1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu/sysemu.h" 30 #include "qemu/sockets.h" 31 #include "qemu/timer.h" 32 #include "qemu/acl.h" 33 #include "qapi/qmp/types.h" 34 #include "qmp-commands.h" 35 #include "qemu/osdep.h" 36 37 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 38 #define VNC_REFRESH_INTERVAL_INC 50 39 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 42 43 #include "vnc_keysym.h" 44 #include "d3des.h" 45 46 static VncDisplay *vnc_display; /* needed for info vnc */ 47 48 static int vnc_cursor_define(VncState *vs); 49 static void vnc_release_modifiers(VncState *vs); 50 51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 52 { 53 #ifdef _VNC_DEBUG 54 static const char *mn[] = { 55 [0] = "undefined", 56 [VNC_SHARE_MODE_CONNECTING] = "connecting", 57 [VNC_SHARE_MODE_SHARED] = "shared", 58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 60 }; 61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 62 vs->csock, mn[vs->share_mode], mn[mode]); 63 #endif 64 65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 66 vs->vd->num_exclusive--; 67 } 68 vs->share_mode = mode; 69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 70 vs->vd->num_exclusive++; 71 } 72 } 73 74 static char *addr_to_string(const char *format, 75 struct sockaddr_storage *sa, 76 socklen_t salen) { 77 char *addr; 78 char host[NI_MAXHOST]; 79 char serv[NI_MAXSERV]; 80 int err; 81 size_t addrlen; 82 83 if ((err = getnameinfo((struct sockaddr *)sa, salen, 84 host, sizeof(host), 85 serv, sizeof(serv), 86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 87 VNC_DEBUG("Cannot resolve address %d: %s\n", 88 err, gai_strerror(err)); 89 return NULL; 90 } 91 92 /* Enough for the existing format + the 2 vars we're 93 * substituting in. */ 94 addrlen = strlen(format) + strlen(host) + strlen(serv); 95 addr = g_malloc(addrlen + 1); 96 snprintf(addr, addrlen, format, host, serv); 97 addr[addrlen] = '\0'; 98 99 return addr; 100 } 101 102 103 char *vnc_socket_local_addr(const char *format, int fd) { 104 struct sockaddr_storage sa; 105 socklen_t salen; 106 107 salen = sizeof(sa); 108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 109 return NULL; 110 111 return addr_to_string(format, &sa, salen); 112 } 113 114 char *vnc_socket_remote_addr(const char *format, int fd) { 115 struct sockaddr_storage sa; 116 socklen_t salen; 117 118 salen = sizeof(sa); 119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 120 return NULL; 121 122 return addr_to_string(format, &sa, salen); 123 } 124 125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 126 socklen_t salen) 127 { 128 char host[NI_MAXHOST]; 129 char serv[NI_MAXSERV]; 130 int err; 131 132 if ((err = getnameinfo((struct sockaddr *)sa, salen, 133 host, sizeof(host), 134 serv, sizeof(serv), 135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 136 VNC_DEBUG("Cannot resolve address %d: %s\n", 137 err, gai_strerror(err)); 138 return -1; 139 } 140 141 qdict_put(qdict, "host", qstring_from_str(host)); 142 qdict_put(qdict, "service", qstring_from_str(serv)); 143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 144 145 return 0; 146 } 147 148 static int vnc_server_addr_put(QDict *qdict, int fd) 149 { 150 struct sockaddr_storage sa; 151 socklen_t salen; 152 153 salen = sizeof(sa); 154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 155 return -1; 156 } 157 158 return put_addr_qdict(qdict, &sa, salen); 159 } 160 161 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 162 { 163 struct sockaddr_storage sa; 164 socklen_t salen; 165 166 salen = sizeof(sa); 167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 168 return -1; 169 } 170 171 return put_addr_qdict(qdict, &sa, salen); 172 } 173 174 static const char *vnc_auth_name(VncDisplay *vd) { 175 switch (vd->auth) { 176 case VNC_AUTH_INVALID: 177 return "invalid"; 178 case VNC_AUTH_NONE: 179 return "none"; 180 case VNC_AUTH_VNC: 181 return "vnc"; 182 case VNC_AUTH_RA2: 183 return "ra2"; 184 case VNC_AUTH_RA2NE: 185 return "ra2ne"; 186 case VNC_AUTH_TIGHT: 187 return "tight"; 188 case VNC_AUTH_ULTRA: 189 return "ultra"; 190 case VNC_AUTH_TLS: 191 return "tls"; 192 case VNC_AUTH_VENCRYPT: 193 #ifdef CONFIG_VNC_TLS 194 switch (vd->subauth) { 195 case VNC_AUTH_VENCRYPT_PLAIN: 196 return "vencrypt+plain"; 197 case VNC_AUTH_VENCRYPT_TLSNONE: 198 return "vencrypt+tls+none"; 199 case VNC_AUTH_VENCRYPT_TLSVNC: 200 return "vencrypt+tls+vnc"; 201 case VNC_AUTH_VENCRYPT_TLSPLAIN: 202 return "vencrypt+tls+plain"; 203 case VNC_AUTH_VENCRYPT_X509NONE: 204 return "vencrypt+x509+none"; 205 case VNC_AUTH_VENCRYPT_X509VNC: 206 return "vencrypt+x509+vnc"; 207 case VNC_AUTH_VENCRYPT_X509PLAIN: 208 return "vencrypt+x509+plain"; 209 case VNC_AUTH_VENCRYPT_TLSSASL: 210 return "vencrypt+tls+sasl"; 211 case VNC_AUTH_VENCRYPT_X509SASL: 212 return "vencrypt+x509+sasl"; 213 default: 214 return "vencrypt"; 215 } 216 #else 217 return "vencrypt"; 218 #endif 219 case VNC_AUTH_SASL: 220 return "sasl"; 221 } 222 return "unknown"; 223 } 224 225 static int vnc_server_info_put(QDict *qdict) 226 { 227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 228 return -1; 229 } 230 231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 232 return 0; 233 } 234 235 static void vnc_client_cache_auth(VncState *client) 236 { 237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 238 QDict *qdict; 239 #endif 240 241 if (!client->info) { 242 return; 243 } 244 245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 246 qdict = qobject_to_qdict(client->info); 247 #endif 248 249 #ifdef CONFIG_VNC_TLS 250 if (client->tls.session && 251 client->tls.dname) { 252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 253 } 254 #endif 255 #ifdef CONFIG_VNC_SASL 256 if (client->sasl.conn && 257 client->sasl.username) { 258 qdict_put(qdict, "sasl_username", 259 qstring_from_str(client->sasl.username)); 260 } 261 #endif 262 } 263 264 static void vnc_client_cache_addr(VncState *client) 265 { 266 QDict *qdict; 267 268 qdict = qdict_new(); 269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 270 QDECREF(qdict); 271 /* XXX: how to report the error? */ 272 return; 273 } 274 275 client->info = QOBJECT(qdict); 276 } 277 278 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 279 { 280 QDict *server; 281 QObject *data; 282 283 if (!vs->info) { 284 return; 285 } 286 287 server = qdict_new(); 288 if (vnc_server_info_put(server) < 0) { 289 QDECREF(server); 290 return; 291 } 292 293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 294 vs->info, QOBJECT(server)); 295 296 monitor_protocol_event(event, data); 297 298 qobject_incref(vs->info); 299 qobject_decref(data); 300 } 301 302 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 303 { 304 struct sockaddr_storage sa; 305 socklen_t salen = sizeof(sa); 306 char host[NI_MAXHOST]; 307 char serv[NI_MAXSERV]; 308 VncClientInfo *info; 309 310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 311 return NULL; 312 } 313 314 if (getnameinfo((struct sockaddr *)&sa, salen, 315 host, sizeof(host), 316 serv, sizeof(serv), 317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 318 return NULL; 319 } 320 321 info = g_malloc0(sizeof(*info)); 322 info->host = g_strdup(host); 323 info->service = g_strdup(serv); 324 info->family = g_strdup(inet_strfamily(sa.ss_family)); 325 326 #ifdef CONFIG_VNC_TLS 327 if (client->tls.session && client->tls.dname) { 328 info->has_x509_dname = true; 329 info->x509_dname = g_strdup(client->tls.dname); 330 } 331 #endif 332 #ifdef CONFIG_VNC_SASL 333 if (client->sasl.conn && client->sasl.username) { 334 info->has_sasl_username = true; 335 info->sasl_username = g_strdup(client->sasl.username); 336 } 337 #endif 338 339 return info; 340 } 341 342 VncInfo *qmp_query_vnc(Error **errp) 343 { 344 VncInfo *info = g_malloc0(sizeof(*info)); 345 346 if (vnc_display == NULL || vnc_display->display == NULL) { 347 info->enabled = false; 348 } else { 349 VncClientInfoList *cur_item = NULL; 350 struct sockaddr_storage sa; 351 socklen_t salen = sizeof(sa); 352 char host[NI_MAXHOST]; 353 char serv[NI_MAXSERV]; 354 VncState *client; 355 356 info->enabled = true; 357 358 /* for compatibility with the original command */ 359 info->has_clients = true; 360 361 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 363 cinfo->value = qmp_query_vnc_client(client); 364 365 /* XXX: waiting for the qapi to support GSList */ 366 if (!cur_item) { 367 info->clients = cur_item = cinfo; 368 } else { 369 cur_item->next = cinfo; 370 cur_item = cinfo; 371 } 372 } 373 374 if (vnc_display->lsock == -1) { 375 return info; 376 } 377 378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 379 &salen) == -1) { 380 error_set(errp, QERR_UNDEFINED_ERROR); 381 goto out_error; 382 } 383 384 if (getnameinfo((struct sockaddr *)&sa, salen, 385 host, sizeof(host), 386 serv, sizeof(serv), 387 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 388 error_set(errp, QERR_UNDEFINED_ERROR); 389 goto out_error; 390 } 391 392 info->has_host = true; 393 info->host = g_strdup(host); 394 395 info->has_service = true; 396 info->service = g_strdup(serv); 397 398 info->has_family = true; 399 info->family = g_strdup(inet_strfamily(sa.ss_family)); 400 401 info->has_auth = true; 402 info->auth = g_strdup(vnc_auth_name(vnc_display)); 403 } 404 405 return info; 406 407 out_error: 408 qapi_free_VncInfo(info); 409 return NULL; 410 } 411 412 /* TODO 413 1) Get the queue working for IO. 414 2) there is some weirdness when using the -S option (the screen is grey 415 and not totally invalidated 416 3) resolutions > 1024 417 */ 418 419 static int vnc_update_client(VncState *vs, int has_dirty); 420 static int vnc_update_client_sync(VncState *vs, int has_dirty); 421 static void vnc_disconnect_start(VncState *vs); 422 423 static void vnc_colordepth(VncState *vs); 424 static void framebuffer_update_request(VncState *vs, int incremental, 425 int x_position, int y_position, 426 int w, int h); 427 static void vnc_refresh(DisplayChangeListener *dcl); 428 static int vnc_refresh_server_surface(VncDisplay *vd); 429 430 static void vnc_dpy_update(DisplayChangeListener *dcl, 431 int x, int y, int w, int h) 432 { 433 int i; 434 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 435 struct VncSurface *s = &vd->guest; 436 int width = surface_width(vd->ds); 437 int height = surface_height(vd->ds); 438 439 h += y; 440 441 /* round x down to ensure the loop only spans one 16-pixel block per, 442 iteration. otherwise, if (x % 16) != 0, the last iteration may span 443 two 16-pixel blocks but we only mark the first as dirty 444 */ 445 w += (x % 16); 446 x -= (x % 16); 447 448 x = MIN(x, width); 449 y = MIN(y, height); 450 w = MIN(x + w, width) - x; 451 h = MIN(h, height); 452 453 for (; y < h; y++) 454 for (i = 0; i < w; i += 16) 455 set_bit((x + i) / 16, s->dirty[y]); 456 } 457 458 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 459 int32_t encoding) 460 { 461 vnc_write_u16(vs, x); 462 vnc_write_u16(vs, y); 463 vnc_write_u16(vs, w); 464 vnc_write_u16(vs, h); 465 466 vnc_write_s32(vs, encoding); 467 } 468 469 void buffer_reserve(Buffer *buffer, size_t len) 470 { 471 if ((buffer->capacity - buffer->offset) < len) { 472 buffer->capacity += (len + 1024); 473 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 474 if (buffer->buffer == NULL) { 475 fprintf(stderr, "vnc: out of memory\n"); 476 exit(1); 477 } 478 } 479 } 480 481 static int buffer_empty(Buffer *buffer) 482 { 483 return buffer->offset == 0; 484 } 485 486 uint8_t *buffer_end(Buffer *buffer) 487 { 488 return buffer->buffer + buffer->offset; 489 } 490 491 void buffer_reset(Buffer *buffer) 492 { 493 buffer->offset = 0; 494 } 495 496 void buffer_free(Buffer *buffer) 497 { 498 g_free(buffer->buffer); 499 buffer->offset = 0; 500 buffer->capacity = 0; 501 buffer->buffer = NULL; 502 } 503 504 void buffer_append(Buffer *buffer, const void *data, size_t len) 505 { 506 memcpy(buffer->buffer + buffer->offset, data, len); 507 buffer->offset += len; 508 } 509 510 void buffer_advance(Buffer *buf, size_t len) 511 { 512 memmove(buf->buffer, buf->buffer + len, 513 (buf->offset - len)); 514 buf->offset -= len; 515 } 516 517 static void vnc_desktop_resize(VncState *vs) 518 { 519 DisplaySurface *ds = vs->vd->ds; 520 521 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 522 return; 523 } 524 if (vs->client_width == surface_width(ds) && 525 vs->client_height == surface_height(ds)) { 526 return; 527 } 528 vs->client_width = surface_width(ds); 529 vs->client_height = surface_height(ds); 530 vnc_lock_output(vs); 531 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 532 vnc_write_u8(vs, 0); 533 vnc_write_u16(vs, 1); /* number of rects */ 534 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 535 VNC_ENCODING_DESKTOPRESIZE); 536 vnc_unlock_output(vs); 537 vnc_flush(vs); 538 } 539 540 static void vnc_abort_display_jobs(VncDisplay *vd) 541 { 542 VncState *vs; 543 544 QTAILQ_FOREACH(vs, &vd->clients, next) { 545 vnc_lock_output(vs); 546 vs->abort = true; 547 vnc_unlock_output(vs); 548 } 549 QTAILQ_FOREACH(vs, &vd->clients, next) { 550 vnc_jobs_join(vs); 551 } 552 QTAILQ_FOREACH(vs, &vd->clients, next) { 553 vnc_lock_output(vs); 554 vs->abort = false; 555 vnc_unlock_output(vs); 556 } 557 } 558 559 int vnc_server_fb_stride(VncDisplay *vd) 560 { 561 return pixman_image_get_stride(vd->server); 562 } 563 564 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 565 { 566 uint8_t *ptr; 567 568 ptr = (uint8_t *)pixman_image_get_data(vd->server); 569 ptr += y * vnc_server_fb_stride(vd); 570 ptr += x * VNC_SERVER_FB_BYTES; 571 return ptr; 572 } 573 574 static void vnc_dpy_switch(DisplayChangeListener *dcl, 575 DisplaySurface *surface) 576 { 577 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 578 VncState *vs; 579 580 vnc_abort_display_jobs(vd); 581 582 /* server surface */ 583 qemu_pixman_image_unref(vd->server); 584 vd->ds = surface; 585 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 586 surface_width(vd->ds), 587 surface_height(vd->ds), 588 NULL, 0); 589 590 /* guest surface */ 591 #if 0 /* FIXME */ 592 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 593 console_color_init(ds); 594 #endif 595 qemu_pixman_image_unref(vd->guest.fb); 596 vd->guest.fb = pixman_image_ref(surface->image); 597 vd->guest.format = surface->format; 598 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 599 600 QTAILQ_FOREACH(vs, &vd->clients, next) { 601 vnc_colordepth(vs); 602 vnc_desktop_resize(vs); 603 if (vs->vd->cursor) { 604 vnc_cursor_define(vs); 605 } 606 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 607 } 608 } 609 610 /* fastest code */ 611 static void vnc_write_pixels_copy(VncState *vs, 612 void *pixels, int size) 613 { 614 vnc_write(vs, pixels, size); 615 } 616 617 /* slowest but generic code. */ 618 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 619 { 620 uint8_t r, g, b; 621 622 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 623 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 624 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 625 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 626 #else 627 # error need some bits here if you change VNC_SERVER_FB_FORMAT 628 #endif 629 v = (r << vs->client_pf.rshift) | 630 (g << vs->client_pf.gshift) | 631 (b << vs->client_pf.bshift); 632 switch (vs->client_pf.bytes_per_pixel) { 633 case 1: 634 buf[0] = v; 635 break; 636 case 2: 637 if (vs->client_be) { 638 buf[0] = v >> 8; 639 buf[1] = v; 640 } else { 641 buf[1] = v >> 8; 642 buf[0] = v; 643 } 644 break; 645 default: 646 case 4: 647 if (vs->client_be) { 648 buf[0] = v >> 24; 649 buf[1] = v >> 16; 650 buf[2] = v >> 8; 651 buf[3] = v; 652 } else { 653 buf[3] = v >> 24; 654 buf[2] = v >> 16; 655 buf[1] = v >> 8; 656 buf[0] = v; 657 } 658 break; 659 } 660 } 661 662 static void vnc_write_pixels_generic(VncState *vs, 663 void *pixels1, int size) 664 { 665 uint8_t buf[4]; 666 667 if (VNC_SERVER_FB_BYTES == 4) { 668 uint32_t *pixels = pixels1; 669 int n, i; 670 n = size >> 2; 671 for (i = 0; i < n; i++) { 672 vnc_convert_pixel(vs, buf, pixels[i]); 673 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 674 } 675 } 676 } 677 678 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 679 { 680 int i; 681 uint8_t *row; 682 VncDisplay *vd = vs->vd; 683 684 row = vnc_server_fb_ptr(vd, x, y); 685 for (i = 0; i < h; i++) { 686 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 687 row += vnc_server_fb_stride(vd); 688 } 689 return 1; 690 } 691 692 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 693 { 694 int n = 0; 695 696 switch(vs->vnc_encoding) { 697 case VNC_ENCODING_ZLIB: 698 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 699 break; 700 case VNC_ENCODING_HEXTILE: 701 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 702 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 703 break; 704 case VNC_ENCODING_TIGHT: 705 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 706 break; 707 case VNC_ENCODING_TIGHT_PNG: 708 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 709 break; 710 case VNC_ENCODING_ZRLE: 711 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 712 break; 713 case VNC_ENCODING_ZYWRLE: 714 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 715 break; 716 default: 717 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 718 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 719 break; 720 } 721 return n; 722 } 723 724 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 725 { 726 /* send bitblit op to the vnc client */ 727 vnc_lock_output(vs); 728 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 729 vnc_write_u8(vs, 0); 730 vnc_write_u16(vs, 1); /* number of rects */ 731 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 732 vnc_write_u16(vs, src_x); 733 vnc_write_u16(vs, src_y); 734 vnc_unlock_output(vs); 735 vnc_flush(vs); 736 } 737 738 static void vnc_dpy_copy(DisplayChangeListener *dcl, 739 int src_x, int src_y, 740 int dst_x, int dst_y, int w, int h) 741 { 742 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 743 VncState *vs, *vn; 744 uint8_t *src_row; 745 uint8_t *dst_row; 746 int i, x, y, pitch, inc, w_lim, s; 747 int cmp_bytes; 748 749 vnc_refresh_server_surface(vd); 750 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 751 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 752 vs->force_update = 1; 753 vnc_update_client_sync(vs, 1); 754 /* vs might be free()ed here */ 755 } 756 } 757 758 /* do bitblit op on the local surface too */ 759 pitch = vnc_server_fb_stride(vd); 760 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 761 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 762 y = dst_y; 763 inc = 1; 764 if (dst_y > src_y) { 765 /* copy backwards */ 766 src_row += pitch * (h-1); 767 dst_row += pitch * (h-1); 768 pitch = -pitch; 769 y = dst_y + h - 1; 770 inc = -1; 771 } 772 w_lim = w - (16 - (dst_x % 16)); 773 if (w_lim < 0) 774 w_lim = w; 775 else 776 w_lim = w - (w_lim % 16); 777 for (i = 0; i < h; i++) { 778 for (x = 0; x <= w_lim; 779 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 780 if (x == w_lim) { 781 if ((s = w - w_lim) == 0) 782 break; 783 } else if (!x) { 784 s = (16 - (dst_x % 16)); 785 s = MIN(s, w_lim); 786 } else { 787 s = 16; 788 } 789 cmp_bytes = s * VNC_SERVER_FB_BYTES; 790 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 791 continue; 792 memmove(dst_row, src_row, cmp_bytes); 793 QTAILQ_FOREACH(vs, &vd->clients, next) { 794 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 795 set_bit(((x + dst_x) / 16), vs->dirty[y]); 796 } 797 } 798 } 799 src_row += pitch - w * VNC_SERVER_FB_BYTES; 800 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 801 y += inc; 802 } 803 804 QTAILQ_FOREACH(vs, &vd->clients, next) { 805 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 806 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 807 } 808 } 809 } 810 811 static void vnc_mouse_set(DisplayChangeListener *dcl, 812 int x, int y, int visible) 813 { 814 /* can we ask the client(s) to move the pointer ??? */ 815 } 816 817 static int vnc_cursor_define(VncState *vs) 818 { 819 QEMUCursor *c = vs->vd->cursor; 820 int isize; 821 822 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 823 vnc_lock_output(vs); 824 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 825 vnc_write_u8(vs, 0); /* padding */ 826 vnc_write_u16(vs, 1); /* # of rects */ 827 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 828 VNC_ENCODING_RICH_CURSOR); 829 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 830 vnc_write_pixels_generic(vs, c->data, isize); 831 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 832 vnc_unlock_output(vs); 833 return 0; 834 } 835 return -1; 836 } 837 838 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 839 QEMUCursor *c) 840 { 841 VncDisplay *vd = vnc_display; 842 VncState *vs; 843 844 cursor_put(vd->cursor); 845 g_free(vd->cursor_mask); 846 847 vd->cursor = c; 848 cursor_get(vd->cursor); 849 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 850 vd->cursor_mask = g_malloc0(vd->cursor_msize); 851 cursor_get_mono_mask(c, 0, vd->cursor_mask); 852 853 QTAILQ_FOREACH(vs, &vd->clients, next) { 854 vnc_cursor_define(vs); 855 } 856 } 857 858 static int find_and_clear_dirty_height(struct VncState *vs, 859 int y, int last_x, int x, int height) 860 { 861 int h; 862 863 for (h = 1; h < (height - y); h++) { 864 int tmp_x; 865 if (!test_bit(last_x, vs->dirty[y + h])) { 866 break; 867 } 868 for (tmp_x = last_x; tmp_x < x; tmp_x++) { 869 clear_bit(tmp_x, vs->dirty[y + h]); 870 } 871 } 872 873 return h; 874 } 875 876 static int vnc_update_client_sync(VncState *vs, int has_dirty) 877 { 878 int ret = vnc_update_client(vs, has_dirty); 879 vnc_jobs_join(vs); 880 return ret; 881 } 882 883 static int vnc_update_client(VncState *vs, int has_dirty) 884 { 885 if (vs->need_update && vs->csock != -1) { 886 VncDisplay *vd = vs->vd; 887 VncJob *job; 888 int y; 889 int width, height; 890 int n = 0; 891 892 893 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 894 /* kernel send buffers are full -> drop frames to throttle */ 895 return 0; 896 897 if (!has_dirty && !vs->audio_cap && !vs->force_update) 898 return 0; 899 900 /* 901 * Send screen updates to the vnc client using the server 902 * surface and server dirty map. guest surface updates 903 * happening in parallel don't disturb us, the next pass will 904 * send them to the client. 905 */ 906 job = vnc_job_new(vs); 907 908 width = MIN(pixman_image_get_width(vd->server), vs->client_width); 909 height = MIN(pixman_image_get_height(vd->server), vs->client_height); 910 911 for (y = 0; y < height; y++) { 912 int x; 913 int last_x = -1; 914 for (x = 0; x < width / 16; x++) { 915 if (test_and_clear_bit(x, vs->dirty[y])) { 916 if (last_x == -1) { 917 last_x = x; 918 } 919 } else { 920 if (last_x != -1) { 921 int h = find_and_clear_dirty_height(vs, y, last_x, x, 922 height); 923 924 n += vnc_job_add_rect(job, last_x * 16, y, 925 (x - last_x) * 16, h); 926 } 927 last_x = -1; 928 } 929 } 930 if (last_x != -1) { 931 int h = find_and_clear_dirty_height(vs, y, last_x, x, height); 932 n += vnc_job_add_rect(job, last_x * 16, y, 933 (x - last_x) * 16, h); 934 } 935 } 936 937 vnc_job_push(job); 938 vs->force_update = 0; 939 return n; 940 } 941 942 if (vs->csock == -1) 943 vnc_disconnect_finish(vs); 944 945 return 0; 946 } 947 948 /* audio */ 949 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 950 { 951 VncState *vs = opaque; 952 953 switch (cmd) { 954 case AUD_CNOTIFY_DISABLE: 955 vnc_lock_output(vs); 956 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 958 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 959 vnc_unlock_output(vs); 960 vnc_flush(vs); 961 break; 962 963 case AUD_CNOTIFY_ENABLE: 964 vnc_lock_output(vs); 965 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 967 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 968 vnc_unlock_output(vs); 969 vnc_flush(vs); 970 break; 971 } 972 } 973 974 static void audio_capture_destroy(void *opaque) 975 { 976 } 977 978 static void audio_capture(void *opaque, void *buf, int size) 979 { 980 VncState *vs = opaque; 981 982 vnc_lock_output(vs); 983 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 985 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 986 vnc_write_u32(vs, size); 987 vnc_write(vs, buf, size); 988 vnc_unlock_output(vs); 989 vnc_flush(vs); 990 } 991 992 static void audio_add(VncState *vs) 993 { 994 struct audio_capture_ops ops; 995 996 if (vs->audio_cap) { 997 monitor_printf(default_mon, "audio already running\n"); 998 return; 999 } 1000 1001 ops.notify = audio_capture_notify; 1002 ops.destroy = audio_capture_destroy; 1003 ops.capture = audio_capture; 1004 1005 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1006 if (!vs->audio_cap) { 1007 monitor_printf(default_mon, "Failed to add audio capture\n"); 1008 } 1009 } 1010 1011 static void audio_del(VncState *vs) 1012 { 1013 if (vs->audio_cap) { 1014 AUD_del_capture(vs->audio_cap, vs); 1015 vs->audio_cap = NULL; 1016 } 1017 } 1018 1019 static void vnc_disconnect_start(VncState *vs) 1020 { 1021 if (vs->csock == -1) 1022 return; 1023 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1024 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1025 closesocket(vs->csock); 1026 vs->csock = -1; 1027 } 1028 1029 void vnc_disconnect_finish(VncState *vs) 1030 { 1031 int i; 1032 1033 vnc_jobs_join(vs); /* Wait encoding jobs */ 1034 1035 vnc_lock_output(vs); 1036 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1037 1038 buffer_free(&vs->input); 1039 buffer_free(&vs->output); 1040 #ifdef CONFIG_VNC_WS 1041 buffer_free(&vs->ws_input); 1042 buffer_free(&vs->ws_output); 1043 #endif /* CONFIG_VNC_WS */ 1044 1045 qobject_decref(vs->info); 1046 1047 vnc_zlib_clear(vs); 1048 vnc_tight_clear(vs); 1049 vnc_zrle_clear(vs); 1050 1051 #ifdef CONFIG_VNC_TLS 1052 vnc_tls_client_cleanup(vs); 1053 #endif /* CONFIG_VNC_TLS */ 1054 #ifdef CONFIG_VNC_SASL 1055 vnc_sasl_client_cleanup(vs); 1056 #endif /* CONFIG_VNC_SASL */ 1057 audio_del(vs); 1058 vnc_release_modifiers(vs); 1059 1060 if (vs->initialized) { 1061 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1062 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1063 } 1064 1065 if (vs->vd->lock_key_sync) 1066 qemu_remove_led_event_handler(vs->led); 1067 vnc_unlock_output(vs); 1068 1069 qemu_mutex_destroy(&vs->output_mutex); 1070 if (vs->bh != NULL) { 1071 qemu_bh_delete(vs->bh); 1072 } 1073 buffer_free(&vs->jobs_buffer); 1074 1075 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1076 g_free(vs->lossy_rect[i]); 1077 } 1078 g_free(vs->lossy_rect); 1079 g_free(vs); 1080 } 1081 1082 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1083 { 1084 if (ret == 0 || ret == -1) { 1085 if (ret == -1) { 1086 switch (last_errno) { 1087 case EINTR: 1088 case EAGAIN: 1089 #ifdef _WIN32 1090 case WSAEWOULDBLOCK: 1091 #endif 1092 return 0; 1093 default: 1094 break; 1095 } 1096 } 1097 1098 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1099 ret, ret < 0 ? last_errno : 0); 1100 vnc_disconnect_start(vs); 1101 1102 return 0; 1103 } 1104 return ret; 1105 } 1106 1107 1108 void vnc_client_error(VncState *vs) 1109 { 1110 VNC_DEBUG("Closing down client sock: protocol error\n"); 1111 vnc_disconnect_start(vs); 1112 } 1113 1114 #ifdef CONFIG_VNC_TLS 1115 static long vnc_client_write_tls(gnutls_session_t *session, 1116 const uint8_t *data, 1117 size_t datalen) 1118 { 1119 long ret = gnutls_write(*session, data, datalen); 1120 if (ret < 0) { 1121 if (ret == GNUTLS_E_AGAIN) { 1122 errno = EAGAIN; 1123 } else { 1124 errno = EIO; 1125 } 1126 ret = -1; 1127 } 1128 return ret; 1129 } 1130 #endif /* CONFIG_VNC_TLS */ 1131 1132 /* 1133 * Called to write a chunk of data to the client socket. The data may 1134 * be the raw data, or may have already been encoded by SASL. 1135 * The data will be written either straight onto the socket, or 1136 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1137 * 1138 * NB, it is theoretically possible to have 2 layers of encryption, 1139 * both SASL, and this TLS layer. It is highly unlikely in practice 1140 * though, since SASL encryption will typically be a no-op if TLS 1141 * is active 1142 * 1143 * Returns the number of bytes written, which may be less than 1144 * the requested 'datalen' if the socket would block. Returns 1145 * -1 on error, and disconnects the client socket. 1146 */ 1147 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1148 { 1149 long ret; 1150 #ifdef CONFIG_VNC_TLS 1151 if (vs->tls.session) { 1152 ret = vnc_client_write_tls(&vs->tls.session, data, datalen); 1153 } else { 1154 #ifdef CONFIG_VNC_WS 1155 if (vs->ws_tls.session) { 1156 ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen); 1157 } else 1158 #endif /* CONFIG_VNC_WS */ 1159 #endif /* CONFIG_VNC_TLS */ 1160 { 1161 ret = send(vs->csock, (const void *)data, datalen, 0); 1162 } 1163 #ifdef CONFIG_VNC_TLS 1164 } 1165 #endif /* CONFIG_VNC_TLS */ 1166 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1167 return vnc_client_io_error(vs, ret, socket_error()); 1168 } 1169 1170 1171 /* 1172 * Called to write buffered data to the client socket, when not 1173 * using any SASL SSF encryption layers. Will write as much data 1174 * as possible without blocking. If all buffered data is written, 1175 * will switch the FD poll() handler back to read monitoring. 1176 * 1177 * Returns the number of bytes written, which may be less than 1178 * the buffered output data if the socket would block. Returns 1179 * -1 on error, and disconnects the client socket. 1180 */ 1181 static long vnc_client_write_plain(VncState *vs) 1182 { 1183 long ret; 1184 1185 #ifdef CONFIG_VNC_SASL 1186 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1187 vs->output.buffer, vs->output.capacity, vs->output.offset, 1188 vs->sasl.waitWriteSSF); 1189 1190 if (vs->sasl.conn && 1191 vs->sasl.runSSF && 1192 vs->sasl.waitWriteSSF) { 1193 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1194 if (ret) 1195 vs->sasl.waitWriteSSF -= ret; 1196 } else 1197 #endif /* CONFIG_VNC_SASL */ 1198 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1199 if (!ret) 1200 return 0; 1201 1202 buffer_advance(&vs->output, ret); 1203 1204 if (vs->output.offset == 0) { 1205 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1206 } 1207 1208 return ret; 1209 } 1210 1211 1212 /* 1213 * First function called whenever there is data to be written to 1214 * the client socket. Will delegate actual work according to whether 1215 * SASL SSF layers are enabled (thus requiring encryption calls) 1216 */ 1217 static void vnc_client_write_locked(void *opaque) 1218 { 1219 VncState *vs = opaque; 1220 1221 #ifdef CONFIG_VNC_SASL 1222 if (vs->sasl.conn && 1223 vs->sasl.runSSF && 1224 !vs->sasl.waitWriteSSF) { 1225 vnc_client_write_sasl(vs); 1226 } else 1227 #endif /* CONFIG_VNC_SASL */ 1228 { 1229 #ifdef CONFIG_VNC_WS 1230 if (vs->encode_ws) { 1231 vnc_client_write_ws(vs); 1232 } else 1233 #endif /* CONFIG_VNC_WS */ 1234 { 1235 vnc_client_write_plain(vs); 1236 } 1237 } 1238 } 1239 1240 void vnc_client_write(void *opaque) 1241 { 1242 VncState *vs = opaque; 1243 1244 vnc_lock_output(vs); 1245 if (vs->output.offset 1246 #ifdef CONFIG_VNC_WS 1247 || vs->ws_output.offset 1248 #endif 1249 ) { 1250 vnc_client_write_locked(opaque); 1251 } else if (vs->csock != -1) { 1252 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1253 } 1254 vnc_unlock_output(vs); 1255 } 1256 1257 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1258 { 1259 vs->read_handler = func; 1260 vs->read_handler_expect = expecting; 1261 } 1262 1263 #ifdef CONFIG_VNC_TLS 1264 static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data, 1265 size_t datalen) 1266 { 1267 long ret = gnutls_read(*session, data, datalen); 1268 if (ret < 0) { 1269 if (ret == GNUTLS_E_AGAIN) { 1270 errno = EAGAIN; 1271 } else { 1272 errno = EIO; 1273 } 1274 ret = -1; 1275 } 1276 return ret; 1277 } 1278 #endif /* CONFIG_VNC_TLS */ 1279 1280 /* 1281 * Called to read a chunk of data from the client socket. The data may 1282 * be the raw data, or may need to be further decoded by SASL. 1283 * The data will be read either straight from to the socket, or 1284 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1285 * 1286 * NB, it is theoretically possible to have 2 layers of encryption, 1287 * both SASL, and this TLS layer. It is highly unlikely in practice 1288 * though, since SASL encryption will typically be a no-op if TLS 1289 * is active 1290 * 1291 * Returns the number of bytes read, which may be less than 1292 * the requested 'datalen' if the socket would block. Returns 1293 * -1 on error, and disconnects the client socket. 1294 */ 1295 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1296 { 1297 long ret; 1298 #ifdef CONFIG_VNC_TLS 1299 if (vs->tls.session) { 1300 ret = vnc_client_read_tls(&vs->tls.session, data, datalen); 1301 } else { 1302 #ifdef CONFIG_VNC_WS 1303 if (vs->ws_tls.session) { 1304 ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen); 1305 } else 1306 #endif /* CONFIG_VNC_WS */ 1307 #endif /* CONFIG_VNC_TLS */ 1308 { 1309 ret = qemu_recv(vs->csock, data, datalen, 0); 1310 } 1311 #ifdef CONFIG_VNC_TLS 1312 } 1313 #endif /* CONFIG_VNC_TLS */ 1314 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1315 return vnc_client_io_error(vs, ret, socket_error()); 1316 } 1317 1318 1319 /* 1320 * Called to read data from the client socket to the input buffer, 1321 * when not using any SASL SSF encryption layers. Will read as much 1322 * data as possible without blocking. 1323 * 1324 * Returns the number of bytes read. Returns -1 on error, and 1325 * disconnects the client socket. 1326 */ 1327 static long vnc_client_read_plain(VncState *vs) 1328 { 1329 int ret; 1330 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1331 vs->input.buffer, vs->input.capacity, vs->input.offset); 1332 buffer_reserve(&vs->input, 4096); 1333 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1334 if (!ret) 1335 return 0; 1336 vs->input.offset += ret; 1337 return ret; 1338 } 1339 1340 static void vnc_jobs_bh(void *opaque) 1341 { 1342 VncState *vs = opaque; 1343 1344 vnc_jobs_consume_buffer(vs); 1345 } 1346 1347 /* 1348 * First function called whenever there is more data to be read from 1349 * the client socket. Will delegate actual work according to whether 1350 * SASL SSF layers are enabled (thus requiring decryption calls) 1351 */ 1352 void vnc_client_read(void *opaque) 1353 { 1354 VncState *vs = opaque; 1355 long ret; 1356 1357 #ifdef CONFIG_VNC_SASL 1358 if (vs->sasl.conn && vs->sasl.runSSF) 1359 ret = vnc_client_read_sasl(vs); 1360 else 1361 #endif /* CONFIG_VNC_SASL */ 1362 #ifdef CONFIG_VNC_WS 1363 if (vs->encode_ws) { 1364 ret = vnc_client_read_ws(vs); 1365 if (ret == -1) { 1366 vnc_disconnect_start(vs); 1367 return; 1368 } else if (ret == -2) { 1369 vnc_client_error(vs); 1370 return; 1371 } 1372 } else 1373 #endif /* CONFIG_VNC_WS */ 1374 { 1375 ret = vnc_client_read_plain(vs); 1376 } 1377 if (!ret) { 1378 if (vs->csock == -1) 1379 vnc_disconnect_finish(vs); 1380 return; 1381 } 1382 1383 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1384 size_t len = vs->read_handler_expect; 1385 int ret; 1386 1387 ret = vs->read_handler(vs, vs->input.buffer, len); 1388 if (vs->csock == -1) { 1389 vnc_disconnect_finish(vs); 1390 return; 1391 } 1392 1393 if (!ret) { 1394 buffer_advance(&vs->input, len); 1395 } else { 1396 vs->read_handler_expect = ret; 1397 } 1398 } 1399 } 1400 1401 void vnc_write(VncState *vs, const void *data, size_t len) 1402 { 1403 buffer_reserve(&vs->output, len); 1404 1405 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1406 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1407 } 1408 1409 buffer_append(&vs->output, data, len); 1410 } 1411 1412 void vnc_write_s32(VncState *vs, int32_t value) 1413 { 1414 vnc_write_u32(vs, *(uint32_t *)&value); 1415 } 1416 1417 void vnc_write_u32(VncState *vs, uint32_t value) 1418 { 1419 uint8_t buf[4]; 1420 1421 buf[0] = (value >> 24) & 0xFF; 1422 buf[1] = (value >> 16) & 0xFF; 1423 buf[2] = (value >> 8) & 0xFF; 1424 buf[3] = value & 0xFF; 1425 1426 vnc_write(vs, buf, 4); 1427 } 1428 1429 void vnc_write_u16(VncState *vs, uint16_t value) 1430 { 1431 uint8_t buf[2]; 1432 1433 buf[0] = (value >> 8) & 0xFF; 1434 buf[1] = value & 0xFF; 1435 1436 vnc_write(vs, buf, 2); 1437 } 1438 1439 void vnc_write_u8(VncState *vs, uint8_t value) 1440 { 1441 vnc_write(vs, (char *)&value, 1); 1442 } 1443 1444 void vnc_flush(VncState *vs) 1445 { 1446 vnc_lock_output(vs); 1447 if (vs->csock != -1 && (vs->output.offset 1448 #ifdef CONFIG_VNC_WS 1449 || vs->ws_output.offset 1450 #endif 1451 )) { 1452 vnc_client_write_locked(vs); 1453 } 1454 vnc_unlock_output(vs); 1455 } 1456 1457 static uint8_t read_u8(uint8_t *data, size_t offset) 1458 { 1459 return data[offset]; 1460 } 1461 1462 static uint16_t read_u16(uint8_t *data, size_t offset) 1463 { 1464 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1465 } 1466 1467 static int32_t read_s32(uint8_t *data, size_t offset) 1468 { 1469 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1470 (data[offset + 2] << 8) | data[offset + 3]); 1471 } 1472 1473 uint32_t read_u32(uint8_t *data, size_t offset) 1474 { 1475 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1476 (data[offset + 2] << 8) | data[offset + 3]); 1477 } 1478 1479 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1480 { 1481 } 1482 1483 static void check_pointer_type_change(Notifier *notifier, void *data) 1484 { 1485 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1486 int absolute = kbd_mouse_is_absolute(); 1487 1488 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1489 vnc_lock_output(vs); 1490 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1491 vnc_write_u8(vs, 0); 1492 vnc_write_u16(vs, 1); 1493 vnc_framebuffer_update(vs, absolute, 0, 1494 surface_width(vs->vd->ds), 1495 surface_height(vs->vd->ds), 1496 VNC_ENCODING_POINTER_TYPE_CHANGE); 1497 vnc_unlock_output(vs); 1498 vnc_flush(vs); 1499 } 1500 vs->absolute = absolute; 1501 } 1502 1503 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1504 { 1505 int buttons = 0; 1506 int dz = 0; 1507 int width = surface_width(vs->vd->ds); 1508 int height = surface_height(vs->vd->ds); 1509 1510 if (button_mask & 0x01) 1511 buttons |= MOUSE_EVENT_LBUTTON; 1512 if (button_mask & 0x02) 1513 buttons |= MOUSE_EVENT_MBUTTON; 1514 if (button_mask & 0x04) 1515 buttons |= MOUSE_EVENT_RBUTTON; 1516 if (button_mask & 0x08) 1517 dz = -1; 1518 if (button_mask & 0x10) 1519 dz = 1; 1520 1521 if (vs->absolute) { 1522 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000, 1523 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000, 1524 dz, buttons); 1525 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1526 x -= 0x7FFF; 1527 y -= 0x7FFF; 1528 1529 kbd_mouse_event(x, y, dz, buttons); 1530 } else { 1531 if (vs->last_x != -1) 1532 kbd_mouse_event(x - vs->last_x, 1533 y - vs->last_y, 1534 dz, buttons); 1535 vs->last_x = x; 1536 vs->last_y = y; 1537 } 1538 } 1539 1540 static void reset_keys(VncState *vs) 1541 { 1542 int i; 1543 for(i = 0; i < 256; i++) { 1544 if (vs->modifiers_state[i]) { 1545 if (i & SCANCODE_GREY) 1546 kbd_put_keycode(SCANCODE_EMUL0); 1547 kbd_put_keycode(i | SCANCODE_UP); 1548 vs->modifiers_state[i] = 0; 1549 } 1550 } 1551 } 1552 1553 static void press_key(VncState *vs, int keysym) 1554 { 1555 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1556 if (keycode & SCANCODE_GREY) 1557 kbd_put_keycode(SCANCODE_EMUL0); 1558 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1559 if (keycode & SCANCODE_GREY) 1560 kbd_put_keycode(SCANCODE_EMUL0); 1561 kbd_put_keycode(keycode | SCANCODE_UP); 1562 } 1563 1564 static int current_led_state(VncState *vs) 1565 { 1566 int ledstate = 0; 1567 1568 if (vs->modifiers_state[0x46]) { 1569 ledstate |= QEMU_SCROLL_LOCK_LED; 1570 } 1571 if (vs->modifiers_state[0x45]) { 1572 ledstate |= QEMU_NUM_LOCK_LED; 1573 } 1574 if (vs->modifiers_state[0x3a]) { 1575 ledstate |= QEMU_CAPS_LOCK_LED; 1576 } 1577 1578 return ledstate; 1579 } 1580 1581 static void vnc_led_state_change(VncState *vs) 1582 { 1583 int ledstate = 0; 1584 1585 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1586 return; 1587 } 1588 1589 ledstate = current_led_state(vs); 1590 vnc_lock_output(vs); 1591 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1592 vnc_write_u8(vs, 0); 1593 vnc_write_u16(vs, 1); 1594 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1595 vnc_write_u8(vs, ledstate); 1596 vnc_unlock_output(vs); 1597 vnc_flush(vs); 1598 } 1599 1600 static void kbd_leds(void *opaque, int ledstate) 1601 { 1602 VncState *vs = opaque; 1603 int caps, num, scr; 1604 1605 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1606 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1607 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1608 1609 if (vs->modifiers_state[0x3a] != caps) { 1610 vs->modifiers_state[0x3a] = caps; 1611 } 1612 if (vs->modifiers_state[0x45] != num) { 1613 vs->modifiers_state[0x45] = num; 1614 } 1615 if (vs->modifiers_state[0x46] != scr) { 1616 vs->modifiers_state[0x46] = scr; 1617 } 1618 1619 /* Sending the current led state message to the client */ 1620 if (ledstate != current_led_state(vs)) { 1621 vnc_led_state_change(vs); 1622 } 1623 } 1624 1625 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1626 { 1627 /* QEMU console switch */ 1628 switch(keycode) { 1629 case 0x2a: /* Left Shift */ 1630 case 0x36: /* Right Shift */ 1631 case 0x1d: /* Left CTRL */ 1632 case 0x9d: /* Right CTRL */ 1633 case 0x38: /* Left ALT */ 1634 case 0xb8: /* Right ALT */ 1635 if (down) 1636 vs->modifiers_state[keycode] = 1; 1637 else 1638 vs->modifiers_state[keycode] = 0; 1639 break; 1640 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1641 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1642 /* Reset the modifiers sent to the current console */ 1643 reset_keys(vs); 1644 console_select(keycode - 0x02); 1645 return; 1646 } 1647 break; 1648 case 0x3a: /* CapsLock */ 1649 case 0x45: /* NumLock */ 1650 if (down) 1651 vs->modifiers_state[keycode] ^= 1; 1652 break; 1653 } 1654 1655 /* Turn off the lock state sync logic if the client support the led 1656 state extension. 1657 */ 1658 if (down && vs->vd->lock_key_sync && 1659 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1660 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1661 /* If the numlock state needs to change then simulate an additional 1662 keypress before sending this one. This will happen if the user 1663 toggles numlock away from the VNC window. 1664 */ 1665 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1666 if (!vs->modifiers_state[0x45]) { 1667 vs->modifiers_state[0x45] = 1; 1668 press_key(vs, 0xff7f); 1669 } 1670 } else { 1671 if (vs->modifiers_state[0x45]) { 1672 vs->modifiers_state[0x45] = 0; 1673 press_key(vs, 0xff7f); 1674 } 1675 } 1676 } 1677 1678 if (down && vs->vd->lock_key_sync && 1679 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1680 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1681 /* If the capslock state needs to change then simulate an additional 1682 keypress before sending this one. This will happen if the user 1683 toggles capslock away from the VNC window. 1684 */ 1685 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1686 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1687 int capslock = !!(vs->modifiers_state[0x3a]); 1688 if (capslock) { 1689 if (uppercase == shift) { 1690 vs->modifiers_state[0x3a] = 0; 1691 press_key(vs, 0xffe5); 1692 } 1693 } else { 1694 if (uppercase != shift) { 1695 vs->modifiers_state[0x3a] = 1; 1696 press_key(vs, 0xffe5); 1697 } 1698 } 1699 } 1700 1701 if (qemu_console_is_graphic(NULL)) { 1702 if (keycode & SCANCODE_GREY) 1703 kbd_put_keycode(SCANCODE_EMUL0); 1704 if (down) 1705 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1706 else 1707 kbd_put_keycode(keycode | SCANCODE_UP); 1708 } else { 1709 bool numlock = vs->modifiers_state[0x45]; 1710 bool control = (vs->modifiers_state[0x1d] || 1711 vs->modifiers_state[0x9d]); 1712 /* QEMU console emulation */ 1713 if (down) { 1714 switch (keycode) { 1715 case 0x2a: /* Left Shift */ 1716 case 0x36: /* Right Shift */ 1717 case 0x1d: /* Left CTRL */ 1718 case 0x9d: /* Right CTRL */ 1719 case 0x38: /* Left ALT */ 1720 case 0xb8: /* Right ALT */ 1721 break; 1722 case 0xc8: 1723 kbd_put_keysym(QEMU_KEY_UP); 1724 break; 1725 case 0xd0: 1726 kbd_put_keysym(QEMU_KEY_DOWN); 1727 break; 1728 case 0xcb: 1729 kbd_put_keysym(QEMU_KEY_LEFT); 1730 break; 1731 case 0xcd: 1732 kbd_put_keysym(QEMU_KEY_RIGHT); 1733 break; 1734 case 0xd3: 1735 kbd_put_keysym(QEMU_KEY_DELETE); 1736 break; 1737 case 0xc7: 1738 kbd_put_keysym(QEMU_KEY_HOME); 1739 break; 1740 case 0xcf: 1741 kbd_put_keysym(QEMU_KEY_END); 1742 break; 1743 case 0xc9: 1744 kbd_put_keysym(QEMU_KEY_PAGEUP); 1745 break; 1746 case 0xd1: 1747 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1748 break; 1749 1750 case 0x47: 1751 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1752 break; 1753 case 0x48: 1754 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1755 break; 1756 case 0x49: 1757 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1758 break; 1759 case 0x4b: 1760 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1761 break; 1762 case 0x4c: 1763 kbd_put_keysym('5'); 1764 break; 1765 case 0x4d: 1766 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1767 break; 1768 case 0x4f: 1769 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1770 break; 1771 case 0x50: 1772 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1773 break; 1774 case 0x51: 1775 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1776 break; 1777 case 0x52: 1778 kbd_put_keysym('0'); 1779 break; 1780 case 0x53: 1781 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1782 break; 1783 1784 case 0xb5: 1785 kbd_put_keysym('/'); 1786 break; 1787 case 0x37: 1788 kbd_put_keysym('*'); 1789 break; 1790 case 0x4a: 1791 kbd_put_keysym('-'); 1792 break; 1793 case 0x4e: 1794 kbd_put_keysym('+'); 1795 break; 1796 case 0x9c: 1797 kbd_put_keysym('\n'); 1798 break; 1799 1800 default: 1801 if (control) { 1802 kbd_put_keysym(sym & 0x1f); 1803 } else { 1804 kbd_put_keysym(sym); 1805 } 1806 break; 1807 } 1808 } 1809 } 1810 } 1811 1812 static void vnc_release_modifiers(VncState *vs) 1813 { 1814 static const int keycodes[] = { 1815 /* shift, control, alt keys, both left & right */ 1816 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1817 }; 1818 int i, keycode; 1819 1820 if (!qemu_console_is_graphic(NULL)) { 1821 return; 1822 } 1823 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1824 keycode = keycodes[i]; 1825 if (!vs->modifiers_state[keycode]) { 1826 continue; 1827 } 1828 if (keycode & SCANCODE_GREY) { 1829 kbd_put_keycode(SCANCODE_EMUL0); 1830 } 1831 kbd_put_keycode(keycode | SCANCODE_UP); 1832 } 1833 } 1834 1835 static void key_event(VncState *vs, int down, uint32_t sym) 1836 { 1837 int keycode; 1838 int lsym = sym; 1839 1840 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1841 lsym = lsym - 'A' + 'a'; 1842 } 1843 1844 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1845 do_key_event(vs, down, keycode, sym); 1846 } 1847 1848 static void ext_key_event(VncState *vs, int down, 1849 uint32_t sym, uint16_t keycode) 1850 { 1851 /* if the user specifies a keyboard layout, always use it */ 1852 if (keyboard_layout) 1853 key_event(vs, down, sym); 1854 else 1855 do_key_event(vs, down, keycode, sym); 1856 } 1857 1858 static void framebuffer_update_request(VncState *vs, int incremental, 1859 int x_position, int y_position, 1860 int w, int h) 1861 { 1862 int i; 1863 const size_t width = surface_width(vs->vd->ds) / 16; 1864 const size_t height = surface_height(vs->vd->ds); 1865 1866 if (y_position > height) { 1867 y_position = height; 1868 } 1869 if (y_position + h >= height) { 1870 h = height - y_position; 1871 } 1872 1873 vs->need_update = 1; 1874 if (!incremental) { 1875 vs->force_update = 1; 1876 for (i = 0; i < h; i++) { 1877 bitmap_set(vs->dirty[y_position + i], 0, width); 1878 bitmap_clear(vs->dirty[y_position + i], width, 1879 VNC_DIRTY_BITS - width); 1880 } 1881 } 1882 } 1883 1884 static void send_ext_key_event_ack(VncState *vs) 1885 { 1886 vnc_lock_output(vs); 1887 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1888 vnc_write_u8(vs, 0); 1889 vnc_write_u16(vs, 1); 1890 vnc_framebuffer_update(vs, 0, 0, 1891 surface_width(vs->vd->ds), 1892 surface_height(vs->vd->ds), 1893 VNC_ENCODING_EXT_KEY_EVENT); 1894 vnc_unlock_output(vs); 1895 vnc_flush(vs); 1896 } 1897 1898 static void send_ext_audio_ack(VncState *vs) 1899 { 1900 vnc_lock_output(vs); 1901 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1902 vnc_write_u8(vs, 0); 1903 vnc_write_u16(vs, 1); 1904 vnc_framebuffer_update(vs, 0, 0, 1905 surface_width(vs->vd->ds), 1906 surface_height(vs->vd->ds), 1907 VNC_ENCODING_AUDIO); 1908 vnc_unlock_output(vs); 1909 vnc_flush(vs); 1910 } 1911 1912 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1913 { 1914 int i; 1915 unsigned int enc = 0; 1916 1917 vs->features = 0; 1918 vs->vnc_encoding = 0; 1919 vs->tight.compression = 9; 1920 vs->tight.quality = -1; /* Lossless by default */ 1921 vs->absolute = -1; 1922 1923 /* 1924 * Start from the end because the encodings are sent in order of preference. 1925 * This way the preferred encoding (first encoding defined in the array) 1926 * will be set at the end of the loop. 1927 */ 1928 for (i = n_encodings - 1; i >= 0; i--) { 1929 enc = encodings[i]; 1930 switch (enc) { 1931 case VNC_ENCODING_RAW: 1932 vs->vnc_encoding = enc; 1933 break; 1934 case VNC_ENCODING_COPYRECT: 1935 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1936 break; 1937 case VNC_ENCODING_HEXTILE: 1938 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1939 vs->vnc_encoding = enc; 1940 break; 1941 case VNC_ENCODING_TIGHT: 1942 vs->features |= VNC_FEATURE_TIGHT_MASK; 1943 vs->vnc_encoding = enc; 1944 break; 1945 #ifdef CONFIG_VNC_PNG 1946 case VNC_ENCODING_TIGHT_PNG: 1947 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1948 vs->vnc_encoding = enc; 1949 break; 1950 #endif 1951 case VNC_ENCODING_ZLIB: 1952 vs->features |= VNC_FEATURE_ZLIB_MASK; 1953 vs->vnc_encoding = enc; 1954 break; 1955 case VNC_ENCODING_ZRLE: 1956 vs->features |= VNC_FEATURE_ZRLE_MASK; 1957 vs->vnc_encoding = enc; 1958 break; 1959 case VNC_ENCODING_ZYWRLE: 1960 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1961 vs->vnc_encoding = enc; 1962 break; 1963 case VNC_ENCODING_DESKTOPRESIZE: 1964 vs->features |= VNC_FEATURE_RESIZE_MASK; 1965 break; 1966 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1967 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1968 break; 1969 case VNC_ENCODING_RICH_CURSOR: 1970 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1971 break; 1972 case VNC_ENCODING_EXT_KEY_EVENT: 1973 send_ext_key_event_ack(vs); 1974 break; 1975 case VNC_ENCODING_AUDIO: 1976 send_ext_audio_ack(vs); 1977 break; 1978 case VNC_ENCODING_WMVi: 1979 vs->features |= VNC_FEATURE_WMVI_MASK; 1980 break; 1981 case VNC_ENCODING_LED_STATE: 1982 vs->features |= VNC_FEATURE_LED_STATE_MASK; 1983 break; 1984 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1985 vs->tight.compression = (enc & 0x0F); 1986 break; 1987 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1988 if (vs->vd->lossy) { 1989 vs->tight.quality = (enc & 0x0F); 1990 } 1991 break; 1992 default: 1993 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1994 break; 1995 } 1996 } 1997 vnc_desktop_resize(vs); 1998 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1999 vnc_led_state_change(vs); 2000 } 2001 2002 static void set_pixel_conversion(VncState *vs) 2003 { 2004 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2005 2006 if (fmt == VNC_SERVER_FB_FORMAT) { 2007 vs->write_pixels = vnc_write_pixels_copy; 2008 vnc_hextile_set_pixel_conversion(vs, 0); 2009 } else { 2010 vs->write_pixels = vnc_write_pixels_generic; 2011 vnc_hextile_set_pixel_conversion(vs, 1); 2012 } 2013 } 2014 2015 static void set_pixel_format(VncState *vs, 2016 int bits_per_pixel, int depth, 2017 int big_endian_flag, int true_color_flag, 2018 int red_max, int green_max, int blue_max, 2019 int red_shift, int green_shift, int blue_shift) 2020 { 2021 if (!true_color_flag) { 2022 vnc_client_error(vs); 2023 return; 2024 } 2025 2026 vs->client_pf.rmax = red_max; 2027 vs->client_pf.rbits = hweight_long(red_max); 2028 vs->client_pf.rshift = red_shift; 2029 vs->client_pf.rmask = red_max << red_shift; 2030 vs->client_pf.gmax = green_max; 2031 vs->client_pf.gbits = hweight_long(green_max); 2032 vs->client_pf.gshift = green_shift; 2033 vs->client_pf.gmask = green_max << green_shift; 2034 vs->client_pf.bmax = blue_max; 2035 vs->client_pf.bbits = hweight_long(blue_max); 2036 vs->client_pf.bshift = blue_shift; 2037 vs->client_pf.bmask = blue_max << blue_shift; 2038 vs->client_pf.bits_per_pixel = bits_per_pixel; 2039 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2040 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2041 vs->client_be = big_endian_flag; 2042 2043 set_pixel_conversion(vs); 2044 2045 graphic_hw_invalidate(NULL); 2046 graphic_hw_update(NULL); 2047 } 2048 2049 static void pixel_format_message (VncState *vs) { 2050 char pad[3] = { 0, 0, 0 }; 2051 2052 vs->client_pf = qemu_default_pixelformat(32); 2053 2054 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2055 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2056 2057 #ifdef HOST_WORDS_BIGENDIAN 2058 vnc_write_u8(vs, 1); /* big-endian-flag */ 2059 #else 2060 vnc_write_u8(vs, 0); /* big-endian-flag */ 2061 #endif 2062 vnc_write_u8(vs, 1); /* true-color-flag */ 2063 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2064 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2065 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2066 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2067 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2068 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2069 vnc_write(vs, pad, 3); /* padding */ 2070 2071 vnc_hextile_set_pixel_conversion(vs, 0); 2072 vs->write_pixels = vnc_write_pixels_copy; 2073 } 2074 2075 static void vnc_colordepth(VncState *vs) 2076 { 2077 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2078 /* Sending a WMVi message to notify the client*/ 2079 vnc_lock_output(vs); 2080 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2081 vnc_write_u8(vs, 0); 2082 vnc_write_u16(vs, 1); /* number of rects */ 2083 vnc_framebuffer_update(vs, 0, 0, 2084 surface_width(vs->vd->ds), 2085 surface_height(vs->vd->ds), 2086 VNC_ENCODING_WMVi); 2087 pixel_format_message(vs); 2088 vnc_unlock_output(vs); 2089 vnc_flush(vs); 2090 } else { 2091 set_pixel_conversion(vs); 2092 } 2093 } 2094 2095 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2096 { 2097 int i; 2098 uint16_t limit; 2099 VncDisplay *vd = vs->vd; 2100 2101 if (data[0] > 3) { 2102 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2103 } 2104 2105 switch (data[0]) { 2106 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2107 if (len == 1) 2108 return 20; 2109 2110 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2111 read_u8(data, 6), read_u8(data, 7), 2112 read_u16(data, 8), read_u16(data, 10), 2113 read_u16(data, 12), read_u8(data, 14), 2114 read_u8(data, 15), read_u8(data, 16)); 2115 break; 2116 case VNC_MSG_CLIENT_SET_ENCODINGS: 2117 if (len == 1) 2118 return 4; 2119 2120 if (len == 4) { 2121 limit = read_u16(data, 2); 2122 if (limit > 0) 2123 return 4 + (limit * 4); 2124 } else 2125 limit = read_u16(data, 2); 2126 2127 for (i = 0; i < limit; i++) { 2128 int32_t val = read_s32(data, 4 + (i * 4)); 2129 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2130 } 2131 2132 set_encodings(vs, (int32_t *)(data + 4), limit); 2133 break; 2134 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2135 if (len == 1) 2136 return 10; 2137 2138 framebuffer_update_request(vs, 2139 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2140 read_u16(data, 6), read_u16(data, 8)); 2141 break; 2142 case VNC_MSG_CLIENT_KEY_EVENT: 2143 if (len == 1) 2144 return 8; 2145 2146 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2147 break; 2148 case VNC_MSG_CLIENT_POINTER_EVENT: 2149 if (len == 1) 2150 return 6; 2151 2152 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2153 break; 2154 case VNC_MSG_CLIENT_CUT_TEXT: 2155 if (len == 1) 2156 return 8; 2157 2158 if (len == 8) { 2159 uint32_t dlen = read_u32(data, 4); 2160 if (dlen > 0) 2161 return 8 + dlen; 2162 } 2163 2164 client_cut_text(vs, read_u32(data, 4), data + 8); 2165 break; 2166 case VNC_MSG_CLIENT_QEMU: 2167 if (len == 1) 2168 return 2; 2169 2170 switch (read_u8(data, 1)) { 2171 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2172 if (len == 2) 2173 return 12; 2174 2175 ext_key_event(vs, read_u16(data, 2), 2176 read_u32(data, 4), read_u32(data, 8)); 2177 break; 2178 case VNC_MSG_CLIENT_QEMU_AUDIO: 2179 if (len == 2) 2180 return 4; 2181 2182 switch (read_u16 (data, 2)) { 2183 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2184 audio_add(vs); 2185 break; 2186 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2187 audio_del(vs); 2188 break; 2189 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2190 if (len == 4) 2191 return 10; 2192 switch (read_u8(data, 4)) { 2193 case 0: vs->as.fmt = AUD_FMT_U8; break; 2194 case 1: vs->as.fmt = AUD_FMT_S8; break; 2195 case 2: vs->as.fmt = AUD_FMT_U16; break; 2196 case 3: vs->as.fmt = AUD_FMT_S16; break; 2197 case 4: vs->as.fmt = AUD_FMT_U32; break; 2198 case 5: vs->as.fmt = AUD_FMT_S32; break; 2199 default: 2200 printf("Invalid audio format %d\n", read_u8(data, 4)); 2201 vnc_client_error(vs); 2202 break; 2203 } 2204 vs->as.nchannels = read_u8(data, 5); 2205 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2206 printf("Invalid audio channel coount %d\n", 2207 read_u8(data, 5)); 2208 vnc_client_error(vs); 2209 break; 2210 } 2211 vs->as.freq = read_u32(data, 6); 2212 break; 2213 default: 2214 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2215 vnc_client_error(vs); 2216 break; 2217 } 2218 break; 2219 2220 default: 2221 printf("Msg: %d\n", read_u16(data, 0)); 2222 vnc_client_error(vs); 2223 break; 2224 } 2225 break; 2226 default: 2227 printf("Msg: %d\n", data[0]); 2228 vnc_client_error(vs); 2229 break; 2230 } 2231 2232 vnc_read_when(vs, protocol_client_msg, 1); 2233 return 0; 2234 } 2235 2236 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2237 { 2238 char buf[1024]; 2239 VncShareMode mode; 2240 int size; 2241 2242 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2243 switch (vs->vd->share_policy) { 2244 case VNC_SHARE_POLICY_IGNORE: 2245 /* 2246 * Ignore the shared flag. Nothing to do here. 2247 * 2248 * Doesn't conform to the rfb spec but is traditional qemu 2249 * behavior, thus left here as option for compatibility 2250 * reasons. 2251 */ 2252 break; 2253 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2254 /* 2255 * Policy: Allow clients ask for exclusive access. 2256 * 2257 * Implementation: When a client asks for exclusive access, 2258 * disconnect all others. Shared connects are allowed as long 2259 * as no exclusive connection exists. 2260 * 2261 * This is how the rfb spec suggests to handle the shared flag. 2262 */ 2263 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2264 VncState *client; 2265 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2266 if (vs == client) { 2267 continue; 2268 } 2269 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2270 client->share_mode != VNC_SHARE_MODE_SHARED) { 2271 continue; 2272 } 2273 vnc_disconnect_start(client); 2274 } 2275 } 2276 if (mode == VNC_SHARE_MODE_SHARED) { 2277 if (vs->vd->num_exclusive > 0) { 2278 vnc_disconnect_start(vs); 2279 return 0; 2280 } 2281 } 2282 break; 2283 case VNC_SHARE_POLICY_FORCE_SHARED: 2284 /* 2285 * Policy: Shared connects only. 2286 * Implementation: Disallow clients asking for exclusive access. 2287 * 2288 * Useful for shared desktop sessions where you don't want 2289 * someone forgetting to say -shared when running the vnc 2290 * client disconnect everybody else. 2291 */ 2292 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2293 vnc_disconnect_start(vs); 2294 return 0; 2295 } 2296 break; 2297 } 2298 vnc_set_share_mode(vs, mode); 2299 2300 vs->client_width = surface_width(vs->vd->ds); 2301 vs->client_height = surface_height(vs->vd->ds); 2302 vnc_write_u16(vs, vs->client_width); 2303 vnc_write_u16(vs, vs->client_height); 2304 2305 pixel_format_message(vs); 2306 2307 if (qemu_name) 2308 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2309 else 2310 size = snprintf(buf, sizeof(buf), "QEMU"); 2311 2312 vnc_write_u32(vs, size); 2313 vnc_write(vs, buf, size); 2314 vnc_flush(vs); 2315 2316 vnc_client_cache_auth(vs); 2317 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2318 2319 vnc_read_when(vs, protocol_client_msg, 1); 2320 2321 return 0; 2322 } 2323 2324 void start_client_init(VncState *vs) 2325 { 2326 vnc_read_when(vs, protocol_client_init, 1); 2327 } 2328 2329 static void make_challenge(VncState *vs) 2330 { 2331 int i; 2332 2333 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2334 2335 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2336 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2337 } 2338 2339 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2340 { 2341 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2342 int i, j, pwlen; 2343 unsigned char key[8]; 2344 time_t now = time(NULL); 2345 2346 if (!vs->vd->password) { 2347 VNC_DEBUG("No password configured on server"); 2348 goto reject; 2349 } 2350 if (vs->vd->expires < now) { 2351 VNC_DEBUG("Password is expired"); 2352 goto reject; 2353 } 2354 2355 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2356 2357 /* Calculate the expected challenge response */ 2358 pwlen = strlen(vs->vd->password); 2359 for (i=0; i<sizeof(key); i++) 2360 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2361 deskey(key, EN0); 2362 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2363 des(response+j, response+j); 2364 2365 /* Compare expected vs actual challenge response */ 2366 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2367 VNC_DEBUG("Client challenge response did not match\n"); 2368 goto reject; 2369 } else { 2370 VNC_DEBUG("Accepting VNC challenge response\n"); 2371 vnc_write_u32(vs, 0); /* Accept auth */ 2372 vnc_flush(vs); 2373 2374 start_client_init(vs); 2375 } 2376 return 0; 2377 2378 reject: 2379 vnc_write_u32(vs, 1); /* Reject auth */ 2380 if (vs->minor >= 8) { 2381 static const char err[] = "Authentication failed"; 2382 vnc_write_u32(vs, sizeof(err)); 2383 vnc_write(vs, err, sizeof(err)); 2384 } 2385 vnc_flush(vs); 2386 vnc_client_error(vs); 2387 return 0; 2388 } 2389 2390 void start_auth_vnc(VncState *vs) 2391 { 2392 make_challenge(vs); 2393 /* Send client a 'random' challenge */ 2394 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2395 vnc_flush(vs); 2396 2397 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2398 } 2399 2400 2401 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2402 { 2403 /* We only advertise 1 auth scheme at a time, so client 2404 * must pick the one we sent. Verify this */ 2405 if (data[0] != vs->auth) { /* Reject auth */ 2406 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2407 vnc_write_u32(vs, 1); 2408 if (vs->minor >= 8) { 2409 static const char err[] = "Authentication failed"; 2410 vnc_write_u32(vs, sizeof(err)); 2411 vnc_write(vs, err, sizeof(err)); 2412 } 2413 vnc_client_error(vs); 2414 } else { /* Accept requested auth */ 2415 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2416 switch (vs->auth) { 2417 case VNC_AUTH_NONE: 2418 VNC_DEBUG("Accept auth none\n"); 2419 if (vs->minor >= 8) { 2420 vnc_write_u32(vs, 0); /* Accept auth completion */ 2421 vnc_flush(vs); 2422 } 2423 start_client_init(vs); 2424 break; 2425 2426 case VNC_AUTH_VNC: 2427 VNC_DEBUG("Start VNC auth\n"); 2428 start_auth_vnc(vs); 2429 break; 2430 2431 #ifdef CONFIG_VNC_TLS 2432 case VNC_AUTH_VENCRYPT: 2433 VNC_DEBUG("Accept VeNCrypt auth\n"); 2434 start_auth_vencrypt(vs); 2435 break; 2436 #endif /* CONFIG_VNC_TLS */ 2437 2438 #ifdef CONFIG_VNC_SASL 2439 case VNC_AUTH_SASL: 2440 VNC_DEBUG("Accept SASL auth\n"); 2441 start_auth_sasl(vs); 2442 break; 2443 #endif /* CONFIG_VNC_SASL */ 2444 2445 default: /* Should not be possible, but just in case */ 2446 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2447 vnc_write_u8(vs, 1); 2448 if (vs->minor >= 8) { 2449 static const char err[] = "Authentication failed"; 2450 vnc_write_u32(vs, sizeof(err)); 2451 vnc_write(vs, err, sizeof(err)); 2452 } 2453 vnc_client_error(vs); 2454 } 2455 } 2456 return 0; 2457 } 2458 2459 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2460 { 2461 char local[13]; 2462 2463 memcpy(local, version, 12); 2464 local[12] = 0; 2465 2466 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2467 VNC_DEBUG("Malformed protocol version %s\n", local); 2468 vnc_client_error(vs); 2469 return 0; 2470 } 2471 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2472 if (vs->major != 3 || 2473 (vs->minor != 3 && 2474 vs->minor != 4 && 2475 vs->minor != 5 && 2476 vs->minor != 7 && 2477 vs->minor != 8)) { 2478 VNC_DEBUG("Unsupported client version\n"); 2479 vnc_write_u32(vs, VNC_AUTH_INVALID); 2480 vnc_flush(vs); 2481 vnc_client_error(vs); 2482 return 0; 2483 } 2484 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2485 * as equivalent to v3.3 by servers 2486 */ 2487 if (vs->minor == 4 || vs->minor == 5) 2488 vs->minor = 3; 2489 2490 if (vs->minor == 3) { 2491 if (vs->auth == VNC_AUTH_NONE) { 2492 VNC_DEBUG("Tell client auth none\n"); 2493 vnc_write_u32(vs, vs->auth); 2494 vnc_flush(vs); 2495 start_client_init(vs); 2496 } else if (vs->auth == VNC_AUTH_VNC) { 2497 VNC_DEBUG("Tell client VNC auth\n"); 2498 vnc_write_u32(vs, vs->auth); 2499 vnc_flush(vs); 2500 start_auth_vnc(vs); 2501 } else { 2502 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2503 vnc_write_u32(vs, VNC_AUTH_INVALID); 2504 vnc_flush(vs); 2505 vnc_client_error(vs); 2506 } 2507 } else { 2508 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2509 vnc_write_u8(vs, 1); /* num auth */ 2510 vnc_write_u8(vs, vs->auth); 2511 vnc_read_when(vs, protocol_client_auth, 1); 2512 vnc_flush(vs); 2513 } 2514 2515 return 0; 2516 } 2517 2518 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2519 { 2520 struct VncSurface *vs = &vd->guest; 2521 2522 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2523 } 2524 2525 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2526 { 2527 int i, j; 2528 2529 w = (x + w) / VNC_STAT_RECT; 2530 h = (y + h) / VNC_STAT_RECT; 2531 x /= VNC_STAT_RECT; 2532 y /= VNC_STAT_RECT; 2533 2534 for (j = y; j <= h; j++) { 2535 for (i = x; i <= w; i++) { 2536 vs->lossy_rect[j][i] = 1; 2537 } 2538 } 2539 } 2540 2541 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2542 { 2543 VncState *vs; 2544 int sty = y / VNC_STAT_RECT; 2545 int stx = x / VNC_STAT_RECT; 2546 int has_dirty = 0; 2547 2548 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2549 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2550 2551 QTAILQ_FOREACH(vs, &vd->clients, next) { 2552 int j; 2553 2554 /* kernel send buffers are full -> refresh later */ 2555 if (vs->output.offset) { 2556 continue; 2557 } 2558 2559 if (!vs->lossy_rect[sty][stx]) { 2560 continue; 2561 } 2562 2563 vs->lossy_rect[sty][stx] = 0; 2564 for (j = 0; j < VNC_STAT_RECT; ++j) { 2565 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16); 2566 } 2567 has_dirty++; 2568 } 2569 2570 return has_dirty; 2571 } 2572 2573 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2574 { 2575 int width = pixman_image_get_width(vd->guest.fb); 2576 int height = pixman_image_get_height(vd->guest.fb); 2577 int x, y; 2578 struct timeval res; 2579 int has_dirty = 0; 2580 2581 for (y = 0; y < height; y += VNC_STAT_RECT) { 2582 for (x = 0; x < width; x += VNC_STAT_RECT) { 2583 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2584 2585 rect->updated = false; 2586 } 2587 } 2588 2589 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2590 2591 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2592 return has_dirty; 2593 } 2594 vd->guest.last_freq_check = *tv; 2595 2596 for (y = 0; y < height; y += VNC_STAT_RECT) { 2597 for (x = 0; x < width; x += VNC_STAT_RECT) { 2598 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2599 int count = ARRAY_SIZE(rect->times); 2600 struct timeval min, max; 2601 2602 if (!timerisset(&rect->times[count - 1])) { 2603 continue ; 2604 } 2605 2606 max = rect->times[(rect->idx + count - 1) % count]; 2607 qemu_timersub(tv, &max, &res); 2608 2609 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2610 rect->freq = 0; 2611 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2612 memset(rect->times, 0, sizeof (rect->times)); 2613 continue ; 2614 } 2615 2616 min = rect->times[rect->idx]; 2617 max = rect->times[(rect->idx + count - 1) % count]; 2618 qemu_timersub(&max, &min, &res); 2619 2620 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2621 rect->freq /= count; 2622 rect->freq = 1. / rect->freq; 2623 } 2624 } 2625 return has_dirty; 2626 } 2627 2628 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2629 { 2630 int i, j; 2631 double total = 0; 2632 int num = 0; 2633 2634 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2635 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2636 2637 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2638 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2639 total += vnc_stat_rect(vs->vd, i, j)->freq; 2640 num++; 2641 } 2642 } 2643 2644 if (num) { 2645 return total / num; 2646 } else { 2647 return 0; 2648 } 2649 } 2650 2651 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2652 { 2653 VncRectStat *rect; 2654 2655 rect = vnc_stat_rect(vd, x, y); 2656 if (rect->updated) { 2657 return ; 2658 } 2659 rect->times[rect->idx] = *tv; 2660 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2661 rect->updated = true; 2662 } 2663 2664 static int vnc_refresh_server_surface(VncDisplay *vd) 2665 { 2666 int width = pixman_image_get_width(vd->guest.fb); 2667 int height = pixman_image_get_height(vd->guest.fb); 2668 int y; 2669 uint8_t *guest_row; 2670 uint8_t *server_row; 2671 int cmp_bytes; 2672 VncState *vs; 2673 int has_dirty = 0; 2674 pixman_image_t *tmpbuf = NULL; 2675 2676 struct timeval tv = { 0, 0 }; 2677 2678 if (!vd->non_adaptive) { 2679 gettimeofday(&tv, NULL); 2680 has_dirty = vnc_update_stats(vd, &tv); 2681 } 2682 2683 /* 2684 * Walk through the guest dirty map. 2685 * Check and copy modified bits from guest to server surface. 2686 * Update server dirty map. 2687 */ 2688 cmp_bytes = 64; 2689 if (cmp_bytes > vnc_server_fb_stride(vd)) { 2690 cmp_bytes = vnc_server_fb_stride(vd); 2691 } 2692 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2693 int width = pixman_image_get_width(vd->server); 2694 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2695 } 2696 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2697 server_row = (uint8_t *)pixman_image_get_data(vd->server); 2698 for (y = 0; y < height; y++) { 2699 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) { 2700 int x; 2701 uint8_t *guest_ptr; 2702 uint8_t *server_ptr; 2703 2704 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2705 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2706 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2707 } else { 2708 guest_ptr = guest_row; 2709 } 2710 server_ptr = server_row; 2711 2712 for (x = 0; x + 15 < width; 2713 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2714 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y])) 2715 continue; 2716 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2717 continue; 2718 memcpy(server_ptr, guest_ptr, cmp_bytes); 2719 if (!vd->non_adaptive) 2720 vnc_rect_updated(vd, x, y, &tv); 2721 QTAILQ_FOREACH(vs, &vd->clients, next) { 2722 set_bit((x / 16), vs->dirty[y]); 2723 } 2724 has_dirty++; 2725 } 2726 } 2727 guest_row += pixman_image_get_stride(vd->guest.fb); 2728 server_row += pixman_image_get_stride(vd->server); 2729 } 2730 qemu_pixman_image_unref(tmpbuf); 2731 return has_dirty; 2732 } 2733 2734 static void vnc_refresh(DisplayChangeListener *dcl) 2735 { 2736 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2737 VncState *vs, *vn; 2738 int has_dirty, rects = 0; 2739 2740 graphic_hw_update(NULL); 2741 2742 if (vnc_trylock_display(vd)) { 2743 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2744 return; 2745 } 2746 2747 has_dirty = vnc_refresh_server_surface(vd); 2748 vnc_unlock_display(vd); 2749 2750 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2751 rects += vnc_update_client(vs, has_dirty); 2752 /* vs might be free()ed here */ 2753 } 2754 2755 if (QTAILQ_EMPTY(&vd->clients)) { 2756 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2757 return; 2758 } 2759 2760 if (has_dirty && rects) { 2761 vd->dcl.update_interval /= 2; 2762 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2763 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2764 } 2765 } else { 2766 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2767 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2768 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2769 } 2770 } 2771 } 2772 2773 static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket) 2774 { 2775 VncState *vs = g_malloc0(sizeof(VncState)); 2776 int i; 2777 2778 vs->csock = csock; 2779 2780 if (skipauth) { 2781 vs->auth = VNC_AUTH_NONE; 2782 #ifdef CONFIG_VNC_TLS 2783 vs->subauth = VNC_AUTH_INVALID; 2784 #endif 2785 } else { 2786 vs->auth = vd->auth; 2787 #ifdef CONFIG_VNC_TLS 2788 vs->subauth = vd->subauth; 2789 #endif 2790 } 2791 2792 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2793 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2794 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2795 } 2796 2797 VNC_DEBUG("New client on socket %d\n", csock); 2798 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2799 qemu_set_nonblock(vs->csock); 2800 #ifdef CONFIG_VNC_WS 2801 if (websocket) { 2802 vs->websocket = 1; 2803 #ifdef CONFIG_VNC_TLS 2804 if (vd->tls.x509cert) { 2805 qemu_set_fd_handler2(vs->csock, NULL, vncws_tls_handshake_peek, 2806 NULL, vs); 2807 } else 2808 #endif /* CONFIG_VNC_TLS */ 2809 { 2810 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, 2811 NULL, vs); 2812 } 2813 } else 2814 #endif /* CONFIG_VNC_WS */ 2815 { 2816 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2817 } 2818 2819 vnc_client_cache_addr(vs); 2820 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2821 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2822 2823 vs->vd = vd; 2824 2825 #ifdef CONFIG_VNC_WS 2826 if (!vs->websocket) 2827 #endif 2828 { 2829 vnc_init_state(vs); 2830 } 2831 } 2832 2833 void vnc_init_state(VncState *vs) 2834 { 2835 vs->initialized = true; 2836 VncDisplay *vd = vs->vd; 2837 2838 vs->last_x = -1; 2839 vs->last_y = -1; 2840 2841 vs->as.freq = 44100; 2842 vs->as.nchannels = 2; 2843 vs->as.fmt = AUD_FMT_S16; 2844 vs->as.endianness = 0; 2845 2846 qemu_mutex_init(&vs->output_mutex); 2847 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2848 2849 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2850 2851 graphic_hw_update(NULL); 2852 2853 vnc_write(vs, "RFB 003.008\n", 12); 2854 vnc_flush(vs); 2855 vnc_read_when(vs, protocol_version, 12); 2856 reset_keys(vs); 2857 if (vs->vd->lock_key_sync) 2858 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2859 2860 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2861 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2862 2863 /* vs might be free()ed here */ 2864 } 2865 2866 static void vnc_listen_read(void *opaque, bool websocket) 2867 { 2868 VncDisplay *vs = opaque; 2869 struct sockaddr_in addr; 2870 socklen_t addrlen = sizeof(addr); 2871 int csock; 2872 2873 /* Catch-up */ 2874 graphic_hw_update(NULL); 2875 #ifdef CONFIG_VNC_WS 2876 if (websocket) { 2877 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 2878 } else 2879 #endif /* CONFIG_VNC_WS */ 2880 { 2881 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2882 } 2883 2884 if (csock != -1) { 2885 vnc_connect(vs, csock, 0, websocket); 2886 } 2887 } 2888 2889 static void vnc_listen_regular_read(void *opaque) 2890 { 2891 vnc_listen_read(opaque, 0); 2892 } 2893 2894 #ifdef CONFIG_VNC_WS 2895 static void vnc_listen_websocket_read(void *opaque) 2896 { 2897 vnc_listen_read(opaque, 1); 2898 } 2899 #endif /* CONFIG_VNC_WS */ 2900 2901 static const DisplayChangeListenerOps dcl_ops = { 2902 .dpy_name = "vnc", 2903 .dpy_refresh = vnc_refresh, 2904 .dpy_gfx_copy = vnc_dpy_copy, 2905 .dpy_gfx_update = vnc_dpy_update, 2906 .dpy_gfx_switch = vnc_dpy_switch, 2907 .dpy_mouse_set = vnc_mouse_set, 2908 .dpy_cursor_define = vnc_dpy_cursor_define, 2909 }; 2910 2911 void vnc_display_init(DisplayState *ds) 2912 { 2913 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2914 2915 vnc_display = vs; 2916 2917 vs->lsock = -1; 2918 #ifdef CONFIG_VNC_WS 2919 vs->lwebsock = -1; 2920 #endif 2921 2922 QTAILQ_INIT(&vs->clients); 2923 vs->expires = TIME_MAX; 2924 2925 if (keyboard_layout) 2926 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2927 else 2928 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2929 2930 if (!vs->kbd_layout) 2931 exit(1); 2932 2933 qemu_mutex_init(&vs->mutex); 2934 vnc_start_worker_thread(); 2935 2936 vs->dcl.ops = &dcl_ops; 2937 register_displaychangelistener(&vs->dcl); 2938 } 2939 2940 2941 static void vnc_display_close(DisplayState *ds) 2942 { 2943 VncDisplay *vs = vnc_display; 2944 2945 if (!vs) 2946 return; 2947 if (vs->display) { 2948 g_free(vs->display); 2949 vs->display = NULL; 2950 } 2951 if (vs->lsock != -1) { 2952 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2953 close(vs->lsock); 2954 vs->lsock = -1; 2955 } 2956 #ifdef CONFIG_VNC_WS 2957 g_free(vs->ws_display); 2958 vs->ws_display = NULL; 2959 if (vs->lwebsock != -1) { 2960 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL); 2961 close(vs->lwebsock); 2962 vs->lwebsock = -1; 2963 } 2964 #endif /* CONFIG_VNC_WS */ 2965 vs->auth = VNC_AUTH_INVALID; 2966 #ifdef CONFIG_VNC_TLS 2967 vs->subauth = VNC_AUTH_INVALID; 2968 vs->tls.x509verify = 0; 2969 #endif 2970 } 2971 2972 static int vnc_display_disable_login(DisplayState *ds) 2973 { 2974 VncDisplay *vs = vnc_display; 2975 2976 if (!vs) { 2977 return -1; 2978 } 2979 2980 if (vs->password) { 2981 g_free(vs->password); 2982 } 2983 2984 vs->password = NULL; 2985 if (vs->auth == VNC_AUTH_NONE) { 2986 vs->auth = VNC_AUTH_VNC; 2987 } 2988 2989 return 0; 2990 } 2991 2992 int vnc_display_password(DisplayState *ds, const char *password) 2993 { 2994 VncDisplay *vs = vnc_display; 2995 2996 if (!vs) { 2997 return -EINVAL; 2998 } 2999 3000 if (!password) { 3001 /* This is not the intention of this interface but err on the side 3002 of being safe */ 3003 return vnc_display_disable_login(ds); 3004 } 3005 3006 if (vs->password) { 3007 g_free(vs->password); 3008 vs->password = NULL; 3009 } 3010 vs->password = g_strdup(password); 3011 if (vs->auth == VNC_AUTH_NONE) { 3012 vs->auth = VNC_AUTH_VNC; 3013 } 3014 3015 return 0; 3016 } 3017 3018 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 3019 { 3020 VncDisplay *vs = vnc_display; 3021 3022 if (!vs) { 3023 return -EINVAL; 3024 } 3025 3026 vs->expires = expires; 3027 return 0; 3028 } 3029 3030 char *vnc_display_local_addr(DisplayState *ds) 3031 { 3032 VncDisplay *vs = vnc_display; 3033 3034 return vnc_socket_local_addr("%s:%s", vs->lsock); 3035 } 3036 3037 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 3038 { 3039 VncDisplay *vs = vnc_display; 3040 const char *options; 3041 int password = 0; 3042 int reverse = 0; 3043 #ifdef CONFIG_VNC_TLS 3044 int tls = 0, x509 = 0; 3045 #endif 3046 #ifdef CONFIG_VNC_SASL 3047 int sasl = 0; 3048 int saslErr; 3049 #endif 3050 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3051 int acl = 0; 3052 #endif 3053 int lock_key_sync = 1; 3054 3055 if (!vnc_display) { 3056 error_setg(errp, "VNC display not active"); 3057 return; 3058 } 3059 vnc_display_close(ds); 3060 if (strcmp(display, "none") == 0) 3061 return; 3062 3063 vs->display = g_strdup(display); 3064 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3065 3066 options = display; 3067 while ((options = strchr(options, ','))) { 3068 options++; 3069 if (strncmp(options, "password", 8) == 0) { 3070 if (fips_get_state()) { 3071 error_setg(errp, 3072 "VNC password auth disabled due to FIPS mode, " 3073 "consider using the VeNCrypt or SASL authentication " 3074 "methods as an alternative"); 3075 goto fail; 3076 } 3077 password = 1; /* Require password auth */ 3078 } else if (strncmp(options, "reverse", 7) == 0) { 3079 reverse = 1; 3080 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 3081 lock_key_sync = 0; 3082 #ifdef CONFIG_VNC_SASL 3083 } else if (strncmp(options, "sasl", 4) == 0) { 3084 sasl = 1; /* Require SASL auth */ 3085 #endif 3086 #ifdef CONFIG_VNC_WS 3087 } else if (strncmp(options, "websocket", 9) == 0) { 3088 char *start, *end; 3089 vs->websocket = 1; 3090 3091 /* Check for 'websocket=<port>' */ 3092 start = strchr(options, '='); 3093 end = strchr(options, ','); 3094 if (start && (!end || (start < end))) { 3095 int len = end ? end-(start+1) : strlen(start+1); 3096 if (len < 6) { 3097 /* extract the host specification from display */ 3098 char *host = NULL, *port = NULL, *host_end = NULL; 3099 port = g_strndup(start + 1, len); 3100 3101 /* ipv6 hosts have colons */ 3102 end = strchr(display, ','); 3103 host_end = g_strrstr_len(display, end - display, ":"); 3104 3105 if (host_end) { 3106 host = g_strndup(display, host_end - display + 1); 3107 } else { 3108 host = g_strndup(":", 1); 3109 } 3110 vs->ws_display = g_strconcat(host, port, NULL); 3111 g_free(host); 3112 g_free(port); 3113 } 3114 } 3115 #endif /* CONFIG_VNC_WS */ 3116 #ifdef CONFIG_VNC_TLS 3117 } else if (strncmp(options, "tls", 3) == 0) { 3118 tls = 1; /* Require TLS */ 3119 } else if (strncmp(options, "x509", 4) == 0) { 3120 char *start, *end; 3121 x509 = 1; /* Require x509 certificates */ 3122 if (strncmp(options, "x509verify", 10) == 0) 3123 vs->tls.x509verify = 1; /* ...and verify client certs */ 3124 3125 /* Now check for 'x509=/some/path' postfix 3126 * and use that to setup x509 certificate/key paths */ 3127 start = strchr(options, '='); 3128 end = strchr(options, ','); 3129 if (start && (!end || (start < end))) { 3130 int len = end ? end-(start+1) : strlen(start+1); 3131 char *path = g_strndup(start + 1, len); 3132 3133 VNC_DEBUG("Trying certificate path '%s'\n", path); 3134 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3135 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 3136 g_free(path); 3137 goto fail; 3138 } 3139 g_free(path); 3140 } else { 3141 error_setg(errp, "No certificate path provided"); 3142 goto fail; 3143 } 3144 #endif 3145 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3146 } else if (strncmp(options, "acl", 3) == 0) { 3147 acl = 1; 3148 #endif 3149 } else if (strncmp(options, "lossy", 5) == 0) { 3150 vs->lossy = true; 3151 } else if (strncmp(options, "non-adaptive", 12) == 0) { 3152 vs->non_adaptive = true; 3153 } else if (strncmp(options, "share=", 6) == 0) { 3154 if (strncmp(options+6, "ignore", 6) == 0) { 3155 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3156 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 3157 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3158 } else if (strncmp(options+6, "force-shared", 12) == 0) { 3159 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3160 } else { 3161 error_setg(errp, "unknown vnc share= option"); 3162 goto fail; 3163 } 3164 } 3165 } 3166 3167 #ifdef CONFIG_VNC_TLS 3168 if (acl && x509 && vs->tls.x509verify) { 3169 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 3170 fprintf(stderr, "Failed to create x509 dname ACL\n"); 3171 exit(1); 3172 } 3173 } 3174 #endif 3175 #ifdef CONFIG_VNC_SASL 3176 if (acl && sasl) { 3177 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 3178 fprintf(stderr, "Failed to create username ACL\n"); 3179 exit(1); 3180 } 3181 } 3182 #endif 3183 3184 /* 3185 * Combinations we support here: 3186 * 3187 * - no-auth (clear text, no auth) 3188 * - password (clear text, weak auth) 3189 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 3190 * - tls (encrypt, weak anonymous creds, no auth) 3191 * - tls + password (encrypt, weak anonymous creds, weak auth) 3192 * - tls + sasl (encrypt, weak anonymous creds, good auth) 3193 * - tls + x509 (encrypt, good x509 creds, no auth) 3194 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 3195 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 3196 * 3197 * NB1. TLS is a stackable auth scheme. 3198 * NB2. the x509 schemes have option to validate a client cert dname 3199 */ 3200 if (password) { 3201 #ifdef CONFIG_VNC_TLS 3202 if (tls) { 3203 vs->auth = VNC_AUTH_VENCRYPT; 3204 if (x509) { 3205 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3206 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3207 } else { 3208 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3209 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3210 } 3211 } else { 3212 #endif /* CONFIG_VNC_TLS */ 3213 VNC_DEBUG("Initializing VNC server with password auth\n"); 3214 vs->auth = VNC_AUTH_VNC; 3215 #ifdef CONFIG_VNC_TLS 3216 vs->subauth = VNC_AUTH_INVALID; 3217 } 3218 #endif /* CONFIG_VNC_TLS */ 3219 #ifdef CONFIG_VNC_SASL 3220 } else if (sasl) { 3221 #ifdef CONFIG_VNC_TLS 3222 if (tls) { 3223 vs->auth = VNC_AUTH_VENCRYPT; 3224 if (x509) { 3225 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3226 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3227 } else { 3228 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3229 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3230 } 3231 } else { 3232 #endif /* CONFIG_VNC_TLS */ 3233 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3234 vs->auth = VNC_AUTH_SASL; 3235 #ifdef CONFIG_VNC_TLS 3236 vs->subauth = VNC_AUTH_INVALID; 3237 } 3238 #endif /* CONFIG_VNC_TLS */ 3239 #endif /* CONFIG_VNC_SASL */ 3240 } else { 3241 #ifdef CONFIG_VNC_TLS 3242 if (tls) { 3243 vs->auth = VNC_AUTH_VENCRYPT; 3244 if (x509) { 3245 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3246 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3247 } else { 3248 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3249 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3250 } 3251 } else { 3252 #endif 3253 VNC_DEBUG("Initializing VNC server with no auth\n"); 3254 vs->auth = VNC_AUTH_NONE; 3255 #ifdef CONFIG_VNC_TLS 3256 vs->subauth = VNC_AUTH_INVALID; 3257 } 3258 #endif 3259 } 3260 3261 #ifdef CONFIG_VNC_SASL 3262 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3263 error_setg(errp, "Failed to initialize SASL auth: %s", 3264 sasl_errstring(saslErr, NULL, NULL)); 3265 goto fail; 3266 } 3267 #endif 3268 vs->lock_key_sync = lock_key_sync; 3269 3270 if (reverse) { 3271 /* connect to viewer */ 3272 int csock; 3273 vs->lsock = -1; 3274 #ifdef CONFIG_VNC_WS 3275 vs->lwebsock = -1; 3276 #endif 3277 if (strncmp(display, "unix:", 5) == 0) { 3278 csock = unix_connect(display+5, errp); 3279 } else { 3280 csock = inet_connect(display, errp); 3281 } 3282 if (csock < 0) { 3283 goto fail; 3284 } 3285 vnc_connect(vs, csock, 0, 0); 3286 } else { 3287 /* listen for connects */ 3288 char *dpy; 3289 dpy = g_malloc(256); 3290 if (strncmp(display, "unix:", 5) == 0) { 3291 pstrcpy(dpy, 256, "unix:"); 3292 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3293 } else { 3294 vs->lsock = inet_listen(display, dpy, 256, 3295 SOCK_STREAM, 5900, errp); 3296 if (vs->lsock < 0) { 3297 g_free(dpy); 3298 goto fail; 3299 } 3300 #ifdef CONFIG_VNC_WS 3301 if (vs->websocket) { 3302 if (vs->ws_display) { 3303 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256, 3304 SOCK_STREAM, 0, errp); 3305 } else { 3306 vs->lwebsock = inet_listen(vs->display, NULL, 256, 3307 SOCK_STREAM, 5700, errp); 3308 } 3309 3310 if (vs->lwebsock < 0) { 3311 if (vs->lsock) { 3312 close(vs->lsock); 3313 vs->lsock = -1; 3314 } 3315 g_free(dpy); 3316 goto fail; 3317 } 3318 } 3319 #endif /* CONFIG_VNC_WS */ 3320 } 3321 g_free(vs->display); 3322 vs->display = dpy; 3323 qemu_set_fd_handler2(vs->lsock, NULL, 3324 vnc_listen_regular_read, NULL, vs); 3325 #ifdef CONFIG_VNC_WS 3326 if (vs->websocket) { 3327 qemu_set_fd_handler2(vs->lwebsock, NULL, 3328 vnc_listen_websocket_read, NULL, vs); 3329 } 3330 #endif /* CONFIG_VNC_WS */ 3331 } 3332 return; 3333 3334 fail: 3335 g_free(vs->display); 3336 vs->display = NULL; 3337 #ifdef CONFIG_VNC_WS 3338 g_free(vs->ws_display); 3339 vs->ws_display = NULL; 3340 #endif /* CONFIG_VNC_WS */ 3341 } 3342 3343 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth) 3344 { 3345 VncDisplay *vs = vnc_display; 3346 3347 vnc_connect(vs, csock, skipauth, 0); 3348 } 3349