search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
QMP: Introduce VNC_INITIALIZED event
[qemu/agraf.git] / vnc.c
blobc7d6652e1556d5c99ea0e7a5da7512f9f66f898c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
59 size_t addrlen;
60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
70 /* Enough for the existing format + the 2 vars we're
71 * substituting in. */
72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
76
77 return addr;
78 }
79
80
81 char *vnc_socket_local_addr(const char *format, int fd) {
82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90 }
91
92 char *vnc_socket_remote_addr(const char *format, int fd) {
93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101 }
102
103 static QString *get_sock_family(const struct sockaddr_storage *sa)
104 {
105 const char *name;
106
107 switch (sa->ss_family)
108 {
109 case AF_INET:
110 name = "ipv4";
111 break;
112 case AF_INET6:
113 name = "ipv6";
114 break;
115 default:
116 name = "unknown";
117 break;
118 }
119
120 return qstring_from_str(name);
121 }
122
123 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
124 socklen_t salen)
125 {
126 char host[NI_MAXHOST];
127 char serv[NI_MAXSERV];
128 int err;
129
130 if ((err = getnameinfo((struct sockaddr *)sa, salen,
131 host, sizeof(host),
132 serv, sizeof(serv),
133 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
134 VNC_DEBUG("Cannot resolve address %d: %s\n",
135 err, gai_strerror(err));
136 return -1;
137 }
138
139 qdict_put(qdict, "host", qstring_from_str(host));
140 qdict_put(qdict, "service", qstring_from_str(serv));
141 qdict_put(qdict, "family", get_sock_family(sa));
142
143 return 0;
144 }
145
146 static int vnc_server_addr_put(QDict *qdict, int fd)
147 {
148 struct sockaddr_storage sa;
149 socklen_t salen;
150
151 salen = sizeof(sa);
152 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
153 return -1;
154 }
155
156 return put_addr_qdict(qdict, &sa, salen);
157 }
158
159 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
160 {
161 struct sockaddr_storage sa;
162 socklen_t salen;
163
164 salen = sizeof(sa);
165 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
166 return -1;
167 }
168
169 return put_addr_qdict(qdict, &sa, salen);
170 }
171
172 static const char *vnc_auth_name(VncDisplay *vd) {
173 switch (vd->auth) {
174 case VNC_AUTH_INVALID:
175 return "invalid";
176 case VNC_AUTH_NONE:
177 return "none";
178 case VNC_AUTH_VNC:
179 return "vnc";
180 case VNC_AUTH_RA2:
181 return "ra2";
182 case VNC_AUTH_RA2NE:
183 return "ra2ne";
184 case VNC_AUTH_TIGHT:
185 return "tight";
186 case VNC_AUTH_ULTRA:
187 return "ultra";
188 case VNC_AUTH_TLS:
189 return "tls";
190 case VNC_AUTH_VENCRYPT:
191 #ifdef CONFIG_VNC_TLS
192 switch (vd->subauth) {
193 case VNC_AUTH_VENCRYPT_PLAIN:
194 return "vencrypt+plain";
195 case VNC_AUTH_VENCRYPT_TLSNONE:
196 return "vencrypt+tls+none";
197 case VNC_AUTH_VENCRYPT_TLSVNC:
198 return "vencrypt+tls+vnc";
199 case VNC_AUTH_VENCRYPT_TLSPLAIN:
200 return "vencrypt+tls+plain";
201 case VNC_AUTH_VENCRYPT_X509NONE:
202 return "vencrypt+x509+none";
203 case VNC_AUTH_VENCRYPT_X509VNC:
204 return "vencrypt+x509+vnc";
205 case VNC_AUTH_VENCRYPT_X509PLAIN:
206 return "vencrypt+x509+plain";
207 case VNC_AUTH_VENCRYPT_TLSSASL:
208 return "vencrypt+tls+sasl";
209 case VNC_AUTH_VENCRYPT_X509SASL:
210 return "vencrypt+x509+sasl";
211 default:
212 return "vencrypt";
213 }
214 #else
215 return "vencrypt";
216 #endif
217 case VNC_AUTH_SASL:
218 return "sasl";
219 }
220 return "unknown";
221 }
222
223 static int vnc_server_info_put(QDict *qdict)
224 {
225 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
226 return -1;
227 }
228
229 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
230 return 0;
231 }
232
233 static void vnc_client_cache_auth(VncState *client)
234 {
235 QDict *qdict;
236
237 if (!client->info) {
238 return;
239 }
240
241 qdict = qobject_to_qdict(client->info);
242
243 #ifdef CONFIG_VNC_TLS
244 if (client->tls.session &&
245 client->tls.dname) {
246 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
247 }
248 #endif
249 #ifdef CONFIG_VNC_SASL
250 if (client->sasl.conn &&
251 client->sasl.username) {
252 qdict_put(qdict, "sasl_username",
253 qstring_from_str(client->sasl.username));
254 }
255 #endif
256 }
257
258 static void vnc_client_cache_addr(VncState *client)
259 {
260 QDict *qdict;
261
262 qdict = qdict_new();
263 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
264 QDECREF(qdict);
265 /* XXX: how to report the error? */
266 return;
267 }
268
269 client->info = QOBJECT(qdict);
270 }
271
272 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
273 {
274 QDict *server;
275 QObject *data;
276
277 if (!vs->info) {
278 return;
279 }
280
281 server = qdict_new();
282 if (vnc_server_info_put(server) < 0) {
283 QDECREF(server);
284 return;
285 }
286
287 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
288 vs->info, QOBJECT(server));
289
290 monitor_protocol_event(event, data);
291
292 qobject_incref(vs->info);
293 qobject_decref(data);
294 }
295
296 static void info_vnc_iter(QObject *obj, void *opaque)
297 {
298 QDict *client;
299 Monitor *mon = opaque;
300
301 client = qobject_to_qdict(obj);
302 monitor_printf(mon, "Client:\n");
303 monitor_printf(mon, " address: %s:%s\n",
304 qdict_get_str(client, "host"),
305 qdict_get_str(client, "service"));
306
307 #ifdef CONFIG_VNC_TLS
308 monitor_printf(mon, " x509_dname: %s\n",
309 qdict_haskey(client, "x509_dname") ?
310 qdict_get_str(client, "x509_dname") : "none");
311 #endif
312 #ifdef CONFIG_VNC_SASL
313 monitor_printf(mon, " username: %s\n",
314 qdict_haskey(client, "sasl_username") ?
315 qdict_get_str(client, "sasl_username") : "none");
316 #endif
317 }
318
319 void do_info_vnc_print(Monitor *mon, const QObject *data)
320 {
321 QDict *server;
322 QList *clients;
323
324 server = qobject_to_qdict(data);
325 if (qdict_get_bool(server, "enabled") == 0) {
326 monitor_printf(mon, "Server: disabled\n");
327 return;
328 }
329
330 monitor_printf(mon, "Server:\n");
331 monitor_printf(mon, " address: %s:%s\n",
332 qdict_get_str(server, "host"),
333 qdict_get_str(server, "service"));
334 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
335
336 clients = qdict_get_qlist(server, "clients");
337 if (qlist_empty(clients)) {
338 monitor_printf(mon, "Client: none\n");
339 } else {
340 qlist_iter(clients, info_vnc_iter, mon);
341 }
342 }
343
344 /**
345 * do_info_vnc(): Show VNC server information
346 *
347 * Return a QDict with server information. Connected clients are returned
348 * as a QList of QDicts.
349 *
350 * The main QDict contains the following:
351 *
352 * - "enabled": true or false
353 * - "host": server's IP address
354 * - "family": address family ("ipv4" or "ipv6")
355 * - "service": server's port number
356 * - "auth": authentication method
357 * - "clients": a QList of all connected clients
358 *
359 * Clients are described by a QDict, with the following information:
360 *
361 * - "host": client's IP address
362 * - "family": address family ("ipv4" or "ipv6")
363 * - "service": client's port number
364 * - "x509_dname": TLS dname (optional)
365 * - "sasl_username": SASL username (optional)
366 *
367 * Example:
368 *
369 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
370 * "family": "ipv4",
371 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
372 */
373 void do_info_vnc(Monitor *mon, QObject **ret_data)
374 {
375 if (vnc_display == NULL || vnc_display->display == NULL) {
376 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
377 } else {
378 QList *clist;
379
380 clist = qlist_new();
381 if (vnc_display->clients) {
382 VncState *client = vnc_display->clients;
383 while (client) {
384 if (client->info) {
385 /* incref so that it's not freed by upper layers */
386 qobject_incref(client->info);
387 qlist_append_obj(clist, client->info);
388 }
389 client = client->next;
390 }
391 }
392
393 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
394 QOBJECT(clist));
395 assert(*ret_data != NULL);
396
397 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
398 qobject_decref(*ret_data);
399 *ret_data = NULL;
400 }
401 }
402 }
403
404 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
405 return (vs->features & (1 << feature));
406 }
407
408 /* TODO
409 1) Get the queue working for IO.
410 2) there is some weirdness when using the -S option (the screen is grey
411 and not totally invalidated
412 3) resolutions > 1024
413 */
414
415 static int vnc_update_client(VncState *vs, int has_dirty);
416 static void vnc_disconnect_start(VncState *vs);
417 static void vnc_disconnect_finish(VncState *vs);
418 static void vnc_init_timer(VncDisplay *vd);
419 static void vnc_remove_timer(VncDisplay *vd);
420
421 static void vnc_colordepth(VncState *vs);
422 static void framebuffer_update_request(VncState *vs, int incremental,
423 int x_position, int y_position,
424 int w, int h);
425 static void vnc_refresh(void *opaque);
426 static int vnc_refresh_server_surface(VncDisplay *vd);
427
428 static inline void vnc_set_bit(uint32_t *d, int k)
429 {
430 d[k >> 5] |= 1 << (k & 0x1f);
431 }
432
433 static inline void vnc_clear_bit(uint32_t *d, int k)
434 {
435 d[k >> 5] &= ~(1 << (k & 0x1f));
436 }
437
438 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
439 {
440 int j;
441
442 j = 0;
443 while (n >= 32) {
444 d[j++] = -1;
445 n -= 32;
446 }
447 if (n > 0)
448 d[j++] = (1 << n) - 1;
449 while (j < nb_words)
450 d[j++] = 0;
451 }
452
453 static inline int vnc_get_bit(const uint32_t *d, int k)
454 {
455 return (d[k >> 5] >> (k & 0x1f)) & 1;
456 }
457
458 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
459 int nb_words)
460 {
461 int i;
462 for(i = 0; i < nb_words; i++) {
463 if ((d1[i] & d2[i]) != 0)
464 return 1;
465 }
466 return 0;
467 }
468
469 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
470 {
471 int i;
472 VncDisplay *vd = ds->opaque;
473 struct VncSurface *s = &vd->guest;
474
475 h += y;
476
477 /* round x down to ensure the loop only spans one 16-pixel block per,
478 iteration. otherwise, if (x % 16) != 0, the last iteration may span
479 two 16-pixel blocks but we only mark the first as dirty
480 */
481 w += (x % 16);
482 x -= (x % 16);
483
484 x = MIN(x, s->ds->width);
485 y = MIN(y, s->ds->height);
486 w = MIN(x + w, s->ds->width) - x;
487 h = MIN(h, s->ds->height);
488
489 for (; y < h; y++)
490 for (i = 0; i < w; i += 16)
491 vnc_set_bit(s->dirty[y], (x + i) / 16);
492 }
493
494 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
495 int32_t encoding)
496 {
497 vnc_write_u16(vs, x);
498 vnc_write_u16(vs, y);
499 vnc_write_u16(vs, w);
500 vnc_write_u16(vs, h);
501
502 vnc_write_s32(vs, encoding);
503 }
504
505 void buffer_reserve(Buffer *buffer, size_t len)
506 {
507 if ((buffer->capacity - buffer->offset) < len) {
508 buffer->capacity += (len + 1024);
509 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
510 if (buffer->buffer == NULL) {
511 fprintf(stderr, "vnc: out of memory\n");
512 exit(1);
513 }
514 }
515 }
516
517 int buffer_empty(Buffer *buffer)
518 {
519 return buffer->offset == 0;
520 }
521
522 uint8_t *buffer_end(Buffer *buffer)
523 {
524 return buffer->buffer + buffer->offset;
525 }
526
527 void buffer_reset(Buffer *buffer)
528 {
529 buffer->offset = 0;
530 }
531
532 void buffer_append(Buffer *buffer, const void *data, size_t len)
533 {
534 memcpy(buffer->buffer + buffer->offset, data, len);
535 buffer->offset += len;
536 }
537
538 static void vnc_dpy_resize(DisplayState *ds)
539 {
540 int size_changed;
541 VncDisplay *vd = ds->opaque;
542 VncState *vs = vd->clients;
543
544 /* server surface */
545 if (!vd->server)
546 vd->server = qemu_mallocz(sizeof(*vd->server));
547 if (vd->server->data)
548 qemu_free(vd->server->data);
549 *(vd->server) = *(ds->surface);
550 vd->server->data = qemu_mallocz(vd->server->linesize *
551 vd->server->height);
552
553 /* guest surface */
554 if (!vd->guest.ds)
555 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
556 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
557 console_color_init(ds);
558 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
559 ds_get_height(ds) != vd->guest.ds->height;
560 *(vd->guest.ds) = *(ds->surface);
561 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
562
563 while (vs != NULL) {
564 vnc_colordepth(vs);
565 if (size_changed) {
566 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
567 vnc_write_u8(vs, 0); /* msg id */
568 vnc_write_u8(vs, 0);
569 vnc_write_u16(vs, 1); /* number of rects */
570 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
571 VNC_ENCODING_DESKTOPRESIZE);
572 vnc_flush(vs);
573 }
574 }
575 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
576 vs = vs->next;
577 }
578 }
579
580 /* fastest code */
581 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
582 {
583 vnc_write(vs, pixels, size);
584 }
585
586 /* slowest but generic code. */
587 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
588 {
589 uint8_t r, g, b;
590 VncDisplay *vd = vs->vd;
591
592 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
593 vd->server->pf.rbits);
594 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
595 vd->server->pf.gbits);
596 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
597 vd->server->pf.bbits);
598 v = (r << vs->clientds.pf.rshift) |
599 (g << vs->clientds.pf.gshift) |
600 (b << vs->clientds.pf.bshift);
601 switch(vs->clientds.pf.bytes_per_pixel) {
602 case 1:
603 buf[0] = v;
604 break;
605 case 2:
606 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
607 buf[0] = v >> 8;
608 buf[1] = v;
609 } else {
610 buf[1] = v >> 8;
611 buf[0] = v;
612 }
613 break;
614 default:
615 case 4:
616 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
617 buf[0] = v >> 24;
618 buf[1] = v >> 16;
619 buf[2] = v >> 8;
620 buf[3] = v;
621 } else {
622 buf[3] = v >> 24;
623 buf[2] = v >> 16;
624 buf[1] = v >> 8;
625 buf[0] = v;
626 }
627 break;
628 }
629 }
630
631 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
632 {
633 uint8_t buf[4];
634 VncDisplay *vd = vs->vd;
635
636 if (vd->server->pf.bytes_per_pixel == 4) {
637 uint32_t *pixels = pixels1;
638 int n, i;
639 n = size >> 2;
640 for(i = 0; i < n; i++) {
641 vnc_convert_pixel(vs, buf, pixels[i]);
642 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
643 }
644 } else if (vd->server->pf.bytes_per_pixel == 2) {
645 uint16_t *pixels = pixels1;
646 int n, i;
647 n = size >> 1;
648 for(i = 0; i < n; i++) {
649 vnc_convert_pixel(vs, buf, pixels[i]);
650 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
651 }
652 } else if (vd->server->pf.bytes_per_pixel == 1) {
653 uint8_t *pixels = pixels1;
654 int n, i;
655 n = size;
656 for(i = 0; i < n; i++) {
657 vnc_convert_pixel(vs, buf, pixels[i]);
658 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
659 }
660 } else {
661 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
662 }
663 }
664
665 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
666 {
667 int i;
668 uint8_t *row;
669 VncDisplay *vd = vs->vd;
670
671 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
672 for (i = 0; i < h; i++) {
673 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
674 row += ds_get_linesize(vs->ds);
675 }
676 }
677
678 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
679 {
680 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
681 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
682 }
683
684 #define BPP 8
685 #include "vnchextile.h"
686 #undef BPP
687
688 #define BPP 16
689 #include "vnchextile.h"
690 #undef BPP
691
692 #define BPP 32
693 #include "vnchextile.h"
694 #undef BPP
695
696 #define GENERIC
697 #define BPP 8
698 #include "vnchextile.h"
699 #undef BPP
700 #undef GENERIC
701
702 #define GENERIC
703 #define BPP 16
704 #include "vnchextile.h"
705 #undef BPP
706 #undef GENERIC
707
708 #define GENERIC
709 #define BPP 32
710 #include "vnchextile.h"
711 #undef BPP
712 #undef GENERIC
713
714 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
715 {
716 int i, j;
717 int has_fg, has_bg;
718 uint8_t *last_fg, *last_bg;
719 VncDisplay *vd = vs->vd;
720
721 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
722 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
723 has_fg = has_bg = 0;
724 for (j = y; j < (y + h); j += 16) {
725 for (i = x; i < (x + w); i += 16) {
726 vs->send_hextile_tile(vs, i, j,
727 MIN(16, x + w - i), MIN(16, y + h - j),
728 last_bg, last_fg, &has_bg, &has_fg);
729 }
730 }
731 free(last_fg);
732 free(last_bg);
733
734 }
735
736 #define ZALLOC_ALIGNMENT 16
737
738 static void *zalloc(void *x, unsigned items, unsigned size)
739 {
740 void *p;
741
742 size *= items;
743 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
744
745 p = qemu_mallocz(size);
746
747 return (p);
748 }
749
750 static void zfree(void *x, void *addr)
751 {
752 qemu_free(addr);
753 }
754
755 static void vnc_zlib_init(VncState *vs)
756 {
757 int i;
758 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
759 vs->zlib_stream[i].opaque = NULL;
760 }
761
762 static void vnc_zlib_start(VncState *vs)
763 {
764 buffer_reset(&vs->zlib);
765
766 // make the output buffer be the zlib buffer, so we can compress it later
767 vs->zlib_tmp = vs->output;
768 vs->output = vs->zlib;
769 }
770
771 static int vnc_zlib_stop(VncState *vs, int stream_id)
772 {
773 z_streamp zstream = &vs->zlib_stream[stream_id];
774 int previous_out;
775
776 // switch back to normal output/zlib buffers
777 vs->zlib = vs->output;
778 vs->output = vs->zlib_tmp;
779
780 // compress the zlib buffer
781
782 // initialize the stream
783 // XXX need one stream per session
784 if (zstream->opaque != vs) {
785 int err;
786
787 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
788 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
789 zstream->zalloc = zalloc;
790 zstream->zfree = zfree;
791
792 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
793 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
794
795 if (err != Z_OK) {
796 fprintf(stderr, "VNC: error initializing zlib\n");
797 return -1;
798 }
799
800 zstream->opaque = vs;
801 }
802
803 // XXX what to do if tight_compression changed in between?
804
805 // reserve memory in output buffer
806 buffer_reserve(&vs->output, vs->zlib.offset + 64);
807
808 // set pointers
809 zstream->next_in = vs->zlib.buffer;
810 zstream->avail_in = vs->zlib.offset;
811 zstream->next_out = vs->output.buffer + vs->output.offset;
812 zstream->avail_out = vs->output.capacity - vs->output.offset;
813 zstream->data_type = Z_BINARY;
814 previous_out = zstream->total_out;
815
816 // start encoding
817 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
818 fprintf(stderr, "VNC: error during zlib compression\n");
819 return -1;
820 }
821
822 vs->output.offset = vs->output.capacity - zstream->avail_out;
823 return zstream->total_out - previous_out;
824 }
825
826 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
827 {
828 int old_offset, new_offset, bytes_written;
829
830 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
831
832 // remember where we put in the follow-up size
833 old_offset = vs->output.offset;
834 vnc_write_s32(vs, 0);
835
836 // compress the stream
837 vnc_zlib_start(vs);
838 send_framebuffer_update_raw(vs, x, y, w, h);
839 bytes_written = vnc_zlib_stop(vs, 0);
840
841 if (bytes_written == -1)
842 return;
843
844 // hack in the size
845 new_offset = vs->output.offset;
846 vs->output.offset = old_offset;
847 vnc_write_u32(vs, bytes_written);
848 vs->output.offset = new_offset;
849 }
850
851 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
852 {
853 switch(vs->vnc_encoding) {
854 case VNC_ENCODING_ZLIB:
855 send_framebuffer_update_zlib(vs, x, y, w, h);
856 break;
857 case VNC_ENCODING_HEXTILE:
858 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
859 send_framebuffer_update_hextile(vs, x, y, w, h);
860 break;
861 default:
862 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
863 send_framebuffer_update_raw(vs, x, y, w, h);
864 break;
865 }
866 }
867
868 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
869 {
870 /* send bitblit op to the vnc client */
871 vnc_write_u8(vs, 0); /* msg id */
872 vnc_write_u8(vs, 0);
873 vnc_write_u16(vs, 1); /* number of rects */
874 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
875 vnc_write_u16(vs, src_x);
876 vnc_write_u16(vs, src_y);
877 vnc_flush(vs);
878 }
879
880 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
881 {
882 VncDisplay *vd = ds->opaque;
883 VncState *vs, *vn;
884 uint8_t *src_row;
885 uint8_t *dst_row;
886 int i,x,y,pitch,depth,inc,w_lim,s;
887 int cmp_bytes;
888
889 vnc_refresh_server_surface(vd);
890 for (vs = vd->clients; vs != NULL; vs = vn) {
891 vn = vs->next;
892 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
893 vs->force_update = 1;
894 vnc_update_client(vs, 1);
895 /* vs might be free()ed here */
896 }
897 }
898
899 /* do bitblit op on the local surface too */
900 pitch = ds_get_linesize(vd->ds);
901 depth = ds_get_bytes_per_pixel(vd->ds);
902 src_row = vd->server->data + pitch * src_y + depth * src_x;
903 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
904 y = dst_y;
905 inc = 1;
906 if (dst_y > src_y) {
907 /* copy backwards */
908 src_row += pitch * (h-1);
909 dst_row += pitch * (h-1);
910 pitch = -pitch;
911 y = dst_y + h - 1;
912 inc = -1;
913 }
914 w_lim = w - (16 - (dst_x % 16));
915 if (w_lim < 0)
916 w_lim = w;
917 else
918 w_lim = w - (w_lim % 16);
919 for (i = 0; i < h; i++) {
920 for (x = 0; x <= w_lim;
921 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
922 if (x == w_lim) {
923 if ((s = w - w_lim) == 0)
924 break;
925 } else if (!x) {
926 s = (16 - (dst_x % 16));
927 s = MIN(s, w_lim);
928 } else {
929 s = 16;
930 }
931 cmp_bytes = s * depth;
932 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
933 continue;
934 memmove(dst_row, src_row, cmp_bytes);
935 vs = vd->clients;
936 while (vs != NULL) {
937 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
938 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
939 vs = vs->next;
940 }
941 }
942 src_row += pitch - w * depth;
943 dst_row += pitch - w * depth;
944 y += inc;
945 }
946
947 for (vs = vd->clients; vs != NULL; vs = vs->next) {
948 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
949 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
950 }
951 }
952
953 static int find_and_clear_dirty_height(struct VncState *vs,
954 int y, int last_x, int x)
955 {
956 int h;
957 VncDisplay *vd = vs->vd;
958
959 for (h = 1; h < (vd->server->height - y); h++) {
960 int tmp_x;
961 if (!vnc_get_bit(vs->dirty[y + h], last_x))
962 break;
963 for (tmp_x = last_x; tmp_x < x; tmp_x++)
964 vnc_clear_bit(vs->dirty[y + h], tmp_x);
965 }
966
967 return h;
968 }
969
970 static int vnc_update_client(VncState *vs, int has_dirty)
971 {
972 if (vs->need_update && vs->csock != -1) {
973 VncDisplay *vd = vs->vd;
974 int y;
975 int n_rectangles;
976 int saved_offset;
977
978 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
979 /* kernel send buffers are full -> drop frames to throttle */
980 return 0;
981
982 if (!has_dirty && !vs->audio_cap && !vs->force_update)
983 return 0;
984
985 /*
986 * Send screen updates to the vnc client using the server
987 * surface and server dirty map. guest surface updates
988 * happening in parallel don't disturb us, the next pass will
989 * send them to the client.
990 */
991 n_rectangles = 0;
992 vnc_write_u8(vs, 0); /* msg id */
993 vnc_write_u8(vs, 0);
994 saved_offset = vs->output.offset;
995 vnc_write_u16(vs, 0);
996
997 for (y = 0; y < vd->server->height; y++) {
998 int x;
999 int last_x = -1;
1000 for (x = 0; x < vd->server->width / 16; x++) {
1001 if (vnc_get_bit(vs->dirty[y], x)) {
1002 if (last_x == -1) {
1003 last_x = x;
1004 }
1005 vnc_clear_bit(vs->dirty[y], x);
1006 } else {
1007 if (last_x != -1) {
1008 int h = find_and_clear_dirty_height(vs, y, last_x, x);
1009 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
1010 n_rectangles++;
1011 }
1012 last_x = -1;
1013 }
1014 }
1015 if (last_x != -1) {
1016 int h = find_and_clear_dirty_height(vs, y, last_x, x);
1017 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
1018 n_rectangles++;
1019 }
1020 }
1021 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
1022 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
1023 vnc_flush(vs);
1024 vs->force_update = 0;
1025 return n_rectangles;
1026 }
1027
1028 if (vs->csock == -1)
1029 vnc_disconnect_finish(vs);
1030
1031 return 0;
1032 }
1033
1034 /* audio */
1035 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1036 {
1037 VncState *vs = opaque;
1038
1039 switch (cmd) {
1040 case AUD_CNOTIFY_DISABLE:
1041 vnc_write_u8(vs, 255);
1042 vnc_write_u8(vs, 1);
1043 vnc_write_u16(vs, 0);
1044 vnc_flush(vs);
1045 break;
1046
1047 case AUD_CNOTIFY_ENABLE:
1048 vnc_write_u8(vs, 255);
1049 vnc_write_u8(vs, 1);
1050 vnc_write_u16(vs, 1);
1051 vnc_flush(vs);
1052 break;
1053 }
1054 }
1055
1056 static void audio_capture_destroy(void *opaque)
1057 {
1058 }
1059
1060 static void audio_capture(void *opaque, void *buf, int size)
1061 {
1062 VncState *vs = opaque;
1063
1064 vnc_write_u8(vs, 255);
1065 vnc_write_u8(vs, 1);
1066 vnc_write_u16(vs, 2);
1067 vnc_write_u32(vs, size);
1068 vnc_write(vs, buf, size);
1069 vnc_flush(vs);
1070 }
1071
1072 static void audio_add(VncState *vs)
1073 {
1074 Monitor *mon = cur_mon;
1075 struct audio_capture_ops ops;
1076
1077 if (vs->audio_cap) {
1078 monitor_printf(mon, "audio already running\n");
1079 return;
1080 }
1081
1082 ops.notify = audio_capture_notify;
1083 ops.destroy = audio_capture_destroy;
1084 ops.capture = audio_capture;
1085
1086 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1087 if (!vs->audio_cap) {
1088 monitor_printf(mon, "Failed to add audio capture\n");
1089 }
1090 }
1091
1092 static void audio_del(VncState *vs)
1093 {
1094 if (vs->audio_cap) {
1095 AUD_del_capture(vs->audio_cap, vs);
1096 vs->audio_cap = NULL;
1097 }
1098 }
1099
1100 static void vnc_disconnect_start(VncState *vs)
1101 {
1102 if (vs->csock == -1)
1103 return;
1104 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1105 closesocket(vs->csock);
1106 vs->csock = -1;
1107 }
1108
1109 static void vnc_disconnect_finish(VncState *vs)
1110 {
1111 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1112
1113 if (vs->input.buffer) {
1114 qemu_free(vs->input.buffer);
1115 vs->input.buffer = NULL;
1116 }
1117 if (vs->output.buffer) {
1118 qemu_free(vs->output.buffer);
1119 vs->output.buffer = NULL;
1120 }
1121
1122 qobject_decref(vs->info);
1123
1124 #ifdef CONFIG_VNC_TLS
1125 vnc_tls_client_cleanup(vs);
1126 #endif /* CONFIG_VNC_TLS */
1127 #ifdef CONFIG_VNC_SASL
1128 vnc_sasl_client_cleanup(vs);
1129 #endif /* CONFIG_VNC_SASL */
1130 audio_del(vs);
1131
1132 VncState *p, *parent = NULL;
1133 for (p = vs->vd->clients; p != NULL; p = p->next) {
1134 if (p == vs) {
1135 if (parent)
1136 parent->next = p->next;
1137 else
1138 vs->vd->clients = p->next;
1139 break;
1140 }
1141 parent = p;
1142 }
1143 if (!vs->vd->clients)
1144 dcl->idle = 1;
1145
1146 vnc_remove_timer(vs->vd);
1147 qemu_free(vs);
1148 }
1149
1150 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1151 {
1152 if (ret == 0 || ret == -1) {
1153 if (ret == -1) {
1154 switch (last_errno) {
1155 case EINTR:
1156 case EAGAIN:
1157 #ifdef _WIN32
1158 case WSAEWOULDBLOCK:
1159 #endif
1160 return 0;
1161 default:
1162 break;
1163 }
1164 }
1165
1166 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1167 ret, ret < 0 ? last_errno : 0);
1168 vnc_disconnect_start(vs);
1169
1170 return 0;
1171 }
1172 return ret;
1173 }
1174
1175
1176 void vnc_client_error(VncState *vs)
1177 {
1178 VNC_DEBUG("Closing down client sock: protocol error\n");
1179 vnc_disconnect_start(vs);
1180 }
1181
1182
1183 /*
1184 * Called to write a chunk of data to the client socket. The data may
1185 * be the raw data, or may have already been encoded by SASL.
1186 * The data will be written either straight onto the socket, or
1187 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1188 *
1189 * NB, it is theoretically possible to have 2 layers of encryption,
1190 * both SASL, and this TLS layer. It is highly unlikely in practice
1191 * though, since SASL encryption will typically be a no-op if TLS
1192 * is active
1193 *
1194 * Returns the number of bytes written, which may be less than
1195 * the requested 'datalen' if the socket would block. Returns
1196 * -1 on error, and disconnects the client socket.
1197 */
1198 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1199 {
1200 long ret;
1201 #ifdef CONFIG_VNC_TLS
1202 if (vs->tls.session) {
1203 ret = gnutls_write(vs->tls.session, data, datalen);
1204 if (ret < 0) {
1205 if (ret == GNUTLS_E_AGAIN)
1206 errno = EAGAIN;
1207 else
1208 errno = EIO;
1209 ret = -1;
1210 }
1211 } else
1212 #endif /* CONFIG_VNC_TLS */
1213 ret = send(vs->csock, (const void *)data, datalen, 0);
1214 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1215 return vnc_client_io_error(vs, ret, socket_error());
1216 }
1217
1218
1219 /*
1220 * Called to write buffered data to the client socket, when not
1221 * using any SASL SSF encryption layers. Will write as much data
1222 * as possible without blocking. If all buffered data is written,
1223 * will switch the FD poll() handler back to read monitoring.
1224 *
1225 * Returns the number of bytes written, which may be less than
1226 * the buffered output data if the socket would block. Returns
1227 * -1 on error, and disconnects the client socket.
1228 */
1229 static long vnc_client_write_plain(VncState *vs)
1230 {
1231 long ret;
1232
1233 #ifdef CONFIG_VNC_SASL
1234 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1235 vs->output.buffer, vs->output.capacity, vs->output.offset,
1236 vs->sasl.waitWriteSSF);
1237
1238 if (vs->sasl.conn &&
1239 vs->sasl.runSSF &&
1240 vs->sasl.waitWriteSSF) {
1241 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1242 if (ret)
1243 vs->sasl.waitWriteSSF -= ret;
1244 } else
1245 #endif /* CONFIG_VNC_SASL */
1246 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1247 if (!ret)
1248 return 0;
1249
1250 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1251 vs->output.offset -= ret;
1252
1253 if (vs->output.offset == 0) {
1254 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1255 }
1256
1257 return ret;
1258 }
1259
1260
1261 /*
1262 * First function called whenever there is data to be written to
1263 * the client socket. Will delegate actual work according to whether
1264 * SASL SSF layers are enabled (thus requiring encryption calls)
1265 */
1266 void vnc_client_write(void *opaque)
1267 {
1268 long ret;
1269 VncState *vs = opaque;
1270
1271 #ifdef CONFIG_VNC_SASL
1272 if (vs->sasl.conn &&
1273 vs->sasl.runSSF &&
1274 !vs->sasl.waitWriteSSF)
1275 ret = vnc_client_write_sasl(vs);
1276 else
1277 #endif /* CONFIG_VNC_SASL */
1278 ret = vnc_client_write_plain(vs);
1279 }
1280
1281 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1282 {
1283 vs->read_handler = func;
1284 vs->read_handler_expect = expecting;
1285 }
1286
1287
1288 /*
1289 * Called to read a chunk of data from the client socket. The data may
1290 * be the raw data, or may need to be further decoded by SASL.
1291 * The data will be read either straight from to the socket, or
1292 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1293 *
1294 * NB, it is theoretically possible to have 2 layers of encryption,
1295 * both SASL, and this TLS layer. It is highly unlikely in practice
1296 * though, since SASL encryption will typically be a no-op if TLS
1297 * is active
1298 *
1299 * Returns the number of bytes read, which may be less than
1300 * the requested 'datalen' if the socket would block. Returns
1301 * -1 on error, and disconnects the client socket.
1302 */
1303 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1304 {
1305 long ret;
1306 #ifdef CONFIG_VNC_TLS
1307 if (vs->tls.session) {
1308 ret = gnutls_read(vs->tls.session, data, datalen);
1309 if (ret < 0) {
1310 if (ret == GNUTLS_E_AGAIN)
1311 errno = EAGAIN;
1312 else
1313 errno = EIO;
1314 ret = -1;
1315 }
1316 } else
1317 #endif /* CONFIG_VNC_TLS */
1318 ret = recv(vs->csock, (void *)data, datalen, 0);
1319 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1320 return vnc_client_io_error(vs, ret, socket_error());
1321 }
1322
1323
1324 /*
1325 * Called to read data from the client socket to the input buffer,
1326 * when not using any SASL SSF encryption layers. Will read as much
1327 * data as possible without blocking.
1328 *
1329 * Returns the number of bytes read. Returns -1 on error, and
1330 * disconnects the client socket.
1331 */
1332 static long vnc_client_read_plain(VncState *vs)
1333 {
1334 int ret;
1335 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1336 vs->input.buffer, vs->input.capacity, vs->input.offset);
1337 buffer_reserve(&vs->input, 4096);
1338 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1339 if (!ret)
1340 return 0;
1341 vs->input.offset += ret;
1342 return ret;
1343 }
1344
1345
1346 /*
1347 * First function called whenever there is more data to be read from
1348 * the client socket. Will delegate actual work according to whether
1349 * SASL SSF layers are enabled (thus requiring decryption calls)
1350 */
1351 void vnc_client_read(void *opaque)
1352 {
1353 VncState *vs = opaque;
1354 long ret;
1355
1356 #ifdef CONFIG_VNC_SASL
1357 if (vs->sasl.conn && vs->sasl.runSSF)
1358 ret = vnc_client_read_sasl(vs);
1359 else
1360 #endif /* CONFIG_VNC_SASL */
1361 ret = vnc_client_read_plain(vs);
1362 if (!ret) {
1363 if (vs->csock == -1)
1364 vnc_disconnect_finish(vs);
1365 return;
1366 }
1367
1368 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1369 size_t len = vs->read_handler_expect;
1370 int ret;
1371
1372 ret = vs->read_handler(vs, vs->input.buffer, len);
1373 if (vs->csock == -1) {
1374 vnc_disconnect_finish(vs);
1375 return;
1376 }
1377
1378 if (!ret) {
1379 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1380 vs->input.offset -= len;
1381 } else {
1382 vs->read_handler_expect = ret;
1383 }
1384 }
1385 }
1386
1387 void vnc_write(VncState *vs, const void *data, size_t len)
1388 {
1389 buffer_reserve(&vs->output, len);
1390
1391 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1392 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1393 }
1394
1395 buffer_append(&vs->output, data, len);
1396 }
1397
1398 void vnc_write_s32(VncState *vs, int32_t value)
1399 {
1400 vnc_write_u32(vs, *(uint32_t *)&value);
1401 }
1402
1403 void vnc_write_u32(VncState *vs, uint32_t value)
1404 {
1405 uint8_t buf[4];
1406
1407 buf[0] = (value >> 24) & 0xFF;
1408 buf[1] = (value >> 16) & 0xFF;
1409 buf[2] = (value >> 8) & 0xFF;
1410 buf[3] = value & 0xFF;
1411
1412 vnc_write(vs, buf, 4);
1413 }
1414
1415 void vnc_write_u16(VncState *vs, uint16_t value)
1416 {
1417 uint8_t buf[2];
1418
1419 buf[0] = (value >> 8) & 0xFF;
1420 buf[1] = value & 0xFF;
1421
1422 vnc_write(vs, buf, 2);
1423 }
1424
1425 void vnc_write_u8(VncState *vs, uint8_t value)
1426 {
1427 vnc_write(vs, (char *)&value, 1);
1428 }
1429
1430 void vnc_flush(VncState *vs)
1431 {
1432 if (vs->csock != -1 && vs->output.offset)
1433 vnc_client_write(vs);
1434 }
1435
1436 uint8_t read_u8(uint8_t *data, size_t offset)
1437 {
1438 return data[offset];
1439 }
1440
1441 uint16_t read_u16(uint8_t *data, size_t offset)
1442 {
1443 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1444 }
1445
1446 int32_t read_s32(uint8_t *data, size_t offset)
1447 {
1448 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1449 (data[offset + 2] << 8) | data[offset + 3]);
1450 }
1451
1452 uint32_t read_u32(uint8_t *data, size_t offset)
1453 {
1454 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1455 (data[offset + 2] << 8) | data[offset + 3]);
1456 }
1457
1458 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1459 {
1460 }
1461
1462 static void check_pointer_type_change(VncState *vs, int absolute)
1463 {
1464 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1465 vnc_write_u8(vs, 0);
1466 vnc_write_u8(vs, 0);
1467 vnc_write_u16(vs, 1);
1468 vnc_framebuffer_update(vs, absolute, 0,
1469 ds_get_width(vs->ds), ds_get_height(vs->ds),
1470 VNC_ENCODING_POINTER_TYPE_CHANGE);
1471 vnc_flush(vs);
1472 }
1473 vs->absolute = absolute;
1474 }
1475
1476 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1477 {
1478 int buttons = 0;
1479 int dz = 0;
1480
1481 if (button_mask & 0x01)
1482 buttons |= MOUSE_EVENT_LBUTTON;
1483 if (button_mask & 0x02)
1484 buttons |= MOUSE_EVENT_MBUTTON;
1485 if (button_mask & 0x04)
1486 buttons |= MOUSE_EVENT_RBUTTON;
1487 if (button_mask & 0x08)
1488 dz = -1;
1489 if (button_mask & 0x10)
1490 dz = 1;
1491
1492 if (vs->absolute) {
1493 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1494 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1495 dz, buttons);
1496 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1497 x -= 0x7FFF;
1498 y -= 0x7FFF;
1499
1500 kbd_mouse_event(x, y, dz, buttons);
1501 } else {
1502 if (vs->last_x != -1)
1503 kbd_mouse_event(x - vs->last_x,
1504 y - vs->last_y,
1505 dz, buttons);
1506 vs->last_x = x;
1507 vs->last_y = y;
1508 }
1509
1510 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1511 }
1512
1513 static void reset_keys(VncState *vs)
1514 {
1515 int i;
1516 for(i = 0; i < 256; i++) {
1517 if (vs->modifiers_state[i]) {
1518 if (i & 0x80)
1519 kbd_put_keycode(0xe0);
1520 kbd_put_keycode(i | 0x80);
1521 vs->modifiers_state[i] = 0;
1522 }
1523 }
1524 }
1525
1526 static void press_key(VncState *vs, int keysym)
1527 {
1528 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1529 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1530 }
1531
1532 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1533 {
1534 /* QEMU console switch */
1535 switch(keycode) {
1536 case 0x2a: /* Left Shift */
1537 case 0x36: /* Right Shift */
1538 case 0x1d: /* Left CTRL */
1539 case 0x9d: /* Right CTRL */
1540 case 0x38: /* Left ALT */
1541 case 0xb8: /* Right ALT */
1542 if (down)
1543 vs->modifiers_state[keycode] = 1;
1544 else
1545 vs->modifiers_state[keycode] = 0;
1546 break;
1547 case 0x02 ... 0x0a: /* '1' to '9' keys */
1548 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1549 /* Reset the modifiers sent to the current console */
1550 reset_keys(vs);
1551 console_select(keycode - 0x02);
1552 return;
1553 }
1554 break;
1555 case 0x3a: /* CapsLock */
1556 case 0x45: /* NumLock */
1557 if (!down)
1558 vs->modifiers_state[keycode] ^= 1;
1559 break;
1560 }
1561
1562 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1563 /* If the numlock state needs to change then simulate an additional
1564 keypress before sending this one. This will happen if the user
1565 toggles numlock away from the VNC window.
1566 */
1567 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1568 if (!vs->modifiers_state[0x45]) {
1569 vs->modifiers_state[0x45] = 1;
1570 press_key(vs, 0xff7f);
1571 }
1572 } else {
1573 if (vs->modifiers_state[0x45]) {
1574 vs->modifiers_state[0x45] = 0;
1575 press_key(vs, 0xff7f);
1576 }
1577 }
1578 }
1579
1580 if ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z')) {
1581 /* If the capslock state needs to change then simulate an additional
1582 keypress before sending this one. This will happen if the user
1583 toggles capslock away from the VNC window.
1584 */
1585 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1586 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1587 int capslock = !!(vs->modifiers_state[0x3a]);
1588 if (capslock) {
1589 if (uppercase == shift) {
1590 vs->modifiers_state[0x3a] = 0;
1591 press_key(vs, 0xffe5);
1592 }
1593 } else {
1594 if (uppercase != shift) {
1595 vs->modifiers_state[0x3a] = 1;
1596 press_key(vs, 0xffe5);
1597 }
1598 }
1599 }
1600
1601 if (is_graphic_console()) {
1602 if (keycode & 0x80)
1603 kbd_put_keycode(0xe0);
1604 if (down)
1605 kbd_put_keycode(keycode & 0x7f);
1606 else
1607 kbd_put_keycode(keycode | 0x80);
1608 } else {
1609 /* QEMU console emulation */
1610 if (down) {
1611 int numlock = vs->modifiers_state[0x45];
1612 switch (keycode) {
1613 case 0x2a: /* Left Shift */
1614 case 0x36: /* Right Shift */
1615 case 0x1d: /* Left CTRL */
1616 case 0x9d: /* Right CTRL */
1617 case 0x38: /* Left ALT */
1618 case 0xb8: /* Right ALT */
1619 break;
1620 case 0xc8:
1621 kbd_put_keysym(QEMU_KEY_UP);
1622 break;
1623 case 0xd0:
1624 kbd_put_keysym(QEMU_KEY_DOWN);
1625 break;
1626 case 0xcb:
1627 kbd_put_keysym(QEMU_KEY_LEFT);
1628 break;
1629 case 0xcd:
1630 kbd_put_keysym(QEMU_KEY_RIGHT);
1631 break;
1632 case 0xd3:
1633 kbd_put_keysym(QEMU_KEY_DELETE);
1634 break;
1635 case 0xc7:
1636 kbd_put_keysym(QEMU_KEY_HOME);
1637 break;
1638 case 0xcf:
1639 kbd_put_keysym(QEMU_KEY_END);
1640 break;
1641 case 0xc9:
1642 kbd_put_keysym(QEMU_KEY_PAGEUP);
1643 break;
1644 case 0xd1:
1645 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1646 break;
1647
1648 case 0x47:
1649 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1650 break;
1651 case 0x48:
1652 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1653 break;
1654 case 0x49:
1655 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1656 break;
1657 case 0x4b:
1658 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1659 break;
1660 case 0x4c:
1661 kbd_put_keysym('5');
1662 break;
1663 case 0x4d:
1664 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1665 break;
1666 case 0x4f:
1667 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1668 break;
1669 case 0x50:
1670 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1671 break;
1672 case 0x51:
1673 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1674 break;
1675 case 0x52:
1676 kbd_put_keysym('0');
1677 break;
1678 case 0x53:
1679 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1680 break;
1681
1682 case 0xb5:
1683 kbd_put_keysym('/');
1684 break;
1685 case 0x37:
1686 kbd_put_keysym('*');
1687 break;
1688 case 0x4a:
1689 kbd_put_keysym('-');
1690 break;
1691 case 0x4e:
1692 kbd_put_keysym('+');
1693 break;
1694 case 0x9c:
1695 kbd_put_keysym('\n');
1696 break;
1697
1698 default:
1699 kbd_put_keysym(sym);
1700 break;
1701 }
1702 }
1703 }
1704 }
1705
1706 static void key_event(VncState *vs, int down, uint32_t sym)
1707 {
1708 int keycode;
1709 int lsym = sym;
1710
1711 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1712 lsym = lsym - 'A' + 'a';
1713 }
1714
1715 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF);
1716 do_key_event(vs, down, keycode, sym);
1717 }
1718
1719 static void ext_key_event(VncState *vs, int down,
1720 uint32_t sym, uint16_t keycode)
1721 {
1722 /* if the user specifies a keyboard layout, always use it */
1723 if (keyboard_layout)
1724 key_event(vs, down, sym);
1725 else
1726 do_key_event(vs, down, keycode, sym);
1727 }
1728
1729 static void framebuffer_update_request(VncState *vs, int incremental,
1730 int x_position, int y_position,
1731 int w, int h)
1732 {
1733 if (x_position > ds_get_width(vs->ds))
1734 x_position = ds_get_width(vs->ds);
1735 if (y_position > ds_get_height(vs->ds))
1736 y_position = ds_get_height(vs->ds);
1737 if (x_position + w >= ds_get_width(vs->ds))
1738 w = ds_get_width(vs->ds) - x_position;
1739 if (y_position + h >= ds_get_height(vs->ds))
1740 h = ds_get_height(vs->ds) - y_position;
1741
1742 int i;
1743 vs->need_update = 1;
1744 if (!incremental) {
1745 vs->force_update = 1;
1746 for (i = 0; i < h; i++) {
1747 vnc_set_bits(vs->dirty[y_position + i],
1748 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1749 }
1750 }
1751 }
1752
1753 static void send_ext_key_event_ack(VncState *vs)
1754 {
1755 vnc_write_u8(vs, 0);
1756 vnc_write_u8(vs, 0);
1757 vnc_write_u16(vs, 1);
1758 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1759 VNC_ENCODING_EXT_KEY_EVENT);
1760 vnc_flush(vs);
1761 }
1762
1763 static void send_ext_audio_ack(VncState *vs)
1764 {
1765 vnc_write_u8(vs, 0);
1766 vnc_write_u8(vs, 0);
1767 vnc_write_u16(vs, 1);
1768 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1769 VNC_ENCODING_AUDIO);
1770 vnc_flush(vs);
1771 }
1772
1773 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1774 {
1775 int i;
1776 unsigned int enc = 0;
1777
1778 vnc_zlib_init(vs);
1779 vs->features = 0;
1780 vs->vnc_encoding = 0;
1781 vs->tight_compression = 9;
1782 vs->tight_quality = 9;
1783 vs->absolute = -1;
1784
1785 for (i = n_encodings - 1; i >= 0; i--) {
1786 enc = encodings[i];
1787 switch (enc) {
1788 case VNC_ENCODING_RAW:
1789 vs->vnc_encoding = enc;
1790 break;
1791 case VNC_ENCODING_COPYRECT:
1792 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1793 break;
1794 case VNC_ENCODING_HEXTILE:
1795 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1796 vs->vnc_encoding = enc;
1797 break;
1798 case VNC_ENCODING_ZLIB:
1799 vs->features |= VNC_FEATURE_ZLIB_MASK;
1800 vs->vnc_encoding = enc;
1801 break;
1802 case VNC_ENCODING_DESKTOPRESIZE:
1803 vs->features |= VNC_FEATURE_RESIZE_MASK;
1804 break;
1805 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1806 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1807 break;
1808 case VNC_ENCODING_EXT_KEY_EVENT:
1809 send_ext_key_event_ack(vs);
1810 break;
1811 case VNC_ENCODING_AUDIO:
1812 send_ext_audio_ack(vs);
1813 break;
1814 case VNC_ENCODING_WMVi:
1815 vs->features |= VNC_FEATURE_WMVI_MASK;
1816 break;
1817 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1818 vs->tight_compression = (enc & 0x0F);
1819 break;
1820 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1821 vs->tight_quality = (enc & 0x0F);
1822 break;
1823 default:
1824 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1825 break;
1826 }
1827 }
1828
1829 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1830 }
1831
1832 static void set_pixel_conversion(VncState *vs)
1833 {
1834 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1835 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1836 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1837 vs->write_pixels = vnc_write_pixels_copy;
1838 switch (vs->ds->surface->pf.bits_per_pixel) {
1839 case 8:
1840 vs->send_hextile_tile = send_hextile_tile_8;
1841 break;
1842 case 16:
1843 vs->send_hextile_tile = send_hextile_tile_16;
1844 break;
1845 case 32:
1846 vs->send_hextile_tile = send_hextile_tile_32;
1847 break;
1848 }
1849 } else {
1850 vs->write_pixels = vnc_write_pixels_generic;
1851 switch (vs->ds->surface->pf.bits_per_pixel) {
1852 case 8:
1853 vs->send_hextile_tile = send_hextile_tile_generic_8;
1854 break;
1855 case 16:
1856 vs->send_hextile_tile = send_hextile_tile_generic_16;
1857 break;
1858 case 32:
1859 vs->send_hextile_tile = send_hextile_tile_generic_32;
1860 break;
1861 }
1862 }
1863 }
1864
1865 static void set_pixel_format(VncState *vs,
1866 int bits_per_pixel, int depth,
1867 int big_endian_flag, int true_color_flag,
1868 int red_max, int green_max, int blue_max,
1869 int red_shift, int green_shift, int blue_shift)
1870 {
1871 if (!true_color_flag) {
1872 vnc_client_error(vs);
1873 return;
1874 }
1875
1876 vs->clientds = *(vs->vd->guest.ds);
1877 vs->clientds.pf.rmax = red_max;
1878 count_bits(vs->clientds.pf.rbits, red_max);
1879 vs->clientds.pf.rshift = red_shift;
1880 vs->clientds.pf.rmask = red_max << red_shift;
1881 vs->clientds.pf.gmax = green_max;
1882 count_bits(vs->clientds.pf.gbits, green_max);
1883 vs->clientds.pf.gshift = green_shift;
1884 vs->clientds.pf.gmask = green_max << green_shift;
1885 vs->clientds.pf.bmax = blue_max;
1886 count_bits(vs->clientds.pf.bbits, blue_max);
1887 vs->clientds.pf.bshift = blue_shift;
1888 vs->clientds.pf.bmask = blue_max << blue_shift;
1889 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1890 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1891 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1892 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1893
1894 set_pixel_conversion(vs);
1895
1896 vga_hw_invalidate();
1897 vga_hw_update();
1898 }
1899
1900 static void pixel_format_message (VncState *vs) {
1901 char pad[3] = { 0, 0, 0 };
1902
1903 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1904 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1905
1906 #ifdef HOST_WORDS_BIGENDIAN
1907 vnc_write_u8(vs, 1); /* big-endian-flag */
1908 #else
1909 vnc_write_u8(vs, 0); /* big-endian-flag */
1910 #endif
1911 vnc_write_u8(vs, 1); /* true-color-flag */
1912 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1913 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1914 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1915 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1916 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1917 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1918 if (vs->ds->surface->pf.bits_per_pixel == 32)
1919 vs->send_hextile_tile = send_hextile_tile_32;
1920 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1921 vs->send_hextile_tile = send_hextile_tile_16;
1922 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1923 vs->send_hextile_tile = send_hextile_tile_8;
1924 vs->clientds = *(vs->ds->surface);
1925 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1926 vs->write_pixels = vnc_write_pixels_copy;
1927
1928 vnc_write(vs, pad, 3); /* padding */
1929 }
1930
1931 static void vnc_dpy_setdata(DisplayState *ds)
1932 {
1933 /* We don't have to do anything */
1934 }
1935
1936 static void vnc_colordepth(VncState *vs)
1937 {
1938 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1939 /* Sending a WMVi message to notify the client*/
1940 vnc_write_u8(vs, 0); /* msg id */
1941 vnc_write_u8(vs, 0);
1942 vnc_write_u16(vs, 1); /* number of rects */
1943 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1944 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1945 pixel_format_message(vs);
1946 vnc_flush(vs);
1947 } else {
1948 set_pixel_conversion(vs);
1949 }
1950 }
1951
1952 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1953 {
1954 int i;
1955 uint16_t limit;
1956 VncDisplay *vd = vs->vd;
1957
1958 if (data[0] > 3) {
1959 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1960 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1961 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1962 }
1963
1964 switch (data[0]) {
1965 case 0:
1966 if (len == 1)
1967 return 20;
1968
1969 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1970 read_u8(data, 6), read_u8(data, 7),
1971 read_u16(data, 8), read_u16(data, 10),
1972 read_u16(data, 12), read_u8(data, 14),
1973 read_u8(data, 15), read_u8(data, 16));
1974 break;
1975 case 2:
1976 if (len == 1)
1977 return 4;
1978
1979 if (len == 4) {
1980 limit = read_u16(data, 2);
1981 if (limit > 0)
1982 return 4 + (limit * 4);
1983 } else
1984 limit = read_u16(data, 2);
1985
1986 for (i = 0; i < limit; i++) {
1987 int32_t val = read_s32(data, 4 + (i * 4));
1988 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1989 }
1990
1991 set_encodings(vs, (int32_t *)(data + 4), limit);
1992 break;
1993 case 3:
1994 if (len == 1)
1995 return 10;
1996
1997 framebuffer_update_request(vs,
1998 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1999 read_u16(data, 6), read_u16(data, 8));
2000 break;
2001 case 4:
2002 if (len == 1)
2003 return 8;
2004
2005 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2006 break;
2007 case 5:
2008 if (len == 1)
2009 return 6;
2010
2011 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2012 break;
2013 case 6:
2014 if (len == 1)
2015 return 8;
2016
2017 if (len == 8) {
2018 uint32_t dlen = read_u32(data, 4);
2019 if (dlen > 0)
2020 return 8 + dlen;
2021 }
2022
2023 client_cut_text(vs, read_u32(data, 4), data + 8);
2024 break;
2025 case 255:
2026 if (len == 1)
2027 return 2;
2028
2029 switch (read_u8(data, 1)) {
2030 case 0:
2031 if (len == 2)
2032 return 12;
2033
2034 ext_key_event(vs, read_u16(data, 2),
2035 read_u32(data, 4), read_u32(data, 8));
2036 break;
2037 case 1:
2038 if (len == 2)
2039 return 4;
2040
2041 switch (read_u16 (data, 2)) {
2042 case 0:
2043 audio_add(vs);
2044 break;
2045 case 1:
2046 audio_del(vs);
2047 break;
2048 case 2:
2049 if (len == 4)
2050 return 10;
2051 switch (read_u8(data, 4)) {
2052 case 0: vs->as.fmt = AUD_FMT_U8; break;
2053 case 1: vs->as.fmt = AUD_FMT_S8; break;
2054 case 2: vs->as.fmt = AUD_FMT_U16; break;
2055 case 3: vs->as.fmt = AUD_FMT_S16; break;
2056 case 4: vs->as.fmt = AUD_FMT_U32; break;
2057 case 5: vs->as.fmt = AUD_FMT_S32; break;
2058 default:
2059 printf("Invalid audio format %d\n", read_u8(data, 4));
2060 vnc_client_error(vs);
2061 break;
2062 }
2063 vs->as.nchannels = read_u8(data, 5);
2064 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2065 printf("Invalid audio channel coount %d\n",
2066 read_u8(data, 5));
2067 vnc_client_error(vs);
2068 break;
2069 }
2070 vs->as.freq = read_u32(data, 6);
2071 break;
2072 default:
2073 printf ("Invalid audio message %d\n", read_u8(data, 4));
2074 vnc_client_error(vs);
2075 break;
2076 }
2077 break;
2078
2079 default:
2080 printf("Msg: %d\n", read_u16(data, 0));
2081 vnc_client_error(vs);
2082 break;
2083 }
2084 break;
2085 default:
2086 printf("Msg: %d\n", data[0]);
2087 vnc_client_error(vs);
2088 break;
2089 }
2090
2091 vnc_read_when(vs, protocol_client_msg, 1);
2092 return 0;
2093 }
2094
2095 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2096 {
2097 char buf[1024];
2098 int size;
2099
2100 vnc_write_u16(vs, ds_get_width(vs->ds));
2101 vnc_write_u16(vs, ds_get_height(vs->ds));
2102
2103 pixel_format_message(vs);
2104
2105 if (qemu_name)
2106 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2107 else
2108 size = snprintf(buf, sizeof(buf), "QEMU");
2109
2110 vnc_write_u32(vs, size);
2111 vnc_write(vs, buf, size);
2112 vnc_flush(vs);
2113
2114 vnc_client_cache_auth(vs);
2115 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2116
2117 vnc_read_when(vs, protocol_client_msg, 1);
2118
2119 return 0;
2120 }
2121
2122 void start_client_init(VncState *vs)
2123 {
2124 vnc_read_when(vs, protocol_client_init, 1);
2125 }
2126
2127 static void make_challenge(VncState *vs)
2128 {
2129 int i;
2130
2131 srand(time(NULL)+getpid()+getpid()*987654+rand());
2132
2133 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2134 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2135 }
2136
2137 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2138 {
2139 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2140 int i, j, pwlen;
2141 unsigned char key[8];
2142
2143 if (!vs->vd->password || !vs->vd->password[0]) {
2144 VNC_DEBUG("No password configured on server");
2145 vnc_write_u32(vs, 1); /* Reject auth */
2146 if (vs->minor >= 8) {
2147 static const char err[] = "Authentication failed";
2148 vnc_write_u32(vs, sizeof(err));
2149 vnc_write(vs, err, sizeof(err));
2150 }
2151 vnc_flush(vs);
2152 vnc_client_error(vs);
2153 return 0;
2154 }
2155
2156 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2157
2158 /* Calculate the expected challenge response */
2159 pwlen = strlen(vs->vd->password);
2160 for (i=0; i<sizeof(key); i++)
2161 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2162 deskey(key, EN0);
2163 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2164 des(response+j, response+j);
2165
2166 /* Compare expected vs actual challenge response */
2167 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2168 VNC_DEBUG("Client challenge reponse did not match\n");
2169 vnc_write_u32(vs, 1); /* Reject auth */
2170 if (vs->minor >= 8) {
2171 static const char err[] = "Authentication failed";
2172 vnc_write_u32(vs, sizeof(err));
2173 vnc_write(vs, err, sizeof(err));
2174 }
2175 vnc_flush(vs);
2176 vnc_client_error(vs);
2177 } else {
2178 VNC_DEBUG("Accepting VNC challenge response\n");
2179 vnc_write_u32(vs, 0); /* Accept auth */
2180 vnc_flush(vs);
2181
2182 start_client_init(vs);
2183 }
2184 return 0;
2185 }
2186
2187 void start_auth_vnc(VncState *vs)
2188 {
2189 make_challenge(vs);
2190 /* Send client a 'random' challenge */
2191 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2192 vnc_flush(vs);
2193
2194 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2195 }
2196
2197
2198 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2199 {
2200 /* We only advertise 1 auth scheme at a time, so client
2201 * must pick the one we sent. Verify this */
2202 if (data[0] != vs->vd->auth) { /* Reject auth */
2203 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2204 vnc_write_u32(vs, 1);
2205 if (vs->minor >= 8) {
2206 static const char err[] = "Authentication failed";
2207 vnc_write_u32(vs, sizeof(err));
2208 vnc_write(vs, err, sizeof(err));
2209 }
2210 vnc_client_error(vs);
2211 } else { /* Accept requested auth */
2212 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2213 switch (vs->vd->auth) {
2214 case VNC_AUTH_NONE:
2215 VNC_DEBUG("Accept auth none\n");
2216 if (vs->minor >= 8) {
2217 vnc_write_u32(vs, 0); /* Accept auth completion */
2218 vnc_flush(vs);
2219 }
2220 start_client_init(vs);
2221 break;
2222
2223 case VNC_AUTH_VNC:
2224 VNC_DEBUG("Start VNC auth\n");
2225 start_auth_vnc(vs);
2226 break;
2227
2228 #ifdef CONFIG_VNC_TLS
2229 case VNC_AUTH_VENCRYPT:
2230 VNC_DEBUG("Accept VeNCrypt auth\n");;
2231 start_auth_vencrypt(vs);
2232 break;
2233 #endif /* CONFIG_VNC_TLS */
2234
2235 #ifdef CONFIG_VNC_SASL
2236 case VNC_AUTH_SASL:
2237 VNC_DEBUG("Accept SASL auth\n");
2238 start_auth_sasl(vs);
2239 break;
2240 #endif /* CONFIG_VNC_SASL */
2241
2242 default: /* Should not be possible, but just in case */
2243 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2244 vnc_write_u8(vs, 1);
2245 if (vs->minor >= 8) {
2246 static const char err[] = "Authentication failed";
2247 vnc_write_u32(vs, sizeof(err));
2248 vnc_write(vs, err, sizeof(err));
2249 }
2250 vnc_client_error(vs);
2251 }
2252 }
2253 return 0;
2254 }
2255
2256 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2257 {
2258 char local[13];
2259
2260 memcpy(local, version, 12);
2261 local[12] = 0;
2262
2263 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2264 VNC_DEBUG("Malformed protocol version %s\n", local);
2265 vnc_client_error(vs);
2266 return 0;
2267 }
2268 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2269 if (vs->major != 3 ||
2270 (vs->minor != 3 &&
2271 vs->minor != 4 &&
2272 vs->minor != 5 &&
2273 vs->minor != 7 &&
2274 vs->minor != 8)) {
2275 VNC_DEBUG("Unsupported client version\n");
2276 vnc_write_u32(vs, VNC_AUTH_INVALID);
2277 vnc_flush(vs);
2278 vnc_client_error(vs);
2279 return 0;
2280 }
2281 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2282 * as equivalent to v3.3 by servers
2283 */
2284 if (vs->minor == 4 || vs->minor == 5)
2285 vs->minor = 3;
2286
2287 if (vs->minor == 3) {
2288 if (vs->vd->auth == VNC_AUTH_NONE) {
2289 VNC_DEBUG("Tell client auth none\n");
2290 vnc_write_u32(vs, vs->vd->auth);
2291 vnc_flush(vs);
2292 start_client_init(vs);
2293 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2294 VNC_DEBUG("Tell client VNC auth\n");
2295 vnc_write_u32(vs, vs->vd->auth);
2296 vnc_flush(vs);
2297 start_auth_vnc(vs);
2298 } else {
2299 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2300 vnc_write_u32(vs, VNC_AUTH_INVALID);
2301 vnc_flush(vs);
2302 vnc_client_error(vs);
2303 }
2304 } else {
2305 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2306 vnc_write_u8(vs, 1); /* num auth */
2307 vnc_write_u8(vs, vs->vd->auth);
2308 vnc_read_when(vs, protocol_client_auth, 1);
2309 vnc_flush(vs);
2310 }
2311
2312 return 0;
2313 }
2314
2315 static int vnc_refresh_server_surface(VncDisplay *vd)
2316 {
2317 int y;
2318 uint8_t *guest_row;
2319 uint8_t *server_row;
2320 int cmp_bytes;
2321 uint32_t width_mask[VNC_DIRTY_WORDS];
2322 VncState *vs = NULL;
2323 int has_dirty = 0;
2324
2325 /*
2326 * Walk through the guest dirty map.
2327 * Check and copy modified bits from guest to server surface.
2328 * Update server dirty map.
2329 */
2330 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2331 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2332 guest_row = vd->guest.ds->data;
2333 server_row = vd->server->data;
2334 for (y = 0; y < vd->guest.ds->height; y++) {
2335 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2336 int x;
2337 uint8_t *guest_ptr;
2338 uint8_t *server_ptr;
2339
2340 guest_ptr = guest_row;
2341 server_ptr = server_row;
2342
2343 for (x = 0; x < vd->guest.ds->width;
2344 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2345 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2346 continue;
2347 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2348 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2349 continue;
2350 memcpy(server_ptr, guest_ptr, cmp_bytes);
2351 vs = vd->clients;
2352 while (vs != NULL) {
2353 vnc_set_bit(vs->dirty[y], (x / 16));
2354 vs = vs->next;
2355 }
2356 has_dirty++;
2357 }
2358 }
2359 guest_row += ds_get_linesize(vd->ds);
2360 server_row += ds_get_linesize(vd->ds);
2361 }
2362 return has_dirty;
2363 }
2364
2365 static void vnc_refresh(void *opaque)
2366 {
2367 VncDisplay *vd = opaque;
2368 VncState *vs = NULL;
2369 int has_dirty = 0, rects = 0;
2370
2371 vga_hw_update();
2372
2373 has_dirty = vnc_refresh_server_surface(vd);
2374
2375 vs = vd->clients;
2376 while (vs != NULL) {
2377 rects += vnc_update_client(vs, has_dirty);
2378 vs = vs->next;
2379 }
2380 /* vd->timer could be NULL now if the last client disconnected,
2381 * in this case don't update the timer */
2382 if (vd->timer == NULL)
2383 return;
2384
2385 if (has_dirty && rects) {
2386 vd->timer_interval /= 2;
2387 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2388 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2389 } else {
2390 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2391 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2392 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2393 }
2394 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2395 }
2396
2397 static void vnc_init_timer(VncDisplay *vd)
2398 {
2399 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2400 if (vd->timer == NULL && vd->clients != NULL) {
2401 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2402 vnc_refresh(vd);
2403 }
2404 }
2405
2406 static void vnc_remove_timer(VncDisplay *vd)
2407 {
2408 if (vd->timer != NULL && vd->clients == NULL) {
2409 qemu_del_timer(vd->timer);
2410 qemu_free_timer(vd->timer);
2411 vd->timer = NULL;
2412 }
2413 }
2414
2415 static void vnc_connect(VncDisplay *vd, int csock)
2416 {
2417 VncState *vs = qemu_mallocz(sizeof(VncState));
2418 vs->csock = csock;
2419
2420 VNC_DEBUG("New client on socket %d\n", csock);
2421 dcl->idle = 0;
2422 socket_set_nonblock(vs->csock);
2423 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2424
2425 vnc_client_cache_addr(vs);
2426 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2427
2428 vs->vd = vd;
2429 vs->ds = vd->ds;
2430 vs->last_x = -1;
2431 vs->last_y = -1;
2432
2433 vs->as.freq = 44100;
2434 vs->as.nchannels = 2;
2435 vs->as.fmt = AUD_FMT_S16;
2436 vs->as.endianness = 0;
2437
2438 vs->next = vd->clients;
2439 vd->clients = vs;
2440
2441 vga_hw_update();
2442
2443 vnc_write(vs, "RFB 003.008\n", 12);
2444 vnc_flush(vs);
2445 vnc_read_when(vs, protocol_version, 12);
2446 reset_keys(vs);
2447
2448 vnc_init_timer(vd);
2449
2450 /* vs might be free()ed here */
2451 }
2452
2453 static void vnc_listen_read(void *opaque)
2454 {
2455 VncDisplay *vs = opaque;
2456 struct sockaddr_in addr;
2457 socklen_t addrlen = sizeof(addr);
2458
2459 /* Catch-up */
2460 vga_hw_update();
2461
2462 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2463 if (csock != -1) {
2464 vnc_connect(vs, csock);
2465 }
2466 }
2467
2468 void vnc_display_init(DisplayState *ds)
2469 {
2470 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2471
2472 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2473
2474 ds->opaque = vs;
2475 dcl->idle = 1;
2476 vnc_display = vs;
2477
2478 vs->lsock = -1;
2479
2480 vs->ds = ds;
2481
2482 if (keyboard_layout)
2483 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2484 else
2485 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2486
2487 if (!vs->kbd_layout)
2488 exit(1);
2489
2490 dcl->dpy_copy = vnc_dpy_copy;
2491 dcl->dpy_update = vnc_dpy_update;
2492 dcl->dpy_resize = vnc_dpy_resize;
2493 dcl->dpy_setdata = vnc_dpy_setdata;
2494 register_displaychangelistener(ds, dcl);
2495 }
2496
2497
2498 void vnc_display_close(DisplayState *ds)
2499 {
2500 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2501
2502 if (!vs)
2503 return;
2504 if (vs->display) {
2505 qemu_free(vs->display);
2506 vs->display = NULL;
2507 }
2508 if (vs->lsock != -1) {
2509 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2510 close(vs->lsock);
2511 vs->lsock = -1;
2512 }
2513 vs->auth = VNC_AUTH_INVALID;
2514 #ifdef CONFIG_VNC_TLS
2515 vs->subauth = VNC_AUTH_INVALID;
2516 vs->tls.x509verify = 0;
2517 #endif
2518 }
2519
2520 int vnc_display_password(DisplayState *ds, const char *password)
2521 {
2522 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2523
2524 if (!vs) {
2525 return -1;
2526 }
2527
2528 if (vs->password) {
2529 qemu_free(vs->password);
2530 vs->password = NULL;
2531 }
2532 if (password && password[0]) {
2533 if (!(vs->password = qemu_strdup(password)))
2534 return -1;
2535 if (vs->auth == VNC_AUTH_NONE) {
2536 vs->auth = VNC_AUTH_VNC;
2537 }
2538 } else {
2539 vs->auth = VNC_AUTH_NONE;
2540 }
2541
2542 return 0;
2543 }
2544
2545 char *vnc_display_local_addr(DisplayState *ds)
2546 {
2547 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2548
2549 return vnc_socket_local_addr("%s:%s", vs->lsock);
2550 }
2551
2552 int vnc_display_open(DisplayState *ds, const char *display)
2553 {
2554 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2555 const char *options;
2556 int password = 0;
2557 int reverse = 0;
2558 int to_port = 0;
2559 #ifdef CONFIG_VNC_TLS
2560 int tls = 0, x509 = 0;
2561 #endif
2562 #ifdef CONFIG_VNC_SASL
2563 int sasl = 0;
2564 int saslErr;
2565 #endif
2566 int acl = 0;
2567
2568 if (!vnc_display)
2569 return -1;
2570 vnc_display_close(ds);
2571 if (strcmp(display, "none") == 0)
2572 return 0;
2573
2574 if (!(vs->display = strdup(display)))
2575 return -1;
2576
2577 options = display;
2578 while ((options = strchr(options, ','))) {
2579 options++;
2580 if (strncmp(options, "password", 8) == 0) {
2581 password = 1; /* Require password auth */
2582 } else if (strncmp(options, "reverse", 7) == 0) {
2583 reverse = 1;
2584 } else if (strncmp(options, "to=", 3) == 0) {
2585 to_port = atoi(options+3) + 5900;
2586 #ifdef CONFIG_VNC_SASL
2587 } else if (strncmp(options, "sasl", 4) == 0) {
2588 sasl = 1; /* Require SASL auth */
2589 #endif
2590 #ifdef CONFIG_VNC_TLS
2591 } else if (strncmp(options, "tls", 3) == 0) {
2592 tls = 1; /* Require TLS */
2593 } else if (strncmp(options, "x509", 4) == 0) {
2594 char *start, *end;
2595 x509 = 1; /* Require x509 certificates */
2596 if (strncmp(options, "x509verify", 10) == 0)
2597 vs->tls.x509verify = 1; /* ...and verify client certs */
2598
2599 /* Now check for 'x509=/some/path' postfix
2600 * and use that to setup x509 certificate/key paths */
2601 start = strchr(options, '=');
2602 end = strchr(options, ',');
2603 if (start && (!end || (start < end))) {
2604 int len = end ? end-(start+1) : strlen(start+1);
2605 char *path = qemu_strndup(start + 1, len);
2606
2607 VNC_DEBUG("Trying certificate path '%s'\n", path);
2608 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2609 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2610 qemu_free(path);
2611 qemu_free(vs->display);
2612 vs->display = NULL;
2613 return -1;
2614 }
2615 qemu_free(path);
2616 } else {
2617 fprintf(stderr, "No certificate path provided\n");
2618 qemu_free(vs->display);
2619 vs->display = NULL;
2620 return -1;
2621 }
2622 #endif
2623 } else if (strncmp(options, "acl", 3) == 0) {
2624 acl = 1;
2625 }
2626 }
2627
2628 #ifdef CONFIG_VNC_TLS
2629 if (acl && x509 && vs->tls.x509verify) {
2630 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2631 fprintf(stderr, "Failed to create x509 dname ACL\n");
2632 exit(1);
2633 }
2634 }
2635 #endif
2636 #ifdef CONFIG_VNC_SASL
2637 if (acl && sasl) {
2638 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2639 fprintf(stderr, "Failed to create username ACL\n");
2640 exit(1);
2641 }
2642 }
2643 #endif
2644
2645 /*
2646 * Combinations we support here:
2647 *
2648 * - no-auth (clear text, no auth)
2649 * - password (clear text, weak auth)
2650 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2651 * - tls (encrypt, weak anonymous creds, no auth)
2652 * - tls + password (encrypt, weak anonymous creds, weak auth)
2653 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2654 * - tls + x509 (encrypt, good x509 creds, no auth)
2655 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2656 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2657 *
2658 * NB1. TLS is a stackable auth scheme.
2659 * NB2. the x509 schemes have option to validate a client cert dname
2660 */
2661 if (password) {
2662 #ifdef CONFIG_VNC_TLS
2663 if (tls) {
2664 vs->auth = VNC_AUTH_VENCRYPT;
2665 if (x509) {
2666 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2667 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2668 } else {
2669 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2670 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2671 }
2672 } else {
2673 #endif /* CONFIG_VNC_TLS */
2674 VNC_DEBUG("Initializing VNC server with password auth\n");
2675 vs->auth = VNC_AUTH_VNC;
2676 #ifdef CONFIG_VNC_TLS
2677 vs->subauth = VNC_AUTH_INVALID;
2678 }
2679 #endif /* CONFIG_VNC_TLS */
2680 #ifdef CONFIG_VNC_SASL
2681 } else if (sasl) {
2682 #ifdef CONFIG_VNC_TLS
2683 if (tls) {
2684 vs->auth = VNC_AUTH_VENCRYPT;
2685 if (x509) {
2686 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2687 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2688 } else {
2689 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2690 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2691 }
2692 } else {
2693 #endif /* CONFIG_VNC_TLS */
2694 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2695 vs->auth = VNC_AUTH_SASL;
2696 #ifdef CONFIG_VNC_TLS
2697 vs->subauth = VNC_AUTH_INVALID;
2698 }
2699 #endif /* CONFIG_VNC_TLS */
2700 #endif /* CONFIG_VNC_SASL */
2701 } else {
2702 #ifdef CONFIG_VNC_TLS
2703 if (tls) {
2704 vs->auth = VNC_AUTH_VENCRYPT;
2705 if (x509) {
2706 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2707 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2708 } else {
2709 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2710 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2711 }
2712 } else {
2713 #endif
2714 VNC_DEBUG("Initializing VNC server with no auth\n");
2715 vs->auth = VNC_AUTH_NONE;
2716 #ifdef CONFIG_VNC_TLS
2717 vs->subauth = VNC_AUTH_INVALID;
2718 }
2719 #endif
2720 }
2721
2722 #ifdef CONFIG_VNC_SASL
2723 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2724 fprintf(stderr, "Failed to initialize SASL auth %s",
2725 sasl_errstring(saslErr, NULL, NULL));
2726 free(vs->display);
2727 vs->display = NULL;
2728 return -1;
2729 }
2730 #endif
2731
2732 if (reverse) {
2733 /* connect to viewer */
2734 if (strncmp(display, "unix:", 5) == 0)
2735 vs->lsock = unix_connect(display+5);
2736 else
2737 vs->lsock = inet_connect(display, SOCK_STREAM);
2738 if (-1 == vs->lsock) {
2739 free(vs->display);
2740 vs->display = NULL;
2741 return -1;
2742 } else {
2743 int csock = vs->lsock;
2744 vs->lsock = -1;
2745 vnc_connect(vs, csock);
2746 }
2747 return 0;
2748
2749 } else {
2750 /* listen for connects */
2751 char *dpy;
2752 dpy = qemu_malloc(256);
2753 if (strncmp(display, "unix:", 5) == 0) {
2754 pstrcpy(dpy, 256, "unix:");
2755 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2756 } else {
2757 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2758 }
2759 if (-1 == vs->lsock) {
2760 free(dpy);
2761 return -1;
2762 } else {
2763 free(vs->display);
2764 vs->display = dpy;
2765 }
2766 }
2767 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2768 }
Qemu with PowerPC KVM improvements