1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu.h" 30 #include "qemu/sockets.h" 31 #include "qemu/timer.h" 32 #include "qemu/acl.h" 33 #include "qapi/qmp/types.h" 34 #include "qmp-commands.h" 35 #include "qemu/osdep.h" 36 37 #define VNC_REFRESH_INTERVAL_BASE 30 38 #define VNC_REFRESH_INTERVAL_INC 50 39 #define VNC_REFRESH_INTERVAL_MAX 2000 40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 42 43 #include "vnc_keysym.h" 44 #include "d3des.h" 45 46 static VncDisplay *vnc_display; /* needed for info vnc */ 47 static DisplayChangeListener *dcl; 48 49 static int vnc_cursor_define(VncState *vs); 50 static void vnc_release_modifiers(VncState *vs); 51 52 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 53 { 54 #ifdef _VNC_DEBUG 55 static const char *mn[] = { 56 [0] = "undefined", 57 [VNC_SHARE_MODE_CONNECTING] = "connecting", 58 [VNC_SHARE_MODE_SHARED] = "shared", 59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 61 }; 62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 63 vs->csock, mn[vs->share_mode], mn[mode]); 64 #endif 65 66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 67 vs->vd->num_exclusive--; 68 } 69 vs->share_mode = mode; 70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 71 vs->vd->num_exclusive++; 72 } 73 } 74 75 static char *addr_to_string(const char *format, 76 struct sockaddr_storage *sa, 77 socklen_t salen) { 78 char *addr; 79 char host[NI_MAXHOST]; 80 char serv[NI_MAXSERV]; 81 int err; 82 size_t addrlen; 83 84 if ((err = getnameinfo((struct sockaddr *)sa, salen, 85 host, sizeof(host), 86 serv, sizeof(serv), 87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 88 VNC_DEBUG("Cannot resolve address %d: %s\n", 89 err, gai_strerror(err)); 90 return NULL; 91 } 92 93 /* Enough for the existing format + the 2 vars we're 94 * substituting in. */ 95 addrlen = strlen(format) + strlen(host) + strlen(serv); 96 addr = g_malloc(addrlen + 1); 97 snprintf(addr, addrlen, format, host, serv); 98 addr[addrlen] = '\0'; 99 100 return addr; 101 } 102 103 104 char *vnc_socket_local_addr(const char *format, int fd) { 105 struct sockaddr_storage sa; 106 socklen_t salen; 107 108 salen = sizeof(sa); 109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 110 return NULL; 111 112 return addr_to_string(format, &sa, salen); 113 } 114 115 char *vnc_socket_remote_addr(const char *format, int fd) { 116 struct sockaddr_storage sa; 117 socklen_t salen; 118 119 salen = sizeof(sa); 120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 121 return NULL; 122 123 return addr_to_string(format, &sa, salen); 124 } 125 126 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 127 socklen_t salen) 128 { 129 char host[NI_MAXHOST]; 130 char serv[NI_MAXSERV]; 131 int err; 132 133 if ((err = getnameinfo((struct sockaddr *)sa, salen, 134 host, sizeof(host), 135 serv, sizeof(serv), 136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 137 VNC_DEBUG("Cannot resolve address %d: %s\n", 138 err, gai_strerror(err)); 139 return -1; 140 } 141 142 qdict_put(qdict, "host", qstring_from_str(host)); 143 qdict_put(qdict, "service", qstring_from_str(serv)); 144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 145 146 return 0; 147 } 148 149 static int vnc_server_addr_put(QDict *qdict, int fd) 150 { 151 struct sockaddr_storage sa; 152 socklen_t salen; 153 154 salen = sizeof(sa); 155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 156 return -1; 157 } 158 159 return put_addr_qdict(qdict, &sa, salen); 160 } 161 162 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 163 { 164 struct sockaddr_storage sa; 165 socklen_t salen; 166 167 salen = sizeof(sa); 168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 169 return -1; 170 } 171 172 return put_addr_qdict(qdict, &sa, salen); 173 } 174 175 static const char *vnc_auth_name(VncDisplay *vd) { 176 switch (vd->auth) { 177 case VNC_AUTH_INVALID: 178 return "invalid"; 179 case VNC_AUTH_NONE: 180 return "none"; 181 case VNC_AUTH_VNC: 182 return "vnc"; 183 case VNC_AUTH_RA2: 184 return "ra2"; 185 case VNC_AUTH_RA2NE: 186 return "ra2ne"; 187 case VNC_AUTH_TIGHT: 188 return "tight"; 189 case VNC_AUTH_ULTRA: 190 return "ultra"; 191 case VNC_AUTH_TLS: 192 return "tls"; 193 case VNC_AUTH_VENCRYPT: 194 #ifdef CONFIG_VNC_TLS 195 switch (vd->subauth) { 196 case VNC_AUTH_VENCRYPT_PLAIN: 197 return "vencrypt+plain"; 198 case VNC_AUTH_VENCRYPT_TLSNONE: 199 return "vencrypt+tls+none"; 200 case VNC_AUTH_VENCRYPT_TLSVNC: 201 return "vencrypt+tls+vnc"; 202 case VNC_AUTH_VENCRYPT_TLSPLAIN: 203 return "vencrypt+tls+plain"; 204 case VNC_AUTH_VENCRYPT_X509NONE: 205 return "vencrypt+x509+none"; 206 case VNC_AUTH_VENCRYPT_X509VNC: 207 return "vencrypt+x509+vnc"; 208 case VNC_AUTH_VENCRYPT_X509PLAIN: 209 return "vencrypt+x509+plain"; 210 case VNC_AUTH_VENCRYPT_TLSSASL: 211 return "vencrypt+tls+sasl"; 212 case VNC_AUTH_VENCRYPT_X509SASL: 213 return "vencrypt+x509+sasl"; 214 default: 215 return "vencrypt"; 216 } 217 #else 218 return "vencrypt"; 219 #endif 220 case VNC_AUTH_SASL: 221 return "sasl"; 222 } 223 return "unknown"; 224 } 225 226 static int vnc_server_info_put(QDict *qdict) 227 { 228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 229 return -1; 230 } 231 232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 233 return 0; 234 } 235 236 static void vnc_client_cache_auth(VncState *client) 237 { 238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 239 QDict *qdict; 240 #endif 241 242 if (!client->info) { 243 return; 244 } 245 246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 247 qdict = qobject_to_qdict(client->info); 248 #endif 249 250 #ifdef CONFIG_VNC_TLS 251 if (client->tls.session && 252 client->tls.dname) { 253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 254 } 255 #endif 256 #ifdef CONFIG_VNC_SASL 257 if (client->sasl.conn && 258 client->sasl.username) { 259 qdict_put(qdict, "sasl_username", 260 qstring_from_str(client->sasl.username)); 261 } 262 #endif 263 } 264 265 static void vnc_client_cache_addr(VncState *client) 266 { 267 QDict *qdict; 268 269 qdict = qdict_new(); 270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 271 QDECREF(qdict); 272 /* XXX: how to report the error? */ 273 return; 274 } 275 276 client->info = QOBJECT(qdict); 277 } 278 279 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 280 { 281 QDict *server; 282 QObject *data; 283 284 if (!vs->info) { 285 return; 286 } 287 288 server = qdict_new(); 289 if (vnc_server_info_put(server) < 0) { 290 QDECREF(server); 291 return; 292 } 293 294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 295 vs->info, QOBJECT(server)); 296 297 monitor_protocol_event(event, data); 298 299 qobject_incref(vs->info); 300 qobject_decref(data); 301 } 302 303 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 304 { 305 struct sockaddr_storage sa; 306 socklen_t salen = sizeof(sa); 307 char host[NI_MAXHOST]; 308 char serv[NI_MAXSERV]; 309 VncClientInfo *info; 310 311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 312 return NULL; 313 } 314 315 if (getnameinfo((struct sockaddr *)&sa, salen, 316 host, sizeof(host), 317 serv, sizeof(serv), 318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 319 return NULL; 320 } 321 322 info = g_malloc0(sizeof(*info)); 323 info->host = g_strdup(host); 324 info->service = g_strdup(serv); 325 info->family = g_strdup(inet_strfamily(sa.ss_family)); 326 327 #ifdef CONFIG_VNC_TLS 328 if (client->tls.session && client->tls.dname) { 329 info->has_x509_dname = true; 330 info->x509_dname = g_strdup(client->tls.dname); 331 } 332 #endif 333 #ifdef CONFIG_VNC_SASL 334 if (client->sasl.conn && client->sasl.username) { 335 info->has_sasl_username = true; 336 info->sasl_username = g_strdup(client->sasl.username); 337 } 338 #endif 339 340 return info; 341 } 342 343 VncInfo *qmp_query_vnc(Error **errp) 344 { 345 VncInfo *info = g_malloc0(sizeof(*info)); 346 347 if (vnc_display == NULL || vnc_display->display == NULL) { 348 info->enabled = false; 349 } else { 350 VncClientInfoList *cur_item = NULL; 351 struct sockaddr_storage sa; 352 socklen_t salen = sizeof(sa); 353 char host[NI_MAXHOST]; 354 char serv[NI_MAXSERV]; 355 VncState *client; 356 357 info->enabled = true; 358 359 /* for compatibility with the original command */ 360 info->has_clients = true; 361 362 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 364 cinfo->value = qmp_query_vnc_client(client); 365 366 /* XXX: waiting for the qapi to support GSList */ 367 if (!cur_item) { 368 info->clients = cur_item = cinfo; 369 } else { 370 cur_item->next = cinfo; 371 cur_item = cinfo; 372 } 373 } 374 375 if (vnc_display->lsock == -1) { 376 return info; 377 } 378 379 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 380 &salen) == -1) { 381 error_set(errp, QERR_UNDEFINED_ERROR); 382 goto out_error; 383 } 384 385 if (getnameinfo((struct sockaddr *)&sa, salen, 386 host, sizeof(host), 387 serv, sizeof(serv), 388 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 389 error_set(errp, QERR_UNDEFINED_ERROR); 390 goto out_error; 391 } 392 393 info->has_host = true; 394 info->host = g_strdup(host); 395 396 info->has_service = true; 397 info->service = g_strdup(serv); 398 399 info->has_family = true; 400 info->family = g_strdup(inet_strfamily(sa.ss_family)); 401 402 info->has_auth = true; 403 info->auth = g_strdup(vnc_auth_name(vnc_display)); 404 } 405 406 return info; 407 408 out_error: 409 qapi_free_VncInfo(info); 410 return NULL; 411 } 412 413 /* TODO 414 1) Get the queue working for IO. 415 2) there is some weirdness when using the -S option (the screen is grey 416 and not totally invalidated 417 3) resolutions > 1024 418 */ 419 420 static int vnc_update_client(VncState *vs, int has_dirty); 421 static int vnc_update_client_sync(VncState *vs, int has_dirty); 422 static void vnc_disconnect_start(VncState *vs); 423 static void vnc_disconnect_finish(VncState *vs); 424 static void vnc_init_timer(VncDisplay *vd); 425 static void vnc_remove_timer(VncDisplay *vd); 426 427 static void vnc_colordepth(VncState *vs); 428 static void framebuffer_update_request(VncState *vs, int incremental, 429 int x_position, int y_position, 430 int w, int h); 431 static void vnc_refresh(void *opaque); 432 static int vnc_refresh_server_surface(VncDisplay *vd); 433 434 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h) 435 { 436 int i; 437 VncDisplay *vd = ds->opaque; 438 struct VncSurface *s = &vd->guest; 439 int width = ds_get_width(ds); 440 int height = ds_get_height(ds); 441 442 h += y; 443 444 /* round x down to ensure the loop only spans one 16-pixel block per, 445 iteration. otherwise, if (x % 16) != 0, the last iteration may span 446 two 16-pixel blocks but we only mark the first as dirty 447 */ 448 w += (x % 16); 449 x -= (x % 16); 450 451 x = MIN(x, width); 452 y = MIN(y, height); 453 w = MIN(x + w, width) - x; 454 h = MIN(h, height); 455 456 for (; y < h; y++) 457 for (i = 0; i < w; i += 16) 458 set_bit((x + i) / 16, s->dirty[y]); 459 } 460 461 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 462 int32_t encoding) 463 { 464 vnc_write_u16(vs, x); 465 vnc_write_u16(vs, y); 466 vnc_write_u16(vs, w); 467 vnc_write_u16(vs, h); 468 469 vnc_write_s32(vs, encoding); 470 } 471 472 void buffer_reserve(Buffer *buffer, size_t len) 473 { 474 if ((buffer->capacity - buffer->offset) < len) { 475 buffer->capacity += (len + 1024); 476 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 477 if (buffer->buffer == NULL) { 478 fprintf(stderr, "vnc: out of memory\n"); 479 exit(1); 480 } 481 } 482 } 483 484 static int buffer_empty(Buffer *buffer) 485 { 486 return buffer->offset == 0; 487 } 488 489 static uint8_t *buffer_end(Buffer *buffer) 490 { 491 return buffer->buffer + buffer->offset; 492 } 493 494 void buffer_reset(Buffer *buffer) 495 { 496 buffer->offset = 0; 497 } 498 499 void buffer_free(Buffer *buffer) 500 { 501 g_free(buffer->buffer); 502 buffer->offset = 0; 503 buffer->capacity = 0; 504 buffer->buffer = NULL; 505 } 506 507 void buffer_append(Buffer *buffer, const void *data, size_t len) 508 { 509 memcpy(buffer->buffer + buffer->offset, data, len); 510 buffer->offset += len; 511 } 512 513 static void vnc_desktop_resize(VncState *vs) 514 { 515 DisplayState *ds = vs->ds; 516 517 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 518 return; 519 } 520 if (vs->client_width == ds_get_width(ds) && 521 vs->client_height == ds_get_height(ds)) { 522 return; 523 } 524 vs->client_width = ds_get_width(ds); 525 vs->client_height = ds_get_height(ds); 526 vnc_lock_output(vs); 527 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 528 vnc_write_u8(vs, 0); 529 vnc_write_u16(vs, 1); /* number of rects */ 530 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 531 VNC_ENCODING_DESKTOPRESIZE); 532 vnc_unlock_output(vs); 533 vnc_flush(vs); 534 } 535 536 static void vnc_abort_display_jobs(VncDisplay *vd) 537 { 538 VncState *vs; 539 540 QTAILQ_FOREACH(vs, &vd->clients, next) { 541 vnc_lock_output(vs); 542 vs->abort = true; 543 vnc_unlock_output(vs); 544 } 545 QTAILQ_FOREACH(vs, &vd->clients, next) { 546 vnc_jobs_join(vs); 547 } 548 QTAILQ_FOREACH(vs, &vd->clients, next) { 549 vnc_lock_output(vs); 550 vs->abort = false; 551 vnc_unlock_output(vs); 552 } 553 } 554 555 int vnc_server_fb_stride(VncDisplay *vd) 556 { 557 return pixman_image_get_stride(vd->server); 558 } 559 560 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 561 { 562 uint8_t *ptr; 563 564 ptr = (uint8_t *)pixman_image_get_data(vd->server); 565 ptr += y * vnc_server_fb_stride(vd); 566 ptr += x * VNC_SERVER_FB_BYTES; 567 return ptr; 568 } 569 570 static void vnc_dpy_resize(DisplayState *ds) 571 { 572 VncDisplay *vd = ds->opaque; 573 VncState *vs; 574 575 vnc_abort_display_jobs(vd); 576 577 /* server surface */ 578 qemu_pixman_image_unref(vd->server); 579 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 580 ds_get_width(ds), 581 ds_get_height(ds), 582 NULL, 0); 583 584 /* guest surface */ 585 #if 0 /* FIXME */ 586 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 587 console_color_init(ds); 588 #endif 589 qemu_pixman_image_unref(vd->guest.fb); 590 vd->guest.fb = pixman_image_ref(ds->surface->image); 591 vd->guest.format = ds->surface->format; 592 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 593 594 QTAILQ_FOREACH(vs, &vd->clients, next) { 595 vnc_colordepth(vs); 596 vnc_desktop_resize(vs); 597 if (vs->vd->cursor) { 598 vnc_cursor_define(vs); 599 } 600 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 601 } 602 } 603 604 /* fastest code */ 605 static void vnc_write_pixels_copy(VncState *vs, 606 void *pixels, int size) 607 { 608 vnc_write(vs, pixels, size); 609 } 610 611 /* slowest but generic code. */ 612 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 613 { 614 uint8_t r, g, b; 615 616 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 617 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 618 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 619 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 620 #else 621 # error need some bits here if you change VNC_SERVER_FB_FORMAT 622 #endif 623 v = (r << vs->client_pf.rshift) | 624 (g << vs->client_pf.gshift) | 625 (b << vs->client_pf.bshift); 626 switch (vs->client_pf.bytes_per_pixel) { 627 case 1: 628 buf[0] = v; 629 break; 630 case 2: 631 if (vs->client_be) { 632 buf[0] = v >> 8; 633 buf[1] = v; 634 } else { 635 buf[1] = v >> 8; 636 buf[0] = v; 637 } 638 break; 639 default: 640 case 4: 641 if (vs->client_be) { 642 buf[0] = v >> 24; 643 buf[1] = v >> 16; 644 buf[2] = v >> 8; 645 buf[3] = v; 646 } else { 647 buf[3] = v >> 24; 648 buf[2] = v >> 16; 649 buf[1] = v >> 8; 650 buf[0] = v; 651 } 652 break; 653 } 654 } 655 656 static void vnc_write_pixels_generic(VncState *vs, 657 void *pixels1, int size) 658 { 659 uint8_t buf[4]; 660 661 if (VNC_SERVER_FB_BYTES == 4) { 662 uint32_t *pixels = pixels1; 663 int n, i; 664 n = size >> 2; 665 for (i = 0; i < n; i++) { 666 vnc_convert_pixel(vs, buf, pixels[i]); 667 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 668 } 669 } 670 } 671 672 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 673 { 674 int i; 675 uint8_t *row; 676 VncDisplay *vd = vs->vd; 677 678 row = vnc_server_fb_ptr(vd, x, y); 679 for (i = 0; i < h; i++) { 680 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 681 row += vnc_server_fb_stride(vd); 682 } 683 return 1; 684 } 685 686 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 687 { 688 int n = 0; 689 690 switch(vs->vnc_encoding) { 691 case VNC_ENCODING_ZLIB: 692 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 693 break; 694 case VNC_ENCODING_HEXTILE: 695 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 696 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 697 break; 698 case VNC_ENCODING_TIGHT: 699 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 700 break; 701 case VNC_ENCODING_TIGHT_PNG: 702 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 703 break; 704 case VNC_ENCODING_ZRLE: 705 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 706 break; 707 case VNC_ENCODING_ZYWRLE: 708 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 709 break; 710 default: 711 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 712 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 713 break; 714 } 715 return n; 716 } 717 718 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 719 { 720 /* send bitblit op to the vnc client */ 721 vnc_lock_output(vs); 722 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 723 vnc_write_u8(vs, 0); 724 vnc_write_u16(vs, 1); /* number of rects */ 725 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 726 vnc_write_u16(vs, src_x); 727 vnc_write_u16(vs, src_y); 728 vnc_unlock_output(vs); 729 vnc_flush(vs); 730 } 731 732 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 733 { 734 VncDisplay *vd = ds->opaque; 735 VncState *vs, *vn; 736 uint8_t *src_row; 737 uint8_t *dst_row; 738 int i, x, y, pitch, inc, w_lim, s; 739 int cmp_bytes; 740 741 vnc_refresh_server_surface(vd); 742 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 743 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 744 vs->force_update = 1; 745 vnc_update_client_sync(vs, 1); 746 /* vs might be free()ed here */ 747 } 748 } 749 750 /* do bitblit op on the local surface too */ 751 pitch = vnc_server_fb_stride(vd); 752 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 753 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 754 y = dst_y; 755 inc = 1; 756 if (dst_y > src_y) { 757 /* copy backwards */ 758 src_row += pitch * (h-1); 759 dst_row += pitch * (h-1); 760 pitch = -pitch; 761 y = dst_y + h - 1; 762 inc = -1; 763 } 764 w_lim = w - (16 - (dst_x % 16)); 765 if (w_lim < 0) 766 w_lim = w; 767 else 768 w_lim = w - (w_lim % 16); 769 for (i = 0; i < h; i++) { 770 for (x = 0; x <= w_lim; 771 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 772 if (x == w_lim) { 773 if ((s = w - w_lim) == 0) 774 break; 775 } else if (!x) { 776 s = (16 - (dst_x % 16)); 777 s = MIN(s, w_lim); 778 } else { 779 s = 16; 780 } 781 cmp_bytes = s * VNC_SERVER_FB_BYTES; 782 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 783 continue; 784 memmove(dst_row, src_row, cmp_bytes); 785 QTAILQ_FOREACH(vs, &vd->clients, next) { 786 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 787 set_bit(((x + dst_x) / 16), vs->dirty[y]); 788 } 789 } 790 } 791 src_row += pitch - w * VNC_SERVER_FB_BYTES; 792 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 793 y += inc; 794 } 795 796 QTAILQ_FOREACH(vs, &vd->clients, next) { 797 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 798 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 799 } 800 } 801 } 802 803 static void vnc_mouse_set(DisplayState *ds, int x, int y, int visible) 804 { 805 /* can we ask the client(s) to move the pointer ??? */ 806 } 807 808 static int vnc_cursor_define(VncState *vs) 809 { 810 QEMUCursor *c = vs->vd->cursor; 811 int isize; 812 813 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 814 vnc_lock_output(vs); 815 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 816 vnc_write_u8(vs, 0); /* padding */ 817 vnc_write_u16(vs, 1); /* # of rects */ 818 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 819 VNC_ENCODING_RICH_CURSOR); 820 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 821 vnc_write_pixels_generic(vs, c->data, isize); 822 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 823 vnc_unlock_output(vs); 824 return 0; 825 } 826 return -1; 827 } 828 829 static void vnc_dpy_cursor_define(DisplayState *ds, QEMUCursor *c) 830 { 831 VncDisplay *vd = vnc_display; 832 VncState *vs; 833 834 cursor_put(vd->cursor); 835 g_free(vd->cursor_mask); 836 837 vd->cursor = c; 838 cursor_get(vd->cursor); 839 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 840 vd->cursor_mask = g_malloc0(vd->cursor_msize); 841 cursor_get_mono_mask(c, 0, vd->cursor_mask); 842 843 QTAILQ_FOREACH(vs, &vd->clients, next) { 844 vnc_cursor_define(vs); 845 } 846 } 847 848 static int find_and_clear_dirty_height(struct VncState *vs, 849 int y, int last_x, int x, int height) 850 { 851 int h; 852 853 for (h = 1; h < (height - y); h++) { 854 int tmp_x; 855 if (!test_bit(last_x, vs->dirty[y + h])) { 856 break; 857 } 858 for (tmp_x = last_x; tmp_x < x; tmp_x++) { 859 clear_bit(tmp_x, vs->dirty[y + h]); 860 } 861 } 862 863 return h; 864 } 865 866 static int vnc_update_client_sync(VncState *vs, int has_dirty) 867 { 868 int ret = vnc_update_client(vs, has_dirty); 869 vnc_jobs_join(vs); 870 return ret; 871 } 872 873 static int vnc_update_client(VncState *vs, int has_dirty) 874 { 875 if (vs->need_update && vs->csock != -1) { 876 VncDisplay *vd = vs->vd; 877 VncJob *job; 878 int y; 879 int width, height; 880 int n = 0; 881 882 883 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 884 /* kernel send buffers are full -> drop frames to throttle */ 885 return 0; 886 887 if (!has_dirty && !vs->audio_cap && !vs->force_update) 888 return 0; 889 890 /* 891 * Send screen updates to the vnc client using the server 892 * surface and server dirty map. guest surface updates 893 * happening in parallel don't disturb us, the next pass will 894 * send them to the client. 895 */ 896 job = vnc_job_new(vs); 897 898 width = MIN(pixman_image_get_width(vd->server), vs->client_width); 899 height = MIN(pixman_image_get_height(vd->server), vs->client_height); 900 901 for (y = 0; y < height; y++) { 902 int x; 903 int last_x = -1; 904 for (x = 0; x < width / 16; x++) { 905 if (test_and_clear_bit(x, vs->dirty[y])) { 906 if (last_x == -1) { 907 last_x = x; 908 } 909 } else { 910 if (last_x != -1) { 911 int h = find_and_clear_dirty_height(vs, y, last_x, x, 912 height); 913 914 n += vnc_job_add_rect(job, last_x * 16, y, 915 (x - last_x) * 16, h); 916 } 917 last_x = -1; 918 } 919 } 920 if (last_x != -1) { 921 int h = find_and_clear_dirty_height(vs, y, last_x, x, height); 922 n += vnc_job_add_rect(job, last_x * 16, y, 923 (x - last_x) * 16, h); 924 } 925 } 926 927 vnc_job_push(job); 928 vs->force_update = 0; 929 return n; 930 } 931 932 if (vs->csock == -1) 933 vnc_disconnect_finish(vs); 934 935 return 0; 936 } 937 938 /* audio */ 939 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 940 { 941 VncState *vs = opaque; 942 943 switch (cmd) { 944 case AUD_CNOTIFY_DISABLE: 945 vnc_lock_output(vs); 946 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 947 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 948 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 949 vnc_unlock_output(vs); 950 vnc_flush(vs); 951 break; 952 953 case AUD_CNOTIFY_ENABLE: 954 vnc_lock_output(vs); 955 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 956 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 957 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 958 vnc_unlock_output(vs); 959 vnc_flush(vs); 960 break; 961 } 962 } 963 964 static void audio_capture_destroy(void *opaque) 965 { 966 } 967 968 static void audio_capture(void *opaque, void *buf, int size) 969 { 970 VncState *vs = opaque; 971 972 vnc_lock_output(vs); 973 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 974 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 975 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 976 vnc_write_u32(vs, size); 977 vnc_write(vs, buf, size); 978 vnc_unlock_output(vs); 979 vnc_flush(vs); 980 } 981 982 static void audio_add(VncState *vs) 983 { 984 struct audio_capture_ops ops; 985 986 if (vs->audio_cap) { 987 monitor_printf(default_mon, "audio already running\n"); 988 return; 989 } 990 991 ops.notify = audio_capture_notify; 992 ops.destroy = audio_capture_destroy; 993 ops.capture = audio_capture; 994 995 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 996 if (!vs->audio_cap) { 997 monitor_printf(default_mon, "Failed to add audio capture\n"); 998 } 999 } 1000 1001 static void audio_del(VncState *vs) 1002 { 1003 if (vs->audio_cap) { 1004 AUD_del_capture(vs->audio_cap, vs); 1005 vs->audio_cap = NULL; 1006 } 1007 } 1008 1009 static void vnc_disconnect_start(VncState *vs) 1010 { 1011 if (vs->csock == -1) 1012 return; 1013 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1014 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1015 closesocket(vs->csock); 1016 vs->csock = -1; 1017 } 1018 1019 static void vnc_disconnect_finish(VncState *vs) 1020 { 1021 int i; 1022 1023 vnc_jobs_join(vs); /* Wait encoding jobs */ 1024 1025 vnc_lock_output(vs); 1026 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1027 1028 buffer_free(&vs->input); 1029 buffer_free(&vs->output); 1030 1031 qobject_decref(vs->info); 1032 1033 vnc_zlib_clear(vs); 1034 vnc_tight_clear(vs); 1035 vnc_zrle_clear(vs); 1036 1037 #ifdef CONFIG_VNC_TLS 1038 vnc_tls_client_cleanup(vs); 1039 #endif /* CONFIG_VNC_TLS */ 1040 #ifdef CONFIG_VNC_SASL 1041 vnc_sasl_client_cleanup(vs); 1042 #endif /* CONFIG_VNC_SASL */ 1043 audio_del(vs); 1044 vnc_release_modifiers(vs); 1045 1046 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1047 1048 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1049 dcl->idle = 1; 1050 } 1051 1052 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1053 vnc_remove_timer(vs->vd); 1054 if (vs->vd->lock_key_sync) 1055 qemu_remove_led_event_handler(vs->led); 1056 vnc_unlock_output(vs); 1057 1058 qemu_mutex_destroy(&vs->output_mutex); 1059 qemu_bh_delete(vs->bh); 1060 buffer_free(&vs->jobs_buffer); 1061 1062 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1063 g_free(vs->lossy_rect[i]); 1064 } 1065 g_free(vs->lossy_rect); 1066 g_free(vs); 1067 } 1068 1069 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1070 { 1071 if (ret == 0 || ret == -1) { 1072 if (ret == -1) { 1073 switch (last_errno) { 1074 case EINTR: 1075 case EAGAIN: 1076 #ifdef _WIN32 1077 case WSAEWOULDBLOCK: 1078 #endif 1079 return 0; 1080 default: 1081 break; 1082 } 1083 } 1084 1085 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1086 ret, ret < 0 ? last_errno : 0); 1087 vnc_disconnect_start(vs); 1088 1089 return 0; 1090 } 1091 return ret; 1092 } 1093 1094 1095 void vnc_client_error(VncState *vs) 1096 { 1097 VNC_DEBUG("Closing down client sock: protocol error\n"); 1098 vnc_disconnect_start(vs); 1099 } 1100 1101 1102 /* 1103 * Called to write a chunk of data to the client socket. The data may 1104 * be the raw data, or may have already been encoded by SASL. 1105 * The data will be written either straight onto the socket, or 1106 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1107 * 1108 * NB, it is theoretically possible to have 2 layers of encryption, 1109 * both SASL, and this TLS layer. It is highly unlikely in practice 1110 * though, since SASL encryption will typically be a no-op if TLS 1111 * is active 1112 * 1113 * Returns the number of bytes written, which may be less than 1114 * the requested 'datalen' if the socket would block. Returns 1115 * -1 on error, and disconnects the client socket. 1116 */ 1117 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1118 { 1119 long ret; 1120 #ifdef CONFIG_VNC_TLS 1121 if (vs->tls.session) { 1122 ret = gnutls_write(vs->tls.session, data, datalen); 1123 if (ret < 0) { 1124 if (ret == GNUTLS_E_AGAIN) 1125 errno = EAGAIN; 1126 else 1127 errno = EIO; 1128 ret = -1; 1129 } 1130 } else 1131 #endif /* CONFIG_VNC_TLS */ 1132 ret = send(vs->csock, (const void *)data, datalen, 0); 1133 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1134 return vnc_client_io_error(vs, ret, socket_error()); 1135 } 1136 1137 1138 /* 1139 * Called to write buffered data to the client socket, when not 1140 * using any SASL SSF encryption layers. Will write as much data 1141 * as possible without blocking. If all buffered data is written, 1142 * will switch the FD poll() handler back to read monitoring. 1143 * 1144 * Returns the number of bytes written, which may be less than 1145 * the buffered output data if the socket would block. Returns 1146 * -1 on error, and disconnects the client socket. 1147 */ 1148 static long vnc_client_write_plain(VncState *vs) 1149 { 1150 long ret; 1151 1152 #ifdef CONFIG_VNC_SASL 1153 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1154 vs->output.buffer, vs->output.capacity, vs->output.offset, 1155 vs->sasl.waitWriteSSF); 1156 1157 if (vs->sasl.conn && 1158 vs->sasl.runSSF && 1159 vs->sasl.waitWriteSSF) { 1160 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1161 if (ret) 1162 vs->sasl.waitWriteSSF -= ret; 1163 } else 1164 #endif /* CONFIG_VNC_SASL */ 1165 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1166 if (!ret) 1167 return 0; 1168 1169 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret)); 1170 vs->output.offset -= ret; 1171 1172 if (vs->output.offset == 0) { 1173 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1174 } 1175 1176 return ret; 1177 } 1178 1179 1180 /* 1181 * First function called whenever there is data to be written to 1182 * the client socket. Will delegate actual work according to whether 1183 * SASL SSF layers are enabled (thus requiring encryption calls) 1184 */ 1185 static void vnc_client_write_locked(void *opaque) 1186 { 1187 VncState *vs = opaque; 1188 1189 #ifdef CONFIG_VNC_SASL 1190 if (vs->sasl.conn && 1191 vs->sasl.runSSF && 1192 !vs->sasl.waitWriteSSF) { 1193 vnc_client_write_sasl(vs); 1194 } else 1195 #endif /* CONFIG_VNC_SASL */ 1196 vnc_client_write_plain(vs); 1197 } 1198 1199 void vnc_client_write(void *opaque) 1200 { 1201 VncState *vs = opaque; 1202 1203 vnc_lock_output(vs); 1204 if (vs->output.offset) { 1205 vnc_client_write_locked(opaque); 1206 } else if (vs->csock != -1) { 1207 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1208 } 1209 vnc_unlock_output(vs); 1210 } 1211 1212 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1213 { 1214 vs->read_handler = func; 1215 vs->read_handler_expect = expecting; 1216 } 1217 1218 1219 /* 1220 * Called to read a chunk of data from the client socket. The data may 1221 * be the raw data, or may need to be further decoded by SASL. 1222 * The data will be read either straight from to the socket, or 1223 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1224 * 1225 * NB, it is theoretically possible to have 2 layers of encryption, 1226 * both SASL, and this TLS layer. It is highly unlikely in practice 1227 * though, since SASL encryption will typically be a no-op if TLS 1228 * is active 1229 * 1230 * Returns the number of bytes read, which may be less than 1231 * the requested 'datalen' if the socket would block. Returns 1232 * -1 on error, and disconnects the client socket. 1233 */ 1234 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1235 { 1236 long ret; 1237 #ifdef CONFIG_VNC_TLS 1238 if (vs->tls.session) { 1239 ret = gnutls_read(vs->tls.session, data, datalen); 1240 if (ret < 0) { 1241 if (ret == GNUTLS_E_AGAIN) 1242 errno = EAGAIN; 1243 else 1244 errno = EIO; 1245 ret = -1; 1246 } 1247 } else 1248 #endif /* CONFIG_VNC_TLS */ 1249 ret = qemu_recv(vs->csock, data, datalen, 0); 1250 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1251 return vnc_client_io_error(vs, ret, socket_error()); 1252 } 1253 1254 1255 /* 1256 * Called to read data from the client socket to the input buffer, 1257 * when not using any SASL SSF encryption layers. Will read as much 1258 * data as possible without blocking. 1259 * 1260 * Returns the number of bytes read. Returns -1 on error, and 1261 * disconnects the client socket. 1262 */ 1263 static long vnc_client_read_plain(VncState *vs) 1264 { 1265 int ret; 1266 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1267 vs->input.buffer, vs->input.capacity, vs->input.offset); 1268 buffer_reserve(&vs->input, 4096); 1269 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1270 if (!ret) 1271 return 0; 1272 vs->input.offset += ret; 1273 return ret; 1274 } 1275 1276 static void vnc_jobs_bh(void *opaque) 1277 { 1278 VncState *vs = opaque; 1279 1280 vnc_jobs_consume_buffer(vs); 1281 } 1282 1283 /* 1284 * First function called whenever there is more data to be read from 1285 * the client socket. Will delegate actual work according to whether 1286 * SASL SSF layers are enabled (thus requiring decryption calls) 1287 */ 1288 void vnc_client_read(void *opaque) 1289 { 1290 VncState *vs = opaque; 1291 long ret; 1292 1293 #ifdef CONFIG_VNC_SASL 1294 if (vs->sasl.conn && vs->sasl.runSSF) 1295 ret = vnc_client_read_sasl(vs); 1296 else 1297 #endif /* CONFIG_VNC_SASL */ 1298 ret = vnc_client_read_plain(vs); 1299 if (!ret) { 1300 if (vs->csock == -1) 1301 vnc_disconnect_finish(vs); 1302 return; 1303 } 1304 1305 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1306 size_t len = vs->read_handler_expect; 1307 int ret; 1308 1309 ret = vs->read_handler(vs, vs->input.buffer, len); 1310 if (vs->csock == -1) { 1311 vnc_disconnect_finish(vs); 1312 return; 1313 } 1314 1315 if (!ret) { 1316 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len)); 1317 vs->input.offset -= len; 1318 } else { 1319 vs->read_handler_expect = ret; 1320 } 1321 } 1322 } 1323 1324 void vnc_write(VncState *vs, const void *data, size_t len) 1325 { 1326 buffer_reserve(&vs->output, len); 1327 1328 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1329 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1330 } 1331 1332 buffer_append(&vs->output, data, len); 1333 } 1334 1335 void vnc_write_s32(VncState *vs, int32_t value) 1336 { 1337 vnc_write_u32(vs, *(uint32_t *)&value); 1338 } 1339 1340 void vnc_write_u32(VncState *vs, uint32_t value) 1341 { 1342 uint8_t buf[4]; 1343 1344 buf[0] = (value >> 24) & 0xFF; 1345 buf[1] = (value >> 16) & 0xFF; 1346 buf[2] = (value >> 8) & 0xFF; 1347 buf[3] = value & 0xFF; 1348 1349 vnc_write(vs, buf, 4); 1350 } 1351 1352 void vnc_write_u16(VncState *vs, uint16_t value) 1353 { 1354 uint8_t buf[2]; 1355 1356 buf[0] = (value >> 8) & 0xFF; 1357 buf[1] = value & 0xFF; 1358 1359 vnc_write(vs, buf, 2); 1360 } 1361 1362 void vnc_write_u8(VncState *vs, uint8_t value) 1363 { 1364 vnc_write(vs, (char *)&value, 1); 1365 } 1366 1367 void vnc_flush(VncState *vs) 1368 { 1369 vnc_lock_output(vs); 1370 if (vs->csock != -1 && vs->output.offset) { 1371 vnc_client_write_locked(vs); 1372 } 1373 vnc_unlock_output(vs); 1374 } 1375 1376 static uint8_t read_u8(uint8_t *data, size_t offset) 1377 { 1378 return data[offset]; 1379 } 1380 1381 static uint16_t read_u16(uint8_t *data, size_t offset) 1382 { 1383 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1384 } 1385 1386 static int32_t read_s32(uint8_t *data, size_t offset) 1387 { 1388 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1389 (data[offset + 2] << 8) | data[offset + 3]); 1390 } 1391 1392 uint32_t read_u32(uint8_t *data, size_t offset) 1393 { 1394 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1395 (data[offset + 2] << 8) | data[offset + 3]); 1396 } 1397 1398 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1399 { 1400 } 1401 1402 static void check_pointer_type_change(Notifier *notifier, void *data) 1403 { 1404 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1405 int absolute = kbd_mouse_is_absolute(); 1406 1407 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1408 vnc_lock_output(vs); 1409 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1410 vnc_write_u8(vs, 0); 1411 vnc_write_u16(vs, 1); 1412 vnc_framebuffer_update(vs, absolute, 0, 1413 ds_get_width(vs->ds), ds_get_height(vs->ds), 1414 VNC_ENCODING_POINTER_TYPE_CHANGE); 1415 vnc_unlock_output(vs); 1416 vnc_flush(vs); 1417 } 1418 vs->absolute = absolute; 1419 } 1420 1421 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1422 { 1423 int buttons = 0; 1424 int dz = 0; 1425 1426 if (button_mask & 0x01) 1427 buttons |= MOUSE_EVENT_LBUTTON; 1428 if (button_mask & 0x02) 1429 buttons |= MOUSE_EVENT_MBUTTON; 1430 if (button_mask & 0x04) 1431 buttons |= MOUSE_EVENT_RBUTTON; 1432 if (button_mask & 0x08) 1433 dz = -1; 1434 if (button_mask & 0x10) 1435 dz = 1; 1436 1437 if (vs->absolute) { 1438 kbd_mouse_event(ds_get_width(vs->ds) > 1 ? 1439 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000, 1440 ds_get_height(vs->ds) > 1 ? 1441 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000, 1442 dz, buttons); 1443 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1444 x -= 0x7FFF; 1445 y -= 0x7FFF; 1446 1447 kbd_mouse_event(x, y, dz, buttons); 1448 } else { 1449 if (vs->last_x != -1) 1450 kbd_mouse_event(x - vs->last_x, 1451 y - vs->last_y, 1452 dz, buttons); 1453 vs->last_x = x; 1454 vs->last_y = y; 1455 } 1456 } 1457 1458 static void reset_keys(VncState *vs) 1459 { 1460 int i; 1461 for(i = 0; i < 256; i++) { 1462 if (vs->modifiers_state[i]) { 1463 if (i & SCANCODE_GREY) 1464 kbd_put_keycode(SCANCODE_EMUL0); 1465 kbd_put_keycode(i | SCANCODE_UP); 1466 vs->modifiers_state[i] = 0; 1467 } 1468 } 1469 } 1470 1471 static void press_key(VncState *vs, int keysym) 1472 { 1473 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1474 if (keycode & SCANCODE_GREY) 1475 kbd_put_keycode(SCANCODE_EMUL0); 1476 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1477 if (keycode & SCANCODE_GREY) 1478 kbd_put_keycode(SCANCODE_EMUL0); 1479 kbd_put_keycode(keycode | SCANCODE_UP); 1480 } 1481 1482 static void kbd_leds(void *opaque, int ledstate) 1483 { 1484 VncState *vs = opaque; 1485 int caps, num; 1486 1487 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1488 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1489 1490 if (vs->modifiers_state[0x3a] != caps) { 1491 vs->modifiers_state[0x3a] = caps; 1492 } 1493 if (vs->modifiers_state[0x45] != num) { 1494 vs->modifiers_state[0x45] = num; 1495 } 1496 } 1497 1498 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1499 { 1500 /* QEMU console switch */ 1501 switch(keycode) { 1502 case 0x2a: /* Left Shift */ 1503 case 0x36: /* Right Shift */ 1504 case 0x1d: /* Left CTRL */ 1505 case 0x9d: /* Right CTRL */ 1506 case 0x38: /* Left ALT */ 1507 case 0xb8: /* Right ALT */ 1508 if (down) 1509 vs->modifiers_state[keycode] = 1; 1510 else 1511 vs->modifiers_state[keycode] = 0; 1512 break; 1513 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1514 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1515 /* Reset the modifiers sent to the current console */ 1516 reset_keys(vs); 1517 console_select(keycode - 0x02); 1518 return; 1519 } 1520 break; 1521 case 0x3a: /* CapsLock */ 1522 case 0x45: /* NumLock */ 1523 if (down) 1524 vs->modifiers_state[keycode] ^= 1; 1525 break; 1526 } 1527 1528 if (down && vs->vd->lock_key_sync && 1529 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1530 /* If the numlock state needs to change then simulate an additional 1531 keypress before sending this one. This will happen if the user 1532 toggles numlock away from the VNC window. 1533 */ 1534 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1535 if (!vs->modifiers_state[0x45]) { 1536 vs->modifiers_state[0x45] = 1; 1537 press_key(vs, 0xff7f); 1538 } 1539 } else { 1540 if (vs->modifiers_state[0x45]) { 1541 vs->modifiers_state[0x45] = 0; 1542 press_key(vs, 0xff7f); 1543 } 1544 } 1545 } 1546 1547 if (down && vs->vd->lock_key_sync && 1548 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1549 /* If the capslock state needs to change then simulate an additional 1550 keypress before sending this one. This will happen if the user 1551 toggles capslock away from the VNC window. 1552 */ 1553 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1554 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1555 int capslock = !!(vs->modifiers_state[0x3a]); 1556 if (capslock) { 1557 if (uppercase == shift) { 1558 vs->modifiers_state[0x3a] = 0; 1559 press_key(vs, 0xffe5); 1560 } 1561 } else { 1562 if (uppercase != shift) { 1563 vs->modifiers_state[0x3a] = 1; 1564 press_key(vs, 0xffe5); 1565 } 1566 } 1567 } 1568 1569 if (is_graphic_console()) { 1570 if (keycode & SCANCODE_GREY) 1571 kbd_put_keycode(SCANCODE_EMUL0); 1572 if (down) 1573 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1574 else 1575 kbd_put_keycode(keycode | SCANCODE_UP); 1576 } else { 1577 bool numlock = vs->modifiers_state[0x45]; 1578 bool control = (vs->modifiers_state[0x1d] || 1579 vs->modifiers_state[0x9d]); 1580 /* QEMU console emulation */ 1581 if (down) { 1582 switch (keycode) { 1583 case 0x2a: /* Left Shift */ 1584 case 0x36: /* Right Shift */ 1585 case 0x1d: /* Left CTRL */ 1586 case 0x9d: /* Right CTRL */ 1587 case 0x38: /* Left ALT */ 1588 case 0xb8: /* Right ALT */ 1589 break; 1590 case 0xc8: 1591 kbd_put_keysym(QEMU_KEY_UP); 1592 break; 1593 case 0xd0: 1594 kbd_put_keysym(QEMU_KEY_DOWN); 1595 break; 1596 case 0xcb: 1597 kbd_put_keysym(QEMU_KEY_LEFT); 1598 break; 1599 case 0xcd: 1600 kbd_put_keysym(QEMU_KEY_RIGHT); 1601 break; 1602 case 0xd3: 1603 kbd_put_keysym(QEMU_KEY_DELETE); 1604 break; 1605 case 0xc7: 1606 kbd_put_keysym(QEMU_KEY_HOME); 1607 break; 1608 case 0xcf: 1609 kbd_put_keysym(QEMU_KEY_END); 1610 break; 1611 case 0xc9: 1612 kbd_put_keysym(QEMU_KEY_PAGEUP); 1613 break; 1614 case 0xd1: 1615 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1616 break; 1617 1618 case 0x47: 1619 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1620 break; 1621 case 0x48: 1622 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1623 break; 1624 case 0x49: 1625 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1626 break; 1627 case 0x4b: 1628 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1629 break; 1630 case 0x4c: 1631 kbd_put_keysym('5'); 1632 break; 1633 case 0x4d: 1634 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1635 break; 1636 case 0x4f: 1637 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1638 break; 1639 case 0x50: 1640 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1641 break; 1642 case 0x51: 1643 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1644 break; 1645 case 0x52: 1646 kbd_put_keysym('0'); 1647 break; 1648 case 0x53: 1649 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1650 break; 1651 1652 case 0xb5: 1653 kbd_put_keysym('/'); 1654 break; 1655 case 0x37: 1656 kbd_put_keysym('*'); 1657 break; 1658 case 0x4a: 1659 kbd_put_keysym('-'); 1660 break; 1661 case 0x4e: 1662 kbd_put_keysym('+'); 1663 break; 1664 case 0x9c: 1665 kbd_put_keysym('\n'); 1666 break; 1667 1668 default: 1669 if (control) { 1670 kbd_put_keysym(sym & 0x1f); 1671 } else { 1672 kbd_put_keysym(sym); 1673 } 1674 break; 1675 } 1676 } 1677 } 1678 } 1679 1680 static void vnc_release_modifiers(VncState *vs) 1681 { 1682 static const int keycodes[] = { 1683 /* shift, control, alt keys, both left & right */ 1684 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1685 }; 1686 int i, keycode; 1687 1688 if (!is_graphic_console()) { 1689 return; 1690 } 1691 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1692 keycode = keycodes[i]; 1693 if (!vs->modifiers_state[keycode]) { 1694 continue; 1695 } 1696 if (keycode & SCANCODE_GREY) { 1697 kbd_put_keycode(SCANCODE_EMUL0); 1698 } 1699 kbd_put_keycode(keycode | SCANCODE_UP); 1700 } 1701 } 1702 1703 static void key_event(VncState *vs, int down, uint32_t sym) 1704 { 1705 int keycode; 1706 int lsym = sym; 1707 1708 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) { 1709 lsym = lsym - 'A' + 'a'; 1710 } 1711 1712 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1713 do_key_event(vs, down, keycode, sym); 1714 } 1715 1716 static void ext_key_event(VncState *vs, int down, 1717 uint32_t sym, uint16_t keycode) 1718 { 1719 /* if the user specifies a keyboard layout, always use it */ 1720 if (keyboard_layout) 1721 key_event(vs, down, sym); 1722 else 1723 do_key_event(vs, down, keycode, sym); 1724 } 1725 1726 static void framebuffer_update_request(VncState *vs, int incremental, 1727 int x_position, int y_position, 1728 int w, int h) 1729 { 1730 int i; 1731 const size_t width = ds_get_width(vs->ds) / 16; 1732 1733 if (y_position > ds_get_height(vs->ds)) 1734 y_position = ds_get_height(vs->ds); 1735 if (y_position + h >= ds_get_height(vs->ds)) 1736 h = ds_get_height(vs->ds) - y_position; 1737 1738 vs->need_update = 1; 1739 if (!incremental) { 1740 vs->force_update = 1; 1741 for (i = 0; i < h; i++) { 1742 bitmap_set(vs->dirty[y_position + i], 0, width); 1743 bitmap_clear(vs->dirty[y_position + i], width, 1744 VNC_DIRTY_BITS - width); 1745 } 1746 } 1747 } 1748 1749 static void send_ext_key_event_ack(VncState *vs) 1750 { 1751 vnc_lock_output(vs); 1752 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1753 vnc_write_u8(vs, 0); 1754 vnc_write_u16(vs, 1); 1755 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1756 VNC_ENCODING_EXT_KEY_EVENT); 1757 vnc_unlock_output(vs); 1758 vnc_flush(vs); 1759 } 1760 1761 static void send_ext_audio_ack(VncState *vs) 1762 { 1763 vnc_lock_output(vs); 1764 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1765 vnc_write_u8(vs, 0); 1766 vnc_write_u16(vs, 1); 1767 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1768 VNC_ENCODING_AUDIO); 1769 vnc_unlock_output(vs); 1770 vnc_flush(vs); 1771 } 1772 1773 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1774 { 1775 int i; 1776 unsigned int enc = 0; 1777 1778 vs->features = 0; 1779 vs->vnc_encoding = 0; 1780 vs->tight.compression = 9; 1781 vs->tight.quality = -1; /* Lossless by default */ 1782 vs->absolute = -1; 1783 1784 /* 1785 * Start from the end because the encodings are sent in order of preference. 1786 * This way the preferred encoding (first encoding defined in the array) 1787 * will be set at the end of the loop. 1788 */ 1789 for (i = n_encodings - 1; i >= 0; i--) { 1790 enc = encodings[i]; 1791 switch (enc) { 1792 case VNC_ENCODING_RAW: 1793 vs->vnc_encoding = enc; 1794 break; 1795 case VNC_ENCODING_COPYRECT: 1796 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1797 break; 1798 case VNC_ENCODING_HEXTILE: 1799 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1800 vs->vnc_encoding = enc; 1801 break; 1802 case VNC_ENCODING_TIGHT: 1803 vs->features |= VNC_FEATURE_TIGHT_MASK; 1804 vs->vnc_encoding = enc; 1805 break; 1806 #ifdef CONFIG_VNC_PNG 1807 case VNC_ENCODING_TIGHT_PNG: 1808 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1809 vs->vnc_encoding = enc; 1810 break; 1811 #endif 1812 case VNC_ENCODING_ZLIB: 1813 vs->features |= VNC_FEATURE_ZLIB_MASK; 1814 vs->vnc_encoding = enc; 1815 break; 1816 case VNC_ENCODING_ZRLE: 1817 vs->features |= VNC_FEATURE_ZRLE_MASK; 1818 vs->vnc_encoding = enc; 1819 break; 1820 case VNC_ENCODING_ZYWRLE: 1821 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1822 vs->vnc_encoding = enc; 1823 break; 1824 case VNC_ENCODING_DESKTOPRESIZE: 1825 vs->features |= VNC_FEATURE_RESIZE_MASK; 1826 break; 1827 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1828 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1829 break; 1830 case VNC_ENCODING_RICH_CURSOR: 1831 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1832 break; 1833 case VNC_ENCODING_EXT_KEY_EVENT: 1834 send_ext_key_event_ack(vs); 1835 break; 1836 case VNC_ENCODING_AUDIO: 1837 send_ext_audio_ack(vs); 1838 break; 1839 case VNC_ENCODING_WMVi: 1840 vs->features |= VNC_FEATURE_WMVI_MASK; 1841 break; 1842 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1843 vs->tight.compression = (enc & 0x0F); 1844 break; 1845 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1846 if (vs->vd->lossy) { 1847 vs->tight.quality = (enc & 0x0F); 1848 } 1849 break; 1850 default: 1851 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1852 break; 1853 } 1854 } 1855 vnc_desktop_resize(vs); 1856 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1857 } 1858 1859 static void set_pixel_conversion(VncState *vs) 1860 { 1861 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 1862 1863 if (fmt == VNC_SERVER_FB_FORMAT) { 1864 vs->write_pixels = vnc_write_pixels_copy; 1865 vnc_hextile_set_pixel_conversion(vs, 0); 1866 } else { 1867 vs->write_pixels = vnc_write_pixels_generic; 1868 vnc_hextile_set_pixel_conversion(vs, 1); 1869 } 1870 } 1871 1872 static void set_pixel_format(VncState *vs, 1873 int bits_per_pixel, int depth, 1874 int big_endian_flag, int true_color_flag, 1875 int red_max, int green_max, int blue_max, 1876 int red_shift, int green_shift, int blue_shift) 1877 { 1878 if (!true_color_flag) { 1879 vnc_client_error(vs); 1880 return; 1881 } 1882 1883 vs->client_pf.rmax = red_max; 1884 vs->client_pf.rbits = hweight_long(red_max); 1885 vs->client_pf.rshift = red_shift; 1886 vs->client_pf.rmask = red_max << red_shift; 1887 vs->client_pf.gmax = green_max; 1888 vs->client_pf.gbits = hweight_long(green_max); 1889 vs->client_pf.gshift = green_shift; 1890 vs->client_pf.gmask = green_max << green_shift; 1891 vs->client_pf.bmax = blue_max; 1892 vs->client_pf.bbits = hweight_long(blue_max); 1893 vs->client_pf.bshift = blue_shift; 1894 vs->client_pf.bmask = blue_max << blue_shift; 1895 vs->client_pf.bits_per_pixel = bits_per_pixel; 1896 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 1897 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 1898 vs->client_be = big_endian_flag; 1899 1900 set_pixel_conversion(vs); 1901 1902 vga_hw_invalidate(); 1903 vga_hw_update(); 1904 } 1905 1906 static void pixel_format_message (VncState *vs) { 1907 char pad[3] = { 0, 0, 0 }; 1908 1909 vs->client_pf = qemu_default_pixelformat(32); 1910 1911 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 1912 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 1913 1914 #ifdef HOST_WORDS_BIGENDIAN 1915 vnc_write_u8(vs, 1); /* big-endian-flag */ 1916 #else 1917 vnc_write_u8(vs, 0); /* big-endian-flag */ 1918 #endif 1919 vnc_write_u8(vs, 1); /* true-color-flag */ 1920 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 1921 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 1922 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 1923 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 1924 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 1925 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 1926 vnc_write(vs, pad, 3); /* padding */ 1927 1928 vnc_hextile_set_pixel_conversion(vs, 0); 1929 vs->write_pixels = vnc_write_pixels_copy; 1930 } 1931 1932 static void vnc_dpy_setdata(DisplayState *ds) 1933 { 1934 VncDisplay *vd = ds->opaque; 1935 1936 qemu_pixman_image_unref(vd->guest.fb); 1937 vd->guest.fb = pixman_image_ref(ds->surface->image); 1938 vd->guest.format = ds->surface->format; 1939 vnc_dpy_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds)); 1940 } 1941 1942 static void vnc_colordepth(VncState *vs) 1943 { 1944 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 1945 /* Sending a WMVi message to notify the client*/ 1946 vnc_lock_output(vs); 1947 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1948 vnc_write_u8(vs, 0); 1949 vnc_write_u16(vs, 1); /* number of rects */ 1950 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 1951 ds_get_height(vs->ds), VNC_ENCODING_WMVi); 1952 pixel_format_message(vs); 1953 vnc_unlock_output(vs); 1954 vnc_flush(vs); 1955 } else { 1956 set_pixel_conversion(vs); 1957 } 1958 } 1959 1960 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 1961 { 1962 int i; 1963 uint16_t limit; 1964 VncDisplay *vd = vs->vd; 1965 1966 if (data[0] > 3) { 1967 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 1968 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval)) 1969 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 1970 } 1971 1972 switch (data[0]) { 1973 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 1974 if (len == 1) 1975 return 20; 1976 1977 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 1978 read_u8(data, 6), read_u8(data, 7), 1979 read_u16(data, 8), read_u16(data, 10), 1980 read_u16(data, 12), read_u8(data, 14), 1981 read_u8(data, 15), read_u8(data, 16)); 1982 break; 1983 case VNC_MSG_CLIENT_SET_ENCODINGS: 1984 if (len == 1) 1985 return 4; 1986 1987 if (len == 4) { 1988 limit = read_u16(data, 2); 1989 if (limit > 0) 1990 return 4 + (limit * 4); 1991 } else 1992 limit = read_u16(data, 2); 1993 1994 for (i = 0; i < limit; i++) { 1995 int32_t val = read_s32(data, 4 + (i * 4)); 1996 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 1997 } 1998 1999 set_encodings(vs, (int32_t *)(data + 4), limit); 2000 break; 2001 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2002 if (len == 1) 2003 return 10; 2004 2005 framebuffer_update_request(vs, 2006 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2007 read_u16(data, 6), read_u16(data, 8)); 2008 break; 2009 case VNC_MSG_CLIENT_KEY_EVENT: 2010 if (len == 1) 2011 return 8; 2012 2013 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2014 break; 2015 case VNC_MSG_CLIENT_POINTER_EVENT: 2016 if (len == 1) 2017 return 6; 2018 2019 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2020 break; 2021 case VNC_MSG_CLIENT_CUT_TEXT: 2022 if (len == 1) 2023 return 8; 2024 2025 if (len == 8) { 2026 uint32_t dlen = read_u32(data, 4); 2027 if (dlen > 0) 2028 return 8 + dlen; 2029 } 2030 2031 client_cut_text(vs, read_u32(data, 4), data + 8); 2032 break; 2033 case VNC_MSG_CLIENT_QEMU: 2034 if (len == 1) 2035 return 2; 2036 2037 switch (read_u8(data, 1)) { 2038 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2039 if (len == 2) 2040 return 12; 2041 2042 ext_key_event(vs, read_u16(data, 2), 2043 read_u32(data, 4), read_u32(data, 8)); 2044 break; 2045 case VNC_MSG_CLIENT_QEMU_AUDIO: 2046 if (len == 2) 2047 return 4; 2048 2049 switch (read_u16 (data, 2)) { 2050 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2051 audio_add(vs); 2052 break; 2053 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2054 audio_del(vs); 2055 break; 2056 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2057 if (len == 4) 2058 return 10; 2059 switch (read_u8(data, 4)) { 2060 case 0: vs->as.fmt = AUD_FMT_U8; break; 2061 case 1: vs->as.fmt = AUD_FMT_S8; break; 2062 case 2: vs->as.fmt = AUD_FMT_U16; break; 2063 case 3: vs->as.fmt = AUD_FMT_S16; break; 2064 case 4: vs->as.fmt = AUD_FMT_U32; break; 2065 case 5: vs->as.fmt = AUD_FMT_S32; break; 2066 default: 2067 printf("Invalid audio format %d\n", read_u8(data, 4)); 2068 vnc_client_error(vs); 2069 break; 2070 } 2071 vs->as.nchannels = read_u8(data, 5); 2072 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2073 printf("Invalid audio channel coount %d\n", 2074 read_u8(data, 5)); 2075 vnc_client_error(vs); 2076 break; 2077 } 2078 vs->as.freq = read_u32(data, 6); 2079 break; 2080 default: 2081 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2082 vnc_client_error(vs); 2083 break; 2084 } 2085 break; 2086 2087 default: 2088 printf("Msg: %d\n", read_u16(data, 0)); 2089 vnc_client_error(vs); 2090 break; 2091 } 2092 break; 2093 default: 2094 printf("Msg: %d\n", data[0]); 2095 vnc_client_error(vs); 2096 break; 2097 } 2098 2099 vnc_read_when(vs, protocol_client_msg, 1); 2100 return 0; 2101 } 2102 2103 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2104 { 2105 char buf[1024]; 2106 VncShareMode mode; 2107 int size; 2108 2109 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2110 switch (vs->vd->share_policy) { 2111 case VNC_SHARE_POLICY_IGNORE: 2112 /* 2113 * Ignore the shared flag. Nothing to do here. 2114 * 2115 * Doesn't conform to the rfb spec but is traditional qemu 2116 * behavior, thus left here as option for compatibility 2117 * reasons. 2118 */ 2119 break; 2120 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2121 /* 2122 * Policy: Allow clients ask for exclusive access. 2123 * 2124 * Implementation: When a client asks for exclusive access, 2125 * disconnect all others. Shared connects are allowed as long 2126 * as no exclusive connection exists. 2127 * 2128 * This is how the rfb spec suggests to handle the shared flag. 2129 */ 2130 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2131 VncState *client; 2132 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2133 if (vs == client) { 2134 continue; 2135 } 2136 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2137 client->share_mode != VNC_SHARE_MODE_SHARED) { 2138 continue; 2139 } 2140 vnc_disconnect_start(client); 2141 } 2142 } 2143 if (mode == VNC_SHARE_MODE_SHARED) { 2144 if (vs->vd->num_exclusive > 0) { 2145 vnc_disconnect_start(vs); 2146 return 0; 2147 } 2148 } 2149 break; 2150 case VNC_SHARE_POLICY_FORCE_SHARED: 2151 /* 2152 * Policy: Shared connects only. 2153 * Implementation: Disallow clients asking for exclusive access. 2154 * 2155 * Useful for shared desktop sessions where you don't want 2156 * someone forgetting to say -shared when running the vnc 2157 * client disconnect everybody else. 2158 */ 2159 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2160 vnc_disconnect_start(vs); 2161 return 0; 2162 } 2163 break; 2164 } 2165 vnc_set_share_mode(vs, mode); 2166 2167 vs->client_width = ds_get_width(vs->ds); 2168 vs->client_height = ds_get_height(vs->ds); 2169 vnc_write_u16(vs, vs->client_width); 2170 vnc_write_u16(vs, vs->client_height); 2171 2172 pixel_format_message(vs); 2173 2174 if (qemu_name) 2175 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2176 else 2177 size = snprintf(buf, sizeof(buf), "QEMU"); 2178 2179 vnc_write_u32(vs, size); 2180 vnc_write(vs, buf, size); 2181 vnc_flush(vs); 2182 2183 vnc_client_cache_auth(vs); 2184 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2185 2186 vnc_read_when(vs, protocol_client_msg, 1); 2187 2188 return 0; 2189 } 2190 2191 void start_client_init(VncState *vs) 2192 { 2193 vnc_read_when(vs, protocol_client_init, 1); 2194 } 2195 2196 static void make_challenge(VncState *vs) 2197 { 2198 int i; 2199 2200 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2201 2202 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2203 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2204 } 2205 2206 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2207 { 2208 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2209 int i, j, pwlen; 2210 unsigned char key[8]; 2211 time_t now = time(NULL); 2212 2213 if (!vs->vd->password) { 2214 VNC_DEBUG("No password configured on server"); 2215 goto reject; 2216 } 2217 if (vs->vd->expires < now) { 2218 VNC_DEBUG("Password is expired"); 2219 goto reject; 2220 } 2221 2222 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2223 2224 /* Calculate the expected challenge response */ 2225 pwlen = strlen(vs->vd->password); 2226 for (i=0; i<sizeof(key); i++) 2227 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2228 deskey(key, EN0); 2229 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2230 des(response+j, response+j); 2231 2232 /* Compare expected vs actual challenge response */ 2233 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2234 VNC_DEBUG("Client challenge response did not match\n"); 2235 goto reject; 2236 } else { 2237 VNC_DEBUG("Accepting VNC challenge response\n"); 2238 vnc_write_u32(vs, 0); /* Accept auth */ 2239 vnc_flush(vs); 2240 2241 start_client_init(vs); 2242 } 2243 return 0; 2244 2245 reject: 2246 vnc_write_u32(vs, 1); /* Reject auth */ 2247 if (vs->minor >= 8) { 2248 static const char err[] = "Authentication failed"; 2249 vnc_write_u32(vs, sizeof(err)); 2250 vnc_write(vs, err, sizeof(err)); 2251 } 2252 vnc_flush(vs); 2253 vnc_client_error(vs); 2254 return 0; 2255 } 2256 2257 void start_auth_vnc(VncState *vs) 2258 { 2259 make_challenge(vs); 2260 /* Send client a 'random' challenge */ 2261 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2262 vnc_flush(vs); 2263 2264 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2265 } 2266 2267 2268 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2269 { 2270 /* We only advertise 1 auth scheme at a time, so client 2271 * must pick the one we sent. Verify this */ 2272 if (data[0] != vs->auth) { /* Reject auth */ 2273 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2274 vnc_write_u32(vs, 1); 2275 if (vs->minor >= 8) { 2276 static const char err[] = "Authentication failed"; 2277 vnc_write_u32(vs, sizeof(err)); 2278 vnc_write(vs, err, sizeof(err)); 2279 } 2280 vnc_client_error(vs); 2281 } else { /* Accept requested auth */ 2282 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2283 switch (vs->auth) { 2284 case VNC_AUTH_NONE: 2285 VNC_DEBUG("Accept auth none\n"); 2286 if (vs->minor >= 8) { 2287 vnc_write_u32(vs, 0); /* Accept auth completion */ 2288 vnc_flush(vs); 2289 } 2290 start_client_init(vs); 2291 break; 2292 2293 case VNC_AUTH_VNC: 2294 VNC_DEBUG("Start VNC auth\n"); 2295 start_auth_vnc(vs); 2296 break; 2297 2298 #ifdef CONFIG_VNC_TLS 2299 case VNC_AUTH_VENCRYPT: 2300 VNC_DEBUG("Accept VeNCrypt auth\n"); 2301 start_auth_vencrypt(vs); 2302 break; 2303 #endif /* CONFIG_VNC_TLS */ 2304 2305 #ifdef CONFIG_VNC_SASL 2306 case VNC_AUTH_SASL: 2307 VNC_DEBUG("Accept SASL auth\n"); 2308 start_auth_sasl(vs); 2309 break; 2310 #endif /* CONFIG_VNC_SASL */ 2311 2312 default: /* Should not be possible, but just in case */ 2313 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2314 vnc_write_u8(vs, 1); 2315 if (vs->minor >= 8) { 2316 static const char err[] = "Authentication failed"; 2317 vnc_write_u32(vs, sizeof(err)); 2318 vnc_write(vs, err, sizeof(err)); 2319 } 2320 vnc_client_error(vs); 2321 } 2322 } 2323 return 0; 2324 } 2325 2326 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2327 { 2328 char local[13]; 2329 2330 memcpy(local, version, 12); 2331 local[12] = 0; 2332 2333 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2334 VNC_DEBUG("Malformed protocol version %s\n", local); 2335 vnc_client_error(vs); 2336 return 0; 2337 } 2338 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2339 if (vs->major != 3 || 2340 (vs->minor != 3 && 2341 vs->minor != 4 && 2342 vs->minor != 5 && 2343 vs->minor != 7 && 2344 vs->minor != 8)) { 2345 VNC_DEBUG("Unsupported client version\n"); 2346 vnc_write_u32(vs, VNC_AUTH_INVALID); 2347 vnc_flush(vs); 2348 vnc_client_error(vs); 2349 return 0; 2350 } 2351 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2352 * as equivalent to v3.3 by servers 2353 */ 2354 if (vs->minor == 4 || vs->minor == 5) 2355 vs->minor = 3; 2356 2357 if (vs->minor == 3) { 2358 if (vs->auth == VNC_AUTH_NONE) { 2359 VNC_DEBUG("Tell client auth none\n"); 2360 vnc_write_u32(vs, vs->auth); 2361 vnc_flush(vs); 2362 start_client_init(vs); 2363 } else if (vs->auth == VNC_AUTH_VNC) { 2364 VNC_DEBUG("Tell client VNC auth\n"); 2365 vnc_write_u32(vs, vs->auth); 2366 vnc_flush(vs); 2367 start_auth_vnc(vs); 2368 } else { 2369 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2370 vnc_write_u32(vs, VNC_AUTH_INVALID); 2371 vnc_flush(vs); 2372 vnc_client_error(vs); 2373 } 2374 } else { 2375 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2376 vnc_write_u8(vs, 1); /* num auth */ 2377 vnc_write_u8(vs, vs->auth); 2378 vnc_read_when(vs, protocol_client_auth, 1); 2379 vnc_flush(vs); 2380 } 2381 2382 return 0; 2383 } 2384 2385 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2386 { 2387 struct VncSurface *vs = &vd->guest; 2388 2389 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2390 } 2391 2392 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2393 { 2394 int i, j; 2395 2396 w = (x + w) / VNC_STAT_RECT; 2397 h = (y + h) / VNC_STAT_RECT; 2398 x /= VNC_STAT_RECT; 2399 y /= VNC_STAT_RECT; 2400 2401 for (j = y; j <= h; j++) { 2402 for (i = x; i <= w; i++) { 2403 vs->lossy_rect[j][i] = 1; 2404 } 2405 } 2406 } 2407 2408 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2409 { 2410 VncState *vs; 2411 int sty = y / VNC_STAT_RECT; 2412 int stx = x / VNC_STAT_RECT; 2413 int has_dirty = 0; 2414 2415 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2416 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2417 2418 QTAILQ_FOREACH(vs, &vd->clients, next) { 2419 int j; 2420 2421 /* kernel send buffers are full -> refresh later */ 2422 if (vs->output.offset) { 2423 continue; 2424 } 2425 2426 if (!vs->lossy_rect[sty][stx]) { 2427 continue; 2428 } 2429 2430 vs->lossy_rect[sty][stx] = 0; 2431 for (j = 0; j < VNC_STAT_RECT; ++j) { 2432 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16); 2433 } 2434 has_dirty++; 2435 } 2436 2437 return has_dirty; 2438 } 2439 2440 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2441 { 2442 int width = pixman_image_get_width(vd->guest.fb); 2443 int height = pixman_image_get_height(vd->guest.fb); 2444 int x, y; 2445 struct timeval res; 2446 int has_dirty = 0; 2447 2448 for (y = 0; y < height; y += VNC_STAT_RECT) { 2449 for (x = 0; x < width; x += VNC_STAT_RECT) { 2450 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2451 2452 rect->updated = false; 2453 } 2454 } 2455 2456 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2457 2458 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2459 return has_dirty; 2460 } 2461 vd->guest.last_freq_check = *tv; 2462 2463 for (y = 0; y < height; y += VNC_STAT_RECT) { 2464 for (x = 0; x < width; x += VNC_STAT_RECT) { 2465 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2466 int count = ARRAY_SIZE(rect->times); 2467 struct timeval min, max; 2468 2469 if (!timerisset(&rect->times[count - 1])) { 2470 continue ; 2471 } 2472 2473 max = rect->times[(rect->idx + count - 1) % count]; 2474 qemu_timersub(tv, &max, &res); 2475 2476 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2477 rect->freq = 0; 2478 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2479 memset(rect->times, 0, sizeof (rect->times)); 2480 continue ; 2481 } 2482 2483 min = rect->times[rect->idx]; 2484 max = rect->times[(rect->idx + count - 1) % count]; 2485 qemu_timersub(&max, &min, &res); 2486 2487 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2488 rect->freq /= count; 2489 rect->freq = 1. / rect->freq; 2490 } 2491 } 2492 return has_dirty; 2493 } 2494 2495 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2496 { 2497 int i, j; 2498 double total = 0; 2499 int num = 0; 2500 2501 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2502 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2503 2504 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2505 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2506 total += vnc_stat_rect(vs->vd, i, j)->freq; 2507 num++; 2508 } 2509 } 2510 2511 if (num) { 2512 return total / num; 2513 } else { 2514 return 0; 2515 } 2516 } 2517 2518 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2519 { 2520 VncRectStat *rect; 2521 2522 rect = vnc_stat_rect(vd, x, y); 2523 if (rect->updated) { 2524 return ; 2525 } 2526 rect->times[rect->idx] = *tv; 2527 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2528 rect->updated = true; 2529 } 2530 2531 static int vnc_refresh_server_surface(VncDisplay *vd) 2532 { 2533 int width = pixman_image_get_width(vd->guest.fb); 2534 int height = pixman_image_get_height(vd->guest.fb); 2535 int y; 2536 uint8_t *guest_row; 2537 uint8_t *server_row; 2538 int cmp_bytes; 2539 VncState *vs; 2540 int has_dirty = 0; 2541 pixman_image_t *tmpbuf = NULL; 2542 2543 struct timeval tv = { 0, 0 }; 2544 2545 if (!vd->non_adaptive) { 2546 gettimeofday(&tv, NULL); 2547 has_dirty = vnc_update_stats(vd, &tv); 2548 } 2549 2550 /* 2551 * Walk through the guest dirty map. 2552 * Check and copy modified bits from guest to server surface. 2553 * Update server dirty map. 2554 */ 2555 cmp_bytes = 64; 2556 if (cmp_bytes > vnc_server_fb_stride(vd)) { 2557 cmp_bytes = vnc_server_fb_stride(vd); 2558 } 2559 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2560 int width = pixman_image_get_width(vd->server); 2561 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2562 } 2563 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2564 server_row = (uint8_t *)pixman_image_get_data(vd->server); 2565 for (y = 0; y < height; y++) { 2566 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) { 2567 int x; 2568 uint8_t *guest_ptr; 2569 uint8_t *server_ptr; 2570 2571 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2572 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2573 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2574 } else { 2575 guest_ptr = guest_row; 2576 } 2577 server_ptr = server_row; 2578 2579 for (x = 0; x + 15 < width; 2580 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2581 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y])) 2582 continue; 2583 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2584 continue; 2585 memcpy(server_ptr, guest_ptr, cmp_bytes); 2586 if (!vd->non_adaptive) 2587 vnc_rect_updated(vd, x, y, &tv); 2588 QTAILQ_FOREACH(vs, &vd->clients, next) { 2589 set_bit((x / 16), vs->dirty[y]); 2590 } 2591 has_dirty++; 2592 } 2593 } 2594 guest_row += pixman_image_get_stride(vd->guest.fb); 2595 server_row += pixman_image_get_stride(vd->server); 2596 } 2597 qemu_pixman_image_unref(tmpbuf); 2598 return has_dirty; 2599 } 2600 2601 static void vnc_refresh(void *opaque) 2602 { 2603 VncDisplay *vd = opaque; 2604 VncState *vs, *vn; 2605 int has_dirty, rects = 0; 2606 2607 vga_hw_update(); 2608 2609 if (vnc_trylock_display(vd)) { 2610 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2611 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + 2612 vd->timer_interval); 2613 return; 2614 } 2615 2616 has_dirty = vnc_refresh_server_surface(vd); 2617 vnc_unlock_display(vd); 2618 2619 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2620 rects += vnc_update_client(vs, has_dirty); 2621 /* vs might be free()ed here */ 2622 } 2623 2624 /* vd->timer could be NULL now if the last client disconnected, 2625 * in this case don't update the timer */ 2626 if (vd->timer == NULL) 2627 return; 2628 2629 if (has_dirty && rects) { 2630 vd->timer_interval /= 2; 2631 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE) 2632 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2633 } else { 2634 vd->timer_interval += VNC_REFRESH_INTERVAL_INC; 2635 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX) 2636 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX; 2637 } 2638 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 2639 } 2640 2641 static void vnc_init_timer(VncDisplay *vd) 2642 { 2643 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2644 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) { 2645 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd); 2646 vnc_dpy_resize(vd->ds); 2647 vnc_refresh(vd); 2648 } 2649 } 2650 2651 static void vnc_remove_timer(VncDisplay *vd) 2652 { 2653 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) { 2654 qemu_del_timer(vd->timer); 2655 qemu_free_timer(vd->timer); 2656 vd->timer = NULL; 2657 } 2658 } 2659 2660 static void vnc_connect(VncDisplay *vd, int csock, int skipauth) 2661 { 2662 VncState *vs = g_malloc0(sizeof(VncState)); 2663 int i; 2664 2665 vs->csock = csock; 2666 2667 if (skipauth) { 2668 vs->auth = VNC_AUTH_NONE; 2669 #ifdef CONFIG_VNC_TLS 2670 vs->subauth = VNC_AUTH_INVALID; 2671 #endif 2672 } else { 2673 vs->auth = vd->auth; 2674 #ifdef CONFIG_VNC_TLS 2675 vs->subauth = vd->subauth; 2676 #endif 2677 } 2678 2679 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2680 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2681 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2682 } 2683 2684 VNC_DEBUG("New client on socket %d\n", csock); 2685 dcl->idle = 0; 2686 socket_set_nonblock(vs->csock); 2687 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2688 2689 vnc_client_cache_addr(vs); 2690 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2691 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2692 2693 vs->vd = vd; 2694 vs->ds = vd->ds; 2695 vs->last_x = -1; 2696 vs->last_y = -1; 2697 2698 vs->as.freq = 44100; 2699 vs->as.nchannels = 2; 2700 vs->as.fmt = AUD_FMT_S16; 2701 vs->as.endianness = 0; 2702 2703 qemu_mutex_init(&vs->output_mutex); 2704 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2705 2706 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2707 2708 vga_hw_update(); 2709 2710 vnc_write(vs, "RFB 003.008\n", 12); 2711 vnc_flush(vs); 2712 vnc_read_when(vs, protocol_version, 12); 2713 reset_keys(vs); 2714 if (vs->vd->lock_key_sync) 2715 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2716 2717 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2718 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2719 2720 vnc_init_timer(vd); 2721 2722 /* vs might be free()ed here */ 2723 } 2724 2725 static void vnc_listen_read(void *opaque) 2726 { 2727 VncDisplay *vs = opaque; 2728 struct sockaddr_in addr; 2729 socklen_t addrlen = sizeof(addr); 2730 2731 /* Catch-up */ 2732 vga_hw_update(); 2733 2734 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2735 if (csock != -1) { 2736 vnc_connect(vs, csock, 0); 2737 } 2738 } 2739 2740 void vnc_display_init(DisplayState *ds) 2741 { 2742 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2743 2744 dcl = g_malloc0(sizeof(DisplayChangeListener)); 2745 2746 ds->opaque = vs; 2747 dcl->idle = 1; 2748 vnc_display = vs; 2749 2750 vs->lsock = -1; 2751 2752 vs->ds = ds; 2753 QTAILQ_INIT(&vs->clients); 2754 vs->expires = TIME_MAX; 2755 2756 if (keyboard_layout) 2757 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2758 else 2759 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2760 2761 if (!vs->kbd_layout) 2762 exit(1); 2763 2764 qemu_mutex_init(&vs->mutex); 2765 vnc_start_worker_thread(); 2766 2767 dcl->dpy_gfx_copy = vnc_dpy_copy; 2768 dcl->dpy_gfx_update = vnc_dpy_update; 2769 dcl->dpy_gfx_resize = vnc_dpy_resize; 2770 dcl->dpy_gfx_setdata = vnc_dpy_setdata; 2771 dcl->dpy_mouse_set = vnc_mouse_set; 2772 dcl->dpy_cursor_define = vnc_dpy_cursor_define; 2773 register_displaychangelistener(ds, dcl); 2774 } 2775 2776 2777 static void vnc_display_close(DisplayState *ds) 2778 { 2779 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2780 2781 if (!vs) 2782 return; 2783 if (vs->display) { 2784 g_free(vs->display); 2785 vs->display = NULL; 2786 } 2787 if (vs->lsock != -1) { 2788 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2789 close(vs->lsock); 2790 vs->lsock = -1; 2791 } 2792 vs->auth = VNC_AUTH_INVALID; 2793 #ifdef CONFIG_VNC_TLS 2794 vs->subauth = VNC_AUTH_INVALID; 2795 vs->tls.x509verify = 0; 2796 #endif 2797 } 2798 2799 static int vnc_display_disable_login(DisplayState *ds) 2800 { 2801 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2802 2803 if (!vs) { 2804 return -1; 2805 } 2806 2807 if (vs->password) { 2808 g_free(vs->password); 2809 } 2810 2811 vs->password = NULL; 2812 if (vs->auth == VNC_AUTH_NONE) { 2813 vs->auth = VNC_AUTH_VNC; 2814 } 2815 2816 return 0; 2817 } 2818 2819 int vnc_display_password(DisplayState *ds, const char *password) 2820 { 2821 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2822 2823 if (!vs) { 2824 return -EINVAL; 2825 } 2826 2827 if (!password) { 2828 /* This is not the intention of this interface but err on the side 2829 of being safe */ 2830 return vnc_display_disable_login(ds); 2831 } 2832 2833 if (vs->password) { 2834 g_free(vs->password); 2835 vs->password = NULL; 2836 } 2837 vs->password = g_strdup(password); 2838 if (vs->auth == VNC_AUTH_NONE) { 2839 vs->auth = VNC_AUTH_VNC; 2840 } 2841 2842 return 0; 2843 } 2844 2845 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 2846 { 2847 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2848 2849 if (!vs) { 2850 return -EINVAL; 2851 } 2852 2853 vs->expires = expires; 2854 return 0; 2855 } 2856 2857 char *vnc_display_local_addr(DisplayState *ds) 2858 { 2859 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2860 2861 return vnc_socket_local_addr("%s:%s", vs->lsock); 2862 } 2863 2864 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 2865 { 2866 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2867 const char *options; 2868 int password = 0; 2869 int reverse = 0; 2870 #ifdef CONFIG_VNC_TLS 2871 int tls = 0, x509 = 0; 2872 #endif 2873 #ifdef CONFIG_VNC_SASL 2874 int sasl = 0; 2875 int saslErr; 2876 #endif 2877 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2878 int acl = 0; 2879 #endif 2880 int lock_key_sync = 1; 2881 2882 if (!vnc_display) { 2883 error_setg(errp, "VNC display not active"); 2884 return; 2885 } 2886 vnc_display_close(ds); 2887 if (strcmp(display, "none") == 0) 2888 return; 2889 2890 vs->display = g_strdup(display); 2891 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2892 2893 options = display; 2894 while ((options = strchr(options, ','))) { 2895 options++; 2896 if (strncmp(options, "password", 8) == 0) { 2897 if (fips_get_state()) { 2898 error_setg(errp, 2899 "VNC password auth disabled due to FIPS mode, " 2900 "consider using the VeNCrypt or SASL authentication " 2901 "methods as an alternative"); 2902 goto fail; 2903 } 2904 password = 1; /* Require password auth */ 2905 } else if (strncmp(options, "reverse", 7) == 0) { 2906 reverse = 1; 2907 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 2908 lock_key_sync = 0; 2909 #ifdef CONFIG_VNC_SASL 2910 } else if (strncmp(options, "sasl", 4) == 0) { 2911 sasl = 1; /* Require SASL auth */ 2912 #endif 2913 #ifdef CONFIG_VNC_TLS 2914 } else if (strncmp(options, "tls", 3) == 0) { 2915 tls = 1; /* Require TLS */ 2916 } else if (strncmp(options, "x509", 4) == 0) { 2917 char *start, *end; 2918 x509 = 1; /* Require x509 certificates */ 2919 if (strncmp(options, "x509verify", 10) == 0) 2920 vs->tls.x509verify = 1; /* ...and verify client certs */ 2921 2922 /* Now check for 'x509=/some/path' postfix 2923 * and use that to setup x509 certificate/key paths */ 2924 start = strchr(options, '='); 2925 end = strchr(options, ','); 2926 if (start && (!end || (start < end))) { 2927 int len = end ? end-(start+1) : strlen(start+1); 2928 char *path = g_strndup(start + 1, len); 2929 2930 VNC_DEBUG("Trying certificate path '%s'\n", path); 2931 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 2932 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 2933 g_free(path); 2934 goto fail; 2935 } 2936 g_free(path); 2937 } else { 2938 error_setg(errp, "No certificate path provided"); 2939 goto fail; 2940 } 2941 #endif 2942 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2943 } else if (strncmp(options, "acl", 3) == 0) { 2944 acl = 1; 2945 #endif 2946 } else if (strncmp(options, "lossy", 5) == 0) { 2947 vs->lossy = true; 2948 } else if (strncmp(options, "non-adaptive", 12) == 0) { 2949 vs->non_adaptive = true; 2950 } else if (strncmp(options, "share=", 6) == 0) { 2951 if (strncmp(options+6, "ignore", 6) == 0) { 2952 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 2953 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 2954 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2955 } else if (strncmp(options+6, "force-shared", 12) == 0) { 2956 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 2957 } else { 2958 error_setg(errp, "unknown vnc share= option"); 2959 goto fail; 2960 } 2961 } 2962 } 2963 2964 #ifdef CONFIG_VNC_TLS 2965 if (acl && x509 && vs->tls.x509verify) { 2966 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 2967 fprintf(stderr, "Failed to create x509 dname ACL\n"); 2968 exit(1); 2969 } 2970 } 2971 #endif 2972 #ifdef CONFIG_VNC_SASL 2973 if (acl && sasl) { 2974 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 2975 fprintf(stderr, "Failed to create username ACL\n"); 2976 exit(1); 2977 } 2978 } 2979 #endif 2980 2981 /* 2982 * Combinations we support here: 2983 * 2984 * - no-auth (clear text, no auth) 2985 * - password (clear text, weak auth) 2986 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 2987 * - tls (encrypt, weak anonymous creds, no auth) 2988 * - tls + password (encrypt, weak anonymous creds, weak auth) 2989 * - tls + sasl (encrypt, weak anonymous creds, good auth) 2990 * - tls + x509 (encrypt, good x509 creds, no auth) 2991 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 2992 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 2993 * 2994 * NB1. TLS is a stackable auth scheme. 2995 * NB2. the x509 schemes have option to validate a client cert dname 2996 */ 2997 if (password) { 2998 #ifdef CONFIG_VNC_TLS 2999 if (tls) { 3000 vs->auth = VNC_AUTH_VENCRYPT; 3001 if (x509) { 3002 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3003 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3004 } else { 3005 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3006 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3007 } 3008 } else { 3009 #endif /* CONFIG_VNC_TLS */ 3010 VNC_DEBUG("Initializing VNC server with password auth\n"); 3011 vs->auth = VNC_AUTH_VNC; 3012 #ifdef CONFIG_VNC_TLS 3013 vs->subauth = VNC_AUTH_INVALID; 3014 } 3015 #endif /* CONFIG_VNC_TLS */ 3016 #ifdef CONFIG_VNC_SASL 3017 } else if (sasl) { 3018 #ifdef CONFIG_VNC_TLS 3019 if (tls) { 3020 vs->auth = VNC_AUTH_VENCRYPT; 3021 if (x509) { 3022 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3023 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3024 } else { 3025 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3026 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3027 } 3028 } else { 3029 #endif /* CONFIG_VNC_TLS */ 3030 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3031 vs->auth = VNC_AUTH_SASL; 3032 #ifdef CONFIG_VNC_TLS 3033 vs->subauth = VNC_AUTH_INVALID; 3034 } 3035 #endif /* CONFIG_VNC_TLS */ 3036 #endif /* CONFIG_VNC_SASL */ 3037 } else { 3038 #ifdef CONFIG_VNC_TLS 3039 if (tls) { 3040 vs->auth = VNC_AUTH_VENCRYPT; 3041 if (x509) { 3042 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3043 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3044 } else { 3045 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3046 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3047 } 3048 } else { 3049 #endif 3050 VNC_DEBUG("Initializing VNC server with no auth\n"); 3051 vs->auth = VNC_AUTH_NONE; 3052 #ifdef CONFIG_VNC_TLS 3053 vs->subauth = VNC_AUTH_INVALID; 3054 } 3055 #endif 3056 } 3057 3058 #ifdef CONFIG_VNC_SASL 3059 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3060 error_setg(errp, "Failed to initialize SASL auth: %s", 3061 sasl_errstring(saslErr, NULL, NULL)); 3062 goto fail; 3063 } 3064 #endif 3065 vs->lock_key_sync = lock_key_sync; 3066 3067 if (reverse) { 3068 /* connect to viewer */ 3069 int csock; 3070 vs->lsock = -1; 3071 if (strncmp(display, "unix:", 5) == 0) { 3072 csock = unix_connect(display+5, errp); 3073 } else { 3074 csock = inet_connect(display, errp); 3075 } 3076 if (csock < 0) { 3077 goto fail; 3078 } 3079 vnc_connect(vs, csock, 0); 3080 } else { 3081 /* listen for connects */ 3082 char *dpy; 3083 dpy = g_malloc(256); 3084 if (strncmp(display, "unix:", 5) == 0) { 3085 pstrcpy(dpy, 256, "unix:"); 3086 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3087 } else { 3088 vs->lsock = inet_listen(display, dpy, 256, 3089 SOCK_STREAM, 5900, errp); 3090 } 3091 if (vs->lsock < 0) { 3092 g_free(dpy); 3093 goto fail; 3094 } 3095 g_free(vs->display); 3096 vs->display = dpy; 3097 qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs); 3098 } 3099 return; 3100 3101 fail: 3102 g_free(vs->display); 3103 vs->display = NULL; 3104 } 3105 3106 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth) 3107 { 3108 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 3109 3110 vnc_connect(vs, csock, skipauth); 3111 } 3112