]> Git Repo - qemu.git/blame - vnc.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vnc: don't clear zlib stream on set_encoding
[qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <[email protected]>
5 * Copyright (C) 2006 Fabrice Bellard
19a490bf 6 * Copyright (C) 2009 Red Hat, Inc
5fafdf24 7 *
7d510b8c
FB		 8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
19a490bf 27#include "vnc.h"
87ecb68b 28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
76655d6d 31#include "acl.h"
d96fd29c 32#include "qemu-objects.h"
24236869 33
2430ffe4
SS		 34#define VNC_REFRESH_INTERVAL_BASE 30
35#define VNC_REFRESH_INTERVAL_INC 50
36#define VNC_REFRESH_INTERVAL_MAX 2000
24236869
FB		 37
38#include "vnc_keysym.h"
70848515
TS		 39#include "d3des.h"
40
90a1e3c0
AL		 41#define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46}
8d5d2d4c 47
24236869 48
753b4053 49static VncDisplay *vnc_display; /* needed for info vnc */
7d957bd8 50static DisplayChangeListener *dcl;
a9ce8590 51
d467b679
GH		 52static int vnc_cursor_define(VncState *vs);
53
1ff7df1a
AL		 54static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
56 socklen_t salen) {
57 char *addr;
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
60 int err;
457772e6 61 size_t addrlen;
1ff7df1a
AL		 62
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
64 host, sizeof(host),
65 serv, sizeof(serv),
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
69 return NULL;
70 }
71
457772e6 72 /* Enough for the existing format + the 2 vars we're
f425c278 73 * substituting in. */
457772e6
AL		 74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
77 addr[addrlen] = '\0';
1ff7df1a
AL		 78
79 return addr;
80}
81
2f9606b3
AL		 82
83char *vnc_socket_local_addr(const char *format, int fd) {
1ff7df1a
AL		 84 struct sockaddr_storage sa;
85 socklen_t salen;
86
87 salen = sizeof(sa);
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89 return NULL;
90
91 return addr_to_string(format, &sa, salen);
92}
93
2f9606b3 94char *vnc_socket_remote_addr(const char *format, int fd) {
1ff7df1a
AL		 95 struct sockaddr_storage sa;
96 socklen_t salen;
97
98 salen = sizeof(sa);
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100 return NULL;
101
102 return addr_to_string(format, &sa, salen);
103}
104
d96fd29c
LC		 105static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106 socklen_t salen)
107{
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
110 int err;
111
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
113 host, sizeof(host),
114 serv, sizeof(serv),
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
118 return -1;
119 }
120
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
dc0d4efc 123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
d96fd29c
LC		 124
125 return 0;
126}
127
a7789382 128static int vnc_server_addr_put(QDict *qdict, int fd)
d96fd29c
LC		 129{
130 struct sockaddr_storage sa;
131 socklen_t salen;
132
133 salen = sizeof(sa);
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135 return -1;
136 }
137
138 return put_addr_qdict(qdict, &sa, salen);
139}
140
141static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142{
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148 return -1;
149 }
150
151 return put_addr_qdict(qdict, &sa, salen);
152}
153
1ff7df1a
AL		 154static const char *vnc_auth_name(VncDisplay *vd) {
155 switch (vd->auth) {
156 case VNC_AUTH_INVALID:
157 return "invalid";
158 case VNC_AUTH_NONE:
159 return "none";
160 case VNC_AUTH_VNC:
161 return "vnc";
162 case VNC_AUTH_RA2:
163 return "ra2";
164 case VNC_AUTH_RA2NE:
165 return "ra2ne";
166 case VNC_AUTH_TIGHT:
167 return "tight";
168 case VNC_AUTH_ULTRA:
169 return "ultra";
170 case VNC_AUTH_TLS:
171 return "tls";
172 case VNC_AUTH_VENCRYPT:
173#ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
28a76be8
AL		 189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
1ff7df1a
AL		 193 default:
194 return "vencrypt";
195 }
196#else
197 return "vencrypt";
198#endif
2f9606b3 199 case VNC_AUTH_SASL:
28a76be8 200 return "sasl";
1ff7df1a
AL		 201 }
202 return "unknown";
203}
204
a7789382
LC		 205static int vnc_server_info_put(QDict *qdict)
206{
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208 return -1;
209 }
210
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212 return 0;
213}
214
4a80dba3 215static void vnc_client_cache_auth(VncState *client)
1ff7df1a 216{
d96fd29c 217 QDict *qdict;
1ff7df1a 218
4a80dba3
LC		 219 if (!client->info) {
220 return;
d96fd29c 221 }
1263b7d6 222
4a80dba3
LC		 223 qdict = qobject_to_qdict(client->info);
224
1263b7d6
AL		 225#ifdef CONFIG_VNC_TLS
226 if (client->tls.session &&
d96fd29c
LC		 227 client->tls.dname) {
228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229 }
1263b7d6
AL		 230#endif
231#ifdef CONFIG_VNC_SASL
232 if (client->sasl.conn &&
d96fd29c 233 client->sasl.username) {
76825067
LC		 234 qdict_put(qdict, "sasl_username",
235 qstring_from_str(client->sasl.username));
d96fd29c 236 }
1263b7d6 237#endif
4a80dba3 238}
d96fd29c 239
4a80dba3
LC		 240static void vnc_client_cache_addr(VncState *client)
241{
242 QDict *qdict;
243
244 qdict = qdict_new();
245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246 QDECREF(qdict);
247 /* XXX: how to report the error? */
248 return;
249 }
250
251 client->info = QOBJECT(qdict);
1ff7df1a
AL		 252}
253
586153d9
LC		 254static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255{
256 QDict *server;
257 QObject *data;
258
259 if (!vs->info) {
260 return;
261 }
262
263 server = qdict_new();
264 if (vnc_server_info_put(server) < 0) {
265 QDECREF(server);
266 return;
267 }
268
269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs->info, QOBJECT(server));
271
272 monitor_protocol_event(event, data);
273
274 qobject_incref(vs->info);
275 qobject_decref(data);
276}
277
d96fd29c 278static void info_vnc_iter(QObject *obj, void *opaque)
a9ce8590 279{
d96fd29c
LC		 280 QDict *client;
281 Monitor *mon = opaque;
282
283 client = qobject_to_qdict(obj);
284 monitor_printf(mon, "Client:\n");
285 monitor_printf(mon, " address: %s:%s\n",
286 qdict_get_str(client, "host"),
287 qdict_get_str(client, "service"));
288
289#ifdef CONFIG_VNC_TLS
290 monitor_printf(mon, " x509_dname: %s\n",
291 qdict_haskey(client, "x509_dname") ?
292 qdict_get_str(client, "x509_dname") : "none");
293#endif
294#ifdef CONFIG_VNC_SASL
295 monitor_printf(mon, " username: %s\n",
76825067
LC		 296 qdict_haskey(client, "sasl_username") ?
297 qdict_get_str(client, "sasl_username") : "none");
d96fd29c
LC		 298#endif
299}
300
301void do_info_vnc_print(Monitor *mon, const QObject *data)
302{
303 QDict *server;
304 QList *clients;
305
306 server = qobject_to_qdict(data);
8950a950 307 if (qdict_get_bool(server, "enabled") == 0) {
1ff7df1a 308 monitor_printf(mon, "Server: disabled\n");
d96fd29c
LC		 309 return;
310 }
1ff7df1a 311
d96fd29c
LC		 312 monitor_printf(mon, "Server:\n");
313 monitor_printf(mon, " address: %s:%s\n",
314 qdict_get_str(server, "host"),
315 qdict_get_str(server, "service"));
a7789382 316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
d96fd29c
LC		 317
318 clients = qdict_get_qlist(server, "clients");
319 if (qlist_empty(clients)) {
320 monitor_printf(mon, "Client: none\n");
321 } else {
322 qlist_iter(clients, info_vnc_iter, mon);
323 }
324}
1ff7df1a 325
d96fd29c
LC		 326/**
327 * do_info_vnc(): Show VNC server information
328 *
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
331 *
332 * The main QDict contains the following:
333 *
8950a950 334 * - "enabled": true or false
d96fd29c 335 * - "host": server's IP address
5c7238c5 336 * - "family": address family ("ipv4" or "ipv6")
d96fd29c 337 * - "service": server's port number
a7789382 338 * - "auth": authentication method
d96fd29c
LC		 339 * - "clients": a QList of all connected clients
340 *
341 * Clients are described by a QDict, with the following information:
342 *
343 * - "host": client's IP address
5c7238c5 344 * - "family": address family ("ipv4" or "ipv6")
d96fd29c
LC		 345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
76825067 347 * - "sasl_username": SASL username (optional)
d96fd29c
LC		 348 *
349 * Example:
350 *
8950a950 351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
5c7238c5
LC		 352 * "family": "ipv4",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
d96fd29c
LC		 354 */
355void do_info_vnc(Monitor *mon, QObject **ret_data)
356{
357 if (vnc_display == NULL || vnc_display->display == NULL) {
8950a950 358 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
d96fd29c 359 } else {
d96fd29c 360 QList *clist;
41b4bef6 361 VncState *client;
1ff7df1a 362
d96fd29c 363 clist = qlist_new();
41b4bef6
AS		 364 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
365 if (client->info) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client->info);
368 qlist_append_obj(clist, client->info);
1ff7df1a 369 }
d96fd29c
LC		 370 }
371
8950a950 372 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
d96fd29c
LC		 373 QOBJECT(clist));
374 assert(*ret_data != NULL);
375
a7789382 376 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
d96fd29c
LC		 377 qobject_decref(*ret_data);
378 *ret_data = NULL;
1ff7df1a 379 }
a9ce8590
FB		 380 }
381}
382
29fa4ed9
AL		 383static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
384 return (vs->features & (1 << feature));
385}
386
24236869
FB		 387/* TODO
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
392*/
393
2430ffe4 394static int vnc_update_client(VncState *vs, int has_dirty);
198a0039
GH		 395static void vnc_disconnect_start(VncState *vs);
396static void vnc_disconnect_finish(VncState *vs);
703bc68f
SS		 397static void vnc_init_timer(VncDisplay *vd);
398static void vnc_remove_timer(VncDisplay *vd);
24236869 399
753b4053 400static void vnc_colordepth(VncState *vs);
1fc62412
SS		 401static void framebuffer_update_request(VncState *vs, int incremental,
402 int x_position, int y_position,
403 int w, int h);
404static void vnc_refresh(void *opaque);
405static int vnc_refresh_server_surface(VncDisplay *vd);
7eac3a87 406
99589bdc
FB		 407static inline void vnc_set_bit(uint32_t *d, int k)
408{
409 d[k >> 5] |= 1 << (k & 0x1f);
410}
411
412static inline void vnc_clear_bit(uint32_t *d, int k)
413{
414 d[k >> 5] &= ~(1 << (k & 0x1f));
415}
416
417static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
418{
419 int j;
420
421 j = 0;
422 while (n >= 32) {
423 d[j++] = -1;
424 n -= 32;
425 }
5fafdf24 426 if (n > 0)
99589bdc
FB		 427 d[j++] = (1 << n) - 1;
428 while (j < nb_words)
429 d[j++] = 0;
430}
431
432static inline int vnc_get_bit(const uint32_t *d, int k)
433{
434 return (d[k >> 5] >> (k & 0x1f)) & 1;
435}
436
5fafdf24 437static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 438 int nb_words)
439{
440 int i;
441 for(i = 0; i < nb_words; i++) {
442 if ((d1[i] & d2[i]) != 0)
443 return 1;
444 }
445 return 0;
446}
447
1fc62412 448static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
24236869 449{
24236869 450 int i;
1fc62412
SS		 451 VncDisplay *vd = ds->opaque;
452 struct VncSurface *s = &vd->guest;
24236869
FB		 453
454 h += y;
455
0486e8a7
AZ		 456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
459 */
460 w += (x % 16);
461 x -= (x % 16);
462
6baebed7
AL		 463 x = MIN(x, s->ds->width);
464 y = MIN(y, s->ds->height);
465 w = MIN(x + w, s->ds->width) - x;
466 h = MIN(h, s->ds->height);
788abf8e 467
24236869 468 for (; y < h; y++)
28a76be8 469 for (i = 0; i < w; i += 16)
6baebed7 470 vnc_set_bit(s->dirty[y], (x + i) / 16);
24236869
FB		 471}
472
70a4568f
CC		 473void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
474 int32_t encoding)
24236869
FB		 475{
476 vnc_write_u16(vs, x);
477 vnc_write_u16(vs, y);
478 vnc_write_u16(vs, w);
479 vnc_write_u16(vs, h);
480
481 vnc_write_s32(vs, encoding);
482}
483
2f9606b3 484void buffer_reserve(Buffer *buffer, size_t len)
89064286
AL		 485{
486 if ((buffer->capacity - buffer->offset) < len) {
28a76be8
AL		 487 buffer->capacity += (len + 1024);
488 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
489 if (buffer->buffer == NULL) {
490 fprintf(stderr, "vnc: out of memory\n");
491 exit(1);
492 }
89064286
AL		 493 }
494}
495
2f9606b3 496int buffer_empty(Buffer *buffer)
89064286
AL		 497{
498 return buffer->offset == 0;
499}
500
2f9606b3 501uint8_t *buffer_end(Buffer *buffer)
89064286
AL		 502{
503 return buffer->buffer + buffer->offset;
504}
505
2f9606b3 506void buffer_reset(Buffer *buffer)
89064286 507{
28a76be8 508 buffer->offset = 0;
89064286
AL		 509}
510
2f9606b3 511void buffer_append(Buffer *buffer, const void *data, size_t len)
89064286
AL		 512{
513 memcpy(buffer->buffer + buffer->offset, data, len);
514 buffer->offset += len;
515}
516
1fc62412 517static void vnc_dpy_resize(DisplayState *ds)
24236869 518{
73e14b62 519 int size_changed;
1fc62412 520 VncDisplay *vd = ds->opaque;
41b4bef6 521 VncState *vs;
1fc62412
SS		 522
523 /* server surface */
524 if (!vd->server)
525 vd->server = qemu_mallocz(sizeof(*vd->server));
526 if (vd->server->data)
527 qemu_free(vd->server->data);
528 *(vd->server) = *(ds->surface);
529 vd->server->data = qemu_mallocz(vd->server->linesize *
530 vd->server->height);
24236869 531
6baebed7 532 /* guest surface */
1fc62412
SS		 533 if (!vd->guest.ds)
534 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
535 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
a528b80c 536 console_color_init(ds);
1fc62412
SS		 537 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
538 ds_get_height(ds) != vd->guest.ds->height;
539 *(vd->guest.ds) = *(ds->surface);
540 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
24236869 541
41b4bef6 542 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412
SS		 543 vnc_colordepth(vs);
544 if (size_changed) {
545 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
46a183da 546 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1fc62412
SS		 547 vnc_write_u8(vs, 0);
548 vnc_write_u16(vs, 1); /* number of rects */
549 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
550 VNC_ENCODING_DESKTOPRESIZE);
551 vnc_flush(vs);
552 }
553 }
d467b679
GH		 554 if (vs->vd->cursor) {
555 vnc_cursor_define(vs);
556 }
1fc62412 557 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
753b4053
AL		 558 }
559}
560
3512779a 561/* fastest code */
d467b679
GH		 562static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
563 void *pixels, int size)
3512779a
FB		 564{
565 vnc_write(vs, pixels, size);
566}
567
568/* slowest but generic code. */
70a4568f 569void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
3512779a 570{
7eac3a87 571 uint8_t r, g, b;
1fc62412
SS		 572 VncDisplay *vd = vs->vd;
573
574 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
575 vd->server->pf.rbits);
576 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
577 vd->server->pf.gbits);
578 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
579 vd->server->pf.bbits);
6cec5487
AL		 580 v = (r << vs->clientds.pf.rshift) |
581 (g << vs->clientds.pf.gshift) |
582 (b << vs->clientds.pf.bshift);
583 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 584 case 1:
585 buf[0] = v;
586 break;
587 case 2:
6cec5487 588 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 589 buf[0] = v >> 8;
590 buf[1] = v;
591 } else {
592 buf[1] = v >> 8;
593 buf[0] = v;
594 }
595 break;
596 default:
597 case 4:
6cec5487 598 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 599 buf[0] = v >> 24;
600 buf[1] = v >> 16;
601 buf[2] = v >> 8;
602 buf[3] = v;
603 } else {
604 buf[3] = v >> 24;
605 buf[2] = v >> 16;
606 buf[1] = v >> 8;
607 buf[0] = v;
608 }
609 break;
610 }
611}
612
d467b679
GH		 613static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
614 void *pixels1, int size)
3512779a 615{
3512779a 616 uint8_t buf[4];
3512779a 617
d467b679 618 if (pf->bytes_per_pixel == 4) {
7eac3a87
AL		 619 uint32_t *pixels = pixels1;
620 int n, i;
621 n = size >> 2;
622 for(i = 0; i < n; i++) {
623 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 624 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 625 }
d467b679 626 } else if (pf->bytes_per_pixel == 2) {
7eac3a87
AL		 627 uint16_t *pixels = pixels1;
628 int n, i;
629 n = size >> 1;
630 for(i = 0; i < n; i++) {
631 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 632 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 633 }
d467b679 634 } else if (pf->bytes_per_pixel == 1) {
7eac3a87
AL		 635 uint8_t *pixels = pixels1;
636 int n, i;
637 n = size;
638 for(i = 0; i < n; i++) {
639 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 640 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 641 }
642 } else {
643 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 644 }
645}
646
70a4568f 647void vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
24236869
FB		 648{
649 int i;
60fe76f3 650 uint8_t *row;
1fc62412 651 VncDisplay *vd = vs->vd;
24236869 652
1fc62412 653 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 654 for (i = 0; i < h; i++) {
d467b679 655 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
28a76be8 656 row += ds_get_linesize(vs->ds);
24236869
FB		 657 }
658}
659
24236869
FB		 660static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
661{
fb437313 662 switch(vs->vnc_encoding) {
28a76be8 663 case VNC_ENCODING_ZLIB:
780a049e 664 vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
28a76be8
AL		 665 break;
666 case VNC_ENCODING_HEXTILE:
667 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
70a4568f 668 vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
28a76be8
AL		 669 break;
670 default:
671 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
70a4568f 672 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
28a76be8 673 break;
fb437313 674 }
24236869
FB		 675}
676
753b4053 677static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
24236869 678{
3e28c9ad 679 /* send bitblit op to the vnc client */
46a183da 680 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
24236869
FB		 681 vnc_write_u8(vs, 0);
682 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9 683 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
24236869
FB		 684 vnc_write_u16(vs, src_x);
685 vnc_write_u16(vs, src_y);
686 vnc_flush(vs);
687}
688
753b4053
AL		 689static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
690{
691 VncDisplay *vd = ds->opaque;
198a0039 692 VncState *vs, *vn;
1fc62412
SS		 693 uint8_t *src_row;
694 uint8_t *dst_row;
695 int i,x,y,pitch,depth,inc,w_lim,s;
696 int cmp_bytes;
198a0039 697
1fc62412 698 vnc_refresh_server_surface(vd);
41b4bef6 699 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
198a0039
GH		 700 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
701 vs->force_update = 1;
1fc62412 702 vnc_update_client(vs, 1);
198a0039
GH		 703 /* vs might be free()ed here */
704 }
705 }
706
1fc62412
SS		 707 /* do bitblit op on the local surface too */
708 pitch = ds_get_linesize(vd->ds);
709 depth = ds_get_bytes_per_pixel(vd->ds);
710 src_row = vd->server->data + pitch * src_y + depth * src_x;
711 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
712 y = dst_y;
713 inc = 1;
714 if (dst_y > src_y) {
715 /* copy backwards */
716 src_row += pitch * (h-1);
717 dst_row += pitch * (h-1);
718 pitch = -pitch;
719 y = dst_y + h - 1;
720 inc = -1;
721 }
722 w_lim = w - (16 - (dst_x % 16));
723 if (w_lim < 0)
724 w_lim = w;
725 else
726 w_lim = w - (w_lim % 16);
727 for (i = 0; i < h; i++) {
728 for (x = 0; x <= w_lim;
729 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
730 if (x == w_lim) {
731 if ((s = w - w_lim) == 0)
732 break;
733 } else if (!x) {
734 s = (16 - (dst_x % 16));
735 s = MIN(s, w_lim);
736 } else {
737 s = 16;
738 }
739 cmp_bytes = s * depth;
740 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
741 continue;
742 memmove(dst_row, src_row, cmp_bytes);
41b4bef6
AS		 743 QTAILQ_FOREACH(vs, &vd->clients, next) {
744 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
1fc62412 745 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
41b4bef6 746 }
1fc62412
SS		 747 }
748 }
749 src_row += pitch - w * depth;
750 dst_row += pitch - w * depth;
751 y += inc;
752 }
753
41b4bef6
AS		 754 QTAILQ_FOREACH(vs, &vd->clients, next) {
755 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
753b4053 756 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
41b4bef6 757 }
753b4053
AL		 758 }
759}
760
d467b679
GH		 761static void vnc_mouse_set(int x, int y, int visible)
762{
763 /* can we ask the client(s) to move the pointer ??? */
764}
765
766static int vnc_cursor_define(VncState *vs)
767{
768 QEMUCursor *c = vs->vd->cursor;
769 PixelFormat pf = qemu_default_pixelformat(32);
770 int isize;
771
772 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
773 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
774 vnc_write_u8(vs, 0); /* padding */
775 vnc_write_u16(vs, 1); /* # of rects */
776 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
777 VNC_ENCODING_RICH_CURSOR);
778 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
779 vnc_write_pixels_generic(vs, &pf, c->data, isize);
780 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
781 return 0;
782 }
783 return -1;
784}
785
786static void vnc_dpy_cursor_define(QEMUCursor *c)
787{
788 VncDisplay *vd = vnc_display;
789 VncState *vs;
790
791 cursor_put(vd->cursor);
792 qemu_free(vd->cursor_mask);
793
794 vd->cursor = c;
795 cursor_get(vd->cursor);
796 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
797 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
798 cursor_get_mono_mask(c, 0, vd->cursor_mask);
799
800 QTAILQ_FOREACH(vs, &vd->clients, next) {
801 vnc_cursor_define(vs);
802 }
803}
804
1fc62412 805static int find_and_clear_dirty_height(struct VncState *vs,
6baebed7 806 int y, int last_x, int x)
24236869
FB		 807{
808 int h;
1fc62412 809 VncDisplay *vd = vs->vd;
24236869 810
1fc62412 811 for (h = 1; h < (vd->server->height - y); h++) {
28a76be8 812 int tmp_x;
1fc62412 813 if (!vnc_get_bit(vs->dirty[y + h], last_x))
28a76be8
AL		 814 break;
815 for (tmp_x = last_x; tmp_x < x; tmp_x++)
1fc62412 816 vnc_clear_bit(vs->dirty[y + h], tmp_x);
24236869
FB		 817 }
818
819 return h;
820}
821
2430ffe4 822static int vnc_update_client(VncState *vs, int has_dirty)
24236869 823{
24236869 824 if (vs->need_update && vs->csock != -1) {
1fc62412 825 VncDisplay *vd = vs->vd;
28a76be8 826 int y;
28a76be8
AL		 827 int n_rectangles;
828 int saved_offset;
24236869 829
703bc68f 830 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
c522d0e2 831 /* kernel send buffers are full -> drop frames to throttle */
2430ffe4 832 return 0;
a0ecfb73 833
703bc68f 834 if (!has_dirty && !vs->audio_cap && !vs->force_update)
2430ffe4 835 return 0;
28a76be8 836
6baebed7
AL		 837 /*
838 * Send screen updates to the vnc client using the server
839 * surface and server dirty map. guest surface updates
840 * happening in parallel don't disturb us, the next pass will
841 * send them to the client.
842 */
28a76be8 843 n_rectangles = 0;
46a183da 844 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
28a76be8
AL		 845 vnc_write_u8(vs, 0);
846 saved_offset = vs->output.offset;
847 vnc_write_u16(vs, 0);
848
1fc62412 849 for (y = 0; y < vd->server->height; y++) {
28a76be8
AL		 850 int x;
851 int last_x = -1;
1fc62412
SS		 852 for (x = 0; x < vd->server->width / 16; x++) {
853 if (vnc_get_bit(vs->dirty[y], x)) {
28a76be8
AL		 854 if (last_x == -1) {
855 last_x = x;
856 }
1fc62412 857 vnc_clear_bit(vs->dirty[y], x);
28a76be8
AL		 858 } else {
859 if (last_x != -1) {
1fc62412 860 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 861 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
862 n_rectangles++;
863 }
864 last_x = -1;
865 }
866 }
867 if (last_x != -1) {
1fc62412 868 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 869 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
870 n_rectangles++;
871 }
872 }
873 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
874 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
875 vnc_flush(vs);
c522d0e2 876 vs->force_update = 0;
2430ffe4 877 return n_rectangles;
24236869 878 }
24236869 879
703bc68f 880 if (vs->csock == -1)
198a0039 881 vnc_disconnect_finish(vs);
2430ffe4
SS		 882
883 return 0;
24236869
FB		 884}
885
429a8ed3 886/* audio */
887static void audio_capture_notify(void *opaque, audcnotification_e cmd)
888{
889 VncState *vs = opaque;
890
891 switch (cmd) {
892 case AUD_CNOTIFY_DISABLE:
46a183da
DB		 893 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
894 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
895 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
429a8ed3 896 vnc_flush(vs);
897 break;
898
899 case AUD_CNOTIFY_ENABLE:
46a183da
DB		 900 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
901 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
902 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
429a8ed3 903 vnc_flush(vs);
904 break;
905 }
906}
907
908static void audio_capture_destroy(void *opaque)
909{
910}
911
912static void audio_capture(void *opaque, void *buf, int size)
913{
914 VncState *vs = opaque;
915
46a183da
DB		 916 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
917 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
918 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
429a8ed3 919 vnc_write_u32(vs, size);
920 vnc_write(vs, buf, size);
921 vnc_flush(vs);
922}
923
924static void audio_add(VncState *vs)
925{
926 struct audio_capture_ops ops;
927
928 if (vs->audio_cap) {
8631b608 929 monitor_printf(default_mon, "audio already running\n");
429a8ed3 930 return;
931 }
932
933 ops.notify = audio_capture_notify;
934 ops.destroy = audio_capture_destroy;
935 ops.capture = audio_capture;
936
1a7dafce 937 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
429a8ed3 938 if (!vs->audio_cap) {
8631b608 939 monitor_printf(default_mon, "Failed to add audio capture\n");
429a8ed3 940 }
941}
942
943static void audio_del(VncState *vs)
944{
945 if (vs->audio_cap) {
946 AUD_del_capture(vs->audio_cap, vs);
947 vs->audio_cap = NULL;
948 }
949}
950
198a0039
GH		 951static void vnc_disconnect_start(VncState *vs)
952{
953 if (vs->csock == -1)
954 return;
955 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
956 closesocket(vs->csock);
957 vs->csock = -1;
958}
959
960static void vnc_disconnect_finish(VncState *vs)
961{
0d72f3d3
LC		 962 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
963
fa0cfdf2
SW		 964 if (vs->input.buffer) {
965 qemu_free(vs->input.buffer);
966 vs->input.buffer = NULL;
967 }
968 if (vs->output.buffer) {
969 qemu_free(vs->output.buffer);
970 vs->output.buffer = NULL;
971 }
4a80dba3
LC		 972
973 qobject_decref(vs->info);
974
198a0039
GH		 975#ifdef CONFIG_VNC_TLS
976 vnc_tls_client_cleanup(vs);
977#endif /* CONFIG_VNC_TLS */
978#ifdef CONFIG_VNC_SASL
979 vnc_sasl_client_cleanup(vs);
980#endif /* CONFIG_VNC_SASL */
981 audio_del(vs);
982
41b4bef6
AS		 983 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
984
985 if (QTAILQ_EMPTY(&vs->vd->clients)) {
198a0039 986 dcl->idle = 1;
41b4bef6 987 }
198a0039 988
37c34d9d 989 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
703bc68f 990 vnc_remove_timer(vs->vd);
3a0558b5
GH		 991 if (vs->vd->lock_key_sync)
992 qemu_remove_led_event_handler(vs->led);
5d95ac5b 993 qemu_free(vs);
198a0039 994}
2f9606b3
AL		 995
996int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 997{
998 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 999 if (ret == -1) {
1000 switch (last_errno) {
1001 case EINTR:
1002 case EAGAIN:
1003#ifdef _WIN32
1004 case WSAEWOULDBLOCK:
1005#endif
1006 return 0;
1007 default:
1008 break;
1009 }
1010 }
24236869 1011
198a0039
GH		 1012 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1013 ret, ret < 0 ? last_errno : 0);
1014 vnc_disconnect_start(vs);
6baebed7 1015
28a76be8 1016 return 0;
24236869
FB		 1017 }
1018 return ret;
1019}
1020
5fb6c7a8
AL		 1021
1022void vnc_client_error(VncState *vs)
24236869 1023{
198a0039
GH		 1024 VNC_DEBUG("Closing down client sock: protocol error\n");
1025 vnc_disconnect_start(vs);
24236869
FB		 1026}
1027
2f9606b3
AL		 1028
1029/*
1030 * Called to write a chunk of data to the client socket. The data may
1031 * be the raw data, or may have already been encoded by SASL.
1032 * The data will be written either straight onto the socket, or
1033 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1034 *
1035 * NB, it is theoretically possible to have 2 layers of encryption,
1036 * both SASL, and this TLS layer. It is highly unlikely in practice
1037 * though, since SASL encryption will typically be a no-op if TLS
1038 * is active
1039 *
1040 * Returns the number of bytes written, which may be less than
1041 * the requested 'datalen' if the socket would block. Returns
1042 * -1 on error, and disconnects the client socket.
1043 */
1044long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
24236869 1045{
ceb5caaf 1046 long ret;
eb38c52c 1047#ifdef CONFIG_VNC_TLS
5fb6c7a8 1048 if (vs->tls.session) {
28a76be8
AL		 1049 ret = gnutls_write(vs->tls.session, data, datalen);
1050 if (ret < 0) {
1051 if (ret == GNUTLS_E_AGAIN)
1052 errno = EAGAIN;
1053 else
1054 errno = EIO;
1055 ret = -1;
1056 }
8d5d2d4c
TS		 1057 } else
1058#endif /* CONFIG_VNC_TLS */
70503264 1059 ret = send(vs->csock, (const void *)data, datalen, 0);
23decc87 1060 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1061 return vnc_client_io_error(vs, ret, socket_error());
1062}
1063
1064
1065/*
1066 * Called to write buffered data to the client socket, when not
1067 * using any SASL SSF encryption layers. Will write as much data
1068 * as possible without blocking. If all buffered data is written,
1069 * will switch the FD poll() handler back to read monitoring.
1070 *
1071 * Returns the number of bytes written, which may be less than
1072 * the buffered output data if the socket would block. Returns
1073 * -1 on error, and disconnects the client socket.
1074 */
1075static long vnc_client_write_plain(VncState *vs)
1076{
1077 long ret;
1078
1079#ifdef CONFIG_VNC_SASL
23decc87 1080 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
2f9606b3
AL		 1081 vs->output.buffer, vs->output.capacity, vs->output.offset,
1082 vs->sasl.waitWriteSSF);
1083
1084 if (vs->sasl.conn &&
1085 vs->sasl.runSSF &&
1086 vs->sasl.waitWriteSSF) {
1087 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1088 if (ret)
1089 vs->sasl.waitWriteSSF -= ret;
1090 } else
1091#endif /* CONFIG_VNC_SASL */
1092 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
24236869 1093 if (!ret)
2f9606b3 1094 return 0;
24236869
FB		 1095
1096 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1097 vs->output.offset -= ret;
1098
1099 if (vs->output.offset == 0) {
28a76be8 1100 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
24236869 1101 }
2f9606b3
AL		 1102
1103 return ret;
1104}
1105
1106
1107/*
1108 * First function called whenever there is data to be written to
1109 * the client socket. Will delegate actual work according to whether
1110 * SASL SSF layers are enabled (thus requiring encryption calls)
1111 */
1112void vnc_client_write(void *opaque)
1113{
2f9606b3
AL		 1114 VncState *vs = opaque;
1115
1116#ifdef CONFIG_VNC_SASL
1117 if (vs->sasl.conn &&
1118 vs->sasl.runSSF &&
9678d950
BS		 1119 !vs->sasl.waitWriteSSF) {
1120 vnc_client_write_sasl(vs);
1121 } else
2f9606b3 1122#endif /* CONFIG_VNC_SASL */
9678d950 1123 vnc_client_write_plain(vs);
24236869
FB		 1124}
1125
5fb6c7a8 1126void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
24236869
FB		 1127{
1128 vs->read_handler = func;
1129 vs->read_handler_expect = expecting;
1130}
1131
2f9606b3
AL		 1132
1133/*
1134 * Called to read a chunk of data from the client socket. The data may
1135 * be the raw data, or may need to be further decoded by SASL.
1136 * The data will be read either straight from to the socket, or
1137 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1138 *
1139 * NB, it is theoretically possible to have 2 layers of encryption,
1140 * both SASL, and this TLS layer. It is highly unlikely in practice
1141 * though, since SASL encryption will typically be a no-op if TLS
1142 * is active
1143 *
1144 * Returns the number of bytes read, which may be less than
1145 * the requested 'datalen' if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1147 */
1148long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
24236869 1149{
ceb5caaf 1150 long ret;
eb38c52c 1151#ifdef CONFIG_VNC_TLS
5fb6c7a8 1152 if (vs->tls.session) {
28a76be8
AL		 1153 ret = gnutls_read(vs->tls.session, data, datalen);
1154 if (ret < 0) {
1155 if (ret == GNUTLS_E_AGAIN)
1156 errno = EAGAIN;
1157 else
1158 errno = EIO;
1159 ret = -1;
1160 }
8d5d2d4c
TS		 1161 } else
1162#endif /* CONFIG_VNC_TLS */
c5b76b38 1163 ret = recv(vs->csock, (void *)data, datalen, 0);
23decc87 1164 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1165 return vnc_client_io_error(vs, ret, socket_error());
1166}
24236869 1167
2f9606b3
AL		 1168
1169/*
1170 * Called to read data from the client socket to the input buffer,
1171 * when not using any SASL SSF encryption layers. Will read as much
1172 * data as possible without blocking.
1173 *
1174 * Returns the number of bytes read. Returns -1 on error, and
1175 * disconnects the client socket.
1176 */
1177static long vnc_client_read_plain(VncState *vs)
1178{
1179 int ret;
23decc87 1180 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
2f9606b3
AL		 1181 vs->input.buffer, vs->input.capacity, vs->input.offset);
1182 buffer_reserve(&vs->input, 4096);
1183 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1184 if (!ret)
1185 return 0;
24236869 1186 vs->input.offset += ret;
2f9606b3
AL		 1187 return ret;
1188}
1189
1190
1191/*
1192 * First function called whenever there is more data to be read from
1193 * the client socket. Will delegate actual work according to whether
1194 * SASL SSF layers are enabled (thus requiring decryption calls)
1195 */
1196void vnc_client_read(void *opaque)
1197{
1198 VncState *vs = opaque;
1199 long ret;
1200
1201#ifdef CONFIG_VNC_SASL
1202 if (vs->sasl.conn && vs->sasl.runSSF)
1203 ret = vnc_client_read_sasl(vs);
1204 else
1205#endif /* CONFIG_VNC_SASL */
1206 ret = vnc_client_read_plain(vs);
198a0039
GH		 1207 if (!ret) {
1208 if (vs->csock == -1)
1209 vnc_disconnect_finish(vs);
28a76be8 1210 return;
198a0039 1211 }
24236869
FB		 1212
1213 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
28a76be8
AL		 1214 size_t len = vs->read_handler_expect;
1215 int ret;
1216
1217 ret = vs->read_handler(vs, vs->input.buffer, len);
198a0039
GH		 1218 if (vs->csock == -1) {
1219 vnc_disconnect_finish(vs);
28a76be8 1220 return;
198a0039 1221 }
28a76be8
AL		 1222
1223 if (!ret) {
1224 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1225 vs->input.offset -= len;
1226 } else {
1227 vs->read_handler_expect = ret;
1228 }
24236869
FB		 1229 }
1230}
1231
5fb6c7a8 1232void vnc_write(VncState *vs, const void *data, size_t len)
24236869
FB		 1233{
1234 buffer_reserve(&vs->output, len);
1235
198a0039 1236 if (vs->csock != -1 && buffer_empty(&vs->output)) {
28a76be8 1237 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
24236869
FB		 1238 }
1239
1240 buffer_append(&vs->output, data, len);
1241}
1242
5fb6c7a8 1243void vnc_write_s32(VncState *vs, int32_t value)
24236869
FB		 1244{
1245 vnc_write_u32(vs, *(uint32_t *)&value);
1246}
1247
5fb6c7a8 1248void vnc_write_u32(VncState *vs, uint32_t value)
24236869
FB		 1249{
1250 uint8_t buf[4];
1251
1252 buf[0] = (value >> 24) & 0xFF;
1253 buf[1] = (value >> 16) & 0xFF;
1254 buf[2] = (value >> 8) & 0xFF;
1255 buf[3] = value & 0xFF;
1256
1257 vnc_write(vs, buf, 4);
1258}
1259
5fb6c7a8 1260void vnc_write_u16(VncState *vs, uint16_t value)
24236869 1261{
64f5a135 1262 uint8_t buf[2];
24236869
FB		 1263
1264 buf[0] = (value >> 8) & 0xFF;
1265 buf[1] = value & 0xFF;
1266
1267 vnc_write(vs, buf, 2);
1268}
1269
5fb6c7a8 1270void vnc_write_u8(VncState *vs, uint8_t value)
24236869
FB		 1271{
1272 vnc_write(vs, (char *)&value, 1);
1273}
1274
5fb6c7a8 1275void vnc_flush(VncState *vs)
24236869 1276{
198a0039 1277 if (vs->csock != -1 && vs->output.offset)
28a76be8 1278 vnc_client_write(vs);
24236869
FB		 1279}
1280
5fb6c7a8 1281uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 1282{
1283 return data[offset];
1284}
1285
5fb6c7a8 1286uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 1287{
1288 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1289}
1290
5fb6c7a8 1291int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 1292{
1293 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1294 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1295}
1296
5fb6c7a8 1297uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 1298{
1299 return ((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1300 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1301}
1302
60fe76f3 1303static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 1304{
1305}
1306
37c34d9d 1307static void check_pointer_type_change(Notifier *notifier)
564c337e 1308{
37c34d9d
AL		 1309 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1310 int absolute = kbd_mouse_is_absolute();
1311
29fa4ed9 1312 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
46a183da 1313 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
28a76be8
AL		 1314 vnc_write_u8(vs, 0);
1315 vnc_write_u16(vs, 1);
1316 vnc_framebuffer_update(vs, absolute, 0,
1317 ds_get_width(vs->ds), ds_get_height(vs->ds),
29fa4ed9 1318 VNC_ENCODING_POINTER_TYPE_CHANGE);
28a76be8 1319 vnc_flush(vs);
564c337e
FB		 1320 }
1321 vs->absolute = absolute;
1322}
1323
24236869
FB		 1324static void pointer_event(VncState *vs, int button_mask, int x, int y)
1325{
1326 int buttons = 0;
1327 int dz = 0;
1328
1329 if (button_mask & 0x01)
28a76be8 1330 buttons |= MOUSE_EVENT_LBUTTON;
24236869 1331 if (button_mask & 0x02)
28a76be8 1332 buttons |= MOUSE_EVENT_MBUTTON;
24236869 1333 if (button_mask & 0x04)
28a76be8 1334 buttons |= MOUSE_EVENT_RBUTTON;
24236869 1335 if (button_mask & 0x08)
28a76be8 1336 dz = -1;
24236869 1337 if (button_mask & 0x10)
28a76be8 1338 dz = 1;
564c337e
FB		 1339
1340 if (vs->absolute) {
cc39a92c
CW		 1341 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1342 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1343 ds_get_height(vs->ds) > 1 ?
1344 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
28a76be8 1345 dz, buttons);
29fa4ed9 1346 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
28a76be8
AL		 1347 x -= 0x7FFF;
1348 y -= 0x7FFF;
24236869 1349
28a76be8 1350 kbd_mouse_event(x, y, dz, buttons);
564c337e 1351 } else {
28a76be8
AL		 1352 if (vs->last_x != -1)
1353 kbd_mouse_event(x - vs->last_x,
1354 y - vs->last_y,
1355 dz, buttons);
1356 vs->last_x = x;
1357 vs->last_y = y;
24236869
FB		 1358 }
1359}
1360
64f5a135
FB		 1361static void reset_keys(VncState *vs)
1362{
1363 int i;
1364 for(i = 0; i < 256; i++) {
1365 if (vs->modifiers_state[i]) {
44bb61c8
ST		 1366 if (i & SCANCODE_GREY)
1367 kbd_put_keycode(SCANCODE_EMUL0);
1368 kbd_put_keycode(i | SCANCODE_UP);
64f5a135
FB		 1369 vs->modifiers_state[i] = 0;
1370 }
1371 }
1372}
1373
a528b80c
AZ		 1374static void press_key(VncState *vs, int keysym)
1375{
44bb61c8
ST		 1376 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1377 if (keycode & SCANCODE_GREY)
1378 kbd_put_keycode(SCANCODE_EMUL0);
1379 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1380 if (keycode & SCANCODE_GREY)
1381 kbd_put_keycode(SCANCODE_EMUL0);
1382 kbd_put_keycode(keycode | SCANCODE_UP);
a528b80c
AZ		 1383}
1384
7ffb82ca
GH		 1385static void kbd_leds(void *opaque, int ledstate)
1386{
1387 VncState *vs = opaque;
1388 int caps, num;
1389
1390 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1391 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1392
1393 if (vs->modifiers_state[0x3a] != caps) {
1394 vs->modifiers_state[0x3a] = caps;
1395 }
1396 if (vs->modifiers_state[0x45] != num) {
1397 vs->modifiers_state[0x45] = num;
1398 }
1399}
1400
9ca313aa 1401static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 1402{
64f5a135
FB		 1403 /* QEMU console switch */
1404 switch(keycode) {
1405 case 0x2a: /* Left Shift */
1406 case 0x36: /* Right Shift */
1407 case 0x1d: /* Left CTRL */
1408 case 0x9d: /* Right CTRL */
1409 case 0x38: /* Left ALT */
1410 case 0xb8: /* Right ALT */
1411 if (down)
1412 vs->modifiers_state[keycode] = 1;
1413 else
1414 vs->modifiers_state[keycode] = 0;
1415 break;
5fafdf24 1416 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1417 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1418 /* Reset the modifiers sent to the current console */
1419 reset_keys(vs);
1420 console_select(keycode - 0x02);
1421 return;
1422 }
1423 break;
28a76be8
AL		 1424 case 0x3a: /* CapsLock */
1425 case 0x45: /* NumLock */
7ffb82ca 1426 if (down)
a528b80c
AZ		 1427 vs->modifiers_state[keycode] ^= 1;
1428 break;
1429 }
1430
3a0558b5
GH		 1431 if (vs->vd->lock_key_sync &&
1432 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
a528b80c
AZ		 1433 /* If the numlock state needs to change then simulate an additional
1434 keypress before sending this one. This will happen if the user
1435 toggles numlock away from the VNC window.
1436 */
753b4053 1437 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
a528b80c
AZ		 1438 if (!vs->modifiers_state[0x45]) {
1439 vs->modifiers_state[0x45] = 1;
1440 press_key(vs, 0xff7f);
1441 }
1442 } else {
1443 if (vs->modifiers_state[0x45]) {
1444 vs->modifiers_state[0x45] = 0;
1445 press_key(vs, 0xff7f);
1446 }
1447 }
64f5a135 1448 }
24236869 1449
3a0558b5
GH		 1450 if (vs->vd->lock_key_sync &&
1451 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
6b132502
GH		 1452 /* If the capslock state needs to change then simulate an additional
1453 keypress before sending this one. This will happen if the user
1454 toggles capslock away from the VNC window.
1455 */
1456 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1457 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1458 int capslock = !!(vs->modifiers_state[0x3a]);
1459 if (capslock) {
1460 if (uppercase == shift) {
1461 vs->modifiers_state[0x3a] = 0;
1462 press_key(vs, 0xffe5);
1463 }
1464 } else {
1465 if (uppercase != shift) {
1466 vs->modifiers_state[0x3a] = 1;
1467 press_key(vs, 0xffe5);
1468 }
1469 }
1470 }
1471
64f5a135 1472 if (is_graphic_console()) {
44bb61c8
ST		 1473 if (keycode & SCANCODE_GREY)
1474 kbd_put_keycode(SCANCODE_EMUL0);
64f5a135 1475 if (down)
44bb61c8 1476 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
64f5a135 1477 else
44bb61c8 1478 kbd_put_keycode(keycode | SCANCODE_UP);
64f5a135
FB		 1479 } else {
1480 /* QEMU console emulation */
1481 if (down) {
bb0a18e1 1482 int numlock = vs->modifiers_state[0x45];
64f5a135
FB		 1483 switch (keycode) {
1484 case 0x2a: /* Left Shift */
1485 case 0x36: /* Right Shift */
1486 case 0x1d: /* Left CTRL */
1487 case 0x9d: /* Right CTRL */
1488 case 0x38: /* Left ALT */
1489 case 0xb8: /* Right ALT */
1490 break;
1491 case 0xc8:
1492 kbd_put_keysym(QEMU_KEY_UP);
1493 break;
1494 case 0xd0:
1495 kbd_put_keysym(QEMU_KEY_DOWN);
1496 break;
1497 case 0xcb:
1498 kbd_put_keysym(QEMU_KEY_LEFT);
1499 break;
1500 case 0xcd:
1501 kbd_put_keysym(QEMU_KEY_RIGHT);
1502 break;
1503 case 0xd3:
1504 kbd_put_keysym(QEMU_KEY_DELETE);
1505 break;
1506 case 0xc7:
1507 kbd_put_keysym(QEMU_KEY_HOME);
1508 break;
1509 case 0xcf:
1510 kbd_put_keysym(QEMU_KEY_END);
1511 break;
1512 case 0xc9:
1513 kbd_put_keysym(QEMU_KEY_PAGEUP);
1514 break;
1515 case 0xd1:
1516 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1517 break;
bb0a18e1
GH		 1518
1519 case 0x47:
1520 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1521 break;
1522 case 0x48:
1523 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1524 break;
1525 case 0x49:
1526 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1527 break;
1528 case 0x4b:
1529 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1530 break;
1531 case 0x4c:
1532 kbd_put_keysym('5');
1533 break;
1534 case 0x4d:
1535 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1536 break;
1537 case 0x4f:
1538 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1539 break;
1540 case 0x50:
1541 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1542 break;
1543 case 0x51:
1544 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1545 break;
1546 case 0x52:
1547 kbd_put_keysym('0');
1548 break;
1549 case 0x53:
1550 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1551 break;
1552
1553 case 0xb5:
1554 kbd_put_keysym('/');
1555 break;
1556 case 0x37:
1557 kbd_put_keysym('*');
1558 break;
1559 case 0x4a:
1560 kbd_put_keysym('-');
1561 break;
1562 case 0x4e:
1563 kbd_put_keysym('+');
1564 break;
1565 case 0x9c:
1566 kbd_put_keysym('\n');
1567 break;
1568
64f5a135
FB		 1569 default:
1570 kbd_put_keysym(sym);
1571 break;
1572 }
1573 }
1574 }
24236869
FB		 1575}
1576
bdbd7676
FB		 1577static void key_event(VncState *vs, int down, uint32_t sym)
1578{
9ca313aa 1579 int keycode;
4a93fe17 1580 int lsym = sym;
9ca313aa 1581
4a93fe17
GH		 1582 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1583 lsym = lsym - 'A' + 'a';
1584 }
9ca313aa 1585
44bb61c8 1586 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
9ca313aa
AL		 1587 do_key_event(vs, down, keycode, sym);
1588}
1589
1590static void ext_key_event(VncState *vs, int down,
1591 uint32_t sym, uint16_t keycode)
1592{
1593 /* if the user specifies a keyboard layout, always use it */
1594 if (keyboard_layout)
1595 key_event(vs, down, sym);
1596 else
1597 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1598}
1599
24236869 1600static void framebuffer_update_request(VncState *vs, int incremental,
28a76be8
AL		 1601 int x_position, int y_position,
1602 int w, int h)
24236869 1603{
0e1f5a0c
AL		 1604 if (y_position > ds_get_height(vs->ds))
1605 y_position = ds_get_height(vs->ds);
0e1f5a0c
AL		 1606 if (y_position + h >= ds_get_height(vs->ds))
1607 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1608
24236869
FB		 1609 int i;
1610 vs->need_update = 1;
1611 if (!incremental) {
24cf0a6e 1612 vs->force_update = 1;
28a76be8 1613 for (i = 0; i < h; i++) {
1fc62412 1614 vnc_set_bits(vs->dirty[y_position + i],
0e1f5a0c 1615 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
28a76be8 1616 }
24236869
FB		 1617 }
1618}
1619
9ca313aa
AL		 1620static void send_ext_key_event_ack(VncState *vs)
1621{
46a183da 1622 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
9ca313aa
AL		 1623 vnc_write_u8(vs, 0);
1624 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1625 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1626 VNC_ENCODING_EXT_KEY_EVENT);
9ca313aa
AL		 1627 vnc_flush(vs);
1628}
1629
429a8ed3 1630static void send_ext_audio_ack(VncState *vs)
1631{
46a183da 1632 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
429a8ed3 1633 vnc_write_u8(vs, 0);
1634 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1635 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1636 VNC_ENCODING_AUDIO);
429a8ed3 1637 vnc_flush(vs);
1638}
1639
24236869
FB		 1640static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1641{
1642 int i;
29fa4ed9 1643 unsigned int enc = 0;
24236869 1644
29fa4ed9 1645 vs->features = 0;
a9f20d31 1646 vs->vnc_encoding = 0;
fb437313
AL		 1647 vs->tight_compression = 9;
1648 vs->tight_quality = 9;
564c337e 1649 vs->absolute = -1;
24236869 1650
8a0f0d0c
CC		 1651 /*
1652 * Start from the end because the encodings are sent in order of preference.
1653 * This way the prefered encoding (first encoding defined in the array)
1654 * will be set at the end of the loop.
1655 */
24236869 1656 for (i = n_encodings - 1; i >= 0; i--) {
29fa4ed9
AL		 1657 enc = encodings[i];
1658 switch (enc) {
1659 case VNC_ENCODING_RAW:
a9f20d31 1660 vs->vnc_encoding = enc;
29fa4ed9
AL		 1661 break;
1662 case VNC_ENCODING_COPYRECT:
753b4053 1663 vs->features |= VNC_FEATURE_COPYRECT_MASK;
29fa4ed9
AL		 1664 break;
1665 case VNC_ENCODING_HEXTILE:
1666 vs->features |= VNC_FEATURE_HEXTILE_MASK;
a9f20d31 1667 vs->vnc_encoding = enc;
29fa4ed9 1668 break;
059cef40
AL		 1669 case VNC_ENCODING_ZLIB:
1670 vs->features |= VNC_FEATURE_ZLIB_MASK;
a9f20d31 1671 vs->vnc_encoding = enc;
059cef40 1672 break;
29fa4ed9
AL		 1673 case VNC_ENCODING_DESKTOPRESIZE:
1674 vs->features |= VNC_FEATURE_RESIZE_MASK;
1675 break;
1676 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1677 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1678 break;
d467b679
GH		 1679 case VNC_ENCODING_RICH_CURSOR:
1680 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1681 break;
29fa4ed9 1682 case VNC_ENCODING_EXT_KEY_EVENT:
9ca313aa
AL		 1683 send_ext_key_event_ack(vs);
1684 break;
29fa4ed9 1685 case VNC_ENCODING_AUDIO:
429a8ed3 1686 send_ext_audio_ack(vs);
1687 break;
29fa4ed9
AL		 1688 case VNC_ENCODING_WMVi:
1689 vs->features |= VNC_FEATURE_WMVI_MASK;
ca4cca4d 1690 break;
fb437313
AL		 1691 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1692 vs->tight_compression = (enc & 0x0F);
1693 break;
1694 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1695 vs->tight_quality = (enc & 0x0F);
1696 break;
29fa4ed9
AL		 1697 default:
1698 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1699 break;
1700 }
24236869 1701 }
0684bf1b 1702 check_pointer_type_change(&vs->mouse_mode_notifier);
24236869
FB		 1703}
1704
6cec5487
AL		 1705static void set_pixel_conversion(VncState *vs)
1706{
1707 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1708 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1709 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1710 vs->write_pixels = vnc_write_pixels_copy;
70a4568f 1711 vnc_hextile_set_pixel_conversion(vs, 0);
6cec5487
AL		 1712 } else {
1713 vs->write_pixels = vnc_write_pixels_generic;
70a4568f 1714 vnc_hextile_set_pixel_conversion(vs, 1);
6cec5487
AL		 1715 }
1716}
1717
24236869 1718static void set_pixel_format(VncState *vs,
28a76be8
AL		 1719 int bits_per_pixel, int depth,
1720 int big_endian_flag, int true_color_flag,
1721 int red_max, int green_max, int blue_max,
1722 int red_shift, int green_shift, int blue_shift)
24236869 1723{
3512779a 1724 if (!true_color_flag) {
28a76be8 1725 vnc_client_error(vs);
3512779a
FB		 1726 return;
1727 }
24236869 1728
1fc62412 1729 vs->clientds = *(vs->vd->guest.ds);
6cec5487 1730 vs->clientds.pf.rmax = red_max;
90a1e3c0 1731 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1732 vs->clientds.pf.rshift = red_shift;
1733 vs->clientds.pf.rmask = red_max << red_shift;
1734 vs->clientds.pf.gmax = green_max;
90a1e3c0 1735 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1736 vs->clientds.pf.gshift = green_shift;
1737 vs->clientds.pf.gmask = green_max << green_shift;
1738 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1739 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1740 vs->clientds.pf.bshift = blue_shift;
1741 vs->clientds.pf.bmask = blue_max << blue_shift;
1742 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1743 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1744 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1745 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1746
1747 set_pixel_conversion(vs);
24236869
FB		 1748
1749 vga_hw_invalidate();
1750 vga_hw_update();
1751}
1752
ca4cca4d
AL		 1753static void pixel_format_message (VncState *vs) {
1754 char pad[3] = { 0, 0, 0 };
1755
6cec5487
AL		 1756 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1757 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d 1758
e2542fe2 1759#ifdef HOST_WORDS_BIGENDIAN
ca4cca4d
AL		 1760 vnc_write_u8(vs, 1); /* big-endian-flag */
1761#else
1762 vnc_write_u8(vs, 0); /* big-endian-flag */
1763#endif
1764 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1765 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1766 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1767 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1768 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1769 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1770 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
70a4568f
CC		 1771
1772 vnc_hextile_set_pixel_conversion(vs, 0);
1773
6cec5487 1774 vs->clientds = *(vs->ds->surface);
3cded540 1775 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1776 vs->write_pixels = vnc_write_pixels_copy;
1777
1778 vnc_write(vs, pad, 3); /* padding */
1779}
1780
7d957bd8
AL		 1781static void vnc_dpy_setdata(DisplayState *ds)
1782{
1783 /* We don't have to do anything */
1784}
1785
753b4053 1786static void vnc_colordepth(VncState *vs)
7eac3a87 1787{
753b4053 1788 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
ca4cca4d 1789 /* Sending a WMVi message to notify the client*/
46a183da 1790 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
ca4cca4d
AL		 1791 vnc_write_u8(vs, 0);
1792 vnc_write_u16(vs, 1); /* number of rects */
753b4053
AL		 1793 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1794 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
ca4cca4d
AL		 1795 pixel_format_message(vs);
1796 vnc_flush(vs);
7eac3a87 1797 } else {
6cec5487 1798 set_pixel_conversion(vs);
7eac3a87
AL		 1799 }
1800}
1801
60fe76f3 1802static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1803{
1804 int i;
1805 uint16_t limit;
2430ffe4
SS		 1806 VncDisplay *vd = vs->vd;
1807
1808 if (data[0] > 3) {
1809 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1810 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1811 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1812 }
24236869
FB		 1813
1814 switch (data[0]) {
46a183da 1815 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
28a76be8
AL		 1816 if (len == 1)
1817 return 20;
1818
1819 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1820 read_u8(data, 6), read_u8(data, 7),
1821 read_u16(data, 8), read_u16(data, 10),
1822 read_u16(data, 12), read_u8(data, 14),
1823 read_u8(data, 15), read_u8(data, 16));
1824 break;
46a183da 1825 case VNC_MSG_CLIENT_SET_ENCODINGS:
28a76be8
AL		 1826 if (len == 1)
1827 return 4;
24236869 1828
28a76be8 1829 if (len == 4) {
69dd5c9f
AL		 1830 limit = read_u16(data, 2);
1831 if (limit > 0)
1832 return 4 + (limit * 4);
1833 } else
1834 limit = read_u16(data, 2);
24236869 1835
28a76be8
AL		 1836 for (i = 0; i < limit; i++) {
1837 int32_t val = read_s32(data, 4 + (i * 4));
1838 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1839 }
24236869 1840
28a76be8
AL		 1841 set_encodings(vs, (int32_t *)(data + 4), limit);
1842 break;
46a183da 1843 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
28a76be8
AL		 1844 if (len == 1)
1845 return 10;
24236869 1846
28a76be8
AL		 1847 framebuffer_update_request(vs,
1848 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1849 read_u16(data, 6), read_u16(data, 8));
1850 break;
46a183da 1851 case VNC_MSG_CLIENT_KEY_EVENT:
28a76be8
AL		 1852 if (len == 1)
1853 return 8;
24236869 1854
28a76be8
AL		 1855 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1856 break;
46a183da 1857 case VNC_MSG_CLIENT_POINTER_EVENT:
28a76be8
AL		 1858 if (len == 1)
1859 return 6;
24236869 1860
28a76be8
AL		 1861 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1862 break;
46a183da 1863 case VNC_MSG_CLIENT_CUT_TEXT:
28a76be8
AL		 1864 if (len == 1)
1865 return 8;
24236869 1866
28a76be8 1867 if (len == 8) {
baa7666c
TS		 1868 uint32_t dlen = read_u32(data, 4);
1869 if (dlen > 0)
1870 return 8 + dlen;
1871 }
24236869 1872
28a76be8
AL		 1873 client_cut_text(vs, read_u32(data, 4), data + 8);
1874 break;
46a183da 1875 case VNC_MSG_CLIENT_QEMU:
9ca313aa
AL		 1876 if (len == 1)
1877 return 2;
1878
1879 switch (read_u8(data, 1)) {
46a183da 1880 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
9ca313aa
AL		 1881 if (len == 2)
1882 return 12;
1883
1884 ext_key_event(vs, read_u16(data, 2),
1885 read_u32(data, 4), read_u32(data, 8));
1886 break;
46a183da 1887 case VNC_MSG_CLIENT_QEMU_AUDIO:
429a8ed3 1888 if (len == 2)
1889 return 4;
1890
1891 switch (read_u16 (data, 2)) {
46a183da 1892 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
429a8ed3 1893 audio_add(vs);
1894 break;
46a183da 1895 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
429a8ed3 1896 audio_del(vs);
1897 break;
46a183da 1898 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
429a8ed3 1899 if (len == 4)
1900 return 10;
1901 switch (read_u8(data, 4)) {
1902 case 0: vs->as.fmt = AUD_FMT_U8; break;
1903 case 1: vs->as.fmt = AUD_FMT_S8; break;
1904 case 2: vs->as.fmt = AUD_FMT_U16; break;
1905 case 3: vs->as.fmt = AUD_FMT_S16; break;
1906 case 4: vs->as.fmt = AUD_FMT_U32; break;
1907 case 5: vs->as.fmt = AUD_FMT_S32; break;
1908 default:
1909 printf("Invalid audio format %d\n", read_u8(data, 4));
1910 vnc_client_error(vs);
1911 break;
1912 }
1913 vs->as.nchannels = read_u8(data, 5);
1914 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1915 printf("Invalid audio channel coount %d\n",
1916 read_u8(data, 5));
1917 vnc_client_error(vs);
1918 break;
1919 }
1920 vs->as.freq = read_u32(data, 6);
1921 break;
1922 default:
1923 printf ("Invalid audio message %d\n", read_u8(data, 4));
1924 vnc_client_error(vs);
1925 break;
1926 }
1927 break;
1928
9ca313aa
AL		 1929 default:
1930 printf("Msg: %d\n", read_u16(data, 0));
1931 vnc_client_error(vs);
1932 break;
1933 }
1934 break;
24236869 1935 default:
28a76be8
AL		 1936 printf("Msg: %d\n", data[0]);
1937 vnc_client_error(vs);
1938 break;
24236869 1939 }
5fafdf24 1940
24236869
FB		 1941 vnc_read_when(vs, protocol_client_msg, 1);
1942 return 0;
1943}
1944
60fe76f3 1945static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 1946{
c35734b2
TS		 1947 char buf[1024];
1948 int size;
24236869 1949
0e1f5a0c
AL		 1950 vnc_write_u16(vs, ds_get_width(vs->ds));
1951 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 1952
ca4cca4d 1953 pixel_format_message(vs);
24236869 1954
c35734b2
TS		 1955 if (qemu_name)
1956 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1957 else
1958 size = snprintf(buf, sizeof(buf), "QEMU");
1959
1960 vnc_write_u32(vs, size);
1961 vnc_write(vs, buf, size);
24236869
FB		 1962 vnc_flush(vs);
1963
4a80dba3 1964 vnc_client_cache_auth(vs);
0d2ed46a 1965 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
4a80dba3 1966
24236869
FB		 1967 vnc_read_when(vs, protocol_client_msg, 1);
1968
1969 return 0;
1970}
1971
5fb6c7a8
AL		 1972void start_client_init(VncState *vs)
1973{
1974 vnc_read_when(vs, protocol_client_init, 1);
1975}
1976
70848515
TS		 1977static void make_challenge(VncState *vs)
1978{
1979 int i;
1980
1981 srand(time(NULL)+getpid()+getpid()*987654+rand());
1982
1983 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1984 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1985}
1986
60fe76f3 1987static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 1988{
60fe76f3 1989 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 1990 int i, j, pwlen;
60fe76f3 1991 unsigned char key[8];
70848515 1992
753b4053 1993 if (!vs->vd->password || !vs->vd->password[0]) {
28a76be8
AL		 1994 VNC_DEBUG("No password configured on server");
1995 vnc_write_u32(vs, 1); /* Reject auth */
1996 if (vs->minor >= 8) {
1997 static const char err[] = "Authentication failed";
1998 vnc_write_u32(vs, sizeof(err));
1999 vnc_write(vs, err, sizeof(err));
2000 }
2001 vnc_flush(vs);
2002 vnc_client_error(vs);
2003 return 0;
70848515
TS		 2004 }
2005
2006 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2007
2008 /* Calculate the expected challenge response */
753b4053 2009 pwlen = strlen(vs->vd->password);
70848515 2010 for (i=0; i<sizeof(key); i++)
753b4053 2011 key[i] = i<pwlen ? vs->vd->password[i] : 0;
70848515
TS		 2012 deskey(key, EN0);
2013 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2014 des(response+j, response+j);
2015
2016 /* Compare expected vs actual challenge response */
2017 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
28a76be8
AL		 2018 VNC_DEBUG("Client challenge reponse did not match\n");
2019 vnc_write_u32(vs, 1); /* Reject auth */
2020 if (vs->minor >= 8) {
2021 static const char err[] = "Authentication failed";
2022 vnc_write_u32(vs, sizeof(err));
2023 vnc_write(vs, err, sizeof(err));
2024 }
2025 vnc_flush(vs);
2026 vnc_client_error(vs);
70848515 2027 } else {
28a76be8
AL		 2028 VNC_DEBUG("Accepting VNC challenge response\n");
2029 vnc_write_u32(vs, 0); /* Accept auth */
2030 vnc_flush(vs);
70848515 2031
5fb6c7a8 2032 start_client_init(vs);
70848515
TS		 2033 }
2034 return 0;
2035}
2036
5fb6c7a8 2037void start_auth_vnc(VncState *vs)
70848515
TS		 2038{
2039 make_challenge(vs);
2040 /* Send client a 'random' challenge */
2041 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2042 vnc_flush(vs);
2043
2044 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
469b15c6
TS		 2045}
2046
2047
60fe76f3 2048static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 2049{
2050 /* We only advertise 1 auth scheme at a time, so client
2051 * must pick the one we sent. Verify this */
753b4053 2052 if (data[0] != vs->vd->auth) { /* Reject auth */
1263b7d6 2053 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
70848515
TS		 2054 vnc_write_u32(vs, 1);
2055 if (vs->minor >= 8) {
2056 static const char err[] = "Authentication failed";
2057 vnc_write_u32(vs, sizeof(err));
2058 vnc_write(vs, err, sizeof(err));
2059 }
2060 vnc_client_error(vs);
2061 } else { /* Accept requested auth */
2062 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
753b4053 2063 switch (vs->vd->auth) {
70848515
TS		 2064 case VNC_AUTH_NONE:
2065 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 2066 if (vs->minor >= 8) {
2067 vnc_write_u32(vs, 0); /* Accept auth completion */
2068 vnc_flush(vs);
2069 }
5fb6c7a8 2070 start_client_init(vs);
70848515
TS		 2071 break;
2072
2073 case VNC_AUTH_VNC:
2074 VNC_DEBUG("Start VNC auth\n");
5fb6c7a8
AL		 2075 start_auth_vnc(vs);
2076 break;
70848515 2077
eb38c52c 2078#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2079 case VNC_AUTH_VENCRYPT:
2080 VNC_DEBUG("Accept VeNCrypt auth\n");;
5fb6c7a8
AL		 2081 start_auth_vencrypt(vs);
2082 break;
8d5d2d4c
TS		 2083#endif /* CONFIG_VNC_TLS */
2084
2f9606b3
AL		 2085#ifdef CONFIG_VNC_SASL
2086 case VNC_AUTH_SASL:
2087 VNC_DEBUG("Accept SASL auth\n");
2088 start_auth_sasl(vs);
2089 break;
2090#endif /* CONFIG_VNC_SASL */
2091
70848515 2092 default: /* Should not be possible, but just in case */
1263b7d6 2093 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
70848515
TS		 2094 vnc_write_u8(vs, 1);
2095 if (vs->minor >= 8) {
2096 static const char err[] = "Authentication failed";
2097 vnc_write_u32(vs, sizeof(err));
2098 vnc_write(vs, err, sizeof(err));
2099 }
2100 vnc_client_error(vs);
2101 }
2102 }
2103 return 0;
2104}
2105
60fe76f3 2106static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 2107{
2108 char local[13];
24236869
FB		 2109
2110 memcpy(local, version, 12);
2111 local[12] = 0;
2112
70848515 2113 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
28a76be8
AL		 2114 VNC_DEBUG("Malformed protocol version %s\n", local);
2115 vnc_client_error(vs);
2116 return 0;
24236869 2117 }
70848515
TS		 2118 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2119 if (vs->major != 3 ||
28a76be8
AL		 2120 (vs->minor != 3 &&
2121 vs->minor != 4 &&
2122 vs->minor != 5 &&
2123 vs->minor != 7 &&
2124 vs->minor != 8)) {
2125 VNC_DEBUG("Unsupported client version\n");
2126 vnc_write_u32(vs, VNC_AUTH_INVALID);
2127 vnc_flush(vs);
2128 vnc_client_error(vs);
2129 return 0;
70848515 2130 }
b0566f4f 2131 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 2132 * as equivalent to v3.3 by servers
2133 */
b0566f4f 2134 if (vs->minor == 4 || vs->minor == 5)
28a76be8 2135 vs->minor = 3;
70848515
TS		 2136
2137 if (vs->minor == 3) {
28a76be8 2138 if (vs->vd->auth == VNC_AUTH_NONE) {
70848515 2139 VNC_DEBUG("Tell client auth none\n");
753b4053 2140 vnc_write_u32(vs, vs->vd->auth);
70848515 2141 vnc_flush(vs);
28a76be8 2142 start_client_init(vs);
753b4053 2143 } else if (vs->vd->auth == VNC_AUTH_VNC) {
70848515 2144 VNC_DEBUG("Tell client VNC auth\n");
753b4053 2145 vnc_write_u32(vs, vs->vd->auth);
70848515
TS		 2146 vnc_flush(vs);
2147 start_auth_vnc(vs);
2148 } else {
753b4053 2149 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
70848515
TS		 2150 vnc_write_u32(vs, VNC_AUTH_INVALID);
2151 vnc_flush(vs);
2152 vnc_client_error(vs);
2153 }
2154 } else {
28a76be8
AL		 2155 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2156 vnc_write_u8(vs, 1); /* num auth */
2157 vnc_write_u8(vs, vs->vd->auth);
2158 vnc_read_when(vs, protocol_client_auth, 1);
2159 vnc_flush(vs);
70848515 2160 }
24236869
FB		 2161
2162 return 0;
2163}
2164
1fc62412
SS		 2165static int vnc_refresh_server_surface(VncDisplay *vd)
2166{
2167 int y;
2168 uint8_t *guest_row;
2169 uint8_t *server_row;
2170 int cmp_bytes;
2171 uint32_t width_mask[VNC_DIRTY_WORDS];
41b4bef6 2172 VncState *vs;
1fc62412
SS		 2173 int has_dirty = 0;
2174
2175 /*
2176 * Walk through the guest dirty map.
2177 * Check and copy modified bits from guest to server surface.
2178 * Update server dirty map.
2179 */
2180 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2181 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2182 guest_row = vd->guest.ds->data;
2183 server_row = vd->server->data;
2184 for (y = 0; y < vd->guest.ds->height; y++) {
2185 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2186 int x;
2187 uint8_t *guest_ptr;
2188 uint8_t *server_ptr;
2189
2190 guest_ptr = guest_row;
2191 server_ptr = server_row;
2192
2193 for (x = 0; x < vd->guest.ds->width;
2194 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2195 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2196 continue;
2197 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2198 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2199 continue;
2200 memcpy(server_ptr, guest_ptr, cmp_bytes);
41b4bef6 2201 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412 2202 vnc_set_bit(vs->dirty[y], (x / 16));
1fc62412
SS		 2203 }
2204 has_dirty++;
2205 }
2206 }
2207 guest_row += ds_get_linesize(vd->ds);
2208 server_row += ds_get_linesize(vd->ds);
2209 }
2210 return has_dirty;
2211}
2212
703bc68f
SS		 2213static void vnc_refresh(void *opaque)
2214{
2215 VncDisplay *vd = opaque;
41b4bef6
AS		 2216 VncState *vs, *vn;
2217 int has_dirty, rects = 0;
703bc68f
SS		 2218
2219 vga_hw_update();
2220
1fc62412
SS		 2221 has_dirty = vnc_refresh_server_surface(vd);
2222
41b4bef6 2223 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2430ffe4 2224 rects += vnc_update_client(vs, has_dirty);
6185c578 2225 /* vs might be free()ed here */
703bc68f 2226 }
83755c17
SS		 2227 /* vd->timer could be NULL now if the last client disconnected,
2228 * in this case don't update the timer */
2229 if (vd->timer == NULL)
2230 return;
703bc68f 2231
2430ffe4
SS		 2232 if (has_dirty && rects) {
2233 vd->timer_interval /= 2;
2234 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2235 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2236 } else {
2237 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2238 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2239 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2240 }
2241 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
703bc68f
SS		 2242}
2243
2244static void vnc_init_timer(VncDisplay *vd)
2245{
2430ffe4 2246 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
41b4bef6 2247 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
703bc68f 2248 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
1fc62412 2249 vnc_refresh(vd);
703bc68f
SS		 2250 }
2251}
2252
2253static void vnc_remove_timer(VncDisplay *vd)
2254{
41b4bef6 2255 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
703bc68f
SS		 2256 qemu_del_timer(vd->timer);
2257 qemu_free_timer(vd->timer);
2258 vd->timer = NULL;
2259 }
2260}
2261
753b4053 2262static void vnc_connect(VncDisplay *vd, int csock)
3aa3eea3 2263{
753b4053
AL		 2264 VncState *vs = qemu_mallocz(sizeof(VncState));
2265 vs->csock = csock;
2266
2267 VNC_DEBUG("New client on socket %d\n", csock);
7d957bd8 2268 dcl->idle = 0;
3aa3eea3
AZ		 2269 socket_set_nonblock(vs->csock);
2270 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
753b4053 2271
4a80dba3 2272 vnc_client_cache_addr(vs);
586153d9 2273 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
4a80dba3 2274
753b4053
AL		 2275 vs->vd = vd;
2276 vs->ds = vd->ds;
753b4053
AL		 2277 vs->last_x = -1;
2278 vs->last_y = -1;
2279
2280 vs->as.freq = 44100;
2281 vs->as.nchannels = 2;
2282 vs->as.fmt = AUD_FMT_S16;
2283 vs->as.endianness = 0;
2284
41b4bef6 2285 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
1fc62412
SS		 2286
2287 vga_hw_update();
2288
3aa3eea3
AZ		 2289 vnc_write(vs, "RFB 003.008\n", 12);
2290 vnc_flush(vs);
2291 vnc_read_when(vs, protocol_version, 12);
53762ddb 2292 reset_keys(vs);
3a0558b5
GH		 2293 if (vs->vd->lock_key_sync)
2294 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
753b4053 2295
37c34d9d
AL		 2296 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2297 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2298
703bc68f 2299 vnc_init_timer(vd);
1fc62412 2300
198a0039 2301 /* vs might be free()ed here */
3aa3eea3
AZ		 2302}
2303
24236869
FB		 2304static void vnc_listen_read(void *opaque)
2305{
753b4053 2306 VncDisplay *vs = opaque;
24236869
FB		 2307 struct sockaddr_in addr;
2308 socklen_t addrlen = sizeof(addr);
2309
9f60ad50
AZ		 2310 /* Catch-up */
2311 vga_hw_update();
2312
40ff6d7e 2313 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
753b4053
AL		 2314 if (csock != -1) {
2315 vnc_connect(vs, csock);
24236869
FB		 2316 }
2317}
2318
71cab5ca 2319void vnc_display_init(DisplayState *ds)
24236869 2320{
afd32160 2321 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
24236869 2322
7d957bd8 2323 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
24236869
FB		 2324
2325 ds->opaque = vs;
7d957bd8 2326 dcl->idle = 1;
753b4053 2327 vnc_display = vs;
24236869
FB		 2328
2329 vs->lsock = -1;
24236869
FB		 2330
2331 vs->ds = ds;
41b4bef6 2332 QTAILQ_INIT(&vs->clients);
24236869 2333
9ca313aa 2334 if (keyboard_layout)
0483755a 2335 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
9ca313aa 2336 else
0483755a 2337 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
24236869 2338
24236869 2339 if (!vs->kbd_layout)
28a76be8 2340 exit(1);
24236869 2341
753b4053 2342 dcl->dpy_copy = vnc_dpy_copy;
7d957bd8
AL		 2343 dcl->dpy_update = vnc_dpy_update;
2344 dcl->dpy_resize = vnc_dpy_resize;
2345 dcl->dpy_setdata = vnc_dpy_setdata;
7d957bd8 2346 register_displaychangelistener(ds, dcl);
d467b679
GH		 2347 ds->mouse_set = vnc_mouse_set;
2348 ds->cursor_define = vnc_dpy_cursor_define;
71cab5ca
TS		 2349}
2350
6f43024c 2351
71cab5ca
TS		 2352void vnc_display_close(DisplayState *ds)
2353{
753b4053 2354 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
71cab5ca 2355
452b4d88
AL		 2356 if (!vs)
2357 return;
71cab5ca 2358 if (vs->display) {
28a76be8
AL		 2359 qemu_free(vs->display);
2360 vs->display = NULL;
71cab5ca
TS		 2361 }
2362 if (vs->lsock != -1) {
28a76be8
AL		 2363 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2364 close(vs->lsock);
2365 vs->lsock = -1;
71cab5ca 2366 }
70848515 2367 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2368#ifdef CONFIG_VNC_TLS
8d5d2d4c 2369 vs->subauth = VNC_AUTH_INVALID;
5fb6c7a8 2370 vs->tls.x509verify = 0;
8d5d2d4c 2371#endif
70848515
TS		 2372}
2373
2374int vnc_display_password(DisplayState *ds, const char *password)
2375{
753b4053 2376 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515 2377
7ef92331
ZA		 2378 if (!vs) {
2379 return -1;
2380 }
2381
70848515 2382 if (vs->password) {
28a76be8
AL		 2383 qemu_free(vs->password);
2384 vs->password = NULL;
70848515
TS		 2385 }
2386 if (password && password[0]) {
28a76be8
AL		 2387 if (!(vs->password = qemu_strdup(password)))
2388 return -1;
52c18be9
ZA		 2389 if (vs->auth == VNC_AUTH_NONE) {
2390 vs->auth = VNC_AUTH_VNC;
2391 }
2392 } else {
2393 vs->auth = VNC_AUTH_NONE;
70848515
TS		 2394 }
2395
2396 return 0;
71cab5ca
TS		 2397}
2398
f92f8afe
AL		 2399char *vnc_display_local_addr(DisplayState *ds)
2400{
2401 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2402
2403 return vnc_socket_local_addr("%s:%s", vs->lsock);
2404}
2405
70848515 2406int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2407{
753b4053 2408 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515
TS		 2409 const char *options;
2410 int password = 0;
3aa3eea3 2411 int reverse = 0;
eb38c52c 2412#ifdef CONFIG_VNC_TLS
3a702699 2413 int tls = 0, x509 = 0;
8d5d2d4c 2414#endif
2f9606b3
AL		 2415#ifdef CONFIG_VNC_SASL
2416 int sasl = 0;
2417 int saslErr;
2418#endif
76655d6d 2419 int acl = 0;
3a0558b5 2420 int lock_key_sync = 1;
71cab5ca 2421
753b4053 2422 if (!vnc_display)
452b4d88 2423 return -1;
71cab5ca 2424 vnc_display_close(ds);
70848515 2425 if (strcmp(display, "none") == 0)
28a76be8 2426 return 0;
24236869 2427
70848515 2428 if (!(vs->display = strdup(display)))
28a76be8 2429 return -1;
70848515
TS		 2430
2431 options = display;
2432 while ((options = strchr(options, ','))) {
28a76be8
AL		 2433 options++;
2434 if (strncmp(options, "password", 8) == 0) {
2435 password = 1; /* Require password auth */
2436 } else if (strncmp(options, "reverse", 7) == 0) {
2437 reverse = 1;
3a0558b5
GH		 2438 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2439 lock_key_sync = 0;
2f9606b3 2440#ifdef CONFIG_VNC_SASL
28a76be8
AL		 2441 } else if (strncmp(options, "sasl", 4) == 0) {
2442 sasl = 1; /* Require SASL auth */
2f9606b3 2443#endif
eb38c52c 2444#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2445 } else if (strncmp(options, "tls", 3) == 0) {
2446 tls = 1; /* Require TLS */
2447 } else if (strncmp(options, "x509", 4) == 0) {
2448 char *start, *end;
2449 x509 = 1; /* Require x509 certificates */
2450 if (strncmp(options, "x509verify", 10) == 0)
2451 vs->tls.x509verify = 1; /* ...and verify client certs */
2452
2453 /* Now check for 'x509=/some/path' postfix
2454 * and use that to setup x509 certificate/key paths */
2455 start = strchr(options, '=');
2456 end = strchr(options, ',');
2457 if (start && (!end || (start < end))) {
2458 int len = end ? end-(start+1) : strlen(start+1);
2459 char *path = qemu_strndup(start + 1, len);
2460
2461 VNC_DEBUG("Trying certificate path '%s'\n", path);
2462 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2463 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2464 qemu_free(path);
2465 qemu_free(vs->display);
2466 vs->display = NULL;
2467 return -1;
2468 }
2469 qemu_free(path);
2470 } else {
2471 fprintf(stderr, "No certificate path provided\n");
2472 qemu_free(vs->display);
2473 vs->display = NULL;
2474 return -1;
2475 }
8d5d2d4c 2476#endif
28a76be8
AL		 2477 } else if (strncmp(options, "acl", 3) == 0) {
2478 acl = 1;
2479 }
70848515
TS		 2480 }
2481
76655d6d
AL		 2482#ifdef CONFIG_VNC_TLS
2483 if (acl && x509 && vs->tls.x509verify) {
28a76be8
AL		 2484 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2485 fprintf(stderr, "Failed to create x509 dname ACL\n");
2486 exit(1);
2487 }
76655d6d
AL		 2488 }
2489#endif
2490#ifdef CONFIG_VNC_SASL
2491 if (acl && sasl) {
28a76be8
AL		 2492 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2493 fprintf(stderr, "Failed to create username ACL\n");
2494 exit(1);
2495 }
76655d6d
AL		 2496 }
2497#endif
2498
2f9606b3
AL		 2499 /*
2500 * Combinations we support here:
2501 *
2502 * - no-auth (clear text, no auth)
2503 * - password (clear text, weak auth)
2504 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2505 * - tls (encrypt, weak anonymous creds, no auth)
2506 * - tls + password (encrypt, weak anonymous creds, weak auth)
2507 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2508 * - tls + x509 (encrypt, good x509 creds, no auth)
2509 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2510 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2511 *
2512 * NB1. TLS is a stackable auth scheme.
2513 * NB2. the x509 schemes have option to validate a client cert dname
2514 */
70848515 2515 if (password) {
eb38c52c 2516#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2517 if (tls) {
2518 vs->auth = VNC_AUTH_VENCRYPT;
2519 if (x509) {
2520 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2521 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2522 } else {
2523 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2524 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2525 }
2526 } else {
2f9606b3 2527#endif /* CONFIG_VNC_TLS */
28a76be8
AL		 2528 VNC_DEBUG("Initializing VNC server with password auth\n");
2529 vs->auth = VNC_AUTH_VNC;
eb38c52c 2530#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2531 vs->subauth = VNC_AUTH_INVALID;
2532 }
2f9606b3
AL		 2533#endif /* CONFIG_VNC_TLS */
2534#ifdef CONFIG_VNC_SASL
2535 } else if (sasl) {
2536#ifdef CONFIG_VNC_TLS
2537 if (tls) {
2538 vs->auth = VNC_AUTH_VENCRYPT;
2539 if (x509) {
28a76be8 2540 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2f9606b3
AL		 2541 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2542 } else {
28a76be8 2543 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2f9606b3
AL		 2544 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2545 }
2546 } else {
2547#endif /* CONFIG_VNC_TLS */
28a76be8 2548 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2f9606b3
AL		 2549 vs->auth = VNC_AUTH_SASL;
2550#ifdef CONFIG_VNC_TLS
2551 vs->subauth = VNC_AUTH_INVALID;
2552 }
2553#endif /* CONFIG_VNC_TLS */
2554#endif /* CONFIG_VNC_SASL */
70848515 2555 } else {
eb38c52c 2556#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2557 if (tls) {
2558 vs->auth = VNC_AUTH_VENCRYPT;
2559 if (x509) {
2560 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2561 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2562 } else {
2563 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2564 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2565 }
2566 } else {
8d5d2d4c 2567#endif
28a76be8
AL		 2568 VNC_DEBUG("Initializing VNC server with no auth\n");
2569 vs->auth = VNC_AUTH_NONE;
eb38c52c 2570#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2571 vs->subauth = VNC_AUTH_INVALID;
2572 }
8d5d2d4c 2573#endif
70848515 2574 }
24236869 2575
2f9606b3
AL		 2576#ifdef CONFIG_VNC_SASL
2577 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2578 fprintf(stderr, "Failed to initialize SASL auth %s",
2579 sasl_errstring(saslErr, NULL, NULL));
2580 free(vs->display);
2581 vs->display = NULL;
2582 return -1;
2583 }
2584#endif
3a0558b5 2585 vs->lock_key_sync = lock_key_sync;
2f9606b3 2586
3aa3eea3 2587 if (reverse) {
9712ecaf
AL		 2588 /* connect to viewer */
2589 if (strncmp(display, "unix:", 5) == 0)
2590 vs->lsock = unix_connect(display+5);
2591 else
2592 vs->lsock = inet_connect(display, SOCK_STREAM);
2593 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2594 free(vs->display);
2595 vs->display = NULL;
2596 return -1;
2597 } else {
753b4053 2598 int csock = vs->lsock;
3aa3eea3 2599 vs->lsock = -1;
753b4053 2600 vnc_connect(vs, csock);
3aa3eea3 2601 }
9712ecaf 2602 return 0;
24236869 2603
9712ecaf
AL		 2604 } else {
2605 /* listen for connects */
2606 char *dpy;
2607 dpy = qemu_malloc(256);
2608 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2609 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2610 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2611 } else {
2612 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2613 }
2614 if (-1 == vs->lsock) {
2615 free(dpy);
d0513623 2616 return -1;
9712ecaf
AL		 2617 } else {
2618 free(vs->display);
2619 vs->display = dpy;
2620 }
24236869 2621 }
753b4053 2622 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
24236869 2623}
Empty description
This page took 0.843271 seconds and 4 git commands to generate.