1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu.h" 30 #include "qemu_socket.h" 31 #include "qemu-timer.h" 32 #include "acl.h" 33 #include "qemu-objects.h" 34 #include "qmp-commands.h" 35 36 #define VNC_REFRESH_INTERVAL_BASE 30 37 #define VNC_REFRESH_INTERVAL_INC 50 38 #define VNC_REFRESH_INTERVAL_MAX 2000 39 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 40 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 41 42 #include "vnc_keysym.h" 43 #include "d3des.h" 44 45 static VncDisplay *vnc_display; /* needed for info vnc */ 46 static DisplayChangeListener *dcl; 47 48 static int vnc_cursor_define(VncState *vs); 49 static void vnc_release_modifiers(VncState *vs); 50 51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 52 { 53 #ifdef _VNC_DEBUG 54 static const char *mn[] = { 55 [0] = "undefined", 56 [VNC_SHARE_MODE_CONNECTING] = "connecting", 57 [VNC_SHARE_MODE_SHARED] = "shared", 58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 60 }; 61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 62 vs->csock, mn[vs->share_mode], mn[mode]); 63 #endif 64 65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 66 vs->vd->num_exclusive--; 67 } 68 vs->share_mode = mode; 69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 70 vs->vd->num_exclusive++; 71 } 72 } 73 74 static char *addr_to_string(const char *format, 75 struct sockaddr_storage *sa, 76 socklen_t salen) { 77 char *addr; 78 char host[NI_MAXHOST]; 79 char serv[NI_MAXSERV]; 80 int err; 81 size_t addrlen; 82 83 if ((err = getnameinfo((struct sockaddr *)sa, salen, 84 host, sizeof(host), 85 serv, sizeof(serv), 86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 87 VNC_DEBUG("Cannot resolve address %d: %s\n", 88 err, gai_strerror(err)); 89 return NULL; 90 } 91 92 /* Enough for the existing format + the 2 vars we're 93 * substituting in. */ 94 addrlen = strlen(format) + strlen(host) + strlen(serv); 95 addr = g_malloc(addrlen + 1); 96 snprintf(addr, addrlen, format, host, serv); 97 addr[addrlen] = '\0'; 98 99 return addr; 100 } 101 102 103 char *vnc_socket_local_addr(const char *format, int fd) { 104 struct sockaddr_storage sa; 105 socklen_t salen; 106 107 salen = sizeof(sa); 108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 109 return NULL; 110 111 return addr_to_string(format, &sa, salen); 112 } 113 114 char *vnc_socket_remote_addr(const char *format, int fd) { 115 struct sockaddr_storage sa; 116 socklen_t salen; 117 118 salen = sizeof(sa); 119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 120 return NULL; 121 122 return addr_to_string(format, &sa, salen); 123 } 124 125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 126 socklen_t salen) 127 { 128 char host[NI_MAXHOST]; 129 char serv[NI_MAXSERV]; 130 int err; 131 132 if ((err = getnameinfo((struct sockaddr *)sa, salen, 133 host, sizeof(host), 134 serv, sizeof(serv), 135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 136 VNC_DEBUG("Cannot resolve address %d: %s\n", 137 err, gai_strerror(err)); 138 return -1; 139 } 140 141 qdict_put(qdict, "host", qstring_from_str(host)); 142 qdict_put(qdict, "service", qstring_from_str(serv)); 143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 144 145 return 0; 146 } 147 148 static int vnc_server_addr_put(QDict *qdict, int fd) 149 { 150 struct sockaddr_storage sa; 151 socklen_t salen; 152 153 salen = sizeof(sa); 154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 155 return -1; 156 } 157 158 return put_addr_qdict(qdict, &sa, salen); 159 } 160 161 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 162 { 163 struct sockaddr_storage sa; 164 socklen_t salen; 165 166 salen = sizeof(sa); 167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 168 return -1; 169 } 170 171 return put_addr_qdict(qdict, &sa, salen); 172 } 173 174 static const char *vnc_auth_name(VncDisplay *vd) { 175 switch (vd->auth) { 176 case VNC_AUTH_INVALID: 177 return "invalid"; 178 case VNC_AUTH_NONE: 179 return "none"; 180 case VNC_AUTH_VNC: 181 return "vnc"; 182 case VNC_AUTH_RA2: 183 return "ra2"; 184 case VNC_AUTH_RA2NE: 185 return "ra2ne"; 186 case VNC_AUTH_TIGHT: 187 return "tight"; 188 case VNC_AUTH_ULTRA: 189 return "ultra"; 190 case VNC_AUTH_TLS: 191 return "tls"; 192 case VNC_AUTH_VENCRYPT: 193 #ifdef CONFIG_VNC_TLS 194 switch (vd->subauth) { 195 case VNC_AUTH_VENCRYPT_PLAIN: 196 return "vencrypt+plain"; 197 case VNC_AUTH_VENCRYPT_TLSNONE: 198 return "vencrypt+tls+none"; 199 case VNC_AUTH_VENCRYPT_TLSVNC: 200 return "vencrypt+tls+vnc"; 201 case VNC_AUTH_VENCRYPT_TLSPLAIN: 202 return "vencrypt+tls+plain"; 203 case VNC_AUTH_VENCRYPT_X509NONE: 204 return "vencrypt+x509+none"; 205 case VNC_AUTH_VENCRYPT_X509VNC: 206 return "vencrypt+x509+vnc"; 207 case VNC_AUTH_VENCRYPT_X509PLAIN: 208 return "vencrypt+x509+plain"; 209 case VNC_AUTH_VENCRYPT_TLSSASL: 210 return "vencrypt+tls+sasl"; 211 case VNC_AUTH_VENCRYPT_X509SASL: 212 return "vencrypt+x509+sasl"; 213 default: 214 return "vencrypt"; 215 } 216 #else 217 return "vencrypt"; 218 #endif 219 case VNC_AUTH_SASL: 220 return "sasl"; 221 } 222 return "unknown"; 223 } 224 225 static int vnc_server_info_put(QDict *qdict) 226 { 227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 228 return -1; 229 } 230 231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 232 return 0; 233 } 234 235 static void vnc_client_cache_auth(VncState *client) 236 { 237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 238 QDict *qdict; 239 #endif 240 241 if (!client->info) { 242 return; 243 } 244 245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 246 qdict = qobject_to_qdict(client->info); 247 #endif 248 249 #ifdef CONFIG_VNC_TLS 250 if (client->tls.session && 251 client->tls.dname) { 252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 253 } 254 #endif 255 #ifdef CONFIG_VNC_SASL 256 if (client->sasl.conn && 257 client->sasl.username) { 258 qdict_put(qdict, "sasl_username", 259 qstring_from_str(client->sasl.username)); 260 } 261 #endif 262 } 263 264 static void vnc_client_cache_addr(VncState *client) 265 { 266 QDict *qdict; 267 268 qdict = qdict_new(); 269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 270 QDECREF(qdict); 271 /* XXX: how to report the error? */ 272 return; 273 } 274 275 client->info = QOBJECT(qdict); 276 } 277 278 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 279 { 280 QDict *server; 281 QObject *data; 282 283 if (!vs->info) { 284 return; 285 } 286 287 server = qdict_new(); 288 if (vnc_server_info_put(server) < 0) { 289 QDECREF(server); 290 return; 291 } 292 293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 294 vs->info, QOBJECT(server)); 295 296 monitor_protocol_event(event, data); 297 298 qobject_incref(vs->info); 299 qobject_decref(data); 300 } 301 302 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 303 { 304 struct sockaddr_storage sa; 305 socklen_t salen = sizeof(sa); 306 char host[NI_MAXHOST]; 307 char serv[NI_MAXSERV]; 308 VncClientInfo *info; 309 310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 311 return NULL; 312 } 313 314 if (getnameinfo((struct sockaddr *)&sa, salen, 315 host, sizeof(host), 316 serv, sizeof(serv), 317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 318 return NULL; 319 } 320 321 info = g_malloc0(sizeof(*info)); 322 info->host = g_strdup(host); 323 info->service = g_strdup(serv); 324 info->family = g_strdup(inet_strfamily(sa.ss_family)); 325 326 #ifdef CONFIG_VNC_TLS 327 if (client->tls.session && client->tls.dname) { 328 info->has_x509_dname = true; 329 info->x509_dname = g_strdup(client->tls.dname); 330 } 331 #endif 332 #ifdef CONFIG_VNC_SASL 333 if (client->sasl.conn && client->sasl.username) { 334 info->has_sasl_username = true; 335 info->sasl_username = g_strdup(client->sasl.username); 336 } 337 #endif 338 339 return info; 340 } 341 342 VncInfo *qmp_query_vnc(Error **errp) 343 { 344 VncInfo *info = g_malloc0(sizeof(*info)); 345 346 if (vnc_display == NULL || vnc_display->display == NULL) { 347 info->enabled = false; 348 } else { 349 VncClientInfoList *cur_item = NULL; 350 struct sockaddr_storage sa; 351 socklen_t salen = sizeof(sa); 352 char host[NI_MAXHOST]; 353 char serv[NI_MAXSERV]; 354 VncState *client; 355 356 info->enabled = true; 357 358 /* for compatibility with the original command */ 359 info->has_clients = true; 360 361 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 363 cinfo->value = qmp_query_vnc_client(client); 364 365 /* XXX: waiting for the qapi to support GSList */ 366 if (!cur_item) { 367 info->clients = cur_item = cinfo; 368 } else { 369 cur_item->next = cinfo; 370 cur_item = cinfo; 371 } 372 } 373 374 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 375 &salen) == -1) { 376 error_set(errp, QERR_UNDEFINED_ERROR); 377 goto out_error; 378 } 379 380 if (getnameinfo((struct sockaddr *)&sa, salen, 381 host, sizeof(host), 382 serv, sizeof(serv), 383 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 384 error_set(errp, QERR_UNDEFINED_ERROR); 385 goto out_error; 386 } 387 388 info->has_host = true; 389 info->host = g_strdup(host); 390 391 info->has_service = true; 392 info->service = g_strdup(serv); 393 394 info->has_family = true; 395 info->family = g_strdup(inet_strfamily(sa.ss_family)); 396 397 info->has_auth = true; 398 info->auth = g_strdup(vnc_auth_name(vnc_display)); 399 } 400 401 return info; 402 403 out_error: 404 qapi_free_VncInfo(info); 405 return NULL; 406 } 407 408 /* TODO 409 1) Get the queue working for IO. 410 2) there is some weirdness when using the -S option (the screen is grey 411 and not totally invalidated 412 3) resolutions > 1024 413 */ 414 415 static int vnc_update_client(VncState *vs, int has_dirty); 416 static int vnc_update_client_sync(VncState *vs, int has_dirty); 417 static void vnc_disconnect_start(VncState *vs); 418 static void vnc_disconnect_finish(VncState *vs); 419 static void vnc_init_timer(VncDisplay *vd); 420 static void vnc_remove_timer(VncDisplay *vd); 421 422 static void vnc_colordepth(VncState *vs); 423 static void framebuffer_update_request(VncState *vs, int incremental, 424 int x_position, int y_position, 425 int w, int h); 426 static void vnc_refresh(void *opaque); 427 static int vnc_refresh_server_surface(VncDisplay *vd); 428 429 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h) 430 { 431 int i; 432 VncDisplay *vd = ds->opaque; 433 struct VncSurface *s = &vd->guest; 434 435 h += y; 436 437 /* round x down to ensure the loop only spans one 16-pixel block per, 438 iteration. otherwise, if (x % 16) != 0, the last iteration may span 439 two 16-pixel blocks but we only mark the first as dirty 440 */ 441 w += (x % 16); 442 x -= (x % 16); 443 444 x = MIN(x, s->ds->width); 445 y = MIN(y, s->ds->height); 446 w = MIN(x + w, s->ds->width) - x; 447 h = MIN(h, s->ds->height); 448 449 for (; y < h; y++) 450 for (i = 0; i < w; i += 16) 451 set_bit((x + i) / 16, s->dirty[y]); 452 } 453 454 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 455 int32_t encoding) 456 { 457 vnc_write_u16(vs, x); 458 vnc_write_u16(vs, y); 459 vnc_write_u16(vs, w); 460 vnc_write_u16(vs, h); 461 462 vnc_write_s32(vs, encoding); 463 } 464 465 void buffer_reserve(Buffer *buffer, size_t len) 466 { 467 if ((buffer->capacity - buffer->offset) < len) { 468 buffer->capacity += (len + 1024); 469 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 470 if (buffer->buffer == NULL) { 471 fprintf(stderr, "vnc: out of memory\n"); 472 exit(1); 473 } 474 } 475 } 476 477 int buffer_empty(Buffer *buffer) 478 { 479 return buffer->offset == 0; 480 } 481 482 uint8_t *buffer_end(Buffer *buffer) 483 { 484 return buffer->buffer + buffer->offset; 485 } 486 487 void buffer_reset(Buffer *buffer) 488 { 489 buffer->offset = 0; 490 } 491 492 void buffer_free(Buffer *buffer) 493 { 494 g_free(buffer->buffer); 495 buffer->offset = 0; 496 buffer->capacity = 0; 497 buffer->buffer = NULL; 498 } 499 500 void buffer_append(Buffer *buffer, const void *data, size_t len) 501 { 502 memcpy(buffer->buffer + buffer->offset, data, len); 503 buffer->offset += len; 504 } 505 506 static void vnc_desktop_resize(VncState *vs) 507 { 508 DisplayState *ds = vs->ds; 509 510 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 511 return; 512 } 513 if (vs->client_width == ds_get_width(ds) && 514 vs->client_height == ds_get_height(ds)) { 515 return; 516 } 517 vs->client_width = ds_get_width(ds); 518 vs->client_height = ds_get_height(ds); 519 vnc_lock_output(vs); 520 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 521 vnc_write_u8(vs, 0); 522 vnc_write_u16(vs, 1); /* number of rects */ 523 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 524 VNC_ENCODING_DESKTOPRESIZE); 525 vnc_unlock_output(vs); 526 vnc_flush(vs); 527 } 528 529 #ifdef CONFIG_VNC_THREAD 530 static void vnc_abort_display_jobs(VncDisplay *vd) 531 { 532 VncState *vs; 533 534 QTAILQ_FOREACH(vs, &vd->clients, next) { 535 vnc_lock_output(vs); 536 vs->abort = true; 537 vnc_unlock_output(vs); 538 } 539 QTAILQ_FOREACH(vs, &vd->clients, next) { 540 vnc_jobs_join(vs); 541 } 542 QTAILQ_FOREACH(vs, &vd->clients, next) { 543 vnc_lock_output(vs); 544 vs->abort = false; 545 vnc_unlock_output(vs); 546 } 547 } 548 #else 549 static void vnc_abort_display_jobs(VncDisplay *vd) 550 { 551 } 552 #endif 553 554 static void vnc_dpy_resize(DisplayState *ds) 555 { 556 VncDisplay *vd = ds->opaque; 557 VncState *vs; 558 559 vnc_abort_display_jobs(vd); 560 561 /* server surface */ 562 if (!vd->server) 563 vd->server = g_malloc0(sizeof(*vd->server)); 564 if (vd->server->data) 565 g_free(vd->server->data); 566 *(vd->server) = *(ds->surface); 567 vd->server->data = g_malloc0(vd->server->linesize * 568 vd->server->height); 569 570 /* guest surface */ 571 if (!vd->guest.ds) 572 vd->guest.ds = g_malloc0(sizeof(*vd->guest.ds)); 573 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 574 console_color_init(ds); 575 *(vd->guest.ds) = *(ds->surface); 576 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 577 578 QTAILQ_FOREACH(vs, &vd->clients, next) { 579 vnc_colordepth(vs); 580 vnc_desktop_resize(vs); 581 if (vs->vd->cursor) { 582 vnc_cursor_define(vs); 583 } 584 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 585 } 586 } 587 588 /* fastest code */ 589 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf, 590 void *pixels, int size) 591 { 592 vnc_write(vs, pixels, size); 593 } 594 595 /* slowest but generic code. */ 596 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 597 { 598 uint8_t r, g, b; 599 VncDisplay *vd = vs->vd; 600 601 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >> 602 vd->server->pf.rbits); 603 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >> 604 vd->server->pf.gbits); 605 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >> 606 vd->server->pf.bbits); 607 v = (r << vs->clientds.pf.rshift) | 608 (g << vs->clientds.pf.gshift) | 609 (b << vs->clientds.pf.bshift); 610 switch(vs->clientds.pf.bytes_per_pixel) { 611 case 1: 612 buf[0] = v; 613 break; 614 case 2: 615 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) { 616 buf[0] = v >> 8; 617 buf[1] = v; 618 } else { 619 buf[1] = v >> 8; 620 buf[0] = v; 621 } 622 break; 623 default: 624 case 4: 625 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) { 626 buf[0] = v >> 24; 627 buf[1] = v >> 16; 628 buf[2] = v >> 8; 629 buf[3] = v; 630 } else { 631 buf[3] = v >> 24; 632 buf[2] = v >> 16; 633 buf[1] = v >> 8; 634 buf[0] = v; 635 } 636 break; 637 } 638 } 639 640 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf, 641 void *pixels1, int size) 642 { 643 uint8_t buf[4]; 644 645 if (pf->bytes_per_pixel == 4) { 646 uint32_t *pixels = pixels1; 647 int n, i; 648 n = size >> 2; 649 for(i = 0; i < n; i++) { 650 vnc_convert_pixel(vs, buf, pixels[i]); 651 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 652 } 653 } else if (pf->bytes_per_pixel == 2) { 654 uint16_t *pixels = pixels1; 655 int n, i; 656 n = size >> 1; 657 for(i = 0; i < n; i++) { 658 vnc_convert_pixel(vs, buf, pixels[i]); 659 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 660 } 661 } else if (pf->bytes_per_pixel == 1) { 662 uint8_t *pixels = pixels1; 663 int n, i; 664 n = size; 665 for(i = 0; i < n; i++) { 666 vnc_convert_pixel(vs, buf, pixels[i]); 667 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 668 } 669 } else { 670 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n"); 671 } 672 } 673 674 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 675 { 676 int i; 677 uint8_t *row; 678 VncDisplay *vd = vs->vd; 679 680 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds); 681 for (i = 0; i < h; i++) { 682 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds)); 683 row += ds_get_linesize(vs->ds); 684 } 685 return 1; 686 } 687 688 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 689 { 690 int n = 0; 691 692 switch(vs->vnc_encoding) { 693 case VNC_ENCODING_ZLIB: 694 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 695 break; 696 case VNC_ENCODING_HEXTILE: 697 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 698 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 699 break; 700 case VNC_ENCODING_TIGHT: 701 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 702 break; 703 case VNC_ENCODING_TIGHT_PNG: 704 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 705 break; 706 case VNC_ENCODING_ZRLE: 707 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 708 break; 709 case VNC_ENCODING_ZYWRLE: 710 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 711 break; 712 default: 713 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 714 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 715 break; 716 } 717 return n; 718 } 719 720 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 721 { 722 /* send bitblit op to the vnc client */ 723 vnc_lock_output(vs); 724 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 725 vnc_write_u8(vs, 0); 726 vnc_write_u16(vs, 1); /* number of rects */ 727 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 728 vnc_write_u16(vs, src_x); 729 vnc_write_u16(vs, src_y); 730 vnc_unlock_output(vs); 731 vnc_flush(vs); 732 } 733 734 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 735 { 736 VncDisplay *vd = ds->opaque; 737 VncState *vs, *vn; 738 uint8_t *src_row; 739 uint8_t *dst_row; 740 int i,x,y,pitch,depth,inc,w_lim,s; 741 int cmp_bytes; 742 743 vnc_refresh_server_surface(vd); 744 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 745 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 746 vs->force_update = 1; 747 vnc_update_client_sync(vs, 1); 748 /* vs might be free()ed here */ 749 } 750 } 751 752 /* do bitblit op on the local surface too */ 753 pitch = ds_get_linesize(vd->ds); 754 depth = ds_get_bytes_per_pixel(vd->ds); 755 src_row = vd->server->data + pitch * src_y + depth * src_x; 756 dst_row = vd->server->data + pitch * dst_y + depth * dst_x; 757 y = dst_y; 758 inc = 1; 759 if (dst_y > src_y) { 760 /* copy backwards */ 761 src_row += pitch * (h-1); 762 dst_row += pitch * (h-1); 763 pitch = -pitch; 764 y = dst_y + h - 1; 765 inc = -1; 766 } 767 w_lim = w - (16 - (dst_x % 16)); 768 if (w_lim < 0) 769 w_lim = w; 770 else 771 w_lim = w - (w_lim % 16); 772 for (i = 0; i < h; i++) { 773 for (x = 0; x <= w_lim; 774 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 775 if (x == w_lim) { 776 if ((s = w - w_lim) == 0) 777 break; 778 } else if (!x) { 779 s = (16 - (dst_x % 16)); 780 s = MIN(s, w_lim); 781 } else { 782 s = 16; 783 } 784 cmp_bytes = s * depth; 785 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 786 continue; 787 memmove(dst_row, src_row, cmp_bytes); 788 QTAILQ_FOREACH(vs, &vd->clients, next) { 789 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 790 set_bit(((x + dst_x) / 16), vs->dirty[y]); 791 } 792 } 793 } 794 src_row += pitch - w * depth; 795 dst_row += pitch - w * depth; 796 y += inc; 797 } 798 799 QTAILQ_FOREACH(vs, &vd->clients, next) { 800 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 801 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 802 } 803 } 804 } 805 806 static void vnc_mouse_set(int x, int y, int visible) 807 { 808 /* can we ask the client(s) to move the pointer ??? */ 809 } 810 811 static int vnc_cursor_define(VncState *vs) 812 { 813 QEMUCursor *c = vs->vd->cursor; 814 PixelFormat pf = qemu_default_pixelformat(32); 815 int isize; 816 817 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 818 vnc_lock_output(vs); 819 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 820 vnc_write_u8(vs, 0); /* padding */ 821 vnc_write_u16(vs, 1); /* # of rects */ 822 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 823 VNC_ENCODING_RICH_CURSOR); 824 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel; 825 vnc_write_pixels_generic(vs, &pf, c->data, isize); 826 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 827 vnc_unlock_output(vs); 828 return 0; 829 } 830 return -1; 831 } 832 833 static void vnc_dpy_cursor_define(QEMUCursor *c) 834 { 835 VncDisplay *vd = vnc_display; 836 VncState *vs; 837 838 cursor_put(vd->cursor); 839 g_free(vd->cursor_mask); 840 841 vd->cursor = c; 842 cursor_get(vd->cursor); 843 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 844 vd->cursor_mask = g_malloc0(vd->cursor_msize); 845 cursor_get_mono_mask(c, 0, vd->cursor_mask); 846 847 QTAILQ_FOREACH(vs, &vd->clients, next) { 848 vnc_cursor_define(vs); 849 } 850 } 851 852 static int find_and_clear_dirty_height(struct VncState *vs, 853 int y, int last_x, int x, int height) 854 { 855 int h; 856 857 for (h = 1; h < (height - y); h++) { 858 int tmp_x; 859 if (!test_bit(last_x, vs->dirty[y + h])) { 860 break; 861 } 862 for (tmp_x = last_x; tmp_x < x; tmp_x++) { 863 clear_bit(tmp_x, vs->dirty[y + h]); 864 } 865 } 866 867 return h; 868 } 869 870 #ifdef CONFIG_VNC_THREAD 871 static int vnc_update_client_sync(VncState *vs, int has_dirty) 872 { 873 int ret = vnc_update_client(vs, has_dirty); 874 vnc_jobs_join(vs); 875 return ret; 876 } 877 #else 878 static int vnc_update_client_sync(VncState *vs, int has_dirty) 879 { 880 return vnc_update_client(vs, has_dirty); 881 } 882 #endif 883 884 static int vnc_update_client(VncState *vs, int has_dirty) 885 { 886 if (vs->need_update && vs->csock != -1) { 887 VncDisplay *vd = vs->vd; 888 VncJob *job; 889 int y; 890 int width, height; 891 int n = 0; 892 893 894 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 895 /* kernel send buffers are full -> drop frames to throttle */ 896 return 0; 897 898 if (!has_dirty && !vs->audio_cap && !vs->force_update) 899 return 0; 900 901 /* 902 * Send screen updates to the vnc client using the server 903 * surface and server dirty map. guest surface updates 904 * happening in parallel don't disturb us, the next pass will 905 * send them to the client. 906 */ 907 job = vnc_job_new(vs); 908 909 width = MIN(vd->server->width, vs->client_width); 910 height = MIN(vd->server->height, vs->client_height); 911 912 for (y = 0; y < height; y++) { 913 int x; 914 int last_x = -1; 915 for (x = 0; x < width / 16; x++) { 916 if (test_and_clear_bit(x, vs->dirty[y])) { 917 if (last_x == -1) { 918 last_x = x; 919 } 920 } else { 921 if (last_x != -1) { 922 int h = find_and_clear_dirty_height(vs, y, last_x, x, 923 height); 924 925 n += vnc_job_add_rect(job, last_x * 16, y, 926 (x - last_x) * 16, h); 927 } 928 last_x = -1; 929 } 930 } 931 if (last_x != -1) { 932 int h = find_and_clear_dirty_height(vs, y, last_x, x, height); 933 n += vnc_job_add_rect(job, last_x * 16, y, 934 (x - last_x) * 16, h); 935 } 936 } 937 938 vnc_job_push(job); 939 vs->force_update = 0; 940 return n; 941 } 942 943 if (vs->csock == -1) 944 vnc_disconnect_finish(vs); 945 946 return 0; 947 } 948 949 /* audio */ 950 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 951 { 952 VncState *vs = opaque; 953 954 switch (cmd) { 955 case AUD_CNOTIFY_DISABLE: 956 vnc_lock_output(vs); 957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 959 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 960 vnc_unlock_output(vs); 961 vnc_flush(vs); 962 break; 963 964 case AUD_CNOTIFY_ENABLE: 965 vnc_lock_output(vs); 966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 967 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 968 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 969 vnc_unlock_output(vs); 970 vnc_flush(vs); 971 break; 972 } 973 } 974 975 static void audio_capture_destroy(void *opaque) 976 { 977 } 978 979 static void audio_capture(void *opaque, void *buf, int size) 980 { 981 VncState *vs = opaque; 982 983 vnc_lock_output(vs); 984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 985 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 986 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 987 vnc_write_u32(vs, size); 988 vnc_write(vs, buf, size); 989 vnc_unlock_output(vs); 990 vnc_flush(vs); 991 } 992 993 static void audio_add(VncState *vs) 994 { 995 struct audio_capture_ops ops; 996 997 if (vs->audio_cap) { 998 monitor_printf(default_mon, "audio already running\n"); 999 return; 1000 } 1001 1002 ops.notify = audio_capture_notify; 1003 ops.destroy = audio_capture_destroy; 1004 ops.capture = audio_capture; 1005 1006 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1007 if (!vs->audio_cap) { 1008 monitor_printf(default_mon, "Failed to add audio capture\n"); 1009 } 1010 } 1011 1012 static void audio_del(VncState *vs) 1013 { 1014 if (vs->audio_cap) { 1015 AUD_del_capture(vs->audio_cap, vs); 1016 vs->audio_cap = NULL; 1017 } 1018 } 1019 1020 static void vnc_disconnect_start(VncState *vs) 1021 { 1022 if (vs->csock == -1) 1023 return; 1024 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1025 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1026 closesocket(vs->csock); 1027 vs->csock = -1; 1028 } 1029 1030 static void vnc_disconnect_finish(VncState *vs) 1031 { 1032 int i; 1033 1034 vnc_jobs_join(vs); /* Wait encoding jobs */ 1035 1036 vnc_lock_output(vs); 1037 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1038 1039 buffer_free(&vs->input); 1040 buffer_free(&vs->output); 1041 1042 qobject_decref(vs->info); 1043 1044 vnc_zlib_clear(vs); 1045 vnc_tight_clear(vs); 1046 vnc_zrle_clear(vs); 1047 1048 #ifdef CONFIG_VNC_TLS 1049 vnc_tls_client_cleanup(vs); 1050 #endif /* CONFIG_VNC_TLS */ 1051 #ifdef CONFIG_VNC_SASL 1052 vnc_sasl_client_cleanup(vs); 1053 #endif /* CONFIG_VNC_SASL */ 1054 audio_del(vs); 1055 vnc_release_modifiers(vs); 1056 1057 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1058 1059 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1060 dcl->idle = 1; 1061 } 1062 1063 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1064 vnc_remove_timer(vs->vd); 1065 if (vs->vd->lock_key_sync) 1066 qemu_remove_led_event_handler(vs->led); 1067 vnc_unlock_output(vs); 1068 1069 #ifdef CONFIG_VNC_THREAD 1070 qemu_mutex_destroy(&vs->output_mutex); 1071 #endif 1072 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1073 g_free(vs->lossy_rect[i]); 1074 } 1075 g_free(vs->lossy_rect); 1076 g_free(vs); 1077 } 1078 1079 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1080 { 1081 if (ret == 0 || ret == -1) { 1082 if (ret == -1) { 1083 switch (last_errno) { 1084 case EINTR: 1085 case EAGAIN: 1086 #ifdef _WIN32 1087 case WSAEWOULDBLOCK: 1088 #endif 1089 return 0; 1090 default: 1091 break; 1092 } 1093 } 1094 1095 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1096 ret, ret < 0 ? last_errno : 0); 1097 vnc_disconnect_start(vs); 1098 1099 return 0; 1100 } 1101 return ret; 1102 } 1103 1104 1105 void vnc_client_error(VncState *vs) 1106 { 1107 VNC_DEBUG("Closing down client sock: protocol error\n"); 1108 vnc_disconnect_start(vs); 1109 } 1110 1111 1112 /* 1113 * Called to write a chunk of data to the client socket. The data may 1114 * be the raw data, or may have already been encoded by SASL. 1115 * The data will be written either straight onto the socket, or 1116 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1117 * 1118 * NB, it is theoretically possible to have 2 layers of encryption, 1119 * both SASL, and this TLS layer. It is highly unlikely in practice 1120 * though, since SASL encryption will typically be a no-op if TLS 1121 * is active 1122 * 1123 * Returns the number of bytes written, which may be less than 1124 * the requested 'datalen' if the socket would block. Returns 1125 * -1 on error, and disconnects the client socket. 1126 */ 1127 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1128 { 1129 long ret; 1130 #ifdef CONFIG_VNC_TLS 1131 if (vs->tls.session) { 1132 ret = gnutls_write(vs->tls.session, data, datalen); 1133 if (ret < 0) { 1134 if (ret == GNUTLS_E_AGAIN) 1135 errno = EAGAIN; 1136 else 1137 errno = EIO; 1138 ret = -1; 1139 } 1140 } else 1141 #endif /* CONFIG_VNC_TLS */ 1142 ret = send(vs->csock, (const void *)data, datalen, 0); 1143 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1144 return vnc_client_io_error(vs, ret, socket_error()); 1145 } 1146 1147 1148 /* 1149 * Called to write buffered data to the client socket, when not 1150 * using any SASL SSF encryption layers. Will write as much data 1151 * as possible without blocking. If all buffered data is written, 1152 * will switch the FD poll() handler back to read monitoring. 1153 * 1154 * Returns the number of bytes written, which may be less than 1155 * the buffered output data if the socket would block. Returns 1156 * -1 on error, and disconnects the client socket. 1157 */ 1158 static long vnc_client_write_plain(VncState *vs) 1159 { 1160 long ret; 1161 1162 #ifdef CONFIG_VNC_SASL 1163 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1164 vs->output.buffer, vs->output.capacity, vs->output.offset, 1165 vs->sasl.waitWriteSSF); 1166 1167 if (vs->sasl.conn && 1168 vs->sasl.runSSF && 1169 vs->sasl.waitWriteSSF) { 1170 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1171 if (ret) 1172 vs->sasl.waitWriteSSF -= ret; 1173 } else 1174 #endif /* CONFIG_VNC_SASL */ 1175 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1176 if (!ret) 1177 return 0; 1178 1179 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret)); 1180 vs->output.offset -= ret; 1181 1182 if (vs->output.offset == 0) { 1183 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1184 } 1185 1186 return ret; 1187 } 1188 1189 1190 /* 1191 * First function called whenever there is data to be written to 1192 * the client socket. Will delegate actual work according to whether 1193 * SASL SSF layers are enabled (thus requiring encryption calls) 1194 */ 1195 static void vnc_client_write_locked(void *opaque) 1196 { 1197 VncState *vs = opaque; 1198 1199 #ifdef CONFIG_VNC_SASL 1200 if (vs->sasl.conn && 1201 vs->sasl.runSSF && 1202 !vs->sasl.waitWriteSSF) { 1203 vnc_client_write_sasl(vs); 1204 } else 1205 #endif /* CONFIG_VNC_SASL */ 1206 vnc_client_write_plain(vs); 1207 } 1208 1209 void vnc_client_write(void *opaque) 1210 { 1211 VncState *vs = opaque; 1212 1213 vnc_lock_output(vs); 1214 if (vs->output.offset) { 1215 vnc_client_write_locked(opaque); 1216 } else if (vs->csock != -1) { 1217 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1218 } 1219 vnc_unlock_output(vs); 1220 } 1221 1222 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1223 { 1224 vs->read_handler = func; 1225 vs->read_handler_expect = expecting; 1226 } 1227 1228 1229 /* 1230 * Called to read a chunk of data from the client socket. The data may 1231 * be the raw data, or may need to be further decoded by SASL. 1232 * The data will be read either straight from to the socket, or 1233 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1234 * 1235 * NB, it is theoretically possible to have 2 layers of encryption, 1236 * both SASL, and this TLS layer. It is highly unlikely in practice 1237 * though, since SASL encryption will typically be a no-op if TLS 1238 * is active 1239 * 1240 * Returns the number of bytes read, which may be less than 1241 * the requested 'datalen' if the socket would block. Returns 1242 * -1 on error, and disconnects the client socket. 1243 */ 1244 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1245 { 1246 long ret; 1247 #ifdef CONFIG_VNC_TLS 1248 if (vs->tls.session) { 1249 ret = gnutls_read(vs->tls.session, data, datalen); 1250 if (ret < 0) { 1251 if (ret == GNUTLS_E_AGAIN) 1252 errno = EAGAIN; 1253 else 1254 errno = EIO; 1255 ret = -1; 1256 } 1257 } else 1258 #endif /* CONFIG_VNC_TLS */ 1259 ret = qemu_recv(vs->csock, data, datalen, 0); 1260 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1261 return vnc_client_io_error(vs, ret, socket_error()); 1262 } 1263 1264 1265 /* 1266 * Called to read data from the client socket to the input buffer, 1267 * when not using any SASL SSF encryption layers. Will read as much 1268 * data as possible without blocking. 1269 * 1270 * Returns the number of bytes read. Returns -1 on error, and 1271 * disconnects the client socket. 1272 */ 1273 static long vnc_client_read_plain(VncState *vs) 1274 { 1275 int ret; 1276 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1277 vs->input.buffer, vs->input.capacity, vs->input.offset); 1278 buffer_reserve(&vs->input, 4096); 1279 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1280 if (!ret) 1281 return 0; 1282 vs->input.offset += ret; 1283 return ret; 1284 } 1285 1286 1287 /* 1288 * First function called whenever there is more data to be read from 1289 * the client socket. Will delegate actual work according to whether 1290 * SASL SSF layers are enabled (thus requiring decryption calls) 1291 */ 1292 void vnc_client_read(void *opaque) 1293 { 1294 VncState *vs = opaque; 1295 long ret; 1296 1297 #ifdef CONFIG_VNC_SASL 1298 if (vs->sasl.conn && vs->sasl.runSSF) 1299 ret = vnc_client_read_sasl(vs); 1300 else 1301 #endif /* CONFIG_VNC_SASL */ 1302 ret = vnc_client_read_plain(vs); 1303 if (!ret) { 1304 if (vs->csock == -1) 1305 vnc_disconnect_finish(vs); 1306 return; 1307 } 1308 1309 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1310 size_t len = vs->read_handler_expect; 1311 int ret; 1312 1313 ret = vs->read_handler(vs, vs->input.buffer, len); 1314 if (vs->csock == -1) { 1315 vnc_disconnect_finish(vs); 1316 return; 1317 } 1318 1319 if (!ret) { 1320 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len)); 1321 vs->input.offset -= len; 1322 } else { 1323 vs->read_handler_expect = ret; 1324 } 1325 } 1326 } 1327 1328 void vnc_write(VncState *vs, const void *data, size_t len) 1329 { 1330 buffer_reserve(&vs->output, len); 1331 1332 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1333 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1334 } 1335 1336 buffer_append(&vs->output, data, len); 1337 } 1338 1339 void vnc_write_s32(VncState *vs, int32_t value) 1340 { 1341 vnc_write_u32(vs, *(uint32_t *)&value); 1342 } 1343 1344 void vnc_write_u32(VncState *vs, uint32_t value) 1345 { 1346 uint8_t buf[4]; 1347 1348 buf[0] = (value >> 24) & 0xFF; 1349 buf[1] = (value >> 16) & 0xFF; 1350 buf[2] = (value >> 8) & 0xFF; 1351 buf[3] = value & 0xFF; 1352 1353 vnc_write(vs, buf, 4); 1354 } 1355 1356 void vnc_write_u16(VncState *vs, uint16_t value) 1357 { 1358 uint8_t buf[2]; 1359 1360 buf[0] = (value >> 8) & 0xFF; 1361 buf[1] = value & 0xFF; 1362 1363 vnc_write(vs, buf, 2); 1364 } 1365 1366 void vnc_write_u8(VncState *vs, uint8_t value) 1367 { 1368 vnc_write(vs, (char *)&value, 1); 1369 } 1370 1371 void vnc_flush(VncState *vs) 1372 { 1373 vnc_lock_output(vs); 1374 if (vs->csock != -1 && vs->output.offset) { 1375 vnc_client_write_locked(vs); 1376 } 1377 vnc_unlock_output(vs); 1378 } 1379 1380 uint8_t read_u8(uint8_t *data, size_t offset) 1381 { 1382 return data[offset]; 1383 } 1384 1385 uint16_t read_u16(uint8_t *data, size_t offset) 1386 { 1387 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1388 } 1389 1390 int32_t read_s32(uint8_t *data, size_t offset) 1391 { 1392 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1393 (data[offset + 2] << 8) | data[offset + 3]); 1394 } 1395 1396 uint32_t read_u32(uint8_t *data, size_t offset) 1397 { 1398 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1399 (data[offset + 2] << 8) | data[offset + 3]); 1400 } 1401 1402 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1403 { 1404 } 1405 1406 static void check_pointer_type_change(Notifier *notifier, void *data) 1407 { 1408 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1409 int absolute = kbd_mouse_is_absolute(); 1410 1411 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1412 vnc_lock_output(vs); 1413 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1414 vnc_write_u8(vs, 0); 1415 vnc_write_u16(vs, 1); 1416 vnc_framebuffer_update(vs, absolute, 0, 1417 ds_get_width(vs->ds), ds_get_height(vs->ds), 1418 VNC_ENCODING_POINTER_TYPE_CHANGE); 1419 vnc_unlock_output(vs); 1420 vnc_flush(vs); 1421 } 1422 vs->absolute = absolute; 1423 } 1424 1425 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1426 { 1427 int buttons = 0; 1428 int dz = 0; 1429 1430 if (button_mask & 0x01) 1431 buttons |= MOUSE_EVENT_LBUTTON; 1432 if (button_mask & 0x02) 1433 buttons |= MOUSE_EVENT_MBUTTON; 1434 if (button_mask & 0x04) 1435 buttons |= MOUSE_EVENT_RBUTTON; 1436 if (button_mask & 0x08) 1437 dz = -1; 1438 if (button_mask & 0x10) 1439 dz = 1; 1440 1441 if (vs->absolute) { 1442 kbd_mouse_event(ds_get_width(vs->ds) > 1 ? 1443 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000, 1444 ds_get_height(vs->ds) > 1 ? 1445 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000, 1446 dz, buttons); 1447 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1448 x -= 0x7FFF; 1449 y -= 0x7FFF; 1450 1451 kbd_mouse_event(x, y, dz, buttons); 1452 } else { 1453 if (vs->last_x != -1) 1454 kbd_mouse_event(x - vs->last_x, 1455 y - vs->last_y, 1456 dz, buttons); 1457 vs->last_x = x; 1458 vs->last_y = y; 1459 } 1460 } 1461 1462 static void reset_keys(VncState *vs) 1463 { 1464 int i; 1465 for(i = 0; i < 256; i++) { 1466 if (vs->modifiers_state[i]) { 1467 if (i & SCANCODE_GREY) 1468 kbd_put_keycode(SCANCODE_EMUL0); 1469 kbd_put_keycode(i | SCANCODE_UP); 1470 vs->modifiers_state[i] = 0; 1471 } 1472 } 1473 } 1474 1475 static void press_key(VncState *vs, int keysym) 1476 { 1477 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1478 if (keycode & SCANCODE_GREY) 1479 kbd_put_keycode(SCANCODE_EMUL0); 1480 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1481 if (keycode & SCANCODE_GREY) 1482 kbd_put_keycode(SCANCODE_EMUL0); 1483 kbd_put_keycode(keycode | SCANCODE_UP); 1484 } 1485 1486 static void kbd_leds(void *opaque, int ledstate) 1487 { 1488 VncState *vs = opaque; 1489 int caps, num; 1490 1491 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1492 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1493 1494 if (vs->modifiers_state[0x3a] != caps) { 1495 vs->modifiers_state[0x3a] = caps; 1496 } 1497 if (vs->modifiers_state[0x45] != num) { 1498 vs->modifiers_state[0x45] = num; 1499 } 1500 } 1501 1502 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1503 { 1504 /* QEMU console switch */ 1505 switch(keycode) { 1506 case 0x2a: /* Left Shift */ 1507 case 0x36: /* Right Shift */ 1508 case 0x1d: /* Left CTRL */ 1509 case 0x9d: /* Right CTRL */ 1510 case 0x38: /* Left ALT */ 1511 case 0xb8: /* Right ALT */ 1512 if (down) 1513 vs->modifiers_state[keycode] = 1; 1514 else 1515 vs->modifiers_state[keycode] = 0; 1516 break; 1517 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1518 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1519 /* Reset the modifiers sent to the current console */ 1520 reset_keys(vs); 1521 console_select(keycode - 0x02); 1522 return; 1523 } 1524 break; 1525 case 0x3a: /* CapsLock */ 1526 case 0x45: /* NumLock */ 1527 if (down) 1528 vs->modifiers_state[keycode] ^= 1; 1529 break; 1530 } 1531 1532 if (down && vs->vd->lock_key_sync && 1533 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1534 /* If the numlock state needs to change then simulate an additional 1535 keypress before sending this one. This will happen if the user 1536 toggles numlock away from the VNC window. 1537 */ 1538 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1539 if (!vs->modifiers_state[0x45]) { 1540 vs->modifiers_state[0x45] = 1; 1541 press_key(vs, 0xff7f); 1542 } 1543 } else { 1544 if (vs->modifiers_state[0x45]) { 1545 vs->modifiers_state[0x45] = 0; 1546 press_key(vs, 0xff7f); 1547 } 1548 } 1549 } 1550 1551 if (down && vs->vd->lock_key_sync && 1552 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1553 /* If the capslock state needs to change then simulate an additional 1554 keypress before sending this one. This will happen if the user 1555 toggles capslock away from the VNC window. 1556 */ 1557 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1558 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1559 int capslock = !!(vs->modifiers_state[0x3a]); 1560 if (capslock) { 1561 if (uppercase == shift) { 1562 vs->modifiers_state[0x3a] = 0; 1563 press_key(vs, 0xffe5); 1564 } 1565 } else { 1566 if (uppercase != shift) { 1567 vs->modifiers_state[0x3a] = 1; 1568 press_key(vs, 0xffe5); 1569 } 1570 } 1571 } 1572 1573 if (is_graphic_console()) { 1574 if (keycode & SCANCODE_GREY) 1575 kbd_put_keycode(SCANCODE_EMUL0); 1576 if (down) 1577 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1578 else 1579 kbd_put_keycode(keycode | SCANCODE_UP); 1580 } else { 1581 bool numlock = vs->modifiers_state[0x45]; 1582 bool control = (vs->modifiers_state[0x1d] || 1583 vs->modifiers_state[0x9d]); 1584 /* QEMU console emulation */ 1585 if (down) { 1586 switch (keycode) { 1587 case 0x2a: /* Left Shift */ 1588 case 0x36: /* Right Shift */ 1589 case 0x1d: /* Left CTRL */ 1590 case 0x9d: /* Right CTRL */ 1591 case 0x38: /* Left ALT */ 1592 case 0xb8: /* Right ALT */ 1593 break; 1594 case 0xc8: 1595 kbd_put_keysym(QEMU_KEY_UP); 1596 break; 1597 case 0xd0: 1598 kbd_put_keysym(QEMU_KEY_DOWN); 1599 break; 1600 case 0xcb: 1601 kbd_put_keysym(QEMU_KEY_LEFT); 1602 break; 1603 case 0xcd: 1604 kbd_put_keysym(QEMU_KEY_RIGHT); 1605 break; 1606 case 0xd3: 1607 kbd_put_keysym(QEMU_KEY_DELETE); 1608 break; 1609 case 0xc7: 1610 kbd_put_keysym(QEMU_KEY_HOME); 1611 break; 1612 case 0xcf: 1613 kbd_put_keysym(QEMU_KEY_END); 1614 break; 1615 case 0xc9: 1616 kbd_put_keysym(QEMU_KEY_PAGEUP); 1617 break; 1618 case 0xd1: 1619 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1620 break; 1621 1622 case 0x47: 1623 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1624 break; 1625 case 0x48: 1626 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1627 break; 1628 case 0x49: 1629 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1630 break; 1631 case 0x4b: 1632 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1633 break; 1634 case 0x4c: 1635 kbd_put_keysym('5'); 1636 break; 1637 case 0x4d: 1638 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1639 break; 1640 case 0x4f: 1641 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1642 break; 1643 case 0x50: 1644 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1645 break; 1646 case 0x51: 1647 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1648 break; 1649 case 0x52: 1650 kbd_put_keysym('0'); 1651 break; 1652 case 0x53: 1653 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1654 break; 1655 1656 case 0xb5: 1657 kbd_put_keysym('/'); 1658 break; 1659 case 0x37: 1660 kbd_put_keysym('*'); 1661 break; 1662 case 0x4a: 1663 kbd_put_keysym('-'); 1664 break; 1665 case 0x4e: 1666 kbd_put_keysym('+'); 1667 break; 1668 case 0x9c: 1669 kbd_put_keysym('\n'); 1670 break; 1671 1672 default: 1673 if (control) { 1674 kbd_put_keysym(sym & 0x1f); 1675 } else { 1676 kbd_put_keysym(sym); 1677 } 1678 break; 1679 } 1680 } 1681 } 1682 } 1683 1684 static void vnc_release_modifiers(VncState *vs) 1685 { 1686 static const int keycodes[] = { 1687 /* shift, control, alt keys, both left & right */ 1688 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1689 }; 1690 int i, keycode; 1691 1692 if (!is_graphic_console()) { 1693 return; 1694 } 1695 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1696 keycode = keycodes[i]; 1697 if (!vs->modifiers_state[keycode]) { 1698 continue; 1699 } 1700 if (keycode & SCANCODE_GREY) { 1701 kbd_put_keycode(SCANCODE_EMUL0); 1702 } 1703 kbd_put_keycode(keycode | SCANCODE_UP); 1704 } 1705 } 1706 1707 static void key_event(VncState *vs, int down, uint32_t sym) 1708 { 1709 int keycode; 1710 int lsym = sym; 1711 1712 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) { 1713 lsym = lsym - 'A' + 'a'; 1714 } 1715 1716 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1717 do_key_event(vs, down, keycode, sym); 1718 } 1719 1720 static void ext_key_event(VncState *vs, int down, 1721 uint32_t sym, uint16_t keycode) 1722 { 1723 /* if the user specifies a keyboard layout, always use it */ 1724 if (keyboard_layout) 1725 key_event(vs, down, sym); 1726 else 1727 do_key_event(vs, down, keycode, sym); 1728 } 1729 1730 static void framebuffer_update_request(VncState *vs, int incremental, 1731 int x_position, int y_position, 1732 int w, int h) 1733 { 1734 int i; 1735 const size_t width = ds_get_width(vs->ds) / 16; 1736 1737 if (y_position > ds_get_height(vs->ds)) 1738 y_position = ds_get_height(vs->ds); 1739 if (y_position + h >= ds_get_height(vs->ds)) 1740 h = ds_get_height(vs->ds) - y_position; 1741 1742 vs->need_update = 1; 1743 if (!incremental) { 1744 vs->force_update = 1; 1745 for (i = 0; i < h; i++) { 1746 bitmap_set(vs->dirty[y_position + i], 0, width); 1747 bitmap_clear(vs->dirty[y_position + i], width, 1748 VNC_DIRTY_BITS - width); 1749 } 1750 } 1751 } 1752 1753 static void send_ext_key_event_ack(VncState *vs) 1754 { 1755 vnc_lock_output(vs); 1756 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1757 vnc_write_u8(vs, 0); 1758 vnc_write_u16(vs, 1); 1759 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1760 VNC_ENCODING_EXT_KEY_EVENT); 1761 vnc_unlock_output(vs); 1762 vnc_flush(vs); 1763 } 1764 1765 static void send_ext_audio_ack(VncState *vs) 1766 { 1767 vnc_lock_output(vs); 1768 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1769 vnc_write_u8(vs, 0); 1770 vnc_write_u16(vs, 1); 1771 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1772 VNC_ENCODING_AUDIO); 1773 vnc_unlock_output(vs); 1774 vnc_flush(vs); 1775 } 1776 1777 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1778 { 1779 int i; 1780 unsigned int enc = 0; 1781 1782 vs->features = 0; 1783 vs->vnc_encoding = 0; 1784 vs->tight.compression = 9; 1785 vs->tight.quality = -1; /* Lossless by default */ 1786 vs->absolute = -1; 1787 1788 /* 1789 * Start from the end because the encodings are sent in order of preference. 1790 * This way the preferred encoding (first encoding defined in the array) 1791 * will be set at the end of the loop. 1792 */ 1793 for (i = n_encodings - 1; i >= 0; i--) { 1794 enc = encodings[i]; 1795 switch (enc) { 1796 case VNC_ENCODING_RAW: 1797 vs->vnc_encoding = enc; 1798 break; 1799 case VNC_ENCODING_COPYRECT: 1800 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1801 break; 1802 case VNC_ENCODING_HEXTILE: 1803 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1804 vs->vnc_encoding = enc; 1805 break; 1806 case VNC_ENCODING_TIGHT: 1807 vs->features |= VNC_FEATURE_TIGHT_MASK; 1808 vs->vnc_encoding = enc; 1809 break; 1810 case VNC_ENCODING_TIGHT_PNG: 1811 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1812 vs->vnc_encoding = enc; 1813 break; 1814 case VNC_ENCODING_ZLIB: 1815 vs->features |= VNC_FEATURE_ZLIB_MASK; 1816 vs->vnc_encoding = enc; 1817 break; 1818 case VNC_ENCODING_ZRLE: 1819 vs->features |= VNC_FEATURE_ZRLE_MASK; 1820 vs->vnc_encoding = enc; 1821 break; 1822 case VNC_ENCODING_ZYWRLE: 1823 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1824 vs->vnc_encoding = enc; 1825 break; 1826 case VNC_ENCODING_DESKTOPRESIZE: 1827 vs->features |= VNC_FEATURE_RESIZE_MASK; 1828 break; 1829 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1830 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1831 break; 1832 case VNC_ENCODING_RICH_CURSOR: 1833 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1834 break; 1835 case VNC_ENCODING_EXT_KEY_EVENT: 1836 send_ext_key_event_ack(vs); 1837 break; 1838 case VNC_ENCODING_AUDIO: 1839 send_ext_audio_ack(vs); 1840 break; 1841 case VNC_ENCODING_WMVi: 1842 vs->features |= VNC_FEATURE_WMVI_MASK; 1843 break; 1844 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1845 vs->tight.compression = (enc & 0x0F); 1846 break; 1847 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1848 if (vs->vd->lossy) { 1849 vs->tight.quality = (enc & 0x0F); 1850 } 1851 break; 1852 default: 1853 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1854 break; 1855 } 1856 } 1857 vnc_desktop_resize(vs); 1858 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1859 } 1860 1861 static void set_pixel_conversion(VncState *vs) 1862 { 1863 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) == 1864 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) && 1865 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) { 1866 vs->write_pixels = vnc_write_pixels_copy; 1867 vnc_hextile_set_pixel_conversion(vs, 0); 1868 } else { 1869 vs->write_pixels = vnc_write_pixels_generic; 1870 vnc_hextile_set_pixel_conversion(vs, 1); 1871 } 1872 } 1873 1874 static void set_pixel_format(VncState *vs, 1875 int bits_per_pixel, int depth, 1876 int big_endian_flag, int true_color_flag, 1877 int red_max, int green_max, int blue_max, 1878 int red_shift, int green_shift, int blue_shift) 1879 { 1880 if (!true_color_flag) { 1881 vnc_client_error(vs); 1882 return; 1883 } 1884 1885 vs->clientds = *(vs->vd->guest.ds); 1886 vs->clientds.pf.rmax = red_max; 1887 vs->clientds.pf.rbits = hweight_long(red_max); 1888 vs->clientds.pf.rshift = red_shift; 1889 vs->clientds.pf.rmask = red_max << red_shift; 1890 vs->clientds.pf.gmax = green_max; 1891 vs->clientds.pf.gbits = hweight_long(green_max); 1892 vs->clientds.pf.gshift = green_shift; 1893 vs->clientds.pf.gmask = green_max << green_shift; 1894 vs->clientds.pf.bmax = blue_max; 1895 vs->clientds.pf.bbits = hweight_long(blue_max); 1896 vs->clientds.pf.bshift = blue_shift; 1897 vs->clientds.pf.bmask = blue_max << blue_shift; 1898 vs->clientds.pf.bits_per_pixel = bits_per_pixel; 1899 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8; 1900 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 1901 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00; 1902 1903 set_pixel_conversion(vs); 1904 1905 vga_hw_invalidate(); 1906 vga_hw_update(); 1907 } 1908 1909 static void pixel_format_message (VncState *vs) { 1910 char pad[3] = { 0, 0, 0 }; 1911 1912 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */ 1913 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */ 1914 1915 #ifdef HOST_WORDS_BIGENDIAN 1916 vnc_write_u8(vs, 1); /* big-endian-flag */ 1917 #else 1918 vnc_write_u8(vs, 0); /* big-endian-flag */ 1919 #endif 1920 vnc_write_u8(vs, 1); /* true-color-flag */ 1921 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */ 1922 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */ 1923 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */ 1924 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */ 1925 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */ 1926 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */ 1927 1928 vnc_hextile_set_pixel_conversion(vs, 0); 1929 1930 vs->clientds = *(vs->ds->surface); 1931 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG; 1932 vs->write_pixels = vnc_write_pixels_copy; 1933 1934 vnc_write(vs, pad, 3); /* padding */ 1935 } 1936 1937 static void vnc_dpy_setdata(DisplayState *ds) 1938 { 1939 /* We don't have to do anything */ 1940 } 1941 1942 static void vnc_colordepth(VncState *vs) 1943 { 1944 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 1945 /* Sending a WMVi message to notify the client*/ 1946 vnc_lock_output(vs); 1947 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1948 vnc_write_u8(vs, 0); 1949 vnc_write_u16(vs, 1); /* number of rects */ 1950 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 1951 ds_get_height(vs->ds), VNC_ENCODING_WMVi); 1952 pixel_format_message(vs); 1953 vnc_unlock_output(vs); 1954 vnc_flush(vs); 1955 } else { 1956 set_pixel_conversion(vs); 1957 } 1958 } 1959 1960 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 1961 { 1962 int i; 1963 uint16_t limit; 1964 VncDisplay *vd = vs->vd; 1965 1966 if (data[0] > 3) { 1967 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 1968 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval)) 1969 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 1970 } 1971 1972 switch (data[0]) { 1973 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 1974 if (len == 1) 1975 return 20; 1976 1977 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 1978 read_u8(data, 6), read_u8(data, 7), 1979 read_u16(data, 8), read_u16(data, 10), 1980 read_u16(data, 12), read_u8(data, 14), 1981 read_u8(data, 15), read_u8(data, 16)); 1982 break; 1983 case VNC_MSG_CLIENT_SET_ENCODINGS: 1984 if (len == 1) 1985 return 4; 1986 1987 if (len == 4) { 1988 limit = read_u16(data, 2); 1989 if (limit > 0) 1990 return 4 + (limit * 4); 1991 } else 1992 limit = read_u16(data, 2); 1993 1994 for (i = 0; i < limit; i++) { 1995 int32_t val = read_s32(data, 4 + (i * 4)); 1996 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 1997 } 1998 1999 set_encodings(vs, (int32_t *)(data + 4), limit); 2000 break; 2001 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2002 if (len == 1) 2003 return 10; 2004 2005 framebuffer_update_request(vs, 2006 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2007 read_u16(data, 6), read_u16(data, 8)); 2008 break; 2009 case VNC_MSG_CLIENT_KEY_EVENT: 2010 if (len == 1) 2011 return 8; 2012 2013 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2014 break; 2015 case VNC_MSG_CLIENT_POINTER_EVENT: 2016 if (len == 1) 2017 return 6; 2018 2019 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2020 break; 2021 case VNC_MSG_CLIENT_CUT_TEXT: 2022 if (len == 1) 2023 return 8; 2024 2025 if (len == 8) { 2026 uint32_t dlen = read_u32(data, 4); 2027 if (dlen > 0) 2028 return 8 + dlen; 2029 } 2030 2031 client_cut_text(vs, read_u32(data, 4), data + 8); 2032 break; 2033 case VNC_MSG_CLIENT_QEMU: 2034 if (len == 1) 2035 return 2; 2036 2037 switch (read_u8(data, 1)) { 2038 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2039 if (len == 2) 2040 return 12; 2041 2042 ext_key_event(vs, read_u16(data, 2), 2043 read_u32(data, 4), read_u32(data, 8)); 2044 break; 2045 case VNC_MSG_CLIENT_QEMU_AUDIO: 2046 if (len == 2) 2047 return 4; 2048 2049 switch (read_u16 (data, 2)) { 2050 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2051 audio_add(vs); 2052 break; 2053 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2054 audio_del(vs); 2055 break; 2056 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2057 if (len == 4) 2058 return 10; 2059 switch (read_u8(data, 4)) { 2060 case 0: vs->as.fmt = AUD_FMT_U8; break; 2061 case 1: vs->as.fmt = AUD_FMT_S8; break; 2062 case 2: vs->as.fmt = AUD_FMT_U16; break; 2063 case 3: vs->as.fmt = AUD_FMT_S16; break; 2064 case 4: vs->as.fmt = AUD_FMT_U32; break; 2065 case 5: vs->as.fmt = AUD_FMT_S32; break; 2066 default: 2067 printf("Invalid audio format %d\n", read_u8(data, 4)); 2068 vnc_client_error(vs); 2069 break; 2070 } 2071 vs->as.nchannels = read_u8(data, 5); 2072 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2073 printf("Invalid audio channel coount %d\n", 2074 read_u8(data, 5)); 2075 vnc_client_error(vs); 2076 break; 2077 } 2078 vs->as.freq = read_u32(data, 6); 2079 break; 2080 default: 2081 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2082 vnc_client_error(vs); 2083 break; 2084 } 2085 break; 2086 2087 default: 2088 printf("Msg: %d\n", read_u16(data, 0)); 2089 vnc_client_error(vs); 2090 break; 2091 } 2092 break; 2093 default: 2094 printf("Msg: %d\n", data[0]); 2095 vnc_client_error(vs); 2096 break; 2097 } 2098 2099 vnc_read_when(vs, protocol_client_msg, 1); 2100 return 0; 2101 } 2102 2103 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2104 { 2105 char buf[1024]; 2106 VncShareMode mode; 2107 int size; 2108 2109 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2110 switch (vs->vd->share_policy) { 2111 case VNC_SHARE_POLICY_IGNORE: 2112 /* 2113 * Ignore the shared flag. Nothing to do here. 2114 * 2115 * Doesn't conform to the rfb spec but is traditional qemu 2116 * behavior, thus left here as option for compatibility 2117 * reasons. 2118 */ 2119 break; 2120 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2121 /* 2122 * Policy: Allow clients ask for exclusive access. 2123 * 2124 * Implementation: When a client asks for exclusive access, 2125 * disconnect all others. Shared connects are allowed as long 2126 * as no exclusive connection exists. 2127 * 2128 * This is how the rfb spec suggests to handle the shared flag. 2129 */ 2130 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2131 VncState *client; 2132 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2133 if (vs == client) { 2134 continue; 2135 } 2136 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2137 client->share_mode != VNC_SHARE_MODE_SHARED) { 2138 continue; 2139 } 2140 vnc_disconnect_start(client); 2141 } 2142 } 2143 if (mode == VNC_SHARE_MODE_SHARED) { 2144 if (vs->vd->num_exclusive > 0) { 2145 vnc_disconnect_start(vs); 2146 return 0; 2147 } 2148 } 2149 break; 2150 case VNC_SHARE_POLICY_FORCE_SHARED: 2151 /* 2152 * Policy: Shared connects only. 2153 * Implementation: Disallow clients asking for exclusive access. 2154 * 2155 * Useful for shared desktop sessions where you don't want 2156 * someone forgetting to say -shared when running the vnc 2157 * client disconnect everybody else. 2158 */ 2159 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2160 vnc_disconnect_start(vs); 2161 return 0; 2162 } 2163 break; 2164 } 2165 vnc_set_share_mode(vs, mode); 2166 2167 vs->client_width = ds_get_width(vs->ds); 2168 vs->client_height = ds_get_height(vs->ds); 2169 vnc_write_u16(vs, vs->client_width); 2170 vnc_write_u16(vs, vs->client_height); 2171 2172 pixel_format_message(vs); 2173 2174 if (qemu_name) 2175 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2176 else 2177 size = snprintf(buf, sizeof(buf), "QEMU"); 2178 2179 vnc_write_u32(vs, size); 2180 vnc_write(vs, buf, size); 2181 vnc_flush(vs); 2182 2183 vnc_client_cache_auth(vs); 2184 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2185 2186 vnc_read_when(vs, protocol_client_msg, 1); 2187 2188 return 0; 2189 } 2190 2191 void start_client_init(VncState *vs) 2192 { 2193 vnc_read_when(vs, protocol_client_init, 1); 2194 } 2195 2196 static void make_challenge(VncState *vs) 2197 { 2198 int i; 2199 2200 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2201 2202 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2203 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2204 } 2205 2206 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2207 { 2208 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2209 int i, j, pwlen; 2210 unsigned char key[8]; 2211 time_t now = time(NULL); 2212 2213 if (!vs->vd->password) { 2214 VNC_DEBUG("No password configured on server"); 2215 goto reject; 2216 } 2217 if (vs->vd->expires < now) { 2218 VNC_DEBUG("Password is expired"); 2219 goto reject; 2220 } 2221 2222 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2223 2224 /* Calculate the expected challenge response */ 2225 pwlen = strlen(vs->vd->password); 2226 for (i=0; i<sizeof(key); i++) 2227 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2228 deskey(key, EN0); 2229 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2230 des(response+j, response+j); 2231 2232 /* Compare expected vs actual challenge response */ 2233 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2234 VNC_DEBUG("Client challenge response did not match\n"); 2235 goto reject; 2236 } else { 2237 VNC_DEBUG("Accepting VNC challenge response\n"); 2238 vnc_write_u32(vs, 0); /* Accept auth */ 2239 vnc_flush(vs); 2240 2241 start_client_init(vs); 2242 } 2243 return 0; 2244 2245 reject: 2246 vnc_write_u32(vs, 1); /* Reject auth */ 2247 if (vs->minor >= 8) { 2248 static const char err[] = "Authentication failed"; 2249 vnc_write_u32(vs, sizeof(err)); 2250 vnc_write(vs, err, sizeof(err)); 2251 } 2252 vnc_flush(vs); 2253 vnc_client_error(vs); 2254 return 0; 2255 } 2256 2257 void start_auth_vnc(VncState *vs) 2258 { 2259 make_challenge(vs); 2260 /* Send client a 'random' challenge */ 2261 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2262 vnc_flush(vs); 2263 2264 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2265 } 2266 2267 2268 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2269 { 2270 /* We only advertise 1 auth scheme at a time, so client 2271 * must pick the one we sent. Verify this */ 2272 if (data[0] != vs->auth) { /* Reject auth */ 2273 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2274 vnc_write_u32(vs, 1); 2275 if (vs->minor >= 8) { 2276 static const char err[] = "Authentication failed"; 2277 vnc_write_u32(vs, sizeof(err)); 2278 vnc_write(vs, err, sizeof(err)); 2279 } 2280 vnc_client_error(vs); 2281 } else { /* Accept requested auth */ 2282 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2283 switch (vs->auth) { 2284 case VNC_AUTH_NONE: 2285 VNC_DEBUG("Accept auth none\n"); 2286 if (vs->minor >= 8) { 2287 vnc_write_u32(vs, 0); /* Accept auth completion */ 2288 vnc_flush(vs); 2289 } 2290 start_client_init(vs); 2291 break; 2292 2293 case VNC_AUTH_VNC: 2294 VNC_DEBUG("Start VNC auth\n"); 2295 start_auth_vnc(vs); 2296 break; 2297 2298 #ifdef CONFIG_VNC_TLS 2299 case VNC_AUTH_VENCRYPT: 2300 VNC_DEBUG("Accept VeNCrypt auth\n"); 2301 start_auth_vencrypt(vs); 2302 break; 2303 #endif /* CONFIG_VNC_TLS */ 2304 2305 #ifdef CONFIG_VNC_SASL 2306 case VNC_AUTH_SASL: 2307 VNC_DEBUG("Accept SASL auth\n"); 2308 start_auth_sasl(vs); 2309 break; 2310 #endif /* CONFIG_VNC_SASL */ 2311 2312 default: /* Should not be possible, but just in case */ 2313 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2314 vnc_write_u8(vs, 1); 2315 if (vs->minor >= 8) { 2316 static const char err[] = "Authentication failed"; 2317 vnc_write_u32(vs, sizeof(err)); 2318 vnc_write(vs, err, sizeof(err)); 2319 } 2320 vnc_client_error(vs); 2321 } 2322 } 2323 return 0; 2324 } 2325 2326 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2327 { 2328 char local[13]; 2329 2330 memcpy(local, version, 12); 2331 local[12] = 0; 2332 2333 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2334 VNC_DEBUG("Malformed protocol version %s\n", local); 2335 vnc_client_error(vs); 2336 return 0; 2337 } 2338 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2339 if (vs->major != 3 || 2340 (vs->minor != 3 && 2341 vs->minor != 4 && 2342 vs->minor != 5 && 2343 vs->minor != 7 && 2344 vs->minor != 8)) { 2345 VNC_DEBUG("Unsupported client version\n"); 2346 vnc_write_u32(vs, VNC_AUTH_INVALID); 2347 vnc_flush(vs); 2348 vnc_client_error(vs); 2349 return 0; 2350 } 2351 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2352 * as equivalent to v3.3 by servers 2353 */ 2354 if (vs->minor == 4 || vs->minor == 5) 2355 vs->minor = 3; 2356 2357 if (vs->minor == 3) { 2358 if (vs->auth == VNC_AUTH_NONE) { 2359 VNC_DEBUG("Tell client auth none\n"); 2360 vnc_write_u32(vs, vs->auth); 2361 vnc_flush(vs); 2362 start_client_init(vs); 2363 } else if (vs->auth == VNC_AUTH_VNC) { 2364 VNC_DEBUG("Tell client VNC auth\n"); 2365 vnc_write_u32(vs, vs->auth); 2366 vnc_flush(vs); 2367 start_auth_vnc(vs); 2368 } else { 2369 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2370 vnc_write_u32(vs, VNC_AUTH_INVALID); 2371 vnc_flush(vs); 2372 vnc_client_error(vs); 2373 } 2374 } else { 2375 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2376 vnc_write_u8(vs, 1); /* num auth */ 2377 vnc_write_u8(vs, vs->auth); 2378 vnc_read_when(vs, protocol_client_auth, 1); 2379 vnc_flush(vs); 2380 } 2381 2382 return 0; 2383 } 2384 2385 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2386 { 2387 struct VncSurface *vs = &vd->guest; 2388 2389 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2390 } 2391 2392 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2393 { 2394 int i, j; 2395 2396 w = (x + w) / VNC_STAT_RECT; 2397 h = (y + h) / VNC_STAT_RECT; 2398 x /= VNC_STAT_RECT; 2399 y /= VNC_STAT_RECT; 2400 2401 for (j = y; j <= h; j++) { 2402 for (i = x; i <= w; i++) { 2403 vs->lossy_rect[j][i] = 1; 2404 } 2405 } 2406 } 2407 2408 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2409 { 2410 VncState *vs; 2411 int sty = y / VNC_STAT_RECT; 2412 int stx = x / VNC_STAT_RECT; 2413 int has_dirty = 0; 2414 2415 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2416 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2417 2418 QTAILQ_FOREACH(vs, &vd->clients, next) { 2419 int j; 2420 2421 /* kernel send buffers are full -> refresh later */ 2422 if (vs->output.offset) { 2423 continue; 2424 } 2425 2426 if (!vs->lossy_rect[sty][stx]) { 2427 continue; 2428 } 2429 2430 vs->lossy_rect[sty][stx] = 0; 2431 for (j = 0; j < VNC_STAT_RECT; ++j) { 2432 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16); 2433 } 2434 has_dirty++; 2435 } 2436 2437 return has_dirty; 2438 } 2439 2440 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2441 { 2442 int x, y; 2443 struct timeval res; 2444 int has_dirty = 0; 2445 2446 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) { 2447 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) { 2448 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2449 2450 rect->updated = false; 2451 } 2452 } 2453 2454 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2455 2456 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2457 return has_dirty; 2458 } 2459 vd->guest.last_freq_check = *tv; 2460 2461 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) { 2462 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) { 2463 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2464 int count = ARRAY_SIZE(rect->times); 2465 struct timeval min, max; 2466 2467 if (!timerisset(&rect->times[count - 1])) { 2468 continue ; 2469 } 2470 2471 max = rect->times[(rect->idx + count - 1) % count]; 2472 qemu_timersub(tv, &max, &res); 2473 2474 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2475 rect->freq = 0; 2476 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2477 memset(rect->times, 0, sizeof (rect->times)); 2478 continue ; 2479 } 2480 2481 min = rect->times[rect->idx]; 2482 max = rect->times[(rect->idx + count - 1) % count]; 2483 qemu_timersub(&max, &min, &res); 2484 2485 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2486 rect->freq /= count; 2487 rect->freq = 1. / rect->freq; 2488 } 2489 } 2490 return has_dirty; 2491 } 2492 2493 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2494 { 2495 int i, j; 2496 double total = 0; 2497 int num = 0; 2498 2499 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2500 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2501 2502 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2503 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2504 total += vnc_stat_rect(vs->vd, i, j)->freq; 2505 num++; 2506 } 2507 } 2508 2509 if (num) { 2510 return total / num; 2511 } else { 2512 return 0; 2513 } 2514 } 2515 2516 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2517 { 2518 VncRectStat *rect; 2519 2520 rect = vnc_stat_rect(vd, x, y); 2521 if (rect->updated) { 2522 return ; 2523 } 2524 rect->times[rect->idx] = *tv; 2525 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2526 rect->updated = true; 2527 } 2528 2529 static int vnc_refresh_server_surface(VncDisplay *vd) 2530 { 2531 int y; 2532 uint8_t *guest_row; 2533 uint8_t *server_row; 2534 int cmp_bytes; 2535 VncState *vs; 2536 int has_dirty = 0; 2537 2538 struct timeval tv = { 0, 0 }; 2539 2540 if (!vd->non_adaptive) { 2541 gettimeofday(&tv, NULL); 2542 has_dirty = vnc_update_stats(vd, &tv); 2543 } 2544 2545 /* 2546 * Walk through the guest dirty map. 2547 * Check and copy modified bits from guest to server surface. 2548 * Update server dirty map. 2549 */ 2550 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds); 2551 guest_row = vd->guest.ds->data; 2552 server_row = vd->server->data; 2553 for (y = 0; y < vd->guest.ds->height; y++) { 2554 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) { 2555 int x; 2556 uint8_t *guest_ptr; 2557 uint8_t *server_ptr; 2558 2559 guest_ptr = guest_row; 2560 server_ptr = server_row; 2561 2562 for (x = 0; x + 15 < vd->guest.ds->width; 2563 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2564 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y])) 2565 continue; 2566 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2567 continue; 2568 memcpy(server_ptr, guest_ptr, cmp_bytes); 2569 if (!vd->non_adaptive) 2570 vnc_rect_updated(vd, x, y, &tv); 2571 QTAILQ_FOREACH(vs, &vd->clients, next) { 2572 set_bit((x / 16), vs->dirty[y]); 2573 } 2574 has_dirty++; 2575 } 2576 } 2577 guest_row += ds_get_linesize(vd->ds); 2578 server_row += ds_get_linesize(vd->ds); 2579 } 2580 return has_dirty; 2581 } 2582 2583 static void vnc_refresh(void *opaque) 2584 { 2585 VncDisplay *vd = opaque; 2586 VncState *vs, *vn; 2587 int has_dirty, rects = 0; 2588 2589 vga_hw_update(); 2590 2591 if (vnc_trylock_display(vd)) { 2592 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2593 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + 2594 vd->timer_interval); 2595 return; 2596 } 2597 2598 has_dirty = vnc_refresh_server_surface(vd); 2599 vnc_unlock_display(vd); 2600 2601 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2602 rects += vnc_update_client(vs, has_dirty); 2603 /* vs might be free()ed here */ 2604 } 2605 2606 /* vd->timer could be NULL now if the last client disconnected, 2607 * in this case don't update the timer */ 2608 if (vd->timer == NULL) 2609 return; 2610 2611 if (has_dirty && rects) { 2612 vd->timer_interval /= 2; 2613 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE) 2614 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2615 } else { 2616 vd->timer_interval += VNC_REFRESH_INTERVAL_INC; 2617 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX) 2618 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX; 2619 } 2620 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 2621 } 2622 2623 static void vnc_init_timer(VncDisplay *vd) 2624 { 2625 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2626 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) { 2627 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd); 2628 vnc_dpy_resize(vd->ds); 2629 vnc_refresh(vd); 2630 } 2631 } 2632 2633 static void vnc_remove_timer(VncDisplay *vd) 2634 { 2635 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) { 2636 qemu_del_timer(vd->timer); 2637 qemu_free_timer(vd->timer); 2638 vd->timer = NULL; 2639 } 2640 } 2641 2642 static void vnc_connect(VncDisplay *vd, int csock, int skipauth) 2643 { 2644 VncState *vs = g_malloc0(sizeof(VncState)); 2645 int i; 2646 2647 vs->csock = csock; 2648 2649 if (skipauth) { 2650 vs->auth = VNC_AUTH_NONE; 2651 #ifdef CONFIG_VNC_TLS 2652 vs->subauth = VNC_AUTH_INVALID; 2653 #endif 2654 } else { 2655 vs->auth = vd->auth; 2656 #ifdef CONFIG_VNC_TLS 2657 vs->subauth = vd->subauth; 2658 #endif 2659 } 2660 2661 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2662 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2663 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2664 } 2665 2666 VNC_DEBUG("New client on socket %d\n", csock); 2667 dcl->idle = 0; 2668 socket_set_nonblock(vs->csock); 2669 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2670 2671 vnc_client_cache_addr(vs); 2672 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2673 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2674 2675 vs->vd = vd; 2676 vs->ds = vd->ds; 2677 vs->last_x = -1; 2678 vs->last_y = -1; 2679 2680 vs->as.freq = 44100; 2681 vs->as.nchannels = 2; 2682 vs->as.fmt = AUD_FMT_S16; 2683 vs->as.endianness = 0; 2684 2685 #ifdef CONFIG_VNC_THREAD 2686 qemu_mutex_init(&vs->output_mutex); 2687 #endif 2688 2689 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2690 2691 vga_hw_update(); 2692 2693 vnc_write(vs, "RFB 003.008\n", 12); 2694 vnc_flush(vs); 2695 vnc_read_when(vs, protocol_version, 12); 2696 reset_keys(vs); 2697 if (vs->vd->lock_key_sync) 2698 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2699 2700 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2701 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2702 2703 vnc_init_timer(vd); 2704 2705 /* vs might be free()ed here */ 2706 } 2707 2708 static void vnc_listen_read(void *opaque) 2709 { 2710 VncDisplay *vs = opaque; 2711 struct sockaddr_in addr; 2712 socklen_t addrlen = sizeof(addr); 2713 2714 /* Catch-up */ 2715 vga_hw_update(); 2716 2717 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2718 if (csock != -1) { 2719 vnc_connect(vs, csock, 0); 2720 } 2721 } 2722 2723 void vnc_display_init(DisplayState *ds) 2724 { 2725 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2726 2727 dcl = g_malloc0(sizeof(DisplayChangeListener)); 2728 2729 ds->opaque = vs; 2730 dcl->idle = 1; 2731 vnc_display = vs; 2732 2733 vs->lsock = -1; 2734 2735 vs->ds = ds; 2736 QTAILQ_INIT(&vs->clients); 2737 vs->expires = TIME_MAX; 2738 2739 if (keyboard_layout) 2740 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2741 else 2742 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2743 2744 if (!vs->kbd_layout) 2745 exit(1); 2746 2747 #ifdef CONFIG_VNC_THREAD 2748 qemu_mutex_init(&vs->mutex); 2749 vnc_start_worker_thread(); 2750 #endif 2751 2752 dcl->dpy_copy = vnc_dpy_copy; 2753 dcl->dpy_update = vnc_dpy_update; 2754 dcl->dpy_resize = vnc_dpy_resize; 2755 dcl->dpy_setdata = vnc_dpy_setdata; 2756 register_displaychangelistener(ds, dcl); 2757 ds->mouse_set = vnc_mouse_set; 2758 ds->cursor_define = vnc_dpy_cursor_define; 2759 } 2760 2761 2762 void vnc_display_close(DisplayState *ds) 2763 { 2764 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2765 2766 if (!vs) 2767 return; 2768 if (vs->display) { 2769 g_free(vs->display); 2770 vs->display = NULL; 2771 } 2772 if (vs->lsock != -1) { 2773 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2774 close(vs->lsock); 2775 vs->lsock = -1; 2776 } 2777 vs->auth = VNC_AUTH_INVALID; 2778 #ifdef CONFIG_VNC_TLS 2779 vs->subauth = VNC_AUTH_INVALID; 2780 vs->tls.x509verify = 0; 2781 #endif 2782 } 2783 2784 int vnc_display_disable_login(DisplayState *ds) 2785 { 2786 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2787 2788 if (!vs) { 2789 return -1; 2790 } 2791 2792 if (vs->password) { 2793 g_free(vs->password); 2794 } 2795 2796 vs->password = NULL; 2797 if (vs->auth == VNC_AUTH_NONE) { 2798 vs->auth = VNC_AUTH_VNC; 2799 } 2800 2801 return 0; 2802 } 2803 2804 int vnc_display_password(DisplayState *ds, const char *password) 2805 { 2806 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2807 2808 if (!vs) { 2809 return -EINVAL; 2810 } 2811 2812 if (!password) { 2813 /* This is not the intention of this interface but err on the side 2814 of being safe */ 2815 return vnc_display_disable_login(ds); 2816 } 2817 2818 if (vs->password) { 2819 g_free(vs->password); 2820 vs->password = NULL; 2821 } 2822 vs->password = g_strdup(password); 2823 if (vs->auth == VNC_AUTH_NONE) { 2824 vs->auth = VNC_AUTH_VNC; 2825 } 2826 2827 return 0; 2828 } 2829 2830 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 2831 { 2832 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2833 2834 vs->expires = expires; 2835 return 0; 2836 } 2837 2838 char *vnc_display_local_addr(DisplayState *ds) 2839 { 2840 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2841 2842 return vnc_socket_local_addr("%s:%s", vs->lsock); 2843 } 2844 2845 int vnc_display_open(DisplayState *ds, const char *display) 2846 { 2847 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2848 const char *options; 2849 int password = 0; 2850 int reverse = 0; 2851 #ifdef CONFIG_VNC_TLS 2852 int tls = 0, x509 = 0; 2853 #endif 2854 #ifdef CONFIG_VNC_SASL 2855 int sasl = 0; 2856 int saslErr; 2857 #endif 2858 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2859 int acl = 0; 2860 #endif 2861 int lock_key_sync = 1; 2862 2863 if (!vnc_display) 2864 return -1; 2865 vnc_display_close(ds); 2866 if (strcmp(display, "none") == 0) 2867 return 0; 2868 2869 if (!(vs->display = strdup(display))) 2870 return -1; 2871 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2872 2873 options = display; 2874 while ((options = strchr(options, ','))) { 2875 options++; 2876 if (strncmp(options, "password", 8) == 0) { 2877 password = 1; /* Require password auth */ 2878 } else if (strncmp(options, "reverse", 7) == 0) { 2879 reverse = 1; 2880 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 2881 lock_key_sync = 0; 2882 #ifdef CONFIG_VNC_SASL 2883 } else if (strncmp(options, "sasl", 4) == 0) { 2884 sasl = 1; /* Require SASL auth */ 2885 #endif 2886 #ifdef CONFIG_VNC_TLS 2887 } else if (strncmp(options, "tls", 3) == 0) { 2888 tls = 1; /* Require TLS */ 2889 } else if (strncmp(options, "x509", 4) == 0) { 2890 char *start, *end; 2891 x509 = 1; /* Require x509 certificates */ 2892 if (strncmp(options, "x509verify", 10) == 0) 2893 vs->tls.x509verify = 1; /* ...and verify client certs */ 2894 2895 /* Now check for 'x509=/some/path' postfix 2896 * and use that to setup x509 certificate/key paths */ 2897 start = strchr(options, '='); 2898 end = strchr(options, ','); 2899 if (start && (!end || (start < end))) { 2900 int len = end ? end-(start+1) : strlen(start+1); 2901 char *path = g_strndup(start + 1, len); 2902 2903 VNC_DEBUG("Trying certificate path '%s'\n", path); 2904 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 2905 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path); 2906 g_free(path); 2907 g_free(vs->display); 2908 vs->display = NULL; 2909 return -1; 2910 } 2911 g_free(path); 2912 } else { 2913 fprintf(stderr, "No certificate path provided\n"); 2914 g_free(vs->display); 2915 vs->display = NULL; 2916 return -1; 2917 } 2918 #endif 2919 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2920 } else if (strncmp(options, "acl", 3) == 0) { 2921 acl = 1; 2922 #endif 2923 } else if (strncmp(options, "lossy", 5) == 0) { 2924 vs->lossy = true; 2925 } else if (strncmp(options, "non-adapative", 13) == 0) { 2926 vs->non_adaptive = true; 2927 } else if (strncmp(options, "share=", 6) == 0) { 2928 if (strncmp(options+6, "ignore", 6) == 0) { 2929 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 2930 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 2931 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2932 } else if (strncmp(options+6, "force-shared", 12) == 0) { 2933 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 2934 } else { 2935 fprintf(stderr, "unknown vnc share= option\n"); 2936 g_free(vs->display); 2937 vs->display = NULL; 2938 return -1; 2939 } 2940 } 2941 } 2942 2943 #ifdef CONFIG_VNC_TLS 2944 if (acl && x509 && vs->tls.x509verify) { 2945 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 2946 fprintf(stderr, "Failed to create x509 dname ACL\n"); 2947 exit(1); 2948 } 2949 } 2950 #endif 2951 #ifdef CONFIG_VNC_SASL 2952 if (acl && sasl) { 2953 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 2954 fprintf(stderr, "Failed to create username ACL\n"); 2955 exit(1); 2956 } 2957 } 2958 #endif 2959 2960 /* 2961 * Combinations we support here: 2962 * 2963 * - no-auth (clear text, no auth) 2964 * - password (clear text, weak auth) 2965 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 2966 * - tls (encrypt, weak anonymous creds, no auth) 2967 * - tls + password (encrypt, weak anonymous creds, weak auth) 2968 * - tls + sasl (encrypt, weak anonymous creds, good auth) 2969 * - tls + x509 (encrypt, good x509 creds, no auth) 2970 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 2971 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 2972 * 2973 * NB1. TLS is a stackable auth scheme. 2974 * NB2. the x509 schemes have option to validate a client cert dname 2975 */ 2976 if (password) { 2977 #ifdef CONFIG_VNC_TLS 2978 if (tls) { 2979 vs->auth = VNC_AUTH_VENCRYPT; 2980 if (x509) { 2981 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 2982 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 2983 } else { 2984 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 2985 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 2986 } 2987 } else { 2988 #endif /* CONFIG_VNC_TLS */ 2989 VNC_DEBUG("Initializing VNC server with password auth\n"); 2990 vs->auth = VNC_AUTH_VNC; 2991 #ifdef CONFIG_VNC_TLS 2992 vs->subauth = VNC_AUTH_INVALID; 2993 } 2994 #endif /* CONFIG_VNC_TLS */ 2995 #ifdef CONFIG_VNC_SASL 2996 } else if (sasl) { 2997 #ifdef CONFIG_VNC_TLS 2998 if (tls) { 2999 vs->auth = VNC_AUTH_VENCRYPT; 3000 if (x509) { 3001 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3002 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3003 } else { 3004 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3005 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3006 } 3007 } else { 3008 #endif /* CONFIG_VNC_TLS */ 3009 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3010 vs->auth = VNC_AUTH_SASL; 3011 #ifdef CONFIG_VNC_TLS 3012 vs->subauth = VNC_AUTH_INVALID; 3013 } 3014 #endif /* CONFIG_VNC_TLS */ 3015 #endif /* CONFIG_VNC_SASL */ 3016 } else { 3017 #ifdef CONFIG_VNC_TLS 3018 if (tls) { 3019 vs->auth = VNC_AUTH_VENCRYPT; 3020 if (x509) { 3021 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3022 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3023 } else { 3024 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3025 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3026 } 3027 } else { 3028 #endif 3029 VNC_DEBUG("Initializing VNC server with no auth\n"); 3030 vs->auth = VNC_AUTH_NONE; 3031 #ifdef CONFIG_VNC_TLS 3032 vs->subauth = VNC_AUTH_INVALID; 3033 } 3034 #endif 3035 } 3036 3037 #ifdef CONFIG_VNC_SASL 3038 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3039 fprintf(stderr, "Failed to initialize SASL auth %s", 3040 sasl_errstring(saslErr, NULL, NULL)); 3041 g_free(vs->display); 3042 vs->display = NULL; 3043 return -1; 3044 } 3045 #endif 3046 vs->lock_key_sync = lock_key_sync; 3047 3048 if (reverse) { 3049 /* connect to viewer */ 3050 if (strncmp(display, "unix:", 5) == 0) 3051 vs->lsock = unix_connect(display+5); 3052 else 3053 vs->lsock = inet_connect(display, SOCK_STREAM); 3054 if (-1 == vs->lsock) { 3055 g_free(vs->display); 3056 vs->display = NULL; 3057 return -1; 3058 } else { 3059 int csock = vs->lsock; 3060 vs->lsock = -1; 3061 vnc_connect(vs, csock, 0); 3062 } 3063 return 0; 3064 3065 } else { 3066 /* listen for connects */ 3067 char *dpy; 3068 dpy = g_malloc(256); 3069 if (strncmp(display, "unix:", 5) == 0) { 3070 pstrcpy(dpy, 256, "unix:"); 3071 vs->lsock = unix_listen(display+5, dpy+5, 256-5); 3072 } else { 3073 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900); 3074 } 3075 if (-1 == vs->lsock) { 3076 g_free(dpy); 3077 return -1; 3078 } else { 3079 g_free(vs->display); 3080 vs->display = dpy; 3081 } 3082 } 3083 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs); 3084 } 3085 3086 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth) 3087 { 3088 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 3089 3090 return vnc_connect(vs, csock, skipauth); 3091 } 3092