search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote branch 'mst/pci' into staging
[qemu/aliguori-queue.git] / vnc.c
blob7ce73dca3d35f8363870e7b61c09e2179105c9f5
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
59 size_t addrlen;
60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
70 /* Enough for the existing format + the 2 vars we're
71 * substituting in. */
72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
76
77 return addr;
78 }
79
80
81 char *vnc_socket_local_addr(const char *format, int fd) {
82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90 }
91
92 char *vnc_socket_remote_addr(const char *format, int fd) {
93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101 }
102
103 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105 {
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
122
123 return 0;
124 }
125
126 static int vnc_server_addr_put(QDict *qdict, int fd)
127 {
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137 }
138
139 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140 {
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150 }
151
152 static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171 #ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
191 default:
192 return "vencrypt";
193 }
194 #else
195 return "vencrypt";
196 #endif
197 case VNC_AUTH_SASL:
198 return "sasl";
199 }
200 return "unknown";
201 }
202
203 static int vnc_server_info_put(QDict *qdict)
204 {
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211 }
212
213 static void vnc_client_cache_auth(VncState *client)
214 {
215 QDict *qdict;
216
217 if (!client->info) {
218 return;
219 }
220
221 qdict = qobject_to_qdict(client->info);
222
223 #ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
228 #endif
229 #ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
231 client->sasl.username) {
232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
234 }
235 #endif
236 }
237
238 static void vnc_client_cache_addr(VncState *client)
239 {
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
250 }
251
252 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253 {
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274 }
275
276 static void info_vnc_iter(QObject *obj, void *opaque)
277 {
278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287 #ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291 #endif
292 #ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
296 #endif
297 }
298
299 void do_info_vnc_print(Monitor *mon, const QObject *data)
300 {
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
305 if (qdict_get_bool(server, "enabled") == 0) {
306 monitor_printf(mon, "Server: disabled\n");
307 return;
308 }
309
310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322 }
323
324 /**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
332 * - "enabled": true or false
333 * - "host": server's IP address
334 * - "family": address family ("ipv4" or "ipv6")
335 * - "service": server's port number
336 * - "auth": authentication method
337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
342 * - "family": address family ("ipv4" or "ipv6")
343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
345 * - "sasl_username": SASL username (optional)
346 *
347 * Example:
348 *
349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
352 */
353 void do_info_vnc(Monitor *mon, QObject **ret_data)
354 {
355 if (vnc_display == NULL || vnc_display->display == NULL) {
356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
357 } else {
358 QList *clist;
359 VncState *client;
360
361 clist = qlist_new();
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
367 }
368 }
369
370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
375 qobject_decref(*ret_data);
376 *ret_data = NULL;
377 }
378 }
379 }
380
381 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383 }
384
385 /* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390 */
391
392 static int vnc_update_client(VncState *vs, int has_dirty);
393 static void vnc_disconnect_start(VncState *vs);
394 static void vnc_disconnect_finish(VncState *vs);
395 static void vnc_init_timer(VncDisplay *vd);
396 static void vnc_remove_timer(VncDisplay *vd);
397
398 static void vnc_colordepth(VncState *vs);
399 static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402 static void vnc_refresh(void *opaque);
403 static int vnc_refresh_server_surface(VncDisplay *vd);
404
405 static inline void vnc_set_bit(uint32_t *d, int k)
406 {
407 d[k >> 5] |= 1 << (k & 0x1f);
408 }
409
410 static inline void vnc_clear_bit(uint32_t *d, int k)
411 {
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413 }
414
415 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416 {
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
424 if (n > 0)
425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428 }
429
430 static inline int vnc_get_bit(const uint32_t *d, int k)
431 {
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433 }
434
435 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
436 int nb_words)
437 {
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444 }
445
446 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
447 {
448 int i;
449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
451
452 h += y;
453
454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
465
466 for (; y < h; y++)
467 for (i = 0; i < w; i += 16)
468 vnc_set_bit(s->dirty[y], (x + i) / 16);
469 }
470
471 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
472 int32_t encoding)
473 {
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480 }
481
482 void buffer_reserve(Buffer *buffer, size_t len)
483 {
484 if ((buffer->capacity - buffer->offset) < len) {
485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
491 }
492 }
493
494 int buffer_empty(Buffer *buffer)
495 {
496 return buffer->offset == 0;
497 }
498
499 uint8_t *buffer_end(Buffer *buffer)
500 {
501 return buffer->buffer + buffer->offset;
502 }
503
504 void buffer_reset(Buffer *buffer)
505 {
506 buffer->offset = 0;
507 }
508
509 void buffer_append(Buffer *buffer, const void *data, size_t len)
510 {
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513 }
514
515 static void vnc_dpy_resize(DisplayState *ds)
516 {
517 int size_changed;
518 VncDisplay *vd = ds->opaque;
519 VncState *vs;
520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
529
530 /* guest surface */
531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
534 console_color_init(ds);
535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
539
540 QTAILQ_FOREACH(vs, &vd->clients, next) {
541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
544 vnc_write_u8(vs, 0); /* msg id */
545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
553 }
554 }
555
556 /* fastest code */
557 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558 {
559 vnc_write(vs, pixels, size);
560 }
561
562 /* slowest but generic code. */
563 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
564 {
565 uint8_t r, g, b;
566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605 }
606
607 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608 {
609 uint8_t buf[4];
610 VncDisplay *vd = vs->vd;
611
612 if (vd->server->pf.bytes_per_pixel == 4) {
613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
619 }
620 } else if (vd->server->pf.bytes_per_pixel == 2) {
621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
627 }
628 } else if (vd->server->pf.bytes_per_pixel == 1) {
629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
638 }
639 }
640
641 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
642 {
643 int i;
644 uint8_t *row;
645 VncDisplay *vd = vs->vd;
646
647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
648 for (i = 0; i < h; i++) {
649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
651 }
652 }
653
654 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
655 {
656 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
657 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
658 }
659
660 #define BPP 8
661 #include "vnchextile.h"
662 #undef BPP
663
664 #define BPP 16
665 #include "vnchextile.h"
666 #undef BPP
667
668 #define BPP 32
669 #include "vnchextile.h"
670 #undef BPP
671
672 #define GENERIC
673 #define BPP 8
674 #include "vnchextile.h"
675 #undef BPP
676 #undef GENERIC
677
678 #define GENERIC
679 #define BPP 16
680 #include "vnchextile.h"
681 #undef BPP
682 #undef GENERIC
683
684 #define GENERIC
685 #define BPP 32
686 #include "vnchextile.h"
687 #undef BPP
688 #undef GENERIC
689
690 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
691 {
692 int i, j;
693 int has_fg, has_bg;
694 uint8_t *last_fg, *last_bg;
695 VncDisplay *vd = vs->vd;
696
697 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
698 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
699 has_fg = has_bg = 0;
700 for (j = y; j < (y + h); j += 16) {
701 for (i = x; i < (x + w); i += 16) {
702 vs->send_hextile_tile(vs, i, j,
703 MIN(16, x + w - i), MIN(16, y + h - j),
704 last_bg, last_fg, &has_bg, &has_fg);
705 }
706 }
707 free(last_fg);
708 free(last_bg);
709
710 }
711
712 #define ZALLOC_ALIGNMENT 16
713
714 static void *zalloc(void *x, unsigned items, unsigned size)
715 {
716 void *p;
717
718 size *= items;
719 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
720
721 p = qemu_mallocz(size);
722
723 return (p);
724 }
725
726 static void zfree(void *x, void *addr)
727 {
728 qemu_free(addr);
729 }
730
731 static void vnc_zlib_init(VncState *vs)
732 {
733 int i;
734 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
735 vs->zlib_stream[i].opaque = NULL;
736 }
737
738 static void vnc_zlib_start(VncState *vs)
739 {
740 buffer_reset(&vs->zlib);
741
742 // make the output buffer be the zlib buffer, so we can compress it later
743 vs->zlib_tmp = vs->output;
744 vs->output = vs->zlib;
745 }
746
747 static int vnc_zlib_stop(VncState *vs, int stream_id)
748 {
749 z_streamp zstream = &vs->zlib_stream[stream_id];
750 int previous_out;
751
752 // switch back to normal output/zlib buffers
753 vs->zlib = vs->output;
754 vs->output = vs->zlib_tmp;
755
756 // compress the zlib buffer
757
758 // initialize the stream
759 // XXX need one stream per session
760 if (zstream->opaque != vs) {
761 int err;
762
763 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
764 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
765 zstream->zalloc = zalloc;
766 zstream->zfree = zfree;
767
768 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
769 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
770
771 if (err != Z_OK) {
772 fprintf(stderr, "VNC: error initializing zlib\n");
773 return -1;
774 }
775
776 zstream->opaque = vs;
777 }
778
779 // XXX what to do if tight_compression changed in between?
780
781 // reserve memory in output buffer
782 buffer_reserve(&vs->output, vs->zlib.offset + 64);
783
784 // set pointers
785 zstream->next_in = vs->zlib.buffer;
786 zstream->avail_in = vs->zlib.offset;
787 zstream->next_out = vs->output.buffer + vs->output.offset;
788 zstream->avail_out = vs->output.capacity - vs->output.offset;
789 zstream->data_type = Z_BINARY;
790 previous_out = zstream->total_out;
791
792 // start encoding
793 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
794 fprintf(stderr, "VNC: error during zlib compression\n");
795 return -1;
796 }
797
798 vs->output.offset = vs->output.capacity - zstream->avail_out;
799 return zstream->total_out - previous_out;
800 }
801
802 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
803 {
804 int old_offset, new_offset, bytes_written;
805
806 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
807
808 // remember where we put in the follow-up size
809 old_offset = vs->output.offset;
810 vnc_write_s32(vs, 0);
811
812 // compress the stream
813 vnc_zlib_start(vs);
814 send_framebuffer_update_raw(vs, x, y, w, h);
815 bytes_written = vnc_zlib_stop(vs, 0);
816
817 if (bytes_written == -1)
818 return;
819
820 // hack in the size
821 new_offset = vs->output.offset;
822 vs->output.offset = old_offset;
823 vnc_write_u32(vs, bytes_written);
824 vs->output.offset = new_offset;
825 }
826
827 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
828 {
829 switch(vs->vnc_encoding) {
830 case VNC_ENCODING_ZLIB:
831 send_framebuffer_update_zlib(vs, x, y, w, h);
832 break;
833 case VNC_ENCODING_HEXTILE:
834 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
835 send_framebuffer_update_hextile(vs, x, y, w, h);
836 break;
837 default:
838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
839 send_framebuffer_update_raw(vs, x, y, w, h);
840 break;
841 }
842 }
843
844 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
845 {
846 /* send bitblit op to the vnc client */
847 vnc_write_u8(vs, 0); /* msg id */
848 vnc_write_u8(vs, 0);
849 vnc_write_u16(vs, 1); /* number of rects */
850 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
851 vnc_write_u16(vs, src_x);
852 vnc_write_u16(vs, src_y);
853 vnc_flush(vs);
854 }
855
856 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
857 {
858 VncDisplay *vd = ds->opaque;
859 VncState *vs, *vn;
860 uint8_t *src_row;
861 uint8_t *dst_row;
862 int i,x,y,pitch,depth,inc,w_lim,s;
863 int cmp_bytes;
864
865 vnc_refresh_server_surface(vd);
866 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
867 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
868 vs->force_update = 1;
869 vnc_update_client(vs, 1);
870 /* vs might be free()ed here */
871 }
872 }
873
874 /* do bitblit op on the local surface too */
875 pitch = ds_get_linesize(vd->ds);
876 depth = ds_get_bytes_per_pixel(vd->ds);
877 src_row = vd->server->data + pitch * src_y + depth * src_x;
878 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
879 y = dst_y;
880 inc = 1;
881 if (dst_y > src_y) {
882 /* copy backwards */
883 src_row += pitch * (h-1);
884 dst_row += pitch * (h-1);
885 pitch = -pitch;
886 y = dst_y + h - 1;
887 inc = -1;
888 }
889 w_lim = w - (16 - (dst_x % 16));
890 if (w_lim < 0)
891 w_lim = w;
892 else
893 w_lim = w - (w_lim % 16);
894 for (i = 0; i < h; i++) {
895 for (x = 0; x <= w_lim;
896 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
897 if (x == w_lim) {
898 if ((s = w - w_lim) == 0)
899 break;
900 } else if (!x) {
901 s = (16 - (dst_x % 16));
902 s = MIN(s, w_lim);
903 } else {
904 s = 16;
905 }
906 cmp_bytes = s * depth;
907 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
908 continue;
909 memmove(dst_row, src_row, cmp_bytes);
910 QTAILQ_FOREACH(vs, &vd->clients, next) {
911 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
912 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
913 }
914 }
915 }
916 src_row += pitch - w * depth;
917 dst_row += pitch - w * depth;
918 y += inc;
919 }
920
921 QTAILQ_FOREACH(vs, &vd->clients, next) {
922 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
923 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
924 }
925 }
926 }
927
928 static int find_and_clear_dirty_height(struct VncState *vs,
929 int y, int last_x, int x)
930 {
931 int h;
932 VncDisplay *vd = vs->vd;
933
934 for (h = 1; h < (vd->server->height - y); h++) {
935 int tmp_x;
936 if (!vnc_get_bit(vs->dirty[y + h], last_x))
937 break;
938 for (tmp_x = last_x; tmp_x < x; tmp_x++)
939 vnc_clear_bit(vs->dirty[y + h], tmp_x);
940 }
941
942 return h;
943 }
944
945 static int vnc_update_client(VncState *vs, int has_dirty)
946 {
947 if (vs->need_update && vs->csock != -1) {
948 VncDisplay *vd = vs->vd;
949 int y;
950 int n_rectangles;
951 int saved_offset;
952
953 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
954 /* kernel send buffers are full -> drop frames to throttle */
955 return 0;
956
957 if (!has_dirty && !vs->audio_cap && !vs->force_update)
958 return 0;
959
960 /*
961 * Send screen updates to the vnc client using the server
962 * surface and server dirty map. guest surface updates
963 * happening in parallel don't disturb us, the next pass will
964 * send them to the client.
965 */
966 n_rectangles = 0;
967 vnc_write_u8(vs, 0); /* msg id */
968 vnc_write_u8(vs, 0);
969 saved_offset = vs->output.offset;
970 vnc_write_u16(vs, 0);
971
972 for (y = 0; y < vd->server->height; y++) {
973 int x;
974 int last_x = -1;
975 for (x = 0; x < vd->server->width / 16; x++) {
976 if (vnc_get_bit(vs->dirty[y], x)) {
977 if (last_x == -1) {
978 last_x = x;
979 }
980 vnc_clear_bit(vs->dirty[y], x);
981 } else {
982 if (last_x != -1) {
983 int h = find_and_clear_dirty_height(vs, y, last_x, x);
984 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
985 n_rectangles++;
986 }
987 last_x = -1;
988 }
989 }
990 if (last_x != -1) {
991 int h = find_and_clear_dirty_height(vs, y, last_x, x);
992 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
993 n_rectangles++;
994 }
995 }
996 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
997 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
998 vnc_flush(vs);
999 vs->force_update = 0;
1000 return n_rectangles;
1001 }
1002
1003 if (vs->csock == -1)
1004 vnc_disconnect_finish(vs);
1005
1006 return 0;
1007 }
1008
1009 /* audio */
1010 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1011 {
1012 VncState *vs = opaque;
1013
1014 switch (cmd) {
1015 case AUD_CNOTIFY_DISABLE:
1016 vnc_write_u8(vs, 255);
1017 vnc_write_u8(vs, 1);
1018 vnc_write_u16(vs, 0);
1019 vnc_flush(vs);
1020 break;
1021
1022 case AUD_CNOTIFY_ENABLE:
1023 vnc_write_u8(vs, 255);
1024 vnc_write_u8(vs, 1);
1025 vnc_write_u16(vs, 1);
1026 vnc_flush(vs);
1027 break;
1028 }
1029 }
1030
1031 static void audio_capture_destroy(void *opaque)
1032 {
1033 }
1034
1035 static void audio_capture(void *opaque, void *buf, int size)
1036 {
1037 VncState *vs = opaque;
1038
1039 vnc_write_u8(vs, 255);
1040 vnc_write_u8(vs, 1);
1041 vnc_write_u16(vs, 2);
1042 vnc_write_u32(vs, size);
1043 vnc_write(vs, buf, size);
1044 vnc_flush(vs);
1045 }
1046
1047 static void audio_add(VncState *vs)
1048 {
1049 Monitor *mon = cur_mon;
1050 struct audio_capture_ops ops;
1051
1052 if (vs->audio_cap) {
1053 monitor_printf(mon, "audio already running\n");
1054 return;
1055 }
1056
1057 ops.notify = audio_capture_notify;
1058 ops.destroy = audio_capture_destroy;
1059 ops.capture = audio_capture;
1060
1061 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1062 if (!vs->audio_cap) {
1063 monitor_printf(mon, "Failed to add audio capture\n");
1064 }
1065 }
1066
1067 static void audio_del(VncState *vs)
1068 {
1069 if (vs->audio_cap) {
1070 AUD_del_capture(vs->audio_cap, vs);
1071 vs->audio_cap = NULL;
1072 }
1073 }
1074
1075 static void vnc_disconnect_start(VncState *vs)
1076 {
1077 if (vs->csock == -1)
1078 return;
1079 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1080 closesocket(vs->csock);
1081 vs->csock = -1;
1082 }
1083
1084 static void vnc_disconnect_finish(VncState *vs)
1085 {
1086 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1087
1088 if (vs->input.buffer) {
1089 qemu_free(vs->input.buffer);
1090 vs->input.buffer = NULL;
1091 }
1092 if (vs->output.buffer) {
1093 qemu_free(vs->output.buffer);
1094 vs->output.buffer = NULL;
1095 }
1096
1097 qobject_decref(vs->info);
1098
1099 #ifdef CONFIG_VNC_TLS
1100 vnc_tls_client_cleanup(vs);
1101 #endif /* CONFIG_VNC_TLS */
1102 #ifdef CONFIG_VNC_SASL
1103 vnc_sasl_client_cleanup(vs);
1104 #endif /* CONFIG_VNC_SASL */
1105 audio_del(vs);
1106
1107 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1108
1109 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1110 dcl->idle = 1;
1111 }
1112
1113 vnc_remove_timer(vs->vd);
1114 qemu_remove_led_event_handler(vs->led);
1115 qemu_free(vs);
1116 }
1117
1118 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1119 {
1120 if (ret == 0 || ret == -1) {
1121 if (ret == -1) {
1122 switch (last_errno) {
1123 case EINTR:
1124 case EAGAIN:
1125 #ifdef _WIN32
1126 case WSAEWOULDBLOCK:
1127 #endif
1128 return 0;
1129 default:
1130 break;
1131 }
1132 }
1133
1134 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1135 ret, ret < 0 ? last_errno : 0);
1136 vnc_disconnect_start(vs);
1137
1138 return 0;
1139 }
1140 return ret;
1141 }
1142
1143
1144 void vnc_client_error(VncState *vs)
1145 {
1146 VNC_DEBUG("Closing down client sock: protocol error\n");
1147 vnc_disconnect_start(vs);
1148 }
1149
1150
1151 /*
1152 * Called to write a chunk of data to the client socket. The data may
1153 * be the raw data, or may have already been encoded by SASL.
1154 * The data will be written either straight onto the socket, or
1155 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1156 *
1157 * NB, it is theoretically possible to have 2 layers of encryption,
1158 * both SASL, and this TLS layer. It is highly unlikely in practice
1159 * though, since SASL encryption will typically be a no-op if TLS
1160 * is active
1161 *
1162 * Returns the number of bytes written, which may be less than
1163 * the requested 'datalen' if the socket would block. Returns
1164 * -1 on error, and disconnects the client socket.
1165 */
1166 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1167 {
1168 long ret;
1169 #ifdef CONFIG_VNC_TLS
1170 if (vs->tls.session) {
1171 ret = gnutls_write(vs->tls.session, data, datalen);
1172 if (ret < 0) {
1173 if (ret == GNUTLS_E_AGAIN)
1174 errno = EAGAIN;
1175 else
1176 errno = EIO;
1177 ret = -1;
1178 }
1179 } else
1180 #endif /* CONFIG_VNC_TLS */
1181 ret = send(vs->csock, (const void *)data, datalen, 0);
1182 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1183 return vnc_client_io_error(vs, ret, socket_error());
1184 }
1185
1186
1187 /*
1188 * Called to write buffered data to the client socket, when not
1189 * using any SASL SSF encryption layers. Will write as much data
1190 * as possible without blocking. If all buffered data is written,
1191 * will switch the FD poll() handler back to read monitoring.
1192 *
1193 * Returns the number of bytes written, which may be less than
1194 * the buffered output data if the socket would block. Returns
1195 * -1 on error, and disconnects the client socket.
1196 */
1197 static long vnc_client_write_plain(VncState *vs)
1198 {
1199 long ret;
1200
1201 #ifdef CONFIG_VNC_SASL
1202 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1203 vs->output.buffer, vs->output.capacity, vs->output.offset,
1204 vs->sasl.waitWriteSSF);
1205
1206 if (vs->sasl.conn &&
1207 vs->sasl.runSSF &&
1208 vs->sasl.waitWriteSSF) {
1209 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1210 if (ret)
1211 vs->sasl.waitWriteSSF -= ret;
1212 } else
1213 #endif /* CONFIG_VNC_SASL */
1214 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1215 if (!ret)
1216 return 0;
1217
1218 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1219 vs->output.offset -= ret;
1220
1221 if (vs->output.offset == 0) {
1222 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1223 }
1224
1225 return ret;
1226 }
1227
1228
1229 /*
1230 * First function called whenever there is data to be written to
1231 * the client socket. Will delegate actual work according to whether
1232 * SASL SSF layers are enabled (thus requiring encryption calls)
1233 */
1234 void vnc_client_write(void *opaque)
1235 {
1236 long ret;
1237 VncState *vs = opaque;
1238
1239 #ifdef CONFIG_VNC_SASL
1240 if (vs->sasl.conn &&
1241 vs->sasl.runSSF &&
1242 !vs->sasl.waitWriteSSF)
1243 ret = vnc_client_write_sasl(vs);
1244 else
1245 #endif /* CONFIG_VNC_SASL */
1246 ret = vnc_client_write_plain(vs);
1247 }
1248
1249 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1250 {
1251 vs->read_handler = func;
1252 vs->read_handler_expect = expecting;
1253 }
1254
1255
1256 /*
1257 * Called to read a chunk of data from the client socket. The data may
1258 * be the raw data, or may need to be further decoded by SASL.
1259 * The data will be read either straight from to the socket, or
1260 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1261 *
1262 * NB, it is theoretically possible to have 2 layers of encryption,
1263 * both SASL, and this TLS layer. It is highly unlikely in practice
1264 * though, since SASL encryption will typically be a no-op if TLS
1265 * is active
1266 *
1267 * Returns the number of bytes read, which may be less than
1268 * the requested 'datalen' if the socket would block. Returns
1269 * -1 on error, and disconnects the client socket.
1270 */
1271 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1272 {
1273 long ret;
1274 #ifdef CONFIG_VNC_TLS
1275 if (vs->tls.session) {
1276 ret = gnutls_read(vs->tls.session, data, datalen);
1277 if (ret < 0) {
1278 if (ret == GNUTLS_E_AGAIN)
1279 errno = EAGAIN;
1280 else
1281 errno = EIO;
1282 ret = -1;
1283 }
1284 } else
1285 #endif /* CONFIG_VNC_TLS */
1286 ret = recv(vs->csock, (void *)data, datalen, 0);
1287 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1288 return vnc_client_io_error(vs, ret, socket_error());
1289 }
1290
1291
1292 /*
1293 * Called to read data from the client socket to the input buffer,
1294 * when not using any SASL SSF encryption layers. Will read as much
1295 * data as possible without blocking.
1296 *
1297 * Returns the number of bytes read. Returns -1 on error, and
1298 * disconnects the client socket.
1299 */
1300 static long vnc_client_read_plain(VncState *vs)
1301 {
1302 int ret;
1303 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1304 vs->input.buffer, vs->input.capacity, vs->input.offset);
1305 buffer_reserve(&vs->input, 4096);
1306 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1307 if (!ret)
1308 return 0;
1309 vs->input.offset += ret;
1310 return ret;
1311 }
1312
1313
1314 /*
1315 * First function called whenever there is more data to be read from
1316 * the client socket. Will delegate actual work according to whether
1317 * SASL SSF layers are enabled (thus requiring decryption calls)
1318 */
1319 void vnc_client_read(void *opaque)
1320 {
1321 VncState *vs = opaque;
1322 long ret;
1323
1324 #ifdef CONFIG_VNC_SASL
1325 if (vs->sasl.conn && vs->sasl.runSSF)
1326 ret = vnc_client_read_sasl(vs);
1327 else
1328 #endif /* CONFIG_VNC_SASL */
1329 ret = vnc_client_read_plain(vs);
1330 if (!ret) {
1331 if (vs->csock == -1)
1332 vnc_disconnect_finish(vs);
1333 return;
1334 }
1335
1336 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1337 size_t len = vs->read_handler_expect;
1338 int ret;
1339
1340 ret = vs->read_handler(vs, vs->input.buffer, len);
1341 if (vs->csock == -1) {
1342 vnc_disconnect_finish(vs);
1343 return;
1344 }
1345
1346 if (!ret) {
1347 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1348 vs->input.offset -= len;
1349 } else {
1350 vs->read_handler_expect = ret;
1351 }
1352 }
1353 }
1354
1355 void vnc_write(VncState *vs, const void *data, size_t len)
1356 {
1357 buffer_reserve(&vs->output, len);
1358
1359 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1360 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1361 }
1362
1363 buffer_append(&vs->output, data, len);
1364 }
1365
1366 void vnc_write_s32(VncState *vs, int32_t value)
1367 {
1368 vnc_write_u32(vs, *(uint32_t *)&value);
1369 }
1370
1371 void vnc_write_u32(VncState *vs, uint32_t value)
1372 {
1373 uint8_t buf[4];
1374
1375 buf[0] = (value >> 24) & 0xFF;
1376 buf[1] = (value >> 16) & 0xFF;
1377 buf[2] = (value >> 8) & 0xFF;
1378 buf[3] = value & 0xFF;
1379
1380 vnc_write(vs, buf, 4);
1381 }
1382
1383 void vnc_write_u16(VncState *vs, uint16_t value)
1384 {
1385 uint8_t buf[2];
1386
1387 buf[0] = (value >> 8) & 0xFF;
1388 buf[1] = value & 0xFF;
1389
1390 vnc_write(vs, buf, 2);
1391 }
1392
1393 void vnc_write_u8(VncState *vs, uint8_t value)
1394 {
1395 vnc_write(vs, (char *)&value, 1);
1396 }
1397
1398 void vnc_flush(VncState *vs)
1399 {
1400 if (vs->csock != -1 && vs->output.offset)
1401 vnc_client_write(vs);
1402 }
1403
1404 uint8_t read_u8(uint8_t *data, size_t offset)
1405 {
1406 return data[offset];
1407 }
1408
1409 uint16_t read_u16(uint8_t *data, size_t offset)
1410 {
1411 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1412 }
1413
1414 int32_t read_s32(uint8_t *data, size_t offset)
1415 {
1416 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1417 (data[offset + 2] << 8) | data[offset + 3]);
1418 }
1419
1420 uint32_t read_u32(uint8_t *data, size_t offset)
1421 {
1422 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1423 (data[offset + 2] << 8) | data[offset + 3]);
1424 }
1425
1426 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1427 {
1428 }
1429
1430 static void check_pointer_type_change(VncState *vs, int absolute)
1431 {
1432 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1433 vnc_write_u8(vs, 0);
1434 vnc_write_u8(vs, 0);
1435 vnc_write_u16(vs, 1);
1436 vnc_framebuffer_update(vs, absolute, 0,
1437 ds_get_width(vs->ds), ds_get_height(vs->ds),
1438 VNC_ENCODING_POINTER_TYPE_CHANGE);
1439 vnc_flush(vs);
1440 }
1441 vs->absolute = absolute;
1442 }
1443
1444 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1445 {
1446 int buttons = 0;
1447 int dz = 0;
1448
1449 if (button_mask & 0x01)
1450 buttons |= MOUSE_EVENT_LBUTTON;
1451 if (button_mask & 0x02)
1452 buttons |= MOUSE_EVENT_MBUTTON;
1453 if (button_mask & 0x04)
1454 buttons |= MOUSE_EVENT_RBUTTON;
1455 if (button_mask & 0x08)
1456 dz = -1;
1457 if (button_mask & 0x10)
1458 dz = 1;
1459
1460 if (vs->absolute) {
1461 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1462 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1463 dz, buttons);
1464 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1465 x -= 0x7FFF;
1466 y -= 0x7FFF;
1467
1468 kbd_mouse_event(x, y, dz, buttons);
1469 } else {
1470 if (vs->last_x != -1)
1471 kbd_mouse_event(x - vs->last_x,
1472 y - vs->last_y,
1473 dz, buttons);
1474 vs->last_x = x;
1475 vs->last_y = y;
1476 }
1477
1478 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1479 }
1480
1481 static void reset_keys(VncState *vs)
1482 {
1483 int i;
1484 for(i = 0; i < 256; i++) {
1485 if (vs->modifiers_state[i]) {
1486 if (i & SCANCODE_GREY)
1487 kbd_put_keycode(SCANCODE_EMUL0);
1488 kbd_put_keycode(i | SCANCODE_UP);
1489 vs->modifiers_state[i] = 0;
1490 }
1491 }
1492 }
1493
1494 static void press_key(VncState *vs, int keysym)
1495 {
1496 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1497 if (keycode & SCANCODE_GREY)
1498 kbd_put_keycode(SCANCODE_EMUL0);
1499 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1500 if (keycode & SCANCODE_GREY)
1501 kbd_put_keycode(SCANCODE_EMUL0);
1502 kbd_put_keycode(keycode | SCANCODE_UP);
1503 }
1504
1505 static void kbd_leds(void *opaque, int ledstate)
1506 {
1507 VncState *vs = opaque;
1508 int caps, num;
1509
1510 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1511 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1512
1513 if (vs->modifiers_state[0x3a] != caps) {
1514 vs->modifiers_state[0x3a] = caps;
1515 }
1516 if (vs->modifiers_state[0x45] != num) {
1517 vs->modifiers_state[0x45] = num;
1518 }
1519 }
1520
1521 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1522 {
1523 /* QEMU console switch */
1524 switch(keycode) {
1525 case 0x2a: /* Left Shift */
1526 case 0x36: /* Right Shift */
1527 case 0x1d: /* Left CTRL */
1528 case 0x9d: /* Right CTRL */
1529 case 0x38: /* Left ALT */
1530 case 0xb8: /* Right ALT */
1531 if (down)
1532 vs->modifiers_state[keycode] = 1;
1533 else
1534 vs->modifiers_state[keycode] = 0;
1535 break;
1536 case 0x02 ... 0x0a: /* '1' to '9' keys */
1537 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1538 /* Reset the modifiers sent to the current console */
1539 reset_keys(vs);
1540 console_select(keycode - 0x02);
1541 return;
1542 }
1543 break;
1544 case 0x3a: /* CapsLock */
1545 case 0x45: /* NumLock */
1546 if (down)
1547 vs->modifiers_state[keycode] ^= 1;
1548 break;
1549 }
1550
1551 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1552 /* If the numlock state needs to change then simulate an additional
1553 keypress before sending this one. This will happen if the user
1554 toggles numlock away from the VNC window.
1555 */
1556 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1557 if (!vs->modifiers_state[0x45]) {
1558 vs->modifiers_state[0x45] = 1;
1559 press_key(vs, 0xff7f);
1560 }
1561 } else {
1562 if (vs->modifiers_state[0x45]) {
1563 vs->modifiers_state[0x45] = 0;
1564 press_key(vs, 0xff7f);
1565 }
1566 }
1567 }
1568
1569 if ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z')) {
1570 /* If the capslock state needs to change then simulate an additional
1571 keypress before sending this one. This will happen if the user
1572 toggles capslock away from the VNC window.
1573 */
1574 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1575 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1576 int capslock = !!(vs->modifiers_state[0x3a]);
1577 if (capslock) {
1578 if (uppercase == shift) {
1579 vs->modifiers_state[0x3a] = 0;
1580 press_key(vs, 0xffe5);
1581 }
1582 } else {
1583 if (uppercase != shift) {
1584 vs->modifiers_state[0x3a] = 1;
1585 press_key(vs, 0xffe5);
1586 }
1587 }
1588 }
1589
1590 if (is_graphic_console()) {
1591 if (keycode & SCANCODE_GREY)
1592 kbd_put_keycode(SCANCODE_EMUL0);
1593 if (down)
1594 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1595 else
1596 kbd_put_keycode(keycode | SCANCODE_UP);
1597 } else {
1598 /* QEMU console emulation */
1599 if (down) {
1600 int numlock = vs->modifiers_state[0x45];
1601 switch (keycode) {
1602 case 0x2a: /* Left Shift */
1603 case 0x36: /* Right Shift */
1604 case 0x1d: /* Left CTRL */
1605 case 0x9d: /* Right CTRL */
1606 case 0x38: /* Left ALT */
1607 case 0xb8: /* Right ALT */
1608 break;
1609 case 0xc8:
1610 kbd_put_keysym(QEMU_KEY_UP);
1611 break;
1612 case 0xd0:
1613 kbd_put_keysym(QEMU_KEY_DOWN);
1614 break;
1615 case 0xcb:
1616 kbd_put_keysym(QEMU_KEY_LEFT);
1617 break;
1618 case 0xcd:
1619 kbd_put_keysym(QEMU_KEY_RIGHT);
1620 break;
1621 case 0xd3:
1622 kbd_put_keysym(QEMU_KEY_DELETE);
1623 break;
1624 case 0xc7:
1625 kbd_put_keysym(QEMU_KEY_HOME);
1626 break;
1627 case 0xcf:
1628 kbd_put_keysym(QEMU_KEY_END);
1629 break;
1630 case 0xc9:
1631 kbd_put_keysym(QEMU_KEY_PAGEUP);
1632 break;
1633 case 0xd1:
1634 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1635 break;
1636
1637 case 0x47:
1638 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1639 break;
1640 case 0x48:
1641 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1642 break;
1643 case 0x49:
1644 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1645 break;
1646 case 0x4b:
1647 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1648 break;
1649 case 0x4c:
1650 kbd_put_keysym('5');
1651 break;
1652 case 0x4d:
1653 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1654 break;
1655 case 0x4f:
1656 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1657 break;
1658 case 0x50:
1659 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1660 break;
1661 case 0x51:
1662 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1663 break;
1664 case 0x52:
1665 kbd_put_keysym('0');
1666 break;
1667 case 0x53:
1668 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1669 break;
1670
1671 case 0xb5:
1672 kbd_put_keysym('/');
1673 break;
1674 case 0x37:
1675 kbd_put_keysym('*');
1676 break;
1677 case 0x4a:
1678 kbd_put_keysym('-');
1679 break;
1680 case 0x4e:
1681 kbd_put_keysym('+');
1682 break;
1683 case 0x9c:
1684 kbd_put_keysym('\n');
1685 break;
1686
1687 default:
1688 kbd_put_keysym(sym);
1689 break;
1690 }
1691 }
1692 }
1693 }
1694
1695 static void key_event(VncState *vs, int down, uint32_t sym)
1696 {
1697 int keycode;
1698 int lsym = sym;
1699
1700 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1701 lsym = lsym - 'A' + 'a';
1702 }
1703
1704 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1705 do_key_event(vs, down, keycode, sym);
1706 }
1707
1708 static void ext_key_event(VncState *vs, int down,
1709 uint32_t sym, uint16_t keycode)
1710 {
1711 /* if the user specifies a keyboard layout, always use it */
1712 if (keyboard_layout)
1713 key_event(vs, down, sym);
1714 else
1715 do_key_event(vs, down, keycode, sym);
1716 }
1717
1718 static void framebuffer_update_request(VncState *vs, int incremental,
1719 int x_position, int y_position,
1720 int w, int h)
1721 {
1722 if (x_position > ds_get_width(vs->ds))
1723 x_position = ds_get_width(vs->ds);
1724 if (y_position > ds_get_height(vs->ds))
1725 y_position = ds_get_height(vs->ds);
1726 if (x_position + w >= ds_get_width(vs->ds))
1727 w = ds_get_width(vs->ds) - x_position;
1728 if (y_position + h >= ds_get_height(vs->ds))
1729 h = ds_get_height(vs->ds) - y_position;
1730
1731 int i;
1732 vs->need_update = 1;
1733 if (!incremental) {
1734 vs->force_update = 1;
1735 for (i = 0; i < h; i++) {
1736 vnc_set_bits(vs->dirty[y_position + i],
1737 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1738 }
1739 }
1740 }
1741
1742 static void send_ext_key_event_ack(VncState *vs)
1743 {
1744 vnc_write_u8(vs, 0);
1745 vnc_write_u8(vs, 0);
1746 vnc_write_u16(vs, 1);
1747 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1748 VNC_ENCODING_EXT_KEY_EVENT);
1749 vnc_flush(vs);
1750 }
1751
1752 static void send_ext_audio_ack(VncState *vs)
1753 {
1754 vnc_write_u8(vs, 0);
1755 vnc_write_u8(vs, 0);
1756 vnc_write_u16(vs, 1);
1757 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1758 VNC_ENCODING_AUDIO);
1759 vnc_flush(vs);
1760 }
1761
1762 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1763 {
1764 int i;
1765 unsigned int enc = 0;
1766
1767 vnc_zlib_init(vs);
1768 vs->features = 0;
1769 vs->vnc_encoding = 0;
1770 vs->tight_compression = 9;
1771 vs->tight_quality = 9;
1772 vs->absolute = -1;
1773
1774 for (i = n_encodings - 1; i >= 0; i--) {
1775 enc = encodings[i];
1776 switch (enc) {
1777 case VNC_ENCODING_RAW:
1778 vs->vnc_encoding = enc;
1779 break;
1780 case VNC_ENCODING_COPYRECT:
1781 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1782 break;
1783 case VNC_ENCODING_HEXTILE:
1784 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1785 vs->vnc_encoding = enc;
1786 break;
1787 case VNC_ENCODING_ZLIB:
1788 vs->features |= VNC_FEATURE_ZLIB_MASK;
1789 vs->vnc_encoding = enc;
1790 break;
1791 case VNC_ENCODING_DESKTOPRESIZE:
1792 vs->features |= VNC_FEATURE_RESIZE_MASK;
1793 break;
1794 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1795 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1796 break;
1797 case VNC_ENCODING_EXT_KEY_EVENT:
1798 send_ext_key_event_ack(vs);
1799 break;
1800 case VNC_ENCODING_AUDIO:
1801 send_ext_audio_ack(vs);
1802 break;
1803 case VNC_ENCODING_WMVi:
1804 vs->features |= VNC_FEATURE_WMVI_MASK;
1805 break;
1806 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1807 vs->tight_compression = (enc & 0x0F);
1808 break;
1809 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1810 vs->tight_quality = (enc & 0x0F);
1811 break;
1812 default:
1813 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1814 break;
1815 }
1816 }
1817
1818 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1819 }
1820
1821 static void set_pixel_conversion(VncState *vs)
1822 {
1823 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1824 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1825 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1826 vs->write_pixels = vnc_write_pixels_copy;
1827 switch (vs->ds->surface->pf.bits_per_pixel) {
1828 case 8:
1829 vs->send_hextile_tile = send_hextile_tile_8;
1830 break;
1831 case 16:
1832 vs->send_hextile_tile = send_hextile_tile_16;
1833 break;
1834 case 32:
1835 vs->send_hextile_tile = send_hextile_tile_32;
1836 break;
1837 }
1838 } else {
1839 vs->write_pixels = vnc_write_pixels_generic;
1840 switch (vs->ds->surface->pf.bits_per_pixel) {
1841 case 8:
1842 vs->send_hextile_tile = send_hextile_tile_generic_8;
1843 break;
1844 case 16:
1845 vs->send_hextile_tile = send_hextile_tile_generic_16;
1846 break;
1847 case 32:
1848 vs->send_hextile_tile = send_hextile_tile_generic_32;
1849 break;
1850 }
1851 }
1852 }
1853
1854 static void set_pixel_format(VncState *vs,
1855 int bits_per_pixel, int depth,
1856 int big_endian_flag, int true_color_flag,
1857 int red_max, int green_max, int blue_max,
1858 int red_shift, int green_shift, int blue_shift)
1859 {
1860 if (!true_color_flag) {
1861 vnc_client_error(vs);
1862 return;
1863 }
1864
1865 vs->clientds = *(vs->vd->guest.ds);
1866 vs->clientds.pf.rmax = red_max;
1867 count_bits(vs->clientds.pf.rbits, red_max);
1868 vs->clientds.pf.rshift = red_shift;
1869 vs->clientds.pf.rmask = red_max << red_shift;
1870 vs->clientds.pf.gmax = green_max;
1871 count_bits(vs->clientds.pf.gbits, green_max);
1872 vs->clientds.pf.gshift = green_shift;
1873 vs->clientds.pf.gmask = green_max << green_shift;
1874 vs->clientds.pf.bmax = blue_max;
1875 count_bits(vs->clientds.pf.bbits, blue_max);
1876 vs->clientds.pf.bshift = blue_shift;
1877 vs->clientds.pf.bmask = blue_max << blue_shift;
1878 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1879 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1880 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1881 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1882
1883 set_pixel_conversion(vs);
1884
1885 vga_hw_invalidate();
1886 vga_hw_update();
1887 }
1888
1889 static void pixel_format_message (VncState *vs) {
1890 char pad[3] = { 0, 0, 0 };
1891
1892 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1893 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1894
1895 #ifdef HOST_WORDS_BIGENDIAN
1896 vnc_write_u8(vs, 1); /* big-endian-flag */
1897 #else
1898 vnc_write_u8(vs, 0); /* big-endian-flag */
1899 #endif
1900 vnc_write_u8(vs, 1); /* true-color-flag */
1901 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1902 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1903 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1904 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1905 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1906 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1907 if (vs->ds->surface->pf.bits_per_pixel == 32)
1908 vs->send_hextile_tile = send_hextile_tile_32;
1909 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1910 vs->send_hextile_tile = send_hextile_tile_16;
1911 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1912 vs->send_hextile_tile = send_hextile_tile_8;
1913 vs->clientds = *(vs->ds->surface);
1914 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1915 vs->write_pixels = vnc_write_pixels_copy;
1916
1917 vnc_write(vs, pad, 3); /* padding */
1918 }
1919
1920 static void vnc_dpy_setdata(DisplayState *ds)
1921 {
1922 /* We don't have to do anything */
1923 }
1924
1925 static void vnc_colordepth(VncState *vs)
1926 {
1927 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1928 /* Sending a WMVi message to notify the client*/
1929 vnc_write_u8(vs, 0); /* msg id */
1930 vnc_write_u8(vs, 0);
1931 vnc_write_u16(vs, 1); /* number of rects */
1932 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1933 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1934 pixel_format_message(vs);
1935 vnc_flush(vs);
1936 } else {
1937 set_pixel_conversion(vs);
1938 }
1939 }
1940
1941 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1942 {
1943 int i;
1944 uint16_t limit;
1945 VncDisplay *vd = vs->vd;
1946
1947 if (data[0] > 3) {
1948 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1949 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1950 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1951 }
1952
1953 switch (data[0]) {
1954 case 0:
1955 if (len == 1)
1956 return 20;
1957
1958 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1959 read_u8(data, 6), read_u8(data, 7),
1960 read_u16(data, 8), read_u16(data, 10),
1961 read_u16(data, 12), read_u8(data, 14),
1962 read_u8(data, 15), read_u8(data, 16));
1963 break;
1964 case 2:
1965 if (len == 1)
1966 return 4;
1967
1968 if (len == 4) {
1969 limit = read_u16(data, 2);
1970 if (limit > 0)
1971 return 4 + (limit * 4);
1972 } else
1973 limit = read_u16(data, 2);
1974
1975 for (i = 0; i < limit; i++) {
1976 int32_t val = read_s32(data, 4 + (i * 4));
1977 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1978 }
1979
1980 set_encodings(vs, (int32_t *)(data + 4), limit);
1981 break;
1982 case 3:
1983 if (len == 1)
1984 return 10;
1985
1986 framebuffer_update_request(vs,
1987 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1988 read_u16(data, 6), read_u16(data, 8));
1989 break;
1990 case 4:
1991 if (len == 1)
1992 return 8;
1993
1994 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1995 break;
1996 case 5:
1997 if (len == 1)
1998 return 6;
1999
2000 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2001 break;
2002 case 6:
2003 if (len == 1)
2004 return 8;
2005
2006 if (len == 8) {
2007 uint32_t dlen = read_u32(data, 4);
2008 if (dlen > 0)
2009 return 8 + dlen;
2010 }
2011
2012 client_cut_text(vs, read_u32(data, 4), data + 8);
2013 break;
2014 case 255:
2015 if (len == 1)
2016 return 2;
2017
2018 switch (read_u8(data, 1)) {
2019 case 0:
2020 if (len == 2)
2021 return 12;
2022
2023 ext_key_event(vs, read_u16(data, 2),
2024 read_u32(data, 4), read_u32(data, 8));
2025 break;
2026 case 1:
2027 if (len == 2)
2028 return 4;
2029
2030 switch (read_u16 (data, 2)) {
2031 case 0:
2032 audio_add(vs);
2033 break;
2034 case 1:
2035 audio_del(vs);
2036 break;
2037 case 2:
2038 if (len == 4)
2039 return 10;
2040 switch (read_u8(data, 4)) {
2041 case 0: vs->as.fmt = AUD_FMT_U8; break;
2042 case 1: vs->as.fmt = AUD_FMT_S8; break;
2043 case 2: vs->as.fmt = AUD_FMT_U16; break;
2044 case 3: vs->as.fmt = AUD_FMT_S16; break;
2045 case 4: vs->as.fmt = AUD_FMT_U32; break;
2046 case 5: vs->as.fmt = AUD_FMT_S32; break;
2047 default:
2048 printf("Invalid audio format %d\n", read_u8(data, 4));
2049 vnc_client_error(vs);
2050 break;
2051 }
2052 vs->as.nchannels = read_u8(data, 5);
2053 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2054 printf("Invalid audio channel coount %d\n",
2055 read_u8(data, 5));
2056 vnc_client_error(vs);
2057 break;
2058 }
2059 vs->as.freq = read_u32(data, 6);
2060 break;
2061 default:
2062 printf ("Invalid audio message %d\n", read_u8(data, 4));
2063 vnc_client_error(vs);
2064 break;
2065 }
2066 break;
2067
2068 default:
2069 printf("Msg: %d\n", read_u16(data, 0));
2070 vnc_client_error(vs);
2071 break;
2072 }
2073 break;
2074 default:
2075 printf("Msg: %d\n", data[0]);
2076 vnc_client_error(vs);
2077 break;
2078 }
2079
2080 vnc_read_when(vs, protocol_client_msg, 1);
2081 return 0;
2082 }
2083
2084 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2085 {
2086 char buf[1024];
2087 int size;
2088
2089 vnc_write_u16(vs, ds_get_width(vs->ds));
2090 vnc_write_u16(vs, ds_get_height(vs->ds));
2091
2092 pixel_format_message(vs);
2093
2094 if (qemu_name)
2095 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2096 else
2097 size = snprintf(buf, sizeof(buf), "QEMU");
2098
2099 vnc_write_u32(vs, size);
2100 vnc_write(vs, buf, size);
2101 vnc_flush(vs);
2102
2103 vnc_client_cache_auth(vs);
2104 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2105
2106 vnc_read_when(vs, protocol_client_msg, 1);
2107
2108 return 0;
2109 }
2110
2111 void start_client_init(VncState *vs)
2112 {
2113 vnc_read_when(vs, protocol_client_init, 1);
2114 }
2115
2116 static void make_challenge(VncState *vs)
2117 {
2118 int i;
2119
2120 srand(time(NULL)+getpid()+getpid()*987654+rand());
2121
2122 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2123 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2124 }
2125
2126 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2127 {
2128 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2129 int i, j, pwlen;
2130 unsigned char key[8];
2131
2132 if (!vs->vd->password || !vs->vd->password[0]) {
2133 VNC_DEBUG("No password configured on server");
2134 vnc_write_u32(vs, 1); /* Reject auth */
2135 if (vs->minor >= 8) {
2136 static const char err[] = "Authentication failed";
2137 vnc_write_u32(vs, sizeof(err));
2138 vnc_write(vs, err, sizeof(err));
2139 }
2140 vnc_flush(vs);
2141 vnc_client_error(vs);
2142 return 0;
2143 }
2144
2145 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2146
2147 /* Calculate the expected challenge response */
2148 pwlen = strlen(vs->vd->password);
2149 for (i=0; i<sizeof(key); i++)
2150 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2151 deskey(key, EN0);
2152 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2153 des(response+j, response+j);
2154
2155 /* Compare expected vs actual challenge response */
2156 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2157 VNC_DEBUG("Client challenge reponse did not match\n");
2158 vnc_write_u32(vs, 1); /* Reject auth */
2159 if (vs->minor >= 8) {
2160 static const char err[] = "Authentication failed";
2161 vnc_write_u32(vs, sizeof(err));
2162 vnc_write(vs, err, sizeof(err));
2163 }
2164 vnc_flush(vs);
2165 vnc_client_error(vs);
2166 } else {
2167 VNC_DEBUG("Accepting VNC challenge response\n");
2168 vnc_write_u32(vs, 0); /* Accept auth */
2169 vnc_flush(vs);
2170
2171 start_client_init(vs);
2172 }
2173 return 0;
2174 }
2175
2176 void start_auth_vnc(VncState *vs)
2177 {
2178 make_challenge(vs);
2179 /* Send client a 'random' challenge */
2180 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2181 vnc_flush(vs);
2182
2183 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2184 }
2185
2186
2187 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2188 {
2189 /* We only advertise 1 auth scheme at a time, so client
2190 * must pick the one we sent. Verify this */
2191 if (data[0] != vs->vd->auth) { /* Reject auth */
2192 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2193 vnc_write_u32(vs, 1);
2194 if (vs->minor >= 8) {
2195 static const char err[] = "Authentication failed";
2196 vnc_write_u32(vs, sizeof(err));
2197 vnc_write(vs, err, sizeof(err));
2198 }
2199 vnc_client_error(vs);
2200 } else { /* Accept requested auth */
2201 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2202 switch (vs->vd->auth) {
2203 case VNC_AUTH_NONE:
2204 VNC_DEBUG("Accept auth none\n");
2205 if (vs->minor >= 8) {
2206 vnc_write_u32(vs, 0); /* Accept auth completion */
2207 vnc_flush(vs);
2208 }
2209 start_client_init(vs);
2210 break;
2211
2212 case VNC_AUTH_VNC:
2213 VNC_DEBUG("Start VNC auth\n");
2214 start_auth_vnc(vs);
2215 break;
2216
2217 #ifdef CONFIG_VNC_TLS
2218 case VNC_AUTH_VENCRYPT:
2219 VNC_DEBUG("Accept VeNCrypt auth\n");;
2220 start_auth_vencrypt(vs);
2221 break;
2222 #endif /* CONFIG_VNC_TLS */
2223
2224 #ifdef CONFIG_VNC_SASL
2225 case VNC_AUTH_SASL:
2226 VNC_DEBUG("Accept SASL auth\n");
2227 start_auth_sasl(vs);
2228 break;
2229 #endif /* CONFIG_VNC_SASL */
2230
2231 default: /* Should not be possible, but just in case */
2232 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2233 vnc_write_u8(vs, 1);
2234 if (vs->minor >= 8) {
2235 static const char err[] = "Authentication failed";
2236 vnc_write_u32(vs, sizeof(err));
2237 vnc_write(vs, err, sizeof(err));
2238 }
2239 vnc_client_error(vs);
2240 }
2241 }
2242 return 0;
2243 }
2244
2245 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2246 {
2247 char local[13];
2248
2249 memcpy(local, version, 12);
2250 local[12] = 0;
2251
2252 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2253 VNC_DEBUG("Malformed protocol version %s\n", local);
2254 vnc_client_error(vs);
2255 return 0;
2256 }
2257 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2258 if (vs->major != 3 ||
2259 (vs->minor != 3 &&
2260 vs->minor != 4 &&
2261 vs->minor != 5 &&
2262 vs->minor != 7 &&
2263 vs->minor != 8)) {
2264 VNC_DEBUG("Unsupported client version\n");
2265 vnc_write_u32(vs, VNC_AUTH_INVALID);
2266 vnc_flush(vs);
2267 vnc_client_error(vs);
2268 return 0;
2269 }
2270 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2271 * as equivalent to v3.3 by servers
2272 */
2273 if (vs->minor == 4 || vs->minor == 5)
2274 vs->minor = 3;
2275
2276 if (vs->minor == 3) {
2277 if (vs->vd->auth == VNC_AUTH_NONE) {
2278 VNC_DEBUG("Tell client auth none\n");
2279 vnc_write_u32(vs, vs->vd->auth);
2280 vnc_flush(vs);
2281 start_client_init(vs);
2282 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2283 VNC_DEBUG("Tell client VNC auth\n");
2284 vnc_write_u32(vs, vs->vd->auth);
2285 vnc_flush(vs);
2286 start_auth_vnc(vs);
2287 } else {
2288 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2289 vnc_write_u32(vs, VNC_AUTH_INVALID);
2290 vnc_flush(vs);
2291 vnc_client_error(vs);
2292 }
2293 } else {
2294 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2295 vnc_write_u8(vs, 1); /* num auth */
2296 vnc_write_u8(vs, vs->vd->auth);
2297 vnc_read_when(vs, protocol_client_auth, 1);
2298 vnc_flush(vs);
2299 }
2300
2301 return 0;
2302 }
2303
2304 static int vnc_refresh_server_surface(VncDisplay *vd)
2305 {
2306 int y;
2307 uint8_t *guest_row;
2308 uint8_t *server_row;
2309 int cmp_bytes;
2310 uint32_t width_mask[VNC_DIRTY_WORDS];
2311 VncState *vs;
2312 int has_dirty = 0;
2313
2314 /*
2315 * Walk through the guest dirty map.
2316 * Check and copy modified bits from guest to server surface.
2317 * Update server dirty map.
2318 */
2319 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2320 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2321 guest_row = vd->guest.ds->data;
2322 server_row = vd->server->data;
2323 for (y = 0; y < vd->guest.ds->height; y++) {
2324 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2325 int x;
2326 uint8_t *guest_ptr;
2327 uint8_t *server_ptr;
2328
2329 guest_ptr = guest_row;
2330 server_ptr = server_row;
2331
2332 for (x = 0; x < vd->guest.ds->width;
2333 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2334 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2335 continue;
2336 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2337 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2338 continue;
2339 memcpy(server_ptr, guest_ptr, cmp_bytes);
2340 QTAILQ_FOREACH(vs, &vd->clients, next) {
2341 vnc_set_bit(vs->dirty[y], (x / 16));
2342 }
2343 has_dirty++;
2344 }
2345 }
2346 guest_row += ds_get_linesize(vd->ds);
2347 server_row += ds_get_linesize(vd->ds);
2348 }
2349 return has_dirty;
2350 }
2351
2352 static void vnc_refresh(void *opaque)
2353 {
2354 VncDisplay *vd = opaque;
2355 VncState *vs, *vn;
2356 int has_dirty, rects = 0;
2357
2358 vga_hw_update();
2359
2360 has_dirty = vnc_refresh_server_surface(vd);
2361
2362 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2363 rects += vnc_update_client(vs, has_dirty);
2364 /* vs might be free()ed here */
2365 }
2366 /* vd->timer could be NULL now if the last client disconnected,
2367 * in this case don't update the timer */
2368 if (vd->timer == NULL)
2369 return;
2370
2371 if (has_dirty && rects) {
2372 vd->timer_interval /= 2;
2373 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2374 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2375 } else {
2376 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2377 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2378 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2379 }
2380 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2381 }
2382
2383 static void vnc_init_timer(VncDisplay *vd)
2384 {
2385 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2386 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2387 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2388 vnc_refresh(vd);
2389 }
2390 }
2391
2392 static void vnc_remove_timer(VncDisplay *vd)
2393 {
2394 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2395 qemu_del_timer(vd->timer);
2396 qemu_free_timer(vd->timer);
2397 vd->timer = NULL;
2398 }
2399 }
2400
2401 static void vnc_connect(VncDisplay *vd, int csock)
2402 {
2403 VncState *vs = qemu_mallocz(sizeof(VncState));
2404 vs->csock = csock;
2405
2406 VNC_DEBUG("New client on socket %d\n", csock);
2407 dcl->idle = 0;
2408 socket_set_nonblock(vs->csock);
2409 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2410
2411 vnc_client_cache_addr(vs);
2412 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2413
2414 vs->vd = vd;
2415 vs->ds = vd->ds;
2416 vs->last_x = -1;
2417 vs->last_y = -1;
2418
2419 vs->as.freq = 44100;
2420 vs->as.nchannels = 2;
2421 vs->as.fmt = AUD_FMT_S16;
2422 vs->as.endianness = 0;
2423
2424 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2425
2426 vga_hw_update();
2427
2428 vnc_write(vs, "RFB 003.008\n", 12);
2429 vnc_flush(vs);
2430 vnc_read_when(vs, protocol_version, 12);
2431 reset_keys(vs);
2432 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2433
2434 vnc_init_timer(vd);
2435
2436 /* vs might be free()ed here */
2437 }
2438
2439 static void vnc_listen_read(void *opaque)
2440 {
2441 VncDisplay *vs = opaque;
2442 struct sockaddr_in addr;
2443 socklen_t addrlen = sizeof(addr);
2444
2445 /* Catch-up */
2446 vga_hw_update();
2447
2448 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2449 if (csock != -1) {
2450 vnc_connect(vs, csock);
2451 }
2452 }
2453
2454 void vnc_display_init(DisplayState *ds)
2455 {
2456 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2457
2458 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2459
2460 ds->opaque = vs;
2461 dcl->idle = 1;
2462 vnc_display = vs;
2463
2464 vs->lsock = -1;
2465
2466 vs->ds = ds;
2467 QTAILQ_INIT(&vs->clients);
2468
2469 if (keyboard_layout)
2470 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2471 else
2472 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2473
2474 if (!vs->kbd_layout)
2475 exit(1);
2476
2477 dcl->dpy_copy = vnc_dpy_copy;
2478 dcl->dpy_update = vnc_dpy_update;
2479 dcl->dpy_resize = vnc_dpy_resize;
2480 dcl->dpy_setdata = vnc_dpy_setdata;
2481 register_displaychangelistener(ds, dcl);
2482 }
2483
2484
2485 void vnc_display_close(DisplayState *ds)
2486 {
2487 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2488
2489 if (!vs)
2490 return;
2491 if (vs->display) {
2492 qemu_free(vs->display);
2493 vs->display = NULL;
2494 }
2495 if (vs->lsock != -1) {
2496 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2497 close(vs->lsock);
2498 vs->lsock = -1;
2499 }
2500 vs->auth = VNC_AUTH_INVALID;
2501 #ifdef CONFIG_VNC_TLS
2502 vs->subauth = VNC_AUTH_INVALID;
2503 vs->tls.x509verify = 0;
2504 #endif
2505 }
2506
2507 int vnc_display_password(DisplayState *ds, const char *password)
2508 {
2509 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2510
2511 if (!vs) {
2512 return -1;
2513 }
2514
2515 if (vs->password) {
2516 qemu_free(vs->password);
2517 vs->password = NULL;
2518 }
2519 if (password && password[0]) {
2520 if (!(vs->password = qemu_strdup(password)))
2521 return -1;
2522 if (vs->auth == VNC_AUTH_NONE) {
2523 vs->auth = VNC_AUTH_VNC;
2524 }
2525 } else {
2526 vs->auth = VNC_AUTH_NONE;
2527 }
2528
2529 return 0;
2530 }
2531
2532 char *vnc_display_local_addr(DisplayState *ds)
2533 {
2534 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2535
2536 return vnc_socket_local_addr("%s:%s", vs->lsock);
2537 }
2538
2539 int vnc_display_open(DisplayState *ds, const char *display)
2540 {
2541 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2542 const char *options;
2543 int password = 0;
2544 int reverse = 0;
2545 #ifdef CONFIG_VNC_TLS
2546 int tls = 0, x509 = 0;
2547 #endif
2548 #ifdef CONFIG_VNC_SASL
2549 int sasl = 0;
2550 int saslErr;
2551 #endif
2552 int acl = 0;
2553
2554 if (!vnc_display)
2555 return -1;
2556 vnc_display_close(ds);
2557 if (strcmp(display, "none") == 0)
2558 return 0;
2559
2560 if (!(vs->display = strdup(display)))
2561 return -1;
2562
2563 options = display;
2564 while ((options = strchr(options, ','))) {
2565 options++;
2566 if (strncmp(options, "password", 8) == 0) {
2567 password = 1; /* Require password auth */
2568 } else if (strncmp(options, "reverse", 7) == 0) {
2569 reverse = 1;
2570 #ifdef CONFIG_VNC_SASL
2571 } else if (strncmp(options, "sasl", 4) == 0) {
2572 sasl = 1; /* Require SASL auth */
2573 #endif
2574 #ifdef CONFIG_VNC_TLS
2575 } else if (strncmp(options, "tls", 3) == 0) {
2576 tls = 1; /* Require TLS */
2577 } else if (strncmp(options, "x509", 4) == 0) {
2578 char *start, *end;
2579 x509 = 1; /* Require x509 certificates */
2580 if (strncmp(options, "x509verify", 10) == 0)
2581 vs->tls.x509verify = 1; /* ...and verify client certs */
2582
2583 /* Now check for 'x509=/some/path' postfix
2584 * and use that to setup x509 certificate/key paths */
2585 start = strchr(options, '=');
2586 end = strchr(options, ',');
2587 if (start && (!end || (start < end))) {
2588 int len = end ? end-(start+1) : strlen(start+1);
2589 char *path = qemu_strndup(start + 1, len);
2590
2591 VNC_DEBUG("Trying certificate path '%s'\n", path);
2592 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2593 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2594 qemu_free(path);
2595 qemu_free(vs->display);
2596 vs->display = NULL;
2597 return -1;
2598 }
2599 qemu_free(path);
2600 } else {
2601 fprintf(stderr, "No certificate path provided\n");
2602 qemu_free(vs->display);
2603 vs->display = NULL;
2604 return -1;
2605 }
2606 #endif
2607 } else if (strncmp(options, "acl", 3) == 0) {
2608 acl = 1;
2609 }
2610 }
2611
2612 #ifdef CONFIG_VNC_TLS
2613 if (acl && x509 && vs->tls.x509verify) {
2614 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2615 fprintf(stderr, "Failed to create x509 dname ACL\n");
2616 exit(1);
2617 }
2618 }
2619 #endif
2620 #ifdef CONFIG_VNC_SASL
2621 if (acl && sasl) {
2622 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2623 fprintf(stderr, "Failed to create username ACL\n");
2624 exit(1);
2625 }
2626 }
2627 #endif
2628
2629 /*
2630 * Combinations we support here:
2631 *
2632 * - no-auth (clear text, no auth)
2633 * - password (clear text, weak auth)
2634 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2635 * - tls (encrypt, weak anonymous creds, no auth)
2636 * - tls + password (encrypt, weak anonymous creds, weak auth)
2637 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2638 * - tls + x509 (encrypt, good x509 creds, no auth)
2639 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2640 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2641 *
2642 * NB1. TLS is a stackable auth scheme.
2643 * NB2. the x509 schemes have option to validate a client cert dname
2644 */
2645 if (password) {
2646 #ifdef CONFIG_VNC_TLS
2647 if (tls) {
2648 vs->auth = VNC_AUTH_VENCRYPT;
2649 if (x509) {
2650 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2651 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2652 } else {
2653 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2654 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2655 }
2656 } else {
2657 #endif /* CONFIG_VNC_TLS */
2658 VNC_DEBUG("Initializing VNC server with password auth\n");
2659 vs->auth = VNC_AUTH_VNC;
2660 #ifdef CONFIG_VNC_TLS
2661 vs->subauth = VNC_AUTH_INVALID;
2662 }
2663 #endif /* CONFIG_VNC_TLS */
2664 #ifdef CONFIG_VNC_SASL
2665 } else if (sasl) {
2666 #ifdef CONFIG_VNC_TLS
2667 if (tls) {
2668 vs->auth = VNC_AUTH_VENCRYPT;
2669 if (x509) {
2670 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2671 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2672 } else {
2673 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2674 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2675 }
2676 } else {
2677 #endif /* CONFIG_VNC_TLS */
2678 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2679 vs->auth = VNC_AUTH_SASL;
2680 #ifdef CONFIG_VNC_TLS
2681 vs->subauth = VNC_AUTH_INVALID;
2682 }
2683 #endif /* CONFIG_VNC_TLS */
2684 #endif /* CONFIG_VNC_SASL */
2685 } else {
2686 #ifdef CONFIG_VNC_TLS
2687 if (tls) {
2688 vs->auth = VNC_AUTH_VENCRYPT;
2689 if (x509) {
2690 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2691 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2692 } else {
2693 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2694 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2695 }
2696 } else {
2697 #endif
2698 VNC_DEBUG("Initializing VNC server with no auth\n");
2699 vs->auth = VNC_AUTH_NONE;
2700 #ifdef CONFIG_VNC_TLS
2701 vs->subauth = VNC_AUTH_INVALID;
2702 }
2703 #endif
2704 }
2705
2706 #ifdef CONFIG_VNC_SASL
2707 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2708 fprintf(stderr, "Failed to initialize SASL auth %s",
2709 sasl_errstring(saslErr, NULL, NULL));
2710 free(vs->display);
2711 vs->display = NULL;
2712 return -1;
2713 }
2714 #endif
2715
2716 if (reverse) {
2717 /* connect to viewer */
2718 if (strncmp(display, "unix:", 5) == 0)
2719 vs->lsock = unix_connect(display+5);
2720 else
2721 vs->lsock = inet_connect(display, SOCK_STREAM);
2722 if (-1 == vs->lsock) {
2723 free(vs->display);
2724 vs->display = NULL;
2725 return -1;
2726 } else {
2727 int csock = vs->lsock;
2728 vs->lsock = -1;
2729 vnc_connect(vs, csock);
2730 }
2731 return 0;
2732
2733 } else {
2734 /* listen for connects */
2735 char *dpy;
2736 dpy = qemu_malloc(256);
2737 if (strncmp(display, "unix:", 5) == 0) {
2738 pstrcpy(dpy, 256, "unix:");
2739 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2740 } else {
2741 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2742 }
2743 if (-1 == vs->lsock) {
2744 free(dpy);
2745 return -1;
2746 } else {
2747 free(vs->display);
2748 vs->display = dpy;
2749 }
2750 }
2751 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2752 }
Anthony Liguori's QEMU queue