search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Include auth credentials in 'info vnc' ("Daniel P. Berrange")
[qemu-kvm/fedora.git] / vnc.c
blobda6884294e164c2bd74e8873f771c7c965b6823a
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
33
34 #include "vnc_keysym.h"
35 #include "d3des.h"
36
37 #define count_bits(c, v) { \
38 for (c = 0; v; v >>= 1) \
39 { \
40 c += v & 1; \
41 } \
42 }
43
44
45 static VncDisplay *vnc_display; /* needed for info vnc */
46 static DisplayChangeListener *dcl;
47
48 static char *addr_to_string(const char *format,
49 struct sockaddr_storage *sa,
50 socklen_t salen) {
51 char *addr;
52 char host[NI_MAXHOST];
53 char serv[NI_MAXSERV];
54 int err;
55
56 if ((err = getnameinfo((struct sockaddr *)sa, salen,
57 host, sizeof(host),
58 serv, sizeof(serv),
59 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
60 VNC_DEBUG("Cannot resolve address %d: %s\n",
61 err, gai_strerror(err));
62 return NULL;
63 }
64
65 if (asprintf(&addr, format, host, serv) < 0)
66 return NULL;
67
68 return addr;
69 }
70
71
72 char *vnc_socket_local_addr(const char *format, int fd) {
73 struct sockaddr_storage sa;
74 socklen_t salen;
75
76 salen = sizeof(sa);
77 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
78 return NULL;
79
80 return addr_to_string(format, &sa, salen);
81 }
82
83
84 char *vnc_socket_remote_addr(const char *format, int fd) {
85 struct sockaddr_storage sa;
86 socklen_t salen;
87
88 salen = sizeof(sa);
89 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
90 return NULL;
91
92 return addr_to_string(format, &sa, salen);
93 }
94
95 static const char *vnc_auth_name(VncDisplay *vd) {
96 switch (vd->auth) {
97 case VNC_AUTH_INVALID:
98 return "invalid";
99 case VNC_AUTH_NONE:
100 return "none";
101 case VNC_AUTH_VNC:
102 return "vnc";
103 case VNC_AUTH_RA2:
104 return "ra2";
105 case VNC_AUTH_RA2NE:
106 return "ra2ne";
107 case VNC_AUTH_TIGHT:
108 return "tight";
109 case VNC_AUTH_ULTRA:
110 return "ultra";
111 case VNC_AUTH_TLS:
112 return "tls";
113 case VNC_AUTH_VENCRYPT:
114 #ifdef CONFIG_VNC_TLS
115 switch (vd->subauth) {
116 case VNC_AUTH_VENCRYPT_PLAIN:
117 return "vencrypt+plain";
118 case VNC_AUTH_VENCRYPT_TLSNONE:
119 return "vencrypt+tls+none";
120 case VNC_AUTH_VENCRYPT_TLSVNC:
121 return "vencrypt+tls+vnc";
122 case VNC_AUTH_VENCRYPT_TLSPLAIN:
123 return "vencrypt+tls+plain";
124 case VNC_AUTH_VENCRYPT_X509NONE:
125 return "vencrypt+x509+none";
126 case VNC_AUTH_VENCRYPT_X509VNC:
127 return "vencrypt+x509+vnc";
128 case VNC_AUTH_VENCRYPT_X509PLAIN:
129 return "vencrypt+x509+plain";
130 case VNC_AUTH_VENCRYPT_TLSSASL:
131 return "vencrypt+tls+sasl";
132 case VNC_AUTH_VENCRYPT_X509SASL:
133 return "vencrypt+x509+sasl";
134 default:
135 return "vencrypt";
136 }
137 #else
138 return "vencrypt";
139 #endif
140 case VNC_AUTH_SASL:
141 return "sasl";
142 }
143 return "unknown";
144 }
145
146 #define VNC_SOCKET_FORMAT_PRETTY "local %s:%s"
147
148 static void do_info_vnc_client(VncState *client)
149 {
150 char *clientAddr =
151 vnc_socket_remote_addr(" address: %s:%s\n",
152 client->csock);
153 if (!clientAddr)
154 return;
155
156 term_puts("Client:\n");
157 term_puts(clientAddr);
158 free(clientAddr);
159
160 #ifdef CONFIG_VNC_TLS
161 if (client->tls.session &&
162 client->tls.dname)
163 term_printf(" x509 dname: %s\n", client->tls.dname);
164 else
165 term_puts(" x509 dname: none\n");
166 #endif
167 #ifdef CONFIG_VNC_SASL
168 if (client->sasl.conn &&
169 client->sasl.username)
170 term_printf(" username: %s\n", client->sasl.username);
171 else
172 term_puts(" username: none\n");
173 #endif
174 }
175
176 void do_info_vnc(void)
177 {
178 if (vnc_display == NULL || vnc_display->display == NULL) {
179 term_printf("Server: disabled\n");
180 } else {
181 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
182 vnc_display->lsock);
183
184 if (!serverAddr)
185 return;
186
187 term_puts("Server:\n");
188 term_puts(serverAddr);
189 free(serverAddr);
190 term_printf(" auth: %s\n", vnc_auth_name(vnc_display));
191
192 if (vnc_display->clients) {
193 VncState *client = vnc_display->clients;
194 while (client) {
195 do_info_vnc_client(client);
196 client = client->next;
197 }
198 } else {
199 term_printf("Client: none\n");
200 }
201 }
202 }
203
204 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
205 return (vs->features & (1 << feature));
206 }
207
208 /* TODO
209 1) Get the queue working for IO.
210 2) there is some weirdness when using the -S option (the screen is grey
211 and not totally invalidated
212 3) resolutions > 1024
213 */
214
215 static void vnc_update_client(void *opaque);
216
217 static void vnc_colordepth(VncState *vs);
218
219 static inline void vnc_set_bit(uint32_t *d, int k)
220 {
221 d[k >> 5] |= 1 << (k & 0x1f);
222 }
223
224 static inline void vnc_clear_bit(uint32_t *d, int k)
225 {
226 d[k >> 5] &= ~(1 << (k & 0x1f));
227 }
228
229 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
230 {
231 int j;
232
233 j = 0;
234 while (n >= 32) {
235 d[j++] = -1;
236 n -= 32;
237 }
238 if (n > 0)
239 d[j++] = (1 << n) - 1;
240 while (j < nb_words)
241 d[j++] = 0;
242 }
243
244 static inline int vnc_get_bit(const uint32_t *d, int k)
245 {
246 return (d[k >> 5] >> (k & 0x1f)) & 1;
247 }
248
249 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
250 int nb_words)
251 {
252 int i;
253 for(i = 0; i < nb_words; i++) {
254 if ((d1[i] & d2[i]) != 0)
255 return 1;
256 }
257 return 0;
258 }
259
260 static void vnc_update(VncState *vs, int x, int y, int w, int h)
261 {
262 int i;
263
264 h += y;
265
266 /* round x down to ensure the loop only spans one 16-pixel block per,
267 iteration. otherwise, if (x % 16) != 0, the last iteration may span
268 two 16-pixel blocks but we only mark the first as dirty
269 */
270 w += (x % 16);
271 x -= (x % 16);
272
273 x = MIN(x, vs->serverds.width);
274 y = MIN(y, vs->serverds.height);
275 w = MIN(x + w, vs->serverds.width) - x;
276 h = MIN(h, vs->serverds.height);
277
278 for (; y < h; y++)
279 for (i = 0; i < w; i += 16)
280 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
281 }
282
283 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
284 {
285 VncDisplay *vd = ds->opaque;
286 VncState *vs = vd->clients;
287 while (vs != NULL) {
288 vnc_update(vs, x, y, w, h);
289 vs = vs->next;
290 }
291 }
292
293 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
294 int32_t encoding)
295 {
296 vnc_write_u16(vs, x);
297 vnc_write_u16(vs, y);
298 vnc_write_u16(vs, w);
299 vnc_write_u16(vs, h);
300
301 vnc_write_s32(vs, encoding);
302 }
303
304 void buffer_reserve(Buffer *buffer, size_t len)
305 {
306 if ((buffer->capacity - buffer->offset) < len) {
307 buffer->capacity += (len + 1024);
308 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
309 if (buffer->buffer == NULL) {
310 fprintf(stderr, "vnc: out of memory\n");
311 exit(1);
312 }
313 }
314 }
315
316 int buffer_empty(Buffer *buffer)
317 {
318 return buffer->offset == 0;
319 }
320
321 uint8_t *buffer_end(Buffer *buffer)
322 {
323 return buffer->buffer + buffer->offset;
324 }
325
326 void buffer_reset(Buffer *buffer)
327 {
328 buffer->offset = 0;
329 }
330
331 void buffer_append(Buffer *buffer, const void *data, size_t len)
332 {
333 memcpy(buffer->buffer + buffer->offset, data, len);
334 buffer->offset += len;
335 }
336
337 static void vnc_resize(VncState *vs)
338 {
339 DisplayState *ds = vs->ds;
340
341 int size_changed;
342
343 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
344
345 if (vs->old_data == NULL) {
346 fprintf(stderr, "vnc: memory allocation failed\n");
347 exit(1);
348 }
349
350 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
351 console_color_init(ds);
352 vnc_colordepth(vs);
353 size_changed = ds_get_width(ds) != vs->serverds.width ||
354 ds_get_height(ds) != vs->serverds.height;
355 vs->serverds = *(ds->surface);
356 if (size_changed) {
357 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
358 vnc_write_u8(vs, 0); /* msg id */
359 vnc_write_u8(vs, 0);
360 vnc_write_u16(vs, 1); /* number of rects */
361 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
362 VNC_ENCODING_DESKTOPRESIZE);
363 vnc_flush(vs);
364 }
365 }
366
367 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
368 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
369 }
370
371 static void vnc_dpy_resize(DisplayState *ds)
372 {
373 VncDisplay *vd = ds->opaque;
374 VncState *vs = vd->clients;
375 while (vs != NULL) {
376 vnc_resize(vs);
377 vs = vs->next;
378 }
379 }
380
381 /* fastest code */
382 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
383 {
384 vnc_write(vs, pixels, size);
385 }
386
387 /* slowest but generic code. */
388 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
389 {
390 uint8_t r, g, b;
391
392 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
393 vs->serverds.pf.rbits);
394 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
395 vs->serverds.pf.gbits);
396 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
397 vs->serverds.pf.bbits);
398 v = (r << vs->clientds.pf.rshift) |
399 (g << vs->clientds.pf.gshift) |
400 (b << vs->clientds.pf.bshift);
401 switch(vs->clientds.pf.bytes_per_pixel) {
402 case 1:
403 buf[0] = v;
404 break;
405 case 2:
406 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
407 buf[0] = v >> 8;
408 buf[1] = v;
409 } else {
410 buf[1] = v >> 8;
411 buf[0] = v;
412 }
413 break;
414 default:
415 case 4:
416 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
417 buf[0] = v >> 24;
418 buf[1] = v >> 16;
419 buf[2] = v >> 8;
420 buf[3] = v;
421 } else {
422 buf[3] = v >> 24;
423 buf[2] = v >> 16;
424 buf[1] = v >> 8;
425 buf[0] = v;
426 }
427 break;
428 }
429 }
430
431 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
432 {
433 uint8_t buf[4];
434
435 if (vs->serverds.pf.bytes_per_pixel == 4) {
436 uint32_t *pixels = pixels1;
437 int n, i;
438 n = size >> 2;
439 for(i = 0; i < n; i++) {
440 vnc_convert_pixel(vs, buf, pixels[i]);
441 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
442 }
443 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
444 uint16_t *pixels = pixels1;
445 int n, i;
446 n = size >> 1;
447 for(i = 0; i < n; i++) {
448 vnc_convert_pixel(vs, buf, pixels[i]);
449 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
450 }
451 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
452 uint8_t *pixels = pixels1;
453 int n, i;
454 n = size;
455 for(i = 0; i < n; i++) {
456 vnc_convert_pixel(vs, buf, pixels[i]);
457 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
458 }
459 } else {
460 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
461 }
462 }
463
464 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
465 {
466 int i;
467 uint8_t *row;
468
469 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
470 for (i = 0; i < h; i++) {
471 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
472 row += ds_get_linesize(vs->ds);
473 }
474 }
475
476 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
477 {
478 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
479 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
480 }
481
482 #define BPP 8
483 #include "vnchextile.h"
484 #undef BPP
485
486 #define BPP 16
487 #include "vnchextile.h"
488 #undef BPP
489
490 #define BPP 32
491 #include "vnchextile.h"
492 #undef BPP
493
494 #define GENERIC
495 #define BPP 8
496 #include "vnchextile.h"
497 #undef BPP
498 #undef GENERIC
499
500 #define GENERIC
501 #define BPP 16
502 #include "vnchextile.h"
503 #undef BPP
504 #undef GENERIC
505
506 #define GENERIC
507 #define BPP 32
508 #include "vnchextile.h"
509 #undef BPP
510 #undef GENERIC
511
512 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
513 {
514 int i, j;
515 int has_fg, has_bg;
516 uint8_t *last_fg, *last_bg;
517
518 last_fg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
519 last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
520 has_fg = has_bg = 0;
521 for (j = y; j < (y + h); j += 16) {
522 for (i = x; i < (x + w); i += 16) {
523 vs->send_hextile_tile(vs, i, j,
524 MIN(16, x + w - i), MIN(16, y + h - j),
525 last_bg, last_fg, &has_bg, &has_fg);
526 }
527 }
528 free(last_fg);
529 free(last_bg);
530
531 }
532
533 static void vnc_zlib_init(VncState *vs)
534 {
535 int i;
536 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
537 vs->zlib_stream[i].opaque = NULL;
538 }
539
540 static void vnc_zlib_start(VncState *vs)
541 {
542 buffer_reset(&vs->zlib);
543
544 // make the output buffer be the zlib buffer, so we can compress it later
545 vs->zlib_tmp = vs->output;
546 vs->output = vs->zlib;
547 }
548
549 static int vnc_zlib_stop(VncState *vs, int stream_id)
550 {
551 z_streamp zstream = &vs->zlib_stream[stream_id];
552 int previous_out;
553
554 // switch back to normal output/zlib buffers
555 vs->zlib = vs->output;
556 vs->output = vs->zlib_tmp;
557
558 // compress the zlib buffer
559
560 // initialize the stream
561 // XXX need one stream per session
562 if (zstream->opaque != vs) {
563 int err;
564
565 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
566 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
567 zstream->zalloc = Z_NULL;
568 zstream->zfree = Z_NULL;
569
570 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
571 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
572
573 if (err != Z_OK) {
574 fprintf(stderr, "VNC: error initializing zlib\n");
575 return -1;
576 }
577
578 zstream->opaque = vs;
579 }
580
581 // XXX what to do if tight_compression changed in between?
582
583 // reserve memory in output buffer
584 buffer_reserve(&vs->output, vs->zlib.offset + 64);
585
586 // set pointers
587 zstream->next_in = vs->zlib.buffer;
588 zstream->avail_in = vs->zlib.offset;
589 zstream->next_out = vs->output.buffer + vs->output.offset;
590 zstream->avail_out = vs->output.capacity - vs->output.offset;
591 zstream->data_type = Z_BINARY;
592 previous_out = zstream->total_out;
593
594 // start encoding
595 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
596 fprintf(stderr, "VNC: error during zlib compression\n");
597 return -1;
598 }
599
600 vs->output.offset = vs->output.capacity - zstream->avail_out;
601 return zstream->total_out - previous_out;
602 }
603
604 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
605 {
606 int old_offset, new_offset, bytes_written;
607
608 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
609
610 // remember where we put in the follow-up size
611 old_offset = vs->output.offset;
612 vnc_write_s32(vs, 0);
613
614 // compress the stream
615 vnc_zlib_start(vs);
616 send_framebuffer_update_raw(vs, x, y, w, h);
617 bytes_written = vnc_zlib_stop(vs, 0);
618
619 if (bytes_written == -1)
620 return;
621
622 // hack in the size
623 new_offset = vs->output.offset;
624 vs->output.offset = old_offset;
625 vnc_write_u32(vs, bytes_written);
626 vs->output.offset = new_offset;
627 }
628
629 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
630 {
631 switch(vs->vnc_encoding) {
632 case VNC_ENCODING_ZLIB:
633 send_framebuffer_update_zlib(vs, x, y, w, h);
634 break;
635 case VNC_ENCODING_HEXTILE:
636 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
637 send_framebuffer_update_hextile(vs, x, y, w, h);
638 break;
639 default:
640 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
641 send_framebuffer_update_raw(vs, x, y, w, h);
642 break;
643 }
644 }
645
646 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
647 {
648 vnc_update_client(vs);
649
650 vnc_write_u8(vs, 0); /* msg id */
651 vnc_write_u8(vs, 0);
652 vnc_write_u16(vs, 1); /* number of rects */
653 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
654 vnc_write_u16(vs, src_x);
655 vnc_write_u16(vs, src_y);
656 vnc_flush(vs);
657 }
658
659 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
660 {
661 VncDisplay *vd = ds->opaque;
662 VncState *vs = vd->clients;
663 while (vs != NULL) {
664 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
665 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
666 else /* TODO */
667 vnc_update(vs, dst_x, dst_y, w, h);
668 vs = vs->next;
669 }
670 }
671
672 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
673 {
674 int h;
675
676 for (h = 1; h < (vs->serverds.height - y); h++) {
677 int tmp_x;
678 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
679 break;
680 for (tmp_x = last_x; tmp_x < x; tmp_x++)
681 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
682 }
683
684 return h;
685 }
686
687 static void vnc_update_client(void *opaque)
688 {
689 VncState *vs = opaque;
690 if (vs->need_update && vs->csock != -1) {
691 int y;
692 uint8_t *row;
693 char *old_row;
694 uint32_t width_mask[VNC_DIRTY_WORDS];
695 int n_rectangles;
696 int saved_offset;
697 int has_dirty = 0;
698
699 vga_hw_update();
700
701 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
702
703 /* Walk through the dirty map and eliminate tiles that
704 really aren't dirty */
705 row = ds_get_data(vs->ds);
706 old_row = vs->old_data;
707
708 for (y = 0; y < ds_get_height(vs->ds); y++) {
709 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
710 int x;
711 uint8_t *ptr;
712 char *old_ptr;
713
714 ptr = row;
715 old_ptr = (char*)old_row;
716
717 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
718 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
719 vnc_clear_bit(vs->dirty_row[y], (x / 16));
720 } else {
721 has_dirty = 1;
722 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
723 }
724
725 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
726 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
727 }
728 }
729
730 row += ds_get_linesize(vs->ds);
731 old_row += ds_get_linesize(vs->ds);
732 }
733
734 if (!has_dirty && !vs->audio_cap) {
735 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
736 return;
737 }
738
739 /* Count rectangles */
740 n_rectangles = 0;
741 vnc_write_u8(vs, 0); /* msg id */
742 vnc_write_u8(vs, 0);
743 saved_offset = vs->output.offset;
744 vnc_write_u16(vs, 0);
745
746 for (y = 0; y < vs->serverds.height; y++) {
747 int x;
748 int last_x = -1;
749 for (x = 0; x < vs->serverds.width / 16; x++) {
750 if (vnc_get_bit(vs->dirty_row[y], x)) {
751 if (last_x == -1) {
752 last_x = x;
753 }
754 vnc_clear_bit(vs->dirty_row[y], x);
755 } else {
756 if (last_x != -1) {
757 int h = find_dirty_height(vs, y, last_x, x);
758 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
759 n_rectangles++;
760 }
761 last_x = -1;
762 }
763 }
764 if (last_x != -1) {
765 int h = find_dirty_height(vs, y, last_x, x);
766 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
767 n_rectangles++;
768 }
769 }
770 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
771 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
772 vnc_flush(vs);
773
774 }
775
776 if (vs->csock != -1) {
777 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
778 }
779
780 }
781
782 /* audio */
783 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
784 {
785 VncState *vs = opaque;
786
787 switch (cmd) {
788 case AUD_CNOTIFY_DISABLE:
789 vnc_write_u8(vs, 255);
790 vnc_write_u8(vs, 1);
791 vnc_write_u16(vs, 0);
792 vnc_flush(vs);
793 break;
794
795 case AUD_CNOTIFY_ENABLE:
796 vnc_write_u8(vs, 255);
797 vnc_write_u8(vs, 1);
798 vnc_write_u16(vs, 1);
799 vnc_flush(vs);
800 break;
801 }
802 }
803
804 static void audio_capture_destroy(void *opaque)
805 {
806 }
807
808 static void audio_capture(void *opaque, void *buf, int size)
809 {
810 VncState *vs = opaque;
811
812 vnc_write_u8(vs, 255);
813 vnc_write_u8(vs, 1);
814 vnc_write_u16(vs, 2);
815 vnc_write_u32(vs, size);
816 vnc_write(vs, buf, size);
817 vnc_flush(vs);
818 }
819
820 static void audio_add(VncState *vs)
821 {
822 struct audio_capture_ops ops;
823
824 if (vs->audio_cap) {
825 term_printf ("audio already running\n");
826 return;
827 }
828
829 ops.notify = audio_capture_notify;
830 ops.destroy = audio_capture_destroy;
831 ops.capture = audio_capture;
832
833 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
834 if (!vs->audio_cap) {
835 term_printf ("Failed to add audio capture\n");
836 }
837 }
838
839 static void audio_del(VncState *vs)
840 {
841 if (vs->audio_cap) {
842 AUD_del_capture(vs->audio_cap, vs);
843 vs->audio_cap = NULL;
844 }
845 }
846
847
848 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
849 {
850 if (ret == 0 || ret == -1) {
851 if (ret == -1) {
852 switch (last_errno) {
853 case EINTR:
854 case EAGAIN:
855 #ifdef _WIN32
856 case WSAEWOULDBLOCK:
857 #endif
858 return 0;
859 default:
860 break;
861 }
862 }
863
864 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
865 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
866 closesocket(vs->csock);
867 qemu_del_timer(vs->timer);
868 qemu_free_timer(vs->timer);
869 if (vs->input.buffer) qemu_free(vs->input.buffer);
870 if (vs->output.buffer) qemu_free(vs->output.buffer);
871 #ifdef CONFIG_VNC_TLS
872 vnc_tls_client_cleanup(vs);
873 #endif /* CONFIG_VNC_TLS */
874 #ifdef CONFIG_VNC_SASL
875 vnc_sasl_client_cleanup(vs);
876 #endif /* CONFIG_VNC_SASL */
877 audio_del(vs);
878
879 VncState *p, *parent = NULL;
880 for (p = vs->vd->clients; p != NULL; p = p->next) {
881 if (p == vs) {
882 if (parent)
883 parent->next = p->next;
884 else
885 vs->vd->clients = p->next;
886 break;
887 }
888 parent = p;
889 }
890 if (!vs->vd->clients)
891 dcl->idle = 1;
892
893 qemu_free(vs->old_data);
894 qemu_free(vs);
895
896 return 0;
897 }
898 return ret;
899 }
900
901
902 void vnc_client_error(VncState *vs)
903 {
904 vnc_client_io_error(vs, -1, EINVAL);
905 }
906
907
908 /*
909 * Called to write a chunk of data to the client socket. The data may
910 * be the raw data, or may have already been encoded by SASL.
911 * The data will be written either straight onto the socket, or
912 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
913 *
914 * NB, it is theoretically possible to have 2 layers of encryption,
915 * both SASL, and this TLS layer. It is highly unlikely in practice
916 * though, since SASL encryption will typically be a no-op if TLS
917 * is active
918 *
919 * Returns the number of bytes written, which may be less than
920 * the requested 'datalen' if the socket would block. Returns
921 * -1 on error, and disconnects the client socket.
922 */
923 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
924 {
925 long ret;
926 #ifdef CONFIG_VNC_TLS
927 if (vs->tls.session) {
928 ret = gnutls_write(vs->tls.session, data, datalen);
929 if (ret < 0) {
930 if (ret == GNUTLS_E_AGAIN)
931 errno = EAGAIN;
932 else
933 errno = EIO;
934 ret = -1;
935 }
936 } else
937 #endif /* CONFIG_VNC_TLS */
938 ret = send(vs->csock, data, datalen, 0);
939 VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
940 return vnc_client_io_error(vs, ret, socket_error());
941 }
942
943
944 /*
945 * Called to write buffered data to the client socket, when not
946 * using any SASL SSF encryption layers. Will write as much data
947 * as possible without blocking. If all buffered data is written,
948 * will switch the FD poll() handler back to read monitoring.
949 *
950 * Returns the number of bytes written, which may be less than
951 * the buffered output data if the socket would block. Returns
952 * -1 on error, and disconnects the client socket.
953 */
954 static long vnc_client_write_plain(VncState *vs)
955 {
956 long ret;
957
958 #ifdef CONFIG_VNC_SASL
959 VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
960 vs->output.buffer, vs->output.capacity, vs->output.offset,
961 vs->sasl.waitWriteSSF);
962
963 if (vs->sasl.conn &&
964 vs->sasl.runSSF &&
965 vs->sasl.waitWriteSSF) {
966 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
967 if (ret)
968 vs->sasl.waitWriteSSF -= ret;
969 } else
970 #endif /* CONFIG_VNC_SASL */
971 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
972 if (!ret)
973 return 0;
974
975 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
976 vs->output.offset -= ret;
977
978 if (vs->output.offset == 0) {
979 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
980 }
981
982 return ret;
983 }
984
985
986 /*
987 * First function called whenever there is data to be written to
988 * the client socket. Will delegate actual work according to whether
989 * SASL SSF layers are enabled (thus requiring encryption calls)
990 */
991 void vnc_client_write(void *opaque)
992 {
993 long ret;
994 VncState *vs = opaque;
995
996 #ifdef CONFIG_VNC_SASL
997 if (vs->sasl.conn &&
998 vs->sasl.runSSF &&
999 !vs->sasl.waitWriteSSF)
1000 ret = vnc_client_write_sasl(vs);
1001 else
1002 #endif /* CONFIG_VNC_SASL */
1003 ret = vnc_client_write_plain(vs);
1004 }
1005
1006 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1007 {
1008 vs->read_handler = func;
1009 vs->read_handler_expect = expecting;
1010 }
1011
1012
1013 /*
1014 * Called to read a chunk of data from the client socket. The data may
1015 * be the raw data, or may need to be further decoded by SASL.
1016 * The data will be read either straight from to the socket, or
1017 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1018 *
1019 * NB, it is theoretically possible to have 2 layers of encryption,
1020 * both SASL, and this TLS layer. It is highly unlikely in practice
1021 * though, since SASL encryption will typically be a no-op if TLS
1022 * is active
1023 *
1024 * Returns the number of bytes read, which may be less than
1025 * the requested 'datalen' if the socket would block. Returns
1026 * -1 on error, and disconnects the client socket.
1027 */
1028 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1029 {
1030 long ret;
1031 #ifdef CONFIG_VNC_TLS
1032 if (vs->tls.session) {
1033 ret = gnutls_read(vs->tls.session, data, datalen);
1034 if (ret < 0) {
1035 if (ret == GNUTLS_E_AGAIN)
1036 errno = EAGAIN;
1037 else
1038 errno = EIO;
1039 ret = -1;
1040 }
1041 } else
1042 #endif /* CONFIG_VNC_TLS */
1043 ret = recv(vs->csock, data, datalen, 0);
1044 VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
1045 return vnc_client_io_error(vs, ret, socket_error());
1046 }
1047
1048
1049 /*
1050 * Called to read data from the client socket to the input buffer,
1051 * when not using any SASL SSF encryption layers. Will read as much
1052 * data as possible without blocking.
1053 *
1054 * Returns the number of bytes read. Returns -1 on error, and
1055 * disconnects the client socket.
1056 */
1057 static long vnc_client_read_plain(VncState *vs)
1058 {
1059 int ret;
1060 VNC_DEBUG("Read plain %p size %d offset %d\n",
1061 vs->input.buffer, vs->input.capacity, vs->input.offset);
1062 buffer_reserve(&vs->input, 4096);
1063 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1064 if (!ret)
1065 return 0;
1066 vs->input.offset += ret;
1067 return ret;
1068 }
1069
1070
1071 /*
1072 * First function called whenever there is more data to be read from
1073 * the client socket. Will delegate actual work according to whether
1074 * SASL SSF layers are enabled (thus requiring decryption calls)
1075 */
1076 void vnc_client_read(void *opaque)
1077 {
1078 VncState *vs = opaque;
1079 long ret;
1080
1081 #ifdef CONFIG_VNC_SASL
1082 if (vs->sasl.conn && vs->sasl.runSSF)
1083 ret = vnc_client_read_sasl(vs);
1084 else
1085 #endif /* CONFIG_VNC_SASL */
1086 ret = vnc_client_read_plain(vs);
1087 if (!ret)
1088 return;
1089
1090 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1091 size_t len = vs->read_handler_expect;
1092 int ret;
1093
1094 ret = vs->read_handler(vs, vs->input.buffer, len);
1095 if (vs->csock == -1)
1096 return;
1097
1098 if (!ret) {
1099 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1100 vs->input.offset -= len;
1101 } else {
1102 vs->read_handler_expect = ret;
1103 }
1104 }
1105 }
1106
1107 void vnc_write(VncState *vs, const void *data, size_t len)
1108 {
1109 buffer_reserve(&vs->output, len);
1110
1111 if (buffer_empty(&vs->output)) {
1112 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1113 }
1114
1115 buffer_append(&vs->output, data, len);
1116 }
1117
1118 void vnc_write_s32(VncState *vs, int32_t value)
1119 {
1120 vnc_write_u32(vs, *(uint32_t *)&value);
1121 }
1122
1123 void vnc_write_u32(VncState *vs, uint32_t value)
1124 {
1125 uint8_t buf[4];
1126
1127 buf[0] = (value >> 24) & 0xFF;
1128 buf[1] = (value >> 16) & 0xFF;
1129 buf[2] = (value >> 8) & 0xFF;
1130 buf[3] = value & 0xFF;
1131
1132 vnc_write(vs, buf, 4);
1133 }
1134
1135 void vnc_write_u16(VncState *vs, uint16_t value)
1136 {
1137 uint8_t buf[2];
1138
1139 buf[0] = (value >> 8) & 0xFF;
1140 buf[1] = value & 0xFF;
1141
1142 vnc_write(vs, buf, 2);
1143 }
1144
1145 void vnc_write_u8(VncState *vs, uint8_t value)
1146 {
1147 vnc_write(vs, (char *)&value, 1);
1148 }
1149
1150 void vnc_flush(VncState *vs)
1151 {
1152 if (vs->output.offset)
1153 vnc_client_write(vs);
1154 }
1155
1156 uint8_t read_u8(uint8_t *data, size_t offset)
1157 {
1158 return data[offset];
1159 }
1160
1161 uint16_t read_u16(uint8_t *data, size_t offset)
1162 {
1163 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1164 }
1165
1166 int32_t read_s32(uint8_t *data, size_t offset)
1167 {
1168 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1169 (data[offset + 2] << 8) | data[offset + 3]);
1170 }
1171
1172 uint32_t read_u32(uint8_t *data, size_t offset)
1173 {
1174 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1175 (data[offset + 2] << 8) | data[offset + 3]);
1176 }
1177
1178 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1179 {
1180 }
1181
1182 static void check_pointer_type_change(VncState *vs, int absolute)
1183 {
1184 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1185 vnc_write_u8(vs, 0);
1186 vnc_write_u8(vs, 0);
1187 vnc_write_u16(vs, 1);
1188 vnc_framebuffer_update(vs, absolute, 0,
1189 ds_get_width(vs->ds), ds_get_height(vs->ds),
1190 VNC_ENCODING_POINTER_TYPE_CHANGE);
1191 vnc_flush(vs);
1192 }
1193 vs->absolute = absolute;
1194 }
1195
1196 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1197 {
1198 int buttons = 0;
1199 int dz = 0;
1200
1201 if (button_mask & 0x01)
1202 buttons |= MOUSE_EVENT_LBUTTON;
1203 if (button_mask & 0x02)
1204 buttons |= MOUSE_EVENT_MBUTTON;
1205 if (button_mask & 0x04)
1206 buttons |= MOUSE_EVENT_RBUTTON;
1207 if (button_mask & 0x08)
1208 dz = -1;
1209 if (button_mask & 0x10)
1210 dz = 1;
1211
1212 if (vs->absolute) {
1213 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1214 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1215 dz, buttons);
1216 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1217 x -= 0x7FFF;
1218 y -= 0x7FFF;
1219
1220 kbd_mouse_event(x, y, dz, buttons);
1221 } else {
1222 if (vs->last_x != -1)
1223 kbd_mouse_event(x - vs->last_x,
1224 y - vs->last_y,
1225 dz, buttons);
1226 vs->last_x = x;
1227 vs->last_y = y;
1228 }
1229
1230 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1231 }
1232
1233 static void reset_keys(VncState *vs)
1234 {
1235 int i;
1236 for(i = 0; i < 256; i++) {
1237 if (vs->modifiers_state[i]) {
1238 if (i & 0x80)
1239 kbd_put_keycode(0xe0);
1240 kbd_put_keycode(i | 0x80);
1241 vs->modifiers_state[i] = 0;
1242 }
1243 }
1244 }
1245
1246 static void press_key(VncState *vs, int keysym)
1247 {
1248 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1249 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1250 }
1251
1252 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1253 {
1254 /* QEMU console switch */
1255 switch(keycode) {
1256 case 0x2a: /* Left Shift */
1257 case 0x36: /* Right Shift */
1258 case 0x1d: /* Left CTRL */
1259 case 0x9d: /* Right CTRL */
1260 case 0x38: /* Left ALT */
1261 case 0xb8: /* Right ALT */
1262 if (down)
1263 vs->modifiers_state[keycode] = 1;
1264 else
1265 vs->modifiers_state[keycode] = 0;
1266 break;
1267 case 0x02 ... 0x0a: /* '1' to '9' keys */
1268 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1269 /* Reset the modifiers sent to the current console */
1270 reset_keys(vs);
1271 console_select(keycode - 0x02);
1272 return;
1273 }
1274 break;
1275 case 0x3a: /* CapsLock */
1276 case 0x45: /* NumLock */
1277 if (!down)
1278 vs->modifiers_state[keycode] ^= 1;
1279 break;
1280 }
1281
1282 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1283 /* If the numlock state needs to change then simulate an additional
1284 keypress before sending this one. This will happen if the user
1285 toggles numlock away from the VNC window.
1286 */
1287 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1288 if (!vs->modifiers_state[0x45]) {
1289 vs->modifiers_state[0x45] = 1;
1290 press_key(vs, 0xff7f);
1291 }
1292 } else {
1293 if (vs->modifiers_state[0x45]) {
1294 vs->modifiers_state[0x45] = 0;
1295 press_key(vs, 0xff7f);
1296 }
1297 }
1298 }
1299
1300 if (is_graphic_console()) {
1301 if (keycode & 0x80)
1302 kbd_put_keycode(0xe0);
1303 if (down)
1304 kbd_put_keycode(keycode & 0x7f);
1305 else
1306 kbd_put_keycode(keycode | 0x80);
1307 } else {
1308 /* QEMU console emulation */
1309 if (down) {
1310 switch (keycode) {
1311 case 0x2a: /* Left Shift */
1312 case 0x36: /* Right Shift */
1313 case 0x1d: /* Left CTRL */
1314 case 0x9d: /* Right CTRL */
1315 case 0x38: /* Left ALT */
1316 case 0xb8: /* Right ALT */
1317 break;
1318 case 0xc8:
1319 case 0x48:
1320 kbd_put_keysym(QEMU_KEY_UP);
1321 break;
1322 case 0xd0:
1323 case 0x50:
1324 kbd_put_keysym(QEMU_KEY_DOWN);
1325 break;
1326 case 0xcb:
1327 case 0x4b:
1328 kbd_put_keysym(QEMU_KEY_LEFT);
1329 break;
1330 case 0xcd:
1331 case 0x4d:
1332 kbd_put_keysym(QEMU_KEY_RIGHT);
1333 break;
1334 case 0xd3:
1335 case 0x53:
1336 kbd_put_keysym(QEMU_KEY_DELETE);
1337 break;
1338 case 0xc7:
1339 case 0x47:
1340 kbd_put_keysym(QEMU_KEY_HOME);
1341 break;
1342 case 0xcf:
1343 case 0x4f:
1344 kbd_put_keysym(QEMU_KEY_END);
1345 break;
1346 case 0xc9:
1347 case 0x49:
1348 kbd_put_keysym(QEMU_KEY_PAGEUP);
1349 break;
1350 case 0xd1:
1351 case 0x51:
1352 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1353 break;
1354 default:
1355 kbd_put_keysym(sym);
1356 break;
1357 }
1358 }
1359 }
1360 }
1361
1362 static void key_event(VncState *vs, int down, uint32_t sym)
1363 {
1364 int keycode;
1365
1366 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1367 sym = sym - 'A' + 'a';
1368
1369 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1370 do_key_event(vs, down, keycode, sym);
1371 }
1372
1373 static void ext_key_event(VncState *vs, int down,
1374 uint32_t sym, uint16_t keycode)
1375 {
1376 /* if the user specifies a keyboard layout, always use it */
1377 if (keyboard_layout)
1378 key_event(vs, down, sym);
1379 else
1380 do_key_event(vs, down, keycode, sym);
1381 }
1382
1383 static void framebuffer_update_request(VncState *vs, int incremental,
1384 int x_position, int y_position,
1385 int w, int h)
1386 {
1387 if (x_position > ds_get_width(vs->ds))
1388 x_position = ds_get_width(vs->ds);
1389 if (y_position > ds_get_height(vs->ds))
1390 y_position = ds_get_height(vs->ds);
1391 if (x_position + w >= ds_get_width(vs->ds))
1392 w = ds_get_width(vs->ds) - x_position;
1393 if (y_position + h >= ds_get_height(vs->ds))
1394 h = ds_get_height(vs->ds) - y_position;
1395
1396 int i;
1397 vs->need_update = 1;
1398 if (!incremental) {
1399 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1400
1401 for (i = 0; i < h; i++) {
1402 vnc_set_bits(vs->dirty_row[y_position + i],
1403 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1404 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1405 old_row += ds_get_linesize(vs->ds);
1406 }
1407 }
1408 }
1409
1410 static void send_ext_key_event_ack(VncState *vs)
1411 {
1412 vnc_write_u8(vs, 0);
1413 vnc_write_u8(vs, 0);
1414 vnc_write_u16(vs, 1);
1415 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1416 VNC_ENCODING_EXT_KEY_EVENT);
1417 vnc_flush(vs);
1418 }
1419
1420 static void send_ext_audio_ack(VncState *vs)
1421 {
1422 vnc_write_u8(vs, 0);
1423 vnc_write_u8(vs, 0);
1424 vnc_write_u16(vs, 1);
1425 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1426 VNC_ENCODING_AUDIO);
1427 vnc_flush(vs);
1428 }
1429
1430 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1431 {
1432 int i;
1433 unsigned int enc = 0;
1434
1435 vnc_zlib_init(vs);
1436 vs->features = 0;
1437 vs->vnc_encoding = 0;
1438 vs->tight_compression = 9;
1439 vs->tight_quality = 9;
1440 vs->absolute = -1;
1441
1442 for (i = n_encodings - 1; i >= 0; i--) {
1443 enc = encodings[i];
1444 switch (enc) {
1445 case VNC_ENCODING_RAW:
1446 vs->vnc_encoding = enc;
1447 break;
1448 case VNC_ENCODING_COPYRECT:
1449 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1450 break;
1451 case VNC_ENCODING_HEXTILE:
1452 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1453 vs->vnc_encoding = enc;
1454 break;
1455 case VNC_ENCODING_ZLIB:
1456 vs->features |= VNC_FEATURE_ZLIB_MASK;
1457 vs->vnc_encoding = enc;
1458 break;
1459 case VNC_ENCODING_DESKTOPRESIZE:
1460 vs->features |= VNC_FEATURE_RESIZE_MASK;
1461 break;
1462 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1463 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1464 break;
1465 case VNC_ENCODING_EXT_KEY_EVENT:
1466 send_ext_key_event_ack(vs);
1467 break;
1468 case VNC_ENCODING_AUDIO:
1469 send_ext_audio_ack(vs);
1470 break;
1471 case VNC_ENCODING_WMVi:
1472 vs->features |= VNC_FEATURE_WMVI_MASK;
1473 break;
1474 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1475 vs->tight_compression = (enc & 0x0F);
1476 break;
1477 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1478 vs->tight_quality = (enc & 0x0F);
1479 break;
1480 default:
1481 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1482 break;
1483 }
1484 }
1485
1486 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1487 }
1488
1489 static void set_pixel_conversion(VncState *vs)
1490 {
1491 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1492 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1493 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1494 vs->write_pixels = vnc_write_pixels_copy;
1495 switch (vs->ds->surface->pf.bits_per_pixel) {
1496 case 8:
1497 vs->send_hextile_tile = send_hextile_tile_8;
1498 break;
1499 case 16:
1500 vs->send_hextile_tile = send_hextile_tile_16;
1501 break;
1502 case 32:
1503 vs->send_hextile_tile = send_hextile_tile_32;
1504 break;
1505 }
1506 } else {
1507 vs->write_pixels = vnc_write_pixels_generic;
1508 switch (vs->ds->surface->pf.bits_per_pixel) {
1509 case 8:
1510 vs->send_hextile_tile = send_hextile_tile_generic_8;
1511 break;
1512 case 16:
1513 vs->send_hextile_tile = send_hextile_tile_generic_16;
1514 break;
1515 case 32:
1516 vs->send_hextile_tile = send_hextile_tile_generic_32;
1517 break;
1518 }
1519 }
1520 }
1521
1522 static void set_pixel_format(VncState *vs,
1523 int bits_per_pixel, int depth,
1524 int big_endian_flag, int true_color_flag,
1525 int red_max, int green_max, int blue_max,
1526 int red_shift, int green_shift, int blue_shift)
1527 {
1528 if (!true_color_flag) {
1529 vnc_client_error(vs);
1530 return;
1531 }
1532
1533 vs->clientds = vs->serverds;
1534 vs->clientds.pf.rmax = red_max;
1535 count_bits(vs->clientds.pf.rbits, red_max);
1536 vs->clientds.pf.rshift = red_shift;
1537 vs->clientds.pf.rmask = red_max << red_shift;
1538 vs->clientds.pf.gmax = green_max;
1539 count_bits(vs->clientds.pf.gbits, green_max);
1540 vs->clientds.pf.gshift = green_shift;
1541 vs->clientds.pf.gmask = green_max << green_shift;
1542 vs->clientds.pf.bmax = blue_max;
1543 count_bits(vs->clientds.pf.bbits, blue_max);
1544 vs->clientds.pf.bshift = blue_shift;
1545 vs->clientds.pf.bmask = blue_max << blue_shift;
1546 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1547 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1548 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1549 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1550
1551 set_pixel_conversion(vs);
1552
1553 vga_hw_invalidate();
1554 vga_hw_update();
1555 }
1556
1557 static void pixel_format_message (VncState *vs) {
1558 char pad[3] = { 0, 0, 0 };
1559
1560 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1561 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1562
1563 #ifdef WORDS_BIGENDIAN
1564 vnc_write_u8(vs, 1); /* big-endian-flag */
1565 #else
1566 vnc_write_u8(vs, 0); /* big-endian-flag */
1567 #endif
1568 vnc_write_u8(vs, 1); /* true-color-flag */
1569 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1570 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1571 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1572 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1573 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1574 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1575 if (vs->ds->surface->pf.bits_per_pixel == 32)
1576 vs->send_hextile_tile = send_hextile_tile_32;
1577 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1578 vs->send_hextile_tile = send_hextile_tile_16;
1579 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1580 vs->send_hextile_tile = send_hextile_tile_8;
1581 vs->clientds = *(vs->ds->surface);
1582 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1583 vs->write_pixels = vnc_write_pixels_copy;
1584
1585 vnc_write(vs, pad, 3); /* padding */
1586 }
1587
1588 static void vnc_dpy_setdata(DisplayState *ds)
1589 {
1590 /* We don't have to do anything */
1591 }
1592
1593 static void vnc_colordepth(VncState *vs)
1594 {
1595 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1596 /* Sending a WMVi message to notify the client*/
1597 vnc_write_u8(vs, 0); /* msg id */
1598 vnc_write_u8(vs, 0);
1599 vnc_write_u16(vs, 1); /* number of rects */
1600 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1601 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1602 pixel_format_message(vs);
1603 vnc_flush(vs);
1604 } else {
1605 set_pixel_conversion(vs);
1606 }
1607 }
1608
1609 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1610 {
1611 int i;
1612 uint16_t limit;
1613
1614 switch (data[0]) {
1615 case 0:
1616 if (len == 1)
1617 return 20;
1618
1619 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1620 read_u8(data, 6), read_u8(data, 7),
1621 read_u16(data, 8), read_u16(data, 10),
1622 read_u16(data, 12), read_u8(data, 14),
1623 read_u8(data, 15), read_u8(data, 16));
1624 break;
1625 case 2:
1626 if (len == 1)
1627 return 4;
1628
1629 if (len == 4) {
1630 limit = read_u16(data, 2);
1631 if (limit > 0)
1632 return 4 + (limit * 4);
1633 } else
1634 limit = read_u16(data, 2);
1635
1636 for (i = 0; i < limit; i++) {
1637 int32_t val = read_s32(data, 4 + (i * 4));
1638 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1639 }
1640
1641 set_encodings(vs, (int32_t *)(data + 4), limit);
1642 break;
1643 case 3:
1644 if (len == 1)
1645 return 10;
1646
1647 framebuffer_update_request(vs,
1648 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1649 read_u16(data, 6), read_u16(data, 8));
1650 break;
1651 case 4:
1652 if (len == 1)
1653 return 8;
1654
1655 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1656 break;
1657 case 5:
1658 if (len == 1)
1659 return 6;
1660
1661 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1662 break;
1663 case 6:
1664 if (len == 1)
1665 return 8;
1666
1667 if (len == 8) {
1668 uint32_t dlen = read_u32(data, 4);
1669 if (dlen > 0)
1670 return 8 + dlen;
1671 }
1672
1673 client_cut_text(vs, read_u32(data, 4), data + 8);
1674 break;
1675 case 255:
1676 if (len == 1)
1677 return 2;
1678
1679 switch (read_u8(data, 1)) {
1680 case 0:
1681 if (len == 2)
1682 return 12;
1683
1684 ext_key_event(vs, read_u16(data, 2),
1685 read_u32(data, 4), read_u32(data, 8));
1686 break;
1687 case 1:
1688 if (len == 2)
1689 return 4;
1690
1691 switch (read_u16 (data, 2)) {
1692 case 0:
1693 audio_add(vs);
1694 break;
1695 case 1:
1696 audio_del(vs);
1697 break;
1698 case 2:
1699 if (len == 4)
1700 return 10;
1701 switch (read_u8(data, 4)) {
1702 case 0: vs->as.fmt = AUD_FMT_U8; break;
1703 case 1: vs->as.fmt = AUD_FMT_S8; break;
1704 case 2: vs->as.fmt = AUD_FMT_U16; break;
1705 case 3: vs->as.fmt = AUD_FMT_S16; break;
1706 case 4: vs->as.fmt = AUD_FMT_U32; break;
1707 case 5: vs->as.fmt = AUD_FMT_S32; break;
1708 default:
1709 printf("Invalid audio format %d\n", read_u8(data, 4));
1710 vnc_client_error(vs);
1711 break;
1712 }
1713 vs->as.nchannels = read_u8(data, 5);
1714 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1715 printf("Invalid audio channel coount %d\n",
1716 read_u8(data, 5));
1717 vnc_client_error(vs);
1718 break;
1719 }
1720 vs->as.freq = read_u32(data, 6);
1721 break;
1722 default:
1723 printf ("Invalid audio message %d\n", read_u8(data, 4));
1724 vnc_client_error(vs);
1725 break;
1726 }
1727 break;
1728
1729 default:
1730 printf("Msg: %d\n", read_u16(data, 0));
1731 vnc_client_error(vs);
1732 break;
1733 }
1734 break;
1735 default:
1736 printf("Msg: %d\n", data[0]);
1737 vnc_client_error(vs);
1738 break;
1739 }
1740
1741 vnc_read_when(vs, protocol_client_msg, 1);
1742 return 0;
1743 }
1744
1745 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1746 {
1747 char buf[1024];
1748 int size;
1749
1750 vnc_write_u16(vs, ds_get_width(vs->ds));
1751 vnc_write_u16(vs, ds_get_height(vs->ds));
1752
1753 pixel_format_message(vs);
1754
1755 if (qemu_name)
1756 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1757 else
1758 size = snprintf(buf, sizeof(buf), "QEMU");
1759
1760 vnc_write_u32(vs, size);
1761 vnc_write(vs, buf, size);
1762 vnc_flush(vs);
1763
1764 vnc_read_when(vs, protocol_client_msg, 1);
1765
1766 return 0;
1767 }
1768
1769 void start_client_init(VncState *vs)
1770 {
1771 vnc_read_when(vs, protocol_client_init, 1);
1772 }
1773
1774 static void make_challenge(VncState *vs)
1775 {
1776 int i;
1777
1778 srand(time(NULL)+getpid()+getpid()*987654+rand());
1779
1780 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1781 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1782 }
1783
1784 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1785 {
1786 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1787 int i, j, pwlen;
1788 unsigned char key[8];
1789
1790 if (!vs->vd->password || !vs->vd->password[0]) {
1791 VNC_DEBUG("No password configured on server");
1792 vnc_write_u32(vs, 1); /* Reject auth */
1793 if (vs->minor >= 8) {
1794 static const char err[] = "Authentication failed";
1795 vnc_write_u32(vs, sizeof(err));
1796 vnc_write(vs, err, sizeof(err));
1797 }
1798 vnc_flush(vs);
1799 vnc_client_error(vs);
1800 return 0;
1801 }
1802
1803 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1804
1805 /* Calculate the expected challenge response */
1806 pwlen = strlen(vs->vd->password);
1807 for (i=0; i<sizeof(key); i++)
1808 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1809 deskey(key, EN0);
1810 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1811 des(response+j, response+j);
1812
1813 /* Compare expected vs actual challenge response */
1814 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1815 VNC_DEBUG("Client challenge reponse did not match\n");
1816 vnc_write_u32(vs, 1); /* Reject auth */
1817 if (vs->minor >= 8) {
1818 static const char err[] = "Authentication failed";
1819 vnc_write_u32(vs, sizeof(err));
1820 vnc_write(vs, err, sizeof(err));
1821 }
1822 vnc_flush(vs);
1823 vnc_client_error(vs);
1824 } else {
1825 VNC_DEBUG("Accepting VNC challenge response\n");
1826 vnc_write_u32(vs, 0); /* Accept auth */
1827 vnc_flush(vs);
1828
1829 start_client_init(vs);
1830 }
1831 return 0;
1832 }
1833
1834 void start_auth_vnc(VncState *vs)
1835 {
1836 make_challenge(vs);
1837 /* Send client a 'random' challenge */
1838 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1839 vnc_flush(vs);
1840
1841 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1842 }
1843
1844
1845 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1846 {
1847 /* We only advertise 1 auth scheme at a time, so client
1848 * must pick the one we sent. Verify this */
1849 if (data[0] != vs->vd->auth) { /* Reject auth */
1850 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1851 vnc_write_u32(vs, 1);
1852 if (vs->minor >= 8) {
1853 static const char err[] = "Authentication failed";
1854 vnc_write_u32(vs, sizeof(err));
1855 vnc_write(vs, err, sizeof(err));
1856 }
1857 vnc_client_error(vs);
1858 } else { /* Accept requested auth */
1859 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1860 switch (vs->vd->auth) {
1861 case VNC_AUTH_NONE:
1862 VNC_DEBUG("Accept auth none\n");
1863 if (vs->minor >= 8) {
1864 vnc_write_u32(vs, 0); /* Accept auth completion */
1865 vnc_flush(vs);
1866 }
1867 start_client_init(vs);
1868 break;
1869
1870 case VNC_AUTH_VNC:
1871 VNC_DEBUG("Start VNC auth\n");
1872 start_auth_vnc(vs);
1873 break;
1874
1875 #ifdef CONFIG_VNC_TLS
1876 case VNC_AUTH_VENCRYPT:
1877 VNC_DEBUG("Accept VeNCrypt auth\n");;
1878 start_auth_vencrypt(vs);
1879 break;
1880 #endif /* CONFIG_VNC_TLS */
1881
1882 #ifdef CONFIG_VNC_SASL
1883 case VNC_AUTH_SASL:
1884 VNC_DEBUG("Accept SASL auth\n");
1885 start_auth_sasl(vs);
1886 break;
1887 #endif /* CONFIG_VNC_SASL */
1888
1889 default: /* Should not be possible, but just in case */
1890 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1891 vnc_write_u8(vs, 1);
1892 if (vs->minor >= 8) {
1893 static const char err[] = "Authentication failed";
1894 vnc_write_u32(vs, sizeof(err));
1895 vnc_write(vs, err, sizeof(err));
1896 }
1897 vnc_client_error(vs);
1898 }
1899 }
1900 return 0;
1901 }
1902
1903 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1904 {
1905 char local[13];
1906
1907 memcpy(local, version, 12);
1908 local[12] = 0;
1909
1910 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1911 VNC_DEBUG("Malformed protocol version %s\n", local);
1912 vnc_client_error(vs);
1913 return 0;
1914 }
1915 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1916 if (vs->major != 3 ||
1917 (vs->minor != 3 &&
1918 vs->minor != 4 &&
1919 vs->minor != 5 &&
1920 vs->minor != 7 &&
1921 vs->minor != 8)) {
1922 VNC_DEBUG("Unsupported client version\n");
1923 vnc_write_u32(vs, VNC_AUTH_INVALID);
1924 vnc_flush(vs);
1925 vnc_client_error(vs);
1926 return 0;
1927 }
1928 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1929 * as equivalent to v3.3 by servers
1930 */
1931 if (vs->minor == 4 || vs->minor == 5)
1932 vs->minor = 3;
1933
1934 if (vs->minor == 3) {
1935 if (vs->vd->auth == VNC_AUTH_NONE) {
1936 VNC_DEBUG("Tell client auth none\n");
1937 vnc_write_u32(vs, vs->vd->auth);
1938 vnc_flush(vs);
1939 start_client_init(vs);
1940 } else if (vs->vd->auth == VNC_AUTH_VNC) {
1941 VNC_DEBUG("Tell client VNC auth\n");
1942 vnc_write_u32(vs, vs->vd->auth);
1943 vnc_flush(vs);
1944 start_auth_vnc(vs);
1945 } else {
1946 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
1947 vnc_write_u32(vs, VNC_AUTH_INVALID);
1948 vnc_flush(vs);
1949 vnc_client_error(vs);
1950 }
1951 } else {
1952 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
1953 vnc_write_u8(vs, 1); /* num auth */
1954 vnc_write_u8(vs, vs->vd->auth);
1955 vnc_read_when(vs, protocol_client_auth, 1);
1956 vnc_flush(vs);
1957 }
1958
1959 return 0;
1960 }
1961
1962 static void vnc_connect(VncDisplay *vd, int csock)
1963 {
1964 VncState *vs = qemu_mallocz(sizeof(VncState));
1965 vs->csock = csock;
1966
1967 VNC_DEBUG("New client on socket %d\n", csock);
1968 dcl->idle = 0;
1969 socket_set_nonblock(vs->csock);
1970 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1971
1972 vs->vd = vd;
1973 vs->ds = vd->ds;
1974 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1975 vs->last_x = -1;
1976 vs->last_y = -1;
1977
1978 vs->as.freq = 44100;
1979 vs->as.nchannels = 2;
1980 vs->as.fmt = AUD_FMT_S16;
1981 vs->as.endianness = 0;
1982
1983 vnc_resize(vs);
1984 vnc_write(vs, "RFB 003.008\n", 12);
1985 vnc_flush(vs);
1986 vnc_read_when(vs, protocol_version, 12);
1987 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
1988 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1989 vnc_update_client(vs);
1990 reset_keys(vs);
1991
1992 vs->next = vd->clients;
1993 vd->clients = vs;
1994 }
1995
1996 static void vnc_listen_read(void *opaque)
1997 {
1998 VncDisplay *vs = opaque;
1999 struct sockaddr_in addr;
2000 socklen_t addrlen = sizeof(addr);
2001
2002 /* Catch-up */
2003 vga_hw_update();
2004
2005 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2006 if (csock != -1) {
2007 vnc_connect(vs, csock);
2008 }
2009 }
2010
2011 void vnc_display_init(DisplayState *ds)
2012 {
2013 VncDisplay *vs;
2014
2015 vs = qemu_mallocz(sizeof(VncState));
2016 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2017
2018 ds->opaque = vs;
2019 dcl->idle = 1;
2020 vnc_display = vs;
2021
2022 vs->lsock = -1;
2023
2024 vs->ds = ds;
2025
2026 if (keyboard_layout)
2027 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2028 else
2029 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2030
2031 if (!vs->kbd_layout)
2032 exit(1);
2033
2034 dcl->dpy_copy = vnc_dpy_copy;
2035 dcl->dpy_update = vnc_dpy_update;
2036 dcl->dpy_resize = vnc_dpy_resize;
2037 dcl->dpy_setdata = vnc_dpy_setdata;
2038 register_displaychangelistener(ds, dcl);
2039 }
2040
2041
2042 void vnc_display_close(DisplayState *ds)
2043 {
2044 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2045
2046 if (!vs)
2047 return;
2048 if (vs->display) {
2049 qemu_free(vs->display);
2050 vs->display = NULL;
2051 }
2052 if (vs->lsock != -1) {
2053 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2054 close(vs->lsock);
2055 vs->lsock = -1;
2056 }
2057 vs->auth = VNC_AUTH_INVALID;
2058 #ifdef CONFIG_VNC_TLS
2059 vs->subauth = VNC_AUTH_INVALID;
2060 vs->tls.x509verify = 0;
2061 #endif
2062 }
2063
2064 int vnc_display_password(DisplayState *ds, const char *password)
2065 {
2066 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2067
2068 if (vs->password) {
2069 qemu_free(vs->password);
2070 vs->password = NULL;
2071 }
2072 if (password && password[0]) {
2073 if (!(vs->password = qemu_strdup(password)))
2074 return -1;
2075 }
2076
2077 return 0;
2078 }
2079
2080 int vnc_display_open(DisplayState *ds, const char *display)
2081 {
2082 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2083 const char *options;
2084 int password = 0;
2085 int reverse = 0;
2086 int to_port = 0;
2087 #ifdef CONFIG_VNC_TLS
2088 int tls = 0, x509 = 0;
2089 #endif
2090 #ifdef CONFIG_VNC_SASL
2091 int sasl = 0;
2092 int saslErr;
2093 #endif
2094
2095 if (!vnc_display)
2096 return -1;
2097 vnc_display_close(ds);
2098 if (strcmp(display, "none") == 0)
2099 return 0;
2100
2101 if (!(vs->display = strdup(display)))
2102 return -1;
2103
2104 options = display;
2105 while ((options = strchr(options, ','))) {
2106 options++;
2107 if (strncmp(options, "password", 8) == 0) {
2108 password = 1; /* Require password auth */
2109 } else if (strncmp(options, "reverse", 7) == 0) {
2110 reverse = 1;
2111 } else if (strncmp(options, "to=", 3) == 0) {
2112 to_port = atoi(options+3) + 5900;
2113 #ifdef CONFIG_VNC_SASL
2114 } else if (strncmp(options, "sasl", 4) == 0) {
2115 sasl = 1; /* Require SASL auth */
2116 #endif
2117 #ifdef CONFIG_VNC_TLS
2118 } else if (strncmp(options, "tls", 3) == 0) {
2119 tls = 1; /* Require TLS */
2120 } else if (strncmp(options, "x509", 4) == 0) {
2121 char *start, *end;
2122 x509 = 1; /* Require x509 certificates */
2123 if (strncmp(options, "x509verify", 10) == 0)
2124 vs->tls.x509verify = 1; /* ...and verify client certs */
2125
2126 /* Now check for 'x509=/some/path' postfix
2127 * and use that to setup x509 certificate/key paths */
2128 start = strchr(options, '=');
2129 end = strchr(options, ',');
2130 if (start && (!end || (start < end))) {
2131 int len = end ? end-(start+1) : strlen(start+1);
2132 char *path = qemu_strndup(start + 1, len);
2133
2134 VNC_DEBUG("Trying certificate path '%s'\n", path);
2135 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2136 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2137 qemu_free(path);
2138 qemu_free(vs->display);
2139 vs->display = NULL;
2140 return -1;
2141 }
2142 qemu_free(path);
2143 } else {
2144 fprintf(stderr, "No certificate path provided\n");
2145 qemu_free(vs->display);
2146 vs->display = NULL;
2147 return -1;
2148 }
2149 #endif
2150 }
2151 }
2152
2153 /*
2154 * Combinations we support here:
2155 *
2156 * - no-auth (clear text, no auth)
2157 * - password (clear text, weak auth)
2158 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2159 * - tls (encrypt, weak anonymous creds, no auth)
2160 * - tls + password (encrypt, weak anonymous creds, weak auth)
2161 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2162 * - tls + x509 (encrypt, good x509 creds, no auth)
2163 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2164 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2165 *
2166 * NB1. TLS is a stackable auth scheme.
2167 * NB2. the x509 schemes have option to validate a client cert dname
2168 */
2169 if (password) {
2170 #ifdef CONFIG_VNC_TLS
2171 if (tls) {
2172 vs->auth = VNC_AUTH_VENCRYPT;
2173 if (x509) {
2174 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2175 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2176 } else {
2177 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2178 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2179 }
2180 } else {
2181 #endif /* CONFIG_VNC_TLS */
2182 VNC_DEBUG("Initializing VNC server with password auth\n");
2183 vs->auth = VNC_AUTH_VNC;
2184 #ifdef CONFIG_VNC_TLS
2185 vs->subauth = VNC_AUTH_INVALID;
2186 }
2187 #endif /* CONFIG_VNC_TLS */
2188 #ifdef CONFIG_VNC_SASL
2189 } else if (sasl) {
2190 #ifdef CONFIG_VNC_TLS
2191 if (tls) {
2192 vs->auth = VNC_AUTH_VENCRYPT;
2193 if (x509) {
2194 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2195 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2196 } else {
2197 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2198 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2199 }
2200 } else {
2201 #endif /* CONFIG_VNC_TLS */
2202 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2203 vs->auth = VNC_AUTH_SASL;
2204 #ifdef CONFIG_VNC_TLS
2205 vs->subauth = VNC_AUTH_INVALID;
2206 }
2207 #endif /* CONFIG_VNC_TLS */
2208 #endif /* CONFIG_VNC_SASL */
2209 } else {
2210 #ifdef CONFIG_VNC_TLS
2211 if (tls) {
2212 vs->auth = VNC_AUTH_VENCRYPT;
2213 if (x509) {
2214 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2215 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2216 } else {
2217 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2218 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2219 }
2220 } else {
2221 #endif
2222 VNC_DEBUG("Initializing VNC server with no auth\n");
2223 vs->auth = VNC_AUTH_NONE;
2224 #ifdef CONFIG_VNC_TLS
2225 vs->subauth = VNC_AUTH_INVALID;
2226 }
2227 #endif
2228 }
2229
2230 #ifdef CONFIG_VNC_SASL
2231 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2232 fprintf(stderr, "Failed to initialize SASL auth %s",
2233 sasl_errstring(saslErr, NULL, NULL));
2234 free(vs->display);
2235 vs->display = NULL;
2236 return -1;
2237 }
2238 #endif
2239
2240 if (reverse) {
2241 /* connect to viewer */
2242 if (strncmp(display, "unix:", 5) == 0)
2243 vs->lsock = unix_connect(display+5);
2244 else
2245 vs->lsock = inet_connect(display, SOCK_STREAM);
2246 if (-1 == vs->lsock) {
2247 free(vs->display);
2248 vs->display = NULL;
2249 return -1;
2250 } else {
2251 int csock = vs->lsock;
2252 vs->lsock = -1;
2253 vnc_connect(vs, csock);
2254 }
2255 return 0;
2256
2257 } else {
2258 /* listen for connects */
2259 char *dpy;
2260 dpy = qemu_malloc(256);
2261 if (strncmp(display, "unix:", 5) == 0) {
2262 pstrcpy(dpy, 256, "unix:");
2263 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2264 } else {
2265 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2266 }
2267 if (-1 == vs->lsock) {
2268 free(dpy);
2269 return -1;
2270 } else {
2271 free(vs->display);
2272 vs->display = dpy;
2273 }
2274 }
2275 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2276 }
Patches shipped by Fedora