1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "vnc.h"
28#include "vnc-jobs.h"
29#include "sysemu/sysemu.h"
30#include "qemu/sockets.h"
31#include "qemu/timer.h"
32#include "qemu/acl.h"
33#include "qapi/qmp/types.h"
34#include "qmp-commands.h"
35#include "qemu/osdep.h"
36
37#define VNC_REFRESH_INTERVAL_BASE 30
38#define VNC_REFRESH_INTERVAL_INC 50
39#define VNC_REFRESH_INTERVAL_MAX 2000
40static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
42
43#include "vnc_keysym.h"
44#include "d3des.h"
45
46static VncDisplay *vnc_display;
47static DisplayChangeListener *dcl;
48
49static int vnc_cursor_define(VncState *vs);
50static void vnc_release_modifiers(VncState *vs);
51
52static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
53{
54#ifdef _VNC_DEBUG
55 static const char *mn[] = {
56 [0] = "undefined",
57 [VNC_SHARE_MODE_CONNECTING] = "connecting",
58 [VNC_SHARE_MODE_SHARED] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
61 };
62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
63 vs->csock, mn[vs->share_mode], mn[mode]);
64#endif
65
66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
67 vs->vd->num_exclusive--;
68 }
69 vs->share_mode = mode;
70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
71 vs->vd->num_exclusive++;
72 }
73}
74
75static char *addr_to_string(const char *format,
76 struct sockaddr_storage *sa,
77 socklen_t salen) {
78 char *addr;
79 char host[NI_MAXHOST];
80 char serv[NI_MAXSERV];
81 int err;
82 size_t addrlen;
83
84 if ((err = getnameinfo((struct sockaddr *)sa, salen,
85 host, sizeof(host),
86 serv, sizeof(serv),
87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err, gai_strerror(err));
90 return NULL;
91 }
92
93
94
95 addrlen = strlen(format) + strlen(host) + strlen(serv);
96 addr = g_malloc(addrlen + 1);
97 snprintf(addr, addrlen, format, host, serv);
98 addr[addrlen] = '\0';
99
100 return addr;
101}
102
103
104char *vnc_socket_local_addr(const char *format, int fd) {
105 struct sockaddr_storage sa;
106 socklen_t salen;
107
108 salen = sizeof(sa);
109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
110 return NULL;
111
112 return addr_to_string(format, &sa, salen);
113}
114
115char *vnc_socket_remote_addr(const char *format, int fd) {
116 struct sockaddr_storage sa;
117 socklen_t salen;
118
119 salen = sizeof(sa);
120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
121 return NULL;
122
123 return addr_to_string(format, &sa, salen);
124}
125
126static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
127 socklen_t salen)
128{
129 char host[NI_MAXHOST];
130 char serv[NI_MAXSERV];
131 int err;
132
133 if ((err = getnameinfo((struct sockaddr *)sa, salen,
134 host, sizeof(host),
135 serv, sizeof(serv),
136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err, gai_strerror(err));
139 return -1;
140 }
141
142 qdict_put(qdict, "host", qstring_from_str(host));
143 qdict_put(qdict, "service", qstring_from_str(serv));
144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
145
146 return 0;
147}
148
149static int vnc_server_addr_put(QDict *qdict, int fd)
150{
151 struct sockaddr_storage sa;
152 socklen_t salen;
153
154 salen = sizeof(sa);
155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
156 return -1;
157 }
158
159 return put_addr_qdict(qdict, &sa, salen);
160}
161
162static int vnc_qdict_remote_addr(QDict *qdict, int fd)
163{
164 struct sockaddr_storage sa;
165 socklen_t salen;
166
167 salen = sizeof(sa);
168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
169 return -1;
170 }
171
172 return put_addr_qdict(qdict, &sa, salen);
173}
174
175static const char *vnc_auth_name(VncDisplay *vd) {
176 switch (vd->auth) {
177 case VNC_AUTH_INVALID:
178 return "invalid";
179 case VNC_AUTH_NONE:
180 return "none";
181 case VNC_AUTH_VNC:
182 return "vnc";
183 case VNC_AUTH_RA2:
184 return "ra2";
185 case VNC_AUTH_RA2NE:
186 return "ra2ne";
187 case VNC_AUTH_TIGHT:
188 return "tight";
189 case VNC_AUTH_ULTRA:
190 return "ultra";
191 case VNC_AUTH_TLS:
192 return "tls";
193 case VNC_AUTH_VENCRYPT:
194#ifdef CONFIG_VNC_TLS
195 switch (vd->subauth) {
196 case VNC_AUTH_VENCRYPT_PLAIN:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL:
213 return "vencrypt+x509+sasl";
214 default:
215 return "vencrypt";
216 }
217#else
218 return "vencrypt";
219#endif
220 case VNC_AUTH_SASL:
221 return "sasl";
222 }
223 return "unknown";
224}
225
226static int vnc_server_info_put(QDict *qdict)
227{
228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
229 return -1;
230 }
231
232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
233 return 0;
234}
235
236static void vnc_client_cache_auth(VncState *client)
237{
238#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
239 QDict *qdict;
240#endif
241
242 if (!client->info) {
243 return;
244 }
245
246#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict = qobject_to_qdict(client->info);
248#endif
249
250#ifdef CONFIG_VNC_TLS
251 if (client->tls.session &&
252 client->tls.dname) {
253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
254 }
255#endif
256#ifdef CONFIG_VNC_SASL
257 if (client->sasl.conn &&
258 client->sasl.username) {
259 qdict_put(qdict, "sasl_username",
260 qstring_from_str(client->sasl.username));
261 }
262#endif
263}
264
265static void vnc_client_cache_addr(VncState *client)
266{
267 QDict *qdict;
268
269 qdict = qdict_new();
270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
271 QDECREF(qdict);
272
273 return;
274 }
275
276 client->info = QOBJECT(qdict);
277}
278
279static void vnc_qmp_event(VncState *vs, MonitorEvent event)
280{
281 QDict *server;
282 QObject *data;
283
284 if (!vs->info) {
285 return;
286 }
287
288 server = qdict_new();
289 if (vnc_server_info_put(server) < 0) {
290 QDECREF(server);
291 return;
292 }
293
294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs->info, QOBJECT(server));
296
297 monitor_protocol_event(event, data);
298
299 qobject_incref(vs->info);
300 qobject_decref(data);
301}
302
303static VncClientInfo *qmp_query_vnc_client(const VncState *client)
304{
305 struct sockaddr_storage sa;
306 socklen_t salen = sizeof(sa);
307 char host[NI_MAXHOST];
308 char serv[NI_MAXSERV];
309 VncClientInfo *info;
310
311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
312 return NULL;
313 }
314
315 if (getnameinfo((struct sockaddr *)&sa, salen,
316 host, sizeof(host),
317 serv, sizeof(serv),
318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
319 return NULL;
320 }
321
322 info = g_malloc0(sizeof(*info));
323 info->host = g_strdup(host);
324 info->service = g_strdup(serv);
325 info->family = g_strdup(inet_strfamily(sa.ss_family));
326
327#ifdef CONFIG_VNC_TLS
328 if (client->tls.session && client->tls.dname) {
329 info->has_x509_dname = true;
330 info->x509_dname = g_strdup(client->tls.dname);
331 }
332#endif
333#ifdef CONFIG_VNC_SASL
334 if (client->sasl.conn && client->sasl.username) {
335 info->has_sasl_username = true;
336 info->sasl_username = g_strdup(client->sasl.username);
337 }
338#endif
339
340 return info;
341}
342
343VncInfo *qmp_query_vnc(Error **errp)
344{
345 VncInfo *info = g_malloc0(sizeof(*info));
346
347 if (vnc_display == NULL || vnc_display->display == NULL) {
348 info->enabled = false;
349 } else {
350 VncClientInfoList *cur_item = NULL;
351 struct sockaddr_storage sa;
352 socklen_t salen = sizeof(sa);
353 char host[NI_MAXHOST];
354 char serv[NI_MAXSERV];
355 VncState *client;
356
357 info->enabled = true;
358
359
360 info->has_clients = true;
361
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
364 cinfo->value = qmp_query_vnc_client(client);
365
366
367 if (!cur_item) {
368 info->clients = cur_item = cinfo;
369 } else {
370 cur_item->next = cinfo;
371 cur_item = cinfo;
372 }
373 }
374
375 if (vnc_display->lsock == -1) {
376 return info;
377 }
378
379 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
380 &salen) == -1) {
381 error_set(errp, QERR_UNDEFINED_ERROR);
382 goto out_error;
383 }
384
385 if (getnameinfo((struct sockaddr *)&sa, salen,
386 host, sizeof(host),
387 serv, sizeof(serv),
388 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
389 error_set(errp, QERR_UNDEFINED_ERROR);
390 goto out_error;
391 }
392
393 info->has_host = true;
394 info->host = g_strdup(host);
395
396 info->has_service = true;
397 info->service = g_strdup(serv);
398
399 info->has_family = true;
400 info->family = g_strdup(inet_strfamily(sa.ss_family));
401
402 info->has_auth = true;
403 info->auth = g_strdup(vnc_auth_name(vnc_display));
404 }
405
406 return info;
407
408out_error:
409 qapi_free_VncInfo(info);
410 return NULL;
411}
412
413
414
415
416
417
418
419
420static int vnc_update_client(VncState *vs, int has_dirty);
421static int vnc_update_client_sync(VncState *vs, int has_dirty);
422static void vnc_disconnect_start(VncState *vs);
423static void vnc_init_timer(VncDisplay *vd);
424static void vnc_remove_timer(VncDisplay *vd);
425
426static void vnc_colordepth(VncState *vs);
427static void framebuffer_update_request(VncState *vs, int incremental,
428 int x_position, int y_position,
429 int w, int h);
430static void vnc_refresh(void *opaque);
431static int vnc_refresh_server_surface(VncDisplay *vd);
432
433static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
434{
435 int i;
436 VncDisplay *vd = ds->opaque;
437 struct VncSurface *s = &vd->guest;
438 int width = ds_get_width(ds);
439 int height = ds_get_height(ds);
440
441 h += y;
442
443
444
445
446
447 w += (x % 16);
448 x -= (x % 16);
449
450 x = MIN(x, width);
451 y = MIN(y, height);
452 w = MIN(x + w, width) - x;
453 h = MIN(h, height);
454
455 for (; y < h; y++)
456 for (i = 0; i < w; i += 16)
457 set_bit((x + i) / 16, s->dirty[y]);
458}
459
460void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
461 int32_t encoding)
462{
463 vnc_write_u16(vs, x);
464 vnc_write_u16(vs, y);
465 vnc_write_u16(vs, w);
466 vnc_write_u16(vs, h);
467
468 vnc_write_s32(vs, encoding);
469}
470
471void buffer_reserve(Buffer *buffer, size_t len)
472{
473 if ((buffer->capacity - buffer->offset) < len) {
474 buffer->capacity += (len + 1024);
475 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
476 if (buffer->buffer == NULL) {
477 fprintf(stderr, "vnc: out of memory\n");
478 exit(1);
479 }
480 }
481}
482
483static int buffer_empty(Buffer *buffer)
484{
485 return buffer->offset == 0;
486}
487
488uint8_t *buffer_end(Buffer *buffer)
489{
490 return buffer->buffer + buffer->offset;
491}
492
493void buffer_reset(Buffer *buffer)
494{
495 buffer->offset = 0;
496}
497
498void buffer_free(Buffer *buffer)
499{
500 g_free(buffer->buffer);
501 buffer->offset = 0;
502 buffer->capacity = 0;
503 buffer->buffer = NULL;
504}
505
506void buffer_append(Buffer *buffer, const void *data, size_t len)
507{
508 memcpy(buffer->buffer + buffer->offset, data, len);
509 buffer->offset += len;
510}
511
512void buffer_advance(Buffer *buf, size_t len)
513{
514 memmove(buf->buffer, buf->buffer + len,
515 (buf->offset - len));
516 buf->offset -= len;
517}
518
519static void vnc_desktop_resize(VncState *vs)
520{
521 DisplayState *ds = vs->ds;
522
523 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
524 return;
525 }
526 if (vs->client_width == ds_get_width(ds) &&
527 vs->client_height == ds_get_height(ds)) {
528 return;
529 }
530 vs->client_width = ds_get_width(ds);
531 vs->client_height = ds_get_height(ds);
532 vnc_lock_output(vs);
533 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
534 vnc_write_u8(vs, 0);
535 vnc_write_u16(vs, 1);
536 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
537 VNC_ENCODING_DESKTOPRESIZE);
538 vnc_unlock_output(vs);
539 vnc_flush(vs);
540}
541
542static void vnc_abort_display_jobs(VncDisplay *vd)
543{
544 VncState *vs;
545
546 QTAILQ_FOREACH(vs, &vd->clients, next) {
547 vnc_lock_output(vs);
548 vs->abort = true;
549 vnc_unlock_output(vs);
550 }
551 QTAILQ_FOREACH(vs, &vd->clients, next) {
552 vnc_jobs_join(vs);
553 }
554 QTAILQ_FOREACH(vs, &vd->clients, next) {
555 vnc_lock_output(vs);
556 vs->abort = false;
557 vnc_unlock_output(vs);
558 }
559}
560
561int vnc_server_fb_stride(VncDisplay *vd)
562{
563 return pixman_image_get_stride(vd->server);
564}
565
566void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
567{
568 uint8_t *ptr;
569
570 ptr = (uint8_t *)pixman_image_get_data(vd->server);
571 ptr += y * vnc_server_fb_stride(vd);
572 ptr += x * VNC_SERVER_FB_BYTES;
573 return ptr;
574}
575
576static void vnc_dpy_resize(DisplayState *ds)
577{
578 VncDisplay *vd = ds->opaque;
579 VncState *vs;
580
581 vnc_abort_display_jobs(vd);
582
583
584 qemu_pixman_image_unref(vd->server);
585 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
586 ds_get_width(ds),
587 ds_get_height(ds),
588 NULL, 0);
589
590
591#if 0
592 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
593 console_color_init(ds);
594#endif
595 qemu_pixman_image_unref(vd->guest.fb);
596 vd->guest.fb = pixman_image_ref(ds->surface->image);
597 vd->guest.format = ds->surface->format;
598 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
599
600 QTAILQ_FOREACH(vs, &vd->clients, next) {
601 vnc_colordepth(vs);
602 vnc_desktop_resize(vs);
603 if (vs->vd->cursor) {
604 vnc_cursor_define(vs);
605 }
606 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
607 }
608}
609
610
611static void vnc_write_pixels_copy(VncState *vs,
612 void *pixels, int size)
613{
614 vnc_write(vs, pixels, size);
615}
616
617
618void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
619{
620 uint8_t r, g, b;
621
622#if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
623 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
624 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
625 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
626#else
627# error need some bits here if you change VNC_SERVER_FB_FORMAT
628#endif
629 v = (r << vs->client_pf.rshift) |
630 (g << vs->client_pf.gshift) |
631 (b << vs->client_pf.bshift);
632 switch (vs->client_pf.bytes_per_pixel) {
633 case 1:
634 buf[0] = v;
635 break;
636 case 2:
637 if (vs->client_be) {
638 buf[0] = v >> 8;
639 buf[1] = v;
640 } else {
641 buf[1] = v >> 8;
642 buf[0] = v;
643 }
644 break;
645 default:
646 case 4:
647 if (vs->client_be) {
648 buf[0] = v >> 24;
649 buf[1] = v >> 16;
650 buf[2] = v >> 8;
651 buf[3] = v;
652 } else {
653 buf[3] = v >> 24;
654 buf[2] = v >> 16;
655 buf[1] = v >> 8;
656 buf[0] = v;
657 }
658 break;
659 }
660}
661
662static void vnc_write_pixels_generic(VncState *vs,
663 void *pixels1, int size)
664{
665 uint8_t buf[4];
666
667 if (VNC_SERVER_FB_BYTES == 4) {
668 uint32_t *pixels = pixels1;
669 int n, i;
670 n = size >> 2;
671 for (i = 0; i < n; i++) {
672 vnc_convert_pixel(vs, buf, pixels[i]);
673 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
674 }
675 }
676}
677
678int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
679{
680 int i;
681 uint8_t *row;
682 VncDisplay *vd = vs->vd;
683
684 row = vnc_server_fb_ptr(vd, x, y);
685 for (i = 0; i < h; i++) {
686 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
687 row += vnc_server_fb_stride(vd);
688 }
689 return 1;
690}
691
692int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
693{
694 int n = 0;
695
696 switch(vs->vnc_encoding) {
697 case VNC_ENCODING_ZLIB:
698 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
699 break;
700 case VNC_ENCODING_HEXTILE:
701 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
702 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
703 break;
704 case VNC_ENCODING_TIGHT:
705 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
706 break;
707 case VNC_ENCODING_TIGHT_PNG:
708 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
709 break;
710 case VNC_ENCODING_ZRLE:
711 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
712 break;
713 case VNC_ENCODING_ZYWRLE:
714 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
715 break;
716 default:
717 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
718 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
719 break;
720 }
721 return n;
722}
723
724static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
725{
726
727 vnc_lock_output(vs);
728 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
729 vnc_write_u8(vs, 0);
730 vnc_write_u16(vs, 1);
731 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
732 vnc_write_u16(vs, src_x);
733 vnc_write_u16(vs, src_y);
734 vnc_unlock_output(vs);
735 vnc_flush(vs);
736}
737
738static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
739{
740 VncDisplay *vd = ds->opaque;
741 VncState *vs, *vn;
742 uint8_t *src_row;
743 uint8_t *dst_row;
744 int i, x, y, pitch, inc, w_lim, s;
745 int cmp_bytes;
746
747 vnc_refresh_server_surface(vd);
748 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
749 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
750 vs->force_update = 1;
751 vnc_update_client_sync(vs, 1);
752
753 }
754 }
755
756
757 pitch = vnc_server_fb_stride(vd);
758 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
759 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
760 y = dst_y;
761 inc = 1;
762 if (dst_y > src_y) {
763
764 src_row += pitch * (h-1);
765 dst_row += pitch * (h-1);
766 pitch = -pitch;
767 y = dst_y + h - 1;
768 inc = -1;
769 }
770 w_lim = w - (16 - (dst_x % 16));
771 if (w_lim < 0)
772 w_lim = w;
773 else
774 w_lim = w - (w_lim % 16);
775 for (i = 0; i < h; i++) {
776 for (x = 0; x <= w_lim;
777 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
778 if (x == w_lim) {
779 if ((s = w - w_lim) == 0)
780 break;
781 } else if (!x) {
782 s = (16 - (dst_x % 16));
783 s = MIN(s, w_lim);
784 } else {
785 s = 16;
786 }
787 cmp_bytes = s * VNC_SERVER_FB_BYTES;
788 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
789 continue;
790 memmove(dst_row, src_row, cmp_bytes);
791 QTAILQ_FOREACH(vs, &vd->clients, next) {
792 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
793 set_bit(((x + dst_x) / 16), vs->dirty[y]);
794 }
795 }
796 }
797 src_row += pitch - w * VNC_SERVER_FB_BYTES;
798 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
799 y += inc;
800 }
801
802 QTAILQ_FOREACH(vs, &vd->clients, next) {
803 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
804 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
805 }
806 }
807}
808
809static void vnc_mouse_set(DisplayState *ds, int x, int y, int visible)
810{
811
812}
813
814static int vnc_cursor_define(VncState *vs)
815{
816 QEMUCursor *c = vs->vd->cursor;
817 int isize;
818
819 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
820 vnc_lock_output(vs);
821 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
822 vnc_write_u8(vs, 0);
823 vnc_write_u16(vs, 1);
824 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
825 VNC_ENCODING_RICH_CURSOR);
826 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
827 vnc_write_pixels_generic(vs, c->data, isize);
828 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
829 vnc_unlock_output(vs);
830 return 0;
831 }
832 return -1;
833}
834
835static void vnc_dpy_cursor_define(DisplayState *ds, QEMUCursor *c)
836{
837 VncDisplay *vd = vnc_display;
838 VncState *vs;
839
840 cursor_put(vd->cursor);
841 g_free(vd->cursor_mask);
842
843 vd->cursor = c;
844 cursor_get(vd->cursor);
845 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
846 vd->cursor_mask = g_malloc0(vd->cursor_msize);
847 cursor_get_mono_mask(c, 0, vd->cursor_mask);
848
849 QTAILQ_FOREACH(vs, &vd->clients, next) {
850 vnc_cursor_define(vs);
851 }
852}
853
854static int find_and_clear_dirty_height(struct VncState *vs,
855 int y, int last_x, int x, int height)
856{
857 int h;
858
859 for (h = 1; h < (height - y); h++) {
860 int tmp_x;
861 if (!test_bit(last_x, vs->dirty[y + h])) {
862 break;
863 }
864 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
865 clear_bit(tmp_x, vs->dirty[y + h]);
866 }
867 }
868
869 return h;
870}
871
872static int vnc_update_client_sync(VncState *vs, int has_dirty)
873{
874 int ret = vnc_update_client(vs, has_dirty);
875 vnc_jobs_join(vs);
876 return ret;
877}
878
879static int vnc_update_client(VncState *vs, int has_dirty)
880{
881 if (vs->need_update && vs->csock != -1) {
882 VncDisplay *vd = vs->vd;
883 VncJob *job;
884 int y;
885 int width, height;
886 int n = 0;
887
888
889 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
890
891 return 0;
892
893 if (!has_dirty && !vs->audio_cap && !vs->force_update)
894 return 0;
895
896
897
898
899
900
901
902 job = vnc_job_new(vs);
903
904 width = MIN(pixman_image_get_width(vd->server), vs->client_width);
905 height = MIN(pixman_image_get_height(vd->server), vs->client_height);
906
907 for (y = 0; y < height; y++) {
908 int x;
909 int last_x = -1;
910 for (x = 0; x < width / 16; x++) {
911 if (test_and_clear_bit(x, vs->dirty[y])) {
912 if (last_x == -1) {
913 last_x = x;
914 }
915 } else {
916 if (last_x != -1) {
917 int h = find_and_clear_dirty_height(vs, y, last_x, x,
918 height);
919
920 n += vnc_job_add_rect(job, last_x * 16, y,
921 (x - last_x) * 16, h);
922 }
923 last_x = -1;
924 }
925 }
926 if (last_x != -1) {
927 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
928 n += vnc_job_add_rect(job, last_x * 16, y,
929 (x - last_x) * 16, h);
930 }
931 }
932
933 vnc_job_push(job);
934 vs->force_update = 0;
935 return n;
936 }
937
938 if (vs->csock == -1)
939 vnc_disconnect_finish(vs);
940
941 return 0;
942}
943
944
945static void audio_capture_notify(void *opaque, audcnotification_e cmd)
946{
947 VncState *vs = opaque;
948
949 switch (cmd) {
950 case AUD_CNOTIFY_DISABLE:
951 vnc_lock_output(vs);
952 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
953 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
954 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
955 vnc_unlock_output(vs);
956 vnc_flush(vs);
957 break;
958
959 case AUD_CNOTIFY_ENABLE:
960 vnc_lock_output(vs);
961 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
962 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
963 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
964 vnc_unlock_output(vs);
965 vnc_flush(vs);
966 break;
967 }
968}
969
970static void audio_capture_destroy(void *opaque)
971{
972}
973
974static void audio_capture(void *opaque, void *buf, int size)
975{
976 VncState *vs = opaque;
977
978 vnc_lock_output(vs);
979 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
980 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
981 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
982 vnc_write_u32(vs, size);
983 vnc_write(vs, buf, size);
984 vnc_unlock_output(vs);
985 vnc_flush(vs);
986}
987
988static void audio_add(VncState *vs)
989{
990 struct audio_capture_ops ops;
991
992 if (vs->audio_cap) {
993 monitor_printf(default_mon, "audio already running\n");
994 return;
995 }
996
997 ops.notify = audio_capture_notify;
998 ops.destroy = audio_capture_destroy;
999 ops.capture = audio_capture;
1000
1001 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1002 if (!vs->audio_cap) {
1003 monitor_printf(default_mon, "Failed to add audio capture\n");
1004 }
1005}
1006
1007static void audio_del(VncState *vs)
1008{
1009 if (vs->audio_cap) {
1010 AUD_del_capture(vs->audio_cap, vs);
1011 vs->audio_cap = NULL;
1012 }
1013}
1014
1015static void vnc_disconnect_start(VncState *vs)
1016{
1017 if (vs->csock == -1)
1018 return;
1019 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1020 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1021 closesocket(vs->csock);
1022 vs->csock = -1;
1023}
1024
1025void vnc_disconnect_finish(VncState *vs)
1026{
1027 int i;
1028
1029 vnc_jobs_join(vs);
1030
1031 vnc_lock_output(vs);
1032 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1033
1034 buffer_free(&vs->input);
1035 buffer_free(&vs->output);
1036#ifdef CONFIG_VNC_WS
1037 buffer_free(&vs->ws_input);
1038 buffer_free(&vs->ws_output);
1039#endif
1040
1041 qobject_decref(vs->info);
1042
1043 vnc_zlib_clear(vs);
1044 vnc_tight_clear(vs);
1045 vnc_zrle_clear(vs);
1046
1047#ifdef CONFIG_VNC_TLS
1048 vnc_tls_client_cleanup(vs);
1049#endif
1050#ifdef CONFIG_VNC_SASL
1051 vnc_sasl_client_cleanup(vs);
1052#endif
1053 audio_del(vs);
1054 vnc_release_modifiers(vs);
1055
1056 if (vs->initialized) {
1057 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1058 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1059 }
1060
1061 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1062 dcl->idle = 1;
1063 }
1064
1065 vnc_remove_timer(vs->vd);
1066 if (vs->vd->lock_key_sync)
1067 qemu_remove_led_event_handler(vs->led);
1068 vnc_unlock_output(vs);
1069
1070 qemu_mutex_destroy(&vs->output_mutex);
1071 if (vs->bh != NULL) {
1072 qemu_bh_delete(vs->bh);
1073 }
1074 buffer_free(&vs->jobs_buffer);
1075
1076 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1077 g_free(vs->lossy_rect[i]);
1078 }
1079 g_free(vs->lossy_rect);
1080 g_free(vs);
1081}
1082
1083int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1084{
1085 if (ret == 0 || ret == -1) {
1086 if (ret == -1) {
1087 switch (last_errno) {
1088 case EINTR:
1089 case EAGAIN:
1090#ifdef _WIN32
1091 case WSAEWOULDBLOCK:
1092#endif
1093 return 0;
1094 default:
1095 break;
1096 }
1097 }
1098
1099 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1100 ret, ret < 0 ? last_errno : 0);
1101 vnc_disconnect_start(vs);
1102
1103 return 0;
1104 }
1105 return ret;
1106}
1107
1108
1109void vnc_client_error(VncState *vs)
1110{
1111 VNC_DEBUG("Closing down client sock: protocol error\n");
1112 vnc_disconnect_start(vs);
1113}
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1132{
1133 long ret;
1134#ifdef CONFIG_VNC_TLS
1135 if (vs->tls.session) {
1136 ret = gnutls_write(vs->tls.session, data, datalen);
1137 if (ret < 0) {
1138 if (ret == GNUTLS_E_AGAIN)
1139 errno = EAGAIN;
1140 else
1141 errno = EIO;
1142 ret = -1;
1143 }
1144 } else
1145#endif
1146 ret = send(vs->csock, (const void *)data, datalen, 0);
1147 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1148 return vnc_client_io_error(vs, ret, socket_error());
1149}
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162static long vnc_client_write_plain(VncState *vs)
1163{
1164 long ret;
1165
1166#ifdef CONFIG_VNC_SASL
1167 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1168 vs->output.buffer, vs->output.capacity, vs->output.offset,
1169 vs->sasl.waitWriteSSF);
1170
1171 if (vs->sasl.conn &&
1172 vs->sasl.runSSF &&
1173 vs->sasl.waitWriteSSF) {
1174 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1175 if (ret)
1176 vs->sasl.waitWriteSSF -= ret;
1177 } else
1178#endif
1179 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1180 if (!ret)
1181 return 0;
1182
1183 buffer_advance(&vs->output, ret);
1184
1185 if (vs->output.offset == 0) {
1186 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1187 }
1188
1189 return ret;
1190}
1191
1192
1193
1194
1195
1196
1197
1198static void vnc_client_write_locked(void *opaque)
1199{
1200 VncState *vs = opaque;
1201
1202#ifdef CONFIG_VNC_SASL
1203 if (vs->sasl.conn &&
1204 vs->sasl.runSSF &&
1205 !vs->sasl.waitWriteSSF) {
1206 vnc_client_write_sasl(vs);
1207 } else
1208#endif
1209 {
1210#ifdef CONFIG_VNC_WS
1211 if (vs->encode_ws) {
1212 vnc_client_write_ws(vs);
1213 } else
1214#endif
1215 {
1216 vnc_client_write_plain(vs);
1217 }
1218 }
1219}
1220
1221void vnc_client_write(void *opaque)
1222{
1223 VncState *vs = opaque;
1224
1225 vnc_lock_output(vs);
1226 if (vs->output.offset
1227#ifdef CONFIG_VNC_WS
1228 || vs->ws_output.offset
1229#endif
1230 ) {
1231 vnc_client_write_locked(opaque);
1232 } else if (vs->csock != -1) {
1233 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1234 }
1235 vnc_unlock_output(vs);
1236}
1237
1238void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1239{
1240 vs->read_handler = func;
1241 vs->read_handler_expect = expecting;
1242}
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1261{
1262 long ret;
1263#ifdef CONFIG_VNC_TLS
1264 if (vs->tls.session) {
1265 ret = gnutls_read(vs->tls.session, data, datalen);
1266 if (ret < 0) {
1267 if (ret == GNUTLS_E_AGAIN)
1268 errno = EAGAIN;
1269 else
1270 errno = EIO;
1271 ret = -1;
1272 }
1273 } else
1274#endif
1275 ret = qemu_recv(vs->csock, data, datalen, 0);
1276 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1277 return vnc_client_io_error(vs, ret, socket_error());
1278}
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289static long vnc_client_read_plain(VncState *vs)
1290{
1291 int ret;
1292 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1293 vs->input.buffer, vs->input.capacity, vs->input.offset);
1294 buffer_reserve(&vs->input, 4096);
1295 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1296 if (!ret)
1297 return 0;
1298 vs->input.offset += ret;
1299 return ret;
1300}
1301
1302static void vnc_jobs_bh(void *opaque)
1303{
1304 VncState *vs = opaque;
1305
1306 vnc_jobs_consume_buffer(vs);
1307}
1308
1309
1310
1311
1312
1313
1314void vnc_client_read(void *opaque)
1315{
1316 VncState *vs = opaque;
1317 long ret;
1318
1319#ifdef CONFIG_VNC_SASL
1320 if (vs->sasl.conn && vs->sasl.runSSF)
1321 ret = vnc_client_read_sasl(vs);
1322 else
1323#endif
1324#ifdef CONFIG_VNC_WS
1325 if (vs->encode_ws) {
1326 ret = vnc_client_read_ws(vs);
1327 if (ret == -1) {
1328 vnc_disconnect_start(vs);
1329 return;
1330 } else if (ret == -2) {
1331 vnc_client_error(vs);
1332 return;
1333 }
1334 } else
1335#endif
1336 {
1337 ret = vnc_client_read_plain(vs);
1338 }
1339 if (!ret) {
1340 if (vs->csock == -1)
1341 vnc_disconnect_finish(vs);
1342 return;
1343 }
1344
1345 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1346 size_t len = vs->read_handler_expect;
1347 int ret;
1348
1349 ret = vs->read_handler(vs, vs->input.buffer, len);
1350 if (vs->csock == -1) {
1351 vnc_disconnect_finish(vs);
1352 return;
1353 }
1354
1355 if (!ret) {
1356 buffer_advance(&vs->input, len);
1357 } else {
1358 vs->read_handler_expect = ret;
1359 }
1360 }
1361}
1362
1363void vnc_write(VncState *vs, const void *data, size_t len)
1364{
1365 buffer_reserve(&vs->output, len);
1366
1367 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1368 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1369 }
1370
1371 buffer_append(&vs->output, data, len);
1372}
1373
1374void vnc_write_s32(VncState *vs, int32_t value)
1375{
1376 vnc_write_u32(vs, *(uint32_t *)&value);
1377}
1378
1379void vnc_write_u32(VncState *vs, uint32_t value)
1380{
1381 uint8_t buf[4];
1382
1383 buf[0] = (value >> 24) & 0xFF;
1384 buf[1] = (value >> 16) & 0xFF;
1385 buf[2] = (value >> 8) & 0xFF;
1386 buf[3] = value & 0xFF;
1387
1388 vnc_write(vs, buf, 4);
1389}
1390
1391void vnc_write_u16(VncState *vs, uint16_t value)
1392{
1393 uint8_t buf[2];
1394
1395 buf[0] = (value >> 8) & 0xFF;
1396 buf[1] = value & 0xFF;
1397
1398 vnc_write(vs, buf, 2);
1399}
1400
1401void vnc_write_u8(VncState *vs, uint8_t value)
1402{
1403 vnc_write(vs, (char *)&value, 1);
1404}
1405
1406void vnc_flush(VncState *vs)
1407{
1408 vnc_lock_output(vs);
1409 if (vs->csock != -1 && (vs->output.offset
1410#ifdef CONFIG_VNC_WS
1411 || vs->ws_output.offset
1412#endif
1413 )) {
1414 vnc_client_write_locked(vs);
1415 }
1416 vnc_unlock_output(vs);
1417}
1418
1419static uint8_t read_u8(uint8_t *data, size_t offset)
1420{
1421 return data[offset];
1422}
1423
1424static uint16_t read_u16(uint8_t *data, size_t offset)
1425{
1426 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1427}
1428
1429static int32_t read_s32(uint8_t *data, size_t offset)
1430{
1431 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1432 (data[offset + 2] << 8) | data[offset + 3]);
1433}
1434
1435uint32_t read_u32(uint8_t *data, size_t offset)
1436{
1437 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1438 (data[offset + 2] << 8) | data[offset + 3]);
1439}
1440
1441static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1442{
1443}
1444
1445static void check_pointer_type_change(Notifier *notifier, void *data)
1446{
1447 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1448 int absolute = kbd_mouse_is_absolute();
1449
1450 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1451 vnc_lock_output(vs);
1452 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1453 vnc_write_u8(vs, 0);
1454 vnc_write_u16(vs, 1);
1455 vnc_framebuffer_update(vs, absolute, 0,
1456 ds_get_width(vs->ds), ds_get_height(vs->ds),
1457 VNC_ENCODING_POINTER_TYPE_CHANGE);
1458 vnc_unlock_output(vs);
1459 vnc_flush(vs);
1460 }
1461 vs->absolute = absolute;
1462}
1463
1464static void pointer_event(VncState *vs, int button_mask, int x, int y)
1465{
1466 int buttons = 0;
1467 int dz = 0;
1468
1469 if (button_mask & 0x01)
1470 buttons |= MOUSE_EVENT_LBUTTON;
1471 if (button_mask & 0x02)
1472 buttons |= MOUSE_EVENT_MBUTTON;
1473 if (button_mask & 0x04)
1474 buttons |= MOUSE_EVENT_RBUTTON;
1475 if (button_mask & 0x08)
1476 dz = -1;
1477 if (button_mask & 0x10)
1478 dz = 1;
1479
1480 if (vs->absolute) {
1481 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1482 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1483 ds_get_height(vs->ds) > 1 ?
1484 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1485 dz, buttons);
1486 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1487 x -= 0x7FFF;
1488 y -= 0x7FFF;
1489
1490 kbd_mouse_event(x, y, dz, buttons);
1491 } else {
1492 if (vs->last_x != -1)
1493 kbd_mouse_event(x - vs->last_x,
1494 y - vs->last_y,
1495 dz, buttons);
1496 vs->last_x = x;
1497 vs->last_y = y;
1498 }
1499}
1500
1501static void reset_keys(VncState *vs)
1502{
1503 int i;
1504 for(i = 0; i < 256; i++) {
1505 if (vs->modifiers_state[i]) {
1506 if (i & SCANCODE_GREY)
1507 kbd_put_keycode(SCANCODE_EMUL0);
1508 kbd_put_keycode(i | SCANCODE_UP);
1509 vs->modifiers_state[i] = 0;
1510 }
1511 }
1512}
1513
1514static void press_key(VncState *vs, int keysym)
1515{
1516 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1517 if (keycode & SCANCODE_GREY)
1518 kbd_put_keycode(SCANCODE_EMUL0);
1519 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1520 if (keycode & SCANCODE_GREY)
1521 kbd_put_keycode(SCANCODE_EMUL0);
1522 kbd_put_keycode(keycode | SCANCODE_UP);
1523}
1524
1525static void kbd_leds(void *opaque, int ledstate)
1526{
1527 VncState *vs = opaque;
1528 int caps, num;
1529
1530 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1531 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1532
1533 if (vs->modifiers_state[0x3a] != caps) {
1534 vs->modifiers_state[0x3a] = caps;
1535 }
1536 if (vs->modifiers_state[0x45] != num) {
1537 vs->modifiers_state[0x45] = num;
1538 }
1539}
1540
1541static void do_key_event(VncState *vs, int down, int keycode, int sym)
1542{
1543
1544 switch(keycode) {
1545 case 0x2a:
1546 case 0x36:
1547 case 0x1d:
1548 case 0x9d:
1549 case 0x38:
1550 case 0xb8:
1551 if (down)
1552 vs->modifiers_state[keycode] = 1;
1553 else
1554 vs->modifiers_state[keycode] = 0;
1555 break;
1556 case 0x02 ... 0x0a:
1557 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1558
1559 reset_keys(vs);
1560 console_select(keycode - 0x02);
1561 return;
1562 }
1563 break;
1564 case 0x3a:
1565 case 0x45:
1566 if (down)
1567 vs->modifiers_state[keycode] ^= 1;
1568 break;
1569 }
1570
1571 if (down && vs->vd->lock_key_sync &&
1572 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1573
1574
1575
1576
1577 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1578 if (!vs->modifiers_state[0x45]) {
1579 vs->modifiers_state[0x45] = 1;
1580 press_key(vs, 0xff7f);
1581 }
1582 } else {
1583 if (vs->modifiers_state[0x45]) {
1584 vs->modifiers_state[0x45] = 0;
1585 press_key(vs, 0xff7f);
1586 }
1587 }
1588 }
1589
1590 if (down && vs->vd->lock_key_sync &&
1591 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1592
1593
1594
1595
1596 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1597 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1598 int capslock = !!(vs->modifiers_state[0x3a]);
1599 if (capslock) {
1600 if (uppercase == shift) {
1601 vs->modifiers_state[0x3a] = 0;
1602 press_key(vs, 0xffe5);
1603 }
1604 } else {
1605 if (uppercase != shift) {
1606 vs->modifiers_state[0x3a] = 1;
1607 press_key(vs, 0xffe5);
1608 }
1609 }
1610 }
1611
1612 if (is_graphic_console()) {
1613 if (keycode & SCANCODE_GREY)
1614 kbd_put_keycode(SCANCODE_EMUL0);
1615 if (down)
1616 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1617 else
1618 kbd_put_keycode(keycode | SCANCODE_UP);
1619 } else {
1620 bool numlock = vs->modifiers_state[0x45];
1621 bool control = (vs->modifiers_state[0x1d] ||
1622 vs->modifiers_state[0x9d]);
1623
1624 if (down) {
1625 switch (keycode) {
1626 case 0x2a:
1627 case 0x36:
1628 case 0x1d:
1629 case 0x9d:
1630 case 0x38:
1631 case 0xb8:
1632 break;
1633 case 0xc8:
1634 kbd_put_keysym(QEMU_KEY_UP);
1635 break;
1636 case 0xd0:
1637 kbd_put_keysym(QEMU_KEY_DOWN);
1638 break;
1639 case 0xcb:
1640 kbd_put_keysym(QEMU_KEY_LEFT);
1641 break;
1642 case 0xcd:
1643 kbd_put_keysym(QEMU_KEY_RIGHT);
1644 break;
1645 case 0xd3:
1646 kbd_put_keysym(QEMU_KEY_DELETE);
1647 break;
1648 case 0xc7:
1649 kbd_put_keysym(QEMU_KEY_HOME);
1650 break;
1651 case 0xcf:
1652 kbd_put_keysym(QEMU_KEY_END);
1653 break;
1654 case 0xc9:
1655 kbd_put_keysym(QEMU_KEY_PAGEUP);
1656 break;
1657 case 0xd1:
1658 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1659 break;
1660
1661 case 0x47:
1662 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1663 break;
1664 case 0x48:
1665 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1666 break;
1667 case 0x49:
1668 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1669 break;
1670 case 0x4b:
1671 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1672 break;
1673 case 0x4c:
1674 kbd_put_keysym('5');
1675 break;
1676 case 0x4d:
1677 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1678 break;
1679 case 0x4f:
1680 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1681 break;
1682 case 0x50:
1683 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1684 break;
1685 case 0x51:
1686 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1687 break;
1688 case 0x52:
1689 kbd_put_keysym('0');
1690 break;
1691 case 0x53:
1692 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1693 break;
1694
1695 case 0xb5:
1696 kbd_put_keysym('/');
1697 break;
1698 case 0x37:
1699 kbd_put_keysym('*');
1700 break;
1701 case 0x4a:
1702 kbd_put_keysym('-');
1703 break;
1704 case 0x4e:
1705 kbd_put_keysym('+');
1706 break;
1707 case 0x9c:
1708 kbd_put_keysym('\n');
1709 break;
1710
1711 default:
1712 if (control) {
1713 kbd_put_keysym(sym & 0x1f);
1714 } else {
1715 kbd_put_keysym(sym);
1716 }
1717 break;
1718 }
1719 }
1720 }
1721}
1722
1723static void vnc_release_modifiers(VncState *vs)
1724{
1725 static const int keycodes[] = {
1726
1727 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1728 };
1729 int i, keycode;
1730
1731 if (!is_graphic_console()) {
1732 return;
1733 }
1734 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1735 keycode = keycodes[i];
1736 if (!vs->modifiers_state[keycode]) {
1737 continue;
1738 }
1739 if (keycode & SCANCODE_GREY) {
1740 kbd_put_keycode(SCANCODE_EMUL0);
1741 }
1742 kbd_put_keycode(keycode | SCANCODE_UP);
1743 }
1744}
1745
1746static void key_event(VncState *vs, int down, uint32_t sym)
1747{
1748 int keycode;
1749 int lsym = sym;
1750
1751 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1752 lsym = lsym - 'A' + 'a';
1753 }
1754
1755 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1756 do_key_event(vs, down, keycode, sym);
1757}
1758
1759static void ext_key_event(VncState *vs, int down,
1760 uint32_t sym, uint16_t keycode)
1761{
1762
1763 if (keyboard_layout)
1764 key_event(vs, down, sym);
1765 else
1766 do_key_event(vs, down, keycode, sym);
1767}
1768
1769static void framebuffer_update_request(VncState *vs, int incremental,
1770 int x_position, int y_position,
1771 int w, int h)
1772{
1773 int i;
1774 const size_t width = ds_get_width(vs->ds) / 16;
1775
1776 if (y_position > ds_get_height(vs->ds))
1777 y_position = ds_get_height(vs->ds);
1778 if (y_position + h >= ds_get_height(vs->ds))
1779 h = ds_get_height(vs->ds) - y_position;
1780
1781 vs->need_update = 1;
1782 if (!incremental) {
1783 vs->force_update = 1;
1784 for (i = 0; i < h; i++) {
1785 bitmap_set(vs->dirty[y_position + i], 0, width);
1786 bitmap_clear(vs->dirty[y_position + i], width,
1787 VNC_DIRTY_BITS - width);
1788 }
1789 }
1790}
1791
1792static void send_ext_key_event_ack(VncState *vs)
1793{
1794 vnc_lock_output(vs);
1795 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1796 vnc_write_u8(vs, 0);
1797 vnc_write_u16(vs, 1);
1798 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1799 VNC_ENCODING_EXT_KEY_EVENT);
1800 vnc_unlock_output(vs);
1801 vnc_flush(vs);
1802}
1803
1804static void send_ext_audio_ack(VncState *vs)
1805{
1806 vnc_lock_output(vs);
1807 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1808 vnc_write_u8(vs, 0);
1809 vnc_write_u16(vs, 1);
1810 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1811 VNC_ENCODING_AUDIO);
1812 vnc_unlock_output(vs);
1813 vnc_flush(vs);
1814}
1815
1816static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1817{
1818 int i;
1819 unsigned int enc = 0;
1820
1821 vs->features = 0;
1822 vs->vnc_encoding = 0;
1823 vs->tight.compression = 9;
1824 vs->tight.quality = -1;
1825 vs->absolute = -1;
1826
1827
1828
1829
1830
1831
1832 for (i = n_encodings - 1; i >= 0; i--) {
1833 enc = encodings[i];
1834 switch (enc) {
1835 case VNC_ENCODING_RAW:
1836 vs->vnc_encoding = enc;
1837 break;
1838 case VNC_ENCODING_COPYRECT:
1839 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1840 break;
1841 case VNC_ENCODING_HEXTILE:
1842 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1843 vs->vnc_encoding = enc;
1844 break;
1845 case VNC_ENCODING_TIGHT:
1846 vs->features |= VNC_FEATURE_TIGHT_MASK;
1847 vs->vnc_encoding = enc;
1848 break;
1849#ifdef CONFIG_VNC_PNG
1850 case VNC_ENCODING_TIGHT_PNG:
1851 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1852 vs->vnc_encoding = enc;
1853 break;
1854#endif
1855 case VNC_ENCODING_ZLIB:
1856 vs->features |= VNC_FEATURE_ZLIB_MASK;
1857 vs->vnc_encoding = enc;
1858 break;
1859 case VNC_ENCODING_ZRLE:
1860 vs->features |= VNC_FEATURE_ZRLE_MASK;
1861 vs->vnc_encoding = enc;
1862 break;
1863 case VNC_ENCODING_ZYWRLE:
1864 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1865 vs->vnc_encoding = enc;
1866 break;
1867 case VNC_ENCODING_DESKTOPRESIZE:
1868 vs->features |= VNC_FEATURE_RESIZE_MASK;
1869 break;
1870 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1871 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1872 break;
1873 case VNC_ENCODING_RICH_CURSOR:
1874 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1875 break;
1876 case VNC_ENCODING_EXT_KEY_EVENT:
1877 send_ext_key_event_ack(vs);
1878 break;
1879 case VNC_ENCODING_AUDIO:
1880 send_ext_audio_ack(vs);
1881 break;
1882 case VNC_ENCODING_WMVi:
1883 vs->features |= VNC_FEATURE_WMVI_MASK;
1884 break;
1885 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1886 vs->tight.compression = (enc & 0x0F);
1887 break;
1888 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1889 if (vs->vd->lossy) {
1890 vs->tight.quality = (enc & 0x0F);
1891 }
1892 break;
1893 default:
1894 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1895 break;
1896 }
1897 }
1898 vnc_desktop_resize(vs);
1899 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1900}
1901
1902static void set_pixel_conversion(VncState *vs)
1903{
1904 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
1905
1906 if (fmt == VNC_SERVER_FB_FORMAT) {
1907 vs->write_pixels = vnc_write_pixels_copy;
1908 vnc_hextile_set_pixel_conversion(vs, 0);
1909 } else {
1910 vs->write_pixels = vnc_write_pixels_generic;
1911 vnc_hextile_set_pixel_conversion(vs, 1);
1912 }
1913}
1914
1915static void set_pixel_format(VncState *vs,
1916 int bits_per_pixel, int depth,
1917 int big_endian_flag, int true_color_flag,
1918 int red_max, int green_max, int blue_max,
1919 int red_shift, int green_shift, int blue_shift)
1920{
1921 if (!true_color_flag) {
1922 vnc_client_error(vs);
1923 return;
1924 }
1925
1926 vs->client_pf.rmax = red_max;
1927 vs->client_pf.rbits = hweight_long(red_max);
1928 vs->client_pf.rshift = red_shift;
1929 vs->client_pf.rmask = red_max << red_shift;
1930 vs->client_pf.gmax = green_max;
1931 vs->client_pf.gbits = hweight_long(green_max);
1932 vs->client_pf.gshift = green_shift;
1933 vs->client_pf.gmask = green_max << green_shift;
1934 vs->client_pf.bmax = blue_max;
1935 vs->client_pf.bbits = hweight_long(blue_max);
1936 vs->client_pf.bshift = blue_shift;
1937 vs->client_pf.bmask = blue_max << blue_shift;
1938 vs->client_pf.bits_per_pixel = bits_per_pixel;
1939 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
1940 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1941 vs->client_be = big_endian_flag;
1942
1943 set_pixel_conversion(vs);
1944
1945 vga_hw_invalidate();
1946 vga_hw_update();
1947}
1948
1949static void pixel_format_message (VncState *vs) {
1950 char pad[3] = { 0, 0, 0 };
1951
1952 vs->client_pf = qemu_default_pixelformat(32);
1953
1954 vnc_write_u8(vs, vs->client_pf.bits_per_pixel);
1955 vnc_write_u8(vs, vs->client_pf.depth);
1956
1957#ifdef HOST_WORDS_BIGENDIAN
1958 vnc_write_u8(vs, 1);
1959#else
1960 vnc_write_u8(vs, 0);
1961#endif
1962 vnc_write_u8(vs, 1);
1963 vnc_write_u16(vs, vs->client_pf.rmax);
1964 vnc_write_u16(vs, vs->client_pf.gmax);
1965 vnc_write_u16(vs, vs->client_pf.bmax);
1966 vnc_write_u8(vs, vs->client_pf.rshift);
1967 vnc_write_u8(vs, vs->client_pf.gshift);
1968 vnc_write_u8(vs, vs->client_pf.bshift);
1969 vnc_write(vs, pad, 3);
1970
1971 vnc_hextile_set_pixel_conversion(vs, 0);
1972 vs->write_pixels = vnc_write_pixels_copy;
1973}
1974
1975static void vnc_dpy_setdata(DisplayState *ds)
1976{
1977 VncDisplay *vd = ds->opaque;
1978
1979 qemu_pixman_image_unref(vd->guest.fb);
1980 vd->guest.fb = pixman_image_ref(ds->surface->image);
1981 vd->guest.format = ds->surface->format;
1982 vnc_dpy_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds));
1983}
1984
1985static void vnc_colordepth(VncState *vs)
1986{
1987 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1988
1989 vnc_lock_output(vs);
1990 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1991 vnc_write_u8(vs, 0);
1992 vnc_write_u16(vs, 1);
1993 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1994 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1995 pixel_format_message(vs);
1996 vnc_unlock_output(vs);
1997 vnc_flush(vs);
1998 } else {
1999 set_pixel_conversion(vs);
2000 }
2001}
2002
2003static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2004{
2005 int i;
2006 uint16_t limit;
2007 VncDisplay *vd = vs->vd;
2008
2009 if (data[0] > 3) {
2010 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2011 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
2012 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2013 }
2014
2015 switch (data[0]) {
2016 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2017 if (len == 1)
2018 return 20;
2019
2020 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2021 read_u8(data, 6), read_u8(data, 7),
2022 read_u16(data, 8), read_u16(data, 10),
2023 read_u16(data, 12), read_u8(data, 14),
2024 read_u8(data, 15), read_u8(data, 16));
2025 break;
2026 case VNC_MSG_CLIENT_SET_ENCODINGS:
2027 if (len == 1)
2028 return 4;
2029
2030 if (len == 4) {
2031 limit = read_u16(data, 2);
2032 if (limit > 0)
2033 return 4 + (limit * 4);
2034 } else
2035 limit = read_u16(data, 2);
2036
2037 for (i = 0; i < limit; i++) {
2038 int32_t val = read_s32(data, 4 + (i * 4));
2039 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2040 }
2041
2042 set_encodings(vs, (int32_t *)(data + 4), limit);
2043 break;
2044 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2045 if (len == 1)
2046 return 10;
2047
2048 framebuffer_update_request(vs,
2049 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2050 read_u16(data, 6), read_u16(data, 8));
2051 break;
2052 case VNC_MSG_CLIENT_KEY_EVENT:
2053 if (len == 1)
2054 return 8;
2055
2056 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2057 break;
2058 case VNC_MSG_CLIENT_POINTER_EVENT:
2059 if (len == 1)
2060 return 6;
2061
2062 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2063 break;
2064 case VNC_MSG_CLIENT_CUT_TEXT:
2065 if (len == 1)
2066 return 8;
2067
2068 if (len == 8) {
2069 uint32_t dlen = read_u32(data, 4);
2070 if (dlen > 0)
2071 return 8 + dlen;
2072 }
2073
2074 client_cut_text(vs, read_u32(data, 4), data + 8);
2075 break;
2076 case VNC_MSG_CLIENT_QEMU:
2077 if (len == 1)
2078 return 2;
2079
2080 switch (read_u8(data, 1)) {
2081 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2082 if (len == 2)
2083 return 12;
2084
2085 ext_key_event(vs, read_u16(data, 2),
2086 read_u32(data, 4), read_u32(data, 8));
2087 break;
2088 case VNC_MSG_CLIENT_QEMU_AUDIO:
2089 if (len == 2)
2090 return 4;
2091
2092 switch (read_u16 (data, 2)) {
2093 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2094 audio_add(vs);
2095 break;
2096 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2097 audio_del(vs);
2098 break;
2099 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2100 if (len == 4)
2101 return 10;
2102 switch (read_u8(data, 4)) {
2103 case 0: vs->as.fmt = AUD_FMT_U8; break;
2104 case 1: vs->as.fmt = AUD_FMT_S8; break;
2105 case 2: vs->as.fmt = AUD_FMT_U16; break;
2106 case 3: vs->as.fmt = AUD_FMT_S16; break;
2107 case 4: vs->as.fmt = AUD_FMT_U32; break;
2108 case 5: vs->as.fmt = AUD_FMT_S32; break;
2109 default:
2110 printf("Invalid audio format %d\n", read_u8(data, 4));
2111 vnc_client_error(vs);
2112 break;
2113 }
2114 vs->as.nchannels = read_u8(data, 5);
2115 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2116 printf("Invalid audio channel coount %d\n",
2117 read_u8(data, 5));
2118 vnc_client_error(vs);
2119 break;
2120 }
2121 vs->as.freq = read_u32(data, 6);
2122 break;
2123 default:
2124 printf ("Invalid audio message %d\n", read_u8(data, 4));
2125 vnc_client_error(vs);
2126 break;
2127 }
2128 break;
2129
2130 default:
2131 printf("Msg: %d\n", read_u16(data, 0));
2132 vnc_client_error(vs);
2133 break;
2134 }
2135 break;
2136 default:
2137 printf("Msg: %d\n", data[0]);
2138 vnc_client_error(vs);
2139 break;
2140 }
2141
2142 vnc_read_when(vs, protocol_client_msg, 1);
2143 return 0;
2144}
2145
2146static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2147{
2148 char buf[1024];
2149 VncShareMode mode;
2150 int size;
2151
2152 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2153 switch (vs->vd->share_policy) {
2154 case VNC_SHARE_POLICY_IGNORE:
2155
2156
2157
2158
2159
2160
2161
2162 break;
2163 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2174 VncState *client;
2175 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2176 if (vs == client) {
2177 continue;
2178 }
2179 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2180 client->share_mode != VNC_SHARE_MODE_SHARED) {
2181 continue;
2182 }
2183 vnc_disconnect_start(client);
2184 }
2185 }
2186 if (mode == VNC_SHARE_MODE_SHARED) {
2187 if (vs->vd->num_exclusive > 0) {
2188 vnc_disconnect_start(vs);
2189 return 0;
2190 }
2191 }
2192 break;
2193 case VNC_SHARE_POLICY_FORCE_SHARED:
2194
2195
2196
2197
2198
2199
2200
2201
2202 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2203 vnc_disconnect_start(vs);
2204 return 0;
2205 }
2206 break;
2207 }
2208 vnc_set_share_mode(vs, mode);
2209
2210 vs->client_width = ds_get_width(vs->ds);
2211 vs->client_height = ds_get_height(vs->ds);
2212 vnc_write_u16(vs, vs->client_width);
2213 vnc_write_u16(vs, vs->client_height);
2214
2215 pixel_format_message(vs);
2216
2217 if (qemu_name)
2218 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2219 else
2220 size = snprintf(buf, sizeof(buf), "QEMU");
2221
2222 vnc_write_u32(vs, size);
2223 vnc_write(vs, buf, size);
2224 vnc_flush(vs);
2225
2226 vnc_client_cache_auth(vs);
2227 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2228
2229 vnc_read_when(vs, protocol_client_msg, 1);
2230
2231 return 0;
2232}
2233
2234void start_client_init(VncState *vs)
2235{
2236 vnc_read_when(vs, protocol_client_init, 1);
2237}
2238
2239static void make_challenge(VncState *vs)
2240{
2241 int i;
2242
2243 srand(time(NULL)+getpid()+getpid()*987654+rand());
2244
2245 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2246 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2247}
2248
2249static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2250{
2251 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2252 int i, j, pwlen;
2253 unsigned char key[8];
2254 time_t now = time(NULL);
2255
2256 if (!vs->vd->password) {
2257 VNC_DEBUG("No password configured on server");
2258 goto reject;
2259 }
2260 if (vs->vd->expires < now) {
2261 VNC_DEBUG("Password is expired");
2262 goto reject;
2263 }
2264
2265 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2266
2267
2268 pwlen = strlen(vs->vd->password);
2269 for (i=0; i<sizeof(key); i++)
2270 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2271 deskey(key, EN0);
2272 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2273 des(response+j, response+j);
2274
2275
2276 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2277 VNC_DEBUG("Client challenge response did not match\n");
2278 goto reject;
2279 } else {
2280 VNC_DEBUG("Accepting VNC challenge response\n");
2281 vnc_write_u32(vs, 0);
2282 vnc_flush(vs);
2283
2284 start_client_init(vs);
2285 }
2286 return 0;
2287
2288reject:
2289 vnc_write_u32(vs, 1);
2290 if (vs->minor >= 8) {
2291 static const char err[] = "Authentication failed";
2292 vnc_write_u32(vs, sizeof(err));
2293 vnc_write(vs, err, sizeof(err));
2294 }
2295 vnc_flush(vs);
2296 vnc_client_error(vs);
2297 return 0;
2298}
2299
2300void start_auth_vnc(VncState *vs)
2301{
2302 make_challenge(vs);
2303
2304 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2305 vnc_flush(vs);
2306
2307 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2308}
2309
2310
2311static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2312{
2313
2314
2315 if (data[0] != vs->auth) {
2316 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2317 vnc_write_u32(vs, 1);
2318 if (vs->minor >= 8) {
2319 static const char err[] = "Authentication failed";
2320 vnc_write_u32(vs, sizeof(err));
2321 vnc_write(vs, err, sizeof(err));
2322 }
2323 vnc_client_error(vs);
2324 } else {
2325 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2326 switch (vs->auth) {
2327 case VNC_AUTH_NONE:
2328 VNC_DEBUG("Accept auth none\n");
2329 if (vs->minor >= 8) {
2330 vnc_write_u32(vs, 0);
2331 vnc_flush(vs);
2332 }
2333 start_client_init(vs);
2334 break;
2335
2336 case VNC_AUTH_VNC:
2337 VNC_DEBUG("Start VNC auth\n");
2338 start_auth_vnc(vs);
2339 break;
2340
2341#ifdef CONFIG_VNC_TLS
2342 case VNC_AUTH_VENCRYPT:
2343 VNC_DEBUG("Accept VeNCrypt auth\n");
2344 start_auth_vencrypt(vs);
2345 break;
2346#endif
2347
2348#ifdef CONFIG_VNC_SASL
2349 case VNC_AUTH_SASL:
2350 VNC_DEBUG("Accept SASL auth\n");
2351 start_auth_sasl(vs);
2352 break;
2353#endif
2354
2355 default:
2356 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2357 vnc_write_u8(vs, 1);
2358 if (vs->minor >= 8) {
2359 static const char err[] = "Authentication failed";
2360 vnc_write_u32(vs, sizeof(err));
2361 vnc_write(vs, err, sizeof(err));
2362 }
2363 vnc_client_error(vs);
2364 }
2365 }
2366 return 0;
2367}
2368
2369static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2370{
2371 char local[13];
2372
2373 memcpy(local, version, 12);
2374 local[12] = 0;
2375
2376 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2377 VNC_DEBUG("Malformed protocol version %s\n", local);
2378 vnc_client_error(vs);
2379 return 0;
2380 }
2381 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2382 if (vs->major != 3 ||
2383 (vs->minor != 3 &&
2384 vs->minor != 4 &&
2385 vs->minor != 5 &&
2386 vs->minor != 7 &&
2387 vs->minor != 8)) {
2388 VNC_DEBUG("Unsupported client version\n");
2389 vnc_write_u32(vs, VNC_AUTH_INVALID);
2390 vnc_flush(vs);
2391 vnc_client_error(vs);
2392 return 0;
2393 }
2394
2395
2396
2397 if (vs->minor == 4 || vs->minor == 5)
2398 vs->minor = 3;
2399
2400 if (vs->minor == 3) {
2401 if (vs->auth == VNC_AUTH_NONE) {
2402 VNC_DEBUG("Tell client auth none\n");
2403 vnc_write_u32(vs, vs->auth);
2404 vnc_flush(vs);
2405 start_client_init(vs);
2406 } else if (vs->auth == VNC_AUTH_VNC) {
2407 VNC_DEBUG("Tell client VNC auth\n");
2408 vnc_write_u32(vs, vs->auth);
2409 vnc_flush(vs);
2410 start_auth_vnc(vs);
2411 } else {
2412 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2413 vnc_write_u32(vs, VNC_AUTH_INVALID);
2414 vnc_flush(vs);
2415 vnc_client_error(vs);
2416 }
2417 } else {
2418 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2419 vnc_write_u8(vs, 1);
2420 vnc_write_u8(vs, vs->auth);
2421 vnc_read_when(vs, protocol_client_auth, 1);
2422 vnc_flush(vs);
2423 }
2424
2425 return 0;
2426}
2427
2428static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2429{
2430 struct VncSurface *vs = &vd->guest;
2431
2432 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2433}
2434
2435void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2436{
2437 int i, j;
2438
2439 w = (x + w) / VNC_STAT_RECT;
2440 h = (y + h) / VNC_STAT_RECT;
2441 x /= VNC_STAT_RECT;
2442 y /= VNC_STAT_RECT;
2443
2444 for (j = y; j <= h; j++) {
2445 for (i = x; i <= w; i++) {
2446 vs->lossy_rect[j][i] = 1;
2447 }
2448 }
2449}
2450
2451static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2452{
2453 VncState *vs;
2454 int sty = y / VNC_STAT_RECT;
2455 int stx = x / VNC_STAT_RECT;
2456 int has_dirty = 0;
2457
2458 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2459 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2460
2461 QTAILQ_FOREACH(vs, &vd->clients, next) {
2462 int j;
2463
2464
2465 if (vs->output.offset) {
2466 continue;
2467 }
2468
2469 if (!vs->lossy_rect[sty][stx]) {
2470 continue;
2471 }
2472
2473 vs->lossy_rect[sty][stx] = 0;
2474 for (j = 0; j < VNC_STAT_RECT; ++j) {
2475 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2476 }
2477 has_dirty++;
2478 }
2479
2480 return has_dirty;
2481}
2482
2483static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2484{
2485 int width = pixman_image_get_width(vd->guest.fb);
2486 int height = pixman_image_get_height(vd->guest.fb);
2487 int x, y;
2488 struct timeval res;
2489 int has_dirty = 0;
2490
2491 for (y = 0; y < height; y += VNC_STAT_RECT) {
2492 for (x = 0; x < width; x += VNC_STAT_RECT) {
2493 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2494
2495 rect->updated = false;
2496 }
2497 }
2498
2499 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2500
2501 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2502 return has_dirty;
2503 }
2504 vd->guest.last_freq_check = *tv;
2505
2506 for (y = 0; y < height; y += VNC_STAT_RECT) {
2507 for (x = 0; x < width; x += VNC_STAT_RECT) {
2508 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2509 int count = ARRAY_SIZE(rect->times);
2510 struct timeval min, max;
2511
2512 if (!timerisset(&rect->times[count - 1])) {
2513 continue ;
2514 }
2515
2516 max = rect->times[(rect->idx + count - 1) % count];
2517 qemu_timersub(tv, &max, &res);
2518
2519 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2520 rect->freq = 0;
2521 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2522 memset(rect->times, 0, sizeof (rect->times));
2523 continue ;
2524 }
2525
2526 min = rect->times[rect->idx];
2527 max = rect->times[(rect->idx + count - 1) % count];
2528 qemu_timersub(&max, &min, &res);
2529
2530 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2531 rect->freq /= count;
2532 rect->freq = 1. / rect->freq;
2533 }
2534 }
2535 return has_dirty;
2536}
2537
2538double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2539{
2540 int i, j;
2541 double total = 0;
2542 int num = 0;
2543
2544 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2545 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2546
2547 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2548 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2549 total += vnc_stat_rect(vs->vd, i, j)->freq;
2550 num++;
2551 }
2552 }
2553
2554 if (num) {
2555 return total / num;
2556 } else {
2557 return 0;
2558 }
2559}
2560
2561static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2562{
2563 VncRectStat *rect;
2564
2565 rect = vnc_stat_rect(vd, x, y);
2566 if (rect->updated) {
2567 return ;
2568 }
2569 rect->times[rect->idx] = *tv;
2570 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2571 rect->updated = true;
2572}
2573
2574static int vnc_refresh_server_surface(VncDisplay *vd)
2575{
2576 int width = pixman_image_get_width(vd->guest.fb);
2577 int height = pixman_image_get_height(vd->guest.fb);
2578 int y;
2579 uint8_t *guest_row;
2580 uint8_t *server_row;
2581 int cmp_bytes;
2582 VncState *vs;
2583 int has_dirty = 0;
2584 pixman_image_t *tmpbuf = NULL;
2585
2586 struct timeval tv = { 0, 0 };
2587
2588 if (!vd->non_adaptive) {
2589 gettimeofday(&tv, NULL);
2590 has_dirty = vnc_update_stats(vd, &tv);
2591 }
2592
2593
2594
2595
2596
2597
2598 cmp_bytes = 64;
2599 if (cmp_bytes > vnc_server_fb_stride(vd)) {
2600 cmp_bytes = vnc_server_fb_stride(vd);
2601 }
2602 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2603 int width = pixman_image_get_width(vd->server);
2604 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2605 }
2606 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2607 server_row = (uint8_t *)pixman_image_get_data(vd->server);
2608 for (y = 0; y < height; y++) {
2609 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2610 int x;
2611 uint8_t *guest_ptr;
2612 uint8_t *server_ptr;
2613
2614 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2615 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2616 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2617 } else {
2618 guest_ptr = guest_row;
2619 }
2620 server_ptr = server_row;
2621
2622 for (x = 0; x + 15 < width;
2623 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2624 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2625 continue;
2626 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2627 continue;
2628 memcpy(server_ptr, guest_ptr, cmp_bytes);
2629 if (!vd->non_adaptive)
2630 vnc_rect_updated(vd, x, y, &tv);
2631 QTAILQ_FOREACH(vs, &vd->clients, next) {
2632 set_bit((x / 16), vs->dirty[y]);
2633 }
2634 has_dirty++;
2635 }
2636 }
2637 guest_row += pixman_image_get_stride(vd->guest.fb);
2638 server_row += pixman_image_get_stride(vd->server);
2639 }
2640 qemu_pixman_image_unref(tmpbuf);
2641 return has_dirty;
2642}
2643
2644static void vnc_refresh(void *opaque)
2645{
2646 VncDisplay *vd = opaque;
2647 VncState *vs, *vn;
2648 int has_dirty, rects = 0;
2649
2650 vga_hw_update();
2651
2652 if (vnc_trylock_display(vd)) {
2653 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2654 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2655 vd->timer_interval);
2656 return;
2657 }
2658
2659 has_dirty = vnc_refresh_server_surface(vd);
2660 vnc_unlock_display(vd);
2661
2662 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2663 rects += vnc_update_client(vs, has_dirty);
2664
2665 }
2666
2667
2668
2669 if (vd->timer == NULL)
2670 return;
2671
2672 if (has_dirty && rects) {
2673 vd->timer_interval /= 2;
2674 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2675 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2676 } else {
2677 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2678 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2679 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2680 }
2681 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2682}
2683
2684static void vnc_init_timer(VncDisplay *vd)
2685{
2686 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2687 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2688 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2689 vnc_dpy_resize(vd->ds);
2690 vnc_refresh(vd);
2691 }
2692}
2693
2694static void vnc_remove_timer(VncDisplay *vd)
2695{
2696 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2697 qemu_del_timer(vd->timer);
2698 qemu_free_timer(vd->timer);
2699 vd->timer = NULL;
2700 }
2701}
2702
2703static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket)
2704{
2705 VncState *vs = g_malloc0(sizeof(VncState));
2706 int i;
2707
2708 vs->csock = csock;
2709
2710 if (skipauth) {
2711 vs->auth = VNC_AUTH_NONE;
2712#ifdef CONFIG_VNC_TLS
2713 vs->subauth = VNC_AUTH_INVALID;
2714#endif
2715 } else {
2716 vs->auth = vd->auth;
2717#ifdef CONFIG_VNC_TLS
2718 vs->subauth = vd->subauth;
2719#endif
2720 }
2721
2722 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2723 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2724 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2725 }
2726
2727 VNC_DEBUG("New client on socket %d\n", csock);
2728 dcl->idle = 0;
2729 qemu_set_nonblock(vs->csock);
2730#ifdef CONFIG_VNC_WS
2731 if (websocket) {
2732 vs->websocket = 1;
2733 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
2734 } else
2735#endif
2736 {
2737 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2738 }
2739
2740 vnc_client_cache_addr(vs);
2741 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2742 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2743
2744 vs->vd = vd;
2745
2746#ifdef CONFIG_VNC_WS
2747 if (!vs->websocket)
2748#endif
2749 {
2750 vnc_init_state(vs);
2751 }
2752}
2753
2754void vnc_init_state(VncState *vs)
2755{
2756 vs->initialized = true;
2757 VncDisplay *vd = vs->vd;
2758
2759 vs->ds = vd->ds;
2760 vs->last_x = -1;
2761 vs->last_y = -1;
2762
2763 vs->as.freq = 44100;
2764 vs->as.nchannels = 2;
2765 vs->as.fmt = AUD_FMT_S16;
2766 vs->as.endianness = 0;
2767
2768 qemu_mutex_init(&vs->output_mutex);
2769 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2770
2771 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2772
2773 vga_hw_update();
2774
2775 vnc_write(vs, "RFB 003.008\n", 12);
2776 vnc_flush(vs);
2777 vnc_read_when(vs, protocol_version, 12);
2778 reset_keys(vs);
2779 if (vs->vd->lock_key_sync)
2780 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2781
2782 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2783 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2784
2785 vnc_init_timer(vd);
2786
2787
2788}
2789
2790static void vnc_listen_read(void *opaque, bool websocket)
2791{
2792 VncDisplay *vs = opaque;
2793 struct sockaddr_in addr;
2794 socklen_t addrlen = sizeof(addr);
2795 int csock;
2796
2797
2798 vga_hw_update();
2799#ifdef CONFIG_VNC_WS
2800 if (websocket) {
2801 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen);
2802 } else
2803#endif
2804 {
2805 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2806 }
2807
2808 if (csock != -1) {
2809 vnc_connect(vs, csock, 0, websocket);
2810 }
2811}
2812
2813static void vnc_listen_regular_read(void *opaque)
2814{
2815 vnc_listen_read(opaque, 0);
2816}
2817
2818#ifdef CONFIG_VNC_WS
2819static void vnc_listen_websocket_read(void *opaque)
2820{
2821 vnc_listen_read(opaque, 1);
2822}
2823#endif
2824
2825void vnc_display_init(DisplayState *ds)
2826{
2827 VncDisplay *vs = g_malloc0(sizeof(*vs));
2828
2829 dcl = g_malloc0(sizeof(DisplayChangeListener));
2830
2831 ds->opaque = vs;
2832 dcl->idle = 1;
2833 vnc_display = vs;
2834
2835 vs->lsock = -1;
2836#ifdef CONFIG_VNC_WS
2837 vs->lwebsock = -1;
2838#endif
2839
2840 vs->ds = ds;
2841 QTAILQ_INIT(&vs->clients);
2842 vs->expires = TIME_MAX;
2843
2844 if (keyboard_layout)
2845 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2846 else
2847 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2848
2849 if (!vs->kbd_layout)
2850 exit(1);
2851
2852 qemu_mutex_init(&vs->mutex);
2853 vnc_start_worker_thread();
2854
2855 dcl->dpy_gfx_copy = vnc_dpy_copy;
2856 dcl->dpy_gfx_update = vnc_dpy_update;
2857 dcl->dpy_gfx_resize = vnc_dpy_resize;
2858 dcl->dpy_gfx_setdata = vnc_dpy_setdata;
2859 dcl->dpy_mouse_set = vnc_mouse_set;
2860 dcl->dpy_cursor_define = vnc_dpy_cursor_define;
2861 register_displaychangelistener(ds, dcl);
2862}
2863
2864
2865static void vnc_display_close(DisplayState *ds)
2866{
2867 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2868
2869 if (!vs)
2870 return;
2871 if (vs->display) {
2872 g_free(vs->display);
2873 vs->display = NULL;
2874 }
2875 if (vs->lsock != -1) {
2876 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2877 close(vs->lsock);
2878 vs->lsock = -1;
2879 }
2880#ifdef CONFIG_VNC_WS
2881 g_free(vs->ws_display);
2882 vs->ws_display = NULL;
2883 if (vs->lwebsock != -1) {
2884 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL);
2885 close(vs->lwebsock);
2886 vs->lwebsock = -1;
2887 }
2888#endif
2889 vs->auth = VNC_AUTH_INVALID;
2890#ifdef CONFIG_VNC_TLS
2891 vs->subauth = VNC_AUTH_INVALID;
2892 vs->tls.x509verify = 0;
2893#endif
2894}
2895
2896static int vnc_display_disable_login(DisplayState *ds)
2897{
2898 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2899
2900 if (!vs) {
2901 return -1;
2902 }
2903
2904 if (vs->password) {
2905 g_free(vs->password);
2906 }
2907
2908 vs->password = NULL;
2909 if (vs->auth == VNC_AUTH_NONE) {
2910 vs->auth = VNC_AUTH_VNC;
2911 }
2912
2913 return 0;
2914}
2915
2916int vnc_display_password(DisplayState *ds, const char *password)
2917{
2918 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2919
2920 if (!vs) {
2921 return -EINVAL;
2922 }
2923
2924 if (!password) {
2925
2926
2927 return vnc_display_disable_login(ds);
2928 }
2929
2930 if (vs->password) {
2931 g_free(vs->password);
2932 vs->password = NULL;
2933 }
2934 vs->password = g_strdup(password);
2935 if (vs->auth == VNC_AUTH_NONE) {
2936 vs->auth = VNC_AUTH_VNC;
2937 }
2938
2939 return 0;
2940}
2941
2942int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2943{
2944 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2945
2946 if (!vs) {
2947 return -EINVAL;
2948 }
2949
2950 vs->expires = expires;
2951 return 0;
2952}
2953
2954char *vnc_display_local_addr(DisplayState *ds)
2955{
2956 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2957
2958 return vnc_socket_local_addr("%s:%s", vs->lsock);
2959}
2960
2961void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
2962{
2963 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2964 const char *options;
2965 int password = 0;
2966 int reverse = 0;
2967#ifdef CONFIG_VNC_TLS
2968 int tls = 0, x509 = 0;
2969#endif
2970#ifdef CONFIG_VNC_SASL
2971 int sasl = 0;
2972 int saslErr;
2973#endif
2974#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2975 int acl = 0;
2976#endif
2977 int lock_key_sync = 1;
2978
2979 if (!vnc_display) {
2980 error_setg(errp, "VNC display not active");
2981 return;
2982 }
2983 vnc_display_close(ds);
2984 if (strcmp(display, "none") == 0)
2985 return;
2986
2987 vs->display = g_strdup(display);
2988 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2989
2990 options = display;
2991 while ((options = strchr(options, ','))) {
2992 options++;
2993 if (strncmp(options, "password", 8) == 0) {
2994 if (fips_get_state()) {
2995 error_setg(errp,
2996 "VNC password auth disabled due to FIPS mode, "
2997 "consider using the VeNCrypt or SASL authentication "
2998 "methods as an alternative");
2999 goto fail;
3000 }
3001 password = 1;
3002 } else if (strncmp(options, "reverse", 7) == 0) {
3003 reverse = 1;
3004 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
3005 lock_key_sync = 0;
3006#ifdef CONFIG_VNC_SASL
3007 } else if (strncmp(options, "sasl", 4) == 0) {
3008 sasl = 1;
3009#endif
3010#ifdef CONFIG_VNC_WS
3011 } else if (strncmp(options, "websocket", 9) == 0) {
3012 char *start, *end;
3013 vs->websocket = 1;
3014
3015
3016 start = strchr(options, '=');
3017 end = strchr(options, ',');
3018 if (start && (!end || (start < end))) {
3019 int len = end ? end-(start+1) : strlen(start+1);
3020 if (len < 6) {
3021
3022 char *host = NULL, *port = NULL, *host_end = NULL;
3023 port = g_strndup(start + 1, len);
3024
3025
3026 end = strchr(display, ',');
3027 host_end = g_strrstr_len(display, end - display, ":");
3028
3029 if (host_end) {
3030 host = g_strndup(display, host_end - display + 1);
3031 } else {
3032 host = g_strndup(":", 1);
3033 }
3034 vs->ws_display = g_strconcat(host, port, NULL);
3035 g_free(host);
3036 g_free(port);
3037 }
3038 }
3039#endif
3040#ifdef CONFIG_VNC_TLS
3041 } else if (strncmp(options, "tls", 3) == 0) {
3042 tls = 1;
3043 } else if (strncmp(options, "x509", 4) == 0) {
3044 char *start, *end;
3045 x509 = 1;
3046 if (strncmp(options, "x509verify", 10) == 0)
3047 vs->tls.x509verify = 1;
3048
3049
3050
3051 start = strchr(options, '=');
3052 end = strchr(options, ',');
3053 if (start && (!end || (start < end))) {
3054 int len = end ? end-(start+1) : strlen(start+1);
3055 char *path = g_strndup(start + 1, len);
3056
3057 VNC_DEBUG("Trying certificate path '%s'\n", path);
3058 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
3059 error_setg(errp, "Failed to find x509 certificates/keys in %s", path);
3060 g_free(path);
3061 goto fail;
3062 }
3063 g_free(path);
3064 } else {
3065 error_setg(errp, "No certificate path provided");
3066 goto fail;
3067 }
3068#endif
3069#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3070 } else if (strncmp(options, "acl", 3) == 0) {
3071 acl = 1;
3072#endif
3073 } else if (strncmp(options, "lossy", 5) == 0) {
3074 vs->lossy = true;
3075 } else if (strncmp(options, "non-adaptive", 12) == 0) {
3076 vs->non_adaptive = true;
3077 } else if (strncmp(options, "share=", 6) == 0) {
3078 if (strncmp(options+6, "ignore", 6) == 0) {
3079 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3080 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
3081 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3082 } else if (strncmp(options+6, "force-shared", 12) == 0) {
3083 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3084 } else {
3085 error_setg(errp, "unknown vnc share= option");
3086 goto fail;
3087 }
3088 }
3089 }
3090
3091#ifdef CONFIG_VNC_TLS
3092 if (acl && x509 && vs->tls.x509verify) {
3093 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
3094 fprintf(stderr, "Failed to create x509 dname ACL\n");
3095 exit(1);
3096 }
3097 }
3098#endif
3099#ifdef CONFIG_VNC_SASL
3100 if (acl && sasl) {
3101 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
3102 fprintf(stderr, "Failed to create username ACL\n");
3103 exit(1);
3104 }
3105 }
3106#endif
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124 if (password) {
3125#ifdef CONFIG_VNC_TLS
3126 if (tls) {
3127 vs->auth = VNC_AUTH_VENCRYPT;
3128 if (x509) {
3129 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3130 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3131 } else {
3132 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3133 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3134 }
3135 } else {
3136#endif
3137 VNC_DEBUG("Initializing VNC server with password auth\n");
3138 vs->auth = VNC_AUTH_VNC;
3139#ifdef CONFIG_VNC_TLS
3140 vs->subauth = VNC_AUTH_INVALID;
3141 }
3142#endif
3143#ifdef CONFIG_VNC_SASL
3144 } else if (sasl) {
3145#ifdef CONFIG_VNC_TLS
3146 if (tls) {
3147 vs->auth = VNC_AUTH_VENCRYPT;
3148 if (x509) {
3149 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3150 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3151 } else {
3152 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3153 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3154 }
3155 } else {
3156#endif
3157 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3158 vs->auth = VNC_AUTH_SASL;
3159#ifdef CONFIG_VNC_TLS
3160 vs->subauth = VNC_AUTH_INVALID;
3161 }
3162#endif
3163#endif
3164 } else {
3165#ifdef CONFIG_VNC_TLS
3166 if (tls) {
3167 vs->auth = VNC_AUTH_VENCRYPT;
3168 if (x509) {
3169 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3170 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3171 } else {
3172 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3173 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3174 }
3175 } else {
3176#endif
3177 VNC_DEBUG("Initializing VNC server with no auth\n");
3178 vs->auth = VNC_AUTH_NONE;
3179#ifdef CONFIG_VNC_TLS
3180 vs->subauth = VNC_AUTH_INVALID;
3181 }
3182#endif
3183 }
3184
3185#ifdef CONFIG_VNC_SASL
3186 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3187 error_setg(errp, "Failed to initialize SASL auth: %s",
3188 sasl_errstring(saslErr, NULL, NULL));
3189 goto fail;
3190 }
3191#endif
3192 vs->lock_key_sync = lock_key_sync;
3193
3194 if (reverse) {
3195
3196 int csock;
3197 vs->lsock = -1;
3198#ifdef CONFIG_VNC_WS
3199 vs->lwebsock = -1;
3200#endif
3201 if (strncmp(display, "unix:", 5) == 0) {
3202 csock = unix_connect(display+5, errp);
3203 } else {
3204 csock = inet_connect(display, errp);
3205 }
3206 if (csock < 0) {
3207 goto fail;
3208 }
3209 vnc_connect(vs, csock, 0, 0);
3210 } else {
3211
3212 char *dpy;
3213 dpy = g_malloc(256);
3214 if (strncmp(display, "unix:", 5) == 0) {
3215 pstrcpy(dpy, 256, "unix:");
3216 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp);
3217 } else {
3218 vs->lsock = inet_listen(display, dpy, 256,
3219 SOCK_STREAM, 5900, errp);
3220 if (vs->lsock < 0) {
3221 g_free(dpy);
3222 goto fail;
3223 }
3224#ifdef CONFIG_VNC_WS
3225 if (vs->websocket) {
3226 if (vs->ws_display) {
3227 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256,
3228 SOCK_STREAM, 0, errp);
3229 } else {
3230 vs->lwebsock = inet_listen(vs->display, NULL, 256,
3231 SOCK_STREAM, 5700, errp);
3232 }
3233
3234 if (vs->lwebsock < 0) {
3235 if (vs->lsock) {
3236 close(vs->lsock);
3237 vs->lsock = -1;
3238 }
3239 g_free(dpy);
3240 goto fail;
3241 }
3242 }
3243#endif
3244 }
3245 g_free(vs->display);
3246 vs->display = dpy;
3247 qemu_set_fd_handler2(vs->lsock, NULL,
3248 vnc_listen_regular_read, NULL, vs);
3249#ifdef CONFIG_VNC_WS
3250 if (vs->websocket) {
3251 qemu_set_fd_handler2(vs->lwebsock, NULL,
3252 vnc_listen_websocket_read, NULL, vs);
3253 }
3254#endif
3255 }
3256 return;
3257
3258fail:
3259 g_free(vs->display);
3260 vs->display = NULL;
3261#ifdef CONFIG_VNC_WS
3262 g_free(vs->ws_display);
3263 vs->ws_display = NULL;
3264#endif
3265}
3266
3267void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3268{
3269 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
3270
3271 vnc_connect(vs, csock, skipauth, 0);
3272}
3273
