1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu/sysemu.h" 30 #include "qemu/sockets.h" 31 #include "qemu/timer.h" 32 #include "qemu/acl.h" 33 #include "qapi/qmp/types.h" 34 #include "qmp-commands.h" 35 #include "qemu/osdep.h" 36 37 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 38 #define VNC_REFRESH_INTERVAL_INC 50 39 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 42 43 #include "vnc_keysym.h" 44 #include "d3des.h" 45 46 static VncDisplay *vnc_display; /* needed for info vnc */ 47 48 static int vnc_cursor_define(VncState *vs); 49 static void vnc_release_modifiers(VncState *vs); 50 51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 52 { 53 #ifdef _VNC_DEBUG 54 static const char *mn[] = { 55 [0] = "undefined", 56 [VNC_SHARE_MODE_CONNECTING] = "connecting", 57 [VNC_SHARE_MODE_SHARED] = "shared", 58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 60 }; 61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 62 vs->csock, mn[vs->share_mode], mn[mode]); 63 #endif 64 65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 66 vs->vd->num_exclusive--; 67 } 68 vs->share_mode = mode; 69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 70 vs->vd->num_exclusive++; 71 } 72 } 73 74 static char *addr_to_string(const char *format, 75 struct sockaddr_storage *sa, 76 socklen_t salen) { 77 char *addr; 78 char host[NI_MAXHOST]; 79 char serv[NI_MAXSERV]; 80 int err; 81 size_t addrlen; 82 83 if ((err = getnameinfo((struct sockaddr *)sa, salen, 84 host, sizeof(host), 85 serv, sizeof(serv), 86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 87 VNC_DEBUG("Cannot resolve address %d: %s\n", 88 err, gai_strerror(err)); 89 return NULL; 90 } 91 92 /* Enough for the existing format + the 2 vars we're 93 * substituting in. */ 94 addrlen = strlen(format) + strlen(host) + strlen(serv); 95 addr = g_malloc(addrlen + 1); 96 snprintf(addr, addrlen, format, host, serv); 97 addr[addrlen] = '\0'; 98 99 return addr; 100 } 101 102 103 char *vnc_socket_local_addr(const char *format, int fd) { 104 struct sockaddr_storage sa; 105 socklen_t salen; 106 107 salen = sizeof(sa); 108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 109 return NULL; 110 111 return addr_to_string(format, &sa, salen); 112 } 113 114 char *vnc_socket_remote_addr(const char *format, int fd) { 115 struct sockaddr_storage sa; 116 socklen_t salen; 117 118 salen = sizeof(sa); 119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 120 return NULL; 121 122 return addr_to_string(format, &sa, salen); 123 } 124 125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 126 socklen_t salen) 127 { 128 char host[NI_MAXHOST]; 129 char serv[NI_MAXSERV]; 130 int err; 131 132 if ((err = getnameinfo((struct sockaddr *)sa, salen, 133 host, sizeof(host), 134 serv, sizeof(serv), 135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 136 VNC_DEBUG("Cannot resolve address %d: %s\n", 137 err, gai_strerror(err)); 138 return -1; 139 } 140 141 qdict_put(qdict, "host", qstring_from_str(host)); 142 qdict_put(qdict, "service", qstring_from_str(serv)); 143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 144 145 return 0; 146 } 147 148 static int vnc_server_addr_put(QDict *qdict, int fd) 149 { 150 struct sockaddr_storage sa; 151 socklen_t salen; 152 153 salen = sizeof(sa); 154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 155 return -1; 156 } 157 158 return put_addr_qdict(qdict, &sa, salen); 159 } 160 161 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 162 { 163 struct sockaddr_storage sa; 164 socklen_t salen; 165 166 salen = sizeof(sa); 167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 168 return -1; 169 } 170 171 return put_addr_qdict(qdict, &sa, salen); 172 } 173 174 static const char *vnc_auth_name(VncDisplay *vd) { 175 switch (vd->auth) { 176 case VNC_AUTH_INVALID: 177 return "invalid"; 178 case VNC_AUTH_NONE: 179 return "none"; 180 case VNC_AUTH_VNC: 181 return "vnc"; 182 case VNC_AUTH_RA2: 183 return "ra2"; 184 case VNC_AUTH_RA2NE: 185 return "ra2ne"; 186 case VNC_AUTH_TIGHT: 187 return "tight"; 188 case VNC_AUTH_ULTRA: 189 return "ultra"; 190 case VNC_AUTH_TLS: 191 return "tls"; 192 case VNC_AUTH_VENCRYPT: 193 #ifdef CONFIG_VNC_TLS 194 switch (vd->subauth) { 195 case VNC_AUTH_VENCRYPT_PLAIN: 196 return "vencrypt+plain"; 197 case VNC_AUTH_VENCRYPT_TLSNONE: 198 return "vencrypt+tls+none"; 199 case VNC_AUTH_VENCRYPT_TLSVNC: 200 return "vencrypt+tls+vnc"; 201 case VNC_AUTH_VENCRYPT_TLSPLAIN: 202 return "vencrypt+tls+plain"; 203 case VNC_AUTH_VENCRYPT_X509NONE: 204 return "vencrypt+x509+none"; 205 case VNC_AUTH_VENCRYPT_X509VNC: 206 return "vencrypt+x509+vnc"; 207 case VNC_AUTH_VENCRYPT_X509PLAIN: 208 return "vencrypt+x509+plain"; 209 case VNC_AUTH_VENCRYPT_TLSSASL: 210 return "vencrypt+tls+sasl"; 211 case VNC_AUTH_VENCRYPT_X509SASL: 212 return "vencrypt+x509+sasl"; 213 default: 214 return "vencrypt"; 215 } 216 #else 217 return "vencrypt"; 218 #endif 219 case VNC_AUTH_SASL: 220 return "sasl"; 221 } 222 return "unknown"; 223 } 224 225 static int vnc_server_info_put(QDict *qdict) 226 { 227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 228 return -1; 229 } 230 231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 232 return 0; 233 } 234 235 static void vnc_client_cache_auth(VncState *client) 236 { 237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 238 QDict *qdict; 239 #endif 240 241 if (!client->info) { 242 return; 243 } 244 245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 246 qdict = qobject_to_qdict(client->info); 247 #endif 248 249 #ifdef CONFIG_VNC_TLS 250 if (client->tls.session && 251 client->tls.dname) { 252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 253 } 254 #endif 255 #ifdef CONFIG_VNC_SASL 256 if (client->sasl.conn && 257 client->sasl.username) { 258 qdict_put(qdict, "sasl_username", 259 qstring_from_str(client->sasl.username)); 260 } 261 #endif 262 } 263 264 static void vnc_client_cache_addr(VncState *client) 265 { 266 QDict *qdict; 267 268 qdict = qdict_new(); 269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 270 QDECREF(qdict); 271 /* XXX: how to report the error? */ 272 return; 273 } 274 275 client->info = QOBJECT(qdict); 276 } 277 278 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 279 { 280 QDict *server; 281 QObject *data; 282 283 if (!vs->info) { 284 return; 285 } 286 287 server = qdict_new(); 288 if (vnc_server_info_put(server) < 0) { 289 QDECREF(server); 290 return; 291 } 292 293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 294 vs->info, QOBJECT(server)); 295 296 monitor_protocol_event(event, data); 297 298 qobject_incref(vs->info); 299 qobject_decref(data); 300 } 301 302 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 303 { 304 struct sockaddr_storage sa; 305 socklen_t salen = sizeof(sa); 306 char host[NI_MAXHOST]; 307 char serv[NI_MAXSERV]; 308 VncClientInfo *info; 309 310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 311 return NULL; 312 } 313 314 if (getnameinfo((struct sockaddr *)&sa, salen, 315 host, sizeof(host), 316 serv, sizeof(serv), 317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 318 return NULL; 319 } 320 321 info = g_malloc0(sizeof(*info)); 322 info->host = g_strdup(host); 323 info->service = g_strdup(serv); 324 info->family = g_strdup(inet_strfamily(sa.ss_family)); 325 326 #ifdef CONFIG_VNC_TLS 327 if (client->tls.session && client->tls.dname) { 328 info->has_x509_dname = true; 329 info->x509_dname = g_strdup(client->tls.dname); 330 } 331 #endif 332 #ifdef CONFIG_VNC_SASL 333 if (client->sasl.conn && client->sasl.username) { 334 info->has_sasl_username = true; 335 info->sasl_username = g_strdup(client->sasl.username); 336 } 337 #endif 338 339 return info; 340 } 341 342 VncInfo *qmp_query_vnc(Error **errp) 343 { 344 VncInfo *info = g_malloc0(sizeof(*info)); 345 346 if (vnc_display == NULL || vnc_display->display == NULL) { 347 info->enabled = false; 348 } else { 349 VncClientInfoList *cur_item = NULL; 350 struct sockaddr_storage sa; 351 socklen_t salen = sizeof(sa); 352 char host[NI_MAXHOST]; 353 char serv[NI_MAXSERV]; 354 VncState *client; 355 356 info->enabled = true; 357 358 /* for compatibility with the original command */ 359 info->has_clients = true; 360 361 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 363 cinfo->value = qmp_query_vnc_client(client); 364 365 /* XXX: waiting for the qapi to support GSList */ 366 if (!cur_item) { 367 info->clients = cur_item = cinfo; 368 } else { 369 cur_item->next = cinfo; 370 cur_item = cinfo; 371 } 372 } 373 374 if (vnc_display->lsock == -1) { 375 return info; 376 } 377 378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 379 &salen) == -1) { 380 error_set(errp, QERR_UNDEFINED_ERROR); 381 goto out_error; 382 } 383 384 if (getnameinfo((struct sockaddr *)&sa, salen, 385 host, sizeof(host), 386 serv, sizeof(serv), 387 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 388 error_set(errp, QERR_UNDEFINED_ERROR); 389 goto out_error; 390 } 391 392 info->has_host = true; 393 info->host = g_strdup(host); 394 395 info->has_service = true; 396 info->service = g_strdup(serv); 397 398 info->has_family = true; 399 info->family = g_strdup(inet_strfamily(sa.ss_family)); 400 401 info->has_auth = true; 402 info->auth = g_strdup(vnc_auth_name(vnc_display)); 403 } 404 405 return info; 406 407 out_error: 408 qapi_free_VncInfo(info); 409 return NULL; 410 } 411 412 /* TODO 413 1) Get the queue working for IO. 414 2) there is some weirdness when using the -S option (the screen is grey 415 and not totally invalidated 416 3) resolutions > 1024 417 */ 418 419 static int vnc_update_client(VncState *vs, int has_dirty); 420 static int vnc_update_client_sync(VncState *vs, int has_dirty); 421 static void vnc_disconnect_start(VncState *vs); 422 423 static void vnc_colordepth(VncState *vs); 424 static void framebuffer_update_request(VncState *vs, int incremental, 425 int x_position, int y_position, 426 int w, int h); 427 static void vnc_refresh(DisplayChangeListener *dcl); 428 static int vnc_refresh_server_surface(VncDisplay *vd); 429 430 static void vnc_dpy_update(DisplayChangeListener *dcl, 431 int x, int y, int w, int h) 432 { 433 int i; 434 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 435 struct VncSurface *s = &vd->guest; 436 int width = surface_width(vd->ds); 437 int height = surface_height(vd->ds); 438 439 h += y; 440 441 /* round x down to ensure the loop only spans one 16-pixel block per, 442 iteration. otherwise, if (x % 16) != 0, the last iteration may span 443 two 16-pixel blocks but we only mark the first as dirty 444 */ 445 w += (x % 16); 446 x -= (x % 16); 447 448 x = MIN(x, width); 449 y = MIN(y, height); 450 w = MIN(x + w, width) - x; 451 h = MIN(h, height); 452 453 for (; y < h; y++) 454 for (i = 0; i < w; i += 16) 455 set_bit((x + i) / 16, s->dirty[y]); 456 } 457 458 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 459 int32_t encoding) 460 { 461 vnc_write_u16(vs, x); 462 vnc_write_u16(vs, y); 463 vnc_write_u16(vs, w); 464 vnc_write_u16(vs, h); 465 466 vnc_write_s32(vs, encoding); 467 } 468 469 void buffer_reserve(Buffer *buffer, size_t len) 470 { 471 if ((buffer->capacity - buffer->offset) < len) { 472 buffer->capacity += (len + 1024); 473 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 474 if (buffer->buffer == NULL) { 475 fprintf(stderr, "vnc: out of memory\n"); 476 exit(1); 477 } 478 } 479 } 480 481 static int buffer_empty(Buffer *buffer) 482 { 483 return buffer->offset == 0; 484 } 485 486 uint8_t *buffer_end(Buffer *buffer) 487 { 488 return buffer->buffer + buffer->offset; 489 } 490 491 void buffer_reset(Buffer *buffer) 492 { 493 buffer->offset = 0; 494 } 495 496 void buffer_free(Buffer *buffer) 497 { 498 g_free(buffer->buffer); 499 buffer->offset = 0; 500 buffer->capacity = 0; 501 buffer->buffer = NULL; 502 } 503 504 void buffer_append(Buffer *buffer, const void *data, size_t len) 505 { 506 memcpy(buffer->buffer + buffer->offset, data, len); 507 buffer->offset += len; 508 } 509 510 void buffer_advance(Buffer *buf, size_t len) 511 { 512 memmove(buf->buffer, buf->buffer + len, 513 (buf->offset - len)); 514 buf->offset -= len; 515 } 516 517 static void vnc_desktop_resize(VncState *vs) 518 { 519 DisplaySurface *ds = vs->vd->ds; 520 521 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 522 return; 523 } 524 if (vs->client_width == surface_width(ds) && 525 vs->client_height == surface_height(ds)) { 526 return; 527 } 528 vs->client_width = surface_width(ds); 529 vs->client_height = surface_height(ds); 530 vnc_lock_output(vs); 531 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 532 vnc_write_u8(vs, 0); 533 vnc_write_u16(vs, 1); /* number of rects */ 534 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 535 VNC_ENCODING_DESKTOPRESIZE); 536 vnc_unlock_output(vs); 537 vnc_flush(vs); 538 } 539 540 static void vnc_abort_display_jobs(VncDisplay *vd) 541 { 542 VncState *vs; 543 544 QTAILQ_FOREACH(vs, &vd->clients, next) { 545 vnc_lock_output(vs); 546 vs->abort = true; 547 vnc_unlock_output(vs); 548 } 549 QTAILQ_FOREACH(vs, &vd->clients, next) { 550 vnc_jobs_join(vs); 551 } 552 QTAILQ_FOREACH(vs, &vd->clients, next) { 553 vnc_lock_output(vs); 554 vs->abort = false; 555 vnc_unlock_output(vs); 556 } 557 } 558 559 int vnc_server_fb_stride(VncDisplay *vd) 560 { 561 return pixman_image_get_stride(vd->server); 562 } 563 564 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 565 { 566 uint8_t *ptr; 567 568 ptr = (uint8_t *)pixman_image_get_data(vd->server); 569 ptr += y * vnc_server_fb_stride(vd); 570 ptr += x * VNC_SERVER_FB_BYTES; 571 return ptr; 572 } 573 574 static void vnc_dpy_switch(DisplayChangeListener *dcl, 575 DisplaySurface *surface) 576 { 577 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 578 VncState *vs; 579 580 vnc_abort_display_jobs(vd); 581 582 /* server surface */ 583 qemu_pixman_image_unref(vd->server); 584 vd->ds = surface; 585 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 586 surface_width(vd->ds), 587 surface_height(vd->ds), 588 NULL, 0); 589 590 /* guest surface */ 591 #if 0 /* FIXME */ 592 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 593 console_color_init(ds); 594 #endif 595 qemu_pixman_image_unref(vd->guest.fb); 596 vd->guest.fb = pixman_image_ref(surface->image); 597 vd->guest.format = surface->format; 598 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 599 600 QTAILQ_FOREACH(vs, &vd->clients, next) { 601 vnc_colordepth(vs); 602 vnc_desktop_resize(vs); 603 if (vs->vd->cursor) { 604 vnc_cursor_define(vs); 605 } 606 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 607 } 608 } 609 610 /* fastest code */ 611 static void vnc_write_pixels_copy(VncState *vs, 612 void *pixels, int size) 613 { 614 vnc_write(vs, pixels, size); 615 } 616 617 /* slowest but generic code. */ 618 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 619 { 620 uint8_t r, g, b; 621 622 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 623 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 624 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 625 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 626 #else 627 # error need some bits here if you change VNC_SERVER_FB_FORMAT 628 #endif 629 v = (r << vs->client_pf.rshift) | 630 (g << vs->client_pf.gshift) | 631 (b << vs->client_pf.bshift); 632 switch (vs->client_pf.bytes_per_pixel) { 633 case 1: 634 buf[0] = v; 635 break; 636 case 2: 637 if (vs->client_be) { 638 buf[0] = v >> 8; 639 buf[1] = v; 640 } else { 641 buf[1] = v >> 8; 642 buf[0] = v; 643 } 644 break; 645 default: 646 case 4: 647 if (vs->client_be) { 648 buf[0] = v >> 24; 649 buf[1] = v >> 16; 650 buf[2] = v >> 8; 651 buf[3] = v; 652 } else { 653 buf[3] = v >> 24; 654 buf[2] = v >> 16; 655 buf[1] = v >> 8; 656 buf[0] = v; 657 } 658 break; 659 } 660 } 661 662 static void vnc_write_pixels_generic(VncState *vs, 663 void *pixels1, int size) 664 { 665 uint8_t buf[4]; 666 667 if (VNC_SERVER_FB_BYTES == 4) { 668 uint32_t *pixels = pixels1; 669 int n, i; 670 n = size >> 2; 671 for (i = 0; i < n; i++) { 672 vnc_convert_pixel(vs, buf, pixels[i]); 673 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 674 } 675 } 676 } 677 678 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 679 { 680 int i; 681 uint8_t *row; 682 VncDisplay *vd = vs->vd; 683 684 row = vnc_server_fb_ptr(vd, x, y); 685 for (i = 0; i < h; i++) { 686 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 687 row += vnc_server_fb_stride(vd); 688 } 689 return 1; 690 } 691 692 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 693 { 694 int n = 0; 695 696 switch(vs->vnc_encoding) { 697 case VNC_ENCODING_ZLIB: 698 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 699 break; 700 case VNC_ENCODING_HEXTILE: 701 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 702 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 703 break; 704 case VNC_ENCODING_TIGHT: 705 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 706 break; 707 case VNC_ENCODING_TIGHT_PNG: 708 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 709 break; 710 case VNC_ENCODING_ZRLE: 711 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 712 break; 713 case VNC_ENCODING_ZYWRLE: 714 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 715 break; 716 default: 717 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 718 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 719 break; 720 } 721 return n; 722 } 723 724 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 725 { 726 /* send bitblit op to the vnc client */ 727 vnc_lock_output(vs); 728 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 729 vnc_write_u8(vs, 0); 730 vnc_write_u16(vs, 1); /* number of rects */ 731 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 732 vnc_write_u16(vs, src_x); 733 vnc_write_u16(vs, src_y); 734 vnc_unlock_output(vs); 735 vnc_flush(vs); 736 } 737 738 static void vnc_dpy_copy(DisplayChangeListener *dcl, 739 int src_x, int src_y, 740 int dst_x, int dst_y, int w, int h) 741 { 742 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 743 VncState *vs, *vn; 744 uint8_t *src_row; 745 uint8_t *dst_row; 746 int i, x, y, pitch, inc, w_lim, s; 747 int cmp_bytes; 748 749 vnc_refresh_server_surface(vd); 750 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 751 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 752 vs->force_update = 1; 753 vnc_update_client_sync(vs, 1); 754 /* vs might be free()ed here */ 755 } 756 } 757 758 /* do bitblit op on the local surface too */ 759 pitch = vnc_server_fb_stride(vd); 760 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 761 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 762 y = dst_y; 763 inc = 1; 764 if (dst_y > src_y) { 765 /* copy backwards */ 766 src_row += pitch * (h-1); 767 dst_row += pitch * (h-1); 768 pitch = -pitch; 769 y = dst_y + h - 1; 770 inc = -1; 771 } 772 w_lim = w - (16 - (dst_x % 16)); 773 if (w_lim < 0) 774 w_lim = w; 775 else 776 w_lim = w - (w_lim % 16); 777 for (i = 0; i < h; i++) { 778 for (x = 0; x <= w_lim; 779 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 780 if (x == w_lim) { 781 if ((s = w - w_lim) == 0) 782 break; 783 } else if (!x) { 784 s = (16 - (dst_x % 16)); 785 s = MIN(s, w_lim); 786 } else { 787 s = 16; 788 } 789 cmp_bytes = s * VNC_SERVER_FB_BYTES; 790 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 791 continue; 792 memmove(dst_row, src_row, cmp_bytes); 793 QTAILQ_FOREACH(vs, &vd->clients, next) { 794 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 795 set_bit(((x + dst_x) / 16), vs->dirty[y]); 796 } 797 } 798 } 799 src_row += pitch - w * VNC_SERVER_FB_BYTES; 800 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 801 y += inc; 802 } 803 804 QTAILQ_FOREACH(vs, &vd->clients, next) { 805 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 806 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 807 } 808 } 809 } 810 811 static void vnc_mouse_set(DisplayChangeListener *dcl, 812 int x, int y, int visible) 813 { 814 /* can we ask the client(s) to move the pointer ??? */ 815 } 816 817 static int vnc_cursor_define(VncState *vs) 818 { 819 QEMUCursor *c = vs->vd->cursor; 820 int isize; 821 822 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 823 vnc_lock_output(vs); 824 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 825 vnc_write_u8(vs, 0); /* padding */ 826 vnc_write_u16(vs, 1); /* # of rects */ 827 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 828 VNC_ENCODING_RICH_CURSOR); 829 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 830 vnc_write_pixels_generic(vs, c->data, isize); 831 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 832 vnc_unlock_output(vs); 833 return 0; 834 } 835 return -1; 836 } 837 838 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 839 QEMUCursor *c) 840 { 841 VncDisplay *vd = vnc_display; 842 VncState *vs; 843 844 cursor_put(vd->cursor); 845 g_free(vd->cursor_mask); 846 847 vd->cursor = c; 848 cursor_get(vd->cursor); 849 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 850 vd->cursor_mask = g_malloc0(vd->cursor_msize); 851 cursor_get_mono_mask(c, 0, vd->cursor_mask); 852 853 QTAILQ_FOREACH(vs, &vd->clients, next) { 854 vnc_cursor_define(vs); 855 } 856 } 857 858 static int find_and_clear_dirty_height(struct VncState *vs, 859 int y, int last_x, int x, int height) 860 { 861 int h; 862 863 for (h = 1; h < (height - y); h++) { 864 int tmp_x; 865 if (!test_bit(last_x, vs->dirty[y + h])) { 866 break; 867 } 868 for (tmp_x = last_x; tmp_x < x; tmp_x++) { 869 clear_bit(tmp_x, vs->dirty[y + h]); 870 } 871 } 872 873 return h; 874 } 875 876 static int vnc_update_client_sync(VncState *vs, int has_dirty) 877 { 878 int ret = vnc_update_client(vs, has_dirty); 879 vnc_jobs_join(vs); 880 return ret; 881 } 882 883 static int vnc_update_client(VncState *vs, int has_dirty) 884 { 885 if (vs->need_update && vs->csock != -1) { 886 VncDisplay *vd = vs->vd; 887 VncJob *job; 888 int y; 889 int width, height; 890 int n = 0; 891 892 893 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 894 /* kernel send buffers are full -> drop frames to throttle */ 895 return 0; 896 897 if (!has_dirty && !vs->audio_cap && !vs->force_update) 898 return 0; 899 900 /* 901 * Send screen updates to the vnc client using the server 902 * surface and server dirty map. guest surface updates 903 * happening in parallel don't disturb us, the next pass will 904 * send them to the client. 905 */ 906 job = vnc_job_new(vs); 907 908 width = MIN(pixman_image_get_width(vd->server), vs->client_width); 909 height = MIN(pixman_image_get_height(vd->server), vs->client_height); 910 911 for (y = 0; y < height; y++) { 912 int x; 913 int last_x = -1; 914 for (x = 0; x < width / 16; x++) { 915 if (test_and_clear_bit(x, vs->dirty[y])) { 916 if (last_x == -1) { 917 last_x = x; 918 } 919 } else { 920 if (last_x != -1) { 921 int h = find_and_clear_dirty_height(vs, y, last_x, x, 922 height); 923 924 n += vnc_job_add_rect(job, last_x * 16, y, 925 (x - last_x) * 16, h); 926 } 927 last_x = -1; 928 } 929 } 930 if (last_x != -1) { 931 int h = find_and_clear_dirty_height(vs, y, last_x, x, height); 932 n += vnc_job_add_rect(job, last_x * 16, y, 933 (x - last_x) * 16, h); 934 } 935 } 936 937 vnc_job_push(job); 938 vs->force_update = 0; 939 return n; 940 } 941 942 if (vs->csock == -1) 943 vnc_disconnect_finish(vs); 944 945 return 0; 946 } 947 948 /* audio */ 949 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 950 { 951 VncState *vs = opaque; 952 953 switch (cmd) { 954 case AUD_CNOTIFY_DISABLE: 955 vnc_lock_output(vs); 956 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 958 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 959 vnc_unlock_output(vs); 960 vnc_flush(vs); 961 break; 962 963 case AUD_CNOTIFY_ENABLE: 964 vnc_lock_output(vs); 965 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 967 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 968 vnc_unlock_output(vs); 969 vnc_flush(vs); 970 break; 971 } 972 } 973 974 static void audio_capture_destroy(void *opaque) 975 { 976 } 977 978 static void audio_capture(void *opaque, void *buf, int size) 979 { 980 VncState *vs = opaque; 981 982 vnc_lock_output(vs); 983 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 985 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 986 vnc_write_u32(vs, size); 987 vnc_write(vs, buf, size); 988 vnc_unlock_output(vs); 989 vnc_flush(vs); 990 } 991 992 static void audio_add(VncState *vs) 993 { 994 struct audio_capture_ops ops; 995 996 if (vs->audio_cap) { 997 monitor_printf(default_mon, "audio already running\n"); 998 return; 999 } 1000 1001 ops.notify = audio_capture_notify; 1002 ops.destroy = audio_capture_destroy; 1003 ops.capture = audio_capture; 1004 1005 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1006 if (!vs->audio_cap) { 1007 monitor_printf(default_mon, "Failed to add audio capture\n"); 1008 } 1009 } 1010 1011 static void audio_del(VncState *vs) 1012 { 1013 if (vs->audio_cap) { 1014 AUD_del_capture(vs->audio_cap, vs); 1015 vs->audio_cap = NULL; 1016 } 1017 } 1018 1019 static void vnc_disconnect_start(VncState *vs) 1020 { 1021 if (vs->csock == -1) 1022 return; 1023 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1024 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1025 closesocket(vs->csock); 1026 vs->csock = -1; 1027 } 1028 1029 void vnc_disconnect_finish(VncState *vs) 1030 { 1031 int i; 1032 1033 vnc_jobs_join(vs); /* Wait encoding jobs */ 1034 1035 vnc_lock_output(vs); 1036 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1037 1038 buffer_free(&vs->input); 1039 buffer_free(&vs->output); 1040 #ifdef CONFIG_VNC_WS 1041 buffer_free(&vs->ws_input); 1042 buffer_free(&vs->ws_output); 1043 #endif /* CONFIG_VNC_WS */ 1044 1045 qobject_decref(vs->info); 1046 1047 vnc_zlib_clear(vs); 1048 vnc_tight_clear(vs); 1049 vnc_zrle_clear(vs); 1050 1051 #ifdef CONFIG_VNC_TLS 1052 vnc_tls_client_cleanup(vs); 1053 #endif /* CONFIG_VNC_TLS */ 1054 #ifdef CONFIG_VNC_SASL 1055 vnc_sasl_client_cleanup(vs); 1056 #endif /* CONFIG_VNC_SASL */ 1057 audio_del(vs); 1058 vnc_release_modifiers(vs); 1059 1060 if (vs->initialized) { 1061 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1062 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1063 } 1064 1065 if (vs->vd->lock_key_sync) 1066 qemu_remove_led_event_handler(vs->led); 1067 vnc_unlock_output(vs); 1068 1069 qemu_mutex_destroy(&vs->output_mutex); 1070 if (vs->bh != NULL) { 1071 qemu_bh_delete(vs->bh); 1072 } 1073 buffer_free(&vs->jobs_buffer); 1074 1075 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1076 g_free(vs->lossy_rect[i]); 1077 } 1078 g_free(vs->lossy_rect); 1079 g_free(vs); 1080 } 1081 1082 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1083 { 1084 if (ret == 0 || ret == -1) { 1085 if (ret == -1) { 1086 switch (last_errno) { 1087 case EINTR: 1088 case EAGAIN: 1089 #ifdef _WIN32 1090 case WSAEWOULDBLOCK: 1091 #endif 1092 return 0; 1093 default: 1094 break; 1095 } 1096 } 1097 1098 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1099 ret, ret < 0 ? last_errno : 0); 1100 vnc_disconnect_start(vs); 1101 1102 return 0; 1103 } 1104 return ret; 1105 } 1106 1107 1108 void vnc_client_error(VncState *vs) 1109 { 1110 VNC_DEBUG("Closing down client sock: protocol error\n"); 1111 vnc_disconnect_start(vs); 1112 } 1113 1114 1115 /* 1116 * Called to write a chunk of data to the client socket. The data may 1117 * be the raw data, or may have already been encoded by SASL. 1118 * The data will be written either straight onto the socket, or 1119 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1120 * 1121 * NB, it is theoretically possible to have 2 layers of encryption, 1122 * both SASL, and this TLS layer. It is highly unlikely in practice 1123 * though, since SASL encryption will typically be a no-op if TLS 1124 * is active 1125 * 1126 * Returns the number of bytes written, which may be less than 1127 * the requested 'datalen' if the socket would block. Returns 1128 * -1 on error, and disconnects the client socket. 1129 */ 1130 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1131 { 1132 long ret; 1133 #ifdef CONFIG_VNC_TLS 1134 if (vs->tls.session) { 1135 ret = gnutls_write(vs->tls.session, data, datalen); 1136 if (ret < 0) { 1137 if (ret == GNUTLS_E_AGAIN) 1138 errno = EAGAIN; 1139 else 1140 errno = EIO; 1141 ret = -1; 1142 } 1143 } else 1144 #endif /* CONFIG_VNC_TLS */ 1145 ret = send(vs->csock, (const void *)data, datalen, 0); 1146 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1147 return vnc_client_io_error(vs, ret, socket_error()); 1148 } 1149 1150 1151 /* 1152 * Called to write buffered data to the client socket, when not 1153 * using any SASL SSF encryption layers. Will write as much data 1154 * as possible without blocking. If all buffered data is written, 1155 * will switch the FD poll() handler back to read monitoring. 1156 * 1157 * Returns the number of bytes written, which may be less than 1158 * the buffered output data if the socket would block. Returns 1159 * -1 on error, and disconnects the client socket. 1160 */ 1161 static long vnc_client_write_plain(VncState *vs) 1162 { 1163 long ret; 1164 1165 #ifdef CONFIG_VNC_SASL 1166 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1167 vs->output.buffer, vs->output.capacity, vs->output.offset, 1168 vs->sasl.waitWriteSSF); 1169 1170 if (vs->sasl.conn && 1171 vs->sasl.runSSF && 1172 vs->sasl.waitWriteSSF) { 1173 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1174 if (ret) 1175 vs->sasl.waitWriteSSF -= ret; 1176 } else 1177 #endif /* CONFIG_VNC_SASL */ 1178 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1179 if (!ret) 1180 return 0; 1181 1182 buffer_advance(&vs->output, ret); 1183 1184 if (vs->output.offset == 0) { 1185 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1186 } 1187 1188 return ret; 1189 } 1190 1191 1192 /* 1193 * First function called whenever there is data to be written to 1194 * the client socket. Will delegate actual work according to whether 1195 * SASL SSF layers are enabled (thus requiring encryption calls) 1196 */ 1197 static void vnc_client_write_locked(void *opaque) 1198 { 1199 VncState *vs = opaque; 1200 1201 #ifdef CONFIG_VNC_SASL 1202 if (vs->sasl.conn && 1203 vs->sasl.runSSF && 1204 !vs->sasl.waitWriteSSF) { 1205 vnc_client_write_sasl(vs); 1206 } else 1207 #endif /* CONFIG_VNC_SASL */ 1208 { 1209 #ifdef CONFIG_VNC_WS 1210 if (vs->encode_ws) { 1211 vnc_client_write_ws(vs); 1212 } else 1213 #endif /* CONFIG_VNC_WS */ 1214 { 1215 vnc_client_write_plain(vs); 1216 } 1217 } 1218 } 1219 1220 void vnc_client_write(void *opaque) 1221 { 1222 VncState *vs = opaque; 1223 1224 vnc_lock_output(vs); 1225 if (vs->output.offset 1226 #ifdef CONFIG_VNC_WS 1227 || vs->ws_output.offset 1228 #endif 1229 ) { 1230 vnc_client_write_locked(opaque); 1231 } else if (vs->csock != -1) { 1232 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1233 } 1234 vnc_unlock_output(vs); 1235 } 1236 1237 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1238 { 1239 vs->read_handler = func; 1240 vs->read_handler_expect = expecting; 1241 } 1242 1243 1244 /* 1245 * Called to read a chunk of data from the client socket. The data may 1246 * be the raw data, or may need to be further decoded by SASL. 1247 * The data will be read either straight from to the socket, or 1248 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1249 * 1250 * NB, it is theoretically possible to have 2 layers of encryption, 1251 * both SASL, and this TLS layer. It is highly unlikely in practice 1252 * though, since SASL encryption will typically be a no-op if TLS 1253 * is active 1254 * 1255 * Returns the number of bytes read, which may be less than 1256 * the requested 'datalen' if the socket would block. Returns 1257 * -1 on error, and disconnects the client socket. 1258 */ 1259 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1260 { 1261 long ret; 1262 #ifdef CONFIG_VNC_TLS 1263 if (vs->tls.session) { 1264 ret = gnutls_read(vs->tls.session, data, datalen); 1265 if (ret < 0) { 1266 if (ret == GNUTLS_E_AGAIN) 1267 errno = EAGAIN; 1268 else 1269 errno = EIO; 1270 ret = -1; 1271 } 1272 } else 1273 #endif /* CONFIG_VNC_TLS */ 1274 ret = qemu_recv(vs->csock, data, datalen, 0); 1275 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1276 return vnc_client_io_error(vs, ret, socket_error()); 1277 } 1278 1279 1280 /* 1281 * Called to read data from the client socket to the input buffer, 1282 * when not using any SASL SSF encryption layers. Will read as much 1283 * data as possible without blocking. 1284 * 1285 * Returns the number of bytes read. Returns -1 on error, and 1286 * disconnects the client socket. 1287 */ 1288 static long vnc_client_read_plain(VncState *vs) 1289 { 1290 int ret; 1291 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1292 vs->input.buffer, vs->input.capacity, vs->input.offset); 1293 buffer_reserve(&vs->input, 4096); 1294 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1295 if (!ret) 1296 return 0; 1297 vs->input.offset += ret; 1298 return ret; 1299 } 1300 1301 static void vnc_jobs_bh(void *opaque) 1302 { 1303 VncState *vs = opaque; 1304 1305 vnc_jobs_consume_buffer(vs); 1306 } 1307 1308 /* 1309 * First function called whenever there is more data to be read from 1310 * the client socket. Will delegate actual work according to whether 1311 * SASL SSF layers are enabled (thus requiring decryption calls) 1312 */ 1313 void vnc_client_read(void *opaque) 1314 { 1315 VncState *vs = opaque; 1316 long ret; 1317 1318 #ifdef CONFIG_VNC_SASL 1319 if (vs->sasl.conn && vs->sasl.runSSF) 1320 ret = vnc_client_read_sasl(vs); 1321 else 1322 #endif /* CONFIG_VNC_SASL */ 1323 #ifdef CONFIG_VNC_WS 1324 if (vs->encode_ws) { 1325 ret = vnc_client_read_ws(vs); 1326 if (ret == -1) { 1327 vnc_disconnect_start(vs); 1328 return; 1329 } else if (ret == -2) { 1330 vnc_client_error(vs); 1331 return; 1332 } 1333 } else 1334 #endif /* CONFIG_VNC_WS */ 1335 { 1336 ret = vnc_client_read_plain(vs); 1337 } 1338 if (!ret) { 1339 if (vs->csock == -1) 1340 vnc_disconnect_finish(vs); 1341 return; 1342 } 1343 1344 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1345 size_t len = vs->read_handler_expect; 1346 int ret; 1347 1348 ret = vs->read_handler(vs, vs->input.buffer, len); 1349 if (vs->csock == -1) { 1350 vnc_disconnect_finish(vs); 1351 return; 1352 } 1353 1354 if (!ret) { 1355 buffer_advance(&vs->input, len); 1356 } else { 1357 vs->read_handler_expect = ret; 1358 } 1359 } 1360 } 1361 1362 void vnc_write(VncState *vs, const void *data, size_t len) 1363 { 1364 buffer_reserve(&vs->output, len); 1365 1366 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1367 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1368 } 1369 1370 buffer_append(&vs->output, data, len); 1371 } 1372 1373 void vnc_write_s32(VncState *vs, int32_t value) 1374 { 1375 vnc_write_u32(vs, *(uint32_t *)&value); 1376 } 1377 1378 void vnc_write_u32(VncState *vs, uint32_t value) 1379 { 1380 uint8_t buf[4]; 1381 1382 buf[0] = (value >> 24) & 0xFF; 1383 buf[1] = (value >> 16) & 0xFF; 1384 buf[2] = (value >> 8) & 0xFF; 1385 buf[3] = value & 0xFF; 1386 1387 vnc_write(vs, buf, 4); 1388 } 1389 1390 void vnc_write_u16(VncState *vs, uint16_t value) 1391 { 1392 uint8_t buf[2]; 1393 1394 buf[0] = (value >> 8) & 0xFF; 1395 buf[1] = value & 0xFF; 1396 1397 vnc_write(vs, buf, 2); 1398 } 1399 1400 void vnc_write_u8(VncState *vs, uint8_t value) 1401 { 1402 vnc_write(vs, (char *)&value, 1); 1403 } 1404 1405 void vnc_flush(VncState *vs) 1406 { 1407 vnc_lock_output(vs); 1408 if (vs->csock != -1 && (vs->output.offset 1409 #ifdef CONFIG_VNC_WS 1410 || vs->ws_output.offset 1411 #endif 1412 )) { 1413 vnc_client_write_locked(vs); 1414 } 1415 vnc_unlock_output(vs); 1416 } 1417 1418 static uint8_t read_u8(uint8_t *data, size_t offset) 1419 { 1420 return data[offset]; 1421 } 1422 1423 static uint16_t read_u16(uint8_t *data, size_t offset) 1424 { 1425 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1426 } 1427 1428 static int32_t read_s32(uint8_t *data, size_t offset) 1429 { 1430 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1431 (data[offset + 2] << 8) | data[offset + 3]); 1432 } 1433 1434 uint32_t read_u32(uint8_t *data, size_t offset) 1435 { 1436 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1437 (data[offset + 2] << 8) | data[offset + 3]); 1438 } 1439 1440 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1441 { 1442 } 1443 1444 static void check_pointer_type_change(Notifier *notifier, void *data) 1445 { 1446 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1447 int absolute = kbd_mouse_is_absolute(); 1448 1449 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1450 vnc_lock_output(vs); 1451 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1452 vnc_write_u8(vs, 0); 1453 vnc_write_u16(vs, 1); 1454 vnc_framebuffer_update(vs, absolute, 0, 1455 surface_width(vs->vd->ds), 1456 surface_height(vs->vd->ds), 1457 VNC_ENCODING_POINTER_TYPE_CHANGE); 1458 vnc_unlock_output(vs); 1459 vnc_flush(vs); 1460 } 1461 vs->absolute = absolute; 1462 } 1463 1464 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1465 { 1466 int buttons = 0; 1467 int dz = 0; 1468 int width = surface_width(vs->vd->ds); 1469 int height = surface_height(vs->vd->ds); 1470 1471 if (button_mask & 0x01) 1472 buttons |= MOUSE_EVENT_LBUTTON; 1473 if (button_mask & 0x02) 1474 buttons |= MOUSE_EVENT_MBUTTON; 1475 if (button_mask & 0x04) 1476 buttons |= MOUSE_EVENT_RBUTTON; 1477 if (button_mask & 0x08) 1478 dz = -1; 1479 if (button_mask & 0x10) 1480 dz = 1; 1481 1482 if (vs->absolute) { 1483 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000, 1484 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000, 1485 dz, buttons); 1486 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1487 x -= 0x7FFF; 1488 y -= 0x7FFF; 1489 1490 kbd_mouse_event(x, y, dz, buttons); 1491 } else { 1492 if (vs->last_x != -1) 1493 kbd_mouse_event(x - vs->last_x, 1494 y - vs->last_y, 1495 dz, buttons); 1496 vs->last_x = x; 1497 vs->last_y = y; 1498 } 1499 } 1500 1501 static void reset_keys(VncState *vs) 1502 { 1503 int i; 1504 for(i = 0; i < 256; i++) { 1505 if (vs->modifiers_state[i]) { 1506 if (i & SCANCODE_GREY) 1507 kbd_put_keycode(SCANCODE_EMUL0); 1508 kbd_put_keycode(i | SCANCODE_UP); 1509 vs->modifiers_state[i] = 0; 1510 } 1511 } 1512 } 1513 1514 static void press_key(VncState *vs, int keysym) 1515 { 1516 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1517 if (keycode & SCANCODE_GREY) 1518 kbd_put_keycode(SCANCODE_EMUL0); 1519 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1520 if (keycode & SCANCODE_GREY) 1521 kbd_put_keycode(SCANCODE_EMUL0); 1522 kbd_put_keycode(keycode | SCANCODE_UP); 1523 } 1524 1525 static void kbd_leds(void *opaque, int ledstate) 1526 { 1527 VncState *vs = opaque; 1528 int caps, num; 1529 1530 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1531 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1532 1533 if (vs->modifiers_state[0x3a] != caps) { 1534 vs->modifiers_state[0x3a] = caps; 1535 } 1536 if (vs->modifiers_state[0x45] != num) { 1537 vs->modifiers_state[0x45] = num; 1538 } 1539 } 1540 1541 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1542 { 1543 /* QEMU console switch */ 1544 switch(keycode) { 1545 case 0x2a: /* Left Shift */ 1546 case 0x36: /* Right Shift */ 1547 case 0x1d: /* Left CTRL */ 1548 case 0x9d: /* Right CTRL */ 1549 case 0x38: /* Left ALT */ 1550 case 0xb8: /* Right ALT */ 1551 if (down) 1552 vs->modifiers_state[keycode] = 1; 1553 else 1554 vs->modifiers_state[keycode] = 0; 1555 break; 1556 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1557 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1558 /* Reset the modifiers sent to the current console */ 1559 reset_keys(vs); 1560 console_select(keycode - 0x02); 1561 return; 1562 } 1563 break; 1564 case 0x3a: /* CapsLock */ 1565 case 0x45: /* NumLock */ 1566 if (down) 1567 vs->modifiers_state[keycode] ^= 1; 1568 break; 1569 } 1570 1571 if (down && vs->vd->lock_key_sync && 1572 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1573 /* If the numlock state needs to change then simulate an additional 1574 keypress before sending this one. This will happen if the user 1575 toggles numlock away from the VNC window. 1576 */ 1577 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1578 if (!vs->modifiers_state[0x45]) { 1579 vs->modifiers_state[0x45] = 1; 1580 press_key(vs, 0xff7f); 1581 } 1582 } else { 1583 if (vs->modifiers_state[0x45]) { 1584 vs->modifiers_state[0x45] = 0; 1585 press_key(vs, 0xff7f); 1586 } 1587 } 1588 } 1589 1590 if (down && vs->vd->lock_key_sync && 1591 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1592 /* If the capslock state needs to change then simulate an additional 1593 keypress before sending this one. This will happen if the user 1594 toggles capslock away from the VNC window. 1595 */ 1596 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1597 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1598 int capslock = !!(vs->modifiers_state[0x3a]); 1599 if (capslock) { 1600 if (uppercase == shift) { 1601 vs->modifiers_state[0x3a] = 0; 1602 press_key(vs, 0xffe5); 1603 } 1604 } else { 1605 if (uppercase != shift) { 1606 vs->modifiers_state[0x3a] = 1; 1607 press_key(vs, 0xffe5); 1608 } 1609 } 1610 } 1611 1612 if (qemu_console_is_graphic(NULL)) { 1613 if (keycode & SCANCODE_GREY) 1614 kbd_put_keycode(SCANCODE_EMUL0); 1615 if (down) 1616 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1617 else 1618 kbd_put_keycode(keycode | SCANCODE_UP); 1619 } else { 1620 bool numlock = vs->modifiers_state[0x45]; 1621 bool control = (vs->modifiers_state[0x1d] || 1622 vs->modifiers_state[0x9d]); 1623 /* QEMU console emulation */ 1624 if (down) { 1625 switch (keycode) { 1626 case 0x2a: /* Left Shift */ 1627 case 0x36: /* Right Shift */ 1628 case 0x1d: /* Left CTRL */ 1629 case 0x9d: /* Right CTRL */ 1630 case 0x38: /* Left ALT */ 1631 case 0xb8: /* Right ALT */ 1632 break; 1633 case 0xc8: 1634 kbd_put_keysym(QEMU_KEY_UP); 1635 break; 1636 case 0xd0: 1637 kbd_put_keysym(QEMU_KEY_DOWN); 1638 break; 1639 case 0xcb: 1640 kbd_put_keysym(QEMU_KEY_LEFT); 1641 break; 1642 case 0xcd: 1643 kbd_put_keysym(QEMU_KEY_RIGHT); 1644 break; 1645 case 0xd3: 1646 kbd_put_keysym(QEMU_KEY_DELETE); 1647 break; 1648 case 0xc7: 1649 kbd_put_keysym(QEMU_KEY_HOME); 1650 break; 1651 case 0xcf: 1652 kbd_put_keysym(QEMU_KEY_END); 1653 break; 1654 case 0xc9: 1655 kbd_put_keysym(QEMU_KEY_PAGEUP); 1656 break; 1657 case 0xd1: 1658 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1659 break; 1660 1661 case 0x47: 1662 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1663 break; 1664 case 0x48: 1665 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1666 break; 1667 case 0x49: 1668 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1669 break; 1670 case 0x4b: 1671 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1672 break; 1673 case 0x4c: 1674 kbd_put_keysym('5'); 1675 break; 1676 case 0x4d: 1677 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1678 break; 1679 case 0x4f: 1680 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1681 break; 1682 case 0x50: 1683 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1684 break; 1685 case 0x51: 1686 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1687 break; 1688 case 0x52: 1689 kbd_put_keysym('0'); 1690 break; 1691 case 0x53: 1692 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1693 break; 1694 1695 case 0xb5: 1696 kbd_put_keysym('/'); 1697 break; 1698 case 0x37: 1699 kbd_put_keysym('*'); 1700 break; 1701 case 0x4a: 1702 kbd_put_keysym('-'); 1703 break; 1704 case 0x4e: 1705 kbd_put_keysym('+'); 1706 break; 1707 case 0x9c: 1708 kbd_put_keysym('\n'); 1709 break; 1710 1711 default: 1712 if (control) { 1713 kbd_put_keysym(sym & 0x1f); 1714 } else { 1715 kbd_put_keysym(sym); 1716 } 1717 break; 1718 } 1719 } 1720 } 1721 } 1722 1723 static void vnc_release_modifiers(VncState *vs) 1724 { 1725 static const int keycodes[] = { 1726 /* shift, control, alt keys, both left & right */ 1727 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1728 }; 1729 int i, keycode; 1730 1731 if (!qemu_console_is_graphic(NULL)) { 1732 return; 1733 } 1734 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1735 keycode = keycodes[i]; 1736 if (!vs->modifiers_state[keycode]) { 1737 continue; 1738 } 1739 if (keycode & SCANCODE_GREY) { 1740 kbd_put_keycode(SCANCODE_EMUL0); 1741 } 1742 kbd_put_keycode(keycode | SCANCODE_UP); 1743 } 1744 } 1745 1746 static void key_event(VncState *vs, int down, uint32_t sym) 1747 { 1748 int keycode; 1749 int lsym = sym; 1750 1751 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1752 lsym = lsym - 'A' + 'a'; 1753 } 1754 1755 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1756 do_key_event(vs, down, keycode, sym); 1757 } 1758 1759 static void ext_key_event(VncState *vs, int down, 1760 uint32_t sym, uint16_t keycode) 1761 { 1762 /* if the user specifies a keyboard layout, always use it */ 1763 if (keyboard_layout) 1764 key_event(vs, down, sym); 1765 else 1766 do_key_event(vs, down, keycode, sym); 1767 } 1768 1769 static void framebuffer_update_request(VncState *vs, int incremental, 1770 int x_position, int y_position, 1771 int w, int h) 1772 { 1773 int i; 1774 const size_t width = surface_width(vs->vd->ds) / 16; 1775 const size_t height = surface_height(vs->vd->ds); 1776 1777 if (y_position > height) { 1778 y_position = height; 1779 } 1780 if (y_position + h >= height) { 1781 h = height - y_position; 1782 } 1783 1784 vs->need_update = 1; 1785 if (!incremental) { 1786 vs->force_update = 1; 1787 for (i = 0; i < h; i++) { 1788 bitmap_set(vs->dirty[y_position + i], 0, width); 1789 bitmap_clear(vs->dirty[y_position + i], width, 1790 VNC_DIRTY_BITS - width); 1791 } 1792 } 1793 } 1794 1795 static void send_ext_key_event_ack(VncState *vs) 1796 { 1797 vnc_lock_output(vs); 1798 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1799 vnc_write_u8(vs, 0); 1800 vnc_write_u16(vs, 1); 1801 vnc_framebuffer_update(vs, 0, 0, 1802 surface_width(vs->vd->ds), 1803 surface_height(vs->vd->ds), 1804 VNC_ENCODING_EXT_KEY_EVENT); 1805 vnc_unlock_output(vs); 1806 vnc_flush(vs); 1807 } 1808 1809 static void send_ext_audio_ack(VncState *vs) 1810 { 1811 vnc_lock_output(vs); 1812 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1813 vnc_write_u8(vs, 0); 1814 vnc_write_u16(vs, 1); 1815 vnc_framebuffer_update(vs, 0, 0, 1816 surface_width(vs->vd->ds), 1817 surface_height(vs->vd->ds), 1818 VNC_ENCODING_AUDIO); 1819 vnc_unlock_output(vs); 1820 vnc_flush(vs); 1821 } 1822 1823 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1824 { 1825 int i; 1826 unsigned int enc = 0; 1827 1828 vs->features = 0; 1829 vs->vnc_encoding = 0; 1830 vs->tight.compression = 9; 1831 vs->tight.quality = -1; /* Lossless by default */ 1832 vs->absolute = -1; 1833 1834 /* 1835 * Start from the end because the encodings are sent in order of preference. 1836 * This way the preferred encoding (first encoding defined in the array) 1837 * will be set at the end of the loop. 1838 */ 1839 for (i = n_encodings - 1; i >= 0; i--) { 1840 enc = encodings[i]; 1841 switch (enc) { 1842 case VNC_ENCODING_RAW: 1843 vs->vnc_encoding = enc; 1844 break; 1845 case VNC_ENCODING_COPYRECT: 1846 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1847 break; 1848 case VNC_ENCODING_HEXTILE: 1849 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1850 vs->vnc_encoding = enc; 1851 break; 1852 case VNC_ENCODING_TIGHT: 1853 vs->features |= VNC_FEATURE_TIGHT_MASK; 1854 vs->vnc_encoding = enc; 1855 break; 1856 #ifdef CONFIG_VNC_PNG 1857 case VNC_ENCODING_TIGHT_PNG: 1858 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1859 vs->vnc_encoding = enc; 1860 break; 1861 #endif 1862 case VNC_ENCODING_ZLIB: 1863 vs->features |= VNC_FEATURE_ZLIB_MASK; 1864 vs->vnc_encoding = enc; 1865 break; 1866 case VNC_ENCODING_ZRLE: 1867 vs->features |= VNC_FEATURE_ZRLE_MASK; 1868 vs->vnc_encoding = enc; 1869 break; 1870 case VNC_ENCODING_ZYWRLE: 1871 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1872 vs->vnc_encoding = enc; 1873 break; 1874 case VNC_ENCODING_DESKTOPRESIZE: 1875 vs->features |= VNC_FEATURE_RESIZE_MASK; 1876 break; 1877 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1878 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1879 break; 1880 case VNC_ENCODING_RICH_CURSOR: 1881 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1882 break; 1883 case VNC_ENCODING_EXT_KEY_EVENT: 1884 send_ext_key_event_ack(vs); 1885 break; 1886 case VNC_ENCODING_AUDIO: 1887 send_ext_audio_ack(vs); 1888 break; 1889 case VNC_ENCODING_WMVi: 1890 vs->features |= VNC_FEATURE_WMVI_MASK; 1891 break; 1892 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1893 vs->tight.compression = (enc & 0x0F); 1894 break; 1895 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1896 if (vs->vd->lossy) { 1897 vs->tight.quality = (enc & 0x0F); 1898 } 1899 break; 1900 default: 1901 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1902 break; 1903 } 1904 } 1905 vnc_desktop_resize(vs); 1906 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1907 } 1908 1909 static void set_pixel_conversion(VncState *vs) 1910 { 1911 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 1912 1913 if (fmt == VNC_SERVER_FB_FORMAT) { 1914 vs->write_pixels = vnc_write_pixels_copy; 1915 vnc_hextile_set_pixel_conversion(vs, 0); 1916 } else { 1917 vs->write_pixels = vnc_write_pixels_generic; 1918 vnc_hextile_set_pixel_conversion(vs, 1); 1919 } 1920 } 1921 1922 static void set_pixel_format(VncState *vs, 1923 int bits_per_pixel, int depth, 1924 int big_endian_flag, int true_color_flag, 1925 int red_max, int green_max, int blue_max, 1926 int red_shift, int green_shift, int blue_shift) 1927 { 1928 if (!true_color_flag) { 1929 vnc_client_error(vs); 1930 return; 1931 } 1932 1933 vs->client_pf.rmax = red_max; 1934 vs->client_pf.rbits = hweight_long(red_max); 1935 vs->client_pf.rshift = red_shift; 1936 vs->client_pf.rmask = red_max << red_shift; 1937 vs->client_pf.gmax = green_max; 1938 vs->client_pf.gbits = hweight_long(green_max); 1939 vs->client_pf.gshift = green_shift; 1940 vs->client_pf.gmask = green_max << green_shift; 1941 vs->client_pf.bmax = blue_max; 1942 vs->client_pf.bbits = hweight_long(blue_max); 1943 vs->client_pf.bshift = blue_shift; 1944 vs->client_pf.bmask = blue_max << blue_shift; 1945 vs->client_pf.bits_per_pixel = bits_per_pixel; 1946 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 1947 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 1948 vs->client_be = big_endian_flag; 1949 1950 set_pixel_conversion(vs); 1951 1952 graphic_hw_invalidate(NULL); 1953 graphic_hw_update(NULL); 1954 } 1955 1956 static void pixel_format_message (VncState *vs) { 1957 char pad[3] = { 0, 0, 0 }; 1958 1959 vs->client_pf = qemu_default_pixelformat(32); 1960 1961 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 1962 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 1963 1964 #ifdef HOST_WORDS_BIGENDIAN 1965 vnc_write_u8(vs, 1); /* big-endian-flag */ 1966 #else 1967 vnc_write_u8(vs, 0); /* big-endian-flag */ 1968 #endif 1969 vnc_write_u8(vs, 1); /* true-color-flag */ 1970 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 1971 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 1972 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 1973 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 1974 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 1975 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 1976 vnc_write(vs, pad, 3); /* padding */ 1977 1978 vnc_hextile_set_pixel_conversion(vs, 0); 1979 vs->write_pixels = vnc_write_pixels_copy; 1980 } 1981 1982 static void vnc_colordepth(VncState *vs) 1983 { 1984 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 1985 /* Sending a WMVi message to notify the client*/ 1986 vnc_lock_output(vs); 1987 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1988 vnc_write_u8(vs, 0); 1989 vnc_write_u16(vs, 1); /* number of rects */ 1990 vnc_framebuffer_update(vs, 0, 0, 1991 surface_width(vs->vd->ds), 1992 surface_height(vs->vd->ds), 1993 VNC_ENCODING_WMVi); 1994 pixel_format_message(vs); 1995 vnc_unlock_output(vs); 1996 vnc_flush(vs); 1997 } else { 1998 set_pixel_conversion(vs); 1999 } 2000 } 2001 2002 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2003 { 2004 int i; 2005 uint16_t limit; 2006 VncDisplay *vd = vs->vd; 2007 2008 if (data[0] > 3) { 2009 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2010 } 2011 2012 switch (data[0]) { 2013 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2014 if (len == 1) 2015 return 20; 2016 2017 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 2018 read_u8(data, 6), read_u8(data, 7), 2019 read_u16(data, 8), read_u16(data, 10), 2020 read_u16(data, 12), read_u8(data, 14), 2021 read_u8(data, 15), read_u8(data, 16)); 2022 break; 2023 case VNC_MSG_CLIENT_SET_ENCODINGS: 2024 if (len == 1) 2025 return 4; 2026 2027 if (len == 4) { 2028 limit = read_u16(data, 2); 2029 if (limit > 0) 2030 return 4 + (limit * 4); 2031 } else 2032 limit = read_u16(data, 2); 2033 2034 for (i = 0; i < limit; i++) { 2035 int32_t val = read_s32(data, 4 + (i * 4)); 2036 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2037 } 2038 2039 set_encodings(vs, (int32_t *)(data + 4), limit); 2040 break; 2041 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2042 if (len == 1) 2043 return 10; 2044 2045 framebuffer_update_request(vs, 2046 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2047 read_u16(data, 6), read_u16(data, 8)); 2048 break; 2049 case VNC_MSG_CLIENT_KEY_EVENT: 2050 if (len == 1) 2051 return 8; 2052 2053 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2054 break; 2055 case VNC_MSG_CLIENT_POINTER_EVENT: 2056 if (len == 1) 2057 return 6; 2058 2059 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2060 break; 2061 case VNC_MSG_CLIENT_CUT_TEXT: 2062 if (len == 1) 2063 return 8; 2064 2065 if (len == 8) { 2066 uint32_t dlen = read_u32(data, 4); 2067 if (dlen > 0) 2068 return 8 + dlen; 2069 } 2070 2071 client_cut_text(vs, read_u32(data, 4), data + 8); 2072 break; 2073 case VNC_MSG_CLIENT_QEMU: 2074 if (len == 1) 2075 return 2; 2076 2077 switch (read_u8(data, 1)) { 2078 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2079 if (len == 2) 2080 return 12; 2081 2082 ext_key_event(vs, read_u16(data, 2), 2083 read_u32(data, 4), read_u32(data, 8)); 2084 break; 2085 case VNC_MSG_CLIENT_QEMU_AUDIO: 2086 if (len == 2) 2087 return 4; 2088 2089 switch (read_u16 (data, 2)) { 2090 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2091 audio_add(vs); 2092 break; 2093 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2094 audio_del(vs); 2095 break; 2096 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2097 if (len == 4) 2098 return 10; 2099 switch (read_u8(data, 4)) { 2100 case 0: vs->as.fmt = AUD_FMT_U8; break; 2101 case 1: vs->as.fmt = AUD_FMT_S8; break; 2102 case 2: vs->as.fmt = AUD_FMT_U16; break; 2103 case 3: vs->as.fmt = AUD_FMT_S16; break; 2104 case 4: vs->as.fmt = AUD_FMT_U32; break; 2105 case 5: vs->as.fmt = AUD_FMT_S32; break; 2106 default: 2107 printf("Invalid audio format %d\n", read_u8(data, 4)); 2108 vnc_client_error(vs); 2109 break; 2110 } 2111 vs->as.nchannels = read_u8(data, 5); 2112 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2113 printf("Invalid audio channel coount %d\n", 2114 read_u8(data, 5)); 2115 vnc_client_error(vs); 2116 break; 2117 } 2118 vs->as.freq = read_u32(data, 6); 2119 break; 2120 default: 2121 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2122 vnc_client_error(vs); 2123 break; 2124 } 2125 break; 2126 2127 default: 2128 printf("Msg: %d\n", read_u16(data, 0)); 2129 vnc_client_error(vs); 2130 break; 2131 } 2132 break; 2133 default: 2134 printf("Msg: %d\n", data[0]); 2135 vnc_client_error(vs); 2136 break; 2137 } 2138 2139 vnc_read_when(vs, protocol_client_msg, 1); 2140 return 0; 2141 } 2142 2143 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2144 { 2145 char buf[1024]; 2146 VncShareMode mode; 2147 int size; 2148 2149 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2150 switch (vs->vd->share_policy) { 2151 case VNC_SHARE_POLICY_IGNORE: 2152 /* 2153 * Ignore the shared flag. Nothing to do here. 2154 * 2155 * Doesn't conform to the rfb spec but is traditional qemu 2156 * behavior, thus left here as option for compatibility 2157 * reasons. 2158 */ 2159 break; 2160 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2161 /* 2162 * Policy: Allow clients ask for exclusive access. 2163 * 2164 * Implementation: When a client asks for exclusive access, 2165 * disconnect all others. Shared connects are allowed as long 2166 * as no exclusive connection exists. 2167 * 2168 * This is how the rfb spec suggests to handle the shared flag. 2169 */ 2170 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2171 VncState *client; 2172 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2173 if (vs == client) { 2174 continue; 2175 } 2176 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2177 client->share_mode != VNC_SHARE_MODE_SHARED) { 2178 continue; 2179 } 2180 vnc_disconnect_start(client); 2181 } 2182 } 2183 if (mode == VNC_SHARE_MODE_SHARED) { 2184 if (vs->vd->num_exclusive > 0) { 2185 vnc_disconnect_start(vs); 2186 return 0; 2187 } 2188 } 2189 break; 2190 case VNC_SHARE_POLICY_FORCE_SHARED: 2191 /* 2192 * Policy: Shared connects only. 2193 * Implementation: Disallow clients asking for exclusive access. 2194 * 2195 * Useful for shared desktop sessions where you don't want 2196 * someone forgetting to say -shared when running the vnc 2197 * client disconnect everybody else. 2198 */ 2199 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2200 vnc_disconnect_start(vs); 2201 return 0; 2202 } 2203 break; 2204 } 2205 vnc_set_share_mode(vs, mode); 2206 2207 vs->client_width = surface_width(vs->vd->ds); 2208 vs->client_height = surface_height(vs->vd->ds); 2209 vnc_write_u16(vs, vs->client_width); 2210 vnc_write_u16(vs, vs->client_height); 2211 2212 pixel_format_message(vs); 2213 2214 if (qemu_name) 2215 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2216 else 2217 size = snprintf(buf, sizeof(buf), "QEMU"); 2218 2219 vnc_write_u32(vs, size); 2220 vnc_write(vs, buf, size); 2221 vnc_flush(vs); 2222 2223 vnc_client_cache_auth(vs); 2224 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2225 2226 vnc_read_when(vs, protocol_client_msg, 1); 2227 2228 return 0; 2229 } 2230 2231 void start_client_init(VncState *vs) 2232 { 2233 vnc_read_when(vs, protocol_client_init, 1); 2234 } 2235 2236 static void make_challenge(VncState *vs) 2237 { 2238 int i; 2239 2240 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2241 2242 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2243 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2244 } 2245 2246 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2247 { 2248 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2249 int i, j, pwlen; 2250 unsigned char key[8]; 2251 time_t now = time(NULL); 2252 2253 if (!vs->vd->password) { 2254 VNC_DEBUG("No password configured on server"); 2255 goto reject; 2256 } 2257 if (vs->vd->expires < now) { 2258 VNC_DEBUG("Password is expired"); 2259 goto reject; 2260 } 2261 2262 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2263 2264 /* Calculate the expected challenge response */ 2265 pwlen = strlen(vs->vd->password); 2266 for (i=0; i<sizeof(key); i++) 2267 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2268 deskey(key, EN0); 2269 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2270 des(response+j, response+j); 2271 2272 /* Compare expected vs actual challenge response */ 2273 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2274 VNC_DEBUG("Client challenge response did not match\n"); 2275 goto reject; 2276 } else { 2277 VNC_DEBUG("Accepting VNC challenge response\n"); 2278 vnc_write_u32(vs, 0); /* Accept auth */ 2279 vnc_flush(vs); 2280 2281 start_client_init(vs); 2282 } 2283 return 0; 2284 2285 reject: 2286 vnc_write_u32(vs, 1); /* Reject auth */ 2287 if (vs->minor >= 8) { 2288 static const char err[] = "Authentication failed"; 2289 vnc_write_u32(vs, sizeof(err)); 2290 vnc_write(vs, err, sizeof(err)); 2291 } 2292 vnc_flush(vs); 2293 vnc_client_error(vs); 2294 return 0; 2295 } 2296 2297 void start_auth_vnc(VncState *vs) 2298 { 2299 make_challenge(vs); 2300 /* Send client a 'random' challenge */ 2301 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2302 vnc_flush(vs); 2303 2304 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2305 } 2306 2307 2308 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2309 { 2310 /* We only advertise 1 auth scheme at a time, so client 2311 * must pick the one we sent. Verify this */ 2312 if (data[0] != vs->auth) { /* Reject auth */ 2313 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2314 vnc_write_u32(vs, 1); 2315 if (vs->minor >= 8) { 2316 static const char err[] = "Authentication failed"; 2317 vnc_write_u32(vs, sizeof(err)); 2318 vnc_write(vs, err, sizeof(err)); 2319 } 2320 vnc_client_error(vs); 2321 } else { /* Accept requested auth */ 2322 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2323 switch (vs->auth) { 2324 case VNC_AUTH_NONE: 2325 VNC_DEBUG("Accept auth none\n"); 2326 if (vs->minor >= 8) { 2327 vnc_write_u32(vs, 0); /* Accept auth completion */ 2328 vnc_flush(vs); 2329 } 2330 start_client_init(vs); 2331 break; 2332 2333 case VNC_AUTH_VNC: 2334 VNC_DEBUG("Start VNC auth\n"); 2335 start_auth_vnc(vs); 2336 break; 2337 2338 #ifdef CONFIG_VNC_TLS 2339 case VNC_AUTH_VENCRYPT: 2340 VNC_DEBUG("Accept VeNCrypt auth\n"); 2341 start_auth_vencrypt(vs); 2342 break; 2343 #endif /* CONFIG_VNC_TLS */ 2344 2345 #ifdef CONFIG_VNC_SASL 2346 case VNC_AUTH_SASL: 2347 VNC_DEBUG("Accept SASL auth\n"); 2348 start_auth_sasl(vs); 2349 break; 2350 #endif /* CONFIG_VNC_SASL */ 2351 2352 default: /* Should not be possible, but just in case */ 2353 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2354 vnc_write_u8(vs, 1); 2355 if (vs->minor >= 8) { 2356 static const char err[] = "Authentication failed"; 2357 vnc_write_u32(vs, sizeof(err)); 2358 vnc_write(vs, err, sizeof(err)); 2359 } 2360 vnc_client_error(vs); 2361 } 2362 } 2363 return 0; 2364 } 2365 2366 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2367 { 2368 char local[13]; 2369 2370 memcpy(local, version, 12); 2371 local[12] = 0; 2372 2373 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2374 VNC_DEBUG("Malformed protocol version %s\n", local); 2375 vnc_client_error(vs); 2376 return 0; 2377 } 2378 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2379 if (vs->major != 3 || 2380 (vs->minor != 3 && 2381 vs->minor != 4 && 2382 vs->minor != 5 && 2383 vs->minor != 7 && 2384 vs->minor != 8)) { 2385 VNC_DEBUG("Unsupported client version\n"); 2386 vnc_write_u32(vs, VNC_AUTH_INVALID); 2387 vnc_flush(vs); 2388 vnc_client_error(vs); 2389 return 0; 2390 } 2391 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2392 * as equivalent to v3.3 by servers 2393 */ 2394 if (vs->minor == 4 || vs->minor == 5) 2395 vs->minor = 3; 2396 2397 if (vs->minor == 3) { 2398 if (vs->auth == VNC_AUTH_NONE) { 2399 VNC_DEBUG("Tell client auth none\n"); 2400 vnc_write_u32(vs, vs->auth); 2401 vnc_flush(vs); 2402 start_client_init(vs); 2403 } else if (vs->auth == VNC_AUTH_VNC) { 2404 VNC_DEBUG("Tell client VNC auth\n"); 2405 vnc_write_u32(vs, vs->auth); 2406 vnc_flush(vs); 2407 start_auth_vnc(vs); 2408 } else { 2409 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2410 vnc_write_u32(vs, VNC_AUTH_INVALID); 2411 vnc_flush(vs); 2412 vnc_client_error(vs); 2413 } 2414 } else { 2415 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2416 vnc_write_u8(vs, 1); /* num auth */ 2417 vnc_write_u8(vs, vs->auth); 2418 vnc_read_when(vs, protocol_client_auth, 1); 2419 vnc_flush(vs); 2420 } 2421 2422 return 0; 2423 } 2424 2425 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2426 { 2427 struct VncSurface *vs = &vd->guest; 2428 2429 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2430 } 2431 2432 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2433 { 2434 int i, j; 2435 2436 w = (x + w) / VNC_STAT_RECT; 2437 h = (y + h) / VNC_STAT_RECT; 2438 x /= VNC_STAT_RECT; 2439 y /= VNC_STAT_RECT; 2440 2441 for (j = y; j <= h; j++) { 2442 for (i = x; i <= w; i++) { 2443 vs->lossy_rect[j][i] = 1; 2444 } 2445 } 2446 } 2447 2448 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2449 { 2450 VncState *vs; 2451 int sty = y / VNC_STAT_RECT; 2452 int stx = x / VNC_STAT_RECT; 2453 int has_dirty = 0; 2454 2455 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2456 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2457 2458 QTAILQ_FOREACH(vs, &vd->clients, next) { 2459 int j; 2460 2461 /* kernel send buffers are full -> refresh later */ 2462 if (vs->output.offset) { 2463 continue; 2464 } 2465 2466 if (!vs->lossy_rect[sty][stx]) { 2467 continue; 2468 } 2469 2470 vs->lossy_rect[sty][stx] = 0; 2471 for (j = 0; j < VNC_STAT_RECT; ++j) { 2472 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16); 2473 } 2474 has_dirty++; 2475 } 2476 2477 return has_dirty; 2478 } 2479 2480 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2481 { 2482 int width = pixman_image_get_width(vd->guest.fb); 2483 int height = pixman_image_get_height(vd->guest.fb); 2484 int x, y; 2485 struct timeval res; 2486 int has_dirty = 0; 2487 2488 for (y = 0; y < height; y += VNC_STAT_RECT) { 2489 for (x = 0; x < width; x += VNC_STAT_RECT) { 2490 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2491 2492 rect->updated = false; 2493 } 2494 } 2495 2496 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2497 2498 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2499 return has_dirty; 2500 } 2501 vd->guest.last_freq_check = *tv; 2502 2503 for (y = 0; y < height; y += VNC_STAT_RECT) { 2504 for (x = 0; x < width; x += VNC_STAT_RECT) { 2505 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2506 int count = ARRAY_SIZE(rect->times); 2507 struct timeval min, max; 2508 2509 if (!timerisset(&rect->times[count - 1])) { 2510 continue ; 2511 } 2512 2513 max = rect->times[(rect->idx + count - 1) % count]; 2514 qemu_timersub(tv, &max, &res); 2515 2516 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2517 rect->freq = 0; 2518 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2519 memset(rect->times, 0, sizeof (rect->times)); 2520 continue ; 2521 } 2522 2523 min = rect->times[rect->idx]; 2524 max = rect->times[(rect->idx + count - 1) % count]; 2525 qemu_timersub(&max, &min, &res); 2526 2527 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2528 rect->freq /= count; 2529 rect->freq = 1. / rect->freq; 2530 } 2531 } 2532 return has_dirty; 2533 } 2534 2535 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2536 { 2537 int i, j; 2538 double total = 0; 2539 int num = 0; 2540 2541 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2542 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2543 2544 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2545 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2546 total += vnc_stat_rect(vs->vd, i, j)->freq; 2547 num++; 2548 } 2549 } 2550 2551 if (num) { 2552 return total / num; 2553 } else { 2554 return 0; 2555 } 2556 } 2557 2558 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2559 { 2560 VncRectStat *rect; 2561 2562 rect = vnc_stat_rect(vd, x, y); 2563 if (rect->updated) { 2564 return ; 2565 } 2566 rect->times[rect->idx] = *tv; 2567 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2568 rect->updated = true; 2569 } 2570 2571 static int vnc_refresh_server_surface(VncDisplay *vd) 2572 { 2573 int width = pixman_image_get_width(vd->guest.fb); 2574 int height = pixman_image_get_height(vd->guest.fb); 2575 int y; 2576 uint8_t *guest_row; 2577 uint8_t *server_row; 2578 int cmp_bytes; 2579 VncState *vs; 2580 int has_dirty = 0; 2581 pixman_image_t *tmpbuf = NULL; 2582 2583 struct timeval tv = { 0, 0 }; 2584 2585 if (!vd->non_adaptive) { 2586 gettimeofday(&tv, NULL); 2587 has_dirty = vnc_update_stats(vd, &tv); 2588 } 2589 2590 /* 2591 * Walk through the guest dirty map. 2592 * Check and copy modified bits from guest to server surface. 2593 * Update server dirty map. 2594 */ 2595 cmp_bytes = 64; 2596 if (cmp_bytes > vnc_server_fb_stride(vd)) { 2597 cmp_bytes = vnc_server_fb_stride(vd); 2598 } 2599 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2600 int width = pixman_image_get_width(vd->server); 2601 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2602 } 2603 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2604 server_row = (uint8_t *)pixman_image_get_data(vd->server); 2605 for (y = 0; y < height; y++) { 2606 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) { 2607 int x; 2608 uint8_t *guest_ptr; 2609 uint8_t *server_ptr; 2610 2611 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2612 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2613 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2614 } else { 2615 guest_ptr = guest_row; 2616 } 2617 server_ptr = server_row; 2618 2619 for (x = 0; x + 15 < width; 2620 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2621 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y])) 2622 continue; 2623 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2624 continue; 2625 memcpy(server_ptr, guest_ptr, cmp_bytes); 2626 if (!vd->non_adaptive) 2627 vnc_rect_updated(vd, x, y, &tv); 2628 QTAILQ_FOREACH(vs, &vd->clients, next) { 2629 set_bit((x / 16), vs->dirty[y]); 2630 } 2631 has_dirty++; 2632 } 2633 } 2634 guest_row += pixman_image_get_stride(vd->guest.fb); 2635 server_row += pixman_image_get_stride(vd->server); 2636 } 2637 qemu_pixman_image_unref(tmpbuf); 2638 return has_dirty; 2639 } 2640 2641 static void vnc_refresh(DisplayChangeListener *dcl) 2642 { 2643 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2644 VncState *vs, *vn; 2645 int has_dirty, rects = 0; 2646 2647 graphic_hw_update(NULL); 2648 2649 if (vnc_trylock_display(vd)) { 2650 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2651 return; 2652 } 2653 2654 has_dirty = vnc_refresh_server_surface(vd); 2655 vnc_unlock_display(vd); 2656 2657 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2658 rects += vnc_update_client(vs, has_dirty); 2659 /* vs might be free()ed here */ 2660 } 2661 2662 if (QTAILQ_EMPTY(&vd->clients)) { 2663 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2664 return; 2665 } 2666 2667 if (has_dirty && rects) { 2668 vd->dcl.update_interval /= 2; 2669 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2670 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2671 } 2672 } else { 2673 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2674 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2675 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2676 } 2677 } 2678 } 2679 2680 static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket) 2681 { 2682 VncState *vs = g_malloc0(sizeof(VncState)); 2683 int i; 2684 2685 vs->csock = csock; 2686 2687 if (skipauth) { 2688 vs->auth = VNC_AUTH_NONE; 2689 #ifdef CONFIG_VNC_TLS 2690 vs->subauth = VNC_AUTH_INVALID; 2691 #endif 2692 } else { 2693 vs->auth = vd->auth; 2694 #ifdef CONFIG_VNC_TLS 2695 vs->subauth = vd->subauth; 2696 #endif 2697 } 2698 2699 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2700 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2701 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2702 } 2703 2704 VNC_DEBUG("New client on socket %d\n", csock); 2705 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2706 qemu_set_nonblock(vs->csock); 2707 #ifdef CONFIG_VNC_WS 2708 if (websocket) { 2709 vs->websocket = 1; 2710 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs); 2711 } else 2712 #endif /* CONFIG_VNC_WS */ 2713 { 2714 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2715 } 2716 2717 vnc_client_cache_addr(vs); 2718 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2719 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2720 2721 vs->vd = vd; 2722 2723 #ifdef CONFIG_VNC_WS 2724 if (!vs->websocket) 2725 #endif 2726 { 2727 vnc_init_state(vs); 2728 } 2729 } 2730 2731 void vnc_init_state(VncState *vs) 2732 { 2733 vs->initialized = true; 2734 VncDisplay *vd = vs->vd; 2735 2736 vs->last_x = -1; 2737 vs->last_y = -1; 2738 2739 vs->as.freq = 44100; 2740 vs->as.nchannels = 2; 2741 vs->as.fmt = AUD_FMT_S16; 2742 vs->as.endianness = 0; 2743 2744 qemu_mutex_init(&vs->output_mutex); 2745 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2746 2747 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2748 2749 graphic_hw_update(NULL); 2750 2751 vnc_write(vs, "RFB 003.008\n", 12); 2752 vnc_flush(vs); 2753 vnc_read_when(vs, protocol_version, 12); 2754 reset_keys(vs); 2755 if (vs->vd->lock_key_sync) 2756 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2757 2758 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2759 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2760 2761 /* vs might be free()ed here */ 2762 } 2763 2764 static void vnc_listen_read(void *opaque, bool websocket) 2765 { 2766 VncDisplay *vs = opaque; 2767 struct sockaddr_in addr; 2768 socklen_t addrlen = sizeof(addr); 2769 int csock; 2770 2771 /* Catch-up */ 2772 graphic_hw_update(NULL); 2773 #ifdef CONFIG_VNC_WS 2774 if (websocket) { 2775 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen); 2776 } else 2777 #endif /* CONFIG_VNC_WS */ 2778 { 2779 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2780 } 2781 2782 if (csock != -1) { 2783 vnc_connect(vs, csock, 0, websocket); 2784 } 2785 } 2786 2787 static void vnc_listen_regular_read(void *opaque) 2788 { 2789 vnc_listen_read(opaque, 0); 2790 } 2791 2792 #ifdef CONFIG_VNC_WS 2793 static void vnc_listen_websocket_read(void *opaque) 2794 { 2795 vnc_listen_read(opaque, 1); 2796 } 2797 #endif /* CONFIG_VNC_WS */ 2798 2799 static const DisplayChangeListenerOps dcl_ops = { 2800 .dpy_name = "vnc", 2801 .dpy_refresh = vnc_refresh, 2802 .dpy_gfx_copy = vnc_dpy_copy, 2803 .dpy_gfx_update = vnc_dpy_update, 2804 .dpy_gfx_switch = vnc_dpy_switch, 2805 .dpy_mouse_set = vnc_mouse_set, 2806 .dpy_cursor_define = vnc_dpy_cursor_define, 2807 }; 2808 2809 void vnc_display_init(DisplayState *ds) 2810 { 2811 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2812 2813 vnc_display = vs; 2814 2815 vs->lsock = -1; 2816 #ifdef CONFIG_VNC_WS 2817 vs->lwebsock = -1; 2818 #endif 2819 2820 QTAILQ_INIT(&vs->clients); 2821 vs->expires = TIME_MAX; 2822 2823 if (keyboard_layout) 2824 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2825 else 2826 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2827 2828 if (!vs->kbd_layout) 2829 exit(1); 2830 2831 qemu_mutex_init(&vs->mutex); 2832 vnc_start_worker_thread(); 2833 2834 vs->dcl.ops = &dcl_ops; 2835 register_displaychangelistener(ds, &vs->dcl); 2836 } 2837 2838 2839 static void vnc_display_close(DisplayState *ds) 2840 { 2841 VncDisplay *vs = vnc_display; 2842 2843 if (!vs) 2844 return; 2845 if (vs->display) { 2846 g_free(vs->display); 2847 vs->display = NULL; 2848 } 2849 if (vs->lsock != -1) { 2850 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2851 close(vs->lsock); 2852 vs->lsock = -1; 2853 } 2854 #ifdef CONFIG_VNC_WS 2855 g_free(vs->ws_display); 2856 vs->ws_display = NULL; 2857 if (vs->lwebsock != -1) { 2858 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL); 2859 close(vs->lwebsock); 2860 vs->lwebsock = -1; 2861 } 2862 #endif /* CONFIG_VNC_WS */ 2863 vs->auth = VNC_AUTH_INVALID; 2864 #ifdef CONFIG_VNC_TLS 2865 vs->subauth = VNC_AUTH_INVALID; 2866 vs->tls.x509verify = 0; 2867 #endif 2868 } 2869 2870 static int vnc_display_disable_login(DisplayState *ds) 2871 { 2872 VncDisplay *vs = vnc_display; 2873 2874 if (!vs) { 2875 return -1; 2876 } 2877 2878 if (vs->password) { 2879 g_free(vs->password); 2880 } 2881 2882 vs->password = NULL; 2883 if (vs->auth == VNC_AUTH_NONE) { 2884 vs->auth = VNC_AUTH_VNC; 2885 } 2886 2887 return 0; 2888 } 2889 2890 int vnc_display_password(DisplayState *ds, const char *password) 2891 { 2892 VncDisplay *vs = vnc_display; 2893 2894 if (!vs) { 2895 return -EINVAL; 2896 } 2897 2898 if (!password) { 2899 /* This is not the intention of this interface but err on the side 2900 of being safe */ 2901 return vnc_display_disable_login(ds); 2902 } 2903 2904 if (vs->password) { 2905 g_free(vs->password); 2906 vs->password = NULL; 2907 } 2908 vs->password = g_strdup(password); 2909 if (vs->auth == VNC_AUTH_NONE) { 2910 vs->auth = VNC_AUTH_VNC; 2911 } 2912 2913 return 0; 2914 } 2915 2916 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 2917 { 2918 VncDisplay *vs = vnc_display; 2919 2920 if (!vs) { 2921 return -EINVAL; 2922 } 2923 2924 vs->expires = expires; 2925 return 0; 2926 } 2927 2928 char *vnc_display_local_addr(DisplayState *ds) 2929 { 2930 VncDisplay *vs = vnc_display; 2931 2932 return vnc_socket_local_addr("%s:%s", vs->lsock); 2933 } 2934 2935 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 2936 { 2937 VncDisplay *vs = vnc_display; 2938 const char *options; 2939 int password = 0; 2940 int reverse = 0; 2941 #ifdef CONFIG_VNC_TLS 2942 int tls = 0, x509 = 0; 2943 #endif 2944 #ifdef CONFIG_VNC_SASL 2945 int sasl = 0; 2946 int saslErr; 2947 #endif 2948 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2949 int acl = 0; 2950 #endif 2951 int lock_key_sync = 1; 2952 2953 if (!vnc_display) { 2954 error_setg(errp, "VNC display not active"); 2955 return; 2956 } 2957 vnc_display_close(ds); 2958 if (strcmp(display, "none") == 0) 2959 return; 2960 2961 vs->display = g_strdup(display); 2962 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2963 2964 options = display; 2965 while ((options = strchr(options, ','))) { 2966 options++; 2967 if (strncmp(options, "password", 8) == 0) { 2968 if (fips_get_state()) { 2969 error_setg(errp, 2970 "VNC password auth disabled due to FIPS mode, " 2971 "consider using the VeNCrypt or SASL authentication " 2972 "methods as an alternative"); 2973 goto fail; 2974 } 2975 password = 1; /* Require password auth */ 2976 } else if (strncmp(options, "reverse", 7) == 0) { 2977 reverse = 1; 2978 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 2979 lock_key_sync = 0; 2980 #ifdef CONFIG_VNC_SASL 2981 } else if (strncmp(options, "sasl", 4) == 0) { 2982 sasl = 1; /* Require SASL auth */ 2983 #endif 2984 #ifdef CONFIG_VNC_WS 2985 } else if (strncmp(options, "websocket", 9) == 0) { 2986 char *start, *end; 2987 vs->websocket = 1; 2988 2989 /* Check for 'websocket=<port>' */ 2990 start = strchr(options, '='); 2991 end = strchr(options, ','); 2992 if (start && (!end || (start < end))) { 2993 int len = end ? end-(start+1) : strlen(start+1); 2994 if (len < 6) { 2995 /* extract the host specification from display */ 2996 char *host = NULL, *port = NULL, *host_end = NULL; 2997 port = g_strndup(start + 1, len); 2998 2999 /* ipv6 hosts have colons */ 3000 end = strchr(display, ','); 3001 host_end = g_strrstr_len(display, end - display, ":"); 3002 3003 if (host_end) { 3004 host = g_strndup(display, host_end - display + 1); 3005 } else { 3006 host = g_strndup(":", 1); 3007 } 3008 vs->ws_display = g_strconcat(host, port, NULL); 3009 g_free(host); 3010 g_free(port); 3011 } 3012 } 3013 #endif /* CONFIG_VNC_WS */ 3014 #ifdef CONFIG_VNC_TLS 3015 } else if (strncmp(options, "tls", 3) == 0) { 3016 tls = 1; /* Require TLS */ 3017 } else if (strncmp(options, "x509", 4) == 0) { 3018 char *start, *end; 3019 x509 = 1; /* Require x509 certificates */ 3020 if (strncmp(options, "x509verify", 10) == 0) 3021 vs->tls.x509verify = 1; /* ...and verify client certs */ 3022 3023 /* Now check for 'x509=/some/path' postfix 3024 * and use that to setup x509 certificate/key paths */ 3025 start = strchr(options, '='); 3026 end = strchr(options, ','); 3027 if (start && (!end || (start < end))) { 3028 int len = end ? end-(start+1) : strlen(start+1); 3029 char *path = g_strndup(start + 1, len); 3030 3031 VNC_DEBUG("Trying certificate path '%s'\n", path); 3032 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 3033 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 3034 g_free(path); 3035 goto fail; 3036 } 3037 g_free(path); 3038 } else { 3039 error_setg(errp, "No certificate path provided"); 3040 goto fail; 3041 } 3042 #endif 3043 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 3044 } else if (strncmp(options, "acl", 3) == 0) { 3045 acl = 1; 3046 #endif 3047 } else if (strncmp(options, "lossy", 5) == 0) { 3048 vs->lossy = true; 3049 } else if (strncmp(options, "non-adaptive", 12) == 0) { 3050 vs->non_adaptive = true; 3051 } else if (strncmp(options, "share=", 6) == 0) { 3052 if (strncmp(options+6, "ignore", 6) == 0) { 3053 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3054 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 3055 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3056 } else if (strncmp(options+6, "force-shared", 12) == 0) { 3057 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3058 } else { 3059 error_setg(errp, "unknown vnc share= option"); 3060 goto fail; 3061 } 3062 } 3063 } 3064 3065 #ifdef CONFIG_VNC_TLS 3066 if (acl && x509 && vs->tls.x509verify) { 3067 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 3068 fprintf(stderr, "Failed to create x509 dname ACL\n"); 3069 exit(1); 3070 } 3071 } 3072 #endif 3073 #ifdef CONFIG_VNC_SASL 3074 if (acl && sasl) { 3075 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 3076 fprintf(stderr, "Failed to create username ACL\n"); 3077 exit(1); 3078 } 3079 } 3080 #endif 3081 3082 /* 3083 * Combinations we support here: 3084 * 3085 * - no-auth (clear text, no auth) 3086 * - password (clear text, weak auth) 3087 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 3088 * - tls (encrypt, weak anonymous creds, no auth) 3089 * - tls + password (encrypt, weak anonymous creds, weak auth) 3090 * - tls + sasl (encrypt, weak anonymous creds, good auth) 3091 * - tls + x509 (encrypt, good x509 creds, no auth) 3092 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 3093 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 3094 * 3095 * NB1. TLS is a stackable auth scheme. 3096 * NB2. the x509 schemes have option to validate a client cert dname 3097 */ 3098 if (password) { 3099 #ifdef CONFIG_VNC_TLS 3100 if (tls) { 3101 vs->auth = VNC_AUTH_VENCRYPT; 3102 if (x509) { 3103 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3104 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3105 } else { 3106 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3107 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3108 } 3109 } else { 3110 #endif /* CONFIG_VNC_TLS */ 3111 VNC_DEBUG("Initializing VNC server with password auth\n"); 3112 vs->auth = VNC_AUTH_VNC; 3113 #ifdef CONFIG_VNC_TLS 3114 vs->subauth = VNC_AUTH_INVALID; 3115 } 3116 #endif /* CONFIG_VNC_TLS */ 3117 #ifdef CONFIG_VNC_SASL 3118 } else if (sasl) { 3119 #ifdef CONFIG_VNC_TLS 3120 if (tls) { 3121 vs->auth = VNC_AUTH_VENCRYPT; 3122 if (x509) { 3123 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3124 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3125 } else { 3126 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3127 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3128 } 3129 } else { 3130 #endif /* CONFIG_VNC_TLS */ 3131 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3132 vs->auth = VNC_AUTH_SASL; 3133 #ifdef CONFIG_VNC_TLS 3134 vs->subauth = VNC_AUTH_INVALID; 3135 } 3136 #endif /* CONFIG_VNC_TLS */ 3137 #endif /* CONFIG_VNC_SASL */ 3138 } else { 3139 #ifdef CONFIG_VNC_TLS 3140 if (tls) { 3141 vs->auth = VNC_AUTH_VENCRYPT; 3142 if (x509) { 3143 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3144 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3145 } else { 3146 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3147 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3148 } 3149 } else { 3150 #endif 3151 VNC_DEBUG("Initializing VNC server with no auth\n"); 3152 vs->auth = VNC_AUTH_NONE; 3153 #ifdef CONFIG_VNC_TLS 3154 vs->subauth = VNC_AUTH_INVALID; 3155 } 3156 #endif 3157 } 3158 3159 #ifdef CONFIG_VNC_SASL 3160 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3161 error_setg(errp, "Failed to initialize SASL auth: %s", 3162 sasl_errstring(saslErr, NULL, NULL)); 3163 goto fail; 3164 } 3165 #endif 3166 vs->lock_key_sync = lock_key_sync; 3167 3168 if (reverse) { 3169 /* connect to viewer */ 3170 int csock; 3171 vs->lsock = -1; 3172 #ifdef CONFIG_VNC_WS 3173 vs->lwebsock = -1; 3174 #endif 3175 if (strncmp(display, "unix:", 5) == 0) { 3176 csock = unix_connect(display+5, errp); 3177 } else { 3178 csock = inet_connect(display, errp); 3179 } 3180 if (csock < 0) { 3181 goto fail; 3182 } 3183 vnc_connect(vs, csock, 0, 0); 3184 } else { 3185 /* listen for connects */ 3186 char *dpy; 3187 dpy = g_malloc(256); 3188 if (strncmp(display, "unix:", 5) == 0) { 3189 pstrcpy(dpy, 256, "unix:"); 3190 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3191 } else { 3192 vs->lsock = inet_listen(display, dpy, 256, 3193 SOCK_STREAM, 5900, errp); 3194 if (vs->lsock < 0) { 3195 g_free(dpy); 3196 goto fail; 3197 } 3198 #ifdef CONFIG_VNC_WS 3199 if (vs->websocket) { 3200 if (vs->ws_display) { 3201 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256, 3202 SOCK_STREAM, 0, errp); 3203 } else { 3204 vs->lwebsock = inet_listen(vs->display, NULL, 256, 3205 SOCK_STREAM, 5700, errp); 3206 } 3207 3208 if (vs->lwebsock < 0) { 3209 if (vs->lsock) { 3210 close(vs->lsock); 3211 vs->lsock = -1; 3212 } 3213 g_free(dpy); 3214 goto fail; 3215 } 3216 } 3217 #endif /* CONFIG_VNC_WS */ 3218 } 3219 g_free(vs->display); 3220 vs->display = dpy; 3221 qemu_set_fd_handler2(vs->lsock, NULL, 3222 vnc_listen_regular_read, NULL, vs); 3223 #ifdef CONFIG_VNC_WS 3224 if (vs->websocket) { 3225 qemu_set_fd_handler2(vs->lwebsock, NULL, 3226 vnc_listen_websocket_read, NULL, vs); 3227 } 3228 #endif /* CONFIG_VNC_WS */ 3229 } 3230 return; 3231 3232 fail: 3233 g_free(vs->display); 3234 vs->display = NULL; 3235 #ifdef CONFIG_VNC_WS 3236 g_free(vs->ws_display); 3237 vs->ws_display = NULL; 3238 #endif /* CONFIG_VNC_WS */ 3239 } 3240 3241 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth) 3242 { 3243 VncDisplay *vs = vnc_display; 3244 3245 vnc_connect(vs, csock, skipauth, 0); 3246 } 3247