]> git.proxmox.com Git - mirror_qemu.git/blob - ui/vnc.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
spapr/target-ppc/kvm: Only add hcall-instructions if KVM supports it
[mirror_qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "qemu/acl.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qmp/qerror.h"
39 #include "qapi/qmp/types.h"
40 #include "qmp-commands.h"
41 #include "ui/input.h"
42 #include "qapi-event.h"
43 #include "crypto/hash.h"
44 #include "crypto/tlscredsanon.h"
45 #include "crypto/tlscredsx509.h"
46 #include "qom/object_interfaces.h"
47
48 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
49 #define VNC_REFRESH_INTERVAL_INC 50
50 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
51 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
52 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
53
54 #include "vnc_keysym.h"
55 #include "crypto/cipher.h"
56
57 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
58 QTAILQ_HEAD_INITIALIZER(vnc_displays);
59
60 static int vnc_cursor_define(VncState *vs);
61 static void vnc_release_modifiers(VncState *vs);
62
63 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
64 {
65 #ifdef _VNC_DEBUG
66 static const char *mn[] = {
67 [0] = "undefined",
68 [VNC_SHARE_MODE_CONNECTING] = "connecting",
69 [VNC_SHARE_MODE_SHARED] = "shared",
70 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
71 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
72 };
73 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
74 vs->ioc, mn[vs->share_mode], mn[mode]);
75 #endif
76
77 switch (vs->share_mode) {
78 case VNC_SHARE_MODE_CONNECTING:
79 vs->vd->num_connecting--;
80 break;
81 case VNC_SHARE_MODE_SHARED:
82 vs->vd->num_shared--;
83 break;
84 case VNC_SHARE_MODE_EXCLUSIVE:
85 vs->vd->num_exclusive--;
86 break;
87 default:
88 break;
89 }
90
91 vs->share_mode = mode;
92
93 switch (vs->share_mode) {
94 case VNC_SHARE_MODE_CONNECTING:
95 vs->vd->num_connecting++;
96 break;
97 case VNC_SHARE_MODE_SHARED:
98 vs->vd->num_shared++;
99 break;
100 case VNC_SHARE_MODE_EXCLUSIVE:
101 vs->vd->num_exclusive++;
102 break;
103 default:
104 break;
105 }
106 }
107
108
109 static void vnc_init_basic_info(SocketAddress *addr,
110 VncBasicInfo *info,
111 Error **errp)
112 {
113 switch (addr->type) {
114 case SOCKET_ADDRESS_KIND_INET:
115 info->host = g_strdup(addr->u.inet.data->host);
116 info->service = g_strdup(addr->u.inet.data->port);
117 if (addr->u.inet.data->ipv6) {
118 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
119 } else {
120 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
121 }
122 break;
123
124 case SOCKET_ADDRESS_KIND_UNIX:
125 info->host = g_strdup("");
126 info->service = g_strdup(addr->u.q_unix.data->path);
127 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
128 break;
129
130 default:
131 error_setg(errp, "Unsupported socket kind %d",
132 addr->type);
133 break;
134 }
135
136 return;
137 }
138
139 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
140 VncBasicInfo *info,
141 Error **errp)
142 {
143 SocketAddress *addr = NULL;
144
145 addr = qio_channel_socket_get_local_address(ioc, errp);
146 if (!addr) {
147 return;
148 }
149
150 vnc_init_basic_info(addr, info, errp);
151 qapi_free_SocketAddress(addr);
152 }
153
154 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
155 VncBasicInfo *info,
156 Error **errp)
157 {
158 SocketAddress *addr = NULL;
159
160 addr = qio_channel_socket_get_remote_address(ioc, errp);
161 if (!addr) {
162 return;
163 }
164
165 vnc_init_basic_info(addr, info, errp);
166 qapi_free_SocketAddress(addr);
167 }
168
169 static const char *vnc_auth_name(VncDisplay *vd) {
170 switch (vd->auth) {
171 case VNC_AUTH_INVALID:
172 return "invalid";
173 case VNC_AUTH_NONE:
174 return "none";
175 case VNC_AUTH_VNC:
176 return "vnc";
177 case VNC_AUTH_RA2:
178 return "ra2";
179 case VNC_AUTH_RA2NE:
180 return "ra2ne";
181 case VNC_AUTH_TIGHT:
182 return "tight";
183 case VNC_AUTH_ULTRA:
184 return "ultra";
185 case VNC_AUTH_TLS:
186 return "tls";
187 case VNC_AUTH_VENCRYPT:
188 switch (vd->subauth) {
189 case VNC_AUTH_VENCRYPT_PLAIN:
190 return "vencrypt+plain";
191 case VNC_AUTH_VENCRYPT_TLSNONE:
192 return "vencrypt+tls+none";
193 case VNC_AUTH_VENCRYPT_TLSVNC:
194 return "vencrypt+tls+vnc";
195 case VNC_AUTH_VENCRYPT_TLSPLAIN:
196 return "vencrypt+tls+plain";
197 case VNC_AUTH_VENCRYPT_X509NONE:
198 return "vencrypt+x509+none";
199 case VNC_AUTH_VENCRYPT_X509VNC:
200 return "vencrypt+x509+vnc";
201 case VNC_AUTH_VENCRYPT_X509PLAIN:
202 return "vencrypt+x509+plain";
203 case VNC_AUTH_VENCRYPT_TLSSASL:
204 return "vencrypt+tls+sasl";
205 case VNC_AUTH_VENCRYPT_X509SASL:
206 return "vencrypt+x509+sasl";
207 default:
208 return "vencrypt";
209 }
210 case VNC_AUTH_SASL:
211 return "sasl";
212 }
213 return "unknown";
214 }
215
216 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
217 {
218 VncServerInfo *info;
219 Error *err = NULL;
220
221 info = g_malloc(sizeof(*info));
222 vnc_init_basic_info_from_server_addr(vd->lsock,
223 qapi_VncServerInfo_base(info), &err);
224 info->has_auth = true;
225 info->auth = g_strdup(vnc_auth_name(vd));
226 if (err) {
227 qapi_free_VncServerInfo(info);
228 info = NULL;
229 error_free(err);
230 }
231 return info;
232 }
233
234 static void vnc_client_cache_auth(VncState *client)
235 {
236 if (!client->info) {
237 return;
238 }
239
240 if (client->tls) {
241 client->info->x509_dname =
242 qcrypto_tls_session_get_peer_name(client->tls);
243 client->info->has_x509_dname =
244 client->info->x509_dname != NULL;
245 }
246 #ifdef CONFIG_VNC_SASL
247 if (client->sasl.conn &&
248 client->sasl.username) {
249 client->info->has_sasl_username = true;
250 client->info->sasl_username = g_strdup(client->sasl.username);
251 }
252 #endif
253 }
254
255 static void vnc_client_cache_addr(VncState *client)
256 {
257 Error *err = NULL;
258
259 client->info = g_malloc0(sizeof(*client->info));
260 vnc_init_basic_info_from_remote_addr(client->sioc,
261 qapi_VncClientInfo_base(client->info),
262 &err);
263 if (err) {
264 qapi_free_VncClientInfo(client->info);
265 client->info = NULL;
266 error_free(err);
267 }
268 }
269
270 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
271 {
272 VncServerInfo *si;
273
274 if (!vs->info) {
275 return;
276 }
277
278 si = vnc_server_info_get(vs->vd);
279 if (!si) {
280 return;
281 }
282
283 switch (event) {
284 case QAPI_EVENT_VNC_CONNECTED:
285 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
286 &error_abort);
287 break;
288 case QAPI_EVENT_VNC_INITIALIZED:
289 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
290 break;
291 case QAPI_EVENT_VNC_DISCONNECTED:
292 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
293 break;
294 default:
295 break;
296 }
297
298 qapi_free_VncServerInfo(si);
299 }
300
301 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
302 {
303 VncClientInfo *info;
304 Error *err = NULL;
305
306 info = g_malloc0(sizeof(*info));
307
308 vnc_init_basic_info_from_remote_addr(client->sioc,
309 qapi_VncClientInfo_base(info),
310 &err);
311 if (err) {
312 error_free(err);
313 qapi_free_VncClientInfo(info);
314 return NULL;
315 }
316
317 info->websocket = client->websocket;
318
319 if (client->tls) {
320 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
321 info->has_x509_dname = info->x509_dname != NULL;
322 }
323 #ifdef CONFIG_VNC_SASL
324 if (client->sasl.conn && client->sasl.username) {
325 info->has_sasl_username = true;
326 info->sasl_username = g_strdup(client->sasl.username);
327 }
328 #endif
329
330 return info;
331 }
332
333 static VncDisplay *vnc_display_find(const char *id)
334 {
335 VncDisplay *vd;
336
337 if (id == NULL) {
338 return QTAILQ_FIRST(&vnc_displays);
339 }
340 QTAILQ_FOREACH(vd, &vnc_displays, next) {
341 if (strcmp(id, vd->id) == 0) {
342 return vd;
343 }
344 }
345 return NULL;
346 }
347
348 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
349 {
350 VncClientInfoList *cinfo, *prev = NULL;
351 VncState *client;
352
353 QTAILQ_FOREACH(client, &vd->clients, next) {
354 cinfo = g_new0(VncClientInfoList, 1);
355 cinfo->value = qmp_query_vnc_client(client);
356 cinfo->next = prev;
357 prev = cinfo;
358 }
359 return prev;
360 }
361
362 VncInfo *qmp_query_vnc(Error **errp)
363 {
364 VncInfo *info = g_malloc0(sizeof(*info));
365 VncDisplay *vd = vnc_display_find(NULL);
366 SocketAddress *addr = NULL;
367
368 if (vd == NULL || !vd->enabled) {
369 info->enabled = false;
370 } else {
371 info->enabled = true;
372
373 /* for compatibility with the original command */
374 info->has_clients = true;
375 info->clients = qmp_query_client_list(vd);
376
377 if (vd->lsock == NULL) {
378 return info;
379 }
380
381 addr = qio_channel_socket_get_local_address(vd->lsock, errp);
382 if (!addr) {
383 goto out_error;
384 }
385
386 switch (addr->type) {
387 case SOCKET_ADDRESS_KIND_INET:
388 info->host = g_strdup(addr->u.inet.data->host);
389 info->service = g_strdup(addr->u.inet.data->port);
390 if (addr->u.inet.data->ipv6) {
391 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
392 } else {
393 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
394 }
395 break;
396
397 case SOCKET_ADDRESS_KIND_UNIX:
398 info->host = g_strdup("");
399 info->service = g_strdup(addr->u.q_unix.data->path);
400 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
401 break;
402
403 default:
404 error_setg(errp, "Unsupported socket kind %d",
405 addr->type);
406 goto out_error;
407 }
408
409 info->has_host = true;
410 info->has_service = true;
411 info->has_family = true;
412
413 info->has_auth = true;
414 info->auth = g_strdup(vnc_auth_name(vd));
415 }
416
417 qapi_free_SocketAddress(addr);
418 return info;
419
420 out_error:
421 qapi_free_SocketAddress(addr);
422 qapi_free_VncInfo(info);
423 return NULL;
424 }
425
426 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc,
427 bool websocket,
428 VncBasicInfoList *prev)
429 {
430 VncBasicInfoList *list;
431 VncBasicInfo *info;
432 Error *err = NULL;
433 SocketAddress *addr;
434
435 addr = qio_channel_socket_get_local_address(ioc, &err);
436 if (!addr) {
437 error_free(err);
438 return prev;
439 }
440
441 info = g_new0(VncBasicInfo, 1);
442 vnc_init_basic_info(addr, info, &err);
443 qapi_free_SocketAddress(addr);
444 if (err) {
445 qapi_free_VncBasicInfo(info);
446 error_free(err);
447 return prev;
448 }
449 info->websocket = websocket;
450
451 list = g_new0(VncBasicInfoList, 1);
452 list->value = info;
453 list->next = prev;
454 return list;
455 }
456
457 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info)
458 {
459 switch (vd->auth) {
460 case VNC_AUTH_VNC:
461 info->auth = VNC_PRIMARY_AUTH_VNC;
462 break;
463 case VNC_AUTH_RA2:
464 info->auth = VNC_PRIMARY_AUTH_RA2;
465 break;
466 case VNC_AUTH_RA2NE:
467 info->auth = VNC_PRIMARY_AUTH_RA2NE;
468 break;
469 case VNC_AUTH_TIGHT:
470 info->auth = VNC_PRIMARY_AUTH_TIGHT;
471 break;
472 case VNC_AUTH_ULTRA:
473 info->auth = VNC_PRIMARY_AUTH_ULTRA;
474 break;
475 case VNC_AUTH_TLS:
476 info->auth = VNC_PRIMARY_AUTH_TLS;
477 break;
478 case VNC_AUTH_VENCRYPT:
479 info->auth = VNC_PRIMARY_AUTH_VENCRYPT;
480 info->has_vencrypt = true;
481 switch (vd->subauth) {
482 case VNC_AUTH_VENCRYPT_PLAIN:
483 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
484 break;
485 case VNC_AUTH_VENCRYPT_TLSNONE:
486 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
487 break;
488 case VNC_AUTH_VENCRYPT_TLSVNC:
489 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
490 break;
491 case VNC_AUTH_VENCRYPT_TLSPLAIN:
492 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
493 break;
494 case VNC_AUTH_VENCRYPT_X509NONE:
495 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
496 break;
497 case VNC_AUTH_VENCRYPT_X509VNC:
498 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
499 break;
500 case VNC_AUTH_VENCRYPT_X509PLAIN:
501 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
502 break;
503 case VNC_AUTH_VENCRYPT_TLSSASL:
504 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
505 break;
506 case VNC_AUTH_VENCRYPT_X509SASL:
507 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
508 break;
509 default:
510 info->has_vencrypt = false;
511 break;
512 }
513 break;
514 case VNC_AUTH_SASL:
515 info->auth = VNC_PRIMARY_AUTH_SASL;
516 break;
517 case VNC_AUTH_NONE:
518 default:
519 info->auth = VNC_PRIMARY_AUTH_NONE;
520 break;
521 }
522 }
523
524 VncInfo2List *qmp_query_vnc_servers(Error **errp)
525 {
526 VncInfo2List *item, *prev = NULL;
527 VncInfo2 *info;
528 VncDisplay *vd;
529 DeviceState *dev;
530
531 QTAILQ_FOREACH(vd, &vnc_displays, next) {
532 info = g_new0(VncInfo2, 1);
533 info->id = g_strdup(vd->id);
534 info->clients = qmp_query_client_list(vd);
535 qmp_query_auth(vd, info);
536 if (vd->dcl.con) {
537 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
538 "device", NULL));
539 info->has_display = true;
540 info->display = g_strdup(dev->id);
541 }
542 if (vd->lsock != NULL) {
543 info->server = qmp_query_server_entry(
544 vd->lsock, false, info->server);
545 }
546 if (vd->lwebsock != NULL) {
547 info->server = qmp_query_server_entry(
548 vd->lwebsock, true, info->server);
549 }
550
551 item = g_new0(VncInfo2List, 1);
552 item->value = info;
553 item->next = prev;
554 prev = item;
555 }
556 return prev;
557 }
558
559 /* TODO
560 1) Get the queue working for IO.
561 2) there is some weirdness when using the -S option (the screen is grey
562 and not totally invalidated
563 3) resolutions > 1024
564 */
565
566 static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
567 static void vnc_disconnect_start(VncState *vs);
568
569 static void vnc_colordepth(VncState *vs);
570 static void framebuffer_update_request(VncState *vs, int incremental,
571 int x_position, int y_position,
572 int w, int h);
573 static void vnc_refresh(DisplayChangeListener *dcl);
574 static int vnc_refresh_server_surface(VncDisplay *vd);
575
576 static int vnc_width(VncDisplay *vd)
577 {
578 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
579 VNC_DIRTY_PIXELS_PER_BIT));
580 }
581
582 static int vnc_height(VncDisplay *vd)
583 {
584 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
585 }
586
587 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
588 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
589 VncDisplay *vd,
590 int x, int y, int w, int h)
591 {
592 int width = vnc_width(vd);
593 int height = vnc_height(vd);
594
595 /* this is needed this to ensure we updated all affected
596 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
597 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
598 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
599
600 x = MIN(x, width);
601 y = MIN(y, height);
602 w = MIN(x + w, width) - x;
603 h = MIN(y + h, height);
604
605 for (; y < h; y++) {
606 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
607 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
608 }
609 }
610
611 static void vnc_dpy_update(DisplayChangeListener *dcl,
612 int x, int y, int w, int h)
613 {
614 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
615 struct VncSurface *s = &vd->guest;
616
617 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
618 }
619
620 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
621 int32_t encoding)
622 {
623 vnc_write_u16(vs, x);
624 vnc_write_u16(vs, y);
625 vnc_write_u16(vs, w);
626 vnc_write_u16(vs, h);
627
628 vnc_write_s32(vs, encoding);
629 }
630
631
632 static void vnc_desktop_resize(VncState *vs)
633 {
634 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
635 return;
636 }
637 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
638 vs->client_height == pixman_image_get_height(vs->vd->server)) {
639 return;
640 }
641 vs->client_width = pixman_image_get_width(vs->vd->server);
642 vs->client_height = pixman_image_get_height(vs->vd->server);
643 vnc_lock_output(vs);
644 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
645 vnc_write_u8(vs, 0);
646 vnc_write_u16(vs, 1); /* number of rects */
647 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
648 VNC_ENCODING_DESKTOPRESIZE);
649 vnc_unlock_output(vs);
650 vnc_flush(vs);
651 }
652
653 static void vnc_abort_display_jobs(VncDisplay *vd)
654 {
655 VncState *vs;
656
657 QTAILQ_FOREACH(vs, &vd->clients, next) {
658 vnc_lock_output(vs);
659 vs->abort = true;
660 vnc_unlock_output(vs);
661 }
662 QTAILQ_FOREACH(vs, &vd->clients, next) {
663 vnc_jobs_join(vs);
664 }
665 QTAILQ_FOREACH(vs, &vd->clients, next) {
666 vnc_lock_output(vs);
667 vs->abort = false;
668 vnc_unlock_output(vs);
669 }
670 }
671
672 int vnc_server_fb_stride(VncDisplay *vd)
673 {
674 return pixman_image_get_stride(vd->server);
675 }
676
677 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
678 {
679 uint8_t *ptr;
680
681 ptr = (uint8_t *)pixman_image_get_data(vd->server);
682 ptr += y * vnc_server_fb_stride(vd);
683 ptr += x * VNC_SERVER_FB_BYTES;
684 return ptr;
685 }
686
687 static void vnc_update_server_surface(VncDisplay *vd)
688 {
689 qemu_pixman_image_unref(vd->server);
690 vd->server = NULL;
691
692 if (QTAILQ_EMPTY(&vd->clients)) {
693 return;
694 }
695
696 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
697 vnc_width(vd),
698 vnc_height(vd),
699 NULL, 0);
700 }
701
702 static void vnc_dpy_switch(DisplayChangeListener *dcl,
703 DisplaySurface *surface)
704 {
705 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
706 VncState *vs;
707 int width, height;
708
709 vnc_abort_display_jobs(vd);
710 vd->ds = surface;
711
712 /* server surface */
713 vnc_update_server_surface(vd);
714
715 /* guest surface */
716 qemu_pixman_image_unref(vd->guest.fb);
717 vd->guest.fb = pixman_image_ref(surface->image);
718 vd->guest.format = surface->format;
719 width = vnc_width(vd);
720 height = vnc_height(vd);
721 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
722 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
723 width, height);
724
725 QTAILQ_FOREACH(vs, &vd->clients, next) {
726 vnc_colordepth(vs);
727 vnc_desktop_resize(vs);
728 if (vs->vd->cursor) {
729 vnc_cursor_define(vs);
730 }
731 memset(vs->dirty, 0x00, sizeof(vs->dirty));
732 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
733 width, height);
734 }
735 }
736
737 /* fastest code */
738 static void vnc_write_pixels_copy(VncState *vs,
739 void *pixels, int size)
740 {
741 vnc_write(vs, pixels, size);
742 }
743
744 /* slowest but generic code. */
745 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
746 {
747 uint8_t r, g, b;
748
749 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
750 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
751 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
752 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
753 #else
754 # error need some bits here if you change VNC_SERVER_FB_FORMAT
755 #endif
756 v = (r << vs->client_pf.rshift) |
757 (g << vs->client_pf.gshift) |
758 (b << vs->client_pf.bshift);
759 switch (vs->client_pf.bytes_per_pixel) {
760 case 1:
761 buf[0] = v;
762 break;
763 case 2:
764 if (vs->client_be) {
765 buf[0] = v >> 8;
766 buf[1] = v;
767 } else {
768 buf[1] = v >> 8;
769 buf[0] = v;
770 }
771 break;
772 default:
773 case 4:
774 if (vs->client_be) {
775 buf[0] = v >> 24;
776 buf[1] = v >> 16;
777 buf[2] = v >> 8;
778 buf[3] = v;
779 } else {
780 buf[3] = v >> 24;
781 buf[2] = v >> 16;
782 buf[1] = v >> 8;
783 buf[0] = v;
784 }
785 break;
786 }
787 }
788
789 static void vnc_write_pixels_generic(VncState *vs,
790 void *pixels1, int size)
791 {
792 uint8_t buf[4];
793
794 if (VNC_SERVER_FB_BYTES == 4) {
795 uint32_t *pixels = pixels1;
796 int n, i;
797 n = size >> 2;
798 for (i = 0; i < n; i++) {
799 vnc_convert_pixel(vs, buf, pixels[i]);
800 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
801 }
802 }
803 }
804
805 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
806 {
807 int i;
808 uint8_t *row;
809 VncDisplay *vd = vs->vd;
810
811 row = vnc_server_fb_ptr(vd, x, y);
812 for (i = 0; i < h; i++) {
813 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
814 row += vnc_server_fb_stride(vd);
815 }
816 return 1;
817 }
818
819 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
820 {
821 int n = 0;
822 bool encode_raw = false;
823 size_t saved_offs = vs->output.offset;
824
825 switch(vs->vnc_encoding) {
826 case VNC_ENCODING_ZLIB:
827 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
828 break;
829 case VNC_ENCODING_HEXTILE:
830 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
831 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
832 break;
833 case VNC_ENCODING_TIGHT:
834 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
835 break;
836 case VNC_ENCODING_TIGHT_PNG:
837 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
838 break;
839 case VNC_ENCODING_ZRLE:
840 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
841 break;
842 case VNC_ENCODING_ZYWRLE:
843 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
844 break;
845 default:
846 encode_raw = true;
847 break;
848 }
849
850 /* If the client has the same pixel format as our internal buffer and
851 * a RAW encoding would need less space fall back to RAW encoding to
852 * save bandwidth and processing power in the client. */
853 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
854 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
855 vs->output.offset = saved_offs;
856 encode_raw = true;
857 }
858
859 if (encode_raw) {
860 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
861 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
862 }
863
864 return n;
865 }
866
867 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
868 {
869 /* send bitblit op to the vnc client */
870 vnc_lock_output(vs);
871 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
872 vnc_write_u8(vs, 0);
873 vnc_write_u16(vs, 1); /* number of rects */
874 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
875 vnc_write_u16(vs, src_x);
876 vnc_write_u16(vs, src_y);
877 vnc_unlock_output(vs);
878 vnc_flush(vs);
879 }
880
881 static void vnc_dpy_copy(DisplayChangeListener *dcl,
882 int src_x, int src_y,
883 int dst_x, int dst_y, int w, int h)
884 {
885 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
886 VncState *vs, *vn;
887 uint8_t *src_row;
888 uint8_t *dst_row;
889 int i, x, y, pitch, inc, w_lim, s;
890 int cmp_bytes;
891
892 if (!vd->server) {
893 /* no client connected */
894 return;
895 }
896
897 vnc_refresh_server_surface(vd);
898 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
899 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
900 vs->force_update = 1;
901 vnc_update_client(vs, 1, true);
902 /* vs might be free()ed here */
903 }
904 }
905
906 /* do bitblit op on the local surface too */
907 pitch = vnc_server_fb_stride(vd);
908 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
909 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
910 y = dst_y;
911 inc = 1;
912 if (dst_y > src_y) {
913 /* copy backwards */
914 src_row += pitch * (h-1);
915 dst_row += pitch * (h-1);
916 pitch = -pitch;
917 y = dst_y + h - 1;
918 inc = -1;
919 }
920 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
921 if (w_lim < 0) {
922 w_lim = w;
923 } else {
924 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
925 }
926 for (i = 0; i < h; i++) {
927 for (x = 0; x <= w_lim;
928 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
929 if (x == w_lim) {
930 if ((s = w - w_lim) == 0)
931 break;
932 } else if (!x) {
933 s = (VNC_DIRTY_PIXELS_PER_BIT -
934 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
935 s = MIN(s, w_lim);
936 } else {
937 s = VNC_DIRTY_PIXELS_PER_BIT;
938 }
939 cmp_bytes = s * VNC_SERVER_FB_BYTES;
940 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
941 continue;
942 memmove(dst_row, src_row, cmp_bytes);
943 QTAILQ_FOREACH(vs, &vd->clients, next) {
944 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
945 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
946 vs->dirty[y]);
947 }
948 }
949 }
950 src_row += pitch - w * VNC_SERVER_FB_BYTES;
951 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
952 y += inc;
953 }
954
955 QTAILQ_FOREACH(vs, &vd->clients, next) {
956 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
957 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
958 }
959 }
960 }
961
962 static void vnc_mouse_set(DisplayChangeListener *dcl,
963 int x, int y, int visible)
964 {
965 /* can we ask the client(s) to move the pointer ??? */
966 }
967
968 static int vnc_cursor_define(VncState *vs)
969 {
970 QEMUCursor *c = vs->vd->cursor;
971 int isize;
972
973 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
974 vnc_lock_output(vs);
975 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
976 vnc_write_u8(vs, 0); /* padding */
977 vnc_write_u16(vs, 1); /* # of rects */
978 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
979 VNC_ENCODING_RICH_CURSOR);
980 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
981 vnc_write_pixels_generic(vs, c->data, isize);
982 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
983 vnc_unlock_output(vs);
984 return 0;
985 }
986 return -1;
987 }
988
989 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
990 QEMUCursor *c)
991 {
992 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
993 VncState *vs;
994
995 cursor_put(vd->cursor);
996 g_free(vd->cursor_mask);
997
998 vd->cursor = c;
999 cursor_get(vd->cursor);
1000 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1001 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1002 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1003
1004 QTAILQ_FOREACH(vs, &vd->clients, next) {
1005 vnc_cursor_define(vs);
1006 }
1007 }
1008
1009 static int find_and_clear_dirty_height(VncState *vs,
1010 int y, int last_x, int x, int height)
1011 {
1012 int h;
1013
1014 for (h = 1; h < (height - y); h++) {
1015 if (!test_bit(last_x, vs->dirty[y + h])) {
1016 break;
1017 }
1018 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1019 }
1020
1021 return h;
1022 }
1023
1024 static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1025 {
1026 vs->has_dirty += has_dirty;
1027 if (vs->need_update && vs->ioc != NULL) {
1028 VncDisplay *vd = vs->vd;
1029 VncJob *job;
1030 int y;
1031 int height, width;
1032 int n = 0;
1033
1034 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1035 /* kernel send buffers are full -> drop frames to throttle */
1036 return 0;
1037
1038 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1039 return 0;
1040
1041 /*
1042 * Send screen updates to the vnc client using the server
1043 * surface and server dirty map. guest surface updates
1044 * happening in parallel don't disturb us, the next pass will
1045 * send them to the client.
1046 */
1047 job = vnc_job_new(vs);
1048
1049 height = pixman_image_get_height(vd->server);
1050 width = pixman_image_get_width(vd->server);
1051
1052 y = 0;
1053 for (;;) {
1054 int x, h;
1055 unsigned long x2;
1056 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1057 height * VNC_DIRTY_BPL(vs),
1058 y * VNC_DIRTY_BPL(vs));
1059 if (offset == height * VNC_DIRTY_BPL(vs)) {
1060 /* no more dirty bits */
1061 break;
1062 }
1063 y = offset / VNC_DIRTY_BPL(vs);
1064 x = offset % VNC_DIRTY_BPL(vs);
1065 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1066 VNC_DIRTY_BPL(vs), x);
1067 bitmap_clear(vs->dirty[y], x, x2 - x);
1068 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1069 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1070 if (x2 > x) {
1071 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1072 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1073 }
1074 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1075 y += h;
1076 if (y == height) {
1077 break;
1078 }
1079 }
1080 }
1081
1082 vnc_job_push(job);
1083 if (sync) {
1084 vnc_jobs_join(vs);
1085 }
1086 vs->force_update = 0;
1087 vs->has_dirty = 0;
1088 return n;
1089 }
1090
1091 if (vs->disconnecting) {
1092 vnc_disconnect_finish(vs);
1093 } else if (sync) {
1094 vnc_jobs_join(vs);
1095 }
1096
1097 return 0;
1098 }
1099
1100 /* audio */
1101 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1102 {
1103 VncState *vs = opaque;
1104
1105 switch (cmd) {
1106 case AUD_CNOTIFY_DISABLE:
1107 vnc_lock_output(vs);
1108 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1110 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1111 vnc_unlock_output(vs);
1112 vnc_flush(vs);
1113 break;
1114
1115 case AUD_CNOTIFY_ENABLE:
1116 vnc_lock_output(vs);
1117 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1119 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1120 vnc_unlock_output(vs);
1121 vnc_flush(vs);
1122 break;
1123 }
1124 }
1125
1126 static void audio_capture_destroy(void *opaque)
1127 {
1128 }
1129
1130 static void audio_capture(void *opaque, void *buf, int size)
1131 {
1132 VncState *vs = opaque;
1133
1134 vnc_lock_output(vs);
1135 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1137 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1138 vnc_write_u32(vs, size);
1139 vnc_write(vs, buf, size);
1140 vnc_unlock_output(vs);
1141 vnc_flush(vs);
1142 }
1143
1144 static void audio_add(VncState *vs)
1145 {
1146 struct audio_capture_ops ops;
1147
1148 if (vs->audio_cap) {
1149 error_report("audio already running");
1150 return;
1151 }
1152
1153 ops.notify = audio_capture_notify;
1154 ops.destroy = audio_capture_destroy;
1155 ops.capture = audio_capture;
1156
1157 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1158 if (!vs->audio_cap) {
1159 error_report("Failed to add audio capture");
1160 }
1161 }
1162
1163 static void audio_del(VncState *vs)
1164 {
1165 if (vs->audio_cap) {
1166 AUD_del_capture(vs->audio_cap, vs);
1167 vs->audio_cap = NULL;
1168 }
1169 }
1170
1171 static void vnc_disconnect_start(VncState *vs)
1172 {
1173 if (vs->disconnecting) {
1174 return;
1175 }
1176 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1177 if (vs->ioc_tag) {
1178 g_source_remove(vs->ioc_tag);
1179 }
1180 qio_channel_close(vs->ioc, NULL);
1181 vs->disconnecting = TRUE;
1182 }
1183
1184 void vnc_disconnect_finish(VncState *vs)
1185 {
1186 int i;
1187
1188 vnc_jobs_join(vs); /* Wait encoding jobs */
1189
1190 vnc_lock_output(vs);
1191 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1192
1193 buffer_free(&vs->input);
1194 buffer_free(&vs->output);
1195
1196 qapi_free_VncClientInfo(vs->info);
1197
1198 vnc_zlib_clear(vs);
1199 vnc_tight_clear(vs);
1200 vnc_zrle_clear(vs);
1201
1202 #ifdef CONFIG_VNC_SASL
1203 vnc_sasl_client_cleanup(vs);
1204 #endif /* CONFIG_VNC_SASL */
1205 audio_del(vs);
1206 vnc_release_modifiers(vs);
1207
1208 if (vs->initialized) {
1209 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1210 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1211 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1212 /* last client gone */
1213 vnc_update_server_surface(vs->vd);
1214 }
1215 }
1216
1217 if (vs->vd->lock_key_sync)
1218 qemu_remove_led_event_handler(vs->led);
1219 vnc_unlock_output(vs);
1220
1221 qemu_mutex_destroy(&vs->output_mutex);
1222 if (vs->bh != NULL) {
1223 qemu_bh_delete(vs->bh);
1224 }
1225 buffer_free(&vs->jobs_buffer);
1226
1227 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1228 g_free(vs->lossy_rect[i]);
1229 }
1230 g_free(vs->lossy_rect);
1231
1232 object_unref(OBJECT(vs->ioc));
1233 vs->ioc = NULL;
1234 object_unref(OBJECT(vs->sioc));
1235 vs->sioc = NULL;
1236 g_free(vs);
1237 }
1238
1239 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1240 {
1241 if (ret <= 0) {
1242 if (ret == 0) {
1243 VNC_DEBUG("Closing down client sock: EOF\n");
1244 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1245 VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
1246 ret, errp ? error_get_pretty(*errp) : "Unknown");
1247 }
1248
1249 vnc_disconnect_start(vs);
1250 if (errp) {
1251 error_free(*errp);
1252 *errp = NULL;
1253 }
1254 return 0;
1255 }
1256 return ret;
1257 }
1258
1259
1260 void vnc_client_error(VncState *vs)
1261 {
1262 VNC_DEBUG("Closing down client sock: protocol error\n");
1263 vnc_disconnect_start(vs);
1264 }
1265
1266
1267 /*
1268 * Called to write a chunk of data to the client socket. The data may
1269 * be the raw data, or may have already been encoded by SASL.
1270 * The data will be written either straight onto the socket, or
1271 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1272 *
1273 * NB, it is theoretically possible to have 2 layers of encryption,
1274 * both SASL, and this TLS layer. It is highly unlikely in practice
1275 * though, since SASL encryption will typically be a no-op if TLS
1276 * is active
1277 *
1278 * Returns the number of bytes written, which may be less than
1279 * the requested 'datalen' if the socket would block. Returns
1280 * -1 on error, and disconnects the client socket.
1281 */
1282 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1283 {
1284 Error *err = NULL;
1285 ssize_t ret;
1286 ret = qio_channel_write(
1287 vs->ioc, (const char *)data, datalen, &err);
1288 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1289 return vnc_client_io_error(vs, ret, &err);
1290 }
1291
1292
1293 /*
1294 * Called to write buffered data to the client socket, when not
1295 * using any SASL SSF encryption layers. Will write as much data
1296 * as possible without blocking. If all buffered data is written,
1297 * will switch the FD poll() handler back to read monitoring.
1298 *
1299 * Returns the number of bytes written, which may be less than
1300 * the buffered output data if the socket would block. Returns
1301 * -1 on error, and disconnects the client socket.
1302 */
1303 static ssize_t vnc_client_write_plain(VncState *vs)
1304 {
1305 ssize_t ret;
1306
1307 #ifdef CONFIG_VNC_SASL
1308 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1309 vs->output.buffer, vs->output.capacity, vs->output.offset,
1310 vs->sasl.waitWriteSSF);
1311
1312 if (vs->sasl.conn &&
1313 vs->sasl.runSSF &&
1314 vs->sasl.waitWriteSSF) {
1315 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1316 if (ret)
1317 vs->sasl.waitWriteSSF -= ret;
1318 } else
1319 #endif /* CONFIG_VNC_SASL */
1320 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1321 if (!ret)
1322 return 0;
1323
1324 buffer_advance(&vs->output, ret);
1325
1326 if (vs->output.offset == 0) {
1327 if (vs->ioc_tag) {
1328 g_source_remove(vs->ioc_tag);
1329 }
1330 vs->ioc_tag = qio_channel_add_watch(
1331 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1332 }
1333
1334 return ret;
1335 }
1336
1337
1338 /*
1339 * First function called whenever there is data to be written to
1340 * the client socket. Will delegate actual work according to whether
1341 * SASL SSF layers are enabled (thus requiring encryption calls)
1342 */
1343 static void vnc_client_write_locked(VncState *vs)
1344 {
1345 #ifdef CONFIG_VNC_SASL
1346 if (vs->sasl.conn &&
1347 vs->sasl.runSSF &&
1348 !vs->sasl.waitWriteSSF) {
1349 vnc_client_write_sasl(vs);
1350 } else
1351 #endif /* CONFIG_VNC_SASL */
1352 {
1353 vnc_client_write_plain(vs);
1354 }
1355 }
1356
1357 static void vnc_client_write(VncState *vs)
1358 {
1359
1360 vnc_lock_output(vs);
1361 if (vs->output.offset) {
1362 vnc_client_write_locked(vs);
1363 } else if (vs->ioc != NULL) {
1364 if (vs->ioc_tag) {
1365 g_source_remove(vs->ioc_tag);
1366 }
1367 vs->ioc_tag = qio_channel_add_watch(
1368 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1369 }
1370 vnc_unlock_output(vs);
1371 }
1372
1373 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1374 {
1375 vs->read_handler = func;
1376 vs->read_handler_expect = expecting;
1377 }
1378
1379
1380 /*
1381 * Called to read a chunk of data from the client socket. The data may
1382 * be the raw data, or may need to be further decoded by SASL.
1383 * The data will be read either straight from to the socket, or
1384 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1385 *
1386 * NB, it is theoretically possible to have 2 layers of encryption,
1387 * both SASL, and this TLS layer. It is highly unlikely in practice
1388 * though, since SASL encryption will typically be a no-op if TLS
1389 * is active
1390 *
1391 * Returns the number of bytes read, which may be less than
1392 * the requested 'datalen' if the socket would block. Returns
1393 * -1 on error, and disconnects the client socket.
1394 */
1395 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1396 {
1397 ssize_t ret;
1398 Error *err = NULL;
1399 ret = qio_channel_read(
1400 vs->ioc, (char *)data, datalen, &err);
1401 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1402 return vnc_client_io_error(vs, ret, &err);
1403 }
1404
1405
1406 /*
1407 * Called to read data from the client socket to the input buffer,
1408 * when not using any SASL SSF encryption layers. Will read as much
1409 * data as possible without blocking.
1410 *
1411 * Returns the number of bytes read. Returns -1 on error, and
1412 * disconnects the client socket.
1413 */
1414 static ssize_t vnc_client_read_plain(VncState *vs)
1415 {
1416 ssize_t ret;
1417 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1418 vs->input.buffer, vs->input.capacity, vs->input.offset);
1419 buffer_reserve(&vs->input, 4096);
1420 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1421 if (!ret)
1422 return 0;
1423 vs->input.offset += ret;
1424 return ret;
1425 }
1426
1427 static void vnc_jobs_bh(void *opaque)
1428 {
1429 VncState *vs = opaque;
1430
1431 vnc_jobs_consume_buffer(vs);
1432 }
1433
1434 /*
1435 * First function called whenever there is more data to be read from
1436 * the client socket. Will delegate actual work according to whether
1437 * SASL SSF layers are enabled (thus requiring decryption calls)
1438 */
1439 static void vnc_client_read(VncState *vs)
1440 {
1441 ssize_t ret;
1442
1443 #ifdef CONFIG_VNC_SASL
1444 if (vs->sasl.conn && vs->sasl.runSSF)
1445 ret = vnc_client_read_sasl(vs);
1446 else
1447 #endif /* CONFIG_VNC_SASL */
1448 ret = vnc_client_read_plain(vs);
1449 if (!ret) {
1450 if (vs->disconnecting) {
1451 vnc_disconnect_finish(vs);
1452 }
1453 return;
1454 }
1455
1456 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1457 size_t len = vs->read_handler_expect;
1458 int ret;
1459
1460 ret = vs->read_handler(vs, vs->input.buffer, len);
1461 if (vs->disconnecting) {
1462 vnc_disconnect_finish(vs);
1463 return;
1464 }
1465
1466 if (!ret) {
1467 buffer_advance(&vs->input, len);
1468 } else {
1469 vs->read_handler_expect = ret;
1470 }
1471 }
1472 }
1473
1474 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1475 GIOCondition condition, void *opaque)
1476 {
1477 VncState *vs = opaque;
1478 if (condition & G_IO_IN) {
1479 vnc_client_read(vs);
1480 }
1481 if (condition & G_IO_OUT) {
1482 vnc_client_write(vs);
1483 }
1484 return TRUE;
1485 }
1486
1487
1488 void vnc_write(VncState *vs, const void *data, size_t len)
1489 {
1490 buffer_reserve(&vs->output, len);
1491
1492 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1493 if (vs->ioc_tag) {
1494 g_source_remove(vs->ioc_tag);
1495 }
1496 vs->ioc_tag = qio_channel_add_watch(
1497 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1498 }
1499
1500 buffer_append(&vs->output, data, len);
1501 }
1502
1503 void vnc_write_s32(VncState *vs, int32_t value)
1504 {
1505 vnc_write_u32(vs, *(uint32_t *)&value);
1506 }
1507
1508 void vnc_write_u32(VncState *vs, uint32_t value)
1509 {
1510 uint8_t buf[4];
1511
1512 buf[0] = (value >> 24) & 0xFF;
1513 buf[1] = (value >> 16) & 0xFF;
1514 buf[2] = (value >> 8) & 0xFF;
1515 buf[3] = value & 0xFF;
1516
1517 vnc_write(vs, buf, 4);
1518 }
1519
1520 void vnc_write_u16(VncState *vs, uint16_t value)
1521 {
1522 uint8_t buf[2];
1523
1524 buf[0] = (value >> 8) & 0xFF;
1525 buf[1] = value & 0xFF;
1526
1527 vnc_write(vs, buf, 2);
1528 }
1529
1530 void vnc_write_u8(VncState *vs, uint8_t value)
1531 {
1532 vnc_write(vs, (char *)&value, 1);
1533 }
1534
1535 void vnc_flush(VncState *vs)
1536 {
1537 vnc_lock_output(vs);
1538 if (vs->ioc != NULL && vs->output.offset) {
1539 vnc_client_write_locked(vs);
1540 }
1541 vnc_unlock_output(vs);
1542 }
1543
1544 static uint8_t read_u8(uint8_t *data, size_t offset)
1545 {
1546 return data[offset];
1547 }
1548
1549 static uint16_t read_u16(uint8_t *data, size_t offset)
1550 {
1551 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1552 }
1553
1554 static int32_t read_s32(uint8_t *data, size_t offset)
1555 {
1556 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1557 (data[offset + 2] << 8) | data[offset + 3]);
1558 }
1559
1560 uint32_t read_u32(uint8_t *data, size_t offset)
1561 {
1562 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1563 (data[offset + 2] << 8) | data[offset + 3]);
1564 }
1565
1566 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1567 {
1568 }
1569
1570 static void check_pointer_type_change(Notifier *notifier, void *data)
1571 {
1572 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1573 int absolute = qemu_input_is_absolute();
1574
1575 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1576 vnc_lock_output(vs);
1577 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1578 vnc_write_u8(vs, 0);
1579 vnc_write_u16(vs, 1);
1580 vnc_framebuffer_update(vs, absolute, 0,
1581 pixman_image_get_width(vs->vd->server),
1582 pixman_image_get_height(vs->vd->server),
1583 VNC_ENCODING_POINTER_TYPE_CHANGE);
1584 vnc_unlock_output(vs);
1585 vnc_flush(vs);
1586 }
1587 vs->absolute = absolute;
1588 }
1589
1590 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1591 {
1592 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1593 [INPUT_BUTTON_LEFT] = 0x01,
1594 [INPUT_BUTTON_MIDDLE] = 0x02,
1595 [INPUT_BUTTON_RIGHT] = 0x04,
1596 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1597 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1598 };
1599 QemuConsole *con = vs->vd->dcl.con;
1600 int width = pixman_image_get_width(vs->vd->server);
1601 int height = pixman_image_get_height(vs->vd->server);
1602
1603 if (vs->last_bmask != button_mask) {
1604 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1605 vs->last_bmask = button_mask;
1606 }
1607
1608 if (vs->absolute) {
1609 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1610 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1611 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1612 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1613 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1614 } else {
1615 if (vs->last_x != -1) {
1616 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1617 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1618 }
1619 vs->last_x = x;
1620 vs->last_y = y;
1621 }
1622 qemu_input_event_sync();
1623 }
1624
1625 static void reset_keys(VncState *vs)
1626 {
1627 int i;
1628 for(i = 0; i < 256; i++) {
1629 if (vs->modifiers_state[i]) {
1630 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1631 vs->modifiers_state[i] = 0;
1632 }
1633 }
1634 }
1635
1636 static void press_key(VncState *vs, int keysym)
1637 {
1638 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1639 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1640 qemu_input_event_send_key_delay(0);
1641 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1642 qemu_input_event_send_key_delay(0);
1643 }
1644
1645 static int current_led_state(VncState *vs)
1646 {
1647 int ledstate = 0;
1648
1649 if (vs->modifiers_state[0x46]) {
1650 ledstate |= QEMU_SCROLL_LOCK_LED;
1651 }
1652 if (vs->modifiers_state[0x45]) {
1653 ledstate |= QEMU_NUM_LOCK_LED;
1654 }
1655 if (vs->modifiers_state[0x3a]) {
1656 ledstate |= QEMU_CAPS_LOCK_LED;
1657 }
1658
1659 return ledstate;
1660 }
1661
1662 static void vnc_led_state_change(VncState *vs)
1663 {
1664 int ledstate = 0;
1665
1666 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1667 return;
1668 }
1669
1670 ledstate = current_led_state(vs);
1671 vnc_lock_output(vs);
1672 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1673 vnc_write_u8(vs, 0);
1674 vnc_write_u16(vs, 1);
1675 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1676 vnc_write_u8(vs, ledstate);
1677 vnc_unlock_output(vs);
1678 vnc_flush(vs);
1679 }
1680
1681 static void kbd_leds(void *opaque, int ledstate)
1682 {
1683 VncState *vs = opaque;
1684 int caps, num, scr;
1685 bool has_changed = (ledstate != current_led_state(vs));
1686
1687 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1688 (ledstate & QEMU_NUM_LOCK_LED),
1689 (ledstate & QEMU_SCROLL_LOCK_LED));
1690
1691 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1692 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1693 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1694
1695 if (vs->modifiers_state[0x3a] != caps) {
1696 vs->modifiers_state[0x3a] = caps;
1697 }
1698 if (vs->modifiers_state[0x45] != num) {
1699 vs->modifiers_state[0x45] = num;
1700 }
1701 if (vs->modifiers_state[0x46] != scr) {
1702 vs->modifiers_state[0x46] = scr;
1703 }
1704
1705 /* Sending the current led state message to the client */
1706 if (has_changed) {
1707 vnc_led_state_change(vs);
1708 }
1709 }
1710
1711 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1712 {
1713 /* QEMU console switch */
1714 switch(keycode) {
1715 case 0x2a: /* Left Shift */
1716 case 0x36: /* Right Shift */
1717 case 0x1d: /* Left CTRL */
1718 case 0x9d: /* Right CTRL */
1719 case 0x38: /* Left ALT */
1720 case 0xb8: /* Right ALT */
1721 if (down)
1722 vs->modifiers_state[keycode] = 1;
1723 else
1724 vs->modifiers_state[keycode] = 0;
1725 break;
1726 case 0x02 ... 0x0a: /* '1' to '9' keys */
1727 if (vs->vd->dcl.con == NULL &&
1728 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1729 /* Reset the modifiers sent to the current console */
1730 reset_keys(vs);
1731 console_select(keycode - 0x02);
1732 return;
1733 }
1734 break;
1735 case 0x3a: /* CapsLock */
1736 case 0x45: /* NumLock */
1737 if (down)
1738 vs->modifiers_state[keycode] ^= 1;
1739 break;
1740 }
1741
1742 /* Turn off the lock state sync logic if the client support the led
1743 state extension.
1744 */
1745 if (down && vs->vd->lock_key_sync &&
1746 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1747 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1748 /* If the numlock state needs to change then simulate an additional
1749 keypress before sending this one. This will happen if the user
1750 toggles numlock away from the VNC window.
1751 */
1752 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1753 if (!vs->modifiers_state[0x45]) {
1754 trace_vnc_key_sync_numlock(true);
1755 vs->modifiers_state[0x45] = 1;
1756 press_key(vs, 0xff7f);
1757 }
1758 } else {
1759 if (vs->modifiers_state[0x45]) {
1760 trace_vnc_key_sync_numlock(false);
1761 vs->modifiers_state[0x45] = 0;
1762 press_key(vs, 0xff7f);
1763 }
1764 }
1765 }
1766
1767 if (down && vs->vd->lock_key_sync &&
1768 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1769 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1770 /* If the capslock state needs to change then simulate an additional
1771 keypress before sending this one. This will happen if the user
1772 toggles capslock away from the VNC window.
1773 */
1774 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1775 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1776 int capslock = !!(vs->modifiers_state[0x3a]);
1777 if (capslock) {
1778 if (uppercase == shift) {
1779 trace_vnc_key_sync_capslock(false);
1780 vs->modifiers_state[0x3a] = 0;
1781 press_key(vs, 0xffe5);
1782 }
1783 } else {
1784 if (uppercase != shift) {
1785 trace_vnc_key_sync_capslock(true);
1786 vs->modifiers_state[0x3a] = 1;
1787 press_key(vs, 0xffe5);
1788 }
1789 }
1790 }
1791
1792 if (qemu_console_is_graphic(NULL)) {
1793 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1794 } else {
1795 bool numlock = vs->modifiers_state[0x45];
1796 bool control = (vs->modifiers_state[0x1d] ||
1797 vs->modifiers_state[0x9d]);
1798 /* QEMU console emulation */
1799 if (down) {
1800 switch (keycode) {
1801 case 0x2a: /* Left Shift */
1802 case 0x36: /* Right Shift */
1803 case 0x1d: /* Left CTRL */
1804 case 0x9d: /* Right CTRL */
1805 case 0x38: /* Left ALT */
1806 case 0xb8: /* Right ALT */
1807 break;
1808 case 0xc8:
1809 kbd_put_keysym(QEMU_KEY_UP);
1810 break;
1811 case 0xd0:
1812 kbd_put_keysym(QEMU_KEY_DOWN);
1813 break;
1814 case 0xcb:
1815 kbd_put_keysym(QEMU_KEY_LEFT);
1816 break;
1817 case 0xcd:
1818 kbd_put_keysym(QEMU_KEY_RIGHT);
1819 break;
1820 case 0xd3:
1821 kbd_put_keysym(QEMU_KEY_DELETE);
1822 break;
1823 case 0xc7:
1824 kbd_put_keysym(QEMU_KEY_HOME);
1825 break;
1826 case 0xcf:
1827 kbd_put_keysym(QEMU_KEY_END);
1828 break;
1829 case 0xc9:
1830 kbd_put_keysym(QEMU_KEY_PAGEUP);
1831 break;
1832 case 0xd1:
1833 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1834 break;
1835
1836 case 0x47:
1837 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1838 break;
1839 case 0x48:
1840 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1841 break;
1842 case 0x49:
1843 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1844 break;
1845 case 0x4b:
1846 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1847 break;
1848 case 0x4c:
1849 kbd_put_keysym('5');
1850 break;
1851 case 0x4d:
1852 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1853 break;
1854 case 0x4f:
1855 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1856 break;
1857 case 0x50:
1858 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1859 break;
1860 case 0x51:
1861 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1862 break;
1863 case 0x52:
1864 kbd_put_keysym('0');
1865 break;
1866 case 0x53:
1867 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1868 break;
1869
1870 case 0xb5:
1871 kbd_put_keysym('/');
1872 break;
1873 case 0x37:
1874 kbd_put_keysym('*');
1875 break;
1876 case 0x4a:
1877 kbd_put_keysym('-');
1878 break;
1879 case 0x4e:
1880 kbd_put_keysym('+');
1881 break;
1882 case 0x9c:
1883 kbd_put_keysym('\n');
1884 break;
1885
1886 default:
1887 if (control) {
1888 kbd_put_keysym(sym & 0x1f);
1889 } else {
1890 kbd_put_keysym(sym);
1891 }
1892 break;
1893 }
1894 }
1895 }
1896 }
1897
1898 static void vnc_release_modifiers(VncState *vs)
1899 {
1900 static const int keycodes[] = {
1901 /* shift, control, alt keys, both left & right */
1902 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1903 };
1904 int i, keycode;
1905
1906 if (!qemu_console_is_graphic(NULL)) {
1907 return;
1908 }
1909 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1910 keycode = keycodes[i];
1911 if (!vs->modifiers_state[keycode]) {
1912 continue;
1913 }
1914 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1915 }
1916 }
1917
1918 static const char *code2name(int keycode)
1919 {
1920 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1921 }
1922
1923 static void key_event(VncState *vs, int down, uint32_t sym)
1924 {
1925 int keycode;
1926 int lsym = sym;
1927
1928 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1929 lsym = lsym - 'A' + 'a';
1930 }
1931
1932 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1933 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1934 do_key_event(vs, down, keycode, sym);
1935 }
1936
1937 static void ext_key_event(VncState *vs, int down,
1938 uint32_t sym, uint16_t keycode)
1939 {
1940 /* if the user specifies a keyboard layout, always use it */
1941 if (keyboard_layout) {
1942 key_event(vs, down, sym);
1943 } else {
1944 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1945 do_key_event(vs, down, keycode, sym);
1946 }
1947 }
1948
1949 static void framebuffer_update_request(VncState *vs, int incremental,
1950 int x, int y, int w, int h)
1951 {
1952 vs->need_update = 1;
1953
1954 if (incremental) {
1955 return;
1956 }
1957
1958 vs->force_update = 1;
1959 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1960 }
1961
1962 static void send_ext_key_event_ack(VncState *vs)
1963 {
1964 vnc_lock_output(vs);
1965 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1966 vnc_write_u8(vs, 0);
1967 vnc_write_u16(vs, 1);
1968 vnc_framebuffer_update(vs, 0, 0,
1969 pixman_image_get_width(vs->vd->server),
1970 pixman_image_get_height(vs->vd->server),
1971 VNC_ENCODING_EXT_KEY_EVENT);
1972 vnc_unlock_output(vs);
1973 vnc_flush(vs);
1974 }
1975
1976 static void send_ext_audio_ack(VncState *vs)
1977 {
1978 vnc_lock_output(vs);
1979 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1980 vnc_write_u8(vs, 0);
1981 vnc_write_u16(vs, 1);
1982 vnc_framebuffer_update(vs, 0, 0,
1983 pixman_image_get_width(vs->vd->server),
1984 pixman_image_get_height(vs->vd->server),
1985 VNC_ENCODING_AUDIO);
1986 vnc_unlock_output(vs);
1987 vnc_flush(vs);
1988 }
1989
1990 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1991 {
1992 int i;
1993 unsigned int enc = 0;
1994
1995 vs->features = 0;
1996 vs->vnc_encoding = 0;
1997 vs->tight.compression = 9;
1998 vs->tight.quality = -1; /* Lossless by default */
1999 vs->absolute = -1;
2000
2001 /*
2002 * Start from the end because the encodings are sent in order of preference.
2003 * This way the preferred encoding (first encoding defined in the array)
2004 * will be set at the end of the loop.
2005 */
2006 for (i = n_encodings - 1; i >= 0; i--) {
2007 enc = encodings[i];
2008 switch (enc) {
2009 case VNC_ENCODING_RAW:
2010 vs->vnc_encoding = enc;
2011 break;
2012 case VNC_ENCODING_COPYRECT:
2013 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2014 break;
2015 case VNC_ENCODING_HEXTILE:
2016 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2017 vs->vnc_encoding = enc;
2018 break;
2019 case VNC_ENCODING_TIGHT:
2020 vs->features |= VNC_FEATURE_TIGHT_MASK;
2021 vs->vnc_encoding = enc;
2022 break;
2023 #ifdef CONFIG_VNC_PNG
2024 case VNC_ENCODING_TIGHT_PNG:
2025 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2026 vs->vnc_encoding = enc;
2027 break;
2028 #endif
2029 case VNC_ENCODING_ZLIB:
2030 vs->features |= VNC_FEATURE_ZLIB_MASK;
2031 vs->vnc_encoding = enc;
2032 break;
2033 case VNC_ENCODING_ZRLE:
2034 vs->features |= VNC_FEATURE_ZRLE_MASK;
2035 vs->vnc_encoding = enc;
2036 break;
2037 case VNC_ENCODING_ZYWRLE:
2038 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2039 vs->vnc_encoding = enc;
2040 break;
2041 case VNC_ENCODING_DESKTOPRESIZE:
2042 vs->features |= VNC_FEATURE_RESIZE_MASK;
2043 break;
2044 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2045 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2046 break;
2047 case VNC_ENCODING_RICH_CURSOR:
2048 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2049 if (vs->vd->cursor) {
2050 vnc_cursor_define(vs);
2051 }
2052 break;
2053 case VNC_ENCODING_EXT_KEY_EVENT:
2054 send_ext_key_event_ack(vs);
2055 break;
2056 case VNC_ENCODING_AUDIO:
2057 send_ext_audio_ack(vs);
2058 break;
2059 case VNC_ENCODING_WMVi:
2060 vs->features |= VNC_FEATURE_WMVI_MASK;
2061 break;
2062 case VNC_ENCODING_LED_STATE:
2063 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2064 break;
2065 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2066 vs->tight.compression = (enc & 0x0F);
2067 break;
2068 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2069 if (vs->vd->lossy) {
2070 vs->tight.quality = (enc & 0x0F);
2071 }
2072 break;
2073 default:
2074 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2075 break;
2076 }
2077 }
2078 vnc_desktop_resize(vs);
2079 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2080 vnc_led_state_change(vs);
2081 }
2082
2083 static void set_pixel_conversion(VncState *vs)
2084 {
2085 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2086
2087 if (fmt == VNC_SERVER_FB_FORMAT) {
2088 vs->write_pixels = vnc_write_pixels_copy;
2089 vnc_hextile_set_pixel_conversion(vs, 0);
2090 } else {
2091 vs->write_pixels = vnc_write_pixels_generic;
2092 vnc_hextile_set_pixel_conversion(vs, 1);
2093 }
2094 }
2095
2096 static void set_pixel_format(VncState *vs,
2097 int bits_per_pixel, int depth,
2098 int big_endian_flag, int true_color_flag,
2099 int red_max, int green_max, int blue_max,
2100 int red_shift, int green_shift, int blue_shift)
2101 {
2102 if (!true_color_flag) {
2103 vnc_client_error(vs);
2104 return;
2105 }
2106
2107 switch (bits_per_pixel) {
2108 case 8:
2109 case 16:
2110 case 32:
2111 break;
2112 default:
2113 vnc_client_error(vs);
2114 return;
2115 }
2116
2117 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2118 vs->client_pf.rbits = hweight_long(red_max);
2119 vs->client_pf.rshift = red_shift;
2120 vs->client_pf.rmask = red_max << red_shift;
2121 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2122 vs->client_pf.gbits = hweight_long(green_max);
2123 vs->client_pf.gshift = green_shift;
2124 vs->client_pf.gmask = green_max << green_shift;
2125 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2126 vs->client_pf.bbits = hweight_long(blue_max);
2127 vs->client_pf.bshift = blue_shift;
2128 vs->client_pf.bmask = blue_max << blue_shift;
2129 vs->client_pf.bits_per_pixel = bits_per_pixel;
2130 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2131 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2132 vs->client_be = big_endian_flag;
2133
2134 set_pixel_conversion(vs);
2135
2136 graphic_hw_invalidate(vs->vd->dcl.con);
2137 graphic_hw_update(vs->vd->dcl.con);
2138 }
2139
2140 static void pixel_format_message (VncState *vs) {
2141 char pad[3] = { 0, 0, 0 };
2142
2143 vs->client_pf = qemu_default_pixelformat(32);
2144
2145 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2146 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2147
2148 #ifdef HOST_WORDS_BIGENDIAN
2149 vnc_write_u8(vs, 1); /* big-endian-flag */
2150 #else
2151 vnc_write_u8(vs, 0); /* big-endian-flag */
2152 #endif
2153 vnc_write_u8(vs, 1); /* true-color-flag */
2154 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2155 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2156 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2157 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2158 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2159 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2160 vnc_write(vs, pad, 3); /* padding */
2161
2162 vnc_hextile_set_pixel_conversion(vs, 0);
2163 vs->write_pixels = vnc_write_pixels_copy;
2164 }
2165
2166 static void vnc_colordepth(VncState *vs)
2167 {
2168 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2169 /* Sending a WMVi message to notify the client*/
2170 vnc_lock_output(vs);
2171 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2172 vnc_write_u8(vs, 0);
2173 vnc_write_u16(vs, 1); /* number of rects */
2174 vnc_framebuffer_update(vs, 0, 0,
2175 pixman_image_get_width(vs->vd->server),
2176 pixman_image_get_height(vs->vd->server),
2177 VNC_ENCODING_WMVi);
2178 pixel_format_message(vs);
2179 vnc_unlock_output(vs);
2180 vnc_flush(vs);
2181 } else {
2182 set_pixel_conversion(vs);
2183 }
2184 }
2185
2186 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2187 {
2188 int i;
2189 uint16_t limit;
2190 VncDisplay *vd = vs->vd;
2191
2192 if (data[0] > 3) {
2193 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2194 }
2195
2196 switch (data[0]) {
2197 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2198 if (len == 1)
2199 return 20;
2200
2201 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2202 read_u8(data, 6), read_u8(data, 7),
2203 read_u16(data, 8), read_u16(data, 10),
2204 read_u16(data, 12), read_u8(data, 14),
2205 read_u8(data, 15), read_u8(data, 16));
2206 break;
2207 case VNC_MSG_CLIENT_SET_ENCODINGS:
2208 if (len == 1)
2209 return 4;
2210
2211 if (len == 4) {
2212 limit = read_u16(data, 2);
2213 if (limit > 0)
2214 return 4 + (limit * 4);
2215 } else
2216 limit = read_u16(data, 2);
2217
2218 for (i = 0; i < limit; i++) {
2219 int32_t val = read_s32(data, 4 + (i * 4));
2220 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2221 }
2222
2223 set_encodings(vs, (int32_t *)(data + 4), limit);
2224 break;
2225 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2226 if (len == 1)
2227 return 10;
2228
2229 framebuffer_update_request(vs,
2230 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2231 read_u16(data, 6), read_u16(data, 8));
2232 break;
2233 case VNC_MSG_CLIENT_KEY_EVENT:
2234 if (len == 1)
2235 return 8;
2236
2237 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2238 break;
2239 case VNC_MSG_CLIENT_POINTER_EVENT:
2240 if (len == 1)
2241 return 6;
2242
2243 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2244 break;
2245 case VNC_MSG_CLIENT_CUT_TEXT:
2246 if (len == 1) {
2247 return 8;
2248 }
2249 if (len == 8) {
2250 uint32_t dlen = read_u32(data, 4);
2251 if (dlen > (1 << 20)) {
2252 error_report("vnc: client_cut_text msg payload has %u bytes"
2253 " which exceeds our limit of 1MB.", dlen);
2254 vnc_client_error(vs);
2255 break;
2256 }
2257 if (dlen > 0) {
2258 return 8 + dlen;
2259 }
2260 }
2261
2262 client_cut_text(vs, read_u32(data, 4), data + 8);
2263 break;
2264 case VNC_MSG_CLIENT_QEMU:
2265 if (len == 1)
2266 return 2;
2267
2268 switch (read_u8(data, 1)) {
2269 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2270 if (len == 2)
2271 return 12;
2272
2273 ext_key_event(vs, read_u16(data, 2),
2274 read_u32(data, 4), read_u32(data, 8));
2275 break;
2276 case VNC_MSG_CLIENT_QEMU_AUDIO:
2277 if (len == 2)
2278 return 4;
2279
2280 switch (read_u16 (data, 2)) {
2281 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2282 audio_add(vs);
2283 break;
2284 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2285 audio_del(vs);
2286 break;
2287 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2288 if (len == 4)
2289 return 10;
2290 switch (read_u8(data, 4)) {
2291 case 0: vs->as.fmt = AUD_FMT_U8; break;
2292 case 1: vs->as.fmt = AUD_FMT_S8; break;
2293 case 2: vs->as.fmt = AUD_FMT_U16; break;
2294 case 3: vs->as.fmt = AUD_FMT_S16; break;
2295 case 4: vs->as.fmt = AUD_FMT_U32; break;
2296 case 5: vs->as.fmt = AUD_FMT_S32; break;
2297 default:
2298 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2299 vnc_client_error(vs);
2300 break;
2301 }
2302 vs->as.nchannels = read_u8(data, 5);
2303 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2304 VNC_DEBUG("Invalid audio channel coount %d\n",
2305 read_u8(data, 5));
2306 vnc_client_error(vs);
2307 break;
2308 }
2309 vs->as.freq = read_u32(data, 6);
2310 break;
2311 default:
2312 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2313 vnc_client_error(vs);
2314 break;
2315 }
2316 break;
2317
2318 default:
2319 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2320 vnc_client_error(vs);
2321 break;
2322 }
2323 break;
2324 default:
2325 VNC_DEBUG("Msg: %d\n", data[0]);
2326 vnc_client_error(vs);
2327 break;
2328 }
2329
2330 vnc_read_when(vs, protocol_client_msg, 1);
2331 return 0;
2332 }
2333
2334 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2335 {
2336 char buf[1024];
2337 VncShareMode mode;
2338 int size;
2339
2340 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2341 switch (vs->vd->share_policy) {
2342 case VNC_SHARE_POLICY_IGNORE:
2343 /*
2344 * Ignore the shared flag. Nothing to do here.
2345 *
2346 * Doesn't conform to the rfb spec but is traditional qemu
2347 * behavior, thus left here as option for compatibility
2348 * reasons.
2349 */
2350 break;
2351 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2352 /*
2353 * Policy: Allow clients ask for exclusive access.
2354 *
2355 * Implementation: When a client asks for exclusive access,
2356 * disconnect all others. Shared connects are allowed as long
2357 * as no exclusive connection exists.
2358 *
2359 * This is how the rfb spec suggests to handle the shared flag.
2360 */
2361 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2362 VncState *client;
2363 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2364 if (vs == client) {
2365 continue;
2366 }
2367 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2368 client->share_mode != VNC_SHARE_MODE_SHARED) {
2369 continue;
2370 }
2371 vnc_disconnect_start(client);
2372 }
2373 }
2374 if (mode == VNC_SHARE_MODE_SHARED) {
2375 if (vs->vd->num_exclusive > 0) {
2376 vnc_disconnect_start(vs);
2377 return 0;
2378 }
2379 }
2380 break;
2381 case VNC_SHARE_POLICY_FORCE_SHARED:
2382 /*
2383 * Policy: Shared connects only.
2384 * Implementation: Disallow clients asking for exclusive access.
2385 *
2386 * Useful for shared desktop sessions where you don't want
2387 * someone forgetting to say -shared when running the vnc
2388 * client disconnect everybody else.
2389 */
2390 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2391 vnc_disconnect_start(vs);
2392 return 0;
2393 }
2394 break;
2395 }
2396 vnc_set_share_mode(vs, mode);
2397
2398 if (vs->vd->num_shared > vs->vd->connections_limit) {
2399 vnc_disconnect_start(vs);
2400 return 0;
2401 }
2402
2403 vs->client_width = pixman_image_get_width(vs->vd->server);
2404 vs->client_height = pixman_image_get_height(vs->vd->server);
2405 vnc_write_u16(vs, vs->client_width);
2406 vnc_write_u16(vs, vs->client_height);
2407
2408 pixel_format_message(vs);
2409
2410 if (qemu_name)
2411 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2412 else
2413 size = snprintf(buf, sizeof(buf), "QEMU");
2414
2415 vnc_write_u32(vs, size);
2416 vnc_write(vs, buf, size);
2417 vnc_flush(vs);
2418
2419 vnc_client_cache_auth(vs);
2420 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2421
2422 vnc_read_when(vs, protocol_client_msg, 1);
2423
2424 return 0;
2425 }
2426
2427 void start_client_init(VncState *vs)
2428 {
2429 vnc_read_when(vs, protocol_client_init, 1);
2430 }
2431
2432 static void make_challenge(VncState *vs)
2433 {
2434 int i;
2435
2436 srand(time(NULL)+getpid()+getpid()*987654+rand());
2437
2438 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2439 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2440 }
2441
2442 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2443 {
2444 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2445 size_t i, pwlen;
2446 unsigned char key[8];
2447 time_t now = time(NULL);
2448 QCryptoCipher *cipher = NULL;
2449 Error *err = NULL;
2450
2451 if (!vs->vd->password) {
2452 VNC_DEBUG("No password configured on server");
2453 goto reject;
2454 }
2455 if (vs->vd->expires < now) {
2456 VNC_DEBUG("Password is expired");
2457 goto reject;
2458 }
2459
2460 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2461
2462 /* Calculate the expected challenge response */
2463 pwlen = strlen(vs->vd->password);
2464 for (i=0; i<sizeof(key); i++)
2465 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2466
2467 cipher = qcrypto_cipher_new(
2468 QCRYPTO_CIPHER_ALG_DES_RFB,
2469 QCRYPTO_CIPHER_MODE_ECB,
2470 key, G_N_ELEMENTS(key),
2471 &err);
2472 if (!cipher) {
2473 VNC_DEBUG("Cannot initialize cipher %s",
2474 error_get_pretty(err));
2475 error_free(err);
2476 goto reject;
2477 }
2478
2479 if (qcrypto_cipher_encrypt(cipher,
2480 vs->challenge,
2481 response,
2482 VNC_AUTH_CHALLENGE_SIZE,
2483 &err) < 0) {
2484 VNC_DEBUG("Cannot encrypt challenge %s",
2485 error_get_pretty(err));
2486 error_free(err);
2487 goto reject;
2488 }
2489
2490 /* Compare expected vs actual challenge response */
2491 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2492 VNC_DEBUG("Client challenge response did not match\n");
2493 goto reject;
2494 } else {
2495 VNC_DEBUG("Accepting VNC challenge response\n");
2496 vnc_write_u32(vs, 0); /* Accept auth */
2497 vnc_flush(vs);
2498
2499 start_client_init(vs);
2500 }
2501
2502 qcrypto_cipher_free(cipher);
2503 return 0;
2504
2505 reject:
2506 vnc_write_u32(vs, 1); /* Reject auth */
2507 if (vs->minor >= 8) {
2508 static const char err[] = "Authentication failed";
2509 vnc_write_u32(vs, sizeof(err));
2510 vnc_write(vs, err, sizeof(err));
2511 }
2512 vnc_flush(vs);
2513 vnc_client_error(vs);
2514 qcrypto_cipher_free(cipher);
2515 return 0;
2516 }
2517
2518 void start_auth_vnc(VncState *vs)
2519 {
2520 make_challenge(vs);
2521 /* Send client a 'random' challenge */
2522 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2523 vnc_flush(vs);
2524
2525 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2526 }
2527
2528
2529 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2530 {
2531 /* We only advertise 1 auth scheme at a time, so client
2532 * must pick the one we sent. Verify this */
2533 if (data[0] != vs->auth) { /* Reject auth */
2534 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2535 vnc_write_u32(vs, 1);
2536 if (vs->minor >= 8) {
2537 static const char err[] = "Authentication failed";
2538 vnc_write_u32(vs, sizeof(err));
2539 vnc_write(vs, err, sizeof(err));
2540 }
2541 vnc_client_error(vs);
2542 } else { /* Accept requested auth */
2543 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2544 switch (vs->auth) {
2545 case VNC_AUTH_NONE:
2546 VNC_DEBUG("Accept auth none\n");
2547 if (vs->minor >= 8) {
2548 vnc_write_u32(vs, 0); /* Accept auth completion */
2549 vnc_flush(vs);
2550 }
2551 start_client_init(vs);
2552 break;
2553
2554 case VNC_AUTH_VNC:
2555 VNC_DEBUG("Start VNC auth\n");
2556 start_auth_vnc(vs);
2557 break;
2558
2559 case VNC_AUTH_VENCRYPT:
2560 VNC_DEBUG("Accept VeNCrypt auth\n");
2561 start_auth_vencrypt(vs);
2562 break;
2563
2564 #ifdef CONFIG_VNC_SASL
2565 case VNC_AUTH_SASL:
2566 VNC_DEBUG("Accept SASL auth\n");
2567 start_auth_sasl(vs);
2568 break;
2569 #endif /* CONFIG_VNC_SASL */
2570
2571 default: /* Should not be possible, but just in case */
2572 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2573 vnc_write_u8(vs, 1);
2574 if (vs->minor >= 8) {
2575 static const char err[] = "Authentication failed";
2576 vnc_write_u32(vs, sizeof(err));
2577 vnc_write(vs, err, sizeof(err));
2578 }
2579 vnc_client_error(vs);
2580 }
2581 }
2582 return 0;
2583 }
2584
2585 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2586 {
2587 char local[13];
2588
2589 memcpy(local, version, 12);
2590 local[12] = 0;
2591
2592 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2593 VNC_DEBUG("Malformed protocol version %s\n", local);
2594 vnc_client_error(vs);
2595 return 0;
2596 }
2597 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2598 if (vs->major != 3 ||
2599 (vs->minor != 3 &&
2600 vs->minor != 4 &&
2601 vs->minor != 5 &&
2602 vs->minor != 7 &&
2603 vs->minor != 8)) {
2604 VNC_DEBUG("Unsupported client version\n");
2605 vnc_write_u32(vs, VNC_AUTH_INVALID);
2606 vnc_flush(vs);
2607 vnc_client_error(vs);
2608 return 0;
2609 }
2610 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2611 * as equivalent to v3.3 by servers
2612 */
2613 if (vs->minor == 4 || vs->minor == 5)
2614 vs->minor = 3;
2615
2616 if (vs->minor == 3) {
2617 if (vs->auth == VNC_AUTH_NONE) {
2618 VNC_DEBUG("Tell client auth none\n");
2619 vnc_write_u32(vs, vs->auth);
2620 vnc_flush(vs);
2621 start_client_init(vs);
2622 } else if (vs->auth == VNC_AUTH_VNC) {
2623 VNC_DEBUG("Tell client VNC auth\n");
2624 vnc_write_u32(vs, vs->auth);
2625 vnc_flush(vs);
2626 start_auth_vnc(vs);
2627 } else {
2628 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2629 vnc_write_u32(vs, VNC_AUTH_INVALID);
2630 vnc_flush(vs);
2631 vnc_client_error(vs);
2632 }
2633 } else {
2634 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2635 vnc_write_u8(vs, 1); /* num auth */
2636 vnc_write_u8(vs, vs->auth);
2637 vnc_read_when(vs, protocol_client_auth, 1);
2638 vnc_flush(vs);
2639 }
2640
2641 return 0;
2642 }
2643
2644 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2645 {
2646 struct VncSurface *vs = &vd->guest;
2647
2648 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2649 }
2650
2651 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2652 {
2653 int i, j;
2654
2655 w = (x + w) / VNC_STAT_RECT;
2656 h = (y + h) / VNC_STAT_RECT;
2657 x /= VNC_STAT_RECT;
2658 y /= VNC_STAT_RECT;
2659
2660 for (j = y; j <= h; j++) {
2661 for (i = x; i <= w; i++) {
2662 vs->lossy_rect[j][i] = 1;
2663 }
2664 }
2665 }
2666
2667 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2668 {
2669 VncState *vs;
2670 int sty = y / VNC_STAT_RECT;
2671 int stx = x / VNC_STAT_RECT;
2672 int has_dirty = 0;
2673
2674 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2675 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2676
2677 QTAILQ_FOREACH(vs, &vd->clients, next) {
2678 int j;
2679
2680 /* kernel send buffers are full -> refresh later */
2681 if (vs->output.offset) {
2682 continue;
2683 }
2684
2685 if (!vs->lossy_rect[sty][stx]) {
2686 continue;
2687 }
2688
2689 vs->lossy_rect[sty][stx] = 0;
2690 for (j = 0; j < VNC_STAT_RECT; ++j) {
2691 bitmap_set(vs->dirty[y + j],
2692 x / VNC_DIRTY_PIXELS_PER_BIT,
2693 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2694 }
2695 has_dirty++;
2696 }
2697
2698 return has_dirty;
2699 }
2700
2701 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2702 {
2703 int width = pixman_image_get_width(vd->guest.fb);
2704 int height = pixman_image_get_height(vd->guest.fb);
2705 int x, y;
2706 struct timeval res;
2707 int has_dirty = 0;
2708
2709 for (y = 0; y < height; y += VNC_STAT_RECT) {
2710 for (x = 0; x < width; x += VNC_STAT_RECT) {
2711 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2712
2713 rect->updated = false;
2714 }
2715 }
2716
2717 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2718
2719 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2720 return has_dirty;
2721 }
2722 vd->guest.last_freq_check = *tv;
2723
2724 for (y = 0; y < height; y += VNC_STAT_RECT) {
2725 for (x = 0; x < width; x += VNC_STAT_RECT) {
2726 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2727 int count = ARRAY_SIZE(rect->times);
2728 struct timeval min, max;
2729
2730 if (!timerisset(&rect->times[count - 1])) {
2731 continue ;
2732 }
2733
2734 max = rect->times[(rect->idx + count - 1) % count];
2735 qemu_timersub(tv, &max, &res);
2736
2737 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2738 rect->freq = 0;
2739 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2740 memset(rect->times, 0, sizeof (rect->times));
2741 continue ;
2742 }
2743
2744 min = rect->times[rect->idx];
2745 max = rect->times[(rect->idx + count - 1) % count];
2746 qemu_timersub(&max, &min, &res);
2747
2748 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2749 rect->freq /= count;
2750 rect->freq = 1. / rect->freq;
2751 }
2752 }
2753 return has_dirty;
2754 }
2755
2756 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2757 {
2758 int i, j;
2759 double total = 0;
2760 int num = 0;
2761
2762 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2763 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2764
2765 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2766 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2767 total += vnc_stat_rect(vs->vd, i, j)->freq;
2768 num++;
2769 }
2770 }
2771
2772 if (num) {
2773 return total / num;
2774 } else {
2775 return 0;
2776 }
2777 }
2778
2779 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2780 {
2781 VncRectStat *rect;
2782
2783 rect = vnc_stat_rect(vd, x, y);
2784 if (rect->updated) {
2785 return ;
2786 }
2787 rect->times[rect->idx] = *tv;
2788 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2789 rect->updated = true;
2790 }
2791
2792 static int vnc_refresh_server_surface(VncDisplay *vd)
2793 {
2794 int width = MIN(pixman_image_get_width(vd->guest.fb),
2795 pixman_image_get_width(vd->server));
2796 int height = MIN(pixman_image_get_height(vd->guest.fb),
2797 pixman_image_get_height(vd->server));
2798 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2799 uint8_t *guest_row0 = NULL, *server_row0;
2800 VncState *vs;
2801 int has_dirty = 0;
2802 pixman_image_t *tmpbuf = NULL;
2803
2804 struct timeval tv = { 0, 0 };
2805
2806 if (!vd->non_adaptive) {
2807 gettimeofday(&tv, NULL);
2808 has_dirty = vnc_update_stats(vd, &tv);
2809 }
2810
2811 /*
2812 * Walk through the guest dirty map.
2813 * Check and copy modified bits from guest to server surface.
2814 * Update server dirty map.
2815 */
2816 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2817 server_stride = guest_stride = guest_ll =
2818 pixman_image_get_stride(vd->server);
2819 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2820 server_stride);
2821 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2822 int width = pixman_image_get_width(vd->server);
2823 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2824 } else {
2825 int guest_bpp =
2826 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2827 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2828 guest_stride = pixman_image_get_stride(vd->guest.fb);
2829 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2830 }
2831 line_bytes = MIN(server_stride, guest_ll);
2832
2833 for (;;) {
2834 int x;
2835 uint8_t *guest_ptr, *server_ptr;
2836 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2837 height * VNC_DIRTY_BPL(&vd->guest),
2838 y * VNC_DIRTY_BPL(&vd->guest));
2839 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2840 /* no more dirty bits */
2841 break;
2842 }
2843 y = offset / VNC_DIRTY_BPL(&vd->guest);
2844 x = offset % VNC_DIRTY_BPL(&vd->guest);
2845
2846 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2847
2848 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2849 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2850 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2851 } else {
2852 guest_ptr = guest_row0 + y * guest_stride;
2853 }
2854 guest_ptr += x * cmp_bytes;
2855
2856 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2857 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2858 int _cmp_bytes = cmp_bytes;
2859 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2860 continue;
2861 }
2862 if ((x + 1) * cmp_bytes > line_bytes) {
2863 _cmp_bytes = line_bytes - x * cmp_bytes;
2864 }
2865 assert(_cmp_bytes >= 0);
2866 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2867 continue;
2868 }
2869 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2870 if (!vd->non_adaptive) {
2871 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2872 y, &tv);
2873 }
2874 QTAILQ_FOREACH(vs, &vd->clients, next) {
2875 set_bit(x, vs->dirty[y]);
2876 }
2877 has_dirty++;
2878 }
2879
2880 y++;
2881 }
2882 qemu_pixman_image_unref(tmpbuf);
2883 return has_dirty;
2884 }
2885
2886 static void vnc_refresh(DisplayChangeListener *dcl)
2887 {
2888 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2889 VncState *vs, *vn;
2890 int has_dirty, rects = 0;
2891
2892 if (QTAILQ_EMPTY(&vd->clients)) {
2893 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2894 return;
2895 }
2896
2897 graphic_hw_update(vd->dcl.con);
2898
2899 if (vnc_trylock_display(vd)) {
2900 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2901 return;
2902 }
2903
2904 has_dirty = vnc_refresh_server_surface(vd);
2905 vnc_unlock_display(vd);
2906
2907 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2908 rects += vnc_update_client(vs, has_dirty, false);
2909 /* vs might be free()ed here */
2910 }
2911
2912 if (has_dirty && rects) {
2913 vd->dcl.update_interval /= 2;
2914 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2915 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2916 }
2917 } else {
2918 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2919 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2920 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2921 }
2922 }
2923 }
2924
2925 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2926 bool skipauth, bool websocket)
2927 {
2928 VncState *vs = g_new0(VncState, 1);
2929 int i;
2930
2931 vs->sioc = sioc;
2932 object_ref(OBJECT(vs->sioc));
2933 vs->ioc = QIO_CHANNEL(sioc);
2934 object_ref(OBJECT(vs->ioc));
2935 vs->vd = vd;
2936
2937 buffer_init(&vs->input, "vnc-input/%p", sioc);
2938 buffer_init(&vs->output, "vnc-output/%p", sioc);
2939 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2940
2941 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2942 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2943 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2944 #ifdef CONFIG_VNC_JPEG
2945 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2946 #endif
2947 #ifdef CONFIG_VNC_PNG
2948 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2949 #endif
2950 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2951 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2952 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2953 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2954
2955 if (skipauth) {
2956 vs->auth = VNC_AUTH_NONE;
2957 vs->subauth = VNC_AUTH_INVALID;
2958 } else {
2959 if (websocket) {
2960 vs->auth = vd->ws_auth;
2961 vs->subauth = VNC_AUTH_INVALID;
2962 } else {
2963 vs->auth = vd->auth;
2964 vs->subauth = vd->subauth;
2965 }
2966 }
2967 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
2968 sioc, websocket, vs->auth, vs->subauth);
2969
2970 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2971 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2972 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
2973 }
2974
2975 VNC_DEBUG("New client on socket %p\n", vs->sioc);
2976 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2977 qio_channel_set_blocking(vs->ioc, false, NULL);
2978 if (websocket) {
2979 vs->websocket = 1;
2980 if (vd->ws_tls) {
2981 vs->ioc_tag = qio_channel_add_watch(
2982 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
2983 } else {
2984 vs->ioc_tag = qio_channel_add_watch(
2985 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
2986 }
2987 } else {
2988 vs->ioc_tag = qio_channel_add_watch(
2989 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
2990 }
2991
2992 vnc_client_cache_addr(vs);
2993 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
2994 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2995
2996 if (!vs->websocket) {
2997 vnc_init_state(vs);
2998 }
2999
3000 if (vd->num_connecting > vd->connections_limit) {
3001 QTAILQ_FOREACH(vs, &vd->clients, next) {
3002 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3003 vnc_disconnect_start(vs);
3004 return;
3005 }
3006 }
3007 }
3008 }
3009
3010 void vnc_init_state(VncState *vs)
3011 {
3012 vs->initialized = true;
3013 VncDisplay *vd = vs->vd;
3014 bool first_client = QTAILQ_EMPTY(&vd->clients);
3015
3016 vs->last_x = -1;
3017 vs->last_y = -1;
3018
3019 vs->as.freq = 44100;
3020 vs->as.nchannels = 2;
3021 vs->as.fmt = AUD_FMT_S16;
3022 vs->as.endianness = 0;
3023
3024 qemu_mutex_init(&vs->output_mutex);
3025 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3026
3027 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3028 if (first_client) {
3029 vnc_update_server_surface(vd);
3030 }
3031
3032 graphic_hw_update(vd->dcl.con);
3033
3034 vnc_write(vs, "RFB 003.008\n", 12);
3035 vnc_flush(vs);
3036 vnc_read_when(vs, protocol_version, 12);
3037 reset_keys(vs);
3038 if (vs->vd->lock_key_sync)
3039 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
3040
3041 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3042 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3043
3044 /* vs might be free()ed here */
3045 }
3046
3047 static gboolean vnc_listen_io(QIOChannel *ioc,
3048 GIOCondition condition,
3049 void *opaque)
3050 {
3051 VncDisplay *vs = opaque;
3052 QIOChannelSocket *sioc = NULL;
3053 Error *err = NULL;
3054
3055 /* Catch-up */
3056 graphic_hw_update(vs->dcl.con);
3057 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3058 if (sioc != NULL) {
3059 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3060 vnc_connect(vs, sioc, false,
3061 ioc != QIO_CHANNEL(vs->lsock));
3062 object_unref(OBJECT(sioc));
3063 } else {
3064 /* client probably closed connection before we got there */
3065 error_free(err);
3066 }
3067
3068 return TRUE;
3069 }
3070
3071 static const DisplayChangeListenerOps dcl_ops = {
3072 .dpy_name = "vnc",
3073 .dpy_refresh = vnc_refresh,
3074 .dpy_gfx_copy = vnc_dpy_copy,
3075 .dpy_gfx_update = vnc_dpy_update,
3076 .dpy_gfx_switch = vnc_dpy_switch,
3077 .dpy_gfx_check_format = qemu_pixman_check_format,
3078 .dpy_mouse_set = vnc_mouse_set,
3079 .dpy_cursor_define = vnc_dpy_cursor_define,
3080 };
3081
3082 void vnc_display_init(const char *id)
3083 {
3084 VncDisplay *vs;
3085
3086 if (vnc_display_find(id) != NULL) {
3087 return;
3088 }
3089 vs = g_malloc0(sizeof(*vs));
3090
3091 vs->id = strdup(id);
3092 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
3093
3094 QTAILQ_INIT(&vs->clients);
3095 vs->expires = TIME_MAX;
3096
3097 if (keyboard_layout) {
3098 trace_vnc_key_map_init(keyboard_layout);
3099 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3100 } else {
3101 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3102 }
3103
3104 if (!vs->kbd_layout)
3105 exit(1);
3106
3107 qemu_mutex_init(&vs->mutex);
3108 vnc_start_worker_thread();
3109
3110 vs->dcl.ops = &dcl_ops;
3111 register_displaychangelistener(&vs->dcl);
3112 }
3113
3114
3115 static void vnc_display_close(VncDisplay *vs)
3116 {
3117 if (!vs)
3118 return;
3119 vs->enabled = false;
3120 vs->is_unix = false;
3121 if (vs->lsock != NULL) {
3122 if (vs->lsock_tag) {
3123 g_source_remove(vs->lsock_tag);
3124 }
3125 object_unref(OBJECT(vs->lsock));
3126 vs->lsock = NULL;
3127 }
3128 vs->ws_enabled = false;
3129 if (vs->lwebsock != NULL) {
3130 if (vs->lwebsock_tag) {
3131 g_source_remove(vs->lwebsock_tag);
3132 }
3133 object_unref(OBJECT(vs->lwebsock));
3134 vs->lwebsock = NULL;
3135 }
3136 vs->auth = VNC_AUTH_INVALID;
3137 vs->subauth = VNC_AUTH_INVALID;
3138 if (vs->tlscreds) {
3139 object_unparent(OBJECT(vs->tlscreds));
3140 vs->tlscreds = NULL;
3141 }
3142 g_free(vs->tlsaclname);
3143 vs->tlsaclname = NULL;
3144 }
3145
3146 int vnc_display_password(const char *id, const char *password)
3147 {
3148 VncDisplay *vs = vnc_display_find(id);
3149
3150 if (!vs) {
3151 return -EINVAL;
3152 }
3153 if (vs->auth == VNC_AUTH_NONE) {
3154 error_printf_unless_qmp("If you want use passwords please enable "
3155 "password auth using '-vnc ${dpy},password'.");
3156 return -EINVAL;
3157 }
3158
3159 g_free(vs->password);
3160 vs->password = g_strdup(password);
3161
3162 return 0;
3163 }
3164
3165 int vnc_display_pw_expire(const char *id, time_t expires)
3166 {
3167 VncDisplay *vs = vnc_display_find(id);
3168
3169 if (!vs) {
3170 return -EINVAL;
3171 }
3172
3173 vs->expires = expires;
3174 return 0;
3175 }
3176
3177 char *vnc_display_local_addr(const char *id)
3178 {
3179 VncDisplay *vs = vnc_display_find(id);
3180 SocketAddress *addr;
3181 char *ret;
3182 Error *err = NULL;
3183
3184 assert(vs);
3185
3186 addr = qio_channel_socket_get_local_address(vs->lsock, &err);
3187 if (!addr) {
3188 return NULL;
3189 }
3190
3191 if (addr->type != SOCKET_ADDRESS_KIND_INET) {
3192 qapi_free_SocketAddress(addr);
3193 return NULL;
3194 }
3195 ret = g_strdup_printf("%s;%s", addr->u.inet.data->host,
3196 addr->u.inet.data->port);
3197 qapi_free_SocketAddress(addr);
3198
3199 return ret;
3200 }
3201
3202 static QemuOptsList qemu_vnc_opts = {
3203 .name = "vnc",
3204 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3205 .implied_opt_name = "vnc",
3206 .desc = {
3207 {
3208 .name = "vnc",
3209 .type = QEMU_OPT_STRING,
3210 },{
3211 .name = "websocket",
3212 .type = QEMU_OPT_STRING,
3213 },{
3214 .name = "tls-creds",
3215 .type = QEMU_OPT_STRING,
3216 },{
3217 /* Deprecated in favour of tls-creds */
3218 .name = "x509",
3219 .type = QEMU_OPT_STRING,
3220 },{
3221 .name = "share",
3222 .type = QEMU_OPT_STRING,
3223 },{
3224 .name = "display",
3225 .type = QEMU_OPT_STRING,
3226 },{
3227 .name = "head",
3228 .type = QEMU_OPT_NUMBER,
3229 },{
3230 .name = "connections",
3231 .type = QEMU_OPT_NUMBER,
3232 },{
3233 .name = "to",
3234 .type = QEMU_OPT_NUMBER,
3235 },{
3236 .name = "ipv4",
3237 .type = QEMU_OPT_BOOL,
3238 },{
3239 .name = "ipv6",
3240 .type = QEMU_OPT_BOOL,
3241 },{
3242 .name = "password",
3243 .type = QEMU_OPT_BOOL,
3244 },{
3245 .name = "reverse",
3246 .type = QEMU_OPT_BOOL,
3247 },{
3248 .name = "lock-key-sync",
3249 .type = QEMU_OPT_BOOL,
3250 },{
3251 .name = "sasl",
3252 .type = QEMU_OPT_BOOL,
3253 },{
3254 /* Deprecated in favour of tls-creds */
3255 .name = "tls",
3256 .type = QEMU_OPT_BOOL,
3257 },{
3258 /* Deprecated in favour of tls-creds */
3259 .name = "x509verify",
3260 .type = QEMU_OPT_STRING,
3261 },{
3262 .name = "acl",
3263 .type = QEMU_OPT_BOOL,
3264 },{
3265 .name = "lossy",
3266 .type = QEMU_OPT_BOOL,
3267 },{
3268 .name = "non-adaptive",
3269 .type = QEMU_OPT_BOOL,
3270 },
3271 { /* end of list */ }
3272 },
3273 };
3274
3275
3276 static int
3277 vnc_display_setup_auth(VncDisplay *vs,
3278 bool password,
3279 bool sasl,
3280 bool websocket,
3281 Error **errp)
3282 {
3283 /*
3284 * We have a choice of 3 authentication options
3285 *
3286 * 1. none
3287 * 2. vnc
3288 * 3. sasl
3289 *
3290 * The channel can be run in 2 modes
3291 *
3292 * 1. clear
3293 * 2. tls
3294 *
3295 * And TLS can use 2 types of credentials
3296 *
3297 * 1. anon
3298 * 2. x509
3299 *
3300 * We thus have 9 possible logical combinations
3301 *
3302 * 1. clear + none
3303 * 2. clear + vnc
3304 * 3. clear + sasl
3305 * 4. tls + anon + none
3306 * 5. tls + anon + vnc
3307 * 6. tls + anon + sasl
3308 * 7. tls + x509 + none
3309 * 8. tls + x509 + vnc
3310 * 9. tls + x509 + sasl
3311 *
3312 * These need to be mapped into the VNC auth schemes
3313 * in an appropriate manner. In regular VNC, all the
3314 * TLS options get mapped into VNC_AUTH_VENCRYPT
3315 * sub-auth types.
3316 *
3317 * In websockets, the https:// protocol already provides
3318 * TLS support, so there is no need to make use of the
3319 * VeNCrypt extension. Furthermore, websockets browser
3320 * clients could not use VeNCrypt even if they wanted to,
3321 * as they cannot control when the TLS handshake takes
3322 * place. Thus there is no option but to rely on https://,
3323 * meaning combinations 4->6 and 7->9 will be mapped to
3324 * VNC auth schemes in the same way as combos 1->3.
3325 *
3326 * Regardless of fact that we have a different mapping to
3327 * VNC auth mechs for plain VNC vs websockets VNC, the end
3328 * result has the same security characteristics.
3329 */
3330 if (password) {
3331 if (vs->tlscreds) {
3332 vs->auth = VNC_AUTH_VENCRYPT;
3333 if (websocket) {
3334 vs->ws_tls = true;
3335 }
3336 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3337 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3338 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3339 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3340 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3341 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3342 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3343 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3344 } else {
3345 error_setg(errp,
3346 "Unsupported TLS cred type %s",
3347 object_get_typename(OBJECT(vs->tlscreds)));
3348 return -1;
3349 }
3350 } else {
3351 VNC_DEBUG("Initializing VNC server with password auth\n");
3352 vs->auth = VNC_AUTH_VNC;
3353 vs->subauth = VNC_AUTH_INVALID;
3354 }
3355 if (websocket) {
3356 vs->ws_auth = VNC_AUTH_VNC;
3357 } else {
3358 vs->ws_auth = VNC_AUTH_INVALID;
3359 }
3360 } else if (sasl) {
3361 if (vs->tlscreds) {
3362 vs->auth = VNC_AUTH_VENCRYPT;
3363 if (websocket) {
3364 vs->ws_tls = true;
3365 }
3366 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3367 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3368 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3369 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3370 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3371 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3372 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3373 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3374 } else {
3375 error_setg(errp,
3376 "Unsupported TLS cred type %s",
3377 object_get_typename(OBJECT(vs->tlscreds)));
3378 return -1;
3379 }
3380 } else {
3381 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3382 vs->auth = VNC_AUTH_SASL;
3383 vs->subauth = VNC_AUTH_INVALID;
3384 }
3385 if (websocket) {
3386 vs->ws_auth = VNC_AUTH_SASL;
3387 } else {
3388 vs->ws_auth = VNC_AUTH_INVALID;
3389 }
3390 } else {
3391 if (vs->tlscreds) {
3392 vs->auth = VNC_AUTH_VENCRYPT;
3393 if (websocket) {
3394 vs->ws_tls = true;
3395 }
3396 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3397 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3398 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3399 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3400 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3401 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3402 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3403 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3404 } else {
3405 error_setg(errp,
3406 "Unsupported TLS cred type %s",
3407 object_get_typename(OBJECT(vs->tlscreds)));
3408 return -1;
3409 }
3410 } else {
3411 VNC_DEBUG("Initializing VNC server with no auth\n");
3412 vs->auth = VNC_AUTH_NONE;
3413 vs->subauth = VNC_AUTH_INVALID;
3414 }
3415 if (websocket) {
3416 vs->ws_auth = VNC_AUTH_NONE;
3417 } else {
3418 vs->ws_auth = VNC_AUTH_INVALID;
3419 }
3420 }
3421 return 0;
3422 }
3423
3424
3425 /*
3426 * Handle back compat with old CLI syntax by creating some
3427 * suitable QCryptoTLSCreds objects
3428 */
3429 static QCryptoTLSCreds *
3430 vnc_display_create_creds(bool x509,
3431 bool x509verify,
3432 const char *dir,
3433 const char *id,
3434 Error **errp)
3435 {
3436 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3437 Object *parent = object_get_objects_root();
3438 Object *creds;
3439 Error *err = NULL;
3440
3441 if (x509) {
3442 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3443 parent,
3444 credsid,
3445 &err,
3446 "endpoint", "server",
3447 "dir", dir,
3448 "verify-peer", x509verify ? "yes" : "no",
3449 NULL);
3450 } else {
3451 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3452 parent,
3453 credsid,
3454 &err,
3455 "endpoint", "server",
3456 NULL);
3457 }
3458
3459 g_free(credsid);
3460
3461 if (err) {
3462 error_propagate(errp, err);
3463 return NULL;
3464 }
3465
3466 return QCRYPTO_TLS_CREDS(creds);
3467 }
3468
3469
3470 void vnc_display_open(const char *id, Error **errp)
3471 {
3472 VncDisplay *vs = vnc_display_find(id);
3473 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3474 SocketAddress *saddr = NULL, *wsaddr = NULL;
3475 const char *share, *device_id;
3476 QemuConsole *con;
3477 bool password = false;
3478 bool reverse = false;
3479 const char *vnc;
3480 char *h;
3481 const char *credid;
3482 bool sasl = false;
3483 #ifdef CONFIG_VNC_SASL
3484 int saslErr;
3485 #endif
3486 int acl = 0;
3487 int lock_key_sync = 1;
3488
3489 if (!vs) {
3490 error_setg(errp, "VNC display not active");
3491 return;
3492 }
3493 vnc_display_close(vs);
3494
3495 if (!opts) {
3496 return;
3497 }
3498 vnc = qemu_opt_get(opts, "vnc");
3499 if (!vnc || strcmp(vnc, "none") == 0) {
3500 return;
3501 }
3502
3503 h = strrchr(vnc, ':');
3504 if (h) {
3505 size_t hlen = h - vnc;
3506
3507 const char *websocket = qemu_opt_get(opts, "websocket");
3508 int to = qemu_opt_get_number(opts, "to", 0);
3509 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3510 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3511 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3512 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3513
3514 saddr = g_new0(SocketAddress, 1);
3515 if (websocket) {
3516 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3517 error_setg(errp,
3518 "SHA1 hash support is required for websockets");
3519 goto fail;
3520 }
3521
3522 wsaddr = g_new0(SocketAddress, 1);
3523 vs->ws_enabled = true;
3524 }
3525
3526 if (strncmp(vnc, "unix:", 5) == 0) {
3527 saddr->type = SOCKET_ADDRESS_KIND_UNIX;
3528 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
3529 saddr->u.q_unix.data->path = g_strdup(vnc + 5);
3530
3531 if (vs->ws_enabled) {
3532 error_setg(errp, "UNIX sockets not supported with websock");
3533 goto fail;
3534 }
3535 } else {
3536 unsigned long long baseport;
3537 InetSocketAddress *inet;
3538 saddr->type = SOCKET_ADDRESS_KIND_INET;
3539 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1);
3540 if (vnc[0] == '[' && vnc[hlen - 1] == ']') {
3541 inet->host = g_strndup(vnc + 1, hlen - 2);
3542 } else {
3543 inet->host = g_strndup(vnc, hlen);
3544 }
3545 if (parse_uint_full(h + 1, &baseport, 10) < 0) {
3546 error_setg(errp, "can't convert to a number: %s", h + 1);
3547 goto fail;
3548 }
3549 if (baseport > 65535 ||
3550 baseport + 5900 > 65535) {
3551 error_setg(errp, "port %s out of range", h + 1);
3552 goto fail;
3553 }
3554 inet->port = g_strdup_printf(
3555 "%d", (int)baseport + 5900);
3556
3557 if (to) {
3558 inet->has_to = true;
3559 inet->to = to + 5900;
3560 }
3561 inet->ipv4 = ipv4;
3562 inet->has_ipv4 = has_ipv4;
3563 inet->ipv6 = ipv6;
3564 inet->has_ipv6 = has_ipv6;
3565
3566 if (vs->ws_enabled) {
3567 wsaddr->type = SOCKET_ADDRESS_KIND_INET;
3568 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1);
3569 inet->host = g_strdup(saddr->u.inet.data->host);
3570 inet->port = g_strdup(websocket);
3571
3572 if (to) {
3573 inet->has_to = true;
3574 inet->to = to;
3575 }
3576 inet->ipv4 = ipv4;
3577 inet->has_ipv4 = has_ipv4;
3578 inet->ipv6 = ipv6;
3579 inet->has_ipv6 = has_ipv6;
3580 }
3581 }
3582 } else {
3583 error_setg(errp, "no vnc port specified");
3584 goto fail;
3585 }
3586
3587 password = qemu_opt_get_bool(opts, "password", false);
3588 if (password) {
3589 if (fips_get_state()) {
3590 error_setg(errp,
3591 "VNC password auth disabled due to FIPS mode, "
3592 "consider using the VeNCrypt or SASL authentication "
3593 "methods as an alternative");
3594 goto fail;
3595 }
3596 if (!qcrypto_cipher_supports(
3597 QCRYPTO_CIPHER_ALG_DES_RFB)) {
3598 error_setg(errp,
3599 "Cipher backend does not support DES RFB algorithm");
3600 goto fail;
3601 }
3602 }
3603
3604 reverse = qemu_opt_get_bool(opts, "reverse", false);
3605 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3606 sasl = qemu_opt_get_bool(opts, "sasl", false);
3607 #ifndef CONFIG_VNC_SASL
3608 if (sasl) {
3609 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3610 goto fail;
3611 }
3612 #endif /* CONFIG_VNC_SASL */
3613 credid = qemu_opt_get(opts, "tls-creds");
3614 if (credid) {
3615 Object *creds;
3616 if (qemu_opt_get(opts, "tls") ||
3617 qemu_opt_get(opts, "x509") ||
3618 qemu_opt_get(opts, "x509verify")) {
3619 error_setg(errp,
3620 "'tls-creds' parameter is mutually exclusive with "
3621 "'tls', 'x509' and 'x509verify' parameters");
3622 goto fail;
3623 }
3624
3625 creds = object_resolve_path_component(
3626 object_get_objects_root(), credid);
3627 if (!creds) {
3628 error_setg(errp, "No TLS credentials with id '%s'",
3629 credid);
3630 goto fail;
3631 }
3632 vs->tlscreds = (QCryptoTLSCreds *)
3633 object_dynamic_cast(creds,
3634 TYPE_QCRYPTO_TLS_CREDS);
3635 if (!vs->tlscreds) {
3636 error_setg(errp, "Object with id '%s' is not TLS credentials",
3637 credid);
3638 goto fail;
3639 }
3640 object_ref(OBJECT(vs->tlscreds));
3641
3642 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3643 error_setg(errp,
3644 "Expecting TLS credentials with a server endpoint");
3645 goto fail;
3646 }
3647 } else {
3648 const char *path;
3649 bool tls = false, x509 = false, x509verify = false;
3650 tls = qemu_opt_get_bool(opts, "tls", false);
3651 if (tls) {
3652 path = qemu_opt_get(opts, "x509");
3653
3654 if (path) {
3655 x509 = true;
3656 } else {
3657 path = qemu_opt_get(opts, "x509verify");
3658 if (path) {
3659 x509 = true;
3660 x509verify = true;
3661 }
3662 }
3663 vs->tlscreds = vnc_display_create_creds(x509,
3664 x509verify,
3665 path,
3666 vs->id,
3667 errp);
3668 if (!vs->tlscreds) {
3669 goto fail;
3670 }
3671 }
3672 }
3673 acl = qemu_opt_get_bool(opts, "acl", false);
3674
3675 share = qemu_opt_get(opts, "share");
3676 if (share) {
3677 if (strcmp(share, "ignore") == 0) {
3678 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3679 } else if (strcmp(share, "allow-exclusive") == 0) {
3680 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3681 } else if (strcmp(share, "force-shared") == 0) {
3682 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3683 } else {
3684 error_setg(errp, "unknown vnc share= option");
3685 goto fail;
3686 }
3687 } else {
3688 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3689 }
3690 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3691
3692 #ifdef CONFIG_VNC_JPEG
3693 vs->lossy = qemu_opt_get_bool(opts, "lossy", false);
3694 #endif
3695 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3696 /* adaptive updates are only used with tight encoding and
3697 * if lossy updates are enabled so we can disable all the
3698 * calculations otherwise */
3699 if (!vs->lossy) {
3700 vs->non_adaptive = true;
3701 }
3702
3703 if (acl) {
3704 if (strcmp(vs->id, "default") == 0) {
3705 vs->tlsaclname = g_strdup("vnc.x509dname");
3706 } else {
3707 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id);
3708 }
3709 qemu_acl_init(vs->tlsaclname);
3710 }
3711 #ifdef CONFIG_VNC_SASL
3712 if (acl && sasl) {
3713 char *aclname;
3714
3715 if (strcmp(vs->id, "default") == 0) {
3716 aclname = g_strdup("vnc.username");
3717 } else {
3718 aclname = g_strdup_printf("vnc.%s.username", vs->id);
3719 }
3720 vs->sasl.acl = qemu_acl_init(aclname);
3721 g_free(aclname);
3722 }
3723 #endif
3724
3725 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) {
3726 goto fail;
3727 }
3728
3729 #ifdef CONFIG_VNC_SASL
3730 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3731 error_setg(errp, "Failed to initialize SASL auth: %s",
3732 sasl_errstring(saslErr, NULL, NULL));
3733 goto fail;
3734 }
3735 #endif
3736 vs->lock_key_sync = lock_key_sync;
3737
3738 device_id = qemu_opt_get(opts, "display");
3739 if (device_id) {
3740 int head = qemu_opt_get_number(opts, "head", 0);
3741 Error *err = NULL;
3742
3743 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3744 if (err) {
3745 error_propagate(errp, err);
3746 goto fail;
3747 }
3748 } else {
3749 con = NULL;
3750 }
3751
3752 if (con != vs->dcl.con) {
3753 unregister_displaychangelistener(&vs->dcl);
3754 vs->dcl.con = con;
3755 register_displaychangelistener(&vs->dcl);
3756 }
3757
3758 if (reverse) {
3759 /* connect to viewer */
3760 QIOChannelSocket *sioc = NULL;
3761 vs->lsock = NULL;
3762 vs->lwebsock = NULL;
3763 if (vs->ws_enabled) {
3764 error_setg(errp, "Cannot use websockets in reverse mode");
3765 goto fail;
3766 }
3767 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3768 sioc = qio_channel_socket_new();
3769 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) {
3770 goto fail;
3771 }
3772 vnc_connect(vs, sioc, false, false);
3773 object_unref(OBJECT(sioc));
3774 } else {
3775 vs->lsock = qio_channel_socket_new();
3776 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) {
3777 goto fail;
3778 }
3779 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3780 vs->enabled = true;
3781
3782 if (vs->ws_enabled) {
3783 vs->lwebsock = qio_channel_socket_new();
3784 if (qio_channel_socket_listen_sync(vs->lwebsock,
3785 wsaddr, errp) < 0) {
3786 object_unref(OBJECT(vs->lsock));
3787 vs->lsock = NULL;
3788 goto fail;
3789 }
3790 }
3791
3792 vs->lsock_tag = qio_channel_add_watch(
3793 QIO_CHANNEL(vs->lsock),
3794 G_IO_IN, vnc_listen_io, vs, NULL);
3795 if (vs->ws_enabled) {
3796 vs->lwebsock_tag = qio_channel_add_watch(
3797 QIO_CHANNEL(vs->lwebsock),
3798 G_IO_IN, vnc_listen_io, vs, NULL);
3799 }
3800 }
3801
3802 qapi_free_SocketAddress(saddr);
3803 qapi_free_SocketAddress(wsaddr);
3804 return;
3805
3806 fail:
3807 qapi_free_SocketAddress(saddr);
3808 qapi_free_SocketAddress(wsaddr);
3809 vs->enabled = false;
3810 vs->ws_enabled = false;
3811 }
3812
3813 void vnc_display_add_client(const char *id, int csock, bool skipauth)
3814 {
3815 VncDisplay *vs = vnc_display_find(id);
3816 QIOChannelSocket *sioc;
3817
3818 if (!vs) {
3819 return;
3820 }
3821
3822 sioc = qio_channel_socket_new_fd(csock, NULL);
3823 if (sioc) {
3824 vnc_connect(vs, sioc, skipauth, false);
3825 object_unref(OBJECT(sioc));
3826 }
3827 }
3828
3829 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
3830 {
3831 int i = 2;
3832 char *id;
3833
3834 id = g_strdup("default");
3835 while (qemu_opts_find(olist, id)) {
3836 g_free(id);
3837 id = g_strdup_printf("vnc%d", i++);
3838 }
3839 qemu_opts_set_id(opts, id);
3840 }
3841
3842 QemuOpts *vnc_parse(const char *str, Error **errp)
3843 {
3844 QemuOptsList *olist = qemu_find_opts("vnc");
3845 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
3846 const char *id;
3847
3848 if (!opts) {
3849 return NULL;
3850 }
3851
3852 id = qemu_opts_id(opts);
3853 if (!id) {
3854 /* auto-assign id if not present */
3855 vnc_auto_assign_id(olist, opts);
3856 }
3857 return opts;
3858 }
3859
3860 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
3861 {
3862 Error *local_err = NULL;
3863 char *id = (char *)qemu_opts_id(opts);
3864
3865 assert(id);
3866 vnc_display_init(id);
3867 vnc_display_open(id, &local_err);
3868 if (local_err != NULL) {
3869 error_reportf_err(local_err, "Failed to start VNC server: ");
3870 exit(1);
3871 }
3872 return 0;
3873 }
3874
3875 static void vnc_register_config(void)
3876 {
3877 qemu_add_opts(&qemu_vnc_opts);
3878 }
3879 opts_init(vnc_register_config);
QEMU mirror