search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix VGA issue introduced by r6349
[qemu/mini2440.git] / vnc.c
bloba4fad9583087fcd4dd4cf5627d5f1ba6b1e8010a
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
34
35 #include "vnc_keysym.h"
36 #include "d3des.h"
37
38 #define count_bits(c, v) { \
39 for (c = 0; v; v >>= 1) \
40 { \
41 c += v & 1; \
42 } \
43 }
44
45
46 static VncDisplay *vnc_display; /* needed for info vnc */
47 static DisplayChangeListener *dcl;
48
49 static char *addr_to_string(const char *format,
50 struct sockaddr_storage *sa,
51 socklen_t salen) {
52 char *addr;
53 char host[NI_MAXHOST];
54 char serv[NI_MAXSERV];
55 int err;
56 size_t addrlen;
57
58 if ((err = getnameinfo((struct sockaddr *)sa, salen,
59 host, sizeof(host),
60 serv, sizeof(serv),
61 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
62 VNC_DEBUG("Cannot resolve address %d: %s\n",
63 err, gai_strerror(err));
64 return NULL;
65 }
66
67 /* Enough for the existing format + the 2 vars we're
68 * subsituting in. */
69 addrlen = strlen(format) + strlen(host) + strlen(serv);
70 addr = qemu_malloc(addrlen + 1);
71 snprintf(addr, addrlen, format, host, serv);
72 addr[addrlen] = '\0';
73
74 return addr;
75 }
76
77
78 char *vnc_socket_local_addr(const char *format, int fd) {
79 struct sockaddr_storage sa;
80 socklen_t salen;
81
82 salen = sizeof(sa);
83 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
84 return NULL;
85
86 return addr_to_string(format, &sa, salen);
87 }
88
89
90 char *vnc_socket_remote_addr(const char *format, int fd) {
91 struct sockaddr_storage sa;
92 socklen_t salen;
93
94 salen = sizeof(sa);
95 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
96 return NULL;
97
98 return addr_to_string(format, &sa, salen);
99 }
100
101 static const char *vnc_auth_name(VncDisplay *vd) {
102 switch (vd->auth) {
103 case VNC_AUTH_INVALID:
104 return "invalid";
105 case VNC_AUTH_NONE:
106 return "none";
107 case VNC_AUTH_VNC:
108 return "vnc";
109 case VNC_AUTH_RA2:
110 return "ra2";
111 case VNC_AUTH_RA2NE:
112 return "ra2ne";
113 case VNC_AUTH_TIGHT:
114 return "tight";
115 case VNC_AUTH_ULTRA:
116 return "ultra";
117 case VNC_AUTH_TLS:
118 return "tls";
119 case VNC_AUTH_VENCRYPT:
120 #ifdef CONFIG_VNC_TLS
121 switch (vd->subauth) {
122 case VNC_AUTH_VENCRYPT_PLAIN:
123 return "vencrypt+plain";
124 case VNC_AUTH_VENCRYPT_TLSNONE:
125 return "vencrypt+tls+none";
126 case VNC_AUTH_VENCRYPT_TLSVNC:
127 return "vencrypt+tls+vnc";
128 case VNC_AUTH_VENCRYPT_TLSPLAIN:
129 return "vencrypt+tls+plain";
130 case VNC_AUTH_VENCRYPT_X509NONE:
131 return "vencrypt+x509+none";
132 case VNC_AUTH_VENCRYPT_X509VNC:
133 return "vencrypt+x509+vnc";
134 case VNC_AUTH_VENCRYPT_X509PLAIN:
135 return "vencrypt+x509+plain";
136 case VNC_AUTH_VENCRYPT_TLSSASL:
137 return "vencrypt+tls+sasl";
138 case VNC_AUTH_VENCRYPT_X509SASL:
139 return "vencrypt+x509+sasl";
140 default:
141 return "vencrypt";
142 }
143 #else
144 return "vencrypt";
145 #endif
146 case VNC_AUTH_SASL:
147 return "sasl";
148 }
149 return "unknown";
150 }
151
152 static void do_info_vnc_client(Monitor *mon, VncState *client)
153 {
154 char *clientAddr =
155 vnc_socket_remote_addr(" address: %s:%s\n",
156 client->csock);
157 if (!clientAddr)
158 return;
159
160 monitor_printf(mon, "Client:\n");
161 monitor_printf(mon, "%s", clientAddr);
162 free(clientAddr);
163
164 #ifdef CONFIG_VNC_TLS
165 if (client->tls.session &&
166 client->tls.dname)
167 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
168 else
169 monitor_printf(mon, " x509 dname: none\n");
170 #endif
171 #ifdef CONFIG_VNC_SASL
172 if (client->sasl.conn &&
173 client->sasl.username)
174 monitor_printf(mon, " username: %s\n", client->sasl.username);
175 else
176 monitor_printf(mon, " username: none\n");
177 #endif
178 }
179
180 void do_info_vnc(Monitor *mon)
181 {
182 if (vnc_display == NULL || vnc_display->display == NULL) {
183 monitor_printf(mon, "Server: disabled\n");
184 } else {
185 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
186 vnc_display->lsock);
187
188 if (!serverAddr)
189 return;
190
191 monitor_printf(mon, "Server:\n");
192 monitor_printf(mon, "%s", serverAddr);
193 free(serverAddr);
194 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
195
196 if (vnc_display->clients) {
197 VncState *client = vnc_display->clients;
198 while (client) {
199 do_info_vnc_client(mon, client);
200 client = client->next;
201 }
202 } else {
203 monitor_printf(mon, "Client: none\n");
204 }
205 }
206 }
207
208 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
209 return (vs->features & (1 << feature));
210 }
211
212 /* TODO
213 1) Get the queue working for IO.
214 2) there is some weirdness when using the -S option (the screen is grey
215 and not totally invalidated
216 3) resolutions > 1024
217 */
218
219 static void vnc_update_client(void *opaque);
220
221 static void vnc_colordepth(VncState *vs);
222
223 static inline void vnc_set_bit(uint32_t *d, int k)
224 {
225 d[k >> 5] |= 1 << (k & 0x1f);
226 }
227
228 static inline void vnc_clear_bit(uint32_t *d, int k)
229 {
230 d[k >> 5] &= ~(1 << (k & 0x1f));
231 }
232
233 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
234 {
235 int j;
236
237 j = 0;
238 while (n >= 32) {
239 d[j++] = -1;
240 n -= 32;
241 }
242 if (n > 0)
243 d[j++] = (1 << n) - 1;
244 while (j < nb_words)
245 d[j++] = 0;
246 }
247
248 static inline int vnc_get_bit(const uint32_t *d, int k)
249 {
250 return (d[k >> 5] >> (k & 0x1f)) & 1;
251 }
252
253 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
254 int nb_words)
255 {
256 int i;
257 for(i = 0; i < nb_words; i++) {
258 if ((d1[i] & d2[i]) != 0)
259 return 1;
260 }
261 return 0;
262 }
263
264 static void vnc_update(VncState *vs, int x, int y, int w, int h)
265 {
266 int i;
267
268 h += y;
269
270 /* round x down to ensure the loop only spans one 16-pixel block per,
271 iteration. otherwise, if (x % 16) != 0, the last iteration may span
272 two 16-pixel blocks but we only mark the first as dirty
273 */
274 w += (x % 16);
275 x -= (x % 16);
276
277 x = MIN(x, vs->serverds.width);
278 y = MIN(y, vs->serverds.height);
279 w = MIN(x + w, vs->serverds.width) - x;
280 h = MIN(h, vs->serverds.height);
281
282 for (; y < h; y++)
283 for (i = 0; i < w; i += 16)
284 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
285 }
286
287 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
288 {
289 VncDisplay *vd = ds->opaque;
290 VncState *vs = vd->clients;
291 while (vs != NULL) {
292 vnc_update(vs, x, y, w, h);
293 vs = vs->next;
294 }
295 }
296
297 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
298 int32_t encoding)
299 {
300 vnc_write_u16(vs, x);
301 vnc_write_u16(vs, y);
302 vnc_write_u16(vs, w);
303 vnc_write_u16(vs, h);
304
305 vnc_write_s32(vs, encoding);
306 }
307
308 void buffer_reserve(Buffer *buffer, size_t len)
309 {
310 if ((buffer->capacity - buffer->offset) < len) {
311 buffer->capacity += (len + 1024);
312 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
313 if (buffer->buffer == NULL) {
314 fprintf(stderr, "vnc: out of memory\n");
315 exit(1);
316 }
317 }
318 }
319
320 int buffer_empty(Buffer *buffer)
321 {
322 return buffer->offset == 0;
323 }
324
325 uint8_t *buffer_end(Buffer *buffer)
326 {
327 return buffer->buffer + buffer->offset;
328 }
329
330 void buffer_reset(Buffer *buffer)
331 {
332 buffer->offset = 0;
333 }
334
335 void buffer_append(Buffer *buffer, const void *data, size_t len)
336 {
337 memcpy(buffer->buffer + buffer->offset, data, len);
338 buffer->offset += len;
339 }
340
341 static void vnc_resize(VncState *vs)
342 {
343 DisplayState *ds = vs->ds;
344
345 int size_changed;
346
347 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
348
349 if (vs->old_data == NULL) {
350 fprintf(stderr, "vnc: memory allocation failed\n");
351 exit(1);
352 }
353
354 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
355 console_color_init(ds);
356 vnc_colordepth(vs);
357 size_changed = ds_get_width(ds) != vs->serverds.width ||
358 ds_get_height(ds) != vs->serverds.height;
359 vs->serverds = *(ds->surface);
360 if (size_changed) {
361 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
362 vnc_write_u8(vs, 0); /* msg id */
363 vnc_write_u8(vs, 0);
364 vnc_write_u16(vs, 1); /* number of rects */
365 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
366 VNC_ENCODING_DESKTOPRESIZE);
367 vnc_flush(vs);
368 }
369 }
370
371 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
372 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
373 }
374
375 static void vnc_dpy_resize(DisplayState *ds)
376 {
377 VncDisplay *vd = ds->opaque;
378 VncState *vs = vd->clients;
379 while (vs != NULL) {
380 vnc_resize(vs);
381 vs = vs->next;
382 }
383 }
384
385 /* fastest code */
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
387 {
388 vnc_write(vs, pixels, size);
389 }
390
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
393 {
394 uint8_t r, g, b;
395
396 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
397 vs->serverds.pf.rbits);
398 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
399 vs->serverds.pf.gbits);
400 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
401 vs->serverds.pf.bbits);
402 v = (r << vs->clientds.pf.rshift) |
403 (g << vs->clientds.pf.gshift) |
404 (b << vs->clientds.pf.bshift);
405 switch(vs->clientds.pf.bytes_per_pixel) {
406 case 1:
407 buf[0] = v;
408 break;
409 case 2:
410 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
411 buf[0] = v >> 8;
412 buf[1] = v;
413 } else {
414 buf[1] = v >> 8;
415 buf[0] = v;
416 }
417 break;
418 default:
419 case 4:
420 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
421 buf[0] = v >> 24;
422 buf[1] = v >> 16;
423 buf[2] = v >> 8;
424 buf[3] = v;
425 } else {
426 buf[3] = v >> 24;
427 buf[2] = v >> 16;
428 buf[1] = v >> 8;
429 buf[0] = v;
430 }
431 break;
432 }
433 }
434
435 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
436 {
437 uint8_t buf[4];
438
439 if (vs->serverds.pf.bytes_per_pixel == 4) {
440 uint32_t *pixels = pixels1;
441 int n, i;
442 n = size >> 2;
443 for(i = 0; i < n; i++) {
444 vnc_convert_pixel(vs, buf, pixels[i]);
445 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
446 }
447 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
448 uint16_t *pixels = pixels1;
449 int n, i;
450 n = size >> 1;
451 for(i = 0; i < n; i++) {
452 vnc_convert_pixel(vs, buf, pixels[i]);
453 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
454 }
455 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
456 uint8_t *pixels = pixels1;
457 int n, i;
458 n = size;
459 for(i = 0; i < n; i++) {
460 vnc_convert_pixel(vs, buf, pixels[i]);
461 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
462 }
463 } else {
464 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
465 }
466 }
467
468 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
469 {
470 int i;
471 uint8_t *row;
472
473 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
474 for (i = 0; i < h; i++) {
475 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
476 row += ds_get_linesize(vs->ds);
477 }
478 }
479
480 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
481 {
482 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
483 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
484 }
485
486 #define BPP 8
487 #include "vnchextile.h"
488 #undef BPP
489
490 #define BPP 16
491 #include "vnchextile.h"
492 #undef BPP
493
494 #define BPP 32
495 #include "vnchextile.h"
496 #undef BPP
497
498 #define GENERIC
499 #define BPP 8
500 #include "vnchextile.h"
501 #undef BPP
502 #undef GENERIC
503
504 #define GENERIC
505 #define BPP 16
506 #include "vnchextile.h"
507 #undef BPP
508 #undef GENERIC
509
510 #define GENERIC
511 #define BPP 32
512 #include "vnchextile.h"
513 #undef BPP
514 #undef GENERIC
515
516 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
517 {
518 int i, j;
519 int has_fg, has_bg;
520 uint8_t *last_fg, *last_bg;
521
522 last_fg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
523 last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
524 has_fg = has_bg = 0;
525 for (j = y; j < (y + h); j += 16) {
526 for (i = x; i < (x + w); i += 16) {
527 vs->send_hextile_tile(vs, i, j,
528 MIN(16, x + w - i), MIN(16, y + h - j),
529 last_bg, last_fg, &has_bg, &has_fg);
530 }
531 }
532 free(last_fg);
533 free(last_bg);
534
535 }
536
537 static void vnc_zlib_init(VncState *vs)
538 {
539 int i;
540 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
541 vs->zlib_stream[i].opaque = NULL;
542 }
543
544 static void vnc_zlib_start(VncState *vs)
545 {
546 buffer_reset(&vs->zlib);
547
548 // make the output buffer be the zlib buffer, so we can compress it later
549 vs->zlib_tmp = vs->output;
550 vs->output = vs->zlib;
551 }
552
553 static int vnc_zlib_stop(VncState *vs, int stream_id)
554 {
555 z_streamp zstream = &vs->zlib_stream[stream_id];
556 int previous_out;
557
558 // switch back to normal output/zlib buffers
559 vs->zlib = vs->output;
560 vs->output = vs->zlib_tmp;
561
562 // compress the zlib buffer
563
564 // initialize the stream
565 // XXX need one stream per session
566 if (zstream->opaque != vs) {
567 int err;
568
569 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
570 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
571 zstream->zalloc = Z_NULL;
572 zstream->zfree = Z_NULL;
573
574 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
575 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
576
577 if (err != Z_OK) {
578 fprintf(stderr, "VNC: error initializing zlib\n");
579 return -1;
580 }
581
582 zstream->opaque = vs;
583 }
584
585 // XXX what to do if tight_compression changed in between?
586
587 // reserve memory in output buffer
588 buffer_reserve(&vs->output, vs->zlib.offset + 64);
589
590 // set pointers
591 zstream->next_in = vs->zlib.buffer;
592 zstream->avail_in = vs->zlib.offset;
593 zstream->next_out = vs->output.buffer + vs->output.offset;
594 zstream->avail_out = vs->output.capacity - vs->output.offset;
595 zstream->data_type = Z_BINARY;
596 previous_out = zstream->total_out;
597
598 // start encoding
599 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
600 fprintf(stderr, "VNC: error during zlib compression\n");
601 return -1;
602 }
603
604 vs->output.offset = vs->output.capacity - zstream->avail_out;
605 return zstream->total_out - previous_out;
606 }
607
608 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
609 {
610 int old_offset, new_offset, bytes_written;
611
612 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
613
614 // remember where we put in the follow-up size
615 old_offset = vs->output.offset;
616 vnc_write_s32(vs, 0);
617
618 // compress the stream
619 vnc_zlib_start(vs);
620 send_framebuffer_update_raw(vs, x, y, w, h);
621 bytes_written = vnc_zlib_stop(vs, 0);
622
623 if (bytes_written == -1)
624 return;
625
626 // hack in the size
627 new_offset = vs->output.offset;
628 vs->output.offset = old_offset;
629 vnc_write_u32(vs, bytes_written);
630 vs->output.offset = new_offset;
631 }
632
633 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
634 {
635 switch(vs->vnc_encoding) {
636 case VNC_ENCODING_ZLIB:
637 send_framebuffer_update_zlib(vs, x, y, w, h);
638 break;
639 case VNC_ENCODING_HEXTILE:
640 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
641 send_framebuffer_update_hextile(vs, x, y, w, h);
642 break;
643 default:
644 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
645 send_framebuffer_update_raw(vs, x, y, w, h);
646 break;
647 }
648 }
649
650 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
651 {
652 vnc_update_client(vs);
653
654 vnc_write_u8(vs, 0); /* msg id */
655 vnc_write_u8(vs, 0);
656 vnc_write_u16(vs, 1); /* number of rects */
657 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
658 vnc_write_u16(vs, src_x);
659 vnc_write_u16(vs, src_y);
660 vnc_flush(vs);
661 }
662
663 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
664 {
665 VncDisplay *vd = ds->opaque;
666 VncState *vs = vd->clients;
667 while (vs != NULL) {
668 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
669 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
670 else /* TODO */
671 vnc_update(vs, dst_x, dst_y, w, h);
672 vs = vs->next;
673 }
674 }
675
676 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
677 {
678 int h;
679
680 for (h = 1; h < (vs->serverds.height - y); h++) {
681 int tmp_x;
682 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
683 break;
684 for (tmp_x = last_x; tmp_x < x; tmp_x++)
685 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
686 }
687
688 return h;
689 }
690
691 static void vnc_update_client(void *opaque)
692 {
693 VncState *vs = opaque;
694 if (vs->need_update && vs->csock != -1) {
695 int y;
696 uint8_t *row;
697 char *old_row;
698 uint32_t width_mask[VNC_DIRTY_WORDS];
699 int n_rectangles;
700 int saved_offset;
701 int has_dirty = 0;
702
703 vga_hw_update();
704
705 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
706
707 /* Walk through the dirty map and eliminate tiles that
708 really aren't dirty */
709 row = ds_get_data(vs->ds);
710 old_row = vs->old_data;
711
712 for (y = 0; y < ds_get_height(vs->ds); y++) {
713 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
714 int x;
715 uint8_t *ptr;
716 char *old_ptr;
717
718 ptr = row;
719 old_ptr = (char*)old_row;
720
721 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
722 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
723 vnc_clear_bit(vs->dirty_row[y], (x / 16));
724 } else {
725 has_dirty = 1;
726 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
727 }
728
729 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
730 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
731 }
732 }
733
734 row += ds_get_linesize(vs->ds);
735 old_row += ds_get_linesize(vs->ds);
736 }
737
738 if (!has_dirty && !vs->audio_cap) {
739 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
740 return;
741 }
742
743 /* Count rectangles */
744 n_rectangles = 0;
745 vnc_write_u8(vs, 0); /* msg id */
746 vnc_write_u8(vs, 0);
747 saved_offset = vs->output.offset;
748 vnc_write_u16(vs, 0);
749
750 for (y = 0; y < vs->serverds.height; y++) {
751 int x;
752 int last_x = -1;
753 for (x = 0; x < vs->serverds.width / 16; x++) {
754 if (vnc_get_bit(vs->dirty_row[y], x)) {
755 if (last_x == -1) {
756 last_x = x;
757 }
758 vnc_clear_bit(vs->dirty_row[y], x);
759 } else {
760 if (last_x != -1) {
761 int h = find_dirty_height(vs, y, last_x, x);
762 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
763 n_rectangles++;
764 }
765 last_x = -1;
766 }
767 }
768 if (last_x != -1) {
769 int h = find_dirty_height(vs, y, last_x, x);
770 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
771 n_rectangles++;
772 }
773 }
774 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
775 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
776 vnc_flush(vs);
777
778 }
779
780 if (vs->csock != -1) {
781 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
782 }
783
784 }
785
786 /* audio */
787 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
788 {
789 VncState *vs = opaque;
790
791 switch (cmd) {
792 case AUD_CNOTIFY_DISABLE:
793 vnc_write_u8(vs, 255);
794 vnc_write_u8(vs, 1);
795 vnc_write_u16(vs, 0);
796 vnc_flush(vs);
797 break;
798
799 case AUD_CNOTIFY_ENABLE:
800 vnc_write_u8(vs, 255);
801 vnc_write_u8(vs, 1);
802 vnc_write_u16(vs, 1);
803 vnc_flush(vs);
804 break;
805 }
806 }
807
808 static void audio_capture_destroy(void *opaque)
809 {
810 }
811
812 static void audio_capture(void *opaque, void *buf, int size)
813 {
814 VncState *vs = opaque;
815
816 vnc_write_u8(vs, 255);
817 vnc_write_u8(vs, 1);
818 vnc_write_u16(vs, 2);
819 vnc_write_u32(vs, size);
820 vnc_write(vs, buf, size);
821 vnc_flush(vs);
822 }
823
824 static void audio_add(VncState *vs)
825 {
826 Monitor *mon = cur_mon;
827 struct audio_capture_ops ops;
828
829 if (vs->audio_cap) {
830 monitor_printf(mon, "audio already running\n");
831 return;
832 }
833
834 ops.notify = audio_capture_notify;
835 ops.destroy = audio_capture_destroy;
836 ops.capture = audio_capture;
837
838 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
839 if (!vs->audio_cap) {
840 monitor_printf(mon, "Failed to add audio capture\n");
841 }
842 }
843
844 static void audio_del(VncState *vs)
845 {
846 if (vs->audio_cap) {
847 AUD_del_capture(vs->audio_cap, vs);
848 vs->audio_cap = NULL;
849 }
850 }
851
852
853 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
854 {
855 if (ret == 0 || ret == -1) {
856 if (ret == -1) {
857 switch (last_errno) {
858 case EINTR:
859 case EAGAIN:
860 #ifdef _WIN32
861 case WSAEWOULDBLOCK:
862 #endif
863 return 0;
864 default:
865 break;
866 }
867 }
868
869 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
870 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
871 closesocket(vs->csock);
872 qemu_del_timer(vs->timer);
873 qemu_free_timer(vs->timer);
874 if (vs->input.buffer) qemu_free(vs->input.buffer);
875 if (vs->output.buffer) qemu_free(vs->output.buffer);
876 #ifdef CONFIG_VNC_TLS
877 vnc_tls_client_cleanup(vs);
878 #endif /* CONFIG_VNC_TLS */
879 #ifdef CONFIG_VNC_SASL
880 vnc_sasl_client_cleanup(vs);
881 #endif /* CONFIG_VNC_SASL */
882 audio_del(vs);
883
884 VncState *p, *parent = NULL;
885 for (p = vs->vd->clients; p != NULL; p = p->next) {
886 if (p == vs) {
887 if (parent)
888 parent->next = p->next;
889 else
890 vs->vd->clients = p->next;
891 break;
892 }
893 parent = p;
894 }
895 if (!vs->vd->clients)
896 dcl->idle = 1;
897
898 qemu_free(vs->old_data);
899 qemu_free(vs);
900
901 return 0;
902 }
903 return ret;
904 }
905
906
907 void vnc_client_error(VncState *vs)
908 {
909 vnc_client_io_error(vs, -1, EINVAL);
910 }
911
912
913 /*
914 * Called to write a chunk of data to the client socket. The data may
915 * be the raw data, or may have already been encoded by SASL.
916 * The data will be written either straight onto the socket, or
917 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
918 *
919 * NB, it is theoretically possible to have 2 layers of encryption,
920 * both SASL, and this TLS layer. It is highly unlikely in practice
921 * though, since SASL encryption will typically be a no-op if TLS
922 * is active
923 *
924 * Returns the number of bytes written, which may be less than
925 * the requested 'datalen' if the socket would block. Returns
926 * -1 on error, and disconnects the client socket.
927 */
928 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
929 {
930 long ret;
931 #ifdef CONFIG_VNC_TLS
932 if (vs->tls.session) {
933 ret = gnutls_write(vs->tls.session, data, datalen);
934 if (ret < 0) {
935 if (ret == GNUTLS_E_AGAIN)
936 errno = EAGAIN;
937 else
938 errno = EIO;
939 ret = -1;
940 }
941 } else
942 #endif /* CONFIG_VNC_TLS */
943 ret = send(vs->csock, data, datalen, 0);
944 VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
945 return vnc_client_io_error(vs, ret, socket_error());
946 }
947
948
949 /*
950 * Called to write buffered data to the client socket, when not
951 * using any SASL SSF encryption layers. Will write as much data
952 * as possible without blocking. If all buffered data is written,
953 * will switch the FD poll() handler back to read monitoring.
954 *
955 * Returns the number of bytes written, which may be less than
956 * the buffered output data if the socket would block. Returns
957 * -1 on error, and disconnects the client socket.
958 */
959 static long vnc_client_write_plain(VncState *vs)
960 {
961 long ret;
962
963 #ifdef CONFIG_VNC_SASL
964 VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
965 vs->output.buffer, vs->output.capacity, vs->output.offset,
966 vs->sasl.waitWriteSSF);
967
968 if (vs->sasl.conn &&
969 vs->sasl.runSSF &&
970 vs->sasl.waitWriteSSF) {
971 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
972 if (ret)
973 vs->sasl.waitWriteSSF -= ret;
974 } else
975 #endif /* CONFIG_VNC_SASL */
976 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
977 if (!ret)
978 return 0;
979
980 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
981 vs->output.offset -= ret;
982
983 if (vs->output.offset == 0) {
984 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
985 }
986
987 return ret;
988 }
989
990
991 /*
992 * First function called whenever there is data to be written to
993 * the client socket. Will delegate actual work according to whether
994 * SASL SSF layers are enabled (thus requiring encryption calls)
995 */
996 void vnc_client_write(void *opaque)
997 {
998 long ret;
999 VncState *vs = opaque;
1000
1001 #ifdef CONFIG_VNC_SASL
1002 if (vs->sasl.conn &&
1003 vs->sasl.runSSF &&
1004 !vs->sasl.waitWriteSSF)
1005 ret = vnc_client_write_sasl(vs);
1006 else
1007 #endif /* CONFIG_VNC_SASL */
1008 ret = vnc_client_write_plain(vs);
1009 }
1010
1011 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1012 {
1013 vs->read_handler = func;
1014 vs->read_handler_expect = expecting;
1015 }
1016
1017
1018 /*
1019 * Called to read a chunk of data from the client socket. The data may
1020 * be the raw data, or may need to be further decoded by SASL.
1021 * The data will be read either straight from to the socket, or
1022 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1023 *
1024 * NB, it is theoretically possible to have 2 layers of encryption,
1025 * both SASL, and this TLS layer. It is highly unlikely in practice
1026 * though, since SASL encryption will typically be a no-op if TLS
1027 * is active
1028 *
1029 * Returns the number of bytes read, which may be less than
1030 * the requested 'datalen' if the socket would block. Returns
1031 * -1 on error, and disconnects the client socket.
1032 */
1033 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1034 {
1035 long ret;
1036 #ifdef CONFIG_VNC_TLS
1037 if (vs->tls.session) {
1038 ret = gnutls_read(vs->tls.session, data, datalen);
1039 if (ret < 0) {
1040 if (ret == GNUTLS_E_AGAIN)
1041 errno = EAGAIN;
1042 else
1043 errno = EIO;
1044 ret = -1;
1045 }
1046 } else
1047 #endif /* CONFIG_VNC_TLS */
1048 ret = recv(vs->csock, data, datalen, 0);
1049 VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
1050 return vnc_client_io_error(vs, ret, socket_error());
1051 }
1052
1053
1054 /*
1055 * Called to read data from the client socket to the input buffer,
1056 * when not using any SASL SSF encryption layers. Will read as much
1057 * data as possible without blocking.
1058 *
1059 * Returns the number of bytes read. Returns -1 on error, and
1060 * disconnects the client socket.
1061 */
1062 static long vnc_client_read_plain(VncState *vs)
1063 {
1064 int ret;
1065 VNC_DEBUG("Read plain %p size %d offset %d\n",
1066 vs->input.buffer, vs->input.capacity, vs->input.offset);
1067 buffer_reserve(&vs->input, 4096);
1068 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1069 if (!ret)
1070 return 0;
1071 vs->input.offset += ret;
1072 return ret;
1073 }
1074
1075
1076 /*
1077 * First function called whenever there is more data to be read from
1078 * the client socket. Will delegate actual work according to whether
1079 * SASL SSF layers are enabled (thus requiring decryption calls)
1080 */
1081 void vnc_client_read(void *opaque)
1082 {
1083 VncState *vs = opaque;
1084 long ret;
1085
1086 #ifdef CONFIG_VNC_SASL
1087 if (vs->sasl.conn && vs->sasl.runSSF)
1088 ret = vnc_client_read_sasl(vs);
1089 else
1090 #endif /* CONFIG_VNC_SASL */
1091 ret = vnc_client_read_plain(vs);
1092 if (!ret)
1093 return;
1094
1095 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1096 size_t len = vs->read_handler_expect;
1097 int ret;
1098
1099 ret = vs->read_handler(vs, vs->input.buffer, len);
1100 if (vs->csock == -1)
1101 return;
1102
1103 if (!ret) {
1104 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1105 vs->input.offset -= len;
1106 } else {
1107 vs->read_handler_expect = ret;
1108 }
1109 }
1110 }
1111
1112 void vnc_write(VncState *vs, const void *data, size_t len)
1113 {
1114 buffer_reserve(&vs->output, len);
1115
1116 if (buffer_empty(&vs->output)) {
1117 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1118 }
1119
1120 buffer_append(&vs->output, data, len);
1121 }
1122
1123 void vnc_write_s32(VncState *vs, int32_t value)
1124 {
1125 vnc_write_u32(vs, *(uint32_t *)&value);
1126 }
1127
1128 void vnc_write_u32(VncState *vs, uint32_t value)
1129 {
1130 uint8_t buf[4];
1131
1132 buf[0] = (value >> 24) & 0xFF;
1133 buf[1] = (value >> 16) & 0xFF;
1134 buf[2] = (value >> 8) & 0xFF;
1135 buf[3] = value & 0xFF;
1136
1137 vnc_write(vs, buf, 4);
1138 }
1139
1140 void vnc_write_u16(VncState *vs, uint16_t value)
1141 {
1142 uint8_t buf[2];
1143
1144 buf[0] = (value >> 8) & 0xFF;
1145 buf[1] = value & 0xFF;
1146
1147 vnc_write(vs, buf, 2);
1148 }
1149
1150 void vnc_write_u8(VncState *vs, uint8_t value)
1151 {
1152 vnc_write(vs, (char *)&value, 1);
1153 }
1154
1155 void vnc_flush(VncState *vs)
1156 {
1157 if (vs->output.offset)
1158 vnc_client_write(vs);
1159 }
1160
1161 uint8_t read_u8(uint8_t *data, size_t offset)
1162 {
1163 return data[offset];
1164 }
1165
1166 uint16_t read_u16(uint8_t *data, size_t offset)
1167 {
1168 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1169 }
1170
1171 int32_t read_s32(uint8_t *data, size_t offset)
1172 {
1173 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1174 (data[offset + 2] << 8) | data[offset + 3]);
1175 }
1176
1177 uint32_t read_u32(uint8_t *data, size_t offset)
1178 {
1179 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1180 (data[offset + 2] << 8) | data[offset + 3]);
1181 }
1182
1183 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1184 {
1185 }
1186
1187 static void check_pointer_type_change(VncState *vs, int absolute)
1188 {
1189 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1190 vnc_write_u8(vs, 0);
1191 vnc_write_u8(vs, 0);
1192 vnc_write_u16(vs, 1);
1193 vnc_framebuffer_update(vs, absolute, 0,
1194 ds_get_width(vs->ds), ds_get_height(vs->ds),
1195 VNC_ENCODING_POINTER_TYPE_CHANGE);
1196 vnc_flush(vs);
1197 }
1198 vs->absolute = absolute;
1199 }
1200
1201 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1202 {
1203 int buttons = 0;
1204 int dz = 0;
1205
1206 if (button_mask & 0x01)
1207 buttons |= MOUSE_EVENT_LBUTTON;
1208 if (button_mask & 0x02)
1209 buttons |= MOUSE_EVENT_MBUTTON;
1210 if (button_mask & 0x04)
1211 buttons |= MOUSE_EVENT_RBUTTON;
1212 if (button_mask & 0x08)
1213 dz = -1;
1214 if (button_mask & 0x10)
1215 dz = 1;
1216
1217 if (vs->absolute) {
1218 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1219 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1220 dz, buttons);
1221 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1222 x -= 0x7FFF;
1223 y -= 0x7FFF;
1224
1225 kbd_mouse_event(x, y, dz, buttons);
1226 } else {
1227 if (vs->last_x != -1)
1228 kbd_mouse_event(x - vs->last_x,
1229 y - vs->last_y,
1230 dz, buttons);
1231 vs->last_x = x;
1232 vs->last_y = y;
1233 }
1234
1235 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1236 }
1237
1238 static void reset_keys(VncState *vs)
1239 {
1240 int i;
1241 for(i = 0; i < 256; i++) {
1242 if (vs->modifiers_state[i]) {
1243 if (i & 0x80)
1244 kbd_put_keycode(0xe0);
1245 kbd_put_keycode(i | 0x80);
1246 vs->modifiers_state[i] = 0;
1247 }
1248 }
1249 }
1250
1251 static void press_key(VncState *vs, int keysym)
1252 {
1253 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1254 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1255 }
1256
1257 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1258 {
1259 /* QEMU console switch */
1260 switch(keycode) {
1261 case 0x2a: /* Left Shift */
1262 case 0x36: /* Right Shift */
1263 case 0x1d: /* Left CTRL */
1264 case 0x9d: /* Right CTRL */
1265 case 0x38: /* Left ALT */
1266 case 0xb8: /* Right ALT */
1267 if (down)
1268 vs->modifiers_state[keycode] = 1;
1269 else
1270 vs->modifiers_state[keycode] = 0;
1271 break;
1272 case 0x02 ... 0x0a: /* '1' to '9' keys */
1273 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1274 /* Reset the modifiers sent to the current console */
1275 reset_keys(vs);
1276 console_select(keycode - 0x02);
1277 return;
1278 }
1279 break;
1280 case 0x3a: /* CapsLock */
1281 case 0x45: /* NumLock */
1282 if (!down)
1283 vs->modifiers_state[keycode] ^= 1;
1284 break;
1285 }
1286
1287 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1288 /* If the numlock state needs to change then simulate an additional
1289 keypress before sending this one. This will happen if the user
1290 toggles numlock away from the VNC window.
1291 */
1292 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1293 if (!vs->modifiers_state[0x45]) {
1294 vs->modifiers_state[0x45] = 1;
1295 press_key(vs, 0xff7f);
1296 }
1297 } else {
1298 if (vs->modifiers_state[0x45]) {
1299 vs->modifiers_state[0x45] = 0;
1300 press_key(vs, 0xff7f);
1301 }
1302 }
1303 }
1304
1305 if (is_graphic_console()) {
1306 if (keycode & 0x80)
1307 kbd_put_keycode(0xe0);
1308 if (down)
1309 kbd_put_keycode(keycode & 0x7f);
1310 else
1311 kbd_put_keycode(keycode | 0x80);
1312 } else {
1313 /* QEMU console emulation */
1314 if (down) {
1315 switch (keycode) {
1316 case 0x2a: /* Left Shift */
1317 case 0x36: /* Right Shift */
1318 case 0x1d: /* Left CTRL */
1319 case 0x9d: /* Right CTRL */
1320 case 0x38: /* Left ALT */
1321 case 0xb8: /* Right ALT */
1322 break;
1323 case 0xc8:
1324 kbd_put_keysym(QEMU_KEY_UP);
1325 break;
1326 case 0xd0:
1327 kbd_put_keysym(QEMU_KEY_DOWN);
1328 break;
1329 case 0xcb:
1330 kbd_put_keysym(QEMU_KEY_LEFT);
1331 break;
1332 case 0xcd:
1333 kbd_put_keysym(QEMU_KEY_RIGHT);
1334 break;
1335 case 0xd3:
1336 kbd_put_keysym(QEMU_KEY_DELETE);
1337 break;
1338 case 0xc7:
1339 kbd_put_keysym(QEMU_KEY_HOME);
1340 break;
1341 case 0xcf:
1342 kbd_put_keysym(QEMU_KEY_END);
1343 break;
1344 case 0xc9:
1345 kbd_put_keysym(QEMU_KEY_PAGEUP);
1346 break;
1347 case 0xd1:
1348 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1349 break;
1350 default:
1351 kbd_put_keysym(sym);
1352 break;
1353 }
1354 }
1355 }
1356 }
1357
1358 static void key_event(VncState *vs, int down, uint32_t sym)
1359 {
1360 int keycode;
1361
1362 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1363 sym = sym - 'A' + 'a';
1364
1365 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1366 do_key_event(vs, down, keycode, sym);
1367 }
1368
1369 static void ext_key_event(VncState *vs, int down,
1370 uint32_t sym, uint16_t keycode)
1371 {
1372 /* if the user specifies a keyboard layout, always use it */
1373 if (keyboard_layout)
1374 key_event(vs, down, sym);
1375 else
1376 do_key_event(vs, down, keycode, sym);
1377 }
1378
1379 static void framebuffer_update_request(VncState *vs, int incremental,
1380 int x_position, int y_position,
1381 int w, int h)
1382 {
1383 if (x_position > ds_get_width(vs->ds))
1384 x_position = ds_get_width(vs->ds);
1385 if (y_position > ds_get_height(vs->ds))
1386 y_position = ds_get_height(vs->ds);
1387 if (x_position + w >= ds_get_width(vs->ds))
1388 w = ds_get_width(vs->ds) - x_position;
1389 if (y_position + h >= ds_get_height(vs->ds))
1390 h = ds_get_height(vs->ds) - y_position;
1391
1392 int i;
1393 vs->need_update = 1;
1394 if (!incremental) {
1395 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1396
1397 for (i = 0; i < h; i++) {
1398 vnc_set_bits(vs->dirty_row[y_position + i],
1399 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1400 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1401 old_row += ds_get_linesize(vs->ds);
1402 }
1403 }
1404 }
1405
1406 static void send_ext_key_event_ack(VncState *vs)
1407 {
1408 vnc_write_u8(vs, 0);
1409 vnc_write_u8(vs, 0);
1410 vnc_write_u16(vs, 1);
1411 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1412 VNC_ENCODING_EXT_KEY_EVENT);
1413 vnc_flush(vs);
1414 }
1415
1416 static void send_ext_audio_ack(VncState *vs)
1417 {
1418 vnc_write_u8(vs, 0);
1419 vnc_write_u8(vs, 0);
1420 vnc_write_u16(vs, 1);
1421 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1422 VNC_ENCODING_AUDIO);
1423 vnc_flush(vs);
1424 }
1425
1426 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1427 {
1428 int i;
1429 unsigned int enc = 0;
1430
1431 vnc_zlib_init(vs);
1432 vs->features = 0;
1433 vs->vnc_encoding = 0;
1434 vs->tight_compression = 9;
1435 vs->tight_quality = 9;
1436 vs->absolute = -1;
1437
1438 for (i = n_encodings - 1; i >= 0; i--) {
1439 enc = encodings[i];
1440 switch (enc) {
1441 case VNC_ENCODING_RAW:
1442 vs->vnc_encoding = enc;
1443 break;
1444 case VNC_ENCODING_COPYRECT:
1445 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1446 break;
1447 case VNC_ENCODING_HEXTILE:
1448 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1449 vs->vnc_encoding = enc;
1450 break;
1451 case VNC_ENCODING_ZLIB:
1452 vs->features |= VNC_FEATURE_ZLIB_MASK;
1453 vs->vnc_encoding = enc;
1454 break;
1455 case VNC_ENCODING_DESKTOPRESIZE:
1456 vs->features |= VNC_FEATURE_RESIZE_MASK;
1457 break;
1458 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1459 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1460 break;
1461 case VNC_ENCODING_EXT_KEY_EVENT:
1462 send_ext_key_event_ack(vs);
1463 break;
1464 case VNC_ENCODING_AUDIO:
1465 send_ext_audio_ack(vs);
1466 break;
1467 case VNC_ENCODING_WMVi:
1468 vs->features |= VNC_FEATURE_WMVI_MASK;
1469 break;
1470 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1471 vs->tight_compression = (enc & 0x0F);
1472 break;
1473 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1474 vs->tight_quality = (enc & 0x0F);
1475 break;
1476 default:
1477 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1478 break;
1479 }
1480 }
1481
1482 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1483 }
1484
1485 static void set_pixel_conversion(VncState *vs)
1486 {
1487 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1488 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1489 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1490 vs->write_pixels = vnc_write_pixels_copy;
1491 switch (vs->ds->surface->pf.bits_per_pixel) {
1492 case 8:
1493 vs->send_hextile_tile = send_hextile_tile_8;
1494 break;
1495 case 16:
1496 vs->send_hextile_tile = send_hextile_tile_16;
1497 break;
1498 case 32:
1499 vs->send_hextile_tile = send_hextile_tile_32;
1500 break;
1501 }
1502 } else {
1503 vs->write_pixels = vnc_write_pixels_generic;
1504 switch (vs->ds->surface->pf.bits_per_pixel) {
1505 case 8:
1506 vs->send_hextile_tile = send_hextile_tile_generic_8;
1507 break;
1508 case 16:
1509 vs->send_hextile_tile = send_hextile_tile_generic_16;
1510 break;
1511 case 32:
1512 vs->send_hextile_tile = send_hextile_tile_generic_32;
1513 break;
1514 }
1515 }
1516 }
1517
1518 static void set_pixel_format(VncState *vs,
1519 int bits_per_pixel, int depth,
1520 int big_endian_flag, int true_color_flag,
1521 int red_max, int green_max, int blue_max,
1522 int red_shift, int green_shift, int blue_shift)
1523 {
1524 if (!true_color_flag) {
1525 vnc_client_error(vs);
1526 return;
1527 }
1528
1529 vs->clientds = vs->serverds;
1530 vs->clientds.pf.rmax = red_max;
1531 count_bits(vs->clientds.pf.rbits, red_max);
1532 vs->clientds.pf.rshift = red_shift;
1533 vs->clientds.pf.rmask = red_max << red_shift;
1534 vs->clientds.pf.gmax = green_max;
1535 count_bits(vs->clientds.pf.gbits, green_max);
1536 vs->clientds.pf.gshift = green_shift;
1537 vs->clientds.pf.gmask = green_max << green_shift;
1538 vs->clientds.pf.bmax = blue_max;
1539 count_bits(vs->clientds.pf.bbits, blue_max);
1540 vs->clientds.pf.bshift = blue_shift;
1541 vs->clientds.pf.bmask = blue_max << blue_shift;
1542 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1543 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1544 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1545 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1546
1547 set_pixel_conversion(vs);
1548
1549 vga_hw_invalidate();
1550 vga_hw_update();
1551 }
1552
1553 static void pixel_format_message (VncState *vs) {
1554 char pad[3] = { 0, 0, 0 };
1555
1556 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1557 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1558
1559 #ifdef WORDS_BIGENDIAN
1560 vnc_write_u8(vs, 1); /* big-endian-flag */
1561 #else
1562 vnc_write_u8(vs, 0); /* big-endian-flag */
1563 #endif
1564 vnc_write_u8(vs, 1); /* true-color-flag */
1565 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1566 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1567 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1568 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1569 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1570 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1571 if (vs->ds->surface->pf.bits_per_pixel == 32)
1572 vs->send_hextile_tile = send_hextile_tile_32;
1573 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1574 vs->send_hextile_tile = send_hextile_tile_16;
1575 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1576 vs->send_hextile_tile = send_hextile_tile_8;
1577 vs->clientds = *(vs->ds->surface);
1578 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1579 vs->write_pixels = vnc_write_pixels_copy;
1580
1581 vnc_write(vs, pad, 3); /* padding */
1582 }
1583
1584 static void vnc_dpy_setdata(DisplayState *ds)
1585 {
1586 /* We don't have to do anything */
1587 }
1588
1589 static void vnc_colordepth(VncState *vs)
1590 {
1591 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1592 /* Sending a WMVi message to notify the client*/
1593 vnc_write_u8(vs, 0); /* msg id */
1594 vnc_write_u8(vs, 0);
1595 vnc_write_u16(vs, 1); /* number of rects */
1596 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1597 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1598 pixel_format_message(vs);
1599 vnc_flush(vs);
1600 } else {
1601 set_pixel_conversion(vs);
1602 }
1603 }
1604
1605 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1606 {
1607 int i;
1608 uint16_t limit;
1609
1610 switch (data[0]) {
1611 case 0:
1612 if (len == 1)
1613 return 20;
1614
1615 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1616 read_u8(data, 6), read_u8(data, 7),
1617 read_u16(data, 8), read_u16(data, 10),
1618 read_u16(data, 12), read_u8(data, 14),
1619 read_u8(data, 15), read_u8(data, 16));
1620 break;
1621 case 2:
1622 if (len == 1)
1623 return 4;
1624
1625 if (len == 4) {
1626 limit = read_u16(data, 2);
1627 if (limit > 0)
1628 return 4 + (limit * 4);
1629 } else
1630 limit = read_u16(data, 2);
1631
1632 for (i = 0; i < limit; i++) {
1633 int32_t val = read_s32(data, 4 + (i * 4));
1634 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1635 }
1636
1637 set_encodings(vs, (int32_t *)(data + 4), limit);
1638 break;
1639 case 3:
1640 if (len == 1)
1641 return 10;
1642
1643 framebuffer_update_request(vs,
1644 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1645 read_u16(data, 6), read_u16(data, 8));
1646 break;
1647 case 4:
1648 if (len == 1)
1649 return 8;
1650
1651 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1652 break;
1653 case 5:
1654 if (len == 1)
1655 return 6;
1656
1657 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1658 break;
1659 case 6:
1660 if (len == 1)
1661 return 8;
1662
1663 if (len == 8) {
1664 uint32_t dlen = read_u32(data, 4);
1665 if (dlen > 0)
1666 return 8 + dlen;
1667 }
1668
1669 client_cut_text(vs, read_u32(data, 4), data + 8);
1670 break;
1671 case 255:
1672 if (len == 1)
1673 return 2;
1674
1675 switch (read_u8(data, 1)) {
1676 case 0:
1677 if (len == 2)
1678 return 12;
1679
1680 ext_key_event(vs, read_u16(data, 2),
1681 read_u32(data, 4), read_u32(data, 8));
1682 break;
1683 case 1:
1684 if (len == 2)
1685 return 4;
1686
1687 switch (read_u16 (data, 2)) {
1688 case 0:
1689 audio_add(vs);
1690 break;
1691 case 1:
1692 audio_del(vs);
1693 break;
1694 case 2:
1695 if (len == 4)
1696 return 10;
1697 switch (read_u8(data, 4)) {
1698 case 0: vs->as.fmt = AUD_FMT_U8; break;
1699 case 1: vs->as.fmt = AUD_FMT_S8; break;
1700 case 2: vs->as.fmt = AUD_FMT_U16; break;
1701 case 3: vs->as.fmt = AUD_FMT_S16; break;
1702 case 4: vs->as.fmt = AUD_FMT_U32; break;
1703 case 5: vs->as.fmt = AUD_FMT_S32; break;
1704 default:
1705 printf("Invalid audio format %d\n", read_u8(data, 4));
1706 vnc_client_error(vs);
1707 break;
1708 }
1709 vs->as.nchannels = read_u8(data, 5);
1710 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1711 printf("Invalid audio channel coount %d\n",
1712 read_u8(data, 5));
1713 vnc_client_error(vs);
1714 break;
1715 }
1716 vs->as.freq = read_u32(data, 6);
1717 break;
1718 default:
1719 printf ("Invalid audio message %d\n", read_u8(data, 4));
1720 vnc_client_error(vs);
1721 break;
1722 }
1723 break;
1724
1725 default:
1726 printf("Msg: %d\n", read_u16(data, 0));
1727 vnc_client_error(vs);
1728 break;
1729 }
1730 break;
1731 default:
1732 printf("Msg: %d\n", data[0]);
1733 vnc_client_error(vs);
1734 break;
1735 }
1736
1737 vnc_read_when(vs, protocol_client_msg, 1);
1738 return 0;
1739 }
1740
1741 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1742 {
1743 char buf[1024];
1744 int size;
1745
1746 vnc_write_u16(vs, ds_get_width(vs->ds));
1747 vnc_write_u16(vs, ds_get_height(vs->ds));
1748
1749 pixel_format_message(vs);
1750
1751 if (qemu_name)
1752 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1753 else
1754 size = snprintf(buf, sizeof(buf), "QEMU");
1755
1756 vnc_write_u32(vs, size);
1757 vnc_write(vs, buf, size);
1758 vnc_flush(vs);
1759
1760 vnc_read_when(vs, protocol_client_msg, 1);
1761
1762 return 0;
1763 }
1764
1765 void start_client_init(VncState *vs)
1766 {
1767 vnc_read_when(vs, protocol_client_init, 1);
1768 }
1769
1770 static void make_challenge(VncState *vs)
1771 {
1772 int i;
1773
1774 srand(time(NULL)+getpid()+getpid()*987654+rand());
1775
1776 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1777 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1778 }
1779
1780 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1781 {
1782 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1783 int i, j, pwlen;
1784 unsigned char key[8];
1785
1786 if (!vs->vd->password || !vs->vd->password[0]) {
1787 VNC_DEBUG("No password configured on server");
1788 vnc_write_u32(vs, 1); /* Reject auth */
1789 if (vs->minor >= 8) {
1790 static const char err[] = "Authentication failed";
1791 vnc_write_u32(vs, sizeof(err));
1792 vnc_write(vs, err, sizeof(err));
1793 }
1794 vnc_flush(vs);
1795 vnc_client_error(vs);
1796 return 0;
1797 }
1798
1799 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1800
1801 /* Calculate the expected challenge response */
1802 pwlen = strlen(vs->vd->password);
1803 for (i=0; i<sizeof(key); i++)
1804 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1805 deskey(key, EN0);
1806 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1807 des(response+j, response+j);
1808
1809 /* Compare expected vs actual challenge response */
1810 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1811 VNC_DEBUG("Client challenge reponse did not match\n");
1812 vnc_write_u32(vs, 1); /* Reject auth */
1813 if (vs->minor >= 8) {
1814 static const char err[] = "Authentication failed";
1815 vnc_write_u32(vs, sizeof(err));
1816 vnc_write(vs, err, sizeof(err));
1817 }
1818 vnc_flush(vs);
1819 vnc_client_error(vs);
1820 } else {
1821 VNC_DEBUG("Accepting VNC challenge response\n");
1822 vnc_write_u32(vs, 0); /* Accept auth */
1823 vnc_flush(vs);
1824
1825 start_client_init(vs);
1826 }
1827 return 0;
1828 }
1829
1830 void start_auth_vnc(VncState *vs)
1831 {
1832 make_challenge(vs);
1833 /* Send client a 'random' challenge */
1834 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1835 vnc_flush(vs);
1836
1837 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1838 }
1839
1840
1841 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1842 {
1843 /* We only advertise 1 auth scheme at a time, so client
1844 * must pick the one we sent. Verify this */
1845 if (data[0] != vs->vd->auth) { /* Reject auth */
1846 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1847 vnc_write_u32(vs, 1);
1848 if (vs->minor >= 8) {
1849 static const char err[] = "Authentication failed";
1850 vnc_write_u32(vs, sizeof(err));
1851 vnc_write(vs, err, sizeof(err));
1852 }
1853 vnc_client_error(vs);
1854 } else { /* Accept requested auth */
1855 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1856 switch (vs->vd->auth) {
1857 case VNC_AUTH_NONE:
1858 VNC_DEBUG("Accept auth none\n");
1859 if (vs->minor >= 8) {
1860 vnc_write_u32(vs, 0); /* Accept auth completion */
1861 vnc_flush(vs);
1862 }
1863 start_client_init(vs);
1864 break;
1865
1866 case VNC_AUTH_VNC:
1867 VNC_DEBUG("Start VNC auth\n");
1868 start_auth_vnc(vs);
1869 break;
1870
1871 #ifdef CONFIG_VNC_TLS
1872 case VNC_AUTH_VENCRYPT:
1873 VNC_DEBUG("Accept VeNCrypt auth\n");;
1874 start_auth_vencrypt(vs);
1875 break;
1876 #endif /* CONFIG_VNC_TLS */
1877
1878 #ifdef CONFIG_VNC_SASL
1879 case VNC_AUTH_SASL:
1880 VNC_DEBUG("Accept SASL auth\n");
1881 start_auth_sasl(vs);
1882 break;
1883 #endif /* CONFIG_VNC_SASL */
1884
1885 default: /* Should not be possible, but just in case */
1886 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1887 vnc_write_u8(vs, 1);
1888 if (vs->minor >= 8) {
1889 static const char err[] = "Authentication failed";
1890 vnc_write_u32(vs, sizeof(err));
1891 vnc_write(vs, err, sizeof(err));
1892 }
1893 vnc_client_error(vs);
1894 }
1895 }
1896 return 0;
1897 }
1898
1899 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1900 {
1901 char local[13];
1902
1903 memcpy(local, version, 12);
1904 local[12] = 0;
1905
1906 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1907 VNC_DEBUG("Malformed protocol version %s\n", local);
1908 vnc_client_error(vs);
1909 return 0;
1910 }
1911 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1912 if (vs->major != 3 ||
1913 (vs->minor != 3 &&
1914 vs->minor != 4 &&
1915 vs->minor != 5 &&
1916 vs->minor != 7 &&
1917 vs->minor != 8)) {
1918 VNC_DEBUG("Unsupported client version\n");
1919 vnc_write_u32(vs, VNC_AUTH_INVALID);
1920 vnc_flush(vs);
1921 vnc_client_error(vs);
1922 return 0;
1923 }
1924 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1925 * as equivalent to v3.3 by servers
1926 */
1927 if (vs->minor == 4 || vs->minor == 5)
1928 vs->minor = 3;
1929
1930 if (vs->minor == 3) {
1931 if (vs->vd->auth == VNC_AUTH_NONE) {
1932 VNC_DEBUG("Tell client auth none\n");
1933 vnc_write_u32(vs, vs->vd->auth);
1934 vnc_flush(vs);
1935 start_client_init(vs);
1936 } else if (vs->vd->auth == VNC_AUTH_VNC) {
1937 VNC_DEBUG("Tell client VNC auth\n");
1938 vnc_write_u32(vs, vs->vd->auth);
1939 vnc_flush(vs);
1940 start_auth_vnc(vs);
1941 } else {
1942 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
1943 vnc_write_u32(vs, VNC_AUTH_INVALID);
1944 vnc_flush(vs);
1945 vnc_client_error(vs);
1946 }
1947 } else {
1948 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
1949 vnc_write_u8(vs, 1); /* num auth */
1950 vnc_write_u8(vs, vs->vd->auth);
1951 vnc_read_when(vs, protocol_client_auth, 1);
1952 vnc_flush(vs);
1953 }
1954
1955 return 0;
1956 }
1957
1958 static void vnc_connect(VncDisplay *vd, int csock)
1959 {
1960 VncState *vs = qemu_mallocz(sizeof(VncState));
1961 vs->csock = csock;
1962
1963 VNC_DEBUG("New client on socket %d\n", csock);
1964 dcl->idle = 0;
1965 socket_set_nonblock(vs->csock);
1966 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1967
1968 vs->vd = vd;
1969 vs->ds = vd->ds;
1970 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1971 vs->last_x = -1;
1972 vs->last_y = -1;
1973
1974 vs->as.freq = 44100;
1975 vs->as.nchannels = 2;
1976 vs->as.fmt = AUD_FMT_S16;
1977 vs->as.endianness = 0;
1978
1979 vnc_resize(vs);
1980 vnc_write(vs, "RFB 003.008\n", 12);
1981 vnc_flush(vs);
1982 vnc_read_when(vs, protocol_version, 12);
1983 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
1984 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1985 vnc_update_client(vs);
1986 reset_keys(vs);
1987
1988 vs->next = vd->clients;
1989 vd->clients = vs;
1990 }
1991
1992 static void vnc_listen_read(void *opaque)
1993 {
1994 VncDisplay *vs = opaque;
1995 struct sockaddr_in addr;
1996 socklen_t addrlen = sizeof(addr);
1997
1998 /* Catch-up */
1999 vga_hw_update();
2000
2001 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2002 if (csock != -1) {
2003 vnc_connect(vs, csock);
2004 }
2005 }
2006
2007 void vnc_display_init(DisplayState *ds)
2008 {
2009 VncDisplay *vs;
2010
2011 vs = qemu_mallocz(sizeof(VncState));
2012 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2013
2014 ds->opaque = vs;
2015 dcl->idle = 1;
2016 vnc_display = vs;
2017
2018 vs->lsock = -1;
2019
2020 vs->ds = ds;
2021
2022 if (keyboard_layout)
2023 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2024 else
2025 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2026
2027 if (!vs->kbd_layout)
2028 exit(1);
2029
2030 dcl->dpy_copy = vnc_dpy_copy;
2031 dcl->dpy_update = vnc_dpy_update;
2032 dcl->dpy_resize = vnc_dpy_resize;
2033 dcl->dpy_setdata = vnc_dpy_setdata;
2034 register_displaychangelistener(ds, dcl);
2035 }
2036
2037
2038 void vnc_display_close(DisplayState *ds)
2039 {
2040 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2041
2042 if (!vs)
2043 return;
2044 if (vs->display) {
2045 qemu_free(vs->display);
2046 vs->display = NULL;
2047 }
2048 if (vs->lsock != -1) {
2049 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2050 close(vs->lsock);
2051 vs->lsock = -1;
2052 }
2053 vs->auth = VNC_AUTH_INVALID;
2054 #ifdef CONFIG_VNC_TLS
2055 vs->subauth = VNC_AUTH_INVALID;
2056 vs->tls.x509verify = 0;
2057 #endif
2058 }
2059
2060 int vnc_display_password(DisplayState *ds, const char *password)
2061 {
2062 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2063
2064 if (vs->password) {
2065 qemu_free(vs->password);
2066 vs->password = NULL;
2067 }
2068 if (password && password[0]) {
2069 if (!(vs->password = qemu_strdup(password)))
2070 return -1;
2071 }
2072
2073 return 0;
2074 }
2075
2076 int vnc_display_open(DisplayState *ds, const char *display)
2077 {
2078 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2079 const char *options;
2080 int password = 0;
2081 int reverse = 0;
2082 int to_port = 0;
2083 #ifdef CONFIG_VNC_TLS
2084 int tls = 0, x509 = 0;
2085 #endif
2086 #ifdef CONFIG_VNC_SASL
2087 int sasl = 0;
2088 int saslErr;
2089 #endif
2090 int acl = 0;
2091
2092 if (!vnc_display)
2093 return -1;
2094 vnc_display_close(ds);
2095 if (strcmp(display, "none") == 0)
2096 return 0;
2097
2098 if (!(vs->display = strdup(display)))
2099 return -1;
2100
2101 options = display;
2102 while ((options = strchr(options, ','))) {
2103 options++;
2104 if (strncmp(options, "password", 8) == 0) {
2105 password = 1; /* Require password auth */
2106 } else if (strncmp(options, "reverse", 7) == 0) {
2107 reverse = 1;
2108 } else if (strncmp(options, "to=", 3) == 0) {
2109 to_port = atoi(options+3) + 5900;
2110 #ifdef CONFIG_VNC_SASL
2111 } else if (strncmp(options, "sasl", 4) == 0) {
2112 sasl = 1; /* Require SASL auth */
2113 #endif
2114 #ifdef CONFIG_VNC_TLS
2115 } else if (strncmp(options, "tls", 3) == 0) {
2116 tls = 1; /* Require TLS */
2117 } else if (strncmp(options, "x509", 4) == 0) {
2118 char *start, *end;
2119 x509 = 1; /* Require x509 certificates */
2120 if (strncmp(options, "x509verify", 10) == 0)
2121 vs->tls.x509verify = 1; /* ...and verify client certs */
2122
2123 /* Now check for 'x509=/some/path' postfix
2124 * and use that to setup x509 certificate/key paths */
2125 start = strchr(options, '=');
2126 end = strchr(options, ',');
2127 if (start && (!end || (start < end))) {
2128 int len = end ? end-(start+1) : strlen(start+1);
2129 char *path = qemu_strndup(start + 1, len);
2130
2131 VNC_DEBUG("Trying certificate path '%s'\n", path);
2132 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2133 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2134 qemu_free(path);
2135 qemu_free(vs->display);
2136 vs->display = NULL;
2137 return -1;
2138 }
2139 qemu_free(path);
2140 } else {
2141 fprintf(stderr, "No certificate path provided\n");
2142 qemu_free(vs->display);
2143 vs->display = NULL;
2144 return -1;
2145 }
2146 #endif
2147 } else if (strncmp(options, "acl", 3) == 0) {
2148 acl = 1;
2149 }
2150 }
2151
2152 #ifdef CONFIG_VNC_TLS
2153 if (acl && x509 && vs->tls.x509verify) {
2154 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2155 fprintf(stderr, "Failed to create x509 dname ACL\n");
2156 exit(1);
2157 }
2158 }
2159 #endif
2160 #ifdef CONFIG_VNC_SASL
2161 if (acl && sasl) {
2162 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2163 fprintf(stderr, "Failed to create username ACL\n");
2164 exit(1);
2165 }
2166 }
2167 #endif
2168
2169 /*
2170 * Combinations we support here:
2171 *
2172 * - no-auth (clear text, no auth)
2173 * - password (clear text, weak auth)
2174 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2175 * - tls (encrypt, weak anonymous creds, no auth)
2176 * - tls + password (encrypt, weak anonymous creds, weak auth)
2177 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2178 * - tls + x509 (encrypt, good x509 creds, no auth)
2179 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2180 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2181 *
2182 * NB1. TLS is a stackable auth scheme.
2183 * NB2. the x509 schemes have option to validate a client cert dname
2184 */
2185 if (password) {
2186 #ifdef CONFIG_VNC_TLS
2187 if (tls) {
2188 vs->auth = VNC_AUTH_VENCRYPT;
2189 if (x509) {
2190 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2191 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2192 } else {
2193 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2194 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2195 }
2196 } else {
2197 #endif /* CONFIG_VNC_TLS */
2198 VNC_DEBUG("Initializing VNC server with password auth\n");
2199 vs->auth = VNC_AUTH_VNC;
2200 #ifdef CONFIG_VNC_TLS
2201 vs->subauth = VNC_AUTH_INVALID;
2202 }
2203 #endif /* CONFIG_VNC_TLS */
2204 #ifdef CONFIG_VNC_SASL
2205 } else if (sasl) {
2206 #ifdef CONFIG_VNC_TLS
2207 if (tls) {
2208 vs->auth = VNC_AUTH_VENCRYPT;
2209 if (x509) {
2210 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2211 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2212 } else {
2213 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2214 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2215 }
2216 } else {
2217 #endif /* CONFIG_VNC_TLS */
2218 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2219 vs->auth = VNC_AUTH_SASL;
2220 #ifdef CONFIG_VNC_TLS
2221 vs->subauth = VNC_AUTH_INVALID;
2222 }
2223 #endif /* CONFIG_VNC_TLS */
2224 #endif /* CONFIG_VNC_SASL */
2225 } else {
2226 #ifdef CONFIG_VNC_TLS
2227 if (tls) {
2228 vs->auth = VNC_AUTH_VENCRYPT;
2229 if (x509) {
2230 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2231 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2232 } else {
2233 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2234 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2235 }
2236 } else {
2237 #endif
2238 VNC_DEBUG("Initializing VNC server with no auth\n");
2239 vs->auth = VNC_AUTH_NONE;
2240 #ifdef CONFIG_VNC_TLS
2241 vs->subauth = VNC_AUTH_INVALID;
2242 }
2243 #endif
2244 }
2245
2246 #ifdef CONFIG_VNC_SASL
2247 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2248 fprintf(stderr, "Failed to initialize SASL auth %s",
2249 sasl_errstring(saslErr, NULL, NULL));
2250 free(vs->display);
2251 vs->display = NULL;
2252 return -1;
2253 }
2254 #endif
2255
2256 if (reverse) {
2257 /* connect to viewer */
2258 if (strncmp(display, "unix:", 5) == 0)
2259 vs->lsock = unix_connect(display+5);
2260 else
2261 vs->lsock = inet_connect(display, SOCK_STREAM);
2262 if (-1 == vs->lsock) {
2263 free(vs->display);
2264 vs->display = NULL;
2265 return -1;
2266 } else {
2267 int csock = vs->lsock;
2268 vs->lsock = -1;
2269 vnc_connect(vs, csock);
2270 }
2271 return 0;
2272
2273 } else {
2274 /* listen for connects */
2275 char *dpy;
2276 dpy = qemu_malloc(256);
2277 if (strncmp(display, "unix:", 5) == 0) {
2278 pstrcpy(dpy, 256, "unix:");
2279 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2280 } else {
2281 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2282 }
2283 if (-1 == vs->lsock) {
2284 free(dpy);
2285 return -1;
2286 } else {
2287 free(vs->display);
2288 vs->display = dpy;
2289 }
2290 }
2291 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2292 }
Samsung s3c2440 and arm920t support for the mini2440 dev board