1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2015 Tycho Nightingale <tycho.nightingale@pluribusnetworks.com>
5 * Copyright (c) 2015 Leon Dang
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30 #include <sys/param.h>
31 #ifndef WITHOUT_CAPSICUM
32 #include <sys/capsicum.h>
33 #endif
34 #include <sys/endian.h>
35 #include <sys/socket.h>
36 #include <sys/select.h>
37 #include <sys/time.h>
38 #include <sys/un.h>
39 #include <arpa/inet.h>
40 #include <stdatomic.h>
41 #include <machine/cpufunc.h>
42 #include <machine/specialreg.h>
43 #include <netinet/in.h>
44 #include <netdb.h>
45
46 #include <assert.h>
47 #ifndef WITHOUT_CAPSICUM
48 #include <capsicum_helpers.h>
49 #endif
50 #include <err.h>
51 #include <errno.h>
52 #include <pthread.h>
53 #include <pthread_np.h>
54 #include <signal.h>
55 #include <stdbool.h>
56 #include <stdlib.h>
57 #include <stdio.h>
58 #include <string.h>
59 #include <sysexits.h>
60 #include <unistd.h>
61
62 #include <zlib.h>
63
64 #include "bhyvegc.h"
65 #include "debug.h"
66 #include "console.h"
67 #include "config.h"
68 #include "rfb.h"
69 #include "sockstream.h"
70
71 #ifndef NO_OPENSSL
72 #include <openssl/des.h>
73 #endif
74
75 /* Delays in microseconds */
76 #define CFD_SEL_DELAY 10000
77 #define SCREEN_REFRESH_DELAY 33300 /* 30Hz */
78 #define SCREEN_POLL_DELAY (SCREEN_REFRESH_DELAY / 2)
79
80 static int rfb_debug = 0;
81 #define DPRINTF(params) if (rfb_debug) PRINTLN params
82 #define WPRINTF(params) PRINTLN params
83
84 #define VERSION_LENGTH 12
85 #define AUTH_LENGTH 16
86 #define PASSWD_LENGTH 8
87
88 /* Protocol versions */
89 #define CVERS_3_3 '3'
90 #define CVERS_3_7 '7'
91 #define CVERS_3_8 '8'
92
93 /* Client-to-server msg types */
94 #define CS_SET_PIXEL_FORMAT 0
95 #define CS_SET_ENCODINGS 2
96 #define CS_UPDATE_MSG 3
97 #define CS_KEY_EVENT 4
98 #define CS_POINTER_EVENT 5
99 #define CS_CUT_TEXT 6
100 #define CS_MSG_CLIENT_QEMU 255
101
102 #define SECURITY_TYPE_NONE 1
103 #define SECURITY_TYPE_VNC_AUTH 2
104
105 #define AUTH_FAILED_UNAUTH 1
106 #define AUTH_FAILED_ERROR 2
107
108 struct pixfmt {
109 bool adjust_pixels;
110 uint8_t red_shift;
111 uint8_t green_shift;
112 uint8_t blue_shift;
113 };
114
115 struct rfb_softc {
116 int sfd;
117 pthread_t tid;
118
119 int cfd;
120
121 int width, height;
122
123 const char *password;
124
125 bool enc_raw_ok;
126 bool enc_zlib_ok;
127 bool enc_resize_ok;
128 bool enc_extkeyevent_ok;
129
130 bool enc_extkeyevent_send;
131
132 z_stream zstream;
133 uint8_t *zbuf;
134 int zbuflen;
135
136 int conn_wait;
137 int wrcount;
138
139 atomic_bool sending;
140 atomic_bool pending;
141 atomic_bool update_all;
142 atomic_bool input_detected;
143 atomic_bool update_pixfmt;
144
145 pthread_mutex_t mtx;
146 pthread_mutex_t pixfmt_mtx;
147 pthread_cond_t cond;
148
149 int hw_crc;
150 uint32_t *crc; /* WxH crc cells */
151 uint32_t *crc_tmp; /* buffer to store single crc row */
152 int crc_width, crc_height;
153
154 struct pixfmt pixfmt; /* owned by the write thread */
155 struct pixfmt new_pixfmt; /* managed with pixfmt_mtx */
156 uint32_t *pixrow;
157 char *fbname;
158 int fbnamelen;
159 };
160
161 struct rfb_pixfmt {
162 uint8_t bpp;
163 uint8_t depth;
164 uint8_t bigendian;
165 uint8_t truecolor;
166 uint16_t red_max;
167 uint16_t green_max;
168 uint16_t blue_max;
169 uint8_t red_shift;
170 uint8_t green_shift;
171 uint8_t blue_shift;
172 uint8_t pad[3];
173 };
174
175 struct rfb_srvr_info {
176 uint16_t width;
177 uint16_t height;
178 struct rfb_pixfmt pixfmt;
179 uint32_t namelen;
180 };
181
182 struct rfb_pixfmt_msg {
183 uint8_t type;
184 uint8_t pad[3];
185 struct rfb_pixfmt pixfmt;
186 };
187
188 #define RFB_ENCODING_RAW 0
189 #define RFB_ENCODING_ZLIB 6
190 #define RFB_ENCODING_RESIZE -223
191 #define RFB_ENCODING_EXT_KEYEVENT -258
192
193 #define RFB_CLIENTMSG_EXT_KEYEVENT 0
194
195 #define RFB_MAX_WIDTH 2000
196 #define RFB_MAX_HEIGHT 1200
197 #define RFB_ZLIB_BUFSZ RFB_MAX_WIDTH*RFB_MAX_HEIGHT*4
198
199 #define PIXEL_RED_SHIFT 16
200 #define PIXEL_GREEN_SHIFT 8
201 #define PIXEL_BLUE_SHIFT 0
202
203 /* percentage changes to screen before sending the entire screen */
204 #define RFB_SEND_ALL_THRESH 25
205
206 struct rfb_enc_msg {
207 uint8_t type;
208 uint8_t pad;
209 uint16_t numencs;
210 };
211
212 struct rfb_updt_msg {
213 uint8_t type;
214 uint8_t incremental;
215 uint16_t x;
216 uint16_t y;
217 uint16_t width;
218 uint16_t height;
219 };
220
221 struct rfb_key_msg {
222 uint8_t type;
223 uint8_t down;
224 uint16_t pad;
225 uint32_t sym;
226 };
227
228 struct rfb_client_msg {
229 uint8_t type;
230 uint8_t subtype;
231 };
232
233 struct rfb_extended_key_msg {
234 uint8_t type;
235 uint8_t subtype;
236 uint16_t down;
237 uint32_t sym;
238 uint32_t code;
239 };
240
241 struct rfb_ptr_msg {
242 uint8_t type;
243 uint8_t button;
244 uint16_t x;
245 uint16_t y;
246 };
247
248 struct rfb_srvr_updt_msg {
249 uint8_t type;
250 uint8_t pad;
251 uint16_t numrects;
252 };
253
254 struct rfb_srvr_rect_hdr {
255 uint16_t x;
256 uint16_t y;
257 uint16_t width;
258 uint16_t height;
259 uint32_t encoding;
260 };
261
262 struct rfb_cuttext_msg {
263 uint8_t type;
264 uint8_t padding[3];
265 uint32_t length;
266 };
267
268 static int
rfb_send_server_init_msg(struct rfb_softc * rc,int cfd)269 rfb_send_server_init_msg(struct rfb_softc *rc, int cfd)
270 {
271 struct bhyvegc_image *gc_image;
272 struct rfb_srvr_info sinfo;
273
274 gc_image = console_get_image();
275
276 sinfo.width = htons(gc_image->width);
277 sinfo.height = htons(gc_image->height);
278 sinfo.pixfmt.bpp = 32;
279 sinfo.pixfmt.depth = 32;
280 sinfo.pixfmt.bigendian = 0;
281 sinfo.pixfmt.truecolor = 1;
282 sinfo.pixfmt.red_max = htons(255);
283 sinfo.pixfmt.green_max = htons(255);
284 sinfo.pixfmt.blue_max = htons(255);
285 sinfo.pixfmt.red_shift = PIXEL_RED_SHIFT;
286 sinfo.pixfmt.green_shift = PIXEL_GREEN_SHIFT;
287 sinfo.pixfmt.blue_shift = PIXEL_BLUE_SHIFT;
288 sinfo.pixfmt.pad[0] = 0;
289 sinfo.pixfmt.pad[1] = 0;
290 sinfo.pixfmt.pad[2] = 0;
291 sinfo.namelen = htonl(rc->fbnamelen);
292 if (stream_write(cfd, &sinfo, sizeof(sinfo)) <= 0)
293 return (-1);
294 if (stream_write(cfd, rc->fbname, rc->fbnamelen) <= 0)
295 return (-1);
296 return (0);
297 }
298
299 static int
rfb_send_resize_update_msg(struct rfb_softc * rc,int cfd)300 rfb_send_resize_update_msg(struct rfb_softc *rc, int cfd)
301 {
302 struct rfb_srvr_updt_msg supdt_msg;
303 struct rfb_srvr_rect_hdr srect_hdr;
304
305 /* Number of rectangles: 1 */
306 supdt_msg.type = 0;
307 supdt_msg.pad = 0;
308 supdt_msg.numrects = htons(1);
309 if (stream_write(cfd, &supdt_msg, sizeof(struct rfb_srvr_updt_msg)) <= 0)
310 return (-1);
311
312 /* Rectangle header */
313 srect_hdr.x = htons(0);
314 srect_hdr.y = htons(0);
315 srect_hdr.width = htons(rc->width);
316 srect_hdr.height = htons(rc->height);
317 srect_hdr.encoding = htonl(RFB_ENCODING_RESIZE);
318 if (stream_write(cfd, &srect_hdr, sizeof(struct rfb_srvr_rect_hdr)) <= 0)
319 return (-1);
320 return (0);
321 }
322
323 static int
rfb_send_extended_keyevent_update_msg(struct rfb_softc * rc,int cfd)324 rfb_send_extended_keyevent_update_msg(struct rfb_softc *rc, int cfd)
325 {
326 struct rfb_srvr_updt_msg supdt_msg;
327 struct rfb_srvr_rect_hdr srect_hdr;
328
329 /* Number of rectangles: 1 */
330 supdt_msg.type = 0;
331 supdt_msg.pad = 0;
332 supdt_msg.numrects = htons(1);
333 if (stream_write(cfd, &supdt_msg, sizeof(struct rfb_srvr_updt_msg)) <= 0)
334 return (-1);
335
336 /* Rectangle header */
337 srect_hdr.x = htons(0);
338 srect_hdr.y = htons(0);
339 srect_hdr.width = htons(rc->width);
340 srect_hdr.height = htons(rc->height);
341 srect_hdr.encoding = htonl(RFB_ENCODING_EXT_KEYEVENT);
342 if (stream_write(cfd, &srect_hdr, sizeof(struct rfb_srvr_rect_hdr)) <= 0)
343 return (-1);
344 return (0);
345 }
346
347 static int
rfb_recv_set_pixfmt_msg(struct rfb_softc * rc __unused,int cfd)348 rfb_recv_set_pixfmt_msg(struct rfb_softc *rc __unused, int cfd)
349 {
350 struct rfb_pixfmt_msg pixfmt_msg;
351 uint8_t red_shift, green_shift, blue_shift;
352 uint16_t red_max, green_max, blue_max;
353 bool adjust_pixels = true;
354 int len;
355
356 len = stream_read(cfd, (uint8_t *)&pixfmt_msg + 1,
357 sizeof(pixfmt_msg) - 1);
358 if (len <= 0)
359 return (-1);
360
361 /*
362 * The framebuffer is fixed at 32 bit and orders the colors
363 * as RGB bytes. However, some VNC clients request a different
364 * ordering. We will still require the same bit depth and size
365 * but allow the colors to be shifted when sent to the client.
366 */
367 if (pixfmt_msg.pixfmt.bpp != 32 || pixfmt_msg.pixfmt.truecolor != 1) {
368 WPRINTF(("rfb: pixfmt unsupported bitdepth bpp: %d "
369 "truecolor: %d",
370 pixfmt_msg.pixfmt.bpp, pixfmt_msg.pixfmt.truecolor));
371 return (0);
372 }
373
374 red_max = ntohs(pixfmt_msg.pixfmt.red_max);
375 green_max = ntohs(pixfmt_msg.pixfmt.green_max);
376 blue_max = ntohs(pixfmt_msg.pixfmt.blue_max);
377
378 /* Check for valid max values */
379 if (red_max != 255 || green_max != 255 || blue_max != 255) {
380 WPRINTF(("rfb: pixfmt unsupported max values "
381 "r: %d g: %d b: %d",
382 red_max, green_max, blue_max));
383 return (0);
384 }
385
386 red_shift = pixfmt_msg.pixfmt.red_shift;
387 green_shift = pixfmt_msg.pixfmt.green_shift;
388 blue_shift = pixfmt_msg.pixfmt.blue_shift;
389
390 /* Check shifts are 8 bit aligned */
391 if ((red_shift & 0x7) != 0 ||
392 (green_shift & 0x7) != 0 ||
393 (blue_shift & 0x7) != 0) {
394 WPRINTF(("rfb: pixfmt unsupported shift values "
395 "r: %d g: %d b: %d",
396 red_shift, green_shift, blue_shift));
397 return (0);
398 }
399
400 if (red_shift == PIXEL_RED_SHIFT &&
401 green_shift == PIXEL_GREEN_SHIFT &&
402 blue_shift == PIXEL_BLUE_SHIFT) {
403 adjust_pixels = false;
404 }
405
406 pthread_mutex_lock(&rc->pixfmt_mtx);
407 rc->new_pixfmt.red_shift = red_shift;
408 rc->new_pixfmt.green_shift = green_shift;
409 rc->new_pixfmt.blue_shift = blue_shift;
410 rc->new_pixfmt.adjust_pixels = adjust_pixels;
411 pthread_mutex_unlock(&rc->pixfmt_mtx);
412
413 /* Notify the write thread to update */
414 rc->update_pixfmt = true;
415
416 return (0);
417 }
418
419 static int
rfb_recv_set_encodings_msg(struct rfb_softc * rc,int cfd)420 rfb_recv_set_encodings_msg(struct rfb_softc *rc, int cfd)
421 {
422 struct rfb_enc_msg enc_msg;
423 int i;
424 uint32_t encoding;
425 int len;
426
427 len = stream_read(cfd, (uint8_t *)&enc_msg + 1, sizeof(enc_msg) - 1);
428 if (len <= 0)
429 return (-1);
430
431 for (i = 0; i < htons(enc_msg.numencs); i++) {
432 len = stream_read(cfd, &encoding, sizeof(encoding));
433 if (len <= 0)
434 return (-1);
435
436 switch (htonl(encoding)) {
437 case RFB_ENCODING_RAW:
438 rc->enc_raw_ok = true;
439 break;
440 case RFB_ENCODING_ZLIB:
441 if (!rc->enc_zlib_ok) {
442 deflateInit(&rc->zstream, Z_BEST_SPEED);
443 rc->enc_zlib_ok = true;
444 }
445 break;
446 case RFB_ENCODING_RESIZE:
447 rc->enc_resize_ok = true;
448 break;
449 case RFB_ENCODING_EXT_KEYEVENT:
450 rc->enc_extkeyevent_ok = true;
451 break;
452 }
453 }
454
455 return (0);
456 }
457
458 /*
459 * Calculate CRC32 using SSE4.2; Intel or AMD Bulldozer+ CPUs only
460 */
461 static __inline uint32_t
fast_crc32(void * buf,int len,uint32_t crcval)462 fast_crc32(void *buf, int len, uint32_t crcval)
463 {
464 uint32_t q = len / sizeof(uint32_t);
465 uint32_t *p = (uint32_t *)buf;
466
467 while (q--) {
468 asm volatile (
469 ".byte 0xf2, 0xf, 0x38, 0xf1, 0xf1;"
470 :"=S" (crcval)
471 :"0" (crcval), "c" (*p)
472 );
473 p++;
474 }
475
476 return (crcval);
477 }
478
479 static int
rfb_send_update_header(struct rfb_softc * rc __unused,int cfd,int numrects)480 rfb_send_update_header(struct rfb_softc *rc __unused, int cfd, int numrects)
481 {
482 struct rfb_srvr_updt_msg supdt_msg;
483
484 supdt_msg.type = 0;
485 supdt_msg.pad = 0;
486 supdt_msg.numrects = htons(numrects);
487
488 return stream_write(cfd, &supdt_msg,
489 sizeof(struct rfb_srvr_updt_msg));
490 }
491
492 static uint32_t *
rfb_adjust_pixels(struct rfb_softc * rc,uint32_t * gcptr,int width)493 rfb_adjust_pixels(struct rfb_softc *rc, uint32_t *gcptr, int width)
494 {
495 uint32_t *pixelp;
496 uint32_t red, green, blue;
497 int i;
498
499 /* If no pixel adjustment needed, send in server format */
500 if (!rc->pixfmt.adjust_pixels) {
501 return (gcptr);
502 }
503
504 for (i = 0, pixelp = rc->pixrow; i < width; i++, pixelp++, gcptr++) {
505 red = (*gcptr >> 16) & 0xFF;
506 green = (*gcptr >> 8) & 0xFF;
507 blue = (*gcptr & 0xFF);
508 *pixelp = (red << rc->pixfmt.red_shift) |
509 (green << rc->pixfmt.green_shift) |
510 (blue << rc->pixfmt.blue_shift);
511 }
512
513 return (rc->pixrow);
514 }
515
516 static int
rfb_send_rect(struct rfb_softc * rc,int cfd,struct bhyvegc_image * gc,int x,int y,int w,int h)517 rfb_send_rect(struct rfb_softc *rc, int cfd, struct bhyvegc_image *gc,
518 int x, int y, int w, int h)
519 {
520 struct rfb_srvr_rect_hdr srect_hdr;
521 unsigned long zlen;
522 ssize_t nwrite, total;
523 int err, width;
524 uint32_t *p, *pixelp;
525 uint8_t *zbufp;
526
527 /*
528 * Send a single rectangle of the given x, y, w h dimensions.
529 */
530
531 /* Rectangle header */
532 srect_hdr.x = htons(x);
533 srect_hdr.y = htons(y);
534 srect_hdr.width = htons(w);
535 srect_hdr.height = htons(h);
536
537 width = w;
538 h = y + h;
539 w *= sizeof(uint32_t);
540 if (rc->enc_zlib_ok) {
541 zbufp = rc->zbuf;
542 rc->zstream.total_in = 0;
543 rc->zstream.total_out = 0;
544 for (p = &gc->data[y * gc->width + x]; y < h; y++) {
545 pixelp = rfb_adjust_pixels(rc, p, width);
546 rc->zstream.next_in = (Bytef *)pixelp;
547 rc->zstream.avail_in = w;
548 rc->zstream.next_out = (Bytef *)zbufp;
549 rc->zstream.avail_out = RFB_ZLIB_BUFSZ + 16 -
550 rc->zstream.total_out;
551 rc->zstream.data_type = Z_BINARY;
552
553 /* Compress with zlib */
554 err = deflate(&rc->zstream, Z_SYNC_FLUSH);
555 if (err != Z_OK) {
556 WPRINTF(("zlib[rect] deflate err: %d", err));
557 rc->enc_zlib_ok = false;
558 deflateEnd(&rc->zstream);
559 goto doraw;
560 }
561 zbufp = rc->zbuf + rc->zstream.total_out;
562 p += gc->width;
563 }
564 srect_hdr.encoding = htonl(RFB_ENCODING_ZLIB);
565 nwrite = stream_write(cfd, &srect_hdr,
566 sizeof(struct rfb_srvr_rect_hdr));
567 if (nwrite <= 0)
568 return (nwrite);
569
570 zlen = htonl(rc->zstream.total_out);
571 nwrite = stream_write(cfd, &zlen, sizeof(uint32_t));
572 if (nwrite <= 0)
573 return (nwrite);
574 return (stream_write(cfd, rc->zbuf, rc->zstream.total_out));
575 }
576
577 doraw:
578
579 total = 0;
580 zbufp = rc->zbuf;
581 for (p = &gc->data[y * gc->width + x]; y < h; y++) {
582 pixelp = rfb_adjust_pixels(rc, p, width);
583 memcpy(zbufp, pixelp, w);
584 zbufp += w;
585 total += w;
586 p += gc->width;
587 }
588
589 srect_hdr.encoding = htonl(RFB_ENCODING_RAW);
590 nwrite = stream_write(cfd, &srect_hdr,
591 sizeof(struct rfb_srvr_rect_hdr));
592 if (nwrite <= 0)
593 return (nwrite);
594
595 total = stream_write(cfd, rc->zbuf, total);
596
597 return (total);
598 }
599
600 static int
rfb_send_all(struct rfb_softc * rc,int cfd,struct bhyvegc_image * gc)601 rfb_send_all(struct rfb_softc *rc, int cfd, struct bhyvegc_image *gc)
602 {
603 struct rfb_srvr_updt_msg supdt_msg;
604 struct rfb_srvr_rect_hdr srect_hdr;
605 ssize_t nwrite;
606 unsigned long zlen;
607 int err;
608
609 /*
610 * Send the whole thing
611 */
612
613 /* Number of rectangles: 1 */
614 supdt_msg.type = 0;
615 supdt_msg.pad = 0;
616 supdt_msg.numrects = htons(1);
617 nwrite = stream_write(cfd, &supdt_msg,
618 sizeof(struct rfb_srvr_updt_msg));
619 if (nwrite <= 0)
620 return (nwrite);
621
622 if (rc->pixfmt.adjust_pixels) {
623 return (rfb_send_rect(rc, cfd, gc, 0, 0,
624 gc->width, gc->height));
625 }
626
627 /* Rectangle header */
628 srect_hdr.x = 0;
629 srect_hdr.y = 0;
630 srect_hdr.width = htons(gc->width);
631 srect_hdr.height = htons(gc->height);
632 if (rc->enc_zlib_ok) {
633 rc->zstream.next_in = (Bytef *)gc->data;
634 rc->zstream.avail_in = gc->width * gc->height *
635 sizeof(uint32_t);
636 rc->zstream.next_out = (Bytef *)rc->zbuf;
637 rc->zstream.avail_out = RFB_ZLIB_BUFSZ + 16;
638 rc->zstream.data_type = Z_BINARY;
639
640 rc->zstream.total_in = 0;
641 rc->zstream.total_out = 0;
642
643 /* Compress with zlib */
644 err = deflate(&rc->zstream, Z_SYNC_FLUSH);
645 if (err != Z_OK) {
646 WPRINTF(("zlib deflate err: %d", err));
647 rc->enc_zlib_ok = false;
648 deflateEnd(&rc->zstream);
649 goto doraw;
650 }
651
652 srect_hdr.encoding = htonl(RFB_ENCODING_ZLIB);
653 nwrite = stream_write(cfd, &srect_hdr,
654 sizeof(struct rfb_srvr_rect_hdr));
655 if (nwrite <= 0)
656 return (nwrite);
657
658 zlen = htonl(rc->zstream.total_out);
659 nwrite = stream_write(cfd, &zlen, sizeof(uint32_t));
660 if (nwrite <= 0)
661 return (nwrite);
662 return (stream_write(cfd, rc->zbuf, rc->zstream.total_out));
663 }
664
665 doraw:
666 srect_hdr.encoding = htonl(RFB_ENCODING_RAW);
667 nwrite = stream_write(cfd, &srect_hdr,
668 sizeof(struct rfb_srvr_rect_hdr));
669 if (nwrite <= 0)
670 return (nwrite);
671
672 nwrite = stream_write(cfd, gc->data,
673 gc->width * gc->height * sizeof(uint32_t));
674
675 return (nwrite);
676 }
677
678 #define PIX_PER_CELL 32
679 #define PIXCELL_SHIFT 5
680 #define PIXCELL_MASK 0x1F
681
682 static void
rfb_set_pixel_adjustment(struct rfb_softc * rc)683 rfb_set_pixel_adjustment(struct rfb_softc *rc)
684 {
685 pthread_mutex_lock(&rc->pixfmt_mtx);
686 rc->pixfmt = rc->new_pixfmt;
687 pthread_mutex_unlock(&rc->pixfmt_mtx);
688 }
689
690 static int
rfb_send_screen(struct rfb_softc * rc,int cfd)691 rfb_send_screen(struct rfb_softc *rc, int cfd)
692 {
693 struct bhyvegc_image *gc_image;
694 ssize_t nwrite;
695 int x, y;
696 int celly, cellwidth;
697 int xcells, ycells;
698 int w, h;
699 uint32_t *p;
700 int rem_x, rem_y; /* remainder for resolutions not x32 pixels ratio */
701 int retval;
702 uint32_t *crc_p, *orig_crc;
703 int changes;
704 bool expected;
705
706 /* Return if another thread sending */
707 expected = false;
708 if (atomic_compare_exchange_strong(&rc->sending, &expected, true) == false)
709 return (1);
710
711 retval = 1;
712
713 /* Updates require a preceding update request */
714 if (atomic_exchange(&rc->pending, false) == false)
715 goto done;
716
717 if (atomic_exchange(&rc->update_pixfmt, false) == true) {
718 rfb_set_pixel_adjustment(rc);
719 }
720
721 console_refresh();
722 gc_image = console_get_image();
723
724 /* Clear old CRC values when the size changes */
725 if (rc->crc_width != gc_image->width ||
726 rc->crc_height != gc_image->height) {
727 memset(rc->crc, 0, sizeof(uint32_t) *
728 howmany(RFB_MAX_WIDTH, PIX_PER_CELL) *
729 howmany(RFB_MAX_HEIGHT, PIX_PER_CELL));
730 rc->crc_width = gc_image->width;
731 rc->crc_height = gc_image->height;
732 }
733
734 /* A size update counts as an update in itself */
735 if (rc->width != gc_image->width ||
736 rc->height != gc_image->height) {
737 rc->width = gc_image->width;
738 rc->height = gc_image->height;
739 if (rc->enc_resize_ok) {
740 if (rfb_send_resize_update_msg(rc, cfd) < 0) {
741 retval = -1;
742 goto done;
743 }
744 rc->update_all = true;
745 goto done;
746 }
747 }
748
749 if (atomic_exchange(&rc->update_all, false) == true) {
750 retval = rfb_send_all(rc, cfd, gc_image);
751 goto done;
752 }
753
754 /*
755 * Calculate the checksum for each 32x32 cell. Send each that
756 * has changed since the last scan.
757 */
758
759 w = rc->crc_width;
760 h = rc->crc_height;
761 xcells = howmany(rc->crc_width, PIX_PER_CELL);
762 ycells = howmany(rc->crc_height, PIX_PER_CELL);
763
764 rem_x = w & PIXCELL_MASK;
765
766 rem_y = h & PIXCELL_MASK;
767 if (!rem_y)
768 rem_y = PIX_PER_CELL;
769
770 p = gc_image->data;
771
772 /*
773 * Go through all cells and calculate crc. If significant number
774 * of changes, then send entire screen.
775 * crc_tmp is dual purpose: to store the new crc and to flag as
776 * a cell that has changed.
777 */
778 crc_p = rc->crc_tmp - xcells;
779 orig_crc = rc->crc - xcells;
780 changes = 0;
781 memset(rc->crc_tmp, 0, sizeof(uint32_t) * xcells * ycells);
782 for (y = 0; y < h; y++) {
783 if ((y & PIXCELL_MASK) == 0) {
784 crc_p += xcells;
785 orig_crc += xcells;
786 }
787
788 for (x = 0; x < xcells; x++) {
789 if (x == (xcells - 1) && rem_x > 0)
790 cellwidth = rem_x;
791 else
792 cellwidth = PIX_PER_CELL;
793
794 if (rc->hw_crc)
795 crc_p[x] = fast_crc32(p,
796 cellwidth * sizeof(uint32_t),
797 crc_p[x]);
798 else
799 crc_p[x] = (uint32_t)crc32(crc_p[x],
800 (Bytef *)p,
801 cellwidth * sizeof(uint32_t));
802
803 p += cellwidth;
804
805 /* check for crc delta if last row in cell */
806 if ((y & PIXCELL_MASK) == PIXCELL_MASK || y == (h-1)) {
807 if (orig_crc[x] != crc_p[x]) {
808 orig_crc[x] = crc_p[x];
809 crc_p[x] = 1;
810 changes++;
811 } else {
812 crc_p[x] = 0;
813 }
814 }
815 }
816 }
817
818 /*
819 * We only send the update if there are changes.
820 * Restore the pending flag since it was unconditionally cleared
821 * above.
822 */
823 if (!changes) {
824 rc->pending = true;
825 goto done;
826 }
827
828 /* If number of changes is > THRESH percent, send the whole screen */
829 if (((changes * 100) / (xcells * ycells)) >= RFB_SEND_ALL_THRESH) {
830 retval = rfb_send_all(rc, cfd, gc_image);
831 goto done;
832 }
833
834 if (rfb_send_update_header(rc, cfd, changes) <= 0) {
835 retval = -1;
836 goto done;
837 }
838
839 /* Go through all cells, and send only changed ones */
840 crc_p = rc->crc_tmp;
841 for (y = 0; y < h; y += PIX_PER_CELL) {
842 /* previous cell's row */
843 celly = (y >> PIXCELL_SHIFT);
844
845 /* Delta check crc to previous set */
846 for (x = 0; x < xcells; x++) {
847 if (*crc_p++ == 0)
848 continue;
849
850 if (x == (xcells - 1) && rem_x > 0)
851 cellwidth = rem_x;
852 else
853 cellwidth = PIX_PER_CELL;
854 nwrite = rfb_send_rect(rc, cfd,
855 gc_image,
856 x * PIX_PER_CELL,
857 celly * PIX_PER_CELL,
858 cellwidth,
859 y + PIX_PER_CELL >= h ? rem_y : PIX_PER_CELL);
860 if (nwrite <= 0) {
861 retval = nwrite;
862 goto done;
863 }
864 }
865 }
866
867 done:
868 rc->sending = false;
869
870 return (retval);
871 }
872
873
874 static int
rfb_recv_update_msg(struct rfb_softc * rc,int cfd)875 rfb_recv_update_msg(struct rfb_softc *rc, int cfd)
876 {
877 struct rfb_updt_msg updt_msg;
878 int len;
879
880 len = stream_read(cfd, (uint8_t *)&updt_msg + 1,
881 sizeof(updt_msg) - 1);
882 if (len <= 0)
883 return (-1);
884
885 if (rc->enc_extkeyevent_ok && (!rc->enc_extkeyevent_send)) {
886 if (rfb_send_extended_keyevent_update_msg(rc, cfd) < 0)
887 return (-1);
888 rc->enc_extkeyevent_send = true;
889 }
890
891 rc->pending = true;
892 if (!updt_msg.incremental)
893 rc->update_all = true;
894
895 return (0);
896 }
897
898 static int
rfb_recv_key_msg(struct rfb_softc * rc,int cfd)899 rfb_recv_key_msg(struct rfb_softc *rc, int cfd)
900 {
901 struct rfb_key_msg key_msg;
902 int len;
903
904 len = stream_read(cfd, (uint8_t *)&key_msg + 1,
905 sizeof(key_msg) - 1);
906 if (len <= 0)
907 return (-1);
908
909 console_key_event(key_msg.down, htonl(key_msg.sym), htonl(0));
910 rc->input_detected = true;
911
912 return (0);
913 }
914
915 static int
rfb_recv_client_msg(struct rfb_softc * rc,int cfd)916 rfb_recv_client_msg(struct rfb_softc *rc, int cfd)
917 {
918 struct rfb_client_msg client_msg;
919 struct rfb_extended_key_msg extkey_msg;
920 int len;
921
922 len = stream_read(cfd, (uint8_t *)&client_msg + 1,
923 sizeof(client_msg) - 1);
924 if (len <= 0)
925 return (-1);
926
927 if (client_msg.subtype == RFB_CLIENTMSG_EXT_KEYEVENT) {
928 len = stream_read(cfd, (uint8_t *)&extkey_msg + 2,
929 sizeof(extkey_msg) - 2);
930 if (len <= 0)
931 return (-1);
932 console_key_event((int)extkey_msg.down, htonl(extkey_msg.sym), htonl(extkey_msg.code));
933 rc->input_detected = true;
934 }
935
936 return (0);
937 }
938
939 static int
rfb_recv_ptr_msg(struct rfb_softc * rc,int cfd)940 rfb_recv_ptr_msg(struct rfb_softc *rc, int cfd)
941 {
942 struct rfb_ptr_msg ptr_msg;
943 int len;
944
945 len = stream_read(cfd, (uint8_t *)&ptr_msg + 1, sizeof(ptr_msg) - 1);
946 if (len <= 0)
947 return (-1);
948
949 console_ptr_event(ptr_msg.button, htons(ptr_msg.x), htons(ptr_msg.y));
950 rc->input_detected = true;
951
952 return (0);
953 }
954
955 static int
rfb_recv_cuttext_msg(struct rfb_softc * rc __unused,int cfd)956 rfb_recv_cuttext_msg(struct rfb_softc *rc __unused, int cfd)
957 {
958 struct rfb_cuttext_msg ct_msg;
959 unsigned char buf[32];
960 int len;
961
962 len = stream_read(cfd, (uint8_t *)&ct_msg + 1, sizeof(ct_msg) - 1);
963 if (len <= 0)
964 return (-1);
965
966 ct_msg.length = htonl(ct_msg.length);
967 while (ct_msg.length > 0) {
968 len = stream_read(cfd, buf, ct_msg.length > sizeof(buf) ?
969 sizeof(buf) : ct_msg.length);
970 if (len <= 0)
971 return (-1);
972 ct_msg.length -= len;
973 }
974
975 return (0);
976 }
977
978 static int64_t
timeval_delta(struct timeval * prev,struct timeval * now)979 timeval_delta(struct timeval *prev, struct timeval *now)
980 {
981 int64_t n1, n2;
982 n1 = now->tv_sec * 1000000 + now->tv_usec;
983 n2 = prev->tv_sec * 1000000 + prev->tv_usec;
984 return (n1 - n2);
985 }
986
987 static void *
rfb_wr_thr(void * arg)988 rfb_wr_thr(void *arg)
989 {
990 struct rfb_softc *rc;
991 fd_set rfds;
992 struct timeval tv;
993 struct timeval prev_tv;
994 int64_t tdiff;
995 int cfd;
996 int err;
997
998 rc = arg;
999 cfd = rc->cfd;
1000
1001 prev_tv.tv_sec = 0;
1002 prev_tv.tv_usec = 0;
1003 while (rc->cfd >= 0) {
1004 FD_ZERO(&rfds);
1005 FD_SET(cfd, &rfds);
1006 tv.tv_sec = 0;
1007 tv.tv_usec = CFD_SEL_DELAY;
1008
1009 err = select(cfd+1, &rfds, NULL, NULL, &tv);
1010 if (err < 0)
1011 return (NULL);
1012
1013 /* Determine if its time to push screen; ~24hz */
1014 gettimeofday(&tv, NULL);
1015 tdiff = timeval_delta(&prev_tv, &tv);
1016 if (tdiff >= SCREEN_POLL_DELAY) {
1017 bool input;
1018 prev_tv.tv_sec = tv.tv_sec;
1019 prev_tv.tv_usec = tv.tv_usec;
1020 input = atomic_exchange(&rc->input_detected, false);
1021 /*
1022 * Refresh the screen on every second trip through the loop,
1023 * or if keyboard/mouse input has been detected.
1024 */
1025 if ((++rc->wrcount & 1) || input) {
1026 if (rfb_send_screen(rc, cfd) <= 0) {
1027 return (NULL);
1028 }
1029 }
1030 } else {
1031 /* sleep */
1032 usleep(SCREEN_POLL_DELAY - tdiff);
1033 }
1034 }
1035
1036 return (NULL);
1037 }
1038
1039 static void
rfb_handle(struct rfb_softc * rc,int cfd)1040 rfb_handle(struct rfb_softc *rc, int cfd)
1041 {
1042 const char *vbuf = "RFB 003.008\n";
1043 unsigned char buf[80];
1044 unsigned const char *message;
1045
1046 #ifndef NO_OPENSSL
1047 unsigned char challenge[AUTH_LENGTH];
1048 unsigned char keystr[PASSWD_LENGTH];
1049 unsigned char crypt_expected[AUTH_LENGTH];
1050
1051 DES_key_schedule ks;
1052 int i;
1053 #endif
1054 uint8_t client_ver;
1055 uint8_t auth_type;
1056 pthread_t tid;
1057 uint32_t sres = 0;
1058 int len;
1059 int perror = 1;
1060
1061 rc->cfd = cfd;
1062
1063 /* 1a. Send server version */
1064 if (stream_write(cfd, vbuf, strlen(vbuf)) <= 0)
1065 goto done;
1066
1067 /* 1b. Read client version */
1068 len = stream_read(cfd, buf, VERSION_LENGTH);
1069 if (len != VERSION_LENGTH ||
1070 strncmp(vbuf, buf, VERSION_LENGTH - 2) != 0) {
1071 goto done;
1072 }
1073
1074 client_ver = buf[VERSION_LENGTH - 2];
1075 if (client_ver != CVERS_3_8 && client_ver != CVERS_3_7) {
1076 /* only recognize 3.3, 3.7 & 3.8. Others dflt to 3.3 */
1077 client_ver = CVERS_3_3;
1078 }
1079
1080 /* 2a. Send security type */
1081 buf[0] = 1;
1082
1083 /* In versions 3.7 & 3.8, it's 2-way handshake */
1084 /* For version 3.3, server says what the authentication type must be */
1085 #ifndef NO_OPENSSL
1086 if (rc->password) {
1087 auth_type = SECURITY_TYPE_VNC_AUTH;
1088 } else {
1089 auth_type = SECURITY_TYPE_NONE;
1090 }
1091 #else
1092 auth_type = SECURITY_TYPE_NONE;
1093 #endif
1094
1095 switch (client_ver) {
1096 case CVERS_3_7:
1097 case CVERS_3_8:
1098 buf[0] = 1;
1099 buf[1] = auth_type;
1100 if (stream_write(cfd, buf, 2) <= 0)
1101 goto done;
1102
1103 /* 2b. Read agreed security type */
1104 len = stream_read(cfd, buf, 1);
1105 if (len <= 0)
1106 goto done;
1107
1108 if (buf[0] != auth_type) {
1109 /* deny */
1110 sres = htonl(1);
1111 message = "Auth failed: authentication type mismatch";
1112 goto report_and_done;
1113 }
1114 break;
1115 case CVERS_3_3:
1116 default:
1117 be32enc(buf, auth_type);
1118 if (stream_write(cfd, buf, 4) <= 0)
1119 goto done;
1120 break;
1121 }
1122
1123 /* 2c. Do VNC authentication */
1124 switch (auth_type) {
1125 case SECURITY_TYPE_NONE:
1126 break;
1127 case SECURITY_TYPE_VNC_AUTH:
1128 /*
1129 * The client encrypts the challenge with DES, using a password
1130 * supplied by the user as the key.
1131 * To form the key, the password is truncated to
1132 * eight characters, or padded with null bytes on the right.
1133 * The client then sends the resulting 16-bytes response.
1134 */
1135 #ifndef NO_OPENSSL
1136 strncpy(keystr, rc->password, PASSWD_LENGTH);
1137
1138 /* VNC clients encrypts the challenge with all the bit fields
1139 * in each byte of the password mirrored.
1140 * Here we flip each byte of the keystr.
1141 */
1142 for (i = 0; i < PASSWD_LENGTH; i++) {
1143 keystr[i] = (keystr[i] & 0xF0) >> 4
1144 | (keystr[i] & 0x0F) << 4;
1145 keystr[i] = (keystr[i] & 0xCC) >> 2
1146 | (keystr[i] & 0x33) << 2;
1147 keystr[i] = (keystr[i] & 0xAA) >> 1
1148 | (keystr[i] & 0x55) << 1;
1149 }
1150
1151 /* Initialize a 16-byte random challenge */
1152 arc4random_buf(challenge, sizeof(challenge));
1153 if (stream_write(cfd, challenge, AUTH_LENGTH) <= 0)
1154 goto done;
1155
1156 /* Receive the 16-byte challenge response */
1157 len = stream_read(cfd, buf, AUTH_LENGTH);
1158 if (len <= 0)
1159 goto done;
1160
1161 memcpy(crypt_expected, challenge, AUTH_LENGTH);
1162
1163 /* Encrypt the Challenge with DES */
1164 DES_set_key((const_DES_cblock *)keystr, &ks);
1165 DES_ecb_encrypt((const_DES_cblock *)challenge,
1166 (const_DES_cblock *)crypt_expected,
1167 &ks, DES_ENCRYPT);
1168 DES_ecb_encrypt((const_DES_cblock *)(challenge + PASSWD_LENGTH),
1169 (const_DES_cblock *)(crypt_expected +
1170 PASSWD_LENGTH),
1171 &ks, DES_ENCRYPT);
1172
1173 if (memcmp(crypt_expected, buf, AUTH_LENGTH) != 0) {
1174 message = "Auth Failed: Invalid Password.";
1175 sres = htonl(1);
1176 } else {
1177 sres = 0;
1178 }
1179 #else
1180 sres = htonl(1);
1181 WPRINTF(("Auth not supported, no OpenSSL in your system"));
1182 #endif
1183
1184 break;
1185 }
1186
1187 switch (client_ver) {
1188 case CVERS_3_7:
1189 case CVERS_3_8:
1190 report_and_done:
1191 /* 2d. Write back a status */
1192 if (stream_write(cfd, &sres, 4) <= 0)
1193 goto done;
1194
1195 if (sres) {
1196 /* 3.7 does not want string explaining cause */
1197 if (client_ver == CVERS_3_8) {
1198 be32enc(buf, strlen(message));
1199 if (stream_write(cfd, buf, 4) <= 0)
1200 goto done;
1201 if (stream_write(cfd, message, strlen(message)) <= 0)
1202 goto done;
1203 }
1204 goto done;
1205 }
1206 break;
1207 case CVERS_3_3:
1208 default:
1209 /* for VNC auth case send status */
1210 if (auth_type == SECURITY_TYPE_VNC_AUTH) {
1211 /* 2d. Write back a status */
1212 if (stream_write(cfd, &sres, 4) <= 0)
1213 goto done;
1214 }
1215 if (sres) {
1216 goto done;
1217 }
1218 break;
1219 }
1220 /* 3a. Read client shared-flag byte */
1221 len = stream_read(cfd, buf, 1);
1222 if (len <= 0)
1223 goto done;
1224
1225 /* 4a. Write server-init info */
1226 if (rfb_send_server_init_msg(rc, cfd) < 0)
1227 goto done;
1228
1229 if (!rc->zbuf) {
1230 rc->zbuf = malloc(RFB_ZLIB_BUFSZ + 16);
1231 assert(rc->zbuf != NULL);
1232 }
1233
1234 perror = pthread_create(&tid, NULL, rfb_wr_thr, rc);
1235 if (perror == 0)
1236 pthread_set_name_np(tid, "rfbout");
1237
1238 /* Now read in client requests. 1st byte identifies type */
1239 for (;;) {
1240 len = read(cfd, buf, 1);
1241 if (len <= 0) {
1242 DPRINTF(("rfb client exiting"));
1243 break;
1244 }
1245
1246 switch (buf[0]) {
1247 case CS_SET_PIXEL_FORMAT:
1248 if (rfb_recv_set_pixfmt_msg(rc, cfd) < 0)
1249 goto done;
1250 break;
1251 case CS_SET_ENCODINGS:
1252 if (rfb_recv_set_encodings_msg(rc, cfd) < 0)
1253 goto done;
1254 break;
1255 case CS_UPDATE_MSG:
1256 if (rfb_recv_update_msg(rc, cfd) < 0)
1257 goto done;
1258 break;
1259 case CS_KEY_EVENT:
1260 if (rfb_recv_key_msg(rc, cfd) < 0)
1261 goto done;
1262 break;
1263 case CS_POINTER_EVENT:
1264 if (rfb_recv_ptr_msg(rc, cfd) < 0)
1265 goto done;
1266 break;
1267 case CS_CUT_TEXT:
1268 if (rfb_recv_cuttext_msg(rc, cfd) < 0)
1269 goto done;
1270 break;
1271 case CS_MSG_CLIENT_QEMU:
1272 if (rfb_recv_client_msg(rc, cfd) < 0)
1273 goto done;
1274 break;
1275 default:
1276 WPRINTF(("rfb unknown cli-code %d!", buf[0] & 0xff));
1277 goto done;
1278 }
1279 }
1280 done:
1281 rc->cfd = -1;
1282 if (perror == 0)
1283 pthread_join(tid, NULL);
1284 if (rc->enc_zlib_ok)
1285 deflateEnd(&rc->zstream);
1286 }
1287
1288 static void *
rfb_thr(void * arg)1289 rfb_thr(void *arg)
1290 {
1291 struct rfb_softc *rc;
1292 sigset_t set;
1293
1294 int cfd;
1295
1296 rc = arg;
1297
1298 sigemptyset(&set);
1299 sigaddset(&set, SIGPIPE);
1300 if (pthread_sigmask(SIG_BLOCK, &set, NULL) != 0) {
1301 perror("pthread_sigmask");
1302 return (NULL);
1303 }
1304
1305 for (;;) {
1306 rc->enc_raw_ok = false;
1307 rc->enc_zlib_ok = false;
1308 rc->enc_resize_ok = false;
1309 rc->enc_extkeyevent_ok = false;
1310
1311 rc->enc_extkeyevent_send = false;
1312
1313 cfd = accept(rc->sfd, NULL, NULL);
1314 if (rc->conn_wait) {
1315 pthread_mutex_lock(&rc->mtx);
1316 pthread_cond_signal(&rc->cond);
1317 pthread_mutex_unlock(&rc->mtx);
1318 rc->conn_wait = 0;
1319 }
1320 rfb_handle(rc, cfd);
1321 close(cfd);
1322 }
1323
1324 /* NOTREACHED */
1325 return (NULL);
1326 }
1327
1328 static int
sse42_supported(void)1329 sse42_supported(void)
1330 {
1331 u_int cpu_registers[4], ecx;
1332
1333 do_cpuid(1, cpu_registers);
1334
1335 ecx = cpu_registers[2];
1336
1337 return ((ecx & CPUID2_SSE42) != 0);
1338 }
1339
1340 int
rfb_init(sa_family_t family,const char * hostname,int port,int wait,const char * password)1341 rfb_init(sa_family_t family, const char *hostname, int port, int wait,
1342 const char *password)
1343 {
1344 int e;
1345 char servname[6];
1346 struct rfb_softc *rc;
1347 struct addrinfo *ai = NULL;
1348 struct addrinfo hints;
1349 struct sockaddr_un sun;
1350 int on = 1;
1351 int cnt;
1352 #ifndef WITHOUT_CAPSICUM
1353 cap_rights_t rights;
1354 #endif
1355
1356 rc = calloc(1, sizeof(struct rfb_softc));
1357
1358 cnt = howmany(RFB_MAX_WIDTH, PIX_PER_CELL) *
1359 howmany(RFB_MAX_HEIGHT, PIX_PER_CELL);
1360 rc->crc = calloc(cnt, sizeof(uint32_t));
1361 rc->crc_tmp = calloc(cnt, sizeof(uint32_t));
1362 rc->crc_width = RFB_MAX_WIDTH;
1363 rc->crc_height = RFB_MAX_HEIGHT;
1364 rc->sfd = -1;
1365
1366 rc->password = password;
1367
1368 rc->fbnamelen = asprintf(&rc->fbname, "bhyve:%s",
1369 get_config_value("name"));
1370 if (rc->fbnamelen < 0) {
1371 EPRINTLN("rfb: failed to allocate memory for VNC title");
1372 goto error;
1373 }
1374
1375 rc->pixrow = malloc(RFB_MAX_WIDTH * sizeof(uint32_t));
1376 if (rc->pixrow == NULL) {
1377 EPRINTLN("rfb: failed to allocate memory for pixrow buffer");
1378 goto error;
1379 }
1380
1381 snprintf(servname, sizeof(servname), "%d", port ? port : 5900);
1382
1383 if (!hostname || strlen(hostname) == 0)
1384 #if defined(INET)
1385 hostname = "127.0.0.1";
1386 #elif defined(INET6)
1387 hostname = "[::1]";
1388 #endif
1389
1390 if (family == AF_UNIX) {
1391 memset(&sun, 0, sizeof(sun));
1392 sun.sun_family = AF_UNIX;
1393 if (strlcpy(sun.sun_path, hostname, sizeof(sun.sun_path)) >=
1394 sizeof(sun.sun_path)) {
1395 EPRINTLN("rfb: socket path too long");
1396 goto error;
1397 }
1398 rc->sfd = socket(AF_UNIX, SOCK_STREAM, 0);
1399 } else {
1400 memset(&hints, 0, sizeof(hints));
1401 hints.ai_socktype = SOCK_STREAM;
1402 hints.ai_family = family;
1403 hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV | AI_PASSIVE;
1404
1405 if ((e = getaddrinfo(hostname, servname, &hints, &ai)) != 0) {
1406 EPRINTLN("getaddrinfo: %s", gai_strerror(e));
1407 goto error;
1408 }
1409 rc->sfd = socket(ai->ai_family, ai->ai_socktype, 0);
1410 }
1411
1412 if (rc->sfd < 0) {
1413 perror("socket");
1414 goto error;
1415 }
1416
1417 /* No effect for UNIX domain sockets. */
1418 setsockopt(rc->sfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
1419
1420 if (family == AF_UNIX) {
1421 unlink(hostname);
1422 e = bind(rc->sfd, (struct sockaddr *)&sun, SUN_LEN(&sun));
1423 } else
1424 e = bind(rc->sfd, ai->ai_addr, ai->ai_addrlen);
1425 if (e < 0) {
1426 perror("bind");
1427 goto error;
1428 }
1429
1430 if (listen(rc->sfd, 1) < 0) {
1431 perror("listen");
1432 goto error;
1433 }
1434
1435 #ifndef WITHOUT_CAPSICUM
1436 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
1437 if (caph_rights_limit(rc->sfd, &rights) == -1)
1438 errx(EX_OSERR, "Unable to apply rights for sandbox");
1439 #endif
1440
1441 rc->hw_crc = sse42_supported();
1442
1443 rc->conn_wait = wait;
1444 if (wait) {
1445 pthread_mutex_init(&rc->mtx, NULL);
1446 pthread_cond_init(&rc->cond, NULL);
1447 }
1448
1449 pthread_mutex_init(&rc->pixfmt_mtx, NULL);
1450 pthread_create(&rc->tid, NULL, rfb_thr, rc);
1451 pthread_set_name_np(rc->tid, "rfb");
1452
1453 if (wait) {
1454 DPRINTF(("Waiting for rfb client..."));
1455 pthread_mutex_lock(&rc->mtx);
1456 pthread_cond_wait(&rc->cond, &rc->mtx);
1457 pthread_mutex_unlock(&rc->mtx);
1458 DPRINTF(("rfb client connected"));
1459 }
1460
1461 if (family != AF_UNIX)
1462 freeaddrinfo(ai);
1463 return (0);
1464
1465 error:
1466 if (rc->pixfmt_mtx)
1467 pthread_mutex_destroy(&rc->pixfmt_mtx);
1468 if (ai != NULL) {
1469 assert(family != AF_UNIX);
1470 freeaddrinfo(ai);
1471 }
1472 if (rc->sfd != -1)
1473 close(rc->sfd);
1474 free(rc->crc);
1475 free(rc->crc_tmp);
1476 free(rc->pixrow);
1477 free(rc->fbname);
1478 free(rc);
1479 return (-1);
1480 }
1481