search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
QDict: Introduce qdict_get_qlist()
[qemu/aliguori-queue.git] / vnc.c
blob39c0d98609557141df37e4f9a96bd0b0d47c36de
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32
33 #define VNC_REFRESH_INTERVAL_BASE 30
34 #define VNC_REFRESH_INTERVAL_INC 50
35 #define VNC_REFRESH_INTERVAL_MAX 2000
36
37 #include "vnc_keysym.h"
38 #include "d3des.h"
39
40 #define count_bits(c, v) { \
41 for (c = 0; v; v >>= 1) \
42 { \
43 c += v & 1; \
44 } \
45 }
46
47
48 static VncDisplay *vnc_display; /* needed for info vnc */
49 static DisplayChangeListener *dcl;
50
51 static char *addr_to_string(const char *format,
52 struct sockaddr_storage *sa,
53 socklen_t salen) {
54 char *addr;
55 char host[NI_MAXHOST];
56 char serv[NI_MAXSERV];
57 int err;
58 size_t addrlen;
59
60 if ((err = getnameinfo((struct sockaddr *)sa, salen,
61 host, sizeof(host),
62 serv, sizeof(serv),
63 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
64 VNC_DEBUG("Cannot resolve address %d: %s\n",
65 err, gai_strerror(err));
66 return NULL;
67 }
68
69 /* Enough for the existing format + the 2 vars we're
70 * substituting in. */
71 addrlen = strlen(format) + strlen(host) + strlen(serv);
72 addr = qemu_malloc(addrlen + 1);
73 snprintf(addr, addrlen, format, host, serv);
74 addr[addrlen] = '\0';
75
76 return addr;
77 }
78
79
80 char *vnc_socket_local_addr(const char *format, int fd) {
81 struct sockaddr_storage sa;
82 socklen_t salen;
83
84 salen = sizeof(sa);
85 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86 return NULL;
87
88 return addr_to_string(format, &sa, salen);
89 }
90
91 char *vnc_socket_remote_addr(const char *format, int fd) {
92 struct sockaddr_storage sa;
93 socklen_t salen;
94
95 salen = sizeof(sa);
96 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
97 return NULL;
98
99 return addr_to_string(format, &sa, salen);
100 }
101
102 static const char *vnc_auth_name(VncDisplay *vd) {
103 switch (vd->auth) {
104 case VNC_AUTH_INVALID:
105 return "invalid";
106 case VNC_AUTH_NONE:
107 return "none";
108 case VNC_AUTH_VNC:
109 return "vnc";
110 case VNC_AUTH_RA2:
111 return "ra2";
112 case VNC_AUTH_RA2NE:
113 return "ra2ne";
114 case VNC_AUTH_TIGHT:
115 return "tight";
116 case VNC_AUTH_ULTRA:
117 return "ultra";
118 case VNC_AUTH_TLS:
119 return "tls";
120 case VNC_AUTH_VENCRYPT:
121 #ifdef CONFIG_VNC_TLS
122 switch (vd->subauth) {
123 case VNC_AUTH_VENCRYPT_PLAIN:
124 return "vencrypt+plain";
125 case VNC_AUTH_VENCRYPT_TLSNONE:
126 return "vencrypt+tls+none";
127 case VNC_AUTH_VENCRYPT_TLSVNC:
128 return "vencrypt+tls+vnc";
129 case VNC_AUTH_VENCRYPT_TLSPLAIN:
130 return "vencrypt+tls+plain";
131 case VNC_AUTH_VENCRYPT_X509NONE:
132 return "vencrypt+x509+none";
133 case VNC_AUTH_VENCRYPT_X509VNC:
134 return "vencrypt+x509+vnc";
135 case VNC_AUTH_VENCRYPT_X509PLAIN:
136 return "vencrypt+x509+plain";
137 case VNC_AUTH_VENCRYPT_TLSSASL:
138 return "vencrypt+tls+sasl";
139 case VNC_AUTH_VENCRYPT_X509SASL:
140 return "vencrypt+x509+sasl";
141 default:
142 return "vencrypt";
143 }
144 #else
145 return "vencrypt";
146 #endif
147 case VNC_AUTH_SASL:
148 return "sasl";
149 }
150 return "unknown";
151 }
152
153 static void do_info_vnc_client(Monitor *mon, VncState *client)
154 {
155 char *clientAddr =
156 vnc_socket_remote_addr(" address: %s:%s\n",
157 client->csock);
158 if (!clientAddr)
159 return;
160
161 monitor_printf(mon, "Client:\n");
162 monitor_printf(mon, "%s", clientAddr);
163 free(clientAddr);
164
165 #ifdef CONFIG_VNC_TLS
166 if (client->tls.session &&
167 client->tls.dname)
168 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
169 else
170 monitor_printf(mon, " x509 dname: none\n");
171 #endif
172 #ifdef CONFIG_VNC_SASL
173 if (client->sasl.conn &&
174 client->sasl.username)
175 monitor_printf(mon, " username: %s\n", client->sasl.username);
176 else
177 monitor_printf(mon, " username: none\n");
178 #endif
179 }
180
181 void do_info_vnc(Monitor *mon)
182 {
183 if (vnc_display == NULL || vnc_display->display == NULL) {
184 monitor_printf(mon, "Server: disabled\n");
185 } else {
186 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
187 vnc_display->lsock);
188
189 if (!serverAddr)
190 return;
191
192 monitor_printf(mon, "Server:\n");
193 monitor_printf(mon, "%s", serverAddr);
194 free(serverAddr);
195 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
196
197 if (vnc_display->clients) {
198 VncState *client = vnc_display->clients;
199 while (client) {
200 do_info_vnc_client(mon, client);
201 client = client->next;
202 }
203 } else {
204 monitor_printf(mon, "Client: none\n");
205 }
206 }
207 }
208
209 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
210 return (vs->features & (1 << feature));
211 }
212
213 /* TODO
214 1) Get the queue working for IO.
215 2) there is some weirdness when using the -S option (the screen is grey
216 and not totally invalidated
217 3) resolutions > 1024
218 */
219
220 static int vnc_update_client(VncState *vs, int has_dirty);
221 static void vnc_disconnect_start(VncState *vs);
222 static void vnc_disconnect_finish(VncState *vs);
223 static void vnc_init_timer(VncDisplay *vd);
224 static void vnc_remove_timer(VncDisplay *vd);
225
226 static void vnc_colordepth(VncState *vs);
227 static void framebuffer_update_request(VncState *vs, int incremental,
228 int x_position, int y_position,
229 int w, int h);
230 static void vnc_refresh(void *opaque);
231 static int vnc_refresh_server_surface(VncDisplay *vd);
232
233 static inline void vnc_set_bit(uint32_t *d, int k)
234 {
235 d[k >> 5] |= 1 << (k & 0x1f);
236 }
237
238 static inline void vnc_clear_bit(uint32_t *d, int k)
239 {
240 d[k >> 5] &= ~(1 << (k & 0x1f));
241 }
242
243 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
244 {
245 int j;
246
247 j = 0;
248 while (n >= 32) {
249 d[j++] = -1;
250 n -= 32;
251 }
252 if (n > 0)
253 d[j++] = (1 << n) - 1;
254 while (j < nb_words)
255 d[j++] = 0;
256 }
257
258 static inline int vnc_get_bit(const uint32_t *d, int k)
259 {
260 return (d[k >> 5] >> (k & 0x1f)) & 1;
261 }
262
263 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
264 int nb_words)
265 {
266 int i;
267 for(i = 0; i < nb_words; i++) {
268 if ((d1[i] & d2[i]) != 0)
269 return 1;
270 }
271 return 0;
272 }
273
274 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
275 {
276 int i;
277 VncDisplay *vd = ds->opaque;
278 struct VncSurface *s = &vd->guest;
279
280 h += y;
281
282 /* round x down to ensure the loop only spans one 16-pixel block per,
283 iteration. otherwise, if (x % 16) != 0, the last iteration may span
284 two 16-pixel blocks but we only mark the first as dirty
285 */
286 w += (x % 16);
287 x -= (x % 16);
288
289 x = MIN(x, s->ds->width);
290 y = MIN(y, s->ds->height);
291 w = MIN(x + w, s->ds->width) - x;
292 h = MIN(h, s->ds->height);
293
294 for (; y < h; y++)
295 for (i = 0; i < w; i += 16)
296 vnc_set_bit(s->dirty[y], (x + i) / 16);
297 }
298
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
300 int32_t encoding)
301 {
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
306
307 vnc_write_s32(vs, encoding);
308 }
309
310 void buffer_reserve(Buffer *buffer, size_t len)
311 {
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
317 exit(1);
318 }
319 }
320 }
321
322 int buffer_empty(Buffer *buffer)
323 {
324 return buffer->offset == 0;
325 }
326
327 uint8_t *buffer_end(Buffer *buffer)
328 {
329 return buffer->buffer + buffer->offset;
330 }
331
332 void buffer_reset(Buffer *buffer)
333 {
334 buffer->offset = 0;
335 }
336
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
338 {
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
341 }
342
343 static void vnc_dpy_resize(DisplayState *ds)
344 {
345 int size_changed;
346 VncDisplay *vd = ds->opaque;
347 VncState *vs = vd->clients;
348
349 /* server surface */
350 if (!vd->server)
351 vd->server = qemu_mallocz(sizeof(*vd->server));
352 if (vd->server->data)
353 qemu_free(vd->server->data);
354 *(vd->server) = *(ds->surface);
355 vd->server->data = qemu_mallocz(vd->server->linesize *
356 vd->server->height);
357
358 /* guest surface */
359 if (!vd->guest.ds)
360 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
361 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
362 console_color_init(ds);
363 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
364 ds_get_height(ds) != vd->guest.ds->height;
365 *(vd->guest.ds) = *(ds->surface);
366 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
367
368 while (vs != NULL) {
369 vnc_colordepth(vs);
370 if (size_changed) {
371 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
372 vnc_write_u8(vs, 0); /* msg id */
373 vnc_write_u8(vs, 0);
374 vnc_write_u16(vs, 1); /* number of rects */
375 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
376 VNC_ENCODING_DESKTOPRESIZE);
377 vnc_flush(vs);
378 }
379 }
380 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
381 vs = vs->next;
382 }
383 }
384
385 /* fastest code */
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
387 {
388 vnc_write(vs, pixels, size);
389 }
390
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
393 {
394 uint8_t r, g, b;
395 VncDisplay *vd = vs->vd;
396
397 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
398 vd->server->pf.rbits);
399 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
400 vd->server->pf.gbits);
401 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
402 vd->server->pf.bbits);
403 v = (r << vs->clientds.pf.rshift) |
404 (g << vs->clientds.pf.gshift) |
405 (b << vs->clientds.pf.bshift);
406 switch(vs->clientds.pf.bytes_per_pixel) {
407 case 1:
408 buf[0] = v;
409 break;
410 case 2:
411 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
412 buf[0] = v >> 8;
413 buf[1] = v;
414 } else {
415 buf[1] = v >> 8;
416 buf[0] = v;
417 }
418 break;
419 default:
420 case 4:
421 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
422 buf[0] = v >> 24;
423 buf[1] = v >> 16;
424 buf[2] = v >> 8;
425 buf[3] = v;
426 } else {
427 buf[3] = v >> 24;
428 buf[2] = v >> 16;
429 buf[1] = v >> 8;
430 buf[0] = v;
431 }
432 break;
433 }
434 }
435
436 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
437 {
438 uint8_t buf[4];
439 VncDisplay *vd = vs->vd;
440
441 if (vd->server->pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
443 int n, i;
444 n = size >> 2;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
448 }
449 } else if (vd->server->pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
451 int n, i;
452 n = size >> 1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
456 }
457 } else if (vd->server->pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
459 int n, i;
460 n = size;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
464 }
465 } else {
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
467 }
468 }
469
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
471 {
472 int i;
473 uint8_t *row;
474 VncDisplay *vd = vs->vd;
475
476 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
477 for (i = 0; i < h; i++) {
478 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
479 row += ds_get_linesize(vs->ds);
480 }
481 }
482
483 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
484 {
485 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
486 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
487 }
488
489 #define BPP 8
490 #include "vnchextile.h"
491 #undef BPP
492
493 #define BPP 16
494 #include "vnchextile.h"
495 #undef BPP
496
497 #define BPP 32
498 #include "vnchextile.h"
499 #undef BPP
500
501 #define GENERIC
502 #define BPP 8
503 #include "vnchextile.h"
504 #undef BPP
505 #undef GENERIC
506
507 #define GENERIC
508 #define BPP 16
509 #include "vnchextile.h"
510 #undef BPP
511 #undef GENERIC
512
513 #define GENERIC
514 #define BPP 32
515 #include "vnchextile.h"
516 #undef BPP
517 #undef GENERIC
518
519 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
520 {
521 int i, j;
522 int has_fg, has_bg;
523 uint8_t *last_fg, *last_bg;
524 VncDisplay *vd = vs->vd;
525
526 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
527 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
528 has_fg = has_bg = 0;
529 for (j = y; j < (y + h); j += 16) {
530 for (i = x; i < (x + w); i += 16) {
531 vs->send_hextile_tile(vs, i, j,
532 MIN(16, x + w - i), MIN(16, y + h - j),
533 last_bg, last_fg, &has_bg, &has_fg);
534 }
535 }
536 free(last_fg);
537 free(last_bg);
538
539 }
540
541 #define ZALLOC_ALIGNMENT 16
542
543 static void *zalloc(void *x, unsigned items, unsigned size)
544 {
545 void *p;
546
547 size *= items;
548 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
549
550 p = qemu_mallocz(size);
551
552 return (p);
553 }
554
555 static void zfree(void *x, void *addr)
556 {
557 qemu_free(addr);
558 }
559
560 static void vnc_zlib_init(VncState *vs)
561 {
562 int i;
563 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
564 vs->zlib_stream[i].opaque = NULL;
565 }
566
567 static void vnc_zlib_start(VncState *vs)
568 {
569 buffer_reset(&vs->zlib);
570
571 // make the output buffer be the zlib buffer, so we can compress it later
572 vs->zlib_tmp = vs->output;
573 vs->output = vs->zlib;
574 }
575
576 static int vnc_zlib_stop(VncState *vs, int stream_id)
577 {
578 z_streamp zstream = &vs->zlib_stream[stream_id];
579 int previous_out;
580
581 // switch back to normal output/zlib buffers
582 vs->zlib = vs->output;
583 vs->output = vs->zlib_tmp;
584
585 // compress the zlib buffer
586
587 // initialize the stream
588 // XXX need one stream per session
589 if (zstream->opaque != vs) {
590 int err;
591
592 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
593 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
594 zstream->zalloc = zalloc;
595 zstream->zfree = zfree;
596
597 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
598 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
599
600 if (err != Z_OK) {
601 fprintf(stderr, "VNC: error initializing zlib\n");
602 return -1;
603 }
604
605 zstream->opaque = vs;
606 }
607
608 // XXX what to do if tight_compression changed in between?
609
610 // reserve memory in output buffer
611 buffer_reserve(&vs->output, vs->zlib.offset + 64);
612
613 // set pointers
614 zstream->next_in = vs->zlib.buffer;
615 zstream->avail_in = vs->zlib.offset;
616 zstream->next_out = vs->output.buffer + vs->output.offset;
617 zstream->avail_out = vs->output.capacity - vs->output.offset;
618 zstream->data_type = Z_BINARY;
619 previous_out = zstream->total_out;
620
621 // start encoding
622 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
623 fprintf(stderr, "VNC: error during zlib compression\n");
624 return -1;
625 }
626
627 vs->output.offset = vs->output.capacity - zstream->avail_out;
628 return zstream->total_out - previous_out;
629 }
630
631 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
632 {
633 int old_offset, new_offset, bytes_written;
634
635 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
636
637 // remember where we put in the follow-up size
638 old_offset = vs->output.offset;
639 vnc_write_s32(vs, 0);
640
641 // compress the stream
642 vnc_zlib_start(vs);
643 send_framebuffer_update_raw(vs, x, y, w, h);
644 bytes_written = vnc_zlib_stop(vs, 0);
645
646 if (bytes_written == -1)
647 return;
648
649 // hack in the size
650 new_offset = vs->output.offset;
651 vs->output.offset = old_offset;
652 vnc_write_u32(vs, bytes_written);
653 vs->output.offset = new_offset;
654 }
655
656 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
657 {
658 switch(vs->vnc_encoding) {
659 case VNC_ENCODING_ZLIB:
660 send_framebuffer_update_zlib(vs, x, y, w, h);
661 break;
662 case VNC_ENCODING_HEXTILE:
663 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
664 send_framebuffer_update_hextile(vs, x, y, w, h);
665 break;
666 default:
667 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
668 send_framebuffer_update_raw(vs, x, y, w, h);
669 break;
670 }
671 }
672
673 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
674 {
675 /* send bitblit op to the vnc client */
676 vnc_write_u8(vs, 0); /* msg id */
677 vnc_write_u8(vs, 0);
678 vnc_write_u16(vs, 1); /* number of rects */
679 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
680 vnc_write_u16(vs, src_x);
681 vnc_write_u16(vs, src_y);
682 vnc_flush(vs);
683 }
684
685 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
686 {
687 VncDisplay *vd = ds->opaque;
688 VncState *vs, *vn;
689 uint8_t *src_row;
690 uint8_t *dst_row;
691 int i,x,y,pitch,depth,inc,w_lim,s;
692 int cmp_bytes;
693
694 vnc_refresh_server_surface(vd);
695 for (vs = vd->clients; vs != NULL; vs = vn) {
696 vn = vs->next;
697 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
698 vs->force_update = 1;
699 vnc_update_client(vs, 1);
700 /* vs might be free()ed here */
701 }
702 }
703
704 /* do bitblit op on the local surface too */
705 pitch = ds_get_linesize(vd->ds);
706 depth = ds_get_bytes_per_pixel(vd->ds);
707 src_row = vd->server->data + pitch * src_y + depth * src_x;
708 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
709 y = dst_y;
710 inc = 1;
711 if (dst_y > src_y) {
712 /* copy backwards */
713 src_row += pitch * (h-1);
714 dst_row += pitch * (h-1);
715 pitch = -pitch;
716 y = dst_y + h - 1;
717 inc = -1;
718 }
719 w_lim = w - (16 - (dst_x % 16));
720 if (w_lim < 0)
721 w_lim = w;
722 else
723 w_lim = w - (w_lim % 16);
724 for (i = 0; i < h; i++) {
725 for (x = 0; x <= w_lim;
726 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
727 if (x == w_lim) {
728 if ((s = w - w_lim) == 0)
729 break;
730 } else if (!x) {
731 s = (16 - (dst_x % 16));
732 s = MIN(s, w_lim);
733 } else {
734 s = 16;
735 }
736 cmp_bytes = s * depth;
737 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
738 continue;
739 memmove(dst_row, src_row, cmp_bytes);
740 vs = vd->clients;
741 while (vs != NULL) {
742 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
743 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
744 vs = vs->next;
745 }
746 }
747 src_row += pitch - w * depth;
748 dst_row += pitch - w * depth;
749 y += inc;
750 }
751
752 for (vs = vd->clients; vs != NULL; vs = vs->next) {
753 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
754 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
755 }
756 }
757
758 static int find_and_clear_dirty_height(struct VncState *vs,
759 int y, int last_x, int x)
760 {
761 int h;
762 VncDisplay *vd = vs->vd;
763
764 for (h = 1; h < (vd->server->height - y); h++) {
765 int tmp_x;
766 if (!vnc_get_bit(vs->dirty[y + h], last_x))
767 break;
768 for (tmp_x = last_x; tmp_x < x; tmp_x++)
769 vnc_clear_bit(vs->dirty[y + h], tmp_x);
770 }
771
772 return h;
773 }
774
775 static int vnc_update_client(VncState *vs, int has_dirty)
776 {
777 if (vs->need_update && vs->csock != -1) {
778 VncDisplay *vd = vs->vd;
779 int y;
780 int n_rectangles;
781 int saved_offset;
782
783 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
784 /* kernel send buffers are full -> drop frames to throttle */
785 return 0;
786
787 if (!has_dirty && !vs->audio_cap && !vs->force_update)
788 return 0;
789
790 /*
791 * Send screen updates to the vnc client using the server
792 * surface and server dirty map. guest surface updates
793 * happening in parallel don't disturb us, the next pass will
794 * send them to the client.
795 */
796 n_rectangles = 0;
797 vnc_write_u8(vs, 0); /* msg id */
798 vnc_write_u8(vs, 0);
799 saved_offset = vs->output.offset;
800 vnc_write_u16(vs, 0);
801
802 for (y = 0; y < vd->server->height; y++) {
803 int x;
804 int last_x = -1;
805 for (x = 0; x < vd->server->width / 16; x++) {
806 if (vnc_get_bit(vs->dirty[y], x)) {
807 if (last_x == -1) {
808 last_x = x;
809 }
810 vnc_clear_bit(vs->dirty[y], x);
811 } else {
812 if (last_x != -1) {
813 int h = find_and_clear_dirty_height(vs, y, last_x, x);
814 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
815 n_rectangles++;
816 }
817 last_x = -1;
818 }
819 }
820 if (last_x != -1) {
821 int h = find_and_clear_dirty_height(vs, y, last_x, x);
822 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
823 n_rectangles++;
824 }
825 }
826 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
827 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
828 vnc_flush(vs);
829 vs->force_update = 0;
830 return n_rectangles;
831 }
832
833 if (vs->csock == -1)
834 vnc_disconnect_finish(vs);
835
836 return 0;
837 }
838
839 /* audio */
840 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
841 {
842 VncState *vs = opaque;
843
844 switch (cmd) {
845 case AUD_CNOTIFY_DISABLE:
846 vnc_write_u8(vs, 255);
847 vnc_write_u8(vs, 1);
848 vnc_write_u16(vs, 0);
849 vnc_flush(vs);
850 break;
851
852 case AUD_CNOTIFY_ENABLE:
853 vnc_write_u8(vs, 255);
854 vnc_write_u8(vs, 1);
855 vnc_write_u16(vs, 1);
856 vnc_flush(vs);
857 break;
858 }
859 }
860
861 static void audio_capture_destroy(void *opaque)
862 {
863 }
864
865 static void audio_capture(void *opaque, void *buf, int size)
866 {
867 VncState *vs = opaque;
868
869 vnc_write_u8(vs, 255);
870 vnc_write_u8(vs, 1);
871 vnc_write_u16(vs, 2);
872 vnc_write_u32(vs, size);
873 vnc_write(vs, buf, size);
874 vnc_flush(vs);
875 }
876
877 static void audio_add(VncState *vs)
878 {
879 Monitor *mon = cur_mon;
880 struct audio_capture_ops ops;
881
882 if (vs->audio_cap) {
883 monitor_printf(mon, "audio already running\n");
884 return;
885 }
886
887 ops.notify = audio_capture_notify;
888 ops.destroy = audio_capture_destroy;
889 ops.capture = audio_capture;
890
891 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
892 if (!vs->audio_cap) {
893 monitor_printf(mon, "Failed to add audio capture\n");
894 }
895 }
896
897 static void audio_del(VncState *vs)
898 {
899 if (vs->audio_cap) {
900 AUD_del_capture(vs->audio_cap, vs);
901 vs->audio_cap = NULL;
902 }
903 }
904
905 static void vnc_disconnect_start(VncState *vs)
906 {
907 if (vs->csock == -1)
908 return;
909 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
910 closesocket(vs->csock);
911 vs->csock = -1;
912 }
913
914 static void vnc_disconnect_finish(VncState *vs)
915 {
916 if (vs->input.buffer) {
917 qemu_free(vs->input.buffer);
918 vs->input.buffer = NULL;
919 }
920 if (vs->output.buffer) {
921 qemu_free(vs->output.buffer);
922 vs->output.buffer = NULL;
923 }
924 #ifdef CONFIG_VNC_TLS
925 vnc_tls_client_cleanup(vs);
926 #endif /* CONFIG_VNC_TLS */
927 #ifdef CONFIG_VNC_SASL
928 vnc_sasl_client_cleanup(vs);
929 #endif /* CONFIG_VNC_SASL */
930 audio_del(vs);
931
932 VncState *p, *parent = NULL;
933 for (p = vs->vd->clients; p != NULL; p = p->next) {
934 if (p == vs) {
935 if (parent)
936 parent->next = p->next;
937 else
938 vs->vd->clients = p->next;
939 break;
940 }
941 parent = p;
942 }
943 if (!vs->vd->clients)
944 dcl->idle = 1;
945
946 vnc_remove_timer(vs->vd);
947 qemu_free(vs);
948 }
949
950 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
951 {
952 if (ret == 0 || ret == -1) {
953 if (ret == -1) {
954 switch (last_errno) {
955 case EINTR:
956 case EAGAIN:
957 #ifdef _WIN32
958 case WSAEWOULDBLOCK:
959 #endif
960 return 0;
961 default:
962 break;
963 }
964 }
965
966 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
967 ret, ret < 0 ? last_errno : 0);
968 vnc_disconnect_start(vs);
969
970 return 0;
971 }
972 return ret;
973 }
974
975
976 void vnc_client_error(VncState *vs)
977 {
978 VNC_DEBUG("Closing down client sock: protocol error\n");
979 vnc_disconnect_start(vs);
980 }
981
982
983 /*
984 * Called to write a chunk of data to the client socket. The data may
985 * be the raw data, or may have already been encoded by SASL.
986 * The data will be written either straight onto the socket, or
987 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
988 *
989 * NB, it is theoretically possible to have 2 layers of encryption,
990 * both SASL, and this TLS layer. It is highly unlikely in practice
991 * though, since SASL encryption will typically be a no-op if TLS
992 * is active
993 *
994 * Returns the number of bytes written, which may be less than
995 * the requested 'datalen' if the socket would block. Returns
996 * -1 on error, and disconnects the client socket.
997 */
998 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
999 {
1000 long ret;
1001 #ifdef CONFIG_VNC_TLS
1002 if (vs->tls.session) {
1003 ret = gnutls_write(vs->tls.session, data, datalen);
1004 if (ret < 0) {
1005 if (ret == GNUTLS_E_AGAIN)
1006 errno = EAGAIN;
1007 else
1008 errno = EIO;
1009 ret = -1;
1010 }
1011 } else
1012 #endif /* CONFIG_VNC_TLS */
1013 ret = send(vs->csock, (const void *)data, datalen, 0);
1014 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1015 return vnc_client_io_error(vs, ret, socket_error());
1016 }
1017
1018
1019 /*
1020 * Called to write buffered data to the client socket, when not
1021 * using any SASL SSF encryption layers. Will write as much data
1022 * as possible without blocking. If all buffered data is written,
1023 * will switch the FD poll() handler back to read monitoring.
1024 *
1025 * Returns the number of bytes written, which may be less than
1026 * the buffered output data if the socket would block. Returns
1027 * -1 on error, and disconnects the client socket.
1028 */
1029 static long vnc_client_write_plain(VncState *vs)
1030 {
1031 long ret;
1032
1033 #ifdef CONFIG_VNC_SASL
1034 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1035 vs->output.buffer, vs->output.capacity, vs->output.offset,
1036 vs->sasl.waitWriteSSF);
1037
1038 if (vs->sasl.conn &&
1039 vs->sasl.runSSF &&
1040 vs->sasl.waitWriteSSF) {
1041 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1042 if (ret)
1043 vs->sasl.waitWriteSSF -= ret;
1044 } else
1045 #endif /* CONFIG_VNC_SASL */
1046 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1047 if (!ret)
1048 return 0;
1049
1050 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1051 vs->output.offset -= ret;
1052
1053 if (vs->output.offset == 0) {
1054 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1055 }
1056
1057 return ret;
1058 }
1059
1060
1061 /*
1062 * First function called whenever there is data to be written to
1063 * the client socket. Will delegate actual work according to whether
1064 * SASL SSF layers are enabled (thus requiring encryption calls)
1065 */
1066 void vnc_client_write(void *opaque)
1067 {
1068 long ret;
1069 VncState *vs = opaque;
1070
1071 #ifdef CONFIG_VNC_SASL
1072 if (vs->sasl.conn &&
1073 vs->sasl.runSSF &&
1074 !vs->sasl.waitWriteSSF)
1075 ret = vnc_client_write_sasl(vs);
1076 else
1077 #endif /* CONFIG_VNC_SASL */
1078 ret = vnc_client_write_plain(vs);
1079 }
1080
1081 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1082 {
1083 vs->read_handler = func;
1084 vs->read_handler_expect = expecting;
1085 }
1086
1087
1088 /*
1089 * Called to read a chunk of data from the client socket. The data may
1090 * be the raw data, or may need to be further decoded by SASL.
1091 * The data will be read either straight from to the socket, or
1092 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1093 *
1094 * NB, it is theoretically possible to have 2 layers of encryption,
1095 * both SASL, and this TLS layer. It is highly unlikely in practice
1096 * though, since SASL encryption will typically be a no-op if TLS
1097 * is active
1098 *
1099 * Returns the number of bytes read, which may be less than
1100 * the requested 'datalen' if the socket would block. Returns
1101 * -1 on error, and disconnects the client socket.
1102 */
1103 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1104 {
1105 long ret;
1106 #ifdef CONFIG_VNC_TLS
1107 if (vs->tls.session) {
1108 ret = gnutls_read(vs->tls.session, data, datalen);
1109 if (ret < 0) {
1110 if (ret == GNUTLS_E_AGAIN)
1111 errno = EAGAIN;
1112 else
1113 errno = EIO;
1114 ret = -1;
1115 }
1116 } else
1117 #endif /* CONFIG_VNC_TLS */
1118 ret = recv(vs->csock, (void *)data, datalen, 0);
1119 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1120 return vnc_client_io_error(vs, ret, socket_error());
1121 }
1122
1123
1124 /*
1125 * Called to read data from the client socket to the input buffer,
1126 * when not using any SASL SSF encryption layers. Will read as much
1127 * data as possible without blocking.
1128 *
1129 * Returns the number of bytes read. Returns -1 on error, and
1130 * disconnects the client socket.
1131 */
1132 static long vnc_client_read_plain(VncState *vs)
1133 {
1134 int ret;
1135 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1136 vs->input.buffer, vs->input.capacity, vs->input.offset);
1137 buffer_reserve(&vs->input, 4096);
1138 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1139 if (!ret)
1140 return 0;
1141 vs->input.offset += ret;
1142 return ret;
1143 }
1144
1145
1146 /*
1147 * First function called whenever there is more data to be read from
1148 * the client socket. Will delegate actual work according to whether
1149 * SASL SSF layers are enabled (thus requiring decryption calls)
1150 */
1151 void vnc_client_read(void *opaque)
1152 {
1153 VncState *vs = opaque;
1154 long ret;
1155
1156 #ifdef CONFIG_VNC_SASL
1157 if (vs->sasl.conn && vs->sasl.runSSF)
1158 ret = vnc_client_read_sasl(vs);
1159 else
1160 #endif /* CONFIG_VNC_SASL */
1161 ret = vnc_client_read_plain(vs);
1162 if (!ret) {
1163 if (vs->csock == -1)
1164 vnc_disconnect_finish(vs);
1165 return;
1166 }
1167
1168 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1169 size_t len = vs->read_handler_expect;
1170 int ret;
1171
1172 ret = vs->read_handler(vs, vs->input.buffer, len);
1173 if (vs->csock == -1) {
1174 vnc_disconnect_finish(vs);
1175 return;
1176 }
1177
1178 if (!ret) {
1179 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1180 vs->input.offset -= len;
1181 } else {
1182 vs->read_handler_expect = ret;
1183 }
1184 }
1185 }
1186
1187 void vnc_write(VncState *vs, const void *data, size_t len)
1188 {
1189 buffer_reserve(&vs->output, len);
1190
1191 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1192 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1193 }
1194
1195 buffer_append(&vs->output, data, len);
1196 }
1197
1198 void vnc_write_s32(VncState *vs, int32_t value)
1199 {
1200 vnc_write_u32(vs, *(uint32_t *)&value);
1201 }
1202
1203 void vnc_write_u32(VncState *vs, uint32_t value)
1204 {
1205 uint8_t buf[4];
1206
1207 buf[0] = (value >> 24) & 0xFF;
1208 buf[1] = (value >> 16) & 0xFF;
1209 buf[2] = (value >> 8) & 0xFF;
1210 buf[3] = value & 0xFF;
1211
1212 vnc_write(vs, buf, 4);
1213 }
1214
1215 void vnc_write_u16(VncState *vs, uint16_t value)
1216 {
1217 uint8_t buf[2];
1218
1219 buf[0] = (value >> 8) & 0xFF;
1220 buf[1] = value & 0xFF;
1221
1222 vnc_write(vs, buf, 2);
1223 }
1224
1225 void vnc_write_u8(VncState *vs, uint8_t value)
1226 {
1227 vnc_write(vs, (char *)&value, 1);
1228 }
1229
1230 void vnc_flush(VncState *vs)
1231 {
1232 if (vs->csock != -1 && vs->output.offset)
1233 vnc_client_write(vs);
1234 }
1235
1236 uint8_t read_u8(uint8_t *data, size_t offset)
1237 {
1238 return data[offset];
1239 }
1240
1241 uint16_t read_u16(uint8_t *data, size_t offset)
1242 {
1243 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1244 }
1245
1246 int32_t read_s32(uint8_t *data, size_t offset)
1247 {
1248 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1249 (data[offset + 2] << 8) | data[offset + 3]);
1250 }
1251
1252 uint32_t read_u32(uint8_t *data, size_t offset)
1253 {
1254 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1255 (data[offset + 2] << 8) | data[offset + 3]);
1256 }
1257
1258 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1259 {
1260 }
1261
1262 static void check_pointer_type_change(VncState *vs, int absolute)
1263 {
1264 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1265 vnc_write_u8(vs, 0);
1266 vnc_write_u8(vs, 0);
1267 vnc_write_u16(vs, 1);
1268 vnc_framebuffer_update(vs, absolute, 0,
1269 ds_get_width(vs->ds), ds_get_height(vs->ds),
1270 VNC_ENCODING_POINTER_TYPE_CHANGE);
1271 vnc_flush(vs);
1272 }
1273 vs->absolute = absolute;
1274 }
1275
1276 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1277 {
1278 int buttons = 0;
1279 int dz = 0;
1280
1281 if (button_mask & 0x01)
1282 buttons |= MOUSE_EVENT_LBUTTON;
1283 if (button_mask & 0x02)
1284 buttons |= MOUSE_EVENT_MBUTTON;
1285 if (button_mask & 0x04)
1286 buttons |= MOUSE_EVENT_RBUTTON;
1287 if (button_mask & 0x08)
1288 dz = -1;
1289 if (button_mask & 0x10)
1290 dz = 1;
1291
1292 if (vs->absolute) {
1293 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1294 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1295 dz, buttons);
1296 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1297 x -= 0x7FFF;
1298 y -= 0x7FFF;
1299
1300 kbd_mouse_event(x, y, dz, buttons);
1301 } else {
1302 if (vs->last_x != -1)
1303 kbd_mouse_event(x - vs->last_x,
1304 y - vs->last_y,
1305 dz, buttons);
1306 vs->last_x = x;
1307 vs->last_y = y;
1308 }
1309
1310 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1311 }
1312
1313 static void reset_keys(VncState *vs)
1314 {
1315 int i;
1316 for(i = 0; i < 256; i++) {
1317 if (vs->modifiers_state[i]) {
1318 if (i & 0x80)
1319 kbd_put_keycode(0xe0);
1320 kbd_put_keycode(i | 0x80);
1321 vs->modifiers_state[i] = 0;
1322 }
1323 }
1324 }
1325
1326 static void press_key(VncState *vs, int keysym)
1327 {
1328 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1329 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1330 }
1331
1332 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1333 {
1334 /* QEMU console switch */
1335 switch(keycode) {
1336 case 0x2a: /* Left Shift */
1337 case 0x36: /* Right Shift */
1338 case 0x1d: /* Left CTRL */
1339 case 0x9d: /* Right CTRL */
1340 case 0x38: /* Left ALT */
1341 case 0xb8: /* Right ALT */
1342 if (down)
1343 vs->modifiers_state[keycode] = 1;
1344 else
1345 vs->modifiers_state[keycode] = 0;
1346 break;
1347 case 0x02 ... 0x0a: /* '1' to '9' keys */
1348 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1349 /* Reset the modifiers sent to the current console */
1350 reset_keys(vs);
1351 console_select(keycode - 0x02);
1352 return;
1353 }
1354 break;
1355 case 0x3a: /* CapsLock */
1356 case 0x45: /* NumLock */
1357 if (!down)
1358 vs->modifiers_state[keycode] ^= 1;
1359 break;
1360 }
1361
1362 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1363 /* If the numlock state needs to change then simulate an additional
1364 keypress before sending this one. This will happen if the user
1365 toggles numlock away from the VNC window.
1366 */
1367 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1368 if (!vs->modifiers_state[0x45]) {
1369 vs->modifiers_state[0x45] = 1;
1370 press_key(vs, 0xff7f);
1371 }
1372 } else {
1373 if (vs->modifiers_state[0x45]) {
1374 vs->modifiers_state[0x45] = 0;
1375 press_key(vs, 0xff7f);
1376 }
1377 }
1378 }
1379
1380 if ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z')) {
1381 /* If the capslock state needs to change then simulate an additional
1382 keypress before sending this one. This will happen if the user
1383 toggles capslock away from the VNC window.
1384 */
1385 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1386 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1387 int capslock = !!(vs->modifiers_state[0x3a]);
1388 if (capslock) {
1389 if (uppercase == shift) {
1390 vs->modifiers_state[0x3a] = 0;
1391 press_key(vs, 0xffe5);
1392 }
1393 } else {
1394 if (uppercase != shift) {
1395 vs->modifiers_state[0x3a] = 1;
1396 press_key(vs, 0xffe5);
1397 }
1398 }
1399 }
1400
1401 if (is_graphic_console()) {
1402 if (keycode & 0x80)
1403 kbd_put_keycode(0xe0);
1404 if (down)
1405 kbd_put_keycode(keycode & 0x7f);
1406 else
1407 kbd_put_keycode(keycode | 0x80);
1408 } else {
1409 /* QEMU console emulation */
1410 if (down) {
1411 int numlock = vs->modifiers_state[0x45];
1412 switch (keycode) {
1413 case 0x2a: /* Left Shift */
1414 case 0x36: /* Right Shift */
1415 case 0x1d: /* Left CTRL */
1416 case 0x9d: /* Right CTRL */
1417 case 0x38: /* Left ALT */
1418 case 0xb8: /* Right ALT */
1419 break;
1420 case 0xc8:
1421 kbd_put_keysym(QEMU_KEY_UP);
1422 break;
1423 case 0xd0:
1424 kbd_put_keysym(QEMU_KEY_DOWN);
1425 break;
1426 case 0xcb:
1427 kbd_put_keysym(QEMU_KEY_LEFT);
1428 break;
1429 case 0xcd:
1430 kbd_put_keysym(QEMU_KEY_RIGHT);
1431 break;
1432 case 0xd3:
1433 kbd_put_keysym(QEMU_KEY_DELETE);
1434 break;
1435 case 0xc7:
1436 kbd_put_keysym(QEMU_KEY_HOME);
1437 break;
1438 case 0xcf:
1439 kbd_put_keysym(QEMU_KEY_END);
1440 break;
1441 case 0xc9:
1442 kbd_put_keysym(QEMU_KEY_PAGEUP);
1443 break;
1444 case 0xd1:
1445 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1446 break;
1447
1448 case 0x47:
1449 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1450 break;
1451 case 0x48:
1452 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1453 break;
1454 case 0x49:
1455 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1456 break;
1457 case 0x4b:
1458 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1459 break;
1460 case 0x4c:
1461 kbd_put_keysym('5');
1462 break;
1463 case 0x4d:
1464 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1465 break;
1466 case 0x4f:
1467 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1468 break;
1469 case 0x50:
1470 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1471 break;
1472 case 0x51:
1473 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1474 break;
1475 case 0x52:
1476 kbd_put_keysym('0');
1477 break;
1478 case 0x53:
1479 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1480 break;
1481
1482 case 0xb5:
1483 kbd_put_keysym('/');
1484 break;
1485 case 0x37:
1486 kbd_put_keysym('*');
1487 break;
1488 case 0x4a:
1489 kbd_put_keysym('-');
1490 break;
1491 case 0x4e:
1492 kbd_put_keysym('+');
1493 break;
1494 case 0x9c:
1495 kbd_put_keysym('\n');
1496 break;
1497
1498 default:
1499 kbd_put_keysym(sym);
1500 break;
1501 }
1502 }
1503 }
1504 }
1505
1506 static void key_event(VncState *vs, int down, uint32_t sym)
1507 {
1508 int keycode;
1509 int lsym = sym;
1510
1511 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1512 lsym = lsym - 'A' + 'a';
1513 }
1514
1515 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF);
1516 do_key_event(vs, down, keycode, sym);
1517 }
1518
1519 static void ext_key_event(VncState *vs, int down,
1520 uint32_t sym, uint16_t keycode)
1521 {
1522 /* if the user specifies a keyboard layout, always use it */
1523 if (keyboard_layout)
1524 key_event(vs, down, sym);
1525 else
1526 do_key_event(vs, down, keycode, sym);
1527 }
1528
1529 static void framebuffer_update_request(VncState *vs, int incremental,
1530 int x_position, int y_position,
1531 int w, int h)
1532 {
1533 if (x_position > ds_get_width(vs->ds))
1534 x_position = ds_get_width(vs->ds);
1535 if (y_position > ds_get_height(vs->ds))
1536 y_position = ds_get_height(vs->ds);
1537 if (x_position + w >= ds_get_width(vs->ds))
1538 w = ds_get_width(vs->ds) - x_position;
1539 if (y_position + h >= ds_get_height(vs->ds))
1540 h = ds_get_height(vs->ds) - y_position;
1541
1542 int i;
1543 vs->need_update = 1;
1544 if (!incremental) {
1545 vs->force_update = 1;
1546 for (i = 0; i < h; i++) {
1547 vnc_set_bits(vs->dirty[y_position + i],
1548 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1549 }
1550 }
1551 }
1552
1553 static void send_ext_key_event_ack(VncState *vs)
1554 {
1555 vnc_write_u8(vs, 0);
1556 vnc_write_u8(vs, 0);
1557 vnc_write_u16(vs, 1);
1558 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1559 VNC_ENCODING_EXT_KEY_EVENT);
1560 vnc_flush(vs);
1561 }
1562
1563 static void send_ext_audio_ack(VncState *vs)
1564 {
1565 vnc_write_u8(vs, 0);
1566 vnc_write_u8(vs, 0);
1567 vnc_write_u16(vs, 1);
1568 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1569 VNC_ENCODING_AUDIO);
1570 vnc_flush(vs);
1571 }
1572
1573 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1574 {
1575 int i;
1576 unsigned int enc = 0;
1577
1578 vnc_zlib_init(vs);
1579 vs->features = 0;
1580 vs->vnc_encoding = 0;
1581 vs->tight_compression = 9;
1582 vs->tight_quality = 9;
1583 vs->absolute = -1;
1584
1585 for (i = n_encodings - 1; i >= 0; i--) {
1586 enc = encodings[i];
1587 switch (enc) {
1588 case VNC_ENCODING_RAW:
1589 vs->vnc_encoding = enc;
1590 break;
1591 case VNC_ENCODING_COPYRECT:
1592 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1593 break;
1594 case VNC_ENCODING_HEXTILE:
1595 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1596 vs->vnc_encoding = enc;
1597 break;
1598 case VNC_ENCODING_ZLIB:
1599 vs->features |= VNC_FEATURE_ZLIB_MASK;
1600 vs->vnc_encoding = enc;
1601 break;
1602 case VNC_ENCODING_DESKTOPRESIZE:
1603 vs->features |= VNC_FEATURE_RESIZE_MASK;
1604 break;
1605 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1606 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1607 break;
1608 case VNC_ENCODING_EXT_KEY_EVENT:
1609 send_ext_key_event_ack(vs);
1610 break;
1611 case VNC_ENCODING_AUDIO:
1612 send_ext_audio_ack(vs);
1613 break;
1614 case VNC_ENCODING_WMVi:
1615 vs->features |= VNC_FEATURE_WMVI_MASK;
1616 break;
1617 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1618 vs->tight_compression = (enc & 0x0F);
1619 break;
1620 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1621 vs->tight_quality = (enc & 0x0F);
1622 break;
1623 default:
1624 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1625 break;
1626 }
1627 }
1628
1629 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1630 }
1631
1632 static void set_pixel_conversion(VncState *vs)
1633 {
1634 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1635 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1636 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1637 vs->write_pixels = vnc_write_pixels_copy;
1638 switch (vs->ds->surface->pf.bits_per_pixel) {
1639 case 8:
1640 vs->send_hextile_tile = send_hextile_tile_8;
1641 break;
1642 case 16:
1643 vs->send_hextile_tile = send_hextile_tile_16;
1644 break;
1645 case 32:
1646 vs->send_hextile_tile = send_hextile_tile_32;
1647 break;
1648 }
1649 } else {
1650 vs->write_pixels = vnc_write_pixels_generic;
1651 switch (vs->ds->surface->pf.bits_per_pixel) {
1652 case 8:
1653 vs->send_hextile_tile = send_hextile_tile_generic_8;
1654 break;
1655 case 16:
1656 vs->send_hextile_tile = send_hextile_tile_generic_16;
1657 break;
1658 case 32:
1659 vs->send_hextile_tile = send_hextile_tile_generic_32;
1660 break;
1661 }
1662 }
1663 }
1664
1665 static void set_pixel_format(VncState *vs,
1666 int bits_per_pixel, int depth,
1667 int big_endian_flag, int true_color_flag,
1668 int red_max, int green_max, int blue_max,
1669 int red_shift, int green_shift, int blue_shift)
1670 {
1671 if (!true_color_flag) {
1672 vnc_client_error(vs);
1673 return;
1674 }
1675
1676 vs->clientds = *(vs->vd->guest.ds);
1677 vs->clientds.pf.rmax = red_max;
1678 count_bits(vs->clientds.pf.rbits, red_max);
1679 vs->clientds.pf.rshift = red_shift;
1680 vs->clientds.pf.rmask = red_max << red_shift;
1681 vs->clientds.pf.gmax = green_max;
1682 count_bits(vs->clientds.pf.gbits, green_max);
1683 vs->clientds.pf.gshift = green_shift;
1684 vs->clientds.pf.gmask = green_max << green_shift;
1685 vs->clientds.pf.bmax = blue_max;
1686 count_bits(vs->clientds.pf.bbits, blue_max);
1687 vs->clientds.pf.bshift = blue_shift;
1688 vs->clientds.pf.bmask = blue_max << blue_shift;
1689 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1690 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1691 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1692 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1693
1694 set_pixel_conversion(vs);
1695
1696 vga_hw_invalidate();
1697 vga_hw_update();
1698 }
1699
1700 static void pixel_format_message (VncState *vs) {
1701 char pad[3] = { 0, 0, 0 };
1702
1703 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1704 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1705
1706 #ifdef HOST_WORDS_BIGENDIAN
1707 vnc_write_u8(vs, 1); /* big-endian-flag */
1708 #else
1709 vnc_write_u8(vs, 0); /* big-endian-flag */
1710 #endif
1711 vnc_write_u8(vs, 1); /* true-color-flag */
1712 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1713 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1714 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1715 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1716 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1717 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1718 if (vs->ds->surface->pf.bits_per_pixel == 32)
1719 vs->send_hextile_tile = send_hextile_tile_32;
1720 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1721 vs->send_hextile_tile = send_hextile_tile_16;
1722 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1723 vs->send_hextile_tile = send_hextile_tile_8;
1724 vs->clientds = *(vs->ds->surface);
1725 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1726 vs->write_pixels = vnc_write_pixels_copy;
1727
1728 vnc_write(vs, pad, 3); /* padding */
1729 }
1730
1731 static void vnc_dpy_setdata(DisplayState *ds)
1732 {
1733 /* We don't have to do anything */
1734 }
1735
1736 static void vnc_colordepth(VncState *vs)
1737 {
1738 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1739 /* Sending a WMVi message to notify the client*/
1740 vnc_write_u8(vs, 0); /* msg id */
1741 vnc_write_u8(vs, 0);
1742 vnc_write_u16(vs, 1); /* number of rects */
1743 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1744 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1745 pixel_format_message(vs);
1746 vnc_flush(vs);
1747 } else {
1748 set_pixel_conversion(vs);
1749 }
1750 }
1751
1752 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1753 {
1754 int i;
1755 uint16_t limit;
1756 VncDisplay *vd = vs->vd;
1757
1758 if (data[0] > 3) {
1759 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1760 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1761 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1762 }
1763
1764 switch (data[0]) {
1765 case 0:
1766 if (len == 1)
1767 return 20;
1768
1769 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1770 read_u8(data, 6), read_u8(data, 7),
1771 read_u16(data, 8), read_u16(data, 10),
1772 read_u16(data, 12), read_u8(data, 14),
1773 read_u8(data, 15), read_u8(data, 16));
1774 break;
1775 case 2:
1776 if (len == 1)
1777 return 4;
1778
1779 if (len == 4) {
1780 limit = read_u16(data, 2);
1781 if (limit > 0)
1782 return 4 + (limit * 4);
1783 } else
1784 limit = read_u16(data, 2);
1785
1786 for (i = 0; i < limit; i++) {
1787 int32_t val = read_s32(data, 4 + (i * 4));
1788 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1789 }
1790
1791 set_encodings(vs, (int32_t *)(data + 4), limit);
1792 break;
1793 case 3:
1794 if (len == 1)
1795 return 10;
1796
1797 framebuffer_update_request(vs,
1798 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1799 read_u16(data, 6), read_u16(data, 8));
1800 break;
1801 case 4:
1802 if (len == 1)
1803 return 8;
1804
1805 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1806 break;
1807 case 5:
1808 if (len == 1)
1809 return 6;
1810
1811 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1812 break;
1813 case 6:
1814 if (len == 1)
1815 return 8;
1816
1817 if (len == 8) {
1818 uint32_t dlen = read_u32(data, 4);
1819 if (dlen > 0)
1820 return 8 + dlen;
1821 }
1822
1823 client_cut_text(vs, read_u32(data, 4), data + 8);
1824 break;
1825 case 255:
1826 if (len == 1)
1827 return 2;
1828
1829 switch (read_u8(data, 1)) {
1830 case 0:
1831 if (len == 2)
1832 return 12;
1833
1834 ext_key_event(vs, read_u16(data, 2),
1835 read_u32(data, 4), read_u32(data, 8));
1836 break;
1837 case 1:
1838 if (len == 2)
1839 return 4;
1840
1841 switch (read_u16 (data, 2)) {
1842 case 0:
1843 audio_add(vs);
1844 break;
1845 case 1:
1846 audio_del(vs);
1847 break;
1848 case 2:
1849 if (len == 4)
1850 return 10;
1851 switch (read_u8(data, 4)) {
1852 case 0: vs->as.fmt = AUD_FMT_U8; break;
1853 case 1: vs->as.fmt = AUD_FMT_S8; break;
1854 case 2: vs->as.fmt = AUD_FMT_U16; break;
1855 case 3: vs->as.fmt = AUD_FMT_S16; break;
1856 case 4: vs->as.fmt = AUD_FMT_U32; break;
1857 case 5: vs->as.fmt = AUD_FMT_S32; break;
1858 default:
1859 printf("Invalid audio format %d\n", read_u8(data, 4));
1860 vnc_client_error(vs);
1861 break;
1862 }
1863 vs->as.nchannels = read_u8(data, 5);
1864 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1865 printf("Invalid audio channel coount %d\n",
1866 read_u8(data, 5));
1867 vnc_client_error(vs);
1868 break;
1869 }
1870 vs->as.freq = read_u32(data, 6);
1871 break;
1872 default:
1873 printf ("Invalid audio message %d\n", read_u8(data, 4));
1874 vnc_client_error(vs);
1875 break;
1876 }
1877 break;
1878
1879 default:
1880 printf("Msg: %d\n", read_u16(data, 0));
1881 vnc_client_error(vs);
1882 break;
1883 }
1884 break;
1885 default:
1886 printf("Msg: %d\n", data[0]);
1887 vnc_client_error(vs);
1888 break;
1889 }
1890
1891 vnc_read_when(vs, protocol_client_msg, 1);
1892 return 0;
1893 }
1894
1895 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1896 {
1897 char buf[1024];
1898 int size;
1899
1900 vnc_write_u16(vs, ds_get_width(vs->ds));
1901 vnc_write_u16(vs, ds_get_height(vs->ds));
1902
1903 pixel_format_message(vs);
1904
1905 if (qemu_name)
1906 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1907 else
1908 size = snprintf(buf, sizeof(buf), "QEMU");
1909
1910 vnc_write_u32(vs, size);
1911 vnc_write(vs, buf, size);
1912 vnc_flush(vs);
1913
1914 vnc_read_when(vs, protocol_client_msg, 1);
1915
1916 return 0;
1917 }
1918
1919 void start_client_init(VncState *vs)
1920 {
1921 vnc_read_when(vs, protocol_client_init, 1);
1922 }
1923
1924 static void make_challenge(VncState *vs)
1925 {
1926 int i;
1927
1928 srand(time(NULL)+getpid()+getpid()*987654+rand());
1929
1930 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1931 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1932 }
1933
1934 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1935 {
1936 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1937 int i, j, pwlen;
1938 unsigned char key[8];
1939
1940 if (!vs->vd->password || !vs->vd->password[0]) {
1941 VNC_DEBUG("No password configured on server");
1942 vnc_write_u32(vs, 1); /* Reject auth */
1943 if (vs->minor >= 8) {
1944 static const char err[] = "Authentication failed";
1945 vnc_write_u32(vs, sizeof(err));
1946 vnc_write(vs, err, sizeof(err));
1947 }
1948 vnc_flush(vs);
1949 vnc_client_error(vs);
1950 return 0;
1951 }
1952
1953 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1954
1955 /* Calculate the expected challenge response */
1956 pwlen = strlen(vs->vd->password);
1957 for (i=0; i<sizeof(key); i++)
1958 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1959 deskey(key, EN0);
1960 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1961 des(response+j, response+j);
1962
1963 /* Compare expected vs actual challenge response */
1964 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1965 VNC_DEBUG("Client challenge reponse did not match\n");
1966 vnc_write_u32(vs, 1); /* Reject auth */
1967 if (vs->minor >= 8) {
1968 static const char err[] = "Authentication failed";
1969 vnc_write_u32(vs, sizeof(err));
1970 vnc_write(vs, err, sizeof(err));
1971 }
1972 vnc_flush(vs);
1973 vnc_client_error(vs);
1974 } else {
1975 VNC_DEBUG("Accepting VNC challenge response\n");
1976 vnc_write_u32(vs, 0); /* Accept auth */
1977 vnc_flush(vs);
1978
1979 start_client_init(vs);
1980 }
1981 return 0;
1982 }
1983
1984 void start_auth_vnc(VncState *vs)
1985 {
1986 make_challenge(vs);
1987 /* Send client a 'random' challenge */
1988 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1989 vnc_flush(vs);
1990
1991 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1992 }
1993
1994
1995 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1996 {
1997 /* We only advertise 1 auth scheme at a time, so client
1998 * must pick the one we sent. Verify this */
1999 if (data[0] != vs->vd->auth) { /* Reject auth */
2000 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2001 vnc_write_u32(vs, 1);
2002 if (vs->minor >= 8) {
2003 static const char err[] = "Authentication failed";
2004 vnc_write_u32(vs, sizeof(err));
2005 vnc_write(vs, err, sizeof(err));
2006 }
2007 vnc_client_error(vs);
2008 } else { /* Accept requested auth */
2009 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2010 switch (vs->vd->auth) {
2011 case VNC_AUTH_NONE:
2012 VNC_DEBUG("Accept auth none\n");
2013 if (vs->minor >= 8) {
2014 vnc_write_u32(vs, 0); /* Accept auth completion */
2015 vnc_flush(vs);
2016 }
2017 start_client_init(vs);
2018 break;
2019
2020 case VNC_AUTH_VNC:
2021 VNC_DEBUG("Start VNC auth\n");
2022 start_auth_vnc(vs);
2023 break;
2024
2025 #ifdef CONFIG_VNC_TLS
2026 case VNC_AUTH_VENCRYPT:
2027 VNC_DEBUG("Accept VeNCrypt auth\n");;
2028 start_auth_vencrypt(vs);
2029 break;
2030 #endif /* CONFIG_VNC_TLS */
2031
2032 #ifdef CONFIG_VNC_SASL
2033 case VNC_AUTH_SASL:
2034 VNC_DEBUG("Accept SASL auth\n");
2035 start_auth_sasl(vs);
2036 break;
2037 #endif /* CONFIG_VNC_SASL */
2038
2039 default: /* Should not be possible, but just in case */
2040 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2041 vnc_write_u8(vs, 1);
2042 if (vs->minor >= 8) {
2043 static const char err[] = "Authentication failed";
2044 vnc_write_u32(vs, sizeof(err));
2045 vnc_write(vs, err, sizeof(err));
2046 }
2047 vnc_client_error(vs);
2048 }
2049 }
2050 return 0;
2051 }
2052
2053 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2054 {
2055 char local[13];
2056
2057 memcpy(local, version, 12);
2058 local[12] = 0;
2059
2060 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2061 VNC_DEBUG("Malformed protocol version %s\n", local);
2062 vnc_client_error(vs);
2063 return 0;
2064 }
2065 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2066 if (vs->major != 3 ||
2067 (vs->minor != 3 &&
2068 vs->minor != 4 &&
2069 vs->minor != 5 &&
2070 vs->minor != 7 &&
2071 vs->minor != 8)) {
2072 VNC_DEBUG("Unsupported client version\n");
2073 vnc_write_u32(vs, VNC_AUTH_INVALID);
2074 vnc_flush(vs);
2075 vnc_client_error(vs);
2076 return 0;
2077 }
2078 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2079 * as equivalent to v3.3 by servers
2080 */
2081 if (vs->minor == 4 || vs->minor == 5)
2082 vs->minor = 3;
2083
2084 if (vs->minor == 3) {
2085 if (vs->vd->auth == VNC_AUTH_NONE) {
2086 VNC_DEBUG("Tell client auth none\n");
2087 vnc_write_u32(vs, vs->vd->auth);
2088 vnc_flush(vs);
2089 start_client_init(vs);
2090 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2091 VNC_DEBUG("Tell client VNC auth\n");
2092 vnc_write_u32(vs, vs->vd->auth);
2093 vnc_flush(vs);
2094 start_auth_vnc(vs);
2095 } else {
2096 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2097 vnc_write_u32(vs, VNC_AUTH_INVALID);
2098 vnc_flush(vs);
2099 vnc_client_error(vs);
2100 }
2101 } else {
2102 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2103 vnc_write_u8(vs, 1); /* num auth */
2104 vnc_write_u8(vs, vs->vd->auth);
2105 vnc_read_when(vs, protocol_client_auth, 1);
2106 vnc_flush(vs);
2107 }
2108
2109 return 0;
2110 }
2111
2112 static int vnc_refresh_server_surface(VncDisplay *vd)
2113 {
2114 int y;
2115 uint8_t *guest_row;
2116 uint8_t *server_row;
2117 int cmp_bytes;
2118 uint32_t width_mask[VNC_DIRTY_WORDS];
2119 VncState *vs = NULL;
2120 int has_dirty = 0;
2121
2122 /*
2123 * Walk through the guest dirty map.
2124 * Check and copy modified bits from guest to server surface.
2125 * Update server dirty map.
2126 */
2127 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2128 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2129 guest_row = vd->guest.ds->data;
2130 server_row = vd->server->data;
2131 for (y = 0; y < vd->guest.ds->height; y++) {
2132 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2133 int x;
2134 uint8_t *guest_ptr;
2135 uint8_t *server_ptr;
2136
2137 guest_ptr = guest_row;
2138 server_ptr = server_row;
2139
2140 for (x = 0; x < vd->guest.ds->width;
2141 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2142 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2143 continue;
2144 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2145 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2146 continue;
2147 memcpy(server_ptr, guest_ptr, cmp_bytes);
2148 vs = vd->clients;
2149 while (vs != NULL) {
2150 vnc_set_bit(vs->dirty[y], (x / 16));
2151 vs = vs->next;
2152 }
2153 has_dirty++;
2154 }
2155 }
2156 guest_row += ds_get_linesize(vd->ds);
2157 server_row += ds_get_linesize(vd->ds);
2158 }
2159 return has_dirty;
2160 }
2161
2162 static void vnc_refresh(void *opaque)
2163 {
2164 VncDisplay *vd = opaque;
2165 VncState *vs = NULL;
2166 int has_dirty = 0, rects = 0;
2167
2168 vga_hw_update();
2169
2170 has_dirty = vnc_refresh_server_surface(vd);
2171
2172 vs = vd->clients;
2173 while (vs != NULL) {
2174 rects += vnc_update_client(vs, has_dirty);
2175 vs = vs->next;
2176 }
2177
2178 if (has_dirty && rects) {
2179 vd->timer_interval /= 2;
2180 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2181 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2182 } else {
2183 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2184 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2185 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2186 }
2187 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2188 }
2189
2190 static void vnc_init_timer(VncDisplay *vd)
2191 {
2192 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2193 if (vd->timer == NULL && vd->clients != NULL) {
2194 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2195 vnc_refresh(vd);
2196 }
2197 }
2198
2199 static void vnc_remove_timer(VncDisplay *vd)
2200 {
2201 if (vd->timer != NULL && vd->clients == NULL) {
2202 qemu_del_timer(vd->timer);
2203 qemu_free_timer(vd->timer);
2204 vd->timer = NULL;
2205 }
2206 }
2207
2208 static void vnc_connect(VncDisplay *vd, int csock)
2209 {
2210 VncState *vs = qemu_mallocz(sizeof(VncState));
2211 vs->csock = csock;
2212
2213 VNC_DEBUG("New client on socket %d\n", csock);
2214 dcl->idle = 0;
2215 socket_set_nonblock(vs->csock);
2216 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2217
2218 vs->vd = vd;
2219 vs->ds = vd->ds;
2220 vs->last_x = -1;
2221 vs->last_y = -1;
2222
2223 vs->as.freq = 44100;
2224 vs->as.nchannels = 2;
2225 vs->as.fmt = AUD_FMT_S16;
2226 vs->as.endianness = 0;
2227
2228 vs->next = vd->clients;
2229 vd->clients = vs;
2230
2231 vga_hw_update();
2232
2233 vnc_write(vs, "RFB 003.008\n", 12);
2234 vnc_flush(vs);
2235 vnc_read_when(vs, protocol_version, 12);
2236 reset_keys(vs);
2237
2238 vnc_init_timer(vd);
2239
2240 /* vs might be free()ed here */
2241 }
2242
2243 static void vnc_listen_read(void *opaque)
2244 {
2245 VncDisplay *vs = opaque;
2246 struct sockaddr_in addr;
2247 socklen_t addrlen = sizeof(addr);
2248
2249 /* Catch-up */
2250 vga_hw_update();
2251
2252 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2253 if (csock != -1) {
2254 vnc_connect(vs, csock);
2255 }
2256 }
2257
2258 void vnc_display_init(DisplayState *ds)
2259 {
2260 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2261
2262 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2263
2264 ds->opaque = vs;
2265 dcl->idle = 1;
2266 vnc_display = vs;
2267
2268 vs->lsock = -1;
2269
2270 vs->ds = ds;
2271
2272 if (keyboard_layout)
2273 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2274 else
2275 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2276
2277 if (!vs->kbd_layout)
2278 exit(1);
2279
2280 dcl->dpy_copy = vnc_dpy_copy;
2281 dcl->dpy_update = vnc_dpy_update;
2282 dcl->dpy_resize = vnc_dpy_resize;
2283 dcl->dpy_setdata = vnc_dpy_setdata;
2284 register_displaychangelistener(ds, dcl);
2285 }
2286
2287
2288 void vnc_display_close(DisplayState *ds)
2289 {
2290 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2291
2292 if (!vs)
2293 return;
2294 if (vs->display) {
2295 qemu_free(vs->display);
2296 vs->display = NULL;
2297 }
2298 if (vs->lsock != -1) {
2299 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2300 close(vs->lsock);
2301 vs->lsock = -1;
2302 }
2303 vs->auth = VNC_AUTH_INVALID;
2304 #ifdef CONFIG_VNC_TLS
2305 vs->subauth = VNC_AUTH_INVALID;
2306 vs->tls.x509verify = 0;
2307 #endif
2308 }
2309
2310 int vnc_display_password(DisplayState *ds, const char *password)
2311 {
2312 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2313
2314 if (!vs) {
2315 return -1;
2316 }
2317
2318 if (vs->password) {
2319 qemu_free(vs->password);
2320 vs->password = NULL;
2321 }
2322 if (password && password[0]) {
2323 if (!(vs->password = qemu_strdup(password)))
2324 return -1;
2325 if (vs->auth == VNC_AUTH_NONE) {
2326 vs->auth = VNC_AUTH_VNC;
2327 }
2328 } else {
2329 vs->auth = VNC_AUTH_NONE;
2330 }
2331
2332 return 0;
2333 }
2334
2335 char *vnc_display_local_addr(DisplayState *ds)
2336 {
2337 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2338
2339 return vnc_socket_local_addr("%s:%s", vs->lsock);
2340 }
2341
2342 int vnc_display_open(DisplayState *ds, const char *display)
2343 {
2344 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2345 const char *options;
2346 int password = 0;
2347 int reverse = 0;
2348 int to_port = 0;
2349 #ifdef CONFIG_VNC_TLS
2350 int tls = 0, x509 = 0;
2351 #endif
2352 #ifdef CONFIG_VNC_SASL
2353 int sasl = 0;
2354 int saslErr;
2355 #endif
2356 int acl = 0;
2357
2358 if (!vnc_display)
2359 return -1;
2360 vnc_display_close(ds);
2361 if (strcmp(display, "none") == 0)
2362 return 0;
2363
2364 if (!(vs->display = strdup(display)))
2365 return -1;
2366
2367 options = display;
2368 while ((options = strchr(options, ','))) {
2369 options++;
2370 if (strncmp(options, "password", 8) == 0) {
2371 password = 1; /* Require password auth */
2372 } else if (strncmp(options, "reverse", 7) == 0) {
2373 reverse = 1;
2374 } else if (strncmp(options, "to=", 3) == 0) {
2375 to_port = atoi(options+3) + 5900;
2376 #ifdef CONFIG_VNC_SASL
2377 } else if (strncmp(options, "sasl", 4) == 0) {
2378 sasl = 1; /* Require SASL auth */
2379 #endif
2380 #ifdef CONFIG_VNC_TLS
2381 } else if (strncmp(options, "tls", 3) == 0) {
2382 tls = 1; /* Require TLS */
2383 } else if (strncmp(options, "x509", 4) == 0) {
2384 char *start, *end;
2385 x509 = 1; /* Require x509 certificates */
2386 if (strncmp(options, "x509verify", 10) == 0)
2387 vs->tls.x509verify = 1; /* ...and verify client certs */
2388
2389 /* Now check for 'x509=/some/path' postfix
2390 * and use that to setup x509 certificate/key paths */
2391 start = strchr(options, '=');
2392 end = strchr(options, ',');
2393 if (start && (!end || (start < end))) {
2394 int len = end ? end-(start+1) : strlen(start+1);
2395 char *path = qemu_strndup(start + 1, len);
2396
2397 VNC_DEBUG("Trying certificate path '%s'\n", path);
2398 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2399 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2400 qemu_free(path);
2401 qemu_free(vs->display);
2402 vs->display = NULL;
2403 return -1;
2404 }
2405 qemu_free(path);
2406 } else {
2407 fprintf(stderr, "No certificate path provided\n");
2408 qemu_free(vs->display);
2409 vs->display = NULL;
2410 return -1;
2411 }
2412 #endif
2413 } else if (strncmp(options, "acl", 3) == 0) {
2414 acl = 1;
2415 }
2416 }
2417
2418 #ifdef CONFIG_VNC_TLS
2419 if (acl && x509 && vs->tls.x509verify) {
2420 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2421 fprintf(stderr, "Failed to create x509 dname ACL\n");
2422 exit(1);
2423 }
2424 }
2425 #endif
2426 #ifdef CONFIG_VNC_SASL
2427 if (acl && sasl) {
2428 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2429 fprintf(stderr, "Failed to create username ACL\n");
2430 exit(1);
2431 }
2432 }
2433 #endif
2434
2435 /*
2436 * Combinations we support here:
2437 *
2438 * - no-auth (clear text, no auth)
2439 * - password (clear text, weak auth)
2440 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2441 * - tls (encrypt, weak anonymous creds, no auth)
2442 * - tls + password (encrypt, weak anonymous creds, weak auth)
2443 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2444 * - tls + x509 (encrypt, good x509 creds, no auth)
2445 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2446 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2447 *
2448 * NB1. TLS is a stackable auth scheme.
2449 * NB2. the x509 schemes have option to validate a client cert dname
2450 */
2451 if (password) {
2452 #ifdef CONFIG_VNC_TLS
2453 if (tls) {
2454 vs->auth = VNC_AUTH_VENCRYPT;
2455 if (x509) {
2456 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2457 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2458 } else {
2459 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2460 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2461 }
2462 } else {
2463 #endif /* CONFIG_VNC_TLS */
2464 VNC_DEBUG("Initializing VNC server with password auth\n");
2465 vs->auth = VNC_AUTH_VNC;
2466 #ifdef CONFIG_VNC_TLS
2467 vs->subauth = VNC_AUTH_INVALID;
2468 }
2469 #endif /* CONFIG_VNC_TLS */
2470 #ifdef CONFIG_VNC_SASL
2471 } else if (sasl) {
2472 #ifdef CONFIG_VNC_TLS
2473 if (tls) {
2474 vs->auth = VNC_AUTH_VENCRYPT;
2475 if (x509) {
2476 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2477 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2478 } else {
2479 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2480 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2481 }
2482 } else {
2483 #endif /* CONFIG_VNC_TLS */
2484 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2485 vs->auth = VNC_AUTH_SASL;
2486 #ifdef CONFIG_VNC_TLS
2487 vs->subauth = VNC_AUTH_INVALID;
2488 }
2489 #endif /* CONFIG_VNC_TLS */
2490 #endif /* CONFIG_VNC_SASL */
2491 } else {
2492 #ifdef CONFIG_VNC_TLS
2493 if (tls) {
2494 vs->auth = VNC_AUTH_VENCRYPT;
2495 if (x509) {
2496 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2497 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2498 } else {
2499 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2500 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2501 }
2502 } else {
2503 #endif
2504 VNC_DEBUG("Initializing VNC server with no auth\n");
2505 vs->auth = VNC_AUTH_NONE;
2506 #ifdef CONFIG_VNC_TLS
2507 vs->subauth = VNC_AUTH_INVALID;
2508 }
2509 #endif
2510 }
2511
2512 #ifdef CONFIG_VNC_SASL
2513 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2514 fprintf(stderr, "Failed to initialize SASL auth %s",
2515 sasl_errstring(saslErr, NULL, NULL));
2516 free(vs->display);
2517 vs->display = NULL;
2518 return -1;
2519 }
2520 #endif
2521
2522 if (reverse) {
2523 /* connect to viewer */
2524 if (strncmp(display, "unix:", 5) == 0)
2525 vs->lsock = unix_connect(display+5);
2526 else
2527 vs->lsock = inet_connect(display, SOCK_STREAM);
2528 if (-1 == vs->lsock) {
2529 free(vs->display);
2530 vs->display = NULL;
2531 return -1;
2532 } else {
2533 int csock = vs->lsock;
2534 vs->lsock = -1;
2535 vnc_connect(vs, csock);
2536 }
2537 return 0;
2538
2539 } else {
2540 /* listen for connects */
2541 char *dpy;
2542 dpy = qemu_malloc(256);
2543 if (strncmp(display, "unix:", 5) == 0) {
2544 pstrcpy(dpy, 256, "unix:");
2545 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2546 } else {
2547 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2548 }
2549 if (-1 == vs->lsock) {
2550 free(dpy);
2551 return -1;
2552 } else {
2553 free(vs->display);
2554 vs->display = dpy;
2555 }
2556 }
2557 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2558 }
Anthony Liguori's QEMU queue