1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu/sysemu.h" 30 #include "qemu/sockets.h" 31 #include "qemu/timer.h" 32 #include "qemu/acl.h" 33 #include "qapi/qmp/types.h" 34 #include "qmp-commands.h" 35 #include "qemu/osdep.h" 36 #include "ui/input.h" 37 38 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 39 #define VNC_REFRESH_INTERVAL_INC 50 40 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 41 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 42 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 43 44 #include "vnc_keysym.h" 45 #include "d3des.h" 46 47 static VncDisplay *vnc_display; /* needed for info vnc */ 48 49 static int vnc_cursor_define(VncState *vs); 50 static void vnc_release_modifiers(VncState *vs); 51 52 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 53 { 54 #ifdef _VNC_DEBUG 55 static const char *mn[] = { 56 [0] = "undefined", 57 [VNC_SHARE_MODE_CONNECTING] = "connecting", 58 [VNC_SHARE_MODE_SHARED] = "shared", 59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 61 }; 62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 63 vs->csock, mn[vs->share_mode], mn[mode]); 64 #endif 65 66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 67 vs->vd->num_exclusive--; 68 } 69 vs->share_mode = mode; 70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 71 vs->vd->num_exclusive++; 72 } 73 } 74 75 static char *addr_to_string(const char *format, 76 struct sockaddr_storage *sa, 77 socklen_t salen) { 78 char *addr; 79 char host[NI_MAXHOST]; 80 char serv[NI_MAXSERV]; 81 int err; 82 size_t addrlen; 83 84 if ((err = getnameinfo((struct sockaddr *)sa, salen, 85 host, sizeof(host), 86 serv, sizeof(serv), 87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 88 VNC_DEBUG("Cannot resolve address %d: %s\n", 89 err, gai_strerror(err)); 90 return NULL; 91 } 92 93 /* Enough for the existing format + the 2 vars we're 94 * substituting in. */ 95 addrlen = strlen(format) + strlen(host) + strlen(serv); 96 addr = g_malloc(addrlen + 1); 97 snprintf(addr, addrlen, format, host, serv); 98 addr[addrlen] = '\0'; 99 100 return addr; 101 } 102 103 104 char *vnc_socket_local_addr(const char *format, int fd) { 105 struct sockaddr_storage sa; 106 socklen_t salen; 107 108 salen = sizeof(sa); 109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 110 return NULL; 111 112 return addr_to_string(format, &sa, salen); 113 } 114 115 char *vnc_socket_remote_addr(const char *format, int fd) { 116 struct sockaddr_storage sa; 117 socklen_t salen; 118 119 salen = sizeof(sa); 120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 121 return NULL; 122 123 return addr_to_string(format, &sa, salen); 124 } 125 126 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 127 socklen_t salen) 128 { 129 char host[NI_MAXHOST]; 130 char serv[NI_MAXSERV]; 131 int err; 132 133 if ((err = getnameinfo((struct sockaddr *)sa, salen, 134 host, sizeof(host), 135 serv, sizeof(serv), 136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 137 VNC_DEBUG("Cannot resolve address %d: %s\n", 138 err, gai_strerror(err)); 139 return -1; 140 } 141 142 qdict_put(qdict, "host", qstring_from_str(host)); 143 qdict_put(qdict, "service", qstring_from_str(serv)); 144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 145 146 return 0; 147 } 148 149 static int vnc_server_addr_put(QDict *qdict, int fd) 150 { 151 struct sockaddr_storage sa; 152 socklen_t salen; 153 154 salen = sizeof(sa); 155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 156 return -1; 157 } 158 159 return put_addr_qdict(qdict, &sa, salen); 160 } 161 162 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 163 { 164 struct sockaddr_storage sa; 165 socklen_t salen; 166 167 salen = sizeof(sa); 168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 169 return -1; 170 } 171 172 return put_addr_qdict(qdict, &sa, salen); 173 } 174 175 static const char *vnc_auth_name(VncDisplay *vd) { 176 switch (vd->auth) { 177 case VNC_AUTH_INVALID: 178 return "invalid"; 179 case VNC_AUTH_NONE: 180 return "none"; 181 case VNC_AUTH_VNC: 182 return "vnc"; 183 case VNC_AUTH_RA2: 184 return "ra2"; 185 case VNC_AUTH_RA2NE: 186 return "ra2ne"; 187 case VNC_AUTH_TIGHT: 188 return "tight"; 189 case VNC_AUTH_ULTRA: 190 return "ultra"; 191 case VNC_AUTH_TLS: 192 return "tls"; 193 case VNC_AUTH_VENCRYPT: 194 #ifdef CONFIG_VNC_TLS 195 switch (vd->subauth) { 196 case VNC_AUTH_VENCRYPT_PLAIN: 197 return "vencrypt+plain"; 198 case VNC_AUTH_VENCRYPT_TLSNONE: 199 return "vencrypt+tls+none"; 200 case VNC_AUTH_VENCRYPT_TLSVNC: 201 return "vencrypt+tls+vnc"; 202 case VNC_AUTH_VENCRYPT_TLSPLAIN: 203 return "vencrypt+tls+plain"; 204 case VNC_AUTH_VENCRYPT_X509NONE: 205 return "vencrypt+x509+none"; 206 case VNC_AUTH_VENCRYPT_X509VNC: 207 return "vencrypt+x509+vnc"; 208 case VNC_AUTH_VENCRYPT_X509PLAIN: 209 return "vencrypt+x509+plain"; 210 case VNC_AUTH_VENCRYPT_TLSSASL: 211 return "vencrypt+tls+sasl"; 212 case VNC_AUTH_VENCRYPT_X509SASL: 213 return "vencrypt+x509+sasl"; 214 default: 215 return "vencrypt"; 216 } 217 #else 218 return "vencrypt"; 219 #endif 220 case VNC_AUTH_SASL: 221 return "sasl"; 222 } 223 return "unknown"; 224 } 225 226 static int vnc_server_info_put(QDict *qdict) 227 { 228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 229 return -1; 230 } 231 232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 233 return 0; 234 } 235 236 static void vnc_client_cache_auth(VncState *client) 237 { 238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 239 QDict *qdict; 240 #endif 241 242 if (!client->info) { 243 return; 244 } 245 246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 247 qdict = qobject_to_qdict(client->info); 248 #endif 249 250 #ifdef CONFIG_VNC_TLS 251 if (client->tls.session && 252 client->tls.dname) { 253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 254 } 255 #endif 256 #ifdef CONFIG_VNC_SASL 257 if (client->sasl.conn && 258 client->sasl.username) { 259 qdict_put(qdict, "sasl_username", 260 qstring_from_str(client->sasl.username)); 261 } 262 #endif 263 } 264 265 static void vnc_client_cache_addr(VncState *client) 266 { 267 QDict *qdict; 268 269 qdict = qdict_new(); 270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 271 QDECREF(qdict); 272 /* XXX: how to report the error? */ 273 return; 274 } 275 276 client->info = QOBJECT(qdict); 277 } 278 279 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 280 { 281 QDict *server; 282 QObject *data; 283 284 if (!vs->info) { 285 return; 286 } 287 288 server = qdict_new(); 289 if (vnc_server_info_put(server) < 0) { 290 QDECREF(server); 291 return; 292 } 293 294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 295 vs->info, QOBJECT(server)); 296 297 monitor_protocol_event(event, data); 298 299 qobject_incref(vs->info); 300 qobject_decref(data); 301 } 302 303 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 304 { 305 struct sockaddr_storage sa; 306 socklen_t salen = sizeof(sa); 307 char host[NI_MAXHOST]; 308 char serv[NI_MAXSERV]; 309 VncClientInfo *info; 310 311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 312 return NULL; 313 } 314 315 if (getnameinfo((struct sockaddr *)&sa, salen, 316 host, sizeof(host), 317 serv, sizeof(serv), 318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 319 return NULL; 320 } 321 322 info = g_malloc0(sizeof(*info)); 323 info->host = g_strdup(host); 324 info->service = g_strdup(serv); 325 info->family = g_strdup(inet_strfamily(sa.ss_family)); 326 327 #ifdef CONFIG_VNC_TLS 328 if (client->tls.session && client->tls.dname) { 329 info->has_x509_dname = true; 330 info->x509_dname = g_strdup(client->tls.dname); 331 } 332 #endif 333 #ifdef CONFIG_VNC_SASL 334 if (client->sasl.conn && client->sasl.username) { 335 info->has_sasl_username = true; 336 info->sasl_username = g_strdup(client->sasl.username); 337 } 338 #endif 339 340 return info; 341 } 342 343 VncInfo *qmp_query_vnc(Error **errp) 344 { 345 VncInfo *info = g_malloc0(sizeof(*info)); 346 347 if (vnc_display == NULL || vnc_display->display == NULL) { 348 info->enabled = false; 349 } else { 350 VncClientInfoList *cur_item = NULL; 351 struct sockaddr_storage sa; 352 socklen_t salen = sizeof(sa); 353 char host[NI_MAXHOST]; 354 char serv[NI_MAXSERV]; 355 VncState *client; 356 357 info->enabled = true; 358 359 /* for compatibility with the original command */ 360 info->has_clients = true; 361 362 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 364 cinfo->value = qmp_query_vnc_client(client); 365 366 /* XXX: waiting for the qapi to support GSList */ 367 if (!cur_item) { 368 info->clients = cur_item = cinfo; 369 } else { 370 cur_item->next = cinfo; 371 cur_item = cinfo; 372 } 373 } 374 375 if (vnc_display->lsock == -1) { 376 return info; 377 } 378 379 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 380 &salen) == -1) { 381 error_set(errp, QERR_UNDEFINED_ERROR); 382 goto out_error; 383 } 384 385 if (getnameinfo((struct sockaddr *)&sa, salen, 386 host, sizeof(host), 387 serv, sizeof(serv), 388 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 389 error_set(errp, QERR_UNDEFINED_ERROR); 390 goto out_error; 391 } 392 393 info->has_host = true; 394 info->host = g_strdup(host); 395 396 info->has_service = true; 397 info->service = g_strdup(serv); 398 399 info->has_family = true; 400 info->family = g_strdup(inet_strfamily(sa.ss_family)); 401 402 info->has_auth = true; 403 info->auth = g_strdup(vnc_auth_name(vnc_display)); 404 } 405 406 return info; 407 408 out_error: 409 qapi_free_VncInfo(info); 410 return NULL; 411 } 412 413 /* TODO 414 1) Get the queue working for IO. 415 2) there is some weirdness when using the -S option (the screen is grey 416 and not totally invalidated 417 3) resolutions > 1024 418 */ 419 420 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 421 static void vnc_disconnect_start(VncState *vs); 422 423 static void vnc_colordepth(VncState *vs); 424 static void framebuffer_update_request(VncState *vs, int incremental, 425 int x_position, int y_position, 426 int w, int h); 427 static void vnc_refresh(DisplayChangeListener *dcl); 428 static int vnc_refresh_server_surface(VncDisplay *vd); 429 430 static void vnc_dpy_update(DisplayChangeListener *dcl, 431 int x, int y, int w, int h) 432 { 433 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 434 struct VncSurface *s = &vd->guest; 435 int width = surface_width(vd->ds); 436 int height = surface_height(vd->ds); 437 438 /* this is needed this to ensure we updated all affected 439 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 440 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 441 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 442 443 x = MIN(x, width); 444 y = MIN(y, height); 445 w = MIN(x + w, width) - x; 446 h = MIN(y + h, height); 447 448 for (; y < h; y++) { 449 bitmap_set(s->dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 450 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 451 } 452 } 453 454 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 455 int32_t encoding) 456 { 457 vnc_write_u16(vs, x); 458 vnc_write_u16(vs, y); 459 vnc_write_u16(vs, w); 460 vnc_write_u16(vs, h); 461 462 vnc_write_s32(vs, encoding); 463 } 464 465 void buffer_reserve(Buffer *buffer, size_t len) 466 { 467 if ((buffer->capacity - buffer->offset) < len) { 468 buffer->capacity += (len + 1024); 469 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 470 if (buffer->buffer == NULL) { 471 fprintf(stderr, "vnc: out of memory\n"); 472 exit(1); 473 } 474 } 475 } 476 477 static int buffer_empty(Buffer *buffer) 478 { 479 return buffer->offset == 0; 480 } 481 482 uint8_t *buffer_end(Buffer *buffer) 483 { 484 return buffer->buffer + buffer->offset; 485 } 486 487 void buffer_reset(Buffer *buffer) 488 { 489 buffer->offset = 0; 490 } 491 492 void buffer_free(Buffer *buffer) 493 { 494 g_free(buffer->buffer); 495 buffer->offset = 0; 496 buffer->capacity = 0; 497 buffer->buffer = NULL; 498 } 499 500 void buffer_append(Buffer *buffer, const void *data, size_t len) 501 { 502 memcpy(buffer->buffer + buffer->offset, data, len); 503 buffer->offset += len; 504 } 505 506 void buffer_advance(Buffer *buf, size_t len) 507 { 508 memmove(buf->buffer, buf->buffer + len, 509 (buf->offset - len)); 510 buf->offset -= len; 511 } 512 513 static void vnc_desktop_resize(VncState *vs) 514 { 515 DisplaySurface *ds = vs->vd->ds; 516 517 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 518 return; 519 } 520 if (vs->client_width == surface_width(ds) && 521 vs->client_height == surface_height(ds)) { 522 return; 523 } 524 vs->client_width = surface_width(ds); 525 vs->client_height = surface_height(ds); 526 vnc_lock_output(vs); 527 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 528 vnc_write_u8(vs, 0); 529 vnc_write_u16(vs, 1); /* number of rects */ 530 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 531 VNC_ENCODING_DESKTOPRESIZE); 532 vnc_unlock_output(vs); 533 vnc_flush(vs); 534 } 535 536 static void vnc_abort_display_jobs(VncDisplay *vd) 537 { 538 VncState *vs; 539 540 QTAILQ_FOREACH(vs, &vd->clients, next) { 541 vnc_lock_output(vs); 542 vs->abort = true; 543 vnc_unlock_output(vs); 544 } 545 QTAILQ_FOREACH(vs, &vd->clients, next) { 546 vnc_jobs_join(vs); 547 } 548 QTAILQ_FOREACH(vs, &vd->clients, next) { 549 vnc_lock_output(vs); 550 vs->abort = false; 551 vnc_unlock_output(vs); 552 } 553 } 554 555 int vnc_server_fb_stride(VncDisplay *vd) 556 { 557 return pixman_image_get_stride(vd->server); 558 } 559 560 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 561 { 562 uint8_t *ptr; 563 564 ptr = (uint8_t *)pixman_image_get_data(vd->server); 565 ptr += y * vnc_server_fb_stride(vd); 566 ptr += x * VNC_SERVER_FB_BYTES; 567 return ptr; 568 } 569 /* this sets only the visible pixels of a dirty bitmap */ 570 #define VNC_SET_VISIBLE_PIXELS_DIRTY(bitmap, w, h) {\ 571 int y;\ 572 memset(bitmap, 0x00, sizeof(bitmap));\ 573 for (y = 0; y < h; y++) {\ 574 bitmap_set(bitmap[y], 0,\ 575 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));\ 576 } \ 577 } 578 579 static void vnc_dpy_switch(DisplayChangeListener *dcl, 580 DisplaySurface *surface) 581 { 582 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 583 VncState *vs; 584 585 vnc_abort_display_jobs(vd); 586 587 /* server surface */ 588 qemu_pixman_image_unref(vd->server); 589 vd->ds = surface; 590 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 591 surface_width(vd->ds), 592 surface_height(vd->ds), 593 NULL, 0); 594 595 /* guest surface */ 596 #if 0 /* FIXME */ 597 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 598 console_color_init(ds); 599 #endif 600 qemu_pixman_image_unref(vd->guest.fb); 601 vd->guest.fb = pixman_image_ref(surface->image); 602 vd->guest.format = surface->format; 603 VNC_SET_VISIBLE_PIXELS_DIRTY(vd->guest.dirty, 604 surface_width(vd->ds), 605 surface_height(vd->ds)); 606 607 QTAILQ_FOREACH(vs, &vd->clients, next) { 608 vnc_colordepth(vs); 609 vnc_desktop_resize(vs); 610 if (vs->vd->cursor) { 611 vnc_cursor_define(vs); 612 } 613 VNC_SET_VISIBLE_PIXELS_DIRTY(vs->dirty, 614 surface_width(vd->ds), 615 surface_height(vd->ds)); 616 } 617 } 618 619 /* fastest code */ 620 static void vnc_write_pixels_copy(VncState *vs, 621 void *pixels, int size) 622 { 623 vnc_write(vs, pixels, size); 624 } 625 626 /* slowest but generic code. */ 627 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 628 { 629 uint8_t r, g, b; 630 631 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 632 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 633 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 634 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 635 #else 636 # error need some bits here if you change VNC_SERVER_FB_FORMAT 637 #endif 638 v = (r << vs->client_pf.rshift) | 639 (g << vs->client_pf.gshift) | 640 (b << vs->client_pf.bshift); 641 switch (vs->client_pf.bytes_per_pixel) { 642 case 1: 643 buf[0] = v; 644 break; 645 case 2: 646 if (vs->client_be) { 647 buf[0] = v >> 8; 648 buf[1] = v; 649 } else { 650 buf[1] = v >> 8; 651 buf[0] = v; 652 } 653 break; 654 default: 655 case 4: 656 if (vs->client_be) { 657 buf[0] = v >> 24; 658 buf[1] = v >> 16; 659 buf[2] = v >> 8; 660 buf[3] = v; 661 } else { 662 buf[3] = v >> 24; 663 buf[2] = v >> 16; 664 buf[1] = v >> 8; 665 buf[0] = v; 666 } 667 break; 668 } 669 } 670 671 static void vnc_write_pixels_generic(VncState *vs, 672 void *pixels1, int size) 673 { 674 uint8_t buf[4]; 675 676 if (VNC_SERVER_FB_BYTES == 4) { 677 uint32_t *pixels = pixels1; 678 int n, i; 679 n = size >> 2; 680 for (i = 0; i < n; i++) { 681 vnc_convert_pixel(vs, buf, pixels[i]); 682 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 683 } 684 } 685 } 686 687 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 688 { 689 int i; 690 uint8_t *row; 691 VncDisplay *vd = vs->vd; 692 693 row = vnc_server_fb_ptr(vd, x, y); 694 for (i = 0; i < h; i++) { 695 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 696 row += vnc_server_fb_stride(vd); 697 } 698 return 1; 699 } 700 701 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 702 { 703 int n = 0; 704 705 switch(vs->vnc_encoding) { 706 case VNC_ENCODING_ZLIB: 707 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 708 break; 709 case VNC_ENCODING_HEXTILE: 710 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 711 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 712 break; 713 case VNC_ENCODING_TIGHT: 714 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 715 break; 716 case VNC_ENCODING_TIGHT_PNG: 717 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 718 break; 719 case VNC_ENCODING_ZRLE: 720 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 721 break; 722 case VNC_ENCODING_ZYWRLE: 723 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 724 break; 725 default: 726 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 727 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 728 break; 729 } 730 return n; 731 } 732 733 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 734 { 735 /* send bitblit op to the vnc client */ 736 vnc_lock_output(vs); 737 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 738 vnc_write_u8(vs, 0); 739 vnc_write_u16(vs, 1); /* number of rects */ 740 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 741 vnc_write_u16(vs, src_x); 742 vnc_write_u16(vs, src_y); 743 vnc_unlock_output(vs); 744 vnc_flush(vs); 745 } 746 747 static void vnc_dpy_copy(DisplayChangeListener *dcl, 748 int src_x, int src_y, 749 int dst_x, int dst_y, int w, int h) 750 { 751 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 752 VncState *vs, *vn; 753 uint8_t *src_row; 754 uint8_t *dst_row; 755 int i, x, y, pitch, inc, w_lim, s; 756 int cmp_bytes; 757 758 vnc_refresh_server_surface(vd); 759 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 760 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 761 vs->force_update = 1; 762 vnc_update_client(vs, 1, true); 763 /* vs might be free()ed here */ 764 } 765 } 766 767 /* do bitblit op on the local surface too */ 768 pitch = vnc_server_fb_stride(vd); 769 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 770 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 771 y = dst_y; 772 inc = 1; 773 if (dst_y > src_y) { 774 /* copy backwards */ 775 src_row += pitch * (h-1); 776 dst_row += pitch * (h-1); 777 pitch = -pitch; 778 y = dst_y + h - 1; 779 inc = -1; 780 } 781 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 782 if (w_lim < 0) { 783 w_lim = w; 784 } else { 785 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 786 } 787 for (i = 0; i < h; i++) { 788 for (x = 0; x <= w_lim; 789 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 790 if (x == w_lim) { 791 if ((s = w - w_lim) == 0) 792 break; 793 } else if (!x) { 794 s = (VNC_DIRTY_PIXELS_PER_BIT - 795 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 796 s = MIN(s, w_lim); 797 } else { 798 s = VNC_DIRTY_PIXELS_PER_BIT; 799 } 800 cmp_bytes = s * VNC_SERVER_FB_BYTES; 801 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 802 continue; 803 memmove(dst_row, src_row, cmp_bytes); 804 QTAILQ_FOREACH(vs, &vd->clients, next) { 805 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 806 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 807 vs->dirty[y]); 808 } 809 } 810 } 811 src_row += pitch - w * VNC_SERVER_FB_BYTES; 812 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 813 y += inc; 814 } 815 816 QTAILQ_FOREACH(vs, &vd->clients, next) { 817 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 818 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 819 } 820 } 821 } 822 823 static void vnc_mouse_set(DisplayChangeListener *dcl, 824 int x, int y, int visible) 825 { 826 /* can we ask the client(s) to move the pointer ??? */ 827 } 828 829 static int vnc_cursor_define(VncState *vs) 830 { 831 QEMUCursor *c = vs->vd->cursor; 832 int isize; 833 834 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 835 vnc_lock_output(vs); 836 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 837 vnc_write_u8(vs, 0); /* padding */ 838 vnc_write_u16(vs, 1); /* # of rects */ 839 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 840 VNC_ENCODING_RICH_CURSOR); 841 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 842 vnc_write_pixels_generic(vs, c->data, isize); 843 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 844 vnc_unlock_output(vs); 845 return 0; 846 } 847 return -1; 848 } 849 850 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 851 QEMUCursor *c) 852 { 853 VncDisplay *vd = vnc_display; 854 VncState *vs; 855 856 cursor_put(vd->cursor); 857 g_free(vd->cursor_mask); 858 859 vd->cursor = c; 860 cursor_get(vd->cursor); 861 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 862 vd->cursor_mask = g_malloc0(vd->cursor_msize); 863 cursor_get_mono_mask(c, 0, vd->cursor_mask); 864 865 QTAILQ_FOREACH(vs, &vd->clients, next) { 866 vnc_cursor_define(vs); 867 } 868 } 869 870 static int find_and_clear_dirty_height(struct VncState *vs, 871 int y, int last_x, int x, int height) 872 { 873 int h; 874 875 for (h = 1; h < (height - y); h++) { 876 if (!test_bit(last_x, vs->dirty[y + h])) { 877 break; 878 } 879 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 880 } 881 882 return h; 883 } 884 885 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 886 { 887 if (vs->need_update && vs->csock != -1) { 888 VncDisplay *vd = vs->vd; 889 VncJob *job; 890 int y; 891 int height; 892 int n = 0; 893 894 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 895 /* kernel send buffers are full -> drop frames to throttle */ 896 return 0; 897 898 if (!has_dirty && !vs->audio_cap && !vs->force_update) 899 return 0; 900 901 /* 902 * Send screen updates to the vnc client using the server 903 * surface and server dirty map. guest surface updates 904 * happening in parallel don't disturb us, the next pass will 905 * send them to the client. 906 */ 907 job = vnc_job_new(vs); 908 909 height = MIN(pixman_image_get_height(vd->server), vs->client_height); 910 911 y = 0; 912 for (;;) { 913 int x, h; 914 unsigned long x2; 915 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 916 height * VNC_DIRTY_BPL(vs), 917 y * VNC_DIRTY_BPL(vs)); 918 if (offset == height * VNC_DIRTY_BPL(vs)) { 919 /* no more dirty bits */ 920 break; 921 } 922 y = offset / VNC_DIRTY_BPL(vs); 923 x = offset % VNC_DIRTY_BPL(vs); 924 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 925 VNC_DIRTY_BPL(vs), x); 926 bitmap_clear(vs->dirty[y], x, x2 - x); 927 h = find_and_clear_dirty_height(vs, y, x, x2, height); 928 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 929 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 930 } 931 932 vnc_job_push(job); 933 vs->force_update = 0; 934 return n; 935 } 936 937 if (vs->csock == -1) { 938 vnc_disconnect_finish(vs); 939 } else if (sync) { 940 vnc_jobs_join(vs); 941 } 942 943 return 0; 944 } 945 946 /* audio */ 947 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 948 { 949 VncState *vs = opaque; 950 951 switch (cmd) { 952 case AUD_CNOTIFY_DISABLE: 953 vnc_lock_output(vs); 954 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 955 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 956 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 957 vnc_unlock_output(vs); 958 vnc_flush(vs); 959 break; 960 961 case AUD_CNOTIFY_ENABLE: 962 vnc_lock_output(vs); 963 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 964 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 965 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 966 vnc_unlock_output(vs); 967 vnc_flush(vs); 968 break; 969 } 970 } 971 972 static void audio_capture_destroy(void *opaque) 973 { 974 } 975 976 static void audio_capture(void *opaque, void *buf, int size) 977 { 978 VncState *vs = opaque; 979 980 vnc_lock_output(vs); 981 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 982 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 983 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 984 vnc_write_u32(vs, size); 985 vnc_write(vs, buf, size); 986 vnc_unlock_output(vs); 987 vnc_flush(vs); 988 } 989 990 static void audio_add(VncState *vs) 991 { 992 struct audio_capture_ops ops; 993 994 if (vs->audio_cap) { 995 monitor_printf(default_mon, "audio already running\n"); 996 return; 997 } 998 999 ops.notify = audio_capture_notify; 1000 ops.destroy = audio_capture_destroy; 1001 ops.capture = audio_capture; 1002 1003 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1004 if (!vs->audio_cap) { 1005 monitor_printf(default_mon, "Failed to add audio capture\n"); 1006 } 1007 } 1008 1009 static void audio_del(VncState *vs) 1010 { 1011 if (vs->audio_cap) { 1012 AUD_del_capture(vs->audio_cap, vs); 1013 vs->audio_cap = NULL; 1014 } 1015 } 1016 1017 static void vnc_disconnect_start(VncState *vs) 1018 { 1019 if (vs->csock == -1) 1020 return; 1021 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1022 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1023 closesocket(vs->csock); 1024 vs->csock = -1; 1025 } 1026 1027 void vnc_disconnect_finish(VncState *vs) 1028 { 1029 int i; 1030 1031 vnc_jobs_join(vs); /* Wait encoding jobs */ 1032 1033 vnc_lock_output(vs); 1034 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1035 1036 buffer_free(&vs->input); 1037 buffer_free(&vs->output); 1038 #ifdef CONFIG_VNC_WS 1039 buffer_free(&vs->ws_input); 1040 buffer_free(&vs->ws_output); 1041 #endif /* CONFIG_VNC_WS */ 1042 1043 qobject_decref(vs->info); 1044 1045 vnc_zlib_clear(vs); 1046 vnc_tight_clear(vs); 1047 vnc_zrle_clear(vs); 1048 1049 #ifdef CONFIG_VNC_TLS 1050 vnc_tls_client_cleanup(vs); 1051 #endif /* CONFIG_VNC_TLS */ 1052 #ifdef CONFIG_VNC_SASL 1053 vnc_sasl_client_cleanup(vs); 1054 #endif /* CONFIG_VNC_SASL */ 1055 audio_del(vs); 1056 vnc_release_modifiers(vs); 1057 1058 if (vs->initialized) { 1059 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1060 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1061 } 1062 1063 if (vs->vd->lock_key_sync) 1064 qemu_remove_led_event_handler(vs->led); 1065 vnc_unlock_output(vs); 1066 1067 qemu_mutex_destroy(&vs->output_mutex); 1068 if (vs->bh != NULL) { 1069 qemu_bh_delete(vs->bh); 1070 } 1071 buffer_free(&vs->jobs_buffer); 1072 1073 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1074 g_free(vs->lossy_rect[i]); 1075 } 1076 g_free(vs->lossy_rect); 1077 g_free(vs); 1078 } 1079 1080 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1081 { 1082 if (ret == 0 || ret == -1) { 1083 if (ret == -1) { 1084 switch (last_errno) { 1085 case EINTR: 1086 case EAGAIN: 1087 #ifdef _WIN32 1088 case WSAEWOULDBLOCK: 1089 #endif 1090 return 0; 1091 default: 1092 break; 1093 } 1094 } 1095 1096 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1097 ret, ret < 0 ? last_errno : 0); 1098 vnc_disconnect_start(vs); 1099 1100 return 0; 1101 } 1102 return ret; 1103 } 1104 1105 1106 void vnc_client_error(VncState *vs) 1107 { 1108 VNC_DEBUG("Closing down client sock: protocol error\n"); 1109 vnc_disconnect_start(vs); 1110 } 1111 1112 #ifdef CONFIG_VNC_TLS 1113 static long vnc_client_write_tls(gnutls_session_t *session, 1114 const uint8_t *data, 1115 size_t datalen) 1116 { 1117 long ret = gnutls_write(*session, data, datalen); 1118 if (ret < 0) { 1119 if (ret == GNUTLS_E_AGAIN) { 1120 errno = EAGAIN; 1121 } else { 1122 errno = EIO; 1123 } 1124 ret = -1; 1125 } 1126 return ret; 1127 } 1128 #endif /* CONFIG_VNC_TLS */ 1129 1130 /* 1131 * Called to write a chunk of data to the client socket. The data may 1132 * be the raw data, or may have already been encoded by SASL. 1133 * The data will be written either straight onto the socket, or 1134 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1135 * 1136 * NB, it is theoretically possible to have 2 layers of encryption, 1137 * both SASL, and this TLS layer. It is highly unlikely in practice 1138 * though, since SASL encryption will typically be a no-op if TLS 1139 * is active 1140 * 1141 * Returns the number of bytes written, which may be less than 1142 * the requested 'datalen' if the socket would block. Returns 1143 * -1 on error, and disconnects the client socket. 1144 */ 1145 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1146 { 1147 long ret; 1148 #ifdef CONFIG_VNC_TLS 1149 if (vs->tls.session) { 1150 ret = vnc_client_write_tls(&vs->tls.session, data, datalen); 1151 } else { 1152 #ifdef CONFIG_VNC_WS 1153 if (vs->ws_tls.session) { 1154 ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen); 1155 } else 1156 #endif /* CONFIG_VNC_WS */ 1157 #endif /* CONFIG_VNC_TLS */ 1158 { 1159 ret = send(vs->csock, (const void *)data, datalen, 0); 1160 } 1161 #ifdef CONFIG_VNC_TLS 1162 } 1163 #endif /* CONFIG_VNC_TLS */ 1164 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1165 return vnc_client_io_error(vs, ret, socket_error()); 1166 } 1167 1168 1169 /* 1170 * Called to write buffered data to the client socket, when not 1171 * using any SASL SSF encryption layers. Will write as much data 1172 * as possible without blocking. If all buffered data is written, 1173 * will switch the FD poll() handler back to read monitoring. 1174 * 1175 * Returns the number of bytes written, which may be less than 1176 * the buffered output data if the socket would block. Returns 1177 * -1 on error, and disconnects the client socket. 1178 */ 1179 static long vnc_client_write_plain(VncState *vs) 1180 { 1181 long ret; 1182 1183 #ifdef CONFIG_VNC_SASL 1184 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1185 vs->output.buffer, vs->output.capacity, vs->output.offset, 1186 vs->sasl.waitWriteSSF); 1187 1188 if (vs->sasl.conn && 1189 vs->sasl.runSSF && 1190 vs->sasl.waitWriteSSF) { 1191 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1192 if (ret) 1193 vs->sasl.waitWriteSSF -= ret; 1194 } else 1195 #endif /* CONFIG_VNC_SASL */ 1196 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1197 if (!ret) 1198 return 0; 1199 1200 buffer_advance(&vs->output, ret); 1201 1202 if (vs->output.offset == 0) { 1203 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1204 } 1205 1206 return ret; 1207 } 1208 1209 1210 /* 1211 * First function called whenever there is data to be written to 1212 * the client socket. Will delegate actual work according to whether 1213 * SASL SSF layers are enabled (thus requiring encryption calls) 1214 */ 1215 static void vnc_client_write_locked(void *opaque) 1216 { 1217 VncState *vs = opaque; 1218 1219 #ifdef CONFIG_VNC_SASL 1220 if (vs->sasl.conn && 1221 vs->sasl.runSSF && 1222 !vs->sasl.waitWriteSSF) { 1223 vnc_client_write_sasl(vs); 1224 } else 1225 #endif /* CONFIG_VNC_SASL */ 1226 { 1227 #ifdef CONFIG_VNC_WS 1228 if (vs->encode_ws) { 1229 vnc_client_write_ws(vs); 1230 } else 1231 #endif /* CONFIG_VNC_WS */ 1232 { 1233 vnc_client_write_plain(vs); 1234 } 1235 } 1236 } 1237 1238 void vnc_client_write(void *opaque) 1239 { 1240 VncState *vs = opaque; 1241 1242 vnc_lock_output(vs); 1243 if (vs->output.offset 1244 #ifdef CONFIG_VNC_WS 1245 || vs->ws_output.offset 1246 #endif 1247 ) { 1248 vnc_client_write_locked(opaque); 1249 } else if (vs->csock != -1) { 1250 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1251 } 1252 vnc_unlock_output(vs); 1253 } 1254 1255 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1256 { 1257 vs->read_handler = func; 1258 vs->read_handler_expect = expecting; 1259 } 1260 1261 #ifdef CONFIG_VNC_TLS 1262 static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data, 1263 size_t datalen) 1264 { 1265 long ret = gnutls_read(*session, data, datalen); 1266 if (ret < 0) { 1267 if (ret == GNUTLS_E_AGAIN) { 1268 errno = EAGAIN; 1269 } else { 1270 errno = EIO; 1271 } 1272 ret = -1; 1273 } 1274 return ret; 1275 } 1276 #endif /* CONFIG_VNC_TLS */ 1277 1278 /* 1279 * Called to read a chunk of data from the client socket. The data may 1280 * be the raw data, or may need to be further decoded by SASL. 1281 * The data will be read either straight from to the socket, or 1282 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1283 * 1284 * NB, it is theoretically possible to have 2 layers of encryption, 1285 * both SASL, and this TLS layer. It is highly unlikely in practice 1286 * though, since SASL encryption will typically be a no-op if TLS 1287 * is active 1288 * 1289 * Returns the number of bytes read, which may be less than 1290 * the requested 'datalen' if the socket would block. Returns 1291 * -1 on error, and disconnects the client socket. 1292 */ 1293 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1294 { 1295 long ret; 1296 #ifdef CONFIG_VNC_TLS 1297 if (vs->tls.session) { 1298 ret = vnc_client_read_tls(&vs->tls.session, data, datalen); 1299 } else { 1300 #ifdef CONFIG_VNC_WS 1301 if (vs->ws_tls.session) { 1302 ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen); 1303 } else 1304 #endif /* CONFIG_VNC_WS */ 1305 #endif /* CONFIG_VNC_TLS */ 1306 { 1307 ret = qemu_recv(vs->csock, data, datalen, 0); 1308 } 1309 #ifdef CONFIG_VNC_TLS 1310 } 1311 #endif /* CONFIG_VNC_TLS */ 1312 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1313 return vnc_client_io_error(vs, ret, socket_error()); 1314 } 1315 1316 1317 /* 1318 * Called to read data from the client socket to the input buffer, 1319 * when not using any SASL SSF encryption layers. Will read as much 1320 * data as possible without blocking. 1321 * 1322 * Returns the number of bytes read. Returns -1 on error, and 1323 * disconnects the client socket. 1324 */ 1325 static long vnc_client_read_plain(VncState *vs) 1326 { 1327 int ret; 1328 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1329 vs->input.buffer, vs->input.capacity, vs->input.offset); 1330 buffer_reserve(&vs->input, 4096); 1331 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1332 if (!ret) 1333 return 0; 1334 vs->input.offset += ret; 1335 return ret; 1336 } 1337 1338 static void vnc_jobs_bh(void *opaque) 1339 { 1340 VncState *vs = opaque; 1341 1342 vnc_jobs_consume_buffer(vs); 1343 } 1344 1345 /* 1346 * First function called whenever there is more data to be read from 1347 * the client socket. Will delegate actual work according to whether 1348 * SASL SSF layers are enabled (thus requiring decryption calls) 1349 */ 1350 void vnc_client_read(void *opaque) 1351 { 1352 VncState *vs = opaque; 1353 long ret; 1354 1355 #ifdef CONFIG_VNC_SASL 1356 if (vs->sasl.conn && vs->sasl.runSSF) 1357 ret = vnc_client_read_sasl(vs); 1358 else 1359 #endif /* CONFIG_VNC_SASL */ 1360 #ifdef CONFIG_VNC_WS 1361 if (vs->encode_ws) { 1362 ret = vnc_client_read_ws(vs); 1363 if (ret == -1) { 1364 vnc_disconnect_start(vs); 1365 return; 1366 } else if (ret == -2) { 1367 vnc_client_error(vs); 1368 return; 1369 } 1370 } else 1371 #endif /* CONFIG_VNC_WS */ 1372 { 1373 ret = vnc_client_read_plain(vs); 1374 } 1375 if (!ret) { 1376 if (vs->csock == -1) 1377 vnc_disconnect_finish(vs); 1378 return; 1379 } 1380 1381 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1382 size_t len = vs->read_handler_expect; 1383 int ret; 1384 1385 ret = vs->read_handler(vs, vs->input.buffer, len); 1386 if (vs->csock == -1) { 1387 vnc_disconnect_finish(vs); 1388 return; 1389 } 1390 1391 if (!ret) { 1392 buffer_advance(&vs->input, len); 1393 } else { 1394 vs->read_handler_expect = ret; 1395 } 1396 } 1397 } 1398 1399 void vnc_write(VncState *vs, const void *data, size_t len) 1400 { 1401 buffer_reserve(&vs->output, len); 1402 1403 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1404 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1405 } 1406 1407 buffer_append(&vs->output, data, len); 1408 } 1409 1410 void vnc_write_s32(VncState *vs, int32_t value) 1411 { 1412 vnc_write_u32(vs, *(uint32_t *)&value); 1413 } 1414 1415 void vnc_write_u32(VncState *vs, uint32_t value) 1416 { 1417 uint8_t buf[4]; 1418 1419 buf[0] = (value >> 24) & 0xFF; 1420 buf[1] = (value >> 16) & 0xFF; 1421 buf[2] = (value >> 8) & 0xFF; 1422 buf[3] = value & 0xFF; 1423 1424 vnc_write(vs, buf, 4); 1425 } 1426 1427 void vnc_write_u16(VncState *vs, uint16_t value) 1428 { 1429 uint8_t buf[2]; 1430 1431 buf[0] = (value >> 8) & 0xFF; 1432 buf[1] = value & 0xFF; 1433 1434 vnc_write(vs, buf, 2); 1435 } 1436 1437 void vnc_write_u8(VncState *vs, uint8_t value) 1438 { 1439 vnc_write(vs, (char *)&value, 1); 1440 } 1441 1442 void vnc_flush(VncState *vs) 1443 { 1444 vnc_lock_output(vs); 1445 if (vs->csock != -1 && (vs->output.offset 1446 #ifdef CONFIG_VNC_WS 1447 || vs->ws_output.offset 1448 #endif 1449 )) { 1450 vnc_client_write_locked(vs); 1451 } 1452 vnc_unlock_output(vs); 1453 } 1454 1455 static uint8_t read_u8(uint8_t *data, size_t offset) 1456 { 1457 return data[offset]; 1458 } 1459 1460 static uint16_t read_u16(uint8_t *data, size_t offset) 1461 { 1462 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1463 } 1464 1465 static int32_t read_s32(uint8_t *data, size_t offset) 1466 { 1467 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1468 (data[offset + 2] << 8) | data[offset + 3]); 1469 } 1470 1471 uint32_t read_u32(uint8_t *data, size_t offset) 1472 { 1473 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1474 (data[offset + 2] << 8) | data[offset + 3]); 1475 } 1476 1477 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1478 { 1479 } 1480 1481 static void check_pointer_type_change(Notifier *notifier, void *data) 1482 { 1483 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1484 int absolute = qemu_input_is_absolute(); 1485 1486 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1487 vnc_lock_output(vs); 1488 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1489 vnc_write_u8(vs, 0); 1490 vnc_write_u16(vs, 1); 1491 vnc_framebuffer_update(vs, absolute, 0, 1492 surface_width(vs->vd->ds), 1493 surface_height(vs->vd->ds), 1494 VNC_ENCODING_POINTER_TYPE_CHANGE); 1495 vnc_unlock_output(vs); 1496 vnc_flush(vs); 1497 } 1498 vs->absolute = absolute; 1499 } 1500 1501 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1502 { 1503 static uint32_t bmap[INPUT_BUTTON_MAX] = { 1504 [INPUT_BUTTON_LEFT] = 0x01, 1505 [INPUT_BUTTON_MIDDLE] = 0x02, 1506 [INPUT_BUTTON_RIGHT] = 0x04, 1507 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1508 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1509 }; 1510 QemuConsole *con = vs->vd->dcl.con; 1511 int width = surface_width(vs->vd->ds); 1512 int height = surface_height(vs->vd->ds); 1513 1514 if (vs->last_bmask != button_mask) { 1515 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1516 vs->last_bmask = button_mask; 1517 } 1518 1519 if (vs->absolute) { 1520 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1521 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1522 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1523 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1524 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1525 } else { 1526 if (vs->last_x != -1) { 1527 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1528 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1529 } 1530 vs->last_x = x; 1531 vs->last_y = y; 1532 } 1533 qemu_input_event_sync(); 1534 } 1535 1536 static void reset_keys(VncState *vs) 1537 { 1538 int i; 1539 for(i = 0; i < 256; i++) { 1540 if (vs->modifiers_state[i]) { 1541 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1542 vs->modifiers_state[i] = 0; 1543 } 1544 } 1545 } 1546 1547 static void press_key(VncState *vs, int keysym) 1548 { 1549 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1550 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1551 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1552 } 1553 1554 static int current_led_state(VncState *vs) 1555 { 1556 int ledstate = 0; 1557 1558 if (vs->modifiers_state[0x46]) { 1559 ledstate |= QEMU_SCROLL_LOCK_LED; 1560 } 1561 if (vs->modifiers_state[0x45]) { 1562 ledstate |= QEMU_NUM_LOCK_LED; 1563 } 1564 if (vs->modifiers_state[0x3a]) { 1565 ledstate |= QEMU_CAPS_LOCK_LED; 1566 } 1567 1568 return ledstate; 1569 } 1570 1571 static void vnc_led_state_change(VncState *vs) 1572 { 1573 int ledstate = 0; 1574 1575 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1576 return; 1577 } 1578 1579 ledstate = current_led_state(vs); 1580 vnc_lock_output(vs); 1581 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1582 vnc_write_u8(vs, 0); 1583 vnc_write_u16(vs, 1); 1584 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1585 vnc_write_u8(vs, ledstate); 1586 vnc_unlock_output(vs); 1587 vnc_flush(vs); 1588 } 1589 1590 static void kbd_leds(void *opaque, int ledstate) 1591 { 1592 VncState *vs = opaque; 1593 int caps, num, scr; 1594 bool has_changed = (ledstate != current_led_state(vs)); 1595 1596 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1597 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1598 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1599 1600 if (vs->modifiers_state[0x3a] != caps) { 1601 vs->modifiers_state[0x3a] = caps; 1602 } 1603 if (vs->modifiers_state[0x45] != num) { 1604 vs->modifiers_state[0x45] = num; 1605 } 1606 if (vs->modifiers_state[0x46] != scr) { 1607 vs->modifiers_state[0x46] = scr; 1608 } 1609 1610 /* Sending the current led state message to the client */ 1611 if (has_changed) { 1612 vnc_led_state_change(vs); 1613 } 1614 } 1615 1616 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1617 { 1618 /* QEMU console switch */ 1619 switch(keycode) { 1620 case 0x2a: /* Left Shift */ 1621 case 0x36: /* Right Shift */ 1622 case 0x1d: /* Left CTRL */ 1623 case 0x9d: /* Right CTRL */ 1624 case 0x38: /* Left ALT */ 1625 case 0xb8: /* Right ALT */ 1626 if (down) 1627 vs->modifiers_state[keycode] = 1; 1628 else 1629 vs->modifiers_state[keycode] = 0; 1630 break; 1631 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1632 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1633 /* Reset the modifiers sent to the current console */ 1634 reset_keys(vs); 1635 console_select(keycode - 0x02); 1636 return; 1637 } 1638 break; 1639 case 0x3a: /* CapsLock */ 1640 case 0x45: /* NumLock */ 1641 if (down) 1642 vs->modifiers_state[keycode] ^= 1; 1643 break; 1644 } 1645 1646 /* Turn off the lock state sync logic if the client support the led 1647 state extension. 1648 */ 1649 if (down && vs->vd->lock_key_sync && 1650 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1651 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1652 /* If the numlock state needs to change then simulate an additional 1653 keypress before sending this one. This will happen if the user 1654 toggles numlock away from the VNC window. 1655 */ 1656 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1657 if (!vs->modifiers_state[0x45]) { 1658 vs->modifiers_state[0x45] = 1; 1659 press_key(vs, 0xff7f); 1660 } 1661 } else { 1662 if (vs->modifiers_state[0x45]) { 1663 vs->modifiers_state[0x45] = 0; 1664 press_key(vs, 0xff7f); 1665 } 1666 } 1667 } 1668 1669 if (down && vs->vd->lock_key_sync && 1670 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1671 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1672 /* If the capslock state needs to change then simulate an additional 1673 keypress before sending this one. This will happen if the user 1674 toggles capslock away from the VNC window. 1675 */ 1676 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1677 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1678 int capslock = !!(vs->modifiers_state[0x3a]); 1679 if (capslock) { 1680 if (uppercase == shift) { 1681 vs->modifiers_state[0x3a] = 0; 1682 press_key(vs, 0xffe5); 1683 } 1684 } else { 1685 if (uppercase != shift) { 1686 vs->modifiers_state[0x3a] = 1; 1687 press_key(vs, 0xffe5); 1688 } 1689 } 1690 } 1691 1692 if (qemu_console_is_graphic(NULL)) { 1693 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1694 } else { 1695 bool numlock = vs->modifiers_state[0x45]; 1696 bool control = (vs->modifiers_state[0x1d] || 1697 vs->modifiers_state[0x9d]); 1698 /* QEMU console emulation */ 1699 if (down) { 1700 switch (keycode) { 1701 case 0x2a: /* Left Shift */ 1702 case 0x36: /* Right Shift */ 1703 case 0x1d: /* Left CTRL */ 1704 case 0x9d: /* Right CTRL */ 1705 case 0x38: /* Left ALT */ 1706 case 0xb8: /* Right ALT */ 1707 break; 1708 case 0xc8: 1709 kbd_put_keysym(QEMU_KEY_UP); 1710 break; 1711 case 0xd0: 1712 kbd_put_keysym(QEMU_KEY_DOWN); 1713 break; 1714 case 0xcb: 1715 kbd_put_keysym(QEMU_KEY_LEFT); 1716 break; 1717 case 0xcd: 1718 kbd_put_keysym(QEMU_KEY_RIGHT); 1719 break; 1720 case 0xd3: 1721 kbd_put_keysym(QEMU_KEY_DELETE); 1722 break; 1723 case 0xc7: 1724 kbd_put_keysym(QEMU_KEY_HOME); 1725 break; 1726 case 0xcf: 1727 kbd_put_keysym(QEMU_KEY_END); 1728 break; 1729 case 0xc9: 1730 kbd_put_keysym(QEMU_KEY_PAGEUP); 1731 break; 1732 case 0xd1: 1733 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1734 break; 1735 1736 case 0x47: 1737 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1738 break; 1739 case 0x48: 1740 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1741 break; 1742 case 0x49: 1743 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1744 break; 1745 case 0x4b: 1746 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1747 break; 1748 case 0x4c: 1749 kbd_put_keysym('5'); 1750 break; 1751 case 0x4d: 1752 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1753 break; 1754 case 0x4f: 1755 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1756 break; 1757 case 0x50: 1758 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1759 break; 1760 case 0x51: 1761 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1762 break; 1763 case 0x52: 1764 kbd_put_keysym('0'); 1765 break; 1766 case 0x53: 1767 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1768 break; 1769 1770 case 0xb5: 1771 kbd_put_keysym('/'); 1772 break; 1773 case 0x37: 1774 kbd_put_keysym('*'); 1775 break; 1776 case 0x4a: 1777 kbd_put_keysym('-'); 1778 break; 1779 case 0x4e: 1780 kbd_put_keysym('+'); 1781 break; 1782 case 0x9c: 1783 kbd_put_keysym('\n'); 1784 break; 1785 1786 default: 1787 if (control) { 1788 kbd_put_keysym(sym & 0x1f); 1789 } else { 1790 kbd_put_keysym(sym); 1791 } 1792 break; 1793 } 1794 } 1795 } 1796 } 1797 1798 static void vnc_release_modifiers(VncState *vs) 1799 { 1800 static const int keycodes[] = { 1801 /* shift, control, alt keys, both left & right */ 1802 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1803 }; 1804 int i, keycode; 1805 1806 if (!qemu_console_is_graphic(NULL)) { 1807 return; 1808 } 1809 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1810 keycode = keycodes[i]; 1811 if (!vs->modifiers_state[keycode]) { 1812 continue; 1813 } 1814 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1815 } 1816 } 1817 1818 static void key_event(VncState *vs, int down, uint32_t sym) 1819 { 1820 int keycode; 1821 int lsym = sym; 1822 1823 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1824 lsym = lsym - 'A' + 'a'; 1825 } 1826 1827 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1828 do_key_event(vs, down, keycode, sym); 1829 } 1830 1831 static void ext_key_event(VncState *vs, int down, 1832 uint32_t sym, uint16_t keycode) 1833 { 1834 /* if the user specifies a keyboard layout, always use it */ 1835 if (keyboard_layout) 1836 key_event(vs, down, sym); 1837 else 1838 do_key_event(vs, down, keycode, sym); 1839 } 1840 1841 static void framebuffer_update_request(VncState *vs, int incremental, 1842 int x_position, int y_position, 1843 int w, int h) 1844 { 1845 int i; 1846 const size_t width = surface_width(vs->vd->ds) / VNC_DIRTY_PIXELS_PER_BIT; 1847 const size_t height = surface_height(vs->vd->ds); 1848 1849 if (y_position > height) { 1850 y_position = height; 1851 } 1852 if (y_position + h >= height) { 1853 h = height - y_position; 1854 } 1855 1856 vs->need_update = 1; 1857 if (!incremental) { 1858 vs->force_update = 1; 1859 for (i = 0; i < h; i++) { 1860 bitmap_set(vs->dirty[y_position + i], 0, width); 1861 bitmap_clear(vs->dirty[y_position + i], width, 1862 VNC_DIRTY_BITS - width); 1863 } 1864 } 1865 } 1866 1867 static void send_ext_key_event_ack(VncState *vs) 1868 { 1869 vnc_lock_output(vs); 1870 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1871 vnc_write_u8(vs, 0); 1872 vnc_write_u16(vs, 1); 1873 vnc_framebuffer_update(vs, 0, 0, 1874 surface_width(vs->vd->ds), 1875 surface_height(vs->vd->ds), 1876 VNC_ENCODING_EXT_KEY_EVENT); 1877 vnc_unlock_output(vs); 1878 vnc_flush(vs); 1879 } 1880 1881 static void send_ext_audio_ack(VncState *vs) 1882 { 1883 vnc_lock_output(vs); 1884 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1885 vnc_write_u8(vs, 0); 1886 vnc_write_u16(vs, 1); 1887 vnc_framebuffer_update(vs, 0, 0, 1888 surface_width(vs->vd->ds), 1889 surface_height(vs->vd->ds), 1890 VNC_ENCODING_AUDIO); 1891 vnc_unlock_output(vs); 1892 vnc_flush(vs); 1893 } 1894 1895 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1896 { 1897 int i; 1898 unsigned int enc = 0; 1899 1900 vs->features = 0; 1901 vs->vnc_encoding = 0; 1902 vs->tight.compression = 9; 1903 vs->tight.quality = -1; /* Lossless by default */ 1904 vs->absolute = -1; 1905 1906 /* 1907 * Start from the end because the encodings are sent in order of preference. 1908 * This way the preferred encoding (first encoding defined in the array) 1909 * will be set at the end of the loop. 1910 */ 1911 for (i = n_encodings - 1; i >= 0; i--) { 1912 enc = encodings[i]; 1913 switch (enc) { 1914 case VNC_ENCODING_RAW: 1915 vs->vnc_encoding = enc; 1916 break; 1917 case VNC_ENCODING_COPYRECT: 1918 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1919 break; 1920 case VNC_ENCODING_HEXTILE: 1921 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1922 vs->vnc_encoding = enc; 1923 break; 1924 case VNC_ENCODING_TIGHT: 1925 vs->features |= VNC_FEATURE_TIGHT_MASK; 1926 vs->vnc_encoding = enc; 1927 break; 1928 #ifdef CONFIG_VNC_PNG 1929 case VNC_ENCODING_TIGHT_PNG: 1930 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1931 vs->vnc_encoding = enc; 1932 break; 1933 #endif 1934 case VNC_ENCODING_ZLIB: 1935 vs->features |= VNC_FEATURE_ZLIB_MASK; 1936 vs->vnc_encoding = enc; 1937 break; 1938 case VNC_ENCODING_ZRLE: 1939 vs->features |= VNC_FEATURE_ZRLE_MASK; 1940 vs->vnc_encoding = enc; 1941 break; 1942 case VNC_ENCODING_ZYWRLE: 1943 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1944 vs->vnc_encoding = enc; 1945 break; 1946 case VNC_ENCODING_DESKTOPRESIZE: 1947 vs->features |= VNC_FEATURE_RESIZE_MASK; 1948 break; 1949 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1950 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1951 break; 1952 case VNC_ENCODING_RICH_CURSOR: 1953 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1954 break; 1955 case VNC_ENCODING_EXT_KEY_EVENT: 1956 send_ext_key_event_ack(vs); 1957 break; 1958 case VNC_ENCODING_AUDIO: 1959 send_ext_audio_ack(vs); 1960 break; 1961 case VNC_ENCODING_WMVi: 1962 vs->features |= VNC_FEATURE_WMVI_MASK; 1963 break; 1964 case VNC_ENCODING_LED_STATE: 1965 vs->features |= VNC_FEATURE_LED_STATE_MASK; 1966 break; 1967 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1968 vs->tight.compression = (enc & 0x0F); 1969 break; 1970 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1971 if (vs->vd->lossy) { 1972 vs->tight.quality = (enc & 0x0F); 1973 } 1974 break; 1975 default: 1976 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1977 break; 1978 } 1979 } 1980 vnc_desktop_resize(vs); 1981 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1982 vnc_led_state_change(vs); 1983 } 1984 1985 static void set_pixel_conversion(VncState *vs) 1986 { 1987 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 1988 1989 if (fmt == VNC_SERVER_FB_FORMAT) { 1990 vs->write_pixels = vnc_write_pixels_copy; 1991 vnc_hextile_set_pixel_conversion(vs, 0); 1992 } else { 1993 vs->write_pixels = vnc_write_pixels_generic; 1994 vnc_hextile_set_pixel_conversion(vs, 1); 1995 } 1996 } 1997 1998 static void set_pixel_format(VncState *vs, 1999 int bits_per_pixel, int depth, 2000 int big_endian_flag, int true_color_flag, 2001 int red_max, int green_max, int blue_max, 2002 int red_shift, int green_shift, int blue_shift) 2003 { 2004 if (!true_color_flag) { 2005 vnc_client_error(vs); 2006 return; 2007 } 2008 2009 vs->client_pf.rmax = red_max; 2010 vs->client_pf.rbits = hweight_long(red_max); 2011 vs->client_pf.rshift = red_shift; 2012 vs->client_pf.rmask = red_max << red_shift; 2013 vs->client_pf.gmax = green_max; 2014 vs->client_pf.gbits = hweight_long(green_max); 2015 vs->client_pf.gshift = green_shift; 2016 vs->client_pf.gmask = green_max << green_shift; 2017 vs->client_pf.bmax = blue_max; 2018 vs->client_pf.bbits = hweight_long(blue_max); 2019 vs->client_pf.bshift = blue_shift; 2020 vs->client_pf.bmask = blue_max << blue_shift; 2021 vs->client_pf.bits_per_pixel = bits_per_pixel; 2022 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2023 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2024 vs->client_be = big_endian_flag; 2025 2026 set_pixel_conversion(vs); 2027 2028 graphic_hw_invalidate(NULL); 2029 graphic_hw_update(NULL); 2030 } 2031 2032 static void pixel_format_message (VncState *vs) { 2033 char pad[3] = { 0, 0, 0 }; 2034 2035 vs->client_pf = qemu_default_pixelformat(32); 2036 2037 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2038 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2039 2040 #ifdef HOST_WORDS_BIGENDIAN 2041 vnc_write_u8(vs, 1); /* big-endian-flag */ 2042 #else 2043 vnc_write_u8(vs, 0); /* big-endian-flag */ 2044 #endif 2045 vnc_write_u8(vs, 1); /* true-color-flag */ 2046 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2047 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2048 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2049 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2050 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2051 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2052 vnc_write(vs, pad, 3); /* padding */ 2053 2054 vnc_hextile_set_pixel_conversion(vs, 0); 2055 vs->write_pixels = vnc_write_pixels_copy; 2056 } 2057 2058 static void vnc_colordepth(VncState *vs) 2059 { 2060 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2061 /* Sending a WMVi message to notify the client*/ 2062 vnc_lock_output(vs); 2063 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2064 vnc_write_u8(vs, 0); 2065 vnc_write_u16(vs, 1); /* number of rects */ 2066 vnc_framebuffer_update(vs, 0, 0, 2067 surface_width(vs->vd->ds), 2068 surface_height(vs->vd->ds), 2069 VNC_ENCODING_WMVi); 2070 pixel_format_message(vs); 2071 vnc_unlock_output(vs); 2072 vnc_flush(vs); 2073 } else { 2074 set_pixel_conversion(vs); 2075 } 2076 } 2077 2078 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2079 { 2080 int i; 2081 uint16_t limit; 2082 VncDisplay *vd = vs->vd; 2083 2084 if (data[0] > 3) { 2085 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2086 } 2087 2088 switch (data[0]) { 2089 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2090 if (len == 1) 2091 return 20; 2092 2093 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2094 read_u8(data, 6), read_u8(data, 7), 2095 read_u16(data, 8), read_u16(data, 10), 2096 read_u16(data, 12), read_u8(data, 14), 2097 read_u8(data, 15), read_u8(data, 16)); 2098 break; 2099 case VNC_MSG_CLIENT_SET_ENCODINGS: 2100 if (len == 1) 2101 return 4; 2102 2103 if (len == 4) { 2104 limit = read_u16(data, 2); 2105 if (limit > 0) 2106 return 4 + (limit * 4); 2107 } else 2108 limit = read_u16(data, 2); 2109 2110 for (i = 0; i < limit; i++) { 2111 int32_t val = read_s32(data, 4 + (i * 4)); 2112 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2113 } 2114 2115 set_encodings(vs, (int32_t *)(data + 4), limit); 2116 break; 2117 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2118 if (len == 1) 2119 return 10; 2120 2121 framebuffer_update_request(vs, 2122 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2123 read_u16(data, 6), read_u16(data, 8)); 2124 break; 2125 case VNC_MSG_CLIENT_KEY_EVENT: 2126 if (len == 1) 2127 return 8; 2128 2129 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2130 break; 2131 case VNC_MSG_CLIENT_POINTER_EVENT: 2132 if (len == 1) 2133 return 6; 2134 2135 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2136 break; 2137 case VNC_MSG_CLIENT_CUT_TEXT: 2138 if (len == 1) 2139 return 8; 2140 2141 if (len == 8) { 2142 uint32_t dlen = read_u32(data, 4); 2143 if (dlen > 0) 2144 return 8 + dlen; 2145 } 2146 2147 client_cut_text(vs, read_u32(data, 4), data + 8); 2148 break; 2149 case VNC_MSG_CLIENT_QEMU: 2150 if (len == 1) 2151 return 2; 2152 2153 switch (read_u8(data, 1)) { 2154 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2155 if (len == 2) 2156 return 12; 2157 2158 ext_key_event(vs, read_u16(data, 2), 2159 read_u32(data, 4), read_u32(data, 8)); 2160 break; 2161 case VNC_MSG_CLIENT_QEMU_AUDIO: 2162 if (len == 2) 2163 return 4; 2164 2165 switch (read_u16 (data, 2)) { 2166 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2167 audio_add(vs); 2168 break; 2169 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2170 audio_del(vs); 2171 break; 2172 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2173 if (len == 4) 2174 return 10; 2175 switch (read_u8(data, 4)) { 2176 case 0: vs->as.fmt = AUD_FMT_U8; break; 2177 case 1: vs->as.fmt = AUD_FMT_S8; break; 2178 case 2: vs->as.fmt = AUD_FMT_U16; break; 2179 case 3: vs->as.fmt = AUD_FMT_S16; break; 2180 case 4: vs->as.fmt = AUD_FMT_U32; break; 2181 case 5: vs->as.fmt = AUD_FMT_S32; break; 2182 default: 2183 printf("Invalid audio format %d\n", read_u8(data, 4)); 2184 vnc_client_error(vs); 2185 break; 2186 } 2187 vs->as.nchannels = read_u8(data, 5); 2188 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2189 printf("Invalid audio channel coount %d\n", 2190 read_u8(data, 5)); 2191 vnc_client_error(vs); 2192 break; 2193 } 2194 vs->as.freq = read_u32(data, 6); 2195 break; 2196 default: 2197 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2198 vnc_client_error(vs); 2199 break; 2200 } 2201 break; 2202 2203 default: 2204 printf("Msg: %d\n", read_u16(data, 0)); 2205 vnc_client_error(vs); 2206 break; 2207 } 2208 break; 2209 default: 2210 printf("Msg: %d\n", data[0]); 2211 vnc_client_error(vs); 2212 break; 2213 } 2214 2215 vnc_read_when(vs, protocol_client_msg, 1); 2216 return 0; 2217 } 2218 2219 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2220 { 2221 char buf[1024]; 2222 VncShareMode mode; 2223 int size; 2224 2225 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2226 switch (vs->vd->share_policy) { 2227 case VNC_SHARE_POLICY_IGNORE: 2228 /* 2229 * Ignore the shared flag. Nothing to do here. 2230 * 2231 * Doesn't conform to the rfb spec but is traditional qemu 2232 * behavior, thus left here as option for compatibility 2233 * reasons. 2234 */ 2235 break; 2236 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2237 /* 2238 * Policy: Allow clients ask for exclusive access. 2239 * 2240 * Implementation: When a client asks for exclusive access, 2241 * disconnect all others. Shared connects are allowed as long 2242 * as no exclusive connection exists. 2243 * 2244 * This is how the rfb spec suggests to handle the shared flag. 2245 */ 2246 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2247 VncState *client; 2248 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2249 if (vs == client) { 2250 continue; 2251 } 2252 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2253 client->share_mode != VNC_SHARE_MODE_SHARED) { 2254 continue; 2255 } 2256 vnc_disconnect_start(client); 2257 } 2258 } 2259 if (mode == VNC_SHARE_MODE_SHARED) { 2260 if (vs->vd->num_exclusive > 0) { 2261 vnc_disconnect_start(vs); 2262 return 0; 2263 } 2264 } 2265 break; 2266 case VNC_SHARE_POLICY_FORCE_SHARED: 2267 /* 2268 * Policy: Shared connects only. 2269 * Implementation: Disallow clients asking for exclusive access. 2270 * 2271 * Useful for shared desktop sessions where you don't want 2272 * someone forgetting to say -shared when running the vnc 2273 * client disconnect everybody else. 2274 */ 2275 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2276 vnc_disconnect_start(vs); 2277 return 0; 2278 } 2279 break; 2280 } 2281 vnc_set_share_mode(vs, mode); 2282 2283 vs->client_width = surface_width(vs->vd->ds); 2284 vs->client_height = surface_height(vs->vd->ds); 2285 vnc_write_u16(vs, vs->client_width); 2286 vnc_write_u16(vs, vs->client_height); 2287 2288 pixel_format_message(vs); 2289 2290 if (qemu_name) 2291 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2292 else 2293 size = snprintf(buf, sizeof(buf), "QEMU"); 2294 2295 vnc_write_u32(vs, size); 2296 vnc_write(vs, buf, size); 2297 vnc_flush(vs); 2298 2299 vnc_client_cache_auth(vs); 2300 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2301 2302 vnc_read_when(vs, protocol_client_msg, 1); 2303 2304 return 0; 2305 } 2306 2307 void start_client_init(VncState *vs) 2308 { 2309 vnc_read_when(vs, protocol_client_init, 1); 2310 } 2311 2312 static void make_challenge(VncState *vs) 2313 { 2314 int i; 2315 2316 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2317 2318 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2319 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2320 } 2321 2322 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2323 { 2324 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2325 int i, j, pwlen; 2326 unsigned char key[8]; 2327 time_t now = time(NULL); 2328 2329 if (!vs->vd->password) { 2330 VNC_DEBUG("No password configured on server"); 2331 goto reject; 2332 } 2333 if (vs->vd->expires < now) { 2334 VNC_DEBUG("Password is expired"); 2335 goto reject; 2336 } 2337 2338 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2339 2340 /* Calculate the expected challenge response */ 2341 pwlen = strlen(vs->vd->password); 2342 for (i=0; i<sizeof(key); i++) 2343 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2344 deskey(key, EN0); 2345 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2346 des(response+j, response+j); 2347 2348 /* Compare expected vs actual challenge response */ 2349 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2350 VNC_DEBUG("Client challenge response did not match\n"); 2351 goto reject; 2352 } else { 2353 VNC_DEBUG("Accepting VNC challenge response\n"); 2354 vnc_write_u32(vs, 0); /* Accept auth */ 2355 vnc_flush(vs); 2356 2357 start_client_init(vs); 2358 } 2359 return 0; 2360 2361 reject: 2362 vnc_write_u32(vs, 1); /* Reject auth */ 2363 if (vs->minor >= 8) { 2364 static const char err[] = "Authentication failed"; 2365 vnc_write_u32(vs, sizeof(err)); 2366 vnc_write(vs, err, sizeof(err)); 2367 } 2368 vnc_flush(vs); 2369 vnc_client_error(vs); 2370 return 0; 2371 } 2372 2373 void start_auth_vnc(VncState *vs) 2374 { 2375 make_challenge(vs); 2376 /* Send client a 'random' challenge */ 2377 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2378 vnc_flush(vs); 2379 2380 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2381 } 2382 2383 2384 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2385 { 2386 /* We only advertise 1 auth scheme at a time, so client 2387 * must pick the one we sent. Verify this */ 2388 if (data[0] != vs->auth) { /* Reject auth */ 2389 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2390 vnc_write_u32(vs, 1); 2391 if (vs->minor >= 8) { 2392 static const char err[] = "Authentication failed"; 2393 vnc_write_u32(vs, sizeof(err)); 2394 vnc_write(vs, err, sizeof(err)); 2395 } 2396 vnc_client_error(vs); 2397 } else { /* Accept requested auth */ 2398 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2399 switch (vs->auth) { 2400 case VNC_AUTH_NONE: 2401 VNC_DEBUG("Accept auth none\n"); 2402 if (vs->minor >= 8) { 2403 vnc_write_u32(vs, 0); /* Accept auth completion */ 2404 vnc_flush(vs); 2405 } 2406 start_client_init(vs); 2407 break; 2408 2409 case VNC_AUTH_VNC: 2410 VNC_DEBUG("Start VNC auth\n"); 2411 start_auth_vnc(vs); 2412 break; 2413 2414 #ifdef CONFIG_VNC_TLS 2415 case VNC_AUTH_VENCRYPT: 2416 VNC_DEBUG("Accept VeNCrypt auth\n"); 2417 start_auth_vencrypt(vs); 2418 break; 2419 #endif /* CONFIG_VNC_TLS */ 2420 2421 #ifdef CONFIG_VNC_SASL 2422 case VNC_AUTH_SASL: 2423 VNC_DEBUG("Accept SASL auth\n"); 2424 start_auth_sasl(vs); 2425 break; 2426 #endif /* CONFIG_VNC_SASL */ 2427 2428 default: /* Should not be possible, but just in case */ 2429 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2430 vnc_write_u8(vs, 1); 2431 if (vs->minor >= 8) { 2432 static const char err[] = "Authentication failed"; 2433 vnc_write_u32(vs, sizeof(err)); 2434 vnc_write(vs, err, sizeof(err)); 2435 } 2436 vnc_client_error(vs); 2437 } 2438 } 2439 return 0; 2440 } 2441 2442 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2443 { 2444 char local[13]; 2445 2446 memcpy(local, version, 12); 2447 local[12] = 0; 2448 2449 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2450 VNC_DEBUG("Malformed protocol version %s\n", local); 2451 vnc_client_error(vs); 2452 return 0; 2453 } 2454 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2455 if (vs->major != 3 || 2456 (vs->minor != 3 && 2457 vs->minor != 4 && 2458 vs->minor != 5 && 2459 vs->minor != 7 && 2460 vs->minor != 8)) { 2461 VNC_DEBUG("Unsupported client version\n"); 2462 vnc_write_u32(vs, VNC_AUTH_INVALID); 2463 vnc_flush(vs); 2464 vnc_client_error(vs); 2465 return 0; 2466 } 2467 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2468 * as equivalent to v3.3 by servers 2469 */ 2470 if (vs->minor == 4 || vs->minor == 5) 2471 vs->minor = 3; 2472 2473 if (vs->minor == 3) { 2474 if (vs->auth == VNC_AUTH_NONE) { 2475 VNC_DEBUG("Tell client auth none\n"); 2476 vnc_write_u32(vs, vs->auth); 2477 vnc_flush(vs); 2478 start_client_init(vs); 2479 } else if (vs->auth == VNC_AUTH_VNC) { 2480 VNC_DEBUG("Tell client VNC auth\n"); 2481 vnc_write_u32(vs, vs->auth); 2482 vnc_flush(vs); 2483 start_auth_vnc(vs); 2484 } else { 2485 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2486 vnc_write_u32(vs, VNC_AUTH_INVALID); 2487 vnc_flush(vs); 2488 vnc_client_error(vs); 2489 } 2490 } else { 2491 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2492 vnc_write_u8(vs, 1); /* num auth */ 2493 vnc_write_u8(vs, vs->auth); 2494 vnc_read_when(vs, protocol_client_auth, 1); 2495 vnc_flush(vs); 2496 } 2497 2498 return 0; 2499 } 2500 2501 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2502 { 2503 struct VncSurface *vs = &vd->guest; 2504 2505 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2506 } 2507 2508 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2509 { 2510 int i, j; 2511 2512 w = (x + w) / VNC_STAT_RECT; 2513 h = (y + h) / VNC_STAT_RECT; 2514 x /= VNC_STAT_RECT; 2515 y /= VNC_STAT_RECT; 2516 2517 for (j = y; j <= h; j++) { 2518 for (i = x; i <= w; i++) { 2519 vs->lossy_rect[j][i] = 1; 2520 } 2521 } 2522 } 2523 2524 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2525 { 2526 VncState *vs; 2527 int sty = y / VNC_STAT_RECT; 2528 int stx = x / VNC_STAT_RECT; 2529 int has_dirty = 0; 2530 2531 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2532 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2533 2534 QTAILQ_FOREACH(vs, &vd->clients, next) { 2535 int j; 2536 2537 /* kernel send buffers are full -> refresh later */ 2538 if (vs->output.offset) { 2539 continue; 2540 } 2541 2542 if (!vs->lossy_rect[sty][stx]) { 2543 continue; 2544 } 2545 2546 vs->lossy_rect[sty][stx] = 0; 2547 for (j = 0; j < VNC_STAT_RECT; ++j) { 2548 bitmap_set(vs->dirty[y + j], 2549 x / VNC_DIRTY_PIXELS_PER_BIT, 2550 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2551 } 2552 has_dirty++; 2553 } 2554 2555 return has_dirty; 2556 } 2557 2558 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2559 { 2560 int width = pixman_image_get_width(vd->guest.fb); 2561 int height = pixman_image_get_height(vd->guest.fb); 2562 int x, y; 2563 struct timeval res; 2564 int has_dirty = 0; 2565 2566 for (y = 0; y < height; y += VNC_STAT_RECT) { 2567 for (x = 0; x < width; x += VNC_STAT_RECT) { 2568 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2569 2570 rect->updated = false; 2571 } 2572 } 2573 2574 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2575 2576 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2577 return has_dirty; 2578 } 2579 vd->guest.last_freq_check = *tv; 2580 2581 for (y = 0; y < height; y += VNC_STAT_RECT) { 2582 for (x = 0; x < width; x += VNC_STAT_RECT) { 2583 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2584 int count = ARRAY_SIZE(rect->times); 2585 struct timeval min, max; 2586 2587 if (!timerisset(&rect->times[count - 1])) { 2588 continue ; 2589 } 2590 2591 max = rect->times[(rect->idx + count - 1) % count]; 2592 qemu_timersub(tv, &max, &res); 2593 2594 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2595 rect->freq = 0; 2596 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2597 memset(rect->times, 0, sizeof (rect->times)); 2598 continue ; 2599 } 2600 2601 min = rect->times[rect->idx]; 2602 max = rect->times[(rect->idx + count - 1) % count]; 2603 qemu_timersub(&max, &min, &res); 2604 2605 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2606 rect->freq /= count; 2607 rect->freq = 1. / rect->freq; 2608 } 2609 } 2610 return has_dirty; 2611 } 2612 2613 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2614 { 2615 int i, j; 2616 double total = 0; 2617 int num = 0; 2618 2619 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2620 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2621 2622 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2623 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2624 total += vnc_stat_rect(vs->vd, i, j)->freq; 2625 num++; 2626 } 2627 } 2628 2629 if (num) { 2630 return total / num; 2631 } else { 2632 return 0; 2633 } 2634 } 2635 2636 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2637 { 2638 VncRectStat *rect; 2639 2640 rect = vnc_stat_rect(vd, x, y); 2641 if (rect->updated) { 2642 return ; 2643 } 2644 rect->times[rect->idx] = *tv; 2645 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2646 rect->updated = true; 2647 } 2648 2649 static int vnc_refresh_server_surface(VncDisplay *vd) 2650 { 2651 int width = pixman_image_get_width(vd->guest.fb); 2652 int height = pixman_image_get_height(vd->guest.fb); 2653 int y; 2654 uint8_t *guest_row0 = NULL, *server_row0; 2655 int guest_stride = 0, server_stride; 2656 int cmp_bytes; 2657 VncState *vs; 2658 int has_dirty = 0; 2659 pixman_image_t *tmpbuf = NULL; 2660 2661 struct timeval tv = { 0, 0 }; 2662 2663 if (!vd->non_adaptive) { 2664 gettimeofday(&tv, NULL); 2665 has_dirty = vnc_update_stats(vd, &tv); 2666 } 2667 2668 /* 2669 * Walk through the guest dirty map. 2670 * Check and copy modified bits from guest to server surface. 2671 * Update server dirty map. 2672 */ 2673 cmp_bytes = VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES; 2674 if (cmp_bytes > vnc_server_fb_stride(vd)) { 2675 cmp_bytes = vnc_server_fb_stride(vd); 2676 } 2677 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2678 int width = pixman_image_get_width(vd->server); 2679 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2680 } else { 2681 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2682 guest_stride = pixman_image_get_stride(vd->guest.fb); 2683 } 2684 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2685 server_stride = pixman_image_get_stride(vd->server); 2686 2687 y = 0; 2688 for (;;) { 2689 int x; 2690 uint8_t *guest_ptr, *server_ptr; 2691 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2692 height * VNC_DIRTY_BPL(&vd->guest), 2693 y * VNC_DIRTY_BPL(&vd->guest)); 2694 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2695 /* no more dirty bits */ 2696 break; 2697 } 2698 y = offset / VNC_DIRTY_BPL(&vd->guest); 2699 x = offset % VNC_DIRTY_BPL(&vd->guest); 2700 2701 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2702 2703 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2704 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2705 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2706 } else { 2707 guest_ptr = guest_row0 + y * guest_stride; 2708 } 2709 guest_ptr += x * cmp_bytes; 2710 2711 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2712 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2713 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2714 continue; 2715 } 2716 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) { 2717 continue; 2718 } 2719 memcpy(server_ptr, guest_ptr, cmp_bytes); 2720 if (!vd->non_adaptive) { 2721 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2722 y, &tv); 2723 } 2724 QTAILQ_FOREACH(vs, &vd->clients, next) { 2725 set_bit(x, vs->dirty[y]); 2726 } 2727 has_dirty++; 2728 } 2729 2730 y++; 2731 } 2732 qemu_pixman_image_unref(tmpbuf); 2733 return has_dirty; 2734 } 2735 2736 static void vnc_refresh(DisplayChangeListener *dcl) 2737 { 2738 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2739 VncState *vs, *vn; 2740 int has_dirty, rects = 0; 2741 2742 graphic_hw_update(NULL); 2743 2744 if (vnc_trylock_display(vd)) { 2745 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2746 return; 2747 } 2748 2749 has_dirty = vnc_refresh_server_surface(vd); 2750 vnc_unlock_display(vd); 2751 2752 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2753 rects += vnc_update_client(vs, has_dirty, false); 2754 /* vs might be free()ed here */ 2755 } 2756 2757 if (QTAILQ_EMPTY(&vd->clients)) { 2758 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2759 return; 2760 } 2761 2762 if (has_dirty && rects) { 2763 vd->dcl.update_interval /= 2; 2764 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2765 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2766 } 2767 } else { 2768 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2769 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2770 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2771 } 2772 } 2773 } 2774 2775 static void vnc_connect(VncDisplay *vd, int csock, 2776 bool skipauth, bool websocket) 2777 { 2778 VncState *vs = g_malloc0(sizeof(VncState)); 2779 int i; 2780 2781 vs->csock = csock; 2782 2783 if (skipauth) { 2784 vs->auth = VNC_AUTH_NONE; 2785 #ifdef CONFIG_VNC_TLS 2786 vs->subauth = VNC_AUTH_INVALID; 2787 #endif 2788 } else { 2789 vs->auth = vd->auth; 2790 #ifdef CONFIG_VNC_TLS 2791 vs->subauth = vd->subauth; 2792 #endif 2793 } 2794 2795 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2796 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2797 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2798 } 2799 2800 VNC_DEBUG("New client on socket %d\n", csock); 2801 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2802 qemu_set_nonblock(vs->csock); 2803 #ifdef CONFIG_VNC_WS 2804 if (websocket) { 2805 vs->websocket = 1; 2806 #ifdef CONFIG_VNC_TLS 2807 if (vd->tls.x509cert) { 2808 qemu_set_fd_handler2(vs->csock, NULL, vncws_tls_handshake_peek, 2809 NULL, vs); 2810 } else 2811 #endif /* CONFIG_VNC_TLS */ 2812 { 2813 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, 2814 NULL, vs); 2815 } 2816 } else 2817 #endif /* CONFIG_VNC_WS */ 2818 { 2819 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2820 } 2821 2822 vnc_client_cache_addr(vs); 2823 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2824 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2825 2826 vs->vd = vd; 2827 2828 #ifdef CONFIG_VNC_WS 2829 if (!vs->websocket) 2830 #endif 2831 { 2832 vnc_init_state(vs); 2833 } 2834 } 2835 2836 void vnc_init_state(VncState *vs) 2837 { 2838 vs->initialized = true; 2839 VncDisplay *vd = vs->vd; 2840 2841 vs->last_x = -1; 2842 vs->last_y = -1; 2843 2844 vs->as.freq = 44100; 2845 vs->as.nchannels = 2; 2846 vs->as.fmt = AUD_FMT_S16; 2847 vs->as.endianness = 0; 2848 2849 qemu_mutex_init(&vs->output_mutex); 2850 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2851 2852 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2853 2854 graphic_hw_update(NULL); 2855 2856 vnc_write(vs, "RFB 003.008\n", 12); 2857 vnc_flush(vs); 2858 vnc_read_when(vs, protocol_version, 12); 2859 reset_keys(vs); 2860 if (vs->vd->lock_key_sync) 2861 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2862 2863 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2864 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2865 2866 /* vs might be free()ed here */ 2867 } 2868 2869 static void vnc_listen_read(void *opaque, bool websocket) 2870 { 2871 VncDisplay *vs = opaque; 2872 struct sockaddr_in addr; 2873 socklen_t addrlen = sizeof(addr); 2874 int csock; 2875 2876 /* Catch-up */ 2877 graphic_hw_update(NULL); 2878 #ifdef CONFIG_VNC_WS 2879 if (websocket) { 2880 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 2881 } else 2882 #endif /* CONFIG_VNC_WS */ 2883 { 2884 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2885 } 2886 2887 if (csock != -1) { 2888 vnc_connect(vs, csock, false, websocket); 2889 } 2890 } 2891 2892 static void vnc_listen_regular_read(void *opaque) 2893 { 2894 vnc_listen_read(opaque, false); 2895 } 2896 2897 #ifdef CONFIG_VNC_WS 2898 static void vnc_listen_websocket_read(void *opaque) 2899 { 2900 vnc_listen_read(opaque, true); 2901 } 2902 #endif /* CONFIG_VNC_WS */ 2903 2904 static const DisplayChangeListenerOps dcl_ops = { 2905 .dpy_name = "vnc", 2906 .dpy_refresh = vnc_refresh, 2907 .dpy_gfx_copy = vnc_dpy_copy, 2908 .dpy_gfx_update = vnc_dpy_update, 2909 .dpy_gfx_switch = vnc_dpy_switch, 2910 .dpy_mouse_set = vnc_mouse_set, 2911 .dpy_cursor_define = vnc_dpy_cursor_define, 2912 }; 2913 2914 void vnc_display_init(DisplayState *ds) 2915 { 2916 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2917 2918 vnc_display = vs; 2919 2920 vs->lsock = -1; 2921 #ifdef CONFIG_VNC_WS 2922 vs->lwebsock = -1; 2923 #endif 2924 2925 QTAILQ_INIT(&vs->clients); 2926 vs->expires = TIME_MAX; 2927 2928 if (keyboard_layout) 2929 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2930 else 2931 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2932 2933 if (!vs->kbd_layout) 2934 exit(1); 2935 2936 qemu_mutex_init(&vs->mutex); 2937 vnc_start_worker_thread(); 2938 2939 vs->dcl.ops = &dcl_ops; 2940 register_displaychangelistener(&vs->dcl); 2941 } 2942 2943 2944 static void vnc_display_close(DisplayState *ds) 2945 { 2946 VncDisplay *vs = vnc_display; 2947 2948 if (!vs) 2949 return; 2950 if (vs->display) { 2951 g_free(vs->display); 2952 vs->display = NULL; 2953 } 2954 if (vs->lsock != -1) { 2955 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2956 close(vs->lsock); 2957 vs->lsock = -1; 2958 } 2959 #ifdef CONFIG_VNC_WS 2960 g_free(vs->ws_display); 2961 vs->ws_display = NULL; 2962 if (vs->lwebsock != -1) { 2963 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL); 2964 close(vs->lwebsock); 2965 vs->lwebsock = -1; 2966 } 2967 #endif /* CONFIG_VNC_WS */ 2968 vs->auth = VNC_AUTH_INVALID; 2969 #ifdef CONFIG_VNC_TLS 2970 vs->subauth = VNC_AUTH_INVALID; 2971 vs->tls.x509verify = 0; 2972 #endif 2973 } 2974 2975 static int vnc_display_disable_login(DisplayState *ds) 2976 { 2977 VncDisplay *vs = vnc_display; 2978 2979 if (!vs) { 2980 return -1; 2981 } 2982 2983 if (vs->password) { 2984 g_free(vs->password); 2985 } 2986 2987 vs->password = NULL; 2988 if (vs->auth == VNC_AUTH_NONE) { 2989 vs->auth = VNC_AUTH_VNC; 2990 } 2991 2992 return 0; 2993 } 2994 2995 int vnc_display_password(DisplayState *ds, const char *password) 2996 { 2997 VncDisplay *vs = vnc_display; 2998 2999 if (!vs) { 3000 return -EINVAL; 3001 } 3002 3003 if (!password) { 3004 /* This is not the intention of this interface but err on the side 3005 of being safe */ 3006 return vnc_display_disable_login(ds); 3007 } 3008 3009 if (vs->password) { 3010 g_free(vs->password); 3011 vs->password = NULL; 3012 } 3013 vs->password = g_strdup(password); 3014 if (vs->auth == VNC_AUTH_NONE) { 3015 vs->auth = VNC_AUTH_VNC; 3016 } 3017 3018 return 0; 3019 } 3020 3021 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 3022 { 3023 VncDisplay *vs = vnc_display; 3024 3025 if (!vs) { 3026 return -EINVAL; 3027 } 3028 3029 vs->expires = expires; 3030 return 0; 3031 } 3032 3033 char *vnc_display_local_addr(DisplayState *ds) 3034 { 3035 VncDisplay *vs = vnc_display; 3036 3037 return vnc_socket_local_addr("%s:%s", vs->lsock); 3038 } 3039 3040 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 3041 { 3042 VncDisplay *vs = vnc_display; 3043 const char *options; 3044 int password = 0; 3045 int reverse = 0; 3046 #ifdef CONFIG_VNC_TLS 3047 int tls = 0, x509 = 0; 3048 #endif 3049 #ifdef CONFIG_VNC_SASL 3050 int sasl = 0; 3051 int saslErr; 3052 #endif 3053 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3054 int acl = 0; 3055 #endif 3056 int lock_key_sync = 1; 3057 3058 if (!vnc_display) { 3059 error_setg(errp, "VNC display not active"); 3060 return; 3061 } 3062 vnc_display_close(ds); 3063 if (strcmp(display, "none") == 0) 3064 return; 3065 3066 vs->display = g_strdup(display); 3067 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3068 3069 options = display; 3070 while ((options = strchr(options, ','))) { 3071 options++; 3072 if (strncmp(options, "password", 8) == 0) { 3073 if (fips_get_state()) { 3074 error_setg(errp, 3075 "VNC password auth disabled due to FIPS mode, " 3076 "consider using the VeNCrypt or SASL authentication " 3077 "methods as an alternative"); 3078 goto fail; 3079 } 3080 password = 1; /* Require password auth */ 3081 } else if (strncmp(options, "reverse", 7) == 0) { 3082 reverse = 1; 3083 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 3084 lock_key_sync = 0; 3085 #ifdef CONFIG_VNC_SASL 3086 } else if (strncmp(options, "sasl", 4) == 0) { 3087 sasl = 1; /* Require SASL auth */ 3088 #endif 3089 #ifdef CONFIG_VNC_WS 3090 } else if (strncmp(options, "websocket", 9) == 0) { 3091 char *start, *end; 3092 vs->websocket = 1; 3093 3094 /* Check for 'websocket=<port>' */ 3095 start = strchr(options, '='); 3096 end = strchr(options, ','); 3097 if (start && (!end || (start < end))) { 3098 int len = end ? end-(start+1) : strlen(start+1); 3099 if (len < 6) { 3100 /* extract the host specification from display */ 3101 char *host = NULL, *port = NULL, *host_end = NULL; 3102 port = g_strndup(start + 1, len); 3103 3104 /* ipv6 hosts have colons */ 3105 end = strchr(display, ','); 3106 host_end = g_strrstr_len(display, end - display, ":"); 3107 3108 if (host_end) { 3109 host = g_strndup(display, host_end - display + 1); 3110 } else { 3111 host = g_strndup(":", 1); 3112 } 3113 vs->ws_display = g_strconcat(host, port, NULL); 3114 g_free(host); 3115 g_free(port); 3116 } 3117 } 3118 #endif /* CONFIG_VNC_WS */ 3119 #ifdef CONFIG_VNC_TLS 3120 } else if (strncmp(options, "tls", 3) == 0) { 3121 tls = 1; /* Require TLS */ 3122 } else if (strncmp(options, "x509", 4) == 0) { 3123 char *start, *end; 3124 x509 = 1; /* Require x509 certificates */ 3125 if (strncmp(options, "x509verify", 10) == 0) 3126 vs->tls.x509verify = 1; /* ...and verify client certs */ 3127 3128 /* Now check for 'x509=/some/path' postfix 3129 * and use that to setup x509 certificate/key paths */ 3130 start = strchr(options, '='); 3131 end = strchr(options, ','); 3132 if (start && (!end || (start < end))) { 3133 int len = end ? end-(start+1) : strlen(start+1); 3134 char *path = g_strndup(start + 1, len); 3135 3136 VNC_DEBUG("Trying certificate path '%s'\n", path); 3137 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3138 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 3139 g_free(path); 3140 goto fail; 3141 } 3142 g_free(path); 3143 } else { 3144 error_setg(errp, "No certificate path provided"); 3145 goto fail; 3146 } 3147 #endif 3148 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3149 } else if (strncmp(options, "acl", 3) == 0) { 3150 acl = 1; 3151 #endif 3152 } else if (strncmp(options, "lossy", 5) == 0) { 3153 #ifdef CONFIG_VNC_JPEG 3154 vs->lossy = true; 3155 #endif 3156 } else if (strncmp(options, "non-adaptive", 12) == 0) { 3157 vs->non_adaptive = true; 3158 } else if (strncmp(options, "share=", 6) == 0) { 3159 if (strncmp(options+6, "ignore", 6) == 0) { 3160 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3161 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 3162 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3163 } else if (strncmp(options+6, "force-shared", 12) == 0) { 3164 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3165 } else { 3166 error_setg(errp, "unknown vnc share= option"); 3167 goto fail; 3168 } 3169 } 3170 } 3171 3172 /* adaptive updates are only used with tight encoding and 3173 * if lossy updates are enabled so we can disable all the 3174 * calculations otherwise */ 3175 if (!vs->lossy) { 3176 vs->non_adaptive = true; 3177 } 3178 3179 #ifdef CONFIG_VNC_TLS 3180 if (acl && x509 && vs->tls.x509verify) { 3181 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 3182 fprintf(stderr, "Failed to create x509 dname ACL\n"); 3183 exit(1); 3184 } 3185 } 3186 #endif 3187 #ifdef CONFIG_VNC_SASL 3188 if (acl && sasl) { 3189 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 3190 fprintf(stderr, "Failed to create username ACL\n"); 3191 exit(1); 3192 } 3193 } 3194 #endif 3195 3196 /* 3197 * Combinations we support here: 3198 * 3199 * - no-auth (clear text, no auth) 3200 * - password (clear text, weak auth) 3201 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 3202 * - tls (encrypt, weak anonymous creds, no auth) 3203 * - tls + password (encrypt, weak anonymous creds, weak auth) 3204 * - tls + sasl (encrypt, weak anonymous creds, good auth) 3205 * - tls + x509 (encrypt, good x509 creds, no auth) 3206 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 3207 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 3208 * 3209 * NB1. TLS is a stackable auth scheme. 3210 * NB2. the x509 schemes have option to validate a client cert dname 3211 */ 3212 if (password) { 3213 #ifdef CONFIG_VNC_TLS 3214 if (tls) { 3215 vs->auth = VNC_AUTH_VENCRYPT; 3216 if (x509) { 3217 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3218 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3219 } else { 3220 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3221 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3222 } 3223 } else { 3224 #endif /* CONFIG_VNC_TLS */ 3225 VNC_DEBUG("Initializing VNC server with password auth\n"); 3226 vs->auth = VNC_AUTH_VNC; 3227 #ifdef CONFIG_VNC_TLS 3228 vs->subauth = VNC_AUTH_INVALID; 3229 } 3230 #endif /* CONFIG_VNC_TLS */ 3231 #ifdef CONFIG_VNC_SASL 3232 } else if (sasl) { 3233 #ifdef CONFIG_VNC_TLS 3234 if (tls) { 3235 vs->auth = VNC_AUTH_VENCRYPT; 3236 if (x509) { 3237 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3238 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3239 } else { 3240 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3241 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3242 } 3243 } else { 3244 #endif /* CONFIG_VNC_TLS */ 3245 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3246 vs->auth = VNC_AUTH_SASL; 3247 #ifdef CONFIG_VNC_TLS 3248 vs->subauth = VNC_AUTH_INVALID; 3249 } 3250 #endif /* CONFIG_VNC_TLS */ 3251 #endif /* CONFIG_VNC_SASL */ 3252 } else { 3253 #ifdef CONFIG_VNC_TLS 3254 if (tls) { 3255 vs->auth = VNC_AUTH_VENCRYPT; 3256 if (x509) { 3257 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3258 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3259 } else { 3260 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3261 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3262 } 3263 } else { 3264 #endif 3265 VNC_DEBUG("Initializing VNC server with no auth\n"); 3266 vs->auth = VNC_AUTH_NONE; 3267 #ifdef CONFIG_VNC_TLS 3268 vs->subauth = VNC_AUTH_INVALID; 3269 } 3270 #endif 3271 } 3272 3273 #ifdef CONFIG_VNC_SASL 3274 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3275 error_setg(errp, "Failed to initialize SASL auth: %s", 3276 sasl_errstring(saslErr, NULL, NULL)); 3277 goto fail; 3278 } 3279 #endif 3280 vs->lock_key_sync = lock_key_sync; 3281 3282 if (reverse) { 3283 /* connect to viewer */ 3284 int csock; 3285 vs->lsock = -1; 3286 #ifdef CONFIG_VNC_WS 3287 vs->lwebsock = -1; 3288 #endif 3289 if (strncmp(display, "unix:", 5) == 0) { 3290 csock = unix_connect(display+5, errp); 3291 } else { 3292 csock = inet_connect(display, errp); 3293 } 3294 if (csock < 0) { 3295 goto fail; 3296 } 3297 vnc_connect(vs, csock, false, false); 3298 } else { 3299 /* listen for connects */ 3300 char *dpy; 3301 dpy = g_malloc(256); 3302 if (strncmp(display, "unix:", 5) == 0) { 3303 pstrcpy(dpy, 256, "unix:"); 3304 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3305 } else { 3306 vs->lsock = inet_listen(display, dpy, 256, 3307 SOCK_STREAM, 5900, errp); 3308 if (vs->lsock < 0) { 3309 g_free(dpy); 3310 goto fail; 3311 } 3312 #ifdef CONFIG_VNC_WS 3313 if (vs->websocket) { 3314 if (vs->ws_display) { 3315 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256, 3316 SOCK_STREAM, 0, errp); 3317 } else { 3318 vs->lwebsock = inet_listen(vs->display, NULL, 256, 3319 SOCK_STREAM, 5700, errp); 3320 } 3321 3322 if (vs->lwebsock < 0) { 3323 if (vs->lsock) { 3324 close(vs->lsock); 3325 vs->lsock = -1; 3326 } 3327 g_free(dpy); 3328 goto fail; 3329 } 3330 } 3331 #endif /* CONFIG_VNC_WS */ 3332 } 3333 g_free(vs->display); 3334 vs->display = dpy; 3335 qemu_set_fd_handler2(vs->lsock, NULL, 3336 vnc_listen_regular_read, NULL, vs); 3337 #ifdef CONFIG_VNC_WS 3338 if (vs->websocket) { 3339 qemu_set_fd_handler2(vs->lwebsock, NULL, 3340 vnc_listen_websocket_read, NULL, vs); 3341 } 3342 #endif /* CONFIG_VNC_WS */ 3343 } 3344 return; 3345 3346 fail: 3347 g_free(vs->display); 3348 vs->display = NULL; 3349 #ifdef CONFIG_VNC_WS 3350 g_free(vs->ws_display); 3351 vs->ws_display = NULL; 3352 #endif /* CONFIG_VNC_WS */ 3353 } 3354 3355 void vnc_display_add_client(DisplayState *ds, int csock, bool skipauth) 3356 { 3357 VncDisplay *vs = vnc_display; 3358 3359 vnc_connect(vs, csock, skipauth, false); 3360 } 3361