vvfat: fat_chksum(): fix access above array bounds
[qemu.git] / ui / vnc.h
blob9619b247fb8bdc73e90ed3dfcf2e12fe897127d8
1 /*
2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
27 #ifndef __QEMU_VNC_H
28 #define __QEMU_VNC_H
30 #include "qemu-common.h"
31 #include "qemu-queue.h"
32 #ifdef CONFIG_VNC_THREAD
33 #include "qemu-thread.h"
34 #endif
35 #include "console.h"
36 #include "monitor.h"
37 #include "audio/audio.h"
38 #include <zlib.h>
39 #include <stdbool.h>
41 #include "keymaps.h"
43 // #define _VNC_DEBUG 1
45 #ifdef _VNC_DEBUG
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
47 #else
48 #define VNC_DEBUG(fmt, ...) do { } while (0)
49 #endif
51 /*****************************************************************************
53 * Core data structures
55 *****************************************************************************/
57 typedef struct Buffer
59 size_t capacity;
60 size_t offset;
61 uint8_t *buffer;
62 } Buffer;
64 typedef struct VncState VncState;
65 typedef struct VncJob VncJob;
66 typedef struct VncRect VncRect;
67 typedef struct VncRectEntry VncRectEntry;
69 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
71 typedef void VncWritePixels(VncState *vs, struct PixelFormat *pf, void *data, int size);
73 typedef void VncSendHextileTile(VncState *vs,
74 int x, int y, int w, int h,
75 void *last_bg,
76 void *last_fg,
77 int *has_bg, int *has_fg);
79 #define VNC_MAX_WIDTH 2560
80 #define VNC_MAX_HEIGHT 2048
81 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
83 #define VNC_AUTH_CHALLENGE_SIZE 16
85 typedef struct VncDisplay VncDisplay;
87 #ifdef CONFIG_VNC_TLS
88 #include "vnc-tls.h"
89 #include "vnc-auth-vencrypt.h"
90 #endif
91 #ifdef CONFIG_VNC_SASL
92 #include "vnc-auth-sasl.h"
93 #endif
95 struct VncSurface
97 uint32_t dirty[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
98 DisplaySurface *ds;
101 struct VncDisplay
103 QTAILQ_HEAD(, VncState) clients;
104 QEMUTimer *timer;
105 int timer_interval;
106 int lsock;
107 DisplayState *ds;
108 kbd_layout_t *kbd_layout;
109 int lock_key_sync;
110 #ifdef CONFIG_VNC_THREAD
111 QemuMutex mutex;
112 #endif
114 QEMUCursor *cursor;
115 int cursor_msize;
116 uint8_t *cursor_mask;
118 struct VncSurface guest; /* guest visible surface (aka ds->surface) */
119 DisplaySurface *server; /* vnc server surface */
121 char *display;
122 char *password;
123 int auth;
124 bool lossy;
125 #ifdef CONFIG_VNC_TLS
126 int subauth; /* Used by VeNCrypt */
127 VncDisplayTLS tls;
128 #endif
129 #ifdef CONFIG_VNC_SASL
130 VncDisplaySASL sasl;
131 #endif
134 typedef struct VncTight {
135 int type;
136 uint8_t quality;
137 uint8_t compression;
138 uint8_t pixel24;
139 Buffer tight;
140 Buffer tmp;
141 Buffer zlib;
142 Buffer gradient;
143 #ifdef CONFIG_VNC_JPEG
144 Buffer jpeg;
145 #endif
146 #ifdef CONFIG_VNC_PNG
147 Buffer png;
148 #endif
149 int levels[4];
150 z_stream stream[4];
151 } VncTight;
153 typedef struct VncHextile {
154 VncSendHextileTile *send_tile;
155 } VncHextile;
157 typedef struct VncZlib {
158 Buffer zlib;
159 Buffer tmp;
160 z_stream stream;
161 int level;
162 } VncZlib;
164 #ifdef CONFIG_VNC_THREAD
165 struct VncRect
167 int x;
168 int y;
169 int w;
170 int h;
173 struct VncRectEntry
175 struct VncRect rect;
176 QLIST_ENTRY(VncRectEntry) next;
179 struct VncJob
181 VncState *vs;
183 QLIST_HEAD(, VncRectEntry) rectangles;
184 QTAILQ_ENTRY(VncJob) next;
186 #else
187 struct VncJob
189 VncState *vs;
190 int rectangles;
191 size_t saved_offset;
193 #endif
195 struct VncState
197 int csock;
199 DisplayState *ds;
200 uint32_t dirty[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
202 VncDisplay *vd;
203 int need_update;
204 int force_update;
205 uint32_t features;
206 int absolute;
207 int last_x;
208 int last_y;
209 int client_width;
210 int client_height;
212 uint32_t vnc_encoding;
214 int major;
215 int minor;
217 char challenge[VNC_AUTH_CHALLENGE_SIZE];
218 #ifdef CONFIG_VNC_TLS
219 VncStateTLS tls;
220 #endif
221 #ifdef CONFIG_VNC_SASL
222 VncStateSASL sasl;
223 #endif
225 QObject *info;
227 Buffer output;
228 Buffer input;
229 /* current output mode information */
230 VncWritePixels *write_pixels;
231 DisplaySurface clientds;
233 CaptureVoiceOut *audio_cap;
234 struct audsettings as;
236 VncReadEvent *read_handler;
237 size_t read_handler_expect;
238 /* input */
239 uint8_t modifiers_state[256];
240 QEMUPutLEDEntry *led;
242 bool abort;
243 #ifndef CONFIG_VNC_THREAD
244 VncJob job;
245 #else
246 QemuMutex output_mutex;
247 #endif
249 /* Encoding specific, if you add something here, don't forget to
250 * update vnc_async_encoding_start()
252 VncTight tight;
253 VncZlib zlib;
254 VncHextile hextile;
257 Notifier mouse_mode_notifier;
259 QTAILQ_ENTRY(VncState) next;
263 /*****************************************************************************
265 * Authentication modes
267 *****************************************************************************/
269 enum {
270 VNC_AUTH_INVALID = 0,
271 VNC_AUTH_NONE = 1,
272 VNC_AUTH_VNC = 2,
273 VNC_AUTH_RA2 = 5,
274 VNC_AUTH_RA2NE = 6,
275 VNC_AUTH_TIGHT = 16,
276 VNC_AUTH_ULTRA = 17,
277 VNC_AUTH_TLS = 18, /* Supported in GTK-VNC & VINO */
278 VNC_AUTH_VENCRYPT = 19, /* Supported in GTK-VNC & VeNCrypt */
279 VNC_AUTH_SASL = 20, /* Supported in GTK-VNC & VINO */
282 enum {
283 VNC_AUTH_VENCRYPT_PLAIN = 256,
284 VNC_AUTH_VENCRYPT_TLSNONE = 257,
285 VNC_AUTH_VENCRYPT_TLSVNC = 258,
286 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
287 VNC_AUTH_VENCRYPT_X509NONE = 260,
288 VNC_AUTH_VENCRYPT_X509VNC = 261,
289 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
290 VNC_AUTH_VENCRYPT_X509SASL = 263,
291 VNC_AUTH_VENCRYPT_TLSSASL = 264,
295 /*****************************************************************************
297 * Encoding types
299 *****************************************************************************/
301 #define VNC_ENCODING_RAW 0x00000000
302 #define VNC_ENCODING_COPYRECT 0x00000001
303 #define VNC_ENCODING_RRE 0x00000002
304 #define VNC_ENCODING_CORRE 0x00000004
305 #define VNC_ENCODING_HEXTILE 0x00000005
306 #define VNC_ENCODING_ZLIB 0x00000006
307 #define VNC_ENCODING_TIGHT 0x00000007
308 #define VNC_ENCODING_ZLIBHEX 0x00000008
309 #define VNC_ENCODING_TRLE 0x0000000f
310 #define VNC_ENCODING_ZRLE 0x00000010
311 #define VNC_ENCODING_ZYWRLE 0x00000011
312 #define VNC_ENCODING_COMPRESSLEVEL0 0xFFFFFF00 /* -256 */
313 #define VNC_ENCODING_QUALITYLEVEL0 0xFFFFFFE0 /* -32 */
314 #define VNC_ENCODING_XCURSOR 0xFFFFFF10 /* -240 */
315 #define VNC_ENCODING_RICH_CURSOR 0xFFFFFF11 /* -239 */
316 #define VNC_ENCODING_POINTER_POS 0xFFFFFF18 /* -232 */
317 #define VNC_ENCODING_LASTRECT 0xFFFFFF20 /* -224 */
318 #define VNC_ENCODING_DESKTOPRESIZE 0xFFFFFF21 /* -223 */
319 #define VNC_ENCODING_POINTER_TYPE_CHANGE 0XFFFFFEFF /* -257 */
320 #define VNC_ENCODING_EXT_KEY_EVENT 0XFFFFFEFE /* -258 */
321 #define VNC_ENCODING_AUDIO 0XFFFFFEFD /* -259 */
322 #define VNC_ENCODING_TIGHT_PNG 0xFFFFFEFC /* -260 */
323 #define VNC_ENCODING_WMVi 0x574D5669
325 /*****************************************************************************
327 * Other tight constants
329 *****************************************************************************/
332 * Vendors known by TightVNC: standard VNC/RealVNC, TridiaVNC, and TightVNC.
335 #define VNC_TIGHT_CCB_RESET_MASK (0x0f)
336 #define VNC_TIGHT_CCB_TYPE_MASK (0x0f << 4)
337 #define VNC_TIGHT_CCB_TYPE_FILL (0x08 << 4)
338 #define VNC_TIGHT_CCB_TYPE_JPEG (0x09 << 4)
339 #define VNC_TIGHT_CCB_TYPE_PNG (0x0A << 4)
340 #define VNC_TIGHT_CCB_BASIC_MAX (0x07 << 4)
341 #define VNC_TIGHT_CCB_BASIC_ZLIB (0x03 << 4)
342 #define VNC_TIGHT_CCB_BASIC_FILTER (0x04 << 4)
344 /*****************************************************************************
346 * Features
348 *****************************************************************************/
350 #define VNC_FEATURE_RESIZE 0
351 #define VNC_FEATURE_HEXTILE 1
352 #define VNC_FEATURE_POINTER_TYPE_CHANGE 2
353 #define VNC_FEATURE_WMVI 3
354 #define VNC_FEATURE_TIGHT 4
355 #define VNC_FEATURE_ZLIB 5
356 #define VNC_FEATURE_COPYRECT 6
357 #define VNC_FEATURE_RICH_CURSOR 7
358 #define VNC_FEATURE_TIGHT_PNG 8
360 #define VNC_FEATURE_RESIZE_MASK (1 << VNC_FEATURE_RESIZE)
361 #define VNC_FEATURE_HEXTILE_MASK (1 << VNC_FEATURE_HEXTILE)
362 #define VNC_FEATURE_POINTER_TYPE_CHANGE_MASK (1 << VNC_FEATURE_POINTER_TYPE_CHANGE)
363 #define VNC_FEATURE_WMVI_MASK (1 << VNC_FEATURE_WMVI)
364 #define VNC_FEATURE_TIGHT_MASK (1 << VNC_FEATURE_TIGHT)
365 #define VNC_FEATURE_ZLIB_MASK (1 << VNC_FEATURE_ZLIB)
366 #define VNC_FEATURE_COPYRECT_MASK (1 << VNC_FEATURE_COPYRECT)
367 #define VNC_FEATURE_RICH_CURSOR_MASK (1 << VNC_FEATURE_RICH_CURSOR)
368 #define VNC_FEATURE_TIGHT_PNG_MASK (1 << VNC_FEATURE_TIGHT_PNG)
371 /* Client -> Server message IDs */
372 #define VNC_MSG_CLIENT_SET_PIXEL_FORMAT 0
373 #define VNC_MSG_CLIENT_SET_ENCODINGS 2
374 #define VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST 3
375 #define VNC_MSG_CLIENT_KEY_EVENT 4
376 #define VNC_MSG_CLIENT_POINTER_EVENT 5
377 #define VNC_MSG_CLIENT_CUT_TEXT 6
378 #define VNC_MSG_CLIENT_VMWARE_0 127
379 #define VNC_MSG_CLIENT_CALL_CONTROL 249
380 #define VNC_MSG_CLIENT_XVP 250
381 #define VNC_MSG_CLIENT_SET_DESKTOP_SIZE 251
382 #define VNC_MSG_CLIENT_TIGHT 252
383 #define VNC_MSG_CLIENT_GII 253
384 #define VNC_MSG_CLIENT_VMWARE_1 254
385 #define VNC_MSG_CLIENT_QEMU 255
387 /* Server -> Client message IDs */
388 #define VNC_MSG_SERVER_FRAMEBUFFER_UPDATE 0
389 #define VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES 1
390 #define VNC_MSG_SERVER_BELL 2
391 #define VNC_MSG_SERVER_CUT_TEXT 3
392 #define VNC_MSG_SERVER_VMWARE_0 127
393 #define VNC_MSG_SERVER_CALL_CONTROL 249
394 #define VNC_MSG_SERVER_XVP 250
395 #define VNC_MSG_SERVER_TIGHT 252
396 #define VNC_MSG_SERVER_GII 253
397 #define VNC_MSG_SERVER_VMWARE_1 254
398 #define VNC_MSG_SERVER_QEMU 255
402 /* QEMU client -> server message IDs */
403 #define VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT 0
404 #define VNC_MSG_CLIENT_QEMU_AUDIO 1
406 /* QEMU server -> client message IDs */
407 #define VNC_MSG_SERVER_QEMU_AUDIO 1
411 /* QEMU client -> server audio message IDs */
412 #define VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE 0
413 #define VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE 1
414 #define VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT 2
416 /* QEMU server -> client audio message IDs */
417 #define VNC_MSG_SERVER_QEMU_AUDIO_END 0
418 #define VNC_MSG_SERVER_QEMU_AUDIO_BEGIN 1
419 #define VNC_MSG_SERVER_QEMU_AUDIO_DATA 2
422 /*****************************************************************************
424 * Internal APIs
426 *****************************************************************************/
428 /* Event loop functions */
429 void vnc_client_read(void *opaque);
430 void vnc_client_write(void *opaque);
432 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen);
433 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen);
435 /* Protocol I/O functions */
436 void vnc_write(VncState *vs, const void *data, size_t len);
437 void vnc_write_u32(VncState *vs, uint32_t value);
438 void vnc_write_s32(VncState *vs, int32_t value);
439 void vnc_write_u16(VncState *vs, uint16_t value);
440 void vnc_write_u8(VncState *vs, uint8_t value);
441 void vnc_flush(VncState *vs);
442 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting);
445 /* Buffer I/O functions */
446 uint8_t read_u8(uint8_t *data, size_t offset);
447 uint16_t read_u16(uint8_t *data, size_t offset);
448 int32_t read_s32(uint8_t *data, size_t offset);
449 uint32_t read_u32(uint8_t *data, size_t offset);
451 /* Protocol stage functions */
452 void vnc_client_error(VncState *vs);
453 int vnc_client_io_error(VncState *vs, int ret, int last_errno);
455 void start_client_init(VncState *vs);
456 void start_auth_vnc(VncState *vs);
458 /* Buffer management */
459 void buffer_reserve(Buffer *buffer, size_t len);
460 int buffer_empty(Buffer *buffer);
461 uint8_t *buffer_end(Buffer *buffer);
462 void buffer_reset(Buffer *buffer);
463 void buffer_free(Buffer *buffer);
464 void buffer_append(Buffer *buffer, const void *data, size_t len);
467 /* Misc helpers */
469 char *vnc_socket_local_addr(const char *format, int fd);
470 char *vnc_socket_remote_addr(const char *format, int fd);
472 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
473 return (vs->features & (1 << feature));
476 /* Framebuffer */
477 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
478 int32_t encoding);
480 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v);
482 /* Encodings */
483 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
485 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
487 int vnc_hextile_send_framebuffer_update(VncState *vs, int x,
488 int y, int w, int h);
489 void vnc_hextile_set_pixel_conversion(VncState *vs, int generic);
491 void *vnc_zlib_zalloc(void *x, unsigned items, unsigned size);
492 void vnc_zlib_zfree(void *x, void *addr);
493 int vnc_zlib_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
494 void vnc_zlib_clear(VncState *vs);
496 int vnc_tight_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
497 int vnc_tight_png_send_framebuffer_update(VncState *vs, int x, int y,
498 int w, int h);
499 void vnc_tight_clear(VncState *vs);
501 #endif /* __QEMU_VNC_H */