1 | /* |
2 | * QEMU VNC display driver |
3 | * |
4 | * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> |
5 | * Copyright (C) 2006 Fabrice Bellard |
6 | * Copyright (C) 2009 Red Hat, Inc |
7 | * |
8 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
9 | * of this software and associated documentation files (the "Software"), to deal |
10 | * in the Software without restriction, including without limitation the rights |
11 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
12 | * copies of the Software, and to permit persons to whom the Software is |
13 | * furnished to do so, subject to the following conditions: |
14 | * |
15 | * The above copyright notice and this permission notice shall be included in |
16 | * all copies or substantial portions of the Software. |
17 | * |
18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
19 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
20 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
21 | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
22 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
23 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
24 | * THE SOFTWARE. |
25 | */ |
26 | |
27 | #include "qemu/osdep.h" |
28 | #include "vnc.h" |
29 | #include "vnc-jobs.h" |
30 | #include "trace.h" |
31 | #include "hw/qdev-core.h" |
32 | #include "sysemu/sysemu.h" |
33 | #include "qemu/error-report.h" |
34 | #include "qemu/main-loop.h" |
35 | #include "qemu/module.h" |
36 | #include "qemu/option.h" |
37 | #include "qemu/sockets.h" |
38 | #include "qemu/timer.h" |
39 | #include "authz/list.h" |
40 | #include "qemu/config-file.h" |
41 | #include "qapi/qapi-emit-events.h" |
42 | #include "qapi/qapi-events-ui.h" |
43 | #include "qapi/error.h" |
44 | #include "qapi/qapi-commands-ui.h" |
45 | #include "ui/input.h" |
46 | #include "crypto/hash.h" |
47 | #include "crypto/tlscredsanon.h" |
48 | #include "crypto/tlscredsx509.h" |
49 | #include "crypto/random.h" |
50 | #include "qom/object_interfaces.h" |
51 | #include "qemu/cutils.h" |
52 | #include "io/dns-resolver.h" |
53 | |
54 | #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT |
55 | #define VNC_REFRESH_INTERVAL_INC 50 |
56 | #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE |
57 | static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; |
58 | static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; |
59 | |
60 | #include "vnc_keysym.h" |
61 | #include "crypto/cipher.h" |
62 | |
63 | static QTAILQ_HEAD(, VncDisplay) vnc_displays = |
64 | QTAILQ_HEAD_INITIALIZER(vnc_displays); |
65 | |
66 | static int vnc_cursor_define(VncState *vs); |
67 | static void vnc_update_throttle_offset(VncState *vs); |
68 | |
69 | static void vnc_set_share_mode(VncState *vs, VncShareMode mode) |
70 | { |
71 | #ifdef _VNC_DEBUG |
72 | static const char *mn[] = { |
73 | [0] = "undefined" , |
74 | [VNC_SHARE_MODE_CONNECTING] = "connecting" , |
75 | [VNC_SHARE_MODE_SHARED] = "shared" , |
76 | [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive" , |
77 | [VNC_SHARE_MODE_DISCONNECTED] = "disconnected" , |
78 | }; |
79 | fprintf(stderr, "%s/%p: %s -> %s\n" , __func__, |
80 | vs->ioc, mn[vs->share_mode], mn[mode]); |
81 | #endif |
82 | |
83 | switch (vs->share_mode) { |
84 | case VNC_SHARE_MODE_CONNECTING: |
85 | vs->vd->num_connecting--; |
86 | break; |
87 | case VNC_SHARE_MODE_SHARED: |
88 | vs->vd->num_shared--; |
89 | break; |
90 | case VNC_SHARE_MODE_EXCLUSIVE: |
91 | vs->vd->num_exclusive--; |
92 | break; |
93 | default: |
94 | break; |
95 | } |
96 | |
97 | vs->share_mode = mode; |
98 | |
99 | switch (vs->share_mode) { |
100 | case VNC_SHARE_MODE_CONNECTING: |
101 | vs->vd->num_connecting++; |
102 | break; |
103 | case VNC_SHARE_MODE_SHARED: |
104 | vs->vd->num_shared++; |
105 | break; |
106 | case VNC_SHARE_MODE_EXCLUSIVE: |
107 | vs->vd->num_exclusive++; |
108 | break; |
109 | default: |
110 | break; |
111 | } |
112 | } |
113 | |
114 | |
115 | static void vnc_init_basic_info(SocketAddress *addr, |
116 | VncBasicInfo *info, |
117 | Error **errp) |
118 | { |
119 | switch (addr->type) { |
120 | case SOCKET_ADDRESS_TYPE_INET: |
121 | info->host = g_strdup(addr->u.inet.host); |
122 | info->service = g_strdup(addr->u.inet.port); |
123 | if (addr->u.inet.ipv6) { |
124 | info->family = NETWORK_ADDRESS_FAMILY_IPV6; |
125 | } else { |
126 | info->family = NETWORK_ADDRESS_FAMILY_IPV4; |
127 | } |
128 | break; |
129 | |
130 | case SOCKET_ADDRESS_TYPE_UNIX: |
131 | info->host = g_strdup("" ); |
132 | info->service = g_strdup(addr->u.q_unix.path); |
133 | info->family = NETWORK_ADDRESS_FAMILY_UNIX; |
134 | break; |
135 | |
136 | case SOCKET_ADDRESS_TYPE_VSOCK: |
137 | case SOCKET_ADDRESS_TYPE_FD: |
138 | error_setg(errp, "Unsupported socket address type %s" , |
139 | SocketAddressType_str(addr->type)); |
140 | break; |
141 | default: |
142 | abort(); |
143 | } |
144 | |
145 | return; |
146 | } |
147 | |
148 | static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, |
149 | VncBasicInfo *info, |
150 | Error **errp) |
151 | { |
152 | SocketAddress *addr = NULL; |
153 | |
154 | if (!ioc) { |
155 | error_setg(errp, "No listener socket available" ); |
156 | return; |
157 | } |
158 | |
159 | addr = qio_channel_socket_get_local_address(ioc, errp); |
160 | if (!addr) { |
161 | return; |
162 | } |
163 | |
164 | vnc_init_basic_info(addr, info, errp); |
165 | qapi_free_SocketAddress(addr); |
166 | } |
167 | |
168 | static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, |
169 | VncBasicInfo *info, |
170 | Error **errp) |
171 | { |
172 | SocketAddress *addr = NULL; |
173 | |
174 | addr = qio_channel_socket_get_remote_address(ioc, errp); |
175 | if (!addr) { |
176 | return; |
177 | } |
178 | |
179 | vnc_init_basic_info(addr, info, errp); |
180 | qapi_free_SocketAddress(addr); |
181 | } |
182 | |
183 | static const char *vnc_auth_name(VncDisplay *vd) { |
184 | switch (vd->auth) { |
185 | case VNC_AUTH_INVALID: |
186 | return "invalid" ; |
187 | case VNC_AUTH_NONE: |
188 | return "none" ; |
189 | case VNC_AUTH_VNC: |
190 | return "vnc" ; |
191 | case VNC_AUTH_RA2: |
192 | return "ra2" ; |
193 | case VNC_AUTH_RA2NE: |
194 | return "ra2ne" ; |
195 | case VNC_AUTH_TIGHT: |
196 | return "tight" ; |
197 | case VNC_AUTH_ULTRA: |
198 | return "ultra" ; |
199 | case VNC_AUTH_TLS: |
200 | return "tls" ; |
201 | case VNC_AUTH_VENCRYPT: |
202 | switch (vd->subauth) { |
203 | case VNC_AUTH_VENCRYPT_PLAIN: |
204 | return "vencrypt+plain" ; |
205 | case VNC_AUTH_VENCRYPT_TLSNONE: |
206 | return "vencrypt+tls+none" ; |
207 | case VNC_AUTH_VENCRYPT_TLSVNC: |
208 | return "vencrypt+tls+vnc" ; |
209 | case VNC_AUTH_VENCRYPT_TLSPLAIN: |
210 | return "vencrypt+tls+plain" ; |
211 | case VNC_AUTH_VENCRYPT_X509NONE: |
212 | return "vencrypt+x509+none" ; |
213 | case VNC_AUTH_VENCRYPT_X509VNC: |
214 | return "vencrypt+x509+vnc" ; |
215 | case VNC_AUTH_VENCRYPT_X509PLAIN: |
216 | return "vencrypt+x509+plain" ; |
217 | case VNC_AUTH_VENCRYPT_TLSSASL: |
218 | return "vencrypt+tls+sasl" ; |
219 | case VNC_AUTH_VENCRYPT_X509SASL: |
220 | return "vencrypt+x509+sasl" ; |
221 | default: |
222 | return "vencrypt" ; |
223 | } |
224 | case VNC_AUTH_SASL: |
225 | return "sasl" ; |
226 | } |
227 | return "unknown" ; |
228 | } |
229 | |
230 | static VncServerInfo *vnc_server_info_get(VncDisplay *vd) |
231 | { |
232 | VncServerInfo *info; |
233 | Error *err = NULL; |
234 | |
235 | if (!vd->listener || !vd->listener->nsioc) { |
236 | return NULL; |
237 | } |
238 | |
239 | info = g_malloc0(sizeof(*info)); |
240 | vnc_init_basic_info_from_server_addr(vd->listener->sioc[0], |
241 | qapi_VncServerInfo_base(info), &err); |
242 | info->has_auth = true; |
243 | info->auth = g_strdup(vnc_auth_name(vd)); |
244 | if (err) { |
245 | qapi_free_VncServerInfo(info); |
246 | info = NULL; |
247 | error_free(err); |
248 | } |
249 | return info; |
250 | } |
251 | |
252 | static void vnc_client_cache_auth(VncState *client) |
253 | { |
254 | if (!client->info) { |
255 | return; |
256 | } |
257 | |
258 | if (client->tls) { |
259 | client->info->x509_dname = |
260 | qcrypto_tls_session_get_peer_name(client->tls); |
261 | client->info->has_x509_dname = |
262 | client->info->x509_dname != NULL; |
263 | } |
264 | #ifdef CONFIG_VNC_SASL |
265 | if (client->sasl.conn && |
266 | client->sasl.username) { |
267 | client->info->has_sasl_username = true; |
268 | client->info->sasl_username = g_strdup(client->sasl.username); |
269 | } |
270 | #endif |
271 | } |
272 | |
273 | static void vnc_client_cache_addr(VncState *client) |
274 | { |
275 | Error *err = NULL; |
276 | |
277 | client->info = g_malloc0(sizeof(*client->info)); |
278 | vnc_init_basic_info_from_remote_addr(client->sioc, |
279 | qapi_VncClientInfo_base(client->info), |
280 | &err); |
281 | if (err) { |
282 | qapi_free_VncClientInfo(client->info); |
283 | client->info = NULL; |
284 | error_free(err); |
285 | } |
286 | } |
287 | |
288 | static void vnc_qmp_event(VncState *vs, QAPIEvent event) |
289 | { |
290 | VncServerInfo *si; |
291 | |
292 | if (!vs->info) { |
293 | return; |
294 | } |
295 | |
296 | si = vnc_server_info_get(vs->vd); |
297 | if (!si) { |
298 | return; |
299 | } |
300 | |
301 | switch (event) { |
302 | case QAPI_EVENT_VNC_CONNECTED: |
303 | qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info)); |
304 | break; |
305 | case QAPI_EVENT_VNC_INITIALIZED: |
306 | qapi_event_send_vnc_initialized(si, vs->info); |
307 | break; |
308 | case QAPI_EVENT_VNC_DISCONNECTED: |
309 | qapi_event_send_vnc_disconnected(si, vs->info); |
310 | break; |
311 | default: |
312 | break; |
313 | } |
314 | |
315 | qapi_free_VncServerInfo(si); |
316 | } |
317 | |
318 | static VncClientInfo *qmp_query_vnc_client(const VncState *client) |
319 | { |
320 | VncClientInfo *info; |
321 | Error *err = NULL; |
322 | |
323 | info = g_malloc0(sizeof(*info)); |
324 | |
325 | vnc_init_basic_info_from_remote_addr(client->sioc, |
326 | qapi_VncClientInfo_base(info), |
327 | &err); |
328 | if (err) { |
329 | error_free(err); |
330 | qapi_free_VncClientInfo(info); |
331 | return NULL; |
332 | } |
333 | |
334 | info->websocket = client->websocket; |
335 | |
336 | if (client->tls) { |
337 | info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); |
338 | info->has_x509_dname = info->x509_dname != NULL; |
339 | } |
340 | #ifdef CONFIG_VNC_SASL |
341 | if (client->sasl.conn && client->sasl.username) { |
342 | info->has_sasl_username = true; |
343 | info->sasl_username = g_strdup(client->sasl.username); |
344 | } |
345 | #endif |
346 | |
347 | return info; |
348 | } |
349 | |
350 | static VncDisplay *vnc_display_find(const char *id) |
351 | { |
352 | VncDisplay *vd; |
353 | |
354 | if (id == NULL) { |
355 | return QTAILQ_FIRST(&vnc_displays); |
356 | } |
357 | QTAILQ_FOREACH(vd, &vnc_displays, next) { |
358 | if (strcmp(id, vd->id) == 0) { |
359 | return vd; |
360 | } |
361 | } |
362 | return NULL; |
363 | } |
364 | |
365 | static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) |
366 | { |
367 | VncClientInfoList *cinfo, *prev = NULL; |
368 | VncState *client; |
369 | |
370 | QTAILQ_FOREACH(client, &vd->clients, next) { |
371 | cinfo = g_new0(VncClientInfoList, 1); |
372 | cinfo->value = qmp_query_vnc_client(client); |
373 | cinfo->next = prev; |
374 | prev = cinfo; |
375 | } |
376 | return prev; |
377 | } |
378 | |
379 | VncInfo *qmp_query_vnc(Error **errp) |
380 | { |
381 | VncInfo *info = g_malloc0(sizeof(*info)); |
382 | VncDisplay *vd = vnc_display_find(NULL); |
383 | SocketAddress *addr = NULL; |
384 | |
385 | if (vd == NULL || !vd->listener || !vd->listener->nsioc) { |
386 | info->enabled = false; |
387 | } else { |
388 | info->enabled = true; |
389 | |
390 | /* for compatibility with the original command */ |
391 | info->has_clients = true; |
392 | info->clients = qmp_query_client_list(vd); |
393 | |
394 | addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], |
395 | errp); |
396 | if (!addr) { |
397 | goto out_error; |
398 | } |
399 | |
400 | switch (addr->type) { |
401 | case SOCKET_ADDRESS_TYPE_INET: |
402 | info->host = g_strdup(addr->u.inet.host); |
403 | info->service = g_strdup(addr->u.inet.port); |
404 | if (addr->u.inet.ipv6) { |
405 | info->family = NETWORK_ADDRESS_FAMILY_IPV6; |
406 | } else { |
407 | info->family = NETWORK_ADDRESS_FAMILY_IPV4; |
408 | } |
409 | break; |
410 | |
411 | case SOCKET_ADDRESS_TYPE_UNIX: |
412 | info->host = g_strdup("" ); |
413 | info->service = g_strdup(addr->u.q_unix.path); |
414 | info->family = NETWORK_ADDRESS_FAMILY_UNIX; |
415 | break; |
416 | |
417 | case SOCKET_ADDRESS_TYPE_VSOCK: |
418 | case SOCKET_ADDRESS_TYPE_FD: |
419 | error_setg(errp, "Unsupported socket address type %s" , |
420 | SocketAddressType_str(addr->type)); |
421 | goto out_error; |
422 | default: |
423 | abort(); |
424 | } |
425 | |
426 | info->has_host = true; |
427 | info->has_service = true; |
428 | info->has_family = true; |
429 | |
430 | info->has_auth = true; |
431 | info->auth = g_strdup(vnc_auth_name(vd)); |
432 | } |
433 | |
434 | qapi_free_SocketAddress(addr); |
435 | return info; |
436 | |
437 | out_error: |
438 | qapi_free_SocketAddress(addr); |
439 | qapi_free_VncInfo(info); |
440 | return NULL; |
441 | } |
442 | |
443 | |
444 | static void qmp_query_auth(int auth, int subauth, |
445 | VncPrimaryAuth *qmp_auth, |
446 | VncVencryptSubAuth *qmp_vencrypt, |
447 | bool *qmp_has_vencrypt); |
448 | |
449 | static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc, |
450 | bool websocket, |
451 | int auth, |
452 | int subauth, |
453 | VncServerInfo2List *prev) |
454 | { |
455 | VncServerInfo2List *list; |
456 | VncServerInfo2 *info; |
457 | Error *err = NULL; |
458 | SocketAddress *addr; |
459 | |
460 | addr = qio_channel_socket_get_local_address(ioc, &err); |
461 | if (!addr) { |
462 | error_free(err); |
463 | return prev; |
464 | } |
465 | |
466 | info = g_new0(VncServerInfo2, 1); |
467 | vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err); |
468 | qapi_free_SocketAddress(addr); |
469 | if (err) { |
470 | qapi_free_VncServerInfo2(info); |
471 | error_free(err); |
472 | return prev; |
473 | } |
474 | info->websocket = websocket; |
475 | |
476 | qmp_query_auth(auth, subauth, &info->auth, |
477 | &info->vencrypt, &info->has_vencrypt); |
478 | |
479 | list = g_new0(VncServerInfo2List, 1); |
480 | list->value = info; |
481 | list->next = prev; |
482 | return list; |
483 | } |
484 | |
485 | static void qmp_query_auth(int auth, int subauth, |
486 | VncPrimaryAuth *qmp_auth, |
487 | VncVencryptSubAuth *qmp_vencrypt, |
488 | bool *qmp_has_vencrypt) |
489 | { |
490 | switch (auth) { |
491 | case VNC_AUTH_VNC: |
492 | *qmp_auth = VNC_PRIMARY_AUTH_VNC; |
493 | break; |
494 | case VNC_AUTH_RA2: |
495 | *qmp_auth = VNC_PRIMARY_AUTH_RA2; |
496 | break; |
497 | case VNC_AUTH_RA2NE: |
498 | *qmp_auth = VNC_PRIMARY_AUTH_RA2NE; |
499 | break; |
500 | case VNC_AUTH_TIGHT: |
501 | *qmp_auth = VNC_PRIMARY_AUTH_TIGHT; |
502 | break; |
503 | case VNC_AUTH_ULTRA: |
504 | *qmp_auth = VNC_PRIMARY_AUTH_ULTRA; |
505 | break; |
506 | case VNC_AUTH_TLS: |
507 | *qmp_auth = VNC_PRIMARY_AUTH_TLS; |
508 | break; |
509 | case VNC_AUTH_VENCRYPT: |
510 | *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT; |
511 | *qmp_has_vencrypt = true; |
512 | switch (subauth) { |
513 | case VNC_AUTH_VENCRYPT_PLAIN: |
514 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; |
515 | break; |
516 | case VNC_AUTH_VENCRYPT_TLSNONE: |
517 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; |
518 | break; |
519 | case VNC_AUTH_VENCRYPT_TLSVNC: |
520 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; |
521 | break; |
522 | case VNC_AUTH_VENCRYPT_TLSPLAIN: |
523 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; |
524 | break; |
525 | case VNC_AUTH_VENCRYPT_X509NONE: |
526 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; |
527 | break; |
528 | case VNC_AUTH_VENCRYPT_X509VNC: |
529 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; |
530 | break; |
531 | case VNC_AUTH_VENCRYPT_X509PLAIN: |
532 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; |
533 | break; |
534 | case VNC_AUTH_VENCRYPT_TLSSASL: |
535 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; |
536 | break; |
537 | case VNC_AUTH_VENCRYPT_X509SASL: |
538 | *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; |
539 | break; |
540 | default: |
541 | *qmp_has_vencrypt = false; |
542 | break; |
543 | } |
544 | break; |
545 | case VNC_AUTH_SASL: |
546 | *qmp_auth = VNC_PRIMARY_AUTH_SASL; |
547 | break; |
548 | case VNC_AUTH_NONE: |
549 | default: |
550 | *qmp_auth = VNC_PRIMARY_AUTH_NONE; |
551 | break; |
552 | } |
553 | } |
554 | |
555 | VncInfo2List *qmp_query_vnc_servers(Error **errp) |
556 | { |
557 | VncInfo2List *item, *prev = NULL; |
558 | VncInfo2 *info; |
559 | VncDisplay *vd; |
560 | DeviceState *dev; |
561 | size_t i; |
562 | |
563 | QTAILQ_FOREACH(vd, &vnc_displays, next) { |
564 | info = g_new0(VncInfo2, 1); |
565 | info->id = g_strdup(vd->id); |
566 | info->clients = qmp_query_client_list(vd); |
567 | qmp_query_auth(vd->auth, vd->subauth, &info->auth, |
568 | &info->vencrypt, &info->has_vencrypt); |
569 | if (vd->dcl.con) { |
570 | dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), |
571 | "device" , NULL)); |
572 | info->has_display = true; |
573 | info->display = g_strdup(dev->id); |
574 | } |
575 | for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) { |
576 | info->server = qmp_query_server_entry( |
577 | vd->listener->sioc[i], false, vd->auth, vd->subauth, |
578 | info->server); |
579 | } |
580 | for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) { |
581 | info->server = qmp_query_server_entry( |
582 | vd->wslistener->sioc[i], true, vd->ws_auth, |
583 | vd->ws_subauth, info->server); |
584 | } |
585 | |
586 | item = g_new0(VncInfo2List, 1); |
587 | item->value = info; |
588 | item->next = prev; |
589 | prev = item; |
590 | } |
591 | return prev; |
592 | } |
593 | |
594 | /* TODO |
595 | 1) Get the queue working for IO. |
596 | 2) there is some weirdness when using the -S option (the screen is grey |
597 | and not totally invalidated |
598 | 3) resolutions > 1024 |
599 | */ |
600 | |
601 | static int vnc_update_client(VncState *vs, int has_dirty); |
602 | static void vnc_disconnect_start(VncState *vs); |
603 | |
604 | static void vnc_colordepth(VncState *vs); |
605 | static void framebuffer_update_request(VncState *vs, int incremental, |
606 | int x_position, int y_position, |
607 | int w, int h); |
608 | static void vnc_refresh(DisplayChangeListener *dcl); |
609 | static int vnc_refresh_server_surface(VncDisplay *vd); |
610 | |
611 | static int vnc_width(VncDisplay *vd) |
612 | { |
613 | return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), |
614 | VNC_DIRTY_PIXELS_PER_BIT)); |
615 | } |
616 | |
617 | static int vnc_height(VncDisplay *vd) |
618 | { |
619 | return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); |
620 | } |
621 | |
622 | static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], |
623 | VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), |
624 | VncDisplay *vd, |
625 | int x, int y, int w, int h) |
626 | { |
627 | int width = vnc_width(vd); |
628 | int height = vnc_height(vd); |
629 | |
630 | /* this is needed this to ensure we updated all affected |
631 | * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ |
632 | w += (x % VNC_DIRTY_PIXELS_PER_BIT); |
633 | x -= (x % VNC_DIRTY_PIXELS_PER_BIT); |
634 | |
635 | x = MIN(x, width); |
636 | y = MIN(y, height); |
637 | w = MIN(x + w, width) - x; |
638 | h = MIN(y + h, height); |
639 | |
640 | for (; y < h; y++) { |
641 | bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, |
642 | DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); |
643 | } |
644 | } |
645 | |
646 | static void vnc_dpy_update(DisplayChangeListener *dcl, |
647 | int x, int y, int w, int h) |
648 | { |
649 | VncDisplay *vd = container_of(dcl, VncDisplay, dcl); |
650 | struct VncSurface *s = &vd->guest; |
651 | |
652 | vnc_set_area_dirty(s->dirty, vd, x, y, w, h); |
653 | } |
654 | |
655 | void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, |
656 | int32_t encoding) |
657 | { |
658 | vnc_write_u16(vs, x); |
659 | vnc_write_u16(vs, y); |
660 | vnc_write_u16(vs, w); |
661 | vnc_write_u16(vs, h); |
662 | |
663 | vnc_write_s32(vs, encoding); |
664 | } |
665 | |
666 | |
667 | static void vnc_desktop_resize(VncState *vs) |
668 | { |
669 | if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { |
670 | return; |
671 | } |
672 | if (vs->client_width == pixman_image_get_width(vs->vd->server) && |
673 | vs->client_height == pixman_image_get_height(vs->vd->server)) { |
674 | return; |
675 | } |
676 | |
677 | assert(pixman_image_get_width(vs->vd->server) < 65536 && |
678 | pixman_image_get_width(vs->vd->server) >= 0); |
679 | assert(pixman_image_get_height(vs->vd->server) < 65536 && |
680 | pixman_image_get_height(vs->vd->server) >= 0); |
681 | vs->client_width = pixman_image_get_width(vs->vd->server); |
682 | vs->client_height = pixman_image_get_height(vs->vd->server); |
683 | vnc_lock_output(vs); |
684 | vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); |
685 | vnc_write_u8(vs, 0); |
686 | vnc_write_u16(vs, 1); /* number of rects */ |
687 | vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, |
688 | VNC_ENCODING_DESKTOPRESIZE); |
689 | vnc_unlock_output(vs); |
690 | vnc_flush(vs); |
691 | } |
692 | |
693 | static void vnc_abort_display_jobs(VncDisplay *vd) |
694 | { |
695 | VncState *vs; |
696 | |
697 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
698 | vnc_lock_output(vs); |
699 | vs->abort = true; |
700 | vnc_unlock_output(vs); |
701 | } |
702 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
703 | vnc_jobs_join(vs); |
704 | } |
705 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
706 | vnc_lock_output(vs); |
707 | if (vs->update == VNC_STATE_UPDATE_NONE && |
708 | vs->job_update != VNC_STATE_UPDATE_NONE) { |
709 | /* job aborted before completion */ |
710 | vs->update = vs->job_update; |
711 | vs->job_update = VNC_STATE_UPDATE_NONE; |
712 | } |
713 | vs->abort = false; |
714 | vnc_unlock_output(vs); |
715 | } |
716 | } |
717 | |
718 | int vnc_server_fb_stride(VncDisplay *vd) |
719 | { |
720 | return pixman_image_get_stride(vd->server); |
721 | } |
722 | |
723 | void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) |
724 | { |
725 | uint8_t *ptr; |
726 | |
727 | ptr = (uint8_t *)pixman_image_get_data(vd->server); |
728 | ptr += y * vnc_server_fb_stride(vd); |
729 | ptr += x * VNC_SERVER_FB_BYTES; |
730 | return ptr; |
731 | } |
732 | |
733 | static void vnc_update_server_surface(VncDisplay *vd) |
734 | { |
735 | int width, height; |
736 | |
737 | qemu_pixman_image_unref(vd->server); |
738 | vd->server = NULL; |
739 | |
740 | if (QTAILQ_EMPTY(&vd->clients)) { |
741 | return; |
742 | } |
743 | |
744 | width = vnc_width(vd); |
745 | height = vnc_height(vd); |
746 | vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, |
747 | width, height, |
748 | NULL, 0); |
749 | |
750 | memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); |
751 | vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, |
752 | width, height); |
753 | } |
754 | |
755 | static bool vnc_check_pageflip(DisplaySurface *s1, |
756 | DisplaySurface *s2) |
757 | { |
758 | return (s1 != NULL && |
759 | s2 != NULL && |
760 | surface_width(s1) == surface_width(s2) && |
761 | surface_height(s1) == surface_height(s2) && |
762 | surface_format(s1) == surface_format(s2)); |
763 | |
764 | } |
765 | |
766 | static void vnc_dpy_switch(DisplayChangeListener *dcl, |
767 | DisplaySurface *surface) |
768 | { |
769 | static const char placeholder_msg[] = |
770 | "Display output is not active." ; |
771 | static DisplaySurface *placeholder; |
772 | VncDisplay *vd = container_of(dcl, VncDisplay, dcl); |
773 | bool pageflip = vnc_check_pageflip(vd->ds, surface); |
774 | VncState *vs; |
775 | |
776 | if (surface == NULL) { |
777 | if (placeholder == NULL) { |
778 | placeholder = qemu_create_message_surface(640, 480, placeholder_msg); |
779 | } |
780 | surface = placeholder; |
781 | } |
782 | |
783 | vnc_abort_display_jobs(vd); |
784 | vd->ds = surface; |
785 | |
786 | /* guest surface */ |
787 | qemu_pixman_image_unref(vd->guest.fb); |
788 | vd->guest.fb = pixman_image_ref(surface->image); |
789 | vd->guest.format = surface->format; |
790 | |
791 | if (pageflip) { |
792 | vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, |
793 | surface_width(surface), |
794 | surface_height(surface)); |
795 | return; |
796 | } |
797 | |
798 | /* server surface */ |
799 | vnc_update_server_surface(vd); |
800 | |
801 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
802 | vnc_colordepth(vs); |
803 | vnc_desktop_resize(vs); |
804 | if (vs->vd->cursor) { |
805 | vnc_cursor_define(vs); |
806 | } |
807 | memset(vs->dirty, 0x00, sizeof(vs->dirty)); |
808 | vnc_set_area_dirty(vs->dirty, vd, 0, 0, |
809 | vnc_width(vd), |
810 | vnc_height(vd)); |
811 | vnc_update_throttle_offset(vs); |
812 | } |
813 | } |
814 | |
815 | /* fastest code */ |
816 | static void vnc_write_pixels_copy(VncState *vs, |
817 | void *pixels, int size) |
818 | { |
819 | vnc_write(vs, pixels, size); |
820 | } |
821 | |
822 | /* slowest but generic code. */ |
823 | void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) |
824 | { |
825 | uint8_t r, g, b; |
826 | |
827 | #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) |
828 | r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; |
829 | g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; |
830 | b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; |
831 | #else |
832 | # error need some bits here if you change VNC_SERVER_FB_FORMAT |
833 | #endif |
834 | v = (r << vs->client_pf.rshift) | |
835 | (g << vs->client_pf.gshift) | |
836 | (b << vs->client_pf.bshift); |
837 | switch (vs->client_pf.bytes_per_pixel) { |
838 | case 1: |
839 | buf[0] = v; |
840 | break; |
841 | case 2: |
842 | if (vs->client_be) { |
843 | buf[0] = v >> 8; |
844 | buf[1] = v; |
845 | } else { |
846 | buf[1] = v >> 8; |
847 | buf[0] = v; |
848 | } |
849 | break; |
850 | default: |
851 | case 4: |
852 | if (vs->client_be) { |
853 | buf[0] = v >> 24; |
854 | buf[1] = v >> 16; |
855 | buf[2] = v >> 8; |
856 | buf[3] = v; |
857 | } else { |
858 | buf[3] = v >> 24; |
859 | buf[2] = v >> 16; |
860 | buf[1] = v >> 8; |
861 | buf[0] = v; |
862 | } |
863 | break; |
864 | } |
865 | } |
866 | |
867 | static void vnc_write_pixels_generic(VncState *vs, |
868 | void *pixels1, int size) |
869 | { |
870 | uint8_t buf[4]; |
871 | |
872 | if (VNC_SERVER_FB_BYTES == 4) { |
873 | uint32_t *pixels = pixels1; |
874 | int n, i; |
875 | n = size >> 2; |
876 | for (i = 0; i < n; i++) { |
877 | vnc_convert_pixel(vs, buf, pixels[i]); |
878 | vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); |
879 | } |
880 | } |
881 | } |
882 | |
883 | int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) |
884 | { |
885 | int i; |
886 | uint8_t *row; |
887 | VncDisplay *vd = vs->vd; |
888 | |
889 | row = vnc_server_fb_ptr(vd, x, y); |
890 | for (i = 0; i < h; i++) { |
891 | vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); |
892 | row += vnc_server_fb_stride(vd); |
893 | } |
894 | return 1; |
895 | } |
896 | |
897 | int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) |
898 | { |
899 | int n = 0; |
900 | bool encode_raw = false; |
901 | size_t saved_offs = vs->output.offset; |
902 | |
903 | switch(vs->vnc_encoding) { |
904 | case VNC_ENCODING_ZLIB: |
905 | n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); |
906 | break; |
907 | case VNC_ENCODING_HEXTILE: |
908 | vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); |
909 | n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); |
910 | break; |
911 | case VNC_ENCODING_TIGHT: |
912 | n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); |
913 | break; |
914 | case VNC_ENCODING_TIGHT_PNG: |
915 | n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); |
916 | break; |
917 | case VNC_ENCODING_ZRLE: |
918 | n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); |
919 | break; |
920 | case VNC_ENCODING_ZYWRLE: |
921 | n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); |
922 | break; |
923 | default: |
924 | encode_raw = true; |
925 | break; |
926 | } |
927 | |
928 | /* If the client has the same pixel format as our internal buffer and |
929 | * a RAW encoding would need less space fall back to RAW encoding to |
930 | * save bandwidth and processing power in the client. */ |
931 | if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && |
932 | 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { |
933 | vs->output.offset = saved_offs; |
934 | encode_raw = true; |
935 | } |
936 | |
937 | if (encode_raw) { |
938 | vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); |
939 | n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); |
940 | } |
941 | |
942 | return n; |
943 | } |
944 | |
945 | static void vnc_mouse_set(DisplayChangeListener *dcl, |
946 | int x, int y, int visible) |
947 | { |
948 | /* can we ask the client(s) to move the pointer ??? */ |
949 | } |
950 | |
951 | static int vnc_cursor_define(VncState *vs) |
952 | { |
953 | QEMUCursor *c = vs->vd->cursor; |
954 | int isize; |
955 | |
956 | if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { |
957 | vnc_lock_output(vs); |
958 | vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); |
959 | vnc_write_u8(vs, 0); /* padding */ |
960 | vnc_write_u16(vs, 1); /* # of rects */ |
961 | vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, |
962 | VNC_ENCODING_RICH_CURSOR); |
963 | isize = c->width * c->height * vs->client_pf.bytes_per_pixel; |
964 | vnc_write_pixels_generic(vs, c->data, isize); |
965 | vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); |
966 | vnc_unlock_output(vs); |
967 | return 0; |
968 | } |
969 | return -1; |
970 | } |
971 | |
972 | static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, |
973 | QEMUCursor *c) |
974 | { |
975 | VncDisplay *vd = container_of(dcl, VncDisplay, dcl); |
976 | VncState *vs; |
977 | |
978 | cursor_put(vd->cursor); |
979 | g_free(vd->cursor_mask); |
980 | |
981 | vd->cursor = c; |
982 | cursor_get(vd->cursor); |
983 | vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; |
984 | vd->cursor_mask = g_malloc0(vd->cursor_msize); |
985 | cursor_get_mono_mask(c, 0, vd->cursor_mask); |
986 | |
987 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
988 | vnc_cursor_define(vs); |
989 | } |
990 | } |
991 | |
992 | static int find_and_clear_dirty_height(VncState *vs, |
993 | int y, int last_x, int x, int height) |
994 | { |
995 | int h; |
996 | |
997 | for (h = 1; h < (height - y); h++) { |
998 | if (!test_bit(last_x, vs->dirty[y + h])) { |
999 | break; |
1000 | } |
1001 | bitmap_clear(vs->dirty[y + h], last_x, x - last_x); |
1002 | } |
1003 | |
1004 | return h; |
1005 | } |
1006 | |
1007 | /* |
1008 | * Figure out how much pending data we should allow in the output |
1009 | * buffer before we throttle incremental display updates, and/or |
1010 | * drop audio samples. |
1011 | * |
1012 | * We allow for equiv of 1 full display's worth of FB updates, |
1013 | * and 1 second of audio samples. If audio backlog was larger |
1014 | * than that the client would already suffering awful audio |
1015 | * glitches, so dropping samples is no worse really). |
1016 | */ |
1017 | static void vnc_update_throttle_offset(VncState *vs) |
1018 | { |
1019 | size_t offset = |
1020 | vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel; |
1021 | |
1022 | if (vs->audio_cap) { |
1023 | int bps; |
1024 | switch (vs->as.fmt) { |
1025 | default: |
1026 | case AUDIO_FORMAT_U8: |
1027 | case AUDIO_FORMAT_S8: |
1028 | bps = 1; |
1029 | break; |
1030 | case AUDIO_FORMAT_U16: |
1031 | case AUDIO_FORMAT_S16: |
1032 | bps = 2; |
1033 | break; |
1034 | case AUDIO_FORMAT_U32: |
1035 | case AUDIO_FORMAT_S32: |
1036 | bps = 4; |
1037 | break; |
1038 | } |
1039 | offset += vs->as.freq * bps * vs->as.nchannels; |
1040 | } |
1041 | |
1042 | /* Put a floor of 1MB on offset, so that if we have a large pending |
1043 | * buffer and the display is resized to a small size & back again |
1044 | * we don't suddenly apply a tiny send limit |
1045 | */ |
1046 | offset = MAX(offset, 1024 * 1024); |
1047 | |
1048 | if (vs->throttle_output_offset != offset) { |
1049 | trace_vnc_client_throttle_threshold( |
1050 | vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width, |
1051 | vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap); |
1052 | } |
1053 | |
1054 | vs->throttle_output_offset = offset; |
1055 | } |
1056 | |
1057 | static bool vnc_should_update(VncState *vs) |
1058 | { |
1059 | switch (vs->update) { |
1060 | case VNC_STATE_UPDATE_NONE: |
1061 | break; |
1062 | case VNC_STATE_UPDATE_INCREMENTAL: |
1063 | /* Only allow incremental updates if the pending send queue |
1064 | * is less than the permitted threshold, and the job worker |
1065 | * is completely idle. |
1066 | */ |
1067 | if (vs->output.offset < vs->throttle_output_offset && |
1068 | vs->job_update == VNC_STATE_UPDATE_NONE) { |
1069 | return true; |
1070 | } |
1071 | trace_vnc_client_throttle_incremental( |
1072 | vs, vs->ioc, vs->job_update, vs->output.offset); |
1073 | break; |
1074 | case VNC_STATE_UPDATE_FORCE: |
1075 | /* Only allow forced updates if the pending send queue |
1076 | * does not contain a previous forced update, and the |
1077 | * job worker is completely idle. |
1078 | * |
1079 | * Note this means we'll queue a forced update, even if |
1080 | * the output buffer size is otherwise over the throttle |
1081 | * output limit. |
1082 | */ |
1083 | if (vs->force_update_offset == 0 && |
1084 | vs->job_update == VNC_STATE_UPDATE_NONE) { |
1085 | return true; |
1086 | } |
1087 | trace_vnc_client_throttle_forced( |
1088 | vs, vs->ioc, vs->job_update, vs->force_update_offset); |
1089 | break; |
1090 | } |
1091 | return false; |
1092 | } |
1093 | |
1094 | static int vnc_update_client(VncState *vs, int has_dirty) |
1095 | { |
1096 | VncDisplay *vd = vs->vd; |
1097 | VncJob *job; |
1098 | int y; |
1099 | int height, width; |
1100 | int n = 0; |
1101 | |
1102 | if (vs->disconnecting) { |
1103 | vnc_disconnect_finish(vs); |
1104 | return 0; |
1105 | } |
1106 | |
1107 | vs->has_dirty += has_dirty; |
1108 | if (!vnc_should_update(vs)) { |
1109 | return 0; |
1110 | } |
1111 | |
1112 | if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) { |
1113 | return 0; |
1114 | } |
1115 | |
1116 | /* |
1117 | * Send screen updates to the vnc client using the server |
1118 | * surface and server dirty map. guest surface updates |
1119 | * happening in parallel don't disturb us, the next pass will |
1120 | * send them to the client. |
1121 | */ |
1122 | job = vnc_job_new(vs); |
1123 | |
1124 | height = pixman_image_get_height(vd->server); |
1125 | width = pixman_image_get_width(vd->server); |
1126 | |
1127 | y = 0; |
1128 | for (;;) { |
1129 | int x, h; |
1130 | unsigned long x2; |
1131 | unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, |
1132 | height * VNC_DIRTY_BPL(vs), |
1133 | y * VNC_DIRTY_BPL(vs)); |
1134 | if (offset == height * VNC_DIRTY_BPL(vs)) { |
1135 | /* no more dirty bits */ |
1136 | break; |
1137 | } |
1138 | y = offset / VNC_DIRTY_BPL(vs); |
1139 | x = offset % VNC_DIRTY_BPL(vs); |
1140 | x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], |
1141 | VNC_DIRTY_BPL(vs), x); |
1142 | bitmap_clear(vs->dirty[y], x, x2 - x); |
1143 | h = find_and_clear_dirty_height(vs, y, x, x2, height); |
1144 | x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); |
1145 | if (x2 > x) { |
1146 | n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, |
1147 | (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); |
1148 | } |
1149 | if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { |
1150 | y += h; |
1151 | if (y == height) { |
1152 | break; |
1153 | } |
1154 | } |
1155 | } |
1156 | |
1157 | vs->job_update = vs->update; |
1158 | vs->update = VNC_STATE_UPDATE_NONE; |
1159 | vnc_job_push(job); |
1160 | vs->has_dirty = 0; |
1161 | return n; |
1162 | } |
1163 | |
1164 | /* audio */ |
1165 | static void audio_capture_notify(void *opaque, audcnotification_e cmd) |
1166 | { |
1167 | VncState *vs = opaque; |
1168 | |
1169 | assert(vs->magic == VNC_MAGIC); |
1170 | switch (cmd) { |
1171 | case AUD_CNOTIFY_DISABLE: |
1172 | vnc_lock_output(vs); |
1173 | vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); |
1174 | vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); |
1175 | vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); |
1176 | vnc_unlock_output(vs); |
1177 | vnc_flush(vs); |
1178 | break; |
1179 | |
1180 | case AUD_CNOTIFY_ENABLE: |
1181 | vnc_lock_output(vs); |
1182 | vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); |
1183 | vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); |
1184 | vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); |
1185 | vnc_unlock_output(vs); |
1186 | vnc_flush(vs); |
1187 | break; |
1188 | } |
1189 | } |
1190 | |
1191 | static void audio_capture_destroy(void *opaque) |
1192 | { |
1193 | } |
1194 | |
1195 | static void audio_capture(void *opaque, void *buf, int size) |
1196 | { |
1197 | VncState *vs = opaque; |
1198 | |
1199 | assert(vs->magic == VNC_MAGIC); |
1200 | vnc_lock_output(vs); |
1201 | if (vs->output.offset < vs->throttle_output_offset) { |
1202 | vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); |
1203 | vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); |
1204 | vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); |
1205 | vnc_write_u32(vs, size); |
1206 | vnc_write(vs, buf, size); |
1207 | } else { |
1208 | trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset); |
1209 | } |
1210 | vnc_unlock_output(vs); |
1211 | vnc_flush(vs); |
1212 | } |
1213 | |
1214 | static void audio_add(VncState *vs) |
1215 | { |
1216 | struct audio_capture_ops ops; |
1217 | |
1218 | if (vs->audio_cap) { |
1219 | error_report("audio already running" ); |
1220 | return; |
1221 | } |
1222 | |
1223 | ops.notify = audio_capture_notify; |
1224 | ops.destroy = audio_capture_destroy; |
1225 | ops.capture = audio_capture; |
1226 | |
1227 | vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs); |
1228 | if (!vs->audio_cap) { |
1229 | error_report("Failed to add audio capture" ); |
1230 | } |
1231 | } |
1232 | |
1233 | static void audio_del(VncState *vs) |
1234 | { |
1235 | if (vs->audio_cap) { |
1236 | AUD_del_capture(vs->audio_cap, vs); |
1237 | vs->audio_cap = NULL; |
1238 | } |
1239 | } |
1240 | |
1241 | static void vnc_disconnect_start(VncState *vs) |
1242 | { |
1243 | if (vs->disconnecting) { |
1244 | return; |
1245 | } |
1246 | trace_vnc_client_disconnect_start(vs, vs->ioc); |
1247 | vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); |
1248 | if (vs->ioc_tag) { |
1249 | g_source_remove(vs->ioc_tag); |
1250 | vs->ioc_tag = 0; |
1251 | } |
1252 | qio_channel_close(vs->ioc, NULL); |
1253 | vs->disconnecting = TRUE; |
1254 | } |
1255 | |
1256 | void vnc_disconnect_finish(VncState *vs) |
1257 | { |
1258 | int i; |
1259 | |
1260 | trace_vnc_client_disconnect_finish(vs, vs->ioc); |
1261 | |
1262 | vnc_jobs_join(vs); /* Wait encoding jobs */ |
1263 | |
1264 | vnc_lock_output(vs); |
1265 | vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); |
1266 | |
1267 | buffer_free(&vs->input); |
1268 | buffer_free(&vs->output); |
1269 | |
1270 | qapi_free_VncClientInfo(vs->info); |
1271 | |
1272 | vnc_zlib_clear(vs); |
1273 | vnc_tight_clear(vs); |
1274 | vnc_zrle_clear(vs); |
1275 | |
1276 | #ifdef CONFIG_VNC_SASL |
1277 | vnc_sasl_client_cleanup(vs); |
1278 | #endif /* CONFIG_VNC_SASL */ |
1279 | audio_del(vs); |
1280 | qkbd_state_lift_all_keys(vs->vd->kbd); |
1281 | |
1282 | if (vs->mouse_mode_notifier.notify != NULL) { |
1283 | qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); |
1284 | } |
1285 | QTAILQ_REMOVE(&vs->vd->clients, vs, next); |
1286 | if (QTAILQ_EMPTY(&vs->vd->clients)) { |
1287 | /* last client gone */ |
1288 | vnc_update_server_surface(vs->vd); |
1289 | } |
1290 | |
1291 | vnc_unlock_output(vs); |
1292 | |
1293 | qemu_mutex_destroy(&vs->output_mutex); |
1294 | if (vs->bh != NULL) { |
1295 | qemu_bh_delete(vs->bh); |
1296 | } |
1297 | buffer_free(&vs->jobs_buffer); |
1298 | |
1299 | for (i = 0; i < VNC_STAT_ROWS; ++i) { |
1300 | g_free(vs->lossy_rect[i]); |
1301 | } |
1302 | g_free(vs->lossy_rect); |
1303 | |
1304 | object_unref(OBJECT(vs->ioc)); |
1305 | vs->ioc = NULL; |
1306 | object_unref(OBJECT(vs->sioc)); |
1307 | vs->sioc = NULL; |
1308 | vs->magic = 0; |
1309 | g_free(vs); |
1310 | } |
1311 | |
1312 | size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) |
1313 | { |
1314 | if (ret <= 0) { |
1315 | if (ret == 0) { |
1316 | trace_vnc_client_eof(vs, vs->ioc); |
1317 | vnc_disconnect_start(vs); |
1318 | } else if (ret != QIO_CHANNEL_ERR_BLOCK) { |
1319 | trace_vnc_client_io_error(vs, vs->ioc, |
1320 | errp ? error_get_pretty(*errp) : |
1321 | "Unknown" ); |
1322 | vnc_disconnect_start(vs); |
1323 | } |
1324 | |
1325 | if (errp) { |
1326 | error_free(*errp); |
1327 | *errp = NULL; |
1328 | } |
1329 | return 0; |
1330 | } |
1331 | return ret; |
1332 | } |
1333 | |
1334 | |
1335 | void vnc_client_error(VncState *vs) |
1336 | { |
1337 | VNC_DEBUG("Closing down client sock: protocol error\n" ); |
1338 | vnc_disconnect_start(vs); |
1339 | } |
1340 | |
1341 | |
1342 | /* |
1343 | * Called to write a chunk of data to the client socket. The data may |
1344 | * be the raw data, or may have already been encoded by SASL. |
1345 | * The data will be written either straight onto the socket, or |
1346 | * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled |
1347 | * |
1348 | * NB, it is theoretically possible to have 2 layers of encryption, |
1349 | * both SASL, and this TLS layer. It is highly unlikely in practice |
1350 | * though, since SASL encryption will typically be a no-op if TLS |
1351 | * is active |
1352 | * |
1353 | * Returns the number of bytes written, which may be less than |
1354 | * the requested 'datalen' if the socket would block. Returns |
1355 | * 0 on I/O error, and disconnects the client socket. |
1356 | */ |
1357 | size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) |
1358 | { |
1359 | Error *err = NULL; |
1360 | ssize_t ret; |
1361 | ret = qio_channel_write( |
1362 | vs->ioc, (const char *)data, datalen, &err); |
1363 | VNC_DEBUG("Wrote wire %p %zd -> %ld\n" , data, datalen, ret); |
1364 | return vnc_client_io_error(vs, ret, &err); |
1365 | } |
1366 | |
1367 | |
1368 | /* |
1369 | * Called to write buffered data to the client socket, when not |
1370 | * using any SASL SSF encryption layers. Will write as much data |
1371 | * as possible without blocking. If all buffered data is written, |
1372 | * will switch the FD poll() handler back to read monitoring. |
1373 | * |
1374 | * Returns the number of bytes written, which may be less than |
1375 | * the buffered output data if the socket would block. Returns |
1376 | * 0 on I/O error, and disconnects the client socket. |
1377 | */ |
1378 | static size_t vnc_client_write_plain(VncState *vs) |
1379 | { |
1380 | size_t offset; |
1381 | size_t ret; |
1382 | |
1383 | #ifdef CONFIG_VNC_SASL |
1384 | VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n" , |
1385 | vs->output.buffer, vs->output.capacity, vs->output.offset, |
1386 | vs->sasl.waitWriteSSF); |
1387 | |
1388 | if (vs->sasl.conn && |
1389 | vs->sasl.runSSF && |
1390 | vs->sasl.waitWriteSSF) { |
1391 | ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); |
1392 | if (ret) |
1393 | vs->sasl.waitWriteSSF -= ret; |
1394 | } else |
1395 | #endif /* CONFIG_VNC_SASL */ |
1396 | ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); |
1397 | if (!ret) |
1398 | return 0; |
1399 | |
1400 | if (ret >= vs->force_update_offset) { |
1401 | if (vs->force_update_offset != 0) { |
1402 | trace_vnc_client_unthrottle_forced(vs, vs->ioc); |
1403 | } |
1404 | vs->force_update_offset = 0; |
1405 | } else { |
1406 | vs->force_update_offset -= ret; |
1407 | } |
1408 | offset = vs->output.offset; |
1409 | buffer_advance(&vs->output, ret); |
1410 | if (offset >= vs->throttle_output_offset && |
1411 | vs->output.offset < vs->throttle_output_offset) { |
1412 | trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset); |
1413 | } |
1414 | |
1415 | if (vs->output.offset == 0) { |
1416 | if (vs->ioc_tag) { |
1417 | g_source_remove(vs->ioc_tag); |
1418 | } |
1419 | vs->ioc_tag = qio_channel_add_watch( |
1420 | vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); |
1421 | } |
1422 | |
1423 | return ret; |
1424 | } |
1425 | |
1426 | |
1427 | /* |
1428 | * First function called whenever there is data to be written to |
1429 | * the client socket. Will delegate actual work according to whether |
1430 | * SASL SSF layers are enabled (thus requiring encryption calls) |
1431 | */ |
1432 | static void vnc_client_write_locked(VncState *vs) |
1433 | { |
1434 | #ifdef CONFIG_VNC_SASL |
1435 | if (vs->sasl.conn && |
1436 | vs->sasl.runSSF && |
1437 | !vs->sasl.waitWriteSSF) { |
1438 | vnc_client_write_sasl(vs); |
1439 | } else |
1440 | #endif /* CONFIG_VNC_SASL */ |
1441 | { |
1442 | vnc_client_write_plain(vs); |
1443 | } |
1444 | } |
1445 | |
1446 | static void vnc_client_write(VncState *vs) |
1447 | { |
1448 | assert(vs->magic == VNC_MAGIC); |
1449 | vnc_lock_output(vs); |
1450 | if (vs->output.offset) { |
1451 | vnc_client_write_locked(vs); |
1452 | } else if (vs->ioc != NULL) { |
1453 | if (vs->ioc_tag) { |
1454 | g_source_remove(vs->ioc_tag); |
1455 | } |
1456 | vs->ioc_tag = qio_channel_add_watch( |
1457 | vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); |
1458 | } |
1459 | vnc_unlock_output(vs); |
1460 | } |
1461 | |
1462 | void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) |
1463 | { |
1464 | vs->read_handler = func; |
1465 | vs->read_handler_expect = expecting; |
1466 | } |
1467 | |
1468 | |
1469 | /* |
1470 | * Called to read a chunk of data from the client socket. The data may |
1471 | * be the raw data, or may need to be further decoded by SASL. |
1472 | * The data will be read either straight from to the socket, or |
1473 | * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled |
1474 | * |
1475 | * NB, it is theoretically possible to have 2 layers of encryption, |
1476 | * both SASL, and this TLS layer. It is highly unlikely in practice |
1477 | * though, since SASL encryption will typically be a no-op if TLS |
1478 | * is active |
1479 | * |
1480 | * Returns the number of bytes read, which may be less than |
1481 | * the requested 'datalen' if the socket would block. Returns |
1482 | * 0 on I/O error or EOF, and disconnects the client socket. |
1483 | */ |
1484 | size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) |
1485 | { |
1486 | ssize_t ret; |
1487 | Error *err = NULL; |
1488 | ret = qio_channel_read( |
1489 | vs->ioc, (char *)data, datalen, &err); |
1490 | VNC_DEBUG("Read wire %p %zd -> %ld\n" , data, datalen, ret); |
1491 | return vnc_client_io_error(vs, ret, &err); |
1492 | } |
1493 | |
1494 | |
1495 | /* |
1496 | * Called to read data from the client socket to the input buffer, |
1497 | * when not using any SASL SSF encryption layers. Will read as much |
1498 | * data as possible without blocking. |
1499 | * |
1500 | * Returns the number of bytes read, which may be less than |
1501 | * the requested 'datalen' if the socket would block. Returns |
1502 | * 0 on I/O error or EOF, and disconnects the client socket. |
1503 | */ |
1504 | static size_t vnc_client_read_plain(VncState *vs) |
1505 | { |
1506 | size_t ret; |
1507 | VNC_DEBUG("Read plain %p size %zd offset %zd\n" , |
1508 | vs->input.buffer, vs->input.capacity, vs->input.offset); |
1509 | buffer_reserve(&vs->input, 4096); |
1510 | ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); |
1511 | if (!ret) |
1512 | return 0; |
1513 | vs->input.offset += ret; |
1514 | return ret; |
1515 | } |
1516 | |
1517 | static void vnc_jobs_bh(void *opaque) |
1518 | { |
1519 | VncState *vs = opaque; |
1520 | |
1521 | assert(vs->magic == VNC_MAGIC); |
1522 | vnc_jobs_consume_buffer(vs); |
1523 | } |
1524 | |
1525 | /* |
1526 | * First function called whenever there is more data to be read from |
1527 | * the client socket. Will delegate actual work according to whether |
1528 | * SASL SSF layers are enabled (thus requiring decryption calls) |
1529 | * Returns 0 on success, -1 if client disconnected |
1530 | */ |
1531 | static int vnc_client_read(VncState *vs) |
1532 | { |
1533 | size_t ret; |
1534 | |
1535 | #ifdef CONFIG_VNC_SASL |
1536 | if (vs->sasl.conn && vs->sasl.runSSF) |
1537 | ret = vnc_client_read_sasl(vs); |
1538 | else |
1539 | #endif /* CONFIG_VNC_SASL */ |
1540 | ret = vnc_client_read_plain(vs); |
1541 | if (!ret) { |
1542 | if (vs->disconnecting) { |
1543 | vnc_disconnect_finish(vs); |
1544 | return -1; |
1545 | } |
1546 | return 0; |
1547 | } |
1548 | |
1549 | while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { |
1550 | size_t len = vs->read_handler_expect; |
1551 | int ret; |
1552 | |
1553 | ret = vs->read_handler(vs, vs->input.buffer, len); |
1554 | if (vs->disconnecting) { |
1555 | vnc_disconnect_finish(vs); |
1556 | return -1; |
1557 | } |
1558 | |
1559 | if (!ret) { |
1560 | buffer_advance(&vs->input, len); |
1561 | } else { |
1562 | vs->read_handler_expect = ret; |
1563 | } |
1564 | } |
1565 | return 0; |
1566 | } |
1567 | |
1568 | gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, |
1569 | GIOCondition condition, void *opaque) |
1570 | { |
1571 | VncState *vs = opaque; |
1572 | |
1573 | assert(vs->magic == VNC_MAGIC); |
1574 | if (condition & G_IO_IN) { |
1575 | if (vnc_client_read(vs) < 0) { |
1576 | /* vs is free()ed here */ |
1577 | return TRUE; |
1578 | } |
1579 | } |
1580 | if (condition & G_IO_OUT) { |
1581 | vnc_client_write(vs); |
1582 | } |
1583 | |
1584 | if (vs->disconnecting) { |
1585 | if (vs->ioc_tag != 0) { |
1586 | g_source_remove(vs->ioc_tag); |
1587 | } |
1588 | vs->ioc_tag = 0; |
1589 | } |
1590 | return TRUE; |
1591 | } |
1592 | |
1593 | |
1594 | /* |
1595 | * Scale factor to apply to vs->throttle_output_offset when checking for |
1596 | * hard limit. Worst case normal usage could be x2, if we have a complete |
1597 | * incremental update and complete forced update in the output buffer. |
1598 | * So x3 should be good enough, but we pick x5 to be conservative and thus |
1599 | * (hopefully) never trigger incorrectly. |
1600 | */ |
1601 | #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5 |
1602 | |
1603 | void vnc_write(VncState *vs, const void *data, size_t len) |
1604 | { |
1605 | assert(vs->magic == VNC_MAGIC); |
1606 | if (vs->disconnecting) { |
1607 | return; |
1608 | } |
1609 | /* Protection against malicious client/guest to prevent our output |
1610 | * buffer growing without bound if client stops reading data. This |
1611 | * should rarely trigger, because we have earlier throttling code |
1612 | * which stops issuing framebuffer updates and drops audio data |
1613 | * if the throttle_output_offset value is exceeded. So we only reach |
1614 | * this higher level if a huge number of pseudo-encodings get |
1615 | * triggered while data can't be sent on the socket. |
1616 | * |
1617 | * NB throttle_output_offset can be zero during early protocol |
1618 | * handshake, or from the job thread's VncState clone |
1619 | */ |
1620 | if (vs->throttle_output_offset != 0 && |
1621 | (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) > |
1622 | vs->throttle_output_offset) { |
1623 | trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset, |
1624 | vs->throttle_output_offset); |
1625 | vnc_disconnect_start(vs); |
1626 | return; |
1627 | } |
1628 | buffer_reserve(&vs->output, len); |
1629 | |
1630 | if (vs->ioc != NULL && buffer_empty(&vs->output)) { |
1631 | if (vs->ioc_tag) { |
1632 | g_source_remove(vs->ioc_tag); |
1633 | } |
1634 | vs->ioc_tag = qio_channel_add_watch( |
1635 | vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL); |
1636 | } |
1637 | |
1638 | buffer_append(&vs->output, data, len); |
1639 | } |
1640 | |
1641 | void vnc_write_s32(VncState *vs, int32_t value) |
1642 | { |
1643 | vnc_write_u32(vs, *(uint32_t *)&value); |
1644 | } |
1645 | |
1646 | void vnc_write_u32(VncState *vs, uint32_t value) |
1647 | { |
1648 | uint8_t buf[4]; |
1649 | |
1650 | buf[0] = (value >> 24) & 0xFF; |
1651 | buf[1] = (value >> 16) & 0xFF; |
1652 | buf[2] = (value >> 8) & 0xFF; |
1653 | buf[3] = value & 0xFF; |
1654 | |
1655 | vnc_write(vs, buf, 4); |
1656 | } |
1657 | |
1658 | void vnc_write_u16(VncState *vs, uint16_t value) |
1659 | { |
1660 | uint8_t buf[2]; |
1661 | |
1662 | buf[0] = (value >> 8) & 0xFF; |
1663 | buf[1] = value & 0xFF; |
1664 | |
1665 | vnc_write(vs, buf, 2); |
1666 | } |
1667 | |
1668 | void vnc_write_u8(VncState *vs, uint8_t value) |
1669 | { |
1670 | vnc_write(vs, (char *)&value, 1); |
1671 | } |
1672 | |
1673 | void vnc_flush(VncState *vs) |
1674 | { |
1675 | vnc_lock_output(vs); |
1676 | if (vs->ioc != NULL && vs->output.offset) { |
1677 | vnc_client_write_locked(vs); |
1678 | } |
1679 | if (vs->disconnecting) { |
1680 | if (vs->ioc_tag != 0) { |
1681 | g_source_remove(vs->ioc_tag); |
1682 | } |
1683 | vs->ioc_tag = 0; |
1684 | } |
1685 | vnc_unlock_output(vs); |
1686 | } |
1687 | |
1688 | static uint8_t read_u8(uint8_t *data, size_t offset) |
1689 | { |
1690 | return data[offset]; |
1691 | } |
1692 | |
1693 | static uint16_t read_u16(uint8_t *data, size_t offset) |
1694 | { |
1695 | return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); |
1696 | } |
1697 | |
1698 | static int32_t read_s32(uint8_t *data, size_t offset) |
1699 | { |
1700 | return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | |
1701 | (data[offset + 2] << 8) | data[offset + 3]); |
1702 | } |
1703 | |
1704 | uint32_t read_u32(uint8_t *data, size_t offset) |
1705 | { |
1706 | return ((data[offset] << 24) | (data[offset + 1] << 16) | |
1707 | (data[offset + 2] << 8) | data[offset + 3]); |
1708 | } |
1709 | |
1710 | static void client_cut_text(VncState *vs, size_t len, uint8_t *text) |
1711 | { |
1712 | } |
1713 | |
1714 | static void check_pointer_type_change(Notifier *notifier, void *data) |
1715 | { |
1716 | VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); |
1717 | int absolute = qemu_input_is_absolute(); |
1718 | |
1719 | if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { |
1720 | vnc_lock_output(vs); |
1721 | vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); |
1722 | vnc_write_u8(vs, 0); |
1723 | vnc_write_u16(vs, 1); |
1724 | vnc_framebuffer_update(vs, absolute, 0, |
1725 | pixman_image_get_width(vs->vd->server), |
1726 | pixman_image_get_height(vs->vd->server), |
1727 | VNC_ENCODING_POINTER_TYPE_CHANGE); |
1728 | vnc_unlock_output(vs); |
1729 | vnc_flush(vs); |
1730 | } |
1731 | vs->absolute = absolute; |
1732 | } |
1733 | |
1734 | static void pointer_event(VncState *vs, int button_mask, int x, int y) |
1735 | { |
1736 | static uint32_t bmap[INPUT_BUTTON__MAX] = { |
1737 | [INPUT_BUTTON_LEFT] = 0x01, |
1738 | [INPUT_BUTTON_MIDDLE] = 0x02, |
1739 | [INPUT_BUTTON_RIGHT] = 0x04, |
1740 | [INPUT_BUTTON_WHEEL_UP] = 0x08, |
1741 | [INPUT_BUTTON_WHEEL_DOWN] = 0x10, |
1742 | }; |
1743 | QemuConsole *con = vs->vd->dcl.con; |
1744 | int width = pixman_image_get_width(vs->vd->server); |
1745 | int height = pixman_image_get_height(vs->vd->server); |
1746 | |
1747 | if (vs->last_bmask != button_mask) { |
1748 | qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); |
1749 | vs->last_bmask = button_mask; |
1750 | } |
1751 | |
1752 | if (vs->absolute) { |
1753 | qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width); |
1754 | qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height); |
1755 | } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { |
1756 | qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); |
1757 | qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); |
1758 | } else { |
1759 | if (vs->last_x != -1) { |
1760 | qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); |
1761 | qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); |
1762 | } |
1763 | vs->last_x = x; |
1764 | vs->last_y = y; |
1765 | } |
1766 | qemu_input_event_sync(); |
1767 | } |
1768 | |
1769 | static void press_key(VncState *vs, QKeyCode qcode) |
1770 | { |
1771 | qkbd_state_key_event(vs->vd->kbd, qcode, true); |
1772 | qkbd_state_key_event(vs->vd->kbd, qcode, false); |
1773 | } |
1774 | |
1775 | static void vnc_led_state_change(VncState *vs) |
1776 | { |
1777 | if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { |
1778 | return; |
1779 | } |
1780 | |
1781 | vnc_lock_output(vs); |
1782 | vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); |
1783 | vnc_write_u8(vs, 0); |
1784 | vnc_write_u16(vs, 1); |
1785 | vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); |
1786 | vnc_write_u8(vs, vs->vd->ledstate); |
1787 | vnc_unlock_output(vs); |
1788 | vnc_flush(vs); |
1789 | } |
1790 | |
1791 | static void kbd_leds(void *opaque, int ledstate) |
1792 | { |
1793 | VncDisplay *vd = opaque; |
1794 | VncState *client; |
1795 | |
1796 | trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), |
1797 | (ledstate & QEMU_NUM_LOCK_LED), |
1798 | (ledstate & QEMU_SCROLL_LOCK_LED)); |
1799 | |
1800 | if (ledstate == vd->ledstate) { |
1801 | return; |
1802 | } |
1803 | |
1804 | vd->ledstate = ledstate; |
1805 | |
1806 | QTAILQ_FOREACH(client, &vd->clients, next) { |
1807 | vnc_led_state_change(client); |
1808 | } |
1809 | } |
1810 | |
1811 | static void do_key_event(VncState *vs, int down, int keycode, int sym) |
1812 | { |
1813 | QKeyCode qcode = qemu_input_key_number_to_qcode(keycode); |
1814 | |
1815 | /* QEMU console switch */ |
1816 | switch (qcode) { |
1817 | case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */ |
1818 | if (vs->vd->dcl.con == NULL && down && |
1819 | qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) && |
1820 | qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) { |
1821 | /* Reset the modifiers sent to the current console */ |
1822 | qkbd_state_lift_all_keys(vs->vd->kbd); |
1823 | console_select(qcode - Q_KEY_CODE_1); |
1824 | return; |
1825 | } |
1826 | default: |
1827 | break; |
1828 | } |
1829 | |
1830 | /* Turn off the lock state sync logic if the client support the led |
1831 | state extension. |
1832 | */ |
1833 | if (down && vs->vd->lock_key_sync && |
1834 | !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && |
1835 | keycode_is_keypad(vs->vd->kbd_layout, keycode)) { |
1836 | /* If the numlock state needs to change then simulate an additional |
1837 | keypress before sending this one. This will happen if the user |
1838 | toggles numlock away from the VNC window. |
1839 | */ |
1840 | if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { |
1841 | if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { |
1842 | trace_vnc_key_sync_numlock(true); |
1843 | press_key(vs, Q_KEY_CODE_NUM_LOCK); |
1844 | } |
1845 | } else { |
1846 | if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { |
1847 | trace_vnc_key_sync_numlock(false); |
1848 | press_key(vs, Q_KEY_CODE_NUM_LOCK); |
1849 | } |
1850 | } |
1851 | } |
1852 | |
1853 | if (down && vs->vd->lock_key_sync && |
1854 | !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && |
1855 | ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { |
1856 | /* If the capslock state needs to change then simulate an additional |
1857 | keypress before sending this one. This will happen if the user |
1858 | toggles capslock away from the VNC window. |
1859 | */ |
1860 | int uppercase = !!(sym >= 'A' && sym <= 'Z'); |
1861 | bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT); |
1862 | bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK); |
1863 | if (capslock) { |
1864 | if (uppercase == shift) { |
1865 | trace_vnc_key_sync_capslock(false); |
1866 | press_key(vs, Q_KEY_CODE_CAPS_LOCK); |
1867 | } |
1868 | } else { |
1869 | if (uppercase != shift) { |
1870 | trace_vnc_key_sync_capslock(true); |
1871 | press_key(vs, Q_KEY_CODE_CAPS_LOCK); |
1872 | } |
1873 | } |
1874 | } |
1875 | |
1876 | qkbd_state_key_event(vs->vd->kbd, qcode, down); |
1877 | if (!qemu_console_is_graphic(NULL)) { |
1878 | bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK); |
1879 | bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL); |
1880 | /* QEMU console emulation */ |
1881 | if (down) { |
1882 | switch (keycode) { |
1883 | case 0x2a: /* Left Shift */ |
1884 | case 0x36: /* Right Shift */ |
1885 | case 0x1d: /* Left CTRL */ |
1886 | case 0x9d: /* Right CTRL */ |
1887 | case 0x38: /* Left ALT */ |
1888 | case 0xb8: /* Right ALT */ |
1889 | break; |
1890 | case 0xc8: |
1891 | kbd_put_keysym(QEMU_KEY_UP); |
1892 | break; |
1893 | case 0xd0: |
1894 | kbd_put_keysym(QEMU_KEY_DOWN); |
1895 | break; |
1896 | case 0xcb: |
1897 | kbd_put_keysym(QEMU_KEY_LEFT); |
1898 | break; |
1899 | case 0xcd: |
1900 | kbd_put_keysym(QEMU_KEY_RIGHT); |
1901 | break; |
1902 | case 0xd3: |
1903 | kbd_put_keysym(QEMU_KEY_DELETE); |
1904 | break; |
1905 | case 0xc7: |
1906 | kbd_put_keysym(QEMU_KEY_HOME); |
1907 | break; |
1908 | case 0xcf: |
1909 | kbd_put_keysym(QEMU_KEY_END); |
1910 | break; |
1911 | case 0xc9: |
1912 | kbd_put_keysym(QEMU_KEY_PAGEUP); |
1913 | break; |
1914 | case 0xd1: |
1915 | kbd_put_keysym(QEMU_KEY_PAGEDOWN); |
1916 | break; |
1917 | |
1918 | case 0x47: |
1919 | kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); |
1920 | break; |
1921 | case 0x48: |
1922 | kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); |
1923 | break; |
1924 | case 0x49: |
1925 | kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); |
1926 | break; |
1927 | case 0x4b: |
1928 | kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); |
1929 | break; |
1930 | case 0x4c: |
1931 | kbd_put_keysym('5'); |
1932 | break; |
1933 | case 0x4d: |
1934 | kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); |
1935 | break; |
1936 | case 0x4f: |
1937 | kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); |
1938 | break; |
1939 | case 0x50: |
1940 | kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); |
1941 | break; |
1942 | case 0x51: |
1943 | kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); |
1944 | break; |
1945 | case 0x52: |
1946 | kbd_put_keysym('0'); |
1947 | break; |
1948 | case 0x53: |
1949 | kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); |
1950 | break; |
1951 | |
1952 | case 0xb5: |
1953 | kbd_put_keysym('/'); |
1954 | break; |
1955 | case 0x37: |
1956 | kbd_put_keysym('*'); |
1957 | break; |
1958 | case 0x4a: |
1959 | kbd_put_keysym('-'); |
1960 | break; |
1961 | case 0x4e: |
1962 | kbd_put_keysym('+'); |
1963 | break; |
1964 | case 0x9c: |
1965 | kbd_put_keysym('\n'); |
1966 | break; |
1967 | |
1968 | default: |
1969 | if (control) { |
1970 | kbd_put_keysym(sym & 0x1f); |
1971 | } else { |
1972 | kbd_put_keysym(sym); |
1973 | } |
1974 | break; |
1975 | } |
1976 | } |
1977 | } |
1978 | } |
1979 | |
1980 | static const char *code2name(int keycode) |
1981 | { |
1982 | return QKeyCode_str(qemu_input_key_number_to_qcode(keycode)); |
1983 | } |
1984 | |
1985 | static void key_event(VncState *vs, int down, uint32_t sym) |
1986 | { |
1987 | int keycode; |
1988 | int lsym = sym; |
1989 | |
1990 | if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { |
1991 | lsym = lsym - 'A' + 'a'; |
1992 | } |
1993 | |
1994 | keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF, |
1995 | vs->vd->kbd, down) & SCANCODE_KEYMASK; |
1996 | trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); |
1997 | do_key_event(vs, down, keycode, sym); |
1998 | } |
1999 | |
2000 | static void ext_key_event(VncState *vs, int down, |
2001 | uint32_t sym, uint16_t keycode) |
2002 | { |
2003 | /* if the user specifies a keyboard layout, always use it */ |
2004 | if (keyboard_layout) { |
2005 | key_event(vs, down, sym); |
2006 | } else { |
2007 | trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); |
2008 | do_key_event(vs, down, keycode, sym); |
2009 | } |
2010 | } |
2011 | |
2012 | static void framebuffer_update_request(VncState *vs, int incremental, |
2013 | int x, int y, int w, int h) |
2014 | { |
2015 | if (incremental) { |
2016 | if (vs->update != VNC_STATE_UPDATE_FORCE) { |
2017 | vs->update = VNC_STATE_UPDATE_INCREMENTAL; |
2018 | } |
2019 | } else { |
2020 | vs->update = VNC_STATE_UPDATE_FORCE; |
2021 | vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); |
2022 | } |
2023 | } |
2024 | |
2025 | static void send_ext_key_event_ack(VncState *vs) |
2026 | { |
2027 | vnc_lock_output(vs); |
2028 | vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); |
2029 | vnc_write_u8(vs, 0); |
2030 | vnc_write_u16(vs, 1); |
2031 | vnc_framebuffer_update(vs, 0, 0, |
2032 | pixman_image_get_width(vs->vd->server), |
2033 | pixman_image_get_height(vs->vd->server), |
2034 | VNC_ENCODING_EXT_KEY_EVENT); |
2035 | vnc_unlock_output(vs); |
2036 | vnc_flush(vs); |
2037 | } |
2038 | |
2039 | static void send_ext_audio_ack(VncState *vs) |
2040 | { |
2041 | vnc_lock_output(vs); |
2042 | vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); |
2043 | vnc_write_u8(vs, 0); |
2044 | vnc_write_u16(vs, 1); |
2045 | vnc_framebuffer_update(vs, 0, 0, |
2046 | pixman_image_get_width(vs->vd->server), |
2047 | pixman_image_get_height(vs->vd->server), |
2048 | VNC_ENCODING_AUDIO); |
2049 | vnc_unlock_output(vs); |
2050 | vnc_flush(vs); |
2051 | } |
2052 | |
2053 | static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) |
2054 | { |
2055 | int i; |
2056 | unsigned int enc = 0; |
2057 | |
2058 | vs->features = 0; |
2059 | vs->vnc_encoding = 0; |
2060 | vs->tight.compression = 9; |
2061 | vs->tight.quality = -1; /* Lossless by default */ |
2062 | vs->absolute = -1; |
2063 | |
2064 | /* |
2065 | * Start from the end because the encodings are sent in order of preference. |
2066 | * This way the preferred encoding (first encoding defined in the array) |
2067 | * will be set at the end of the loop. |
2068 | */ |
2069 | for (i = n_encodings - 1; i >= 0; i--) { |
2070 | enc = encodings[i]; |
2071 | switch (enc) { |
2072 | case VNC_ENCODING_RAW: |
2073 | vs->vnc_encoding = enc; |
2074 | break; |
2075 | case VNC_ENCODING_COPYRECT: |
2076 | vs->features |= VNC_FEATURE_COPYRECT_MASK; |
2077 | break; |
2078 | case VNC_ENCODING_HEXTILE: |
2079 | vs->features |= VNC_FEATURE_HEXTILE_MASK; |
2080 | vs->vnc_encoding = enc; |
2081 | break; |
2082 | case VNC_ENCODING_TIGHT: |
2083 | vs->features |= VNC_FEATURE_TIGHT_MASK; |
2084 | vs->vnc_encoding = enc; |
2085 | break; |
2086 | #ifdef CONFIG_VNC_PNG |
2087 | case VNC_ENCODING_TIGHT_PNG: |
2088 | vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; |
2089 | vs->vnc_encoding = enc; |
2090 | break; |
2091 | #endif |
2092 | case VNC_ENCODING_ZLIB: |
2093 | vs->features |= VNC_FEATURE_ZLIB_MASK; |
2094 | vs->vnc_encoding = enc; |
2095 | break; |
2096 | case VNC_ENCODING_ZRLE: |
2097 | vs->features |= VNC_FEATURE_ZRLE_MASK; |
2098 | vs->vnc_encoding = enc; |
2099 | break; |
2100 | case VNC_ENCODING_ZYWRLE: |
2101 | vs->features |= VNC_FEATURE_ZYWRLE_MASK; |
2102 | vs->vnc_encoding = enc; |
2103 | break; |
2104 | case VNC_ENCODING_DESKTOPRESIZE: |
2105 | vs->features |= VNC_FEATURE_RESIZE_MASK; |
2106 | break; |
2107 | case VNC_ENCODING_POINTER_TYPE_CHANGE: |
2108 | vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; |
2109 | break; |
2110 | case VNC_ENCODING_RICH_CURSOR: |
2111 | vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; |
2112 | if (vs->vd->cursor) { |
2113 | vnc_cursor_define(vs); |
2114 | } |
2115 | break; |
2116 | case VNC_ENCODING_EXT_KEY_EVENT: |
2117 | send_ext_key_event_ack(vs); |
2118 | break; |
2119 | case VNC_ENCODING_AUDIO: |
2120 | send_ext_audio_ack(vs); |
2121 | break; |
2122 | case VNC_ENCODING_WMVi: |
2123 | vs->features |= VNC_FEATURE_WMVI_MASK; |
2124 | break; |
2125 | case VNC_ENCODING_LED_STATE: |
2126 | vs->features |= VNC_FEATURE_LED_STATE_MASK; |
2127 | break; |
2128 | case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: |
2129 | vs->tight.compression = (enc & 0x0F); |
2130 | break; |
2131 | case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: |
2132 | if (vs->vd->lossy) { |
2133 | vs->tight.quality = (enc & 0x0F); |
2134 | } |
2135 | break; |
2136 | default: |
2137 | VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n" , i, enc, enc); |
2138 | break; |
2139 | } |
2140 | } |
2141 | vnc_desktop_resize(vs); |
2142 | check_pointer_type_change(&vs->mouse_mode_notifier, NULL); |
2143 | vnc_led_state_change(vs); |
2144 | } |
2145 | |
2146 | static void set_pixel_conversion(VncState *vs) |
2147 | { |
2148 | pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); |
2149 | |
2150 | if (fmt == VNC_SERVER_FB_FORMAT) { |
2151 | vs->write_pixels = vnc_write_pixels_copy; |
2152 | vnc_hextile_set_pixel_conversion(vs, 0); |
2153 | } else { |
2154 | vs->write_pixels = vnc_write_pixels_generic; |
2155 | vnc_hextile_set_pixel_conversion(vs, 1); |
2156 | } |
2157 | } |
2158 | |
2159 | static void send_color_map(VncState *vs) |
2160 | { |
2161 | int i; |
2162 | |
2163 | vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); |
2164 | vnc_write_u8(vs, 0); /* padding */ |
2165 | vnc_write_u16(vs, 0); /* first color */ |
2166 | vnc_write_u16(vs, 256); /* # of colors */ |
2167 | |
2168 | for (i = 0; i < 256; i++) { |
2169 | PixelFormat *pf = &vs->client_pf; |
2170 | |
2171 | vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); |
2172 | vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); |
2173 | vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); |
2174 | } |
2175 | } |
2176 | |
2177 | static void set_pixel_format(VncState *vs, int bits_per_pixel, |
2178 | int big_endian_flag, int true_color_flag, |
2179 | int red_max, int green_max, int blue_max, |
2180 | int red_shift, int green_shift, int blue_shift) |
2181 | { |
2182 | if (!true_color_flag) { |
2183 | /* Expose a reasonable default 256 color map */ |
2184 | bits_per_pixel = 8; |
2185 | red_max = 7; |
2186 | green_max = 7; |
2187 | blue_max = 3; |
2188 | red_shift = 0; |
2189 | green_shift = 3; |
2190 | blue_shift = 6; |
2191 | } |
2192 | |
2193 | switch (bits_per_pixel) { |
2194 | case 8: |
2195 | case 16: |
2196 | case 32: |
2197 | break; |
2198 | default: |
2199 | vnc_client_error(vs); |
2200 | return; |
2201 | } |
2202 | |
2203 | vs->client_pf.rmax = red_max ? red_max : 0xFF; |
2204 | vs->client_pf.rbits = ctpopl(red_max); |
2205 | vs->client_pf.rshift = red_shift; |
2206 | vs->client_pf.rmask = red_max << red_shift; |
2207 | vs->client_pf.gmax = green_max ? green_max : 0xFF; |
2208 | vs->client_pf.gbits = ctpopl(green_max); |
2209 | vs->client_pf.gshift = green_shift; |
2210 | vs->client_pf.gmask = green_max << green_shift; |
2211 | vs->client_pf.bmax = blue_max ? blue_max : 0xFF; |
2212 | vs->client_pf.bbits = ctpopl(blue_max); |
2213 | vs->client_pf.bshift = blue_shift; |
2214 | vs->client_pf.bmask = blue_max << blue_shift; |
2215 | vs->client_pf.bits_per_pixel = bits_per_pixel; |
2216 | vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; |
2217 | vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; |
2218 | vs->client_be = big_endian_flag; |
2219 | |
2220 | if (!true_color_flag) { |
2221 | send_color_map(vs); |
2222 | } |
2223 | |
2224 | set_pixel_conversion(vs); |
2225 | |
2226 | graphic_hw_invalidate(vs->vd->dcl.con); |
2227 | graphic_hw_update(vs->vd->dcl.con); |
2228 | } |
2229 | |
2230 | static void pixel_format_message (VncState *vs) { |
2231 | char pad[3] = { 0, 0, 0 }; |
2232 | |
2233 | vs->client_pf = qemu_default_pixelformat(32); |
2234 | |
2235 | vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ |
2236 | vnc_write_u8(vs, vs->client_pf.depth); /* depth */ |
2237 | |
2238 | #ifdef HOST_WORDS_BIGENDIAN |
2239 | vnc_write_u8(vs, 1); /* big-endian-flag */ |
2240 | #else |
2241 | vnc_write_u8(vs, 0); /* big-endian-flag */ |
2242 | #endif |
2243 | vnc_write_u8(vs, 1); /* true-color-flag */ |
2244 | vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ |
2245 | vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ |
2246 | vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ |
2247 | vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ |
2248 | vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ |
2249 | vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ |
2250 | vnc_write(vs, pad, 3); /* padding */ |
2251 | |
2252 | vnc_hextile_set_pixel_conversion(vs, 0); |
2253 | vs->write_pixels = vnc_write_pixels_copy; |
2254 | } |
2255 | |
2256 | static void vnc_colordepth(VncState *vs) |
2257 | { |
2258 | if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { |
2259 | /* Sending a WMVi message to notify the client*/ |
2260 | vnc_lock_output(vs); |
2261 | vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); |
2262 | vnc_write_u8(vs, 0); |
2263 | vnc_write_u16(vs, 1); /* number of rects */ |
2264 | vnc_framebuffer_update(vs, 0, 0, |
2265 | pixman_image_get_width(vs->vd->server), |
2266 | pixman_image_get_height(vs->vd->server), |
2267 | VNC_ENCODING_WMVi); |
2268 | pixel_format_message(vs); |
2269 | vnc_unlock_output(vs); |
2270 | vnc_flush(vs); |
2271 | } else { |
2272 | set_pixel_conversion(vs); |
2273 | } |
2274 | } |
2275 | |
2276 | static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) |
2277 | { |
2278 | int i; |
2279 | uint16_t limit; |
2280 | uint32_t freq; |
2281 | VncDisplay *vd = vs->vd; |
2282 | |
2283 | if (data[0] > 3) { |
2284 | update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); |
2285 | } |
2286 | |
2287 | switch (data[0]) { |
2288 | case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: |
2289 | if (len == 1) |
2290 | return 20; |
2291 | |
2292 | set_pixel_format(vs, read_u8(data, 4), |
2293 | read_u8(data, 6), read_u8(data, 7), |
2294 | read_u16(data, 8), read_u16(data, 10), |
2295 | read_u16(data, 12), read_u8(data, 14), |
2296 | read_u8(data, 15), read_u8(data, 16)); |
2297 | break; |
2298 | case VNC_MSG_CLIENT_SET_ENCODINGS: |
2299 | if (len == 1) |
2300 | return 4; |
2301 | |
2302 | if (len == 4) { |
2303 | limit = read_u16(data, 2); |
2304 | if (limit > 0) |
2305 | return 4 + (limit * 4); |
2306 | } else |
2307 | limit = read_u16(data, 2); |
2308 | |
2309 | for (i = 0; i < limit; i++) { |
2310 | int32_t val = read_s32(data, 4 + (i * 4)); |
2311 | memcpy(data + 4 + (i * 4), &val, sizeof(val)); |
2312 | } |
2313 | |
2314 | set_encodings(vs, (int32_t *)(data + 4), limit); |
2315 | break; |
2316 | case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: |
2317 | if (len == 1) |
2318 | return 10; |
2319 | |
2320 | framebuffer_update_request(vs, |
2321 | read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), |
2322 | read_u16(data, 6), read_u16(data, 8)); |
2323 | break; |
2324 | case VNC_MSG_CLIENT_KEY_EVENT: |
2325 | if (len == 1) |
2326 | return 8; |
2327 | |
2328 | key_event(vs, read_u8(data, 1), read_u32(data, 4)); |
2329 | break; |
2330 | case VNC_MSG_CLIENT_POINTER_EVENT: |
2331 | if (len == 1) |
2332 | return 6; |
2333 | |
2334 | pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); |
2335 | break; |
2336 | case VNC_MSG_CLIENT_CUT_TEXT: |
2337 | if (len == 1) { |
2338 | return 8; |
2339 | } |
2340 | if (len == 8) { |
2341 | uint32_t dlen = read_u32(data, 4); |
2342 | if (dlen > (1 << 20)) { |
2343 | error_report("vnc: client_cut_text msg payload has %u bytes" |
2344 | " which exceeds our limit of 1MB." , dlen); |
2345 | vnc_client_error(vs); |
2346 | break; |
2347 | } |
2348 | if (dlen > 0) { |
2349 | return 8 + dlen; |
2350 | } |
2351 | } |
2352 | |
2353 | client_cut_text(vs, read_u32(data, 4), data + 8); |
2354 | break; |
2355 | case VNC_MSG_CLIENT_QEMU: |
2356 | if (len == 1) |
2357 | return 2; |
2358 | |
2359 | switch (read_u8(data, 1)) { |
2360 | case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: |
2361 | if (len == 2) |
2362 | return 12; |
2363 | |
2364 | ext_key_event(vs, read_u16(data, 2), |
2365 | read_u32(data, 4), read_u32(data, 8)); |
2366 | break; |
2367 | case VNC_MSG_CLIENT_QEMU_AUDIO: |
2368 | if (len == 2) |
2369 | return 4; |
2370 | |
2371 | switch (read_u16 (data, 2)) { |
2372 | case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: |
2373 | audio_add(vs); |
2374 | break; |
2375 | case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: |
2376 | audio_del(vs); |
2377 | break; |
2378 | case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: |
2379 | if (len == 4) |
2380 | return 10; |
2381 | switch (read_u8(data, 4)) { |
2382 | case 0: vs->as.fmt = AUDIO_FORMAT_U8; break; |
2383 | case 1: vs->as.fmt = AUDIO_FORMAT_S8; break; |
2384 | case 2: vs->as.fmt = AUDIO_FORMAT_U16; break; |
2385 | case 3: vs->as.fmt = AUDIO_FORMAT_S16; break; |
2386 | case 4: vs->as.fmt = AUDIO_FORMAT_U32; break; |
2387 | case 5: vs->as.fmt = AUDIO_FORMAT_S32; break; |
2388 | default: |
2389 | VNC_DEBUG("Invalid audio format %d\n" , read_u8(data, 4)); |
2390 | vnc_client_error(vs); |
2391 | break; |
2392 | } |
2393 | vs->as.nchannels = read_u8(data, 5); |
2394 | if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { |
2395 | VNC_DEBUG("Invalid audio channel count %d\n" , |
2396 | read_u8(data, 5)); |
2397 | vnc_client_error(vs); |
2398 | break; |
2399 | } |
2400 | freq = read_u32(data, 6); |
2401 | /* No official limit for protocol, but 48khz is a sensible |
2402 | * upper bound for trustworthy clients, and this limit |
2403 | * protects calculations involving 'vs->as.freq' later. |
2404 | */ |
2405 | if (freq > 48000) { |
2406 | VNC_DEBUG("Invalid audio frequency %u > 48000" , freq); |
2407 | vnc_client_error(vs); |
2408 | break; |
2409 | } |
2410 | vs->as.freq = freq; |
2411 | break; |
2412 | default: |
2413 | VNC_DEBUG("Invalid audio message %d\n" , read_u8(data, 4)); |
2414 | vnc_client_error(vs); |
2415 | break; |
2416 | } |
2417 | break; |
2418 | |
2419 | default: |
2420 | VNC_DEBUG("Msg: %d\n" , read_u16(data, 0)); |
2421 | vnc_client_error(vs); |
2422 | break; |
2423 | } |
2424 | break; |
2425 | default: |
2426 | VNC_DEBUG("Msg: %d\n" , data[0]); |
2427 | vnc_client_error(vs); |
2428 | break; |
2429 | } |
2430 | |
2431 | vnc_update_throttle_offset(vs); |
2432 | vnc_read_when(vs, protocol_client_msg, 1); |
2433 | return 0; |
2434 | } |
2435 | |
2436 | static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) |
2437 | { |
2438 | char buf[1024]; |
2439 | VncShareMode mode; |
2440 | int size; |
2441 | |
2442 | mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; |
2443 | switch (vs->vd->share_policy) { |
2444 | case VNC_SHARE_POLICY_IGNORE: |
2445 | /* |
2446 | * Ignore the shared flag. Nothing to do here. |
2447 | * |
2448 | * Doesn't conform to the rfb spec but is traditional qemu |
2449 | * behavior, thus left here as option for compatibility |
2450 | * reasons. |
2451 | */ |
2452 | break; |
2453 | case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: |
2454 | /* |
2455 | * Policy: Allow clients ask for exclusive access. |
2456 | * |
2457 | * Implementation: When a client asks for exclusive access, |
2458 | * disconnect all others. Shared connects are allowed as long |
2459 | * as no exclusive connection exists. |
2460 | * |
2461 | * This is how the rfb spec suggests to handle the shared flag. |
2462 | */ |
2463 | if (mode == VNC_SHARE_MODE_EXCLUSIVE) { |
2464 | VncState *client; |
2465 | QTAILQ_FOREACH(client, &vs->vd->clients, next) { |
2466 | if (vs == client) { |
2467 | continue; |
2468 | } |
2469 | if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && |
2470 | client->share_mode != VNC_SHARE_MODE_SHARED) { |
2471 | continue; |
2472 | } |
2473 | vnc_disconnect_start(client); |
2474 | } |
2475 | } |
2476 | if (mode == VNC_SHARE_MODE_SHARED) { |
2477 | if (vs->vd->num_exclusive > 0) { |
2478 | vnc_disconnect_start(vs); |
2479 | return 0; |
2480 | } |
2481 | } |
2482 | break; |
2483 | case VNC_SHARE_POLICY_FORCE_SHARED: |
2484 | /* |
2485 | * Policy: Shared connects only. |
2486 | * Implementation: Disallow clients asking for exclusive access. |
2487 | * |
2488 | * Useful for shared desktop sessions where you don't want |
2489 | * someone forgetting to say -shared when running the vnc |
2490 | * client disconnect everybody else. |
2491 | */ |
2492 | if (mode == VNC_SHARE_MODE_EXCLUSIVE) { |
2493 | vnc_disconnect_start(vs); |
2494 | return 0; |
2495 | } |
2496 | break; |
2497 | } |
2498 | vnc_set_share_mode(vs, mode); |
2499 | |
2500 | if (vs->vd->num_shared > vs->vd->connections_limit) { |
2501 | vnc_disconnect_start(vs); |
2502 | return 0; |
2503 | } |
2504 | |
2505 | assert(pixman_image_get_width(vs->vd->server) < 65536 && |
2506 | pixman_image_get_width(vs->vd->server) >= 0); |
2507 | assert(pixman_image_get_height(vs->vd->server) < 65536 && |
2508 | pixman_image_get_height(vs->vd->server) >= 0); |
2509 | vs->client_width = pixman_image_get_width(vs->vd->server); |
2510 | vs->client_height = pixman_image_get_height(vs->vd->server); |
2511 | vnc_write_u16(vs, vs->client_width); |
2512 | vnc_write_u16(vs, vs->client_height); |
2513 | |
2514 | pixel_format_message(vs); |
2515 | |
2516 | if (qemu_name) { |
2517 | size = snprintf(buf, sizeof(buf), "QEMU (%s)" , qemu_name); |
2518 | if (size > sizeof(buf)) { |
2519 | size = sizeof(buf); |
2520 | } |
2521 | } else { |
2522 | size = snprintf(buf, sizeof(buf), "QEMU" ); |
2523 | } |
2524 | |
2525 | vnc_write_u32(vs, size); |
2526 | vnc_write(vs, buf, size); |
2527 | vnc_flush(vs); |
2528 | |
2529 | vnc_client_cache_auth(vs); |
2530 | vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); |
2531 | |
2532 | vnc_read_when(vs, protocol_client_msg, 1); |
2533 | |
2534 | return 0; |
2535 | } |
2536 | |
2537 | void start_client_init(VncState *vs) |
2538 | { |
2539 | vnc_read_when(vs, protocol_client_init, 1); |
2540 | } |
2541 | |
2542 | static void authentication_failed(VncState *vs) |
2543 | { |
2544 | vnc_write_u32(vs, 1); /* Reject auth */ |
2545 | if (vs->minor >= 8) { |
2546 | static const char err[] = "Authentication failed" ; |
2547 | vnc_write_u32(vs, sizeof(err)); |
2548 | vnc_write(vs, err, sizeof(err)); |
2549 | } |
2550 | vnc_flush(vs); |
2551 | vnc_client_error(vs); |
2552 | } |
2553 | |
2554 | static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) |
2555 | { |
2556 | unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; |
2557 | size_t i, pwlen; |
2558 | unsigned char key[8]; |
2559 | time_t now = time(NULL); |
2560 | QCryptoCipher *cipher = NULL; |
2561 | Error *err = NULL; |
2562 | |
2563 | if (!vs->vd->password) { |
2564 | trace_vnc_auth_fail(vs, vs->auth, "password is not set" , "" ); |
2565 | goto reject; |
2566 | } |
2567 | if (vs->vd->expires < now) { |
2568 | trace_vnc_auth_fail(vs, vs->auth, "password is expired" , "" ); |
2569 | goto reject; |
2570 | } |
2571 | |
2572 | memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); |
2573 | |
2574 | /* Calculate the expected challenge response */ |
2575 | pwlen = strlen(vs->vd->password); |
2576 | for (i=0; i<sizeof(key); i++) |
2577 | key[i] = i<pwlen ? vs->vd->password[i] : 0; |
2578 | |
2579 | cipher = qcrypto_cipher_new( |
2580 | QCRYPTO_CIPHER_ALG_DES_RFB, |
2581 | QCRYPTO_CIPHER_MODE_ECB, |
2582 | key, G_N_ELEMENTS(key), |
2583 | &err); |
2584 | if (!cipher) { |
2585 | trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher" , |
2586 | error_get_pretty(err)); |
2587 | error_free(err); |
2588 | goto reject; |
2589 | } |
2590 | |
2591 | if (qcrypto_cipher_encrypt(cipher, |
2592 | vs->challenge, |
2593 | response, |
2594 | VNC_AUTH_CHALLENGE_SIZE, |
2595 | &err) < 0) { |
2596 | trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response" , |
2597 | error_get_pretty(err)); |
2598 | error_free(err); |
2599 | goto reject; |
2600 | } |
2601 | |
2602 | /* Compare expected vs actual challenge response */ |
2603 | if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { |
2604 | trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response" , "" ); |
2605 | goto reject; |
2606 | } else { |
2607 | trace_vnc_auth_pass(vs, vs->auth); |
2608 | vnc_write_u32(vs, 0); /* Accept auth */ |
2609 | vnc_flush(vs); |
2610 | |
2611 | start_client_init(vs); |
2612 | } |
2613 | |
2614 | qcrypto_cipher_free(cipher); |
2615 | return 0; |
2616 | |
2617 | reject: |
2618 | authentication_failed(vs); |
2619 | qcrypto_cipher_free(cipher); |
2620 | return 0; |
2621 | } |
2622 | |
2623 | void start_auth_vnc(VncState *vs) |
2624 | { |
2625 | Error *err = NULL; |
2626 | |
2627 | if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) { |
2628 | trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes" , |
2629 | error_get_pretty(err)); |
2630 | error_free(err); |
2631 | authentication_failed(vs); |
2632 | return; |
2633 | } |
2634 | |
2635 | /* Send client a 'random' challenge */ |
2636 | vnc_write(vs, vs->challenge, sizeof(vs->challenge)); |
2637 | vnc_flush(vs); |
2638 | |
2639 | vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); |
2640 | } |
2641 | |
2642 | |
2643 | static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) |
2644 | { |
2645 | /* We only advertise 1 auth scheme at a time, so client |
2646 | * must pick the one we sent. Verify this */ |
2647 | if (data[0] != vs->auth) { /* Reject auth */ |
2648 | trace_vnc_auth_reject(vs, vs->auth, (int)data[0]); |
2649 | authentication_failed(vs); |
2650 | } else { /* Accept requested auth */ |
2651 | trace_vnc_auth_start(vs, vs->auth); |
2652 | switch (vs->auth) { |
2653 | case VNC_AUTH_NONE: |
2654 | if (vs->minor >= 8) { |
2655 | vnc_write_u32(vs, 0); /* Accept auth completion */ |
2656 | vnc_flush(vs); |
2657 | } |
2658 | trace_vnc_auth_pass(vs, vs->auth); |
2659 | start_client_init(vs); |
2660 | break; |
2661 | |
2662 | case VNC_AUTH_VNC: |
2663 | start_auth_vnc(vs); |
2664 | break; |
2665 | |
2666 | case VNC_AUTH_VENCRYPT: |
2667 | start_auth_vencrypt(vs); |
2668 | break; |
2669 | |
2670 | #ifdef CONFIG_VNC_SASL |
2671 | case VNC_AUTH_SASL: |
2672 | start_auth_sasl(vs); |
2673 | break; |
2674 | #endif /* CONFIG_VNC_SASL */ |
2675 | |
2676 | default: /* Should not be possible, but just in case */ |
2677 | trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method" , "" ); |
2678 | authentication_failed(vs); |
2679 | } |
2680 | } |
2681 | return 0; |
2682 | } |
2683 | |
2684 | static int protocol_version(VncState *vs, uint8_t *version, size_t len) |
2685 | { |
2686 | char local[13]; |
2687 | |
2688 | memcpy(local, version, 12); |
2689 | local[12] = 0; |
2690 | |
2691 | if (sscanf(local, "RFB %03d.%03d\n" , &vs->major, &vs->minor) != 2) { |
2692 | VNC_DEBUG("Malformed protocol version %s\n" , local); |
2693 | vnc_client_error(vs); |
2694 | return 0; |
2695 | } |
2696 | VNC_DEBUG("Client request protocol version %d.%d\n" , vs->major, vs->minor); |
2697 | if (vs->major != 3 || |
2698 | (vs->minor != 3 && |
2699 | vs->minor != 4 && |
2700 | vs->minor != 5 && |
2701 | vs->minor != 7 && |
2702 | vs->minor != 8)) { |
2703 | VNC_DEBUG("Unsupported client version\n" ); |
2704 | vnc_write_u32(vs, VNC_AUTH_INVALID); |
2705 | vnc_flush(vs); |
2706 | vnc_client_error(vs); |
2707 | return 0; |
2708 | } |
2709 | /* Some broken clients report v3.4 or v3.5, which spec requires to be treated |
2710 | * as equivalent to v3.3 by servers |
2711 | */ |
2712 | if (vs->minor == 4 || vs->minor == 5) |
2713 | vs->minor = 3; |
2714 | |
2715 | if (vs->minor == 3) { |
2716 | trace_vnc_auth_start(vs, vs->auth); |
2717 | if (vs->auth == VNC_AUTH_NONE) { |
2718 | vnc_write_u32(vs, vs->auth); |
2719 | vnc_flush(vs); |
2720 | trace_vnc_auth_pass(vs, vs->auth); |
2721 | start_client_init(vs); |
2722 | } else if (vs->auth == VNC_AUTH_VNC) { |
2723 | VNC_DEBUG("Tell client VNC auth\n" ); |
2724 | vnc_write_u32(vs, vs->auth); |
2725 | vnc_flush(vs); |
2726 | start_auth_vnc(vs); |
2727 | } else { |
2728 | trace_vnc_auth_fail(vs, vs->auth, |
2729 | "Unsupported auth method for v3.3" , "" ); |
2730 | vnc_write_u32(vs, VNC_AUTH_INVALID); |
2731 | vnc_flush(vs); |
2732 | vnc_client_error(vs); |
2733 | } |
2734 | } else { |
2735 | vnc_write_u8(vs, 1); /* num auth */ |
2736 | vnc_write_u8(vs, vs->auth); |
2737 | vnc_read_when(vs, protocol_client_auth, 1); |
2738 | vnc_flush(vs); |
2739 | } |
2740 | |
2741 | return 0; |
2742 | } |
2743 | |
2744 | static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) |
2745 | { |
2746 | struct VncSurface *vs = &vd->guest; |
2747 | |
2748 | return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; |
2749 | } |
2750 | |
2751 | void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) |
2752 | { |
2753 | int i, j; |
2754 | |
2755 | w = (x + w) / VNC_STAT_RECT; |
2756 | h = (y + h) / VNC_STAT_RECT; |
2757 | x /= VNC_STAT_RECT; |
2758 | y /= VNC_STAT_RECT; |
2759 | |
2760 | for (j = y; j <= h; j++) { |
2761 | for (i = x; i <= w; i++) { |
2762 | vs->lossy_rect[j][i] = 1; |
2763 | } |
2764 | } |
2765 | } |
2766 | |
2767 | static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) |
2768 | { |
2769 | VncState *vs; |
2770 | int sty = y / VNC_STAT_RECT; |
2771 | int stx = x / VNC_STAT_RECT; |
2772 | int has_dirty = 0; |
2773 | |
2774 | y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); |
2775 | x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); |
2776 | |
2777 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
2778 | int j; |
2779 | |
2780 | /* kernel send buffers are full -> refresh later */ |
2781 | if (vs->output.offset) { |
2782 | continue; |
2783 | } |
2784 | |
2785 | if (!vs->lossy_rect[sty][stx]) { |
2786 | continue; |
2787 | } |
2788 | |
2789 | vs->lossy_rect[sty][stx] = 0; |
2790 | for (j = 0; j < VNC_STAT_RECT; ++j) { |
2791 | bitmap_set(vs->dirty[y + j], |
2792 | x / VNC_DIRTY_PIXELS_PER_BIT, |
2793 | VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); |
2794 | } |
2795 | has_dirty++; |
2796 | } |
2797 | |
2798 | return has_dirty; |
2799 | } |
2800 | |
2801 | static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) |
2802 | { |
2803 | int width = MIN(pixman_image_get_width(vd->guest.fb), |
2804 | pixman_image_get_width(vd->server)); |
2805 | int height = MIN(pixman_image_get_height(vd->guest.fb), |
2806 | pixman_image_get_height(vd->server)); |
2807 | int x, y; |
2808 | struct timeval res; |
2809 | int has_dirty = 0; |
2810 | |
2811 | for (y = 0; y < height; y += VNC_STAT_RECT) { |
2812 | for (x = 0; x < width; x += VNC_STAT_RECT) { |
2813 | VncRectStat *rect = vnc_stat_rect(vd, x, y); |
2814 | |
2815 | rect->updated = false; |
2816 | } |
2817 | } |
2818 | |
2819 | qemu_timersub(tv, &VNC_REFRESH_STATS, &res); |
2820 | |
2821 | if (timercmp(&vd->guest.last_freq_check, &res, >)) { |
2822 | return has_dirty; |
2823 | } |
2824 | vd->guest.last_freq_check = *tv; |
2825 | |
2826 | for (y = 0; y < height; y += VNC_STAT_RECT) { |
2827 | for (x = 0; x < width; x += VNC_STAT_RECT) { |
2828 | VncRectStat *rect= vnc_stat_rect(vd, x, y); |
2829 | int count = ARRAY_SIZE(rect->times); |
2830 | struct timeval min, max; |
2831 | |
2832 | if (!timerisset(&rect->times[count - 1])) { |
2833 | continue ; |
2834 | } |
2835 | |
2836 | max = rect->times[(rect->idx + count - 1) % count]; |
2837 | qemu_timersub(tv, &max, &res); |
2838 | |
2839 | if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { |
2840 | rect->freq = 0; |
2841 | has_dirty += vnc_refresh_lossy_rect(vd, x, y); |
2842 | memset(rect->times, 0, sizeof (rect->times)); |
2843 | continue ; |
2844 | } |
2845 | |
2846 | min = rect->times[rect->idx]; |
2847 | max = rect->times[(rect->idx + count - 1) % count]; |
2848 | qemu_timersub(&max, &min, &res); |
2849 | |
2850 | rect->freq = res.tv_sec + res.tv_usec / 1000000.; |
2851 | rect->freq /= count; |
2852 | rect->freq = 1. / rect->freq; |
2853 | } |
2854 | } |
2855 | return has_dirty; |
2856 | } |
2857 | |
2858 | double vnc_update_freq(VncState *vs, int x, int y, int w, int h) |
2859 | { |
2860 | int i, j; |
2861 | double total = 0; |
2862 | int num = 0; |
2863 | |
2864 | x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); |
2865 | y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); |
2866 | |
2867 | for (j = y; j <= y + h; j += VNC_STAT_RECT) { |
2868 | for (i = x; i <= x + w; i += VNC_STAT_RECT) { |
2869 | total += vnc_stat_rect(vs->vd, i, j)->freq; |
2870 | num++; |
2871 | } |
2872 | } |
2873 | |
2874 | if (num) { |
2875 | return total / num; |
2876 | } else { |
2877 | return 0; |
2878 | } |
2879 | } |
2880 | |
2881 | static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) |
2882 | { |
2883 | VncRectStat *rect; |
2884 | |
2885 | rect = vnc_stat_rect(vd, x, y); |
2886 | if (rect->updated) { |
2887 | return ; |
2888 | } |
2889 | rect->times[rect->idx] = *tv; |
2890 | rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); |
2891 | rect->updated = true; |
2892 | } |
2893 | |
2894 | static int vnc_refresh_server_surface(VncDisplay *vd) |
2895 | { |
2896 | int width = MIN(pixman_image_get_width(vd->guest.fb), |
2897 | pixman_image_get_width(vd->server)); |
2898 | int height = MIN(pixman_image_get_height(vd->guest.fb), |
2899 | pixman_image_get_height(vd->server)); |
2900 | int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; |
2901 | uint8_t *guest_row0 = NULL, *server_row0; |
2902 | VncState *vs; |
2903 | int has_dirty = 0; |
2904 | pixman_image_t *tmpbuf = NULL; |
2905 | |
2906 | struct timeval tv = { 0, 0 }; |
2907 | |
2908 | if (!vd->non_adaptive) { |
2909 | gettimeofday(&tv, NULL); |
2910 | has_dirty = vnc_update_stats(vd, &tv); |
2911 | } |
2912 | |
2913 | /* |
2914 | * Walk through the guest dirty map. |
2915 | * Check and copy modified bits from guest to server surface. |
2916 | * Update server dirty map. |
2917 | */ |
2918 | server_row0 = (uint8_t *)pixman_image_get_data(vd->server); |
2919 | server_stride = guest_stride = guest_ll = |
2920 | pixman_image_get_stride(vd->server); |
2921 | cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, |
2922 | server_stride); |
2923 | if (vd->guest.format != VNC_SERVER_FB_FORMAT) { |
2924 | int width = pixman_image_get_width(vd->server); |
2925 | tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); |
2926 | } else { |
2927 | int guest_bpp = |
2928 | PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); |
2929 | guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); |
2930 | guest_stride = pixman_image_get_stride(vd->guest.fb); |
2931 | guest_ll = pixman_image_get_width(vd->guest.fb) |
2932 | * DIV_ROUND_UP(guest_bpp, 8); |
2933 | } |
2934 | line_bytes = MIN(server_stride, guest_ll); |
2935 | |
2936 | for (;;) { |
2937 | int x; |
2938 | uint8_t *guest_ptr, *server_ptr; |
2939 | unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, |
2940 | height * VNC_DIRTY_BPL(&vd->guest), |
2941 | y * VNC_DIRTY_BPL(&vd->guest)); |
2942 | if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { |
2943 | /* no more dirty bits */ |
2944 | break; |
2945 | } |
2946 | y = offset / VNC_DIRTY_BPL(&vd->guest); |
2947 | x = offset % VNC_DIRTY_BPL(&vd->guest); |
2948 | |
2949 | server_ptr = server_row0 + y * server_stride + x * cmp_bytes; |
2950 | |
2951 | if (vd->guest.format != VNC_SERVER_FB_FORMAT) { |
2952 | qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); |
2953 | guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); |
2954 | } else { |
2955 | guest_ptr = guest_row0 + y * guest_stride; |
2956 | } |
2957 | guest_ptr += x * cmp_bytes; |
2958 | |
2959 | for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); |
2960 | x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { |
2961 | int _cmp_bytes = cmp_bytes; |
2962 | if (!test_and_clear_bit(x, vd->guest.dirty[y])) { |
2963 | continue; |
2964 | } |
2965 | if ((x + 1) * cmp_bytes > line_bytes) { |
2966 | _cmp_bytes = line_bytes - x * cmp_bytes; |
2967 | } |
2968 | assert(_cmp_bytes >= 0); |
2969 | if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { |
2970 | continue; |
2971 | } |
2972 | memcpy(server_ptr, guest_ptr, _cmp_bytes); |
2973 | if (!vd->non_adaptive) { |
2974 | vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, |
2975 | y, &tv); |
2976 | } |
2977 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
2978 | set_bit(x, vs->dirty[y]); |
2979 | } |
2980 | has_dirty++; |
2981 | } |
2982 | |
2983 | y++; |
2984 | } |
2985 | qemu_pixman_image_unref(tmpbuf); |
2986 | return has_dirty; |
2987 | } |
2988 | |
2989 | static void vnc_refresh(DisplayChangeListener *dcl) |
2990 | { |
2991 | VncDisplay *vd = container_of(dcl, VncDisplay, dcl); |
2992 | VncState *vs, *vn; |
2993 | int has_dirty, rects = 0; |
2994 | |
2995 | if (QTAILQ_EMPTY(&vd->clients)) { |
2996 | update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); |
2997 | return; |
2998 | } |
2999 | |
3000 | graphic_hw_update(vd->dcl.con); |
3001 | |
3002 | if (vnc_trylock_display(vd)) { |
3003 | update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); |
3004 | return; |
3005 | } |
3006 | |
3007 | has_dirty = vnc_refresh_server_surface(vd); |
3008 | vnc_unlock_display(vd); |
3009 | |
3010 | QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { |
3011 | rects += vnc_update_client(vs, has_dirty); |
3012 | /* vs might be free()ed here */ |
3013 | } |
3014 | |
3015 | if (has_dirty && rects) { |
3016 | vd->dcl.update_interval /= 2; |
3017 | if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { |
3018 | vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; |
3019 | } |
3020 | } else { |
3021 | vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; |
3022 | if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { |
3023 | vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; |
3024 | } |
3025 | } |
3026 | } |
3027 | |
3028 | static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, |
3029 | bool skipauth, bool websocket) |
3030 | { |
3031 | VncState *vs = g_new0(VncState, 1); |
3032 | bool first_client = QTAILQ_EMPTY(&vd->clients); |
3033 | int i; |
3034 | |
3035 | trace_vnc_client_connect(vs, sioc); |
3036 | vs->magic = VNC_MAGIC; |
3037 | vs->sioc = sioc; |
3038 | object_ref(OBJECT(vs->sioc)); |
3039 | vs->ioc = QIO_CHANNEL(sioc); |
3040 | object_ref(OBJECT(vs->ioc)); |
3041 | vs->vd = vd; |
3042 | |
3043 | buffer_init(&vs->input, "vnc-input/%p" , sioc); |
3044 | buffer_init(&vs->output, "vnc-output/%p" , sioc); |
3045 | buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p" , sioc); |
3046 | |
3047 | buffer_init(&vs->tight.tight, "vnc-tight/%p" , sioc); |
3048 | buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p" , sioc); |
3049 | buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p" , sioc); |
3050 | #ifdef CONFIG_VNC_JPEG |
3051 | buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p" , sioc); |
3052 | #endif |
3053 | #ifdef CONFIG_VNC_PNG |
3054 | buffer_init(&vs->tight.png, "vnc-tight-png/%p" , sioc); |
3055 | #endif |
3056 | buffer_init(&vs->zlib.zlib, "vnc-zlib/%p" , sioc); |
3057 | buffer_init(&vs->zrle.zrle, "vnc-zrle/%p" , sioc); |
3058 | buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p" , sioc); |
3059 | buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p" , sioc); |
3060 | |
3061 | if (skipauth) { |
3062 | vs->auth = VNC_AUTH_NONE; |
3063 | vs->subauth = VNC_AUTH_INVALID; |
3064 | } else { |
3065 | if (websocket) { |
3066 | vs->auth = vd->ws_auth; |
3067 | vs->subauth = VNC_AUTH_INVALID; |
3068 | } else { |
3069 | vs->auth = vd->auth; |
3070 | vs->subauth = vd->subauth; |
3071 | } |
3072 | } |
3073 | VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n" , |
3074 | sioc, websocket, vs->auth, vs->subauth); |
3075 | |
3076 | vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); |
3077 | for (i = 0; i < VNC_STAT_ROWS; ++i) { |
3078 | vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); |
3079 | } |
3080 | |
3081 | VNC_DEBUG("New client on socket %p\n" , vs->sioc); |
3082 | update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); |
3083 | qio_channel_set_blocking(vs->ioc, false, NULL); |
3084 | if (vs->ioc_tag) { |
3085 | g_source_remove(vs->ioc_tag); |
3086 | } |
3087 | if (websocket) { |
3088 | vs->websocket = 1; |
3089 | if (vd->tlscreds) { |
3090 | vs->ioc_tag = qio_channel_add_watch( |
3091 | vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); |
3092 | } else { |
3093 | vs->ioc_tag = qio_channel_add_watch( |
3094 | vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); |
3095 | } |
3096 | } else { |
3097 | vs->ioc_tag = qio_channel_add_watch( |
3098 | vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); |
3099 | } |
3100 | |
3101 | vnc_client_cache_addr(vs); |
3102 | vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); |
3103 | vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); |
3104 | |
3105 | vs->last_x = -1; |
3106 | vs->last_y = -1; |
3107 | |
3108 | vs->as.freq = 44100; |
3109 | vs->as.nchannels = 2; |
3110 | vs->as.fmt = AUDIO_FORMAT_S16; |
3111 | vs->as.endianness = 0; |
3112 | |
3113 | qemu_mutex_init(&vs->output_mutex); |
3114 | vs->bh = qemu_bh_new(vnc_jobs_bh, vs); |
3115 | |
3116 | QTAILQ_INSERT_TAIL(&vd->clients, vs, next); |
3117 | if (first_client) { |
3118 | vnc_update_server_surface(vd); |
3119 | } |
3120 | |
3121 | graphic_hw_update(vd->dcl.con); |
3122 | |
3123 | if (!vs->websocket) { |
3124 | vnc_start_protocol(vs); |
3125 | } |
3126 | |
3127 | if (vd->num_connecting > vd->connections_limit) { |
3128 | QTAILQ_FOREACH(vs, &vd->clients, next) { |
3129 | if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { |
3130 | vnc_disconnect_start(vs); |
3131 | return; |
3132 | } |
3133 | } |
3134 | } |
3135 | } |
3136 | |
3137 | void vnc_start_protocol(VncState *vs) |
3138 | { |
3139 | vnc_write(vs, "RFB 003.008\n" , 12); |
3140 | vnc_flush(vs); |
3141 | vnc_read_when(vs, protocol_version, 12); |
3142 | |
3143 | vs->mouse_mode_notifier.notify = check_pointer_type_change; |
3144 | qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); |
3145 | } |
3146 | |
3147 | static void vnc_listen_io(QIONetListener *listener, |
3148 | QIOChannelSocket *cioc, |
3149 | void *opaque) |
3150 | { |
3151 | VncDisplay *vd = opaque; |
3152 | bool isWebsock = listener == vd->wslistener; |
3153 | |
3154 | qio_channel_set_name(QIO_CHANNEL(cioc), |
3155 | isWebsock ? "vnc-ws-server" : "vnc-server" ); |
3156 | qio_channel_set_delay(QIO_CHANNEL(cioc), false); |
3157 | vnc_connect(vd, cioc, false, isWebsock); |
3158 | } |
3159 | |
3160 | static const DisplayChangeListenerOps dcl_ops = { |
3161 | .dpy_name = "vnc" , |
3162 | .dpy_refresh = vnc_refresh, |
3163 | .dpy_gfx_update = vnc_dpy_update, |
3164 | .dpy_gfx_switch = vnc_dpy_switch, |
3165 | .dpy_gfx_check_format = qemu_pixman_check_format, |
3166 | .dpy_mouse_set = vnc_mouse_set, |
3167 | .dpy_cursor_define = vnc_dpy_cursor_define, |
3168 | }; |
3169 | |
3170 | void vnc_display_init(const char *id, Error **errp) |
3171 | { |
3172 | VncDisplay *vd; |
3173 | |
3174 | if (vnc_display_find(id) != NULL) { |
3175 | return; |
3176 | } |
3177 | vd = g_malloc0(sizeof(*vd)); |
3178 | |
3179 | vd->id = strdup(id); |
3180 | QTAILQ_INSERT_TAIL(&vnc_displays, vd, next); |
3181 | |
3182 | QTAILQ_INIT(&vd->clients); |
3183 | vd->expires = TIME_MAX; |
3184 | |
3185 | if (keyboard_layout) { |
3186 | trace_vnc_key_map_init(keyboard_layout); |
3187 | vd->kbd_layout = init_keyboard_layout(name2keysym, |
3188 | keyboard_layout, errp); |
3189 | } else { |
3190 | vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us" , errp); |
3191 | } |
3192 | |
3193 | if (!vd->kbd_layout) { |
3194 | return; |
3195 | } |
3196 | |
3197 | vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; |
3198 | vd->connections_limit = 32; |
3199 | |
3200 | qemu_mutex_init(&vd->mutex); |
3201 | vnc_start_worker_thread(); |
3202 | |
3203 | vd->dcl.ops = &dcl_ops; |
3204 | register_displaychangelistener(&vd->dcl); |
3205 | vd->kbd = qkbd_state_init(vd->dcl.con); |
3206 | } |
3207 | |
3208 | |
3209 | static void vnc_display_close(VncDisplay *vd) |
3210 | { |
3211 | if (!vd) { |
3212 | return; |
3213 | } |
3214 | vd->is_unix = false; |
3215 | |
3216 | if (vd->listener) { |
3217 | qio_net_listener_disconnect(vd->listener); |
3218 | object_unref(OBJECT(vd->listener)); |
3219 | } |
3220 | vd->listener = NULL; |
3221 | |
3222 | if (vd->wslistener) { |
3223 | qio_net_listener_disconnect(vd->wslistener); |
3224 | object_unref(OBJECT(vd->wslistener)); |
3225 | } |
3226 | vd->wslistener = NULL; |
3227 | |
3228 | vd->auth = VNC_AUTH_INVALID; |
3229 | vd->subauth = VNC_AUTH_INVALID; |
3230 | if (vd->tlscreds) { |
3231 | object_unparent(OBJECT(vd->tlscreds)); |
3232 | vd->tlscreds = NULL; |
3233 | } |
3234 | if (vd->tlsauthz) { |
3235 | object_unparent(OBJECT(vd->tlsauthz)); |
3236 | vd->tlsauthz = NULL; |
3237 | } |
3238 | g_free(vd->tlsauthzid); |
3239 | vd->tlsauthzid = NULL; |
3240 | if (vd->lock_key_sync) { |
3241 | qemu_remove_led_event_handler(vd->led); |
3242 | vd->led = NULL; |
3243 | } |
3244 | #ifdef CONFIG_VNC_SASL |
3245 | if (vd->sasl.authz) { |
3246 | object_unparent(OBJECT(vd->sasl.authz)); |
3247 | vd->sasl.authz = NULL; |
3248 | } |
3249 | g_free(vd->sasl.authzid); |
3250 | vd->sasl.authzid = NULL; |
3251 | #endif |
3252 | } |
3253 | |
3254 | int vnc_display_password(const char *id, const char *password) |
3255 | { |
3256 | VncDisplay *vd = vnc_display_find(id); |
3257 | |
3258 | if (!vd) { |
3259 | return -EINVAL; |
3260 | } |
3261 | if (vd->auth == VNC_AUTH_NONE) { |
3262 | error_printf_unless_qmp("If you want use passwords please enable " |
3263 | "password auth using '-vnc ${dpy},password'.\n" ); |
3264 | return -EINVAL; |
3265 | } |
3266 | |
3267 | g_free(vd->password); |
3268 | vd->password = g_strdup(password); |
3269 | |
3270 | return 0; |
3271 | } |
3272 | |
3273 | int vnc_display_pw_expire(const char *id, time_t expires) |
3274 | { |
3275 | VncDisplay *vd = vnc_display_find(id); |
3276 | |
3277 | if (!vd) { |
3278 | return -EINVAL; |
3279 | } |
3280 | |
3281 | vd->expires = expires; |
3282 | return 0; |
3283 | } |
3284 | |
3285 | static void vnc_display_print_local_addr(VncDisplay *vd) |
3286 | { |
3287 | SocketAddress *addr; |
3288 | Error *err = NULL; |
3289 | |
3290 | if (!vd->listener || !vd->listener->nsioc) { |
3291 | return; |
3292 | } |
3293 | |
3294 | addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err); |
3295 | if (!addr) { |
3296 | return; |
3297 | } |
3298 | |
3299 | if (addr->type != SOCKET_ADDRESS_TYPE_INET) { |
3300 | qapi_free_SocketAddress(addr); |
3301 | return; |
3302 | } |
3303 | error_printf_unless_qmp("VNC server running on %s:%s\n" , |
3304 | addr->u.inet.host, |
3305 | addr->u.inet.port); |
3306 | qapi_free_SocketAddress(addr); |
3307 | } |
3308 | |
3309 | static QemuOptsList qemu_vnc_opts = { |
3310 | .name = "vnc" , |
3311 | .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), |
3312 | .implied_opt_name = "vnc" , |
3313 | .desc = { |
3314 | { |
3315 | .name = "vnc" , |
3316 | .type = QEMU_OPT_STRING, |
3317 | },{ |
3318 | .name = "websocket" , |
3319 | .type = QEMU_OPT_STRING, |
3320 | },{ |
3321 | .name = "tls-creds" , |
3322 | .type = QEMU_OPT_STRING, |
3323 | },{ |
3324 | .name = "share" , |
3325 | .type = QEMU_OPT_STRING, |
3326 | },{ |
3327 | .name = "display" , |
3328 | .type = QEMU_OPT_STRING, |
3329 | },{ |
3330 | .name = "head" , |
3331 | .type = QEMU_OPT_NUMBER, |
3332 | },{ |
3333 | .name = "connections" , |
3334 | .type = QEMU_OPT_NUMBER, |
3335 | },{ |
3336 | .name = "to" , |
3337 | .type = QEMU_OPT_NUMBER, |
3338 | },{ |
3339 | .name = "ipv4" , |
3340 | .type = QEMU_OPT_BOOL, |
3341 | },{ |
3342 | .name = "ipv6" , |
3343 | .type = QEMU_OPT_BOOL, |
3344 | },{ |
3345 | .name = "password" , |
3346 | .type = QEMU_OPT_BOOL, |
3347 | },{ |
3348 | .name = "reverse" , |
3349 | .type = QEMU_OPT_BOOL, |
3350 | },{ |
3351 | .name = "lock-key-sync" , |
3352 | .type = QEMU_OPT_BOOL, |
3353 | },{ |
3354 | .name = "key-delay-ms" , |
3355 | .type = QEMU_OPT_NUMBER, |
3356 | },{ |
3357 | .name = "sasl" , |
3358 | .type = QEMU_OPT_BOOL, |
3359 | },{ |
3360 | .name = "acl" , |
3361 | .type = QEMU_OPT_BOOL, |
3362 | },{ |
3363 | .name = "tls-authz" , |
3364 | .type = QEMU_OPT_STRING, |
3365 | },{ |
3366 | .name = "sasl-authz" , |
3367 | .type = QEMU_OPT_STRING, |
3368 | },{ |
3369 | .name = "lossy" , |
3370 | .type = QEMU_OPT_BOOL, |
3371 | },{ |
3372 | .name = "non-adaptive" , |
3373 | .type = QEMU_OPT_BOOL, |
3374 | },{ |
3375 | .name = "audiodev" , |
3376 | .type = QEMU_OPT_STRING, |
3377 | }, |
3378 | { /* end of list */ } |
3379 | }, |
3380 | }; |
3381 | |
3382 | |
3383 | static int |
3384 | vnc_display_setup_auth(int *auth, |
3385 | int *subauth, |
3386 | QCryptoTLSCreds *tlscreds, |
3387 | bool password, |
3388 | bool sasl, |
3389 | bool websocket, |
3390 | Error **errp) |
3391 | { |
3392 | /* |
3393 | * We have a choice of 3 authentication options |
3394 | * |
3395 | * 1. none |
3396 | * 2. vnc |
3397 | * 3. sasl |
3398 | * |
3399 | * The channel can be run in 2 modes |
3400 | * |
3401 | * 1. clear |
3402 | * 2. tls |
3403 | * |
3404 | * And TLS can use 2 types of credentials |
3405 | * |
3406 | * 1. anon |
3407 | * 2. x509 |
3408 | * |
3409 | * We thus have 9 possible logical combinations |
3410 | * |
3411 | * 1. clear + none |
3412 | * 2. clear + vnc |
3413 | * 3. clear + sasl |
3414 | * 4. tls + anon + none |
3415 | * 5. tls + anon + vnc |
3416 | * 6. tls + anon + sasl |
3417 | * 7. tls + x509 + none |
3418 | * 8. tls + x509 + vnc |
3419 | * 9. tls + x509 + sasl |
3420 | * |
3421 | * These need to be mapped into the VNC auth schemes |
3422 | * in an appropriate manner. In regular VNC, all the |
3423 | * TLS options get mapped into VNC_AUTH_VENCRYPT |
3424 | * sub-auth types. |
3425 | * |
3426 | * In websockets, the https:// protocol already provides |
3427 | * TLS support, so there is no need to make use of the |
3428 | * VeNCrypt extension. Furthermore, websockets browser |
3429 | * clients could not use VeNCrypt even if they wanted to, |
3430 | * as they cannot control when the TLS handshake takes |
3431 | * place. Thus there is no option but to rely on https://, |
3432 | * meaning combinations 4->6 and 7->9 will be mapped to |
3433 | * VNC auth schemes in the same way as combos 1->3. |
3434 | * |
3435 | * Regardless of fact that we have a different mapping to |
3436 | * VNC auth mechs for plain VNC vs websockets VNC, the end |
3437 | * result has the same security characteristics. |
3438 | */ |
3439 | if (websocket || !tlscreds) { |
3440 | if (password) { |
3441 | VNC_DEBUG("Initializing VNC server with password auth\n" ); |
3442 | *auth = VNC_AUTH_VNC; |
3443 | } else if (sasl) { |
3444 | VNC_DEBUG("Initializing VNC server with SASL auth\n" ); |
3445 | *auth = VNC_AUTH_SASL; |
3446 | } else { |
3447 | VNC_DEBUG("Initializing VNC server with no auth\n" ); |
3448 | *auth = VNC_AUTH_NONE; |
3449 | } |
3450 | *subauth = VNC_AUTH_INVALID; |
3451 | } else { |
3452 | bool is_x509 = object_dynamic_cast(OBJECT(tlscreds), |
3453 | TYPE_QCRYPTO_TLS_CREDS_X509) != NULL; |
3454 | bool is_anon = object_dynamic_cast(OBJECT(tlscreds), |
3455 | TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL; |
3456 | |
3457 | if (!is_x509 && !is_anon) { |
3458 | error_setg(errp, |
3459 | "Unsupported TLS cred type %s" , |
3460 | object_get_typename(OBJECT(tlscreds))); |
3461 | return -1; |
3462 | } |
3463 | *auth = VNC_AUTH_VENCRYPT; |
3464 | if (password) { |
3465 | if (is_x509) { |
3466 | VNC_DEBUG("Initializing VNC server with x509 password auth\n" ); |
3467 | *subauth = VNC_AUTH_VENCRYPT_X509VNC; |
3468 | } else { |
3469 | VNC_DEBUG("Initializing VNC server with TLS password auth\n" ); |
3470 | *subauth = VNC_AUTH_VENCRYPT_TLSVNC; |
3471 | } |
3472 | |
3473 | } else if (sasl) { |
3474 | if (is_x509) { |
3475 | VNC_DEBUG("Initializing VNC server with x509 SASL auth\n" ); |
3476 | *subauth = VNC_AUTH_VENCRYPT_X509SASL; |
3477 | } else { |
3478 | VNC_DEBUG("Initializing VNC server with TLS SASL auth\n" ); |
3479 | *subauth = VNC_AUTH_VENCRYPT_TLSSASL; |
3480 | } |
3481 | } else { |
3482 | if (is_x509) { |
3483 | VNC_DEBUG("Initializing VNC server with x509 no auth\n" ); |
3484 | *subauth = VNC_AUTH_VENCRYPT_X509NONE; |
3485 | } else { |
3486 | VNC_DEBUG("Initializing VNC server with TLS no auth\n" ); |
3487 | *subauth = VNC_AUTH_VENCRYPT_TLSNONE; |
3488 | } |
3489 | } |
3490 | } |
3491 | return 0; |
3492 | } |
3493 | |
3494 | |
3495 | static int vnc_display_get_address(const char *addrstr, |
3496 | bool websocket, |
3497 | bool reverse, |
3498 | int displaynum, |
3499 | int to, |
3500 | bool has_ipv4, |
3501 | bool has_ipv6, |
3502 | bool ipv4, |
3503 | bool ipv6, |
3504 | SocketAddress **retaddr, |
3505 | Error **errp) |
3506 | { |
3507 | int ret = -1; |
3508 | SocketAddress *addr = NULL; |
3509 | |
3510 | addr = g_new0(SocketAddress, 1); |
3511 | |
3512 | if (strncmp(addrstr, "unix:" , 5) == 0) { |
3513 | addr->type = SOCKET_ADDRESS_TYPE_UNIX; |
3514 | addr->u.q_unix.path = g_strdup(addrstr + 5); |
3515 | |
3516 | if (websocket) { |
3517 | error_setg(errp, "UNIX sockets not supported with websock" ); |
3518 | goto cleanup; |
3519 | } |
3520 | |
3521 | if (to) { |
3522 | error_setg(errp, "Port range not support with UNIX socket" ); |
3523 | goto cleanup; |
3524 | } |
3525 | ret = 0; |
3526 | } else { |
3527 | const char *port; |
3528 | size_t hostlen; |
3529 | unsigned long long baseport = 0; |
3530 | InetSocketAddress *inet; |
3531 | |
3532 | port = strrchr(addrstr, ':'); |
3533 | if (!port) { |
3534 | if (websocket) { |
3535 | hostlen = 0; |
3536 | port = addrstr; |
3537 | } else { |
3538 | error_setg(errp, "no vnc port specified" ); |
3539 | goto cleanup; |
3540 | } |
3541 | } else { |
3542 | hostlen = port - addrstr; |
3543 | port++; |
3544 | if (*port == '\0') { |
3545 | error_setg(errp, "vnc port cannot be empty" ); |
3546 | goto cleanup; |
3547 | } |
3548 | } |
3549 | |
3550 | addr->type = SOCKET_ADDRESS_TYPE_INET; |
3551 | inet = &addr->u.inet; |
3552 | if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') { |
3553 | inet->host = g_strndup(addrstr + 1, hostlen - 2); |
3554 | } else { |
3555 | inet->host = g_strndup(addrstr, hostlen); |
3556 | } |
3557 | /* plain VNC port is just an offset, for websocket |
3558 | * port is absolute */ |
3559 | if (websocket) { |
3560 | if (g_str_equal(addrstr, "" ) || |
3561 | g_str_equal(addrstr, "on" )) { |
3562 | if (displaynum == -1) { |
3563 | error_setg(errp, "explicit websocket port is required" ); |
3564 | goto cleanup; |
3565 | } |
3566 | inet->port = g_strdup_printf( |
3567 | "%d" , displaynum + 5700); |
3568 | if (to) { |
3569 | inet->has_to = true; |
3570 | inet->to = to + 5700; |
3571 | } |
3572 | } else { |
3573 | inet->port = g_strdup(port); |
3574 | } |
3575 | } else { |
3576 | int offset = reverse ? 0 : 5900; |
3577 | if (parse_uint_full(port, &baseport, 10) < 0) { |
3578 | error_setg(errp, "can't convert to a number: %s" , port); |
3579 | goto cleanup; |
3580 | } |
3581 | if (baseport > 65535 || |
3582 | baseport + offset > 65535) { |
3583 | error_setg(errp, "port %s out of range" , port); |
3584 | goto cleanup; |
3585 | } |
3586 | inet->port = g_strdup_printf( |
3587 | "%d" , (int)baseport + offset); |
3588 | |
3589 | if (to) { |
3590 | inet->has_to = true; |
3591 | inet->to = to + offset; |
3592 | } |
3593 | } |
3594 | |
3595 | inet->ipv4 = ipv4; |
3596 | inet->has_ipv4 = has_ipv4; |
3597 | inet->ipv6 = ipv6; |
3598 | inet->has_ipv6 = has_ipv6; |
3599 | |
3600 | ret = baseport; |
3601 | } |
3602 | |
3603 | *retaddr = addr; |
3604 | |
3605 | cleanup: |
3606 | if (ret < 0) { |
3607 | qapi_free_SocketAddress(addr); |
3608 | } |
3609 | return ret; |
3610 | } |
3611 | |
3612 | static void vnc_free_addresses(SocketAddress ***retsaddr, |
3613 | size_t *retnsaddr) |
3614 | { |
3615 | size_t i; |
3616 | |
3617 | for (i = 0; i < *retnsaddr; i++) { |
3618 | qapi_free_SocketAddress((*retsaddr)[i]); |
3619 | } |
3620 | g_free(*retsaddr); |
3621 | |
3622 | *retsaddr = NULL; |
3623 | *retnsaddr = 0; |
3624 | } |
3625 | |
3626 | static int vnc_display_get_addresses(QemuOpts *opts, |
3627 | bool reverse, |
3628 | SocketAddress ***retsaddr, |
3629 | size_t *retnsaddr, |
3630 | SocketAddress ***retwsaddr, |
3631 | size_t *retnwsaddr, |
3632 | Error **errp) |
3633 | { |
3634 | SocketAddress *saddr = NULL; |
3635 | SocketAddress *wsaddr = NULL; |
3636 | QemuOptsIter addriter; |
3637 | const char *addr; |
3638 | int to = qemu_opt_get_number(opts, "to" , 0); |
3639 | bool has_ipv4 = qemu_opt_get(opts, "ipv4" ); |
3640 | bool has_ipv6 = qemu_opt_get(opts, "ipv6" ); |
3641 | bool ipv4 = qemu_opt_get_bool(opts, "ipv4" , false); |
3642 | bool ipv6 = qemu_opt_get_bool(opts, "ipv6" , false); |
3643 | int displaynum = -1; |
3644 | int ret = -1; |
3645 | |
3646 | *retsaddr = NULL; |
3647 | *retnsaddr = 0; |
3648 | *retwsaddr = NULL; |
3649 | *retnwsaddr = 0; |
3650 | |
3651 | addr = qemu_opt_get(opts, "vnc" ); |
3652 | if (addr == NULL || g_str_equal(addr, "none" )) { |
3653 | ret = 0; |
3654 | goto cleanup; |
3655 | } |
3656 | if (qemu_opt_get(opts, "websocket" ) && |
3657 | !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { |
3658 | error_setg(errp, |
3659 | "SHA1 hash support is required for websockets" ); |
3660 | goto cleanup; |
3661 | } |
3662 | |
3663 | qemu_opt_iter_init(&addriter, opts, "vnc" ); |
3664 | while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { |
3665 | int rv; |
3666 | rv = vnc_display_get_address(addr, false, reverse, 0, to, |
3667 | has_ipv4, has_ipv6, |
3668 | ipv4, ipv6, |
3669 | &saddr, errp); |
3670 | if (rv < 0) { |
3671 | goto cleanup; |
3672 | } |
3673 | /* Historical compat - first listen address can be used |
3674 | * to set the default websocket port |
3675 | */ |
3676 | if (displaynum == -1) { |
3677 | displaynum = rv; |
3678 | } |
3679 | *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1); |
3680 | (*retsaddr)[(*retnsaddr)++] = saddr; |
3681 | } |
3682 | |
3683 | /* If we had multiple primary displays, we don't do defaults |
3684 | * for websocket, and require explicit config instead. */ |
3685 | if (*retnsaddr > 1) { |
3686 | displaynum = -1; |
3687 | } |
3688 | |
3689 | qemu_opt_iter_init(&addriter, opts, "websocket" ); |
3690 | while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { |
3691 | if (vnc_display_get_address(addr, true, reverse, displaynum, to, |
3692 | has_ipv4, has_ipv6, |
3693 | ipv4, ipv6, |
3694 | &wsaddr, errp) < 0) { |
3695 | goto cleanup; |
3696 | } |
3697 | |
3698 | /* Historical compat - if only a single listen address was |
3699 | * provided, then this is used to set the default listen |
3700 | * address for websocket too |
3701 | */ |
3702 | if (*retnsaddr == 1 && |
3703 | (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET && |
3704 | wsaddr->type == SOCKET_ADDRESS_TYPE_INET && |
3705 | g_str_equal(wsaddr->u.inet.host, "" ) && |
3706 | !g_str_equal((*retsaddr)[0]->u.inet.host, "" )) { |
3707 | g_free(wsaddr->u.inet.host); |
3708 | wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host); |
3709 | } |
3710 | |
3711 | *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1); |
3712 | (*retwsaddr)[(*retnwsaddr)++] = wsaddr; |
3713 | } |
3714 | |
3715 | ret = 0; |
3716 | cleanup: |
3717 | if (ret < 0) { |
3718 | vnc_free_addresses(retsaddr, retnsaddr); |
3719 | vnc_free_addresses(retwsaddr, retnwsaddr); |
3720 | } |
3721 | return ret; |
3722 | } |
3723 | |
3724 | static int vnc_display_connect(VncDisplay *vd, |
3725 | SocketAddress **saddr, |
3726 | size_t nsaddr, |
3727 | SocketAddress **wsaddr, |
3728 | size_t nwsaddr, |
3729 | Error **errp) |
3730 | { |
3731 | /* connect to viewer */ |
3732 | QIOChannelSocket *sioc = NULL; |
3733 | if (nwsaddr != 0) { |
3734 | error_setg(errp, "Cannot use websockets in reverse mode" ); |
3735 | return -1; |
3736 | } |
3737 | if (nsaddr != 1) { |
3738 | error_setg(errp, "Expected a single address in reverse mode" ); |
3739 | return -1; |
3740 | } |
3741 | /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */ |
3742 | vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX; |
3743 | sioc = qio_channel_socket_new(); |
3744 | qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse" ); |
3745 | if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) { |
3746 | return -1; |
3747 | } |
3748 | vnc_connect(vd, sioc, false, false); |
3749 | object_unref(OBJECT(sioc)); |
3750 | return 0; |
3751 | } |
3752 | |
3753 | |
3754 | static int vnc_display_listen(VncDisplay *vd, |
3755 | SocketAddress **saddr, |
3756 | size_t nsaddr, |
3757 | SocketAddress **wsaddr, |
3758 | size_t nwsaddr, |
3759 | Error **errp) |
3760 | { |
3761 | size_t i; |
3762 | |
3763 | if (nsaddr) { |
3764 | vd->listener = qio_net_listener_new(); |
3765 | qio_net_listener_set_name(vd->listener, "vnc-listen" ); |
3766 | for (i = 0; i < nsaddr; i++) { |
3767 | if (qio_net_listener_open_sync(vd->listener, |
3768 | saddr[i], 1, |
3769 | errp) < 0) { |
3770 | return -1; |
3771 | } |
3772 | } |
3773 | |
3774 | qio_net_listener_set_client_func(vd->listener, |
3775 | vnc_listen_io, vd, NULL); |
3776 | } |
3777 | |
3778 | if (nwsaddr) { |
3779 | vd->wslistener = qio_net_listener_new(); |
3780 | qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen" ); |
3781 | for (i = 0; i < nwsaddr; i++) { |
3782 | if (qio_net_listener_open_sync(vd->wslistener, |
3783 | wsaddr[i], 1, |
3784 | errp) < 0) { |
3785 | return -1; |
3786 | } |
3787 | } |
3788 | |
3789 | qio_net_listener_set_client_func(vd->wslistener, |
3790 | vnc_listen_io, vd, NULL); |
3791 | } |
3792 | |
3793 | return 0; |
3794 | } |
3795 | |
3796 | |
3797 | void vnc_display_open(const char *id, Error **errp) |
3798 | { |
3799 | VncDisplay *vd = vnc_display_find(id); |
3800 | QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); |
3801 | SocketAddress **saddr = NULL, **wsaddr = NULL; |
3802 | size_t nsaddr, nwsaddr; |
3803 | const char *share, *device_id; |
3804 | QemuConsole *con; |
3805 | bool password = false; |
3806 | bool reverse = false; |
3807 | const char *credid; |
3808 | bool sasl = false; |
3809 | int acl = 0; |
3810 | const char *tlsauthz; |
3811 | const char *saslauthz; |
3812 | int lock_key_sync = 1; |
3813 | int key_delay_ms; |
3814 | const char *audiodev; |
3815 | |
3816 | if (!vd) { |
3817 | error_setg(errp, "VNC display not active" ); |
3818 | return; |
3819 | } |
3820 | vnc_display_close(vd); |
3821 | |
3822 | if (!opts) { |
3823 | return; |
3824 | } |
3825 | |
3826 | reverse = qemu_opt_get_bool(opts, "reverse" , false); |
3827 | if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr, |
3828 | &wsaddr, &nwsaddr, errp) < 0) { |
3829 | goto fail; |
3830 | } |
3831 | |
3832 | password = qemu_opt_get_bool(opts, "password" , false); |
3833 | if (password) { |
3834 | if (fips_get_state()) { |
3835 | error_setg(errp, |
3836 | "VNC password auth disabled due to FIPS mode, " |
3837 | "consider using the VeNCrypt or SASL authentication " |
3838 | "methods as an alternative" ); |
3839 | goto fail; |
3840 | } |
3841 | if (!qcrypto_cipher_supports( |
3842 | QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { |
3843 | error_setg(errp, |
3844 | "Cipher backend does not support DES RFB algorithm" ); |
3845 | goto fail; |
3846 | } |
3847 | } |
3848 | |
3849 | lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync" , true); |
3850 | key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms" , 10); |
3851 | sasl = qemu_opt_get_bool(opts, "sasl" , false); |
3852 | #ifndef CONFIG_VNC_SASL |
3853 | if (sasl) { |
3854 | error_setg(errp, "VNC SASL auth requires cyrus-sasl support" ); |
3855 | goto fail; |
3856 | } |
3857 | #endif /* CONFIG_VNC_SASL */ |
3858 | credid = qemu_opt_get(opts, "tls-creds" ); |
3859 | if (credid) { |
3860 | Object *creds; |
3861 | creds = object_resolve_path_component( |
3862 | object_get_objects_root(), credid); |
3863 | if (!creds) { |
3864 | error_setg(errp, "No TLS credentials with id '%s'" , |
3865 | credid); |
3866 | goto fail; |
3867 | } |
3868 | vd->tlscreds = (QCryptoTLSCreds *) |
3869 | object_dynamic_cast(creds, |
3870 | TYPE_QCRYPTO_TLS_CREDS); |
3871 | if (!vd->tlscreds) { |
3872 | error_setg(errp, "Object with id '%s' is not TLS credentials" , |
3873 | credid); |
3874 | goto fail; |
3875 | } |
3876 | object_ref(OBJECT(vd->tlscreds)); |
3877 | |
3878 | if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { |
3879 | error_setg(errp, |
3880 | "Expecting TLS credentials with a server endpoint" ); |
3881 | goto fail; |
3882 | } |
3883 | } |
3884 | if (qemu_opt_get(opts, "acl" )) { |
3885 | error_report("The 'acl' option to -vnc is deprecated. " |
3886 | "Please use the 'tls-authz' and 'sasl-authz' " |
3887 | "options instead" ); |
3888 | } |
3889 | acl = qemu_opt_get_bool(opts, "acl" , false); |
3890 | tlsauthz = qemu_opt_get(opts, "tls-authz" ); |
3891 | if (acl && tlsauthz) { |
3892 | error_setg(errp, "'acl' option is mutually exclusive with the " |
3893 | "'tls-authz' option" ); |
3894 | goto fail; |
3895 | } |
3896 | if (tlsauthz && !vd->tlscreds) { |
3897 | error_setg(errp, "'tls-authz' provided but TLS is not enabled" ); |
3898 | goto fail; |
3899 | } |
3900 | |
3901 | saslauthz = qemu_opt_get(opts, "sasl-authz" ); |
3902 | if (acl && saslauthz) { |
3903 | error_setg(errp, "'acl' option is mutually exclusive with the " |
3904 | "'sasl-authz' option" ); |
3905 | goto fail; |
3906 | } |
3907 | if (saslauthz && !sasl) { |
3908 | error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled" ); |
3909 | goto fail; |
3910 | } |
3911 | |
3912 | share = qemu_opt_get(opts, "share" ); |
3913 | if (share) { |
3914 | if (strcmp(share, "ignore" ) == 0) { |
3915 | vd->share_policy = VNC_SHARE_POLICY_IGNORE; |
3916 | } else if (strcmp(share, "allow-exclusive" ) == 0) { |
3917 | vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; |
3918 | } else if (strcmp(share, "force-shared" ) == 0) { |
3919 | vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; |
3920 | } else { |
3921 | error_setg(errp, "unknown vnc share= option" ); |
3922 | goto fail; |
3923 | } |
3924 | } else { |
3925 | vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; |
3926 | } |
3927 | vd->connections_limit = qemu_opt_get_number(opts, "connections" , 32); |
3928 | |
3929 | #ifdef CONFIG_VNC_JPEG |
3930 | vd->lossy = qemu_opt_get_bool(opts, "lossy" , false); |
3931 | #endif |
3932 | vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive" , false); |
3933 | /* adaptive updates are only used with tight encoding and |
3934 | * if lossy updates are enabled so we can disable all the |
3935 | * calculations otherwise */ |
3936 | if (!vd->lossy) { |
3937 | vd->non_adaptive = true; |
3938 | } |
3939 | |
3940 | if (tlsauthz) { |
3941 | vd->tlsauthzid = g_strdup(tlsauthz); |
3942 | } else if (acl) { |
3943 | if (strcmp(vd->id, "default" ) == 0) { |
3944 | vd->tlsauthzid = g_strdup("vnc.x509dname" ); |
3945 | } else { |
3946 | vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname" , vd->id); |
3947 | } |
3948 | vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid, |
3949 | QAUTHZ_LIST_POLICY_DENY, |
3950 | &error_abort)); |
3951 | } |
3952 | #ifdef CONFIG_VNC_SASL |
3953 | if (sasl) { |
3954 | if (saslauthz) { |
3955 | vd->sasl.authzid = g_strdup(saslauthz); |
3956 | } else if (acl) { |
3957 | if (strcmp(vd->id, "default" ) == 0) { |
3958 | vd->sasl.authzid = g_strdup("vnc.username" ); |
3959 | } else { |
3960 | vd->sasl.authzid = g_strdup_printf("vnc.%s.username" , vd->id); |
3961 | } |
3962 | vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid, |
3963 | QAUTHZ_LIST_POLICY_DENY, |
3964 | &error_abort)); |
3965 | } |
3966 | } |
3967 | #endif |
3968 | |
3969 | if (vnc_display_setup_auth(&vd->auth, &vd->subauth, |
3970 | vd->tlscreds, password, |
3971 | sasl, false, errp) < 0) { |
3972 | goto fail; |
3973 | } |
3974 | trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth); |
3975 | |
3976 | if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth, |
3977 | vd->tlscreds, password, |
3978 | sasl, true, errp) < 0) { |
3979 | goto fail; |
3980 | } |
3981 | trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth); |
3982 | |
3983 | #ifdef CONFIG_VNC_SASL |
3984 | if (sasl) { |
3985 | int saslErr = sasl_server_init(NULL, "qemu" ); |
3986 | |
3987 | if (saslErr != SASL_OK) { |
3988 | error_setg(errp, "Failed to initialize SASL auth: %s" , |
3989 | sasl_errstring(saslErr, NULL, NULL)); |
3990 | goto fail; |
3991 | } |
3992 | } |
3993 | #endif |
3994 | vd->lock_key_sync = lock_key_sync; |
3995 | if (lock_key_sync) { |
3996 | vd->led = qemu_add_led_event_handler(kbd_leds, vd); |
3997 | } |
3998 | vd->ledstate = 0; |
3999 | |
4000 | audiodev = qemu_opt_get(opts, "audiodev" ); |
4001 | if (audiodev) { |
4002 | vd->audio_state = audio_state_by_name(audiodev); |
4003 | if (!vd->audio_state) { |
4004 | error_setg(errp, "Audiodev '%s' not found" , audiodev); |
4005 | goto fail; |
4006 | } |
4007 | } |
4008 | |
4009 | device_id = qemu_opt_get(opts, "display" ); |
4010 | if (device_id) { |
4011 | int head = qemu_opt_get_number(opts, "head" , 0); |
4012 | Error *err = NULL; |
4013 | |
4014 | con = qemu_console_lookup_by_device_name(device_id, head, &err); |
4015 | if (err) { |
4016 | error_propagate(errp, err); |
4017 | goto fail; |
4018 | } |
4019 | } else { |
4020 | con = NULL; |
4021 | } |
4022 | |
4023 | if (con != vd->dcl.con) { |
4024 | qkbd_state_free(vd->kbd); |
4025 | unregister_displaychangelistener(&vd->dcl); |
4026 | vd->dcl.con = con; |
4027 | register_displaychangelistener(&vd->dcl); |
4028 | vd->kbd = qkbd_state_init(vd->dcl.con); |
4029 | } |
4030 | qkbd_state_set_delay(vd->kbd, key_delay_ms); |
4031 | |
4032 | if (saddr == NULL) { |
4033 | goto cleanup; |
4034 | } |
4035 | |
4036 | if (reverse) { |
4037 | if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) { |
4038 | goto fail; |
4039 | } |
4040 | } else { |
4041 | if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) { |
4042 | goto fail; |
4043 | } |
4044 | } |
4045 | |
4046 | if (qemu_opt_get(opts, "to" )) { |
4047 | vnc_display_print_local_addr(vd); |
4048 | } |
4049 | |
4050 | cleanup: |
4051 | vnc_free_addresses(&saddr, &nsaddr); |
4052 | vnc_free_addresses(&wsaddr, &nwsaddr); |
4053 | return; |
4054 | |
4055 | fail: |
4056 | vnc_display_close(vd); |
4057 | goto cleanup; |
4058 | } |
4059 | |
4060 | void vnc_display_add_client(const char *id, int csock, bool skipauth) |
4061 | { |
4062 | VncDisplay *vd = vnc_display_find(id); |
4063 | QIOChannelSocket *sioc; |
4064 | |
4065 | if (!vd) { |
4066 | return; |
4067 | } |
4068 | |
4069 | sioc = qio_channel_socket_new_fd(csock, NULL); |
4070 | if (sioc) { |
4071 | qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server" ); |
4072 | vnc_connect(vd, sioc, skipauth, false); |
4073 | object_unref(OBJECT(sioc)); |
4074 | } |
4075 | } |
4076 | |
4077 | static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) |
4078 | { |
4079 | int i = 2; |
4080 | char *id; |
4081 | |
4082 | id = g_strdup("default" ); |
4083 | while (qemu_opts_find(olist, id)) { |
4084 | g_free(id); |
4085 | id = g_strdup_printf("vnc%d" , i++); |
4086 | } |
4087 | qemu_opts_set_id(opts, id); |
4088 | } |
4089 | |
4090 | QemuOpts *vnc_parse(const char *str, Error **errp) |
4091 | { |
4092 | QemuOptsList *olist = qemu_find_opts("vnc" ); |
4093 | QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); |
4094 | const char *id; |
4095 | |
4096 | if (!opts) { |
4097 | return NULL; |
4098 | } |
4099 | |
4100 | id = qemu_opts_id(opts); |
4101 | if (!id) { |
4102 | /* auto-assign id if not present */ |
4103 | vnc_auto_assign_id(olist, opts); |
4104 | } |
4105 | return opts; |
4106 | } |
4107 | |
4108 | int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) |
4109 | { |
4110 | Error *local_err = NULL; |
4111 | char *id = (char *)qemu_opts_id(opts); |
4112 | |
4113 | assert(id); |
4114 | vnc_display_init(id, &local_err); |
4115 | if (local_err) { |
4116 | error_propagate(errp, local_err); |
4117 | return -1; |
4118 | } |
4119 | vnc_display_open(id, &local_err); |
4120 | if (local_err != NULL) { |
4121 | error_propagate(errp, local_err); |
4122 | return -1; |
4123 | } |
4124 | return 0; |
4125 | } |
4126 | |
4127 | static void vnc_register_config(void) |
4128 | { |
4129 | qemu_add_opts(&qemu_vnc_opts); |
4130 | } |
4131 | opts_init(vnc_register_config); |
4132 | |