1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "vnc.h" 28 #include "vnc-jobs.h" 29 #include "sysemu.h" 30 #include "qemu_socket.h" 31 #include "qemu-timer.h" 32 #include "acl.h" 33 #include "qemu-objects.h" 34 #include "qmp-commands.h" 35 #include "osdep.h" 36 37 #define VNC_REFRESH_INTERVAL_BASE 30 38 #define VNC_REFRESH_INTERVAL_INC 50 39 #define VNC_REFRESH_INTERVAL_MAX 2000 40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 42 43 #include "vnc_keysym.h" 44 #include "d3des.h" 45 46 static VncDisplay *vnc_display; /* needed for info vnc */ 47 static DisplayChangeListener *dcl; 48 49 static int vnc_cursor_define(VncState *vs); 50 static void vnc_release_modifiers(VncState *vs); 51 52 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 53 { 54 #ifdef _VNC_DEBUG 55 static const char *mn[] = { 56 [0] = "undefined", 57 [VNC_SHARE_MODE_CONNECTING] = "connecting", 58 [VNC_SHARE_MODE_SHARED] = "shared", 59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 61 }; 62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__, 63 vs->csock, mn[vs->share_mode], mn[mode]); 64 #endif 65 66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 67 vs->vd->num_exclusive--; 68 } 69 vs->share_mode = mode; 70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) { 71 vs->vd->num_exclusive++; 72 } 73 } 74 75 static char *addr_to_string(const char *format, 76 struct sockaddr_storage *sa, 77 socklen_t salen) { 78 char *addr; 79 char host[NI_MAXHOST]; 80 char serv[NI_MAXSERV]; 81 int err; 82 size_t addrlen; 83 84 if ((err = getnameinfo((struct sockaddr *)sa, salen, 85 host, sizeof(host), 86 serv, sizeof(serv), 87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 88 VNC_DEBUG("Cannot resolve address %d: %s\n", 89 err, gai_strerror(err)); 90 return NULL; 91 } 92 93 /* Enough for the existing format + the 2 vars we're 94 * substituting in. */ 95 addrlen = strlen(format) + strlen(host) + strlen(serv); 96 addr = g_malloc(addrlen + 1); 97 snprintf(addr, addrlen, format, host, serv); 98 addr[addrlen] = '\0'; 99 100 return addr; 101 } 102 103 104 char *vnc_socket_local_addr(const char *format, int fd) { 105 struct sockaddr_storage sa; 106 socklen_t salen; 107 108 salen = sizeof(sa); 109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) 110 return NULL; 111 112 return addr_to_string(format, &sa, salen); 113 } 114 115 char *vnc_socket_remote_addr(const char *format, int fd) { 116 struct sockaddr_storage sa; 117 socklen_t salen; 118 119 salen = sizeof(sa); 120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) 121 return NULL; 122 123 return addr_to_string(format, &sa, salen); 124 } 125 126 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa, 127 socklen_t salen) 128 { 129 char host[NI_MAXHOST]; 130 char serv[NI_MAXSERV]; 131 int err; 132 133 if ((err = getnameinfo((struct sockaddr *)sa, salen, 134 host, sizeof(host), 135 serv, sizeof(serv), 136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { 137 VNC_DEBUG("Cannot resolve address %d: %s\n", 138 err, gai_strerror(err)); 139 return -1; 140 } 141 142 qdict_put(qdict, "host", qstring_from_str(host)); 143 qdict_put(qdict, "service", qstring_from_str(serv)); 144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family))); 145 146 return 0; 147 } 148 149 static int vnc_server_addr_put(QDict *qdict, int fd) 150 { 151 struct sockaddr_storage sa; 152 socklen_t salen; 153 154 salen = sizeof(sa); 155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) { 156 return -1; 157 } 158 159 return put_addr_qdict(qdict, &sa, salen); 160 } 161 162 static int vnc_qdict_remote_addr(QDict *qdict, int fd) 163 { 164 struct sockaddr_storage sa; 165 socklen_t salen; 166 167 salen = sizeof(sa); 168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) { 169 return -1; 170 } 171 172 return put_addr_qdict(qdict, &sa, salen); 173 } 174 175 static const char *vnc_auth_name(VncDisplay *vd) { 176 switch (vd->auth) { 177 case VNC_AUTH_INVALID: 178 return "invalid"; 179 case VNC_AUTH_NONE: 180 return "none"; 181 case VNC_AUTH_VNC: 182 return "vnc"; 183 case VNC_AUTH_RA2: 184 return "ra2"; 185 case VNC_AUTH_RA2NE: 186 return "ra2ne"; 187 case VNC_AUTH_TIGHT: 188 return "tight"; 189 case VNC_AUTH_ULTRA: 190 return "ultra"; 191 case VNC_AUTH_TLS: 192 return "tls"; 193 case VNC_AUTH_VENCRYPT: 194 #ifdef CONFIG_VNC_TLS 195 switch (vd->subauth) { 196 case VNC_AUTH_VENCRYPT_PLAIN: 197 return "vencrypt+plain"; 198 case VNC_AUTH_VENCRYPT_TLSNONE: 199 return "vencrypt+tls+none"; 200 case VNC_AUTH_VENCRYPT_TLSVNC: 201 return "vencrypt+tls+vnc"; 202 case VNC_AUTH_VENCRYPT_TLSPLAIN: 203 return "vencrypt+tls+plain"; 204 case VNC_AUTH_VENCRYPT_X509NONE: 205 return "vencrypt+x509+none"; 206 case VNC_AUTH_VENCRYPT_X509VNC: 207 return "vencrypt+x509+vnc"; 208 case VNC_AUTH_VENCRYPT_X509PLAIN: 209 return "vencrypt+x509+plain"; 210 case VNC_AUTH_VENCRYPT_TLSSASL: 211 return "vencrypt+tls+sasl"; 212 case VNC_AUTH_VENCRYPT_X509SASL: 213 return "vencrypt+x509+sasl"; 214 default: 215 return "vencrypt"; 216 } 217 #else 218 return "vencrypt"; 219 #endif 220 case VNC_AUTH_SASL: 221 return "sasl"; 222 } 223 return "unknown"; 224 } 225 226 static int vnc_server_info_put(QDict *qdict) 227 { 228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) { 229 return -1; 230 } 231 232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display))); 233 return 0; 234 } 235 236 static void vnc_client_cache_auth(VncState *client) 237 { 238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 239 QDict *qdict; 240 #endif 241 242 if (!client->info) { 243 return; 244 } 245 246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 247 qdict = qobject_to_qdict(client->info); 248 #endif 249 250 #ifdef CONFIG_VNC_TLS 251 if (client->tls.session && 252 client->tls.dname) { 253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname)); 254 } 255 #endif 256 #ifdef CONFIG_VNC_SASL 257 if (client->sasl.conn && 258 client->sasl.username) { 259 qdict_put(qdict, "sasl_username", 260 qstring_from_str(client->sasl.username)); 261 } 262 #endif 263 } 264 265 static void vnc_client_cache_addr(VncState *client) 266 { 267 QDict *qdict; 268 269 qdict = qdict_new(); 270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) { 271 QDECREF(qdict); 272 /* XXX: how to report the error? */ 273 return; 274 } 275 276 client->info = QOBJECT(qdict); 277 } 278 279 static void vnc_qmp_event(VncState *vs, MonitorEvent event) 280 { 281 QDict *server; 282 QObject *data; 283 284 if (!vs->info) { 285 return; 286 } 287 288 server = qdict_new(); 289 if (vnc_server_info_put(server) < 0) { 290 QDECREF(server); 291 return; 292 } 293 294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }", 295 vs->info, QOBJECT(server)); 296 297 monitor_protocol_event(event, data); 298 299 qobject_incref(vs->info); 300 qobject_decref(data); 301 } 302 303 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 304 { 305 struct sockaddr_storage sa; 306 socklen_t salen = sizeof(sa); 307 char host[NI_MAXHOST]; 308 char serv[NI_MAXSERV]; 309 VncClientInfo *info; 310 311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) { 312 return NULL; 313 } 314 315 if (getnameinfo((struct sockaddr *)&sa, salen, 316 host, sizeof(host), 317 serv, sizeof(serv), 318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 319 return NULL; 320 } 321 322 info = g_malloc0(sizeof(*info)); 323 info->host = g_strdup(host); 324 info->service = g_strdup(serv); 325 info->family = g_strdup(inet_strfamily(sa.ss_family)); 326 327 #ifdef CONFIG_VNC_TLS 328 if (client->tls.session && client->tls.dname) { 329 info->has_x509_dname = true; 330 info->x509_dname = g_strdup(client->tls.dname); 331 } 332 #endif 333 #ifdef CONFIG_VNC_SASL 334 if (client->sasl.conn && client->sasl.username) { 335 info->has_sasl_username = true; 336 info->sasl_username = g_strdup(client->sasl.username); 337 } 338 #endif 339 340 return info; 341 } 342 343 VncInfo *qmp_query_vnc(Error **errp) 344 { 345 VncInfo *info = g_malloc0(sizeof(*info)); 346 347 if (vnc_display == NULL || vnc_display->display == NULL) { 348 info->enabled = false; 349 } else { 350 VncClientInfoList *cur_item = NULL; 351 struct sockaddr_storage sa; 352 socklen_t salen = sizeof(sa); 353 char host[NI_MAXHOST]; 354 char serv[NI_MAXSERV]; 355 VncState *client; 356 357 info->enabled = true; 358 359 /* for compatibility with the original command */ 360 info->has_clients = true; 361 362 QTAILQ_FOREACH(client, &vnc_display->clients, next) { 363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); 364 cinfo->value = qmp_query_vnc_client(client); 365 366 /* XXX: waiting for the qapi to support GSList */ 367 if (!cur_item) { 368 info->clients = cur_item = cinfo; 369 } else { 370 cur_item->next = cinfo; 371 cur_item = cinfo; 372 } 373 } 374 375 if (vnc_display->lsock == -1) { 376 return info; 377 } 378 379 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, 380 &salen) == -1) { 381 error_set(errp, QERR_UNDEFINED_ERROR); 382 goto out_error; 383 } 384 385 if (getnameinfo((struct sockaddr *)&sa, salen, 386 host, sizeof(host), 387 serv, sizeof(serv), 388 NI_NUMERICHOST | NI_NUMERICSERV) < 0) { 389 error_set(errp, QERR_UNDEFINED_ERROR); 390 goto out_error; 391 } 392 393 info->has_host = true; 394 info->host = g_strdup(host); 395 396 info->has_service = true; 397 info->service = g_strdup(serv); 398 399 info->has_family = true; 400 info->family = g_strdup(inet_strfamily(sa.ss_family)); 401 402 info->has_auth = true; 403 info->auth = g_strdup(vnc_auth_name(vnc_display)); 404 } 405 406 return info; 407 408 out_error: 409 qapi_free_VncInfo(info); 410 return NULL; 411 } 412 413 /* TODO 414 1) Get the queue working for IO. 415 2) there is some weirdness when using the -S option (the screen is grey 416 and not totally invalidated 417 3) resolutions > 1024 418 */ 419 420 static int vnc_update_client(VncState *vs, int has_dirty); 421 static int vnc_update_client_sync(VncState *vs, int has_dirty); 422 static void vnc_disconnect_start(VncState *vs); 423 static void vnc_disconnect_finish(VncState *vs); 424 static void vnc_init_timer(VncDisplay *vd); 425 static void vnc_remove_timer(VncDisplay *vd); 426 427 static void vnc_colordepth(VncState *vs); 428 static void framebuffer_update_request(VncState *vs, int incremental, 429 int x_position, int y_position, 430 int w, int h); 431 static void vnc_refresh(void *opaque); 432 static int vnc_refresh_server_surface(VncDisplay *vd); 433 434 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h) 435 { 436 int i; 437 VncDisplay *vd = ds->opaque; 438 struct VncSurface *s = &vd->guest; 439 440 h += y; 441 442 /* round x down to ensure the loop only spans one 16-pixel block per, 443 iteration. otherwise, if (x % 16) != 0, the last iteration may span 444 two 16-pixel blocks but we only mark the first as dirty 445 */ 446 w += (x % 16); 447 x -= (x % 16); 448 449 x = MIN(x, s->ds->width); 450 y = MIN(y, s->ds->height); 451 w = MIN(x + w, s->ds->width) - x; 452 h = MIN(h, s->ds->height); 453 454 for (; y < h; y++) 455 for (i = 0; i < w; i += 16) 456 set_bit((x + i) / 16, s->dirty[y]); 457 } 458 459 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 460 int32_t encoding) 461 { 462 vnc_write_u16(vs, x); 463 vnc_write_u16(vs, y); 464 vnc_write_u16(vs, w); 465 vnc_write_u16(vs, h); 466 467 vnc_write_s32(vs, encoding); 468 } 469 470 void buffer_reserve(Buffer *buffer, size_t len) 471 { 472 if ((buffer->capacity - buffer->offset) < len) { 473 buffer->capacity += (len + 1024); 474 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity); 475 if (buffer->buffer == NULL) { 476 fprintf(stderr, "vnc: out of memory\n"); 477 exit(1); 478 } 479 } 480 } 481 482 int buffer_empty(Buffer *buffer) 483 { 484 return buffer->offset == 0; 485 } 486 487 uint8_t *buffer_end(Buffer *buffer) 488 { 489 return buffer->buffer + buffer->offset; 490 } 491 492 void buffer_reset(Buffer *buffer) 493 { 494 buffer->offset = 0; 495 } 496 497 void buffer_free(Buffer *buffer) 498 { 499 g_free(buffer->buffer); 500 buffer->offset = 0; 501 buffer->capacity = 0; 502 buffer->buffer = NULL; 503 } 504 505 void buffer_append(Buffer *buffer, const void *data, size_t len) 506 { 507 memcpy(buffer->buffer + buffer->offset, data, len); 508 buffer->offset += len; 509 } 510 511 static void vnc_desktop_resize(VncState *vs) 512 { 513 DisplayState *ds = vs->ds; 514 515 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 516 return; 517 } 518 if (vs->client_width == ds_get_width(ds) && 519 vs->client_height == ds_get_height(ds)) { 520 return; 521 } 522 vs->client_width = ds_get_width(ds); 523 vs->client_height = ds_get_height(ds); 524 vnc_lock_output(vs); 525 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 526 vnc_write_u8(vs, 0); 527 vnc_write_u16(vs, 1); /* number of rects */ 528 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 529 VNC_ENCODING_DESKTOPRESIZE); 530 vnc_unlock_output(vs); 531 vnc_flush(vs); 532 } 533 534 static void vnc_abort_display_jobs(VncDisplay *vd) 535 { 536 VncState *vs; 537 538 QTAILQ_FOREACH(vs, &vd->clients, next) { 539 vnc_lock_output(vs); 540 vs->abort = true; 541 vnc_unlock_output(vs); 542 } 543 QTAILQ_FOREACH(vs, &vd->clients, next) { 544 vnc_jobs_join(vs); 545 } 546 QTAILQ_FOREACH(vs, &vd->clients, next) { 547 vnc_lock_output(vs); 548 vs->abort = false; 549 vnc_unlock_output(vs); 550 } 551 } 552 553 static void vnc_dpy_resize(DisplayState *ds) 554 { 555 VncDisplay *vd = ds->opaque; 556 VncState *vs; 557 558 vnc_abort_display_jobs(vd); 559 560 /* server surface */ 561 if (!vd->server) 562 vd->server = g_malloc0(sizeof(*vd->server)); 563 if (vd->server->data) 564 g_free(vd->server->data); 565 *(vd->server) = *(ds->surface); 566 vd->server->data = g_malloc0(vd->server->linesize * 567 vd->server->height); 568 569 /* guest surface */ 570 if (!vd->guest.ds) 571 vd->guest.ds = g_malloc0(sizeof(*vd->guest.ds)); 572 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel) 573 console_color_init(ds); 574 *(vd->guest.ds) = *(ds->surface); 575 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty)); 576 577 QTAILQ_FOREACH(vs, &vd->clients, next) { 578 vnc_colordepth(vs); 579 vnc_desktop_resize(vs); 580 if (vs->vd->cursor) { 581 vnc_cursor_define(vs); 582 } 583 memset(vs->dirty, 0xFF, sizeof(vs->dirty)); 584 } 585 } 586 587 /* fastest code */ 588 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf, 589 void *pixels, int size) 590 { 591 vnc_write(vs, pixels, size); 592 } 593 594 /* slowest but generic code. */ 595 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 596 { 597 uint8_t r, g, b; 598 VncDisplay *vd = vs->vd; 599 600 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >> 601 vd->server->pf.rbits); 602 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >> 603 vd->server->pf.gbits); 604 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >> 605 vd->server->pf.bbits); 606 v = (r << vs->clientds.pf.rshift) | 607 (g << vs->clientds.pf.gshift) | 608 (b << vs->clientds.pf.bshift); 609 switch(vs->clientds.pf.bytes_per_pixel) { 610 case 1: 611 buf[0] = v; 612 break; 613 case 2: 614 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) { 615 buf[0] = v >> 8; 616 buf[1] = v; 617 } else { 618 buf[1] = v >> 8; 619 buf[0] = v; 620 } 621 break; 622 default: 623 case 4: 624 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) { 625 buf[0] = v >> 24; 626 buf[1] = v >> 16; 627 buf[2] = v >> 8; 628 buf[3] = v; 629 } else { 630 buf[3] = v >> 24; 631 buf[2] = v >> 16; 632 buf[1] = v >> 8; 633 buf[0] = v; 634 } 635 break; 636 } 637 } 638 639 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf, 640 void *pixels1, int size) 641 { 642 uint8_t buf[4]; 643 644 if (pf->bytes_per_pixel == 4) { 645 uint32_t *pixels = pixels1; 646 int n, i; 647 n = size >> 2; 648 for(i = 0; i < n; i++) { 649 vnc_convert_pixel(vs, buf, pixels[i]); 650 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 651 } 652 } else if (pf->bytes_per_pixel == 2) { 653 uint16_t *pixels = pixels1; 654 int n, i; 655 n = size >> 1; 656 for(i = 0; i < n; i++) { 657 vnc_convert_pixel(vs, buf, pixels[i]); 658 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 659 } 660 } else if (pf->bytes_per_pixel == 1) { 661 uint8_t *pixels = pixels1; 662 int n, i; 663 n = size; 664 for(i = 0; i < n; i++) { 665 vnc_convert_pixel(vs, buf, pixels[i]); 666 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel); 667 } 668 } else { 669 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n"); 670 } 671 } 672 673 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 674 { 675 int i; 676 uint8_t *row; 677 VncDisplay *vd = vs->vd; 678 679 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds); 680 for (i = 0; i < h; i++) { 681 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds)); 682 row += ds_get_linesize(vs->ds); 683 } 684 return 1; 685 } 686 687 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 688 { 689 int n = 0; 690 691 switch(vs->vnc_encoding) { 692 case VNC_ENCODING_ZLIB: 693 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 694 break; 695 case VNC_ENCODING_HEXTILE: 696 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 697 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 698 break; 699 case VNC_ENCODING_TIGHT: 700 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 701 break; 702 case VNC_ENCODING_TIGHT_PNG: 703 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 704 break; 705 case VNC_ENCODING_ZRLE: 706 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 707 break; 708 case VNC_ENCODING_ZYWRLE: 709 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 710 break; 711 default: 712 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 713 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 714 break; 715 } 716 return n; 717 } 718 719 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 720 { 721 /* send bitblit op to the vnc client */ 722 vnc_lock_output(vs); 723 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 724 vnc_write_u8(vs, 0); 725 vnc_write_u16(vs, 1); /* number of rects */ 726 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 727 vnc_write_u16(vs, src_x); 728 vnc_write_u16(vs, src_y); 729 vnc_unlock_output(vs); 730 vnc_flush(vs); 731 } 732 733 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 734 { 735 VncDisplay *vd = ds->opaque; 736 VncState *vs, *vn; 737 uint8_t *src_row; 738 uint8_t *dst_row; 739 int i,x,y,pitch,depth,inc,w_lim,s; 740 int cmp_bytes; 741 742 vnc_refresh_server_surface(vd); 743 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 744 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 745 vs->force_update = 1; 746 vnc_update_client_sync(vs, 1); 747 /* vs might be free()ed here */ 748 } 749 } 750 751 /* do bitblit op on the local surface too */ 752 pitch = ds_get_linesize(vd->ds); 753 depth = ds_get_bytes_per_pixel(vd->ds); 754 src_row = vd->server->data + pitch * src_y + depth * src_x; 755 dst_row = vd->server->data + pitch * dst_y + depth * dst_x; 756 y = dst_y; 757 inc = 1; 758 if (dst_y > src_y) { 759 /* copy backwards */ 760 src_row += pitch * (h-1); 761 dst_row += pitch * (h-1); 762 pitch = -pitch; 763 y = dst_y + h - 1; 764 inc = -1; 765 } 766 w_lim = w - (16 - (dst_x % 16)); 767 if (w_lim < 0) 768 w_lim = w; 769 else 770 w_lim = w - (w_lim % 16); 771 for (i = 0; i < h; i++) { 772 for (x = 0; x <= w_lim; 773 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 774 if (x == w_lim) { 775 if ((s = w - w_lim) == 0) 776 break; 777 } else if (!x) { 778 s = (16 - (dst_x % 16)); 779 s = MIN(s, w_lim); 780 } else { 781 s = 16; 782 } 783 cmp_bytes = s * depth; 784 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 785 continue; 786 memmove(dst_row, src_row, cmp_bytes); 787 QTAILQ_FOREACH(vs, &vd->clients, next) { 788 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 789 set_bit(((x + dst_x) / 16), vs->dirty[y]); 790 } 791 } 792 } 793 src_row += pitch - w * depth; 794 dst_row += pitch - w * depth; 795 y += inc; 796 } 797 798 QTAILQ_FOREACH(vs, &vd->clients, next) { 799 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 800 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 801 } 802 } 803 } 804 805 static void vnc_mouse_set(int x, int y, int visible) 806 { 807 /* can we ask the client(s) to move the pointer ??? */ 808 } 809 810 static int vnc_cursor_define(VncState *vs) 811 { 812 QEMUCursor *c = vs->vd->cursor; 813 PixelFormat pf = qemu_default_pixelformat(32); 814 int isize; 815 816 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 817 vnc_lock_output(vs); 818 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 819 vnc_write_u8(vs, 0); /* padding */ 820 vnc_write_u16(vs, 1); /* # of rects */ 821 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 822 VNC_ENCODING_RICH_CURSOR); 823 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel; 824 vnc_write_pixels_generic(vs, &pf, c->data, isize); 825 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 826 vnc_unlock_output(vs); 827 return 0; 828 } 829 return -1; 830 } 831 832 static void vnc_dpy_cursor_define(QEMUCursor *c) 833 { 834 VncDisplay *vd = vnc_display; 835 VncState *vs; 836 837 cursor_put(vd->cursor); 838 g_free(vd->cursor_mask); 839 840 vd->cursor = c; 841 cursor_get(vd->cursor); 842 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 843 vd->cursor_mask = g_malloc0(vd->cursor_msize); 844 cursor_get_mono_mask(c, 0, vd->cursor_mask); 845 846 QTAILQ_FOREACH(vs, &vd->clients, next) { 847 vnc_cursor_define(vs); 848 } 849 } 850 851 static int find_and_clear_dirty_height(struct VncState *vs, 852 int y, int last_x, int x, int height) 853 { 854 int h; 855 856 for (h = 1; h < (height - y); h++) { 857 int tmp_x; 858 if (!test_bit(last_x, vs->dirty[y + h])) { 859 break; 860 } 861 for (tmp_x = last_x; tmp_x < x; tmp_x++) { 862 clear_bit(tmp_x, vs->dirty[y + h]); 863 } 864 } 865 866 return h; 867 } 868 869 static int vnc_update_client_sync(VncState *vs, int has_dirty) 870 { 871 int ret = vnc_update_client(vs, has_dirty); 872 vnc_jobs_join(vs); 873 return ret; 874 } 875 876 static int vnc_update_client(VncState *vs, int has_dirty) 877 { 878 if (vs->need_update && vs->csock != -1) { 879 VncDisplay *vd = vs->vd; 880 VncJob *job; 881 int y; 882 int width, height; 883 int n = 0; 884 885 886 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 887 /* kernel send buffers are full -> drop frames to throttle */ 888 return 0; 889 890 if (!has_dirty && !vs->audio_cap && !vs->force_update) 891 return 0; 892 893 /* 894 * Send screen updates to the vnc client using the server 895 * surface and server dirty map. guest surface updates 896 * happening in parallel don't disturb us, the next pass will 897 * send them to the client. 898 */ 899 job = vnc_job_new(vs); 900 901 width = MIN(vd->server->width, vs->client_width); 902 height = MIN(vd->server->height, vs->client_height); 903 904 for (y = 0; y < height; y++) { 905 int x; 906 int last_x = -1; 907 for (x = 0; x < width / 16; x++) { 908 if (test_and_clear_bit(x, vs->dirty[y])) { 909 if (last_x == -1) { 910 last_x = x; 911 } 912 } else { 913 if (last_x != -1) { 914 int h = find_and_clear_dirty_height(vs, y, last_x, x, 915 height); 916 917 n += vnc_job_add_rect(job, last_x * 16, y, 918 (x - last_x) * 16, h); 919 } 920 last_x = -1; 921 } 922 } 923 if (last_x != -1) { 924 int h = find_and_clear_dirty_height(vs, y, last_x, x, height); 925 n += vnc_job_add_rect(job, last_x * 16, y, 926 (x - last_x) * 16, h); 927 } 928 } 929 930 vnc_job_push(job); 931 vs->force_update = 0; 932 return n; 933 } 934 935 if (vs->csock == -1) 936 vnc_disconnect_finish(vs); 937 938 return 0; 939 } 940 941 /* audio */ 942 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 943 { 944 VncState *vs = opaque; 945 946 switch (cmd) { 947 case AUD_CNOTIFY_DISABLE: 948 vnc_lock_output(vs); 949 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 950 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 951 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 952 vnc_unlock_output(vs); 953 vnc_flush(vs); 954 break; 955 956 case AUD_CNOTIFY_ENABLE: 957 vnc_lock_output(vs); 958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 959 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 960 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 961 vnc_unlock_output(vs); 962 vnc_flush(vs); 963 break; 964 } 965 } 966 967 static void audio_capture_destroy(void *opaque) 968 { 969 } 970 971 static void audio_capture(void *opaque, void *buf, int size) 972 { 973 VncState *vs = opaque; 974 975 vnc_lock_output(vs); 976 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 977 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 978 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 979 vnc_write_u32(vs, size); 980 vnc_write(vs, buf, size); 981 vnc_unlock_output(vs); 982 vnc_flush(vs); 983 } 984 985 static void audio_add(VncState *vs) 986 { 987 struct audio_capture_ops ops; 988 989 if (vs->audio_cap) { 990 monitor_printf(default_mon, "audio already running\n"); 991 return; 992 } 993 994 ops.notify = audio_capture_notify; 995 ops.destroy = audio_capture_destroy; 996 ops.capture = audio_capture; 997 998 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 999 if (!vs->audio_cap) { 1000 monitor_printf(default_mon, "Failed to add audio capture\n"); 1001 } 1002 } 1003 1004 static void audio_del(VncState *vs) 1005 { 1006 if (vs->audio_cap) { 1007 AUD_del_capture(vs->audio_cap, vs); 1008 vs->audio_cap = NULL; 1009 } 1010 } 1011 1012 static void vnc_disconnect_start(VncState *vs) 1013 { 1014 if (vs->csock == -1) 1015 return; 1016 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1017 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL); 1018 closesocket(vs->csock); 1019 vs->csock = -1; 1020 } 1021 1022 static void vnc_disconnect_finish(VncState *vs) 1023 { 1024 int i; 1025 1026 vnc_jobs_join(vs); /* Wait encoding jobs */ 1027 1028 vnc_lock_output(vs); 1029 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED); 1030 1031 buffer_free(&vs->input); 1032 buffer_free(&vs->output); 1033 1034 qobject_decref(vs->info); 1035 1036 vnc_zlib_clear(vs); 1037 vnc_tight_clear(vs); 1038 vnc_zrle_clear(vs); 1039 1040 #ifdef CONFIG_VNC_TLS 1041 vnc_tls_client_cleanup(vs); 1042 #endif /* CONFIG_VNC_TLS */ 1043 #ifdef CONFIG_VNC_SASL 1044 vnc_sasl_client_cleanup(vs); 1045 #endif /* CONFIG_VNC_SASL */ 1046 audio_del(vs); 1047 vnc_release_modifiers(vs); 1048 1049 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1050 1051 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1052 dcl->idle = 1; 1053 } 1054 1055 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1056 vnc_remove_timer(vs->vd); 1057 if (vs->vd->lock_key_sync) 1058 qemu_remove_led_event_handler(vs->led); 1059 vnc_unlock_output(vs); 1060 1061 qemu_mutex_destroy(&vs->output_mutex); 1062 qemu_bh_delete(vs->bh); 1063 buffer_free(&vs->jobs_buffer); 1064 1065 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1066 g_free(vs->lossy_rect[i]); 1067 } 1068 g_free(vs->lossy_rect); 1069 g_free(vs); 1070 } 1071 1072 int vnc_client_io_error(VncState *vs, int ret, int last_errno) 1073 { 1074 if (ret == 0 || ret == -1) { 1075 if (ret == -1) { 1076 switch (last_errno) { 1077 case EINTR: 1078 case EAGAIN: 1079 #ifdef _WIN32 1080 case WSAEWOULDBLOCK: 1081 #endif 1082 return 0; 1083 default: 1084 break; 1085 } 1086 } 1087 1088 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n", 1089 ret, ret < 0 ? last_errno : 0); 1090 vnc_disconnect_start(vs); 1091 1092 return 0; 1093 } 1094 return ret; 1095 } 1096 1097 1098 void vnc_client_error(VncState *vs) 1099 { 1100 VNC_DEBUG("Closing down client sock: protocol error\n"); 1101 vnc_disconnect_start(vs); 1102 } 1103 1104 1105 /* 1106 * Called to write a chunk of data to the client socket. The data may 1107 * be the raw data, or may have already been encoded by SASL. 1108 * The data will be written either straight onto the socket, or 1109 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1110 * 1111 * NB, it is theoretically possible to have 2 layers of encryption, 1112 * both SASL, and this TLS layer. It is highly unlikely in practice 1113 * though, since SASL encryption will typically be a no-op if TLS 1114 * is active 1115 * 1116 * Returns the number of bytes written, which may be less than 1117 * the requested 'datalen' if the socket would block. Returns 1118 * -1 on error, and disconnects the client socket. 1119 */ 1120 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1121 { 1122 long ret; 1123 #ifdef CONFIG_VNC_TLS 1124 if (vs->tls.session) { 1125 ret = gnutls_write(vs->tls.session, data, datalen); 1126 if (ret < 0) { 1127 if (ret == GNUTLS_E_AGAIN) 1128 errno = EAGAIN; 1129 else 1130 errno = EIO; 1131 ret = -1; 1132 } 1133 } else 1134 #endif /* CONFIG_VNC_TLS */ 1135 ret = send(vs->csock, (const void *)data, datalen, 0); 1136 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1137 return vnc_client_io_error(vs, ret, socket_error()); 1138 } 1139 1140 1141 /* 1142 * Called to write buffered data to the client socket, when not 1143 * using any SASL SSF encryption layers. Will write as much data 1144 * as possible without blocking. If all buffered data is written, 1145 * will switch the FD poll() handler back to read monitoring. 1146 * 1147 * Returns the number of bytes written, which may be less than 1148 * the buffered output data if the socket would block. Returns 1149 * -1 on error, and disconnects the client socket. 1150 */ 1151 static long vnc_client_write_plain(VncState *vs) 1152 { 1153 long ret; 1154 1155 #ifdef CONFIG_VNC_SASL 1156 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1157 vs->output.buffer, vs->output.capacity, vs->output.offset, 1158 vs->sasl.waitWriteSSF); 1159 1160 if (vs->sasl.conn && 1161 vs->sasl.runSSF && 1162 vs->sasl.waitWriteSSF) { 1163 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1164 if (ret) 1165 vs->sasl.waitWriteSSF -= ret; 1166 } else 1167 #endif /* CONFIG_VNC_SASL */ 1168 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1169 if (!ret) 1170 return 0; 1171 1172 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret)); 1173 vs->output.offset -= ret; 1174 1175 if (vs->output.offset == 0) { 1176 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1177 } 1178 1179 return ret; 1180 } 1181 1182 1183 /* 1184 * First function called whenever there is data to be written to 1185 * the client socket. Will delegate actual work according to whether 1186 * SASL SSF layers are enabled (thus requiring encryption calls) 1187 */ 1188 static void vnc_client_write_locked(void *opaque) 1189 { 1190 VncState *vs = opaque; 1191 1192 #ifdef CONFIG_VNC_SASL 1193 if (vs->sasl.conn && 1194 vs->sasl.runSSF && 1195 !vs->sasl.waitWriteSSF) { 1196 vnc_client_write_sasl(vs); 1197 } else 1198 #endif /* CONFIG_VNC_SASL */ 1199 vnc_client_write_plain(vs); 1200 } 1201 1202 void vnc_client_write(void *opaque) 1203 { 1204 VncState *vs = opaque; 1205 1206 vnc_lock_output(vs); 1207 if (vs->output.offset) { 1208 vnc_client_write_locked(opaque); 1209 } else if (vs->csock != -1) { 1210 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 1211 } 1212 vnc_unlock_output(vs); 1213 } 1214 1215 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1216 { 1217 vs->read_handler = func; 1218 vs->read_handler_expect = expecting; 1219 } 1220 1221 1222 /* 1223 * Called to read a chunk of data from the client socket. The data may 1224 * be the raw data, or may need to be further decoded by SASL. 1225 * The data will be read either straight from to the socket, or 1226 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1227 * 1228 * NB, it is theoretically possible to have 2 layers of encryption, 1229 * both SASL, and this TLS layer. It is highly unlikely in practice 1230 * though, since SASL encryption will typically be a no-op if TLS 1231 * is active 1232 * 1233 * Returns the number of bytes read, which may be less than 1234 * the requested 'datalen' if the socket would block. Returns 1235 * -1 on error, and disconnects the client socket. 1236 */ 1237 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1238 { 1239 long ret; 1240 #ifdef CONFIG_VNC_TLS 1241 if (vs->tls.session) { 1242 ret = gnutls_read(vs->tls.session, data, datalen); 1243 if (ret < 0) { 1244 if (ret == GNUTLS_E_AGAIN) 1245 errno = EAGAIN; 1246 else 1247 errno = EIO; 1248 ret = -1; 1249 } 1250 } else 1251 #endif /* CONFIG_VNC_TLS */ 1252 ret = qemu_recv(vs->csock, data, datalen, 0); 1253 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1254 return vnc_client_io_error(vs, ret, socket_error()); 1255 } 1256 1257 1258 /* 1259 * Called to read data from the client socket to the input buffer, 1260 * when not using any SASL SSF encryption layers. Will read as much 1261 * data as possible without blocking. 1262 * 1263 * Returns the number of bytes read. Returns -1 on error, and 1264 * disconnects the client socket. 1265 */ 1266 static long vnc_client_read_plain(VncState *vs) 1267 { 1268 int ret; 1269 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1270 vs->input.buffer, vs->input.capacity, vs->input.offset); 1271 buffer_reserve(&vs->input, 4096); 1272 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1273 if (!ret) 1274 return 0; 1275 vs->input.offset += ret; 1276 return ret; 1277 } 1278 1279 static void vnc_jobs_bh(void *opaque) 1280 { 1281 VncState *vs = opaque; 1282 1283 vnc_jobs_consume_buffer(vs); 1284 } 1285 1286 /* 1287 * First function called whenever there is more data to be read from 1288 * the client socket. Will delegate actual work according to whether 1289 * SASL SSF layers are enabled (thus requiring decryption calls) 1290 */ 1291 void vnc_client_read(void *opaque) 1292 { 1293 VncState *vs = opaque; 1294 long ret; 1295 1296 #ifdef CONFIG_VNC_SASL 1297 if (vs->sasl.conn && vs->sasl.runSSF) 1298 ret = vnc_client_read_sasl(vs); 1299 else 1300 #endif /* CONFIG_VNC_SASL */ 1301 ret = vnc_client_read_plain(vs); 1302 if (!ret) { 1303 if (vs->csock == -1) 1304 vnc_disconnect_finish(vs); 1305 return; 1306 } 1307 1308 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1309 size_t len = vs->read_handler_expect; 1310 int ret; 1311 1312 ret = vs->read_handler(vs, vs->input.buffer, len); 1313 if (vs->csock == -1) { 1314 vnc_disconnect_finish(vs); 1315 return; 1316 } 1317 1318 if (!ret) { 1319 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len)); 1320 vs->input.offset -= len; 1321 } else { 1322 vs->read_handler_expect = ret; 1323 } 1324 } 1325 } 1326 1327 void vnc_write(VncState *vs, const void *data, size_t len) 1328 { 1329 buffer_reserve(&vs->output, len); 1330 1331 if (vs->csock != -1 && buffer_empty(&vs->output)) { 1332 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); 1333 } 1334 1335 buffer_append(&vs->output, data, len); 1336 } 1337 1338 void vnc_write_s32(VncState *vs, int32_t value) 1339 { 1340 vnc_write_u32(vs, *(uint32_t *)&value); 1341 } 1342 1343 void vnc_write_u32(VncState *vs, uint32_t value) 1344 { 1345 uint8_t buf[4]; 1346 1347 buf[0] = (value >> 24) & 0xFF; 1348 buf[1] = (value >> 16) & 0xFF; 1349 buf[2] = (value >> 8) & 0xFF; 1350 buf[3] = value & 0xFF; 1351 1352 vnc_write(vs, buf, 4); 1353 } 1354 1355 void vnc_write_u16(VncState *vs, uint16_t value) 1356 { 1357 uint8_t buf[2]; 1358 1359 buf[0] = (value >> 8) & 0xFF; 1360 buf[1] = value & 0xFF; 1361 1362 vnc_write(vs, buf, 2); 1363 } 1364 1365 void vnc_write_u8(VncState *vs, uint8_t value) 1366 { 1367 vnc_write(vs, (char *)&value, 1); 1368 } 1369 1370 void vnc_flush(VncState *vs) 1371 { 1372 vnc_lock_output(vs); 1373 if (vs->csock != -1 && vs->output.offset) { 1374 vnc_client_write_locked(vs); 1375 } 1376 vnc_unlock_output(vs); 1377 } 1378 1379 uint8_t read_u8(uint8_t *data, size_t offset) 1380 { 1381 return data[offset]; 1382 } 1383 1384 uint16_t read_u16(uint8_t *data, size_t offset) 1385 { 1386 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1387 } 1388 1389 int32_t read_s32(uint8_t *data, size_t offset) 1390 { 1391 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1392 (data[offset + 2] << 8) | data[offset + 3]); 1393 } 1394 1395 uint32_t read_u32(uint8_t *data, size_t offset) 1396 { 1397 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1398 (data[offset + 2] << 8) | data[offset + 3]); 1399 } 1400 1401 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1402 { 1403 } 1404 1405 static void check_pointer_type_change(Notifier *notifier, void *data) 1406 { 1407 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1408 int absolute = kbd_mouse_is_absolute(); 1409 1410 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1411 vnc_lock_output(vs); 1412 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1413 vnc_write_u8(vs, 0); 1414 vnc_write_u16(vs, 1); 1415 vnc_framebuffer_update(vs, absolute, 0, 1416 ds_get_width(vs->ds), ds_get_height(vs->ds), 1417 VNC_ENCODING_POINTER_TYPE_CHANGE); 1418 vnc_unlock_output(vs); 1419 vnc_flush(vs); 1420 } 1421 vs->absolute = absolute; 1422 } 1423 1424 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1425 { 1426 int buttons = 0; 1427 int dz = 0; 1428 1429 if (button_mask & 0x01) 1430 buttons |= MOUSE_EVENT_LBUTTON; 1431 if (button_mask & 0x02) 1432 buttons |= MOUSE_EVENT_MBUTTON; 1433 if (button_mask & 0x04) 1434 buttons |= MOUSE_EVENT_RBUTTON; 1435 if (button_mask & 0x08) 1436 dz = -1; 1437 if (button_mask & 0x10) 1438 dz = 1; 1439 1440 if (vs->absolute) { 1441 kbd_mouse_event(ds_get_width(vs->ds) > 1 ? 1442 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000, 1443 ds_get_height(vs->ds) > 1 ? 1444 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000, 1445 dz, buttons); 1446 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1447 x -= 0x7FFF; 1448 y -= 0x7FFF; 1449 1450 kbd_mouse_event(x, y, dz, buttons); 1451 } else { 1452 if (vs->last_x != -1) 1453 kbd_mouse_event(x - vs->last_x, 1454 y - vs->last_y, 1455 dz, buttons); 1456 vs->last_x = x; 1457 vs->last_y = y; 1458 } 1459 } 1460 1461 static void reset_keys(VncState *vs) 1462 { 1463 int i; 1464 for(i = 0; i < 256; i++) { 1465 if (vs->modifiers_state[i]) { 1466 if (i & SCANCODE_GREY) 1467 kbd_put_keycode(SCANCODE_EMUL0); 1468 kbd_put_keycode(i | SCANCODE_UP); 1469 vs->modifiers_state[i] = 0; 1470 } 1471 } 1472 } 1473 1474 static void press_key(VncState *vs, int keysym) 1475 { 1476 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1477 if (keycode & SCANCODE_GREY) 1478 kbd_put_keycode(SCANCODE_EMUL0); 1479 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1480 if (keycode & SCANCODE_GREY) 1481 kbd_put_keycode(SCANCODE_EMUL0); 1482 kbd_put_keycode(keycode | SCANCODE_UP); 1483 } 1484 1485 static void kbd_leds(void *opaque, int ledstate) 1486 { 1487 VncState *vs = opaque; 1488 int caps, num; 1489 1490 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1491 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1492 1493 if (vs->modifiers_state[0x3a] != caps) { 1494 vs->modifiers_state[0x3a] = caps; 1495 } 1496 if (vs->modifiers_state[0x45] != num) { 1497 vs->modifiers_state[0x45] = num; 1498 } 1499 } 1500 1501 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1502 { 1503 /* QEMU console switch */ 1504 switch(keycode) { 1505 case 0x2a: /* Left Shift */ 1506 case 0x36: /* Right Shift */ 1507 case 0x1d: /* Left CTRL */ 1508 case 0x9d: /* Right CTRL */ 1509 case 0x38: /* Left ALT */ 1510 case 0xb8: /* Right ALT */ 1511 if (down) 1512 vs->modifiers_state[keycode] = 1; 1513 else 1514 vs->modifiers_state[keycode] = 0; 1515 break; 1516 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1517 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1518 /* Reset the modifiers sent to the current console */ 1519 reset_keys(vs); 1520 console_select(keycode - 0x02); 1521 return; 1522 } 1523 break; 1524 case 0x3a: /* CapsLock */ 1525 case 0x45: /* NumLock */ 1526 if (down) 1527 vs->modifiers_state[keycode] ^= 1; 1528 break; 1529 } 1530 1531 if (down && vs->vd->lock_key_sync && 1532 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1533 /* If the numlock state needs to change then simulate an additional 1534 keypress before sending this one. This will happen if the user 1535 toggles numlock away from the VNC window. 1536 */ 1537 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1538 if (!vs->modifiers_state[0x45]) { 1539 vs->modifiers_state[0x45] = 1; 1540 press_key(vs, 0xff7f); 1541 } 1542 } else { 1543 if (vs->modifiers_state[0x45]) { 1544 vs->modifiers_state[0x45] = 0; 1545 press_key(vs, 0xff7f); 1546 } 1547 } 1548 } 1549 1550 if (down && vs->vd->lock_key_sync && 1551 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1552 /* If the capslock state needs to change then simulate an additional 1553 keypress before sending this one. This will happen if the user 1554 toggles capslock away from the VNC window. 1555 */ 1556 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1557 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1558 int capslock = !!(vs->modifiers_state[0x3a]); 1559 if (capslock) { 1560 if (uppercase == shift) { 1561 vs->modifiers_state[0x3a] = 0; 1562 press_key(vs, 0xffe5); 1563 } 1564 } else { 1565 if (uppercase != shift) { 1566 vs->modifiers_state[0x3a] = 1; 1567 press_key(vs, 0xffe5); 1568 } 1569 } 1570 } 1571 1572 if (is_graphic_console()) { 1573 if (keycode & SCANCODE_GREY) 1574 kbd_put_keycode(SCANCODE_EMUL0); 1575 if (down) 1576 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK); 1577 else 1578 kbd_put_keycode(keycode | SCANCODE_UP); 1579 } else { 1580 bool numlock = vs->modifiers_state[0x45]; 1581 bool control = (vs->modifiers_state[0x1d] || 1582 vs->modifiers_state[0x9d]); 1583 /* QEMU console emulation */ 1584 if (down) { 1585 switch (keycode) { 1586 case 0x2a: /* Left Shift */ 1587 case 0x36: /* Right Shift */ 1588 case 0x1d: /* Left CTRL */ 1589 case 0x9d: /* Right CTRL */ 1590 case 0x38: /* Left ALT */ 1591 case 0xb8: /* Right ALT */ 1592 break; 1593 case 0xc8: 1594 kbd_put_keysym(QEMU_KEY_UP); 1595 break; 1596 case 0xd0: 1597 kbd_put_keysym(QEMU_KEY_DOWN); 1598 break; 1599 case 0xcb: 1600 kbd_put_keysym(QEMU_KEY_LEFT); 1601 break; 1602 case 0xcd: 1603 kbd_put_keysym(QEMU_KEY_RIGHT); 1604 break; 1605 case 0xd3: 1606 kbd_put_keysym(QEMU_KEY_DELETE); 1607 break; 1608 case 0xc7: 1609 kbd_put_keysym(QEMU_KEY_HOME); 1610 break; 1611 case 0xcf: 1612 kbd_put_keysym(QEMU_KEY_END); 1613 break; 1614 case 0xc9: 1615 kbd_put_keysym(QEMU_KEY_PAGEUP); 1616 break; 1617 case 0xd1: 1618 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1619 break; 1620 1621 case 0x47: 1622 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1623 break; 1624 case 0x48: 1625 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1626 break; 1627 case 0x49: 1628 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1629 break; 1630 case 0x4b: 1631 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1632 break; 1633 case 0x4c: 1634 kbd_put_keysym('5'); 1635 break; 1636 case 0x4d: 1637 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1638 break; 1639 case 0x4f: 1640 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1641 break; 1642 case 0x50: 1643 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1644 break; 1645 case 0x51: 1646 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1647 break; 1648 case 0x52: 1649 kbd_put_keysym('0'); 1650 break; 1651 case 0x53: 1652 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1653 break; 1654 1655 case 0xb5: 1656 kbd_put_keysym('/'); 1657 break; 1658 case 0x37: 1659 kbd_put_keysym('*'); 1660 break; 1661 case 0x4a: 1662 kbd_put_keysym('-'); 1663 break; 1664 case 0x4e: 1665 kbd_put_keysym('+'); 1666 break; 1667 case 0x9c: 1668 kbd_put_keysym('\n'); 1669 break; 1670 1671 default: 1672 if (control) { 1673 kbd_put_keysym(sym & 0x1f); 1674 } else { 1675 kbd_put_keysym(sym); 1676 } 1677 break; 1678 } 1679 } 1680 } 1681 } 1682 1683 static void vnc_release_modifiers(VncState *vs) 1684 { 1685 static const int keycodes[] = { 1686 /* shift, control, alt keys, both left & right */ 1687 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1688 }; 1689 int i, keycode; 1690 1691 if (!is_graphic_console()) { 1692 return; 1693 } 1694 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1695 keycode = keycodes[i]; 1696 if (!vs->modifiers_state[keycode]) { 1697 continue; 1698 } 1699 if (keycode & SCANCODE_GREY) { 1700 kbd_put_keycode(SCANCODE_EMUL0); 1701 } 1702 kbd_put_keycode(keycode | SCANCODE_UP); 1703 } 1704 } 1705 1706 static void key_event(VncState *vs, int down, uint32_t sym) 1707 { 1708 int keycode; 1709 int lsym = sym; 1710 1711 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) { 1712 lsym = lsym - 'A' + 'a'; 1713 } 1714 1715 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1716 do_key_event(vs, down, keycode, sym); 1717 } 1718 1719 static void ext_key_event(VncState *vs, int down, 1720 uint32_t sym, uint16_t keycode) 1721 { 1722 /* if the user specifies a keyboard layout, always use it */ 1723 if (keyboard_layout) 1724 key_event(vs, down, sym); 1725 else 1726 do_key_event(vs, down, keycode, sym); 1727 } 1728 1729 static void framebuffer_update_request(VncState *vs, int incremental, 1730 int x_position, int y_position, 1731 int w, int h) 1732 { 1733 int i; 1734 const size_t width = ds_get_width(vs->ds) / 16; 1735 1736 if (y_position > ds_get_height(vs->ds)) 1737 y_position = ds_get_height(vs->ds); 1738 if (y_position + h >= ds_get_height(vs->ds)) 1739 h = ds_get_height(vs->ds) - y_position; 1740 1741 vs->need_update = 1; 1742 if (!incremental) { 1743 vs->force_update = 1; 1744 for (i = 0; i < h; i++) { 1745 bitmap_set(vs->dirty[y_position + i], 0, width); 1746 bitmap_clear(vs->dirty[y_position + i], width, 1747 VNC_DIRTY_BITS - width); 1748 } 1749 } 1750 } 1751 1752 static void send_ext_key_event_ack(VncState *vs) 1753 { 1754 vnc_lock_output(vs); 1755 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1756 vnc_write_u8(vs, 0); 1757 vnc_write_u16(vs, 1); 1758 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1759 VNC_ENCODING_EXT_KEY_EVENT); 1760 vnc_unlock_output(vs); 1761 vnc_flush(vs); 1762 } 1763 1764 static void send_ext_audio_ack(VncState *vs) 1765 { 1766 vnc_lock_output(vs); 1767 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1768 vnc_write_u8(vs, 0); 1769 vnc_write_u16(vs, 1); 1770 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), 1771 VNC_ENCODING_AUDIO); 1772 vnc_unlock_output(vs); 1773 vnc_flush(vs); 1774 } 1775 1776 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1777 { 1778 int i; 1779 unsigned int enc = 0; 1780 1781 vs->features = 0; 1782 vs->vnc_encoding = 0; 1783 vs->tight.compression = 9; 1784 vs->tight.quality = -1; /* Lossless by default */ 1785 vs->absolute = -1; 1786 1787 /* 1788 * Start from the end because the encodings are sent in order of preference. 1789 * This way the preferred encoding (first encoding defined in the array) 1790 * will be set at the end of the loop. 1791 */ 1792 for (i = n_encodings - 1; i >= 0; i--) { 1793 enc = encodings[i]; 1794 switch (enc) { 1795 case VNC_ENCODING_RAW: 1796 vs->vnc_encoding = enc; 1797 break; 1798 case VNC_ENCODING_COPYRECT: 1799 vs->features |= VNC_FEATURE_COPYRECT_MASK; 1800 break; 1801 case VNC_ENCODING_HEXTILE: 1802 vs->features |= VNC_FEATURE_HEXTILE_MASK; 1803 vs->vnc_encoding = enc; 1804 break; 1805 case VNC_ENCODING_TIGHT: 1806 vs->features |= VNC_FEATURE_TIGHT_MASK; 1807 vs->vnc_encoding = enc; 1808 break; 1809 #ifdef CONFIG_VNC_PNG 1810 case VNC_ENCODING_TIGHT_PNG: 1811 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 1812 vs->vnc_encoding = enc; 1813 break; 1814 #endif 1815 case VNC_ENCODING_ZLIB: 1816 vs->features |= VNC_FEATURE_ZLIB_MASK; 1817 vs->vnc_encoding = enc; 1818 break; 1819 case VNC_ENCODING_ZRLE: 1820 vs->features |= VNC_FEATURE_ZRLE_MASK; 1821 vs->vnc_encoding = enc; 1822 break; 1823 case VNC_ENCODING_ZYWRLE: 1824 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 1825 vs->vnc_encoding = enc; 1826 break; 1827 case VNC_ENCODING_DESKTOPRESIZE: 1828 vs->features |= VNC_FEATURE_RESIZE_MASK; 1829 break; 1830 case VNC_ENCODING_POINTER_TYPE_CHANGE: 1831 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 1832 break; 1833 case VNC_ENCODING_RICH_CURSOR: 1834 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 1835 break; 1836 case VNC_ENCODING_EXT_KEY_EVENT: 1837 send_ext_key_event_ack(vs); 1838 break; 1839 case VNC_ENCODING_AUDIO: 1840 send_ext_audio_ack(vs); 1841 break; 1842 case VNC_ENCODING_WMVi: 1843 vs->features |= VNC_FEATURE_WMVI_MASK; 1844 break; 1845 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 1846 vs->tight.compression = (enc & 0x0F); 1847 break; 1848 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 1849 if (vs->vd->lossy) { 1850 vs->tight.quality = (enc & 0x0F); 1851 } 1852 break; 1853 default: 1854 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 1855 break; 1856 } 1857 } 1858 vnc_desktop_resize(vs); 1859 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 1860 } 1861 1862 static void set_pixel_conversion(VncState *vs) 1863 { 1864 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) == 1865 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) && 1866 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) { 1867 vs->write_pixels = vnc_write_pixels_copy; 1868 vnc_hextile_set_pixel_conversion(vs, 0); 1869 } else { 1870 vs->write_pixels = vnc_write_pixels_generic; 1871 vnc_hextile_set_pixel_conversion(vs, 1); 1872 } 1873 } 1874 1875 static void set_pixel_format(VncState *vs, 1876 int bits_per_pixel, int depth, 1877 int big_endian_flag, int true_color_flag, 1878 int red_max, int green_max, int blue_max, 1879 int red_shift, int green_shift, int blue_shift) 1880 { 1881 if (!true_color_flag) { 1882 vnc_client_error(vs); 1883 return; 1884 } 1885 1886 vs->clientds = *(vs->vd->guest.ds); 1887 vs->clientds.pf.rmax = red_max; 1888 vs->clientds.pf.rbits = hweight_long(red_max); 1889 vs->clientds.pf.rshift = red_shift; 1890 vs->clientds.pf.rmask = red_max << red_shift; 1891 vs->clientds.pf.gmax = green_max; 1892 vs->clientds.pf.gbits = hweight_long(green_max); 1893 vs->clientds.pf.gshift = green_shift; 1894 vs->clientds.pf.gmask = green_max << green_shift; 1895 vs->clientds.pf.bmax = blue_max; 1896 vs->clientds.pf.bbits = hweight_long(blue_max); 1897 vs->clientds.pf.bshift = blue_shift; 1898 vs->clientds.pf.bmask = blue_max << blue_shift; 1899 vs->clientds.pf.bits_per_pixel = bits_per_pixel; 1900 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8; 1901 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 1902 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00; 1903 1904 set_pixel_conversion(vs); 1905 1906 vga_hw_invalidate(); 1907 vga_hw_update(); 1908 } 1909 1910 static void pixel_format_message (VncState *vs) { 1911 char pad[3] = { 0, 0, 0 }; 1912 1913 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */ 1914 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */ 1915 1916 #ifdef HOST_WORDS_BIGENDIAN 1917 vnc_write_u8(vs, 1); /* big-endian-flag */ 1918 #else 1919 vnc_write_u8(vs, 0); /* big-endian-flag */ 1920 #endif 1921 vnc_write_u8(vs, 1); /* true-color-flag */ 1922 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */ 1923 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */ 1924 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */ 1925 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */ 1926 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */ 1927 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */ 1928 1929 vnc_hextile_set_pixel_conversion(vs, 0); 1930 1931 vs->clientds = *(vs->ds->surface); 1932 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG; 1933 vs->write_pixels = vnc_write_pixels_copy; 1934 1935 vnc_write(vs, pad, 3); /* padding */ 1936 } 1937 1938 static void vnc_dpy_setdata(DisplayState *ds) 1939 { 1940 VncDisplay *vd = ds->opaque; 1941 1942 *(vd->guest.ds) = *(ds->surface); 1943 vnc_dpy_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds)); 1944 } 1945 1946 static void vnc_colordepth(VncState *vs) 1947 { 1948 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 1949 /* Sending a WMVi message to notify the client*/ 1950 vnc_lock_output(vs); 1951 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1952 vnc_write_u8(vs, 0); 1953 vnc_write_u16(vs, 1); /* number of rects */ 1954 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 1955 ds_get_height(vs->ds), VNC_ENCODING_WMVi); 1956 pixel_format_message(vs); 1957 vnc_unlock_output(vs); 1958 vnc_flush(vs); 1959 } else { 1960 set_pixel_conversion(vs); 1961 } 1962 } 1963 1964 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 1965 { 1966 int i; 1967 uint16_t limit; 1968 VncDisplay *vd = vs->vd; 1969 1970 if (data[0] > 3) { 1971 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 1972 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval)) 1973 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 1974 } 1975 1976 switch (data[0]) { 1977 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 1978 if (len == 1) 1979 return 20; 1980 1981 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5), 1982 read_u8(data, 6), read_u8(data, 7), 1983 read_u16(data, 8), read_u16(data, 10), 1984 read_u16(data, 12), read_u8(data, 14), 1985 read_u8(data, 15), read_u8(data, 16)); 1986 break; 1987 case VNC_MSG_CLIENT_SET_ENCODINGS: 1988 if (len == 1) 1989 return 4; 1990 1991 if (len == 4) { 1992 limit = read_u16(data, 2); 1993 if (limit > 0) 1994 return 4 + (limit * 4); 1995 } else 1996 limit = read_u16(data, 2); 1997 1998 for (i = 0; i < limit; i++) { 1999 int32_t val = read_s32(data, 4 + (i * 4)); 2000 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2001 } 2002 2003 set_encodings(vs, (int32_t *)(data + 4), limit); 2004 break; 2005 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2006 if (len == 1) 2007 return 10; 2008 2009 framebuffer_update_request(vs, 2010 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2011 read_u16(data, 6), read_u16(data, 8)); 2012 break; 2013 case VNC_MSG_CLIENT_KEY_EVENT: 2014 if (len == 1) 2015 return 8; 2016 2017 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2018 break; 2019 case VNC_MSG_CLIENT_POINTER_EVENT: 2020 if (len == 1) 2021 return 6; 2022 2023 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2024 break; 2025 case VNC_MSG_CLIENT_CUT_TEXT: 2026 if (len == 1) 2027 return 8; 2028 2029 if (len == 8) { 2030 uint32_t dlen = read_u32(data, 4); 2031 if (dlen > 0) 2032 return 8 + dlen; 2033 } 2034 2035 client_cut_text(vs, read_u32(data, 4), data + 8); 2036 break; 2037 case VNC_MSG_CLIENT_QEMU: 2038 if (len == 1) 2039 return 2; 2040 2041 switch (read_u8(data, 1)) { 2042 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2043 if (len == 2) 2044 return 12; 2045 2046 ext_key_event(vs, read_u16(data, 2), 2047 read_u32(data, 4), read_u32(data, 8)); 2048 break; 2049 case VNC_MSG_CLIENT_QEMU_AUDIO: 2050 if (len == 2) 2051 return 4; 2052 2053 switch (read_u16 (data, 2)) { 2054 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2055 audio_add(vs); 2056 break; 2057 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2058 audio_del(vs); 2059 break; 2060 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2061 if (len == 4) 2062 return 10; 2063 switch (read_u8(data, 4)) { 2064 case 0: vs->as.fmt = AUD_FMT_U8; break; 2065 case 1: vs->as.fmt = AUD_FMT_S8; break; 2066 case 2: vs->as.fmt = AUD_FMT_U16; break; 2067 case 3: vs->as.fmt = AUD_FMT_S16; break; 2068 case 4: vs->as.fmt = AUD_FMT_U32; break; 2069 case 5: vs->as.fmt = AUD_FMT_S32; break; 2070 default: 2071 printf("Invalid audio format %d\n", read_u8(data, 4)); 2072 vnc_client_error(vs); 2073 break; 2074 } 2075 vs->as.nchannels = read_u8(data, 5); 2076 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2077 printf("Invalid audio channel coount %d\n", 2078 read_u8(data, 5)); 2079 vnc_client_error(vs); 2080 break; 2081 } 2082 vs->as.freq = read_u32(data, 6); 2083 break; 2084 default: 2085 printf ("Invalid audio message %d\n", read_u8(data, 4)); 2086 vnc_client_error(vs); 2087 break; 2088 } 2089 break; 2090 2091 default: 2092 printf("Msg: %d\n", read_u16(data, 0)); 2093 vnc_client_error(vs); 2094 break; 2095 } 2096 break; 2097 default: 2098 printf("Msg: %d\n", data[0]); 2099 vnc_client_error(vs); 2100 break; 2101 } 2102 2103 vnc_read_when(vs, protocol_client_msg, 1); 2104 return 0; 2105 } 2106 2107 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2108 { 2109 char buf[1024]; 2110 VncShareMode mode; 2111 int size; 2112 2113 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2114 switch (vs->vd->share_policy) { 2115 case VNC_SHARE_POLICY_IGNORE: 2116 /* 2117 * Ignore the shared flag. Nothing to do here. 2118 * 2119 * Doesn't conform to the rfb spec but is traditional qemu 2120 * behavior, thus left here as option for compatibility 2121 * reasons. 2122 */ 2123 break; 2124 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2125 /* 2126 * Policy: Allow clients ask for exclusive access. 2127 * 2128 * Implementation: When a client asks for exclusive access, 2129 * disconnect all others. Shared connects are allowed as long 2130 * as no exclusive connection exists. 2131 * 2132 * This is how the rfb spec suggests to handle the shared flag. 2133 */ 2134 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2135 VncState *client; 2136 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2137 if (vs == client) { 2138 continue; 2139 } 2140 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2141 client->share_mode != VNC_SHARE_MODE_SHARED) { 2142 continue; 2143 } 2144 vnc_disconnect_start(client); 2145 } 2146 } 2147 if (mode == VNC_SHARE_MODE_SHARED) { 2148 if (vs->vd->num_exclusive > 0) { 2149 vnc_disconnect_start(vs); 2150 return 0; 2151 } 2152 } 2153 break; 2154 case VNC_SHARE_POLICY_FORCE_SHARED: 2155 /* 2156 * Policy: Shared connects only. 2157 * Implementation: Disallow clients asking for exclusive access. 2158 * 2159 * Useful for shared desktop sessions where you don't want 2160 * someone forgetting to say -shared when running the vnc 2161 * client disconnect everybody else. 2162 */ 2163 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2164 vnc_disconnect_start(vs); 2165 return 0; 2166 } 2167 break; 2168 } 2169 vnc_set_share_mode(vs, mode); 2170 2171 vs->client_width = ds_get_width(vs->ds); 2172 vs->client_height = ds_get_height(vs->ds); 2173 vnc_write_u16(vs, vs->client_width); 2174 vnc_write_u16(vs, vs->client_height); 2175 2176 pixel_format_message(vs); 2177 2178 if (qemu_name) 2179 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2180 else 2181 size = snprintf(buf, sizeof(buf), "QEMU"); 2182 2183 vnc_write_u32(vs, size); 2184 vnc_write(vs, buf, size); 2185 vnc_flush(vs); 2186 2187 vnc_client_cache_auth(vs); 2188 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED); 2189 2190 vnc_read_when(vs, protocol_client_msg, 1); 2191 2192 return 0; 2193 } 2194 2195 void start_client_init(VncState *vs) 2196 { 2197 vnc_read_when(vs, protocol_client_init, 1); 2198 } 2199 2200 static void make_challenge(VncState *vs) 2201 { 2202 int i; 2203 2204 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2205 2206 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2207 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2208 } 2209 2210 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2211 { 2212 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2213 int i, j, pwlen; 2214 unsigned char key[8]; 2215 time_t now = time(NULL); 2216 2217 if (!vs->vd->password) { 2218 VNC_DEBUG("No password configured on server"); 2219 goto reject; 2220 } 2221 if (vs->vd->expires < now) { 2222 VNC_DEBUG("Password is expired"); 2223 goto reject; 2224 } 2225 2226 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2227 2228 /* Calculate the expected challenge response */ 2229 pwlen = strlen(vs->vd->password); 2230 for (i=0; i<sizeof(key); i++) 2231 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2232 deskey(key, EN0); 2233 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8) 2234 des(response+j, response+j); 2235 2236 /* Compare expected vs actual challenge response */ 2237 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2238 VNC_DEBUG("Client challenge response did not match\n"); 2239 goto reject; 2240 } else { 2241 VNC_DEBUG("Accepting VNC challenge response\n"); 2242 vnc_write_u32(vs, 0); /* Accept auth */ 2243 vnc_flush(vs); 2244 2245 start_client_init(vs); 2246 } 2247 return 0; 2248 2249 reject: 2250 vnc_write_u32(vs, 1); /* Reject auth */ 2251 if (vs->minor >= 8) { 2252 static const char err[] = "Authentication failed"; 2253 vnc_write_u32(vs, sizeof(err)); 2254 vnc_write(vs, err, sizeof(err)); 2255 } 2256 vnc_flush(vs); 2257 vnc_client_error(vs); 2258 return 0; 2259 } 2260 2261 void start_auth_vnc(VncState *vs) 2262 { 2263 make_challenge(vs); 2264 /* Send client a 'random' challenge */ 2265 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2266 vnc_flush(vs); 2267 2268 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2269 } 2270 2271 2272 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2273 { 2274 /* We only advertise 1 auth scheme at a time, so client 2275 * must pick the one we sent. Verify this */ 2276 if (data[0] != vs->auth) { /* Reject auth */ 2277 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2278 vnc_write_u32(vs, 1); 2279 if (vs->minor >= 8) { 2280 static const char err[] = "Authentication failed"; 2281 vnc_write_u32(vs, sizeof(err)); 2282 vnc_write(vs, err, sizeof(err)); 2283 } 2284 vnc_client_error(vs); 2285 } else { /* Accept requested auth */ 2286 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2287 switch (vs->auth) { 2288 case VNC_AUTH_NONE: 2289 VNC_DEBUG("Accept auth none\n"); 2290 if (vs->minor >= 8) { 2291 vnc_write_u32(vs, 0); /* Accept auth completion */ 2292 vnc_flush(vs); 2293 } 2294 start_client_init(vs); 2295 break; 2296 2297 case VNC_AUTH_VNC: 2298 VNC_DEBUG("Start VNC auth\n"); 2299 start_auth_vnc(vs); 2300 break; 2301 2302 #ifdef CONFIG_VNC_TLS 2303 case VNC_AUTH_VENCRYPT: 2304 VNC_DEBUG("Accept VeNCrypt auth\n"); 2305 start_auth_vencrypt(vs); 2306 break; 2307 #endif /* CONFIG_VNC_TLS */ 2308 2309 #ifdef CONFIG_VNC_SASL 2310 case VNC_AUTH_SASL: 2311 VNC_DEBUG("Accept SASL auth\n"); 2312 start_auth_sasl(vs); 2313 break; 2314 #endif /* CONFIG_VNC_SASL */ 2315 2316 default: /* Should not be possible, but just in case */ 2317 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2318 vnc_write_u8(vs, 1); 2319 if (vs->minor >= 8) { 2320 static const char err[] = "Authentication failed"; 2321 vnc_write_u32(vs, sizeof(err)); 2322 vnc_write(vs, err, sizeof(err)); 2323 } 2324 vnc_client_error(vs); 2325 } 2326 } 2327 return 0; 2328 } 2329 2330 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2331 { 2332 char local[13]; 2333 2334 memcpy(local, version, 12); 2335 local[12] = 0; 2336 2337 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2338 VNC_DEBUG("Malformed protocol version %s\n", local); 2339 vnc_client_error(vs); 2340 return 0; 2341 } 2342 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2343 if (vs->major != 3 || 2344 (vs->minor != 3 && 2345 vs->minor != 4 && 2346 vs->minor != 5 && 2347 vs->minor != 7 && 2348 vs->minor != 8)) { 2349 VNC_DEBUG("Unsupported client version\n"); 2350 vnc_write_u32(vs, VNC_AUTH_INVALID); 2351 vnc_flush(vs); 2352 vnc_client_error(vs); 2353 return 0; 2354 } 2355 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2356 * as equivalent to v3.3 by servers 2357 */ 2358 if (vs->minor == 4 || vs->minor == 5) 2359 vs->minor = 3; 2360 2361 if (vs->minor == 3) { 2362 if (vs->auth == VNC_AUTH_NONE) { 2363 VNC_DEBUG("Tell client auth none\n"); 2364 vnc_write_u32(vs, vs->auth); 2365 vnc_flush(vs); 2366 start_client_init(vs); 2367 } else if (vs->auth == VNC_AUTH_VNC) { 2368 VNC_DEBUG("Tell client VNC auth\n"); 2369 vnc_write_u32(vs, vs->auth); 2370 vnc_flush(vs); 2371 start_auth_vnc(vs); 2372 } else { 2373 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2374 vnc_write_u32(vs, VNC_AUTH_INVALID); 2375 vnc_flush(vs); 2376 vnc_client_error(vs); 2377 } 2378 } else { 2379 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2380 vnc_write_u8(vs, 1); /* num auth */ 2381 vnc_write_u8(vs, vs->auth); 2382 vnc_read_when(vs, protocol_client_auth, 1); 2383 vnc_flush(vs); 2384 } 2385 2386 return 0; 2387 } 2388 2389 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2390 { 2391 struct VncSurface *vs = &vd->guest; 2392 2393 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2394 } 2395 2396 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2397 { 2398 int i, j; 2399 2400 w = (x + w) / VNC_STAT_RECT; 2401 h = (y + h) / VNC_STAT_RECT; 2402 x /= VNC_STAT_RECT; 2403 y /= VNC_STAT_RECT; 2404 2405 for (j = y; j <= h; j++) { 2406 for (i = x; i <= w; i++) { 2407 vs->lossy_rect[j][i] = 1; 2408 } 2409 } 2410 } 2411 2412 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2413 { 2414 VncState *vs; 2415 int sty = y / VNC_STAT_RECT; 2416 int stx = x / VNC_STAT_RECT; 2417 int has_dirty = 0; 2418 2419 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2420 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2421 2422 QTAILQ_FOREACH(vs, &vd->clients, next) { 2423 int j; 2424 2425 /* kernel send buffers are full -> refresh later */ 2426 if (vs->output.offset) { 2427 continue; 2428 } 2429 2430 if (!vs->lossy_rect[sty][stx]) { 2431 continue; 2432 } 2433 2434 vs->lossy_rect[sty][stx] = 0; 2435 for (j = 0; j < VNC_STAT_RECT; ++j) { 2436 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16); 2437 } 2438 has_dirty++; 2439 } 2440 2441 return has_dirty; 2442 } 2443 2444 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2445 { 2446 int x, y; 2447 struct timeval res; 2448 int has_dirty = 0; 2449 2450 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) { 2451 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) { 2452 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2453 2454 rect->updated = false; 2455 } 2456 } 2457 2458 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2459 2460 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2461 return has_dirty; 2462 } 2463 vd->guest.last_freq_check = *tv; 2464 2465 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) { 2466 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) { 2467 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2468 int count = ARRAY_SIZE(rect->times); 2469 struct timeval min, max; 2470 2471 if (!timerisset(&rect->times[count - 1])) { 2472 continue ; 2473 } 2474 2475 max = rect->times[(rect->idx + count - 1) % count]; 2476 qemu_timersub(tv, &max, &res); 2477 2478 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2479 rect->freq = 0; 2480 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2481 memset(rect->times, 0, sizeof (rect->times)); 2482 continue ; 2483 } 2484 2485 min = rect->times[rect->idx]; 2486 max = rect->times[(rect->idx + count - 1) % count]; 2487 qemu_timersub(&max, &min, &res); 2488 2489 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2490 rect->freq /= count; 2491 rect->freq = 1. / rect->freq; 2492 } 2493 } 2494 return has_dirty; 2495 } 2496 2497 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2498 { 2499 int i, j; 2500 double total = 0; 2501 int num = 0; 2502 2503 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2504 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2505 2506 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2507 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2508 total += vnc_stat_rect(vs->vd, i, j)->freq; 2509 num++; 2510 } 2511 } 2512 2513 if (num) { 2514 return total / num; 2515 } else { 2516 return 0; 2517 } 2518 } 2519 2520 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2521 { 2522 VncRectStat *rect; 2523 2524 rect = vnc_stat_rect(vd, x, y); 2525 if (rect->updated) { 2526 return ; 2527 } 2528 rect->times[rect->idx] = *tv; 2529 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2530 rect->updated = true; 2531 } 2532 2533 static int vnc_refresh_server_surface(VncDisplay *vd) 2534 { 2535 int y; 2536 uint8_t *guest_row; 2537 uint8_t *server_row; 2538 int cmp_bytes; 2539 VncState *vs; 2540 int has_dirty = 0; 2541 2542 struct timeval tv = { 0, 0 }; 2543 2544 if (!vd->non_adaptive) { 2545 gettimeofday(&tv, NULL); 2546 has_dirty = vnc_update_stats(vd, &tv); 2547 } 2548 2549 /* 2550 * Walk through the guest dirty map. 2551 * Check and copy modified bits from guest to server surface. 2552 * Update server dirty map. 2553 */ 2554 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds); 2555 if (cmp_bytes > vd->ds->surface->linesize) { 2556 cmp_bytes = vd->ds->surface->linesize; 2557 } 2558 guest_row = vd->guest.ds->data; 2559 server_row = vd->server->data; 2560 for (y = 0; y < vd->guest.ds->height; y++) { 2561 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) { 2562 int x; 2563 uint8_t *guest_ptr; 2564 uint8_t *server_ptr; 2565 2566 guest_ptr = guest_row; 2567 server_ptr = server_row; 2568 2569 for (x = 0; x + 15 < vd->guest.ds->width; 2570 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2571 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y])) 2572 continue; 2573 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0) 2574 continue; 2575 memcpy(server_ptr, guest_ptr, cmp_bytes); 2576 if (!vd->non_adaptive) 2577 vnc_rect_updated(vd, x, y, &tv); 2578 QTAILQ_FOREACH(vs, &vd->clients, next) { 2579 set_bit((x / 16), vs->dirty[y]); 2580 } 2581 has_dirty++; 2582 } 2583 } 2584 guest_row += ds_get_linesize(vd->ds); 2585 server_row += ds_get_linesize(vd->ds); 2586 } 2587 return has_dirty; 2588 } 2589 2590 static void vnc_refresh(void *opaque) 2591 { 2592 VncDisplay *vd = opaque; 2593 VncState *vs, *vn; 2594 int has_dirty, rects = 0; 2595 2596 vga_hw_update(); 2597 2598 if (vnc_trylock_display(vd)) { 2599 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2600 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + 2601 vd->timer_interval); 2602 return; 2603 } 2604 2605 has_dirty = vnc_refresh_server_surface(vd); 2606 vnc_unlock_display(vd); 2607 2608 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2609 rects += vnc_update_client(vs, has_dirty); 2610 /* vs might be free()ed here */ 2611 } 2612 2613 /* vd->timer could be NULL now if the last client disconnected, 2614 * in this case don't update the timer */ 2615 if (vd->timer == NULL) 2616 return; 2617 2618 if (has_dirty && rects) { 2619 vd->timer_interval /= 2; 2620 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE) 2621 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2622 } else { 2623 vd->timer_interval += VNC_REFRESH_INTERVAL_INC; 2624 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX) 2625 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX; 2626 } 2627 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval); 2628 } 2629 2630 static void vnc_init_timer(VncDisplay *vd) 2631 { 2632 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE; 2633 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) { 2634 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd); 2635 vnc_dpy_resize(vd->ds); 2636 vnc_refresh(vd); 2637 } 2638 } 2639 2640 static void vnc_remove_timer(VncDisplay *vd) 2641 { 2642 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) { 2643 qemu_del_timer(vd->timer); 2644 qemu_free_timer(vd->timer); 2645 vd->timer = NULL; 2646 } 2647 } 2648 2649 static void vnc_connect(VncDisplay *vd, int csock, int skipauth) 2650 { 2651 VncState *vs = g_malloc0(sizeof(VncState)); 2652 int i; 2653 2654 vs->csock = csock; 2655 2656 if (skipauth) { 2657 vs->auth = VNC_AUTH_NONE; 2658 #ifdef CONFIG_VNC_TLS 2659 vs->subauth = VNC_AUTH_INVALID; 2660 #endif 2661 } else { 2662 vs->auth = vd->auth; 2663 #ifdef CONFIG_VNC_TLS 2664 vs->subauth = vd->subauth; 2665 #endif 2666 } 2667 2668 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 2669 for (i = 0; i < VNC_STAT_ROWS; ++i) { 2670 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t)); 2671 } 2672 2673 VNC_DEBUG("New client on socket %d\n", csock); 2674 dcl->idle = 0; 2675 socket_set_nonblock(vs->csock); 2676 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs); 2677 2678 vnc_client_cache_addr(vs); 2679 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED); 2680 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 2681 2682 vs->vd = vd; 2683 vs->ds = vd->ds; 2684 vs->last_x = -1; 2685 vs->last_y = -1; 2686 2687 vs->as.freq = 44100; 2688 vs->as.nchannels = 2; 2689 vs->as.fmt = AUD_FMT_S16; 2690 vs->as.endianness = 0; 2691 2692 qemu_mutex_init(&vs->output_mutex); 2693 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 2694 2695 QTAILQ_INSERT_HEAD(&vd->clients, vs, next); 2696 2697 vga_hw_update(); 2698 2699 vnc_write(vs, "RFB 003.008\n", 12); 2700 vnc_flush(vs); 2701 vnc_read_when(vs, protocol_version, 12); 2702 reset_keys(vs); 2703 if (vs->vd->lock_key_sync) 2704 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 2705 2706 vs->mouse_mode_notifier.notify = check_pointer_type_change; 2707 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 2708 2709 vnc_init_timer(vd); 2710 2711 /* vs might be free()ed here */ 2712 } 2713 2714 static void vnc_listen_read(void *opaque) 2715 { 2716 VncDisplay *vs = opaque; 2717 struct sockaddr_in addr; 2718 socklen_t addrlen = sizeof(addr); 2719 2720 /* Catch-up */ 2721 vga_hw_update(); 2722 2723 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen); 2724 if (csock != -1) { 2725 vnc_connect(vs, csock, 0); 2726 } 2727 } 2728 2729 void vnc_display_init(DisplayState *ds) 2730 { 2731 VncDisplay *vs = g_malloc0(sizeof(*vs)); 2732 2733 dcl = g_malloc0(sizeof(DisplayChangeListener)); 2734 2735 ds->opaque = vs; 2736 dcl->idle = 1; 2737 vnc_display = vs; 2738 2739 vs->lsock = -1; 2740 2741 vs->ds = ds; 2742 QTAILQ_INIT(&vs->clients); 2743 vs->expires = TIME_MAX; 2744 2745 if (keyboard_layout) 2746 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 2747 else 2748 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 2749 2750 if (!vs->kbd_layout) 2751 exit(1); 2752 2753 qemu_mutex_init(&vs->mutex); 2754 vnc_start_worker_thread(); 2755 2756 dcl->dpy_copy = vnc_dpy_copy; 2757 dcl->dpy_update = vnc_dpy_update; 2758 dcl->dpy_resize = vnc_dpy_resize; 2759 dcl->dpy_setdata = vnc_dpy_setdata; 2760 register_displaychangelistener(ds, dcl); 2761 ds->mouse_set = vnc_mouse_set; 2762 ds->cursor_define = vnc_dpy_cursor_define; 2763 } 2764 2765 2766 void vnc_display_close(DisplayState *ds) 2767 { 2768 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2769 2770 if (!vs) 2771 return; 2772 if (vs->display) { 2773 g_free(vs->display); 2774 vs->display = NULL; 2775 } 2776 if (vs->lsock != -1) { 2777 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL); 2778 close(vs->lsock); 2779 vs->lsock = -1; 2780 } 2781 vs->auth = VNC_AUTH_INVALID; 2782 #ifdef CONFIG_VNC_TLS 2783 vs->subauth = VNC_AUTH_INVALID; 2784 vs->tls.x509verify = 0; 2785 #endif 2786 } 2787 2788 int vnc_display_disable_login(DisplayState *ds) 2789 { 2790 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2791 2792 if (!vs) { 2793 return -1; 2794 } 2795 2796 if (vs->password) { 2797 g_free(vs->password); 2798 } 2799 2800 vs->password = NULL; 2801 if (vs->auth == VNC_AUTH_NONE) { 2802 vs->auth = VNC_AUTH_VNC; 2803 } 2804 2805 return 0; 2806 } 2807 2808 int vnc_display_password(DisplayState *ds, const char *password) 2809 { 2810 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2811 2812 if (!vs) { 2813 return -EINVAL; 2814 } 2815 2816 if (!password) { 2817 /* This is not the intention of this interface but err on the side 2818 of being safe */ 2819 return vnc_display_disable_login(ds); 2820 } 2821 2822 if (vs->password) { 2823 g_free(vs->password); 2824 vs->password = NULL; 2825 } 2826 vs->password = g_strdup(password); 2827 if (vs->auth == VNC_AUTH_NONE) { 2828 vs->auth = VNC_AUTH_VNC; 2829 } 2830 2831 return 0; 2832 } 2833 2834 int vnc_display_pw_expire(DisplayState *ds, time_t expires) 2835 { 2836 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2837 2838 if (!vs) { 2839 return -EINVAL; 2840 } 2841 2842 vs->expires = expires; 2843 return 0; 2844 } 2845 2846 char *vnc_display_local_addr(DisplayState *ds) 2847 { 2848 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2849 2850 return vnc_socket_local_addr("%s:%s", vs->lsock); 2851 } 2852 2853 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) 2854 { 2855 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 2856 const char *options; 2857 int password = 0; 2858 int reverse = 0; 2859 #ifdef CONFIG_VNC_TLS 2860 int tls = 0, x509 = 0; 2861 #endif 2862 #ifdef CONFIG_VNC_SASL 2863 int sasl = 0; 2864 int saslErr; 2865 #endif 2866 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2867 int acl = 0; 2868 #endif 2869 int lock_key_sync = 1; 2870 2871 if (!vnc_display) { 2872 error_setg(errp, "VNC display not active"); 2873 return; 2874 } 2875 vnc_display_close(ds); 2876 if (strcmp(display, "none") == 0) 2877 return; 2878 2879 vs->display = g_strdup(display); 2880 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2881 2882 options = display; 2883 while ((options = strchr(options, ','))) { 2884 options++; 2885 if (strncmp(options, "password", 8) == 0) { 2886 if (fips_get_state()) { 2887 error_setg(errp, 2888 "VNC password auth disabled due to FIPS mode, " 2889 "consider using the VeNCrypt or SASL authentication " 2890 "methods as an alternative"); 2891 goto fail; 2892 } 2893 password = 1; /* Require password auth */ 2894 } else if (strncmp(options, "reverse", 7) == 0) { 2895 reverse = 1; 2896 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) { 2897 lock_key_sync = 0; 2898 #ifdef CONFIG_VNC_SASL 2899 } else if (strncmp(options, "sasl", 4) == 0) { 2900 sasl = 1; /* Require SASL auth */ 2901 #endif 2902 #ifdef CONFIG_VNC_TLS 2903 } else if (strncmp(options, "tls", 3) == 0) { 2904 tls = 1; /* Require TLS */ 2905 } else if (strncmp(options, "x509", 4) == 0) { 2906 char *start, *end; 2907 x509 = 1; /* Require x509 certificates */ 2908 if (strncmp(options, "x509verify", 10) == 0) 2909 vs->tls.x509verify = 1; /* ...and verify client certs */ 2910 2911 /* Now check for 'x509=/some/path' postfix 2912 * and use that to setup x509 certificate/key paths */ 2913 start = strchr(options, '='); 2914 end = strchr(options, ','); 2915 if (start && (!end || (start < end))) { 2916 int len = end ? end-(start+1) : strlen(start+1); 2917 char *path = g_strndup(start + 1, len); 2918 2919 VNC_DEBUG("Trying certificate path '%s'\n", path); 2920 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) { 2921 error_setg(errp, "Failed to find x509 certificates/keys in %s", path); 2922 g_free(path); 2923 goto fail; 2924 } 2925 g_free(path); 2926 } else { 2927 error_setg(errp, "No certificate path provided"); 2928 goto fail; 2929 } 2930 #endif 2931 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL) 2932 } else if (strncmp(options, "acl", 3) == 0) { 2933 acl = 1; 2934 #endif 2935 } else if (strncmp(options, "lossy", 5) == 0) { 2936 vs->lossy = true; 2937 } else if (strncmp(options, "non-adapative", 13) == 0) { 2938 vs->non_adaptive = true; 2939 } else if (strncmp(options, "share=", 6) == 0) { 2940 if (strncmp(options+6, "ignore", 6) == 0) { 2941 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 2942 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) { 2943 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 2944 } else if (strncmp(options+6, "force-shared", 12) == 0) { 2945 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 2946 } else { 2947 error_setg(errp, "unknown vnc share= option"); 2948 goto fail; 2949 } 2950 } 2951 } 2952 2953 #ifdef CONFIG_VNC_TLS 2954 if (acl && x509 && vs->tls.x509verify) { 2955 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) { 2956 fprintf(stderr, "Failed to create x509 dname ACL\n"); 2957 exit(1); 2958 } 2959 } 2960 #endif 2961 #ifdef CONFIG_VNC_SASL 2962 if (acl && sasl) { 2963 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) { 2964 fprintf(stderr, "Failed to create username ACL\n"); 2965 exit(1); 2966 } 2967 } 2968 #endif 2969 2970 /* 2971 * Combinations we support here: 2972 * 2973 * - no-auth (clear text, no auth) 2974 * - password (clear text, weak auth) 2975 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI) 2976 * - tls (encrypt, weak anonymous creds, no auth) 2977 * - tls + password (encrypt, weak anonymous creds, weak auth) 2978 * - tls + sasl (encrypt, weak anonymous creds, good auth) 2979 * - tls + x509 (encrypt, good x509 creds, no auth) 2980 * - tls + x509 + password (encrypt, good x509 creds, weak auth) 2981 * - tls + x509 + sasl (encrypt, good x509 creds, good auth) 2982 * 2983 * NB1. TLS is a stackable auth scheme. 2984 * NB2. the x509 schemes have option to validate a client cert dname 2985 */ 2986 if (password) { 2987 #ifdef CONFIG_VNC_TLS 2988 if (tls) { 2989 vs->auth = VNC_AUTH_VENCRYPT; 2990 if (x509) { 2991 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 2992 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 2993 } else { 2994 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 2995 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 2996 } 2997 } else { 2998 #endif /* CONFIG_VNC_TLS */ 2999 VNC_DEBUG("Initializing VNC server with password auth\n"); 3000 vs->auth = VNC_AUTH_VNC; 3001 #ifdef CONFIG_VNC_TLS 3002 vs->subauth = VNC_AUTH_INVALID; 3003 } 3004 #endif /* CONFIG_VNC_TLS */ 3005 #ifdef CONFIG_VNC_SASL 3006 } else if (sasl) { 3007 #ifdef CONFIG_VNC_TLS 3008 if (tls) { 3009 vs->auth = VNC_AUTH_VENCRYPT; 3010 if (x509) { 3011 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3012 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3013 } else { 3014 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3015 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3016 } 3017 } else { 3018 #endif /* CONFIG_VNC_TLS */ 3019 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3020 vs->auth = VNC_AUTH_SASL; 3021 #ifdef CONFIG_VNC_TLS 3022 vs->subauth = VNC_AUTH_INVALID; 3023 } 3024 #endif /* CONFIG_VNC_TLS */ 3025 #endif /* CONFIG_VNC_SASL */ 3026 } else { 3027 #ifdef CONFIG_VNC_TLS 3028 if (tls) { 3029 vs->auth = VNC_AUTH_VENCRYPT; 3030 if (x509) { 3031 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3032 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3033 } else { 3034 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3035 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3036 } 3037 } else { 3038 #endif 3039 VNC_DEBUG("Initializing VNC server with no auth\n"); 3040 vs->auth = VNC_AUTH_NONE; 3041 #ifdef CONFIG_VNC_TLS 3042 vs->subauth = VNC_AUTH_INVALID; 3043 } 3044 #endif 3045 } 3046 3047 #ifdef CONFIG_VNC_SASL 3048 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3049 error_setg(errp, "Failed to initialize SASL auth: %s", 3050 sasl_errstring(saslErr, NULL, NULL)); 3051 goto fail; 3052 } 3053 #endif 3054 vs->lock_key_sync = lock_key_sync; 3055 3056 if (reverse) { 3057 /* connect to viewer */ 3058 int csock; 3059 vs->lsock = -1; 3060 if (strncmp(display, "unix:", 5) == 0) { 3061 csock = unix_connect(display+5, errp); 3062 } else { 3063 csock = inet_connect(display, errp); 3064 } 3065 if (csock < 0) { 3066 goto fail; 3067 } 3068 vnc_connect(vs, csock, 0); 3069 } else { 3070 /* listen for connects */ 3071 char *dpy; 3072 dpy = g_malloc(256); 3073 if (strncmp(display, "unix:", 5) == 0) { 3074 pstrcpy(dpy, 256, "unix:"); 3075 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp); 3076 } else { 3077 vs->lsock = inet_listen(display, dpy, 256, 3078 SOCK_STREAM, 5900, errp); 3079 } 3080 if (vs->lsock < 0) { 3081 g_free(dpy); 3082 goto fail; 3083 } 3084 g_free(vs->display); 3085 vs->display = dpy; 3086 qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs); 3087 } 3088 return; 3089 3090 fail: 3091 g_free(vs->display); 3092 vs->display = NULL; 3093 } 3094 3095 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth) 3096 { 3097 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display; 3098 3099 vnc_connect(vs, csock, skipauth); 3100 } 3101