1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu.h" 30 #include "qemu_socket.h" 31 #include "qemu-timer.h" 32 #include "acl.h" 33 #include "qemu-objects.h" 34 35 #define VNC_REFRESH_INTERVAL_BASE 30 36 #define VNC_REFRESH_INTERVAL_INC 50 37 #define VNC_REFRESH_INTERVAL_MAX 2000 38 39 #include "vnc_keysym.h" 40 #include "d3des.h" 41 42 #define count_bits(c, v) { \ 43 for (c = 0; v; v >>= 1) \ 44 { \ 45 c += v & 1; \ 46 } \ 47 } 48 49 static VncDisplay *vnc_display; /* needed for info vnc */ 50 static DisplayChangeListener *dcl; 51 52 static int vnc_cursor_define(VncState *vs); 53 54 static char *addr_to_string(const char *format, 55 struct sockaddr_storage *sa, 56 socklen_t salen) { 57 char *addr; 58 char host[NI_MAXHOST]; 59 char serv[NI_MAXSERV]; 60 int err; 61 size_t addrlen; 62 63 if ((err = getnameinfo((struct sockaddr *)sa, salen, 64 host, sizeof(host), 65 serv, sizeof(serv), 66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 67 VNC_DEBUG("Cannot resolve address %d: %s\n", 68 err, gai_strerror(err)); 69 return NULL; 70 } 71 72 /* Enough for the existing format + the 2 vars we're 73 * substituting in. */ 74 addrlen = strlen(format) + strlen(host) + strlen(serv); 75 addr = qemu_malloc(addrlen + 1); 76 snprintf(addr, addrlen, format, host, serv); 77 addr[addrlen] = '\0'; 78 79 return addr; 80 } 81 82 83 char *vnc_socket_local_addr(const char *format, int fd) { 84 struct sockaddr_storage sa; 85 socklen_t salen; 86 87 salen = sizeof(sa); 88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 89 return NULL; 90 91 return addr_to_string(format, &sa, salen); 92 } 93 94 char *vnc_socket_remote_addr(const char *format, int fd) { 95 struct sockaddr_storage sa; 96 socklen_t salen; 97 98 salen = sizeof(sa); 99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 100 return NULL; 101 102 return addr_to_string(format, &sa, salen); 103 } 104 105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 106 socklen_t salen) 107 { 108 char host[NI_MAXHOST]; 109 char serv[NI_MAXSERV]; 110 int err; 111 112 if ((err = getnameinfo((struct sockaddr *)sa, salen, 113 host, sizeof(host), 114 serv, sizeof(serv), 115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 116 VNC_DEBUG("Cannot resolve address %d: %s\n", 117 err, gai_strerror(err)); 118 return -1; 119 } 120 121 qdict_put(qdict, "host", qstring_from_str(host)); 122 qdict_put(qdict, "service", qstring_from_str(serv)); 123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 124 125 return 0; 126 } 127 128 static int vnc_server_addr_put(QDict *qdict, int fd) 129 { 130 struct sockaddr_storage sa; 131 socklen_t salen; 132 133 salen = sizeof(sa); 134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 135 return -1; 136 } 137 138 return put_addr_qdict(qdict, &sa, salen); 139 } 140 141 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 142 { 143 struct sockaddr_storage sa; 144 socklen_t salen; 145 146 salen = sizeof(sa); 147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 148 return -1; 149 } 150 151 return put_addr_qdict(qdict, &sa, salen); 152 } 153 154 static const char *vnc_auth_name(VncDisplay *vd) { 155 switch (vd->auth) { 156 case VNC_AUTH_INVALID: 157 return "invalid"; 158 case VNC_AUTH_NONE: 159 return "none"; 160 case VNC_AUTH_VNC: 161 return "vnc"; 162 case VNC_AUTH_RA2: 163 return "ra2"; 164 case VNC_AUTH_RA2NE: 165 return "ra2ne"; 166 case VNC_AUTH_TIGHT: 167 return "tight"; 168 case VNC_AUTH_ULTRA: 169 return "ultra"; 170 case VNC_AUTH_TLS: 171 return "tls"; 172 case VNC_AUTH_VENCRYPT: 173 #ifdef CONFIG_VNC_TLS 174 switch (vd->subauth) { 175 case VNC_AUTH_VENCRYPT_PLAIN: 176 return "vencrypt+plain"; 177 case VNC_AUTH_VENCRYPT_TLSNONE: 178 return "vencrypt+tls+none"; 179 case VNC_AUTH_VENCRYPT_TLSVNC: 180 return "vencrypt+tls+vnc"; 181 case VNC_AUTH_VENCRYPT_TLSPLAIN: 182 return "vencrypt+tls+plain"; 183 case VNC_AUTH_VENCRYPT_X509NONE: 184 return "vencrypt+x509+none"; 185 case VNC_AUTH_VENCRYPT_X509VNC: 186 return "vencrypt+x509+vnc"; 187 case VNC_AUTH_VENCRYPT_X509PLAIN: 188 return "vencrypt+x509+plain"; 189 case VNC_AUTH_VENCRYPT_TLSSASL: 190 return "vencrypt+tls+sasl"; 191 case VNC_AUTH_VENCRYPT_X509SASL: 192 return "vencrypt+x509+sasl"; 193 default: 194 return "vencrypt"; 195 } 196 #else 197 return "vencrypt"; 198 #endif 199 case VNC_AUTH_SASL: 200 return "sasl"; 201 } 202 return "unknown"; 203 } 204 205 static int vnc_server_info_put(QDict *qdict) 206 { 207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 208 return -1; 209 } 210 211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 212 return 0; 213 } 214 215 static void vnc_client_cache_auth(VncState *client) 216 { 217 QDict *qdict; 218 219 if (!client->info) { 220 return; 221 } 222 223 qdict = qobject_to_qdict(client->info); 224 225 #ifdef CONFIG_VNC_TLS 226 if (client->tls.session && 227 client->tls.dname) { 228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 229 } 230 #endif 231 #ifdef CONFIG_VNC_SASL 232 if (client->sasl.conn && 233 client->sasl.username) { 234 qdict_put(qdict, "sasl_username", 235 qstring_from_str(client->sasl.username)); 236 } 237 #endif 238 } 239 240 static void vnc_client_cache_addr(VncState *client) 241 { 242 QDict *qdict; 243 244 qdict = qdict_new(); 245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 246 QDECREF(qdict); 247 /* XXX: how to report the error? */ 248 return; 249 } 250 251 client->info = QOBJECT(qdict); 252 } 253 254 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 255 { 256 QDict *server; 257 QObject *data; 258 259 if (!vs->info) { 260 return; 261 } 262 263 server = qdict_new(); 264 if (vnc_server_info_put(server) < 0) { 265 QDECREF(server); 266 return; 267 } 268 269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 270 vs->info, QOBJECT(server)); 271 272 monitor_protocol_event(event, data); 273 274 qobject_incref(vs->info); 275 qobject_decref(data); 276 } 277 278 static void info_vnc_iter(QObject *obj, void *opaque) 279 { 280 QDict *client; 281 Monitor *mon = opaque; 282 283 client = qobject_to_qdict(obj); 284 monitor_printf(mon, "Client:\n"); 285 monitor_printf(mon, " address: %s:%s\n", 286 qdict_get_str(client, "host"), 287 qdict_get_str(client, "service")); 288 289 #ifdef CONFIG_VNC_TLS 290 monitor_printf(mon, " x509_dname: %s\n", 291 qdict_haskey(client, "x509_dname") ? 292 qdict_get_str(client, "x509_dname") : "none"); 293 #endif 294 #ifdef CONFIG_VNC_SASL 295 monitor_printf(mon, " username: %s\n", 296 qdict_haskey(client, "sasl_username") ? 297 qdict_get_str(client, "sasl_username") : "none"); 298 #endif 299 } 300 301 void do_info_vnc_print(Monitor *mon, const QObject *data) 302 { 303 QDict *server; 304 QList *clients; 305 306 server = qobject_to_qdict(data); 307 if (qdict_get_bool(server, "enabled") == 0) { 308 monitor_printf(mon, "Server: disabled\n"); 309 return; 310 } 311 312 monitor_printf(mon, "Server:\n"); 313 monitor_printf(mon, " address: %s:%s\n", 314 qdict_get_str(server, "host"), 315 qdict_get_str(server, "service")); 316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth")); 317 318 clients = qdict_get_qlist(server, "clients"); 319 if (qlist_empty(clients)) { 320 monitor_printf(mon, "Client: none\n"); 321 } else { 322 qlist_iter(clients, info_vnc_iter, mon); 323 } 324 } 325 326 void do_info_vnc(Monitor *mon, QObject **ret_data) 327 { 328 if (vnc_display == NULL || vnc_display->display == NULL) { 329 *ret_data = qobject_from_jsonf("{ 'enabled': false }"); 330 } else { 331 QList *clist; 332 VncState *client; 333 334 clist = qlist_new(); 335 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 336 if (client->info) { 337 /* incref so that it's not freed by upper layers */ 338 qobject_incref(client->info); 339 qlist_append_obj(clist, client->info); 340 } 341 } 342 343 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }", 344 QOBJECT(clist)); 345 assert(*ret_data != NULL); 346 347 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) { 348 qobject_decref(*ret_data); 349 *ret_data = NULL; 350 } 351 } 352 } 353 354 /* TODO 355 1) Get the queue working for IO. 356 2) there is some weirdness when using the -S option (the screen is grey 357 and not totally invalidated 358 3) resolutions > 1024 359 */ 360 361 static int vnc_update_client(VncState *vs, int has_dirty); 362 static int vnc_update_client_sync(VncState *vs, int has_dirty); 363 static void vnc_disconnect_start(VncState *vs); 364 static void vnc_disconnect_finish(VncState *vs); 365 static void vnc_init_timer(VncDisplay *vd); 366 static void vnc_remove_timer(VncDisplay *vd); 367 368 static void vnc_colordepth(VncState *vs); 369 static void framebuffer_update_request(VncState *vs, int incremental, 370 int x_position, int y_position, 371 int w, int h); 372 static void vnc_refresh(void *opaque); 373 static int vnc_refresh_server_surface(VncDisplay *vd); 374 375 static inline void vnc_set_bit(uint32_t *d, int k) 376 { 377 d[k >> 5] |= 1 << (k & 0x1f); 378 } 379 380 static inline void vnc_clear_bit(uint32_t *d, int k) 381 { 382 d[k >> 5] &= ~(1 << (k & 0x1f)); 383 } 384 385 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words) 386 { 387 int j; 388 389 j = 0; 390 while (n >= 32) { 391 d[j++] = -1; 392 n -= 32; 393 } 394 if (n > 0) 395 d[j++] = (1 << n) - 1; 396 while (j < nb_words) 397 d[j++] = 0; 398 } 399 400 static inline int vnc_get_bit(const uint32_t *d, int k) 401 { 402 return (d[k >> 5] >> (k & 0x1f)) & 1; 403 } 404 405 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2, 406 int nb_words) 407 { 408 int i; 409 for(i = 0; i < nb_words; i++) { 410 if ((d1[i] & d2[i]) != 0) 411 return 1; 412 } 413 return 0; 414 } 415 416 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h) 417 { 418 int i; 419 VncDisplay *vd = ds->opaque; 420 struct VncSurface *s = &vd->guest; 421 422 h += y; 423 424 /* round x down to ensure the loop only spans one 16-pixel block per, 425 iteration. otherwise, if (x % 16) != 0, the last iteration may span 426 two 16-pixel blocks but we only mark the first as dirty 427 */ 428 w += (x % 16); 429 x -= (x % 16); 430 431 x = MIN(x, s->ds->width); 432 y = MIN(y, s->ds->height); 433 w = MIN(x + w, s->ds->width) - x; 434 h = MIN(h, s->ds->height); 435 436 for (; y < h; y++) 437 for (i = 0; i < w; i += 16) 438 vnc_set_bit(s->dirty[y], (x + i) / 16); 439 } 440 441 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 442 int32_t encoding) 443 { 444 vnc_write_u16(vs, x); 445 vnc_write_u16(vs, y); 446 vnc_write_u16(vs, w); 447 vnc_write_u16(vs, h); 448 449 vnc_write_s32(vs, encoding); 450 } 451 452 void buffer_reserve(Buffer *buffer, size_t len) 453 { 454 if ((buffer->capacity - buffer->offset) < len) { 455 buffer->capacity += (len + 1024); 456 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity); 457 if (buffer->buffer == NULL) { 458 fprintf(stderr, "vnc: out of memory\n"); 459 exit(1); 460 } 461 } 462 } 463 464 int buffer_empty(Buffer *buffer) 465 { 466 return buffer->offset == 0; 467 } 468 469 uint8_t *buffer_end(Buffer *buffer) 470 { 471 return buffer->buffer + buffer->offset; 472 } 473 474 void buffer_reset(Buffer *buffer) 475 { 476 buffer->offset = 0; 477 } 478 479 void buffer_free(Buffer *buffer) 480 { 481 qemu_free(buffer->buffer); 482 buffer->offset = 0; 483 buffer->capacity = 0; 484 buffer->buffer = NULL; 485 } 486 487 void buffer_append(Buffer *buffer, const void *data, size_t len) 488 { 489 memcpy(buffer->buffer + buffer->offset, data, len); 490 buffer->offset += len; 491 } 492 493 static void vnc_desktop_resize(VncState *vs) 494 { 495 DisplayState *ds = vs->ds; 496 497 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 498 return; 499 } 500 if (vs->client_width == ds_get_width(ds) && 501 vs->client_height == ds_get_height(ds)) { 502 return; 503 } 504 vs->client_width = ds_get_width(ds); 505 vs->client_height = ds_get_height(ds); 506 vnc_lock_output(vs); 507 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 508 vnc_write_u8(vs, 0); 509 vnc_write_u16(vs, 1); /* number of rects */ 510 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 511 VNC_ENCODING_DESKTOPRESIZE); 512 vnc_unlock_output(vs); 513 vnc_flush(vs); 514 } 515 516 #ifdef CONFIG_VNC_THREAD 517 static void vnc_abort_display_jobs(VncDisplay *vd) 518 { 519 VncState *vs; 520 521 QTAILQ_FOREACH(vs, &vd->clients, next) { 522 vnc_lock_output(vs); 523 vs->abort = true; 524 vnc_unlock_output(vs); 525 } 526 QTAILQ_FOREACH(vs, &vd->clients, next) { 527 vnc_jobs_join(vs); 528 } 529 QTAILQ_FOREACH(vs, &vd->clients, next) { 530 vnc_lock_output(vs); 531 vs->abort = false; 532 vnc_unlock_output(vs); 533 } 534 } 535 #else 536 static void vnc_abort_display_jobs(VncDisplay *vd) 537 { 538 } 539 #endif 540 541 static void vnc_dpy_resize(DisplayState *ds) 542 { 543 VncDisplay *vd = ds->opaque; 544 VncState *vs; 545 546 vnc_abort_display_jobs(vd); 547 548 /* server surface */ 549 if (!vd->server) 550 vd->server = qemu_mallocz(sizeof(*vd->server)); 551 if (vd->server->data) 552 qemu_free(vd->server->data); 553 *(vd->server) = *(ds->surface); 554 vd->server->data = qemu_mallocz(vd->server->linesize * 555 vd->server->height); 556 557 /* guest surface */ 558 if (!vd->guest.ds) 559 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds)); 560 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 561 console_color_init(ds); 562 *(vd->guest.ds) = *(ds->surface); 563 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 564 565 QTAILQ_FOREACH(vs, &vd->clients, next) { 566 vnc_colordepth(vs); 567 vnc_desktop_resize(vs); 568 if (vs->vd->cursor) { 569 vnc_cursor_define(vs); 570 } 571 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 572 } 573 } 574 575 /* fastest code */ 576 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf, 577 void *pixels, int size) 578 { 579 vnc_write(vs, pixels, size); 580 } 581 582 /* slowest but generic code. */ 583 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 584 { 585 uint8_t r, g, b; 586 VncDisplay *vd = vs->vd; 587 588 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >> 589 vd->server->pf.rbits); 590 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >> 591 vd->server->pf.gbits); 592 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >> 593 vd->server->pf.bbits); 594 v = (r << vs->clientds.pf.rshift) | 595 (g << vs->clientds.pf.gshift) | 596 (b << vs->clientds.pf.bshift); 597 switch(vs->clientds.pf.bytes_per_pixel) { 598 case 1: 599 buf[0] = v; 600 break; 601 case 2: 602 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) { 603 buf[0] = v >> 8; 604 buf[1] = v; 605 } else { 606 buf[1] = v >> 8; 607 buf[0] = v; 608 } 609 break; 610 default: 611 case 4: 612 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) { 613 buf[0] = v >> 24; 614 buf[1] = v >> 16; 615 buf[2] = v >> 8; 616 buf[3] = v; 617 } else { 618 buf[3] = v >> 24; 619 buf[2] = v >> 16; 620 buf[1] = v >> 8; 621 buf[0] = v; 622 } 623 break; 624 } 625 } 626 627 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf, 628 void *pixels1, int size) 629 { 630 uint8_t buf[4]; 631 632 if (pf->bytes_per_pixel == 4) { 633 uint32_t *pixels = pixels1; 634 int n, i; 635 n = size >> 2; 636 for(i = 0; i < n; i++) { 637 vnc_convert_pixel(vs, buf, pixels[i]); 638 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 639 } 640 } else if (pf->bytes_per_pixel == 2) { 641 uint16_t *pixels = pixels1; 642 int n, i; 643 n = size >> 1; 644 for(i = 0; i < n; i++) { 645 vnc_convert_pixel(vs, buf, pixels[i]); 646 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 647 } 648 } else if (pf->bytes_per_pixel == 1) { 649 uint8_t *pixels = pixels1; 650 int n, i; 651 n = size; 652 for(i = 0; i < n; i++) { 653 vnc_convert_pixel(vs, buf, pixels[i]); 654 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 655 } 656 } else { 657 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n"); 658 } 659 } 660 661 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 662 { 663 int i; 664 uint8_t *row; 665 VncDisplay *vd = vs->vd; 666 667 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds); 668 for (i = 0; i < h; i++) { 669 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds)); 670 row += ds_get_linesize(vs->ds); 671 } 672 return 1; 673 } 674 675 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 676 { 677 int n = 0; 678 679 switch(vs->vnc_encoding) { 680 case VNC_ENCODING_ZLIB: 681 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 682 break; 683 case VNC_ENCODING_HEXTILE: 684 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 685 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 686 break; 687 case VNC_ENCODING_TIGHT: 688 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 689 break; 690 case VNC_ENCODING_TIGHT_PNG: 691 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 692 break; 693 default: 694 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 695 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 696 break; 697 } 698 return n; 699 } 700 701 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 702 { 703 /* send bitblit op to the vnc client */ 704 vnc_lock_output(vs); 705 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 706 vnc_write_u8(vs, 0); 707 vnc_write_u16(vs, 1); /* number of rects */ 708 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 709 vnc_write_u16(vs, src_x); 710 vnc_write_u16(vs, src_y); 711 vnc_unlock_output(vs); 712 vnc_flush(vs); 713 } 714 715 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 716 { 717 VncDisplay *vd = ds->opaque; 718 VncState *vs, *vn; 719 uint8_t *src_row; 720 uint8_t *dst_row; 721 int i,x,y,pitch,depth,inc,w_lim,s; 722 int cmp_bytes; 723 724 vnc_refresh_server_surface(vd); 725 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 726 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 727 vs->force_update = 1; 728 vnc_update_client_sync(vs, 1); 729 /* vs might be free()ed here */ 730 } 731 } 732 733 /* do bitblit op on the local surface too */ 734 pitch = ds_get_linesize(vd->ds); 735 depth = ds_get_bytes_per_pixel(vd->ds); 736 src_row = vd->server->data + pitch * src_y + depth * src_x; 737 dst_row = vd->server->data + pitch * dst_y + depth * dst_x; 738 y = dst_y; 739 inc = 1; 740 if (dst_y > src_y) { 741 /* copy backwards */ 742 src_row += pitch * (h-1); 743 dst_row += pitch * (h-1); 744 pitch = -pitch; 745 y = dst_y + h - 1; 746 inc = -1; 747 } 748 w_lim = w - (16 - (dst_x % 16)); 749 if (w_lim < 0) 750 w_lim = w; 751 else 752 w_lim = w - (w_lim % 16); 753 for (i = 0; i < h; i++) { 754 for (x = 0; x <= w_lim; 755 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 756 if (x == w_lim) { 757 if ((s = w - w_lim) == 0) 758 break; 759 } else if (!x) { 760 s = (16 - (dst_x % 16)); 761 s = MIN(s, w_lim); 762 } else { 763 s = 16; 764 } 765 cmp_bytes = s * depth; 766 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 767 continue; 768 memmove(dst_row, src_row, cmp_bytes); 769 QTAILQ_FOREACH(vs, &vd->clients, next) { 770 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 771 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16)); 772 } 773 } 774 } 775 src_row += pitch - w * depth; 776 dst_row += pitch - w * depth; 777 y += inc; 778 } 779 780 QTAILQ_FOREACH(vs, &vd->clients, next) { 781 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 782 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 783 } 784 } 785 } 786 787 static void vnc_mouse_set(int x, int y, int visible) 788 { 789 /* can we ask the client(s) to move the pointer ??? */ 790 } 791 792 static int vnc_cursor_define(VncState *vs) 793 { 794 QEMUCursor *c = vs->vd->cursor; 795 PixelFormat pf = qemu_default_pixelformat(32); 796 int isize; 797 798 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 799 vnc_lock_output(vs); 800 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 801 vnc_write_u8(vs, 0); /* padding */ 802 vnc_write_u16(vs, 1); /* # of rects */ 803 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 804 VNC_ENCODING_RICH_CURSOR); 805 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel; 806 vnc_write_pixels_generic(vs, &pf, c->data, isize); 807 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 808 vnc_unlock_output(vs); 809 return 0; 810 } 811 return -1; 812 } 813 814 static void vnc_dpy_cursor_define(QEMUCursor *c) 815 { 816 VncDisplay *vd = vnc_display; 817 VncState *vs; 818 819 cursor_put(vd->cursor); 820 qemu_free(vd->cursor_mask); 821 822 vd->cursor = c; 823 cursor_get(vd->cursor); 824 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 825 vd->cursor_mask = qemu_mallocz(vd->cursor_msize); 826 cursor_get_mono_mask(c, 0, vd->cursor_mask); 827 828 QTAILQ_FOREACH(vs, &vd->clients, next) { 829 vnc_cursor_define(vs); 830 } 831 } 832 833 static int find_and_clear_dirty_height(struct VncState *vs, 834 int y, int last_x, int x) 835 { 836 int h; 837 VncDisplay *vd = vs->vd; 838 839 for (h = 1; h < (vd->server->height - y); h++) { 840 int tmp_x; 841 if (!vnc_get_bit(vs->dirty[y + h], last_x)) 842 break; 843 for (tmp_x = last_x; tmp_x < x; tmp_x++) 844 vnc_clear_bit(vs->dirty[y + h], tmp_x); 845 } 846 847 return h; 848 } 849 850 #ifdef CONFIG_VNC_THREAD 851 static int vnc_update_client_sync(VncState *vs, int has_dirty) 852 { 853 int ret = vnc_update_client(vs, has_dirty); 854 vnc_jobs_join(vs); 855 return ret; 856 } 857 #else 858 static int vnc_update_client_sync(VncState *vs, int has_dirty) 859 { 860 return vnc_update_client(vs, has_dirty); 861 } 862 #endif 863 864 static int vnc_update_client(VncState *vs, int has_dirty) 865 { 866 if (vs->need_update && vs->csock != -1) { 867 VncDisplay *vd = vs->vd; 868 VncJob *job; 869 int y; 870 int width, height; 871 int n = 0; 872 873 874 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 875 /* kernel send buffers are full -> drop frames to throttle */ 876 return 0; 877 878 if (!has_dirty && !vs->audio_cap && !vs->force_update) 879 return 0; 880 881 /* 882 * Send screen updates to the vnc client using the server 883 * surface and server dirty map. guest surface updates 884 * happening in parallel don't disturb us, the next pass will 885 * send them to the client. 886 */ 887 job = vnc_job_new(vs); 888 889 width = MIN(vd->server->width, vs->client_width); 890 height = MIN(vd->server->height, vs->client_height); 891 892 for (y = 0; y < height; y++) { 893 int x; 894 int last_x = -1; 895 for (x = 0; x < width / 16; x++) { 896 if (vnc_get_bit(vs->dirty[y], x)) { 897 if (last_x == -1) { 898 last_x = x; 899 } 900 vnc_clear_bit(vs->dirty[y], x); 901 } else { 902 if (last_x != -1) { 903 int h = find_and_clear_dirty_height(vs, y, last_x, x); 904 905 n += vnc_job_add_rect(job, last_x * 16, y, 906 (x - last_x) * 16, h); 907 } 908 last_x = -1; 909 } 910 } 911 if (last_x != -1) { 912 int h = find_and_clear_dirty_height(vs, y, last_x, x); 913 n += vnc_job_add_rect(job, last_x * 16, y, 914 (x - last_x) * 16, h); 915 } 916 } 917 918 vnc_job_push(job); 919 vs->force_update = 0; 920 return n; 921 } 922 923 if (vs->csock == -1) 924 vnc_disconnect_finish(vs); 925 926 return 0; 927 } 928 929 /* audio */ 930 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 931 { 932 VncState *vs = opaque; 933 934 switch (cmd) { 935 case AUD_CNOTIFY_DISABLE: 936 vnc_lock_output(vs); 937 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 938 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 939 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 940 vnc_unlock_output(vs); 941 vnc_flush(vs); 942 break; 943 944 case AUD_CNOTIFY_ENABLE: 945 vnc_lock_output(vs); 946 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 947 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 948 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 949 vnc_unlock_output(vs); 950 vnc_flush(vs); 951 break; 952 } 953 } 954 955 static void audio_capture_destroy(void *opaque) 956 { 957 } 958 959 static void audio_capture(void *opaque, void *buf, int size) 960 { 961 VncState *vs = opaque; 962 963 vnc_lock_output(vs); 964 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 965 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 966 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 967 vnc_write_u32(vs, size); 968 vnc_write(vs, buf, size); 969 vnc_unlock_output(vs); 970 vnc_flush(vs); 971 } 972 973 static void audio_add(VncState *vs) 974 { 975 struct audio_capture_ops ops; 976 977 if (vs->audio_cap) { 978 monitor_printf(default_mon, "audio already running\n"); 979 return; 980 } 981 982 ops.notify = audio_capture_notify; 983 ops.destroy = audio_capture_destroy; 984 ops.capture = audio_capture; 985 986 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 987 if (!vs->audio_cap) { 988 monitor_printf(default_mon, "Failed to add audio capture\n"); 989 } 990 } 991 992 static void audio_del(VncState *vs) 993 { 994 if (vs->audio_cap) { 995 AUD_del_capture(vs->audio_cap, vs); 996 vs->audio_cap = NULL; 997 } 998 } 999 1000 static void vnc_disconnect_start(VncState *vs) 1001 { 1002 if (vs->csock == -1) 1003 return; 1004 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1005 closesocket(vs->csock); 1006 vs->csock = -1; 1007 } 1008 1009 static void vnc_disconnect_finish(VncState *vs) 1010 { 1011 vnc_jobs_join(vs); /* Wait encoding jobs */ 1012 1013 vnc_lock_output(vs); 1014 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1015 1016 buffer_free(&vs->input); 1017 buffer_free(&vs->output); 1018 1019 qobject_decref(vs->info); 1020 1021 vnc_zlib_clear(vs); 1022 vnc_tight_clear(vs); 1023 1024 #ifdef CONFIG_VNC_TLS 1025 vnc_tls_client_cleanup(vs); 1026 #endif /* CONFIG_VNC_TLS */ 1027 #ifdef CONFIG_VNC_SASL 1028 vnc_sasl_client_cleanup(vs); 1029 #endif /* CONFIG_VNC_SASL */ 1030 audio_del(vs); 1031 1032 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1033 1034 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1035 dcl->idle = 1; 1036 } 1037 1038 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1039 vnc_remove_timer(vs->vd); 1040 if (vs->vd->lock_key_sync) 1041 qemu_remove_led_event_handler(vs->led); 1042 vnc_unlock_output(vs); 1043 1044 #ifdef CONFIG_VNC_THREAD 1045 qemu_mutex_destroy(&vs->output_mutex); 1046 #endif 1047 qemu_free(vs); 1048 } 1049 1050 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1051 { 1052 if (ret == 0 || ret == -1) { 1053 if (ret == -1) { 1054 switch (last_errno) { 1055 case EINTR: 1056 case EAGAIN: 1057 #ifdef _WIN32 1058 case WSAEWOULDBLOCK: 1059 #endif 1060 return 0; 1061 default: 1062 break; 1063 } 1064 } 1065 1066 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1067 ret, ret < 0 ? last_errno : 0); 1068 vnc_disconnect_start(vs); 1069 1070 return 0; 1071 } 1072 return ret; 1073 } 1074 1075 1076 void vnc_client_error(VncState *vs) 1077 { 1078 VNC_DEBUG("Closing down client sock: protocol error\n"); 1079 vnc_disconnect_start(vs); 1080 } 1081 1082 1083 /* 1084 * Called to write a chunk of data to the client socket. The data may 1085 * be the raw data, or may have already been encoded by SASL. 1086 * The data will be written either straight onto the socket, or 1087 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1088 * 1089 * NB, it is theoretically possible to have 2 layers of encryption, 1090 * both SASL, and this TLS layer. It is highly unlikely in practice 1091 * though, since SASL encryption will typically be a no-op if TLS 1092 * is active 1093 * 1094 * Returns the number of bytes written, which may be less than 1095 * the requested 'datalen' if the socket would block. Returns 1096 * -1 on error, and disconnects the client socket. 1097 */ 1098 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1099 { 1100 long ret; 1101 #ifdef CONFIG_VNC_TLS 1102 if (vs->tls.session) { 1103 ret = gnutls_write(vs->tls.session, data, datalen); 1104 if (ret < 0) { 1105 if (ret == GNUTLS_E_AGAIN) 1106 errno = EAGAIN; 1107 else 1108 errno = EIO; 1109 ret = -1; 1110 } 1111 } else 1112 #endif /* CONFIG_VNC_TLS */ 1113 ret = send(vs->csock, (const void *)data, datalen, 0); 1114 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1115 return vnc_client_io_error(vs, ret, socket_error()); 1116 } 1117 1118 1119 /* 1120 * Called to write buffered data to the client socket, when not 1121 * using any SASL SSF encryption layers. Will write as much data 1122 * as possible without blocking. If all buffered data is written, 1123 * will switch the FD poll() handler back to read monitoring. 1124 * 1125 * Returns the number of bytes written, which may be less than 1126 * the buffered output data if the socket would block. Returns 1127 * -1 on error, and disconnects the client socket. 1128 */ 1129 static long vnc_client_write_plain(VncState *vs) 1130 { 1131 long ret; 1132 1133 #ifdef CONFIG_VNC_SASL 1134 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1135 vs->output.buffer, vs->output.capacity, vs->output.offset, 1136 vs->sasl.waitWriteSSF); 1137 1138 if (vs->sasl.conn && 1139 vs->sasl.runSSF && 1140 vs->sasl.waitWriteSSF) { 1141 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1142 if (ret) 1143 vs->sasl.waitWriteSSF -= ret; 1144 } else 1145 #endif /* CONFIG_VNC_SASL */ 1146 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1147 if (!ret) 1148 return 0; 1149 1150 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret)); 1151 vs->output.offset -= ret; 1152 1153 if (vs->output.offset == 0) { 1154 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1155 } 1156 1157 return ret; 1158 } 1159 1160 1161 /* 1162 * First function called whenever there is data to be written to 1163 * the client socket. Will delegate actual work according to whether 1164 * SASL SSF layers are enabled (thus requiring encryption calls) 1165 */ 1166 static void vnc_client_write_locked(void *opaque) 1167 { 1168 VncState *vs = opaque; 1169 1170 #ifdef CONFIG_VNC_SASL 1171 if (vs->sasl.conn && 1172 vs->sasl.runSSF && 1173 !vs->sasl.waitWriteSSF) { 1174 vnc_client_write_sasl(vs); 1175 } else 1176 #endif /* CONFIG_VNC_SASL */ 1177 vnc_client_write_plain(vs); 1178 } 1179 1180 void vnc_client_write(void *opaque) 1181 { 1182 VncState *vs = opaque; 1183 1184 vnc_lock_output(vs); 1185 if (vs->output.offset) { 1186 vnc_client_write_locked(opaque); 1187 } else { 1188 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1189 } 1190 vnc_unlock_output(vs); 1191 } 1192 1193 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1194 { 1195 vs->read_handler = func; 1196 vs->read_handler_expect = expecting; 1197 } 1198 1199 1200 /* 1201 * Called to read a chunk of data from the client socket. The data may 1202 * be the raw data, or may need to be further decoded by SASL. 1203 * The data will be read either straight from to the socket, or 1204 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1205 * 1206 * NB, it is theoretically possible to have 2 layers of encryption, 1207 * both SASL, and this TLS layer. It is highly unlikely in practice 1208 * though, since SASL encryption will typically be a no-op if TLS 1209 * is active 1210 * 1211 * Returns the number of bytes read, which may be less than 1212 * the requested 'datalen' if the socket would block. Returns 1213 * -1 on error, and disconnects the client socket. 1214 */ 1215 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1216 { 1217 long ret; 1218 #ifdef CONFIG_VNC_TLS 1219 if (vs->tls.session) { 1220 ret = gnutls_read(vs->tls.session, data, datalen); 1221 if (ret < 0) { 1222 if (ret == GNUTLS_E_AGAIN) 1223 errno = EAGAIN; 1224 else 1225 errno = EIO; 1226 ret = -1; 1227 } 1228 } else 1229 #endif /* CONFIG_VNC_TLS */ 1230 ret = recv(vs->csock, (void *)data, datalen, 0); 1231 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1232 return vnc_client_io_error(vs, ret, socket_error()); 1233 } 1234 1235 1236 /* 1237 * Called to read data from the client socket to the input buffer, 1238 * when not using any SASL SSF encryption layers. Will read as much 1239 * data as possible without blocking. 1240 * 1241 * Returns the number of bytes read. Returns -1 on error, and 1242 * disconnects the client socket. 1243 */ 1244 static long vnc_client_read_plain(VncState *vs) 1245 { 1246 int ret; 1247 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1248 vs->input.buffer, vs->input.capacity, vs->input.offset); 1249 buffer_reserve(&vs->input, 4096); 1250 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1251 if (!ret) 1252 return 0; 1253 vs->input.offset += ret; 1254 return ret; 1255 } 1256 1257 1258 /* 1259 * First function called whenever there is more data to be read from 1260 * the client socket. Will delegate actual work according to whether 1261 * SASL SSF layers are enabled (thus requiring decryption calls) 1262 */ 1263 void vnc_client_read(void *opaque) 1264 { 1265 VncState *vs = opaque; 1266 long ret; 1267 1268 #ifdef CONFIG_VNC_SASL 1269 if (vs->sasl.conn && vs->sasl.runSSF) 1270 ret = vnc_client_read_sasl(vs); 1271 else 1272 #endif /* CONFIG_VNC_SASL */ 1273 ret = vnc_client_read_plain(vs); 1274 if (!ret) { 1275 if (vs->csock == -1) 1276 vnc_disconnect_finish(vs); 1277 return; 1278 } 1279 1280 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1281 size_t len = vs->read_handler_expect; 1282 int ret; 1283 1284 ret = vs->read_handler(vs, vs->input.buffer, len); 1285 if (vs->csock == -1) { 1286 vnc_disconnect_finish(vs); 1287 return; 1288 } 1289 1290 if (!ret) { 1291 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len)); 1292 vs->input.offset -= len; 1293 } else { 1294 vs->read_handler_expect = ret; 1295 } 1296 } 1297 } 1298 1299 void vnc_write(VncState *vs, const void *data, size_t len) 1300 { 1301 buffer_reserve(&vs->output, len); 1302 1303 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1304 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1305 } 1306 1307 buffer_append(&vs->output, data, len); 1308 } 1309 1310 void vnc_write_s32(VncState *vs, int32_t value) 1311 { 1312 vnc_write_u32(vs, *(uint32_t *)&value); 1313 } 1314 1315 void vnc_write_u32(VncState *vs, uint32_t value) 1316 { 1317 uint8_t buf[4]; 1318 1319 buf[0] = (value >> 24) & 0xFF; 1320 buf[1] = (value >> 16) & 0xFF; 1321 buf[2] = (value >> 8) & 0xFF; 1322 buf[3] = value & 0xFF; 1323 1324 vnc_write(vs, buf, 4); 1325 } 1326 1327 void vnc_write_u16(VncState *vs, uint16_t value) 1328 { 1329 uint8_t buf[2]; 1330 1331 buf[0] = (value >> 8) & 0xFF; 1332 buf[1] = value & 0xFF; 1333 1334 vnc_write(vs, buf, 2); 1335 } 1336 1337 void vnc_write_u8(VncState *vs, uint8_t value) 1338 { 1339 vnc_write(vs, (char *)&value, 1); 1340 } 1341 1342 void vnc_flush(VncState *vs) 1343 { 1344 vnc_lock_output(vs); 1345 if (vs->csock != -1 && vs->output.offset) { 1346 vnc_client_write_locked(vs); 1347 } 1348 vnc_unlock_output(vs); 1349 } 1350 1351 uint8_t read_u8(uint8_t *data, size_t offset) 1352 { 1353 return data[offset]; 1354 } 1355 1356 uint16_t read_u16(uint8_t *data, size_t offset) 1357 { 1358 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1359 } 1360 1361 int32_t read_s32(uint8_t *data, size_t offset) 1362 { 1363 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1364 (data[offset + 2] << 8) | data[offset + 3]); 1365 } 1366 1367 uint32_t read_u32(uint8_t *data, size_t offset) 1368 { 1369 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1370 (data[offset + 2] << 8) | data[offset + 3]); 1371 } 1372 1373 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1374 { 1375 } 1376 1377 static void check_pointer_type_change(Notifier *notifier) 1378 { 1379 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1380 int absolute = kbd_mouse_is_absolute(); 1381 1382 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1383 vnc_lock_output(vs); 1384 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1385 vnc_write_u8(vs, 0); 1386 vnc_write_u16(vs, 1); 1387 vnc_framebuffer_update(vs, absolute, 0, 1388 ds_get_width(vs->ds), ds_get_height(vs->ds), 1389 VNC_ENCODING_POINTER_TYPE_CHANGE); 1390 vnc_unlock_output(vs); 1391 vnc_flush(vs); 1392 } 1393 vs->absolute = absolute; 1394 } 1395 1396 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1397 { 1398 int buttons = 0; 1399 int dz = 0; 1400 1401 if (button_mask & 0x01) 1402 buttons |= MOUSE_EVENT_LBUTTON; 1403 if (button_mask & 0x02) 1404 buttons |= MOUSE_EVENT_MBUTTON; 1405 if (button_mask & 0x04) 1406 buttons |= MOUSE_EVENT_RBUTTON; 1407 if (button_mask & 0x08) 1408 dz = -1; 1409 if (button_mask & 0x10) 1410 dz = 1; 1411 1412 if (vs->absolute) { 1413 kbd_mouse_event(ds_get_width(vs->ds) > 1 ? 1414 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000, 1415 ds_get_height(vs->ds) > 1 ? 1416 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000, 1417 dz, buttons); 1418 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1419 x -= 0x7FFF; 1420 y -= 0x7FFF; 1421 1422 kbd_mouse_event(x, y, dz, buttons); 1423 } else { 1424 if (vs->last_x != -1) 1425 kbd_mouse_event(x - vs->last_x, 1426 y - vs->last_y, 1427 dz, buttons); 1428 vs->last_x = x; 1429 vs->last_y = y; 1430 } 1431 } 1432 1433 static void reset_keys(VncState *vs) 1434 { 1435 int i; 1436 for(i = 0; i < 256; i++) { 1437 if (vs->modifiers_state[i]) { 1438 if (i & SCANCODE_GREY) 1439 kbd_put_keycode(SCANCODE_EMUL0); 1440 kbd_put_keycode(i | SCANCODE_UP); 1441 vs->modifiers_state[i] = 0; 1442 } 1443 } 1444 } 1445 1446 static void press_key(VncState *vs, int keysym) 1447 { 1448 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1449 if (keycode & SCANCODE_GREY) 1450 kbd_put_keycode(SCANCODE_EMUL0); 1451 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1452 if (keycode & SCANCODE_GREY) 1453 kbd_put_keycode(SCANCODE_EMUL0); 1454 kbd_put_keycode(keycode | SCANCODE_UP); 1455 } 1456 1457 static void kbd_leds(void *opaque, int ledstate) 1458 { 1459 VncState *vs = opaque; 1460 int caps, num; 1461 1462 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1463 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1464 1465 if (vs->modifiers_state[0x3a] != caps) { 1466 vs->modifiers_state[0x3a] = caps; 1467 } 1468 if (vs->modifiers_state[0x45] != num) { 1469 vs->modifiers_state[0x45] = num; 1470 } 1471 } 1472 1473 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1474 { 1475 /* QEMU console switch */ 1476 switch(keycode) { 1477 case 0x2a: /* Left Shift */ 1478 case 0x36: /* Right Shift */ 1479 case 0x1d: /* Left CTRL */ 1480 case 0x9d: /* Right CTRL */ 1481 case 0x38: /* Left ALT */ 1482 case 0xb8: /* Right ALT */ 1483 if (down) 1484 vs->modifiers_state[keycode] = 1; 1485 else 1486 vs->modifiers_state[keycode] = 0; 1487 break; 1488 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1489 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1490 /* Reset the modifiers sent to the current console */ 1491 reset_keys(vs); 1492 console_select(keycode - 0x02); 1493 return; 1494 } 1495 break; 1496 case 0x3a: /* CapsLock */ 1497 case 0x45: /* NumLock */ 1498 if (down) 1499 vs->modifiers_state[keycode] ^= 1; 1500 break; 1501 } 1502 1503 if (vs->vd->lock_key_sync && 1504 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1505 /* If the numlock state needs to change then simulate an additional 1506 keypress before sending this one. This will happen if the user 1507 toggles numlock away from the VNC window. 1508 */ 1509 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1510 if (!vs->modifiers_state[0x45]) { 1511 vs->modifiers_state[0x45] = 1; 1512 press_key(vs, 0xff7f); 1513 } 1514 } else { 1515 if (vs->modifiers_state[0x45]) { 1516 vs->modifiers_state[0x45] = 0; 1517 press_key(vs, 0xff7f); 1518 } 1519 } 1520 } 1521 1522 if (vs->vd->lock_key_sync && 1523 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1524 /* If the capslock state needs to change then simulate an additional 1525 keypress before sending this one. This will happen if the user 1526 toggles capslock away from the VNC window. 1527 */ 1528 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1529 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1530 int capslock = !!(vs->modifiers_state[0x3a]); 1531 if (capslock) { 1532 if (uppercase == shift) { 1533 vs->modifiers_state[0x3a] = 0; 1534 press_key(vs, 0xffe5); 1535 } 1536 } else { 1537 if (uppercase != shift) { 1538 vs->modifiers_state[0x3a] = 1; 1539 press_key(vs, 0xffe5); 1540 } 1541 } 1542 } 1543 1544 if (is_graphic_console()) { 1545 if (keycode & SCANCODE_GREY) 1546 kbd_put_keycode(SCANCODE_EMUL0); 1547 if (down) 1548 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1549 else 1550 kbd_put_keycode(keycode | SCANCODE_UP); 1551 } else { 1552 /* QEMU console emulation */ 1553 if (down) { 1554 int numlock = vs->modifiers_state[0x45]; 1555 switch (keycode) { 1556 case 0x2a: /* Left Shift */ 1557 case 0x36: /* Right Shift */ 1558 case 0x1d: /* Left CTRL */ 1559 case 0x9d: /* Right CTRL */ 1560 case 0x38: /* Left ALT */ 1561 case 0xb8: /* Right ALT */ 1562 break; 1563 case 0xc8: 1564 kbd_put_keysym(QEMU_KEY_UP); 1565 break; 1566 case 0xd0: 1567 kbd_put_keysym(QEMU_KEY_DOWN); 1568 break; 1569 case 0xcb: 1570 kbd_put_keysym(QEMU_KEY_LEFT); 1571 break; 1572 case 0xcd: 1573 kbd_put_keysym(QEMU_KEY_RIGHT); 1574 break; 1575 case 0xd3: 1576 kbd_put_keysym(QEMU_KEY_DELETE); 1577 break; 1578 case 0xc7: 1579 kbd_put_keysym(QEMU_KEY_HOME); 1580 break; 1581 case 0xcf: 1582 kbd_put_keysym(QEMU_KEY_END); 1583 break; 1584 case 0xc9: 1585 kbd_put_keysym(QEMU_KEY_PAGEUP); 1586 break; 1587 case 0xd1: 1588 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1589 break; 1590 1591 case 0x47: 1592 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1593 break; 1594 case 0x48: 1595 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1596 break; 1597 case 0x49: 1598 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1599 break; 1600 case 0x4b: 1601 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1602 break; 1603 case 0x4c: 1604 kbd_put_keysym('5'); 1605 break; 1606 case 0x4d: 1607 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1608 break; 1609 case 0x4f: 1610 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1611 break; 1612 case 0x50: 1613 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1614 break; 1615 case 0x51: 1616 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1617 break; 1618 case 0x52: 1619 kbd_put_keysym('0'); 1620 break; 1621 case 0x53: 1622 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1623 break; 1624 1625 case 0xb5: 1626 kbd_put_keysym('/'); 1627 break; 1628 case 0x37: 1629 kbd_put_keysym('*'); 1630 break; 1631 case 0x4a: 1632 kbd_put_keysym('-'); 1633 break; 1634 case 0x4e: 1635 kbd_put_keysym('+'); 1636 break; 1637 case 0x9c: 1638 kbd_put_keysym('\n'); 1639 break; 1640 1641 default: 1642 kbd_put_keysym(sym); 1643 break; 1644 } 1645 } 1646 } 1647 } 1648 1649 static void key_event(VncState *vs, int down, uint32_t sym) 1650 { 1651 int keycode; 1652 int lsym = sym; 1653 1654 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) { 1655 lsym = lsym - 'A' + 'a'; 1656 } 1657 1658 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1659 do_key_event(vs, down, keycode, sym); 1660 } 1661 1662 static void ext_key_event(VncState *vs, int down, 1663 uint32_t sym, uint16_t keycode) 1664 { 1665 /* if the user specifies a keyboard layout, always use it */ 1666 if (keyboard_layout) 1667 key_event(vs, down, sym); 1668 else 1669 do_key_event(vs, down, keycode, sym); 1670 } 1671 1672 static void framebuffer_update_request(VncState *vs, int incremental, 1673 int x_position, int y_position, 1674 int w, int h) 1675 { 1676 if (y_position > ds_get_height(vs->ds)) 1677 y_position = ds_get_height(vs->ds); 1678 if (y_position + h >= ds_get_height(vs->ds)) 1679 h = ds_get_height(vs->ds) - y_position; 1680 1681 int i; 1682 vs->need_update = 1; 1683 if (!incremental) { 1684 vs->force_update = 1; 1685 for (i = 0; i < h; i++) { 1686 vnc_set_bits(vs->dirty[y_position + i], 1687 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS); 1688 } 1689 } 1690 } 1691 1692 static void send_ext_key_event_ack(VncState *vs) 1693 { 1694 vnc_lock_output(vs); 1695 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1696 vnc_write_u8(vs, 0); 1697 vnc_write_u16(vs, 1); 1698 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1699 VNC_ENCODING_EXT_KEY_EVENT); 1700 vnc_unlock_output(vs); 1701 vnc_flush(vs); 1702 } 1703 1704 static void send_ext_audio_ack(VncState *vs) 1705 { 1706 vnc_lock_output(vs); 1707 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1708 vnc_write_u8(vs, 0); 1709 vnc_write_u16(vs, 1); 1710 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1711 VNC_ENCODING_AUDIO); 1712 vnc_unlock_output(vs); 1713 vnc_flush(vs); 1714 } 1715 1716 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1717 { 1718 int i; 1719 unsigned int enc = 0; 1720 1721 vs->features = 0; 1722 vs->vnc_encoding = 0; 1723 vs->tight.compression = 9; 1724 vs->tight.quality = -1; /* Lossless by default */ 1725 vs->absolute = -1; 1726 1727 /* 1728 * Start from the end because the encodings are sent in order of preference. 1729 * This way the prefered encoding (first encoding defined in the array) 1730 * will be set at the end of the loop. 1731 */ 1732 for (i = n_encodings - 1; i >= 0; i--) { 1733 enc = encodings[i]; 1734 switch (enc) { 1735 case VNC_ENCODING_RAW: 1736 vs->vnc_encoding = enc; 1737 break; 1738 case VNC_ENCODING_COPYRECT: 1739 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1740 break; 1741 case VNC_ENCODING_HEXTILE: 1742 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1743 vs->vnc_encoding = enc; 1744 break; 1745 case VNC_ENCODING_TIGHT: 1746 vs->features |= VNC_FEATURE_TIGHT_MASK; 1747 vs->vnc_encoding = enc; 1748 break; 1749 case VNC_ENCODING_TIGHT_PNG: 1750 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1751 vs->vnc_encoding = enc; 1752 break; 1753 case VNC_ENCODING_ZLIB: 1754 vs->features |= VNC_FEATURE_ZLIB_MASK; 1755 vs->vnc_encoding = enc; 1756 break; 1757 case VNC_ENCODING_DESKTOPRESIZE: 1758 vs->features |= VNC_FEATURE_RESIZE_MASK; 1759 break; 1760 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1761 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1762 break; 1763 case VNC_ENCODING_RICH_CURSOR: 1764 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1765 break; 1766 case VNC_ENCODING_EXT_KEY_EVENT: 1767 send_ext_key_event_ack(vs); 1768 break; 1769 case VNC_ENCODING_AUDIO: 1770 send_ext_audio_ack(vs); 1771 break; 1772 case VNC_ENCODING_WMVi: 1773 vs->features |= VNC_FEATURE_WMVI_MASK; 1774 break; 1775 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1776 vs->tight.compression = (enc & 0x0F); 1777 break; 1778 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1779 vs->tight.quality = (enc & 0x0F); 1780 break; 1781 default: 1782 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1783 break; 1784 } 1785 } 1786 vnc_desktop_resize(vs); 1787 check_pointer_type_change(&vs->mouse_mode_notifier); 1788 } 1789 1790 static void set_pixel_conversion(VncState *vs) 1791 { 1792 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) == 1793 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) && 1794 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) { 1795 vs->write_pixels = vnc_write_pixels_copy; 1796 vnc_hextile_set_pixel_conversion(vs, 0); 1797 } else { 1798 vs->write_pixels = vnc_write_pixels_generic; 1799 vnc_hextile_set_pixel_conversion(vs, 1); 1800 } 1801 } 1802 1803 static void set_pixel_format(VncState *vs, 1804 int bits_per_pixel, int depth, 1805 int big_endian_flag, int true_color_flag, 1806 int red_max, int green_max, int blue_max, 1807 int red_shift, int green_shift, int blue_shift) 1808 { 1809 if (!true_color_flag) { 1810 vnc_client_error(vs); 1811 return; 1812 } 1813 1814 vs->clientds = *(vs->vd->guest.ds); 1815 vs->clientds.pf.rmax = red_max; 1816 count_bits(vs->clientds.pf.rbits, red_max); 1817 vs->clientds.pf.rshift = red_shift; 1818 vs->clientds.pf.rmask = red_max << red_shift; 1819 vs->clientds.pf.gmax = green_max; 1820 count_bits(vs->clientds.pf.gbits, green_max); 1821 vs->clientds.pf.gshift = green_shift; 1822 vs->clientds.pf.gmask = green_max << green_shift; 1823 vs->clientds.pf.bmax = blue_max; 1824 count_bits(vs->clientds.pf.bbits, blue_max); 1825 vs->clientds.pf.bshift = blue_shift; 1826 vs->clientds.pf.bmask = blue_max << blue_shift; 1827 vs->clientds.pf.bits_per_pixel = bits_per_pixel; 1828 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8; 1829 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 1830 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00; 1831 1832 set_pixel_conversion(vs); 1833 1834 vga_hw_invalidate(); 1835 vga_hw_update(); 1836 } 1837 1838 static void pixel_format_message (VncState *vs) { 1839 char pad[3] = { 0, 0, 0 }; 1840 1841 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */ 1842 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */ 1843 1844 #ifdef HOST_WORDS_BIGENDIAN 1845 vnc_write_u8(vs, 1); /* big-endian-flag */ 1846 #else 1847 vnc_write_u8(vs, 0); /* big-endian-flag */ 1848 #endif 1849 vnc_write_u8(vs, 1); /* true-color-flag */ 1850 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */ 1851 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */ 1852 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */ 1853 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */ 1854 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */ 1855 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */ 1856 1857 vnc_hextile_set_pixel_conversion(vs, 0); 1858 1859 vs->clientds = *(vs->ds->surface); 1860 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG; 1861 vs->write_pixels = vnc_write_pixels_copy; 1862 1863 vnc_write(vs, pad, 3); /* padding */ 1864 } 1865 1866 static void vnc_dpy_setdata(DisplayState *ds) 1867 { 1868 /* We don't have to do anything */ 1869 } 1870 1871 static void vnc_colordepth(VncState *vs) 1872 { 1873 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 1874 /* Sending a WMVi message to notify the client*/ 1875 vnc_lock_output(vs); 1876 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1877 vnc_write_u8(vs, 0); 1878 vnc_write_u16(vs, 1); /* number of rects */ 1879 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 1880 ds_get_height(vs->ds), VNC_ENCODING_WMVi); 1881 pixel_format_message(vs); 1882 vnc_unlock_output(vs); 1883 vnc_flush(vs); 1884 } else { 1885 set_pixel_conversion(vs); 1886 } 1887 } 1888 1889 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 1890 { 1891 int i; 1892 uint16_t limit; 1893 VncDisplay *vd = vs->vd; 1894 1895 if (data[0] > 3) { 1896 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 1897 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval)) 1898 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval); 1899 } 1900 1901 switch (data[0]) { 1902 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 1903 if (len == 1) 1904 return 20; 1905 1906 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 1907 read_u8(data, 6), read_u8(data, 7), 1908 read_u16(data, 8), read_u16(data, 10), 1909 read_u16(data, 12), read_u8(data, 14), 1910 read_u8(data, 15), read_u8(data, 16)); 1911 break; 1912 case VNC_MSG_CLIENT_SET_ENCODINGS: 1913 if (len == 1) 1914 return 4; 1915 1916 if (len == 4) { 1917 limit = read_u16(data, 2); 1918 if (limit > 0) 1919 return 4 + (limit * 4); 1920 } else 1921 limit = read_u16(data, 2); 1922 1923 for (i = 0; i < limit; i++) { 1924 int32_t val = read_s32(data, 4 + (i * 4)); 1925 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 1926 } 1927 1928 set_encodings(vs, (int32_t *)(data + 4), limit); 1929 break; 1930 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 1931 if (len == 1) 1932 return 10; 1933 1934 framebuffer_update_request(vs, 1935 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 1936 read_u16(data, 6), read_u16(data, 8)); 1937 break; 1938 case VNC_MSG_CLIENT_KEY_EVENT: 1939 if (len == 1) 1940 return 8; 1941 1942 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 1943 break; 1944 case VNC_MSG_CLIENT_POINTER_EVENT: 1945 if (len == 1) 1946 return 6; 1947 1948 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 1949 break; 1950 case VNC_MSG_CLIENT_CUT_TEXT: 1951 if (len == 1) 1952 return 8; 1953 1954 if (len == 8) { 1955 uint32_t dlen = read_u32(data, 4); 1956 if (dlen > 0) 1957 return 8 + dlen; 1958 } 1959 1960 client_cut_text(vs, read_u32(data, 4), data + 8); 1961 break; 1962 case VNC_MSG_CLIENT_QEMU: 1963 if (len == 1) 1964 return 2; 1965 1966 switch (read_u8(data, 1)) { 1967 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 1968 if (len == 2) 1969 return 12; 1970 1971 ext_key_event(vs, read_u16(data, 2), 1972 read_u32(data, 4), read_u32(data, 8)); 1973 break; 1974 case VNC_MSG_CLIENT_QEMU_AUDIO: 1975 if (len == 2) 1976 return 4; 1977 1978 switch (read_u16 (data, 2)) { 1979 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 1980 audio_add(vs); 1981 break; 1982 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 1983 audio_del(vs); 1984 break; 1985 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 1986 if (len == 4) 1987 return 10; 1988 switch (read_u8(data, 4)) { 1989 case 0: vs->as.fmt = AUD_FMT_U8; break; 1990 case 1: vs->as.fmt = AUD_FMT_S8; break; 1991 case 2: vs->as.fmt = AUD_FMT_U16; break; 1992 case 3: vs->as.fmt = AUD_FMT_S16; break; 1993 case 4: vs->as.fmt = AUD_FMT_U32; break; 1994 case 5: vs->as.fmt = AUD_FMT_S32; break; 1995 default: 1996 printf("Invalid audio format %d\n", read_u8(data, 4)); 1997 vnc_client_error(vs); 1998 break; 1999 } 2000 vs->as.nchannels = read_u8(data, 5); 2001 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2002 printf("Invalid audio channel coount %d\n", 2003 read_u8(data, 5)); 2004 vnc_client_error(vs); 2005 break; 2006 } 2007 vs->as.freq = read_u32(data, 6); 2008 break; 2009 default: 2010 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2011 vnc_client_error(vs); 2012 break; 2013 } 2014 break; 2015 2016 default: 2017 printf("Msg: %d\n", read_u16(data, 0)); 2018 vnc_client_error(vs); 2019 break; 2020 } 2021 break; 2022 default: 2023 printf("Msg: %d\n", data[0]); 2024 vnc_client_error(vs); 2025 break; 2026 } 2027 2028 vnc_read_when(vs, protocol_client_msg, 1); 2029 return 0; 2030 } 2031 2032 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2033 { 2034 char buf[1024]; 2035 int size; 2036 2037 vs->client_width = ds_get_width(vs->ds); 2038 vs->client_height = ds_get_height(vs->ds); 2039 vnc_write_u16(vs, vs->client_width); 2040 vnc_write_u16(vs, vs->client_height); 2041 2042 pixel_format_message(vs); 2043 2044 if (qemu_name) 2045 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2046 else 2047 size = snprintf(buf, sizeof(buf), "QEMU"); 2048 2049 vnc_write_u32(vs, size); 2050 vnc_write(vs, buf, size); 2051 vnc_flush(vs); 2052 2053 vnc_client_cache_auth(vs); 2054 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2055 2056 vnc_read_when(vs, protocol_client_msg, 1); 2057 2058 return 0; 2059 } 2060 2061 void start_client_init(VncState *vs) 2062 { 2063 vnc_read_when(vs, protocol_client_init, 1); 2064 } 2065 2066 static void make_challenge(VncState *vs) 2067 { 2068 int i; 2069 2070 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2071 2072 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2073 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2074 } 2075 2076 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2077 { 2078 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2079 int i, j, pwlen; 2080 unsigned char key[8]; 2081 2082 if (!vs->vd->password || !vs->vd->password[0]) { 2083 VNC_DEBUG("No password configured on server"); 2084 vnc_write_u32(vs, 1); /* Reject auth */ 2085 if (vs->minor >= 8) { 2086 static const char err[] = "Authentication failed"; 2087 vnc_write_u32(vs, sizeof(err)); 2088 vnc_write(vs, err, sizeof(err)); 2089 } 2090 vnc_flush(vs); 2091 vnc_client_error(vs); 2092 return 0; 2093 } 2094 2095 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2096 2097 /* Calculate the expected challenge response */ 2098 pwlen = strlen(vs->vd->password); 2099 for (i=0; i<sizeof(key); i++) 2100 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2101 deskey(key, EN0); 2102 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2103 des(response+j, response+j); 2104 2105 /* Compare expected vs actual challenge response */ 2106 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2107 VNC_DEBUG("Client challenge reponse did not match\n"); 2108 vnc_write_u32(vs, 1); /* Reject auth */ 2109 if (vs->minor >= 8) { 2110 static const char err[] = "Authentication failed"; 2111 vnc_write_u32(vs, sizeof(err)); 2112 vnc_write(vs, err, sizeof(err)); 2113 } 2114 vnc_flush(vs); 2115 vnc_client_error(vs); 2116 } else { 2117 VNC_DEBUG("Accepting VNC challenge response\n"); 2118 vnc_write_u32(vs, 0); /* Accept auth */ 2119 vnc_flush(vs); 2120 2121 start_client_init(vs); 2122 } 2123 return 0; 2124 } 2125 2126 void start_auth_vnc(VncState *vs) 2127 { 2128 make_challenge(vs); 2129 /* Send client a 'random' challenge */ 2130 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2131 vnc_flush(vs); 2132 2133 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2134 } 2135 2136 2137 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2138 { 2139 /* We only advertise 1 auth scheme at a time, so client 2140 * must pick the one we sent. Verify this */ 2141 if (data[0] != vs->vd->auth) { /* Reject auth */ 2142 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2143 vnc_write_u32(vs, 1); 2144 if (vs->minor >= 8) { 2145 static const char err[] = "Authentication failed"; 2146 vnc_write_u32(vs, sizeof(err)); 2147 vnc_write(vs, err, sizeof(err)); 2148 } 2149 vnc_client_error(vs); 2150 } else { /* Accept requested auth */ 2151 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2152 switch (vs->vd->auth) { 2153 case VNC_AUTH_NONE: 2154 VNC_DEBUG("Accept auth none\n"); 2155 if (vs->minor >= 8) { 2156 vnc_write_u32(vs, 0); /* Accept auth completion */ 2157 vnc_flush(vs); 2158 } 2159 start_client_init(vs); 2160 break; 2161 2162 case VNC_AUTH_VNC: 2163 VNC_DEBUG("Start VNC auth\n"); 2164 start_auth_vnc(vs); 2165 break; 2166 2167 #ifdef CONFIG_VNC_TLS 2168 case VNC_AUTH_VENCRYPT: 2169 VNC_DEBUG("Accept VeNCrypt auth\n");; 2170 start_auth_vencrypt(vs); 2171 break; 2172 #endif /* CONFIG_VNC_TLS */ 2173 2174 #ifdef CONFIG_VNC_SASL 2175 case VNC_AUTH_SASL: 2176 VNC_DEBUG("Accept SASL auth\n"); 2177 start_auth_sasl(vs); 2178 break; 2179 #endif /* CONFIG_VNC_SASL */ 2180 2181 default: /* Should not be possible, but just in case */ 2182 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth); 2183 vnc_write_u8(vs, 1); 2184 if (vs->minor >= 8) { 2185 static const char err[] = "Authentication failed"; 2186 vnc_write_u32(vs, sizeof(err)); 2187 vnc_write(vs, err, sizeof(err)); 2188 } 2189 vnc_client_error(vs); 2190 } 2191 } 2192 return 0; 2193 } 2194 2195 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2196 { 2197 char local[13]; 2198 2199 memcpy(local, version, 12); 2200 local[12] = 0; 2201 2202 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2203 VNC_DEBUG("Malformed protocol version %s\n", local); 2204 vnc_client_error(vs); 2205 return 0; 2206 } 2207 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2208 if (vs->major != 3 || 2209 (vs->minor != 3 && 2210 vs->minor != 4 && 2211 vs->minor != 5 && 2212 vs->minor != 7 && 2213 vs->minor != 8)) { 2214 VNC_DEBUG("Unsupported client version\n"); 2215 vnc_write_u32(vs, VNC_AUTH_INVALID); 2216 vnc_flush(vs); 2217 vnc_client_error(vs); 2218 return 0; 2219 } 2220 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2221 * as equivalent to v3.3 by servers 2222 */ 2223 if (vs->minor == 4 || vs->minor == 5) 2224 vs->minor = 3; 2225 2226 if (vs->minor == 3) { 2227 if (vs->vd->auth == VNC_AUTH_NONE) { 2228 VNC_DEBUG("Tell client auth none\n"); 2229 vnc_write_u32(vs, vs->vd->auth); 2230 vnc_flush(vs); 2231 start_client_init(vs); 2232 } else if (vs->vd->auth == VNC_AUTH_VNC) { 2233 VNC_DEBUG("Tell client VNC auth\n"); 2234 vnc_write_u32(vs, vs->vd->auth); 2235 vnc_flush(vs); 2236 start_auth_vnc(vs); 2237 } else { 2238 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth); 2239 vnc_write_u32(vs, VNC_AUTH_INVALID); 2240 vnc_flush(vs); 2241 vnc_client_error(vs); 2242 } 2243 } else { 2244 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth); 2245 vnc_write_u8(vs, 1); /* num auth */ 2246 vnc_write_u8(vs, vs->vd->auth); 2247 vnc_read_when(vs, protocol_client_auth, 1); 2248 vnc_flush(vs); 2249 } 2250 2251 return 0; 2252 } 2253 2254 static int vnc_refresh_server_surface(VncDisplay *vd) 2255 { 2256 int y; 2257 uint8_t *guest_row; 2258 uint8_t *server_row; 2259 int cmp_bytes; 2260 uint32_t width_mask[VNC_DIRTY_WORDS]; 2261 VncState *vs; 2262 int has_dirty = 0; 2263 2264 /* 2265 * Walk through the guest dirty map. 2266 * Check and copy modified bits from guest to server surface. 2267 * Update server dirty map. 2268 */ 2269 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS); 2270 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds); 2271 guest_row = vd->guest.ds->data; 2272 server_row = vd->server->data; 2273 for (y = 0; y < vd->guest.ds->height; y++) { 2274 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) { 2275 int x; 2276 uint8_t *guest_ptr; 2277 uint8_t *server_ptr; 2278 2279 guest_ptr = guest_row; 2280 server_ptr = server_row; 2281 2282 for (x = 0; x < vd->guest.ds->width; 2283 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2284 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16))) 2285 continue; 2286 vnc_clear_bit(vd->guest.dirty[y], (x / 16)); 2287 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2288 continue; 2289 memcpy(server_ptr, guest_ptr, cmp_bytes); 2290 QTAILQ_FOREACH(vs, &vd->clients, next) { 2291 vnc_set_bit(vs->dirty[y], (x / 16)); 2292 } 2293 has_dirty++; 2294 } 2295 } 2296 guest_row += ds_get_linesize(vd->ds); 2297 server_row += ds_get_linesize(vd->ds); 2298 } 2299 return has_dirty; 2300 } 2301 2302 static void vnc_refresh(void *opaque) 2303 { 2304 VncDisplay *vd = opaque; 2305 VncState *vs, *vn; 2306 int has_dirty, rects = 0; 2307 2308 vga_hw_update(); 2309 2310 if (vnc_trylock_display(vd)) { 2311 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2312 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + 2313 vd->timer_interval); 2314 return; 2315 } 2316 2317 has_dirty = vnc_refresh_server_surface(vd); 2318 vnc_unlock_display(vd); 2319 2320 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2321 rects += vnc_update_client(vs, has_dirty); 2322 /* vs might be free()ed here */ 2323 } 2324 2325 /* vd->timer could be NULL now if the last client disconnected, 2326 * in this case don't update the timer */ 2327 if (vd->timer == NULL) 2328 return; 2329 2330 if (has_dirty && rects) { 2331 vd->timer_interval /= 2; 2332 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE) 2333 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2334 } else { 2335 vd->timer_interval += VNC_REFRESH_INTERVAL_INC; 2336 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX) 2337 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX; 2338 } 2339 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval); 2340 } 2341 2342 static void vnc_init_timer(VncDisplay *vd) 2343 { 2344 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2345 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) { 2346 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd); 2347 vnc_refresh(vd); 2348 } 2349 } 2350 2351 static void vnc_remove_timer(VncDisplay *vd) 2352 { 2353 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) { 2354 qemu_del_timer(vd->timer); 2355 qemu_free_timer(vd->timer); 2356 vd->timer = NULL; 2357 } 2358 } 2359 2360 static void vnc_connect(VncDisplay *vd, int csock) 2361 { 2362 VncState *vs = qemu_mallocz(sizeof(VncState)); 2363 vs->csock = csock; 2364 2365 VNC_DEBUG("New client on socket %d\n", csock); 2366 dcl->idle = 0; 2367 socket_set_nonblock(vs->csock); 2368 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2369 2370 vnc_client_cache_addr(vs); 2371 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2372 2373 vs->vd = vd; 2374 vs->ds = vd->ds; 2375 vs->last_x = -1; 2376 vs->last_y = -1; 2377 2378 vs->as.freq = 44100; 2379 vs->as.nchannels = 2; 2380 vs->as.fmt = AUD_FMT_S16; 2381 vs->as.endianness = 0; 2382 2383 #ifdef CONFIG_VNC_THREAD 2384 qemu_mutex_init(&vs->output_mutex); 2385 #endif 2386 2387 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2388 2389 vga_hw_update(); 2390 2391 vnc_write(vs, "RFB 003.008\n", 12); 2392 vnc_flush(vs); 2393 vnc_read_when(vs, protocol_version, 12); 2394 reset_keys(vs); 2395 if (vs->vd->lock_key_sync) 2396 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2397 2398 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2399 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2400 2401 vnc_init_timer(vd); 2402 2403 /* vs might be free()ed here */ 2404 } 2405 2406 static void vnc_listen_read(void *opaque) 2407 { 2408 VncDisplay *vs = opaque; 2409 struct sockaddr_in addr; 2410 socklen_t addrlen = sizeof(addr); 2411 2412 /* Catch-up */ 2413 vga_hw_update(); 2414 2415 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2416 if (csock != -1) { 2417 vnc_connect(vs, csock); 2418 } 2419 } 2420 2421 void vnc_display_init(DisplayState *ds) 2422 { 2423 VncDisplay *vs = qemu_mallocz(sizeof(*vs)); 2424 2425 dcl = qemu_mallocz(sizeof(DisplayChangeListener)); 2426 2427 ds->opaque = vs; 2428 dcl->idle = 1; 2429 vnc_display = vs; 2430 2431 vs->lsock = -1; 2432 2433 vs->ds = ds; 2434 QTAILQ_INIT(&vs->clients); 2435 2436 if (keyboard_layout) 2437 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2438 else 2439 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2440 2441 if (!vs->kbd_layout) 2442 exit(1); 2443 2444 #ifdef CONFIG_VNC_THREAD 2445 qemu_mutex_init(&vs->mutex); 2446 vnc_start_worker_thread(); 2447 #endif 2448 2449 dcl->dpy_copy = vnc_dpy_copy; 2450 dcl->dpy_update = vnc_dpy_update; 2451 dcl->dpy_resize = vnc_dpy_resize; 2452 dcl->dpy_setdata = vnc_dpy_setdata; 2453 register_displaychangelistener(ds, dcl); 2454 ds->mouse_set = vnc_mouse_set; 2455 ds->cursor_define = vnc_dpy_cursor_define; 2456 } 2457 2458 2459 void vnc_display_close(DisplayState *ds) 2460 { 2461 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2462 2463 if (!vs) 2464 return; 2465 if (vs->display) { 2466 qemu_free(vs->display); 2467 vs->display = NULL; 2468 } 2469 if (vs->lsock != -1) { 2470 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2471 close(vs->lsock); 2472 vs->lsock = -1; 2473 } 2474 vs->auth = VNC_AUTH_INVALID; 2475 #ifdef CONFIG_VNC_TLS 2476 vs->subauth = VNC_AUTH_INVALID; 2477 vs->tls.x509verify = 0; 2478 #endif 2479 } 2480 2481 int vnc_display_password(DisplayState *ds, const char *password) 2482 { 2483 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2484 2485 if (!vs) { 2486 return -1; 2487 } 2488 2489 if (vs->password) { 2490 qemu_free(vs->password); 2491 vs->password = NULL; 2492 } 2493 if (password && password[0]) { 2494 if (!(vs->password = qemu_strdup(password))) 2495 return -1; 2496 if (vs->auth == VNC_AUTH_NONE) { 2497 vs->auth = VNC_AUTH_VNC; 2498 } 2499 } else { 2500 vs->auth = VNC_AUTH_NONE; 2501 } 2502 2503 return 0; 2504 } 2505 2506 char *vnc_display_local_addr(DisplayState *ds) 2507 { 2508 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2509 2510 return vnc_socket_local_addr("%s:%s", vs->lsock); 2511 } 2512 2513 int vnc_display_open(DisplayState *ds, const char *display) 2514 { 2515 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2516 const char *options; 2517 int password = 0; 2518 int reverse = 0; 2519 #ifdef CONFIG_VNC_TLS 2520 int tls = 0, x509 = 0; 2521 #endif 2522 #ifdef CONFIG_VNC_SASL 2523 int sasl = 0; 2524 int saslErr; 2525 #endif 2526 int acl = 0; 2527 int lock_key_sync = 1; 2528 2529 if (!vnc_display) 2530 return -1; 2531 vnc_display_close(ds); 2532 if (strcmp(display, "none") == 0) 2533 return 0; 2534 2535 if (!(vs->display = strdup(display))) 2536 return -1; 2537 2538 options = display; 2539 while ((options = strchr(options, ','))) { 2540 options++; 2541 if (strncmp(options, "password", 8) == 0) { 2542 password = 1; /* Require password auth */ 2543 } else if (strncmp(options, "reverse", 7) == 0) { 2544 reverse = 1; 2545 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) { 2546 lock_key_sync = 0; 2547 #ifdef CONFIG_VNC_SASL 2548 } else if (strncmp(options, "sasl", 4) == 0) { 2549 sasl = 1; /* Require SASL auth */ 2550 #endif 2551 #ifdef CONFIG_VNC_TLS 2552 } else if (strncmp(options, "tls", 3) == 0) { 2553 tls = 1; /* Require TLS */ 2554 } else if (strncmp(options, "x509", 4) == 0) { 2555 char *start, *end; 2556 x509 = 1; /* Require x509 certificates */ 2557 if (strncmp(options, "x509verify", 10) == 0) 2558 vs->tls.x509verify = 1; /* ...and verify client certs */ 2559 2560 /* Now check for 'x509=/some/path' postfix 2561 * and use that to setup x509 certificate/key paths */ 2562 start = strchr(options, '='); 2563 end = strchr(options, ','); 2564 if (start && (!end || (start < end))) { 2565 int len = end ? end-(start+1) : strlen(start+1); 2566 char *path = qemu_strndup(start + 1, len); 2567 2568 VNC_DEBUG("Trying certificate path '%s'\n", path); 2569 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 2570 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path); 2571 qemu_free(path); 2572 qemu_free(vs->display); 2573 vs->display = NULL; 2574 return -1; 2575 } 2576 qemu_free(path); 2577 } else { 2578 fprintf(stderr, "No certificate path provided\n"); 2579 qemu_free(vs->display); 2580 vs->display = NULL; 2581 return -1; 2582 } 2583 #endif 2584 } else if (strncmp(options, "acl", 3) == 0) { 2585 acl = 1; 2586 } else if (strncmp(options, "lossy", 5) == 0) { 2587 vs->lossy = true; 2588 } 2589 } 2590 2591 #ifdef CONFIG_VNC_TLS 2592 if (acl && x509 && vs->tls.x509verify) { 2593 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 2594 fprintf(stderr, "Failed to create x509 dname ACL\n"); 2595 exit(1); 2596 } 2597 } 2598 #endif 2599 #ifdef CONFIG_VNC_SASL 2600 if (acl && sasl) { 2601 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 2602 fprintf(stderr, "Failed to create username ACL\n"); 2603 exit(1); 2604 } 2605 } 2606 #endif 2607 2608 /* 2609 * Combinations we support here: 2610 * 2611 * - no-auth (clear text, no auth) 2612 * - password (clear text, weak auth) 2613 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 2614 * - tls (encrypt, weak anonymous creds, no auth) 2615 * - tls + password (encrypt, weak anonymous creds, weak auth) 2616 * - tls + sasl (encrypt, weak anonymous creds, good auth) 2617 * - tls + x509 (encrypt, good x509 creds, no auth) 2618 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 2619 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 2620 * 2621 * NB1. TLS is a stackable auth scheme. 2622 * NB2. the x509 schemes have option to validate a client cert dname 2623 */ 2624 if (password) { 2625 #ifdef CONFIG_VNC_TLS 2626 if (tls) { 2627 vs->auth = VNC_AUTH_VENCRYPT; 2628 if (x509) { 2629 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 2630 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 2631 } else { 2632 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 2633 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 2634 } 2635 } else { 2636 #endif /* CONFIG_VNC_TLS */ 2637 VNC_DEBUG("Initializing VNC server with password auth\n"); 2638 vs->auth = VNC_AUTH_VNC; 2639 #ifdef CONFIG_VNC_TLS 2640 vs->subauth = VNC_AUTH_INVALID; 2641 } 2642 #endif /* CONFIG_VNC_TLS */ 2643 #ifdef CONFIG_VNC_SASL 2644 } else if (sasl) { 2645 #ifdef CONFIG_VNC_TLS 2646 if (tls) { 2647 vs->auth = VNC_AUTH_VENCRYPT; 2648 if (x509) { 2649 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 2650 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 2651 } else { 2652 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 2653 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 2654 } 2655 } else { 2656 #endif /* CONFIG_VNC_TLS */ 2657 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 2658 vs->auth = VNC_AUTH_SASL; 2659 #ifdef CONFIG_VNC_TLS 2660 vs->subauth = VNC_AUTH_INVALID; 2661 } 2662 #endif /* CONFIG_VNC_TLS */ 2663 #endif /* CONFIG_VNC_SASL */ 2664 } else { 2665 #ifdef CONFIG_VNC_TLS 2666 if (tls) { 2667 vs->auth = VNC_AUTH_VENCRYPT; 2668 if (x509) { 2669 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 2670 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 2671 } else { 2672 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 2673 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 2674 } 2675 } else { 2676 #endif 2677 VNC_DEBUG("Initializing VNC server with no auth\n"); 2678 vs->auth = VNC_AUTH_NONE; 2679 #ifdef CONFIG_VNC_TLS 2680 vs->subauth = VNC_AUTH_INVALID; 2681 } 2682 #endif 2683 } 2684 2685 #ifdef CONFIG_VNC_SASL 2686 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 2687 fprintf(stderr, "Failed to initialize SASL auth %s", 2688 sasl_errstring(saslErr, NULL, NULL)); 2689 free(vs->display); 2690 vs->display = NULL; 2691 return -1; 2692 } 2693 #endif 2694 vs->lock_key_sync = lock_key_sync; 2695 2696 if (reverse) { 2697 /* connect to viewer */ 2698 if (strncmp(display, "unix:", 5) == 0) 2699 vs->lsock = unix_connect(display+5); 2700 else 2701 vs->lsock = inet_connect(display, SOCK_STREAM); 2702 if (-1 == vs->lsock) { 2703 free(vs->display); 2704 vs->display = NULL; 2705 return -1; 2706 } else { 2707 int csock = vs->lsock; 2708 vs->lsock = -1; 2709 vnc_connect(vs, csock); 2710 } 2711 return 0; 2712 2713 } else { 2714 /* listen for connects */ 2715 char *dpy; 2716 dpy = qemu_malloc(256); 2717 if (strncmp(display, "unix:", 5) == 0) { 2718 pstrcpy(dpy, 256, "unix:"); 2719 vs->lsock = unix_listen(display+5, dpy+5, 256-5); 2720 } else { 2721 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900); 2722 } 2723 if (-1 == vs->lsock) { 2724 free(dpy); 2725 return -1; 2726 } else { 2727 free(vs->display); 2728 vs->display = dpy; 2729 } 2730 } 2731 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs); 2732 } 2733