1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "trace.h" 30 #include "sysemu/sysemu.h" 31 #include "qemu/sockets.h" 32 #include "qemu/timer.h" 33 #include "qemu/acl.h" 34 #include "qapi/qmp/types.h" 35 #include "qmp-commands.h" 36 #include "qemu/osdep.h" 37 #include "ui/input.h" 38 #include "qapi-event.h" 39 40 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 41 #define VNC_REFRESH_INTERVAL_INC 50 42 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 43 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 44 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 45 46 #include "vnc_keysym.h" 47 #include "d3des.h" 48 49 static VncDisplay *vnc_display; /* needed for info vnc */ 50 51 static int vnc_cursor_define(VncState *vs); 52 static void vnc_release_modifiers(VncState *vs); 53 54 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 55 { 56 #ifdef _VNC_DEBUG 57 static const char *mn[] = { 58 [0] = "undefined", 59 [VNC_SHARE_MODE_CONNECTING] = "connecting", 60 [VNC_SHARE_MODE_SHARED] = "shared", 61 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 62 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 63 }; 64 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 65 vs->csock, mn[vs->share_mode], mn[mode]); 66 #endif 67 68 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 69 vs->vd->num_exclusive--; 70 } 71 vs->share_mode = mode; 72 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 73 vs->vd->num_exclusive++; 74 } 75 } 76 77 static char *addr_to_string(const char *format, 78 struct sockaddr_storage *sa, 79 socklen_t salen) { 80 char *addr; 81 char host[NI_MAXHOST]; 82 char serv[NI_MAXSERV]; 83 int err; 84 size_t addrlen; 85 86 if ((err = getnameinfo((struct sockaddr *)sa, salen, 87 host, sizeof(host), 88 serv, sizeof(serv), 89 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 90 VNC_DEBUG("Cannot resolve address %d: %s\n", 91 err, gai_strerror(err)); 92 return NULL; 93 } 94 95 /* Enough for the existing format + the 2 vars we're 96 * substituting in. */ 97 addrlen = strlen(format) + strlen(host) + strlen(serv); 98 addr = g_malloc(addrlen + 1); 99 snprintf(addr, addrlen, format, host, serv); 100 addr[addrlen] = '\0'; 101 102 return addr; 103 } 104 105 106 char *vnc_socket_local_addr(const char *format, int fd) { 107 struct sockaddr_storage sa; 108 socklen_t salen; 109 110 salen = sizeof(sa); 111 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 112 return NULL; 113 114 return addr_to_string(format, &sa, salen); 115 } 116 117 char *vnc_socket_remote_addr(const char *format, int fd) { 118 struct sockaddr_storage sa; 119 socklen_t salen; 120 121 salen = sizeof(sa); 122 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 123 return NULL; 124 125 return addr_to_string(format, &sa, salen); 126 } 127 128 static VncBasicInfo *vnc_basic_info_get(struct sockaddr_storage *sa, 129 socklen_t salen) 130 { 131 VncBasicInfo *info; 132 char host[NI_MAXHOST]; 133 char serv[NI_MAXSERV]; 134 int err; 135 136 if ((err = getnameinfo((struct sockaddr *)sa, salen, 137 host, sizeof(host), 138 serv, sizeof(serv), 139 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 140 VNC_DEBUG("Cannot resolve address %d: %s\n", 141 err, gai_strerror(err)); 142 return NULL; 143 } 144 145 info = g_malloc0(sizeof(VncBasicInfo)); 146 info->host = g_strdup(host); 147 info->service = g_strdup(serv); 148 info->family = inet_netfamily(sa->ss_family); 149 return info; 150 } 151 152 static VncBasicInfo *vnc_basic_info_get_from_server_addr(int fd) 153 { 154 struct sockaddr_storage sa; 155 socklen_t salen; 156 157 salen = sizeof(sa); 158 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 159 return NULL; 160 } 161 162 return vnc_basic_info_get(&sa, salen); 163 } 164 165 static VncBasicInfo *vnc_basic_info_get_from_remote_addr(int fd) 166 { 167 struct sockaddr_storage sa; 168 socklen_t salen; 169 170 salen = sizeof(sa); 171 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 172 return NULL; 173 } 174 175 return vnc_basic_info_get(&sa, salen); 176 } 177 178 static const char *vnc_auth_name(VncDisplay *vd) { 179 switch (vd->auth) { 180 case VNC_AUTH_INVALID: 181 return "invalid"; 182 case VNC_AUTH_NONE: 183 return "none"; 184 case VNC_AUTH_VNC: 185 return "vnc"; 186 case VNC_AUTH_RA2: 187 return "ra2"; 188 case VNC_AUTH_RA2NE: 189 return "ra2ne"; 190 case VNC_AUTH_TIGHT: 191 return "tight"; 192 case VNC_AUTH_ULTRA: 193 return "ultra"; 194 case VNC_AUTH_TLS: 195 return "tls"; 196 case VNC_AUTH_VENCRYPT: 197 #ifdef CONFIG_VNC_TLS 198 switch (vd->subauth) { 199 case VNC_AUTH_VENCRYPT_PLAIN: 200 return "vencrypt+plain"; 201 case VNC_AUTH_VENCRYPT_TLSNONE: 202 return "vencrypt+tls+none"; 203 case VNC_AUTH_VENCRYPT_TLSVNC: 204 return "vencrypt+tls+vnc"; 205 case VNC_AUTH_VENCRYPT_TLSPLAIN: 206 return "vencrypt+tls+plain"; 207 case VNC_AUTH_VENCRYPT_X509NONE: 208 return "vencrypt+x509+none"; 209 case VNC_AUTH_VENCRYPT_X509VNC: 210 return "vencrypt+x509+vnc"; 211 case VNC_AUTH_VENCRYPT_X509PLAIN: 212 return "vencrypt+x509+plain"; 213 case VNC_AUTH_VENCRYPT_TLSSASL: 214 return "vencrypt+tls+sasl"; 215 case VNC_AUTH_VENCRYPT_X509SASL: 216 return "vencrypt+x509+sasl"; 217 default: 218 return "vencrypt"; 219 } 220 #else 221 return "vencrypt"; 222 #endif 223 case VNC_AUTH_SASL: 224 return "sasl"; 225 } 226 return "unknown"; 227 } 228 229 static VncServerInfo *vnc_server_info_get(void) 230 { 231 VncServerInfo *info; 232 VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vnc_display->lsock); 233 if (!bi) { 234 return NULL; 235 } 236 237 info = g_malloc(sizeof(*info)); 238 info->base = bi; 239 info->has_auth = true; 240 info->auth = g_strdup(vnc_auth_name(vnc_display)); 241 return info; 242 } 243 244 static void vnc_client_cache_auth(VncState *client) 245 { 246 if (!client->info) { 247 return; 248 } 249 250 #ifdef CONFIG_VNC_TLS 251 if (client->tls.session && 252 client->tls.dname) { 253 client->info->has_x509_dname = true; 254 client->info->x509_dname = g_strdup(client->tls.dname); 255 } 256 #endif 257 #ifdef CONFIG_VNC_SASL 258 if (client->sasl.conn && 259 client->sasl.username) { 260 client->info->has_sasl_username = true; 261 client->info->sasl_username = g_strdup(client->sasl.username); 262 } 263 #endif 264 } 265 266 static void vnc_client_cache_addr(VncState *client) 267 { 268 VncBasicInfo *bi = vnc_basic_info_get_from_remote_addr(client->csock); 269 270 if (bi) { 271 client->info = g_malloc0(sizeof(*client->info)); 272 client->info->base = bi; 273 } 274 } 275 276 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 277 { 278 VncServerInfo *si; 279 280 if (!vs->info) { 281 return; 282 } 283 g_assert(vs->info->base); 284 285 si = vnc_server_info_get(); 286 if (!si) { 287 return; 288 } 289 290 switch (event) { 291 case QAPI_EVENT_VNC_CONNECTED: 292 qapi_event_send_vnc_connected(si, vs->info->base, &error_abort); 293 break; 294 case QAPI_EVENT_VNC_INITIALIZED: 295 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 296 break; 297 case QAPI_EVENT_VNC_DISCONNECTED: 298 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 299 break; 300 default: 301 break; 302 } 303 304 qapi_free_VncServerInfo(si); 305 } 306 307 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 308 { 309 struct sockaddr_storage sa; 310 socklen_t salen = sizeof(sa); 311 char host[NI_MAXHOST]; 312 char serv[NI_MAXSERV]; 313 VncClientInfo *info; 314 315 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 316 return NULL; 317 } 318 319 if (getnameinfo((struct sockaddr *)&sa, salen, 320 host, sizeof(host), 321 serv, sizeof(serv), 322 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 323 return NULL; 324 } 325 326 info = g_malloc0(sizeof(*info)); 327 info->base = g_malloc0(sizeof(*info->base)); 328 info->base->host = g_strdup(host); 329 info->base->service = g_strdup(serv); 330 info->base->family = inet_netfamily(sa.ss_family); 331 332 #ifdef CONFIG_VNC_TLS 333 if (client->tls.session && client->tls.dname) { 334 info->has_x509_dname = true; 335 info->x509_dname = g_strdup(client->tls.dname); 336 } 337 #endif 338 #ifdef CONFIG_VNC_SASL 339 if (client->sasl.conn && client->sasl.username) { 340 info->has_sasl_username = true; 341 info->sasl_username = g_strdup(client->sasl.username); 342 } 343 #endif 344 345 return info; 346 } 347 348 VncInfo *qmp_query_vnc(Error **errp) 349 { 350 VncInfo *info = g_malloc0(sizeof(*info)); 351 352 if (vnc_display == NULL || vnc_display->display == NULL) { 353 info->enabled = false; 354 } else { 355 VncClientInfoList *cur_item = NULL; 356 struct sockaddr_storage sa; 357 socklen_t salen = sizeof(sa); 358 char host[NI_MAXHOST]; 359 char serv[NI_MAXSERV]; 360 VncState *client; 361 362 info->enabled = true; 363 364 /* for compatibility with the original command */ 365 info->has_clients = true; 366 367 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 368 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 369 cinfo->value = qmp_query_vnc_client(client); 370 371 /* XXX: waiting for the qapi to support GSList */ 372 if (!cur_item) { 373 info->clients = cur_item = cinfo; 374 } else { 375 cur_item->next = cinfo; 376 cur_item = cinfo; 377 } 378 } 379 380 if (vnc_display->lsock == -1) { 381 return info; 382 } 383 384 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 385 &salen) == -1) { 386 error_set(errp, QERR_UNDEFINED_ERROR); 387 goto out_error; 388 } 389 390 if (getnameinfo((struct sockaddr *)&sa, salen, 391 host, sizeof(host), 392 serv, sizeof(serv), 393 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 394 error_set(errp, QERR_UNDEFINED_ERROR); 395 goto out_error; 396 } 397 398 info->has_host = true; 399 info->host = g_strdup(host); 400 401 info->has_service = true; 402 info->service = g_strdup(serv); 403 404 info->has_family = true; 405 info->family = inet_netfamily(sa.ss_family); 406 407 info->has_auth = true; 408 info->auth = g_strdup(vnc_auth_name(vnc_display)); 409 } 410 411 return info; 412 413 out_error: 414 qapi_free_VncInfo(info); 415 return NULL; 416 } 417 418 /* TODO 419 1) Get the queue working for IO. 420 2) there is some weirdness when using the -S option (the screen is grey 421 and not totally invalidated 422 3) resolutions > 1024 423 */ 424 425 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 426 static void vnc_disconnect_start(VncState *vs); 427 428 static void vnc_colordepth(VncState *vs); 429 static void framebuffer_update_request(VncState *vs, int incremental, 430 int x_position, int y_position, 431 int w, int h); 432 static void vnc_refresh(DisplayChangeListener *dcl); 433 static int vnc_refresh_server_surface(VncDisplay *vd); 434 435 static void vnc_dpy_update(DisplayChangeListener *dcl, 436 int x, int y, int w, int h) 437 { 438 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 439 struct VncSurface *s = &vd->guest; 440 int width = surface_width(vd->ds); 441 int height = surface_height(vd->ds); 442 443 /* this is needed this to ensure we updated all affected 444 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 445 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 446 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 447 448 x = MIN(x, width); 449 y = MIN(y, height); 450 w = MIN(x + w, width) - x; 451 h = MIN(y + h, height); 452 453 for (; y < h; y++) { 454 bitmap_set(s->dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 455 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 456 } 457 } 458 459 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 460 int32_t encoding) 461 { 462 vnc_write_u16(vs, x); 463 vnc_write_u16(vs, y); 464 vnc_write_u16(vs, w); 465 vnc_write_u16(vs, h); 466 467 vnc_write_s32(vs, encoding); 468 } 469 470 void buffer_reserve(Buffer *buffer, size_t len) 471 { 472 if ((buffer->capacity - buffer->offset) < len) { 473 buffer->capacity += (len + 1024); 474 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 475 if (buffer->buffer == NULL) { 476 fprintf(stderr, "vnc: out of memory\n"); 477 exit(1); 478 } 479 } 480 } 481 482 static int buffer_empty(Buffer *buffer) 483 { 484 return buffer->offset == 0; 485 } 486 487 uint8_t *buffer_end(Buffer *buffer) 488 { 489 return buffer->buffer + buffer->offset; 490 } 491 492 void buffer_reset(Buffer *buffer) 493 { 494 buffer->offset = 0; 495 } 496 497 void buffer_free(Buffer *buffer) 498 { 499 g_free(buffer->buffer); 500 buffer->offset = 0; 501 buffer->capacity = 0; 502 buffer->buffer = NULL; 503 } 504 505 void buffer_append(Buffer *buffer, const void *data, size_t len) 506 { 507 memcpy(buffer->buffer + buffer->offset, data, len); 508 buffer->offset += len; 509 } 510 511 void buffer_advance(Buffer *buf, size_t len) 512 { 513 memmove(buf->buffer, buf->buffer + len, 514 (buf->offset - len)); 515 buf->offset -= len; 516 } 517 518 static void vnc_desktop_resize(VncState *vs) 519 { 520 DisplaySurface *ds = vs->vd->ds; 521 522 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 523 return; 524 } 525 if (vs->client_width == surface_width(ds) && 526 vs->client_height == surface_height(ds)) { 527 return; 528 } 529 vs->client_width = surface_width(ds); 530 vs->client_height = surface_height(ds); 531 vnc_lock_output(vs); 532 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 533 vnc_write_u8(vs, 0); 534 vnc_write_u16(vs, 1); /* number of rects */ 535 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 536 VNC_ENCODING_DESKTOPRESIZE); 537 vnc_unlock_output(vs); 538 vnc_flush(vs); 539 } 540 541 static void vnc_abort_display_jobs(VncDisplay *vd) 542 { 543 VncState *vs; 544 545 QTAILQ_FOREACH(vs, &vd->clients, next) { 546 vnc_lock_output(vs); 547 vs->abort = true; 548 vnc_unlock_output(vs); 549 } 550 QTAILQ_FOREACH(vs, &vd->clients, next) { 551 vnc_jobs_join(vs); 552 } 553 QTAILQ_FOREACH(vs, &vd->clients, next) { 554 vnc_lock_output(vs); 555 vs->abort = false; 556 vnc_unlock_output(vs); 557 } 558 } 559 560 int vnc_server_fb_stride(VncDisplay *vd) 561 { 562 return pixman_image_get_stride(vd->server); 563 } 564 565 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 566 { 567 uint8_t *ptr; 568 569 ptr = (uint8_t *)pixman_image_get_data(vd->server); 570 ptr += y * vnc_server_fb_stride(vd); 571 ptr += x * VNC_SERVER_FB_BYTES; 572 return ptr; 573 } 574 /* this sets only the visible pixels of a dirty bitmap */ 575 #define VNC_SET_VISIBLE_PIXELS_DIRTY(bitmap, w, h) {\ 576 int y;\ 577 memset(bitmap, 0x00, sizeof(bitmap));\ 578 for (y = 0; y < h; y++) {\ 579 bitmap_set(bitmap[y], 0,\ 580 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));\ 581 } \ 582 } 583 584 static void vnc_dpy_switch(DisplayChangeListener *dcl, 585 DisplaySurface *surface) 586 { 587 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 588 VncState *vs; 589 590 vnc_abort_display_jobs(vd); 591 592 /* server surface */ 593 qemu_pixman_image_unref(vd->server); 594 vd->ds = surface; 595 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 596 surface_width(vd->ds), 597 surface_height(vd->ds), 598 NULL, 0); 599 600 /* guest surface */ 601 #if 0 /* FIXME */ 602 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 603 console_color_init(ds); 604 #endif 605 qemu_pixman_image_unref(vd->guest.fb); 606 vd->guest.fb = pixman_image_ref(surface->image); 607 vd->guest.format = surface->format; 608 VNC_SET_VISIBLE_PIXELS_DIRTY(vd->guest.dirty, 609 surface_width(vd->ds), 610 surface_height(vd->ds)); 611 612 QTAILQ_FOREACH(vs, &vd->clients, next) { 613 vnc_colordepth(vs); 614 vnc_desktop_resize(vs); 615 if (vs->vd->cursor) { 616 vnc_cursor_define(vs); 617 } 618 VNC_SET_VISIBLE_PIXELS_DIRTY(vs->dirty, 619 surface_width(vd->ds), 620 surface_height(vd->ds)); 621 } 622 } 623 624 /* fastest code */ 625 static void vnc_write_pixels_copy(VncState *vs, 626 void *pixels, int size) 627 { 628 vnc_write(vs, pixels, size); 629 } 630 631 /* slowest but generic code. */ 632 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 633 { 634 uint8_t r, g, b; 635 636 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 637 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 638 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 639 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 640 #else 641 # error need some bits here if you change VNC_SERVER_FB_FORMAT 642 #endif 643 v = (r << vs->client_pf.rshift) | 644 (g << vs->client_pf.gshift) | 645 (b << vs->client_pf.bshift); 646 switch (vs->client_pf.bytes_per_pixel) { 647 case 1: 648 buf[0] = v; 649 break; 650 case 2: 651 if (vs->client_be) { 652 buf[0] = v >> 8; 653 buf[1] = v; 654 } else { 655 buf[1] = v >> 8; 656 buf[0] = v; 657 } 658 break; 659 default: 660 case 4: 661 if (vs->client_be) { 662 buf[0] = v >> 24; 663 buf[1] = v >> 16; 664 buf[2] = v >> 8; 665 buf[3] = v; 666 } else { 667 buf[3] = v >> 24; 668 buf[2] = v >> 16; 669 buf[1] = v >> 8; 670 buf[0] = v; 671 } 672 break; 673 } 674 } 675 676 static void vnc_write_pixels_generic(VncState *vs, 677 void *pixels1, int size) 678 { 679 uint8_t buf[4]; 680 681 if (VNC_SERVER_FB_BYTES == 4) { 682 uint32_t *pixels = pixels1; 683 int n, i; 684 n = size >> 2; 685 for (i = 0; i < n; i++) { 686 vnc_convert_pixel(vs, buf, pixels[i]); 687 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 688 } 689 } 690 } 691 692 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 693 { 694 int i; 695 uint8_t *row; 696 VncDisplay *vd = vs->vd; 697 698 row = vnc_server_fb_ptr(vd, x, y); 699 for (i = 0; i < h; i++) { 700 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 701 row += vnc_server_fb_stride(vd); 702 } 703 return 1; 704 } 705 706 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 707 { 708 int n = 0; 709 710 switch(vs->vnc_encoding) { 711 case VNC_ENCODING_ZLIB: 712 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 713 break; 714 case VNC_ENCODING_HEXTILE: 715 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 716 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 717 break; 718 case VNC_ENCODING_TIGHT: 719 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 720 break; 721 case VNC_ENCODING_TIGHT_PNG: 722 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 723 break; 724 case VNC_ENCODING_ZRLE: 725 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 726 break; 727 case VNC_ENCODING_ZYWRLE: 728 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 729 break; 730 default: 731 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 732 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 733 break; 734 } 735 return n; 736 } 737 738 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 739 { 740 /* send bitblit op to the vnc client */ 741 vnc_lock_output(vs); 742 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 743 vnc_write_u8(vs, 0); 744 vnc_write_u16(vs, 1); /* number of rects */ 745 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 746 vnc_write_u16(vs, src_x); 747 vnc_write_u16(vs, src_y); 748 vnc_unlock_output(vs); 749 vnc_flush(vs); 750 } 751 752 static void vnc_dpy_copy(DisplayChangeListener *dcl, 753 int src_x, int src_y, 754 int dst_x, int dst_y, int w, int h) 755 { 756 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 757 VncState *vs, *vn; 758 uint8_t *src_row; 759 uint8_t *dst_row; 760 int i, x, y, pitch, inc, w_lim, s; 761 int cmp_bytes; 762 763 vnc_refresh_server_surface(vd); 764 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 765 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 766 vs->force_update = 1; 767 vnc_update_client(vs, 1, true); 768 /* vs might be free()ed here */ 769 } 770 } 771 772 /* do bitblit op on the local surface too */ 773 pitch = vnc_server_fb_stride(vd); 774 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 775 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 776 y = dst_y; 777 inc = 1; 778 if (dst_y > src_y) { 779 /* copy backwards */ 780 src_row += pitch * (h-1); 781 dst_row += pitch * (h-1); 782 pitch = -pitch; 783 y = dst_y + h - 1; 784 inc = -1; 785 } 786 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 787 if (w_lim < 0) { 788 w_lim = w; 789 } else { 790 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 791 } 792 for (i = 0; i < h; i++) { 793 for (x = 0; x <= w_lim; 794 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 795 if (x == w_lim) { 796 if ((s = w - w_lim) == 0) 797 break; 798 } else if (!x) { 799 s = (VNC_DIRTY_PIXELS_PER_BIT - 800 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 801 s = MIN(s, w_lim); 802 } else { 803 s = VNC_DIRTY_PIXELS_PER_BIT; 804 } 805 cmp_bytes = s * VNC_SERVER_FB_BYTES; 806 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 807 continue; 808 memmove(dst_row, src_row, cmp_bytes); 809 QTAILQ_FOREACH(vs, &vd->clients, next) { 810 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 811 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 812 vs->dirty[y]); 813 } 814 } 815 } 816 src_row += pitch - w * VNC_SERVER_FB_BYTES; 817 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 818 y += inc; 819 } 820 821 QTAILQ_FOREACH(vs, &vd->clients, next) { 822 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 823 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 824 } 825 } 826 } 827 828 static void vnc_mouse_set(DisplayChangeListener *dcl, 829 int x, int y, int visible) 830 { 831 /* can we ask the client(s) to move the pointer ??? */ 832 } 833 834 static int vnc_cursor_define(VncState *vs) 835 { 836 QEMUCursor *c = vs->vd->cursor; 837 int isize; 838 839 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 840 vnc_lock_output(vs); 841 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 842 vnc_write_u8(vs, 0); /* padding */ 843 vnc_write_u16(vs, 1); /* # of rects */ 844 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 845 VNC_ENCODING_RICH_CURSOR); 846 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 847 vnc_write_pixels_generic(vs, c->data, isize); 848 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 849 vnc_unlock_output(vs); 850 return 0; 851 } 852 return -1; 853 } 854 855 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 856 QEMUCursor *c) 857 { 858 VncDisplay *vd = vnc_display; 859 VncState *vs; 860 861 cursor_put(vd->cursor); 862 g_free(vd->cursor_mask); 863 864 vd->cursor = c; 865 cursor_get(vd->cursor); 866 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 867 vd->cursor_mask = g_malloc0(vd->cursor_msize); 868 cursor_get_mono_mask(c, 0, vd->cursor_mask); 869 870 QTAILQ_FOREACH(vs, &vd->clients, next) { 871 vnc_cursor_define(vs); 872 } 873 } 874 875 static int find_and_clear_dirty_height(struct VncState *vs, 876 int y, int last_x, int x, int height) 877 { 878 int h; 879 880 for (h = 1; h < (height - y); h++) { 881 if (!test_bit(last_x, vs->dirty[y + h])) { 882 break; 883 } 884 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 885 } 886 887 return h; 888 } 889 890 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 891 { 892 if (vs->need_update && vs->csock != -1) { 893 VncDisplay *vd = vs->vd; 894 VncJob *job; 895 int y; 896 int height, width; 897 int n = 0; 898 899 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 900 /* kernel send buffers are full -> drop frames to throttle */ 901 return 0; 902 903 if (!has_dirty && !vs->audio_cap && !vs->force_update) 904 return 0; 905 906 /* 907 * Send screen updates to the vnc client using the server 908 * surface and server dirty map. guest surface updates 909 * happening in parallel don't disturb us, the next pass will 910 * send them to the client. 911 */ 912 job = vnc_job_new(vs); 913 914 height = MIN(pixman_image_get_height(vd->server), vs->client_height); 915 width = MIN(pixman_image_get_width(vd->server), vs->client_width); 916 917 y = 0; 918 for (;;) { 919 int x, h; 920 unsigned long x2; 921 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 922 height * VNC_DIRTY_BPL(vs), 923 y * VNC_DIRTY_BPL(vs)); 924 if (offset == height * VNC_DIRTY_BPL(vs)) { 925 /* no more dirty bits */ 926 break; 927 } 928 y = offset / VNC_DIRTY_BPL(vs); 929 x = offset % VNC_DIRTY_BPL(vs); 930 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 931 VNC_DIRTY_BPL(vs), x); 932 bitmap_clear(vs->dirty[y], x, x2 - x); 933 h = find_and_clear_dirty_height(vs, y, x, x2, height); 934 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 935 if (x2 > x) { 936 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 937 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 938 } 939 } 940 941 vnc_job_push(job); 942 if (sync) { 943 vnc_jobs_join(vs); 944 } 945 vs->force_update = 0; 946 return n; 947 } 948 949 if (vs->csock == -1) { 950 vnc_disconnect_finish(vs); 951 } else if (sync) { 952 vnc_jobs_join(vs); 953 } 954 955 return 0; 956 } 957 958 /* audio */ 959 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 960 { 961 VncState *vs = opaque; 962 963 switch (cmd) { 964 case AUD_CNOTIFY_DISABLE: 965 vnc_lock_output(vs); 966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 967 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 968 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 969 vnc_unlock_output(vs); 970 vnc_flush(vs); 971 break; 972 973 case AUD_CNOTIFY_ENABLE: 974 vnc_lock_output(vs); 975 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 976 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 977 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 978 vnc_unlock_output(vs); 979 vnc_flush(vs); 980 break; 981 } 982 } 983 984 static void audio_capture_destroy(void *opaque) 985 { 986 } 987 988 static void audio_capture(void *opaque, void *buf, int size) 989 { 990 VncState *vs = opaque; 991 992 vnc_lock_output(vs); 993 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 994 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 995 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 996 vnc_write_u32(vs, size); 997 vnc_write(vs, buf, size); 998 vnc_unlock_output(vs); 999 vnc_flush(vs); 1000 } 1001 1002 static void audio_add(VncState *vs) 1003 { 1004 struct audio_capture_ops ops; 1005 1006 if (vs->audio_cap) { 1007 error_report("audio already running"); 1008 return; 1009 } 1010 1011 ops.notify = audio_capture_notify; 1012 ops.destroy = audio_capture_destroy; 1013 ops.capture = audio_capture; 1014 1015 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1016 if (!vs->audio_cap) { 1017 error_report("Failed to add audio capture"); 1018 } 1019 } 1020 1021 static void audio_del(VncState *vs) 1022 { 1023 if (vs->audio_cap) { 1024 AUD_del_capture(vs->audio_cap, vs); 1025 vs->audio_cap = NULL; 1026 } 1027 } 1028 1029 static void vnc_disconnect_start(VncState *vs) 1030 { 1031 if (vs->csock == -1) 1032 return; 1033 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1034 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1035 closesocket(vs->csock); 1036 vs->csock = -1; 1037 } 1038 1039 void vnc_disconnect_finish(VncState *vs) 1040 { 1041 int i; 1042 1043 vnc_jobs_join(vs); /* Wait encoding jobs */ 1044 1045 vnc_lock_output(vs); 1046 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1047 1048 buffer_free(&vs->input); 1049 buffer_free(&vs->output); 1050 #ifdef CONFIG_VNC_WS 1051 buffer_free(&vs->ws_input); 1052 buffer_free(&vs->ws_output); 1053 #endif /* CONFIG_VNC_WS */ 1054 1055 qapi_free_VncClientInfo(vs->info); 1056 1057 vnc_zlib_clear(vs); 1058 vnc_tight_clear(vs); 1059 vnc_zrle_clear(vs); 1060 1061 #ifdef CONFIG_VNC_TLS 1062 vnc_tls_client_cleanup(vs); 1063 #endif /* CONFIG_VNC_TLS */ 1064 #ifdef CONFIG_VNC_SASL 1065 vnc_sasl_client_cleanup(vs); 1066 #endif /* CONFIG_VNC_SASL */ 1067 audio_del(vs); 1068 vnc_release_modifiers(vs); 1069 1070 if (vs->initialized) { 1071 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1072 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1073 } 1074 1075 if (vs->vd->lock_key_sync) 1076 qemu_remove_led_event_handler(vs->led); 1077 vnc_unlock_output(vs); 1078 1079 qemu_mutex_destroy(&vs->output_mutex); 1080 if (vs->bh != NULL) { 1081 qemu_bh_delete(vs->bh); 1082 } 1083 buffer_free(&vs->jobs_buffer); 1084 1085 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1086 g_free(vs->lossy_rect[i]); 1087 } 1088 g_free(vs->lossy_rect); 1089 g_free(vs); 1090 } 1091 1092 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1093 { 1094 if (ret == 0 || ret == -1) { 1095 if (ret == -1) { 1096 switch (last_errno) { 1097 case EINTR: 1098 case EAGAIN: 1099 #ifdef _WIN32 1100 case WSAEWOULDBLOCK: 1101 #endif 1102 return 0; 1103 default: 1104 break; 1105 } 1106 } 1107 1108 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1109 ret, ret < 0 ? last_errno : 0); 1110 vnc_disconnect_start(vs); 1111 1112 return 0; 1113 } 1114 return ret; 1115 } 1116 1117 1118 void vnc_client_error(VncState *vs) 1119 { 1120 VNC_DEBUG("Closing down client sock: protocol error\n"); 1121 vnc_disconnect_start(vs); 1122 } 1123 1124 #ifdef CONFIG_VNC_TLS 1125 static long vnc_client_write_tls(gnutls_session_t *session, 1126 const uint8_t *data, 1127 size_t datalen) 1128 { 1129 long ret = gnutls_write(*session, data, datalen); 1130 if (ret < 0) { 1131 if (ret == GNUTLS_E_AGAIN) { 1132 errno = EAGAIN; 1133 } else { 1134 errno = EIO; 1135 } 1136 ret = -1; 1137 } 1138 return ret; 1139 } 1140 #endif /* CONFIG_VNC_TLS */ 1141 1142 /* 1143 * Called to write a chunk of data to the client socket. The data may 1144 * be the raw data, or may have already been encoded by SASL. 1145 * The data will be written either straight onto the socket, or 1146 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1147 * 1148 * NB, it is theoretically possible to have 2 layers of encryption, 1149 * both SASL, and this TLS layer. It is highly unlikely in practice 1150 * though, since SASL encryption will typically be a no-op if TLS 1151 * is active 1152 * 1153 * Returns the number of bytes written, which may be less than 1154 * the requested 'datalen' if the socket would block. Returns 1155 * -1 on error, and disconnects the client socket. 1156 */ 1157 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1158 { 1159 long ret; 1160 #ifdef CONFIG_VNC_TLS 1161 if (vs->tls.session) { 1162 ret = vnc_client_write_tls(&vs->tls.session, data, datalen); 1163 } else { 1164 #ifdef CONFIG_VNC_WS 1165 if (vs->ws_tls.session) { 1166 ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen); 1167 } else 1168 #endif /* CONFIG_VNC_WS */ 1169 #endif /* CONFIG_VNC_TLS */ 1170 { 1171 ret = send(vs->csock, (const void *)data, datalen, 0); 1172 } 1173 #ifdef CONFIG_VNC_TLS 1174 } 1175 #endif /* CONFIG_VNC_TLS */ 1176 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1177 return vnc_client_io_error(vs, ret, socket_error()); 1178 } 1179 1180 1181 /* 1182 * Called to write buffered data to the client socket, when not 1183 * using any SASL SSF encryption layers. Will write as much data 1184 * as possible without blocking. If all buffered data is written, 1185 * will switch the FD poll() handler back to read monitoring. 1186 * 1187 * Returns the number of bytes written, which may be less than 1188 * the buffered output data if the socket would block. Returns 1189 * -1 on error, and disconnects the client socket. 1190 */ 1191 static long vnc_client_write_plain(VncState *vs) 1192 { 1193 long ret; 1194 1195 #ifdef CONFIG_VNC_SASL 1196 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1197 vs->output.buffer, vs->output.capacity, vs->output.offset, 1198 vs->sasl.waitWriteSSF); 1199 1200 if (vs->sasl.conn && 1201 vs->sasl.runSSF && 1202 vs->sasl.waitWriteSSF) { 1203 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1204 if (ret) 1205 vs->sasl.waitWriteSSF -= ret; 1206 } else 1207 #endif /* CONFIG_VNC_SASL */ 1208 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1209 if (!ret) 1210 return 0; 1211 1212 buffer_advance(&vs->output, ret); 1213 1214 if (vs->output.offset == 0) { 1215 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1216 } 1217 1218 return ret; 1219 } 1220 1221 1222 /* 1223 * First function called whenever there is data to be written to 1224 * the client socket. Will delegate actual work according to whether 1225 * SASL SSF layers are enabled (thus requiring encryption calls) 1226 */ 1227 static void vnc_client_write_locked(void *opaque) 1228 { 1229 VncState *vs = opaque; 1230 1231 #ifdef CONFIG_VNC_SASL 1232 if (vs->sasl.conn && 1233 vs->sasl.runSSF && 1234 !vs->sasl.waitWriteSSF) { 1235 vnc_client_write_sasl(vs); 1236 } else 1237 #endif /* CONFIG_VNC_SASL */ 1238 { 1239 #ifdef CONFIG_VNC_WS 1240 if (vs->encode_ws) { 1241 vnc_client_write_ws(vs); 1242 } else 1243 #endif /* CONFIG_VNC_WS */ 1244 { 1245 vnc_client_write_plain(vs); 1246 } 1247 } 1248 } 1249 1250 void vnc_client_write(void *opaque) 1251 { 1252 VncState *vs = opaque; 1253 1254 vnc_lock_output(vs); 1255 if (vs->output.offset 1256 #ifdef CONFIG_VNC_WS 1257 || vs->ws_output.offset 1258 #endif 1259 ) { 1260 vnc_client_write_locked(opaque); 1261 } else if (vs->csock != -1) { 1262 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1263 } 1264 vnc_unlock_output(vs); 1265 } 1266 1267 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1268 { 1269 vs->read_handler = func; 1270 vs->read_handler_expect = expecting; 1271 } 1272 1273 #ifdef CONFIG_VNC_TLS 1274 static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data, 1275 size_t datalen) 1276 { 1277 long ret = gnutls_read(*session, data, datalen); 1278 if (ret < 0) { 1279 if (ret == GNUTLS_E_AGAIN) { 1280 errno = EAGAIN; 1281 } else { 1282 errno = EIO; 1283 } 1284 ret = -1; 1285 } 1286 return ret; 1287 } 1288 #endif /* CONFIG_VNC_TLS */ 1289 1290 /* 1291 * Called to read a chunk of data from the client socket. The data may 1292 * be the raw data, or may need to be further decoded by SASL. 1293 * The data will be read either straight from to the socket, or 1294 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1295 * 1296 * NB, it is theoretically possible to have 2 layers of encryption, 1297 * both SASL, and this TLS layer. It is highly unlikely in practice 1298 * though, since SASL encryption will typically be a no-op if TLS 1299 * is active 1300 * 1301 * Returns the number of bytes read, which may be less than 1302 * the requested 'datalen' if the socket would block. Returns 1303 * -1 on error, and disconnects the client socket. 1304 */ 1305 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1306 { 1307 long ret; 1308 #ifdef CONFIG_VNC_TLS 1309 if (vs->tls.session) { 1310 ret = vnc_client_read_tls(&vs->tls.session, data, datalen); 1311 } else { 1312 #ifdef CONFIG_VNC_WS 1313 if (vs->ws_tls.session) { 1314 ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen); 1315 } else 1316 #endif /* CONFIG_VNC_WS */ 1317 #endif /* CONFIG_VNC_TLS */ 1318 { 1319 ret = qemu_recv(vs->csock, data, datalen, 0); 1320 } 1321 #ifdef CONFIG_VNC_TLS 1322 } 1323 #endif /* CONFIG_VNC_TLS */ 1324 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1325 return vnc_client_io_error(vs, ret, socket_error()); 1326 } 1327 1328 1329 /* 1330 * Called to read data from the client socket to the input buffer, 1331 * when not using any SASL SSF encryption layers. Will read as much 1332 * data as possible without blocking. 1333 * 1334 * Returns the number of bytes read. Returns -1 on error, and 1335 * disconnects the client socket. 1336 */ 1337 static long vnc_client_read_plain(VncState *vs) 1338 { 1339 int ret; 1340 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1341 vs->input.buffer, vs->input.capacity, vs->input.offset); 1342 buffer_reserve(&vs->input, 4096); 1343 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1344 if (!ret) 1345 return 0; 1346 vs->input.offset += ret; 1347 return ret; 1348 } 1349 1350 static void vnc_jobs_bh(void *opaque) 1351 { 1352 VncState *vs = opaque; 1353 1354 vnc_jobs_consume_buffer(vs); 1355 } 1356 1357 /* 1358 * First function called whenever there is more data to be read from 1359 * the client socket. Will delegate actual work according to whether 1360 * SASL SSF layers are enabled (thus requiring decryption calls) 1361 */ 1362 void vnc_client_read(void *opaque) 1363 { 1364 VncState *vs = opaque; 1365 long ret; 1366 1367 #ifdef CONFIG_VNC_SASL 1368 if (vs->sasl.conn && vs->sasl.runSSF) 1369 ret = vnc_client_read_sasl(vs); 1370 else 1371 #endif /* CONFIG_VNC_SASL */ 1372 #ifdef CONFIG_VNC_WS 1373 if (vs->encode_ws) { 1374 ret = vnc_client_read_ws(vs); 1375 if (ret == -1) { 1376 vnc_disconnect_start(vs); 1377 return; 1378 } else if (ret == -2) { 1379 vnc_client_error(vs); 1380 return; 1381 } 1382 } else 1383 #endif /* CONFIG_VNC_WS */ 1384 { 1385 ret = vnc_client_read_plain(vs); 1386 } 1387 if (!ret) { 1388 if (vs->csock == -1) 1389 vnc_disconnect_finish(vs); 1390 return; 1391 } 1392 1393 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1394 size_t len = vs->read_handler_expect; 1395 int ret; 1396 1397 ret = vs->read_handler(vs, vs->input.buffer, len); 1398 if (vs->csock == -1) { 1399 vnc_disconnect_finish(vs); 1400 return; 1401 } 1402 1403 if (!ret) { 1404 buffer_advance(&vs->input, len); 1405 } else { 1406 vs->read_handler_expect = ret; 1407 } 1408 } 1409 } 1410 1411 void vnc_write(VncState *vs, const void *data, size_t len) 1412 { 1413 buffer_reserve(&vs->output, len); 1414 1415 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1416 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1417 } 1418 1419 buffer_append(&vs->output, data, len); 1420 } 1421 1422 void vnc_write_s32(VncState *vs, int32_t value) 1423 { 1424 vnc_write_u32(vs, *(uint32_t *)&value); 1425 } 1426 1427 void vnc_write_u32(VncState *vs, uint32_t value) 1428 { 1429 uint8_t buf[4]; 1430 1431 buf[0] = (value >> 24) & 0xFF; 1432 buf[1] = (value >> 16) & 0xFF; 1433 buf[2] = (value >> 8) & 0xFF; 1434 buf[3] = value & 0xFF; 1435 1436 vnc_write(vs, buf, 4); 1437 } 1438 1439 void vnc_write_u16(VncState *vs, uint16_t value) 1440 { 1441 uint8_t buf[2]; 1442 1443 buf[0] = (value >> 8) & 0xFF; 1444 buf[1] = value & 0xFF; 1445 1446 vnc_write(vs, buf, 2); 1447 } 1448 1449 void vnc_write_u8(VncState *vs, uint8_t value) 1450 { 1451 vnc_write(vs, (char *)&value, 1); 1452 } 1453 1454 void vnc_flush(VncState *vs) 1455 { 1456 vnc_lock_output(vs); 1457 if (vs->csock != -1 && (vs->output.offset 1458 #ifdef CONFIG_VNC_WS 1459 || vs->ws_output.offset 1460 #endif 1461 )) { 1462 vnc_client_write_locked(vs); 1463 } 1464 vnc_unlock_output(vs); 1465 } 1466 1467 static uint8_t read_u8(uint8_t *data, size_t offset) 1468 { 1469 return data[offset]; 1470 } 1471 1472 static uint16_t read_u16(uint8_t *data, size_t offset) 1473 { 1474 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1475 } 1476 1477 static int32_t read_s32(uint8_t *data, size_t offset) 1478 { 1479 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1480 (data[offset + 2] << 8) | data[offset + 3]); 1481 } 1482 1483 uint32_t read_u32(uint8_t *data, size_t offset) 1484 { 1485 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1486 (data[offset + 2] << 8) | data[offset + 3]); 1487 } 1488 1489 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1490 { 1491 } 1492 1493 static void check_pointer_type_change(Notifier *notifier, void *data) 1494 { 1495 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1496 int absolute = qemu_input_is_absolute(); 1497 1498 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1499 vnc_lock_output(vs); 1500 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1501 vnc_write_u8(vs, 0); 1502 vnc_write_u16(vs, 1); 1503 vnc_framebuffer_update(vs, absolute, 0, 1504 surface_width(vs->vd->ds), 1505 surface_height(vs->vd->ds), 1506 VNC_ENCODING_POINTER_TYPE_CHANGE); 1507 vnc_unlock_output(vs); 1508 vnc_flush(vs); 1509 } 1510 vs->absolute = absolute; 1511 } 1512 1513 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1514 { 1515 static uint32_t bmap[INPUT_BUTTON_MAX] = { 1516 [INPUT_BUTTON_LEFT] = 0x01, 1517 [INPUT_BUTTON_MIDDLE] = 0x02, 1518 [INPUT_BUTTON_RIGHT] = 0x04, 1519 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1520 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1521 }; 1522 QemuConsole *con = vs->vd->dcl.con; 1523 int width = surface_width(vs->vd->ds); 1524 int height = surface_height(vs->vd->ds); 1525 1526 if (vs->last_bmask != button_mask) { 1527 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1528 vs->last_bmask = button_mask; 1529 } 1530 1531 if (vs->absolute) { 1532 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1533 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1534 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1535 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1536 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1537 } else { 1538 if (vs->last_x != -1) { 1539 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1540 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1541 } 1542 vs->last_x = x; 1543 vs->last_y = y; 1544 } 1545 qemu_input_event_sync(); 1546 } 1547 1548 static void reset_keys(VncState *vs) 1549 { 1550 int i; 1551 for(i = 0; i < 256; i++) { 1552 if (vs->modifiers_state[i]) { 1553 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1554 vs->modifiers_state[i] = 0; 1555 } 1556 } 1557 } 1558 1559 static void press_key(VncState *vs, int keysym) 1560 { 1561 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1562 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1563 qemu_input_event_send_key_delay(0); 1564 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1565 qemu_input_event_send_key_delay(0); 1566 } 1567 1568 static int current_led_state(VncState *vs) 1569 { 1570 int ledstate = 0; 1571 1572 if (vs->modifiers_state[0x46]) { 1573 ledstate |= QEMU_SCROLL_LOCK_LED; 1574 } 1575 if (vs->modifiers_state[0x45]) { 1576 ledstate |= QEMU_NUM_LOCK_LED; 1577 } 1578 if (vs->modifiers_state[0x3a]) { 1579 ledstate |= QEMU_CAPS_LOCK_LED; 1580 } 1581 1582 return ledstate; 1583 } 1584 1585 static void vnc_led_state_change(VncState *vs) 1586 { 1587 int ledstate = 0; 1588 1589 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1590 return; 1591 } 1592 1593 ledstate = current_led_state(vs); 1594 vnc_lock_output(vs); 1595 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1596 vnc_write_u8(vs, 0); 1597 vnc_write_u16(vs, 1); 1598 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1599 vnc_write_u8(vs, ledstate); 1600 vnc_unlock_output(vs); 1601 vnc_flush(vs); 1602 } 1603 1604 static void kbd_leds(void *opaque, int ledstate) 1605 { 1606 VncState *vs = opaque; 1607 int caps, num, scr; 1608 bool has_changed = (ledstate != current_led_state(vs)); 1609 1610 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1611 (ledstate & QEMU_NUM_LOCK_LED), 1612 (ledstate & QEMU_SCROLL_LOCK_LED)); 1613 1614 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1615 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1616 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1617 1618 if (vs->modifiers_state[0x3a] != caps) { 1619 vs->modifiers_state[0x3a] = caps; 1620 } 1621 if (vs->modifiers_state[0x45] != num) { 1622 vs->modifiers_state[0x45] = num; 1623 } 1624 if (vs->modifiers_state[0x46] != scr) { 1625 vs->modifiers_state[0x46] = scr; 1626 } 1627 1628 /* Sending the current led state message to the client */ 1629 if (has_changed) { 1630 vnc_led_state_change(vs); 1631 } 1632 } 1633 1634 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1635 { 1636 /* QEMU console switch */ 1637 switch(keycode) { 1638 case 0x2a: /* Left Shift */ 1639 case 0x36: /* Right Shift */ 1640 case 0x1d: /* Left CTRL */ 1641 case 0x9d: /* Right CTRL */ 1642 case 0x38: /* Left ALT */ 1643 case 0xb8: /* Right ALT */ 1644 if (down) 1645 vs->modifiers_state[keycode] = 1; 1646 else 1647 vs->modifiers_state[keycode] = 0; 1648 break; 1649 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1650 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1651 /* Reset the modifiers sent to the current console */ 1652 reset_keys(vs); 1653 console_select(keycode - 0x02); 1654 return; 1655 } 1656 break; 1657 case 0x3a: /* CapsLock */ 1658 case 0x45: /* NumLock */ 1659 if (down) 1660 vs->modifiers_state[keycode] ^= 1; 1661 break; 1662 } 1663 1664 /* Turn off the lock state sync logic if the client support the led 1665 state extension. 1666 */ 1667 if (down && vs->vd->lock_key_sync && 1668 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1669 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1670 /* If the numlock state needs to change then simulate an additional 1671 keypress before sending this one. This will happen if the user 1672 toggles numlock away from the VNC window. 1673 */ 1674 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1675 if (!vs->modifiers_state[0x45]) { 1676 trace_vnc_key_sync_numlock(true); 1677 vs->modifiers_state[0x45] = 1; 1678 press_key(vs, 0xff7f); 1679 } 1680 } else { 1681 if (vs->modifiers_state[0x45]) { 1682 trace_vnc_key_sync_numlock(false); 1683 vs->modifiers_state[0x45] = 0; 1684 press_key(vs, 0xff7f); 1685 } 1686 } 1687 } 1688 1689 if (down && vs->vd->lock_key_sync && 1690 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1691 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1692 /* If the capslock state needs to change then simulate an additional 1693 keypress before sending this one. This will happen if the user 1694 toggles capslock away from the VNC window. 1695 */ 1696 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1697 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1698 int capslock = !!(vs->modifiers_state[0x3a]); 1699 if (capslock) { 1700 if (uppercase == shift) { 1701 trace_vnc_key_sync_capslock(false); 1702 vs->modifiers_state[0x3a] = 0; 1703 press_key(vs, 0xffe5); 1704 } 1705 } else { 1706 if (uppercase != shift) { 1707 trace_vnc_key_sync_capslock(true); 1708 vs->modifiers_state[0x3a] = 1; 1709 press_key(vs, 0xffe5); 1710 } 1711 } 1712 } 1713 1714 if (qemu_console_is_graphic(NULL)) { 1715 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1716 } else { 1717 bool numlock = vs->modifiers_state[0x45]; 1718 bool control = (vs->modifiers_state[0x1d] || 1719 vs->modifiers_state[0x9d]); 1720 /* QEMU console emulation */ 1721 if (down) { 1722 switch (keycode) { 1723 case 0x2a: /* Left Shift */ 1724 case 0x36: /* Right Shift */ 1725 case 0x1d: /* Left CTRL */ 1726 case 0x9d: /* Right CTRL */ 1727 case 0x38: /* Left ALT */ 1728 case 0xb8: /* Right ALT */ 1729 break; 1730 case 0xc8: 1731 kbd_put_keysym(QEMU_KEY_UP); 1732 break; 1733 case 0xd0: 1734 kbd_put_keysym(QEMU_KEY_DOWN); 1735 break; 1736 case 0xcb: 1737 kbd_put_keysym(QEMU_KEY_LEFT); 1738 break; 1739 case 0xcd: 1740 kbd_put_keysym(QEMU_KEY_RIGHT); 1741 break; 1742 case 0xd3: 1743 kbd_put_keysym(QEMU_KEY_DELETE); 1744 break; 1745 case 0xc7: 1746 kbd_put_keysym(QEMU_KEY_HOME); 1747 break; 1748 case 0xcf: 1749 kbd_put_keysym(QEMU_KEY_END); 1750 break; 1751 case 0xc9: 1752 kbd_put_keysym(QEMU_KEY_PAGEUP); 1753 break; 1754 case 0xd1: 1755 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1756 break; 1757 1758 case 0x47: 1759 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1760 break; 1761 case 0x48: 1762 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1763 break; 1764 case 0x49: 1765 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1766 break; 1767 case 0x4b: 1768 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1769 break; 1770 case 0x4c: 1771 kbd_put_keysym('5'); 1772 break; 1773 case 0x4d: 1774 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1775 break; 1776 case 0x4f: 1777 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1778 break; 1779 case 0x50: 1780 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1781 break; 1782 case 0x51: 1783 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1784 break; 1785 case 0x52: 1786 kbd_put_keysym('0'); 1787 break; 1788 case 0x53: 1789 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1790 break; 1791 1792 case 0xb5: 1793 kbd_put_keysym('/'); 1794 break; 1795 case 0x37: 1796 kbd_put_keysym('*'); 1797 break; 1798 case 0x4a: 1799 kbd_put_keysym('-'); 1800 break; 1801 case 0x4e: 1802 kbd_put_keysym('+'); 1803 break; 1804 case 0x9c: 1805 kbd_put_keysym('\n'); 1806 break; 1807 1808 default: 1809 if (control) { 1810 kbd_put_keysym(sym & 0x1f); 1811 } else { 1812 kbd_put_keysym(sym); 1813 } 1814 break; 1815 } 1816 } 1817 } 1818 } 1819 1820 static void vnc_release_modifiers(VncState *vs) 1821 { 1822 static const int keycodes[] = { 1823 /* shift, control, alt keys, both left & right */ 1824 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1825 }; 1826 int i, keycode; 1827 1828 if (!qemu_console_is_graphic(NULL)) { 1829 return; 1830 } 1831 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1832 keycode = keycodes[i]; 1833 if (!vs->modifiers_state[keycode]) { 1834 continue; 1835 } 1836 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1837 } 1838 } 1839 1840 static const char *code2name(int keycode) 1841 { 1842 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1843 } 1844 1845 static void key_event(VncState *vs, int down, uint32_t sym) 1846 { 1847 int keycode; 1848 int lsym = sym; 1849 1850 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1851 lsym = lsym - 'A' + 'a'; 1852 } 1853 1854 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1855 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1856 do_key_event(vs, down, keycode, sym); 1857 } 1858 1859 static void ext_key_event(VncState *vs, int down, 1860 uint32_t sym, uint16_t keycode) 1861 { 1862 /* if the user specifies a keyboard layout, always use it */ 1863 if (keyboard_layout) { 1864 key_event(vs, down, sym); 1865 } else { 1866 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1867 do_key_event(vs, down, keycode, sym); 1868 } 1869 } 1870 1871 static void framebuffer_update_request(VncState *vs, int incremental, 1872 int x_position, int y_position, 1873 int w, int h) 1874 { 1875 int i; 1876 const size_t width = surface_width(vs->vd->ds) / VNC_DIRTY_PIXELS_PER_BIT; 1877 const size_t height = surface_height(vs->vd->ds); 1878 1879 if (y_position > height) { 1880 y_position = height; 1881 } 1882 if (y_position + h >= height) { 1883 h = height - y_position; 1884 } 1885 1886 vs->need_update = 1; 1887 if (!incremental) { 1888 vs->force_update = 1; 1889 for (i = 0; i < h; i++) { 1890 bitmap_set(vs->dirty[y_position + i], 0, width); 1891 bitmap_clear(vs->dirty[y_position + i], width, 1892 VNC_DIRTY_BITS - width); 1893 } 1894 } 1895 } 1896 1897 static void send_ext_key_event_ack(VncState *vs) 1898 { 1899 vnc_lock_output(vs); 1900 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1901 vnc_write_u8(vs, 0); 1902 vnc_write_u16(vs, 1); 1903 vnc_framebuffer_update(vs, 0, 0, 1904 surface_width(vs->vd->ds), 1905 surface_height(vs->vd->ds), 1906 VNC_ENCODING_EXT_KEY_EVENT); 1907 vnc_unlock_output(vs); 1908 vnc_flush(vs); 1909 } 1910 1911 static void send_ext_audio_ack(VncState *vs) 1912 { 1913 vnc_lock_output(vs); 1914 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1915 vnc_write_u8(vs, 0); 1916 vnc_write_u16(vs, 1); 1917 vnc_framebuffer_update(vs, 0, 0, 1918 surface_width(vs->vd->ds), 1919 surface_height(vs->vd->ds), 1920 VNC_ENCODING_AUDIO); 1921 vnc_unlock_output(vs); 1922 vnc_flush(vs); 1923 } 1924 1925 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1926 { 1927 int i; 1928 unsigned int enc = 0; 1929 1930 vs->features = 0; 1931 vs->vnc_encoding = 0; 1932 vs->tight.compression = 9; 1933 vs->tight.quality = -1; /* Lossless by default */ 1934 vs->absolute = -1; 1935 1936 /* 1937 * Start from the end because the encodings are sent in order of preference. 1938 * This way the preferred encoding (first encoding defined in the array) 1939 * will be set at the end of the loop. 1940 */ 1941 for (i = n_encodings - 1; i >= 0; i--) { 1942 enc = encodings[i]; 1943 switch (enc) { 1944 case VNC_ENCODING_RAW: 1945 vs->vnc_encoding = enc; 1946 break; 1947 case VNC_ENCODING_COPYRECT: 1948 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1949 break; 1950 case VNC_ENCODING_HEXTILE: 1951 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1952 vs->vnc_encoding = enc; 1953 break; 1954 case VNC_ENCODING_TIGHT: 1955 vs->features |= VNC_FEATURE_TIGHT_MASK; 1956 vs->vnc_encoding = enc; 1957 break; 1958 #ifdef CONFIG_VNC_PNG 1959 case VNC_ENCODING_TIGHT_PNG: 1960 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1961 vs->vnc_encoding = enc; 1962 break; 1963 #endif 1964 case VNC_ENCODING_ZLIB: 1965 vs->features |= VNC_FEATURE_ZLIB_MASK; 1966 vs->vnc_encoding = enc; 1967 break; 1968 case VNC_ENCODING_ZRLE: 1969 vs->features |= VNC_FEATURE_ZRLE_MASK; 1970 vs->vnc_encoding = enc; 1971 break; 1972 case VNC_ENCODING_ZYWRLE: 1973 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1974 vs->vnc_encoding = enc; 1975 break; 1976 case VNC_ENCODING_DESKTOPRESIZE: 1977 vs->features |= VNC_FEATURE_RESIZE_MASK; 1978 break; 1979 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1980 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1981 break; 1982 case VNC_ENCODING_RICH_CURSOR: 1983 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1984 break; 1985 case VNC_ENCODING_EXT_KEY_EVENT: 1986 send_ext_key_event_ack(vs); 1987 break; 1988 case VNC_ENCODING_AUDIO: 1989 send_ext_audio_ack(vs); 1990 break; 1991 case VNC_ENCODING_WMVi: 1992 vs->features |= VNC_FEATURE_WMVI_MASK; 1993 break; 1994 case VNC_ENCODING_LED_STATE: 1995 vs->features |= VNC_FEATURE_LED_STATE_MASK; 1996 break; 1997 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1998 vs->tight.compression = (enc & 0x0F); 1999 break; 2000 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2001 if (vs->vd->lossy) { 2002 vs->tight.quality = (enc & 0x0F); 2003 } 2004 break; 2005 default: 2006 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2007 break; 2008 } 2009 } 2010 vnc_desktop_resize(vs); 2011 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2012 vnc_led_state_change(vs); 2013 } 2014 2015 static void set_pixel_conversion(VncState *vs) 2016 { 2017 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2018 2019 if (fmt == VNC_SERVER_FB_FORMAT) { 2020 vs->write_pixels = vnc_write_pixels_copy; 2021 vnc_hextile_set_pixel_conversion(vs, 0); 2022 } else { 2023 vs->write_pixels = vnc_write_pixels_generic; 2024 vnc_hextile_set_pixel_conversion(vs, 1); 2025 } 2026 } 2027 2028 static void set_pixel_format(VncState *vs, 2029 int bits_per_pixel, int depth, 2030 int big_endian_flag, int true_color_flag, 2031 int red_max, int green_max, int blue_max, 2032 int red_shift, int green_shift, int blue_shift) 2033 { 2034 if (!true_color_flag) { 2035 vnc_client_error(vs); 2036 return; 2037 } 2038 2039 vs->client_pf.rmax = red_max; 2040 vs->client_pf.rbits = hweight_long(red_max); 2041 vs->client_pf.rshift = red_shift; 2042 vs->client_pf.rmask = red_max << red_shift; 2043 vs->client_pf.gmax = green_max; 2044 vs->client_pf.gbits = hweight_long(green_max); 2045 vs->client_pf.gshift = green_shift; 2046 vs->client_pf.gmask = green_max << green_shift; 2047 vs->client_pf.bmax = blue_max; 2048 vs->client_pf.bbits = hweight_long(blue_max); 2049 vs->client_pf.bshift = blue_shift; 2050 vs->client_pf.bmask = blue_max << blue_shift; 2051 vs->client_pf.bits_per_pixel = bits_per_pixel; 2052 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2053 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2054 vs->client_be = big_endian_flag; 2055 2056 set_pixel_conversion(vs); 2057 2058 graphic_hw_invalidate(NULL); 2059 graphic_hw_update(NULL); 2060 } 2061 2062 static void pixel_format_message (VncState *vs) { 2063 char pad[3] = { 0, 0, 0 }; 2064 2065 vs->client_pf = qemu_default_pixelformat(32); 2066 2067 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2068 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2069 2070 #ifdef HOST_WORDS_BIGENDIAN 2071 vnc_write_u8(vs, 1); /* big-endian-flag */ 2072 #else 2073 vnc_write_u8(vs, 0); /* big-endian-flag */ 2074 #endif 2075 vnc_write_u8(vs, 1); /* true-color-flag */ 2076 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2077 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2078 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2079 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2080 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2081 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2082 vnc_write(vs, pad, 3); /* padding */ 2083 2084 vnc_hextile_set_pixel_conversion(vs, 0); 2085 vs->write_pixels = vnc_write_pixels_copy; 2086 } 2087 2088 static void vnc_colordepth(VncState *vs) 2089 { 2090 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2091 /* Sending a WMVi message to notify the client*/ 2092 vnc_lock_output(vs); 2093 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2094 vnc_write_u8(vs, 0); 2095 vnc_write_u16(vs, 1); /* number of rects */ 2096 vnc_framebuffer_update(vs, 0, 0, 2097 surface_width(vs->vd->ds), 2098 surface_height(vs->vd->ds), 2099 VNC_ENCODING_WMVi); 2100 pixel_format_message(vs); 2101 vnc_unlock_output(vs); 2102 vnc_flush(vs); 2103 } else { 2104 set_pixel_conversion(vs); 2105 } 2106 } 2107 2108 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2109 { 2110 int i; 2111 uint16_t limit; 2112 VncDisplay *vd = vs->vd; 2113 2114 if (data[0] > 3) { 2115 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2116 } 2117 2118 switch (data[0]) { 2119 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2120 if (len == 1) 2121 return 20; 2122 2123 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2124 read_u8(data, 6), read_u8(data, 7), 2125 read_u16(data, 8), read_u16(data, 10), 2126 read_u16(data, 12), read_u8(data, 14), 2127 read_u8(data, 15), read_u8(data, 16)); 2128 break; 2129 case VNC_MSG_CLIENT_SET_ENCODINGS: 2130 if (len == 1) 2131 return 4; 2132 2133 if (len == 4) { 2134 limit = read_u16(data, 2); 2135 if (limit > 0) 2136 return 4 + (limit * 4); 2137 } else 2138 limit = read_u16(data, 2); 2139 2140 for (i = 0; i < limit; i++) { 2141 int32_t val = read_s32(data, 4 + (i * 4)); 2142 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2143 } 2144 2145 set_encodings(vs, (int32_t *)(data + 4), limit); 2146 break; 2147 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2148 if (len == 1) 2149 return 10; 2150 2151 framebuffer_update_request(vs, 2152 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2153 read_u16(data, 6), read_u16(data, 8)); 2154 break; 2155 case VNC_MSG_CLIENT_KEY_EVENT: 2156 if (len == 1) 2157 return 8; 2158 2159 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2160 break; 2161 case VNC_MSG_CLIENT_POINTER_EVENT: 2162 if (len == 1) 2163 return 6; 2164 2165 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2166 break; 2167 case VNC_MSG_CLIENT_CUT_TEXT: 2168 if (len == 1) 2169 return 8; 2170 2171 if (len == 8) { 2172 uint32_t dlen = read_u32(data, 4); 2173 if (dlen > 0) 2174 return 8 + dlen; 2175 } 2176 2177 client_cut_text(vs, read_u32(data, 4), data + 8); 2178 break; 2179 case VNC_MSG_CLIENT_QEMU: 2180 if (len == 1) 2181 return 2; 2182 2183 switch (read_u8(data, 1)) { 2184 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2185 if (len == 2) 2186 return 12; 2187 2188 ext_key_event(vs, read_u16(data, 2), 2189 read_u32(data, 4), read_u32(data, 8)); 2190 break; 2191 case VNC_MSG_CLIENT_QEMU_AUDIO: 2192 if (len == 2) 2193 return 4; 2194 2195 switch (read_u16 (data, 2)) { 2196 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2197 audio_add(vs); 2198 break; 2199 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2200 audio_del(vs); 2201 break; 2202 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2203 if (len == 4) 2204 return 10; 2205 switch (read_u8(data, 4)) { 2206 case 0: vs->as.fmt = AUD_FMT_U8; break; 2207 case 1: vs->as.fmt = AUD_FMT_S8; break; 2208 case 2: vs->as.fmt = AUD_FMT_U16; break; 2209 case 3: vs->as.fmt = AUD_FMT_S16; break; 2210 case 4: vs->as.fmt = AUD_FMT_U32; break; 2211 case 5: vs->as.fmt = AUD_FMT_S32; break; 2212 default: 2213 printf("Invalid audio format %d\n", read_u8(data, 4)); 2214 vnc_client_error(vs); 2215 break; 2216 } 2217 vs->as.nchannels = read_u8(data, 5); 2218 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2219 printf("Invalid audio channel coount %d\n", 2220 read_u8(data, 5)); 2221 vnc_client_error(vs); 2222 break; 2223 } 2224 vs->as.freq = read_u32(data, 6); 2225 break; 2226 default: 2227 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2228 vnc_client_error(vs); 2229 break; 2230 } 2231 break; 2232 2233 default: 2234 printf("Msg: %d\n", read_u16(data, 0)); 2235 vnc_client_error(vs); 2236 break; 2237 } 2238 break; 2239 default: 2240 printf("Msg: %d\n", data[0]); 2241 vnc_client_error(vs); 2242 break; 2243 } 2244 2245 vnc_read_when(vs, protocol_client_msg, 1); 2246 return 0; 2247 } 2248 2249 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2250 { 2251 char buf[1024]; 2252 VncShareMode mode; 2253 int size; 2254 2255 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2256 switch (vs->vd->share_policy) { 2257 case VNC_SHARE_POLICY_IGNORE: 2258 /* 2259 * Ignore the shared flag. Nothing to do here. 2260 * 2261 * Doesn't conform to the rfb spec but is traditional qemu 2262 * behavior, thus left here as option for compatibility 2263 * reasons. 2264 */ 2265 break; 2266 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2267 /* 2268 * Policy: Allow clients ask for exclusive access. 2269 * 2270 * Implementation: When a client asks for exclusive access, 2271 * disconnect all others. Shared connects are allowed as long 2272 * as no exclusive connection exists. 2273 * 2274 * This is how the rfb spec suggests to handle the shared flag. 2275 */ 2276 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2277 VncState *client; 2278 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2279 if (vs == client) { 2280 continue; 2281 } 2282 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2283 client->share_mode != VNC_SHARE_MODE_SHARED) { 2284 continue; 2285 } 2286 vnc_disconnect_start(client); 2287 } 2288 } 2289 if (mode == VNC_SHARE_MODE_SHARED) { 2290 if (vs->vd->num_exclusive > 0) { 2291 vnc_disconnect_start(vs); 2292 return 0; 2293 } 2294 } 2295 break; 2296 case VNC_SHARE_POLICY_FORCE_SHARED: 2297 /* 2298 * Policy: Shared connects only. 2299 * Implementation: Disallow clients asking for exclusive access. 2300 * 2301 * Useful for shared desktop sessions where you don't want 2302 * someone forgetting to say -shared when running the vnc 2303 * client disconnect everybody else. 2304 */ 2305 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2306 vnc_disconnect_start(vs); 2307 return 0; 2308 } 2309 break; 2310 } 2311 vnc_set_share_mode(vs, mode); 2312 2313 vs->client_width = surface_width(vs->vd->ds); 2314 vs->client_height = surface_height(vs->vd->ds); 2315 vnc_write_u16(vs, vs->client_width); 2316 vnc_write_u16(vs, vs->client_height); 2317 2318 pixel_format_message(vs); 2319 2320 if (qemu_name) 2321 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2322 else 2323 size = snprintf(buf, sizeof(buf), "QEMU"); 2324 2325 vnc_write_u32(vs, size); 2326 vnc_write(vs, buf, size); 2327 vnc_flush(vs); 2328 2329 vnc_client_cache_auth(vs); 2330 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2331 2332 vnc_read_when(vs, protocol_client_msg, 1); 2333 2334 return 0; 2335 } 2336 2337 void start_client_init(VncState *vs) 2338 { 2339 vnc_read_when(vs, protocol_client_init, 1); 2340 } 2341 2342 static void make_challenge(VncState *vs) 2343 { 2344 int i; 2345 2346 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2347 2348 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2349 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2350 } 2351 2352 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2353 { 2354 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2355 int i, j, pwlen; 2356 unsigned char key[8]; 2357 time_t now = time(NULL); 2358 2359 if (!vs->vd->password) { 2360 VNC_DEBUG("No password configured on server"); 2361 goto reject; 2362 } 2363 if (vs->vd->expires < now) { 2364 VNC_DEBUG("Password is expired"); 2365 goto reject; 2366 } 2367 2368 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2369 2370 /* Calculate the expected challenge response */ 2371 pwlen = strlen(vs->vd->password); 2372 for (i=0; i<sizeof(key); i++) 2373 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2374 deskey(key, EN0); 2375 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2376 des(response+j, response+j); 2377 2378 /* Compare expected vs actual challenge response */ 2379 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2380 VNC_DEBUG("Client challenge response did not match\n"); 2381 goto reject; 2382 } else { 2383 VNC_DEBUG("Accepting VNC challenge response\n"); 2384 vnc_write_u32(vs, 0); /* Accept auth */ 2385 vnc_flush(vs); 2386 2387 start_client_init(vs); 2388 } 2389 return 0; 2390 2391 reject: 2392 vnc_write_u32(vs, 1); /* Reject auth */ 2393 if (vs->minor >= 8) { 2394 static const char err[] = "Authentication failed"; 2395 vnc_write_u32(vs, sizeof(err)); 2396 vnc_write(vs, err, sizeof(err)); 2397 } 2398 vnc_flush(vs); 2399 vnc_client_error(vs); 2400 return 0; 2401 } 2402 2403 void start_auth_vnc(VncState *vs) 2404 { 2405 make_challenge(vs); 2406 /* Send client a 'random' challenge */ 2407 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2408 vnc_flush(vs); 2409 2410 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2411 } 2412 2413 2414 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2415 { 2416 /* We only advertise 1 auth scheme at a time, so client 2417 * must pick the one we sent. Verify this */ 2418 if (data[0] != vs->auth) { /* Reject auth */ 2419 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2420 vnc_write_u32(vs, 1); 2421 if (vs->minor >= 8) { 2422 static const char err[] = "Authentication failed"; 2423 vnc_write_u32(vs, sizeof(err)); 2424 vnc_write(vs, err, sizeof(err)); 2425 } 2426 vnc_client_error(vs); 2427 } else { /* Accept requested auth */ 2428 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2429 switch (vs->auth) { 2430 case VNC_AUTH_NONE: 2431 VNC_DEBUG("Accept auth none\n"); 2432 if (vs->minor >= 8) { 2433 vnc_write_u32(vs, 0); /* Accept auth completion */ 2434 vnc_flush(vs); 2435 } 2436 start_client_init(vs); 2437 break; 2438 2439 case VNC_AUTH_VNC: 2440 VNC_DEBUG("Start VNC auth\n"); 2441 start_auth_vnc(vs); 2442 break; 2443 2444 #ifdef CONFIG_VNC_TLS 2445 case VNC_AUTH_VENCRYPT: 2446 VNC_DEBUG("Accept VeNCrypt auth\n"); 2447 start_auth_vencrypt(vs); 2448 break; 2449 #endif /* CONFIG_VNC_TLS */ 2450 2451 #ifdef CONFIG_VNC_SASL 2452 case VNC_AUTH_SASL: 2453 VNC_DEBUG("Accept SASL auth\n"); 2454 start_auth_sasl(vs); 2455 break; 2456 #endif /* CONFIG_VNC_SASL */ 2457 2458 default: /* Should not be possible, but just in case */ 2459 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2460 vnc_write_u8(vs, 1); 2461 if (vs->minor >= 8) { 2462 static const char err[] = "Authentication failed"; 2463 vnc_write_u32(vs, sizeof(err)); 2464 vnc_write(vs, err, sizeof(err)); 2465 } 2466 vnc_client_error(vs); 2467 } 2468 } 2469 return 0; 2470 } 2471 2472 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2473 { 2474 char local[13]; 2475 2476 memcpy(local, version, 12); 2477 local[12] = 0; 2478 2479 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2480 VNC_DEBUG("Malformed protocol version %s\n", local); 2481 vnc_client_error(vs); 2482 return 0; 2483 } 2484 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2485 if (vs->major != 3 || 2486 (vs->minor != 3 && 2487 vs->minor != 4 && 2488 vs->minor != 5 && 2489 vs->minor != 7 && 2490 vs->minor != 8)) { 2491 VNC_DEBUG("Unsupported client version\n"); 2492 vnc_write_u32(vs, VNC_AUTH_INVALID); 2493 vnc_flush(vs); 2494 vnc_client_error(vs); 2495 return 0; 2496 } 2497 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2498 * as equivalent to v3.3 by servers 2499 */ 2500 if (vs->minor == 4 || vs->minor == 5) 2501 vs->minor = 3; 2502 2503 if (vs->minor == 3) { 2504 if (vs->auth == VNC_AUTH_NONE) { 2505 VNC_DEBUG("Tell client auth none\n"); 2506 vnc_write_u32(vs, vs->auth); 2507 vnc_flush(vs); 2508 start_client_init(vs); 2509 } else if (vs->auth == VNC_AUTH_VNC) { 2510 VNC_DEBUG("Tell client VNC auth\n"); 2511 vnc_write_u32(vs, vs->auth); 2512 vnc_flush(vs); 2513 start_auth_vnc(vs); 2514 } else { 2515 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2516 vnc_write_u32(vs, VNC_AUTH_INVALID); 2517 vnc_flush(vs); 2518 vnc_client_error(vs); 2519 } 2520 } else { 2521 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2522 vnc_write_u8(vs, 1); /* num auth */ 2523 vnc_write_u8(vs, vs->auth); 2524 vnc_read_when(vs, protocol_client_auth, 1); 2525 vnc_flush(vs); 2526 } 2527 2528 return 0; 2529 } 2530 2531 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2532 { 2533 struct VncSurface *vs = &vd->guest; 2534 2535 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2536 } 2537 2538 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2539 { 2540 int i, j; 2541 2542 w = (x + w) / VNC_STAT_RECT; 2543 h = (y + h) / VNC_STAT_RECT; 2544 x /= VNC_STAT_RECT; 2545 y /= VNC_STAT_RECT; 2546 2547 for (j = y; j <= h; j++) { 2548 for (i = x; i <= w; i++) { 2549 vs->lossy_rect[j][i] = 1; 2550 } 2551 } 2552 } 2553 2554 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2555 { 2556 VncState *vs; 2557 int sty = y / VNC_STAT_RECT; 2558 int stx = x / VNC_STAT_RECT; 2559 int has_dirty = 0; 2560 2561 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2562 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2563 2564 QTAILQ_FOREACH(vs, &vd->clients, next) { 2565 int j; 2566 2567 /* kernel send buffers are full -> refresh later */ 2568 if (vs->output.offset) { 2569 continue; 2570 } 2571 2572 if (!vs->lossy_rect[sty][stx]) { 2573 continue; 2574 } 2575 2576 vs->lossy_rect[sty][stx] = 0; 2577 for (j = 0; j < VNC_STAT_RECT; ++j) { 2578 bitmap_set(vs->dirty[y + j], 2579 x / VNC_DIRTY_PIXELS_PER_BIT, 2580 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2581 } 2582 has_dirty++; 2583 } 2584 2585 return has_dirty; 2586 } 2587 2588 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2589 { 2590 int width = pixman_image_get_width(vd->guest.fb); 2591 int height = pixman_image_get_height(vd->guest.fb); 2592 int x, y; 2593 struct timeval res; 2594 int has_dirty = 0; 2595 2596 for (y = 0; y < height; y += VNC_STAT_RECT) { 2597 for (x = 0; x < width; x += VNC_STAT_RECT) { 2598 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2599 2600 rect->updated = false; 2601 } 2602 } 2603 2604 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2605 2606 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2607 return has_dirty; 2608 } 2609 vd->guest.last_freq_check = *tv; 2610 2611 for (y = 0; y < height; y += VNC_STAT_RECT) { 2612 for (x = 0; x < width; x += VNC_STAT_RECT) { 2613 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2614 int count = ARRAY_SIZE(rect->times); 2615 struct timeval min, max; 2616 2617 if (!timerisset(&rect->times[count - 1])) { 2618 continue ; 2619 } 2620 2621 max = rect->times[(rect->idx + count - 1) % count]; 2622 qemu_timersub(tv, &max, &res); 2623 2624 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2625 rect->freq = 0; 2626 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2627 memset(rect->times, 0, sizeof (rect->times)); 2628 continue ; 2629 } 2630 2631 min = rect->times[rect->idx]; 2632 max = rect->times[(rect->idx + count - 1) % count]; 2633 qemu_timersub(&max, &min, &res); 2634 2635 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2636 rect->freq /= count; 2637 rect->freq = 1. / rect->freq; 2638 } 2639 } 2640 return has_dirty; 2641 } 2642 2643 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2644 { 2645 int i, j; 2646 double total = 0; 2647 int num = 0; 2648 2649 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2650 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2651 2652 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2653 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2654 total += vnc_stat_rect(vs->vd, i, j)->freq; 2655 num++; 2656 } 2657 } 2658 2659 if (num) { 2660 return total / num; 2661 } else { 2662 return 0; 2663 } 2664 } 2665 2666 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2667 { 2668 VncRectStat *rect; 2669 2670 rect = vnc_stat_rect(vd, x, y); 2671 if (rect->updated) { 2672 return ; 2673 } 2674 rect->times[rect->idx] = *tv; 2675 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2676 rect->updated = true; 2677 } 2678 2679 static int vnc_refresh_server_surface(VncDisplay *vd) 2680 { 2681 int width = pixman_image_get_width(vd->guest.fb); 2682 int height = pixman_image_get_height(vd->guest.fb); 2683 int y; 2684 uint8_t *guest_row0 = NULL, *server_row0; 2685 int guest_stride = 0, server_stride; 2686 int cmp_bytes; 2687 VncState *vs; 2688 int has_dirty = 0; 2689 pixman_image_t *tmpbuf = NULL; 2690 2691 struct timeval tv = { 0, 0 }; 2692 2693 if (!vd->non_adaptive) { 2694 gettimeofday(&tv, NULL); 2695 has_dirty = vnc_update_stats(vd, &tv); 2696 } 2697 2698 /* 2699 * Walk through the guest dirty map. 2700 * Check and copy modified bits from guest to server surface. 2701 * Update server dirty map. 2702 */ 2703 cmp_bytes = VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES; 2704 if (cmp_bytes > vnc_server_fb_stride(vd)) { 2705 cmp_bytes = vnc_server_fb_stride(vd); 2706 } 2707 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2708 int width = pixman_image_get_width(vd->server); 2709 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2710 } else { 2711 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2712 guest_stride = pixman_image_get_stride(vd->guest.fb); 2713 } 2714 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2715 server_stride = pixman_image_get_stride(vd->server); 2716 2717 y = 0; 2718 for (;;) { 2719 int x; 2720 uint8_t *guest_ptr, *server_ptr; 2721 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2722 height * VNC_DIRTY_BPL(&vd->guest), 2723 y * VNC_DIRTY_BPL(&vd->guest)); 2724 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2725 /* no more dirty bits */ 2726 break; 2727 } 2728 y = offset / VNC_DIRTY_BPL(&vd->guest); 2729 x = offset % VNC_DIRTY_BPL(&vd->guest); 2730 2731 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2732 2733 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2734 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2735 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2736 } else { 2737 guest_ptr = guest_row0 + y * guest_stride; 2738 } 2739 guest_ptr += x * cmp_bytes; 2740 2741 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2742 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2743 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2744 continue; 2745 } 2746 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) { 2747 continue; 2748 } 2749 memcpy(server_ptr, guest_ptr, cmp_bytes); 2750 if (!vd->non_adaptive) { 2751 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2752 y, &tv); 2753 } 2754 QTAILQ_FOREACH(vs, &vd->clients, next) { 2755 set_bit(x, vs->dirty[y]); 2756 } 2757 has_dirty++; 2758 } 2759 2760 y++; 2761 } 2762 qemu_pixman_image_unref(tmpbuf); 2763 return has_dirty; 2764 } 2765 2766 static void vnc_refresh(DisplayChangeListener *dcl) 2767 { 2768 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2769 VncState *vs, *vn; 2770 int has_dirty, rects = 0; 2771 2772 graphic_hw_update(NULL); 2773 2774 if (vnc_trylock_display(vd)) { 2775 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2776 return; 2777 } 2778 2779 has_dirty = vnc_refresh_server_surface(vd); 2780 vnc_unlock_display(vd); 2781 2782 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2783 rects += vnc_update_client(vs, has_dirty, false); 2784 /* vs might be free()ed here */ 2785 } 2786 2787 if (QTAILQ_EMPTY(&vd->clients)) { 2788 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2789 return; 2790 } 2791 2792 if (has_dirty && rects) { 2793 vd->dcl.update_interval /= 2; 2794 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2795 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2796 } 2797 } else { 2798 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2799 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2800 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2801 } 2802 } 2803 } 2804 2805 static void vnc_connect(VncDisplay *vd, int csock, 2806 bool skipauth, bool websocket) 2807 { 2808 VncState *vs = g_malloc0(sizeof(VncState)); 2809 int i; 2810 2811 vs->csock = csock; 2812 2813 if (skipauth) { 2814 vs->auth = VNC_AUTH_NONE; 2815 #ifdef CONFIG_VNC_TLS 2816 vs->subauth = VNC_AUTH_INVALID; 2817 #endif 2818 } else { 2819 vs->auth = vd->auth; 2820 #ifdef CONFIG_VNC_TLS 2821 vs->subauth = vd->subauth; 2822 #endif 2823 } 2824 2825 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2826 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2827 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2828 } 2829 2830 VNC_DEBUG("New client on socket %d\n", csock); 2831 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2832 qemu_set_nonblock(vs->csock); 2833 #ifdef CONFIG_VNC_WS 2834 if (websocket) { 2835 vs->websocket = 1; 2836 #ifdef CONFIG_VNC_TLS 2837 if (vd->tls.x509cert) { 2838 qemu_set_fd_handler2(vs->csock, NULL, vncws_tls_handshake_peek, 2839 NULL, vs); 2840 } else 2841 #endif /* CONFIG_VNC_TLS */ 2842 { 2843 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, 2844 NULL, vs); 2845 } 2846 } else 2847 #endif /* CONFIG_VNC_WS */ 2848 { 2849 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2850 } 2851 2852 vnc_client_cache_addr(vs); 2853 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 2854 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2855 2856 vs->vd = vd; 2857 2858 #ifdef CONFIG_VNC_WS 2859 if (!vs->websocket) 2860 #endif 2861 { 2862 vnc_init_state(vs); 2863 } 2864 } 2865 2866 void vnc_init_state(VncState *vs) 2867 { 2868 vs->initialized = true; 2869 VncDisplay *vd = vs->vd; 2870 2871 vs->last_x = -1; 2872 vs->last_y = -1; 2873 2874 vs->as.freq = 44100; 2875 vs->as.nchannels = 2; 2876 vs->as.fmt = AUD_FMT_S16; 2877 vs->as.endianness = 0; 2878 2879 qemu_mutex_init(&vs->output_mutex); 2880 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2881 2882 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2883 2884 graphic_hw_update(NULL); 2885 2886 vnc_write(vs, "RFB 003.008\n", 12); 2887 vnc_flush(vs); 2888 vnc_read_when(vs, protocol_version, 12); 2889 reset_keys(vs); 2890 if (vs->vd->lock_key_sync) 2891 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2892 2893 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2894 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2895 2896 /* vs might be free()ed here */ 2897 } 2898 2899 static void vnc_listen_read(void *opaque, bool websocket) 2900 { 2901 VncDisplay *vs = opaque; 2902 struct sockaddr_in addr; 2903 socklen_t addrlen = sizeof(addr); 2904 int csock; 2905 2906 /* Catch-up */ 2907 graphic_hw_update(NULL); 2908 #ifdef CONFIG_VNC_WS 2909 if (websocket) { 2910 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 2911 } else 2912 #endif /* CONFIG_VNC_WS */ 2913 { 2914 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2915 } 2916 2917 if (csock != -1) { 2918 vnc_connect(vs, csock, false, websocket); 2919 } 2920 } 2921 2922 static void vnc_listen_regular_read(void *opaque) 2923 { 2924 vnc_listen_read(opaque, false); 2925 } 2926 2927 #ifdef CONFIG_VNC_WS 2928 static void vnc_listen_websocket_read(void *opaque) 2929 { 2930 vnc_listen_read(opaque, true); 2931 } 2932 #endif /* CONFIG_VNC_WS */ 2933 2934 static const DisplayChangeListenerOps dcl_ops = { 2935 .dpy_name = "vnc", 2936 .dpy_refresh = vnc_refresh, 2937 .dpy_gfx_copy = vnc_dpy_copy, 2938 .dpy_gfx_update = vnc_dpy_update, 2939 .dpy_gfx_switch = vnc_dpy_switch, 2940 .dpy_mouse_set = vnc_mouse_set, 2941 .dpy_cursor_define = vnc_dpy_cursor_define, 2942 }; 2943 2944 void vnc_display_init(DisplayState *ds) 2945 { 2946 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2947 2948 vnc_display = vs; 2949 2950 vs->lsock = -1; 2951 #ifdef CONFIG_VNC_WS 2952 vs->lwebsock = -1; 2953 #endif 2954 2955 QTAILQ_INIT(&vs->clients); 2956 vs->expires = TIME_MAX; 2957 2958 if (keyboard_layout) { 2959 trace_vnc_key_map_init(keyboard_layout); 2960 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2961 } else { 2962 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2963 } 2964 2965 if (!vs->kbd_layout) 2966 exit(1); 2967 2968 qemu_mutex_init(&vs->mutex); 2969 vnc_start_worker_thread(); 2970 2971 vs->dcl.ops = &dcl_ops; 2972 register_displaychangelistener(&vs->dcl); 2973 } 2974 2975 2976 static void vnc_display_close(DisplayState *ds) 2977 { 2978 VncDisplay *vs = vnc_display; 2979 2980 if (!vs) 2981 return; 2982 g_free(vs->display); 2983 vs->display = NULL; 2984 if (vs->lsock != -1) { 2985 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2986 close(vs->lsock); 2987 vs->lsock = -1; 2988 } 2989 #ifdef CONFIG_VNC_WS 2990 g_free(vs->ws_display); 2991 vs->ws_display = NULL; 2992 if (vs->lwebsock != -1) { 2993 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL); 2994 close(vs->lwebsock); 2995 vs->lwebsock = -1; 2996 } 2997 #endif /* CONFIG_VNC_WS */ 2998 vs->auth = VNC_AUTH_INVALID; 2999 #ifdef CONFIG_VNC_TLS 3000 vs->subauth = VNC_AUTH_INVALID; 3001 vs->tls.x509verify = 0; 3002 #endif 3003 } 3004 3005 int vnc_display_password(DisplayState *ds, const char *password) 3006 { 3007 VncDisplay *vs = vnc_display; 3008 3009 if (!vs) { 3010 return -EINVAL; 3011 } 3012 if (vs->auth == VNC_AUTH_NONE) { 3013 error_printf_unless_qmp("If you want use passwords please enable " 3014 "password auth using '-vnc ${dpy},password'."); 3015 return -EINVAL; 3016 } 3017 3018 g_free(vs->password); 3019 vs->password = g_strdup(password); 3020 3021 return 0; 3022 } 3023 3024 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 3025 { 3026 VncDisplay *vs = vnc_display; 3027 3028 if (!vs) { 3029 return -EINVAL; 3030 } 3031 3032 vs->expires = expires; 3033 return 0; 3034 } 3035 3036 char *vnc_display_local_addr(DisplayState *ds) 3037 { 3038 VncDisplay *vs = vnc_display; 3039 3040 return vnc_socket_local_addr("%s:%s", vs->lsock); 3041 } 3042 3043 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 3044 { 3045 VncDisplay *vs = vnc_display; 3046 const char *options; 3047 int password = 0; 3048 int reverse = 0; 3049 #ifdef CONFIG_VNC_TLS 3050 int tls = 0, x509 = 0; 3051 #endif 3052 #ifdef CONFIG_VNC_SASL 3053 int sasl = 0; 3054 int saslErr; 3055 #endif 3056 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3057 int acl = 0; 3058 #endif 3059 int lock_key_sync = 1; 3060 3061 if (!vnc_display) { 3062 error_setg(errp, "VNC display not active"); 3063 return; 3064 } 3065 vnc_display_close(ds); 3066 if (strcmp(display, "none") == 0) 3067 return; 3068 3069 vs->display = g_strdup(display); 3070 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3071 3072 options = display; 3073 while ((options = strchr(options, ','))) { 3074 options++; 3075 if (strncmp(options, "password", 8) == 0) { 3076 if (fips_get_state()) { 3077 error_setg(errp, 3078 "VNC password auth disabled due to FIPS mode, " 3079 "consider using the VeNCrypt or SASL authentication " 3080 "methods as an alternative"); 3081 goto fail; 3082 } 3083 password = 1; /* Require password auth */ 3084 } else if (strncmp(options, "reverse", 7) == 0) { 3085 reverse = 1; 3086 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 3087 lock_key_sync = 0; 3088 #ifdef CONFIG_VNC_SASL 3089 } else if (strncmp(options, "sasl", 4) == 0) { 3090 sasl = 1; /* Require SASL auth */ 3091 #endif 3092 #ifdef CONFIG_VNC_WS 3093 } else if (strncmp(options, "websocket", 9) == 0) { 3094 char *start, *end; 3095 vs->websocket = 1; 3096 3097 /* Check for 'websocket=<port>' */ 3098 start = strchr(options, '='); 3099 end = strchr(options, ','); 3100 if (start && (!end || (start < end))) { 3101 int len = end ? end-(start+1) : strlen(start+1); 3102 if (len < 6) { 3103 /* extract the host specification from display */ 3104 char *host = NULL, *port = NULL, *host_end = NULL; 3105 port = g_strndup(start + 1, len); 3106 3107 /* ipv6 hosts have colons */ 3108 end = strchr(display, ','); 3109 host_end = g_strrstr_len(display, end - display, ":"); 3110 3111 if (host_end) { 3112 host = g_strndup(display, host_end - display + 1); 3113 } else { 3114 host = g_strndup(":", 1); 3115 } 3116 vs->ws_display = g_strconcat(host, port, NULL); 3117 g_free(host); 3118 g_free(port); 3119 } 3120 } 3121 #endif /* CONFIG_VNC_WS */ 3122 #ifdef CONFIG_VNC_TLS 3123 } else if (strncmp(options, "tls", 3) == 0) { 3124 tls = 1; /* Require TLS */ 3125 } else if (strncmp(options, "x509", 4) == 0) { 3126 char *start, *end; 3127 x509 = 1; /* Require x509 certificates */ 3128 if (strncmp(options, "x509verify", 10) == 0) 3129 vs->tls.x509verify = 1; /* ...and verify client certs */ 3130 3131 /* Now check for 'x509=/some/path' postfix 3132 * and use that to setup x509 certificate/key paths */ 3133 start = strchr(options, '='); 3134 end = strchr(options, ','); 3135 if (start && (!end || (start < end))) { 3136 int len = end ? end-(start+1) : strlen(start+1); 3137 char *path = g_strndup(start + 1, len); 3138 3139 VNC_DEBUG("Trying certificate path '%s'\n", path); 3140 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3141 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 3142 g_free(path); 3143 goto fail; 3144 } 3145 g_free(path); 3146 } else { 3147 error_setg(errp, "No certificate path provided"); 3148 goto fail; 3149 } 3150 #endif 3151 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3152 } else if (strncmp(options, "acl", 3) == 0) { 3153 acl = 1; 3154 #endif 3155 } else if (strncmp(options, "lossy", 5) == 0) { 3156 #ifdef CONFIG_VNC_JPEG 3157 vs->lossy = true; 3158 #endif 3159 } else if (strncmp(options, "non-adaptive", 12) == 0) { 3160 vs->non_adaptive = true; 3161 } else if (strncmp(options, "share=", 6) == 0) { 3162 if (strncmp(options+6, "ignore", 6) == 0) { 3163 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3164 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 3165 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3166 } else if (strncmp(options+6, "force-shared", 12) == 0) { 3167 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3168 } else { 3169 error_setg(errp, "unknown vnc share= option"); 3170 goto fail; 3171 } 3172 } 3173 } 3174 3175 /* adaptive updates are only used with tight encoding and 3176 * if lossy updates are enabled so we can disable all the 3177 * calculations otherwise */ 3178 if (!vs->lossy) { 3179 vs->non_adaptive = true; 3180 } 3181 3182 #ifdef CONFIG_VNC_TLS 3183 if (acl && x509 && vs->tls.x509verify) { 3184 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 3185 fprintf(stderr, "Failed to create x509 dname ACL\n"); 3186 exit(1); 3187 } 3188 } 3189 #endif 3190 #ifdef CONFIG_VNC_SASL 3191 if (acl && sasl) { 3192 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 3193 fprintf(stderr, "Failed to create username ACL\n"); 3194 exit(1); 3195 } 3196 } 3197 #endif 3198 3199 /* 3200 * Combinations we support here: 3201 * 3202 * - no-auth (clear text, no auth) 3203 * - password (clear text, weak auth) 3204 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 3205 * - tls (encrypt, weak anonymous creds, no auth) 3206 * - tls + password (encrypt, weak anonymous creds, weak auth) 3207 * - tls + sasl (encrypt, weak anonymous creds, good auth) 3208 * - tls + x509 (encrypt, good x509 creds, no auth) 3209 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 3210 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 3211 * 3212 * NB1. TLS is a stackable auth scheme. 3213 * NB2. the x509 schemes have option to validate a client cert dname 3214 */ 3215 if (password) { 3216 #ifdef CONFIG_VNC_TLS 3217 if (tls) { 3218 vs->auth = VNC_AUTH_VENCRYPT; 3219 if (x509) { 3220 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3221 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3222 } else { 3223 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3224 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3225 } 3226 } else { 3227 #endif /* CONFIG_VNC_TLS */ 3228 VNC_DEBUG("Initializing VNC server with password auth\n"); 3229 vs->auth = VNC_AUTH_VNC; 3230 #ifdef CONFIG_VNC_TLS 3231 vs->subauth = VNC_AUTH_INVALID; 3232 } 3233 #endif /* CONFIG_VNC_TLS */ 3234 #ifdef CONFIG_VNC_SASL 3235 } else if (sasl) { 3236 #ifdef CONFIG_VNC_TLS 3237 if (tls) { 3238 vs->auth = VNC_AUTH_VENCRYPT; 3239 if (x509) { 3240 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3241 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3242 } else { 3243 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3244 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3245 } 3246 } else { 3247 #endif /* CONFIG_VNC_TLS */ 3248 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3249 vs->auth = VNC_AUTH_SASL; 3250 #ifdef CONFIG_VNC_TLS 3251 vs->subauth = VNC_AUTH_INVALID; 3252 } 3253 #endif /* CONFIG_VNC_TLS */ 3254 #endif /* CONFIG_VNC_SASL */ 3255 } else { 3256 #ifdef CONFIG_VNC_TLS 3257 if (tls) { 3258 vs->auth = VNC_AUTH_VENCRYPT; 3259 if (x509) { 3260 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3261 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3262 } else { 3263 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3264 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3265 } 3266 } else { 3267 #endif 3268 VNC_DEBUG("Initializing VNC server with no auth\n"); 3269 vs->auth = VNC_AUTH_NONE; 3270 #ifdef CONFIG_VNC_TLS 3271 vs->subauth = VNC_AUTH_INVALID; 3272 } 3273 #endif 3274 } 3275 3276 #ifdef CONFIG_VNC_SASL 3277 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3278 error_setg(errp, "Failed to initialize SASL auth: %s", 3279 sasl_errstring(saslErr, NULL, NULL)); 3280 goto fail; 3281 } 3282 #endif 3283 vs->lock_key_sync = lock_key_sync; 3284 3285 if (reverse) { 3286 /* connect to viewer */ 3287 int csock; 3288 vs->lsock = -1; 3289 #ifdef CONFIG_VNC_WS 3290 vs->lwebsock = -1; 3291 #endif 3292 if (strncmp(display, "unix:", 5) == 0) { 3293 csock = unix_connect(display+5, errp); 3294 } else { 3295 csock = inet_connect(display, errp); 3296 } 3297 if (csock < 0) { 3298 goto fail; 3299 } 3300 vnc_connect(vs, csock, false, false); 3301 } else { 3302 /* listen for connects */ 3303 char *dpy; 3304 dpy = g_malloc(256); 3305 if (strncmp(display, "unix:", 5) == 0) { 3306 pstrcpy(dpy, 256, "unix:"); 3307 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3308 } else { 3309 vs->lsock = inet_listen(display, dpy, 256, 3310 SOCK_STREAM, 5900, errp); 3311 if (vs->lsock < 0) { 3312 g_free(dpy); 3313 goto fail; 3314 } 3315 #ifdef CONFIG_VNC_WS 3316 if (vs->websocket) { 3317 if (vs->ws_display) { 3318 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256, 3319 SOCK_STREAM, 0, errp); 3320 } else { 3321 vs->lwebsock = inet_listen(vs->display, NULL, 256, 3322 SOCK_STREAM, 5700, errp); 3323 } 3324 3325 if (vs->lwebsock < 0) { 3326 if (vs->lsock) { 3327 close(vs->lsock); 3328 vs->lsock = -1; 3329 } 3330 g_free(dpy); 3331 goto fail; 3332 } 3333 } 3334 #endif /* CONFIG_VNC_WS */ 3335 } 3336 g_free(vs->display); 3337 vs->display = dpy; 3338 qemu_set_fd_handler2(vs->lsock, NULL, 3339 vnc_listen_regular_read, NULL, vs); 3340 #ifdef CONFIG_VNC_WS 3341 if (vs->websocket) { 3342 qemu_set_fd_handler2(vs->lwebsock, NULL, 3343 vnc_listen_websocket_read, NULL, vs); 3344 } 3345 #endif /* CONFIG_VNC_WS */ 3346 } 3347 return; 3348 3349 fail: 3350 g_free(vs->display); 3351 vs->display = NULL; 3352 #ifdef CONFIG_VNC_WS 3353 g_free(vs->ws_display); 3354 vs->ws_display = NULL; 3355 #endif /* CONFIG_VNC_WS */ 3356 } 3357 3358 void vnc_display_add_client(DisplayState *ds, int csock, bool skipauth) 3359 { 3360 VncDisplay *vs = vnc_display; 3361 3362 vnc_connect(vs, csock, skipauth, false); 3363 } 3364