret <= 0) { 1371 if (ret == 0) { 1372 trace_vnc_client_eof(vs, vs->ioc); 1373 vnc_disconnect_start(vs); 1374 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1375 trace_vnc_client_io_error(vs, vs->ioc, 1376 err ? error_get_pretty(err) : "Unknown"); 1377 vnc_disconnect_start(vs); 1378 } 1379 1380 error_free(err); 1381 return 0; 1382 } 1383 return ret; 1384 } 1385 1386 1387 void vnc_client_error(VncState *vs) 1388 { 1389 VNC_DEBUG("Closing down client sock: protocol error\n"); 1390 vnc_disconnect_start(vs); 1391 } 1392 1393 1394 /* 1395 * Called to write a chunk of data to the client socket. The data may 1396 * be the raw data, or may have already been encoded by SASL. 1397 * The data will be written either straight onto the socket, or 1398 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1399 * 1400 * NB, it is theoretically possible to have 2 layers of encryption, 1401 * both SASL, and this TLS layer. It is highly unlikely in practice 1402 * though, since SASL encryption will typically be a no-op if TLS 1403 * is active 1404 * 1405 * Returns the number of bytes written, which may be less than 1406 * the requested 'datalen' if the socket would block. Returns 1407 * 0 on I/O error, and disconnects the client socket. 1408 */ 1409 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1410 { 1411 Error *err = NULL; 1412 ssize_t ret; 1413 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err); 1414 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1415 return vnc_client_io_error(vs, ret, err); 1416 } 1417 1418 1419 /* 1420 * Called to write buffered data to the client socket, when not 1421 * using any SASL SSF encryption layers. Will write as much data 1422 * as possible without blocking. If all buffered data is written, 1423 * will switch the FD poll() handler back to read monitoring. 1424 * 1425 * Returns the number of bytes written, which may be less than 1426 * the buffered output data if the socket would block. Returns 1427 * 0 on I/O error, and disconnects the client socket. 1428 */ 1429 static size_t vnc_client_write_plain(VncState *vs) 1430 { 1431 size_t offset; 1432 size_t ret; 1433 1434 #ifdef CONFIG_VNC_SASL 1435 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1436 vs->output.buffer, vs->output.capacity, vs->output.offset, 1437 vs->sasl.waitWriteSSF); 1438 1439 if (vs->sasl.conn && 1440 vs->sasl.runSSF && 1441 vs->sasl.waitWriteSSF) { 1442 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1443 if (ret) 1444 vs->sasl.waitWriteSSF -= ret; 1445 } else 1446 #endif /* CONFIG_VNC_SASL */ 1447 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1448 if (!ret) 1449 return 0; 1450 1451 if (ret >= vs->force_update_offset) { 1452 if (vs->force_update_offset != 0) { 1453 trace_vnc_client_unthrottle_forced(vs, vs->ioc); 1454 } 1455 vs->force_update_offset = 0; 1456 } else { 1457 vs->force_update_offset -= ret; 1458 } 1459 offset = vs->output.offset; 1460 buffer_advance(&vs->output, ret); 1461 if (offset >= vs->throttle_output_offset && 1462 vs->output.offset < vs->throttle_output_offset) { 1463 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset); 1464 } 1465 1466 if (vs->output.offset == 0) { 1467 if (vs->ioc_tag) { 1468 g_source_remove(vs->ioc_tag); 1469 } 1470 vs->ioc_tag = qio_channel_add_watch( 1471 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1472 vnc_client_io, vs, NULL); 1473 } 1474 1475 return ret; 1476 } 1477 1478 1479 /* 1480 * First function called whenever there is data to be written to 1481 * the client socket. Will delegate actual work according to whether 1482 * SASL SSF layers are enabled (thus requiring encryption calls) 1483 */ 1484 static void vnc_client_write_locked(VncState *vs) 1485 { 1486 #ifdef CONFIG_VNC_SASL 1487 if (vs->sasl.conn && 1488 vs->sasl.runSSF && 1489 !vs->sasl.waitWriteSSF) { 1490 vnc_client_write_sasl(vs); 1491 } else 1492 #endif /* CONFIG_VNC_SASL */ 1493 { 1494 vnc_client_write_plain(vs); 1495 } 1496 } 1497 1498 static void vnc_client_write(VncState *vs) 1499 { 1500 assert(vs->magic == VNC_MAGIC); 1501 vnc_lock_output(vs); 1502 if (vs->output.offset) { 1503 vnc_client_write_locked(vs); 1504 } else if (vs->ioc != NULL) { 1505 if (vs->ioc_tag) { 1506 g_source_remove(vs->ioc_tag); 1507 } 1508 vs->ioc_tag = qio_channel_add_watch( 1509 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1510 vnc_client_io, vs, NULL); 1511 } 1512 vnc_unlock_output(vs); 1513 } 1514 1515 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1516 { 1517 vs->read_handler = func; 1518 vs->read_handler_expect = expecting; 1519 } 1520 1521 1522 /* 1523 * Called to read a chunk of data from the client socket. The data may 1524 * be the raw data, or may need to be further decoded by SASL. 1525 * The data will be read either straight from to the socket, or 1526 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1527 * 1528 * NB, it is theoretically possible to have 2 layers of encryption, 1529 * both SASL, and this TLS layer. It is highly unlikely in practice 1530 * though, since SASL encryption will typically be a no-op if TLS 1531 * is active 1532 * 1533 * Returns the number of bytes read, which may be less than 1534 * the requested 'datalen' if the socket would block. Returns 1535 * 0 on I/O error or EOF, and disconnects the client socket. 1536 */ 1537 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1538 { 1539 ssize_t ret; 1540 Error *err = NULL; 1541 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err); 1542 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1543 return vnc_client_io_error(vs, ret, err); 1544 } 1545 1546 1547 /* 1548 * Called to read data from the client socket to the input buffer, 1549 * when not using any SASL SSF encryption layers. Will read as much 1550 * data as possible without blocking. 1551 * 1552 * Returns the number of bytes read, which may be less than 1553 * the requested 'datalen' if the socket would block. Returns 1554 * 0 on I/O error or EOF, and disconnects the client socket. 1555 */ 1556 static size_t vnc_client_read_plain(VncState *vs) 1557 { 1558 size_t ret; 1559 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1560 vs->input.buffer, vs->input.capacity, vs->input.offset); 1561 buffer_reserve(&vs->input, 4096); 1562 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1563 if (!ret) 1564 return 0; 1565 vs->input.offset += ret; 1566 return ret; 1567 } 1568 1569 static void vnc_jobs_bh(void *opaque) 1570 { 1571 VncState *vs = opaque; 1572 1573 assert(vs->magic == VNC_MAGIC); 1574 vnc_jobs_consume_buffer(vs); 1575 } 1576 1577 /* 1578 * First function called whenever there is more data to be read from 1579 * the client socket. Will delegate actual work according to whether 1580 * SASL SSF layers are enabled (thus requiring decryption calls) 1581 * Returns 0 on success, -1 if client disconnected 1582 */ 1583 static int vnc_client_read(VncState *vs) 1584 { 1585 size_t sz; 1586 1587 #ifdef CONFIG_VNC_SASL 1588 if (vs->sasl.conn && vs->sasl.runSSF) 1589 sz = vnc_client_read_sasl(vs); 1590 else 1591 #endif /* CONFIG_VNC_SASL */ 1592 sz = vnc_client_read_plain(vs); 1593 if (!sz) { 1594 if (vs->disconnecting) { 1595 vnc_disconnect_finish(vs); 1596 return -1; 1597 } 1598 return 0; 1599 } 1600 1601 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1602 size_t len = vs->read_handler_expect; 1603 int ret; 1604 1605 ret = vs->read_handler(vs, vs->input.buffer, len); 1606 if (vs->disconnecting) { 1607 vnc_disconnect_finish(vs); 1608 return -1; 1609 } 1610 1611 if (!ret) { 1612 buffer_advance(&vs->input, len); 1613 } else { 1614 vs->read_handler_expect = ret; 1615 } 1616 } 1617 return 0; 1618 } 1619 1620 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1621 GIOCondition condition, void *opaque) 1622 { 1623 VncState *vs = opaque; 1624 1625 assert(vs->magic == VNC_MAGIC); 1626 1627 if (condition & (G_IO_HUP | G_IO_ERR)) { 1628 vnc_disconnect_start(vs); 1629 return TRUE; 1630 } 1631 1632 if (condition & G_IO_IN) { 1633 if (vnc_client_read(vs) < 0) { 1634 /* vs is free()ed here */ 1635 return TRUE; 1636 } 1637 } 1638 if (condition & G_IO_OUT) { 1639 vnc_client_write(vs); 1640 } 1641 1642 if (vs->disconnecting) { 1643 if (vs->ioc_tag != 0) { 1644 g_source_remove(vs->ioc_tag); 1645 } 1646 vs->ioc_tag = 0; 1647 } 1648 return TRUE; 1649 } 1650 1651 1652 /* 1653 * Scale factor to apply to vs->throttle_output_offset when checking for 1654 * hard limit. Worst case normal usage could be x2, if we have a complete 1655 * incremental update and complete forced update in the output buffer. 1656 * So x3 should be good enough, but we pick x5 to be conservative and thus 1657 * (hopefully) never trigger incorrectly. 1658 */ 1659 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5 1660 1661 void vnc_write(VncState *vs, const void *data, size_t len) 1662 { 1663 assert(vs->magic == VNC_MAGIC); 1664 if (vs->disconnecting) { 1665 return; 1666 } 1667 /* Protection against malicious client/guest to prevent our output 1668 * buffer growing without bound if client stops reading data. This 1669 * should rarely trigger, because we have earlier throttling code 1670 * which stops issuing framebuffer updates and drops audio data 1671 * if the throttle_output_offset value is exceeded. So we only reach 1672 * this higher level if a huge number of pseudo-encodings get 1673 * triggered while data can't be sent on the socket. 1674 * 1675 * NB throttle_output_offset can be zero during early protocol 1676 * handshake, or from the job thread's VncState clone 1677 */ 1678 if (vs->throttle_output_offset != 0 && 1679 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) > 1680 vs->throttle_output_offset) { 1681 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset, 1682 vs->throttle_output_offset); 1683 vnc_disconnect_start(vs); 1684 return; 1685 } 1686 buffer_reserve(&vs->output, len); 1687 1688 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1689 if (vs->ioc_tag) { 1690 g_source_remove(vs->ioc_tag); 1691 } 1692 vs->ioc_tag = qio_channel_add_watch( 1693 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT, 1694 vnc_client_io, vs, NULL); 1695 } 1696 1697 buffer_append(&vs->output, data, len); 1698 } 1699 1700 void vnc_write_s32(VncState *vs, int32_t value) 1701 { 1702 vnc_write_u32(vs, *(uint32_t *)&value); 1703 } 1704 1705 void vnc_write_u32(VncState *vs, uint32_t value) 1706 { 1707 uint8_t buf[4]; 1708 1709 buf[0] = (value >> 24) & 0xFF; 1710 buf[1] = (value >> 16) & 0xFF; 1711 buf[2] = (value >> 8) & 0xFF; 1712 buf[3] = value & 0xFF; 1713 1714 vnc_write(vs, buf, 4); 1715 } 1716 1717 void vnc_write_u16(VncState *vs, uint16_t value) 1718 { 1719 uint8_t buf[2]; 1720 1721 buf[0] = (value >> 8) & 0xFF; 1722 buf[1] = value & 0xFF; 1723 1724 vnc_write(vs, buf, 2); 1725 } 1726 1727 void vnc_write_u8(VncState *vs, uint8_t value) 1728 { 1729 vnc_write(vs, (char *)&value, 1); 1730 } 1731 1732 void vnc_flush(VncState *vs) 1733 { 1734 vnc_lock_output(vs); 1735 if (vs->ioc != NULL && vs->output.offset) { 1736 vnc_client_write_locked(vs); 1737 } 1738 if (vs->disconnecting) { 1739 if (vs->ioc_tag != 0) { 1740 g_source_remove(vs->ioc_tag); 1741 } 1742 vs->ioc_tag = 0; 1743 } 1744 vnc_unlock_output(vs); 1745 } 1746 1747 static uint8_t read_u8(uint8_t *data, size_t offset) 1748 { 1749 return data[offset]; 1750 } 1751 1752 static uint16_t read_u16(uint8_t *data, size_t offset) 1753 { 1754 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1755 } 1756 1757 static int32_t read_s32(uint8_t *data, size_t offset) 1758 { 1759 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1760 (data[offset + 2] << 8) | data[offset + 3]); 1761 } 1762 1763 uint32_t read_u32(uint8_t *data, size_t offset) 1764 { 1765 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1766 (data[offset + 2] << 8) | data[offset + 3]); 1767 } 1768 1769 static void check_pointer_type_change(Notifier *notifier, void *data) 1770 { 1771 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1772 int absolute = qemu_input_is_absolute(vs->vd->dcl.con); 1773 1774 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1775 vnc_lock_output(vs); 1776 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1777 vnc_write_u8(vs, 0); 1778 vnc_write_u16(vs, 1); 1779 vnc_framebuffer_update(vs, absolute, 0, 1780 pixman_image_get_width(vs->vd->server), 1781 pixman_image_get_height(vs->vd->server), 1782 VNC_ENCODING_POINTER_TYPE_CHANGE); 1783 vnc_unlock_output(vs); 1784 vnc_flush(vs); 1785 } 1786 vs->absolute = absolute; 1787 } 1788 1789 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1790 { 1791 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1792 [INPUT_BUTTON_LEFT] = 0x01, 1793 [INPUT_BUTTON_MIDDLE] = 0x02, 1794 [INPUT_BUTTON_RIGHT] = 0x04, 1795 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1796 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1797 }; 1798 QemuConsole *con = vs->vd->dcl.con; 1799 int width = pixman_image_get_width(vs->vd->server); 1800 int height = pixman_image_get_height(vs->vd->server); 1801 1802 if (vs->last_bmask != button_mask) { 1803 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1804 vs->last_bmask = button_mask; 1805 } 1806 1807 if (vs->absolute) { 1808 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width); 1809 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height); 1810 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1811 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1812 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1813 } else { 1814 if (vs->last_x != -1) { 1815 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1816 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1817 } 1818 vs->last_x = x; 1819 vs->last_y = y; 1820 } 1821 qemu_input_event_sync(); 1822 } 1823 1824 static void press_key(VncState *vs, QKeyCode qcode) 1825 { 1826 qkbd_state_key_event(vs->vd->kbd, qcode, true); 1827 qkbd_state_key_event(vs->vd->kbd, qcode, false); 1828 } 1829 1830 static void vnc_led_state_change(VncState *vs) 1831 { 1832 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1833 return; 1834 } 1835 1836 vnc_lock_output(vs); 1837 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1838 vnc_write_u8(vs, 0); 1839 vnc_write_u16(vs, 1); 1840 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1841 vnc_write_u8(vs, vs->vd->ledstate); 1842 vnc_unlock_output(vs); 1843 vnc_flush(vs); 1844 } 1845 1846 static void kbd_leds(void *opaque, int ledstate) 1847 { 1848 VncDisplay *vd = opaque; 1849 VncState *client; 1850 1851 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1852 (ledstate & QEMU_NUM_LOCK_LED), 1853 (ledstate & QEMU_SCROLL_LOCK_LED)); 1854 1855 if (ledstate == vd->ledstate) { 1856 return; 1857 } 1858 1859 vd->ledstate = ledstate; 1860 1861 QTAILQ_FOREACH(client, &vd->clients, next) { 1862 vnc_led_state_change(client); 1863 } 1864 } 1865 1866 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1867 { 1868 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode); 1869 1870 /* QEMU console switch */ 1871 switch (qcode) { 1872 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */ 1873 if (down && 1874 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) && 1875 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) { 1876 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1); 1877 if (con) { 1878 unregister_displaychangelistener(&vs->vd->dcl); 1879 qkbd_state_switch_console(vs->vd->kbd, con); 1880 vs->vd->dcl.con = con; 1881 register_displaychangelistener(&vs->vd->dcl); 1882 } 1883 return; 1884 } 1885 default: 1886 break; 1887 } 1888 1889 /* Turn off the lock state sync logic if the client support the led 1890 state extension. 1891 */ 1892 if (down && vs->vd->lock_key_sync && 1893 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1894 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1895 /* If the numlock state needs to change then simulate an additional 1896 keypress before sending this one. This will happen if the user 1897 toggles numlock away from the VNC window. 1898 */ 1899 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1900 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1901 trace_vnc_key_sync_numlock(true); 1902 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1903 } 1904 } else { 1905 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1906 trace_vnc_key_sync_numlock(false); 1907 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1908 } 1909 } 1910 } 1911 1912 if (down && vs->vd->lock_key_sync && 1913 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1914 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1915 /* If the capslock state needs to change then simulate an additional 1916 keypress before sending this one. This will happen if the user 1917 toggles capslock away from the VNC window. 1918 */ 1919 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1920 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT); 1921 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK); 1922 if (capslock) { 1923 if (uppercase == shift) { 1924 trace_vnc_key_sync_capslock(false); 1925 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1926 } 1927 } else { 1928 if (uppercase != shift) { 1929 trace_vnc_key_sync_capslock(true); 1930 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1931 } 1932 } 1933 } 1934 1935 qkbd_state_key_event(vs->vd->kbd, qcode, down); 1936 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) { 1937 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con); 1938 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK); 1939 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL); 1940 /* QEMU console emulation */ 1941 if (down) { 1942 switch (keycode) { 1943 case 0x2a: /* Left Shift */ 1944 case 0x36: /* Right Shift */ 1945 case 0x1d: /* Left CTRL */ 1946 case 0x9d: /* Right CTRL */ 1947 case 0x38: /* Left ALT */ 1948 case 0xb8: /* Right ALT */ 1949 break; 1950 case 0xc8: 1951 qemu_text_console_put_keysym(con, QEMU_KEY_UP); 1952 break; 1953 case 0xd0: 1954 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN); 1955 break; 1956 case 0xcb: 1957 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT); 1958 break; 1959 case 0xcd: 1960 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT); 1961 break; 1962 case 0xd3: 1963 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE); 1964 break; 1965 case 0xc7: 1966 qemu_text_console_put_keysym(con, QEMU_KEY_HOME); 1967 break; 1968 case 0xcf: 1969 qemu_text_console_put_keysym(con, QEMU_KEY_END); 1970 break; 1971 case 0xc9: 1972 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP); 1973 break; 1974 case 0xd1: 1975 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN); 1976 break; 1977 1978 case 0x47: 1979 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME); 1980 break; 1981 case 0x48: 1982 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP); 1983 break; 1984 case 0x49: 1985 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP); 1986 break; 1987 case 0x4b: 1988 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT); 1989 break; 1990 case 0x4c: 1991 qemu_text_console_put_keysym(con, '5'); 1992 break; 1993 case 0x4d: 1994 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT); 1995 break; 1996 case 0x4f: 1997 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END); 1998 break; 1999 case 0x50: 2000 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN); 2001 break; 2002 case 0x51: 2003 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN); 2004 break; 2005 case 0x52: 2006 qemu_text_console_put_keysym(con, '0'); 2007 break; 2008 case 0x53: 2009 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE); 2010 break; 2011 2012 case 0xb5: 2013 qemu_text_console_put_keysym(con, '/'); 2014 break; 2015 case 0x37: 2016 qemu_text_console_put_keysym(con, '*'); 2017 break; 2018 case 0x4a: 2019 qemu_text_console_put_keysym(con, '-'); 2020 break; 2021 case 0x4e: 2022 qemu_text_console_put_keysym(con, '+'); 2023 break; 2024 case 0x9c: 2025 qemu_text_console_put_keysym(con, '\n'); 2026 break; 2027 2028 default: 2029 if (control) { 2030 qemu_text_console_put_keysym(con, sym & 0x1f); 2031 } else { 2032 qemu_text_console_put_keysym(con, sym); 2033 } 2034 break; 2035 } 2036 } 2037 } 2038 } 2039 2040 static const char *code2name(int keycode) 2041 { 2042 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode)); 2043 } 2044 2045 static void key_event(VncState *vs, int down, uint32_t sym) 2046 { 2047 int keycode; 2048 int lsym = sym; 2049 2050 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) { 2051 lsym = lsym - 'A' + 'a'; 2052 } 2053 2054 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF, 2055 vs->vd->kbd, down) & SCANCODE_KEYMASK; 2056 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 2057 do_key_event(vs, down, keycode, sym); 2058 } 2059 2060 static void ext_key_event(VncState *vs, int down, 2061 uint32_t sym, uint16_t keycode) 2062 { 2063 /* if the user specifies a keyboard layout, always use it */ 2064 if (keyboard_layout) { 2065 key_event(vs, down, sym); 2066 } else { 2067 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 2068 do_key_event(vs, down, keycode, sym); 2069 } 2070 } 2071 2072 static void framebuffer_update_request(VncState *vs, int incremental, 2073 int x, int y, int w, int h) 2074 { 2075 if (incremental) { 2076 if (vs->update != VNC_STATE_UPDATE_FORCE) { 2077 vs->update = VNC_STATE_UPDATE_INCREMENTAL; 2078 } 2079 } else { 2080 vs->update = VNC_STATE_UPDATE_FORCE; 2081 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 2082 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 2083 vnc_desktop_resize_ext(vs, 0); 2084 } 2085 } 2086 } 2087 2088 static void send_ext_key_event_ack(VncState *vs) 2089 { 2090 vnc_lock_output(vs); 2091 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2092 vnc_write_u8(vs, 0); 2093 vnc_write_u16(vs, 1); 2094 vnc_framebuffer_update(vs, 0, 0, 2095 pixman_image_get_width(vs->vd->server), 2096 pixman_image_get_height(vs->vd->server), 2097 VNC_ENCODING_EXT_KEY_EVENT); 2098 vnc_unlock_output(vs); 2099 vnc_flush(vs); 2100 } 2101 2102 static void send_ext_audio_ack(VncState *vs) 2103 { 2104 vnc_lock_output(vs); 2105 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2106 vnc_write_u8(vs, 0); 2107 vnc_write_u16(vs, 1); 2108 vnc_framebuffer_update(vs, 0, 0, 2109 pixman_image_get_width(vs->vd->server), 2110 pixman_image_get_height(vs->vd->server), 2111 VNC_ENCODING_AUDIO); 2112 vnc_unlock_output(vs); 2113 vnc_flush(vs); 2114 } 2115 2116 static void send_xvp_message(VncState *vs, int code) 2117 { 2118 vnc_lock_output(vs); 2119 vnc_write_u8(vs, VNC_MSG_SERVER_XVP); 2120 vnc_write_u8(vs, 0); /* pad */ 2121 vnc_write_u8(vs, 1); /* version */ 2122 vnc_write_u8(vs, code); 2123 vnc_unlock_output(vs); 2124 vnc_flush(vs); 2125 } 2126 2127 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2128 { 2129 int i; 2130 unsigned int enc = 0; 2131 2132 vs->features = 0; 2133 vs->vnc_encoding = 0; 2134 vs->tight->compression = 9; 2135 vs->tight->quality = -1; /* Lossless by default */ 2136 vs->absolute = -1; 2137 2138 /* 2139 * Start from the end because the encodings are sent in order of preference. 2140 * This way the preferred encoding (first encoding defined in the array) 2141 * will be set at the end of the loop. 2142 */ 2143 for (i = n_encodings - 1; i >= 0; i--) { 2144 enc = encodings[i]; 2145 switch (enc) { 2146 case VNC_ENCODING_RAW: 2147 vs->vnc_encoding = enc; 2148 break; 2149 case VNC_ENCODING_HEXTILE: 2150 vnc_set_feature(vs, VNC_FEATURE_HEXTILE); 2151 vs->vnc_encoding = enc; 2152 break; 2153 case VNC_ENCODING_TIGHT: 2154 vnc_set_feature(vs, VNC_FEATURE_TIGHT); 2155 vs->vnc_encoding = enc; 2156 break; 2157 #ifdef CONFIG_PNG 2158 case VNC_ENCODING_TIGHT_PNG: 2159 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG); 2160 vs->vnc_encoding = enc; 2161 break; 2162 #endif 2163 case VNC_ENCODING_ZLIB: 2164 /* 2165 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB. 2166 * So prioritize ZRLE, even if the client hints that it prefers 2167 * ZLIB. 2168 */ 2169 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) { 2170 vnc_set_feature(vs, VNC_FEATURE_ZLIB); 2171 vs->vnc_encoding = enc; 2172 } 2173 break; 2174 case VNC_ENCODING_ZRLE: 2175 vnc_set_feature(vs, VNC_FEATURE_ZRLE); 2176 vs->vnc_encoding = enc; 2177 break; 2178 case VNC_ENCODING_ZYWRLE: 2179 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE); 2180 vs->vnc_encoding = enc; 2181 break; 2182 case VNC_ENCODING_DESKTOPRESIZE: 2183 vnc_set_feature(vs, VNC_FEATURE_RESIZE); 2184 break; 2185 case VNC_ENCODING_DESKTOP_RESIZE_EXT: 2186 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT); 2187 break; 2188 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2189 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE); 2190 break; 2191 case VNC_ENCODING_RICH_CURSOR: 2192 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR); 2193 break; 2194 case VNC_ENCODING_ALPHA_CURSOR: 2195 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR); 2196 break; 2197 case VNC_ENCODING_EXT_KEY_EVENT: 2198 send_ext_key_event_ack(vs); 2199 break; 2200 case VNC_ENCODING_AUDIO: 2201 if (vs->vd->audio_state) { 2202 vnc_set_feature(vs, VNC_FEATURE_AUDIO); 2203 send_ext_audio_ack(vs); 2204 } 2205 break; 2206 case VNC_ENCODING_WMVi: 2207 vnc_set_feature(vs, VNC_FEATURE_WMVI); 2208 break; 2209 case VNC_ENCODING_LED_STATE: 2210 vnc_set_feature(vs, VNC_FEATURE_LED_STATE); 2211 break; 2212 case VNC_ENCODING_XVP: 2213 if (vs->vd->power_control) { 2214 vnc_set_feature(vs, VNC_FEATURE_XVP); 2215 send_xvp_message(vs, VNC_XVP_CODE_INIT); 2216 } 2217 break; 2218 case VNC_ENCODING_CLIPBOARD_EXT: 2219 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT); 2220 vnc_server_cut_text_caps(vs); 2221 break; 2222 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2223 vs->tight->compression = (enc & 0x0F); 2224 break; 2225 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2226 if (vs->vd->lossy) { 2227 vs->tight->quality = (enc & 0x0F); 2228 } 2229 break; 2230 default: 2231 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2232 break; 2233 } 2234 } 2235 vnc_desktop_resize(vs); 2236 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2237 vnc_led_state_change(vs); 2238 vnc_cursor_define(vs); 2239 } 2240 2241 static void set_pixel_conversion(VncState *vs) 2242 { 2243 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2244 2245 if (fmt == VNC_SERVER_FB_FORMAT) { 2246 vs->write_pixels = vnc_write_pixels_copy; 2247 vnc_hextile_set_pixel_conversion(vs, 0); 2248 } else { 2249 vs->write_pixels = vnc_write_pixels_generic; 2250 vnc_hextile_set_pixel_conversion(vs, 1); 2251 } 2252 } 2253 2254 static void send_color_map(VncState *vs) 2255 { 2256 int i; 2257 2258 vnc_lock_output(vs); 2259 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); 2260 vnc_write_u8(vs, 0); /* padding */ 2261 vnc_write_u16(vs, 0); /* first color */ 2262 vnc_write_u16(vs, 256); /* # of colors */ 2263 2264 for (i = 0; i < 256; i++) { 2265 PixelFormat *pf = &vs->client_pf; 2266 2267 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); 2268 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); 2269 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); 2270 } 2271 vnc_unlock_output(vs); 2272 } 2273 2274 static void set_pixel_format(VncState *vs, int bits_per_pixel, 2275 int big_endian_flag, int true_color_flag, 2276 int red_max, int green_max, int blue_max, 2277 int red_shift, int green_shift, int blue_shift) 2278 { 2279 if (!true_color_flag) { 2280 /* Expose a reasonable default 256 color map */ 2281 bits_per_pixel = 8; 2282 red_max = 7; 2283 green_max = 7; 2284 blue_max = 3; 2285 red_shift = 0; 2286 green_shift = 3; 2287 blue_shift = 6; 2288 } 2289 2290 switch (bits_per_pixel) { 2291 case 8: 2292 case 16: 2293 case 32: 2294 break; 2295 default: 2296 vnc_client_error(vs); 2297 return; 2298 } 2299 2300 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2301 vs->client_pf.rbits = ctpopl(red_max); 2302 vs->client_pf.rshift = red_shift; 2303 vs->client_pf.rmask = red_max << red_shift; 2304 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2305 vs->client_pf.gbits = ctpopl(green_max); 2306 vs->client_pf.gshift = green_shift; 2307 vs->client_pf.gmask = green_max << green_shift; 2308 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2309 vs->client_pf.bbits = ctpopl(blue_max); 2310 vs->client_pf.bshift = blue_shift; 2311 vs->client_pf.bmask = blue_max << blue_shift; 2312 vs->client_pf.bits_per_pixel = bits_per_pixel; 2313 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2314 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2315 vs->client_be = big_endian_flag; 2316 2317 if (!true_color_flag) { 2318 send_color_map(vs); 2319 } 2320 2321 set_pixel_conversion(vs); 2322 2323 graphic_hw_invalidate(vs->vd->dcl.con); 2324 graphic_hw_update(vs->vd->dcl.con); 2325 } 2326 2327 static void pixel_format_message (VncState *vs) { 2328 char pad[3] = { 0, 0, 0 }; 2329 2330 vs->client_pf = qemu_default_pixelformat(32); 2331 2332 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2333 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2334 2335 #if HOST_BIG_ENDIAN 2336 vnc_write_u8(vs, 1); /* big-endian-flag */ 2337 #else 2338 vnc_write_u8(vs, 0); /* big-endian-flag */ 2339 #endif 2340 vnc_write_u8(vs, 1); /* true-color-flag */ 2341 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2342 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2343 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2344 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2345 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2346 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2347 vnc_write(vs, pad, 3); /* padding */ 2348 2349 vnc_hextile_set_pixel_conversion(vs, 0); 2350 vs->write_pixels = vnc_write_pixels_copy; 2351 } 2352 2353 static void vnc_colordepth(VncState *vs) 2354 { 2355 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2356 /* Sending a WMVi message to notify the client*/ 2357 vnc_lock_output(vs); 2358 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2359 vnc_write_u8(vs, 0); 2360 vnc_write_u16(vs, 1); /* number of rects */ 2361 vnc_framebuffer_update(vs, 0, 0, 2362 vs->client_width, 2363 vs->client_height, 2364 VNC_ENCODING_WMVi); 2365 pixel_format_message(vs); 2366 vnc_unlock_output(vs); 2367 vnc_flush(vs); 2368 } else { 2369 set_pixel_conversion(vs); 2370 } 2371 } 2372 2373 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2374 { 2375 int i; 2376 uint16_t limit; 2377 uint32_t freq; 2378 VncDisplay *vd = vs->vd; 2379 2380 if (data[0] > 3) { 2381 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2382 } 2383 2384 switch (data[0]) { 2385 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2386 if (len == 1) 2387 return 20; 2388 2389 set_pixel_format(vs, read_u8(data, 4), 2390 read_u8(data, 6), read_u8(data, 7), 2391 read_u16(data, 8), read_u16(data, 10), 2392 read_u16(data, 12), read_u8(data, 14), 2393 read_u8(data, 15), read_u8(data, 16)); 2394 break; 2395 case VNC_MSG_CLIENT_SET_ENCODINGS: 2396 if (len == 1) 2397 return 4; 2398 2399 if (len == 4) { 2400 limit = read_u16(data, 2); 2401 if (limit > 0) 2402 return 4 + (limit * 4); 2403 } else 2404 limit = read_u16(data, 2); 2405 2406 for (i = 0; i < limit; i++) { 2407 int32_t val = read_s32(data, 4 + (i * 4)); 2408 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2409 } 2410 2411 set_encodings(vs, (int32_t *)(data + 4), limit); 2412 break; 2413 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2414 if (len == 1) 2415 return 10; 2416 2417 framebuffer_update_request(vs, 2418 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2419 read_u16(data, 6), read_u16(data, 8)); 2420 break; 2421 case VNC_MSG_CLIENT_KEY_EVENT: 2422 if (len == 1) 2423 return 8; 2424 2425 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2426 break; 2427 case VNC_MSG_CLIENT_POINTER_EVENT: 2428 if (len == 1) 2429 return 6; 2430 2431 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2432 break; 2433 case VNC_MSG_CLIENT_CUT_TEXT: 2434 if (len == 1) { 2435 return 8; 2436 } 2437 uint32_t dlen = abs(read_s32(data, 4)); 2438 if (len == 8) { 2439 if (dlen > (1 << 20)) { 2440 error_report("vnc: client_cut_text msg payload has %u bytes" 2441 " which exceeds our limit of 1MB.", dlen); 2442 vnc_client_error(vs); 2443 break; 2444 } 2445 if (dlen > 0) { 2446 return 8 + dlen; 2447 } 2448 } 2449 2450 if (read_s32(data, 4) < 0) { 2451 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) { 2452 error_report("vnc: extended clipboard message while disabled"); 2453 vnc_client_error(vs); 2454 break; 2455 } 2456 if (dlen < 4) { 2457 error_report("vnc: malformed payload (header less than 4 bytes)" 2458 " in extended clipboard pseudo-encoding."); 2459 vnc_client_error(vs); 2460 break; 2461 } 2462 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12); 2463 break; 2464 } 2465 vnc_client_cut_text(vs, read_u32(data, 4), data + 8); 2466 break; 2467 case VNC_MSG_CLIENT_XVP: 2468 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) { 2469 error_report("vnc: xvp client message while disabled"); 2470 vnc_client_error(vs); 2471 break; 2472 } 2473 if (len == 1) { 2474 return 4; 2475 } 2476 if (len == 4) { 2477 uint8_t version = read_u8(data, 2); 2478 uint8_t action = read_u8(data, 3); 2479 2480 if (version != 1) { 2481 error_report("vnc: xvp client message version %d != 1", 2482 version); 2483 vnc_client_error(vs); 2484 break; 2485 } 2486 2487 switch (action) { 2488 case VNC_XVP_ACTION_SHUTDOWN: 2489 qemu_system_powerdown_request(); 2490 break; 2491 case VNC_XVP_ACTION_REBOOT: 2492 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2493 break; 2494 case VNC_XVP_ACTION_RESET: 2495 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET); 2496 break; 2497 default: 2498 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2499 break; 2500 } 2501 } 2502 break; 2503 case VNC_MSG_CLIENT_QEMU: 2504 if (len == 1) 2505 return 2; 2506 2507 switch (read_u8(data, 1)) { 2508 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2509 if (len == 2) 2510 return 12; 2511 2512 ext_key_event(vs, read_u16(data, 2), 2513 read_u32(data, 4), read_u32(data, 8)); 2514 break; 2515 case VNC_MSG_CLIENT_QEMU_AUDIO: 2516 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) { 2517 error_report("Audio message %d with audio disabled", read_u8(data, 2)); 2518 vnc_client_error(vs); 2519 break; 2520 } 2521 2522 if (len == 2) 2523 return 4; 2524 2525 switch (read_u16 (data, 2)) { 2526 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2527 trace_vnc_msg_client_audio_enable(vs, vs->ioc); 2528 audio_add(vs); 2529 break; 2530 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2531 trace_vnc_msg_client_audio_disable(vs, vs->ioc); 2532 audio_del(vs); 2533 break; 2534 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2535 if (len == 4) 2536 return 10; 2537 switch (read_u8(data, 4)) { 2538 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break; 2539 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break; 2540 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break; 2541 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break; 2542 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break; 2543 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break; 2544 default: 2545 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2546 vnc_client_error(vs); 2547 break; 2548 } 2549 vs->as.nchannels = read_u8(data, 5); 2550 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2551 VNC_DEBUG("Invalid audio channel count %d\n", 2552 read_u8(data, 5)); 2553 vnc_client_error(vs); 2554 break; 2555 } 2556 freq = read_u32(data, 6); 2557 /* No official limit for protocol, but 48khz is a sensible 2558 * upper bound for trustworthy clients, and this limit 2559 * protects calculations involving 'vs->as.freq' later. 2560 */ 2561 if (freq > 48000) { 2562 VNC_DEBUG("Invalid audio frequency %u > 48000", freq); 2563 vnc_client_error(vs); 2564 break; 2565 } 2566 vs->as.freq = freq; 2567 trace_vnc_msg_client_audio_format( 2568 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq); 2569 break; 2570 default: 2571 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2)); 2572 vnc_client_error(vs); 2573 break; 2574 } 2575 break; 2576 2577 default: 2578 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2579 vnc_client_error(vs); 2580 break; 2581 } 2582 break; 2583 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE: 2584 { 2585 size_t size; 2586 uint8_t screens; 2587 int w, h; 2588 2589 if (len < 8) { 2590 return 8; 2591 } 2592 2593 screens = read_u8(data, 6); 2594 size = 8 + screens * 16; 2595 if (len < size) { 2596 return size; 2597 } 2598 w = read_u16(data, 2); 2599 h = read_u16(data, 4); 2600 2601 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens); 2602 if (dpy_ui_info_supported(vs->vd->dcl.con)) { 2603 QemuUIInfo info; 2604 memset(&info, 0, sizeof(info)); 2605 info.width = w; 2606 info.height = h; 2607 dpy_set_ui_info(vs->vd->dcl.con, &info, false); 2608 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */); 2609 } else { 2610 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */); 2611 } 2612 2613 break; 2614 } 2615 default: 2616 VNC_DEBUG("Msg: %d\n", data[0]); 2617 vnc_client_error(vs); 2618 break; 2619 } 2620 2621 vnc_update_throttle_offset(vs); 2622 vnc_read_when(vs, protocol_client_msg, 1); 2623 return 0; 2624 } 2625 2626 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2627 { 2628 char buf[1024]; 2629 VncShareMode mode; 2630 int size; 2631 2632 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2633 switch (vs->vd->share_policy) { 2634 case VNC_SHARE_POLICY_IGNORE: 2635 /* 2636 * Ignore the shared flag. Nothing to do here. 2637 * 2638 * Doesn't conform to the rfb spec but is traditional qemu 2639 * behavior, thus left here as option for compatibility 2640 * reasons. 2641 */ 2642 break; 2643 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2644 /* 2645 * Policy: Allow clients ask for exclusive access. 2646 * 2647 * Implementation: When a client asks for exclusive access, 2648 * disconnect all others. Shared connects are allowed as long 2649 * as no exclusive connection exists. 2650 * 2651 * This is how the rfb spec suggests to handle the shared flag. 2652 */ 2653 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2654 VncState *client; 2655 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2656 if (vs == client) { 2657 continue; 2658 } 2659 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2660 client->share_mode != VNC_SHARE_MODE_SHARED) { 2661 continue; 2662 } 2663 vnc_disconnect_start(client); 2664 } 2665 } 2666 if (mode == VNC_SHARE_MODE_SHARED) { 2667 if (vs->vd->num_exclusive > 0) { 2668 vnc_disconnect_start(vs); 2669 return 0; 2670 } 2671 } 2672 break; 2673 case VNC_SHARE_POLICY_FORCE_SHARED: 2674 /* 2675 * Policy: Shared connects only. 2676 * Implementation: Disallow clients asking for exclusive access. 2677 * 2678 * Useful for shared desktop sessions where you don't want 2679 * someone forgetting to say -shared when running the vnc 2680 * client disconnect everybody else. 2681 */ 2682 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2683 vnc_disconnect_start(vs); 2684 return 0; 2685 } 2686 break; 2687 } 2688 vnc_set_share_mode(vs, mode); 2689 2690 if (vs->vd->num_shared > vs->vd->connections_limit) { 2691 vnc_disconnect_start(vs); 2692 return 0; 2693 } 2694 2695 assert(pixman_image_get_width(vs->vd->server) < 65536 && 2696 pixman_image_get_width(vs->vd->server) >= 0); 2697 assert(pixman_image_get_height(vs->vd->server) < 65536 && 2698 pixman_image_get_height(vs->vd->server) >= 0); 2699 vs->client_width = pixman_image_get_width(vs->vd->server); 2700 vs->client_height = pixman_image_get_height(vs->vd->server); 2701 vnc_write_u16(vs, vs->client_width); 2702 vnc_write_u16(vs, vs->client_height); 2703 2704 pixel_format_message(vs); 2705 2706 if (qemu_name) { 2707 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2708 if (size > sizeof(buf)) { 2709 size = sizeof(buf); 2710 } 2711 } else { 2712 size = snprintf(buf, sizeof(buf), "QEMU"); 2713 } 2714 2715 vnc_write_u32(vs, size); 2716 vnc_write(vs, buf, size); 2717 vnc_flush(vs); 2718 2719 vnc_client_cache_auth(vs); 2720 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2721 2722 vnc_read_when(vs, protocol_client_msg, 1); 2723 2724 return 0; 2725 } 2726 2727 void start_client_init(VncState *vs) 2728 { 2729 vnc_read_when(vs, protocol_client_init, 1); 2730 } 2731 2732 static void authentication_failed(VncState *vs) 2733 { 2734 vnc_write_u32(vs, 1); /* Reject auth */ 2735 if (vs->minor >= 8) { 2736 static const char err[] = "Authentication failed"; 2737 vnc_write_u32(vs, sizeof(err)); 2738 vnc_write(vs, err, sizeof(err)); 2739 } 2740 vnc_flush(vs); 2741 vnc_client_error(vs); 2742 } 2743 2744 static void 2745 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey) 2746 { 2747 size_t i; 2748 for (i = 0; i < nkey; i++) { 2749 uint8_t r = key[i]; 2750 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; 2751 r = (r & 0xcc) >> 2 | (r & 0x33) << 2; 2752 r = (r & 0xaa) >> 1 | (r & 0x55) << 1; 2753 key[i] = r; 2754 } 2755 } 2756 2757 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2758 { 2759 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2760 size_t i, pwlen; 2761 unsigned char key[8]; 2762 time_t now = time(NULL); 2763 QCryptoCipher *cipher = NULL; 2764 Error *err = NULL; 2765 2766 if (!vs->vd->password) { 2767 trace_vnc_auth_fail(vs, vs->auth, "password is not set", ""); 2768 goto reject; 2769 } 2770 if (vs->vd->expires < now) { 2771 trace_vnc_auth_fail(vs, vs->auth, "password is expired", ""); 2772 goto reject; 2773 } 2774 2775 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2776 2777 /* Calculate the expected challenge response */ 2778 pwlen = strlen(vs->vd->password); 2779 for (i=0; i<sizeof(key); i++) 2780 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2781 vnc_munge_des_rfb_key(key, sizeof(key)); 2782 2783 cipher = qcrypto_cipher_new( 2784 QCRYPTO_CIPHER_ALGO_DES, 2785 QCRYPTO_CIPHER_MODE_ECB, 2786 key, G_N_ELEMENTS(key), 2787 &err); 2788 if (!cipher) { 2789 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher", 2790 error_get_pretty(err)); 2791 error_free(err); 2792 goto reject; 2793 } 2794 2795 if (qcrypto_cipher_encrypt(cipher, 2796 vs->challenge, 2797 response, 2798 VNC_AUTH_CHALLENGE_SIZE, 2799 &err) < 0) { 2800 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response", 2801 error_get_pretty(err)); 2802 error_free(err); 2803 goto reject; 2804 } 2805 2806 /* Compare expected vs actual challenge response */ 2807 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2808 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", ""); 2809 goto reject; 2810 } else { 2811 trace_vnc_auth_pass(vs, vs->auth); 2812 vnc_write_u32(vs, 0); /* Accept auth */ 2813 vnc_flush(vs); 2814 2815 start_client_init(vs); 2816 } 2817 2818 qcrypto_cipher_free(cipher); 2819 return 0; 2820 2821 reject: 2822 authentication_failed(vs); 2823 qcrypto_cipher_free(cipher); 2824 return 0; 2825 } 2826 2827 void start_auth_vnc(VncState *vs) 2828 { 2829 Error *err = NULL; 2830 2831 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) { 2832 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes", 2833 error_get_pretty(err)); 2834 error_free(err); 2835 authentication_failed(vs); 2836 return; 2837 } 2838 2839 /* Send client a 'random' challenge */ 2840 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2841 vnc_flush(vs); 2842 2843 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2844 } 2845 2846 2847 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2848 { 2849 /* We only advertise 1 auth scheme at a time, so client 2850 * must pick the one we sent. Verify this */ 2851 if (data[0] != vs->auth) { /* Reject auth */ 2852 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]); 2853 authentication_failed(vs); 2854 } else { /* Accept requested auth */ 2855 trace_vnc_auth_start(vs, vs->auth); 2856 switch (vs->auth) { 2857 case VNC_AUTH_NONE: 2858 if (vs->minor >= 8) { 2859 vnc_write_u32(vs, 0); /* Accept auth completion */ 2860 vnc_flush(vs); 2861 } 2862 trace_vnc_auth_pass(vs, vs->auth); 2863 start_client_init(vs); 2864 break; 2865 2866 case VNC_AUTH_VNC: 2867 start_auth_vnc(vs); 2868 break; 2869 2870 case VNC_AUTH_VENCRYPT: 2871 start_auth_vencrypt(vs); 2872 break; 2873 2874 #ifdef CONFIG_VNC_SASL 2875 case VNC_AUTH_SASL: 2876 start_auth_sasl(vs); 2877 break; 2878 #endif /* CONFIG_VNC_SASL */ 2879 2880 default: /* Should not be possible, but just in case */ 2881 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", ""); 2882 authentication_failed(vs); 2883 } 2884 } 2885 return 0; 2886 } 2887 2888 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2889 { 2890 char local[13]; 2891 2892 memcpy(local, version, 12); 2893 local[12] = 0; 2894 2895 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2896 VNC_DEBUG("Malformed protocol version %s\n", local); 2897 vnc_client_error(vs); 2898 return 0; 2899 } 2900 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2901 if (vs->major != 3 || 2902 (vs->minor != 3 && 2903 vs->minor != 4 && 2904 vs->minor != 5 && 2905 vs->minor != 7 && 2906 vs->minor != 8)) { 2907 VNC_DEBUG("Unsupported client version\n"); 2908 vnc_write_u32(vs, VNC_AUTH_INVALID); 2909 vnc_flush(vs); 2910 vnc_client_error(vs); 2911 return 0; 2912 } 2913 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2914 * as equivalent to v3.3 by servers 2915 */ 2916 if (vs->minor == 4 || vs->minor == 5) 2917 vs->minor = 3; 2918 2919 if (vs->minor == 3) { 2920 trace_vnc_auth_start(vs, vs->auth); 2921 if (vs->auth == VNC_AUTH_NONE) { 2922 vnc_write_u32(vs, vs->auth); 2923 vnc_flush(vs); 2924 trace_vnc_auth_pass(vs, vs->auth); 2925 start_client_init(vs); 2926 } else if (vs->auth == VNC_AUTH_VNC) { 2927 VNC_DEBUG("Tell client VNC auth\n"); 2928 vnc_write_u32(vs, vs->auth); 2929 vnc_flush(vs); 2930 start_auth_vnc(vs); 2931 } else { 2932 trace_vnc_auth_fail(vs, vs->auth, 2933 "Unsupported auth method for v3.3", ""); 2934 vnc_write_u32(vs, VNC_AUTH_INVALID); 2935 vnc_flush(vs); 2936 vnc_client_error(vs); 2937 } 2938 } else { 2939 vnc_write_u8(vs, 1); /* num auth */ 2940 vnc_write_u8(vs, vs->auth); 2941 vnc_read_when(vs, protocol_client_auth, 1); 2942 vnc_flush(vs); 2943 } 2944 2945 return 0; 2946 } 2947 2948 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2949 { 2950 struct VncSurface *vs = &vd->guest; 2951 2952 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2953 } 2954 2955 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2956 { 2957 int i, j; 2958 2959 w = (x + w) / VNC_STAT_RECT; 2960 h = (y + h) / VNC_STAT_RECT; 2961 x /= VNC_STAT_RECT; 2962 y /= VNC_STAT_RECT; 2963 2964 for (j = y; j <= h; j++) { 2965 for (i = x; i <= w; i++) { 2966 vs->lossy_rect[j][i] = 1; 2967 } 2968 } 2969 } 2970 2971 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2972 { 2973 VncState *vs; 2974 int sty = y / VNC_STAT_RECT; 2975 int stx = x / VNC_STAT_RECT; 2976 int has_dirty = 0; 2977 2978 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 2979 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 2980 2981 QTAILQ_FOREACH(vs, &vd->clients, next) { 2982 int j; 2983 2984 /* kernel send buffers are full -> refresh later */ 2985 if (vs->output.offset) { 2986 continue; 2987 } 2988 2989 if (!vs->lossy_rect[sty][stx]) { 2990 continue; 2991 } 2992 2993 vs->lossy_rect[sty][stx] = 0; 2994 for (j = 0; j < VNC_STAT_RECT; ++j) { 2995 bitmap_set(vs->dirty[y + j], 2996 x / VNC_DIRTY_PIXELS_PER_BIT, 2997 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2998 } 2999 has_dirty++; 3000 } 3001 3002 return has_dirty; 3003 } 3004 3005 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 3006 { 3007 int width = MIN(pixman_image_get_width(vd->guest.fb), 3008 pixman_image_get_width(vd->server)); 3009 int height = MIN(pixman_image_get_height(vd->guest.fb), 3010 pixman_image_get_height(vd->server)); 3011 int x, y; 3012 struct timeval res; 3013 int has_dirty = 0; 3014 3015 for (y = 0; y < height; y += VNC_STAT_RECT) { 3016 for (x = 0; x < width; x += VNC_STAT_RECT) { 3017 VncRectStat *rect = vnc_stat_rect(vd, x, y); 3018 3019 rect->updated = false; 3020 } 3021 } 3022 3023 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 3024 3025 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 3026 return has_dirty; 3027 } 3028 vd->guest.last_freq_check = *tv; 3029 3030 for (y = 0; y < height; y += VNC_STAT_RECT) { 3031 for (x = 0; x < width; x += VNC_STAT_RECT) { 3032 VncRectStat *rect= vnc_stat_rect(vd, x, y); 3033 int count = ARRAY_SIZE(rect->times); 3034 struct timeval min, max; 3035 3036 if (!timerisset(&rect->times[count - 1])) { 3037 continue ; 3038 } 3039 3040 max = rect->times[(rect->idx + count - 1) % count]; 3041 qemu_timersub(tv, &max, &res); 3042 3043 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 3044 rect->freq = 0; 3045 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 3046 memset(rect->times, 0, sizeof (rect->times)); 3047 continue ; 3048 } 3049 3050 min = rect->times[rect->idx]; 3051 max = rect->times[(rect->idx + count - 1) % count]; 3052 qemu_timersub(&max, &min, &res); 3053 3054 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 3055 rect->freq /= count; 3056 rect->freq = 1. / rect->freq; 3057 } 3058 } 3059 return has_dirty; 3060 } 3061 3062 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 3063 { 3064 int i, j; 3065 double total = 0; 3066 int num = 0; 3067 3068 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 3069 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 3070 3071 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 3072 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 3073 total += vnc_stat_rect(vs->vd, i, j)->freq; 3074 num++; 3075 } 3076 } 3077 3078 if (num) { 3079 return total / num; 3080 } else { 3081 return 0; 3082 } 3083 } 3084 3085 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 3086 { 3087 VncRectStat *rect; 3088 3089 rect = vnc_stat_rect(vd, x, y); 3090 if (rect->updated) { 3091 return; 3092 } 3093 rect->times[rect->idx] = *tv; 3094 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 3095 rect->updated = true; 3096 } 3097 3098 static int vnc_refresh_server_surface(VncDisplay *vd) 3099 { 3100 int width = MIN(pixman_image_get_width(vd->guest.fb), 3101 pixman_image_get_width(vd->server)); 3102 int height = MIN(pixman_image_get_height(vd->guest.fb), 3103 pixman_image_get_height(vd->server)); 3104 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 3105 uint8_t *guest_row0 = NULL, *server_row0; 3106 VncState *vs; 3107 int has_dirty = 0; 3108 pixman_image_t *tmpbuf = NULL; 3109 unsigned long offset; 3110 int x; 3111 uint8_t *guest_ptr, *server_ptr; 3112 3113 struct timeval tv = { 0, 0 }; 3114 3115 if (!vd->non_adaptive) { 3116 gettimeofday(&tv, NULL); 3117 has_dirty = vnc_update_stats(vd, &tv); 3118 } 3119 3120 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3121 height * VNC_DIRTY_BPL(&vd->guest), 0); 3122 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3123 /* no dirty bits in guest surface */ 3124 return has_dirty; 3125 } 3126 3127 /* 3128 * Walk through the guest dirty map. 3129 * Check and copy modified bits from guest to server surface. 3130 * Update server dirty map. 3131 */ 3132 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 3133 server_stride = guest_stride = guest_ll = 3134 pixman_image_get_stride(vd->server); 3135 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 3136 server_stride); 3137 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3138 int w = pixman_image_get_width(vd->server); 3139 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w); 3140 } else { 3141 int guest_bpp = 3142 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 3143 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 3144 guest_stride = pixman_image_get_stride(vd->guest.fb); 3145 guest_ll = pixman_image_get_width(vd->guest.fb) 3146 * DIV_ROUND_UP(guest_bpp, 8); 3147 } 3148 line_bytes = MIN(server_stride, guest_ll); 3149 3150 for (;;) { 3151 y = offset / VNC_DIRTY_BPL(&vd->guest); 3152 x = offset % VNC_DIRTY_BPL(&vd->guest); 3153 3154 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 3155 3156 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3157 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 3158 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 3159 } else { 3160 guest_ptr = guest_row0 + y * guest_stride; 3161 } 3162 guest_ptr += x * cmp_bytes; 3163 3164 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 3165 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 3166 int _cmp_bytes = cmp_bytes; 3167 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 3168 continue; 3169 } 3170 if ((x + 1) * cmp_bytes > line_bytes) { 3171 _cmp_bytes = line_bytes - x * cmp_bytes; 3172 } 3173 assert(_cmp_bytes >= 0); 3174 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 3175 continue; 3176 } 3177 memcpy(server_ptr, guest_ptr, _cmp_bytes); 3178 if (!vd->non_adaptive) { 3179 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 3180 y, &tv); 3181 } 3182 QTAILQ_FOREACH(vs, &vd->clients, next) { 3183 set_bit(x, vs->dirty[y]); 3184 } 3185 has_dirty++; 3186 } 3187 3188 y++; 3189 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3190 height * VNC_DIRTY_BPL(&vd->guest), 3191 y * VNC_DIRTY_BPL(&vd->guest)); 3192 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3193 /* no more dirty bits */ 3194 break; 3195 } 3196 } 3197 qemu_pixman_image_unref(tmpbuf); 3198 return has_dirty; 3199 } 3200 3201 static void vnc_refresh(DisplayChangeListener *dcl) 3202 { 3203 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 3204 VncState *vs, *vn; 3205 int has_dirty, rects = 0; 3206 3207 if (QTAILQ_EMPTY(&vd->clients)) { 3208 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 3209 return; 3210 } 3211 3212 graphic_hw_update(vd->dcl.con); 3213 3214 if (vnc_trylock_display(vd)) { 3215 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3216 return; 3217 } 3218 3219 has_dirty = vnc_refresh_server_surface(vd); 3220 vnc_unlock_display(vd); 3221 3222 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 3223 rects += vnc_update_client(vs, has_dirty); 3224 /* vs might be free()ed here */ 3225 } 3226 3227 if (has_dirty && rects) { 3228 vd->dcl.update_interval /= 2; 3229 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 3230 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 3231 } 3232 } else { 3233 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 3234 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 3235 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 3236 } 3237 } 3238 } 3239 3240 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 3241 bool skipauth, bool websocket) 3242 { 3243 VncState *vs = g_new0(VncState, 1); 3244 bool first_client = QTAILQ_EMPTY(&vd->clients); 3245 int i; 3246 3247 trace_vnc_client_connect(vs, sioc); 3248 vs->zrle = g_new0(VncZrle, 1); 3249 vs->tight = g_new0(VncTight, 1); 3250 vs->magic = VNC_MAGIC; 3251 vs->sioc = sioc; 3252 object_ref(OBJECT(vs->sioc)); 3253 vs->ioc = QIO_CHANNEL(sioc); 3254 object_ref(OBJECT(vs->ioc)); 3255 vs->vd = vd; 3256 3257 buffer_init(&vs->input, "vnc-input/%p", sioc); 3258 buffer_init(&vs->output, "vnc-output/%p", sioc); 3259 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 3260 3261 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc); 3262 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc); 3263 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc); 3264 #ifdef CONFIG_VNC_JPEG 3265 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc); 3266 #endif 3267 #ifdef CONFIG_PNG 3268 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc); 3269 #endif 3270 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 3271 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc); 3272 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc); 3273 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc); 3274 3275 if (skipauth) { 3276 vs->auth = VNC_AUTH_NONE; 3277 vs->subauth = VNC_AUTH_INVALID; 3278 } else { 3279 if (websocket) { 3280 vs->auth = vd->ws_auth; 3281 vs->subauth = VNC_AUTH_INVALID; 3282 } else { 3283 vs->auth = vd->auth; 3284 vs->subauth = vd->subauth; 3285 } 3286 } 3287 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 3288 sioc, websocket, vs->auth, vs->subauth); 3289 3290 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 3291 for (i = 0; i < VNC_STAT_ROWS; ++i) { 3292 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 3293 } 3294 3295 VNC_DEBUG("New client on socket %p\n", vs->sioc); 3296 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3297 qio_channel_set_blocking(vs->ioc, false, NULL); 3298 if (vs->ioc_tag) { 3299 g_source_remove(vs->ioc_tag); 3300 } 3301 if (websocket) { 3302 vs->websocket = 1; 3303 if (vd->tlscreds) { 3304 vs->ioc_tag = qio_channel_add_watch( 3305 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3306 vncws_tls_handshake_io, vs, NULL); 3307 } else { 3308 vs->ioc_tag = qio_channel_add_watch( 3309 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3310 vncws_handshake_io, vs, NULL); 3311 } 3312 } else { 3313 vs->ioc_tag = qio_channel_add_watch( 3314 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3315 vnc_client_io, vs, NULL); 3316 } 3317 3318 vnc_client_cache_addr(vs); 3319 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3320 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3321 3322 vs->last_x = -1; 3323 vs->last_y = -1; 3324 3325 vs->as.freq = 44100; 3326 vs->as.nchannels = 2; 3327 vs->as.fmt = AUDIO_FORMAT_S16; 3328 vs->as.endianness = 0; 3329 3330 qemu_mutex_init(&vs->output_mutex); 3331 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3332 3333 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3334 if (first_client) { 3335 vnc_update_server_surface(vd); 3336 } 3337 3338 graphic_hw_update(vd->dcl.con); 3339 3340 if (!vs->websocket) { 3341 vnc_start_protocol(vs); 3342 } 3343 3344 if (vd->num_connecting > vd->connections_limit) { 3345 QTAILQ_FOREACH(vs, &vd->clients, next) { 3346 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3347 vnc_disconnect_start(vs); 3348 return; 3349 } 3350 } 3351 } 3352 } 3353 3354 void vnc_start_protocol(VncState *vs) 3355 { 3356 vnc_write(vs, "RFB 003.008\n", 12); 3357 vnc_flush(vs); 3358 vnc_read_when(vs, protocol_version, 12); 3359 3360 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3361 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3362 } 3363 3364 static void vnc_listen_io(QIONetListener *listener, 3365 QIOChannelSocket *cioc, 3366 void *opaque) 3367 { 3368 VncDisplay *vd = opaque; 3369 bool isWebsock = listener == vd->wslistener; 3370 3371 qio_channel_set_name(QIO_CHANNEL(cioc), 3372 isWebsock ? "vnc-ws-server" : "vnc-server"); 3373 qio_channel_set_delay(QIO_CHANNEL(cioc), false); 3374 vnc_connect(vd, cioc, false, isWebsock); 3375 } 3376 3377 static const DisplayChangeListenerOps dcl_ops = { 3378 .dpy_name = "vnc", 3379 .dpy_refresh = vnc_refresh, 3380 .dpy_gfx_update = vnc_dpy_update, 3381 .dpy_gfx_switch = vnc_dpy_switch, 3382 .dpy_gfx_check_format = qemu_pixman_check_format, 3383 .dpy_mouse_set = vnc_mouse_set, 3384 .dpy_cursor_define = vnc_dpy_cursor_define, 3385 }; 3386 3387 void vnc_display_init(const char *id, Error **errp) 3388 { 3389 VncDisplay *vd; 3390 3391 if (vnc_display_find(id) != NULL) { 3392 return; 3393 } 3394 vd = g_malloc0(sizeof(*vd)); 3395 3396 vd->id = strdup(id); 3397 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next); 3398 3399 QTAILQ_INIT(&vd->clients); 3400 vd->expires = TIME_MAX; 3401 3402 if (keyboard_layout) { 3403 trace_vnc_key_map_init(keyboard_layout); 3404 vd->kbd_layout = init_keyboard_layout(name2keysym, 3405 keyboard_layout, errp); 3406 } else { 3407 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp); 3408 } 3409 3410 if (!vd->kbd_layout) { 3411 return; 3412 } 3413 3414 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3415 vd->connections_limit = 32; 3416 3417 qemu_mutex_init(&vd->mutex); 3418 vnc_start_worker_thread(); 3419 3420 vd->dcl.ops = &dcl_ops; 3421 register_displaychangelistener(&vd->dcl); 3422 vd->kbd = qkbd_state_init(vd->dcl.con); 3423 } 3424 3425 3426 static void vnc_display_close(VncDisplay *vd) 3427 { 3428 if (!vd) { 3429 return; 3430 } 3431 3432 if (vd->listener) { 3433 qio_net_listener_disconnect(vd->listener); 3434 object_unref(OBJECT(vd->listener)); 3435 } 3436 vd->listener = NULL; 3437 3438 if (vd->wslistener) { 3439 qio_net_listener_disconnect(vd->wslistener); 3440 object_unref(OBJECT(vd->wslistener)); 3441 } 3442 vd->wslistener = NULL; 3443 3444 vd->auth = VNC_AUTH_INVALID; 3445 vd->subauth = VNC_AUTH_INVALID; 3446 if (vd->tlscreds) { 3447 object_unref(OBJECT(vd->tlscreds)); 3448 vd->tlscreds = NULL; 3449 } 3450 if (vd->tlsauthz) { 3451 object_unparent(OBJECT(vd->tlsauthz)); 3452 vd->tlsauthz = NULL; 3453 } 3454 g_free(vd->tlsauthzid); 3455 vd->tlsauthzid = NULL; 3456 if (vd->lock_key_sync) { 3457 qemu_remove_led_event_handler(vd->led); 3458 vd->led = NULL; 3459 } 3460 #ifdef CONFIG_VNC_SASL 3461 if (vd->sasl.authz) { 3462 object_unparent(OBJECT(vd->sasl.authz)); 3463 vd->sasl.authz = NULL; 3464 } 3465 g_free(vd->sasl.authzid); 3466 vd->sasl.authzid = NULL; 3467 #endif 3468 } 3469 3470 int vnc_display_password(const char *id, const char *password) 3471 { 3472 VncDisplay *vd = vnc_display_find(id); 3473 3474 if (!vd) { 3475 return -EINVAL; 3476 } 3477 if (vd->auth == VNC_AUTH_NONE) { 3478 error_printf_unless_qmp("If you want use passwords please enable " 3479 "password auth using '-vnc ${dpy},password'.\n"); 3480 return -EINVAL; 3481 } 3482 3483 g_free(vd->password); 3484 vd->password = g_strdup(password); 3485 3486 return 0; 3487 } 3488 3489 int vnc_display_pw_expire(const char *id, time_t expires) 3490 { 3491 VncDisplay *vd = vnc_display_find(id); 3492 3493 if (!vd) { 3494 return -EINVAL; 3495 } 3496 3497 vd->expires = expires; 3498 return 0; 3499 } 3500 3501 static void vnc_display_print_local_addr(VncDisplay *vd) 3502 { 3503 SocketAddress *addr; 3504 3505 if (!vd->listener || !vd->listener->nsioc) { 3506 return; 3507 } 3508 3509 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL); 3510 if (!addr) { 3511 return; 3512 } 3513 3514 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 3515 qapi_free_SocketAddress(addr); 3516 return; 3517 } 3518 error_printf_unless_qmp("VNC server running on %s:%s\n", 3519 addr->u.inet.host, 3520 addr->u.inet.port); 3521 qapi_free_SocketAddress(addr); 3522 } 3523 3524 static QemuOptsList qemu_vnc_opts = { 3525 .name = "vnc", 3526 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3527 .implied_opt_name = "vnc", 3528 .desc = { 3529 { 3530 .name = "vnc", 3531 .type = QEMU_OPT_STRING, 3532 },{ 3533 .name = "websocket", 3534 .type = QEMU_OPT_STRING, 3535 },{ 3536 .name = "tls-creds", 3537 .type = QEMU_OPT_STRING, 3538 },{ 3539 .name = "share", 3540 .type = QEMU_OPT_STRING, 3541 },{ 3542 .name = "display", 3543 .type = QEMU_OPT_STRING, 3544 },{ 3545 .name = "head", 3546 .type = QEMU_OPT_NUMBER, 3547 },{ 3548 .name = "connections", 3549 .type = QEMU_OPT_NUMBER, 3550 },{ 3551 .name = "to", 3552 .type = QEMU_OPT_NUMBER, 3553 },{ 3554 .name = "ipv4", 3555 .type = QEMU_OPT_BOOL, 3556 },{ 3557 .name = "ipv6", 3558 .type = QEMU_OPT_BOOL, 3559 },{ 3560 .name = "password", 3561 .type = QEMU_OPT_BOOL, 3562 },{ 3563 .name = "password-secret", 3564 .type = QEMU_OPT_STRING, 3565 },{ 3566 .name = "reverse", 3567 .type = QEMU_OPT_BOOL, 3568 },{ 3569 .name = "lock-key-sync", 3570 .type = QEMU_OPT_BOOL, 3571 },{ 3572 .name = "key-delay-ms", 3573 .type = QEMU_OPT_NUMBER, 3574 },{ 3575 .name = "sasl", 3576 .type = QEMU_OPT_BOOL, 3577 },{ 3578 .name = "tls-authz", 3579 .type = QEMU_OPT_STRING, 3580 },{ 3581 .name = "sasl-authz", 3582 .type = QEMU_OPT_STRING, 3583 },{ 3584 .name = "lossy", 3585 .type = QEMU_OPT_BOOL, 3586 },{ 3587 .name = "non-adaptive", 3588 .type = QEMU_OPT_BOOL, 3589 },{ 3590 .name = "audiodev", 3591 .type = QEMU_OPT_STRING, 3592 },{ 3593 .name = "power-control", 3594 .type = QEMU_OPT_BOOL, 3595 }, 3596 { /* end of list */ } 3597 }, 3598 }; 3599 3600 3601 static int 3602 vnc_display_setup_auth(int *auth, 3603 int *subauth, 3604 QCryptoTLSCreds *tlscreds, 3605 bool password, 3606 bool sasl, 3607 bool websocket, 3608 Error **errp) 3609 { 3610 /* 3611 * We have a choice of 3 authentication options 3612 * 3613 * 1. none 3614 * 2. vnc 3615 * 3. sasl 3616 * 3617 * The channel can be run in 2 modes 3618 * 3619 * 1. clear 3620 * 2. tls 3621 * 3622 * And TLS can use 2 types of credentials 3623 * 3624 * 1. anon 3625 * 2. x509 3626 * 3627 * We thus have 9 possible logical combinations 3628 * 3629 * 1. clear + none 3630 * 2. clear + vnc 3631 * 3. clear + sasl 3632 * 4. tls + anon + none 3633 * 5. tls + anon + vnc 3634 * 6. tls + anon + sasl 3635 * 7. tls + x509 + none 3636 * 8. tls + x509 + vnc 3637 * 9. tls + x509 + sasl 3638 * 3639 * These need to be mapped into the VNC auth schemes 3640 * in an appropriate manner. In regular VNC, all the 3641 * TLS options get mapped into VNC_AUTH_VENCRYPT 3642 * sub-auth types. 3643 * 3644 * In websockets, the https:// protocol already provides 3645 * TLS support, so there is no need to make use of the 3646 * VeNCrypt extension. Furthermore, websockets browser 3647 * clients could not use VeNCrypt even if they wanted to, 3648 * as they cannot control when the TLS handshake takes 3649 * place. Thus there is no option but to rely on https://, 3650 * meaning combinations 4->6 and 7->9 will be mapped to 3651 * VNC auth schemes in the same way as combos 1->3. 3652 * 3653 * Regardless of fact that we have a different mapping to 3654 * VNC auth mechs for plain VNC vs websockets VNC, the end 3655 * result has the same security characteristics. 3656 */ 3657 if (websocket || !tlscreds) { 3658 if (password) { 3659 VNC_DEBUG("Initializing VNC server with password auth\n"); 3660 *auth = VNC_AUTH_VNC; 3661 } else if (sasl) { 3662 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3663 *auth = VNC_AUTH_SASL; 3664 } else { 3665 VNC_DEBUG("Initializing VNC server with no auth\n"); 3666 *auth = VNC_AUTH_NONE; 3667 } 3668 *subauth = VNC_AUTH_INVALID; 3669 } else { 3670 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds), 3671 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL; 3672 bool is_anon = object_dynamic_cast(OBJECT(tlscreds), 3673 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL; 3674 3675 if (!is_x509 && !is_anon) { 3676 error_setg(errp, 3677 "Unsupported TLS cred type %s", 3678 object_get_typename(OBJECT(tlscreds))); 3679 return -1; 3680 } 3681 *auth = VNC_AUTH_VENCRYPT; 3682 if (password) { 3683 if (is_x509) { 3684 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3685 *subauth = VNC_AUTH_VENCRYPT_X509VNC; 3686 } else { 3687 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3688 *subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3689 } 3690 3691 } else if (sasl) { 3692 if (is_x509) { 3693 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3694 *subauth = VNC_AUTH_VENCRYPT_X509SASL; 3695 } else { 3696 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3697 *subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3698 } 3699 } else { 3700 if (is_x509) { 3701 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3702 *subauth = VNC_AUTH_VENCRYPT_X509NONE; 3703 } else { 3704 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3705 *subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3706 } 3707 } 3708 } 3709 return 0; 3710 } 3711 3712 3713 static int vnc_display_get_address(const char *addrstr, 3714 bool websocket, 3715 bool reverse, 3716 int displaynum, 3717 int to, 3718 bool has_ipv4, 3719 bool has_ipv6, 3720 bool ipv4, 3721 bool ipv6, 3722 SocketAddress **retaddr, 3723 Error **errp) 3724 { 3725 int ret = -1; 3726 SocketAddress *addr = NULL; 3727 3728 addr = g_new0(SocketAddress, 1); 3729 3730 if (strncmp(addrstr, "unix:", 5) == 0) { 3731 addr->type = SOCKET_ADDRESS_TYPE_UNIX; 3732 addr->u.q_unix.path = g_strdup(addrstr + 5); 3733 3734 if (to) { 3735 error_setg(errp, "Port range not support with UNIX socket"); 3736 goto cleanup; 3737 } 3738 ret = 0; 3739 } else { 3740 const char *port; 3741 size_t hostlen; 3742 uint64_t baseport = 0; 3743 InetSocketAddress *inet; 3744 3745 port = strrchr(addrstr, ':'); 3746 if (!port) { 3747 if (websocket) { 3748 hostlen = 0; 3749 port = addrstr; 3750 } else { 3751 error_setg(errp, "no vnc port specified"); 3752 goto cleanup; 3753 } 3754 } else { 3755 hostlen = port - addrstr; 3756 port++; 3757 if (*port == '\0') { 3758 error_setg(errp, "vnc port cannot be empty"); 3759 goto cleanup; 3760 } 3761 } 3762 3763 addr->type = SOCKET_ADDRESS_TYPE_INET; 3764 inet = &addr->u.inet; 3765 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') { 3766 inet->host = g_strndup(addrstr + 1, hostlen - 2); 3767 } else { 3768 inet->host = g_strndup(addrstr, hostlen); 3769 } 3770 /* plain VNC port is just an offset, for websocket 3771 * port is absolute */ 3772 if (websocket) { 3773 if (g_str_equal(addrstr, "") || 3774 g_str_equal(addrstr, "on")) { 3775 if (displaynum == -1) { 3776 error_setg(errp, "explicit websocket port is required"); 3777 goto cleanup; 3778 } 3779 inet->port = g_strdup_printf( 3780 "%d", displaynum + 5700); 3781 if (to) { 3782 inet->has_to = true; 3783 inet->to = to + 5700; 3784 } 3785 } else { 3786 inet->port = g_strdup(port); 3787 } 3788 } else { 3789 int offset = reverse ? 0 : 5900; 3790 if (parse_uint_full(port, 10, &baseport) < 0) { 3791 error_setg(errp, "can't convert to a number: %s", port); 3792 goto cleanup; 3793 } 3794 if (baseport > 65535 || 3795 baseport + offset > 65535) { 3796 error_setg(errp, "port %s out of range", port); 3797 goto cleanup; 3798 } 3799 inet->port = g_strdup_printf( 3800 "%d", (int)baseport + offset); 3801 3802 if (to) { 3803 inet->has_to = true; 3804 inet->to = to + offset; 3805 } 3806 } 3807 3808 inet->ipv4 = ipv4; 3809 inet->has_ipv4 = has_ipv4; 3810 inet->ipv6 = ipv6; 3811 inet->has_ipv6 = has_ipv6; 3812 3813 ret = baseport; 3814 } 3815 3816 *retaddr = addr; 3817 3818 cleanup: 3819 if (ret < 0) { 3820 qapi_free_SocketAddress(addr); 3821 } 3822 return ret; 3823 } 3824 3825 static int vnc_display_get_addresses(QemuOpts *opts, 3826 bool reverse, 3827 SocketAddressList **saddr_list_ret, 3828 SocketAddressList **wsaddr_list_ret, 3829 Error **errp) 3830 { 3831 SocketAddress *saddr = NULL; 3832 SocketAddress *wsaddr = NULL; 3833 g_autoptr(SocketAddressList) saddr_list = NULL; 3834 SocketAddressList **saddr_tail = &saddr_list; 3835 SocketAddress *single_saddr = NULL; 3836 g_autoptr(SocketAddressList) wsaddr_list = NULL; 3837 SocketAddressList **wsaddr_tail = &wsaddr_list; 3838 QemuOptsIter addriter; 3839 const char *addr; 3840 int to = qemu_opt_get_number(opts, "to", 0); 3841 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3842 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3843 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3844 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3845 int displaynum = -1; 3846 3847 addr = qemu_opt_get(opts, "vnc"); 3848 if (addr == NULL || g_str_equal(addr, "none")) { 3849 return 0; 3850 } 3851 if (qemu_opt_get(opts, "websocket") && 3852 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) { 3853 error_setg(errp, 3854 "SHA1 hash support is required for websockets"); 3855 return -1; 3856 } 3857 3858 qemu_opt_iter_init(&addriter, opts, "vnc"); 3859 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3860 int rv; 3861 rv = vnc_display_get_address(addr, false, reverse, 0, to, 3862 has_ipv4, has_ipv6, 3863 ipv4, ipv6, 3864 &saddr, errp); 3865 if (rv < 0) { 3866 return -1; 3867 } 3868 /* Historical compat - first listen address can be used 3869 * to set the default websocket port 3870 */ 3871 if (displaynum == -1) { 3872 displaynum = rv; 3873 } 3874 QAPI_LIST_APPEND(saddr_tail, saddr); 3875 } 3876 3877 if (saddr_list && !saddr_list->next) { 3878 single_saddr = saddr_list->value; 3879 } else { 3880 /* 3881 * If we had multiple primary displays, we don't do defaults 3882 * for websocket, and require explicit config instead. 3883 */ 3884 displaynum = -1; 3885 } 3886 3887 qemu_opt_iter_init(&addriter, opts, "websocket"); 3888 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3889 if (vnc_display_get_address(addr, true, reverse, displaynum, to, 3890 has_ipv4, has_ipv6, 3891 ipv4, ipv6, 3892 &wsaddr, errp) < 0) { 3893 return -1; 3894 } 3895 3896 /* Historical compat - if only a single listen address was 3897 * provided, then this is used to set the default listen 3898 * address for websocket too 3899 */ 3900 if (single_saddr && 3901 single_saddr->type == SOCKET_ADDRESS_TYPE_INET && 3902 wsaddr->type == SOCKET_ADDRESS_TYPE_INET && 3903 g_str_equal(wsaddr->u.inet.host, "") && 3904 !g_str_equal(single_saddr->u.inet.host, "")) { 3905 g_free(wsaddr->u.inet.host); 3906 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host); 3907 } 3908 3909 QAPI_LIST_APPEND(wsaddr_tail, wsaddr); 3910 } 3911 3912 *saddr_list_ret = g_steal_pointer(&saddr_list); 3913 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list); 3914 return 0; 3915 } 3916 3917 static int vnc_display_connect(VncDisplay *vd, 3918 SocketAddressList *saddr_list, 3919 SocketAddressList *wsaddr_list, 3920 Error **errp) 3921 { 3922 /* connect to viewer */ 3923 QIOChannelSocket *sioc = NULL; 3924 if (wsaddr_list) { 3925 error_setg(errp, "Cannot use websockets in reverse mode"); 3926 return -1; 3927 } 3928 if (!saddr_list || saddr_list->next) { 3929 error_setg(errp, "Expected a single address in reverse mode"); 3930 return -1; 3931 } 3932 sioc = qio_channel_socket_new(); 3933 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse"); 3934 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) { 3935 object_unref(OBJECT(sioc)); 3936 return -1; 3937 } 3938 vnc_connect(vd, sioc, false, false); 3939 object_unref(OBJECT(sioc)); 3940 return 0; 3941 } 3942 3943 3944 static int vnc_display_listen(VncDisplay *vd, 3945 SocketAddressList *saddr_list, 3946 SocketAddressList *wsaddr_list, 3947 Error **errp) 3948 { 3949 SocketAddressList *el; 3950 3951 if (saddr_list) { 3952 vd->listener = qio_net_listener_new(); 3953 qio_net_listener_set_name(vd->listener, "vnc-listen"); 3954 for (el = saddr_list; el; el = el->next) { 3955 if (qio_net_listener_open_sync(vd->listener, 3956 el->value, 1, 3957 errp) < 0) { 3958 return -1; 3959 } 3960 } 3961 3962 qio_net_listener_set_client_func(vd->listener, 3963 vnc_listen_io, vd, NULL); 3964 } 3965 3966 if (wsaddr_list) { 3967 vd->wslistener = qio_net_listener_new(); 3968 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen"); 3969 for (el = wsaddr_list; el; el = el->next) { 3970 if (qio_net_listener_open_sync(vd->wslistener, 3971 el->value, 1, 3972 errp) < 0) { 3973 return -1; 3974 } 3975 } 3976 3977 qio_net_listener_set_client_func(vd->wslistener, 3978 vnc_listen_io, vd, NULL); 3979 } 3980 3981 return 0; 3982 } 3983 3984 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp) 3985 { 3986 VncDisplay *vd = vnc_display_find(NULL); 3987 3988 if (!vd) { 3989 error_setg(errp, "Can not find vnc display"); 3990 return false; 3991 } 3992 3993 if (arg->has_addresses) { 3994 if (vd->listener) { 3995 qio_net_listener_disconnect(vd->listener); 3996 object_unref(OBJECT(vd->listener)); 3997 vd->listener = NULL; 3998 } 3999 4000 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) { 4001 return false; 4002 } 4003 } 4004 4005 return true; 4006 } 4007 4008 void vnc_display_open(const char *id, Error **errp) 4009 { 4010 VncDisplay *vd = vnc_display_find(id); 4011 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 4012 g_autoptr(SocketAddressList) saddr_list = NULL; 4013 g_autoptr(SocketAddressList) wsaddr_list = NULL; 4014 const char *share, *device_id; 4015 QemuConsole *con; 4016 bool password = false; 4017 bool reverse = false; 4018 const char *credid; 4019 bool sasl = false; 4020 const char *tlsauthz; 4021 const char *saslauthz; 4022 int lock_key_sync = 1; 4023 int key_delay_ms; 4024 const char *audiodev; 4025 const char *passwordSecret; 4026 4027 if (!vd) { 4028 error_setg(errp, "VNC display not active"); 4029 return; 4030 } 4031 vnc_display_close(vd); 4032 4033 if (!opts) { 4034 return; 4035 } 4036 4037 reverse = qemu_opt_get_bool(opts, "reverse", false); 4038 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list, 4039 errp) < 0) { 4040 goto fail; 4041 } 4042 4043 4044 passwordSecret = qemu_opt_get(opts, "password-secret"); 4045 if (passwordSecret) { 4046 if (qemu_opt_get(opts, "password")) { 4047 error_setg(errp, 4048 "'password' flag is redundant with 'password-secret'"); 4049 goto fail; 4050 } 4051 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret, 4052 errp); 4053 if (!vd->password) { 4054 goto fail; 4055 } 4056 password = true; 4057 } else { 4058 password = qemu_opt_get_bool(opts, "password", false); 4059 } 4060 if (password) { 4061 if (!qcrypto_cipher_supports( 4062 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) { 4063 error_setg(errp, 4064 "Cipher backend does not support DES algorithm"); 4065 goto fail; 4066 } 4067 } 4068 4069 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 4070 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10); 4071 sasl = qemu_opt_get_bool(opts, "sasl", false); 4072 #ifndef CONFIG_VNC_SASL 4073 if (sasl) { 4074 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 4075 goto fail; 4076 } 4077 #endif /* CONFIG_VNC_SASL */ 4078 credid = qemu_opt_get(opts, "tls-creds"); 4079 if (credid) { 4080 Object *creds; 4081 creds = object_resolve_path_component( 4082 object_get_objects_root(), credid); 4083 if (!creds) { 4084 error_setg(errp, "No TLS credentials with id '%s'", 4085 credid); 4086 goto fail; 4087 } 4088 vd->tlscreds = (QCryptoTLSCreds *) 4089 object_dynamic_cast(creds, 4090 TYPE_QCRYPTO_TLS_CREDS); 4091 if (!vd->tlscreds) { 4092 error_setg(errp, "Object with id '%s' is not TLS credentials", 4093 credid); 4094 goto fail; 4095 } 4096 object_ref(OBJECT(vd->tlscreds)); 4097 4098 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds, 4099 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, 4100 errp)) { 4101 goto fail; 4102 } 4103 } 4104 tlsauthz = qemu_opt_get(opts, "tls-authz"); 4105 if (tlsauthz && !vd->tlscreds) { 4106 error_setg(errp, "'tls-authz' provided but TLS is not enabled"); 4107 goto fail; 4108 } 4109 4110 saslauthz = qemu_opt_get(opts, "sasl-authz"); 4111 if (saslauthz && !sasl) { 4112 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled"); 4113 goto fail; 4114 } 4115 4116 share = qemu_opt_get(opts, "share"); 4117 if (share) { 4118 if (strcmp(share, "ignore") == 0) { 4119 vd->share_policy = VNC_SHARE_POLICY_IGNORE; 4120 } else if (strcmp(share, "allow-exclusive") == 0) { 4121 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4122 } else if (strcmp(share, "force-shared") == 0) { 4123 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 4124 } else { 4125 error_setg(errp, "unknown vnc share= option"); 4126 goto fail; 4127 } 4128 } else { 4129 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4130 } 4131 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32); 4132 4133 #ifdef CONFIG_VNC_JPEG 4134 vd->lossy = qemu_opt_get_bool(opts, "lossy", false); 4135 #endif 4136 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 4137 /* adaptive updates are only used with tight encoding and 4138 * if lossy updates are enabled so we can disable all the 4139 * calculations otherwise */ 4140 if (!vd->lossy) { 4141 vd->non_adaptive = true; 4142 } 4143 4144 vd->power_control = qemu_opt_get_bool(opts, "power-control", false); 4145 4146 if (tlsauthz) { 4147 vd->tlsauthzid = g_strdup(tlsauthz); 4148 } 4149 #ifdef CONFIG_VNC_SASL 4150 if (sasl) { 4151 if (saslauthz) { 4152 vd->sasl.authzid = g_strdup(saslauthz); 4153 } 4154 } 4155 #endif 4156 4157 if (vnc_display_setup_auth(&vd->auth, &vd->subauth, 4158 vd->tlscreds, password, 4159 sasl, false, errp) < 0) { 4160 goto fail; 4161 } 4162 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth); 4163 4164 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth, 4165 vd->tlscreds, password, 4166 sasl, true, errp) < 0) { 4167 goto fail; 4168 } 4169 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth); 4170 4171 #ifdef CONFIG_VNC_SASL 4172 if (sasl && !vnc_sasl_server_init(errp)) { 4173 goto fail; 4174 } 4175 #endif 4176 vd->lock_key_sync = lock_key_sync; 4177 if (lock_key_sync) { 4178 vd->led = qemu_add_led_event_handler(kbd_leds, vd); 4179 } 4180 vd->ledstate = 0; 4181 4182 audiodev = qemu_opt_get(opts, "audiodev"); 4183 if (audiodev) { 4184 vd->audio_state = audio_state_by_name(audiodev, errp); 4185 if (!vd->audio_state) { 4186 goto fail; 4187 } 4188 } else { 4189 vd->audio_state = audio_get_default_audio_state(NULL); 4190 } 4191 4192 device_id = qemu_opt_get(opts, "display"); 4193 if (device_id) { 4194 int head = qemu_opt_get_number(opts, "head", 0); 4195 Error *err = NULL; 4196 4197 con = qemu_console_lookup_by_device_name(device_id, head, &err); 4198 if (err) { 4199 error_propagate(errp, err); 4200 goto fail; 4201 } 4202 } else { 4203 con = qemu_console_lookup_default(); 4204 } 4205 4206 if (con != vd->dcl.con) { 4207 qkbd_state_free(vd->kbd); 4208 unregister_displaychangelistener(&vd->dcl); 4209 vd->dcl.con = con; 4210 register_displaychangelistener(&vd->dcl); 4211 vd->kbd = qkbd_state_init(vd->dcl.con); 4212 } 4213 qkbd_state_set_delay(vd->kbd, key_delay_ms); 4214 4215 if (saddr_list == NULL) { 4216 return; 4217 } 4218 4219 if (reverse) { 4220 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) { 4221 goto fail; 4222 } 4223 } else { 4224 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) { 4225 goto fail; 4226 } 4227 } 4228 4229 if (qemu_opt_get(opts, "to")) { 4230 vnc_display_print_local_addr(vd); 4231 } 4232 4233 /* Success */ 4234 return; 4235 4236 fail: 4237 vnc_display_close(vd); 4238 } 4239 4240 void vnc_display_add_client(const char *id, int csock, bool skipauth) 4241 { 4242 VncDisplay *vd = vnc_display_find(id); 4243 QIOChannelSocket *sioc; 4244 4245 if (!vd) { 4246 return; 4247 } 4248 4249 sioc = qio_channel_socket_new_fd(csock, NULL); 4250 if (sioc) { 4251 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server"); 4252 vnc_connect(vd, sioc, skipauth, false); 4253 object_unref(OBJECT(sioc)); 4254 } 4255 } 4256 4257 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 4258 { 4259 int i = 2; 4260 char *id; 4261 4262 id = g_strdup("default"); 4263 while (qemu_opts_find(olist, id)) { 4264 g_free(id); 4265 id = g_strdup_printf("vnc%d", i++); 4266 } 4267 qemu_opts_set_id(opts, id); 4268 } 4269 4270 void vnc_parse(const char *str) 4271 { 4272 QemuOptsList *olist = qemu_find_opts("vnc"); 4273 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str)); 4274 const char *id; 4275 4276 if (!opts) { 4277 exit(1); 4278 } 4279 4280 id = qemu_opts_id(opts); 4281 if (!id) { 4282 /* auto-assign id if not present */ 4283 vnc_auto_assign_id(olist, opts); 4284 } 4285 } 4286 4287 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 4288 { 4289 Error *local_err = NULL; 4290 char *id = (char *)qemu_opts_id(opts); 4291 4292 assert(id); 4293 vnc_display_init(id, &local_err); 4294 if (local_err) { 4295 error_propagate(errp, local_err); 4296 return -1; 4297 } 4298 vnc_display_open(id, &local_err); 4299 if (local_err != NULL) { 4300 error_propagate(errp, local_err); 4301 return -1; 4302 } 4303 return 0; 4304 } 4305 4306 static void vnc_register_config(void) 4307 { 4308 qemu_add_opts(&qemu_vnc_opts); 4309 } 4310 opts_init(vnc_register_config); 4311