search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow -serial chardev:<name>
[qemu.git] / vnc.c
blob5eaef6a3e26dd3a33ba788b4c7e09396aeb71e65
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32
33 #define VNC_REFRESH_INTERVAL_BASE 30
34 #define VNC_REFRESH_INTERVAL_INC 50
35 #define VNC_REFRESH_INTERVAL_MAX 2000
36
37 #include "vnc_keysym.h"
38 #include "d3des.h"
39
40 #define count_bits(c, v) { \
41 for (c = 0; v; v >>= 1) \
42 { \
43 c += v & 1; \
44 } \
45 }
46
47
48 static VncDisplay *vnc_display; /* needed for info vnc */
49 static DisplayChangeListener *dcl;
50
51 static char *addr_to_string(const char *format,
52 struct sockaddr_storage *sa,
53 socklen_t salen) {
54 char *addr;
55 char host[NI_MAXHOST];
56 char serv[NI_MAXSERV];
57 int err;
58 size_t addrlen;
59
60 if ((err = getnameinfo((struct sockaddr *)sa, salen,
61 host, sizeof(host),
62 serv, sizeof(serv),
63 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
64 VNC_DEBUG("Cannot resolve address %d: %s\n",
65 err, gai_strerror(err));
66 return NULL;
67 }
68
69 /* Enough for the existing format + the 2 vars we're
70 * substituting in. */
71 addrlen = strlen(format) + strlen(host) + strlen(serv);
72 addr = qemu_malloc(addrlen + 1);
73 snprintf(addr, addrlen, format, host, serv);
74 addr[addrlen] = '\0';
75
76 return addr;
77 }
78
79
80 char *vnc_socket_local_addr(const char *format, int fd) {
81 struct sockaddr_storage sa;
82 socklen_t salen;
83
84 salen = sizeof(sa);
85 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86 return NULL;
87
88 return addr_to_string(format, &sa, salen);
89 }
90
91 char *vnc_socket_remote_addr(const char *format, int fd) {
92 struct sockaddr_storage sa;
93 socklen_t salen;
94
95 salen = sizeof(sa);
96 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
97 return NULL;
98
99 return addr_to_string(format, &sa, salen);
100 }
101
102 static const char *vnc_auth_name(VncDisplay *vd) {
103 switch (vd->auth) {
104 case VNC_AUTH_INVALID:
105 return "invalid";
106 case VNC_AUTH_NONE:
107 return "none";
108 case VNC_AUTH_VNC:
109 return "vnc";
110 case VNC_AUTH_RA2:
111 return "ra2";
112 case VNC_AUTH_RA2NE:
113 return "ra2ne";
114 case VNC_AUTH_TIGHT:
115 return "tight";
116 case VNC_AUTH_ULTRA:
117 return "ultra";
118 case VNC_AUTH_TLS:
119 return "tls";
120 case VNC_AUTH_VENCRYPT:
121 #ifdef CONFIG_VNC_TLS
122 switch (vd->subauth) {
123 case VNC_AUTH_VENCRYPT_PLAIN:
124 return "vencrypt+plain";
125 case VNC_AUTH_VENCRYPT_TLSNONE:
126 return "vencrypt+tls+none";
127 case VNC_AUTH_VENCRYPT_TLSVNC:
128 return "vencrypt+tls+vnc";
129 case VNC_AUTH_VENCRYPT_TLSPLAIN:
130 return "vencrypt+tls+plain";
131 case VNC_AUTH_VENCRYPT_X509NONE:
132 return "vencrypt+x509+none";
133 case VNC_AUTH_VENCRYPT_X509VNC:
134 return "vencrypt+x509+vnc";
135 case VNC_AUTH_VENCRYPT_X509PLAIN:
136 return "vencrypt+x509+plain";
137 case VNC_AUTH_VENCRYPT_TLSSASL:
138 return "vencrypt+tls+sasl";
139 case VNC_AUTH_VENCRYPT_X509SASL:
140 return "vencrypt+x509+sasl";
141 default:
142 return "vencrypt";
143 }
144 #else
145 return "vencrypt";
146 #endif
147 case VNC_AUTH_SASL:
148 return "sasl";
149 }
150 return "unknown";
151 }
152
153 static void do_info_vnc_client(Monitor *mon, VncState *client)
154 {
155 char *clientAddr =
156 vnc_socket_remote_addr(" address: %s:%s\n",
157 client->csock);
158 if (!clientAddr)
159 return;
160
161 monitor_printf(mon, "Client:\n");
162 monitor_printf(mon, "%s", clientAddr);
163 free(clientAddr);
164
165 #ifdef CONFIG_VNC_TLS
166 if (client->tls.session &&
167 client->tls.dname)
168 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
169 else
170 monitor_printf(mon, " x509 dname: none\n");
171 #endif
172 #ifdef CONFIG_VNC_SASL
173 if (client->sasl.conn &&
174 client->sasl.username)
175 monitor_printf(mon, " username: %s\n", client->sasl.username);
176 else
177 monitor_printf(mon, " username: none\n");
178 #endif
179 }
180
181 void do_info_vnc(Monitor *mon)
182 {
183 if (vnc_display == NULL || vnc_display->display == NULL) {
184 monitor_printf(mon, "Server: disabled\n");
185 } else {
186 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
187 vnc_display->lsock);
188
189 if (!serverAddr)
190 return;
191
192 monitor_printf(mon, "Server:\n");
193 monitor_printf(mon, "%s", serverAddr);
194 free(serverAddr);
195 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
196
197 if (vnc_display->clients) {
198 VncState *client = vnc_display->clients;
199 while (client) {
200 do_info_vnc_client(mon, client);
201 client = client->next;
202 }
203 } else {
204 monitor_printf(mon, "Client: none\n");
205 }
206 }
207 }
208
209 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
210 return (vs->features & (1 << feature));
211 }
212
213 /* TODO
214 1) Get the queue working for IO.
215 2) there is some weirdness when using the -S option (the screen is grey
216 and not totally invalidated
217 3) resolutions > 1024
218 */
219
220 static int vnc_update_client(VncState *vs, int has_dirty);
221 static void vnc_disconnect_start(VncState *vs);
222 static void vnc_disconnect_finish(VncState *vs);
223 static void vnc_init_timer(VncDisplay *vd);
224 static void vnc_remove_timer(VncDisplay *vd);
225
226 static void vnc_colordepth(VncState *vs);
227 static void framebuffer_update_request(VncState *vs, int incremental,
228 int x_position, int y_position,
229 int w, int h);
230 static void vnc_refresh(void *opaque);
231 static int vnc_refresh_server_surface(VncDisplay *vd);
232
233 static inline void vnc_set_bit(uint32_t *d, int k)
234 {
235 d[k >> 5] |= 1 << (k & 0x1f);
236 }
237
238 static inline void vnc_clear_bit(uint32_t *d, int k)
239 {
240 d[k >> 5] &= ~(1 << (k & 0x1f));
241 }
242
243 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
244 {
245 int j;
246
247 j = 0;
248 while (n >= 32) {
249 d[j++] = -1;
250 n -= 32;
251 }
252 if (n > 0)
253 d[j++] = (1 << n) - 1;
254 while (j < nb_words)
255 d[j++] = 0;
256 }
257
258 static inline int vnc_get_bit(const uint32_t *d, int k)
259 {
260 return (d[k >> 5] >> (k & 0x1f)) & 1;
261 }
262
263 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
264 int nb_words)
265 {
266 int i;
267 for(i = 0; i < nb_words; i++) {
268 if ((d1[i] & d2[i]) != 0)
269 return 1;
270 }
271 return 0;
272 }
273
274 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
275 {
276 int i;
277 VncDisplay *vd = ds->opaque;
278 struct VncSurface *s = &vd->guest;
279
280 h += y;
281
282 /* round x down to ensure the loop only spans one 16-pixel block per,
283 iteration. otherwise, if (x % 16) != 0, the last iteration may span
284 two 16-pixel blocks but we only mark the first as dirty
285 */
286 w += (x % 16);
287 x -= (x % 16);
288
289 x = MIN(x, s->ds->width);
290 y = MIN(y, s->ds->height);
291 w = MIN(x + w, s->ds->width) - x;
292 h = MIN(h, s->ds->height);
293
294 for (; y < h; y++)
295 for (i = 0; i < w; i += 16)
296 vnc_set_bit(s->dirty[y], (x + i) / 16);
297 }
298
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
300 int32_t encoding)
301 {
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
306
307 vnc_write_s32(vs, encoding);
308 }
309
310 void buffer_reserve(Buffer *buffer, size_t len)
311 {
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
317 exit(1);
318 }
319 }
320 }
321
322 int buffer_empty(Buffer *buffer)
323 {
324 return buffer->offset == 0;
325 }
326
327 uint8_t *buffer_end(Buffer *buffer)
328 {
329 return buffer->buffer + buffer->offset;
330 }
331
332 void buffer_reset(Buffer *buffer)
333 {
334 buffer->offset = 0;
335 }
336
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
338 {
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
341 }
342
343 static void vnc_dpy_resize(DisplayState *ds)
344 {
345 int size_changed;
346 VncDisplay *vd = ds->opaque;
347 VncState *vs = vd->clients;
348
349 /* server surface */
350 if (!vd->server)
351 vd->server = qemu_mallocz(sizeof(*vd->server));
352 if (vd->server->data)
353 qemu_free(vd->server->data);
354 *(vd->server) = *(ds->surface);
355 vd->server->data = qemu_mallocz(vd->server->linesize *
356 vd->server->height);
357
358 /* guest surface */
359 if (!vd->guest.ds)
360 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
361 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
362 console_color_init(ds);
363 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
364 ds_get_height(ds) != vd->guest.ds->height;
365 *(vd->guest.ds) = *(ds->surface);
366 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
367
368 while (vs != NULL) {
369 vnc_colordepth(vs);
370 if (size_changed) {
371 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
372 vnc_write_u8(vs, 0); /* msg id */
373 vnc_write_u8(vs, 0);
374 vnc_write_u16(vs, 1); /* number of rects */
375 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
376 VNC_ENCODING_DESKTOPRESIZE);
377 vnc_flush(vs);
378 }
379 }
380 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
381 vs = vs->next;
382 }
383 }
384
385 /* fastest code */
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
387 {
388 vnc_write(vs, pixels, size);
389 }
390
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
393 {
394 uint8_t r, g, b;
395 VncDisplay *vd = vs->vd;
396
397 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
398 vd->server->pf.rbits);
399 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
400 vd->server->pf.gbits);
401 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
402 vd->server->pf.bbits);
403 v = (r << vs->clientds.pf.rshift) |
404 (g << vs->clientds.pf.gshift) |
405 (b << vs->clientds.pf.bshift);
406 switch(vs->clientds.pf.bytes_per_pixel) {
407 case 1:
408 buf[0] = v;
409 break;
410 case 2:
411 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
412 buf[0] = v >> 8;
413 buf[1] = v;
414 } else {
415 buf[1] = v >> 8;
416 buf[0] = v;
417 }
418 break;
419 default:
420 case 4:
421 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
422 buf[0] = v >> 24;
423 buf[1] = v >> 16;
424 buf[2] = v >> 8;
425 buf[3] = v;
426 } else {
427 buf[3] = v >> 24;
428 buf[2] = v >> 16;
429 buf[1] = v >> 8;
430 buf[0] = v;
431 }
432 break;
433 }
434 }
435
436 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
437 {
438 uint8_t buf[4];
439 VncDisplay *vd = vs->vd;
440
441 if (vd->server->pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
443 int n, i;
444 n = size >> 2;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
448 }
449 } else if (vd->server->pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
451 int n, i;
452 n = size >> 1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
456 }
457 } else if (vd->server->pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
459 int n, i;
460 n = size;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
464 }
465 } else {
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
467 }
468 }
469
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
471 {
472 int i;
473 uint8_t *row;
474 VncDisplay *vd = vs->vd;
475
476 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
477 for (i = 0; i < h; i++) {
478 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
479 row += ds_get_linesize(vs->ds);
480 }
481 }
482
483 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
484 {
485 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
486 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
487 }
488
489 #define BPP 8
490 #include "vnchextile.h"
491 #undef BPP
492
493 #define BPP 16
494 #include "vnchextile.h"
495 #undef BPP
496
497 #define BPP 32
498 #include "vnchextile.h"
499 #undef BPP
500
501 #define GENERIC
502 #define BPP 8
503 #include "vnchextile.h"
504 #undef BPP
505 #undef GENERIC
506
507 #define GENERIC
508 #define BPP 16
509 #include "vnchextile.h"
510 #undef BPP
511 #undef GENERIC
512
513 #define GENERIC
514 #define BPP 32
515 #include "vnchextile.h"
516 #undef BPP
517 #undef GENERIC
518
519 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
520 {
521 int i, j;
522 int has_fg, has_bg;
523 uint8_t *last_fg, *last_bg;
524 VncDisplay *vd = vs->vd;
525
526 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
527 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
528 has_fg = has_bg = 0;
529 for (j = y; j < (y + h); j += 16) {
530 for (i = x; i < (x + w); i += 16) {
531 vs->send_hextile_tile(vs, i, j,
532 MIN(16, x + w - i), MIN(16, y + h - j),
533 last_bg, last_fg, &has_bg, &has_fg);
534 }
535 }
536 free(last_fg);
537 free(last_bg);
538
539 }
540
541 static void vnc_zlib_init(VncState *vs)
542 {
543 int i;
544 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
545 vs->zlib_stream[i].opaque = NULL;
546 }
547
548 static void vnc_zlib_start(VncState *vs)
549 {
550 buffer_reset(&vs->zlib);
551
552 // make the output buffer be the zlib buffer, so we can compress it later
553 vs->zlib_tmp = vs->output;
554 vs->output = vs->zlib;
555 }
556
557 static int vnc_zlib_stop(VncState *vs, int stream_id)
558 {
559 z_streamp zstream = &vs->zlib_stream[stream_id];
560 int previous_out;
561
562 // switch back to normal output/zlib buffers
563 vs->zlib = vs->output;
564 vs->output = vs->zlib_tmp;
565
566 // compress the zlib buffer
567
568 // initialize the stream
569 // XXX need one stream per session
570 if (zstream->opaque != vs) {
571 int err;
572
573 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
574 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
575 zstream->zalloc = Z_NULL;
576 zstream->zfree = Z_NULL;
577
578 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
579 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
580
581 if (err != Z_OK) {
582 fprintf(stderr, "VNC: error initializing zlib\n");
583 return -1;
584 }
585
586 zstream->opaque = vs;
587 }
588
589 // XXX what to do if tight_compression changed in between?
590
591 // reserve memory in output buffer
592 buffer_reserve(&vs->output, vs->zlib.offset + 64);
593
594 // set pointers
595 zstream->next_in = vs->zlib.buffer;
596 zstream->avail_in = vs->zlib.offset;
597 zstream->next_out = vs->output.buffer + vs->output.offset;
598 zstream->avail_out = vs->output.capacity - vs->output.offset;
599 zstream->data_type = Z_BINARY;
600 previous_out = zstream->total_out;
601
602 // start encoding
603 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
604 fprintf(stderr, "VNC: error during zlib compression\n");
605 return -1;
606 }
607
608 vs->output.offset = vs->output.capacity - zstream->avail_out;
609 return zstream->total_out - previous_out;
610 }
611
612 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
613 {
614 int old_offset, new_offset, bytes_written;
615
616 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
617
618 // remember where we put in the follow-up size
619 old_offset = vs->output.offset;
620 vnc_write_s32(vs, 0);
621
622 // compress the stream
623 vnc_zlib_start(vs);
624 send_framebuffer_update_raw(vs, x, y, w, h);
625 bytes_written = vnc_zlib_stop(vs, 0);
626
627 if (bytes_written == -1)
628 return;
629
630 // hack in the size
631 new_offset = vs->output.offset;
632 vs->output.offset = old_offset;
633 vnc_write_u32(vs, bytes_written);
634 vs->output.offset = new_offset;
635 }
636
637 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
638 {
639 switch(vs->vnc_encoding) {
640 case VNC_ENCODING_ZLIB:
641 send_framebuffer_update_zlib(vs, x, y, w, h);
642 break;
643 case VNC_ENCODING_HEXTILE:
644 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
645 send_framebuffer_update_hextile(vs, x, y, w, h);
646 break;
647 default:
648 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
649 send_framebuffer_update_raw(vs, x, y, w, h);
650 break;
651 }
652 }
653
654 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
655 {
656 /* send bitblit op to the vnc client */
657 vnc_write_u8(vs, 0); /* msg id */
658 vnc_write_u8(vs, 0);
659 vnc_write_u16(vs, 1); /* number of rects */
660 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
661 vnc_write_u16(vs, src_x);
662 vnc_write_u16(vs, src_y);
663 vnc_flush(vs);
664 }
665
666 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
667 {
668 VncDisplay *vd = ds->opaque;
669 VncState *vs, *vn;
670 uint8_t *src_row;
671 uint8_t *dst_row;
672 int i,x,y,pitch,depth,inc,w_lim,s;
673 int cmp_bytes;
674
675 vnc_refresh_server_surface(vd);
676 for (vs = vd->clients; vs != NULL; vs = vn) {
677 vn = vs->next;
678 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
679 vs->force_update = 1;
680 vnc_update_client(vs, 1);
681 /* vs might be free()ed here */
682 }
683 }
684
685 /* do bitblit op on the local surface too */
686 pitch = ds_get_linesize(vd->ds);
687 depth = ds_get_bytes_per_pixel(vd->ds);
688 src_row = vd->server->data + pitch * src_y + depth * src_x;
689 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
690 y = dst_y;
691 inc = 1;
692 if (dst_y > src_y) {
693 /* copy backwards */
694 src_row += pitch * (h-1);
695 dst_row += pitch * (h-1);
696 pitch = -pitch;
697 y = dst_y + h - 1;
698 inc = -1;
699 }
700 w_lim = w - (16 - (dst_x % 16));
701 if (w_lim < 0)
702 w_lim = w;
703 else
704 w_lim = w - (w_lim % 16);
705 for (i = 0; i < h; i++) {
706 for (x = 0; x <= w_lim;
707 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
708 if (x == w_lim) {
709 if ((s = w - w_lim) == 0)
710 break;
711 } else if (!x) {
712 s = (16 - (dst_x % 16));
713 s = MIN(s, w_lim);
714 } else {
715 s = 16;
716 }
717 cmp_bytes = s * depth;
718 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
719 continue;
720 memmove(dst_row, src_row, cmp_bytes);
721 vs = vd->clients;
722 while (vs != NULL) {
723 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
724 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
725 vs = vs->next;
726 }
727 }
728 src_row += pitch - w * depth;
729 dst_row += pitch - w * depth;
730 y += inc;
731 }
732
733 for (vs = vd->clients; vs != NULL; vs = vs->next) {
734 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
735 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
736 }
737 }
738
739 static int find_and_clear_dirty_height(struct VncState *vs,
740 int y, int last_x, int x)
741 {
742 int h;
743 VncDisplay *vd = vs->vd;
744
745 for (h = 1; h < (vd->server->height - y); h++) {
746 int tmp_x;
747 if (!vnc_get_bit(vs->dirty[y + h], last_x))
748 break;
749 for (tmp_x = last_x; tmp_x < x; tmp_x++)
750 vnc_clear_bit(vs->dirty[y + h], tmp_x);
751 }
752
753 return h;
754 }
755
756 static int vnc_update_client(VncState *vs, int has_dirty)
757 {
758 if (vs->need_update && vs->csock != -1) {
759 VncDisplay *vd = vs->vd;
760 int y;
761 int n_rectangles;
762 int saved_offset;
763
764 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
765 /* kernel send buffers are full -> drop frames to throttle */
766 return 0;
767
768 if (!has_dirty && !vs->audio_cap && !vs->force_update)
769 return 0;
770
771 /*
772 * Send screen updates to the vnc client using the server
773 * surface and server dirty map. guest surface updates
774 * happening in parallel don't disturb us, the next pass will
775 * send them to the client.
776 */
777 n_rectangles = 0;
778 vnc_write_u8(vs, 0); /* msg id */
779 vnc_write_u8(vs, 0);
780 saved_offset = vs->output.offset;
781 vnc_write_u16(vs, 0);
782
783 for (y = 0; y < vd->server->height; y++) {
784 int x;
785 int last_x = -1;
786 for (x = 0; x < vd->server->width / 16; x++) {
787 if (vnc_get_bit(vs->dirty[y], x)) {
788 if (last_x == -1) {
789 last_x = x;
790 }
791 vnc_clear_bit(vs->dirty[y], x);
792 } else {
793 if (last_x != -1) {
794 int h = find_and_clear_dirty_height(vs, y, last_x, x);
795 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
796 n_rectangles++;
797 }
798 last_x = -1;
799 }
800 }
801 if (last_x != -1) {
802 int h = find_and_clear_dirty_height(vs, y, last_x, x);
803 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
804 n_rectangles++;
805 }
806 }
807 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
808 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
809 vnc_flush(vs);
810 vs->force_update = 0;
811 return n_rectangles;
812 }
813
814 if (vs->csock == -1)
815 vnc_disconnect_finish(vs);
816
817 return 0;
818 }
819
820 /* audio */
821 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
822 {
823 VncState *vs = opaque;
824
825 switch (cmd) {
826 case AUD_CNOTIFY_DISABLE:
827 vnc_write_u8(vs, 255);
828 vnc_write_u8(vs, 1);
829 vnc_write_u16(vs, 0);
830 vnc_flush(vs);
831 break;
832
833 case AUD_CNOTIFY_ENABLE:
834 vnc_write_u8(vs, 255);
835 vnc_write_u8(vs, 1);
836 vnc_write_u16(vs, 1);
837 vnc_flush(vs);
838 break;
839 }
840 }
841
842 static void audio_capture_destroy(void *opaque)
843 {
844 }
845
846 static void audio_capture(void *opaque, void *buf, int size)
847 {
848 VncState *vs = opaque;
849
850 vnc_write_u8(vs, 255);
851 vnc_write_u8(vs, 1);
852 vnc_write_u16(vs, 2);
853 vnc_write_u32(vs, size);
854 vnc_write(vs, buf, size);
855 vnc_flush(vs);
856 }
857
858 static void audio_add(VncState *vs)
859 {
860 Monitor *mon = cur_mon;
861 struct audio_capture_ops ops;
862
863 if (vs->audio_cap) {
864 monitor_printf(mon, "audio already running\n");
865 return;
866 }
867
868 ops.notify = audio_capture_notify;
869 ops.destroy = audio_capture_destroy;
870 ops.capture = audio_capture;
871
872 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
873 if (!vs->audio_cap) {
874 monitor_printf(mon, "Failed to add audio capture\n");
875 }
876 }
877
878 static void audio_del(VncState *vs)
879 {
880 if (vs->audio_cap) {
881 AUD_del_capture(vs->audio_cap, vs);
882 vs->audio_cap = NULL;
883 }
884 }
885
886 static void vnc_disconnect_start(VncState *vs)
887 {
888 if (vs->csock == -1)
889 return;
890 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
891 closesocket(vs->csock);
892 vs->csock = -1;
893 }
894
895 static void vnc_disconnect_finish(VncState *vs)
896 {
897 if (vs->input.buffer) qemu_free(vs->input.buffer);
898 if (vs->output.buffer) qemu_free(vs->output.buffer);
899 #ifdef CONFIG_VNC_TLS
900 vnc_tls_client_cleanup(vs);
901 #endif /* CONFIG_VNC_TLS */
902 #ifdef CONFIG_VNC_SASL
903 vnc_sasl_client_cleanup(vs);
904 #endif /* CONFIG_VNC_SASL */
905 audio_del(vs);
906
907 VncState *p, *parent = NULL;
908 for (p = vs->vd->clients; p != NULL; p = p->next) {
909 if (p == vs) {
910 if (parent)
911 parent->next = p->next;
912 else
913 vs->vd->clients = p->next;
914 break;
915 }
916 parent = p;
917 }
918 if (!vs->vd->clients)
919 dcl->idle = 1;
920
921 qemu_free(vs);
922 vnc_remove_timer(vs->vd);
923 }
924
925 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
926 {
927 if (ret == 0 || ret == -1) {
928 if (ret == -1) {
929 switch (last_errno) {
930 case EINTR:
931 case EAGAIN:
932 #ifdef _WIN32
933 case WSAEWOULDBLOCK:
934 #endif
935 return 0;
936 default:
937 break;
938 }
939 }
940
941 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
942 ret, ret < 0 ? last_errno : 0);
943 vnc_disconnect_start(vs);
944
945 return 0;
946 }
947 return ret;
948 }
949
950
951 void vnc_client_error(VncState *vs)
952 {
953 VNC_DEBUG("Closing down client sock: protocol error\n");
954 vnc_disconnect_start(vs);
955 }
956
957
958 /*
959 * Called to write a chunk of data to the client socket. The data may
960 * be the raw data, or may have already been encoded by SASL.
961 * The data will be written either straight onto the socket, or
962 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
963 *
964 * NB, it is theoretically possible to have 2 layers of encryption,
965 * both SASL, and this TLS layer. It is highly unlikely in practice
966 * though, since SASL encryption will typically be a no-op if TLS
967 * is active
968 *
969 * Returns the number of bytes written, which may be less than
970 * the requested 'datalen' if the socket would block. Returns
971 * -1 on error, and disconnects the client socket.
972 */
973 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
974 {
975 long ret;
976 #ifdef CONFIG_VNC_TLS
977 if (vs->tls.session) {
978 ret = gnutls_write(vs->tls.session, data, datalen);
979 if (ret < 0) {
980 if (ret == GNUTLS_E_AGAIN)
981 errno = EAGAIN;
982 else
983 errno = EIO;
984 ret = -1;
985 }
986 } else
987 #endif /* CONFIG_VNC_TLS */
988 ret = send(vs->csock, (const void *)data, datalen, 0);
989 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
990 return vnc_client_io_error(vs, ret, socket_error());
991 }
992
993
994 /*
995 * Called to write buffered data to the client socket, when not
996 * using any SASL SSF encryption layers. Will write as much data
997 * as possible without blocking. If all buffered data is written,
998 * will switch the FD poll() handler back to read monitoring.
999 *
1000 * Returns the number of bytes written, which may be less than
1001 * the buffered output data if the socket would block. Returns
1002 * -1 on error, and disconnects the client socket.
1003 */
1004 static long vnc_client_write_plain(VncState *vs)
1005 {
1006 long ret;
1007
1008 #ifdef CONFIG_VNC_SASL
1009 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1010 vs->output.buffer, vs->output.capacity, vs->output.offset,
1011 vs->sasl.waitWriteSSF);
1012
1013 if (vs->sasl.conn &&
1014 vs->sasl.runSSF &&
1015 vs->sasl.waitWriteSSF) {
1016 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1017 if (ret)
1018 vs->sasl.waitWriteSSF -= ret;
1019 } else
1020 #endif /* CONFIG_VNC_SASL */
1021 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1022 if (!ret)
1023 return 0;
1024
1025 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1026 vs->output.offset -= ret;
1027
1028 if (vs->output.offset == 0) {
1029 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1030 }
1031
1032 return ret;
1033 }
1034
1035
1036 /*
1037 * First function called whenever there is data to be written to
1038 * the client socket. Will delegate actual work according to whether
1039 * SASL SSF layers are enabled (thus requiring encryption calls)
1040 */
1041 void vnc_client_write(void *opaque)
1042 {
1043 long ret;
1044 VncState *vs = opaque;
1045
1046 #ifdef CONFIG_VNC_SASL
1047 if (vs->sasl.conn &&
1048 vs->sasl.runSSF &&
1049 !vs->sasl.waitWriteSSF)
1050 ret = vnc_client_write_sasl(vs);
1051 else
1052 #endif /* CONFIG_VNC_SASL */
1053 ret = vnc_client_write_plain(vs);
1054 }
1055
1056 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1057 {
1058 vs->read_handler = func;
1059 vs->read_handler_expect = expecting;
1060 }
1061
1062
1063 /*
1064 * Called to read a chunk of data from the client socket. The data may
1065 * be the raw data, or may need to be further decoded by SASL.
1066 * The data will be read either straight from to the socket, or
1067 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1068 *
1069 * NB, it is theoretically possible to have 2 layers of encryption,
1070 * both SASL, and this TLS layer. It is highly unlikely in practice
1071 * though, since SASL encryption will typically be a no-op if TLS
1072 * is active
1073 *
1074 * Returns the number of bytes read, which may be less than
1075 * the requested 'datalen' if the socket would block. Returns
1076 * -1 on error, and disconnects the client socket.
1077 */
1078 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1079 {
1080 long ret;
1081 #ifdef CONFIG_VNC_TLS
1082 if (vs->tls.session) {
1083 ret = gnutls_read(vs->tls.session, data, datalen);
1084 if (ret < 0) {
1085 if (ret == GNUTLS_E_AGAIN)
1086 errno = EAGAIN;
1087 else
1088 errno = EIO;
1089 ret = -1;
1090 }
1091 } else
1092 #endif /* CONFIG_VNC_TLS */
1093 ret = recv(vs->csock, (void *)data, datalen, 0);
1094 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1095 return vnc_client_io_error(vs, ret, socket_error());
1096 }
1097
1098
1099 /*
1100 * Called to read data from the client socket to the input buffer,
1101 * when not using any SASL SSF encryption layers. Will read as much
1102 * data as possible without blocking.
1103 *
1104 * Returns the number of bytes read. Returns -1 on error, and
1105 * disconnects the client socket.
1106 */
1107 static long vnc_client_read_plain(VncState *vs)
1108 {
1109 int ret;
1110 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1111 vs->input.buffer, vs->input.capacity, vs->input.offset);
1112 buffer_reserve(&vs->input, 4096);
1113 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1114 if (!ret)
1115 return 0;
1116 vs->input.offset += ret;
1117 return ret;
1118 }
1119
1120
1121 /*
1122 * First function called whenever there is more data to be read from
1123 * the client socket. Will delegate actual work according to whether
1124 * SASL SSF layers are enabled (thus requiring decryption calls)
1125 */
1126 void vnc_client_read(void *opaque)
1127 {
1128 VncState *vs = opaque;
1129 long ret;
1130
1131 #ifdef CONFIG_VNC_SASL
1132 if (vs->sasl.conn && vs->sasl.runSSF)
1133 ret = vnc_client_read_sasl(vs);
1134 else
1135 #endif /* CONFIG_VNC_SASL */
1136 ret = vnc_client_read_plain(vs);
1137 if (!ret) {
1138 if (vs->csock == -1)
1139 vnc_disconnect_finish(vs);
1140 return;
1141 }
1142
1143 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1144 size_t len = vs->read_handler_expect;
1145 int ret;
1146
1147 ret = vs->read_handler(vs, vs->input.buffer, len);
1148 if (vs->csock == -1) {
1149 vnc_disconnect_finish(vs);
1150 return;
1151 }
1152
1153 if (!ret) {
1154 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1155 vs->input.offset -= len;
1156 } else {
1157 vs->read_handler_expect = ret;
1158 }
1159 }
1160 }
1161
1162 void vnc_write(VncState *vs, const void *data, size_t len)
1163 {
1164 buffer_reserve(&vs->output, len);
1165
1166 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1167 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1168 }
1169
1170 buffer_append(&vs->output, data, len);
1171 }
1172
1173 void vnc_write_s32(VncState *vs, int32_t value)
1174 {
1175 vnc_write_u32(vs, *(uint32_t *)&value);
1176 }
1177
1178 void vnc_write_u32(VncState *vs, uint32_t value)
1179 {
1180 uint8_t buf[4];
1181
1182 buf[0] = (value >> 24) & 0xFF;
1183 buf[1] = (value >> 16) & 0xFF;
1184 buf[2] = (value >> 8) & 0xFF;
1185 buf[3] = value & 0xFF;
1186
1187 vnc_write(vs, buf, 4);
1188 }
1189
1190 void vnc_write_u16(VncState *vs, uint16_t value)
1191 {
1192 uint8_t buf[2];
1193
1194 buf[0] = (value >> 8) & 0xFF;
1195 buf[1] = value & 0xFF;
1196
1197 vnc_write(vs, buf, 2);
1198 }
1199
1200 void vnc_write_u8(VncState *vs, uint8_t value)
1201 {
1202 vnc_write(vs, (char *)&value, 1);
1203 }
1204
1205 void vnc_flush(VncState *vs)
1206 {
1207 if (vs->csock != -1 && vs->output.offset)
1208 vnc_client_write(vs);
1209 }
1210
1211 uint8_t read_u8(uint8_t *data, size_t offset)
1212 {
1213 return data[offset];
1214 }
1215
1216 uint16_t read_u16(uint8_t *data, size_t offset)
1217 {
1218 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1219 }
1220
1221 int32_t read_s32(uint8_t *data, size_t offset)
1222 {
1223 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1224 (data[offset + 2] << 8) | data[offset + 3]);
1225 }
1226
1227 uint32_t read_u32(uint8_t *data, size_t offset)
1228 {
1229 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1230 (data[offset + 2] << 8) | data[offset + 3]);
1231 }
1232
1233 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1234 {
1235 }
1236
1237 static void check_pointer_type_change(VncState *vs, int absolute)
1238 {
1239 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1240 vnc_write_u8(vs, 0);
1241 vnc_write_u8(vs, 0);
1242 vnc_write_u16(vs, 1);
1243 vnc_framebuffer_update(vs, absolute, 0,
1244 ds_get_width(vs->ds), ds_get_height(vs->ds),
1245 VNC_ENCODING_POINTER_TYPE_CHANGE);
1246 vnc_flush(vs);
1247 }
1248 vs->absolute = absolute;
1249 }
1250
1251 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1252 {
1253 int buttons = 0;
1254 int dz = 0;
1255
1256 if (button_mask & 0x01)
1257 buttons |= MOUSE_EVENT_LBUTTON;
1258 if (button_mask & 0x02)
1259 buttons |= MOUSE_EVENT_MBUTTON;
1260 if (button_mask & 0x04)
1261 buttons |= MOUSE_EVENT_RBUTTON;
1262 if (button_mask & 0x08)
1263 dz = -1;
1264 if (button_mask & 0x10)
1265 dz = 1;
1266
1267 if (vs->absolute) {
1268 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1269 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1270 dz, buttons);
1271 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1272 x -= 0x7FFF;
1273 y -= 0x7FFF;
1274
1275 kbd_mouse_event(x, y, dz, buttons);
1276 } else {
1277 if (vs->last_x != -1)
1278 kbd_mouse_event(x - vs->last_x,
1279 y - vs->last_y,
1280 dz, buttons);
1281 vs->last_x = x;
1282 vs->last_y = y;
1283 }
1284
1285 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1286 }
1287
1288 static void reset_keys(VncState *vs)
1289 {
1290 int i;
1291 for(i = 0; i < 256; i++) {
1292 if (vs->modifiers_state[i]) {
1293 if (i & 0x80)
1294 kbd_put_keycode(0xe0);
1295 kbd_put_keycode(i | 0x80);
1296 vs->modifiers_state[i] = 0;
1297 }
1298 }
1299 }
1300
1301 static void press_key(VncState *vs, int keysym)
1302 {
1303 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1304 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1305 }
1306
1307 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1308 {
1309 /* QEMU console switch */
1310 switch(keycode) {
1311 case 0x2a: /* Left Shift */
1312 case 0x36: /* Right Shift */
1313 case 0x1d: /* Left CTRL */
1314 case 0x9d: /* Right CTRL */
1315 case 0x38: /* Left ALT */
1316 case 0xb8: /* Right ALT */
1317 if (down)
1318 vs->modifiers_state[keycode] = 1;
1319 else
1320 vs->modifiers_state[keycode] = 0;
1321 break;
1322 case 0x02 ... 0x0a: /* '1' to '9' keys */
1323 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1324 /* Reset the modifiers sent to the current console */
1325 reset_keys(vs);
1326 console_select(keycode - 0x02);
1327 return;
1328 }
1329 break;
1330 case 0x3a: /* CapsLock */
1331 case 0x45: /* NumLock */
1332 if (!down)
1333 vs->modifiers_state[keycode] ^= 1;
1334 break;
1335 }
1336
1337 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1338 /* If the numlock state needs to change then simulate an additional
1339 keypress before sending this one. This will happen if the user
1340 toggles numlock away from the VNC window.
1341 */
1342 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1343 if (!vs->modifiers_state[0x45]) {
1344 vs->modifiers_state[0x45] = 1;
1345 press_key(vs, 0xff7f);
1346 }
1347 } else {
1348 if (vs->modifiers_state[0x45]) {
1349 vs->modifiers_state[0x45] = 0;
1350 press_key(vs, 0xff7f);
1351 }
1352 }
1353 }
1354
1355 if (is_graphic_console()) {
1356 if (keycode & 0x80)
1357 kbd_put_keycode(0xe0);
1358 if (down)
1359 kbd_put_keycode(keycode & 0x7f);
1360 else
1361 kbd_put_keycode(keycode | 0x80);
1362 } else {
1363 /* QEMU console emulation */
1364 if (down) {
1365 int numlock = vs->modifiers_state[0x45];
1366 switch (keycode) {
1367 case 0x2a: /* Left Shift */
1368 case 0x36: /* Right Shift */
1369 case 0x1d: /* Left CTRL */
1370 case 0x9d: /* Right CTRL */
1371 case 0x38: /* Left ALT */
1372 case 0xb8: /* Right ALT */
1373 break;
1374 case 0xc8:
1375 kbd_put_keysym(QEMU_KEY_UP);
1376 break;
1377 case 0xd0:
1378 kbd_put_keysym(QEMU_KEY_DOWN);
1379 break;
1380 case 0xcb:
1381 kbd_put_keysym(QEMU_KEY_LEFT);
1382 break;
1383 case 0xcd:
1384 kbd_put_keysym(QEMU_KEY_RIGHT);
1385 break;
1386 case 0xd3:
1387 kbd_put_keysym(QEMU_KEY_DELETE);
1388 break;
1389 case 0xc7:
1390 kbd_put_keysym(QEMU_KEY_HOME);
1391 break;
1392 case 0xcf:
1393 kbd_put_keysym(QEMU_KEY_END);
1394 break;
1395 case 0xc9:
1396 kbd_put_keysym(QEMU_KEY_PAGEUP);
1397 break;
1398 case 0xd1:
1399 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1400 break;
1401
1402 case 0x47:
1403 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1404 break;
1405 case 0x48:
1406 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1407 break;
1408 case 0x49:
1409 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1410 break;
1411 case 0x4b:
1412 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1413 break;
1414 case 0x4c:
1415 kbd_put_keysym('5');
1416 break;
1417 case 0x4d:
1418 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1419 break;
1420 case 0x4f:
1421 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1422 break;
1423 case 0x50:
1424 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1425 break;
1426 case 0x51:
1427 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1428 break;
1429 case 0x52:
1430 kbd_put_keysym('0');
1431 break;
1432 case 0x53:
1433 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1434 break;
1435
1436 case 0xb5:
1437 kbd_put_keysym('/');
1438 break;
1439 case 0x37:
1440 kbd_put_keysym('*');
1441 break;
1442 case 0x4a:
1443 kbd_put_keysym('-');
1444 break;
1445 case 0x4e:
1446 kbd_put_keysym('+');
1447 break;
1448 case 0x9c:
1449 kbd_put_keysym('\n');
1450 break;
1451
1452 default:
1453 kbd_put_keysym(sym);
1454 break;
1455 }
1456 }
1457 }
1458 }
1459
1460 static void key_event(VncState *vs, int down, uint32_t sym)
1461 {
1462 int keycode;
1463
1464 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1465 sym = sym - 'A' + 'a';
1466
1467 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1468 do_key_event(vs, down, keycode, sym);
1469 }
1470
1471 static void ext_key_event(VncState *vs, int down,
1472 uint32_t sym, uint16_t keycode)
1473 {
1474 /* if the user specifies a keyboard layout, always use it */
1475 if (keyboard_layout)
1476 key_event(vs, down, sym);
1477 else
1478 do_key_event(vs, down, keycode, sym);
1479 }
1480
1481 static void framebuffer_update_request(VncState *vs, int incremental,
1482 int x_position, int y_position,
1483 int w, int h)
1484 {
1485 if (x_position > ds_get_width(vs->ds))
1486 x_position = ds_get_width(vs->ds);
1487 if (y_position > ds_get_height(vs->ds))
1488 y_position = ds_get_height(vs->ds);
1489 if (x_position + w >= ds_get_width(vs->ds))
1490 w = ds_get_width(vs->ds) - x_position;
1491 if (y_position + h >= ds_get_height(vs->ds))
1492 h = ds_get_height(vs->ds) - y_position;
1493
1494 int i;
1495 vs->need_update = 1;
1496 if (!incremental) {
1497 vs->force_update = 1;
1498 for (i = 0; i < h; i++) {
1499 vnc_set_bits(vs->dirty[y_position + i],
1500 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1501 }
1502 }
1503 }
1504
1505 static void send_ext_key_event_ack(VncState *vs)
1506 {
1507 vnc_write_u8(vs, 0);
1508 vnc_write_u8(vs, 0);
1509 vnc_write_u16(vs, 1);
1510 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1511 VNC_ENCODING_EXT_KEY_EVENT);
1512 vnc_flush(vs);
1513 }
1514
1515 static void send_ext_audio_ack(VncState *vs)
1516 {
1517 vnc_write_u8(vs, 0);
1518 vnc_write_u8(vs, 0);
1519 vnc_write_u16(vs, 1);
1520 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1521 VNC_ENCODING_AUDIO);
1522 vnc_flush(vs);
1523 }
1524
1525 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1526 {
1527 int i;
1528 unsigned int enc = 0;
1529
1530 vnc_zlib_init(vs);
1531 vs->features = 0;
1532 vs->vnc_encoding = 0;
1533 vs->tight_compression = 9;
1534 vs->tight_quality = 9;
1535 vs->absolute = -1;
1536
1537 for (i = n_encodings - 1; i >= 0; i--) {
1538 enc = encodings[i];
1539 switch (enc) {
1540 case VNC_ENCODING_RAW:
1541 vs->vnc_encoding = enc;
1542 break;
1543 case VNC_ENCODING_COPYRECT:
1544 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1545 break;
1546 case VNC_ENCODING_HEXTILE:
1547 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1548 vs->vnc_encoding = enc;
1549 break;
1550 case VNC_ENCODING_ZLIB:
1551 vs->features |= VNC_FEATURE_ZLIB_MASK;
1552 vs->vnc_encoding = enc;
1553 break;
1554 case VNC_ENCODING_DESKTOPRESIZE:
1555 vs->features |= VNC_FEATURE_RESIZE_MASK;
1556 break;
1557 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1558 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1559 break;
1560 case VNC_ENCODING_EXT_KEY_EVENT:
1561 send_ext_key_event_ack(vs);
1562 break;
1563 case VNC_ENCODING_AUDIO:
1564 send_ext_audio_ack(vs);
1565 break;
1566 case VNC_ENCODING_WMVi:
1567 vs->features |= VNC_FEATURE_WMVI_MASK;
1568 break;
1569 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1570 vs->tight_compression = (enc & 0x0F);
1571 break;
1572 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1573 vs->tight_quality = (enc & 0x0F);
1574 break;
1575 default:
1576 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1577 break;
1578 }
1579 }
1580
1581 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1582 }
1583
1584 static void set_pixel_conversion(VncState *vs)
1585 {
1586 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1587 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1588 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1589 vs->write_pixels = vnc_write_pixels_copy;
1590 switch (vs->ds->surface->pf.bits_per_pixel) {
1591 case 8:
1592 vs->send_hextile_tile = send_hextile_tile_8;
1593 break;
1594 case 16:
1595 vs->send_hextile_tile = send_hextile_tile_16;
1596 break;
1597 case 32:
1598 vs->send_hextile_tile = send_hextile_tile_32;
1599 break;
1600 }
1601 } else {
1602 vs->write_pixels = vnc_write_pixels_generic;
1603 switch (vs->ds->surface->pf.bits_per_pixel) {
1604 case 8:
1605 vs->send_hextile_tile = send_hextile_tile_generic_8;
1606 break;
1607 case 16:
1608 vs->send_hextile_tile = send_hextile_tile_generic_16;
1609 break;
1610 case 32:
1611 vs->send_hextile_tile = send_hextile_tile_generic_32;
1612 break;
1613 }
1614 }
1615 }
1616
1617 static void set_pixel_format(VncState *vs,
1618 int bits_per_pixel, int depth,
1619 int big_endian_flag, int true_color_flag,
1620 int red_max, int green_max, int blue_max,
1621 int red_shift, int green_shift, int blue_shift)
1622 {
1623 if (!true_color_flag) {
1624 vnc_client_error(vs);
1625 return;
1626 }
1627
1628 vs->clientds = *(vs->vd->guest.ds);
1629 vs->clientds.pf.rmax = red_max;
1630 count_bits(vs->clientds.pf.rbits, red_max);
1631 vs->clientds.pf.rshift = red_shift;
1632 vs->clientds.pf.rmask = red_max << red_shift;
1633 vs->clientds.pf.gmax = green_max;
1634 count_bits(vs->clientds.pf.gbits, green_max);
1635 vs->clientds.pf.gshift = green_shift;
1636 vs->clientds.pf.gmask = green_max << green_shift;
1637 vs->clientds.pf.bmax = blue_max;
1638 count_bits(vs->clientds.pf.bbits, blue_max);
1639 vs->clientds.pf.bshift = blue_shift;
1640 vs->clientds.pf.bmask = blue_max << blue_shift;
1641 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1642 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1643 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1644 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1645
1646 set_pixel_conversion(vs);
1647
1648 vga_hw_invalidate();
1649 vga_hw_update();
1650 }
1651
1652 static void pixel_format_message (VncState *vs) {
1653 char pad[3] = { 0, 0, 0 };
1654
1655 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1656 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1657
1658 #ifdef HOST_WORDS_BIGENDIAN
1659 vnc_write_u8(vs, 1); /* big-endian-flag */
1660 #else
1661 vnc_write_u8(vs, 0); /* big-endian-flag */
1662 #endif
1663 vnc_write_u8(vs, 1); /* true-color-flag */
1664 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1665 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1666 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1667 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1668 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1669 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1670 if (vs->ds->surface->pf.bits_per_pixel == 32)
1671 vs->send_hextile_tile = send_hextile_tile_32;
1672 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1673 vs->send_hextile_tile = send_hextile_tile_16;
1674 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1675 vs->send_hextile_tile = send_hextile_tile_8;
1676 vs->clientds = *(vs->ds->surface);
1677 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1678 vs->write_pixels = vnc_write_pixels_copy;
1679
1680 vnc_write(vs, pad, 3); /* padding */
1681 }
1682
1683 static void vnc_dpy_setdata(DisplayState *ds)
1684 {
1685 /* We don't have to do anything */
1686 }
1687
1688 static void vnc_colordepth(VncState *vs)
1689 {
1690 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1691 /* Sending a WMVi message to notify the client*/
1692 vnc_write_u8(vs, 0); /* msg id */
1693 vnc_write_u8(vs, 0);
1694 vnc_write_u16(vs, 1); /* number of rects */
1695 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1696 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1697 pixel_format_message(vs);
1698 vnc_flush(vs);
1699 } else {
1700 set_pixel_conversion(vs);
1701 }
1702 }
1703
1704 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1705 {
1706 int i;
1707 uint16_t limit;
1708 VncDisplay *vd = vs->vd;
1709
1710 if (data[0] > 3) {
1711 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1712 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1713 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1714 }
1715
1716 switch (data[0]) {
1717 case 0:
1718 if (len == 1)
1719 return 20;
1720
1721 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1722 read_u8(data, 6), read_u8(data, 7),
1723 read_u16(data, 8), read_u16(data, 10),
1724 read_u16(data, 12), read_u8(data, 14),
1725 read_u8(data, 15), read_u8(data, 16));
1726 break;
1727 case 2:
1728 if (len == 1)
1729 return 4;
1730
1731 if (len == 4) {
1732 limit = read_u16(data, 2);
1733 if (limit > 0)
1734 return 4 + (limit * 4);
1735 } else
1736 limit = read_u16(data, 2);
1737
1738 for (i = 0; i < limit; i++) {
1739 int32_t val = read_s32(data, 4 + (i * 4));
1740 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1741 }
1742
1743 set_encodings(vs, (int32_t *)(data + 4), limit);
1744 break;
1745 case 3:
1746 if (len == 1)
1747 return 10;
1748
1749 framebuffer_update_request(vs,
1750 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1751 read_u16(data, 6), read_u16(data, 8));
1752 break;
1753 case 4:
1754 if (len == 1)
1755 return 8;
1756
1757 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1758 break;
1759 case 5:
1760 if (len == 1)
1761 return 6;
1762
1763 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1764 break;
1765 case 6:
1766 if (len == 1)
1767 return 8;
1768
1769 if (len == 8) {
1770 uint32_t dlen = read_u32(data, 4);
1771 if (dlen > 0)
1772 return 8 + dlen;
1773 }
1774
1775 client_cut_text(vs, read_u32(data, 4), data + 8);
1776 break;
1777 case 255:
1778 if (len == 1)
1779 return 2;
1780
1781 switch (read_u8(data, 1)) {
1782 case 0:
1783 if (len == 2)
1784 return 12;
1785
1786 ext_key_event(vs, read_u16(data, 2),
1787 read_u32(data, 4), read_u32(data, 8));
1788 break;
1789 case 1:
1790 if (len == 2)
1791 return 4;
1792
1793 switch (read_u16 (data, 2)) {
1794 case 0:
1795 audio_add(vs);
1796 break;
1797 case 1:
1798 audio_del(vs);
1799 break;
1800 case 2:
1801 if (len == 4)
1802 return 10;
1803 switch (read_u8(data, 4)) {
1804 case 0: vs->as.fmt = AUD_FMT_U8; break;
1805 case 1: vs->as.fmt = AUD_FMT_S8; break;
1806 case 2: vs->as.fmt = AUD_FMT_U16; break;
1807 case 3: vs->as.fmt = AUD_FMT_S16; break;
1808 case 4: vs->as.fmt = AUD_FMT_U32; break;
1809 case 5: vs->as.fmt = AUD_FMT_S32; break;
1810 default:
1811 printf("Invalid audio format %d\n", read_u8(data, 4));
1812 vnc_client_error(vs);
1813 break;
1814 }
1815 vs->as.nchannels = read_u8(data, 5);
1816 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1817 printf("Invalid audio channel coount %d\n",
1818 read_u8(data, 5));
1819 vnc_client_error(vs);
1820 break;
1821 }
1822 vs->as.freq = read_u32(data, 6);
1823 break;
1824 default:
1825 printf ("Invalid audio message %d\n", read_u8(data, 4));
1826 vnc_client_error(vs);
1827 break;
1828 }
1829 break;
1830
1831 default:
1832 printf("Msg: %d\n", read_u16(data, 0));
1833 vnc_client_error(vs);
1834 break;
1835 }
1836 break;
1837 default:
1838 printf("Msg: %d\n", data[0]);
1839 vnc_client_error(vs);
1840 break;
1841 }
1842
1843 vnc_read_when(vs, protocol_client_msg, 1);
1844 return 0;
1845 }
1846
1847 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1848 {
1849 char buf[1024];
1850 int size;
1851
1852 vnc_write_u16(vs, ds_get_width(vs->ds));
1853 vnc_write_u16(vs, ds_get_height(vs->ds));
1854
1855 pixel_format_message(vs);
1856
1857 if (qemu_name)
1858 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1859 else
1860 size = snprintf(buf, sizeof(buf), "QEMU");
1861
1862 vnc_write_u32(vs, size);
1863 vnc_write(vs, buf, size);
1864 vnc_flush(vs);
1865
1866 vnc_read_when(vs, protocol_client_msg, 1);
1867
1868 return 0;
1869 }
1870
1871 void start_client_init(VncState *vs)
1872 {
1873 vnc_read_when(vs, protocol_client_init, 1);
1874 }
1875
1876 static void make_challenge(VncState *vs)
1877 {
1878 int i;
1879
1880 srand(time(NULL)+getpid()+getpid()*987654+rand());
1881
1882 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1883 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1884 }
1885
1886 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1887 {
1888 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1889 int i, j, pwlen;
1890 unsigned char key[8];
1891
1892 if (!vs->vd->password || !vs->vd->password[0]) {
1893 VNC_DEBUG("No password configured on server");
1894 vnc_write_u32(vs, 1); /* Reject auth */
1895 if (vs->minor >= 8) {
1896 static const char err[] = "Authentication failed";
1897 vnc_write_u32(vs, sizeof(err));
1898 vnc_write(vs, err, sizeof(err));
1899 }
1900 vnc_flush(vs);
1901 vnc_client_error(vs);
1902 return 0;
1903 }
1904
1905 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1906
1907 /* Calculate the expected challenge response */
1908 pwlen = strlen(vs->vd->password);
1909 for (i=0; i<sizeof(key); i++)
1910 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1911 deskey(key, EN0);
1912 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1913 des(response+j, response+j);
1914
1915 /* Compare expected vs actual challenge response */
1916 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1917 VNC_DEBUG("Client challenge reponse did not match\n");
1918 vnc_write_u32(vs, 1); /* Reject auth */
1919 if (vs->minor >= 8) {
1920 static const char err[] = "Authentication failed";
1921 vnc_write_u32(vs, sizeof(err));
1922 vnc_write(vs, err, sizeof(err));
1923 }
1924 vnc_flush(vs);
1925 vnc_client_error(vs);
1926 } else {
1927 VNC_DEBUG("Accepting VNC challenge response\n");
1928 vnc_write_u32(vs, 0); /* Accept auth */
1929 vnc_flush(vs);
1930
1931 start_client_init(vs);
1932 }
1933 return 0;
1934 }
1935
1936 void start_auth_vnc(VncState *vs)
1937 {
1938 make_challenge(vs);
1939 /* Send client a 'random' challenge */
1940 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1941 vnc_flush(vs);
1942
1943 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1944 }
1945
1946
1947 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1948 {
1949 /* We only advertise 1 auth scheme at a time, so client
1950 * must pick the one we sent. Verify this */
1951 if (data[0] != vs->vd->auth) { /* Reject auth */
1952 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1953 vnc_write_u32(vs, 1);
1954 if (vs->minor >= 8) {
1955 static const char err[] = "Authentication failed";
1956 vnc_write_u32(vs, sizeof(err));
1957 vnc_write(vs, err, sizeof(err));
1958 }
1959 vnc_client_error(vs);
1960 } else { /* Accept requested auth */
1961 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1962 switch (vs->vd->auth) {
1963 case VNC_AUTH_NONE:
1964 VNC_DEBUG("Accept auth none\n");
1965 if (vs->minor >= 8) {
1966 vnc_write_u32(vs, 0); /* Accept auth completion */
1967 vnc_flush(vs);
1968 }
1969 start_client_init(vs);
1970 break;
1971
1972 case VNC_AUTH_VNC:
1973 VNC_DEBUG("Start VNC auth\n");
1974 start_auth_vnc(vs);
1975 break;
1976
1977 #ifdef CONFIG_VNC_TLS
1978 case VNC_AUTH_VENCRYPT:
1979 VNC_DEBUG("Accept VeNCrypt auth\n");;
1980 start_auth_vencrypt(vs);
1981 break;
1982 #endif /* CONFIG_VNC_TLS */
1983
1984 #ifdef CONFIG_VNC_SASL
1985 case VNC_AUTH_SASL:
1986 VNC_DEBUG("Accept SASL auth\n");
1987 start_auth_sasl(vs);
1988 break;
1989 #endif /* CONFIG_VNC_SASL */
1990
1991 default: /* Should not be possible, but just in case */
1992 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1993 vnc_write_u8(vs, 1);
1994 if (vs->minor >= 8) {
1995 static const char err[] = "Authentication failed";
1996 vnc_write_u32(vs, sizeof(err));
1997 vnc_write(vs, err, sizeof(err));
1998 }
1999 vnc_client_error(vs);
2000 }
2001 }
2002 return 0;
2003 }
2004
2005 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2006 {
2007 char local[13];
2008
2009 memcpy(local, version, 12);
2010 local[12] = 0;
2011
2012 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2013 VNC_DEBUG("Malformed protocol version %s\n", local);
2014 vnc_client_error(vs);
2015 return 0;
2016 }
2017 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2018 if (vs->major != 3 ||
2019 (vs->minor != 3 &&
2020 vs->minor != 4 &&
2021 vs->minor != 5 &&
2022 vs->minor != 7 &&
2023 vs->minor != 8)) {
2024 VNC_DEBUG("Unsupported client version\n");
2025 vnc_write_u32(vs, VNC_AUTH_INVALID);
2026 vnc_flush(vs);
2027 vnc_client_error(vs);
2028 return 0;
2029 }
2030 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2031 * as equivalent to v3.3 by servers
2032 */
2033 if (vs->minor == 4 || vs->minor == 5)
2034 vs->minor = 3;
2035
2036 if (vs->minor == 3) {
2037 if (vs->vd->auth == VNC_AUTH_NONE) {
2038 VNC_DEBUG("Tell client auth none\n");
2039 vnc_write_u32(vs, vs->vd->auth);
2040 vnc_flush(vs);
2041 start_client_init(vs);
2042 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2043 VNC_DEBUG("Tell client VNC auth\n");
2044 vnc_write_u32(vs, vs->vd->auth);
2045 vnc_flush(vs);
2046 start_auth_vnc(vs);
2047 } else {
2048 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2049 vnc_write_u32(vs, VNC_AUTH_INVALID);
2050 vnc_flush(vs);
2051 vnc_client_error(vs);
2052 }
2053 } else {
2054 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2055 vnc_write_u8(vs, 1); /* num auth */
2056 vnc_write_u8(vs, vs->vd->auth);
2057 vnc_read_when(vs, protocol_client_auth, 1);
2058 vnc_flush(vs);
2059 }
2060
2061 return 0;
2062 }
2063
2064 static int vnc_refresh_server_surface(VncDisplay *vd)
2065 {
2066 int y;
2067 uint8_t *guest_row;
2068 uint8_t *server_row;
2069 int cmp_bytes;
2070 uint32_t width_mask[VNC_DIRTY_WORDS];
2071 VncState *vs = NULL;
2072 int has_dirty = 0;
2073
2074 /*
2075 * Walk through the guest dirty map.
2076 * Check and copy modified bits from guest to server surface.
2077 * Update server dirty map.
2078 */
2079 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2080 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2081 guest_row = vd->guest.ds->data;
2082 server_row = vd->server->data;
2083 for (y = 0; y < vd->guest.ds->height; y++) {
2084 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2085 int x;
2086 uint8_t *guest_ptr;
2087 uint8_t *server_ptr;
2088
2089 guest_ptr = guest_row;
2090 server_ptr = server_row;
2091
2092 for (x = 0; x < vd->guest.ds->width;
2093 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2094 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2095 continue;
2096 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2097 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2098 continue;
2099 memcpy(server_ptr, guest_ptr, cmp_bytes);
2100 vs = vd->clients;
2101 while (vs != NULL) {
2102 vnc_set_bit(vs->dirty[y], (x / 16));
2103 vs = vs->next;
2104 }
2105 has_dirty++;
2106 }
2107 }
2108 guest_row += ds_get_linesize(vd->ds);
2109 server_row += ds_get_linesize(vd->ds);
2110 }
2111 return has_dirty;
2112 }
2113
2114 static void vnc_refresh(void *opaque)
2115 {
2116 VncDisplay *vd = opaque;
2117 VncState *vs = NULL;
2118 int has_dirty = 0, rects = 0;
2119
2120 vga_hw_update();
2121
2122 has_dirty = vnc_refresh_server_surface(vd);
2123
2124 vs = vd->clients;
2125 while (vs != NULL) {
2126 rects += vnc_update_client(vs, has_dirty);
2127 vs = vs->next;
2128 }
2129
2130 if (has_dirty && rects) {
2131 vd->timer_interval /= 2;
2132 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2133 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2134 } else {
2135 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2136 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2137 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2138 }
2139 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2140 }
2141
2142 static void vnc_init_timer(VncDisplay *vd)
2143 {
2144 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2145 if (vd->timer == NULL && vd->clients != NULL) {
2146 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2147 vnc_refresh(vd);
2148 }
2149 }
2150
2151 static void vnc_remove_timer(VncDisplay *vd)
2152 {
2153 if (vd->timer != NULL && vd->clients == NULL) {
2154 qemu_del_timer(vd->timer);
2155 qemu_free_timer(vd->timer);
2156 vd->timer = NULL;
2157 }
2158 }
2159
2160 static void vnc_connect(VncDisplay *vd, int csock)
2161 {
2162 VncState *vs = qemu_mallocz(sizeof(VncState));
2163 vs->csock = csock;
2164
2165 VNC_DEBUG("New client on socket %d\n", csock);
2166 dcl->idle = 0;
2167 socket_set_nonblock(vs->csock);
2168 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2169
2170 vs->vd = vd;
2171 vs->ds = vd->ds;
2172 vs->last_x = -1;
2173 vs->last_y = -1;
2174
2175 vs->as.freq = 44100;
2176 vs->as.nchannels = 2;
2177 vs->as.fmt = AUD_FMT_S16;
2178 vs->as.endianness = 0;
2179
2180 vs->next = vd->clients;
2181 vd->clients = vs;
2182
2183 vga_hw_update();
2184
2185 vnc_write(vs, "RFB 003.008\n", 12);
2186 vnc_flush(vs);
2187 vnc_read_when(vs, protocol_version, 12);
2188 reset_keys(vs);
2189
2190 vnc_init_timer(vd);
2191
2192 /* vs might be free()ed here */
2193 }
2194
2195 static void vnc_listen_read(void *opaque)
2196 {
2197 VncDisplay *vs = opaque;
2198 struct sockaddr_in addr;
2199 socklen_t addrlen = sizeof(addr);
2200
2201 /* Catch-up */
2202 vga_hw_update();
2203
2204 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2205 if (csock != -1) {
2206 vnc_connect(vs, csock);
2207 }
2208 }
2209
2210 void vnc_display_init(DisplayState *ds)
2211 {
2212 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2213
2214 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2215
2216 ds->opaque = vs;
2217 dcl->idle = 1;
2218 vnc_display = vs;
2219
2220 vs->lsock = -1;
2221
2222 vs->ds = ds;
2223
2224 if (keyboard_layout)
2225 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2226 else
2227 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2228
2229 if (!vs->kbd_layout)
2230 exit(1);
2231
2232 dcl->dpy_copy = vnc_dpy_copy;
2233 dcl->dpy_update = vnc_dpy_update;
2234 dcl->dpy_resize = vnc_dpy_resize;
2235 dcl->dpy_setdata = vnc_dpy_setdata;
2236 register_displaychangelistener(ds, dcl);
2237 }
2238
2239
2240 void vnc_display_close(DisplayState *ds)
2241 {
2242 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2243
2244 if (!vs)
2245 return;
2246 if (vs->display) {
2247 qemu_free(vs->display);
2248 vs->display = NULL;
2249 }
2250 if (vs->lsock != -1) {
2251 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2252 close(vs->lsock);
2253 vs->lsock = -1;
2254 }
2255 vs->auth = VNC_AUTH_INVALID;
2256 #ifdef CONFIG_VNC_TLS
2257 vs->subauth = VNC_AUTH_INVALID;
2258 vs->tls.x509verify = 0;
2259 #endif
2260 }
2261
2262 int vnc_display_password(DisplayState *ds, const char *password)
2263 {
2264 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2265
2266 if (!vs) {
2267 return -1;
2268 }
2269
2270 if (vs->password) {
2271 qemu_free(vs->password);
2272 vs->password = NULL;
2273 }
2274 if (password && password[0]) {
2275 if (!(vs->password = qemu_strdup(password)))
2276 return -1;
2277 if (vs->auth == VNC_AUTH_NONE) {
2278 vs->auth = VNC_AUTH_VNC;
2279 }
2280 } else {
2281 vs->auth = VNC_AUTH_NONE;
2282 }
2283
2284 return 0;
2285 }
2286
2287 char *vnc_display_local_addr(DisplayState *ds)
2288 {
2289 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2290
2291 return vnc_socket_local_addr("%s:%s", vs->lsock);
2292 }
2293
2294 int vnc_display_open(DisplayState *ds, const char *display)
2295 {
2296 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2297 const char *options;
2298 int password = 0;
2299 int reverse = 0;
2300 int to_port = 0;
2301 #ifdef CONFIG_VNC_TLS
2302 int tls = 0, x509 = 0;
2303 #endif
2304 #ifdef CONFIG_VNC_SASL
2305 int sasl = 0;
2306 int saslErr;
2307 #endif
2308 int acl = 0;
2309
2310 if (!vnc_display)
2311 return -1;
2312 vnc_display_close(ds);
2313 if (strcmp(display, "none") == 0)
2314 return 0;
2315
2316 if (!(vs->display = strdup(display)))
2317 return -1;
2318
2319 options = display;
2320 while ((options = strchr(options, ','))) {
2321 options++;
2322 if (strncmp(options, "password", 8) == 0) {
2323 password = 1; /* Require password auth */
2324 } else if (strncmp(options, "reverse", 7) == 0) {
2325 reverse = 1;
2326 } else if (strncmp(options, "to=", 3) == 0) {
2327 to_port = atoi(options+3) + 5900;
2328 #ifdef CONFIG_VNC_SASL
2329 } else if (strncmp(options, "sasl", 4) == 0) {
2330 sasl = 1; /* Require SASL auth */
2331 #endif
2332 #ifdef CONFIG_VNC_TLS
2333 } else if (strncmp(options, "tls", 3) == 0) {
2334 tls = 1; /* Require TLS */
2335 } else if (strncmp(options, "x509", 4) == 0) {
2336 char *start, *end;
2337 x509 = 1; /* Require x509 certificates */
2338 if (strncmp(options, "x509verify", 10) == 0)
2339 vs->tls.x509verify = 1; /* ...and verify client certs */
2340
2341 /* Now check for 'x509=/some/path' postfix
2342 * and use that to setup x509 certificate/key paths */
2343 start = strchr(options, '=');
2344 end = strchr(options, ',');
2345 if (start && (!end || (start < end))) {
2346 int len = end ? end-(start+1) : strlen(start+1);
2347 char *path = qemu_strndup(start + 1, len);
2348
2349 VNC_DEBUG("Trying certificate path '%s'\n", path);
2350 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2351 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2352 qemu_free(path);
2353 qemu_free(vs->display);
2354 vs->display = NULL;
2355 return -1;
2356 }
2357 qemu_free(path);
2358 } else {
2359 fprintf(stderr, "No certificate path provided\n");
2360 qemu_free(vs->display);
2361 vs->display = NULL;
2362 return -1;
2363 }
2364 #endif
2365 } else if (strncmp(options, "acl", 3) == 0) {
2366 acl = 1;
2367 }
2368 }
2369
2370 #ifdef CONFIG_VNC_TLS
2371 if (acl && x509 && vs->tls.x509verify) {
2372 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2373 fprintf(stderr, "Failed to create x509 dname ACL\n");
2374 exit(1);
2375 }
2376 }
2377 #endif
2378 #ifdef CONFIG_VNC_SASL
2379 if (acl && sasl) {
2380 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2381 fprintf(stderr, "Failed to create username ACL\n");
2382 exit(1);
2383 }
2384 }
2385 #endif
2386
2387 /*
2388 * Combinations we support here:
2389 *
2390 * - no-auth (clear text, no auth)
2391 * - password (clear text, weak auth)
2392 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2393 * - tls (encrypt, weak anonymous creds, no auth)
2394 * - tls + password (encrypt, weak anonymous creds, weak auth)
2395 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2396 * - tls + x509 (encrypt, good x509 creds, no auth)
2397 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2398 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2399 *
2400 * NB1. TLS is a stackable auth scheme.
2401 * NB2. the x509 schemes have option to validate a client cert dname
2402 */
2403 if (password) {
2404 #ifdef CONFIG_VNC_TLS
2405 if (tls) {
2406 vs->auth = VNC_AUTH_VENCRYPT;
2407 if (x509) {
2408 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2409 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2410 } else {
2411 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2412 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2413 }
2414 } else {
2415 #endif /* CONFIG_VNC_TLS */
2416 VNC_DEBUG("Initializing VNC server with password auth\n");
2417 vs->auth = VNC_AUTH_VNC;
2418 #ifdef CONFIG_VNC_TLS
2419 vs->subauth = VNC_AUTH_INVALID;
2420 }
2421 #endif /* CONFIG_VNC_TLS */
2422 #ifdef CONFIG_VNC_SASL
2423 } else if (sasl) {
2424 #ifdef CONFIG_VNC_TLS
2425 if (tls) {
2426 vs->auth = VNC_AUTH_VENCRYPT;
2427 if (x509) {
2428 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2429 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2430 } else {
2431 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2432 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2433 }
2434 } else {
2435 #endif /* CONFIG_VNC_TLS */
2436 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2437 vs->auth = VNC_AUTH_SASL;
2438 #ifdef CONFIG_VNC_TLS
2439 vs->subauth = VNC_AUTH_INVALID;
2440 }
2441 #endif /* CONFIG_VNC_TLS */
2442 #endif /* CONFIG_VNC_SASL */
2443 } else {
2444 #ifdef CONFIG_VNC_TLS
2445 if (tls) {
2446 vs->auth = VNC_AUTH_VENCRYPT;
2447 if (x509) {
2448 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2449 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2450 } else {
2451 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2452 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2453 }
2454 } else {
2455 #endif
2456 VNC_DEBUG("Initializing VNC server with no auth\n");
2457 vs->auth = VNC_AUTH_NONE;
2458 #ifdef CONFIG_VNC_TLS
2459 vs->subauth = VNC_AUTH_INVALID;
2460 }
2461 #endif
2462 }
2463
2464 #ifdef CONFIG_VNC_SASL
2465 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2466 fprintf(stderr, "Failed to initialize SASL auth %s",
2467 sasl_errstring(saslErr, NULL, NULL));
2468 free(vs->display);
2469 vs->display = NULL;
2470 return -1;
2471 }
2472 #endif
2473
2474 if (reverse) {
2475 /* connect to viewer */
2476 if (strncmp(display, "unix:", 5) == 0)
2477 vs->lsock = unix_connect(display+5);
2478 else
2479 vs->lsock = inet_connect(display, SOCK_STREAM);
2480 if (-1 == vs->lsock) {
2481 free(vs->display);
2482 vs->display = NULL;
2483 return -1;
2484 } else {
2485 int csock = vs->lsock;
2486 vs->lsock = -1;
2487 vnc_connect(vs, csock);
2488 }
2489 return 0;
2490
2491 } else {
2492 /* listen for connects */
2493 char *dpy;
2494 dpy = qemu_malloc(256);
2495 if (strncmp(display, "unix:", 5) == 0) {
2496 pstrcpy(dpy, 256, "unix:");
2497 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2498 } else {
2499 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2500 }
2501 if (-1 == vs->lsock) {
2502 free(dpy);
2503 return -1;
2504 } else {
2505 free(vs->display);
2506 vs->display = dpy;
2507 }
2508 }
2509 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2510 }
QEmu