search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
adding helper pci functions
[qemu/aliguori-queue.git] / vnc.c
blob01353a96c8bed576371543fb8d30ceb43fe86dbf
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
59 size_t addrlen;
60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
70 /* Enough for the existing format + the 2 vars we're
71 * substituting in. */
72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
76
77 return addr;
78 }
79
80
81 char *vnc_socket_local_addr(const char *format, int fd) {
82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90 }
91
92 char *vnc_socket_remote_addr(const char *format, int fd) {
93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101 }
102
103 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105 {
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
122
123 return 0;
124 }
125
126 static int vnc_server_addr_put(QDict *qdict, int fd)
127 {
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137 }
138
139 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140 {
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150 }
151
152 static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171 #ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
191 default:
192 return "vencrypt";
193 }
194 #else
195 return "vencrypt";
196 #endif
197 case VNC_AUTH_SASL:
198 return "sasl";
199 }
200 return "unknown";
201 }
202
203 static int vnc_server_info_put(QDict *qdict)
204 {
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211 }
212
213 static void vnc_client_cache_auth(VncState *client)
214 {
215 QDict *qdict;
216
217 if (!client->info) {
218 return;
219 }
220
221 qdict = qobject_to_qdict(client->info);
222
223 #ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
228 #endif
229 #ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
231 client->sasl.username) {
232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
234 }
235 #endif
236 }
237
238 static void vnc_client_cache_addr(VncState *client)
239 {
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
250 }
251
252 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253 {
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274 }
275
276 static void info_vnc_iter(QObject *obj, void *opaque)
277 {
278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287 #ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291 #endif
292 #ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
296 #endif
297 }
298
299 void do_info_vnc_print(Monitor *mon, const QObject *data)
300 {
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
305 if (qdict_get_bool(server, "enabled") == 0) {
306 monitor_printf(mon, "Server: disabled\n");
307 return;
308 }
309
310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322 }
323
324 /**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
332 * - "enabled": true or false
333 * - "host": server's IP address
334 * - "family": address family ("ipv4" or "ipv6")
335 * - "service": server's port number
336 * - "auth": authentication method
337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
342 * - "family": address family ("ipv4" or "ipv6")
343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
345 * - "sasl_username": SASL username (optional)
346 *
347 * Example:
348 *
349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
352 */
353 void do_info_vnc(Monitor *mon, QObject **ret_data)
354 {
355 if (vnc_display == NULL || vnc_display->display == NULL) {
356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
357 } else {
358 QList *clist;
359 VncState *client;
360
361 clist = qlist_new();
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
367 }
368 }
369
370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
375 qobject_decref(*ret_data);
376 *ret_data = NULL;
377 }
378 }
379 }
380
381 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383 }
384
385 /* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390 */
391
392 static int vnc_update_client(VncState *vs, int has_dirty);
393 static void vnc_disconnect_start(VncState *vs);
394 static void vnc_disconnect_finish(VncState *vs);
395 static void vnc_init_timer(VncDisplay *vd);
396 static void vnc_remove_timer(VncDisplay *vd);
397
398 static void vnc_colordepth(VncState *vs);
399 static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402 static void vnc_refresh(void *opaque);
403 static int vnc_refresh_server_surface(VncDisplay *vd);
404
405 static inline void vnc_set_bit(uint32_t *d, int k)
406 {
407 d[k >> 5] |= 1 << (k & 0x1f);
408 }
409
410 static inline void vnc_clear_bit(uint32_t *d, int k)
411 {
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413 }
414
415 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416 {
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
424 if (n > 0)
425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428 }
429
430 static inline int vnc_get_bit(const uint32_t *d, int k)
431 {
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433 }
434
435 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
436 int nb_words)
437 {
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444 }
445
446 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
447 {
448 int i;
449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
451
452 h += y;
453
454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
465
466 for (; y < h; y++)
467 for (i = 0; i < w; i += 16)
468 vnc_set_bit(s->dirty[y], (x + i) / 16);
469 }
470
471 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
472 int32_t encoding)
473 {
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480 }
481
482 void buffer_reserve(Buffer *buffer, size_t len)
483 {
484 if ((buffer->capacity - buffer->offset) < len) {
485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
491 }
492 }
493
494 int buffer_empty(Buffer *buffer)
495 {
496 return buffer->offset == 0;
497 }
498
499 uint8_t *buffer_end(Buffer *buffer)
500 {
501 return buffer->buffer + buffer->offset;
502 }
503
504 void buffer_reset(Buffer *buffer)
505 {
506 buffer->offset = 0;
507 }
508
509 void buffer_append(Buffer *buffer, const void *data, size_t len)
510 {
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513 }
514
515 static void vnc_dpy_resize(DisplayState *ds)
516 {
517 int size_changed;
518 VncDisplay *vd = ds->opaque;
519 VncState *vs;
520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
529
530 /* guest surface */
531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
534 console_color_init(ds);
535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
539
540 QTAILQ_FOREACH(vs, &vd->clients, next) {
541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
544 vnc_write_u8(vs, 0); /* msg id */
545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
553 }
554 }
555
556 /* fastest code */
557 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558 {
559 vnc_write(vs, pixels, size);
560 }
561
562 /* slowest but generic code. */
563 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
564 {
565 uint8_t r, g, b;
566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605 }
606
607 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608 {
609 uint8_t buf[4];
610 VncDisplay *vd = vs->vd;
611
612 if (vd->server->pf.bytes_per_pixel == 4) {
613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
619 }
620 } else if (vd->server->pf.bytes_per_pixel == 2) {
621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
627 }
628 } else if (vd->server->pf.bytes_per_pixel == 1) {
629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
638 }
639 }
640
641 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
642 {
643 int i;
644 uint8_t *row;
645 VncDisplay *vd = vs->vd;
646
647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
648 for (i = 0; i < h; i++) {
649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
651 }
652 }
653
654 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
655 {
656 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
657 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
658 }
659
660 #define BPP 8
661 #include "vnchextile.h"
662 #undef BPP
663
664 #define BPP 16
665 #include "vnchextile.h"
666 #undef BPP
667
668 #define BPP 32
669 #include "vnchextile.h"
670 #undef BPP
671
672 #define GENERIC
673 #define BPP 8
674 #include "vnchextile.h"
675 #undef BPP
676 #undef GENERIC
677
678 #define GENERIC
679 #define BPP 16
680 #include "vnchextile.h"
681 #undef BPP
682 #undef GENERIC
683
684 #define GENERIC
685 #define BPP 32
686 #include "vnchextile.h"
687 #undef BPP
688 #undef GENERIC
689
690 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
691 {
692 int i, j;
693 int has_fg, has_bg;
694 uint8_t *last_fg, *last_bg;
695 VncDisplay *vd = vs->vd;
696
697 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
698 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
699 has_fg = has_bg = 0;
700 for (j = y; j < (y + h); j += 16) {
701 for (i = x; i < (x + w); i += 16) {
702 vs->send_hextile_tile(vs, i, j,
703 MIN(16, x + w - i), MIN(16, y + h - j),
704 last_bg, last_fg, &has_bg, &has_fg);
705 }
706 }
707 free(last_fg);
708 free(last_bg);
709
710 }
711
712 #define ZALLOC_ALIGNMENT 16
713
714 static void *zalloc(void *x, unsigned items, unsigned size)
715 {
716 void *p;
717
718 size *= items;
719 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
720
721 p = qemu_mallocz(size);
722
723 return (p);
724 }
725
726 static void zfree(void *x, void *addr)
727 {
728 qemu_free(addr);
729 }
730
731 static void vnc_zlib_init(VncState *vs)
732 {
733 int i;
734 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
735 vs->zlib_stream[i].opaque = NULL;
736 }
737
738 static void vnc_zlib_start(VncState *vs)
739 {
740 buffer_reset(&vs->zlib);
741
742 // make the output buffer be the zlib buffer, so we can compress it later
743 vs->zlib_tmp = vs->output;
744 vs->output = vs->zlib;
745 }
746
747 static int vnc_zlib_stop(VncState *vs, int stream_id)
748 {
749 z_streamp zstream = &vs->zlib_stream[stream_id];
750 int previous_out;
751
752 // switch back to normal output/zlib buffers
753 vs->zlib = vs->output;
754 vs->output = vs->zlib_tmp;
755
756 // compress the zlib buffer
757
758 // initialize the stream
759 // XXX need one stream per session
760 if (zstream->opaque != vs) {
761 int err;
762
763 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
764 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
765 zstream->zalloc = zalloc;
766 zstream->zfree = zfree;
767
768 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
769 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
770
771 if (err != Z_OK) {
772 fprintf(stderr, "VNC: error initializing zlib\n");
773 return -1;
774 }
775
776 zstream->opaque = vs;
777 }
778
779 // XXX what to do if tight_compression changed in between?
780
781 // reserve memory in output buffer
782 buffer_reserve(&vs->output, vs->zlib.offset + 64);
783
784 // set pointers
785 zstream->next_in = vs->zlib.buffer;
786 zstream->avail_in = vs->zlib.offset;
787 zstream->next_out = vs->output.buffer + vs->output.offset;
788 zstream->avail_out = vs->output.capacity - vs->output.offset;
789 zstream->data_type = Z_BINARY;
790 previous_out = zstream->total_out;
791
792 // start encoding
793 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
794 fprintf(stderr, "VNC: error during zlib compression\n");
795 return -1;
796 }
797
798 vs->output.offset = vs->output.capacity - zstream->avail_out;
799 return zstream->total_out - previous_out;
800 }
801
802 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
803 {
804 int old_offset, new_offset, bytes_written;
805
806 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
807
808 // remember where we put in the follow-up size
809 old_offset = vs->output.offset;
810 vnc_write_s32(vs, 0);
811
812 // compress the stream
813 vnc_zlib_start(vs);
814 send_framebuffer_update_raw(vs, x, y, w, h);
815 bytes_written = vnc_zlib_stop(vs, 0);
816
817 if (bytes_written == -1)
818 return;
819
820 // hack in the size
821 new_offset = vs->output.offset;
822 vs->output.offset = old_offset;
823 vnc_write_u32(vs, bytes_written);
824 vs->output.offset = new_offset;
825 }
826
827 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
828 {
829 switch(vs->vnc_encoding) {
830 case VNC_ENCODING_ZLIB:
831 send_framebuffer_update_zlib(vs, x, y, w, h);
832 break;
833 case VNC_ENCODING_HEXTILE:
834 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
835 send_framebuffer_update_hextile(vs, x, y, w, h);
836 break;
837 default:
838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
839 send_framebuffer_update_raw(vs, x, y, w, h);
840 break;
841 }
842 }
843
844 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
845 {
846 /* send bitblit op to the vnc client */
847 vnc_write_u8(vs, 0); /* msg id */
848 vnc_write_u8(vs, 0);
849 vnc_write_u16(vs, 1); /* number of rects */
850 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
851 vnc_write_u16(vs, src_x);
852 vnc_write_u16(vs, src_y);
853 vnc_flush(vs);
854 }
855
856 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
857 {
858 VncDisplay *vd = ds->opaque;
859 VncState *vs, *vn;
860 uint8_t *src_row;
861 uint8_t *dst_row;
862 int i,x,y,pitch,depth,inc,w_lim,s;
863 int cmp_bytes;
864
865 vnc_refresh_server_surface(vd);
866 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
867 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
868 vs->force_update = 1;
869 vnc_update_client(vs, 1);
870 /* vs might be free()ed here */
871 }
872 }
873
874 /* do bitblit op on the local surface too */
875 pitch = ds_get_linesize(vd->ds);
876 depth = ds_get_bytes_per_pixel(vd->ds);
877 src_row = vd->server->data + pitch * src_y + depth * src_x;
878 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
879 y = dst_y;
880 inc = 1;
881 if (dst_y > src_y) {
882 /* copy backwards */
883 src_row += pitch * (h-1);
884 dst_row += pitch * (h-1);
885 pitch = -pitch;
886 y = dst_y + h - 1;
887 inc = -1;
888 }
889 w_lim = w - (16 - (dst_x % 16));
890 if (w_lim < 0)
891 w_lim = w;
892 else
893 w_lim = w - (w_lim % 16);
894 for (i = 0; i < h; i++) {
895 for (x = 0; x <= w_lim;
896 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
897 if (x == w_lim) {
898 if ((s = w - w_lim) == 0)
899 break;
900 } else if (!x) {
901 s = (16 - (dst_x % 16));
902 s = MIN(s, w_lim);
903 } else {
904 s = 16;
905 }
906 cmp_bytes = s * depth;
907 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
908 continue;
909 memmove(dst_row, src_row, cmp_bytes);
910 QTAILQ_FOREACH(vs, &vd->clients, next) {
911 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
912 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
913 }
914 }
915 }
916 src_row += pitch - w * depth;
917 dst_row += pitch - w * depth;
918 y += inc;
919 }
920
921 QTAILQ_FOREACH(vs, &vd->clients, next) {
922 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
923 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
924 }
925 }
926 }
927
928 static int find_and_clear_dirty_height(struct VncState *vs,
929 int y, int last_x, int x)
930 {
931 int h;
932 VncDisplay *vd = vs->vd;
933
934 for (h = 1; h < (vd->server->height - y); h++) {
935 int tmp_x;
936 if (!vnc_get_bit(vs->dirty[y + h], last_x))
937 break;
938 for (tmp_x = last_x; tmp_x < x; tmp_x++)
939 vnc_clear_bit(vs->dirty[y + h], tmp_x);
940 }
941
942 return h;
943 }
944
945 static int vnc_update_client(VncState *vs, int has_dirty)
946 {
947 if (vs->need_update && vs->csock != -1) {
948 VncDisplay *vd = vs->vd;
949 int y;
950 int n_rectangles;
951 int saved_offset;
952
953 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
954 /* kernel send buffers are full -> drop frames to throttle */
955 return 0;
956
957 if (!has_dirty && !vs->audio_cap && !vs->force_update)
958 return 0;
959
960 /*
961 * Send screen updates to the vnc client using the server
962 * surface and server dirty map. guest surface updates
963 * happening in parallel don't disturb us, the next pass will
964 * send them to the client.
965 */
966 n_rectangles = 0;
967 vnc_write_u8(vs, 0); /* msg id */
968 vnc_write_u8(vs, 0);
969 saved_offset = vs->output.offset;
970 vnc_write_u16(vs, 0);
971
972 for (y = 0; y < vd->server->height; y++) {
973 int x;
974 int last_x = -1;
975 for (x = 0; x < vd->server->width / 16; x++) {
976 if (vnc_get_bit(vs->dirty[y], x)) {
977 if (last_x == -1) {
978 last_x = x;
979 }
980 vnc_clear_bit(vs->dirty[y], x);
981 } else {
982 if (last_x != -1) {
983 int h = find_and_clear_dirty_height(vs, y, last_x, x);
984 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
985 n_rectangles++;
986 }
987 last_x = -1;
988 }
989 }
990 if (last_x != -1) {
991 int h = find_and_clear_dirty_height(vs, y, last_x, x);
992 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
993 n_rectangles++;
994 }
995 }
996 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
997 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
998 vnc_flush(vs);
999 vs->force_update = 0;
1000 return n_rectangles;
1001 }
1002
1003 if (vs->csock == -1)
1004 vnc_disconnect_finish(vs);
1005
1006 return 0;
1007 }
1008
1009 /* audio */
1010 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1011 {
1012 VncState *vs = opaque;
1013
1014 switch (cmd) {
1015 case AUD_CNOTIFY_DISABLE:
1016 vnc_write_u8(vs, 255);
1017 vnc_write_u8(vs, 1);
1018 vnc_write_u16(vs, 0);
1019 vnc_flush(vs);
1020 break;
1021
1022 case AUD_CNOTIFY_ENABLE:
1023 vnc_write_u8(vs, 255);
1024 vnc_write_u8(vs, 1);
1025 vnc_write_u16(vs, 1);
1026 vnc_flush(vs);
1027 break;
1028 }
1029 }
1030
1031 static void audio_capture_destroy(void *opaque)
1032 {
1033 }
1034
1035 static void audio_capture(void *opaque, void *buf, int size)
1036 {
1037 VncState *vs = opaque;
1038
1039 vnc_write_u8(vs, 255);
1040 vnc_write_u8(vs, 1);
1041 vnc_write_u16(vs, 2);
1042 vnc_write_u32(vs, size);
1043 vnc_write(vs, buf, size);
1044 vnc_flush(vs);
1045 }
1046
1047 static void audio_add(VncState *vs)
1048 {
1049 Monitor *mon = cur_mon;
1050 struct audio_capture_ops ops;
1051
1052 if (vs->audio_cap) {
1053 monitor_printf(mon, "audio already running\n");
1054 return;
1055 }
1056
1057 ops.notify = audio_capture_notify;
1058 ops.destroy = audio_capture_destroy;
1059 ops.capture = audio_capture;
1060
1061 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1062 if (!vs->audio_cap) {
1063 monitor_printf(mon, "Failed to add audio capture\n");
1064 }
1065 }
1066
1067 static void audio_del(VncState *vs)
1068 {
1069 if (vs->audio_cap) {
1070 AUD_del_capture(vs->audio_cap, vs);
1071 vs->audio_cap = NULL;
1072 }
1073 }
1074
1075 static void vnc_disconnect_start(VncState *vs)
1076 {
1077 if (vs->csock == -1)
1078 return;
1079 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1080 closesocket(vs->csock);
1081 vs->csock = -1;
1082 }
1083
1084 static void vnc_disconnect_finish(VncState *vs)
1085 {
1086 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1087
1088 if (vs->input.buffer) {
1089 qemu_free(vs->input.buffer);
1090 vs->input.buffer = NULL;
1091 }
1092 if (vs->output.buffer) {
1093 qemu_free(vs->output.buffer);
1094 vs->output.buffer = NULL;
1095 }
1096
1097 qobject_decref(vs->info);
1098
1099 #ifdef CONFIG_VNC_TLS
1100 vnc_tls_client_cleanup(vs);
1101 #endif /* CONFIG_VNC_TLS */
1102 #ifdef CONFIG_VNC_SASL
1103 vnc_sasl_client_cleanup(vs);
1104 #endif /* CONFIG_VNC_SASL */
1105 audio_del(vs);
1106
1107 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1108
1109 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1110 dcl->idle = 1;
1111 }
1112
1113 vnc_remove_timer(vs->vd);
1114 qemu_free(vs);
1115 }
1116
1117 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1118 {
1119 if (ret == 0 || ret == -1) {
1120 if (ret == -1) {
1121 switch (last_errno) {
1122 case EINTR:
1123 case EAGAIN:
1124 #ifdef _WIN32
1125 case WSAEWOULDBLOCK:
1126 #endif
1127 return 0;
1128 default:
1129 break;
1130 }
1131 }
1132
1133 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1134 ret, ret < 0 ? last_errno : 0);
1135 vnc_disconnect_start(vs);
1136
1137 return 0;
1138 }
1139 return ret;
1140 }
1141
1142
1143 void vnc_client_error(VncState *vs)
1144 {
1145 VNC_DEBUG("Closing down client sock: protocol error\n");
1146 vnc_disconnect_start(vs);
1147 }
1148
1149
1150 /*
1151 * Called to write a chunk of data to the client socket. The data may
1152 * be the raw data, or may have already been encoded by SASL.
1153 * The data will be written either straight onto the socket, or
1154 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1155 *
1156 * NB, it is theoretically possible to have 2 layers of encryption,
1157 * both SASL, and this TLS layer. It is highly unlikely in practice
1158 * though, since SASL encryption will typically be a no-op if TLS
1159 * is active
1160 *
1161 * Returns the number of bytes written, which may be less than
1162 * the requested 'datalen' if the socket would block. Returns
1163 * -1 on error, and disconnects the client socket.
1164 */
1165 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1166 {
1167 long ret;
1168 #ifdef CONFIG_VNC_TLS
1169 if (vs->tls.session) {
1170 ret = gnutls_write(vs->tls.session, data, datalen);
1171 if (ret < 0) {
1172 if (ret == GNUTLS_E_AGAIN)
1173 errno = EAGAIN;
1174 else
1175 errno = EIO;
1176 ret = -1;
1177 }
1178 } else
1179 #endif /* CONFIG_VNC_TLS */
1180 ret = send(vs->csock, (const void *)data, datalen, 0);
1181 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1182 return vnc_client_io_error(vs, ret, socket_error());
1183 }
1184
1185
1186 /*
1187 * Called to write buffered data to the client socket, when not
1188 * using any SASL SSF encryption layers. Will write as much data
1189 * as possible without blocking. If all buffered data is written,
1190 * will switch the FD poll() handler back to read monitoring.
1191 *
1192 * Returns the number of bytes written, which may be less than
1193 * the buffered output data if the socket would block. Returns
1194 * -1 on error, and disconnects the client socket.
1195 */
1196 static long vnc_client_write_plain(VncState *vs)
1197 {
1198 long ret;
1199
1200 #ifdef CONFIG_VNC_SASL
1201 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1202 vs->output.buffer, vs->output.capacity, vs->output.offset,
1203 vs->sasl.waitWriteSSF);
1204
1205 if (vs->sasl.conn &&
1206 vs->sasl.runSSF &&
1207 vs->sasl.waitWriteSSF) {
1208 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1209 if (ret)
1210 vs->sasl.waitWriteSSF -= ret;
1211 } else
1212 #endif /* CONFIG_VNC_SASL */
1213 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1214 if (!ret)
1215 return 0;
1216
1217 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1218 vs->output.offset -= ret;
1219
1220 if (vs->output.offset == 0) {
1221 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1222 }
1223
1224 return ret;
1225 }
1226
1227
1228 /*
1229 * First function called whenever there is data to be written to
1230 * the client socket. Will delegate actual work according to whether
1231 * SASL SSF layers are enabled (thus requiring encryption calls)
1232 */
1233 void vnc_client_write(void *opaque)
1234 {
1235 long ret;
1236 VncState *vs = opaque;
1237
1238 #ifdef CONFIG_VNC_SASL
1239 if (vs->sasl.conn &&
1240 vs->sasl.runSSF &&
1241 !vs->sasl.waitWriteSSF)
1242 ret = vnc_client_write_sasl(vs);
1243 else
1244 #endif /* CONFIG_VNC_SASL */
1245 ret = vnc_client_write_plain(vs);
1246 }
1247
1248 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1249 {
1250 vs->read_handler = func;
1251 vs->read_handler_expect = expecting;
1252 }
1253
1254
1255 /*
1256 * Called to read a chunk of data from the client socket. The data may
1257 * be the raw data, or may need to be further decoded by SASL.
1258 * The data will be read either straight from to the socket, or
1259 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1260 *
1261 * NB, it is theoretically possible to have 2 layers of encryption,
1262 * both SASL, and this TLS layer. It is highly unlikely in practice
1263 * though, since SASL encryption will typically be a no-op if TLS
1264 * is active
1265 *
1266 * Returns the number of bytes read, which may be less than
1267 * the requested 'datalen' if the socket would block. Returns
1268 * -1 on error, and disconnects the client socket.
1269 */
1270 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1271 {
1272 long ret;
1273 #ifdef CONFIG_VNC_TLS
1274 if (vs->tls.session) {
1275 ret = gnutls_read(vs->tls.session, data, datalen);
1276 if (ret < 0) {
1277 if (ret == GNUTLS_E_AGAIN)
1278 errno = EAGAIN;
1279 else
1280 errno = EIO;
1281 ret = -1;
1282 }
1283 } else
1284 #endif /* CONFIG_VNC_TLS */
1285 ret = recv(vs->csock, (void *)data, datalen, 0);
1286 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1287 return vnc_client_io_error(vs, ret, socket_error());
1288 }
1289
1290
1291 /*
1292 * Called to read data from the client socket to the input buffer,
1293 * when not using any SASL SSF encryption layers. Will read as much
1294 * data as possible without blocking.
1295 *
1296 * Returns the number of bytes read. Returns -1 on error, and
1297 * disconnects the client socket.
1298 */
1299 static long vnc_client_read_plain(VncState *vs)
1300 {
1301 int ret;
1302 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1303 vs->input.buffer, vs->input.capacity, vs->input.offset);
1304 buffer_reserve(&vs->input, 4096);
1305 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1306 if (!ret)
1307 return 0;
1308 vs->input.offset += ret;
1309 return ret;
1310 }
1311
1312
1313 /*
1314 * First function called whenever there is more data to be read from
1315 * the client socket. Will delegate actual work according to whether
1316 * SASL SSF layers are enabled (thus requiring decryption calls)
1317 */
1318 void vnc_client_read(void *opaque)
1319 {
1320 VncState *vs = opaque;
1321 long ret;
1322
1323 #ifdef CONFIG_VNC_SASL
1324 if (vs->sasl.conn && vs->sasl.runSSF)
1325 ret = vnc_client_read_sasl(vs);
1326 else
1327 #endif /* CONFIG_VNC_SASL */
1328 ret = vnc_client_read_plain(vs);
1329 if (!ret) {
1330 if (vs->csock == -1)
1331 vnc_disconnect_finish(vs);
1332 return;
1333 }
1334
1335 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1336 size_t len = vs->read_handler_expect;
1337 int ret;
1338
1339 ret = vs->read_handler(vs, vs->input.buffer, len);
1340 if (vs->csock == -1) {
1341 vnc_disconnect_finish(vs);
1342 return;
1343 }
1344
1345 if (!ret) {
1346 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1347 vs->input.offset -= len;
1348 } else {
1349 vs->read_handler_expect = ret;
1350 }
1351 }
1352 }
1353
1354 void vnc_write(VncState *vs, const void *data, size_t len)
1355 {
1356 buffer_reserve(&vs->output, len);
1357
1358 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1359 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1360 }
1361
1362 buffer_append(&vs->output, data, len);
1363 }
1364
1365 void vnc_write_s32(VncState *vs, int32_t value)
1366 {
1367 vnc_write_u32(vs, *(uint32_t *)&value);
1368 }
1369
1370 void vnc_write_u32(VncState *vs, uint32_t value)
1371 {
1372 uint8_t buf[4];
1373
1374 buf[0] = (value >> 24) & 0xFF;
1375 buf[1] = (value >> 16) & 0xFF;
1376 buf[2] = (value >> 8) & 0xFF;
1377 buf[3] = value & 0xFF;
1378
1379 vnc_write(vs, buf, 4);
1380 }
1381
1382 void vnc_write_u16(VncState *vs, uint16_t value)
1383 {
1384 uint8_t buf[2];
1385
1386 buf[0] = (value >> 8) & 0xFF;
1387 buf[1] = value & 0xFF;
1388
1389 vnc_write(vs, buf, 2);
1390 }
1391
1392 void vnc_write_u8(VncState *vs, uint8_t value)
1393 {
1394 vnc_write(vs, (char *)&value, 1);
1395 }
1396
1397 void vnc_flush(VncState *vs)
1398 {
1399 if (vs->csock != -1 && vs->output.offset)
1400 vnc_client_write(vs);
1401 }
1402
1403 uint8_t read_u8(uint8_t *data, size_t offset)
1404 {
1405 return data[offset];
1406 }
1407
1408 uint16_t read_u16(uint8_t *data, size_t offset)
1409 {
1410 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1411 }
1412
1413 int32_t read_s32(uint8_t *data, size_t offset)
1414 {
1415 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1416 (data[offset + 2] << 8) | data[offset + 3]);
1417 }
1418
1419 uint32_t read_u32(uint8_t *data, size_t offset)
1420 {
1421 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1422 (data[offset + 2] << 8) | data[offset + 3]);
1423 }
1424
1425 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1426 {
1427 }
1428
1429 static void check_pointer_type_change(VncState *vs, int absolute)
1430 {
1431 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1432 vnc_write_u8(vs, 0);
1433 vnc_write_u8(vs, 0);
1434 vnc_write_u16(vs, 1);
1435 vnc_framebuffer_update(vs, absolute, 0,
1436 ds_get_width(vs->ds), ds_get_height(vs->ds),
1437 VNC_ENCODING_POINTER_TYPE_CHANGE);
1438 vnc_flush(vs);
1439 }
1440 vs->absolute = absolute;
1441 }
1442
1443 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1444 {
1445 int buttons = 0;
1446 int dz = 0;
1447
1448 if (button_mask & 0x01)
1449 buttons |= MOUSE_EVENT_LBUTTON;
1450 if (button_mask & 0x02)
1451 buttons |= MOUSE_EVENT_MBUTTON;
1452 if (button_mask & 0x04)
1453 buttons |= MOUSE_EVENT_RBUTTON;
1454 if (button_mask & 0x08)
1455 dz = -1;
1456 if (button_mask & 0x10)
1457 dz = 1;
1458
1459 if (vs->absolute) {
1460 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1461 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1462 dz, buttons);
1463 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1464 x -= 0x7FFF;
1465 y -= 0x7FFF;
1466
1467 kbd_mouse_event(x, y, dz, buttons);
1468 } else {
1469 if (vs->last_x != -1)
1470 kbd_mouse_event(x - vs->last_x,
1471 y - vs->last_y,
1472 dz, buttons);
1473 vs->last_x = x;
1474 vs->last_y = y;
1475 }
1476
1477 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1478 }
1479
1480 static void reset_keys(VncState *vs)
1481 {
1482 int i;
1483 for(i = 0; i < 256; i++) {
1484 if (vs->modifiers_state[i]) {
1485 if (i & SCANCODE_GREY)
1486 kbd_put_keycode(SCANCODE_EMUL0);
1487 kbd_put_keycode(i | SCANCODE_UP);
1488 vs->modifiers_state[i] = 0;
1489 }
1490 }
1491 }
1492
1493 static void press_key(VncState *vs, int keysym)
1494 {
1495 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1496 if (keycode & SCANCODE_GREY)
1497 kbd_put_keycode(SCANCODE_EMUL0);
1498 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1499 if (keycode & SCANCODE_GREY)
1500 kbd_put_keycode(SCANCODE_EMUL0);
1501 kbd_put_keycode(keycode | SCANCODE_UP);
1502 }
1503
1504 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1505 {
1506 /* QEMU console switch */
1507 switch(keycode) {
1508 case 0x2a: /* Left Shift */
1509 case 0x36: /* Right Shift */
1510 case 0x1d: /* Left CTRL */
1511 case 0x9d: /* Right CTRL */
1512 case 0x38: /* Left ALT */
1513 case 0xb8: /* Right ALT */
1514 if (down)
1515 vs->modifiers_state[keycode] = 1;
1516 else
1517 vs->modifiers_state[keycode] = 0;
1518 break;
1519 case 0x02 ... 0x0a: /* '1' to '9' keys */
1520 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1521 /* Reset the modifiers sent to the current console */
1522 reset_keys(vs);
1523 console_select(keycode - 0x02);
1524 return;
1525 }
1526 break;
1527 case 0x3a: /* CapsLock */
1528 case 0x45: /* NumLock */
1529 if (!down)
1530 vs->modifiers_state[keycode] ^= 1;
1531 break;
1532 }
1533
1534 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1535 /* If the numlock state needs to change then simulate an additional
1536 keypress before sending this one. This will happen if the user
1537 toggles numlock away from the VNC window.
1538 */
1539 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1540 if (!vs->modifiers_state[0x45]) {
1541 vs->modifiers_state[0x45] = 1;
1542 press_key(vs, 0xff7f);
1543 }
1544 } else {
1545 if (vs->modifiers_state[0x45]) {
1546 vs->modifiers_state[0x45] = 0;
1547 press_key(vs, 0xff7f);
1548 }
1549 }
1550 }
1551
1552 if ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z')) {
1553 /* If the capslock state needs to change then simulate an additional
1554 keypress before sending this one. This will happen if the user
1555 toggles capslock away from the VNC window.
1556 */
1557 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1558 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1559 int capslock = !!(vs->modifiers_state[0x3a]);
1560 if (capslock) {
1561 if (uppercase == shift) {
1562 vs->modifiers_state[0x3a] = 0;
1563 press_key(vs, 0xffe5);
1564 }
1565 } else {
1566 if (uppercase != shift) {
1567 vs->modifiers_state[0x3a] = 1;
1568 press_key(vs, 0xffe5);
1569 }
1570 }
1571 }
1572
1573 if (is_graphic_console()) {
1574 if (keycode & SCANCODE_GREY)
1575 kbd_put_keycode(SCANCODE_EMUL0);
1576 if (down)
1577 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1578 else
1579 kbd_put_keycode(keycode | SCANCODE_UP);
1580 } else {
1581 /* QEMU console emulation */
1582 if (down) {
1583 int numlock = vs->modifiers_state[0x45];
1584 switch (keycode) {
1585 case 0x2a: /* Left Shift */
1586 case 0x36: /* Right Shift */
1587 case 0x1d: /* Left CTRL */
1588 case 0x9d: /* Right CTRL */
1589 case 0x38: /* Left ALT */
1590 case 0xb8: /* Right ALT */
1591 break;
1592 case 0xc8:
1593 kbd_put_keysym(QEMU_KEY_UP);
1594 break;
1595 case 0xd0:
1596 kbd_put_keysym(QEMU_KEY_DOWN);
1597 break;
1598 case 0xcb:
1599 kbd_put_keysym(QEMU_KEY_LEFT);
1600 break;
1601 case 0xcd:
1602 kbd_put_keysym(QEMU_KEY_RIGHT);
1603 break;
1604 case 0xd3:
1605 kbd_put_keysym(QEMU_KEY_DELETE);
1606 break;
1607 case 0xc7:
1608 kbd_put_keysym(QEMU_KEY_HOME);
1609 break;
1610 case 0xcf:
1611 kbd_put_keysym(QEMU_KEY_END);
1612 break;
1613 case 0xc9:
1614 kbd_put_keysym(QEMU_KEY_PAGEUP);
1615 break;
1616 case 0xd1:
1617 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1618 break;
1619
1620 case 0x47:
1621 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1622 break;
1623 case 0x48:
1624 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1625 break;
1626 case 0x49:
1627 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1628 break;
1629 case 0x4b:
1630 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1631 break;
1632 case 0x4c:
1633 kbd_put_keysym('5');
1634 break;
1635 case 0x4d:
1636 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1637 break;
1638 case 0x4f:
1639 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1640 break;
1641 case 0x50:
1642 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1643 break;
1644 case 0x51:
1645 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1646 break;
1647 case 0x52:
1648 kbd_put_keysym('0');
1649 break;
1650 case 0x53:
1651 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1652 break;
1653
1654 case 0xb5:
1655 kbd_put_keysym('/');
1656 break;
1657 case 0x37:
1658 kbd_put_keysym('*');
1659 break;
1660 case 0x4a:
1661 kbd_put_keysym('-');
1662 break;
1663 case 0x4e:
1664 kbd_put_keysym('+');
1665 break;
1666 case 0x9c:
1667 kbd_put_keysym('\n');
1668 break;
1669
1670 default:
1671 kbd_put_keysym(sym);
1672 break;
1673 }
1674 }
1675 }
1676 }
1677
1678 static void key_event(VncState *vs, int down, uint32_t sym)
1679 {
1680 int keycode;
1681 int lsym = sym;
1682
1683 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1684 lsym = lsym - 'A' + 'a';
1685 }
1686
1687 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1688 do_key_event(vs, down, keycode, sym);
1689 }
1690
1691 static void ext_key_event(VncState *vs, int down,
1692 uint32_t sym, uint16_t keycode)
1693 {
1694 /* if the user specifies a keyboard layout, always use it */
1695 if (keyboard_layout)
1696 key_event(vs, down, sym);
1697 else
1698 do_key_event(vs, down, keycode, sym);
1699 }
1700
1701 static void framebuffer_update_request(VncState *vs, int incremental,
1702 int x_position, int y_position,
1703 int w, int h)
1704 {
1705 if (x_position > ds_get_width(vs->ds))
1706 x_position = ds_get_width(vs->ds);
1707 if (y_position > ds_get_height(vs->ds))
1708 y_position = ds_get_height(vs->ds);
1709 if (x_position + w >= ds_get_width(vs->ds))
1710 w = ds_get_width(vs->ds) - x_position;
1711 if (y_position + h >= ds_get_height(vs->ds))
1712 h = ds_get_height(vs->ds) - y_position;
1713
1714 int i;
1715 vs->need_update = 1;
1716 if (!incremental) {
1717 vs->force_update = 1;
1718 for (i = 0; i < h; i++) {
1719 vnc_set_bits(vs->dirty[y_position + i],
1720 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1721 }
1722 }
1723 }
1724
1725 static void send_ext_key_event_ack(VncState *vs)
1726 {
1727 vnc_write_u8(vs, 0);
1728 vnc_write_u8(vs, 0);
1729 vnc_write_u16(vs, 1);
1730 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1731 VNC_ENCODING_EXT_KEY_EVENT);
1732 vnc_flush(vs);
1733 }
1734
1735 static void send_ext_audio_ack(VncState *vs)
1736 {
1737 vnc_write_u8(vs, 0);
1738 vnc_write_u8(vs, 0);
1739 vnc_write_u16(vs, 1);
1740 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1741 VNC_ENCODING_AUDIO);
1742 vnc_flush(vs);
1743 }
1744
1745 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1746 {
1747 int i;
1748 unsigned int enc = 0;
1749
1750 vnc_zlib_init(vs);
1751 vs->features = 0;
1752 vs->vnc_encoding = 0;
1753 vs->tight_compression = 9;
1754 vs->tight_quality = 9;
1755 vs->absolute = -1;
1756
1757 for (i = n_encodings - 1; i >= 0; i--) {
1758 enc = encodings[i];
1759 switch (enc) {
1760 case VNC_ENCODING_RAW:
1761 vs->vnc_encoding = enc;
1762 break;
1763 case VNC_ENCODING_COPYRECT:
1764 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1765 break;
1766 case VNC_ENCODING_HEXTILE:
1767 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1768 vs->vnc_encoding = enc;
1769 break;
1770 case VNC_ENCODING_ZLIB:
1771 vs->features |= VNC_FEATURE_ZLIB_MASK;
1772 vs->vnc_encoding = enc;
1773 break;
1774 case VNC_ENCODING_DESKTOPRESIZE:
1775 vs->features |= VNC_FEATURE_RESIZE_MASK;
1776 break;
1777 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1778 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1779 break;
1780 case VNC_ENCODING_EXT_KEY_EVENT:
1781 send_ext_key_event_ack(vs);
1782 break;
1783 case VNC_ENCODING_AUDIO:
1784 send_ext_audio_ack(vs);
1785 break;
1786 case VNC_ENCODING_WMVi:
1787 vs->features |= VNC_FEATURE_WMVI_MASK;
1788 break;
1789 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1790 vs->tight_compression = (enc & 0x0F);
1791 break;
1792 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1793 vs->tight_quality = (enc & 0x0F);
1794 break;
1795 default:
1796 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1797 break;
1798 }
1799 }
1800
1801 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1802 }
1803
1804 static void set_pixel_conversion(VncState *vs)
1805 {
1806 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1807 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1808 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1809 vs->write_pixels = vnc_write_pixels_copy;
1810 switch (vs->ds->surface->pf.bits_per_pixel) {
1811 case 8:
1812 vs->send_hextile_tile = send_hextile_tile_8;
1813 break;
1814 case 16:
1815 vs->send_hextile_tile = send_hextile_tile_16;
1816 break;
1817 case 32:
1818 vs->send_hextile_tile = send_hextile_tile_32;
1819 break;
1820 }
1821 } else {
1822 vs->write_pixels = vnc_write_pixels_generic;
1823 switch (vs->ds->surface->pf.bits_per_pixel) {
1824 case 8:
1825 vs->send_hextile_tile = send_hextile_tile_generic_8;
1826 break;
1827 case 16:
1828 vs->send_hextile_tile = send_hextile_tile_generic_16;
1829 break;
1830 case 32:
1831 vs->send_hextile_tile = send_hextile_tile_generic_32;
1832 break;
1833 }
1834 }
1835 }
1836
1837 static void set_pixel_format(VncState *vs,
1838 int bits_per_pixel, int depth,
1839 int big_endian_flag, int true_color_flag,
1840 int red_max, int green_max, int blue_max,
1841 int red_shift, int green_shift, int blue_shift)
1842 {
1843 if (!true_color_flag) {
1844 vnc_client_error(vs);
1845 return;
1846 }
1847
1848 vs->clientds = *(vs->vd->guest.ds);
1849 vs->clientds.pf.rmax = red_max;
1850 count_bits(vs->clientds.pf.rbits, red_max);
1851 vs->clientds.pf.rshift = red_shift;
1852 vs->clientds.pf.rmask = red_max << red_shift;
1853 vs->clientds.pf.gmax = green_max;
1854 count_bits(vs->clientds.pf.gbits, green_max);
1855 vs->clientds.pf.gshift = green_shift;
1856 vs->clientds.pf.gmask = green_max << green_shift;
1857 vs->clientds.pf.bmax = blue_max;
1858 count_bits(vs->clientds.pf.bbits, blue_max);
1859 vs->clientds.pf.bshift = blue_shift;
1860 vs->clientds.pf.bmask = blue_max << blue_shift;
1861 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1862 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1863 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1864 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1865
1866 set_pixel_conversion(vs);
1867
1868 vga_hw_invalidate();
1869 vga_hw_update();
1870 }
1871
1872 static void pixel_format_message (VncState *vs) {
1873 char pad[3] = { 0, 0, 0 };
1874
1875 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1876 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1877
1878 #ifdef HOST_WORDS_BIGENDIAN
1879 vnc_write_u8(vs, 1); /* big-endian-flag */
1880 #else
1881 vnc_write_u8(vs, 0); /* big-endian-flag */
1882 #endif
1883 vnc_write_u8(vs, 1); /* true-color-flag */
1884 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1885 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1886 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1887 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1888 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1889 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1890 if (vs->ds->surface->pf.bits_per_pixel == 32)
1891 vs->send_hextile_tile = send_hextile_tile_32;
1892 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1893 vs->send_hextile_tile = send_hextile_tile_16;
1894 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1895 vs->send_hextile_tile = send_hextile_tile_8;
1896 vs->clientds = *(vs->ds->surface);
1897 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1898 vs->write_pixels = vnc_write_pixels_copy;
1899
1900 vnc_write(vs, pad, 3); /* padding */
1901 }
1902
1903 static void vnc_dpy_setdata(DisplayState *ds)
1904 {
1905 /* We don't have to do anything */
1906 }
1907
1908 static void vnc_colordepth(VncState *vs)
1909 {
1910 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1911 /* Sending a WMVi message to notify the client*/
1912 vnc_write_u8(vs, 0); /* msg id */
1913 vnc_write_u8(vs, 0);
1914 vnc_write_u16(vs, 1); /* number of rects */
1915 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1916 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1917 pixel_format_message(vs);
1918 vnc_flush(vs);
1919 } else {
1920 set_pixel_conversion(vs);
1921 }
1922 }
1923
1924 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1925 {
1926 int i;
1927 uint16_t limit;
1928 VncDisplay *vd = vs->vd;
1929
1930 if (data[0] > 3) {
1931 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1932 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1933 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1934 }
1935
1936 switch (data[0]) {
1937 case 0:
1938 if (len == 1)
1939 return 20;
1940
1941 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1942 read_u8(data, 6), read_u8(data, 7),
1943 read_u16(data, 8), read_u16(data, 10),
1944 read_u16(data, 12), read_u8(data, 14),
1945 read_u8(data, 15), read_u8(data, 16));
1946 break;
1947 case 2:
1948 if (len == 1)
1949 return 4;
1950
1951 if (len == 4) {
1952 limit = read_u16(data, 2);
1953 if (limit > 0)
1954 return 4 + (limit * 4);
1955 } else
1956 limit = read_u16(data, 2);
1957
1958 for (i = 0; i < limit; i++) {
1959 int32_t val = read_s32(data, 4 + (i * 4));
1960 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1961 }
1962
1963 set_encodings(vs, (int32_t *)(data + 4), limit);
1964 break;
1965 case 3:
1966 if (len == 1)
1967 return 10;
1968
1969 framebuffer_update_request(vs,
1970 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1971 read_u16(data, 6), read_u16(data, 8));
1972 break;
1973 case 4:
1974 if (len == 1)
1975 return 8;
1976
1977 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1978 break;
1979 case 5:
1980 if (len == 1)
1981 return 6;
1982
1983 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1984 break;
1985 case 6:
1986 if (len == 1)
1987 return 8;
1988
1989 if (len == 8) {
1990 uint32_t dlen = read_u32(data, 4);
1991 if (dlen > 0)
1992 return 8 + dlen;
1993 }
1994
1995 client_cut_text(vs, read_u32(data, 4), data + 8);
1996 break;
1997 case 255:
1998 if (len == 1)
1999 return 2;
2000
2001 switch (read_u8(data, 1)) {
2002 case 0:
2003 if (len == 2)
2004 return 12;
2005
2006 ext_key_event(vs, read_u16(data, 2),
2007 read_u32(data, 4), read_u32(data, 8));
2008 break;
2009 case 1:
2010 if (len == 2)
2011 return 4;
2012
2013 switch (read_u16 (data, 2)) {
2014 case 0:
2015 audio_add(vs);
2016 break;
2017 case 1:
2018 audio_del(vs);
2019 break;
2020 case 2:
2021 if (len == 4)
2022 return 10;
2023 switch (read_u8(data, 4)) {
2024 case 0: vs->as.fmt = AUD_FMT_U8; break;
2025 case 1: vs->as.fmt = AUD_FMT_S8; break;
2026 case 2: vs->as.fmt = AUD_FMT_U16; break;
2027 case 3: vs->as.fmt = AUD_FMT_S16; break;
2028 case 4: vs->as.fmt = AUD_FMT_U32; break;
2029 case 5: vs->as.fmt = AUD_FMT_S32; break;
2030 default:
2031 printf("Invalid audio format %d\n", read_u8(data, 4));
2032 vnc_client_error(vs);
2033 break;
2034 }
2035 vs->as.nchannels = read_u8(data, 5);
2036 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2037 printf("Invalid audio channel coount %d\n",
2038 read_u8(data, 5));
2039 vnc_client_error(vs);
2040 break;
2041 }
2042 vs->as.freq = read_u32(data, 6);
2043 break;
2044 default:
2045 printf ("Invalid audio message %d\n", read_u8(data, 4));
2046 vnc_client_error(vs);
2047 break;
2048 }
2049 break;
2050
2051 default:
2052 printf("Msg: %d\n", read_u16(data, 0));
2053 vnc_client_error(vs);
2054 break;
2055 }
2056 break;
2057 default:
2058 printf("Msg: %d\n", data[0]);
2059 vnc_client_error(vs);
2060 break;
2061 }
2062
2063 vnc_read_when(vs, protocol_client_msg, 1);
2064 return 0;
2065 }
2066
2067 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2068 {
2069 char buf[1024];
2070 int size;
2071
2072 vnc_write_u16(vs, ds_get_width(vs->ds));
2073 vnc_write_u16(vs, ds_get_height(vs->ds));
2074
2075 pixel_format_message(vs);
2076
2077 if (qemu_name)
2078 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2079 else
2080 size = snprintf(buf, sizeof(buf), "QEMU");
2081
2082 vnc_write_u32(vs, size);
2083 vnc_write(vs, buf, size);
2084 vnc_flush(vs);
2085
2086 vnc_client_cache_auth(vs);
2087 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2088
2089 vnc_read_when(vs, protocol_client_msg, 1);
2090
2091 return 0;
2092 }
2093
2094 void start_client_init(VncState *vs)
2095 {
2096 vnc_read_when(vs, protocol_client_init, 1);
2097 }
2098
2099 static void make_challenge(VncState *vs)
2100 {
2101 int i;
2102
2103 srand(time(NULL)+getpid()+getpid()*987654+rand());
2104
2105 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2106 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2107 }
2108
2109 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2110 {
2111 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2112 int i, j, pwlen;
2113 unsigned char key[8];
2114
2115 if (!vs->vd->password || !vs->vd->password[0]) {
2116 VNC_DEBUG("No password configured on server");
2117 vnc_write_u32(vs, 1); /* Reject auth */
2118 if (vs->minor >= 8) {
2119 static const char err[] = "Authentication failed";
2120 vnc_write_u32(vs, sizeof(err));
2121 vnc_write(vs, err, sizeof(err));
2122 }
2123 vnc_flush(vs);
2124 vnc_client_error(vs);
2125 return 0;
2126 }
2127
2128 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2129
2130 /* Calculate the expected challenge response */
2131 pwlen = strlen(vs->vd->password);
2132 for (i=0; i<sizeof(key); i++)
2133 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2134 deskey(key, EN0);
2135 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2136 des(response+j, response+j);
2137
2138 /* Compare expected vs actual challenge response */
2139 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2140 VNC_DEBUG("Client challenge reponse did not match\n");
2141 vnc_write_u32(vs, 1); /* Reject auth */
2142 if (vs->minor >= 8) {
2143 static const char err[] = "Authentication failed";
2144 vnc_write_u32(vs, sizeof(err));
2145 vnc_write(vs, err, sizeof(err));
2146 }
2147 vnc_flush(vs);
2148 vnc_client_error(vs);
2149 } else {
2150 VNC_DEBUG("Accepting VNC challenge response\n");
2151 vnc_write_u32(vs, 0); /* Accept auth */
2152 vnc_flush(vs);
2153
2154 start_client_init(vs);
2155 }
2156 return 0;
2157 }
2158
2159 void start_auth_vnc(VncState *vs)
2160 {
2161 make_challenge(vs);
2162 /* Send client a 'random' challenge */
2163 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2164 vnc_flush(vs);
2165
2166 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2167 }
2168
2169
2170 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2171 {
2172 /* We only advertise 1 auth scheme at a time, so client
2173 * must pick the one we sent. Verify this */
2174 if (data[0] != vs->vd->auth) { /* Reject auth */
2175 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2176 vnc_write_u32(vs, 1);
2177 if (vs->minor >= 8) {
2178 static const char err[] = "Authentication failed";
2179 vnc_write_u32(vs, sizeof(err));
2180 vnc_write(vs, err, sizeof(err));
2181 }
2182 vnc_client_error(vs);
2183 } else { /* Accept requested auth */
2184 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2185 switch (vs->vd->auth) {
2186 case VNC_AUTH_NONE:
2187 VNC_DEBUG("Accept auth none\n");
2188 if (vs->minor >= 8) {
2189 vnc_write_u32(vs, 0); /* Accept auth completion */
2190 vnc_flush(vs);
2191 }
2192 start_client_init(vs);
2193 break;
2194
2195 case VNC_AUTH_VNC:
2196 VNC_DEBUG("Start VNC auth\n");
2197 start_auth_vnc(vs);
2198 break;
2199
2200 #ifdef CONFIG_VNC_TLS
2201 case VNC_AUTH_VENCRYPT:
2202 VNC_DEBUG("Accept VeNCrypt auth\n");;
2203 start_auth_vencrypt(vs);
2204 break;
2205 #endif /* CONFIG_VNC_TLS */
2206
2207 #ifdef CONFIG_VNC_SASL
2208 case VNC_AUTH_SASL:
2209 VNC_DEBUG("Accept SASL auth\n");
2210 start_auth_sasl(vs);
2211 break;
2212 #endif /* CONFIG_VNC_SASL */
2213
2214 default: /* Should not be possible, but just in case */
2215 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2216 vnc_write_u8(vs, 1);
2217 if (vs->minor >= 8) {
2218 static const char err[] = "Authentication failed";
2219 vnc_write_u32(vs, sizeof(err));
2220 vnc_write(vs, err, sizeof(err));
2221 }
2222 vnc_client_error(vs);
2223 }
2224 }
2225 return 0;
2226 }
2227
2228 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2229 {
2230 char local[13];
2231
2232 memcpy(local, version, 12);
2233 local[12] = 0;
2234
2235 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2236 VNC_DEBUG("Malformed protocol version %s\n", local);
2237 vnc_client_error(vs);
2238 return 0;
2239 }
2240 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2241 if (vs->major != 3 ||
2242 (vs->minor != 3 &&
2243 vs->minor != 4 &&
2244 vs->minor != 5 &&
2245 vs->minor != 7 &&
2246 vs->minor != 8)) {
2247 VNC_DEBUG("Unsupported client version\n");
2248 vnc_write_u32(vs, VNC_AUTH_INVALID);
2249 vnc_flush(vs);
2250 vnc_client_error(vs);
2251 return 0;
2252 }
2253 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2254 * as equivalent to v3.3 by servers
2255 */
2256 if (vs->minor == 4 || vs->minor == 5)
2257 vs->minor = 3;
2258
2259 if (vs->minor == 3) {
2260 if (vs->vd->auth == VNC_AUTH_NONE) {
2261 VNC_DEBUG("Tell client auth none\n");
2262 vnc_write_u32(vs, vs->vd->auth);
2263 vnc_flush(vs);
2264 start_client_init(vs);
2265 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2266 VNC_DEBUG("Tell client VNC auth\n");
2267 vnc_write_u32(vs, vs->vd->auth);
2268 vnc_flush(vs);
2269 start_auth_vnc(vs);
2270 } else {
2271 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2272 vnc_write_u32(vs, VNC_AUTH_INVALID);
2273 vnc_flush(vs);
2274 vnc_client_error(vs);
2275 }
2276 } else {
2277 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2278 vnc_write_u8(vs, 1); /* num auth */
2279 vnc_write_u8(vs, vs->vd->auth);
2280 vnc_read_when(vs, protocol_client_auth, 1);
2281 vnc_flush(vs);
2282 }
2283
2284 return 0;
2285 }
2286
2287 static int vnc_refresh_server_surface(VncDisplay *vd)
2288 {
2289 int y;
2290 uint8_t *guest_row;
2291 uint8_t *server_row;
2292 int cmp_bytes;
2293 uint32_t width_mask[VNC_DIRTY_WORDS];
2294 VncState *vs;
2295 int has_dirty = 0;
2296
2297 /*
2298 * Walk through the guest dirty map.
2299 * Check and copy modified bits from guest to server surface.
2300 * Update server dirty map.
2301 */
2302 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2303 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2304 guest_row = vd->guest.ds->data;
2305 server_row = vd->server->data;
2306 for (y = 0; y < vd->guest.ds->height; y++) {
2307 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2308 int x;
2309 uint8_t *guest_ptr;
2310 uint8_t *server_ptr;
2311
2312 guest_ptr = guest_row;
2313 server_ptr = server_row;
2314
2315 for (x = 0; x < vd->guest.ds->width;
2316 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2317 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2318 continue;
2319 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2320 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2321 continue;
2322 memcpy(server_ptr, guest_ptr, cmp_bytes);
2323 QTAILQ_FOREACH(vs, &vd->clients, next) {
2324 vnc_set_bit(vs->dirty[y], (x / 16));
2325 }
2326 has_dirty++;
2327 }
2328 }
2329 guest_row += ds_get_linesize(vd->ds);
2330 server_row += ds_get_linesize(vd->ds);
2331 }
2332 return has_dirty;
2333 }
2334
2335 static void vnc_refresh(void *opaque)
2336 {
2337 VncDisplay *vd = opaque;
2338 VncState *vs, *vn;
2339 int has_dirty, rects = 0;
2340
2341 vga_hw_update();
2342
2343 has_dirty = vnc_refresh_server_surface(vd);
2344
2345 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2346 rects += vnc_update_client(vs, has_dirty);
2347 /* vs might be free()ed here */
2348 }
2349 /* vd->timer could be NULL now if the last client disconnected,
2350 * in this case don't update the timer */
2351 if (vd->timer == NULL)
2352 return;
2353
2354 if (has_dirty && rects) {
2355 vd->timer_interval /= 2;
2356 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2357 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2358 } else {
2359 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2360 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2361 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2362 }
2363 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2364 }
2365
2366 static void vnc_init_timer(VncDisplay *vd)
2367 {
2368 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2369 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2370 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2371 vnc_refresh(vd);
2372 }
2373 }
2374
2375 static void vnc_remove_timer(VncDisplay *vd)
2376 {
2377 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2378 qemu_del_timer(vd->timer);
2379 qemu_free_timer(vd->timer);
2380 vd->timer = NULL;
2381 }
2382 }
2383
2384 static void vnc_connect(VncDisplay *vd, int csock)
2385 {
2386 VncState *vs = qemu_mallocz(sizeof(VncState));
2387 vs->csock = csock;
2388
2389 VNC_DEBUG("New client on socket %d\n", csock);
2390 dcl->idle = 0;
2391 socket_set_nonblock(vs->csock);
2392 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2393
2394 vnc_client_cache_addr(vs);
2395 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2396
2397 vs->vd = vd;
2398 vs->ds = vd->ds;
2399 vs->last_x = -1;
2400 vs->last_y = -1;
2401
2402 vs->as.freq = 44100;
2403 vs->as.nchannels = 2;
2404 vs->as.fmt = AUD_FMT_S16;
2405 vs->as.endianness = 0;
2406
2407 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2408
2409 vga_hw_update();
2410
2411 vnc_write(vs, "RFB 003.008\n", 12);
2412 vnc_flush(vs);
2413 vnc_read_when(vs, protocol_version, 12);
2414 reset_keys(vs);
2415
2416 vnc_init_timer(vd);
2417
2418 /* vs might be free()ed here */
2419 }
2420
2421 static void vnc_listen_read(void *opaque)
2422 {
2423 VncDisplay *vs = opaque;
2424 struct sockaddr_in addr;
2425 socklen_t addrlen = sizeof(addr);
2426
2427 /* Catch-up */
2428 vga_hw_update();
2429
2430 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2431 if (csock != -1) {
2432 vnc_connect(vs, csock);
2433 }
2434 }
2435
2436 void vnc_display_init(DisplayState *ds)
2437 {
2438 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2439
2440 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2441
2442 ds->opaque = vs;
2443 dcl->idle = 1;
2444 vnc_display = vs;
2445
2446 vs->lsock = -1;
2447
2448 vs->ds = ds;
2449 QTAILQ_INIT(&vs->clients);
2450
2451 if (keyboard_layout)
2452 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2453 else
2454 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2455
2456 if (!vs->kbd_layout)
2457 exit(1);
2458
2459 dcl->dpy_copy = vnc_dpy_copy;
2460 dcl->dpy_update = vnc_dpy_update;
2461 dcl->dpy_resize = vnc_dpy_resize;
2462 dcl->dpy_setdata = vnc_dpy_setdata;
2463 register_displaychangelistener(ds, dcl);
2464 }
2465
2466
2467 void vnc_display_close(DisplayState *ds)
2468 {
2469 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2470
2471 if (!vs)
2472 return;
2473 if (vs->display) {
2474 qemu_free(vs->display);
2475 vs->display = NULL;
2476 }
2477 if (vs->lsock != -1) {
2478 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2479 close(vs->lsock);
2480 vs->lsock = -1;
2481 }
2482 vs->auth = VNC_AUTH_INVALID;
2483 #ifdef CONFIG_VNC_TLS
2484 vs->subauth = VNC_AUTH_INVALID;
2485 vs->tls.x509verify = 0;
2486 #endif
2487 }
2488
2489 int vnc_display_password(DisplayState *ds, const char *password)
2490 {
2491 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2492
2493 if (!vs) {
2494 return -1;
2495 }
2496
2497 if (vs->password) {
2498 qemu_free(vs->password);
2499 vs->password = NULL;
2500 }
2501 if (password && password[0]) {
2502 if (!(vs->password = qemu_strdup(password)))
2503 return -1;
2504 if (vs->auth == VNC_AUTH_NONE) {
2505 vs->auth = VNC_AUTH_VNC;
2506 }
2507 } else {
2508 vs->auth = VNC_AUTH_NONE;
2509 }
2510
2511 return 0;
2512 }
2513
2514 char *vnc_display_local_addr(DisplayState *ds)
2515 {
2516 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2517
2518 return vnc_socket_local_addr("%s:%s", vs->lsock);
2519 }
2520
2521 int vnc_display_open(DisplayState *ds, const char *display)
2522 {
2523 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2524 const char *options;
2525 int password = 0;
2526 int reverse = 0;
2527 #ifdef CONFIG_VNC_TLS
2528 int tls = 0, x509 = 0;
2529 #endif
2530 #ifdef CONFIG_VNC_SASL
2531 int sasl = 0;
2532 int saslErr;
2533 #endif
2534 int acl = 0;
2535
2536 if (!vnc_display)
2537 return -1;
2538 vnc_display_close(ds);
2539 if (strcmp(display, "none") == 0)
2540 return 0;
2541
2542 if (!(vs->display = strdup(display)))
2543 return -1;
2544
2545 options = display;
2546 while ((options = strchr(options, ','))) {
2547 options++;
2548 if (strncmp(options, "password", 8) == 0) {
2549 password = 1; /* Require password auth */
2550 } else if (strncmp(options, "reverse", 7) == 0) {
2551 reverse = 1;
2552 #ifdef CONFIG_VNC_SASL
2553 } else if (strncmp(options, "sasl", 4) == 0) {
2554 sasl = 1; /* Require SASL auth */
2555 #endif
2556 #ifdef CONFIG_VNC_TLS
2557 } else if (strncmp(options, "tls", 3) == 0) {
2558 tls = 1; /* Require TLS */
2559 } else if (strncmp(options, "x509", 4) == 0) {
2560 char *start, *end;
2561 x509 = 1; /* Require x509 certificates */
2562 if (strncmp(options, "x509verify", 10) == 0)
2563 vs->tls.x509verify = 1; /* ...and verify client certs */
2564
2565 /* Now check for 'x509=/some/path' postfix
2566 * and use that to setup x509 certificate/key paths */
2567 start = strchr(options, '=');
2568 end = strchr(options, ',');
2569 if (start && (!end || (start < end))) {
2570 int len = end ? end-(start+1) : strlen(start+1);
2571 char *path = qemu_strndup(start + 1, len);
2572
2573 VNC_DEBUG("Trying certificate path '%s'\n", path);
2574 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2575 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2576 qemu_free(path);
2577 qemu_free(vs->display);
2578 vs->display = NULL;
2579 return -1;
2580 }
2581 qemu_free(path);
2582 } else {
2583 fprintf(stderr, "No certificate path provided\n");
2584 qemu_free(vs->display);
2585 vs->display = NULL;
2586 return -1;
2587 }
2588 #endif
2589 } else if (strncmp(options, "acl", 3) == 0) {
2590 acl = 1;
2591 }
2592 }
2593
2594 #ifdef CONFIG_VNC_TLS
2595 if (acl && x509 && vs->tls.x509verify) {
2596 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2597 fprintf(stderr, "Failed to create x509 dname ACL\n");
2598 exit(1);
2599 }
2600 }
2601 #endif
2602 #ifdef CONFIG_VNC_SASL
2603 if (acl && sasl) {
2604 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2605 fprintf(stderr, "Failed to create username ACL\n");
2606 exit(1);
2607 }
2608 }
2609 #endif
2610
2611 /*
2612 * Combinations we support here:
2613 *
2614 * - no-auth (clear text, no auth)
2615 * - password (clear text, weak auth)
2616 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2617 * - tls (encrypt, weak anonymous creds, no auth)
2618 * - tls + password (encrypt, weak anonymous creds, weak auth)
2619 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2620 * - tls + x509 (encrypt, good x509 creds, no auth)
2621 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2622 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2623 *
2624 * NB1. TLS is a stackable auth scheme.
2625 * NB2. the x509 schemes have option to validate a client cert dname
2626 */
2627 if (password) {
2628 #ifdef CONFIG_VNC_TLS
2629 if (tls) {
2630 vs->auth = VNC_AUTH_VENCRYPT;
2631 if (x509) {
2632 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2633 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2634 } else {
2635 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2636 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2637 }
2638 } else {
2639 #endif /* CONFIG_VNC_TLS */
2640 VNC_DEBUG("Initializing VNC server with password auth\n");
2641 vs->auth = VNC_AUTH_VNC;
2642 #ifdef CONFIG_VNC_TLS
2643 vs->subauth = VNC_AUTH_INVALID;
2644 }
2645 #endif /* CONFIG_VNC_TLS */
2646 #ifdef CONFIG_VNC_SASL
2647 } else if (sasl) {
2648 #ifdef CONFIG_VNC_TLS
2649 if (tls) {
2650 vs->auth = VNC_AUTH_VENCRYPT;
2651 if (x509) {
2652 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2653 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2654 } else {
2655 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2656 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2657 }
2658 } else {
2659 #endif /* CONFIG_VNC_TLS */
2660 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2661 vs->auth = VNC_AUTH_SASL;
2662 #ifdef CONFIG_VNC_TLS
2663 vs->subauth = VNC_AUTH_INVALID;
2664 }
2665 #endif /* CONFIG_VNC_TLS */
2666 #endif /* CONFIG_VNC_SASL */
2667 } else {
2668 #ifdef CONFIG_VNC_TLS
2669 if (tls) {
2670 vs->auth = VNC_AUTH_VENCRYPT;
2671 if (x509) {
2672 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2673 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2674 } else {
2675 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2676 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2677 }
2678 } else {
2679 #endif
2680 VNC_DEBUG("Initializing VNC server with no auth\n");
2681 vs->auth = VNC_AUTH_NONE;
2682 #ifdef CONFIG_VNC_TLS
2683 vs->subauth = VNC_AUTH_INVALID;
2684 }
2685 #endif
2686 }
2687
2688 #ifdef CONFIG_VNC_SASL
2689 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2690 fprintf(stderr, "Failed to initialize SASL auth %s",
2691 sasl_errstring(saslErr, NULL, NULL));
2692 free(vs->display);
2693 vs->display = NULL;
2694 return -1;
2695 }
2696 #endif
2697
2698 if (reverse) {
2699 /* connect to viewer */
2700 if (strncmp(display, "unix:", 5) == 0)
2701 vs->lsock = unix_connect(display+5);
2702 else
2703 vs->lsock = inet_connect(display, SOCK_STREAM);
2704 if (-1 == vs->lsock) {
2705 free(vs->display);
2706 vs->display = NULL;
2707 return -1;
2708 } else {
2709 int csock = vs->lsock;
2710 vs->lsock = -1;
2711 vnc_connect(vs, csock);
2712 }
2713 return 0;
2714
2715 } else {
2716 /* listen for connects */
2717 char *dpy;
2718 dpy = qemu_malloc(256);
2719 if (strncmp(display, "unix:", 5) == 0) {
2720 pstrcpy(dpy, 256, "unix:");
2721 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2722 } else {
2723 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2724 }
2725 if (-1 == vs->lsock) {
2726 free(dpy);
2727 return -1;
2728 } else {
2729 free(vs->display);
2730 vs->display = dpy;
2731 }
2732 }
2733 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2734 }
Anthony Liguori's QEMU queue