1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "trace.h" 30 #include "sysemu/sysemu.h" 31 #include "qemu/sockets.h" 32 #include "qemu/timer.h" 33 #include "qemu/acl.h" 34 #include "qapi/qmp/types.h" 35 #include "qmp-commands.h" 36 #include "qemu/osdep.h" 37 #include "ui/input.h" 38 #include "qapi-event.h" 39 40 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 41 #define VNC_REFRESH_INTERVAL_INC 50 42 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 43 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 44 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 45 46 #include "vnc_keysym.h" 47 #include "d3des.h" 48 49 static VncDisplay *vnc_display; /* needed for info vnc */ 50 51 static int vnc_cursor_define(VncState *vs); 52 static void vnc_release_modifiers(VncState *vs); 53 54 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 55 { 56 #ifdef _VNC_DEBUG 57 static const char *mn[] = { 58 [0] = "undefined", 59 [VNC_SHARE_MODE_CONNECTING] = "connecting", 60 [VNC_SHARE_MODE_SHARED] = "shared", 61 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 62 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 63 }; 64 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 65 vs->csock, mn[vs->share_mode], mn[mode]); 66 #endif 67 68 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 69 vs->vd->num_exclusive--; 70 } 71 vs->share_mode = mode; 72 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 73 vs->vd->num_exclusive++; 74 } 75 } 76 77 static char *addr_to_string(const char *format, 78 struct sockaddr_storage *sa, 79 socklen_t salen) { 80 char *addr; 81 char host[NI_MAXHOST]; 82 char serv[NI_MAXSERV]; 83 int err; 84 size_t addrlen; 85 86 if ((err = getnameinfo((struct sockaddr *)sa, salen, 87 host, sizeof(host), 88 serv, sizeof(serv), 89 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 90 VNC_DEBUG("Cannot resolve address %d: %s\n", 91 err, gai_strerror(err)); 92 return NULL; 93 } 94 95 /* Enough for the existing format + the 2 vars we're 96 * substituting in. */ 97 addrlen = strlen(format) + strlen(host) + strlen(serv); 98 addr = g_malloc(addrlen + 1); 99 snprintf(addr, addrlen, format, host, serv); 100 addr[addrlen] = '\0'; 101 102 return addr; 103 } 104 105 106 char *vnc_socket_local_addr(const char *format, int fd) { 107 struct sockaddr_storage sa; 108 socklen_t salen; 109 110 salen = sizeof(sa); 111 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 112 return NULL; 113 114 return addr_to_string(format, &sa, salen); 115 } 116 117 char *vnc_socket_remote_addr(const char *format, int fd) { 118 struct sockaddr_storage sa; 119 socklen_t salen; 120 121 salen = sizeof(sa); 122 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 123 return NULL; 124 125 return addr_to_string(format, &sa, salen); 126 } 127 128 static VncBasicInfo *vnc_basic_info_get(struct sockaddr_storage *sa, 129 socklen_t salen) 130 { 131 VncBasicInfo *info; 132 char host[NI_MAXHOST]; 133 char serv[NI_MAXSERV]; 134 int err; 135 136 if ((err = getnameinfo((struct sockaddr *)sa, salen, 137 host, sizeof(host), 138 serv, sizeof(serv), 139 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 140 VNC_DEBUG("Cannot resolve address %d: %s\n", 141 err, gai_strerror(err)); 142 return NULL; 143 } 144 145 info = g_malloc0(sizeof(VncBasicInfo)); 146 info->host = g_strdup(host); 147 info->service = g_strdup(serv); 148 info->family = inet_netfamily(sa->ss_family); 149 return info; 150 } 151 152 static VncBasicInfo *vnc_basic_info_get_from_server_addr(int fd) 153 { 154 struct sockaddr_storage sa; 155 socklen_t salen; 156 157 salen = sizeof(sa); 158 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 159 return NULL; 160 } 161 162 return vnc_basic_info_get(&sa, salen); 163 } 164 165 static VncBasicInfo *vnc_basic_info_get_from_remote_addr(int fd) 166 { 167 struct sockaddr_storage sa; 168 socklen_t salen; 169 170 salen = sizeof(sa); 171 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 172 return NULL; 173 } 174 175 return vnc_basic_info_get(&sa, salen); 176 } 177 178 static const char *vnc_auth_name(VncDisplay *vd) { 179 switch (vd->auth) { 180 case VNC_AUTH_INVALID: 181 return "invalid"; 182 case VNC_AUTH_NONE: 183 return "none"; 184 case VNC_AUTH_VNC: 185 return "vnc"; 186 case VNC_AUTH_RA2: 187 return "ra2"; 188 case VNC_AUTH_RA2NE: 189 return "ra2ne"; 190 case VNC_AUTH_TIGHT: 191 return "tight"; 192 case VNC_AUTH_ULTRA: 193 return "ultra"; 194 case VNC_AUTH_TLS: 195 return "tls"; 196 case VNC_AUTH_VENCRYPT: 197 #ifdef CONFIG_VNC_TLS 198 switch (vd->subauth) { 199 case VNC_AUTH_VENCRYPT_PLAIN: 200 return "vencrypt+plain"; 201 case VNC_AUTH_VENCRYPT_TLSNONE: 202 return "vencrypt+tls+none"; 203 case VNC_AUTH_VENCRYPT_TLSVNC: 204 return "vencrypt+tls+vnc"; 205 case VNC_AUTH_VENCRYPT_TLSPLAIN: 206 return "vencrypt+tls+plain"; 207 case VNC_AUTH_VENCRYPT_X509NONE: 208 return "vencrypt+x509+none"; 209 case VNC_AUTH_VENCRYPT_X509VNC: 210 return "vencrypt+x509+vnc"; 211 case VNC_AUTH_VENCRYPT_X509PLAIN: 212 return "vencrypt+x509+plain"; 213 case VNC_AUTH_VENCRYPT_TLSSASL: 214 return "vencrypt+tls+sasl"; 215 case VNC_AUTH_VENCRYPT_X509SASL: 216 return "vencrypt+x509+sasl"; 217 default: 218 return "vencrypt"; 219 } 220 #else 221 return "vencrypt"; 222 #endif 223 case VNC_AUTH_SASL: 224 return "sasl"; 225 } 226 return "unknown"; 227 } 228 229 static VncServerInfo *vnc_server_info_get(void) 230 { 231 VncServerInfo *info; 232 VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vnc_display->lsock); 233 if (!bi) { 234 return NULL; 235 } 236 237 info = g_malloc(sizeof(*info)); 238 info->base = bi; 239 info->has_auth = true; 240 info->auth = g_strdup(vnc_auth_name(vnc_display)); 241 return info; 242 } 243 244 static void vnc_client_cache_auth(VncState *client) 245 { 246 if (!client->info) { 247 return; 248 } 249 250 #ifdef CONFIG_VNC_TLS 251 if (client->tls.session && 252 client->tls.dname) { 253 client->info->has_x509_dname = true; 254 client->info->x509_dname = g_strdup(client->tls.dname); 255 } 256 #endif 257 #ifdef CONFIG_VNC_SASL 258 if (client->sasl.conn && 259 client->sasl.username) { 260 client->info->has_sasl_username = true; 261 client->info->sasl_username = g_strdup(client->sasl.username); 262 } 263 #endif 264 } 265 266 static void vnc_client_cache_addr(VncState *client) 267 { 268 VncBasicInfo *bi = vnc_basic_info_get_from_remote_addr(client->csock); 269 270 if (bi) { 271 client->info = g_malloc0(sizeof(*client->info)); 272 client->info->base = bi; 273 } 274 } 275 276 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 277 { 278 VncServerInfo *si; 279 280 if (!vs->info) { 281 return; 282 } 283 g_assert(vs->info->base); 284 285 si = vnc_server_info_get(); 286 if (!si) { 287 return; 288 } 289 290 switch (event) { 291 case QAPI_EVENT_VNC_CONNECTED: 292 qapi_event_send_vnc_connected(si, vs->info->base, &error_abort); 293 break; 294 case QAPI_EVENT_VNC_INITIALIZED: 295 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 296 break; 297 case QAPI_EVENT_VNC_DISCONNECTED: 298 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 299 break; 300 default: 301 break; 302 } 303 304 qapi_free_VncServerInfo(si); 305 } 306 307 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 308 { 309 struct sockaddr_storage sa; 310 socklen_t salen = sizeof(sa); 311 char host[NI_MAXHOST]; 312 char serv[NI_MAXSERV]; 313 VncClientInfo *info; 314 315 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 316 return NULL; 317 } 318 319 if (getnameinfo((struct sockaddr *)&sa, salen, 320 host, sizeof(host), 321 serv, sizeof(serv), 322 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 323 return NULL; 324 } 325 326 info = g_malloc0(sizeof(*info)); 327 info->base = g_malloc0(sizeof(*info->base)); 328 info->base->host = g_strdup(host); 329 info->base->service = g_strdup(serv); 330 info->base->family = inet_netfamily(sa.ss_family); 331 332 #ifdef CONFIG_VNC_TLS 333 if (client->tls.session && client->tls.dname) { 334 info->has_x509_dname = true; 335 info->x509_dname = g_strdup(client->tls.dname); 336 } 337 #endif 338 #ifdef CONFIG_VNC_SASL 339 if (client->sasl.conn && client->sasl.username) { 340 info->has_sasl_username = true; 341 info->sasl_username = g_strdup(client->sasl.username); 342 } 343 #endif 344 345 return info; 346 } 347 348 VncInfo *qmp_query_vnc(Error **errp) 349 { 350 VncInfo *info = g_malloc0(sizeof(*info)); 351 352 if (vnc_display == NULL || vnc_display->display == NULL) { 353 info->enabled = false; 354 } else { 355 VncClientInfoList *cur_item = NULL; 356 struct sockaddr_storage sa; 357 socklen_t salen = sizeof(sa); 358 char host[NI_MAXHOST]; 359 char serv[NI_MAXSERV]; 360 VncState *client; 361 362 info->enabled = true; 363 364 /* for compatibility with the original command */ 365 info->has_clients = true; 366 367 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 368 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 369 cinfo->value = qmp_query_vnc_client(client); 370 371 /* XXX: waiting for the qapi to support GSList */ 372 if (!cur_item) { 373 info->clients = cur_item = cinfo; 374 } else { 375 cur_item->next = cinfo; 376 cur_item = cinfo; 377 } 378 } 379 380 if (vnc_display->lsock == -1) { 381 return info; 382 } 383 384 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 385 &salen) == -1) { 386 error_set(errp, QERR_UNDEFINED_ERROR); 387 goto out_error; 388 } 389 390 if (getnameinfo((struct sockaddr *)&sa, salen, 391 host, sizeof(host), 392 serv, sizeof(serv), 393 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 394 error_set(errp, QERR_UNDEFINED_ERROR); 395 goto out_error; 396 } 397 398 info->has_host = true; 399 info->host = g_strdup(host); 400 401 info->has_service = true; 402 info->service = g_strdup(serv); 403 404 info->has_family = true; 405 info->family = inet_netfamily(sa.ss_family); 406 407 info->has_auth = true; 408 info->auth = g_strdup(vnc_auth_name(vnc_display)); 409 } 410 411 return info; 412 413 out_error: 414 qapi_free_VncInfo(info); 415 return NULL; 416 } 417 418 /* TODO 419 1) Get the queue working for IO. 420 2) there is some weirdness when using the -S option (the screen is grey 421 and not totally invalidated 422 3) resolutions > 1024 423 */ 424 425 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 426 static void vnc_disconnect_start(VncState *vs); 427 428 static void vnc_colordepth(VncState *vs); 429 static void framebuffer_update_request(VncState *vs, int incremental, 430 int x_position, int y_position, 431 int w, int h); 432 static void vnc_refresh(DisplayChangeListener *dcl); 433 static int vnc_refresh_server_surface(VncDisplay *vd); 434 435 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 436 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 437 int width, int height, 438 int x, int y, int w, int h) { 439 /* this is needed this to ensure we updated all affected 440 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 441 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 442 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 443 444 x = MIN(x, width); 445 y = MIN(y, height); 446 w = MIN(x + w, width) - x; 447 h = MIN(y + h, height); 448 449 for (; y < h; y++) { 450 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 451 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 452 } 453 } 454 455 static void vnc_dpy_update(DisplayChangeListener *dcl, 456 int x, int y, int w, int h) 457 { 458 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 459 struct VncSurface *s = &vd->guest; 460 int width = pixman_image_get_width(vd->server); 461 int height = pixman_image_get_height(vd->server); 462 463 vnc_set_area_dirty(s->dirty, width, height, x, y, w, h); 464 } 465 466 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 467 int32_t encoding) 468 { 469 vnc_write_u16(vs, x); 470 vnc_write_u16(vs, y); 471 vnc_write_u16(vs, w); 472 vnc_write_u16(vs, h); 473 474 vnc_write_s32(vs, encoding); 475 } 476 477 void buffer_reserve(Buffer *buffer, size_t len) 478 { 479 if ((buffer->capacity - buffer->offset) < len) { 480 buffer->capacity += (len + 1024); 481 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 482 if (buffer->buffer == NULL) { 483 fprintf(stderr, "vnc: out of memory\n"); 484 exit(1); 485 } 486 } 487 } 488 489 static int buffer_empty(Buffer *buffer) 490 { 491 return buffer->offset == 0; 492 } 493 494 uint8_t *buffer_end(Buffer *buffer) 495 { 496 return buffer->buffer + buffer->offset; 497 } 498 499 void buffer_reset(Buffer *buffer) 500 { 501 buffer->offset = 0; 502 } 503 504 void buffer_free(Buffer *buffer) 505 { 506 g_free(buffer->buffer); 507 buffer->offset = 0; 508 buffer->capacity = 0; 509 buffer->buffer = NULL; 510 } 511 512 void buffer_append(Buffer *buffer, const void *data, size_t len) 513 { 514 memcpy(buffer->buffer + buffer->offset, data, len); 515 buffer->offset += len; 516 } 517 518 void buffer_advance(Buffer *buf, size_t len) 519 { 520 memmove(buf->buffer, buf->buffer + len, 521 (buf->offset - len)); 522 buf->offset -= len; 523 } 524 525 static void vnc_desktop_resize(VncState *vs) 526 { 527 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 528 return; 529 } 530 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 531 vs->client_height == pixman_image_get_height(vs->vd->server)) { 532 return; 533 } 534 vs->client_width = pixman_image_get_width(vs->vd->server); 535 vs->client_height = pixman_image_get_height(vs->vd->server); 536 vnc_lock_output(vs); 537 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 538 vnc_write_u8(vs, 0); 539 vnc_write_u16(vs, 1); /* number of rects */ 540 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 541 VNC_ENCODING_DESKTOPRESIZE); 542 vnc_unlock_output(vs); 543 vnc_flush(vs); 544 } 545 546 static void vnc_abort_display_jobs(VncDisplay *vd) 547 { 548 VncState *vs; 549 550 QTAILQ_FOREACH(vs, &vd->clients, next) { 551 vnc_lock_output(vs); 552 vs->abort = true; 553 vnc_unlock_output(vs); 554 } 555 QTAILQ_FOREACH(vs, &vd->clients, next) { 556 vnc_jobs_join(vs); 557 } 558 QTAILQ_FOREACH(vs, &vd->clients, next) { 559 vnc_lock_output(vs); 560 vs->abort = false; 561 vnc_unlock_output(vs); 562 } 563 } 564 565 int vnc_server_fb_stride(VncDisplay *vd) 566 { 567 return pixman_image_get_stride(vd->server); 568 } 569 570 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 571 { 572 uint8_t *ptr; 573 574 ptr = (uint8_t *)pixman_image_get_data(vd->server); 575 ptr += y * vnc_server_fb_stride(vd); 576 ptr += x * VNC_SERVER_FB_BYTES; 577 return ptr; 578 } 579 580 static void vnc_dpy_switch(DisplayChangeListener *dcl, 581 DisplaySurface *surface) 582 { 583 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 584 VncState *vs; 585 int width, height; 586 587 vnc_abort_display_jobs(vd); 588 589 /* server surface */ 590 qemu_pixman_image_unref(vd->server); 591 vd->ds = surface; 592 width = MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 593 VNC_DIRTY_PIXELS_PER_BIT)); 594 height = MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 595 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 596 width, height, NULL, 0); 597 598 /* guest surface */ 599 #if 0 /* FIXME */ 600 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 601 console_color_init(ds); 602 #endif 603 qemu_pixman_image_unref(vd->guest.fb); 604 vd->guest.fb = pixman_image_ref(surface->image); 605 vd->guest.format = surface->format; 606 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 607 vnc_set_area_dirty(vd->guest.dirty, width, height, 0, 0, 608 width, height); 609 610 QTAILQ_FOREACH(vs, &vd->clients, next) { 611 vnc_colordepth(vs); 612 vnc_desktop_resize(vs); 613 if (vs->vd->cursor) { 614 vnc_cursor_define(vs); 615 } 616 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 617 vnc_set_area_dirty(vs->dirty, width, height, 0, 0, 618 width, height); 619 } 620 } 621 622 /* fastest code */ 623 static void vnc_write_pixels_copy(VncState *vs, 624 void *pixels, int size) 625 { 626 vnc_write(vs, pixels, size); 627 } 628 629 /* slowest but generic code. */ 630 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 631 { 632 uint8_t r, g, b; 633 634 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 635 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 636 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 637 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 638 #else 639 # error need some bits here if you change VNC_SERVER_FB_FORMAT 640 #endif 641 v = (r << vs->client_pf.rshift) | 642 (g << vs->client_pf.gshift) | 643 (b << vs->client_pf.bshift); 644 switch (vs->client_pf.bytes_per_pixel) { 645 case 1: 646 buf[0] = v; 647 break; 648 case 2: 649 if (vs->client_be) { 650 buf[0] = v >> 8; 651 buf[1] = v; 652 } else { 653 buf[1] = v >> 8; 654 buf[0] = v; 655 } 656 break; 657 default: 658 case 4: 659 if (vs->client_be) { 660 buf[0] = v >> 24; 661 buf[1] = v >> 16; 662 buf[2] = v >> 8; 663 buf[3] = v; 664 } else { 665 buf[3] = v >> 24; 666 buf[2] = v >> 16; 667 buf[1] = v >> 8; 668 buf[0] = v; 669 } 670 break; 671 } 672 } 673 674 static void vnc_write_pixels_generic(VncState *vs, 675 void *pixels1, int size) 676 { 677 uint8_t buf[4]; 678 679 if (VNC_SERVER_FB_BYTES == 4) { 680 uint32_t *pixels = pixels1; 681 int n, i; 682 n = size >> 2; 683 for (i = 0; i < n; i++) { 684 vnc_convert_pixel(vs, buf, pixels[i]); 685 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 686 } 687 } 688 } 689 690 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 691 { 692 int i; 693 uint8_t *row; 694 VncDisplay *vd = vs->vd; 695 696 row = vnc_server_fb_ptr(vd, x, y); 697 for (i = 0; i < h; i++) { 698 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 699 row += vnc_server_fb_stride(vd); 700 } 701 return 1; 702 } 703 704 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 705 { 706 int n = 0; 707 708 switch(vs->vnc_encoding) { 709 case VNC_ENCODING_ZLIB: 710 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 711 break; 712 case VNC_ENCODING_HEXTILE: 713 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 714 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 715 break; 716 case VNC_ENCODING_TIGHT: 717 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 718 break; 719 case VNC_ENCODING_TIGHT_PNG: 720 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 721 break; 722 case VNC_ENCODING_ZRLE: 723 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 724 break; 725 case VNC_ENCODING_ZYWRLE: 726 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 727 break; 728 default: 729 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 730 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 731 break; 732 } 733 return n; 734 } 735 736 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 737 { 738 /* send bitblit op to the vnc client */ 739 vnc_lock_output(vs); 740 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 741 vnc_write_u8(vs, 0); 742 vnc_write_u16(vs, 1); /* number of rects */ 743 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 744 vnc_write_u16(vs, src_x); 745 vnc_write_u16(vs, src_y); 746 vnc_unlock_output(vs); 747 vnc_flush(vs); 748 } 749 750 static void vnc_dpy_copy(DisplayChangeListener *dcl, 751 int src_x, int src_y, 752 int dst_x, int dst_y, int w, int h) 753 { 754 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 755 VncState *vs, *vn; 756 uint8_t *src_row; 757 uint8_t *dst_row; 758 int i, x, y, pitch, inc, w_lim, s; 759 int cmp_bytes; 760 761 vnc_refresh_server_surface(vd); 762 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 763 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 764 vs->force_update = 1; 765 vnc_update_client(vs, 1, true); 766 /* vs might be free()ed here */ 767 } 768 } 769 770 /* do bitblit op on the local surface too */ 771 pitch = vnc_server_fb_stride(vd); 772 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 773 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 774 y = dst_y; 775 inc = 1; 776 if (dst_y > src_y) { 777 /* copy backwards */ 778 src_row += pitch * (h-1); 779 dst_row += pitch * (h-1); 780 pitch = -pitch; 781 y = dst_y + h - 1; 782 inc = -1; 783 } 784 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 785 if (w_lim < 0) { 786 w_lim = w; 787 } else { 788 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 789 } 790 for (i = 0; i < h; i++) { 791 for (x = 0; x <= w_lim; 792 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 793 if (x == w_lim) { 794 if ((s = w - w_lim) == 0) 795 break; 796 } else if (!x) { 797 s = (VNC_DIRTY_PIXELS_PER_BIT - 798 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 799 s = MIN(s, w_lim); 800 } else { 801 s = VNC_DIRTY_PIXELS_PER_BIT; 802 } 803 cmp_bytes = s * VNC_SERVER_FB_BYTES; 804 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 805 continue; 806 memmove(dst_row, src_row, cmp_bytes); 807 QTAILQ_FOREACH(vs, &vd->clients, next) { 808 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 809 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 810 vs->dirty[y]); 811 } 812 } 813 } 814 src_row += pitch - w * VNC_SERVER_FB_BYTES; 815 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 816 y += inc; 817 } 818 819 QTAILQ_FOREACH(vs, &vd->clients, next) { 820 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 821 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 822 } 823 } 824 } 825 826 static void vnc_mouse_set(DisplayChangeListener *dcl, 827 int x, int y, int visible) 828 { 829 /* can we ask the client(s) to move the pointer ??? */ 830 } 831 832 static int vnc_cursor_define(VncState *vs) 833 { 834 QEMUCursor *c = vs->vd->cursor; 835 int isize; 836 837 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 838 vnc_lock_output(vs); 839 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 840 vnc_write_u8(vs, 0); /* padding */ 841 vnc_write_u16(vs, 1); /* # of rects */ 842 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 843 VNC_ENCODING_RICH_CURSOR); 844 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 845 vnc_write_pixels_generic(vs, c->data, isize); 846 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 847 vnc_unlock_output(vs); 848 return 0; 849 } 850 return -1; 851 } 852 853 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 854 QEMUCursor *c) 855 { 856 VncDisplay *vd = vnc_display; 857 VncState *vs; 858 859 cursor_put(vd->cursor); 860 g_free(vd->cursor_mask); 861 862 vd->cursor = c; 863 cursor_get(vd->cursor); 864 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 865 vd->cursor_mask = g_malloc0(vd->cursor_msize); 866 cursor_get_mono_mask(c, 0, vd->cursor_mask); 867 868 QTAILQ_FOREACH(vs, &vd->clients, next) { 869 vnc_cursor_define(vs); 870 } 871 } 872 873 static int find_and_clear_dirty_height(struct VncState *vs, 874 int y, int last_x, int x, int height) 875 { 876 int h; 877 878 for (h = 1; h < (height - y); h++) { 879 if (!test_bit(last_x, vs->dirty[y + h])) { 880 break; 881 } 882 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 883 } 884 885 return h; 886 } 887 888 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 889 { 890 vs->has_dirty += has_dirty; 891 if (vs->need_update && vs->csock != -1) { 892 VncDisplay *vd = vs->vd; 893 VncJob *job; 894 int y; 895 int height, width; 896 int n = 0; 897 898 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 899 /* kernel send buffers are full -> drop frames to throttle */ 900 return 0; 901 902 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 903 return 0; 904 905 /* 906 * Send screen updates to the vnc client using the server 907 * surface and server dirty map. guest surface updates 908 * happening in parallel don't disturb us, the next pass will 909 * send them to the client. 910 */ 911 job = vnc_job_new(vs); 912 913 height = pixman_image_get_height(vd->server); 914 width = pixman_image_get_width(vd->server); 915 916 y = 0; 917 for (;;) { 918 int x, h; 919 unsigned long x2; 920 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 921 height * VNC_DIRTY_BPL(vs), 922 y * VNC_DIRTY_BPL(vs)); 923 if (offset == height * VNC_DIRTY_BPL(vs)) { 924 /* no more dirty bits */ 925 break; 926 } 927 y = offset / VNC_DIRTY_BPL(vs); 928 x = offset % VNC_DIRTY_BPL(vs); 929 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 930 VNC_DIRTY_BPL(vs), x); 931 bitmap_clear(vs->dirty[y], x, x2 - x); 932 h = find_and_clear_dirty_height(vs, y, x, x2, height); 933 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 934 if (x2 > x) { 935 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 936 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 937 } 938 } 939 940 vnc_job_push(job); 941 if (sync) { 942 vnc_jobs_join(vs); 943 } 944 vs->force_update = 0; 945 vs->has_dirty = 0; 946 return n; 947 } 948 949 if (vs->csock == -1) { 950 vnc_disconnect_finish(vs); 951 } else if (sync) { 952 vnc_jobs_join(vs); 953 } 954 955 return 0; 956 } 957 958 /* audio */ 959 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 960 { 961 VncState *vs = opaque; 962 963 switch (cmd) { 964 case AUD_CNOTIFY_DISABLE: 965 vnc_lock_output(vs); 966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 967 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 968 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 969 vnc_unlock_output(vs); 970 vnc_flush(vs); 971 break; 972 973 case AUD_CNOTIFY_ENABLE: 974 vnc_lock_output(vs); 975 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 976 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 977 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 978 vnc_unlock_output(vs); 979 vnc_flush(vs); 980 break; 981 } 982 } 983 984 static void audio_capture_destroy(void *opaque) 985 { 986 } 987 988 static void audio_capture(void *opaque, void *buf, int size) 989 { 990 VncState *vs = opaque; 991 992 vnc_lock_output(vs); 993 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 994 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 995 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 996 vnc_write_u32(vs, size); 997 vnc_write(vs, buf, size); 998 vnc_unlock_output(vs); 999 vnc_flush(vs); 1000 } 1001 1002 static void audio_add(VncState *vs) 1003 { 1004 struct audio_capture_ops ops; 1005 1006 if (vs->audio_cap) { 1007 error_report("audio already running"); 1008 return; 1009 } 1010 1011 ops.notify = audio_capture_notify; 1012 ops.destroy = audio_capture_destroy; 1013 ops.capture = audio_capture; 1014 1015 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1016 if (!vs->audio_cap) { 1017 error_report("Failed to add audio capture"); 1018 } 1019 } 1020 1021 static void audio_del(VncState *vs) 1022 { 1023 if (vs->audio_cap) { 1024 AUD_del_capture(vs->audio_cap, vs); 1025 vs->audio_cap = NULL; 1026 } 1027 } 1028 1029 static void vnc_disconnect_start(VncState *vs) 1030 { 1031 if (vs->csock == -1) 1032 return; 1033 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1034 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1035 closesocket(vs->csock); 1036 vs->csock = -1; 1037 } 1038 1039 void vnc_disconnect_finish(VncState *vs) 1040 { 1041 int i; 1042 1043 vnc_jobs_join(vs); /* Wait encoding jobs */ 1044 1045 vnc_lock_output(vs); 1046 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1047 1048 buffer_free(&vs->input); 1049 buffer_free(&vs->output); 1050 #ifdef CONFIG_VNC_WS 1051 buffer_free(&vs->ws_input); 1052 buffer_free(&vs->ws_output); 1053 #endif /* CONFIG_VNC_WS */ 1054 1055 qapi_free_VncClientInfo(vs->info); 1056 1057 vnc_zlib_clear(vs); 1058 vnc_tight_clear(vs); 1059 vnc_zrle_clear(vs); 1060 1061 #ifdef CONFIG_VNC_TLS 1062 vnc_tls_client_cleanup(vs); 1063 #endif /* CONFIG_VNC_TLS */ 1064 #ifdef CONFIG_VNC_SASL 1065 vnc_sasl_client_cleanup(vs); 1066 #endif /* CONFIG_VNC_SASL */ 1067 audio_del(vs); 1068 vnc_release_modifiers(vs); 1069 1070 if (vs->initialized) { 1071 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1072 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1073 } 1074 1075 if (vs->vd->lock_key_sync) 1076 qemu_remove_led_event_handler(vs->led); 1077 vnc_unlock_output(vs); 1078 1079 qemu_mutex_destroy(&vs->output_mutex); 1080 if (vs->bh != NULL) { 1081 qemu_bh_delete(vs->bh); 1082 } 1083 buffer_free(&vs->jobs_buffer); 1084 1085 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1086 g_free(vs->lossy_rect[i]); 1087 } 1088 g_free(vs->lossy_rect); 1089 g_free(vs); 1090 } 1091 1092 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1093 { 1094 if (ret == 0 || ret == -1) { 1095 if (ret == -1) { 1096 switch (last_errno) { 1097 case EINTR: 1098 case EAGAIN: 1099 #ifdef _WIN32 1100 case WSAEWOULDBLOCK: 1101 #endif 1102 return 0; 1103 default: 1104 break; 1105 } 1106 } 1107 1108 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1109 ret, ret < 0 ? last_errno : 0); 1110 vnc_disconnect_start(vs); 1111 1112 return 0; 1113 } 1114 return ret; 1115 } 1116 1117 1118 void vnc_client_error(VncState *vs) 1119 { 1120 VNC_DEBUG("Closing down client sock: protocol error\n"); 1121 vnc_disconnect_start(vs); 1122 } 1123 1124 #ifdef CONFIG_VNC_TLS 1125 static long vnc_client_write_tls(gnutls_session_t *session, 1126 const uint8_t *data, 1127 size_t datalen) 1128 { 1129 long ret = gnutls_write(*session, data, datalen); 1130 if (ret < 0) { 1131 if (ret == GNUTLS_E_AGAIN) { 1132 errno = EAGAIN; 1133 } else { 1134 errno = EIO; 1135 } 1136 ret = -1; 1137 } 1138 return ret; 1139 } 1140 #endif /* CONFIG_VNC_TLS */ 1141 1142 /* 1143 * Called to write a chunk of data to the client socket. The data may 1144 * be the raw data, or may have already been encoded by SASL. 1145 * The data will be written either straight onto the socket, or 1146 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1147 * 1148 * NB, it is theoretically possible to have 2 layers of encryption, 1149 * both SASL, and this TLS layer. It is highly unlikely in practice 1150 * though, since SASL encryption will typically be a no-op if TLS 1151 * is active 1152 * 1153 * Returns the number of bytes written, which may be less than 1154 * the requested 'datalen' if the socket would block. Returns 1155 * -1 on error, and disconnects the client socket. 1156 */ 1157 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1158 { 1159 long ret; 1160 #ifdef CONFIG_VNC_TLS 1161 if (vs->tls.session) { 1162 ret = vnc_client_write_tls(&vs->tls.session, data, datalen); 1163 } else { 1164 #ifdef CONFIG_VNC_WS 1165 if (vs->ws_tls.session) { 1166 ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen); 1167 } else 1168 #endif /* CONFIG_VNC_WS */ 1169 #endif /* CONFIG_VNC_TLS */ 1170 { 1171 ret = send(vs->csock, (const void *)data, datalen, 0); 1172 } 1173 #ifdef CONFIG_VNC_TLS 1174 } 1175 #endif /* CONFIG_VNC_TLS */ 1176 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1177 return vnc_client_io_error(vs, ret, socket_error()); 1178 } 1179 1180 1181 /* 1182 * Called to write buffered data to the client socket, when not 1183 * using any SASL SSF encryption layers. Will write as much data 1184 * as possible without blocking. If all buffered data is written, 1185 * will switch the FD poll() handler back to read monitoring. 1186 * 1187 * Returns the number of bytes written, which may be less than 1188 * the buffered output data if the socket would block. Returns 1189 * -1 on error, and disconnects the client socket. 1190 */ 1191 static long vnc_client_write_plain(VncState *vs) 1192 { 1193 long ret; 1194 1195 #ifdef CONFIG_VNC_SASL 1196 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1197 vs->output.buffer, vs->output.capacity, vs->output.offset, 1198 vs->sasl.waitWriteSSF); 1199 1200 if (vs->sasl.conn && 1201 vs->sasl.runSSF && 1202 vs->sasl.waitWriteSSF) { 1203 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1204 if (ret) 1205 vs->sasl.waitWriteSSF -= ret; 1206 } else 1207 #endif /* CONFIG_VNC_SASL */ 1208 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1209 if (!ret) 1210 return 0; 1211 1212 buffer_advance(&vs->output, ret); 1213 1214 if (vs->output.offset == 0) { 1215 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1216 } 1217 1218 return ret; 1219 } 1220 1221 1222 /* 1223 * First function called whenever there is data to be written to 1224 * the client socket. Will delegate actual work according to whether 1225 * SASL SSF layers are enabled (thus requiring encryption calls) 1226 */ 1227 static void vnc_client_write_locked(void *opaque) 1228 { 1229 VncState *vs = opaque; 1230 1231 #ifdef CONFIG_VNC_SASL 1232 if (vs->sasl.conn && 1233 vs->sasl.runSSF && 1234 !vs->sasl.waitWriteSSF) { 1235 vnc_client_write_sasl(vs); 1236 } else 1237 #endif /* CONFIG_VNC_SASL */ 1238 { 1239 #ifdef CONFIG_VNC_WS 1240 if (vs->encode_ws) { 1241 vnc_client_write_ws(vs); 1242 } else 1243 #endif /* CONFIG_VNC_WS */ 1244 { 1245 vnc_client_write_plain(vs); 1246 } 1247 } 1248 } 1249 1250 void vnc_client_write(void *opaque) 1251 { 1252 VncState *vs = opaque; 1253 1254 vnc_lock_output(vs); 1255 if (vs->output.offset 1256 #ifdef CONFIG_VNC_WS 1257 || vs->ws_output.offset 1258 #endif 1259 ) { 1260 vnc_client_write_locked(opaque); 1261 } else if (vs->csock != -1) { 1262 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1263 } 1264 vnc_unlock_output(vs); 1265 } 1266 1267 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1268 { 1269 vs->read_handler = func; 1270 vs->read_handler_expect = expecting; 1271 } 1272 1273 #ifdef CONFIG_VNC_TLS 1274 static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data, 1275 size_t datalen) 1276 { 1277 long ret = gnutls_read(*session, data, datalen); 1278 if (ret < 0) { 1279 if (ret == GNUTLS_E_AGAIN) { 1280 errno = EAGAIN; 1281 } else { 1282 errno = EIO; 1283 } 1284 ret = -1; 1285 } 1286 return ret; 1287 } 1288 #endif /* CONFIG_VNC_TLS */ 1289 1290 /* 1291 * Called to read a chunk of data from the client socket. The data may 1292 * be the raw data, or may need to be further decoded by SASL. 1293 * The data will be read either straight from to the socket, or 1294 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1295 * 1296 * NB, it is theoretically possible to have 2 layers of encryption, 1297 * both SASL, and this TLS layer. It is highly unlikely in practice 1298 * though, since SASL encryption will typically be a no-op if TLS 1299 * is active 1300 * 1301 * Returns the number of bytes read, which may be less than 1302 * the requested 'datalen' if the socket would block. Returns 1303 * -1 on error, and disconnects the client socket. 1304 */ 1305 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1306 { 1307 long ret; 1308 #ifdef CONFIG_VNC_TLS 1309 if (vs->tls.session) { 1310 ret = vnc_client_read_tls(&vs->tls.session, data, datalen); 1311 } else { 1312 #ifdef CONFIG_VNC_WS 1313 if (vs->ws_tls.session) { 1314 ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen); 1315 } else 1316 #endif /* CONFIG_VNC_WS */ 1317 #endif /* CONFIG_VNC_TLS */ 1318 { 1319 ret = qemu_recv(vs->csock, data, datalen, 0); 1320 } 1321 #ifdef CONFIG_VNC_TLS 1322 } 1323 #endif /* CONFIG_VNC_TLS */ 1324 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1325 return vnc_client_io_error(vs, ret, socket_error()); 1326 } 1327 1328 1329 /* 1330 * Called to read data from the client socket to the input buffer, 1331 * when not using any SASL SSF encryption layers. Will read as much 1332 * data as possible without blocking. 1333 * 1334 * Returns the number of bytes read. Returns -1 on error, and 1335 * disconnects the client socket. 1336 */ 1337 static long vnc_client_read_plain(VncState *vs) 1338 { 1339 int ret; 1340 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1341 vs->input.buffer, vs->input.capacity, vs->input.offset); 1342 buffer_reserve(&vs->input, 4096); 1343 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1344 if (!ret) 1345 return 0; 1346 vs->input.offset += ret; 1347 return ret; 1348 } 1349 1350 static void vnc_jobs_bh(void *opaque) 1351 { 1352 VncState *vs = opaque; 1353 1354 vnc_jobs_consume_buffer(vs); 1355 } 1356 1357 /* 1358 * First function called whenever there is more data to be read from 1359 * the client socket. Will delegate actual work according to whether 1360 * SASL SSF layers are enabled (thus requiring decryption calls) 1361 */ 1362 void vnc_client_read(void *opaque) 1363 { 1364 VncState *vs = opaque; 1365 long ret; 1366 1367 #ifdef CONFIG_VNC_SASL 1368 if (vs->sasl.conn && vs->sasl.runSSF) 1369 ret = vnc_client_read_sasl(vs); 1370 else 1371 #endif /* CONFIG_VNC_SASL */ 1372 #ifdef CONFIG_VNC_WS 1373 if (vs->encode_ws) { 1374 ret = vnc_client_read_ws(vs); 1375 if (ret == -1) { 1376 vnc_disconnect_start(vs); 1377 return; 1378 } else if (ret == -2) { 1379 vnc_client_error(vs); 1380 return; 1381 } 1382 } else 1383 #endif /* CONFIG_VNC_WS */ 1384 { 1385 ret = vnc_client_read_plain(vs); 1386 } 1387 if (!ret) { 1388 if (vs->csock == -1) 1389 vnc_disconnect_finish(vs); 1390 return; 1391 } 1392 1393 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1394 size_t len = vs->read_handler_expect; 1395 int ret; 1396 1397 ret = vs->read_handler(vs, vs->input.buffer, len); 1398 if (vs->csock == -1) { 1399 vnc_disconnect_finish(vs); 1400 return; 1401 } 1402 1403 if (!ret) { 1404 buffer_advance(&vs->input, len); 1405 } else { 1406 vs->read_handler_expect = ret; 1407 } 1408 } 1409 } 1410 1411 void vnc_write(VncState *vs, const void *data, size_t len) 1412 { 1413 buffer_reserve(&vs->output, len); 1414 1415 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1416 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1417 } 1418 1419 buffer_append(&vs->output, data, len); 1420 } 1421 1422 void vnc_write_s32(VncState *vs, int32_t value) 1423 { 1424 vnc_write_u32(vs, *(uint32_t *)&value); 1425 } 1426 1427 void vnc_write_u32(VncState *vs, uint32_t value) 1428 { 1429 uint8_t buf[4]; 1430 1431 buf[0] = (value >> 24) & 0xFF; 1432 buf[1] = (value >> 16) & 0xFF; 1433 buf[2] = (value >> 8) & 0xFF; 1434 buf[3] = value & 0xFF; 1435 1436 vnc_write(vs, buf, 4); 1437 } 1438 1439 void vnc_write_u16(VncState *vs, uint16_t value) 1440 { 1441 uint8_t buf[2]; 1442 1443 buf[0] = (value >> 8) & 0xFF; 1444 buf[1] = value & 0xFF; 1445 1446 vnc_write(vs, buf, 2); 1447 } 1448 1449 void vnc_write_u8(VncState *vs, uint8_t value) 1450 { 1451 vnc_write(vs, (char *)&value, 1); 1452 } 1453 1454 void vnc_flush(VncState *vs) 1455 { 1456 vnc_lock_output(vs); 1457 if (vs->csock != -1 && (vs->output.offset 1458 #ifdef CONFIG_VNC_WS 1459 || vs->ws_output.offset 1460 #endif 1461 )) { 1462 vnc_client_write_locked(vs); 1463 } 1464 vnc_unlock_output(vs); 1465 } 1466 1467 static uint8_t read_u8(uint8_t *data, size_t offset) 1468 { 1469 return data[offset]; 1470 } 1471 1472 static uint16_t read_u16(uint8_t *data, size_t offset) 1473 { 1474 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1475 } 1476 1477 static int32_t read_s32(uint8_t *data, size_t offset) 1478 { 1479 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1480 (data[offset + 2] << 8) | data[offset + 3]); 1481 } 1482 1483 uint32_t read_u32(uint8_t *data, size_t offset) 1484 { 1485 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1486 (data[offset + 2] << 8) | data[offset + 3]); 1487 } 1488 1489 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1490 { 1491 } 1492 1493 static void check_pointer_type_change(Notifier *notifier, void *data) 1494 { 1495 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1496 int absolute = qemu_input_is_absolute(); 1497 1498 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1499 vnc_lock_output(vs); 1500 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1501 vnc_write_u8(vs, 0); 1502 vnc_write_u16(vs, 1); 1503 vnc_framebuffer_update(vs, absolute, 0, 1504 pixman_image_get_width(vs->vd->server), 1505 pixman_image_get_height(vs->vd->server), 1506 VNC_ENCODING_POINTER_TYPE_CHANGE); 1507 vnc_unlock_output(vs); 1508 vnc_flush(vs); 1509 } 1510 vs->absolute = absolute; 1511 } 1512 1513 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1514 { 1515 static uint32_t bmap[INPUT_BUTTON_MAX] = { 1516 [INPUT_BUTTON_LEFT] = 0x01, 1517 [INPUT_BUTTON_MIDDLE] = 0x02, 1518 [INPUT_BUTTON_RIGHT] = 0x04, 1519 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1520 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1521 }; 1522 QemuConsole *con = vs->vd->dcl.con; 1523 int width = pixman_image_get_width(vs->vd->server); 1524 int height = pixman_image_get_height(vs->vd->server); 1525 1526 if (vs->last_bmask != button_mask) { 1527 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1528 vs->last_bmask = button_mask; 1529 } 1530 1531 if (vs->absolute) { 1532 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1533 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1534 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1535 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1536 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1537 } else { 1538 if (vs->last_x != -1) { 1539 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1540 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1541 } 1542 vs->last_x = x; 1543 vs->last_y = y; 1544 } 1545 qemu_input_event_sync(); 1546 } 1547 1548 static void reset_keys(VncState *vs) 1549 { 1550 int i; 1551 for(i = 0; i < 256; i++) { 1552 if (vs->modifiers_state[i]) { 1553 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1554 vs->modifiers_state[i] = 0; 1555 } 1556 } 1557 } 1558 1559 static void press_key(VncState *vs, int keysym) 1560 { 1561 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1562 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1563 qemu_input_event_send_key_delay(0); 1564 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1565 qemu_input_event_send_key_delay(0); 1566 } 1567 1568 static int current_led_state(VncState *vs) 1569 { 1570 int ledstate = 0; 1571 1572 if (vs->modifiers_state[0x46]) { 1573 ledstate |= QEMU_SCROLL_LOCK_LED; 1574 } 1575 if (vs->modifiers_state[0x45]) { 1576 ledstate |= QEMU_NUM_LOCK_LED; 1577 } 1578 if (vs->modifiers_state[0x3a]) { 1579 ledstate |= QEMU_CAPS_LOCK_LED; 1580 } 1581 1582 return ledstate; 1583 } 1584 1585 static void vnc_led_state_change(VncState *vs) 1586 { 1587 int ledstate = 0; 1588 1589 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1590 return; 1591 } 1592 1593 ledstate = current_led_state(vs); 1594 vnc_lock_output(vs); 1595 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1596 vnc_write_u8(vs, 0); 1597 vnc_write_u16(vs, 1); 1598 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1599 vnc_write_u8(vs, ledstate); 1600 vnc_unlock_output(vs); 1601 vnc_flush(vs); 1602 } 1603 1604 static void kbd_leds(void *opaque, int ledstate) 1605 { 1606 VncState *vs = opaque; 1607 int caps, num, scr; 1608 bool has_changed = (ledstate != current_led_state(vs)); 1609 1610 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1611 (ledstate & QEMU_NUM_LOCK_LED), 1612 (ledstate & QEMU_SCROLL_LOCK_LED)); 1613 1614 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1615 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1616 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1617 1618 if (vs->modifiers_state[0x3a] != caps) { 1619 vs->modifiers_state[0x3a] = caps; 1620 } 1621 if (vs->modifiers_state[0x45] != num) { 1622 vs->modifiers_state[0x45] = num; 1623 } 1624 if (vs->modifiers_state[0x46] != scr) { 1625 vs->modifiers_state[0x46] = scr; 1626 } 1627 1628 /* Sending the current led state message to the client */ 1629 if (has_changed) { 1630 vnc_led_state_change(vs); 1631 } 1632 } 1633 1634 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1635 { 1636 /* QEMU console switch */ 1637 switch(keycode) { 1638 case 0x2a: /* Left Shift */ 1639 case 0x36: /* Right Shift */ 1640 case 0x1d: /* Left CTRL */ 1641 case 0x9d: /* Right CTRL */ 1642 case 0x38: /* Left ALT */ 1643 case 0xb8: /* Right ALT */ 1644 if (down) 1645 vs->modifiers_state[keycode] = 1; 1646 else 1647 vs->modifiers_state[keycode] = 0; 1648 break; 1649 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1650 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1651 /* Reset the modifiers sent to the current console */ 1652 reset_keys(vs); 1653 console_select(keycode - 0x02); 1654 return; 1655 } 1656 break; 1657 case 0x3a: /* CapsLock */ 1658 case 0x45: /* NumLock */ 1659 if (down) 1660 vs->modifiers_state[keycode] ^= 1; 1661 break; 1662 } 1663 1664 /* Turn off the lock state sync logic if the client support the led 1665 state extension. 1666 */ 1667 if (down && vs->vd->lock_key_sync && 1668 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1669 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1670 /* If the numlock state needs to change then simulate an additional 1671 keypress before sending this one. This will happen if the user 1672 toggles numlock away from the VNC window. 1673 */ 1674 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1675 if (!vs->modifiers_state[0x45]) { 1676 trace_vnc_key_sync_numlock(true); 1677 vs->modifiers_state[0x45] = 1; 1678 press_key(vs, 0xff7f); 1679 } 1680 } else { 1681 if (vs->modifiers_state[0x45]) { 1682 trace_vnc_key_sync_numlock(false); 1683 vs->modifiers_state[0x45] = 0; 1684 press_key(vs, 0xff7f); 1685 } 1686 } 1687 } 1688 1689 if (down && vs->vd->lock_key_sync && 1690 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1691 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1692 /* If the capslock state needs to change then simulate an additional 1693 keypress before sending this one. This will happen if the user 1694 toggles capslock away from the VNC window. 1695 */ 1696 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1697 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1698 int capslock = !!(vs->modifiers_state[0x3a]); 1699 if (capslock) { 1700 if (uppercase == shift) { 1701 trace_vnc_key_sync_capslock(false); 1702 vs->modifiers_state[0x3a] = 0; 1703 press_key(vs, 0xffe5); 1704 } 1705 } else { 1706 if (uppercase != shift) { 1707 trace_vnc_key_sync_capslock(true); 1708 vs->modifiers_state[0x3a] = 1; 1709 press_key(vs, 0xffe5); 1710 } 1711 } 1712 } 1713 1714 if (qemu_console_is_graphic(NULL)) { 1715 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1716 } else { 1717 bool numlock = vs->modifiers_state[0x45]; 1718 bool control = (vs->modifiers_state[0x1d] || 1719 vs->modifiers_state[0x9d]); 1720 /* QEMU console emulation */ 1721 if (down) { 1722 switch (keycode) { 1723 case 0x2a: /* Left Shift */ 1724 case 0x36: /* Right Shift */ 1725 case 0x1d: /* Left CTRL */ 1726 case 0x9d: /* Right CTRL */ 1727 case 0x38: /* Left ALT */ 1728 case 0xb8: /* Right ALT */ 1729 break; 1730 case 0xc8: 1731 kbd_put_keysym(QEMU_KEY_UP); 1732 break; 1733 case 0xd0: 1734 kbd_put_keysym(QEMU_KEY_DOWN); 1735 break; 1736 case 0xcb: 1737 kbd_put_keysym(QEMU_KEY_LEFT); 1738 break; 1739 case 0xcd: 1740 kbd_put_keysym(QEMU_KEY_RIGHT); 1741 break; 1742 case 0xd3: 1743 kbd_put_keysym(QEMU_KEY_DELETE); 1744 break; 1745 case 0xc7: 1746 kbd_put_keysym(QEMU_KEY_HOME); 1747 break; 1748 case 0xcf: 1749 kbd_put_keysym(QEMU_KEY_END); 1750 break; 1751 case 0xc9: 1752 kbd_put_keysym(QEMU_KEY_PAGEUP); 1753 break; 1754 case 0xd1: 1755 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1756 break; 1757 1758 case 0x47: 1759 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1760 break; 1761 case 0x48: 1762 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1763 break; 1764 case 0x49: 1765 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1766 break; 1767 case 0x4b: 1768 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1769 break; 1770 case 0x4c: 1771 kbd_put_keysym('5'); 1772 break; 1773 case 0x4d: 1774 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1775 break; 1776 case 0x4f: 1777 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1778 break; 1779 case 0x50: 1780 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1781 break; 1782 case 0x51: 1783 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1784 break; 1785 case 0x52: 1786 kbd_put_keysym('0'); 1787 break; 1788 case 0x53: 1789 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1790 break; 1791 1792 case 0xb5: 1793 kbd_put_keysym('/'); 1794 break; 1795 case 0x37: 1796 kbd_put_keysym('*'); 1797 break; 1798 case 0x4a: 1799 kbd_put_keysym('-'); 1800 break; 1801 case 0x4e: 1802 kbd_put_keysym('+'); 1803 break; 1804 case 0x9c: 1805 kbd_put_keysym('\n'); 1806 break; 1807 1808 default: 1809 if (control) { 1810 kbd_put_keysym(sym & 0x1f); 1811 } else { 1812 kbd_put_keysym(sym); 1813 } 1814 break; 1815 } 1816 } 1817 } 1818 } 1819 1820 static void vnc_release_modifiers(VncState *vs) 1821 { 1822 static const int keycodes[] = { 1823 /* shift, control, alt keys, both left & right */ 1824 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1825 }; 1826 int i, keycode; 1827 1828 if (!qemu_console_is_graphic(NULL)) { 1829 return; 1830 } 1831 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1832 keycode = keycodes[i]; 1833 if (!vs->modifiers_state[keycode]) { 1834 continue; 1835 } 1836 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1837 } 1838 } 1839 1840 static const char *code2name(int keycode) 1841 { 1842 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1843 } 1844 1845 static void key_event(VncState *vs, int down, uint32_t sym) 1846 { 1847 int keycode; 1848 int lsym = sym; 1849 1850 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1851 lsym = lsym - 'A' + 'a'; 1852 } 1853 1854 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1855 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1856 do_key_event(vs, down, keycode, sym); 1857 } 1858 1859 static void ext_key_event(VncState *vs, int down, 1860 uint32_t sym, uint16_t keycode) 1861 { 1862 /* if the user specifies a keyboard layout, always use it */ 1863 if (keyboard_layout) { 1864 key_event(vs, down, sym); 1865 } else { 1866 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1867 do_key_event(vs, down, keycode, sym); 1868 } 1869 } 1870 1871 static void framebuffer_update_request(VncState *vs, int incremental, 1872 int x, int y, int w, int h) 1873 { 1874 int width = pixman_image_get_width(vs->vd->server); 1875 int height = pixman_image_get_height(vs->vd->server); 1876 1877 vs->need_update = 1; 1878 1879 if (incremental) { 1880 return; 1881 } 1882 1883 vs->force_update = 1; 1884 vnc_set_area_dirty(vs->dirty, width, height, x, y, w, h); 1885 } 1886 1887 static void send_ext_key_event_ack(VncState *vs) 1888 { 1889 vnc_lock_output(vs); 1890 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1891 vnc_write_u8(vs, 0); 1892 vnc_write_u16(vs, 1); 1893 vnc_framebuffer_update(vs, 0, 0, 1894 pixman_image_get_width(vs->vd->server), 1895 pixman_image_get_height(vs->vd->server), 1896 VNC_ENCODING_EXT_KEY_EVENT); 1897 vnc_unlock_output(vs); 1898 vnc_flush(vs); 1899 } 1900 1901 static void send_ext_audio_ack(VncState *vs) 1902 { 1903 vnc_lock_output(vs); 1904 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1905 vnc_write_u8(vs, 0); 1906 vnc_write_u16(vs, 1); 1907 vnc_framebuffer_update(vs, 0, 0, 1908 pixman_image_get_width(vs->vd->server), 1909 pixman_image_get_height(vs->vd->server), 1910 VNC_ENCODING_AUDIO); 1911 vnc_unlock_output(vs); 1912 vnc_flush(vs); 1913 } 1914 1915 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1916 { 1917 int i; 1918 unsigned int enc = 0; 1919 1920 vs->features = 0; 1921 vs->vnc_encoding = 0; 1922 vs->tight.compression = 9; 1923 vs->tight.quality = -1; /* Lossless by default */ 1924 vs->absolute = -1; 1925 1926 /* 1927 * Start from the end because the encodings are sent in order of preference. 1928 * This way the preferred encoding (first encoding defined in the array) 1929 * will be set at the end of the loop. 1930 */ 1931 for (i = n_encodings - 1; i >= 0; i--) { 1932 enc = encodings[i]; 1933 switch (enc) { 1934 case VNC_ENCODING_RAW: 1935 vs->vnc_encoding = enc; 1936 break; 1937 case VNC_ENCODING_COPYRECT: 1938 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1939 break; 1940 case VNC_ENCODING_HEXTILE: 1941 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1942 vs->vnc_encoding = enc; 1943 break; 1944 case VNC_ENCODING_TIGHT: 1945 vs->features |= VNC_FEATURE_TIGHT_MASK; 1946 vs->vnc_encoding = enc; 1947 break; 1948 #ifdef CONFIG_VNC_PNG 1949 case VNC_ENCODING_TIGHT_PNG: 1950 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1951 vs->vnc_encoding = enc; 1952 break; 1953 #endif 1954 case VNC_ENCODING_ZLIB: 1955 vs->features |= VNC_FEATURE_ZLIB_MASK; 1956 vs->vnc_encoding = enc; 1957 break; 1958 case VNC_ENCODING_ZRLE: 1959 vs->features |= VNC_FEATURE_ZRLE_MASK; 1960 vs->vnc_encoding = enc; 1961 break; 1962 case VNC_ENCODING_ZYWRLE: 1963 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1964 vs->vnc_encoding = enc; 1965 break; 1966 case VNC_ENCODING_DESKTOPRESIZE: 1967 vs->features |= VNC_FEATURE_RESIZE_MASK; 1968 break; 1969 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1970 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1971 break; 1972 case VNC_ENCODING_RICH_CURSOR: 1973 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1974 break; 1975 case VNC_ENCODING_EXT_KEY_EVENT: 1976 send_ext_key_event_ack(vs); 1977 break; 1978 case VNC_ENCODING_AUDIO: 1979 send_ext_audio_ack(vs); 1980 break; 1981 case VNC_ENCODING_WMVi: 1982 vs->features |= VNC_FEATURE_WMVI_MASK; 1983 break; 1984 case VNC_ENCODING_LED_STATE: 1985 vs->features |= VNC_FEATURE_LED_STATE_MASK; 1986 break; 1987 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1988 vs->tight.compression = (enc & 0x0F); 1989 break; 1990 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1991 if (vs->vd->lossy) { 1992 vs->tight.quality = (enc & 0x0F); 1993 } 1994 break; 1995 default: 1996 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1997 break; 1998 } 1999 } 2000 vnc_desktop_resize(vs); 2001 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2002 vnc_led_state_change(vs); 2003 } 2004 2005 static void set_pixel_conversion(VncState *vs) 2006 { 2007 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2008 2009 if (fmt == VNC_SERVER_FB_FORMAT) { 2010 vs->write_pixels = vnc_write_pixels_copy; 2011 vnc_hextile_set_pixel_conversion(vs, 0); 2012 } else { 2013 vs->write_pixels = vnc_write_pixels_generic; 2014 vnc_hextile_set_pixel_conversion(vs, 1); 2015 } 2016 } 2017 2018 static void set_pixel_format(VncState *vs, 2019 int bits_per_pixel, int depth, 2020 int big_endian_flag, int true_color_flag, 2021 int red_max, int green_max, int blue_max, 2022 int red_shift, int green_shift, int blue_shift) 2023 { 2024 if (!true_color_flag) { 2025 vnc_client_error(vs); 2026 return; 2027 } 2028 2029 vs->client_pf.rmax = red_max; 2030 vs->client_pf.rbits = hweight_long(red_max); 2031 vs->client_pf.rshift = red_shift; 2032 vs->client_pf.rmask = red_max << red_shift; 2033 vs->client_pf.gmax = green_max; 2034 vs->client_pf.gbits = hweight_long(green_max); 2035 vs->client_pf.gshift = green_shift; 2036 vs->client_pf.gmask = green_max << green_shift; 2037 vs->client_pf.bmax = blue_max; 2038 vs->client_pf.bbits = hweight_long(blue_max); 2039 vs->client_pf.bshift = blue_shift; 2040 vs->client_pf.bmask = blue_max << blue_shift; 2041 vs->client_pf.bits_per_pixel = bits_per_pixel; 2042 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2043 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2044 vs->client_be = big_endian_flag; 2045 2046 set_pixel_conversion(vs); 2047 2048 graphic_hw_invalidate(NULL); 2049 graphic_hw_update(NULL); 2050 } 2051 2052 static void pixel_format_message (VncState *vs) { 2053 char pad[3] = { 0, 0, 0 }; 2054 2055 vs->client_pf = qemu_default_pixelformat(32); 2056 2057 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2058 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2059 2060 #ifdef HOST_WORDS_BIGENDIAN 2061 vnc_write_u8(vs, 1); /* big-endian-flag */ 2062 #else 2063 vnc_write_u8(vs, 0); /* big-endian-flag */ 2064 #endif 2065 vnc_write_u8(vs, 1); /* true-color-flag */ 2066 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2067 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2068 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2069 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2070 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2071 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2072 vnc_write(vs, pad, 3); /* padding */ 2073 2074 vnc_hextile_set_pixel_conversion(vs, 0); 2075 vs->write_pixels = vnc_write_pixels_copy; 2076 } 2077 2078 static void vnc_colordepth(VncState *vs) 2079 { 2080 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2081 /* Sending a WMVi message to notify the client*/ 2082 vnc_lock_output(vs); 2083 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2084 vnc_write_u8(vs, 0); 2085 vnc_write_u16(vs, 1); /* number of rects */ 2086 vnc_framebuffer_update(vs, 0, 0, 2087 pixman_image_get_width(vs->vd->server), 2088 pixman_image_get_height(vs->vd->server), 2089 VNC_ENCODING_WMVi); 2090 pixel_format_message(vs); 2091 vnc_unlock_output(vs); 2092 vnc_flush(vs); 2093 } else { 2094 set_pixel_conversion(vs); 2095 } 2096 } 2097 2098 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2099 { 2100 int i; 2101 uint16_t limit; 2102 VncDisplay *vd = vs->vd; 2103 2104 if (data[0] > 3) { 2105 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2106 } 2107 2108 switch (data[0]) { 2109 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2110 if (len == 1) 2111 return 20; 2112 2113 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2114 read_u8(data, 6), read_u8(data, 7), 2115 read_u16(data, 8), read_u16(data, 10), 2116 read_u16(data, 12), read_u8(data, 14), 2117 read_u8(data, 15), read_u8(data, 16)); 2118 break; 2119 case VNC_MSG_CLIENT_SET_ENCODINGS: 2120 if (len == 1) 2121 return 4; 2122 2123 if (len == 4) { 2124 limit = read_u16(data, 2); 2125 if (limit > 0) 2126 return 4 + (limit * 4); 2127 } else 2128 limit = read_u16(data, 2); 2129 2130 for (i = 0; i < limit; i++) { 2131 int32_t val = read_s32(data, 4 + (i * 4)); 2132 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2133 } 2134 2135 set_encodings(vs, (int32_t *)(data + 4), limit); 2136 break; 2137 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2138 if (len == 1) 2139 return 10; 2140 2141 framebuffer_update_request(vs, 2142 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2143 read_u16(data, 6), read_u16(data, 8)); 2144 break; 2145 case VNC_MSG_CLIENT_KEY_EVENT: 2146 if (len == 1) 2147 return 8; 2148 2149 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2150 break; 2151 case VNC_MSG_CLIENT_POINTER_EVENT: 2152 if (len == 1) 2153 return 6; 2154 2155 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2156 break; 2157 case VNC_MSG_CLIENT_CUT_TEXT: 2158 if (len == 1) { 2159 return 8; 2160 } 2161 if (len == 8) { 2162 uint32_t dlen = read_u32(data, 4); 2163 if (dlen > (1 << 20)) { 2164 error_report("vnc: client_cut_text msg payload has %u bytes" 2165 " which exceeds our limit of 1MB.", dlen); 2166 vnc_client_error(vs); 2167 break; 2168 } 2169 if (dlen > 0) { 2170 return 8 + dlen; 2171 } 2172 } 2173 2174 client_cut_text(vs, read_u32(data, 4), data + 8); 2175 break; 2176 case VNC_MSG_CLIENT_QEMU: 2177 if (len == 1) 2178 return 2; 2179 2180 switch (read_u8(data, 1)) { 2181 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2182 if (len == 2) 2183 return 12; 2184 2185 ext_key_event(vs, read_u16(data, 2), 2186 read_u32(data, 4), read_u32(data, 8)); 2187 break; 2188 case VNC_MSG_CLIENT_QEMU_AUDIO: 2189 if (len == 2) 2190 return 4; 2191 2192 switch (read_u16 (data, 2)) { 2193 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2194 audio_add(vs); 2195 break; 2196 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2197 audio_del(vs); 2198 break; 2199 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2200 if (len == 4) 2201 return 10; 2202 switch (read_u8(data, 4)) { 2203 case 0: vs->as.fmt = AUD_FMT_U8; break; 2204 case 1: vs->as.fmt = AUD_FMT_S8; break; 2205 case 2: vs->as.fmt = AUD_FMT_U16; break; 2206 case 3: vs->as.fmt = AUD_FMT_S16; break; 2207 case 4: vs->as.fmt = AUD_FMT_U32; break; 2208 case 5: vs->as.fmt = AUD_FMT_S32; break; 2209 default: 2210 printf("Invalid audio format %d\n", read_u8(data, 4)); 2211 vnc_client_error(vs); 2212 break; 2213 } 2214 vs->as.nchannels = read_u8(data, 5); 2215 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2216 printf("Invalid audio channel coount %d\n", 2217 read_u8(data, 5)); 2218 vnc_client_error(vs); 2219 break; 2220 } 2221 vs->as.freq = read_u32(data, 6); 2222 break; 2223 default: 2224 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2225 vnc_client_error(vs); 2226 break; 2227 } 2228 break; 2229 2230 default: 2231 printf("Msg: %d\n", read_u16(data, 0)); 2232 vnc_client_error(vs); 2233 break; 2234 } 2235 break; 2236 default: 2237 printf("Msg: %d\n", data[0]); 2238 vnc_client_error(vs); 2239 break; 2240 } 2241 2242 vnc_read_when(vs, protocol_client_msg, 1); 2243 return 0; 2244 } 2245 2246 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2247 { 2248 char buf[1024]; 2249 VncShareMode mode; 2250 int size; 2251 2252 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2253 switch (vs->vd->share_policy) { 2254 case VNC_SHARE_POLICY_IGNORE: 2255 /* 2256 * Ignore the shared flag. Nothing to do here. 2257 * 2258 * Doesn't conform to the rfb spec but is traditional qemu 2259 * behavior, thus left here as option for compatibility 2260 * reasons. 2261 */ 2262 break; 2263 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2264 /* 2265 * Policy: Allow clients ask for exclusive access. 2266 * 2267 * Implementation: When a client asks for exclusive access, 2268 * disconnect all others. Shared connects are allowed as long 2269 * as no exclusive connection exists. 2270 * 2271 * This is how the rfb spec suggests to handle the shared flag. 2272 */ 2273 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2274 VncState *client; 2275 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2276 if (vs == client) { 2277 continue; 2278 } 2279 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2280 client->share_mode != VNC_SHARE_MODE_SHARED) { 2281 continue; 2282 } 2283 vnc_disconnect_start(client); 2284 } 2285 } 2286 if (mode == VNC_SHARE_MODE_SHARED) { 2287 if (vs->vd->num_exclusive > 0) { 2288 vnc_disconnect_start(vs); 2289 return 0; 2290 } 2291 } 2292 break; 2293 case VNC_SHARE_POLICY_FORCE_SHARED: 2294 /* 2295 * Policy: Shared connects only. 2296 * Implementation: Disallow clients asking for exclusive access. 2297 * 2298 * Useful for shared desktop sessions where you don't want 2299 * someone forgetting to say -shared when running the vnc 2300 * client disconnect everybody else. 2301 */ 2302 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2303 vnc_disconnect_start(vs); 2304 return 0; 2305 } 2306 break; 2307 } 2308 vnc_set_share_mode(vs, mode); 2309 2310 vs->client_width = pixman_image_get_width(vs->vd->server); 2311 vs->client_height = pixman_image_get_height(vs->vd->server); 2312 vnc_write_u16(vs, vs->client_width); 2313 vnc_write_u16(vs, vs->client_height); 2314 2315 pixel_format_message(vs); 2316 2317 if (qemu_name) 2318 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2319 else 2320 size = snprintf(buf, sizeof(buf), "QEMU"); 2321 2322 vnc_write_u32(vs, size); 2323 vnc_write(vs, buf, size); 2324 vnc_flush(vs); 2325 2326 vnc_client_cache_auth(vs); 2327 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2328 2329 vnc_read_when(vs, protocol_client_msg, 1); 2330 2331 return 0; 2332 } 2333 2334 void start_client_init(VncState *vs) 2335 { 2336 vnc_read_when(vs, protocol_client_init, 1); 2337 } 2338 2339 static void make_challenge(VncState *vs) 2340 { 2341 int i; 2342 2343 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2344 2345 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2346 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2347 } 2348 2349 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2350 { 2351 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2352 int i, j, pwlen; 2353 unsigned char key[8]; 2354 time_t now = time(NULL); 2355 2356 if (!vs->vd->password) { 2357 VNC_DEBUG("No password configured on server"); 2358 goto reject; 2359 } 2360 if (vs->vd->expires < now) { 2361 VNC_DEBUG("Password is expired"); 2362 goto reject; 2363 } 2364 2365 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2366 2367 /* Calculate the expected challenge response */ 2368 pwlen = strlen(vs->vd->password); 2369 for (i=0; i<sizeof(key); i++) 2370 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2371 deskey(key, EN0); 2372 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2373 des(response+j, response+j); 2374 2375 /* Compare expected vs actual challenge response */ 2376 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2377 VNC_DEBUG("Client challenge response did not match\n"); 2378 goto reject; 2379 } else { 2380 VNC_DEBUG("Accepting VNC challenge response\n"); 2381 vnc_write_u32(vs, 0); /* Accept auth */ 2382 vnc_flush(vs); 2383 2384 start_client_init(vs); 2385 } 2386 return 0; 2387 2388 reject: 2389 vnc_write_u32(vs, 1); /* Reject auth */ 2390 if (vs->minor >= 8) { 2391 static const char err[] = "Authentication failed"; 2392 vnc_write_u32(vs, sizeof(err)); 2393 vnc_write(vs, err, sizeof(err)); 2394 } 2395 vnc_flush(vs); 2396 vnc_client_error(vs); 2397 return 0; 2398 } 2399 2400 void start_auth_vnc(VncState *vs) 2401 { 2402 make_challenge(vs); 2403 /* Send client a 'random' challenge */ 2404 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2405 vnc_flush(vs); 2406 2407 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2408 } 2409 2410 2411 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2412 { 2413 /* We only advertise 1 auth scheme at a time, so client 2414 * must pick the one we sent. Verify this */ 2415 if (data[0] != vs->auth) { /* Reject auth */ 2416 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2417 vnc_write_u32(vs, 1); 2418 if (vs->minor >= 8) { 2419 static const char err[] = "Authentication failed"; 2420 vnc_write_u32(vs, sizeof(err)); 2421 vnc_write(vs, err, sizeof(err)); 2422 } 2423 vnc_client_error(vs); 2424 } else { /* Accept requested auth */ 2425 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2426 switch (vs->auth) { 2427 case VNC_AUTH_NONE: 2428 VNC_DEBUG("Accept auth none\n"); 2429 if (vs->minor >= 8) { 2430 vnc_write_u32(vs, 0); /* Accept auth completion */ 2431 vnc_flush(vs); 2432 } 2433 start_client_init(vs); 2434 break; 2435 2436 case VNC_AUTH_VNC: 2437 VNC_DEBUG("Start VNC auth\n"); 2438 start_auth_vnc(vs); 2439 break; 2440 2441 #ifdef CONFIG_VNC_TLS 2442 case VNC_AUTH_VENCRYPT: 2443 VNC_DEBUG("Accept VeNCrypt auth\n"); 2444 start_auth_vencrypt(vs); 2445 break; 2446 #endif /* CONFIG_VNC_TLS */ 2447 2448 #ifdef CONFIG_VNC_SASL 2449 case VNC_AUTH_SASL: 2450 VNC_DEBUG("Accept SASL auth\n"); 2451 start_auth_sasl(vs); 2452 break; 2453 #endif /* CONFIG_VNC_SASL */ 2454 2455 default: /* Should not be possible, but just in case */ 2456 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2457 vnc_write_u8(vs, 1); 2458 if (vs->minor >= 8) { 2459 static const char err[] = "Authentication failed"; 2460 vnc_write_u32(vs, sizeof(err)); 2461 vnc_write(vs, err, sizeof(err)); 2462 } 2463 vnc_client_error(vs); 2464 } 2465 } 2466 return 0; 2467 } 2468 2469 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2470 { 2471 char local[13]; 2472 2473 memcpy(local, version, 12); 2474 local[12] = 0; 2475 2476 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2477 VNC_DEBUG("Malformed protocol version %s\n", local); 2478 vnc_client_error(vs); 2479 return 0; 2480 } 2481 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2482 if (vs->major != 3 || 2483 (vs->minor != 3 && 2484 vs->minor != 4 && 2485 vs->minor != 5 && 2486 vs->minor != 7 && 2487 vs->minor != 8)) { 2488 VNC_DEBUG("Unsupported client version\n"); 2489 vnc_write_u32(vs, VNC_AUTH_INVALID); 2490 vnc_flush(vs); 2491 vnc_client_error(vs); 2492 return 0; 2493 } 2494 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2495 * as equivalent to v3.3 by servers 2496 */ 2497 if (vs->minor == 4 || vs->minor == 5) 2498 vs->minor = 3; 2499 2500 if (vs->minor == 3) { 2501 if (vs->auth == VNC_AUTH_NONE) { 2502 VNC_DEBUG("Tell client auth none\n"); 2503 vnc_write_u32(vs, vs->auth); 2504 vnc_flush(vs); 2505 start_client_init(vs); 2506 } else if (vs->auth == VNC_AUTH_VNC) { 2507 VNC_DEBUG("Tell client VNC auth\n"); 2508 vnc_write_u32(vs, vs->auth); 2509 vnc_flush(vs); 2510 start_auth_vnc(vs); 2511 } else { 2512 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2513 vnc_write_u32(vs, VNC_AUTH_INVALID); 2514 vnc_flush(vs); 2515 vnc_client_error(vs); 2516 } 2517 } else { 2518 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2519 vnc_write_u8(vs, 1); /* num auth */ 2520 vnc_write_u8(vs, vs->auth); 2521 vnc_read_when(vs, protocol_client_auth, 1); 2522 vnc_flush(vs); 2523 } 2524 2525 return 0; 2526 } 2527 2528 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2529 { 2530 struct VncSurface *vs = &vd->guest; 2531 2532 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2533 } 2534 2535 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2536 { 2537 int i, j; 2538 2539 w = (x + w) / VNC_STAT_RECT; 2540 h = (y + h) / VNC_STAT_RECT; 2541 x /= VNC_STAT_RECT; 2542 y /= VNC_STAT_RECT; 2543 2544 for (j = y; j <= h; j++) { 2545 for (i = x; i <= w; i++) { 2546 vs->lossy_rect[j][i] = 1; 2547 } 2548 } 2549 } 2550 2551 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2552 { 2553 VncState *vs; 2554 int sty = y / VNC_STAT_RECT; 2555 int stx = x / VNC_STAT_RECT; 2556 int has_dirty = 0; 2557 2558 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2559 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2560 2561 QTAILQ_FOREACH(vs, &vd->clients, next) { 2562 int j; 2563 2564 /* kernel send buffers are full -> refresh later */ 2565 if (vs->output.offset) { 2566 continue; 2567 } 2568 2569 if (!vs->lossy_rect[sty][stx]) { 2570 continue; 2571 } 2572 2573 vs->lossy_rect[sty][stx] = 0; 2574 for (j = 0; j < VNC_STAT_RECT; ++j) { 2575 bitmap_set(vs->dirty[y + j], 2576 x / VNC_DIRTY_PIXELS_PER_BIT, 2577 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2578 } 2579 has_dirty++; 2580 } 2581 2582 return has_dirty; 2583 } 2584 2585 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2586 { 2587 int width = pixman_image_get_width(vd->guest.fb); 2588 int height = pixman_image_get_height(vd->guest.fb); 2589 int x, y; 2590 struct timeval res; 2591 int has_dirty = 0; 2592 2593 for (y = 0; y < height; y += VNC_STAT_RECT) { 2594 for (x = 0; x < width; x += VNC_STAT_RECT) { 2595 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2596 2597 rect->updated = false; 2598 } 2599 } 2600 2601 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2602 2603 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2604 return has_dirty; 2605 } 2606 vd->guest.last_freq_check = *tv; 2607 2608 for (y = 0; y < height; y += VNC_STAT_RECT) { 2609 for (x = 0; x < width; x += VNC_STAT_RECT) { 2610 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2611 int count = ARRAY_SIZE(rect->times); 2612 struct timeval min, max; 2613 2614 if (!timerisset(&rect->times[count - 1])) { 2615 continue ; 2616 } 2617 2618 max = rect->times[(rect->idx + count - 1) % count]; 2619 qemu_timersub(tv, &max, &res); 2620 2621 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2622 rect->freq = 0; 2623 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2624 memset(rect->times, 0, sizeof (rect->times)); 2625 continue ; 2626 } 2627 2628 min = rect->times[rect->idx]; 2629 max = rect->times[(rect->idx + count - 1) % count]; 2630 qemu_timersub(&max, &min, &res); 2631 2632 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2633 rect->freq /= count; 2634 rect->freq = 1. / rect->freq; 2635 } 2636 } 2637 return has_dirty; 2638 } 2639 2640 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2641 { 2642 int i, j; 2643 double total = 0; 2644 int num = 0; 2645 2646 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2647 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2648 2649 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2650 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2651 total += vnc_stat_rect(vs->vd, i, j)->freq; 2652 num++; 2653 } 2654 } 2655 2656 if (num) { 2657 return total / num; 2658 } else { 2659 return 0; 2660 } 2661 } 2662 2663 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2664 { 2665 VncRectStat *rect; 2666 2667 rect = vnc_stat_rect(vd, x, y); 2668 if (rect->updated) { 2669 return ; 2670 } 2671 rect->times[rect->idx] = *tv; 2672 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2673 rect->updated = true; 2674 } 2675 2676 static int vnc_refresh_server_surface(VncDisplay *vd) 2677 { 2678 int width = MIN(pixman_image_get_width(vd->guest.fb), 2679 pixman_image_get_width(vd->server)); 2680 int height = MIN(pixman_image_get_height(vd->guest.fb), 2681 pixman_image_get_height(vd->server)); 2682 int cmp_bytes, server_stride, min_stride, guest_stride, y = 0; 2683 uint8_t *guest_row0 = NULL, *server_row0; 2684 VncState *vs; 2685 int has_dirty = 0; 2686 pixman_image_t *tmpbuf = NULL; 2687 2688 struct timeval tv = { 0, 0 }; 2689 2690 if (!vd->non_adaptive) { 2691 gettimeofday(&tv, NULL); 2692 has_dirty = vnc_update_stats(vd, &tv); 2693 } 2694 2695 /* 2696 * Walk through the guest dirty map. 2697 * Check and copy modified bits from guest to server surface. 2698 * Update server dirty map. 2699 */ 2700 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2701 server_stride = guest_stride = pixman_image_get_stride(vd->server); 2702 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2703 server_stride); 2704 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2705 int width = pixman_image_get_width(vd->server); 2706 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2707 } else { 2708 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2709 guest_stride = pixman_image_get_stride(vd->guest.fb); 2710 } 2711 min_stride = MIN(server_stride, guest_stride); 2712 2713 for (;;) { 2714 int x; 2715 uint8_t *guest_ptr, *server_ptr; 2716 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2717 height * VNC_DIRTY_BPL(&vd->guest), 2718 y * VNC_DIRTY_BPL(&vd->guest)); 2719 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2720 /* no more dirty bits */ 2721 break; 2722 } 2723 y = offset / VNC_DIRTY_BPL(&vd->guest); 2724 x = offset % VNC_DIRTY_BPL(&vd->guest); 2725 2726 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2727 2728 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2729 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2730 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2731 } else { 2732 guest_ptr = guest_row0 + y * guest_stride; 2733 } 2734 guest_ptr += x * cmp_bytes; 2735 2736 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2737 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2738 int _cmp_bytes = cmp_bytes; 2739 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2740 continue; 2741 } 2742 if ((x + 1) * cmp_bytes > min_stride) { 2743 _cmp_bytes = min_stride - x * cmp_bytes; 2744 } 2745 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2746 continue; 2747 } 2748 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2749 if (!vd->non_adaptive) { 2750 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2751 y, &tv); 2752 } 2753 QTAILQ_FOREACH(vs, &vd->clients, next) { 2754 set_bit(x, vs->dirty[y]); 2755 } 2756 has_dirty++; 2757 } 2758 2759 y++; 2760 } 2761 qemu_pixman_image_unref(tmpbuf); 2762 return has_dirty; 2763 } 2764 2765 static void vnc_refresh(DisplayChangeListener *dcl) 2766 { 2767 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2768 VncState *vs, *vn; 2769 int has_dirty, rects = 0; 2770 2771 graphic_hw_update(NULL); 2772 2773 if (vnc_trylock_display(vd)) { 2774 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2775 return; 2776 } 2777 2778 has_dirty = vnc_refresh_server_surface(vd); 2779 vnc_unlock_display(vd); 2780 2781 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2782 rects += vnc_update_client(vs, has_dirty, false); 2783 /* vs might be free()ed here */ 2784 } 2785 2786 if (QTAILQ_EMPTY(&vd->clients)) { 2787 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2788 return; 2789 } 2790 2791 if (has_dirty && rects) { 2792 vd->dcl.update_interval /= 2; 2793 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2794 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2795 } 2796 } else { 2797 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2798 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2799 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2800 } 2801 } 2802 } 2803 2804 static void vnc_connect(VncDisplay *vd, int csock, 2805 bool skipauth, bool websocket) 2806 { 2807 VncState *vs = g_malloc0(sizeof(VncState)); 2808 int i; 2809 2810 vs->csock = csock; 2811 2812 if (skipauth) { 2813 vs->auth = VNC_AUTH_NONE; 2814 #ifdef CONFIG_VNC_TLS 2815 vs->subauth = VNC_AUTH_INVALID; 2816 #endif 2817 } else { 2818 vs->auth = vd->auth; 2819 #ifdef CONFIG_VNC_TLS 2820 vs->subauth = vd->subauth; 2821 #endif 2822 } 2823 2824 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2825 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2826 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2827 } 2828 2829 VNC_DEBUG("New client on socket %d\n", csock); 2830 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2831 qemu_set_nonblock(vs->csock); 2832 #ifdef CONFIG_VNC_WS 2833 if (websocket) { 2834 vs->websocket = 1; 2835 #ifdef CONFIG_VNC_TLS 2836 if (vd->tls.x509cert) { 2837 qemu_set_fd_handler2(vs->csock, NULL, vncws_tls_handshake_peek, 2838 NULL, vs); 2839 } else 2840 #endif /* CONFIG_VNC_TLS */ 2841 { 2842 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, 2843 NULL, vs); 2844 } 2845 } else 2846 #endif /* CONFIG_VNC_WS */ 2847 { 2848 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2849 } 2850 2851 vnc_client_cache_addr(vs); 2852 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 2853 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2854 2855 vs->vd = vd; 2856 2857 #ifdef CONFIG_VNC_WS 2858 if (!vs->websocket) 2859 #endif 2860 { 2861 vnc_init_state(vs); 2862 } 2863 } 2864 2865 void vnc_init_state(VncState *vs) 2866 { 2867 vs->initialized = true; 2868 VncDisplay *vd = vs->vd; 2869 2870 vs->last_x = -1; 2871 vs->last_y = -1; 2872 2873 vs->as.freq = 44100; 2874 vs->as.nchannels = 2; 2875 vs->as.fmt = AUD_FMT_S16; 2876 vs->as.endianness = 0; 2877 2878 qemu_mutex_init(&vs->output_mutex); 2879 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2880 2881 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2882 2883 graphic_hw_update(NULL); 2884 2885 vnc_write(vs, "RFB 003.008\n", 12); 2886 vnc_flush(vs); 2887 vnc_read_when(vs, protocol_version, 12); 2888 reset_keys(vs); 2889 if (vs->vd->lock_key_sync) 2890 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2891 2892 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2893 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2894 2895 /* vs might be free()ed here */ 2896 } 2897 2898 static void vnc_listen_read(void *opaque, bool websocket) 2899 { 2900 VncDisplay *vs = opaque; 2901 struct sockaddr_in addr; 2902 socklen_t addrlen = sizeof(addr); 2903 int csock; 2904 2905 /* Catch-up */ 2906 graphic_hw_update(NULL); 2907 #ifdef CONFIG_VNC_WS 2908 if (websocket) { 2909 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 2910 } else 2911 #endif /* CONFIG_VNC_WS */ 2912 { 2913 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2914 } 2915 2916 if (csock != -1) { 2917 vnc_connect(vs, csock, false, websocket); 2918 } 2919 } 2920 2921 static void vnc_listen_regular_read(void *opaque) 2922 { 2923 vnc_listen_read(opaque, false); 2924 } 2925 2926 #ifdef CONFIG_VNC_WS 2927 static void vnc_listen_websocket_read(void *opaque) 2928 { 2929 vnc_listen_read(opaque, true); 2930 } 2931 #endif /* CONFIG_VNC_WS */ 2932 2933 static const DisplayChangeListenerOps dcl_ops = { 2934 .dpy_name = "vnc", 2935 .dpy_refresh = vnc_refresh, 2936 .dpy_gfx_copy = vnc_dpy_copy, 2937 .dpy_gfx_update = vnc_dpy_update, 2938 .dpy_gfx_switch = vnc_dpy_switch, 2939 .dpy_mouse_set = vnc_mouse_set, 2940 .dpy_cursor_define = vnc_dpy_cursor_define, 2941 }; 2942 2943 void vnc_display_init(DisplayState *ds) 2944 { 2945 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2946 2947 vnc_display = vs; 2948 2949 vs->lsock = -1; 2950 #ifdef CONFIG_VNC_WS 2951 vs->lwebsock = -1; 2952 #endif 2953 2954 QTAILQ_INIT(&vs->clients); 2955 vs->expires = TIME_MAX; 2956 2957 if (keyboard_layout) { 2958 trace_vnc_key_map_init(keyboard_layout); 2959 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2960 } else { 2961 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2962 } 2963 2964 if (!vs->kbd_layout) 2965 exit(1); 2966 2967 qemu_mutex_init(&vs->mutex); 2968 vnc_start_worker_thread(); 2969 2970 vs->dcl.ops = &dcl_ops; 2971 register_displaychangelistener(&vs->dcl); 2972 } 2973 2974 2975 static void vnc_display_close(DisplayState *ds) 2976 { 2977 VncDisplay *vs = vnc_display; 2978 2979 if (!vs) 2980 return; 2981 g_free(vs->display); 2982 vs->display = NULL; 2983 if (vs->lsock != -1) { 2984 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2985 close(vs->lsock); 2986 vs->lsock = -1; 2987 } 2988 #ifdef CONFIG_VNC_WS 2989 g_free(vs->ws_display); 2990 vs->ws_display = NULL; 2991 if (vs->lwebsock != -1) { 2992 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL); 2993 close(vs->lwebsock); 2994 vs->lwebsock = -1; 2995 } 2996 #endif /* CONFIG_VNC_WS */ 2997 vs->auth = VNC_AUTH_INVALID; 2998 #ifdef CONFIG_VNC_TLS 2999 vs->subauth = VNC_AUTH_INVALID; 3000 vs->tls.x509verify = 0; 3001 #endif 3002 } 3003 3004 int vnc_display_password(DisplayState *ds, const char *password) 3005 { 3006 VncDisplay *vs = vnc_display; 3007 3008 if (!vs) { 3009 return -EINVAL; 3010 } 3011 if (vs->auth == VNC_AUTH_NONE) { 3012 error_printf_unless_qmp("If you want use passwords please enable " 3013 "password auth using '-vnc ${dpy},password'."); 3014 return -EINVAL; 3015 } 3016 3017 g_free(vs->password); 3018 vs->password = g_strdup(password); 3019 3020 return 0; 3021 } 3022 3023 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 3024 { 3025 VncDisplay *vs = vnc_display; 3026 3027 if (!vs) { 3028 return -EINVAL; 3029 } 3030 3031 vs->expires = expires; 3032 return 0; 3033 } 3034 3035 char *vnc_display_local_addr(DisplayState *ds) 3036 { 3037 VncDisplay *vs = vnc_display; 3038 3039 return vnc_socket_local_addr("%s:%s", vs->lsock); 3040 } 3041 3042 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 3043 { 3044 VncDisplay *vs = vnc_display; 3045 const char *options; 3046 int password = 0; 3047 int reverse = 0; 3048 #ifdef CONFIG_VNC_TLS 3049 int tls = 0, x509 = 0; 3050 #endif 3051 #ifdef CONFIG_VNC_SASL 3052 int sasl = 0; 3053 int saslErr; 3054 #endif 3055 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3056 int acl = 0; 3057 #endif 3058 int lock_key_sync = 1; 3059 3060 if (!vnc_display) { 3061 error_setg(errp, "VNC display not active"); 3062 return; 3063 } 3064 vnc_display_close(ds); 3065 if (strcmp(display, "none") == 0) 3066 return; 3067 3068 vs->display = g_strdup(display); 3069 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3070 3071 options = display; 3072 while ((options = strchr(options, ','))) { 3073 options++; 3074 if (strncmp(options, "password", 8) == 0) { 3075 if (fips_get_state()) { 3076 error_setg(errp, 3077 "VNC password auth disabled due to FIPS mode, " 3078 "consider using the VeNCrypt or SASL authentication " 3079 "methods as an alternative"); 3080 goto fail; 3081 } 3082 password = 1; /* Require password auth */ 3083 } else if (strncmp(options, "reverse", 7) == 0) { 3084 reverse = 1; 3085 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 3086 lock_key_sync = 0; 3087 #ifdef CONFIG_VNC_SASL 3088 } else if (strncmp(options, "sasl", 4) == 0) { 3089 sasl = 1; /* Require SASL auth */ 3090 #endif 3091 #ifdef CONFIG_VNC_WS 3092 } else if (strncmp(options, "websocket", 9) == 0) { 3093 char *start, *end; 3094 vs->websocket = 1; 3095 3096 /* Check for 'websocket=<port>' */ 3097 start = strchr(options, '='); 3098 end = strchr(options, ','); 3099 if (start && (!end || (start < end))) { 3100 int len = end ? end-(start+1) : strlen(start+1); 3101 if (len < 6) { 3102 /* extract the host specification from display */ 3103 char *host = NULL, *port = NULL, *host_end = NULL; 3104 port = g_strndup(start + 1, len); 3105 3106 /* ipv6 hosts have colons */ 3107 end = strchr(display, ','); 3108 host_end = g_strrstr_len(display, end - display, ":"); 3109 3110 if (host_end) { 3111 host = g_strndup(display, host_end - display + 1); 3112 } else { 3113 host = g_strndup(":", 1); 3114 } 3115 vs->ws_display = g_strconcat(host, port, NULL); 3116 g_free(host); 3117 g_free(port); 3118 } 3119 } 3120 #endif /* CONFIG_VNC_WS */ 3121 #ifdef CONFIG_VNC_TLS 3122 } else if (strncmp(options, "tls", 3) == 0) { 3123 tls = 1; /* Require TLS */ 3124 } else if (strncmp(options, "x509", 4) == 0) { 3125 char *start, *end; 3126 x509 = 1; /* Require x509 certificates */ 3127 if (strncmp(options, "x509verify", 10) == 0) 3128 vs->tls.x509verify = 1; /* ...and verify client certs */ 3129 3130 /* Now check for 'x509=/some/path' postfix 3131 * and use that to setup x509 certificate/key paths */ 3132 start = strchr(options, '='); 3133 end = strchr(options, ','); 3134 if (start && (!end || (start < end))) { 3135 int len = end ? end-(start+1) : strlen(start+1); 3136 char *path = g_strndup(start + 1, len); 3137 3138 VNC_DEBUG("Trying certificate path '%s'\n", path); 3139 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3140 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 3141 g_free(path); 3142 goto fail; 3143 } 3144 g_free(path); 3145 } else { 3146 error_setg(errp, "No certificate path provided"); 3147 goto fail; 3148 } 3149 #endif 3150 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3151 } else if (strncmp(options, "acl", 3) == 0) { 3152 acl = 1; 3153 #endif 3154 } else if (strncmp(options, "lossy", 5) == 0) { 3155 #ifdef CONFIG_VNC_JPEG 3156 vs->lossy = true; 3157 #endif 3158 } else if (strncmp(options, "non-adaptive", 12) == 0) { 3159 vs->non_adaptive = true; 3160 } else if (strncmp(options, "share=", 6) == 0) { 3161 if (strncmp(options+6, "ignore", 6) == 0) { 3162 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3163 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 3164 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3165 } else if (strncmp(options+6, "force-shared", 12) == 0) { 3166 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3167 } else { 3168 error_setg(errp, "unknown vnc share= option"); 3169 goto fail; 3170 } 3171 } 3172 } 3173 3174 /* adaptive updates are only used with tight encoding and 3175 * if lossy updates are enabled so we can disable all the 3176 * calculations otherwise */ 3177 if (!vs->lossy) { 3178 vs->non_adaptive = true; 3179 } 3180 3181 #ifdef CONFIG_VNC_TLS 3182 if (acl && x509 && vs->tls.x509verify) { 3183 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 3184 fprintf(stderr, "Failed to create x509 dname ACL\n"); 3185 exit(1); 3186 } 3187 } 3188 #endif 3189 #ifdef CONFIG_VNC_SASL 3190 if (acl && sasl) { 3191 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 3192 fprintf(stderr, "Failed to create username ACL\n"); 3193 exit(1); 3194 } 3195 } 3196 #endif 3197 3198 /* 3199 * Combinations we support here: 3200 * 3201 * - no-auth (clear text, no auth) 3202 * - password (clear text, weak auth) 3203 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 3204 * - tls (encrypt, weak anonymous creds, no auth) 3205 * - tls + password (encrypt, weak anonymous creds, weak auth) 3206 * - tls + sasl (encrypt, weak anonymous creds, good auth) 3207 * - tls + x509 (encrypt, good x509 creds, no auth) 3208 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 3209 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 3210 * 3211 * NB1. TLS is a stackable auth scheme. 3212 * NB2. the x509 schemes have option to validate a client cert dname 3213 */ 3214 if (password) { 3215 #ifdef CONFIG_VNC_TLS 3216 if (tls) { 3217 vs->auth = VNC_AUTH_VENCRYPT; 3218 if (x509) { 3219 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3220 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3221 } else { 3222 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3223 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3224 } 3225 } else { 3226 #endif /* CONFIG_VNC_TLS */ 3227 VNC_DEBUG("Initializing VNC server with password auth\n"); 3228 vs->auth = VNC_AUTH_VNC; 3229 #ifdef CONFIG_VNC_TLS 3230 vs->subauth = VNC_AUTH_INVALID; 3231 } 3232 #endif /* CONFIG_VNC_TLS */ 3233 #ifdef CONFIG_VNC_SASL 3234 } else if (sasl) { 3235 #ifdef CONFIG_VNC_TLS 3236 if (tls) { 3237 vs->auth = VNC_AUTH_VENCRYPT; 3238 if (x509) { 3239 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3240 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3241 } else { 3242 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3243 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3244 } 3245 } else { 3246 #endif /* CONFIG_VNC_TLS */ 3247 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3248 vs->auth = VNC_AUTH_SASL; 3249 #ifdef CONFIG_VNC_TLS 3250 vs->subauth = VNC_AUTH_INVALID; 3251 } 3252 #endif /* CONFIG_VNC_TLS */ 3253 #endif /* CONFIG_VNC_SASL */ 3254 } else { 3255 #ifdef CONFIG_VNC_TLS 3256 if (tls) { 3257 vs->auth = VNC_AUTH_VENCRYPT; 3258 if (x509) { 3259 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3260 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3261 } else { 3262 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3263 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3264 } 3265 } else { 3266 #endif 3267 VNC_DEBUG("Initializing VNC server with no auth\n"); 3268 vs->auth = VNC_AUTH_NONE; 3269 #ifdef CONFIG_VNC_TLS 3270 vs->subauth = VNC_AUTH_INVALID; 3271 } 3272 #endif 3273 } 3274 3275 #ifdef CONFIG_VNC_SASL 3276 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3277 error_setg(errp, "Failed to initialize SASL auth: %s", 3278 sasl_errstring(saslErr, NULL, NULL)); 3279 goto fail; 3280 } 3281 #endif 3282 vs->lock_key_sync = lock_key_sync; 3283 3284 if (reverse) { 3285 /* connect to viewer */ 3286 int csock; 3287 vs->lsock = -1; 3288 #ifdef CONFIG_VNC_WS 3289 vs->lwebsock = -1; 3290 #endif 3291 if (strncmp(display, "unix:", 5) == 0) { 3292 csock = unix_connect(display+5, errp); 3293 } else { 3294 csock = inet_connect(display, errp); 3295 } 3296 if (csock < 0) { 3297 goto fail; 3298 } 3299 vnc_connect(vs, csock, false, false); 3300 } else { 3301 /* listen for connects */ 3302 char *dpy; 3303 dpy = g_malloc(256); 3304 if (strncmp(display, "unix:", 5) == 0) { 3305 pstrcpy(dpy, 256, "unix:"); 3306 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3307 } else { 3308 vs->lsock = inet_listen(display, dpy, 256, 3309 SOCK_STREAM, 5900, errp); 3310 if (vs->lsock < 0) { 3311 g_free(dpy); 3312 goto fail; 3313 } 3314 #ifdef CONFIG_VNC_WS 3315 if (vs->websocket) { 3316 if (vs->ws_display) { 3317 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256, 3318 SOCK_STREAM, 0, errp); 3319 } else { 3320 vs->lwebsock = inet_listen(vs->display, NULL, 256, 3321 SOCK_STREAM, 5700, errp); 3322 } 3323 3324 if (vs->lwebsock < 0) { 3325 if (vs->lsock) { 3326 close(vs->lsock); 3327 vs->lsock = -1; 3328 } 3329 g_free(dpy); 3330 goto fail; 3331 } 3332 } 3333 #endif /* CONFIG_VNC_WS */ 3334 } 3335 g_free(vs->display); 3336 vs->display = dpy; 3337 qemu_set_fd_handler2(vs->lsock, NULL, 3338 vnc_listen_regular_read, NULL, vs); 3339 #ifdef CONFIG_VNC_WS 3340 if (vs->websocket) { 3341 qemu_set_fd_handler2(vs->lwebsock, NULL, 3342 vnc_listen_websocket_read, NULL, vs); 3343 } 3344 #endif /* CONFIG_VNC_WS */ 3345 } 3346 return; 3347 3348 fail: 3349 g_free(vs->display); 3350 vs->display = NULL; 3351 #ifdef CONFIG_VNC_WS 3352 g_free(vs->ws_display); 3353 vs->ws_display = NULL; 3354 #endif /* CONFIG_VNC_WS */ 3355 } 3356 3357 void vnc_display_add_client(DisplayState *ds, int csock, bool skipauth) 3358 { 3359 VncDisplay *vs = vnc_display; 3360 3361 vnc_connect(vs, csock, skipauth, false); 3362 } 3363