1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu/sysemu.h" 30 #include "qemu/sockets.h" 31 #include "qemu/timer.h" 32 #include "qemu/acl.h" 33 #include "qapi/qmp/types.h" 34 #include "qmp-commands.h" 35 #include "qemu/osdep.h" 36 37 #define VNC_REFRESH_INTERVAL_BASE 30 38 #define VNC_REFRESH_INTERVAL_INC 50 39 #define VNC_REFRESH_INTERVAL_MAX 2000 40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 42 43 #include "vnc_keysym.h" 44 #include "d3des.h" 45 46 static VncDisplay *vnc_display; /* needed for info vnc */ 47 48 static int vnc_cursor_define(VncState *vs); 49 static void vnc_release_modifiers(VncState *vs); 50 51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 52 { 53 #ifdef _VNC_DEBUG 54 static const char *mn[] = { 55 [0] = "undefined", 56 [VNC_SHARE_MODE_CONNECTING] = "connecting", 57 [VNC_SHARE_MODE_SHARED] = "shared", 58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 60 }; 61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 62 vs->csock, mn[vs->share_mode], mn[mode]); 63 #endif 64 65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 66 vs->vd->num_exclusive--; 67 } 68 vs->share_mode = mode; 69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 70 vs->vd->num_exclusive++; 71 } 72 } 73 74 static char *addr_to_string(const char *format, 75 struct sockaddr_storage *sa, 76 socklen_t salen) { 77 char *addr; 78 char host[NI_MAXHOST]; 79 char serv[NI_MAXSERV]; 80 int err; 81 size_t addrlen; 82 83 if ((err = getnameinfo((struct sockaddr *)sa, salen, 84 host, sizeof(host), 85 serv, sizeof(serv), 86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 87 VNC_DEBUG("Cannot resolve address %d: %s\n", 88 err, gai_strerror(err)); 89 return NULL; 90 } 91 92 /* Enough for the existing format + the 2 vars we're 93 * substituting in. */ 94 addrlen = strlen(format) + strlen(host) + strlen(serv); 95 addr = g_malloc(addrlen + 1); 96 snprintf(addr, addrlen, format, host, serv); 97 addr[addrlen] = '\0'; 98 99 return addr; 100 } 101 102 103 char *vnc_socket_local_addr(const char *format, int fd) { 104 struct sockaddr_storage sa; 105 socklen_t salen; 106 107 salen = sizeof(sa); 108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 109 return NULL; 110 111 return addr_to_string(format, &sa, salen); 112 } 113 114 char *vnc_socket_remote_addr(const char *format, int fd) { 115 struct sockaddr_storage sa; 116 socklen_t salen; 117 118 salen = sizeof(sa); 119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 120 return NULL; 121 122 return addr_to_string(format, &sa, salen); 123 } 124 125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 126 socklen_t salen) 127 { 128 char host[NI_MAXHOST]; 129 char serv[NI_MAXSERV]; 130 int err; 131 132 if ((err = getnameinfo((struct sockaddr *)sa, salen, 133 host, sizeof(host), 134 serv, sizeof(serv), 135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 136 VNC_DEBUG("Cannot resolve address %d: %s\n", 137 err, gai_strerror(err)); 138 return -1; 139 } 140 141 qdict_put(qdict, "host", qstring_from_str(host)); 142 qdict_put(qdict, "service", qstring_from_str(serv)); 143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 144 145 return 0; 146 } 147 148 static int vnc_server_addr_put(QDict *qdict, int fd) 149 { 150 struct sockaddr_storage sa; 151 socklen_t salen; 152 153 salen = sizeof(sa); 154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 155 return -1; 156 } 157 158 return put_addr_qdict(qdict, &sa, salen); 159 } 160 161 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 162 { 163 struct sockaddr_storage sa; 164 socklen_t salen; 165 166 salen = sizeof(sa); 167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 168 return -1; 169 } 170 171 return put_addr_qdict(qdict, &sa, salen); 172 } 173 174 static const char *vnc_auth_name(VncDisplay *vd) { 175 switch (vd->auth) { 176 case VNC_AUTH_INVALID: 177 return "invalid"; 178 case VNC_AUTH_NONE: 179 return "none"; 180 case VNC_AUTH_VNC: 181 return "vnc"; 182 case VNC_AUTH_RA2: 183 return "ra2"; 184 case VNC_AUTH_RA2NE: 185 return "ra2ne"; 186 case VNC_AUTH_TIGHT: 187 return "tight"; 188 case VNC_AUTH_ULTRA: 189 return "ultra"; 190 case VNC_AUTH_TLS: 191 return "tls"; 192 case VNC_AUTH_VENCRYPT: 193 #ifdef CONFIG_VNC_TLS 194 switch (vd->subauth) { 195 case VNC_AUTH_VENCRYPT_PLAIN: 196 return "vencrypt+plain"; 197 case VNC_AUTH_VENCRYPT_TLSNONE: 198 return "vencrypt+tls+none"; 199 case VNC_AUTH_VENCRYPT_TLSVNC: 200 return "vencrypt+tls+vnc"; 201 case VNC_AUTH_VENCRYPT_TLSPLAIN: 202 return "vencrypt+tls+plain"; 203 case VNC_AUTH_VENCRYPT_X509NONE: 204 return "vencrypt+x509+none"; 205 case VNC_AUTH_VENCRYPT_X509VNC: 206 return "vencrypt+x509+vnc"; 207 case VNC_AUTH_VENCRYPT_X509PLAIN: 208 return "vencrypt+x509+plain"; 209 case VNC_AUTH_VENCRYPT_TLSSASL: 210 return "vencrypt+tls+sasl"; 211 case VNC_AUTH_VENCRYPT_X509SASL: 212 return "vencrypt+x509+sasl"; 213 default: 214 return "vencrypt"; 215 } 216 #else 217 return "vencrypt"; 218 #endif 219 case VNC_AUTH_SASL: 220 return "sasl"; 221 } 222 return "unknown"; 223 } 224 225 static int vnc_server_info_put(QDict *qdict) 226 { 227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 228 return -1; 229 } 230 231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 232 return 0; 233 } 234 235 static void vnc_client_cache_auth(VncState *client) 236 { 237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 238 QDict *qdict; 239 #endif 240 241 if (!client->info) { 242 return; 243 } 244 245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 246 qdict = qobject_to_qdict(client->info); 247 #endif 248 249 #ifdef CONFIG_VNC_TLS 250 if (client->tls.session && 251 client->tls.dname) { 252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 253 } 254 #endif 255 #ifdef CONFIG_VNC_SASL 256 if (client->sasl.conn && 257 client->sasl.username) { 258 qdict_put(qdict, "sasl_username", 259 qstring_from_str(client->sasl.username)); 260 } 261 #endif 262 } 263 264 static void vnc_client_cache_addr(VncState *client) 265 { 266 QDict *qdict; 267 268 qdict = qdict_new(); 269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 270 QDECREF(qdict); 271 /* XXX: how to report the error? */ 272 return; 273 } 274 275 client->info = QOBJECT(qdict); 276 } 277 278 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 279 { 280 QDict *server; 281 QObject *data; 282 283 if (!vs->info) { 284 return; 285 } 286 287 server = qdict_new(); 288 if (vnc_server_info_put(server) < 0) { 289 QDECREF(server); 290 return; 291 } 292 293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 294 vs->info, QOBJECT(server)); 295 296 monitor_protocol_event(event, data); 297 298 qobject_incref(vs->info); 299 qobject_decref(data); 300 } 301 302 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 303 { 304 struct sockaddr_storage sa; 305 socklen_t salen = sizeof(sa); 306 char host[NI_MAXHOST]; 307 char serv[NI_MAXSERV]; 308 VncClientInfo *info; 309 310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 311 return NULL; 312 } 313 314 if (getnameinfo((struct sockaddr *)&sa, salen, 315 host, sizeof(host), 316 serv, sizeof(serv), 317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 318 return NULL; 319 } 320 321 info = g_malloc0(sizeof(*info)); 322 info->host = g_strdup(host); 323 info->service = g_strdup(serv); 324 info->family = g_strdup(inet_strfamily(sa.ss_family)); 325 326 #ifdef CONFIG_VNC_TLS 327 if (client->tls.session && client->tls.dname) { 328 info->has_x509_dname = true; 329 info->x509_dname = g_strdup(client->tls.dname); 330 } 331 #endif 332 #ifdef CONFIG_VNC_SASL 333 if (client->sasl.conn && client->sasl.username) { 334 info->has_sasl_username = true; 335 info->sasl_username = g_strdup(client->sasl.username); 336 } 337 #endif 338 339 return info; 340 } 341 342 VncInfo *qmp_query_vnc(Error **errp) 343 { 344 VncInfo *info = g_malloc0(sizeof(*info)); 345 346 if (vnc_display == NULL || vnc_display->display == NULL) { 347 info->enabled = false; 348 } else { 349 VncClientInfoList *cur_item = NULL; 350 struct sockaddr_storage sa; 351 socklen_t salen = sizeof(sa); 352 char host[NI_MAXHOST]; 353 char serv[NI_MAXSERV]; 354 VncState *client; 355 356 info->enabled = true; 357 358 /* for compatibility with the original command */ 359 info->has_clients = true; 360 361 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 363 cinfo->value = qmp_query_vnc_client(client); 364 365 /* XXX: waiting for the qapi to support GSList */ 366 if (!cur_item) { 367 info->clients = cur_item = cinfo; 368 } else { 369 cur_item->next = cinfo; 370 cur_item = cinfo; 371 } 372 } 373 374 if (vnc_display->lsock == -1) { 375 return info; 376 } 377 378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 379 &salen) == -1) { 380 error_set(errp, QERR_UNDEFINED_ERROR); 381 goto out_error; 382 } 383 384 if (getnameinfo((struct sockaddr *)&sa, salen, 385 host, sizeof(host), 386 serv, sizeof(serv), 387 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 388 error_set(errp, QERR_UNDEFINED_ERROR); 389 goto out_error; 390 } 391 392 info->has_host = true; 393 info->host = g_strdup(host); 394 395 info->has_service = true; 396 info->service = g_strdup(serv); 397 398 info->has_family = true; 399 info->family = g_strdup(inet_strfamily(sa.ss_family)); 400 401 info->has_auth = true; 402 info->auth = g_strdup(vnc_auth_name(vnc_display)); 403 } 404 405 return info; 406 407 out_error: 408 qapi_free_VncInfo(info); 409 return NULL; 410 } 411 412 /* TODO 413 1) Get the queue working for IO. 414 2) there is some weirdness when using the -S option (the screen is grey 415 and not totally invalidated 416 3) resolutions > 1024 417 */ 418 419 static int vnc_update_client(VncState *vs, int has_dirty); 420 static int vnc_update_client_sync(VncState *vs, int has_dirty); 421 static void vnc_disconnect_start(VncState *vs); 422 static void vnc_init_timer(VncDisplay *vd); 423 static void vnc_remove_timer(VncDisplay *vd); 424 425 static void vnc_colordepth(VncState *vs); 426 static void framebuffer_update_request(VncState *vs, int incremental, 427 int x_position, int y_position, 428 int w, int h); 429 static void vnc_refresh(void *opaque); 430 static int vnc_refresh_server_surface(VncDisplay *vd); 431 432 static void vnc_dpy_update(DisplayChangeListener *dcl, 433 DisplayState *ds, 434 int x, int y, int w, int h) 435 { 436 int i; 437 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 438 struct VncSurface *s = &vd->guest; 439 int width = surface_width(vd->ds); 440 int height = surface_height(vd->ds); 441 442 h += y; 443 444 /* round x down to ensure the loop only spans one 16-pixel block per, 445 iteration. otherwise, if (x % 16) != 0, the last iteration may span 446 two 16-pixel blocks but we only mark the first as dirty 447 */ 448 w += (x % 16); 449 x -= (x % 16); 450 451 x = MIN(x, width); 452 y = MIN(y, height); 453 w = MIN(x + w, width) - x; 454 h = MIN(h, height); 455 456 for (; y < h; y++) 457 for (i = 0; i < w; i += 16) 458 set_bit((x + i) / 16, s->dirty[y]); 459 } 460 461 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 462 int32_t encoding) 463 { 464 vnc_write_u16(vs, x); 465 vnc_write_u16(vs, y); 466 vnc_write_u16(vs, w); 467 vnc_write_u16(vs, h); 468 469 vnc_write_s32(vs, encoding); 470 } 471 472 void buffer_reserve(Buffer *buffer, size_t len) 473 { 474 if ((buffer->capacity - buffer->offset) < len) { 475 buffer->capacity += (len + 1024); 476 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 477 if (buffer->buffer == NULL) { 478 fprintf(stderr, "vnc: out of memory\n"); 479 exit(1); 480 } 481 } 482 } 483 484 static int buffer_empty(Buffer *buffer) 485 { 486 return buffer->offset == 0; 487 } 488 489 uint8_t *buffer_end(Buffer *buffer) 490 { 491 return buffer->buffer + buffer->offset; 492 } 493 494 void buffer_reset(Buffer *buffer) 495 { 496 buffer->offset = 0; 497 } 498 499 void buffer_free(Buffer *buffer) 500 { 501 g_free(buffer->buffer); 502 buffer->offset = 0; 503 buffer->capacity = 0; 504 buffer->buffer = NULL; 505 } 506 507 void buffer_append(Buffer *buffer, const void *data, size_t len) 508 { 509 memcpy(buffer->buffer + buffer->offset, data, len); 510 buffer->offset += len; 511 } 512 513 void buffer_advance(Buffer *buf, size_t len) 514 { 515 memmove(buf->buffer, buf->buffer + len, 516 (buf->offset - len)); 517 buf->offset -= len; 518 } 519 520 static void vnc_desktop_resize(VncState *vs) 521 { 522 DisplaySurface *ds = vs->vd->ds; 523 524 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 525 return; 526 } 527 if (vs->client_width == surface_width(ds) && 528 vs->client_height == surface_height(ds)) { 529 return; 530 } 531 vs->client_width = surface_width(ds); 532 vs->client_height = surface_height(ds); 533 vnc_lock_output(vs); 534 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 535 vnc_write_u8(vs, 0); 536 vnc_write_u16(vs, 1); /* number of rects */ 537 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 538 VNC_ENCODING_DESKTOPRESIZE); 539 vnc_unlock_output(vs); 540 vnc_flush(vs); 541 } 542 543 static void vnc_abort_display_jobs(VncDisplay *vd) 544 { 545 VncState *vs; 546 547 QTAILQ_FOREACH(vs, &vd->clients, next) { 548 vnc_lock_output(vs); 549 vs->abort = true; 550 vnc_unlock_output(vs); 551 } 552 QTAILQ_FOREACH(vs, &vd->clients, next) { 553 vnc_jobs_join(vs); 554 } 555 QTAILQ_FOREACH(vs, &vd->clients, next) { 556 vnc_lock_output(vs); 557 vs->abort = false; 558 vnc_unlock_output(vs); 559 } 560 } 561 562 int vnc_server_fb_stride(VncDisplay *vd) 563 { 564 return pixman_image_get_stride(vd->server); 565 } 566 567 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 568 { 569 uint8_t *ptr; 570 571 ptr = (uint8_t *)pixman_image_get_data(vd->server); 572 ptr += y * vnc_server_fb_stride(vd); 573 ptr += x * VNC_SERVER_FB_BYTES; 574 return ptr; 575 } 576 577 static void vnc_dpy_switch(DisplayChangeListener *dcl, 578 DisplayState *dontuse, 579 DisplaySurface *surface) 580 { 581 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 582 VncState *vs; 583 584 vnc_abort_display_jobs(vd); 585 586 /* server surface */ 587 qemu_pixman_image_unref(vd->server); 588 vd->ds = surface; 589 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 590 surface_width(vd->ds), 591 surface_height(vd->ds), 592 NULL, 0); 593 594 /* guest surface */ 595 #if 0 /* FIXME */ 596 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 597 console_color_init(ds); 598 #endif 599 qemu_pixman_image_unref(vd->guest.fb); 600 vd->guest.fb = pixman_image_ref(surface->image); 601 vd->guest.format = surface->format; 602 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 603 604 QTAILQ_FOREACH(vs, &vd->clients, next) { 605 vnc_colordepth(vs); 606 vnc_desktop_resize(vs); 607 if (vs->vd->cursor) { 608 vnc_cursor_define(vs); 609 } 610 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 611 } 612 } 613 614 /* fastest code */ 615 static void vnc_write_pixels_copy(VncState *vs, 616 void *pixels, int size) 617 { 618 vnc_write(vs, pixels, size); 619 } 620 621 /* slowest but generic code. */ 622 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 623 { 624 uint8_t r, g, b; 625 626 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 627 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 628 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 629 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 630 #else 631 # error need some bits here if you change VNC_SERVER_FB_FORMAT 632 #endif 633 v = (r << vs->client_pf.rshift) | 634 (g << vs->client_pf.gshift) | 635 (b << vs->client_pf.bshift); 636 switch (vs->client_pf.bytes_per_pixel) { 637 case 1: 638 buf[0] = v; 639 break; 640 case 2: 641 if (vs->client_be) { 642 buf[0] = v >> 8; 643 buf[1] = v; 644 } else { 645 buf[1] = v >> 8; 646 buf[0] = v; 647 } 648 break; 649 default: 650 case 4: 651 if (vs->client_be) { 652 buf[0] = v >> 24; 653 buf[1] = v >> 16; 654 buf[2] = v >> 8; 655 buf[3] = v; 656 } else { 657 buf[3] = v >> 24; 658 buf[2] = v >> 16; 659 buf[1] = v >> 8; 660 buf[0] = v; 661 } 662 break; 663 } 664 } 665 666 static void vnc_write_pixels_generic(VncState *vs, 667 void *pixels1, int size) 668 { 669 uint8_t buf[4]; 670 671 if (VNC_SERVER_FB_BYTES == 4) { 672 uint32_t *pixels = pixels1; 673 int n, i; 674 n = size >> 2; 675 for (i = 0; i < n; i++) { 676 vnc_convert_pixel(vs, buf, pixels[i]); 677 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 678 } 679 } 680 } 681 682 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 683 { 684 int i; 685 uint8_t *row; 686 VncDisplay *vd = vs->vd; 687 688 row = vnc_server_fb_ptr(vd, x, y); 689 for (i = 0; i < h; i++) { 690 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 691 row += vnc_server_fb_stride(vd); 692 } 693 return 1; 694 } 695 696 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 697 { 698 int n = 0; 699 700 switch(vs->vnc_encoding) { 701 case VNC_ENCODING_ZLIB: 702 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 703 break; 704 case VNC_ENCODING_HEXTILE: 705 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 706 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 707 break; 708 case VNC_ENCODING_TIGHT: 709 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 710 break; 711 case VNC_ENCODING_TIGHT_PNG: 712 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 713 break; 714 case VNC_ENCODING_ZRLE: 715 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 716 break; 717 case VNC_ENCODING_ZYWRLE: 718 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 719 break; 720 default: 721 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 722 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 723 break; 724 } 725 return n; 726 } 727 728 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 729 { 730 /* send bitblit op to the vnc client */ 731 vnc_lock_output(vs); 732 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 733 vnc_write_u8(vs, 0); 734 vnc_write_u16(vs, 1); /* number of rects */ 735 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 736 vnc_write_u16(vs, src_x); 737 vnc_write_u16(vs, src_y); 738 vnc_unlock_output(vs); 739 vnc_flush(vs); 740 } 741 742 static void vnc_dpy_copy(DisplayChangeListener *dcl, 743 DisplayState *dontuse, 744 int src_x, int src_y, 745 int dst_x, int dst_y, int w, int h) 746 { 747 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 748 VncState *vs, *vn; 749 uint8_t *src_row; 750 uint8_t *dst_row; 751 int i, x, y, pitch, inc, w_lim, s; 752 int cmp_bytes; 753 754 vnc_refresh_server_surface(vd); 755 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 756 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 757 vs->force_update = 1; 758 vnc_update_client_sync(vs, 1); 759 /* vs might be free()ed here */ 760 } 761 } 762 763 /* do bitblit op on the local surface too */ 764 pitch = vnc_server_fb_stride(vd); 765 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 766 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 767 y = dst_y; 768 inc = 1; 769 if (dst_y > src_y) { 770 /* copy backwards */ 771 src_row += pitch * (h-1); 772 dst_row += pitch * (h-1); 773 pitch = -pitch; 774 y = dst_y + h - 1; 775 inc = -1; 776 } 777 w_lim = w - (16 - (dst_x % 16)); 778 if (w_lim < 0) 779 w_lim = w; 780 else 781 w_lim = w - (w_lim % 16); 782 for (i = 0; i < h; i++) { 783 for (x = 0; x <= w_lim; 784 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 785 if (x == w_lim) { 786 if ((s = w - w_lim) == 0) 787 break; 788 } else if (!x) { 789 s = (16 - (dst_x % 16)); 790 s = MIN(s, w_lim); 791 } else { 792 s = 16; 793 } 794 cmp_bytes = s * VNC_SERVER_FB_BYTES; 795 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 796 continue; 797 memmove(dst_row, src_row, cmp_bytes); 798 QTAILQ_FOREACH(vs, &vd->clients, next) { 799 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 800 set_bit(((x + dst_x) / 16), vs->dirty[y]); 801 } 802 } 803 } 804 src_row += pitch - w * VNC_SERVER_FB_BYTES; 805 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 806 y += inc; 807 } 808 809 QTAILQ_FOREACH(vs, &vd->clients, next) { 810 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 811 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 812 } 813 } 814 } 815 816 static void vnc_mouse_set(DisplayChangeListener *dcl, 817 DisplayState *dontuse, 818 int x, int y, int visible) 819 { 820 /* can we ask the client(s) to move the pointer ??? */ 821 } 822 823 static int vnc_cursor_define(VncState *vs) 824 { 825 QEMUCursor *c = vs->vd->cursor; 826 int isize; 827 828 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 829 vnc_lock_output(vs); 830 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 831 vnc_write_u8(vs, 0); /* padding */ 832 vnc_write_u16(vs, 1); /* # of rects */ 833 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 834 VNC_ENCODING_RICH_CURSOR); 835 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 836 vnc_write_pixels_generic(vs, c->data, isize); 837 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 838 vnc_unlock_output(vs); 839 return 0; 840 } 841 return -1; 842 } 843 844 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 845 DisplayState *dontuse, 846 QEMUCursor *c) 847 { 848 VncDisplay *vd = vnc_display; 849 VncState *vs; 850 851 cursor_put(vd->cursor); 852 g_free(vd->cursor_mask); 853 854 vd->cursor = c; 855 cursor_get(vd->cursor); 856 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 857 vd->cursor_mask = g_malloc0(vd->cursor_msize); 858 cursor_get_mono_mask(c, 0, vd->cursor_mask); 859 860 QTAILQ_FOREACH(vs, &vd->clients, next) { 861 vnc_cursor_define(vs); 862 } 863 } 864 865 static int find_and_clear_dirty_height(struct VncState *vs, 866 int y, int last_x, int x, int height) 867 { 868 int h; 869 870 for (h = 1; h < (height - y); h++) { 871 int tmp_x; 872 if (!test_bit(last_x, vs->dirty[y + h])) { 873 break; 874 } 875 for (tmp_x = last_x; tmp_x < x; tmp_x++) { 876 clear_bit(tmp_x, vs->dirty[y + h]); 877 } 878 } 879 880 return h; 881 } 882 883 static int vnc_update_client_sync(VncState *vs, int has_dirty) 884 { 885 int ret = vnc_update_client(vs, has_dirty); 886 vnc_jobs_join(vs); 887 return ret; 888 } 889 890 static int vnc_update_client(VncState *vs, int has_dirty) 891 { 892 if (vs->need_update && vs->csock != -1) { 893 VncDisplay *vd = vs->vd; 894 VncJob *job; 895 int y; 896 int width, height; 897 int n = 0; 898 899 900 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 901 /* kernel send buffers are full -> drop frames to throttle */ 902 return 0; 903 904 if (!has_dirty && !vs->audio_cap && !vs->force_update) 905 return 0; 906 907 /* 908 * Send screen updates to the vnc client using the server 909 * surface and server dirty map. guest surface updates 910 * happening in parallel don't disturb us, the next pass will 911 * send them to the client. 912 */ 913 job = vnc_job_new(vs); 914 915 width = MIN(pixman_image_get_width(vd->server), vs->client_width); 916 height = MIN(pixman_image_get_height(vd->server), vs->client_height); 917 918 for (y = 0; y < height; y++) { 919 int x; 920 int last_x = -1; 921 for (x = 0; x < width / 16; x++) { 922 if (test_and_clear_bit(x, vs->dirty[y])) { 923 if (last_x == -1) { 924 last_x = x; 925 } 926 } else { 927 if (last_x != -1) { 928 int h = find_and_clear_dirty_height(vs, y, last_x, x, 929 height); 930 931 n += vnc_job_add_rect(job, last_x * 16, y, 932 (x - last_x) * 16, h); 933 } 934 last_x = -1; 935 } 936 } 937 if (last_x != -1) { 938 int h = find_and_clear_dirty_height(vs, y, last_x, x, height); 939 n += vnc_job_add_rect(job, last_x * 16, y, 940 (x - last_x) * 16, h); 941 } 942 } 943 944 vnc_job_push(job); 945 vs->force_update = 0; 946 return n; 947 } 948 949 if (vs->csock == -1) 950 vnc_disconnect_finish(vs); 951 952 return 0; 953 } 954 955 /* audio */ 956 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 957 { 958 VncState *vs = opaque; 959 960 switch (cmd) { 961 case AUD_CNOTIFY_DISABLE: 962 vnc_lock_output(vs); 963 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 964 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 965 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 966 vnc_unlock_output(vs); 967 vnc_flush(vs); 968 break; 969 970 case AUD_CNOTIFY_ENABLE: 971 vnc_lock_output(vs); 972 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 973 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 974 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 975 vnc_unlock_output(vs); 976 vnc_flush(vs); 977 break; 978 } 979 } 980 981 static void audio_capture_destroy(void *opaque) 982 { 983 } 984 985 static void audio_capture(void *opaque, void *buf, int size) 986 { 987 VncState *vs = opaque; 988 989 vnc_lock_output(vs); 990 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 991 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 992 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 993 vnc_write_u32(vs, size); 994 vnc_write(vs, buf, size); 995 vnc_unlock_output(vs); 996 vnc_flush(vs); 997 } 998 999 static void audio_add(VncState *vs) 1000 { 1001 struct audio_capture_ops ops; 1002 1003 if (vs->audio_cap) { 1004 monitor_printf(default_mon, "audio already running\n"); 1005 return; 1006 } 1007 1008 ops.notify = audio_capture_notify; 1009 ops.destroy = audio_capture_destroy; 1010 ops.capture = audio_capture; 1011 1012 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1013 if (!vs->audio_cap) { 1014 monitor_printf(default_mon, "Failed to add audio capture\n"); 1015 } 1016 } 1017 1018 static void audio_del(VncState *vs) 1019 { 1020 if (vs->audio_cap) { 1021 AUD_del_capture(vs->audio_cap, vs); 1022 vs->audio_cap = NULL; 1023 } 1024 } 1025 1026 static void vnc_disconnect_start(VncState *vs) 1027 { 1028 if (vs->csock == -1) 1029 return; 1030 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1031 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1032 closesocket(vs->csock); 1033 vs->csock = -1; 1034 } 1035 1036 void vnc_disconnect_finish(VncState *vs) 1037 { 1038 int i; 1039 1040 vnc_jobs_join(vs); /* Wait encoding jobs */ 1041 1042 vnc_lock_output(vs); 1043 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1044 1045 buffer_free(&vs->input); 1046 buffer_free(&vs->output); 1047 #ifdef CONFIG_VNC_WS 1048 buffer_free(&vs->ws_input); 1049 buffer_free(&vs->ws_output); 1050 #endif /* CONFIG_VNC_WS */ 1051 1052 qobject_decref(vs->info); 1053 1054 vnc_zlib_clear(vs); 1055 vnc_tight_clear(vs); 1056 vnc_zrle_clear(vs); 1057 1058 #ifdef CONFIG_VNC_TLS 1059 vnc_tls_client_cleanup(vs); 1060 #endif /* CONFIG_VNC_TLS */ 1061 #ifdef CONFIG_VNC_SASL 1062 vnc_sasl_client_cleanup(vs); 1063 #endif /* CONFIG_VNC_SASL */ 1064 audio_del(vs); 1065 vnc_release_modifiers(vs); 1066 1067 if (vs->initialized) { 1068 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1069 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1070 } 1071 1072 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1073 vs->vd->dcl.idle = 1; 1074 } 1075 1076 vnc_remove_timer(vs->vd); 1077 if (vs->vd->lock_key_sync) 1078 qemu_remove_led_event_handler(vs->led); 1079 vnc_unlock_output(vs); 1080 1081 qemu_mutex_destroy(&vs->output_mutex); 1082 if (vs->bh != NULL) { 1083 qemu_bh_delete(vs->bh); 1084 } 1085 buffer_free(&vs->jobs_buffer); 1086 1087 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1088 g_free(vs->lossy_rect[i]); 1089 } 1090 g_free(vs->lossy_rect); 1091 g_free(vs); 1092 } 1093 1094 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1095 { 1096 if (ret == 0 || ret == -1) { 1097 if (ret == -1) { 1098 switch (last_errno) { 1099 case EINTR: 1100 case EAGAIN: 1101 #ifdef _WIN32 1102 case WSAEWOULDBLOCK: 1103 #endif 1104 return 0; 1105 default: 1106 break; 1107 } 1108 } 1109 1110 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1111 ret, ret < 0 ? last_errno : 0); 1112 vnc_disconnect_start(vs); 1113 1114 return 0; 1115 } 1116 return ret; 1117 } 1118 1119 1120 void vnc_client_error(VncState *vs) 1121 { 1122 VNC_DEBUG("Closing down client sock: protocol error\n"); 1123 vnc_disconnect_start(vs); 1124 } 1125 1126 1127 /* 1128 * Called to write a chunk of data to the client socket. The data may 1129 * be the raw data, or may have already been encoded by SASL. 1130 * The data will be written either straight onto the socket, or 1131 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1132 * 1133 * NB, it is theoretically possible to have 2 layers of encryption, 1134 * both SASL, and this TLS layer. It is highly unlikely in practice 1135 * though, since SASL encryption will typically be a no-op if TLS 1136 * is active 1137 * 1138 * Returns the number of bytes written, which may be less than 1139 * the requested 'datalen' if the socket would block. Returns 1140 * -1 on error, and disconnects the client socket. 1141 */ 1142 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1143 { 1144 long ret; 1145 #ifdef CONFIG_VNC_TLS 1146 if (vs->tls.session) { 1147 ret = gnutls_write(vs->tls.session, data, datalen); 1148 if (ret < 0) { 1149 if (ret == GNUTLS_E_AGAIN) 1150 errno = EAGAIN; 1151 else 1152 errno = EIO; 1153 ret = -1; 1154 } 1155 } else 1156 #endif /* CONFIG_VNC_TLS */ 1157 ret = send(vs->csock, (const void *)data, datalen, 0); 1158 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1159 return vnc_client_io_error(vs, ret, socket_error()); 1160 } 1161 1162 1163 /* 1164 * Called to write buffered data to the client socket, when not 1165 * using any SASL SSF encryption layers. Will write as much data 1166 * as possible without blocking. If all buffered data is written, 1167 * will switch the FD poll() handler back to read monitoring. 1168 * 1169 * Returns the number of bytes written, which may be less than 1170 * the buffered output data if the socket would block. Returns 1171 * -1 on error, and disconnects the client socket. 1172 */ 1173 static long vnc_client_write_plain(VncState *vs) 1174 { 1175 long ret; 1176 1177 #ifdef CONFIG_VNC_SASL 1178 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1179 vs->output.buffer, vs->output.capacity, vs->output.offset, 1180 vs->sasl.waitWriteSSF); 1181 1182 if (vs->sasl.conn && 1183 vs->sasl.runSSF && 1184 vs->sasl.waitWriteSSF) { 1185 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1186 if (ret) 1187 vs->sasl.waitWriteSSF -= ret; 1188 } else 1189 #endif /* CONFIG_VNC_SASL */ 1190 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1191 if (!ret) 1192 return 0; 1193 1194 buffer_advance(&vs->output, ret); 1195 1196 if (vs->output.offset == 0) { 1197 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1198 } 1199 1200 return ret; 1201 } 1202 1203 1204 /* 1205 * First function called whenever there is data to be written to 1206 * the client socket. Will delegate actual work according to whether 1207 * SASL SSF layers are enabled (thus requiring encryption calls) 1208 */ 1209 static void vnc_client_write_locked(void *opaque) 1210 { 1211 VncState *vs = opaque; 1212 1213 #ifdef CONFIG_VNC_SASL 1214 if (vs->sasl.conn && 1215 vs->sasl.runSSF && 1216 !vs->sasl.waitWriteSSF) { 1217 vnc_client_write_sasl(vs); 1218 } else 1219 #endif /* CONFIG_VNC_SASL */ 1220 { 1221 #ifdef CONFIG_VNC_WS 1222 if (vs->encode_ws) { 1223 vnc_client_write_ws(vs); 1224 } else 1225 #endif /* CONFIG_VNC_WS */ 1226 { 1227 vnc_client_write_plain(vs); 1228 } 1229 } 1230 } 1231 1232 void vnc_client_write(void *opaque) 1233 { 1234 VncState *vs = opaque; 1235 1236 vnc_lock_output(vs); 1237 if (vs->output.offset 1238 #ifdef CONFIG_VNC_WS 1239 || vs->ws_output.offset 1240 #endif 1241 ) { 1242 vnc_client_write_locked(opaque); 1243 } else if (vs->csock != -1) { 1244 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1245 } 1246 vnc_unlock_output(vs); 1247 } 1248 1249 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1250 { 1251 vs->read_handler = func; 1252 vs->read_handler_expect = expecting; 1253 } 1254 1255 1256 /* 1257 * Called to read a chunk of data from the client socket. The data may 1258 * be the raw data, or may need to be further decoded by SASL. 1259 * The data will be read either straight from to the socket, or 1260 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1261 * 1262 * NB, it is theoretically possible to have 2 layers of encryption, 1263 * both SASL, and this TLS layer. It is highly unlikely in practice 1264 * though, since SASL encryption will typically be a no-op if TLS 1265 * is active 1266 * 1267 * Returns the number of bytes read, which may be less than 1268 * the requested 'datalen' if the socket would block. Returns 1269 * -1 on error, and disconnects the client socket. 1270 */ 1271 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1272 { 1273 long ret; 1274 #ifdef CONFIG_VNC_TLS 1275 if (vs->tls.session) { 1276 ret = gnutls_read(vs->tls.session, data, datalen); 1277 if (ret < 0) { 1278 if (ret == GNUTLS_E_AGAIN) 1279 errno = EAGAIN; 1280 else 1281 errno = EIO; 1282 ret = -1; 1283 } 1284 } else 1285 #endif /* CONFIG_VNC_TLS */ 1286 ret = qemu_recv(vs->csock, data, datalen, 0); 1287 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1288 return vnc_client_io_error(vs, ret, socket_error()); 1289 } 1290 1291 1292 /* 1293 * Called to read data from the client socket to the input buffer, 1294 * when not using any SASL SSF encryption layers. Will read as much 1295 * data as possible without blocking. 1296 * 1297 * Returns the number of bytes read. Returns -1 on error, and 1298 * disconnects the client socket. 1299 */ 1300 static long vnc_client_read_plain(VncState *vs) 1301 { 1302 int ret; 1303 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1304 vs->input.buffer, vs->input.capacity, vs->input.offset); 1305 buffer_reserve(&vs->input, 4096); 1306 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1307 if (!ret) 1308 return 0; 1309 vs->input.offset += ret; 1310 return ret; 1311 } 1312 1313 static void vnc_jobs_bh(void *opaque) 1314 { 1315 VncState *vs = opaque; 1316 1317 vnc_jobs_consume_buffer(vs); 1318 } 1319 1320 /* 1321 * First function called whenever there is more data to be read from 1322 * the client socket. Will delegate actual work according to whether 1323 * SASL SSF layers are enabled (thus requiring decryption calls) 1324 */ 1325 void vnc_client_read(void *opaque) 1326 { 1327 VncState *vs = opaque; 1328 long ret; 1329 1330 #ifdef CONFIG_VNC_SASL 1331 if (vs->sasl.conn && vs->sasl.runSSF) 1332 ret = vnc_client_read_sasl(vs); 1333 else 1334 #endif /* CONFIG_VNC_SASL */ 1335 #ifdef CONFIG_VNC_WS 1336 if (vs->encode_ws) { 1337 ret = vnc_client_read_ws(vs); 1338 if (ret == -1) { 1339 vnc_disconnect_start(vs); 1340 return; 1341 } else if (ret == -2) { 1342 vnc_client_error(vs); 1343 return; 1344 } 1345 } else 1346 #endif /* CONFIG_VNC_WS */ 1347 { 1348 ret = vnc_client_read_plain(vs); 1349 } 1350 if (!ret) { 1351 if (vs->csock == -1) 1352 vnc_disconnect_finish(vs); 1353 return; 1354 } 1355 1356 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1357 size_t len = vs->read_handler_expect; 1358 int ret; 1359 1360 ret = vs->read_handler(vs, vs->input.buffer, len); 1361 if (vs->csock == -1) { 1362 vnc_disconnect_finish(vs); 1363 return; 1364 } 1365 1366 if (!ret) { 1367 buffer_advance(&vs->input, len); 1368 } else { 1369 vs->read_handler_expect = ret; 1370 } 1371 } 1372 } 1373 1374 void vnc_write(VncState *vs, const void *data, size_t len) 1375 { 1376 buffer_reserve(&vs->output, len); 1377 1378 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1379 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1380 } 1381 1382 buffer_append(&vs->output, data, len); 1383 } 1384 1385 void vnc_write_s32(VncState *vs, int32_t value) 1386 { 1387 vnc_write_u32(vs, *(uint32_t *)&value); 1388 } 1389 1390 void vnc_write_u32(VncState *vs, uint32_t value) 1391 { 1392 uint8_t buf[4]; 1393 1394 buf[0] = (value >> 24) & 0xFF; 1395 buf[1] = (value >> 16) & 0xFF; 1396 buf[2] = (value >> 8) & 0xFF; 1397 buf[3] = value & 0xFF; 1398 1399 vnc_write(vs, buf, 4); 1400 } 1401 1402 void vnc_write_u16(VncState *vs, uint16_t value) 1403 { 1404 uint8_t buf[2]; 1405 1406 buf[0] = (value >> 8) & 0xFF; 1407 buf[1] = value & 0xFF; 1408 1409 vnc_write(vs, buf, 2); 1410 } 1411 1412 void vnc_write_u8(VncState *vs, uint8_t value) 1413 { 1414 vnc_write(vs, (char *)&value, 1); 1415 } 1416 1417 void vnc_flush(VncState *vs) 1418 { 1419 vnc_lock_output(vs); 1420 if (vs->csock != -1 && (vs->output.offset 1421 #ifdef CONFIG_VNC_WS 1422 || vs->ws_output.offset 1423 #endif 1424 )) { 1425 vnc_client_write_locked(vs); 1426 } 1427 vnc_unlock_output(vs); 1428 } 1429 1430 static uint8_t read_u8(uint8_t *data, size_t offset) 1431 { 1432 return data[offset]; 1433 } 1434 1435 static uint16_t read_u16(uint8_t *data, size_t offset) 1436 { 1437 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1438 } 1439 1440 static int32_t read_s32(uint8_t *data, size_t offset) 1441 { 1442 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1443 (data[offset + 2] << 8) | data[offset + 3]); 1444 } 1445 1446 uint32_t read_u32(uint8_t *data, size_t offset) 1447 { 1448 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1449 (data[offset + 2] << 8) | data[offset + 3]); 1450 } 1451 1452 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1453 { 1454 } 1455 1456 static void check_pointer_type_change(Notifier *notifier, void *data) 1457 { 1458 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1459 int absolute = kbd_mouse_is_absolute(); 1460 1461 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1462 vnc_lock_output(vs); 1463 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1464 vnc_write_u8(vs, 0); 1465 vnc_write_u16(vs, 1); 1466 vnc_framebuffer_update(vs, absolute, 0, 1467 surface_width(vs->vd->ds), 1468 surface_height(vs->vd->ds), 1469 VNC_ENCODING_POINTER_TYPE_CHANGE); 1470 vnc_unlock_output(vs); 1471 vnc_flush(vs); 1472 } 1473 vs->absolute = absolute; 1474 } 1475 1476 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1477 { 1478 int buttons = 0; 1479 int dz = 0; 1480 int width = surface_width(vs->vd->ds); 1481 int height = surface_height(vs->vd->ds); 1482 1483 if (button_mask & 0x01) 1484 buttons |= MOUSE_EVENT_LBUTTON; 1485 if (button_mask & 0x02) 1486 buttons |= MOUSE_EVENT_MBUTTON; 1487 if (button_mask & 0x04) 1488 buttons |= MOUSE_EVENT_RBUTTON; 1489 if (button_mask & 0x08) 1490 dz = -1; 1491 if (button_mask & 0x10) 1492 dz = 1; 1493 1494 if (vs->absolute) { 1495 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000, 1496 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000, 1497 dz, buttons); 1498 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1499 x -= 0x7FFF; 1500 y -= 0x7FFF; 1501 1502 kbd_mouse_event(x, y, dz, buttons); 1503 } else { 1504 if (vs->last_x != -1) 1505 kbd_mouse_event(x - vs->last_x, 1506 y - vs->last_y, 1507 dz, buttons); 1508 vs->last_x = x; 1509 vs->last_y = y; 1510 } 1511 } 1512 1513 static void reset_keys(VncState *vs) 1514 { 1515 int i; 1516 for(i = 0; i < 256; i++) { 1517 if (vs->modifiers_state[i]) { 1518 if (i & SCANCODE_GREY) 1519 kbd_put_keycode(SCANCODE_EMUL0); 1520 kbd_put_keycode(i | SCANCODE_UP); 1521 vs->modifiers_state[i] = 0; 1522 } 1523 } 1524 } 1525 1526 static void press_key(VncState *vs, int keysym) 1527 { 1528 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1529 if (keycode & SCANCODE_GREY) 1530 kbd_put_keycode(SCANCODE_EMUL0); 1531 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1532 if (keycode & SCANCODE_GREY) 1533 kbd_put_keycode(SCANCODE_EMUL0); 1534 kbd_put_keycode(keycode | SCANCODE_UP); 1535 } 1536 1537 static void kbd_leds(void *opaque, int ledstate) 1538 { 1539 VncState *vs = opaque; 1540 int caps, num; 1541 1542 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1543 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1544 1545 if (vs->modifiers_state[0x3a] != caps) { 1546 vs->modifiers_state[0x3a] = caps; 1547 } 1548 if (vs->modifiers_state[0x45] != num) { 1549 vs->modifiers_state[0x45] = num; 1550 } 1551 } 1552 1553 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1554 { 1555 /* QEMU console switch */ 1556 switch(keycode) { 1557 case 0x2a: /* Left Shift */ 1558 case 0x36: /* Right Shift */ 1559 case 0x1d: /* Left CTRL */ 1560 case 0x9d: /* Right CTRL */ 1561 case 0x38: /* Left ALT */ 1562 case 0xb8: /* Right ALT */ 1563 if (down) 1564 vs->modifiers_state[keycode] = 1; 1565 else 1566 vs->modifiers_state[keycode] = 0; 1567 break; 1568 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1569 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1570 /* Reset the modifiers sent to the current console */ 1571 reset_keys(vs); 1572 console_select(keycode - 0x02); 1573 return; 1574 } 1575 break; 1576 case 0x3a: /* CapsLock */ 1577 case 0x45: /* NumLock */ 1578 if (down) 1579 vs->modifiers_state[keycode] ^= 1; 1580 break; 1581 } 1582 1583 if (down && vs->vd->lock_key_sync && 1584 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1585 /* If the numlock state needs to change then simulate an additional 1586 keypress before sending this one. This will happen if the user 1587 toggles numlock away from the VNC window. 1588 */ 1589 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1590 if (!vs->modifiers_state[0x45]) { 1591 vs->modifiers_state[0x45] = 1; 1592 press_key(vs, 0xff7f); 1593 } 1594 } else { 1595 if (vs->modifiers_state[0x45]) { 1596 vs->modifiers_state[0x45] = 0; 1597 press_key(vs, 0xff7f); 1598 } 1599 } 1600 } 1601 1602 if (down && vs->vd->lock_key_sync && 1603 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1604 /* If the capslock state needs to change then simulate an additional 1605 keypress before sending this one. This will happen if the user 1606 toggles capslock away from the VNC window. 1607 */ 1608 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1609 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1610 int capslock = !!(vs->modifiers_state[0x3a]); 1611 if (capslock) { 1612 if (uppercase == shift) { 1613 vs->modifiers_state[0x3a] = 0; 1614 press_key(vs, 0xffe5); 1615 } 1616 } else { 1617 if (uppercase != shift) { 1618 vs->modifiers_state[0x3a] = 1; 1619 press_key(vs, 0xffe5); 1620 } 1621 } 1622 } 1623 1624 if (is_graphic_console()) { 1625 if (keycode & SCANCODE_GREY) 1626 kbd_put_keycode(SCANCODE_EMUL0); 1627 if (down) 1628 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1629 else 1630 kbd_put_keycode(keycode | SCANCODE_UP); 1631 } else { 1632 bool numlock = vs->modifiers_state[0x45]; 1633 bool control = (vs->modifiers_state[0x1d] || 1634 vs->modifiers_state[0x9d]); 1635 /* QEMU console emulation */ 1636 if (down) { 1637 switch (keycode) { 1638 case 0x2a: /* Left Shift */ 1639 case 0x36: /* Right Shift */ 1640 case 0x1d: /* Left CTRL */ 1641 case 0x9d: /* Right CTRL */ 1642 case 0x38: /* Left ALT */ 1643 case 0xb8: /* Right ALT */ 1644 break; 1645 case 0xc8: 1646 kbd_put_keysym(QEMU_KEY_UP); 1647 break; 1648 case 0xd0: 1649 kbd_put_keysym(QEMU_KEY_DOWN); 1650 break; 1651 case 0xcb: 1652 kbd_put_keysym(QEMU_KEY_LEFT); 1653 break; 1654 case 0xcd: 1655 kbd_put_keysym(QEMU_KEY_RIGHT); 1656 break; 1657 case 0xd3: 1658 kbd_put_keysym(QEMU_KEY_DELETE); 1659 break; 1660 case 0xc7: 1661 kbd_put_keysym(QEMU_KEY_HOME); 1662 break; 1663 case 0xcf: 1664 kbd_put_keysym(QEMU_KEY_END); 1665 break; 1666 case 0xc9: 1667 kbd_put_keysym(QEMU_KEY_PAGEUP); 1668 break; 1669 case 0xd1: 1670 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1671 break; 1672 1673 case 0x47: 1674 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1675 break; 1676 case 0x48: 1677 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1678 break; 1679 case 0x49: 1680 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1681 break; 1682 case 0x4b: 1683 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1684 break; 1685 case 0x4c: 1686 kbd_put_keysym('5'); 1687 break; 1688 case 0x4d: 1689 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1690 break; 1691 case 0x4f: 1692 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1693 break; 1694 case 0x50: 1695 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1696 break; 1697 case 0x51: 1698 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1699 break; 1700 case 0x52: 1701 kbd_put_keysym('0'); 1702 break; 1703 case 0x53: 1704 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1705 break; 1706 1707 case 0xb5: 1708 kbd_put_keysym('/'); 1709 break; 1710 case 0x37: 1711 kbd_put_keysym('*'); 1712 break; 1713 case 0x4a: 1714 kbd_put_keysym('-'); 1715 break; 1716 case 0x4e: 1717 kbd_put_keysym('+'); 1718 break; 1719 case 0x9c: 1720 kbd_put_keysym('\n'); 1721 break; 1722 1723 default: 1724 if (control) { 1725 kbd_put_keysym(sym & 0x1f); 1726 } else { 1727 kbd_put_keysym(sym); 1728 } 1729 break; 1730 } 1731 } 1732 } 1733 } 1734 1735 static void vnc_release_modifiers(VncState *vs) 1736 { 1737 static const int keycodes[] = { 1738 /* shift, control, alt keys, both left & right */ 1739 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1740 }; 1741 int i, keycode; 1742 1743 if (!is_graphic_console()) { 1744 return; 1745 } 1746 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1747 keycode = keycodes[i]; 1748 if (!vs->modifiers_state[keycode]) { 1749 continue; 1750 } 1751 if (keycode & SCANCODE_GREY) { 1752 kbd_put_keycode(SCANCODE_EMUL0); 1753 } 1754 kbd_put_keycode(keycode | SCANCODE_UP); 1755 } 1756 } 1757 1758 static void key_event(VncState *vs, int down, uint32_t sym) 1759 { 1760 int keycode; 1761 int lsym = sym; 1762 1763 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) { 1764 lsym = lsym - 'A' + 'a'; 1765 } 1766 1767 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1768 do_key_event(vs, down, keycode, sym); 1769 } 1770 1771 static void ext_key_event(VncState *vs, int down, 1772 uint32_t sym, uint16_t keycode) 1773 { 1774 /* if the user specifies a keyboard layout, always use it */ 1775 if (keyboard_layout) 1776 key_event(vs, down, sym); 1777 else 1778 do_key_event(vs, down, keycode, sym); 1779 } 1780 1781 static void framebuffer_update_request(VncState *vs, int incremental, 1782 int x_position, int y_position, 1783 int w, int h) 1784 { 1785 int i; 1786 const size_t width = surface_width(vs->vd->ds) / 16; 1787 const size_t height = surface_height(vs->vd->ds); 1788 1789 if (y_position > height) { 1790 y_position = height; 1791 } 1792 if (y_position + h >= height) { 1793 h = height - y_position; 1794 } 1795 1796 vs->need_update = 1; 1797 if (!incremental) { 1798 vs->force_update = 1; 1799 for (i = 0; i < h; i++) { 1800 bitmap_set(vs->dirty[y_position + i], 0, width); 1801 bitmap_clear(vs->dirty[y_position + i], width, 1802 VNC_DIRTY_BITS - width); 1803 } 1804 } 1805 } 1806 1807 static void send_ext_key_event_ack(VncState *vs) 1808 { 1809 vnc_lock_output(vs); 1810 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1811 vnc_write_u8(vs, 0); 1812 vnc_write_u16(vs, 1); 1813 vnc_framebuffer_update(vs, 0, 0, 1814 surface_width(vs->vd->ds), 1815 surface_height(vs->vd->ds), 1816 VNC_ENCODING_EXT_KEY_EVENT); 1817 vnc_unlock_output(vs); 1818 vnc_flush(vs); 1819 } 1820 1821 static void send_ext_audio_ack(VncState *vs) 1822 { 1823 vnc_lock_output(vs); 1824 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1825 vnc_write_u8(vs, 0); 1826 vnc_write_u16(vs, 1); 1827 vnc_framebuffer_update(vs, 0, 0, 1828 surface_width(vs->vd->ds), 1829 surface_height(vs->vd->ds), 1830 VNC_ENCODING_AUDIO); 1831 vnc_unlock_output(vs); 1832 vnc_flush(vs); 1833 } 1834 1835 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1836 { 1837 int i; 1838 unsigned int enc = 0; 1839 1840 vs->features = 0; 1841 vs->vnc_encoding = 0; 1842 vs->tight.compression = 9; 1843 vs->tight.quality = -1; /* Lossless by default */ 1844 vs->absolute = -1; 1845 1846 /* 1847 * Start from the end because the encodings are sent in order of preference. 1848 * This way the preferred encoding (first encoding defined in the array) 1849 * will be set at the end of the loop. 1850 */ 1851 for (i = n_encodings - 1; i >= 0; i--) { 1852 enc = encodings[i]; 1853 switch (enc) { 1854 case VNC_ENCODING_RAW: 1855 vs->vnc_encoding = enc; 1856 break; 1857 case VNC_ENCODING_COPYRECT: 1858 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1859 break; 1860 case VNC_ENCODING_HEXTILE: 1861 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1862 vs->vnc_encoding = enc; 1863 break; 1864 case VNC_ENCODING_TIGHT: 1865 vs->features |= VNC_FEATURE_TIGHT_MASK; 1866 vs->vnc_encoding = enc; 1867 break; 1868 #ifdef CONFIG_VNC_PNG 1869 case VNC_ENCODING_TIGHT_PNG: 1870 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1871 vs->vnc_encoding = enc; 1872 break; 1873 #endif 1874 case VNC_ENCODING_ZLIB: 1875 vs->features |= VNC_FEATURE_ZLIB_MASK; 1876 vs->vnc_encoding = enc; 1877 break; 1878 case VNC_ENCODING_ZRLE: 1879 vs->features |= VNC_FEATURE_ZRLE_MASK; 1880 vs->vnc_encoding = enc; 1881 break; 1882 case VNC_ENCODING_ZYWRLE: 1883 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1884 vs->vnc_encoding = enc; 1885 break; 1886 case VNC_ENCODING_DESKTOPRESIZE: 1887 vs->features |= VNC_FEATURE_RESIZE_MASK; 1888 break; 1889 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1890 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1891 break; 1892 case VNC_ENCODING_RICH_CURSOR: 1893 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1894 break; 1895 case VNC_ENCODING_EXT_KEY_EVENT: 1896 send_ext_key_event_ack(vs); 1897 break; 1898 case VNC_ENCODING_AUDIO: 1899 send_ext_audio_ack(vs); 1900 break; 1901 case VNC_ENCODING_WMVi: 1902 vs->features |= VNC_FEATURE_WMVI_MASK; 1903 break; 1904 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1905 vs->tight.compression = (enc & 0x0F); 1906 break; 1907 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1908 if (vs->vd->lossy) { 1909 vs->tight.quality = (enc & 0x0F); 1910 } 1911 break; 1912 default: 1913 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1914 break; 1915 } 1916 } 1917 vnc_desktop_resize(vs); 1918 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1919 } 1920 1921 static void set_pixel_conversion(VncState *vs) 1922 { 1923 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 1924 1925 if (fmt == VNC_SERVER_FB_FORMAT) { 1926 vs->write_pixels = vnc_write_pixels_copy; 1927 vnc_hextile_set_pixel_conversion(vs, 0); 1928 } else { 1929 vs->write_pixels = vnc_write_pixels_generic; 1930 vnc_hextile_set_pixel_conversion(vs, 1); 1931 } 1932 } 1933 1934 static void set_pixel_format(VncState *vs, 1935 int bits_per_pixel, int depth, 1936 int big_endian_flag, int true_color_flag, 1937 int red_max, int green_max, int blue_max, 1938 int red_shift, int green_shift, int blue_shift) 1939 { 1940 if (!true_color_flag) { 1941 vnc_client_error(vs); 1942 return; 1943 } 1944 1945 vs->client_pf.rmax = red_max; 1946 vs->client_pf.rbits = hweight_long(red_max); 1947 vs->client_pf.rshift = red_shift; 1948 vs->client_pf.rmask = red_max << red_shift; 1949 vs->client_pf.gmax = green_max; 1950 vs->client_pf.gbits = hweight_long(green_max); 1951 vs->client_pf.gshift = green_shift; 1952 vs->client_pf.gmask = green_max << green_shift; 1953 vs->client_pf.bmax = blue_max; 1954 vs->client_pf.bbits = hweight_long(blue_max); 1955 vs->client_pf.bshift = blue_shift; 1956 vs->client_pf.bmask = blue_max << blue_shift; 1957 vs->client_pf.bits_per_pixel = bits_per_pixel; 1958 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 1959 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 1960 vs->client_be = big_endian_flag; 1961 1962 set_pixel_conversion(vs); 1963 1964 vga_hw_invalidate(); 1965 vga_hw_update(); 1966 } 1967 1968 static void pixel_format_message (VncState *vs) { 1969 char pad[3] = { 0, 0, 0 }; 1970 1971 vs->client_pf = qemu_default_pixelformat(32); 1972 1973 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 1974 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 1975 1976 #ifdef HOST_WORDS_BIGENDIAN 1977 vnc_write_u8(vs, 1); /* big-endian-flag */ 1978 #else 1979 vnc_write_u8(vs, 0); /* big-endian-flag */ 1980 #endif 1981 vnc_write_u8(vs, 1); /* true-color-flag */ 1982 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 1983 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 1984 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 1985 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 1986 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 1987 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 1988 vnc_write(vs, pad, 3); /* padding */ 1989 1990 vnc_hextile_set_pixel_conversion(vs, 0); 1991 vs->write_pixels = vnc_write_pixels_copy; 1992 } 1993 1994 static void vnc_colordepth(VncState *vs) 1995 { 1996 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 1997 /* Sending a WMVi message to notify the client*/ 1998 vnc_lock_output(vs); 1999 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2000 vnc_write_u8(vs, 0); 2001 vnc_write_u16(vs, 1); /* number of rects */ 2002 vnc_framebuffer_update(vs, 0, 0, 2003 surface_width(vs->vd->ds), 2004 surface_height(vs->vd->ds), 2005 VNC_ENCODING_WMVi); 2006 pixel_format_message(vs); 2007 vnc_unlock_output(vs); 2008 vnc_flush(vs); 2009 } else { 2010 set_pixel_conversion(vs); 2011 } 2012 } 2013 2014 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2015 { 2016 int i; 2017 uint16_t limit; 2018 VncDisplay *vd = vs->vd; 2019 2020 if (data[0] > 3) { 2021 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2022 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval)) 2023 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 2024 } 2025 2026 switch (data[0]) { 2027 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2028 if (len == 1) 2029 return 20; 2030 2031 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2032 read_u8(data, 6), read_u8(data, 7), 2033 read_u16(data, 8), read_u16(data, 10), 2034 read_u16(data, 12), read_u8(data, 14), 2035 read_u8(data, 15), read_u8(data, 16)); 2036 break; 2037 case VNC_MSG_CLIENT_SET_ENCODINGS: 2038 if (len == 1) 2039 return 4; 2040 2041 if (len == 4) { 2042 limit = read_u16(data, 2); 2043 if (limit > 0) 2044 return 4 + (limit * 4); 2045 } else 2046 limit = read_u16(data, 2); 2047 2048 for (i = 0; i < limit; i++) { 2049 int32_t val = read_s32(data, 4 + (i * 4)); 2050 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2051 } 2052 2053 set_encodings(vs, (int32_t *)(data + 4), limit); 2054 break; 2055 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2056 if (len == 1) 2057 return 10; 2058 2059 framebuffer_update_request(vs, 2060 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2061 read_u16(data, 6), read_u16(data, 8)); 2062 break; 2063 case VNC_MSG_CLIENT_KEY_EVENT: 2064 if (len == 1) 2065 return 8; 2066 2067 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2068 break; 2069 case VNC_MSG_CLIENT_POINTER_EVENT: 2070 if (len == 1) 2071 return 6; 2072 2073 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2074 break; 2075 case VNC_MSG_CLIENT_CUT_TEXT: 2076 if (len == 1) 2077 return 8; 2078 2079 if (len == 8) { 2080 uint32_t dlen = read_u32(data, 4); 2081 if (dlen > 0) 2082 return 8 + dlen; 2083 } 2084 2085 client_cut_text(vs, read_u32(data, 4), data + 8); 2086 break; 2087 case VNC_MSG_CLIENT_QEMU: 2088 if (len == 1) 2089 return 2; 2090 2091 switch (read_u8(data, 1)) { 2092 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2093 if (len == 2) 2094 return 12; 2095 2096 ext_key_event(vs, read_u16(data, 2), 2097 read_u32(data, 4), read_u32(data, 8)); 2098 break; 2099 case VNC_MSG_CLIENT_QEMU_AUDIO: 2100 if (len == 2) 2101 return 4; 2102 2103 switch (read_u16 (data, 2)) { 2104 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2105 audio_add(vs); 2106 break; 2107 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2108 audio_del(vs); 2109 break; 2110 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2111 if (len == 4) 2112 return 10; 2113 switch (read_u8(data, 4)) { 2114 case 0: vs->as.fmt = AUD_FMT_U8; break; 2115 case 1: vs->as.fmt = AUD_FMT_S8; break; 2116 case 2: vs->as.fmt = AUD_FMT_U16; break; 2117 case 3: vs->as.fmt = AUD_FMT_S16; break; 2118 case 4: vs->as.fmt = AUD_FMT_U32; break; 2119 case 5: vs->as.fmt = AUD_FMT_S32; break; 2120 default: 2121 printf("Invalid audio format %d\n", read_u8(data, 4)); 2122 vnc_client_error(vs); 2123 break; 2124 } 2125 vs->as.nchannels = read_u8(data, 5); 2126 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2127 printf("Invalid audio channel coount %d\n", 2128 read_u8(data, 5)); 2129 vnc_client_error(vs); 2130 break; 2131 } 2132 vs->as.freq = read_u32(data, 6); 2133 break; 2134 default: 2135 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2136 vnc_client_error(vs); 2137 break; 2138 } 2139 break; 2140 2141 default: 2142 printf("Msg: %d\n", read_u16(data, 0)); 2143 vnc_client_error(vs); 2144 break; 2145 } 2146 break; 2147 default: 2148 printf("Msg: %d\n", data[0]); 2149 vnc_client_error(vs); 2150 break; 2151 } 2152 2153 vnc_read_when(vs, protocol_client_msg, 1); 2154 return 0; 2155 } 2156 2157 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2158 { 2159 char buf[1024]; 2160 VncShareMode mode; 2161 int size; 2162 2163 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2164 switch (vs->vd->share_policy) { 2165 case VNC_SHARE_POLICY_IGNORE: 2166 /* 2167 * Ignore the shared flag. Nothing to do here. 2168 * 2169 * Doesn't conform to the rfb spec but is traditional qemu 2170 * behavior, thus left here as option for compatibility 2171 * reasons. 2172 */ 2173 break; 2174 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2175 /* 2176 * Policy: Allow clients ask for exclusive access. 2177 * 2178 * Implementation: When a client asks for exclusive access, 2179 * disconnect all others. Shared connects are allowed as long 2180 * as no exclusive connection exists. 2181 * 2182 * This is how the rfb spec suggests to handle the shared flag. 2183 */ 2184 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2185 VncState *client; 2186 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2187 if (vs == client) { 2188 continue; 2189 } 2190 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2191 client->share_mode != VNC_SHARE_MODE_SHARED) { 2192 continue; 2193 } 2194 vnc_disconnect_start(client); 2195 } 2196 } 2197 if (mode == VNC_SHARE_MODE_SHARED) { 2198 if (vs->vd->num_exclusive > 0) { 2199 vnc_disconnect_start(vs); 2200 return 0; 2201 } 2202 } 2203 break; 2204 case VNC_SHARE_POLICY_FORCE_SHARED: 2205 /* 2206 * Policy: Shared connects only. 2207 * Implementation: Disallow clients asking for exclusive access. 2208 * 2209 * Useful for shared desktop sessions where you don't want 2210 * someone forgetting to say -shared when running the vnc 2211 * client disconnect everybody else. 2212 */ 2213 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2214 vnc_disconnect_start(vs); 2215 return 0; 2216 } 2217 break; 2218 } 2219 vnc_set_share_mode(vs, mode); 2220 2221 vs->client_width = surface_width(vs->vd->ds); 2222 vs->client_height = surface_height(vs->vd->ds); 2223 vnc_write_u16(vs, vs->client_width); 2224 vnc_write_u16(vs, vs->client_height); 2225 2226 pixel_format_message(vs); 2227 2228 if (qemu_name) 2229 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2230 else 2231 size = snprintf(buf, sizeof(buf), "QEMU"); 2232 2233 vnc_write_u32(vs, size); 2234 vnc_write(vs, buf, size); 2235 vnc_flush(vs); 2236 2237 vnc_client_cache_auth(vs); 2238 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2239 2240 vnc_read_when(vs, protocol_client_msg, 1); 2241 2242 return 0; 2243 } 2244 2245 void start_client_init(VncState *vs) 2246 { 2247 vnc_read_when(vs, protocol_client_init, 1); 2248 } 2249 2250 static void make_challenge(VncState *vs) 2251 { 2252 int i; 2253 2254 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2255 2256 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2257 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2258 } 2259 2260 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2261 { 2262 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2263 int i, j, pwlen; 2264 unsigned char key[8]; 2265 time_t now = time(NULL); 2266 2267 if (!vs->vd->password) { 2268 VNC_DEBUG("No password configured on server"); 2269 goto reject; 2270 } 2271 if (vs->vd->expires < now) { 2272 VNC_DEBUG("Password is expired"); 2273 goto reject; 2274 } 2275 2276 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2277 2278 /* Calculate the expected challenge response */ 2279 pwlen = strlen(vs->vd->password); 2280 for (i=0; i<sizeof(key); i++) 2281 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2282 deskey(key, EN0); 2283 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2284 des(response+j, response+j); 2285 2286 /* Compare expected vs actual challenge response */ 2287 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2288 VNC_DEBUG("Client challenge response did not match\n"); 2289 goto reject; 2290 } else { 2291 VNC_DEBUG("Accepting VNC challenge response\n"); 2292 vnc_write_u32(vs, 0); /* Accept auth */ 2293 vnc_flush(vs); 2294 2295 start_client_init(vs); 2296 } 2297 return 0; 2298 2299 reject: 2300 vnc_write_u32(vs, 1); /* Reject auth */ 2301 if (vs->minor >= 8) { 2302 static const char err[] = "Authentication failed"; 2303 vnc_write_u32(vs, sizeof(err)); 2304 vnc_write(vs, err, sizeof(err)); 2305 } 2306 vnc_flush(vs); 2307 vnc_client_error(vs); 2308 return 0; 2309 } 2310 2311 void start_auth_vnc(VncState *vs) 2312 { 2313 make_challenge(vs); 2314 /* Send client a 'random' challenge */ 2315 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2316 vnc_flush(vs); 2317 2318 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2319 } 2320 2321 2322 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2323 { 2324 /* We only advertise 1 auth scheme at a time, so client 2325 * must pick the one we sent. Verify this */ 2326 if (data[0] != vs->auth) { /* Reject auth */ 2327 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2328 vnc_write_u32(vs, 1); 2329 if (vs->minor >= 8) { 2330 static const char err[] = "Authentication failed"; 2331 vnc_write_u32(vs, sizeof(err)); 2332 vnc_write(vs, err, sizeof(err)); 2333 } 2334 vnc_client_error(vs); 2335 } else { /* Accept requested auth */ 2336 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2337 switch (vs->auth) { 2338 case VNC_AUTH_NONE: 2339 VNC_DEBUG("Accept auth none\n"); 2340 if (vs->minor >= 8) { 2341 vnc_write_u32(vs, 0); /* Accept auth completion */ 2342 vnc_flush(vs); 2343 } 2344 start_client_init(vs); 2345 break; 2346 2347 case VNC_AUTH_VNC: 2348 VNC_DEBUG("Start VNC auth\n"); 2349 start_auth_vnc(vs); 2350 break; 2351 2352 #ifdef CONFIG_VNC_TLS 2353 case VNC_AUTH_VENCRYPT: 2354 VNC_DEBUG("Accept VeNCrypt auth\n"); 2355 start_auth_vencrypt(vs); 2356 break; 2357 #endif /* CONFIG_VNC_TLS */ 2358 2359 #ifdef CONFIG_VNC_SASL 2360 case VNC_AUTH_SASL: 2361 VNC_DEBUG("Accept SASL auth\n"); 2362 start_auth_sasl(vs); 2363 break; 2364 #endif /* CONFIG_VNC_SASL */ 2365 2366 default: /* Should not be possible, but just in case */ 2367 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2368 vnc_write_u8(vs, 1); 2369 if (vs->minor >= 8) { 2370 static const char err[] = "Authentication failed"; 2371 vnc_write_u32(vs, sizeof(err)); 2372 vnc_write(vs, err, sizeof(err)); 2373 } 2374 vnc_client_error(vs); 2375 } 2376 } 2377 return 0; 2378 } 2379 2380 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2381 { 2382 char local[13]; 2383 2384 memcpy(local, version, 12); 2385 local[12] = 0; 2386 2387 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2388 VNC_DEBUG("Malformed protocol version %s\n", local); 2389 vnc_client_error(vs); 2390 return 0; 2391 } 2392 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2393 if (vs->major != 3 || 2394 (vs->minor != 3 && 2395 vs->minor != 4 && 2396 vs->minor != 5 && 2397 vs->minor != 7 && 2398 vs->minor != 8)) { 2399 VNC_DEBUG("Unsupported client version\n"); 2400 vnc_write_u32(vs, VNC_AUTH_INVALID); 2401 vnc_flush(vs); 2402 vnc_client_error(vs); 2403 return 0; 2404 } 2405 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2406 * as equivalent to v3.3 by servers 2407 */ 2408 if (vs->minor == 4 || vs->minor == 5) 2409 vs->minor = 3; 2410 2411 if (vs->minor == 3) { 2412 if (vs->auth == VNC_AUTH_NONE) { 2413 VNC_DEBUG("Tell client auth none\n"); 2414 vnc_write_u32(vs, vs->auth); 2415 vnc_flush(vs); 2416 start_client_init(vs); 2417 } else if (vs->auth == VNC_AUTH_VNC) { 2418 VNC_DEBUG("Tell client VNC auth\n"); 2419 vnc_write_u32(vs, vs->auth); 2420 vnc_flush(vs); 2421 start_auth_vnc(vs); 2422 } else { 2423 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2424 vnc_write_u32(vs, VNC_AUTH_INVALID); 2425 vnc_flush(vs); 2426 vnc_client_error(vs); 2427 } 2428 } else { 2429 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2430 vnc_write_u8(vs, 1); /* num auth */ 2431 vnc_write_u8(vs, vs->auth); 2432 vnc_read_when(vs, protocol_client_auth, 1); 2433 vnc_flush(vs); 2434 } 2435 2436 return 0; 2437 } 2438 2439 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2440 { 2441 struct VncSurface *vs = &vd->guest; 2442 2443 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2444 } 2445 2446 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2447 { 2448 int i, j; 2449 2450 w = (x + w) / VNC_STAT_RECT; 2451 h = (y + h) / VNC_STAT_RECT; 2452 x /= VNC_STAT_RECT; 2453 y /= VNC_STAT_RECT; 2454 2455 for (j = y; j <= h; j++) { 2456 for (i = x; i <= w; i++) { 2457 vs->lossy_rect[j][i] = 1; 2458 } 2459 } 2460 } 2461 2462 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2463 { 2464 VncState *vs; 2465 int sty = y / VNC_STAT_RECT; 2466 int stx = x / VNC_STAT_RECT; 2467 int has_dirty = 0; 2468 2469 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2470 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2471 2472 QTAILQ_FOREACH(vs, &vd->clients, next) { 2473 int j; 2474 2475 /* kernel send buffers are full -> refresh later */ 2476 if (vs->output.offset) { 2477 continue; 2478 } 2479 2480 if (!vs->lossy_rect[sty][stx]) { 2481 continue; 2482 } 2483 2484 vs->lossy_rect[sty][stx] = 0; 2485 for (j = 0; j < VNC_STAT_RECT; ++j) { 2486 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16); 2487 } 2488 has_dirty++; 2489 } 2490 2491 return has_dirty; 2492 } 2493 2494 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2495 { 2496 int width = pixman_image_get_width(vd->guest.fb); 2497 int height = pixman_image_get_height(vd->guest.fb); 2498 int x, y; 2499 struct timeval res; 2500 int has_dirty = 0; 2501 2502 for (y = 0; y < height; y += VNC_STAT_RECT) { 2503 for (x = 0; x < width; x += VNC_STAT_RECT) { 2504 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2505 2506 rect->updated = false; 2507 } 2508 } 2509 2510 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2511 2512 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2513 return has_dirty; 2514 } 2515 vd->guest.last_freq_check = *tv; 2516 2517 for (y = 0; y < height; y += VNC_STAT_RECT) { 2518 for (x = 0; x < width; x += VNC_STAT_RECT) { 2519 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2520 int count = ARRAY_SIZE(rect->times); 2521 struct timeval min, max; 2522 2523 if (!timerisset(&rect->times[count - 1])) { 2524 continue ; 2525 } 2526 2527 max = rect->times[(rect->idx + count - 1) % count]; 2528 qemu_timersub(tv, &max, &res); 2529 2530 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2531 rect->freq = 0; 2532 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2533 memset(rect->times, 0, sizeof (rect->times)); 2534 continue ; 2535 } 2536 2537 min = rect->times[rect->idx]; 2538 max = rect->times[(rect->idx + count - 1) % count]; 2539 qemu_timersub(&max, &min, &res); 2540 2541 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2542 rect->freq /= count; 2543 rect->freq = 1. / rect->freq; 2544 } 2545 } 2546 return has_dirty; 2547 } 2548 2549 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2550 { 2551 int i, j; 2552 double total = 0; 2553 int num = 0; 2554 2555 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2556 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2557 2558 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2559 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2560 total += vnc_stat_rect(vs->vd, i, j)->freq; 2561 num++; 2562 } 2563 } 2564 2565 if (num) { 2566 return total / num; 2567 } else { 2568 return 0; 2569 } 2570 } 2571 2572 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2573 { 2574 VncRectStat *rect; 2575 2576 rect = vnc_stat_rect(vd, x, y); 2577 if (rect->updated) { 2578 return ; 2579 } 2580 rect->times[rect->idx] = *tv; 2581 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2582 rect->updated = true; 2583 } 2584 2585 static int vnc_refresh_server_surface(VncDisplay *vd) 2586 { 2587 int width = pixman_image_get_width(vd->guest.fb); 2588 int height = pixman_image_get_height(vd->guest.fb); 2589 int y; 2590 uint8_t *guest_row; 2591 uint8_t *server_row; 2592 int cmp_bytes; 2593 VncState *vs; 2594 int has_dirty = 0; 2595 pixman_image_t *tmpbuf = NULL; 2596 2597 struct timeval tv = { 0, 0 }; 2598 2599 if (!vd->non_adaptive) { 2600 gettimeofday(&tv, NULL); 2601 has_dirty = vnc_update_stats(vd, &tv); 2602 } 2603 2604 /* 2605 * Walk through the guest dirty map. 2606 * Check and copy modified bits from guest to server surface. 2607 * Update server dirty map. 2608 */ 2609 cmp_bytes = 64; 2610 if (cmp_bytes > vnc_server_fb_stride(vd)) { 2611 cmp_bytes = vnc_server_fb_stride(vd); 2612 } 2613 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2614 int width = pixman_image_get_width(vd->server); 2615 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2616 } 2617 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2618 server_row = (uint8_t *)pixman_image_get_data(vd->server); 2619 for (y = 0; y < height; y++) { 2620 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) { 2621 int x; 2622 uint8_t *guest_ptr; 2623 uint8_t *server_ptr; 2624 2625 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2626 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2627 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2628 } else { 2629 guest_ptr = guest_row; 2630 } 2631 server_ptr = server_row; 2632 2633 for (x = 0; x + 15 < width; 2634 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2635 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y])) 2636 continue; 2637 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2638 continue; 2639 memcpy(server_ptr, guest_ptr, cmp_bytes); 2640 if (!vd->non_adaptive) 2641 vnc_rect_updated(vd, x, y, &tv); 2642 QTAILQ_FOREACH(vs, &vd->clients, next) { 2643 set_bit((x / 16), vs->dirty[y]); 2644 } 2645 has_dirty++; 2646 } 2647 } 2648 guest_row += pixman_image_get_stride(vd->guest.fb); 2649 server_row += pixman_image_get_stride(vd->server); 2650 } 2651 qemu_pixman_image_unref(tmpbuf); 2652 return has_dirty; 2653 } 2654 2655 static void vnc_refresh(void *opaque) 2656 { 2657 VncDisplay *vd = opaque; 2658 VncState *vs, *vn; 2659 int has_dirty, rects = 0; 2660 2661 vga_hw_update(); 2662 2663 if (vnc_trylock_display(vd)) { 2664 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2665 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + 2666 vd->timer_interval); 2667 return; 2668 } 2669 2670 has_dirty = vnc_refresh_server_surface(vd); 2671 vnc_unlock_display(vd); 2672 2673 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2674 rects += vnc_update_client(vs, has_dirty); 2675 /* vs might be free()ed here */ 2676 } 2677 2678 /* vd->timer could be NULL now if the last client disconnected, 2679 * in this case don't update the timer */ 2680 if (vd->timer == NULL) 2681 return; 2682 2683 if (has_dirty && rects) { 2684 vd->timer_interval /= 2; 2685 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE) 2686 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2687 } else { 2688 vd->timer_interval += VNC_REFRESH_INTERVAL_INC; 2689 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX) 2690 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX; 2691 } 2692 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 2693 } 2694 2695 static void vnc_init_timer(VncDisplay *vd) 2696 { 2697 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2698 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) { 2699 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd); 2700 vga_hw_update(); 2701 vnc_refresh(vd); 2702 } 2703 } 2704 2705 static void vnc_remove_timer(VncDisplay *vd) 2706 { 2707 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) { 2708 qemu_del_timer(vd->timer); 2709 qemu_free_timer(vd->timer); 2710 vd->timer = NULL; 2711 } 2712 } 2713 2714 static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket) 2715 { 2716 VncState *vs = g_malloc0(sizeof(VncState)); 2717 int i; 2718 2719 vs->csock = csock; 2720 2721 if (skipauth) { 2722 vs->auth = VNC_AUTH_NONE; 2723 #ifdef CONFIG_VNC_TLS 2724 vs->subauth = VNC_AUTH_INVALID; 2725 #endif 2726 } else { 2727 vs->auth = vd->auth; 2728 #ifdef CONFIG_VNC_TLS 2729 vs->subauth = vd->subauth; 2730 #endif 2731 } 2732 2733 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2734 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2735 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2736 } 2737 2738 VNC_DEBUG("New client on socket %d\n", csock); 2739 vd->dcl.idle = 0; 2740 socket_set_nonblock(vs->csock); 2741 #ifdef CONFIG_VNC_WS 2742 if (websocket) { 2743 vs->websocket = 1; 2744 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs); 2745 } else 2746 #endif /* CONFIG_VNC_WS */ 2747 { 2748 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2749 } 2750 2751 vnc_client_cache_addr(vs); 2752 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2753 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2754 2755 vs->vd = vd; 2756 2757 #ifdef CONFIG_VNC_WS 2758 if (!vs->websocket) 2759 #endif 2760 { 2761 vnc_init_state(vs); 2762 } 2763 } 2764 2765 void vnc_init_state(VncState *vs) 2766 { 2767 vs->initialized = true; 2768 VncDisplay *vd = vs->vd; 2769 2770 vs->last_x = -1; 2771 vs->last_y = -1; 2772 2773 vs->as.freq = 44100; 2774 vs->as.nchannels = 2; 2775 vs->as.fmt = AUD_FMT_S16; 2776 vs->as.endianness = 0; 2777 2778 qemu_mutex_init(&vs->output_mutex); 2779 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2780 2781 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2782 2783 vga_hw_update(); 2784 2785 vnc_write(vs, "RFB 003.008\n", 12); 2786 vnc_flush(vs); 2787 vnc_read_when(vs, protocol_version, 12); 2788 reset_keys(vs); 2789 if (vs->vd->lock_key_sync) 2790 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2791 2792 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2793 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2794 2795 vnc_init_timer(vd); 2796 2797 /* vs might be free()ed here */ 2798 } 2799 2800 static void vnc_listen_read(void *opaque, bool websocket) 2801 { 2802 VncDisplay *vs = opaque; 2803 struct sockaddr_in addr; 2804 socklen_t addrlen = sizeof(addr); 2805 int csock; 2806 2807 /* Catch-up */ 2808 vga_hw_update(); 2809 #ifdef CONFIG_VNC_WS 2810 if (websocket) { 2811 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 2812 } else 2813 #endif /* CONFIG_VNC_WS */ 2814 { 2815 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2816 } 2817 2818 if (csock != -1) { 2819 vnc_connect(vs, csock, 0, websocket); 2820 } 2821 } 2822 2823 static void vnc_listen_regular_read(void *opaque) 2824 { 2825 vnc_listen_read(opaque, 0); 2826 } 2827 2828 #ifdef CONFIG_VNC_WS 2829 static void vnc_listen_websocket_read(void *opaque) 2830 { 2831 vnc_listen_read(opaque, 1); 2832 } 2833 #endif /* CONFIG_VNC_WS */ 2834 2835 static const DisplayChangeListenerOps dcl_ops = { 2836 .dpy_name = "vnc", 2837 .dpy_gfx_copy = vnc_dpy_copy, 2838 .dpy_gfx_update = vnc_dpy_update, 2839 .dpy_gfx_switch = vnc_dpy_switch, 2840 .dpy_mouse_set = vnc_mouse_set, 2841 .dpy_cursor_define = vnc_dpy_cursor_define, 2842 }; 2843 2844 void vnc_display_init(DisplayState *ds) 2845 { 2846 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2847 2848 vs->dcl.idle = 1; 2849 vnc_display = vs; 2850 2851 vs->lsock = -1; 2852 #ifdef CONFIG_VNC_WS 2853 vs->lwebsock = -1; 2854 #endif 2855 2856 QTAILQ_INIT(&vs->clients); 2857 vs->expires = TIME_MAX; 2858 2859 if (keyboard_layout) 2860 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2861 else 2862 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2863 2864 if (!vs->kbd_layout) 2865 exit(1); 2866 2867 qemu_mutex_init(&vs->mutex); 2868 vnc_start_worker_thread(); 2869 2870 vs->dcl.ops = &dcl_ops; 2871 register_displaychangelistener(ds, &vs->dcl); 2872 } 2873 2874 2875 static void vnc_display_close(DisplayState *ds) 2876 { 2877 VncDisplay *vs = vnc_display; 2878 2879 if (!vs) 2880 return; 2881 if (vs->display) { 2882 g_free(vs->display); 2883 vs->display = NULL; 2884 } 2885 if (vs->lsock != -1) { 2886 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2887 close(vs->lsock); 2888 vs->lsock = -1; 2889 } 2890 #ifdef CONFIG_VNC_WS 2891 g_free(vs->ws_display); 2892 vs->ws_display = NULL; 2893 if (vs->lwebsock != -1) { 2894 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL); 2895 close(vs->lwebsock); 2896 vs->lwebsock = -1; 2897 } 2898 #endif /* CONFIG_VNC_WS */ 2899 vs->auth = VNC_AUTH_INVALID; 2900 #ifdef CONFIG_VNC_TLS 2901 vs->subauth = VNC_AUTH_INVALID; 2902 vs->tls.x509verify = 0; 2903 #endif 2904 } 2905 2906 static int vnc_display_disable_login(DisplayState *ds) 2907 { 2908 VncDisplay *vs = vnc_display; 2909 2910 if (!vs) { 2911 return -1; 2912 } 2913 2914 if (vs->password) { 2915 g_free(vs->password); 2916 } 2917 2918 vs->password = NULL; 2919 if (vs->auth == VNC_AUTH_NONE) { 2920 vs->auth = VNC_AUTH_VNC; 2921 } 2922 2923 return 0; 2924 } 2925 2926 int vnc_display_password(DisplayState *ds, const char *password) 2927 { 2928 VncDisplay *vs = vnc_display; 2929 2930 if (!vs) { 2931 return -EINVAL; 2932 } 2933 2934 if (!password) { 2935 /* This is not the intention of this interface but err on the side 2936 of being safe */ 2937 return vnc_display_disable_login(ds); 2938 } 2939 2940 if (vs->password) { 2941 g_free(vs->password); 2942 vs->password = NULL; 2943 } 2944 vs->password = g_strdup(password); 2945 if (vs->auth == VNC_AUTH_NONE) { 2946 vs->auth = VNC_AUTH_VNC; 2947 } 2948 2949 return 0; 2950 } 2951 2952 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 2953 { 2954 VncDisplay *vs = vnc_display; 2955 2956 if (!vs) { 2957 return -EINVAL; 2958 } 2959 2960 vs->expires = expires; 2961 return 0; 2962 } 2963 2964 char *vnc_display_local_addr(DisplayState *ds) 2965 { 2966 VncDisplay *vs = vnc_display; 2967 2968 return vnc_socket_local_addr("%s:%s", vs->lsock); 2969 } 2970 2971 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 2972 { 2973 VncDisplay *vs = vnc_display; 2974 const char *options; 2975 int password = 0; 2976 int reverse = 0; 2977 #ifdef CONFIG_VNC_TLS 2978 int tls = 0, x509 = 0; 2979 #endif 2980 #ifdef CONFIG_VNC_SASL 2981 int sasl = 0; 2982 int saslErr; 2983 #endif 2984 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2985 int acl = 0; 2986 #endif 2987 int lock_key_sync = 1; 2988 2989 if (!vnc_display) { 2990 error_setg(errp, "VNC display not active"); 2991 return; 2992 } 2993 vnc_display_close(ds); 2994 if (strcmp(display, "none") == 0) 2995 return; 2996 2997 vs->display = g_strdup(display); 2998 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2999 3000 options = display; 3001 while ((options = strchr(options, ','))) { 3002 options++; 3003 if (strncmp(options, "password", 8) == 0) { 3004 if (fips_get_state()) { 3005 error_setg(errp, 3006 "VNC password auth disabled due to FIPS mode, " 3007 "consider using the VeNCrypt or SASL authentication " 3008 "methods as an alternative"); 3009 goto fail; 3010 } 3011 password = 1; /* Require password auth */ 3012 } else if (strncmp(options, "reverse", 7) == 0) { 3013 reverse = 1; 3014 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 3015 lock_key_sync = 0; 3016 #ifdef CONFIG_VNC_SASL 3017 } else if (strncmp(options, "sasl", 4) == 0) { 3018 sasl = 1; /* Require SASL auth */ 3019 #endif 3020 #ifdef CONFIG_VNC_WS 3021 } else if (strncmp(options, "websocket", 9) == 0) { 3022 char *start, *end; 3023 vs->websocket = 1; 3024 3025 /* Check for 'websocket=<port>' */ 3026 start = strchr(options, '='); 3027 end = strchr(options, ','); 3028 if (start && (!end || (start < end))) { 3029 int len = end ? end-(start+1) : strlen(start+1); 3030 if (len < 6) { 3031 /* extract the host specification from display */ 3032 char *host = NULL, *port = NULL, *host_end = NULL; 3033 port = g_strndup(start + 1, len); 3034 3035 /* ipv6 hosts have colons */ 3036 end = strchr(display, ','); 3037 host_end = g_strrstr_len(display, end - display, ":"); 3038 3039 if (host_end) { 3040 host = g_strndup(display, host_end - display + 1); 3041 } else { 3042 host = g_strndup(":", 1); 3043 } 3044 vs->ws_display = g_strconcat(host, port, NULL); 3045 g_free(host); 3046 g_free(port); 3047 } 3048 } 3049 #endif /* CONFIG_VNC_WS */ 3050 #ifdef CONFIG_VNC_TLS 3051 } else if (strncmp(options, "tls", 3) == 0) { 3052 tls = 1; /* Require TLS */ 3053 } else if (strncmp(options, "x509", 4) == 0) { 3054 char *start, *end; 3055 x509 = 1; /* Require x509 certificates */ 3056 if (strncmp(options, "x509verify", 10) == 0) 3057 vs->tls.x509verify = 1; /* ...and verify client certs */ 3058 3059 /* Now check for 'x509=/some/path' postfix 3060 * and use that to setup x509 certificate/key paths */ 3061 start = strchr(options, '='); 3062 end = strchr(options, ','); 3063 if (start && (!end || (start < end))) { 3064 int len = end ? end-(start+1) : strlen(start+1); 3065 char *path = g_strndup(start + 1, len); 3066 3067 VNC_DEBUG("Trying certificate path '%s'\n", path); 3068 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3069 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 3070 g_free(path); 3071 goto fail; 3072 } 3073 g_free(path); 3074 } else { 3075 error_setg(errp, "No certificate path provided"); 3076 goto fail; 3077 } 3078 #endif 3079 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3080 } else if (strncmp(options, "acl", 3) == 0) { 3081 acl = 1; 3082 #endif 3083 } else if (strncmp(options, "lossy", 5) == 0) { 3084 vs->lossy = true; 3085 } else if (strncmp(options, "non-adaptive", 12) == 0) { 3086 vs->non_adaptive = true; 3087 } else if (strncmp(options, "share=", 6) == 0) { 3088 if (strncmp(options+6, "ignore", 6) == 0) { 3089 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3090 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 3091 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3092 } else if (strncmp(options+6, "force-shared", 12) == 0) { 3093 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3094 } else { 3095 error_setg(errp, "unknown vnc share= option"); 3096 goto fail; 3097 } 3098 } 3099 } 3100 3101 #ifdef CONFIG_VNC_TLS 3102 if (acl && x509 && vs->tls.x509verify) { 3103 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 3104 fprintf(stderr, "Failed to create x509 dname ACL\n"); 3105 exit(1); 3106 } 3107 } 3108 #endif 3109 #ifdef CONFIG_VNC_SASL 3110 if (acl && sasl) { 3111 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 3112 fprintf(stderr, "Failed to create username ACL\n"); 3113 exit(1); 3114 } 3115 } 3116 #endif 3117 3118 /* 3119 * Combinations we support here: 3120 * 3121 * - no-auth (clear text, no auth) 3122 * - password (clear text, weak auth) 3123 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 3124 * - tls (encrypt, weak anonymous creds, no auth) 3125 * - tls + password (encrypt, weak anonymous creds, weak auth) 3126 * - tls + sasl (encrypt, weak anonymous creds, good auth) 3127 * - tls + x509 (encrypt, good x509 creds, no auth) 3128 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 3129 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 3130 * 3131 * NB1. TLS is a stackable auth scheme. 3132 * NB2. the x509 schemes have option to validate a client cert dname 3133 */ 3134 if (password) { 3135 #ifdef CONFIG_VNC_TLS 3136 if (tls) { 3137 vs->auth = VNC_AUTH_VENCRYPT; 3138 if (x509) { 3139 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3140 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3141 } else { 3142 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3143 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3144 } 3145 } else { 3146 #endif /* CONFIG_VNC_TLS */ 3147 VNC_DEBUG("Initializing VNC server with password auth\n"); 3148 vs->auth = VNC_AUTH_VNC; 3149 #ifdef CONFIG_VNC_TLS 3150 vs->subauth = VNC_AUTH_INVALID; 3151 } 3152 #endif /* CONFIG_VNC_TLS */ 3153 #ifdef CONFIG_VNC_SASL 3154 } else if (sasl) { 3155 #ifdef CONFIG_VNC_TLS 3156 if (tls) { 3157 vs->auth = VNC_AUTH_VENCRYPT; 3158 if (x509) { 3159 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3160 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3161 } else { 3162 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3163 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3164 } 3165 } else { 3166 #endif /* CONFIG_VNC_TLS */ 3167 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3168 vs->auth = VNC_AUTH_SASL; 3169 #ifdef CONFIG_VNC_TLS 3170 vs->subauth = VNC_AUTH_INVALID; 3171 } 3172 #endif /* CONFIG_VNC_TLS */ 3173 #endif /* CONFIG_VNC_SASL */ 3174 } else { 3175 #ifdef CONFIG_VNC_TLS 3176 if (tls) { 3177 vs->auth = VNC_AUTH_VENCRYPT; 3178 if (x509) { 3179 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3180 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3181 } else { 3182 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3183 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3184 } 3185 } else { 3186 #endif 3187 VNC_DEBUG("Initializing VNC server with no auth\n"); 3188 vs->auth = VNC_AUTH_NONE; 3189 #ifdef CONFIG_VNC_TLS 3190 vs->subauth = VNC_AUTH_INVALID; 3191 } 3192 #endif 3193 } 3194 3195 #ifdef CONFIG_VNC_SASL 3196 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3197 error_setg(errp, "Failed to initialize SASL auth: %s", 3198 sasl_errstring(saslErr, NULL, NULL)); 3199 goto fail; 3200 } 3201 #endif 3202 vs->lock_key_sync = lock_key_sync; 3203 3204 if (reverse) { 3205 /* connect to viewer */ 3206 int csock; 3207 vs->lsock = -1; 3208 #ifdef CONFIG_VNC_WS 3209 vs->lwebsock = -1; 3210 #endif 3211 if (strncmp(display, "unix:", 5) == 0) { 3212 csock = unix_connect(display+5, errp); 3213 } else { 3214 csock = inet_connect(display, errp); 3215 } 3216 if (csock < 0) { 3217 goto fail; 3218 } 3219 vnc_connect(vs, csock, 0, 0); 3220 } else { 3221 /* listen for connects */ 3222 char *dpy; 3223 dpy = g_malloc(256); 3224 if (strncmp(display, "unix:", 5) == 0) { 3225 pstrcpy(dpy, 256, "unix:"); 3226 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3227 } else { 3228 vs->lsock = inet_listen(display, dpy, 256, 3229 SOCK_STREAM, 5900, errp); 3230 if (vs->lsock < 0) { 3231 g_free(dpy); 3232 goto fail; 3233 } 3234 #ifdef CONFIG_VNC_WS 3235 if (vs->websocket) { 3236 if (vs->ws_display) { 3237 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256, 3238 SOCK_STREAM, 0, errp); 3239 } else { 3240 vs->lwebsock = inet_listen(vs->display, NULL, 256, 3241 SOCK_STREAM, 5700, errp); 3242 } 3243 3244 if (vs->lwebsock < 0) { 3245 if (vs->lsock) { 3246 close(vs->lsock); 3247 vs->lsock = -1; 3248 } 3249 g_free(dpy); 3250 goto fail; 3251 } 3252 } 3253 #endif /* CONFIG_VNC_WS */ 3254 } 3255 g_free(vs->display); 3256 vs->display = dpy; 3257 qemu_set_fd_handler2(vs->lsock, NULL, 3258 vnc_listen_regular_read, NULL, vs); 3259 #ifdef CONFIG_VNC_WS 3260 if (vs->websocket) { 3261 qemu_set_fd_handler2(vs->lwebsock, NULL, 3262 vnc_listen_websocket_read, NULL, vs); 3263 } 3264 #endif /* CONFIG_VNC_WS */ 3265 } 3266 return; 3267 3268 fail: 3269 g_free(vs->display); 3270 vs->display = NULL; 3271 #ifdef CONFIG_VNC_WS 3272 g_free(vs->ws_display); 3273 vs->ws_display = NULL; 3274 #endif /* CONFIG_VNC_WS */ 3275 } 3276 3277 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth) 3278 { 3279 VncDisplay *vs = vnc_display; 3280 3281 vnc_connect(vs, csock, skipauth, 0); 3282 } 3283