]> Git Repo - qemu.git/blame - vnc.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
QMP: Introduce VNC_CONNECTED event
[qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <[email protected]>
5 * Copyright (C) 2006 Fabrice Bellard
19a490bf 6 * Copyright (C) 2009 Red Hat, Inc
5fafdf24 7 *
7d510b8c
FB		 8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
19a490bf 27#include "vnc.h"
87ecb68b 28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
76655d6d 31#include "acl.h"
d96fd29c 32#include "qemu-objects.h"
24236869 33
2430ffe4
SS		 34#define VNC_REFRESH_INTERVAL_BASE 30
35#define VNC_REFRESH_INTERVAL_INC 50
36#define VNC_REFRESH_INTERVAL_MAX 2000
24236869
FB		 37
38#include "vnc_keysym.h"
70848515
TS		 39#include "d3des.h"
40
90a1e3c0
AL		 41#define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46}
8d5d2d4c 47
24236869 48
753b4053 49static VncDisplay *vnc_display; /* needed for info vnc */
7d957bd8 50static DisplayChangeListener *dcl;
a9ce8590 51
1ff7df1a
AL		 52static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
457772e6 59 size_t addrlen;
1ff7df1a
AL		 60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
457772e6 70 /* Enough for the existing format + the 2 vars we're
f425c278 71 * substituting in. */
457772e6
AL		 72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
1ff7df1a
AL		 76
77 return addr;
78}
79
2f9606b3
AL		 80
81char *vnc_socket_local_addr(const char *format, int fd) {
1ff7df1a
AL		 82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90}
91
2f9606b3 92char *vnc_socket_remote_addr(const char *format, int fd) {
1ff7df1a
AL		 93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101}
102
5c7238c5
LC		 103static QString *get_sock_family(const struct sockaddr_storage *sa)
104{
105 const char *name;
106
107 switch (sa->ss_family)
108 {
109 case AF_INET:
110 name = "ipv4";
111 break;
112 case AF_INET6:
113 name = "ipv6";
114 break;
115 default:
116 name = "unknown";
117 break;
118 }
119
120 return qstring_from_str(name);
121}
122
d96fd29c
LC		 123static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
124 socklen_t salen)
125{
126 char host[NI_MAXHOST];
127 char serv[NI_MAXSERV];
128 int err;
129
130 if ((err = getnameinfo((struct sockaddr *)sa, salen,
131 host, sizeof(host),
132 serv, sizeof(serv),
133 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
134 VNC_DEBUG("Cannot resolve address %d: %s\n",
135 err, gai_strerror(err));
136 return -1;
137 }
138
139 qdict_put(qdict, "host", qstring_from_str(host));
140 qdict_put(qdict, "service", qstring_from_str(serv));
5c7238c5 141 qdict_put(qdict, "family", get_sock_family(sa));
d96fd29c
LC		 142
143 return 0;
144}
145
a7789382 146static int vnc_server_addr_put(QDict *qdict, int fd)
d96fd29c
LC		 147{
148 struct sockaddr_storage sa;
149 socklen_t salen;
150
151 salen = sizeof(sa);
152 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
153 return -1;
154 }
155
156 return put_addr_qdict(qdict, &sa, salen);
157}
158
159static int vnc_qdict_remote_addr(QDict *qdict, int fd)
160{
161 struct sockaddr_storage sa;
162 socklen_t salen;
163
164 salen = sizeof(sa);
165 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
166 return -1;
167 }
168
169 return put_addr_qdict(qdict, &sa, salen);
170}
171
1ff7df1a
AL		 172static const char *vnc_auth_name(VncDisplay *vd) {
173 switch (vd->auth) {
174 case VNC_AUTH_INVALID:
175 return "invalid";
176 case VNC_AUTH_NONE:
177 return "none";
178 case VNC_AUTH_VNC:
179 return "vnc";
180 case VNC_AUTH_RA2:
181 return "ra2";
182 case VNC_AUTH_RA2NE:
183 return "ra2ne";
184 case VNC_AUTH_TIGHT:
185 return "tight";
186 case VNC_AUTH_ULTRA:
187 return "ultra";
188 case VNC_AUTH_TLS:
189 return "tls";
190 case VNC_AUTH_VENCRYPT:
191#ifdef CONFIG_VNC_TLS
192 switch (vd->subauth) {
193 case VNC_AUTH_VENCRYPT_PLAIN:
194 return "vencrypt+plain";
195 case VNC_AUTH_VENCRYPT_TLSNONE:
196 return "vencrypt+tls+none";
197 case VNC_AUTH_VENCRYPT_TLSVNC:
198 return "vencrypt+tls+vnc";
199 case VNC_AUTH_VENCRYPT_TLSPLAIN:
200 return "vencrypt+tls+plain";
201 case VNC_AUTH_VENCRYPT_X509NONE:
202 return "vencrypt+x509+none";
203 case VNC_AUTH_VENCRYPT_X509VNC:
204 return "vencrypt+x509+vnc";
205 case VNC_AUTH_VENCRYPT_X509PLAIN:
206 return "vencrypt+x509+plain";
28a76be8
AL		 207 case VNC_AUTH_VENCRYPT_TLSSASL:
208 return "vencrypt+tls+sasl";
209 case VNC_AUTH_VENCRYPT_X509SASL:
210 return "vencrypt+x509+sasl";
1ff7df1a
AL		 211 default:
212 return "vencrypt";
213 }
214#else
215 return "vencrypt";
216#endif
2f9606b3 217 case VNC_AUTH_SASL:
28a76be8 218 return "sasl";
1ff7df1a
AL		 219 }
220 return "unknown";
221}
222
a7789382
LC		 223static int vnc_server_info_put(QDict *qdict)
224{
225 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
226 return -1;
227 }
228
229 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
230 return 0;
231}
232
4a80dba3 233static void vnc_client_cache_auth(VncState *client)
1ff7df1a 234{
d96fd29c 235 QDict *qdict;
1ff7df1a 236
4a80dba3
LC		 237 if (!client->info) {
238 return;
d96fd29c 239 }
1263b7d6 240
4a80dba3
LC		 241 qdict = qobject_to_qdict(client->info);
242
1263b7d6
AL		 243#ifdef CONFIG_VNC_TLS
244 if (client->tls.session &&
d96fd29c
LC		 245 client->tls.dname) {
246 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
247 }
1263b7d6
AL		 248#endif
249#ifdef CONFIG_VNC_SASL
250 if (client->sasl.conn &&
d96fd29c 251 client->sasl.username) {
76825067
LC		 252 qdict_put(qdict, "sasl_username",
253 qstring_from_str(client->sasl.username));
d96fd29c 254 }
1263b7d6 255#endif
4a80dba3 256}
d96fd29c 257
4a80dba3
LC		 258static void vnc_client_cache_addr(VncState *client)
259{
260 QDict *qdict;
261
262 qdict = qdict_new();
263 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
264 QDECREF(qdict);
265 /* XXX: how to report the error? */
266 return;
267 }
268
269 client->info = QOBJECT(qdict);
1ff7df1a
AL		 270}
271
586153d9
LC		 272static void vnc_qmp_event(VncState *vs, MonitorEvent event)
273{
274 QDict *server;
275 QObject *data;
276
277 if (!vs->info) {
278 return;
279 }
280
281 server = qdict_new();
282 if (vnc_server_info_put(server) < 0) {
283 QDECREF(server);
284 return;
285 }
286
287 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
288 vs->info, QOBJECT(server));
289
290 monitor_protocol_event(event, data);
291
292 qobject_incref(vs->info);
293 qobject_decref(data);
294}
295
d96fd29c 296static void info_vnc_iter(QObject *obj, void *opaque)
a9ce8590 297{
d96fd29c
LC		 298 QDict *client;
299 Monitor *mon = opaque;
300
301 client = qobject_to_qdict(obj);
302 monitor_printf(mon, "Client:\n");
303 monitor_printf(mon, " address: %s:%s\n",
304 qdict_get_str(client, "host"),
305 qdict_get_str(client, "service"));
306
307#ifdef CONFIG_VNC_TLS
308 monitor_printf(mon, " x509_dname: %s\n",
309 qdict_haskey(client, "x509_dname") ?
310 qdict_get_str(client, "x509_dname") : "none");
311#endif
312#ifdef CONFIG_VNC_SASL
313 monitor_printf(mon, " username: %s\n",
76825067
LC		 314 qdict_haskey(client, "sasl_username") ?
315 qdict_get_str(client, "sasl_username") : "none");
d96fd29c
LC		 316#endif
317}
318
319void do_info_vnc_print(Monitor *mon, const QObject *data)
320{
321 QDict *server;
322 QList *clients;
323
324 server = qobject_to_qdict(data);
8950a950 325 if (qdict_get_bool(server, "enabled") == 0) {
1ff7df1a 326 monitor_printf(mon, "Server: disabled\n");
d96fd29c
LC		 327 return;
328 }
1ff7df1a 329
d96fd29c
LC		 330 monitor_printf(mon, "Server:\n");
331 monitor_printf(mon, " address: %s:%s\n",
332 qdict_get_str(server, "host"),
333 qdict_get_str(server, "service"));
a7789382 334 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
d96fd29c
LC		 335
336 clients = qdict_get_qlist(server, "clients");
337 if (qlist_empty(clients)) {
338 monitor_printf(mon, "Client: none\n");
339 } else {
340 qlist_iter(clients, info_vnc_iter, mon);
341 }
342}
1ff7df1a 343
d96fd29c
LC		 344/**
345 * do_info_vnc(): Show VNC server information
346 *
347 * Return a QDict with server information. Connected clients are returned
348 * as a QList of QDicts.
349 *
350 * The main QDict contains the following:
351 *
8950a950 352 * - "enabled": true or false
d96fd29c 353 * - "host": server's IP address
5c7238c5 354 * - "family": address family ("ipv4" or "ipv6")
d96fd29c 355 * - "service": server's port number
a7789382 356 * - "auth": authentication method
d96fd29c
LC		 357 * - "clients": a QList of all connected clients
358 *
359 * Clients are described by a QDict, with the following information:
360 *
361 * - "host": client's IP address
5c7238c5 362 * - "family": address family ("ipv4" or "ipv6")
d96fd29c
LC		 363 * - "service": client's port number
364 * - "x509_dname": TLS dname (optional)
76825067 365 * - "sasl_username": SASL username (optional)
d96fd29c
LC		 366 *
367 * Example:
368 *
8950a950 369 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
5c7238c5
LC		 370 * "family": "ipv4",
371 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
d96fd29c
LC		 372 */
373void do_info_vnc(Monitor *mon, QObject **ret_data)
374{
375 if (vnc_display == NULL || vnc_display->display == NULL) {
8950a950 376 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
d96fd29c 377 } else {
d96fd29c 378 QList *clist;
1ff7df1a 379
d96fd29c 380 clist = qlist_new();
1ff7df1a
AL		 381 if (vnc_display->clients) {
382 VncState *client = vnc_display->clients;
383 while (client) {
4a80dba3
LC		 384 if (client->info) {
385 /* incref so that it's not freed by upper layers */
386 qobject_incref(client->info);
387 qlist_append_obj(clist, client->info);
388 }
1ff7df1a
AL		 389 client = client->next;
390 }
d96fd29c
LC		 391 }
392
8950a950 393 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
d96fd29c
LC		 394 QOBJECT(clist));
395 assert(*ret_data != NULL);
396
a7789382 397 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
d96fd29c
LC		 398 qobject_decref(*ret_data);
399 *ret_data = NULL;
1ff7df1a 400 }
a9ce8590
FB		 401 }
402}
403
29fa4ed9
AL		 404static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
405 return (vs->features & (1 << feature));
406}
407
24236869
FB		 408/* TODO
409 1) Get the queue working for IO.
410 2) there is some weirdness when using the -S option (the screen is grey
411 and not totally invalidated
412 3) resolutions > 1024
413*/
414
2430ffe4 415static int vnc_update_client(VncState *vs, int has_dirty);
198a0039
GH		 416static void vnc_disconnect_start(VncState *vs);
417static void vnc_disconnect_finish(VncState *vs);
703bc68f
SS		 418static void vnc_init_timer(VncDisplay *vd);
419static void vnc_remove_timer(VncDisplay *vd);
24236869 420
753b4053 421static void vnc_colordepth(VncState *vs);
1fc62412
SS		 422static void framebuffer_update_request(VncState *vs, int incremental,
423 int x_position, int y_position,
424 int w, int h);
425static void vnc_refresh(void *opaque);
426static int vnc_refresh_server_surface(VncDisplay *vd);
7eac3a87 427
99589bdc
FB		 428static inline void vnc_set_bit(uint32_t *d, int k)
429{
430 d[k >> 5] |= 1 << (k & 0x1f);
431}
432
433static inline void vnc_clear_bit(uint32_t *d, int k)
434{
435 d[k >> 5] &= ~(1 << (k & 0x1f));
436}
437
438static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
439{
440 int j;
441
442 j = 0;
443 while (n >= 32) {
444 d[j++] = -1;
445 n -= 32;
446 }
5fafdf24 447 if (n > 0)
99589bdc
FB		 448 d[j++] = (1 << n) - 1;
449 while (j < nb_words)
450 d[j++] = 0;
451}
452
453static inline int vnc_get_bit(const uint32_t *d, int k)
454{
455 return (d[k >> 5] >> (k & 0x1f)) & 1;
456}
457
5fafdf24 458static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 459 int nb_words)
460{
461 int i;
462 for(i = 0; i < nb_words; i++) {
463 if ((d1[i] & d2[i]) != 0)
464 return 1;
465 }
466 return 0;
467}
468
1fc62412 469static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
24236869 470{
24236869 471 int i;
1fc62412
SS		 472 VncDisplay *vd = ds->opaque;
473 struct VncSurface *s = &vd->guest;
24236869
FB		 474
475 h += y;
476
0486e8a7
AZ		 477 /* round x down to ensure the loop only spans one 16-pixel block per,
478 iteration. otherwise, if (x % 16) != 0, the last iteration may span
479 two 16-pixel blocks but we only mark the first as dirty
480 */
481 w += (x % 16);
482 x -= (x % 16);
483
6baebed7
AL		 484 x = MIN(x, s->ds->width);
485 y = MIN(y, s->ds->height);
486 w = MIN(x + w, s->ds->width) - x;
487 h = MIN(h, s->ds->height);
788abf8e 488
24236869 489 for (; y < h; y++)
28a76be8 490 for (i = 0; i < w; i += 16)
6baebed7 491 vnc_set_bit(s->dirty[y], (x + i) / 16);
24236869
FB		 492}
493
494static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
28a76be8 495 int32_t encoding)
24236869
FB		 496{
497 vnc_write_u16(vs, x);
498 vnc_write_u16(vs, y);
499 vnc_write_u16(vs, w);
500 vnc_write_u16(vs, h);
501
502 vnc_write_s32(vs, encoding);
503}
504
2f9606b3 505void buffer_reserve(Buffer *buffer, size_t len)
89064286
AL		 506{
507 if ((buffer->capacity - buffer->offset) < len) {
28a76be8
AL		 508 buffer->capacity += (len + 1024);
509 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
510 if (buffer->buffer == NULL) {
511 fprintf(stderr, "vnc: out of memory\n");
512 exit(1);
513 }
89064286
AL		 514 }
515}
516
2f9606b3 517int buffer_empty(Buffer *buffer)
89064286
AL		 518{
519 return buffer->offset == 0;
520}
521
2f9606b3 522uint8_t *buffer_end(Buffer *buffer)
89064286
AL		 523{
524 return buffer->buffer + buffer->offset;
525}
526
2f9606b3 527void buffer_reset(Buffer *buffer)
89064286 528{
28a76be8 529 buffer->offset = 0;
89064286
AL		 530}
531
2f9606b3 532void buffer_append(Buffer *buffer, const void *data, size_t len)
89064286
AL		 533{
534 memcpy(buffer->buffer + buffer->offset, data, len);
535 buffer->offset += len;
536}
537
1fc62412 538static void vnc_dpy_resize(DisplayState *ds)
24236869 539{
73e14b62 540 int size_changed;
1fc62412
SS		 541 VncDisplay *vd = ds->opaque;
542 VncState *vs = vd->clients;
543
544 /* server surface */
545 if (!vd->server)
546 vd->server = qemu_mallocz(sizeof(*vd->server));
547 if (vd->server->data)
548 qemu_free(vd->server->data);
549 *(vd->server) = *(ds->surface);
550 vd->server->data = qemu_mallocz(vd->server->linesize *
551 vd->server->height);
24236869 552
6baebed7 553 /* guest surface */
1fc62412
SS		 554 if (!vd->guest.ds)
555 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
556 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
a528b80c 557 console_color_init(ds);
1fc62412
SS		 558 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
559 ds_get_height(ds) != vd->guest.ds->height;
560 *(vd->guest.ds) = *(ds->surface);
561 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
24236869 562
753b4053 563 while (vs != NULL) {
1fc62412
SS		 564 vnc_colordepth(vs);
565 if (size_changed) {
566 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
567 vnc_write_u8(vs, 0); /* msg id */
568 vnc_write_u8(vs, 0);
569 vnc_write_u16(vs, 1); /* number of rects */
570 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
571 VNC_ENCODING_DESKTOPRESIZE);
572 vnc_flush(vs);
573 }
574 }
575 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
753b4053
AL		 576 vs = vs->next;
577 }
578}
579
3512779a
FB		 580/* fastest code */
581static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
582{
583 vnc_write(vs, pixels, size);
584}
585
586/* slowest but generic code. */
587static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
588{
7eac3a87 589 uint8_t r, g, b;
1fc62412
SS		 590 VncDisplay *vd = vs->vd;
591
592 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
593 vd->server->pf.rbits);
594 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
595 vd->server->pf.gbits);
596 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
597 vd->server->pf.bbits);
6cec5487
AL		 598 v = (r << vs->clientds.pf.rshift) |
599 (g << vs->clientds.pf.gshift) |
600 (b << vs->clientds.pf.bshift);
601 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 602 case 1:
603 buf[0] = v;
604 break;
605 case 2:
6cec5487 606 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 607 buf[0] = v >> 8;
608 buf[1] = v;
609 } else {
610 buf[1] = v >> 8;
611 buf[0] = v;
612 }
613 break;
614 default:
615 case 4:
6cec5487 616 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 617 buf[0] = v >> 24;
618 buf[1] = v >> 16;
619 buf[2] = v >> 8;
620 buf[3] = v;
621 } else {
622 buf[3] = v >> 24;
623 buf[2] = v >> 16;
624 buf[1] = v >> 8;
625 buf[0] = v;
626 }
627 break;
628 }
629}
630
631static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
632{
3512779a 633 uint8_t buf[4];
1fc62412 634 VncDisplay *vd = vs->vd;
3512779a 635
1fc62412 636 if (vd->server->pf.bytes_per_pixel == 4) {
7eac3a87
AL		 637 uint32_t *pixels = pixels1;
638 int n, i;
639 n = size >> 2;
640 for(i = 0; i < n; i++) {
641 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 642 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 643 }
1fc62412 644 } else if (vd->server->pf.bytes_per_pixel == 2) {
7eac3a87
AL		 645 uint16_t *pixels = pixels1;
646 int n, i;
647 n = size >> 1;
648 for(i = 0; i < n; i++) {
649 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 650 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 651 }
1fc62412 652 } else if (vd->server->pf.bytes_per_pixel == 1) {
7eac3a87
AL		 653 uint8_t *pixels = pixels1;
654 int n, i;
655 n = size;
656 for(i = 0; i < n; i++) {
657 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 658 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 659 }
660 } else {
661 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 662 }
663}
664
24236869
FB		 665static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
666{
667 int i;
60fe76f3 668 uint8_t *row;
1fc62412 669 VncDisplay *vd = vs->vd;
24236869 670
1fc62412 671 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 672 for (i = 0; i < h; i++) {
28a76be8
AL		 673 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
674 row += ds_get_linesize(vs->ds);
24236869
FB		 675 }
676}
677
678static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
679{
680 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
681 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
682}
683
684#define BPP 8
685#include "vnchextile.h"
686#undef BPP
687
688#define BPP 16
689#include "vnchextile.h"
690#undef BPP
691
692#define BPP 32
693#include "vnchextile.h"
694#undef BPP
695
7eac3a87
AL		 696#define GENERIC
697#define BPP 8
698#include "vnchextile.h"
699#undef BPP
700#undef GENERIC
701
702#define GENERIC
703#define BPP 16
704#include "vnchextile.h"
705#undef BPP
706#undef GENERIC
707
3512779a
FB		 708#define GENERIC
709#define BPP 32
710#include "vnchextile.h"
711#undef BPP
712#undef GENERIC
713
24236869
FB		 714static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
715{
716 int i, j;
717 int has_fg, has_bg;
7eac3a87 718 uint8_t *last_fg, *last_bg;
1fc62412 719 VncDisplay *vd = vs->vd;
24236869 720
1fc62412
SS		 721 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
722 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
24236869
FB		 723 has_fg = has_bg = 0;
724 for (j = y; j < (y + h); j += 16) {
28a76be8 725 for (i = x; i < (x + w); i += 16) {
5fafdf24 726 vs->send_hextile_tile(vs, i, j,
3512779a 727 MIN(16, x + w - i), MIN(16, y + h - j),
7eac3a87 728 last_bg, last_fg, &has_bg, &has_fg);
28a76be8 729 }
24236869 730 }
7eac3a87
AL		 731 free(last_fg);
732 free(last_bg);
733
24236869
FB		 734}
735
6c098407
SW		 736#define ZALLOC_ALIGNMENT 16
737
738static void *zalloc(void *x, unsigned items, unsigned size)
739{
740 void *p;
741
742 size *= items;
743 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
744
745 p = qemu_mallocz(size);
746
747 return (p);
748}
749
750static void zfree(void *x, void *addr)
751{
752 qemu_free(addr);
753}
754
059cef40
AL		 755static void vnc_zlib_init(VncState *vs)
756{
757 int i;
758 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
759 vs->zlib_stream[i].opaque = NULL;
760}
761
762static void vnc_zlib_start(VncState *vs)
763{
764 buffer_reset(&vs->zlib);
765
766 // make the output buffer be the zlib buffer, so we can compress it later
767 vs->zlib_tmp = vs->output;
768 vs->output = vs->zlib;
769}
770
771static int vnc_zlib_stop(VncState *vs, int stream_id)
772{
773 z_streamp zstream = &vs->zlib_stream[stream_id];
774 int previous_out;
775
776 // switch back to normal output/zlib buffers
777 vs->zlib = vs->output;
778 vs->output = vs->zlib_tmp;
779
780 // compress the zlib buffer
781
782 // initialize the stream
783 // XXX need one stream per session
784 if (zstream->opaque != vs) {
785 int err;
786
787 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
788 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
6c098407
SW		 789 zstream->zalloc = zalloc;
790 zstream->zfree = zfree;
059cef40
AL		 791
792 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
793 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
794
795 if (err != Z_OK) {
796 fprintf(stderr, "VNC: error initializing zlib\n");
797 return -1;
798 }
799
800 zstream->opaque = vs;
801 }
802
803 // XXX what to do if tight_compression changed in between?
804
805 // reserve memory in output buffer
806 buffer_reserve(&vs->output, vs->zlib.offset + 64);
807
808 // set pointers
809 zstream->next_in = vs->zlib.buffer;
810 zstream->avail_in = vs->zlib.offset;
811 zstream->next_out = vs->output.buffer + vs->output.offset;
812 zstream->avail_out = vs->output.capacity - vs->output.offset;
813 zstream->data_type = Z_BINARY;
814 previous_out = zstream->total_out;
815
816 // start encoding
817 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
818 fprintf(stderr, "VNC: error during zlib compression\n");
819 return -1;
820 }
821
822 vs->output.offset = vs->output.capacity - zstream->avail_out;
823 return zstream->total_out - previous_out;
824}
825
826static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
827{
828 int old_offset, new_offset, bytes_written;
829
830 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
831
832 // remember where we put in the follow-up size
833 old_offset = vs->output.offset;
834 vnc_write_s32(vs, 0);
835
836 // compress the stream
837 vnc_zlib_start(vs);
838 send_framebuffer_update_raw(vs, x, y, w, h);
839 bytes_written = vnc_zlib_stop(vs, 0);
840
841 if (bytes_written == -1)
842 return;
843
844 // hack in the size
845 new_offset = vs->output.offset;
846 vs->output.offset = old_offset;
847 vnc_write_u32(vs, bytes_written);
848 vs->output.offset = new_offset;
849}
850
24236869
FB		 851static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
852{
fb437313 853 switch(vs->vnc_encoding) {
28a76be8
AL		 854 case VNC_ENCODING_ZLIB:
855 send_framebuffer_update_zlib(vs, x, y, w, h);
856 break;
857 case VNC_ENCODING_HEXTILE:
858 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
859 send_framebuffer_update_hextile(vs, x, y, w, h);
860 break;
861 default:
862 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
863 send_framebuffer_update_raw(vs, x, y, w, h);
864 break;
fb437313 865 }
24236869
FB		 866}
867
753b4053 868static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
24236869 869{
3e28c9ad 870 /* send bitblit op to the vnc client */
24236869
FB		 871 vnc_write_u8(vs, 0); /* msg id */
872 vnc_write_u8(vs, 0);
873 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9 874 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
24236869
FB		 875 vnc_write_u16(vs, src_x);
876 vnc_write_u16(vs, src_y);
877 vnc_flush(vs);
878}
879
753b4053
AL		 880static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
881{
882 VncDisplay *vd = ds->opaque;
198a0039 883 VncState *vs, *vn;
1fc62412
SS		 884 uint8_t *src_row;
885 uint8_t *dst_row;
886 int i,x,y,pitch,depth,inc,w_lim,s;
887 int cmp_bytes;
198a0039 888
1fc62412 889 vnc_refresh_server_surface(vd);
198a0039
GH		 890 for (vs = vd->clients; vs != NULL; vs = vn) {
891 vn = vs->next;
892 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
893 vs->force_update = 1;
1fc62412 894 vnc_update_client(vs, 1);
198a0039
GH		 895 /* vs might be free()ed here */
896 }
897 }
898
1fc62412
SS		 899 /* do bitblit op on the local surface too */
900 pitch = ds_get_linesize(vd->ds);
901 depth = ds_get_bytes_per_pixel(vd->ds);
902 src_row = vd->server->data + pitch * src_y + depth * src_x;
903 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
904 y = dst_y;
905 inc = 1;
906 if (dst_y > src_y) {
907 /* copy backwards */
908 src_row += pitch * (h-1);
909 dst_row += pitch * (h-1);
910 pitch = -pitch;
911 y = dst_y + h - 1;
912 inc = -1;
913 }
914 w_lim = w - (16 - (dst_x % 16));
915 if (w_lim < 0)
916 w_lim = w;
917 else
918 w_lim = w - (w_lim % 16);
919 for (i = 0; i < h; i++) {
920 for (x = 0; x <= w_lim;
921 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
922 if (x == w_lim) {
923 if ((s = w - w_lim) == 0)
924 break;
925 } else if (!x) {
926 s = (16 - (dst_x % 16));
927 s = MIN(s, w_lim);
928 } else {
929 s = 16;
930 }
931 cmp_bytes = s * depth;
932 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
933 continue;
934 memmove(dst_row, src_row, cmp_bytes);
935 vs = vd->clients;
936 while (vs != NULL) {
937 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
938 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
939 vs = vs->next;
940 }
941 }
942 src_row += pitch - w * depth;
943 dst_row += pitch - w * depth;
944 y += inc;
945 }
946
198a0039 947 for (vs = vd->clients; vs != NULL; vs = vs->next) {
753b4053
AL		 948 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
949 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
753b4053
AL		 950 }
951}
952
1fc62412 953static int find_and_clear_dirty_height(struct VncState *vs,
6baebed7 954 int y, int last_x, int x)
24236869
FB		 955{
956 int h;
1fc62412 957 VncDisplay *vd = vs->vd;
24236869 958
1fc62412 959 for (h = 1; h < (vd->server->height - y); h++) {
28a76be8 960 int tmp_x;
1fc62412 961 if (!vnc_get_bit(vs->dirty[y + h], last_x))
28a76be8
AL		 962 break;
963 for (tmp_x = last_x; tmp_x < x; tmp_x++)
1fc62412 964 vnc_clear_bit(vs->dirty[y + h], tmp_x);
24236869
FB		 965 }
966
967 return h;
968}
969
2430ffe4 970static int vnc_update_client(VncState *vs, int has_dirty)
24236869 971{
24236869 972 if (vs->need_update && vs->csock != -1) {
1fc62412 973 VncDisplay *vd = vs->vd;
28a76be8 974 int y;
28a76be8
AL		 975 int n_rectangles;
976 int saved_offset;
24236869 977
703bc68f 978 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
c522d0e2 979 /* kernel send buffers are full -> drop frames to throttle */
2430ffe4 980 return 0;
a0ecfb73 981
703bc68f 982 if (!has_dirty && !vs->audio_cap && !vs->force_update)
2430ffe4 983 return 0;
28a76be8 984
6baebed7
AL		 985 /*
986 * Send screen updates to the vnc client using the server
987 * surface and server dirty map. guest surface updates
988 * happening in parallel don't disturb us, the next pass will
989 * send them to the client.
990 */
28a76be8
AL		 991 n_rectangles = 0;
992 vnc_write_u8(vs, 0); /* msg id */
993 vnc_write_u8(vs, 0);
994 saved_offset = vs->output.offset;
995 vnc_write_u16(vs, 0);
996
1fc62412 997 for (y = 0; y < vd->server->height; y++) {
28a76be8
AL		 998 int x;
999 int last_x = -1;
1fc62412
SS		 1000 for (x = 0; x < vd->server->width / 16; x++) {
1001 if (vnc_get_bit(vs->dirty[y], x)) {
28a76be8
AL		 1002 if (last_x == -1) {
1003 last_x = x;
1004 }
1fc62412 1005 vnc_clear_bit(vs->dirty[y], x);
28a76be8
AL		 1006 } else {
1007 if (last_x != -1) {
1fc62412 1008 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 1009 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
1010 n_rectangles++;
1011 }
1012 last_x = -1;
1013 }
1014 }
1015 if (last_x != -1) {
1fc62412 1016 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 1017 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
1018 n_rectangles++;
1019 }
1020 }
1021 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
1022 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
1023 vnc_flush(vs);
c522d0e2 1024 vs->force_update = 0;
2430ffe4 1025 return n_rectangles;
24236869 1026 }
24236869 1027
703bc68f 1028 if (vs->csock == -1)
198a0039 1029 vnc_disconnect_finish(vs);
2430ffe4
SS		 1030
1031 return 0;
24236869
FB		 1032}
1033
429a8ed3 1034/* audio */
1035static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1036{
1037 VncState *vs = opaque;
1038
1039 switch (cmd) {
1040 case AUD_CNOTIFY_DISABLE:
1041 vnc_write_u8(vs, 255);
1042 vnc_write_u8(vs, 1);
1043 vnc_write_u16(vs, 0);
1044 vnc_flush(vs);
1045 break;
1046
1047 case AUD_CNOTIFY_ENABLE:
1048 vnc_write_u8(vs, 255);
1049 vnc_write_u8(vs, 1);
1050 vnc_write_u16(vs, 1);
1051 vnc_flush(vs);
1052 break;
1053 }
1054}
1055
1056static void audio_capture_destroy(void *opaque)
1057{
1058}
1059
1060static void audio_capture(void *opaque, void *buf, int size)
1061{
1062 VncState *vs = opaque;
1063
1064 vnc_write_u8(vs, 255);
1065 vnc_write_u8(vs, 1);
1066 vnc_write_u16(vs, 2);
1067 vnc_write_u32(vs, size);
1068 vnc_write(vs, buf, size);
1069 vnc_flush(vs);
1070}
1071
1072static void audio_add(VncState *vs)
1073{
376253ec 1074 Monitor *mon = cur_mon;
429a8ed3 1075 struct audio_capture_ops ops;
1076
1077 if (vs->audio_cap) {
376253ec 1078 monitor_printf(mon, "audio already running\n");
429a8ed3 1079 return;
1080 }
1081
1082 ops.notify = audio_capture_notify;
1083 ops.destroy = audio_capture_destroy;
1084 ops.capture = audio_capture;
1085
1a7dafce 1086 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
429a8ed3 1087 if (!vs->audio_cap) {
376253ec 1088 monitor_printf(mon, "Failed to add audio capture\n");
429a8ed3 1089 }
1090}
1091
1092static void audio_del(VncState *vs)
1093{
1094 if (vs->audio_cap) {
1095 AUD_del_capture(vs->audio_cap, vs);
1096 vs->audio_cap = NULL;
1097 }
1098}
1099
198a0039
GH		 1100static void vnc_disconnect_start(VncState *vs)
1101{
1102 if (vs->csock == -1)
1103 return;
1104 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1105 closesocket(vs->csock);
1106 vs->csock = -1;
1107}
1108
1109static void vnc_disconnect_finish(VncState *vs)
1110{
fa0cfdf2
SW		 1111 if (vs->input.buffer) {
1112 qemu_free(vs->input.buffer);
1113 vs->input.buffer = NULL;
1114 }
1115 if (vs->output.buffer) {
1116 qemu_free(vs->output.buffer);
1117 vs->output.buffer = NULL;
1118 }
4a80dba3
LC		 1119
1120 qobject_decref(vs->info);
1121
198a0039
GH		 1122#ifdef CONFIG_VNC_TLS
1123 vnc_tls_client_cleanup(vs);
1124#endif /* CONFIG_VNC_TLS */
1125#ifdef CONFIG_VNC_SASL
1126 vnc_sasl_client_cleanup(vs);
1127#endif /* CONFIG_VNC_SASL */
1128 audio_del(vs);
1129
1130 VncState *p, *parent = NULL;
1131 for (p = vs->vd->clients; p != NULL; p = p->next) {
1132 if (p == vs) {
1133 if (parent)
1134 parent->next = p->next;
1135 else
1136 vs->vd->clients = p->next;
1137 break;
1138 }
1139 parent = p;
1140 }
1141 if (!vs->vd->clients)
1142 dcl->idle = 1;
1143
703bc68f 1144 vnc_remove_timer(vs->vd);
5d95ac5b 1145 qemu_free(vs);
198a0039 1146}
2f9606b3
AL		 1147
1148int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 1149{
1150 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 1151 if (ret == -1) {
1152 switch (last_errno) {
1153 case EINTR:
1154 case EAGAIN:
1155#ifdef _WIN32
1156 case WSAEWOULDBLOCK:
1157#endif
1158 return 0;
1159 default:
1160 break;
1161 }
1162 }
24236869 1163
198a0039
GH		 1164 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1165 ret, ret < 0 ? last_errno : 0);
1166 vnc_disconnect_start(vs);
6baebed7 1167
28a76be8 1168 return 0;
24236869
FB		 1169 }
1170 return ret;
1171}
1172
5fb6c7a8
AL		 1173
1174void vnc_client_error(VncState *vs)
24236869 1175{
198a0039
GH		 1176 VNC_DEBUG("Closing down client sock: protocol error\n");
1177 vnc_disconnect_start(vs);
24236869
FB		 1178}
1179
2f9606b3
AL		 1180
1181/*
1182 * Called to write a chunk of data to the client socket. The data may
1183 * be the raw data, or may have already been encoded by SASL.
1184 * The data will be written either straight onto the socket, or
1185 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1186 *
1187 * NB, it is theoretically possible to have 2 layers of encryption,
1188 * both SASL, and this TLS layer. It is highly unlikely in practice
1189 * though, since SASL encryption will typically be a no-op if TLS
1190 * is active
1191 *
1192 * Returns the number of bytes written, which may be less than
1193 * the requested 'datalen' if the socket would block. Returns
1194 * -1 on error, and disconnects the client socket.
1195 */
1196long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
24236869 1197{
ceb5caaf 1198 long ret;
eb38c52c 1199#ifdef CONFIG_VNC_TLS
5fb6c7a8 1200 if (vs->tls.session) {
28a76be8
AL		 1201 ret = gnutls_write(vs->tls.session, data, datalen);
1202 if (ret < 0) {
1203 if (ret == GNUTLS_E_AGAIN)
1204 errno = EAGAIN;
1205 else
1206 errno = EIO;
1207 ret = -1;
1208 }
8d5d2d4c
TS		 1209 } else
1210#endif /* CONFIG_VNC_TLS */
70503264 1211 ret = send(vs->csock, (const void *)data, datalen, 0);
23decc87 1212 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1213 return vnc_client_io_error(vs, ret, socket_error());
1214}
1215
1216
1217/*
1218 * Called to write buffered data to the client socket, when not
1219 * using any SASL SSF encryption layers. Will write as much data
1220 * as possible without blocking. If all buffered data is written,
1221 * will switch the FD poll() handler back to read monitoring.
1222 *
1223 * Returns the number of bytes written, which may be less than
1224 * the buffered output data if the socket would block. Returns
1225 * -1 on error, and disconnects the client socket.
1226 */
1227static long vnc_client_write_plain(VncState *vs)
1228{
1229 long ret;
1230
1231#ifdef CONFIG_VNC_SASL
23decc87 1232 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
2f9606b3
AL		 1233 vs->output.buffer, vs->output.capacity, vs->output.offset,
1234 vs->sasl.waitWriteSSF);
1235
1236 if (vs->sasl.conn &&
1237 vs->sasl.runSSF &&
1238 vs->sasl.waitWriteSSF) {
1239 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1240 if (ret)
1241 vs->sasl.waitWriteSSF -= ret;
1242 } else
1243#endif /* CONFIG_VNC_SASL */
1244 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
24236869 1245 if (!ret)
2f9606b3 1246 return 0;
24236869
FB		 1247
1248 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1249 vs->output.offset -= ret;
1250
1251 if (vs->output.offset == 0) {
28a76be8 1252 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
24236869 1253 }
2f9606b3
AL		 1254
1255 return ret;
1256}
1257
1258
1259/*
1260 * First function called whenever there is data to be written to
1261 * the client socket. Will delegate actual work according to whether
1262 * SASL SSF layers are enabled (thus requiring encryption calls)
1263 */
1264void vnc_client_write(void *opaque)
1265{
1266 long ret;
1267 VncState *vs = opaque;
1268
1269#ifdef CONFIG_VNC_SASL
1270 if (vs->sasl.conn &&
1271 vs->sasl.runSSF &&
1272 !vs->sasl.waitWriteSSF)
1273 ret = vnc_client_write_sasl(vs);
1274 else
1275#endif /* CONFIG_VNC_SASL */
1276 ret = vnc_client_write_plain(vs);
24236869
FB		 1277}
1278
5fb6c7a8 1279void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
24236869
FB		 1280{
1281 vs->read_handler = func;
1282 vs->read_handler_expect = expecting;
1283}
1284
2f9606b3
AL		 1285
1286/*
1287 * Called to read a chunk of data from the client socket. The data may
1288 * be the raw data, or may need to be further decoded by SASL.
1289 * The data will be read either straight from to the socket, or
1290 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1291 *
1292 * NB, it is theoretically possible to have 2 layers of encryption,
1293 * both SASL, and this TLS layer. It is highly unlikely in practice
1294 * though, since SASL encryption will typically be a no-op if TLS
1295 * is active
1296 *
1297 * Returns the number of bytes read, which may be less than
1298 * the requested 'datalen' if the socket would block. Returns
1299 * -1 on error, and disconnects the client socket.
1300 */
1301long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
24236869 1302{
ceb5caaf 1303 long ret;
eb38c52c 1304#ifdef CONFIG_VNC_TLS
5fb6c7a8 1305 if (vs->tls.session) {
28a76be8
AL		 1306 ret = gnutls_read(vs->tls.session, data, datalen);
1307 if (ret < 0) {
1308 if (ret == GNUTLS_E_AGAIN)
1309 errno = EAGAIN;
1310 else
1311 errno = EIO;
1312 ret = -1;
1313 }
8d5d2d4c
TS		 1314 } else
1315#endif /* CONFIG_VNC_TLS */
c5b76b38 1316 ret = recv(vs->csock, (void *)data, datalen, 0);
23decc87 1317 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1318 return vnc_client_io_error(vs, ret, socket_error());
1319}
24236869 1320
2f9606b3
AL		 1321
1322/*
1323 * Called to read data from the client socket to the input buffer,
1324 * when not using any SASL SSF encryption layers. Will read as much
1325 * data as possible without blocking.
1326 *
1327 * Returns the number of bytes read. Returns -1 on error, and
1328 * disconnects the client socket.
1329 */
1330static long vnc_client_read_plain(VncState *vs)
1331{
1332 int ret;
23decc87 1333 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
2f9606b3
AL		 1334 vs->input.buffer, vs->input.capacity, vs->input.offset);
1335 buffer_reserve(&vs->input, 4096);
1336 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1337 if (!ret)
1338 return 0;
24236869 1339 vs->input.offset += ret;
2f9606b3
AL		 1340 return ret;
1341}
1342
1343
1344/*
1345 * First function called whenever there is more data to be read from
1346 * the client socket. Will delegate actual work according to whether
1347 * SASL SSF layers are enabled (thus requiring decryption calls)
1348 */
1349void vnc_client_read(void *opaque)
1350{
1351 VncState *vs = opaque;
1352 long ret;
1353
1354#ifdef CONFIG_VNC_SASL
1355 if (vs->sasl.conn && vs->sasl.runSSF)
1356 ret = vnc_client_read_sasl(vs);
1357 else
1358#endif /* CONFIG_VNC_SASL */
1359 ret = vnc_client_read_plain(vs);
198a0039
GH		 1360 if (!ret) {
1361 if (vs->csock == -1)
1362 vnc_disconnect_finish(vs);
28a76be8 1363 return;
198a0039 1364 }
24236869
FB		 1365
1366 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
28a76be8
AL		 1367 size_t len = vs->read_handler_expect;
1368 int ret;
1369
1370 ret = vs->read_handler(vs, vs->input.buffer, len);
198a0039
GH		 1371 if (vs->csock == -1) {
1372 vnc_disconnect_finish(vs);
28a76be8 1373 return;
198a0039 1374 }
28a76be8
AL		 1375
1376 if (!ret) {
1377 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1378 vs->input.offset -= len;
1379 } else {
1380 vs->read_handler_expect = ret;
1381 }
24236869
FB		 1382 }
1383}
1384
5fb6c7a8 1385void vnc_write(VncState *vs, const void *data, size_t len)
24236869
FB		 1386{
1387 buffer_reserve(&vs->output, len);
1388
198a0039 1389 if (vs->csock != -1 && buffer_empty(&vs->output)) {
28a76be8 1390 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
24236869
FB		 1391 }
1392
1393 buffer_append(&vs->output, data, len);
1394}
1395
5fb6c7a8 1396void vnc_write_s32(VncState *vs, int32_t value)
24236869
FB		 1397{
1398 vnc_write_u32(vs, *(uint32_t *)&value);
1399}
1400
5fb6c7a8 1401void vnc_write_u32(VncState *vs, uint32_t value)
24236869
FB		 1402{
1403 uint8_t buf[4];
1404
1405 buf[0] = (value >> 24) & 0xFF;
1406 buf[1] = (value >> 16) & 0xFF;
1407 buf[2] = (value >> 8) & 0xFF;
1408 buf[3] = value & 0xFF;
1409
1410 vnc_write(vs, buf, 4);
1411}
1412
5fb6c7a8 1413void vnc_write_u16(VncState *vs, uint16_t value)
24236869 1414{
64f5a135 1415 uint8_t buf[2];
24236869
FB		 1416
1417 buf[0] = (value >> 8) & 0xFF;
1418 buf[1] = value & 0xFF;
1419
1420 vnc_write(vs, buf, 2);
1421}
1422
5fb6c7a8 1423void vnc_write_u8(VncState *vs, uint8_t value)
24236869
FB		 1424{
1425 vnc_write(vs, (char *)&value, 1);
1426}
1427
5fb6c7a8 1428void vnc_flush(VncState *vs)
24236869 1429{
198a0039 1430 if (vs->csock != -1 && vs->output.offset)
28a76be8 1431 vnc_client_write(vs);
24236869
FB		 1432}
1433
5fb6c7a8 1434uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 1435{
1436 return data[offset];
1437}
1438
5fb6c7a8 1439uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 1440{
1441 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1442}
1443
5fb6c7a8 1444int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 1445{
1446 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1447 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1448}
1449
5fb6c7a8 1450uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 1451{
1452 return ((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1453 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1454}
1455
60fe76f3 1456static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 1457{
1458}
1459
564c337e
FB		 1460static void check_pointer_type_change(VncState *vs, int absolute)
1461{
29fa4ed9 1462 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
28a76be8
AL		 1463 vnc_write_u8(vs, 0);
1464 vnc_write_u8(vs, 0);
1465 vnc_write_u16(vs, 1);
1466 vnc_framebuffer_update(vs, absolute, 0,
1467 ds_get_width(vs->ds), ds_get_height(vs->ds),
29fa4ed9 1468 VNC_ENCODING_POINTER_TYPE_CHANGE);
28a76be8 1469 vnc_flush(vs);
564c337e
FB		 1470 }
1471 vs->absolute = absolute;
1472}
1473
24236869
FB		 1474static void pointer_event(VncState *vs, int button_mask, int x, int y)
1475{
1476 int buttons = 0;
1477 int dz = 0;
1478
1479 if (button_mask & 0x01)
28a76be8 1480 buttons |= MOUSE_EVENT_LBUTTON;
24236869 1481 if (button_mask & 0x02)
28a76be8 1482 buttons |= MOUSE_EVENT_MBUTTON;
24236869 1483 if (button_mask & 0x04)
28a76be8 1484 buttons |= MOUSE_EVENT_RBUTTON;
24236869 1485 if (button_mask & 0x08)
28a76be8 1486 dz = -1;
24236869 1487 if (button_mask & 0x10)
28a76be8 1488 dz = 1;
564c337e
FB		 1489
1490 if (vs->absolute) {
28a76be8
AL		 1491 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1492 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1493 dz, buttons);
29fa4ed9 1494 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
28a76be8
AL		 1495 x -= 0x7FFF;
1496 y -= 0x7FFF;
24236869 1497
28a76be8 1498 kbd_mouse_event(x, y, dz, buttons);
564c337e 1499 } else {
28a76be8
AL		 1500 if (vs->last_x != -1)
1501 kbd_mouse_event(x - vs->last_x,
1502 y - vs->last_y,
1503 dz, buttons);
1504 vs->last_x = x;
1505 vs->last_y = y;
24236869 1506 }
564c337e
FB		 1507
1508 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1509}
1510
64f5a135
FB		 1511static void reset_keys(VncState *vs)
1512{
1513 int i;
1514 for(i = 0; i < 256; i++) {
1515 if (vs->modifiers_state[i]) {
1516 if (i & 0x80)
1517 kbd_put_keycode(0xe0);
1518 kbd_put_keycode(i | 0x80);
1519 vs->modifiers_state[i] = 0;
1520 }
1521 }
1522}
1523
a528b80c
AZ		 1524static void press_key(VncState *vs, int keysym)
1525{
753b4053
AL		 1526 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1527 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
a528b80c
AZ		 1528}
1529
9ca313aa 1530static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 1531{
64f5a135
FB		 1532 /* QEMU console switch */
1533 switch(keycode) {
1534 case 0x2a: /* Left Shift */
1535 case 0x36: /* Right Shift */
1536 case 0x1d: /* Left CTRL */
1537 case 0x9d: /* Right CTRL */
1538 case 0x38: /* Left ALT */
1539 case 0xb8: /* Right ALT */
1540 if (down)
1541 vs->modifiers_state[keycode] = 1;
1542 else
1543 vs->modifiers_state[keycode] = 0;
1544 break;
5fafdf24 1545 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1546 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1547 /* Reset the modifiers sent to the current console */
1548 reset_keys(vs);
1549 console_select(keycode - 0x02);
1550 return;
1551 }
1552 break;
28a76be8
AL		 1553 case 0x3a: /* CapsLock */
1554 case 0x45: /* NumLock */
a528b80c
AZ		 1555 if (!down)
1556 vs->modifiers_state[keycode] ^= 1;
1557 break;
1558 }
1559
753b4053 1560 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
a528b80c
AZ		 1561 /* If the numlock state needs to change then simulate an additional
1562 keypress before sending this one. This will happen if the user
1563 toggles numlock away from the VNC window.
1564 */
753b4053 1565 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
a528b80c
AZ		 1566 if (!vs->modifiers_state[0x45]) {
1567 vs->modifiers_state[0x45] = 1;
1568 press_key(vs, 0xff7f);
1569 }
1570 } else {
1571 if (vs->modifiers_state[0x45]) {
1572 vs->modifiers_state[0x45] = 0;
1573 press_key(vs, 0xff7f);
1574 }
1575 }
64f5a135 1576 }
24236869 1577
6b132502
GH		 1578 if ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z')) {
1579 /* If the capslock state needs to change then simulate an additional
1580 keypress before sending this one. This will happen if the user
1581 toggles capslock away from the VNC window.
1582 */
1583 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1584 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1585 int capslock = !!(vs->modifiers_state[0x3a]);
1586 if (capslock) {
1587 if (uppercase == shift) {
1588 vs->modifiers_state[0x3a] = 0;
1589 press_key(vs, 0xffe5);
1590 }
1591 } else {
1592 if (uppercase != shift) {
1593 vs->modifiers_state[0x3a] = 1;
1594 press_key(vs, 0xffe5);
1595 }
1596 }
1597 }
1598
64f5a135
FB		 1599 if (is_graphic_console()) {
1600 if (keycode & 0x80)
1601 kbd_put_keycode(0xe0);
1602 if (down)
1603 kbd_put_keycode(keycode & 0x7f);
1604 else
1605 kbd_put_keycode(keycode | 0x80);
1606 } else {
1607 /* QEMU console emulation */
1608 if (down) {
bb0a18e1 1609 int numlock = vs->modifiers_state[0x45];
64f5a135
FB		 1610 switch (keycode) {
1611 case 0x2a: /* Left Shift */
1612 case 0x36: /* Right Shift */
1613 case 0x1d: /* Left CTRL */
1614 case 0x9d: /* Right CTRL */
1615 case 0x38: /* Left ALT */
1616 case 0xb8: /* Right ALT */
1617 break;
1618 case 0xc8:
1619 kbd_put_keysym(QEMU_KEY_UP);
1620 break;
1621 case 0xd0:
1622 kbd_put_keysym(QEMU_KEY_DOWN);
1623 break;
1624 case 0xcb:
1625 kbd_put_keysym(QEMU_KEY_LEFT);
1626 break;
1627 case 0xcd:
1628 kbd_put_keysym(QEMU_KEY_RIGHT);
1629 break;
1630 case 0xd3:
1631 kbd_put_keysym(QEMU_KEY_DELETE);
1632 break;
1633 case 0xc7:
1634 kbd_put_keysym(QEMU_KEY_HOME);
1635 break;
1636 case 0xcf:
1637 kbd_put_keysym(QEMU_KEY_END);
1638 break;
1639 case 0xc9:
1640 kbd_put_keysym(QEMU_KEY_PAGEUP);
1641 break;
1642 case 0xd1:
1643 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1644 break;
bb0a18e1
GH		 1645
1646 case 0x47:
1647 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1648 break;
1649 case 0x48:
1650 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1651 break;
1652 case 0x49:
1653 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1654 break;
1655 case 0x4b:
1656 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1657 break;
1658 case 0x4c:
1659 kbd_put_keysym('5');
1660 break;
1661 case 0x4d:
1662 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1663 break;
1664 case 0x4f:
1665 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1666 break;
1667 case 0x50:
1668 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1669 break;
1670 case 0x51:
1671 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1672 break;
1673 case 0x52:
1674 kbd_put_keysym('0');
1675 break;
1676 case 0x53:
1677 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1678 break;
1679
1680 case 0xb5:
1681 kbd_put_keysym('/');
1682 break;
1683 case 0x37:
1684 kbd_put_keysym('*');
1685 break;
1686 case 0x4a:
1687 kbd_put_keysym('-');
1688 break;
1689 case 0x4e:
1690 kbd_put_keysym('+');
1691 break;
1692 case 0x9c:
1693 kbd_put_keysym('\n');
1694 break;
1695
64f5a135
FB		 1696 default:
1697 kbd_put_keysym(sym);
1698 break;
1699 }
1700 }
1701 }
24236869
FB		 1702}
1703
bdbd7676
FB		 1704static void key_event(VncState *vs, int down, uint32_t sym)
1705{
9ca313aa 1706 int keycode;
4a93fe17 1707 int lsym = sym;
9ca313aa 1708
4a93fe17
GH		 1709 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1710 lsym = lsym - 'A' + 'a';
1711 }
9ca313aa 1712
4a93fe17 1713 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF);
9ca313aa
AL		 1714 do_key_event(vs, down, keycode, sym);
1715}
1716
1717static void ext_key_event(VncState *vs, int down,
1718 uint32_t sym, uint16_t keycode)
1719{
1720 /* if the user specifies a keyboard layout, always use it */
1721 if (keyboard_layout)
1722 key_event(vs, down, sym);
1723 else
1724 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1725}
1726
24236869 1727static void framebuffer_update_request(VncState *vs, int incremental,
28a76be8
AL		 1728 int x_position, int y_position,
1729 int w, int h)
24236869 1730{
0e1f5a0c
AL		 1731 if (x_position > ds_get_width(vs->ds))
1732 x_position = ds_get_width(vs->ds);
1733 if (y_position > ds_get_height(vs->ds))
1734 y_position = ds_get_height(vs->ds);
1735 if (x_position + w >= ds_get_width(vs->ds))
1736 w = ds_get_width(vs->ds) - x_position;
1737 if (y_position + h >= ds_get_height(vs->ds))
1738 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1739
24236869
FB		 1740 int i;
1741 vs->need_update = 1;
1742 if (!incremental) {
24cf0a6e 1743 vs->force_update = 1;
28a76be8 1744 for (i = 0; i < h; i++) {
1fc62412 1745 vnc_set_bits(vs->dirty[y_position + i],
0e1f5a0c 1746 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
28a76be8 1747 }
24236869
FB		 1748 }
1749}
1750
9ca313aa
AL		 1751static void send_ext_key_event_ack(VncState *vs)
1752{
1753 vnc_write_u8(vs, 0);
1754 vnc_write_u8(vs, 0);
1755 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1756 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1757 VNC_ENCODING_EXT_KEY_EVENT);
9ca313aa
AL		 1758 vnc_flush(vs);
1759}
1760
429a8ed3 1761static void send_ext_audio_ack(VncState *vs)
1762{
1763 vnc_write_u8(vs, 0);
1764 vnc_write_u8(vs, 0);
1765 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1766 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1767 VNC_ENCODING_AUDIO);
429a8ed3 1768 vnc_flush(vs);
1769}
1770
24236869
FB		 1771static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1772{
1773 int i;
29fa4ed9 1774 unsigned int enc = 0;
24236869 1775
059cef40 1776 vnc_zlib_init(vs);
29fa4ed9 1777 vs->features = 0;
fb437313
AL		 1778 vs->vnc_encoding = 0;
1779 vs->tight_compression = 9;
1780 vs->tight_quality = 9;
564c337e 1781 vs->absolute = -1;
24236869
FB		 1782
1783 for (i = n_encodings - 1; i >= 0; i--) {
29fa4ed9
AL		 1784 enc = encodings[i];
1785 switch (enc) {
1786 case VNC_ENCODING_RAW:
fb437313 1787 vs->vnc_encoding = enc;
29fa4ed9
AL		 1788 break;
1789 case VNC_ENCODING_COPYRECT:
753b4053 1790 vs->features |= VNC_FEATURE_COPYRECT_MASK;
29fa4ed9
AL		 1791 break;
1792 case VNC_ENCODING_HEXTILE:
1793 vs->features |= VNC_FEATURE_HEXTILE_MASK;
fb437313 1794 vs->vnc_encoding = enc;
29fa4ed9 1795 break;
059cef40
AL		 1796 case VNC_ENCODING_ZLIB:
1797 vs->features |= VNC_FEATURE_ZLIB_MASK;
1798 vs->vnc_encoding = enc;
1799 break;
29fa4ed9
AL		 1800 case VNC_ENCODING_DESKTOPRESIZE:
1801 vs->features |= VNC_FEATURE_RESIZE_MASK;
1802 break;
1803 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1804 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1805 break;
1806 case VNC_ENCODING_EXT_KEY_EVENT:
9ca313aa
AL		 1807 send_ext_key_event_ack(vs);
1808 break;
29fa4ed9 1809 case VNC_ENCODING_AUDIO:
429a8ed3 1810 send_ext_audio_ack(vs);
1811 break;
29fa4ed9
AL		 1812 case VNC_ENCODING_WMVi:
1813 vs->features |= VNC_FEATURE_WMVI_MASK;
ca4cca4d 1814 break;
fb437313
AL		 1815 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1816 vs->tight_compression = (enc & 0x0F);
1817 break;
1818 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1819 vs->tight_quality = (enc & 0x0F);
1820 break;
29fa4ed9
AL		 1821 default:
1822 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1823 break;
1824 }
24236869 1825 }
564c337e
FB		 1826
1827 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1828}
1829
6cec5487
AL		 1830static void set_pixel_conversion(VncState *vs)
1831{
1832 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1833 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1834 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1835 vs->write_pixels = vnc_write_pixels_copy;
1836 switch (vs->ds->surface->pf.bits_per_pixel) {
1837 case 8:
1838 vs->send_hextile_tile = send_hextile_tile_8;
1839 break;
1840 case 16:
1841 vs->send_hextile_tile = send_hextile_tile_16;
1842 break;
1843 case 32:
1844 vs->send_hextile_tile = send_hextile_tile_32;
1845 break;
1846 }
1847 } else {
1848 vs->write_pixels = vnc_write_pixels_generic;
1849 switch (vs->ds->surface->pf.bits_per_pixel) {
1850 case 8:
1851 vs->send_hextile_tile = send_hextile_tile_generic_8;
1852 break;
1853 case 16:
1854 vs->send_hextile_tile = send_hextile_tile_generic_16;
1855 break;
1856 case 32:
1857 vs->send_hextile_tile = send_hextile_tile_generic_32;
1858 break;
1859 }
1860 }
1861}
1862
24236869 1863static void set_pixel_format(VncState *vs,
28a76be8
AL		 1864 int bits_per_pixel, int depth,
1865 int big_endian_flag, int true_color_flag,
1866 int red_max, int green_max, int blue_max,
1867 int red_shift, int green_shift, int blue_shift)
24236869 1868{
3512779a 1869 if (!true_color_flag) {
28a76be8 1870 vnc_client_error(vs);
3512779a
FB		 1871 return;
1872 }
24236869 1873
1fc62412 1874 vs->clientds = *(vs->vd->guest.ds);
6cec5487 1875 vs->clientds.pf.rmax = red_max;
90a1e3c0 1876 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1877 vs->clientds.pf.rshift = red_shift;
1878 vs->clientds.pf.rmask = red_max << red_shift;
1879 vs->clientds.pf.gmax = green_max;
90a1e3c0 1880 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1881 vs->clientds.pf.gshift = green_shift;
1882 vs->clientds.pf.gmask = green_max << green_shift;
1883 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1884 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1885 vs->clientds.pf.bshift = blue_shift;
1886 vs->clientds.pf.bmask = blue_max << blue_shift;
1887 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1888 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1889 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1890 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1891
1892 set_pixel_conversion(vs);
24236869
FB		 1893
1894 vga_hw_invalidate();
1895 vga_hw_update();
1896}
1897
ca4cca4d
AL		 1898static void pixel_format_message (VncState *vs) {
1899 char pad[3] = { 0, 0, 0 };
1900
6cec5487
AL		 1901 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1902 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d 1903
e2542fe2 1904#ifdef HOST_WORDS_BIGENDIAN
ca4cca4d
AL		 1905 vnc_write_u8(vs, 1); /* big-endian-flag */
1906#else
1907 vnc_write_u8(vs, 0); /* big-endian-flag */
1908#endif
1909 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1910 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1911 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1912 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1913 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1914 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1915 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1916 if (vs->ds->surface->pf.bits_per_pixel == 32)
ca4cca4d 1917 vs->send_hextile_tile = send_hextile_tile_32;
6cec5487 1918 else if (vs->ds->surface->pf.bits_per_pixel == 16)
ca4cca4d 1919 vs->send_hextile_tile = send_hextile_tile_16;
6cec5487 1920 else if (vs->ds->surface->pf.bits_per_pixel == 8)
ca4cca4d 1921 vs->send_hextile_tile = send_hextile_tile_8;
6cec5487 1922 vs->clientds = *(vs->ds->surface);
3cded540 1923 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1924 vs->write_pixels = vnc_write_pixels_copy;
1925
1926 vnc_write(vs, pad, 3); /* padding */
1927}
1928
7d957bd8
AL		 1929static void vnc_dpy_setdata(DisplayState *ds)
1930{
1931 /* We don't have to do anything */
1932}
1933
753b4053 1934static void vnc_colordepth(VncState *vs)
7eac3a87 1935{
753b4053 1936 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
ca4cca4d
AL		 1937 /* Sending a WMVi message to notify the client*/
1938 vnc_write_u8(vs, 0); /* msg id */
1939 vnc_write_u8(vs, 0);
1940 vnc_write_u16(vs, 1); /* number of rects */
753b4053
AL		 1941 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1942 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
ca4cca4d
AL		 1943 pixel_format_message(vs);
1944 vnc_flush(vs);
7eac3a87 1945 } else {
6cec5487 1946 set_pixel_conversion(vs);
7eac3a87
AL		 1947 }
1948}
1949
60fe76f3 1950static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1951{
1952 int i;
1953 uint16_t limit;
2430ffe4
SS		 1954 VncDisplay *vd = vs->vd;
1955
1956 if (data[0] > 3) {
1957 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1958 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1959 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1960 }
24236869
FB		 1961
1962 switch (data[0]) {
1963 case 0:
28a76be8
AL		 1964 if (len == 1)
1965 return 20;
1966
1967 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1968 read_u8(data, 6), read_u8(data, 7),
1969 read_u16(data, 8), read_u16(data, 10),
1970 read_u16(data, 12), read_u8(data, 14),
1971 read_u8(data, 15), read_u8(data, 16));
1972 break;
24236869 1973 case 2:
28a76be8
AL		 1974 if (len == 1)
1975 return 4;
24236869 1976
28a76be8 1977 if (len == 4) {
69dd5c9f
AL		 1978 limit = read_u16(data, 2);
1979 if (limit > 0)
1980 return 4 + (limit * 4);
1981 } else
1982 limit = read_u16(data, 2);
24236869 1983
28a76be8
AL		 1984 for (i = 0; i < limit; i++) {
1985 int32_t val = read_s32(data, 4 + (i * 4));
1986 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1987 }
24236869 1988
28a76be8
AL		 1989 set_encodings(vs, (int32_t *)(data + 4), limit);
1990 break;
24236869 1991 case 3:
28a76be8
AL		 1992 if (len == 1)
1993 return 10;
24236869 1994
28a76be8
AL		 1995 framebuffer_update_request(vs,
1996 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1997 read_u16(data, 6), read_u16(data, 8));
1998 break;
24236869 1999 case 4:
28a76be8
AL		 2000 if (len == 1)
2001 return 8;
24236869 2002
28a76be8
AL		 2003 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2004 break;
24236869 2005 case 5:
28a76be8
AL		 2006 if (len == 1)
2007 return 6;
24236869 2008
28a76be8
AL		 2009 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2010 break;
24236869 2011 case 6:
28a76be8
AL		 2012 if (len == 1)
2013 return 8;
24236869 2014
28a76be8 2015 if (len == 8) {
baa7666c
TS		 2016 uint32_t dlen = read_u32(data, 4);
2017 if (dlen > 0)
2018 return 8 + dlen;
2019 }
24236869 2020
28a76be8
AL		 2021 client_cut_text(vs, read_u32(data, 4), data + 8);
2022 break;
9ca313aa
AL		 2023 case 255:
2024 if (len == 1)
2025 return 2;
2026
2027 switch (read_u8(data, 1)) {
2028 case 0:
2029 if (len == 2)
2030 return 12;
2031
2032 ext_key_event(vs, read_u16(data, 2),
2033 read_u32(data, 4), read_u32(data, 8));
2034 break;
429a8ed3 2035 case 1:
2036 if (len == 2)
2037 return 4;
2038
2039 switch (read_u16 (data, 2)) {
2040 case 0:
2041 audio_add(vs);
2042 break;
2043 case 1:
2044 audio_del(vs);
2045 break;
2046 case 2:
2047 if (len == 4)
2048 return 10;
2049 switch (read_u8(data, 4)) {
2050 case 0: vs->as.fmt = AUD_FMT_U8; break;
2051 case 1: vs->as.fmt = AUD_FMT_S8; break;
2052 case 2: vs->as.fmt = AUD_FMT_U16; break;
2053 case 3: vs->as.fmt = AUD_FMT_S16; break;
2054 case 4: vs->as.fmt = AUD_FMT_U32; break;
2055 case 5: vs->as.fmt = AUD_FMT_S32; break;
2056 default:
2057 printf("Invalid audio format %d\n", read_u8(data, 4));
2058 vnc_client_error(vs);
2059 break;
2060 }
2061 vs->as.nchannels = read_u8(data, 5);
2062 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2063 printf("Invalid audio channel coount %d\n",
2064 read_u8(data, 5));
2065 vnc_client_error(vs);
2066 break;
2067 }
2068 vs->as.freq = read_u32(data, 6);
2069 break;
2070 default:
2071 printf ("Invalid audio message %d\n", read_u8(data, 4));
2072 vnc_client_error(vs);
2073 break;
2074 }
2075 break;
2076
9ca313aa
AL		 2077 default:
2078 printf("Msg: %d\n", read_u16(data, 0));
2079 vnc_client_error(vs);
2080 break;
2081 }
2082 break;
24236869 2083 default:
28a76be8
AL		 2084 printf("Msg: %d\n", data[0]);
2085 vnc_client_error(vs);
2086 break;
24236869 2087 }
5fafdf24 2088
24236869
FB		 2089 vnc_read_when(vs, protocol_client_msg, 1);
2090 return 0;
2091}
2092
60fe76f3 2093static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 2094{
c35734b2
TS		 2095 char buf[1024];
2096 int size;
24236869 2097
0e1f5a0c
AL		 2098 vnc_write_u16(vs, ds_get_width(vs->ds));
2099 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 2100
ca4cca4d 2101 pixel_format_message(vs);
24236869 2102
c35734b2
TS		 2103 if (qemu_name)
2104 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2105 else
2106 size = snprintf(buf, sizeof(buf), "QEMU");
2107
2108 vnc_write_u32(vs, size);
2109 vnc_write(vs, buf, size);
24236869
FB		 2110 vnc_flush(vs);
2111
4a80dba3
LC		 2112 vnc_client_cache_auth(vs);
2113
24236869
FB		 2114 vnc_read_when(vs, protocol_client_msg, 1);
2115
2116 return 0;
2117}
2118
5fb6c7a8
AL		 2119void start_client_init(VncState *vs)
2120{
2121 vnc_read_when(vs, protocol_client_init, 1);
2122}
2123
70848515
TS		 2124static void make_challenge(VncState *vs)
2125{
2126 int i;
2127
2128 srand(time(NULL)+getpid()+getpid()*987654+rand());
2129
2130 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2131 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2132}
2133
60fe76f3 2134static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 2135{
60fe76f3 2136 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 2137 int i, j, pwlen;
60fe76f3 2138 unsigned char key[8];
70848515 2139
753b4053 2140 if (!vs->vd->password || !vs->vd->password[0]) {
28a76be8
AL		 2141 VNC_DEBUG("No password configured on server");
2142 vnc_write_u32(vs, 1); /* Reject auth */
2143 if (vs->minor >= 8) {
2144 static const char err[] = "Authentication failed";
2145 vnc_write_u32(vs, sizeof(err));
2146 vnc_write(vs, err, sizeof(err));
2147 }
2148 vnc_flush(vs);
2149 vnc_client_error(vs);
2150 return 0;
70848515
TS		 2151 }
2152
2153 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2154
2155 /* Calculate the expected challenge response */
753b4053 2156 pwlen = strlen(vs->vd->password);
70848515 2157 for (i=0; i<sizeof(key); i++)
753b4053 2158 key[i] = i<pwlen ? vs->vd->password[i] : 0;
70848515
TS		 2159 deskey(key, EN0);
2160 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2161 des(response+j, response+j);
2162
2163 /* Compare expected vs actual challenge response */
2164 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
28a76be8
AL		 2165 VNC_DEBUG("Client challenge reponse did not match\n");
2166 vnc_write_u32(vs, 1); /* Reject auth */
2167 if (vs->minor >= 8) {
2168 static const char err[] = "Authentication failed";
2169 vnc_write_u32(vs, sizeof(err));
2170 vnc_write(vs, err, sizeof(err));
2171 }
2172 vnc_flush(vs);
2173 vnc_client_error(vs);
70848515 2174 } else {
28a76be8
AL		 2175 VNC_DEBUG("Accepting VNC challenge response\n");
2176 vnc_write_u32(vs, 0); /* Accept auth */
2177 vnc_flush(vs);
70848515 2178
5fb6c7a8 2179 start_client_init(vs);
70848515
TS		 2180 }
2181 return 0;
2182}
2183
5fb6c7a8 2184void start_auth_vnc(VncState *vs)
70848515
TS		 2185{
2186 make_challenge(vs);
2187 /* Send client a 'random' challenge */
2188 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2189 vnc_flush(vs);
2190
2191 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
469b15c6
TS		 2192}
2193
2194
60fe76f3 2195static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 2196{
2197 /* We only advertise 1 auth scheme at a time, so client
2198 * must pick the one we sent. Verify this */
753b4053 2199 if (data[0] != vs->vd->auth) { /* Reject auth */
1263b7d6 2200 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
70848515
TS		 2201 vnc_write_u32(vs, 1);
2202 if (vs->minor >= 8) {
2203 static const char err[] = "Authentication failed";
2204 vnc_write_u32(vs, sizeof(err));
2205 vnc_write(vs, err, sizeof(err));
2206 }
2207 vnc_client_error(vs);
2208 } else { /* Accept requested auth */
2209 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
753b4053 2210 switch (vs->vd->auth) {
70848515
TS		 2211 case VNC_AUTH_NONE:
2212 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 2213 if (vs->minor >= 8) {
2214 vnc_write_u32(vs, 0); /* Accept auth completion */
2215 vnc_flush(vs);
2216 }
5fb6c7a8 2217 start_client_init(vs);
70848515
TS		 2218 break;
2219
2220 case VNC_AUTH_VNC:
2221 VNC_DEBUG("Start VNC auth\n");
5fb6c7a8
AL		 2222 start_auth_vnc(vs);
2223 break;
70848515 2224
eb38c52c 2225#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2226 case VNC_AUTH_VENCRYPT:
2227 VNC_DEBUG("Accept VeNCrypt auth\n");;
5fb6c7a8
AL		 2228 start_auth_vencrypt(vs);
2229 break;
8d5d2d4c
TS		 2230#endif /* CONFIG_VNC_TLS */
2231
2f9606b3
AL		 2232#ifdef CONFIG_VNC_SASL
2233 case VNC_AUTH_SASL:
2234 VNC_DEBUG("Accept SASL auth\n");
2235 start_auth_sasl(vs);
2236 break;
2237#endif /* CONFIG_VNC_SASL */
2238
70848515 2239 default: /* Should not be possible, but just in case */
1263b7d6 2240 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
70848515
TS		 2241 vnc_write_u8(vs, 1);
2242 if (vs->minor >= 8) {
2243 static const char err[] = "Authentication failed";
2244 vnc_write_u32(vs, sizeof(err));
2245 vnc_write(vs, err, sizeof(err));
2246 }
2247 vnc_client_error(vs);
2248 }
2249 }
2250 return 0;
2251}
2252
60fe76f3 2253static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 2254{
2255 char local[13];
24236869
FB		 2256
2257 memcpy(local, version, 12);
2258 local[12] = 0;
2259
70848515 2260 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
28a76be8
AL		 2261 VNC_DEBUG("Malformed protocol version %s\n", local);
2262 vnc_client_error(vs);
2263 return 0;
24236869 2264 }
70848515
TS		 2265 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2266 if (vs->major != 3 ||
28a76be8
AL		 2267 (vs->minor != 3 &&
2268 vs->minor != 4 &&
2269 vs->minor != 5 &&
2270 vs->minor != 7 &&
2271 vs->minor != 8)) {
2272 VNC_DEBUG("Unsupported client version\n");
2273 vnc_write_u32(vs, VNC_AUTH_INVALID);
2274 vnc_flush(vs);
2275 vnc_client_error(vs);
2276 return 0;
70848515 2277 }
b0566f4f 2278 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 2279 * as equivalent to v3.3 by servers
2280 */
b0566f4f 2281 if (vs->minor == 4 || vs->minor == 5)
28a76be8 2282 vs->minor = 3;
70848515
TS		 2283
2284 if (vs->minor == 3) {
28a76be8 2285 if (vs->vd->auth == VNC_AUTH_NONE) {
70848515 2286 VNC_DEBUG("Tell client auth none\n");
753b4053 2287 vnc_write_u32(vs, vs->vd->auth);
70848515 2288 vnc_flush(vs);
28a76be8 2289 start_client_init(vs);
753b4053 2290 } else if (vs->vd->auth == VNC_AUTH_VNC) {
70848515 2291 VNC_DEBUG("Tell client VNC auth\n");
753b4053 2292 vnc_write_u32(vs, vs->vd->auth);
70848515
TS		 2293 vnc_flush(vs);
2294 start_auth_vnc(vs);
2295 } else {
753b4053 2296 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
70848515
TS		 2297 vnc_write_u32(vs, VNC_AUTH_INVALID);
2298 vnc_flush(vs);
2299 vnc_client_error(vs);
2300 }
2301 } else {
28a76be8
AL		 2302 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2303 vnc_write_u8(vs, 1); /* num auth */
2304 vnc_write_u8(vs, vs->vd->auth);
2305 vnc_read_when(vs, protocol_client_auth, 1);
2306 vnc_flush(vs);
70848515 2307 }
24236869
FB		 2308
2309 return 0;
2310}
2311
1fc62412
SS		 2312static int vnc_refresh_server_surface(VncDisplay *vd)
2313{
2314 int y;
2315 uint8_t *guest_row;
2316 uint8_t *server_row;
2317 int cmp_bytes;
2318 uint32_t width_mask[VNC_DIRTY_WORDS];
2319 VncState *vs = NULL;
2320 int has_dirty = 0;
2321
2322 /*
2323 * Walk through the guest dirty map.
2324 * Check and copy modified bits from guest to server surface.
2325 * Update server dirty map.
2326 */
2327 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2328 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2329 guest_row = vd->guest.ds->data;
2330 server_row = vd->server->data;
2331 for (y = 0; y < vd->guest.ds->height; y++) {
2332 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2333 int x;
2334 uint8_t *guest_ptr;
2335 uint8_t *server_ptr;
2336
2337 guest_ptr = guest_row;
2338 server_ptr = server_row;
2339
2340 for (x = 0; x < vd->guest.ds->width;
2341 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2342 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2343 continue;
2344 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2345 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2346 continue;
2347 memcpy(server_ptr, guest_ptr, cmp_bytes);
2348 vs = vd->clients;
2349 while (vs != NULL) {
2350 vnc_set_bit(vs->dirty[y], (x / 16));
2351 vs = vs->next;
2352 }
2353 has_dirty++;
2354 }
2355 }
2356 guest_row += ds_get_linesize(vd->ds);
2357 server_row += ds_get_linesize(vd->ds);
2358 }
2359 return has_dirty;
2360}
2361
703bc68f
SS		 2362static void vnc_refresh(void *opaque)
2363{
2364 VncDisplay *vd = opaque;
1fc62412 2365 VncState *vs = NULL;
2430ffe4 2366 int has_dirty = 0, rects = 0;
703bc68f
SS		 2367
2368 vga_hw_update();
2369
1fc62412
SS		 2370 has_dirty = vnc_refresh_server_surface(vd);
2371
2372 vs = vd->clients;
703bc68f 2373 while (vs != NULL) {
2430ffe4 2374 rects += vnc_update_client(vs, has_dirty);
703bc68f
SS		 2375 vs = vs->next;
2376 }
83755c17
SS		 2377 /* vd->timer could be NULL now if the last client disconnected,
2378 * in this case don't update the timer */
2379 if (vd->timer == NULL)
2380 return;
703bc68f 2381
2430ffe4
SS		 2382 if (has_dirty && rects) {
2383 vd->timer_interval /= 2;
2384 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2385 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2386 } else {
2387 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2388 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2389 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2390 }
2391 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
703bc68f
SS		 2392}
2393
2394static void vnc_init_timer(VncDisplay *vd)
2395{
2430ffe4 2396 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
703bc68f
SS		 2397 if (vd->timer == NULL && vd->clients != NULL) {
2398 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
1fc62412 2399 vnc_refresh(vd);
703bc68f
SS		 2400 }
2401}
2402
2403static void vnc_remove_timer(VncDisplay *vd)
2404{
2405 if (vd->timer != NULL && vd->clients == NULL) {
2406 qemu_del_timer(vd->timer);
2407 qemu_free_timer(vd->timer);
2408 vd->timer = NULL;
2409 }
2410}
2411
753b4053 2412static void vnc_connect(VncDisplay *vd, int csock)
3aa3eea3 2413{
753b4053
AL		 2414 VncState *vs = qemu_mallocz(sizeof(VncState));
2415 vs->csock = csock;
2416
2417 VNC_DEBUG("New client on socket %d\n", csock);
7d957bd8 2418 dcl->idle = 0;
3aa3eea3
AZ		 2419 socket_set_nonblock(vs->csock);
2420 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
753b4053 2421
4a80dba3 2422 vnc_client_cache_addr(vs);
586153d9 2423 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
4a80dba3 2424
753b4053
AL		 2425 vs->vd = vd;
2426 vs->ds = vd->ds;
753b4053
AL		 2427 vs->last_x = -1;
2428 vs->last_y = -1;
2429
2430 vs->as.freq = 44100;
2431 vs->as.nchannels = 2;
2432 vs->as.fmt = AUD_FMT_S16;
2433 vs->as.endianness = 0;
2434
1fc62412
SS		 2435 vs->next = vd->clients;
2436 vd->clients = vs;
2437
2438 vga_hw_update();
2439
3aa3eea3
AZ		 2440 vnc_write(vs, "RFB 003.008\n", 12);
2441 vnc_flush(vs);
2442 vnc_read_when(vs, protocol_version, 12);
53762ddb 2443 reset_keys(vs);
753b4053 2444
703bc68f 2445 vnc_init_timer(vd);
1fc62412 2446
198a0039 2447 /* vs might be free()ed here */
3aa3eea3
AZ		 2448}
2449
24236869
FB		 2450static void vnc_listen_read(void *opaque)
2451{
753b4053 2452 VncDisplay *vs = opaque;
24236869
FB		 2453 struct sockaddr_in addr;
2454 socklen_t addrlen = sizeof(addr);
2455
9f60ad50
AZ		 2456 /* Catch-up */
2457 vga_hw_update();
2458
40ff6d7e 2459 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
753b4053
AL		 2460 if (csock != -1) {
2461 vnc_connect(vs, csock);
24236869
FB		 2462 }
2463}
2464
71cab5ca 2465void vnc_display_init(DisplayState *ds)
24236869 2466{
afd32160 2467 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
24236869 2468
7d957bd8 2469 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
24236869
FB		 2470
2471 ds->opaque = vs;
7d957bd8 2472 dcl->idle = 1;
753b4053 2473 vnc_display = vs;
24236869
FB		 2474
2475 vs->lsock = -1;
24236869
FB		 2476
2477 vs->ds = ds;
2478
9ca313aa 2479 if (keyboard_layout)
0483755a 2480 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
9ca313aa 2481 else
0483755a 2482 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
24236869 2483
24236869 2484 if (!vs->kbd_layout)
28a76be8 2485 exit(1);
24236869 2486
753b4053 2487 dcl->dpy_copy = vnc_dpy_copy;
7d957bd8
AL		 2488 dcl->dpy_update = vnc_dpy_update;
2489 dcl->dpy_resize = vnc_dpy_resize;
2490 dcl->dpy_setdata = vnc_dpy_setdata;
7d957bd8 2491 register_displaychangelistener(ds, dcl);
71cab5ca
TS		 2492}
2493
6f43024c 2494
71cab5ca
TS		 2495void vnc_display_close(DisplayState *ds)
2496{
753b4053 2497 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
71cab5ca 2498
452b4d88
AL		 2499 if (!vs)
2500 return;
71cab5ca 2501 if (vs->display) {
28a76be8
AL		 2502 qemu_free(vs->display);
2503 vs->display = NULL;
71cab5ca
TS		 2504 }
2505 if (vs->lsock != -1) {
28a76be8
AL		 2506 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2507 close(vs->lsock);
2508 vs->lsock = -1;
71cab5ca 2509 }
70848515 2510 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2511#ifdef CONFIG_VNC_TLS
8d5d2d4c 2512 vs->subauth = VNC_AUTH_INVALID;
5fb6c7a8 2513 vs->tls.x509verify = 0;
8d5d2d4c 2514#endif
70848515
TS		 2515}
2516
2517int vnc_display_password(DisplayState *ds, const char *password)
2518{
753b4053 2519 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515 2520
7ef92331
ZA		 2521 if (!vs) {
2522 return -1;
2523 }
2524
70848515 2525 if (vs->password) {
28a76be8
AL		 2526 qemu_free(vs->password);
2527 vs->password = NULL;
70848515
TS		 2528 }
2529 if (password && password[0]) {
28a76be8
AL		 2530 if (!(vs->password = qemu_strdup(password)))
2531 return -1;
52c18be9
ZA		 2532 if (vs->auth == VNC_AUTH_NONE) {
2533 vs->auth = VNC_AUTH_VNC;
2534 }
2535 } else {
2536 vs->auth = VNC_AUTH_NONE;
70848515
TS		 2537 }
2538
2539 return 0;
71cab5ca
TS		 2540}
2541
f92f8afe
AL		 2542char *vnc_display_local_addr(DisplayState *ds)
2543{
2544 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2545
2546 return vnc_socket_local_addr("%s:%s", vs->lsock);
2547}
2548
70848515 2549int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2550{
753b4053 2551 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515
TS		 2552 const char *options;
2553 int password = 0;
3aa3eea3 2554 int reverse = 0;
9712ecaf 2555 int to_port = 0;
eb38c52c 2556#ifdef CONFIG_VNC_TLS
3a702699 2557 int tls = 0, x509 = 0;
8d5d2d4c 2558#endif
2f9606b3
AL		 2559#ifdef CONFIG_VNC_SASL
2560 int sasl = 0;
2561 int saslErr;
2562#endif
76655d6d 2563 int acl = 0;
71cab5ca 2564
753b4053 2565 if (!vnc_display)
452b4d88 2566 return -1;
71cab5ca 2567 vnc_display_close(ds);
70848515 2568 if (strcmp(display, "none") == 0)
28a76be8 2569 return 0;
24236869 2570
70848515 2571 if (!(vs->display = strdup(display)))
28a76be8 2572 return -1;
70848515
TS		 2573
2574 options = display;
2575 while ((options = strchr(options, ','))) {
28a76be8
AL		 2576 options++;
2577 if (strncmp(options, "password", 8) == 0) {
2578 password = 1; /* Require password auth */
2579 } else if (strncmp(options, "reverse", 7) == 0) {
2580 reverse = 1;
2581 } else if (strncmp(options, "to=", 3) == 0) {
9712ecaf 2582 to_port = atoi(options+3) + 5900;
2f9606b3 2583#ifdef CONFIG_VNC_SASL
28a76be8
AL		 2584 } else if (strncmp(options, "sasl", 4) == 0) {
2585 sasl = 1; /* Require SASL auth */
2f9606b3 2586#endif
eb38c52c 2587#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2588 } else if (strncmp(options, "tls", 3) == 0) {
2589 tls = 1; /* Require TLS */
2590 } else if (strncmp(options, "x509", 4) == 0) {
2591 char *start, *end;
2592 x509 = 1; /* Require x509 certificates */
2593 if (strncmp(options, "x509verify", 10) == 0)
2594 vs->tls.x509verify = 1; /* ...and verify client certs */
2595
2596 /* Now check for 'x509=/some/path' postfix
2597 * and use that to setup x509 certificate/key paths */
2598 start = strchr(options, '=');
2599 end = strchr(options, ',');
2600 if (start && (!end || (start < end))) {
2601 int len = end ? end-(start+1) : strlen(start+1);
2602 char *path = qemu_strndup(start + 1, len);
2603
2604 VNC_DEBUG("Trying certificate path '%s'\n", path);
2605 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2606 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2607 qemu_free(path);
2608 qemu_free(vs->display);
2609 vs->display = NULL;
2610 return -1;
2611 }
2612 qemu_free(path);
2613 } else {
2614 fprintf(stderr, "No certificate path provided\n");
2615 qemu_free(vs->display);
2616 vs->display = NULL;
2617 return -1;
2618 }
8d5d2d4c 2619#endif
28a76be8
AL		 2620 } else if (strncmp(options, "acl", 3) == 0) {
2621 acl = 1;
2622 }
70848515
TS		 2623 }
2624
76655d6d
AL		 2625#ifdef CONFIG_VNC_TLS
2626 if (acl && x509 && vs->tls.x509verify) {
28a76be8
AL		 2627 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2628 fprintf(stderr, "Failed to create x509 dname ACL\n");
2629 exit(1);
2630 }
76655d6d
AL		 2631 }
2632#endif
2633#ifdef CONFIG_VNC_SASL
2634 if (acl && sasl) {
28a76be8
AL		 2635 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2636 fprintf(stderr, "Failed to create username ACL\n");
2637 exit(1);
2638 }
76655d6d
AL		 2639 }
2640#endif
2641
2f9606b3
AL		 2642 /*
2643 * Combinations we support here:
2644 *
2645 * - no-auth (clear text, no auth)
2646 * - password (clear text, weak auth)
2647 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2648 * - tls (encrypt, weak anonymous creds, no auth)
2649 * - tls + password (encrypt, weak anonymous creds, weak auth)
2650 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2651 * - tls + x509 (encrypt, good x509 creds, no auth)
2652 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2653 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2654 *
2655 * NB1. TLS is a stackable auth scheme.
2656 * NB2. the x509 schemes have option to validate a client cert dname
2657 */
70848515 2658 if (password) {
eb38c52c 2659#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2660 if (tls) {
2661 vs->auth = VNC_AUTH_VENCRYPT;
2662 if (x509) {
2663 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2664 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2665 } else {
2666 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2667 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2668 }
2669 } else {
2f9606b3 2670#endif /* CONFIG_VNC_TLS */
28a76be8
AL		 2671 VNC_DEBUG("Initializing VNC server with password auth\n");
2672 vs->auth = VNC_AUTH_VNC;
eb38c52c 2673#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2674 vs->subauth = VNC_AUTH_INVALID;
2675 }
2f9606b3
AL		 2676#endif /* CONFIG_VNC_TLS */
2677#ifdef CONFIG_VNC_SASL
2678 } else if (sasl) {
2679#ifdef CONFIG_VNC_TLS
2680 if (tls) {
2681 vs->auth = VNC_AUTH_VENCRYPT;
2682 if (x509) {
28a76be8 2683 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2f9606b3
AL		 2684 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2685 } else {
28a76be8 2686 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2f9606b3
AL		 2687 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2688 }
2689 } else {
2690#endif /* CONFIG_VNC_TLS */
28a76be8 2691 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2f9606b3
AL		 2692 vs->auth = VNC_AUTH_SASL;
2693#ifdef CONFIG_VNC_TLS
2694 vs->subauth = VNC_AUTH_INVALID;
2695 }
2696#endif /* CONFIG_VNC_TLS */
2697#endif /* CONFIG_VNC_SASL */
70848515 2698 } else {
eb38c52c 2699#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2700 if (tls) {
2701 vs->auth = VNC_AUTH_VENCRYPT;
2702 if (x509) {
2703 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2704 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2705 } else {
2706 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2707 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2708 }
2709 } else {
8d5d2d4c 2710#endif
28a76be8
AL		 2711 VNC_DEBUG("Initializing VNC server with no auth\n");
2712 vs->auth = VNC_AUTH_NONE;
eb38c52c 2713#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2714 vs->subauth = VNC_AUTH_INVALID;
2715 }
8d5d2d4c 2716#endif
70848515 2717 }
24236869 2718
2f9606b3
AL		 2719#ifdef CONFIG_VNC_SASL
2720 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2721 fprintf(stderr, "Failed to initialize SASL auth %s",
2722 sasl_errstring(saslErr, NULL, NULL));
2723 free(vs->display);
2724 vs->display = NULL;
2725 return -1;
2726 }
2727#endif
2728
3aa3eea3 2729 if (reverse) {
9712ecaf
AL		 2730 /* connect to viewer */
2731 if (strncmp(display, "unix:", 5) == 0)
2732 vs->lsock = unix_connect(display+5);
2733 else
2734 vs->lsock = inet_connect(display, SOCK_STREAM);
2735 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2736 free(vs->display);
2737 vs->display = NULL;
2738 return -1;
2739 } else {
753b4053 2740 int csock = vs->lsock;
3aa3eea3 2741 vs->lsock = -1;
753b4053 2742 vnc_connect(vs, csock);
3aa3eea3 2743 }
9712ecaf 2744 return 0;
24236869 2745
9712ecaf
AL		 2746 } else {
2747 /* listen for connects */
2748 char *dpy;
2749 dpy = qemu_malloc(256);
2750 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2751 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2752 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2753 } else {
2754 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2755 }
2756 if (-1 == vs->lsock) {
2757 free(dpy);
d0513623 2758 return -1;
9712ecaf
AL		 2759 } else {
2760 free(vs->display);
2761 vs->display = dpy;
2762 }
24236869 2763 }
753b4053 2764 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
24236869 2765}
Empty description
This page took 0.771762 seconds and 4 git commands to generate.