search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
versatile_pci: Implement the correct PCI IRQ mapping
[qemu/ar7.git] / ui / vnc.c
blob8ee66b7d3bbf0761115edd994da2140071ec7f95
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "vnc-jobs.h"
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
32 #include "qemu/acl.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
36
37 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
42
43 #include "vnc_keysym.h"
44 #include "d3des.h"
45
46 static VncDisplay *vnc_display; /* needed for info vnc */
47
48 static int vnc_cursor_define(VncState *vs);
49 static void vnc_release_modifiers(VncState *vs);
50
51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
52 {
53 #ifdef _VNC_DEBUG
54 static const char *mn[] = {
55 [0] = "undefined",
56 [VNC_SHARE_MODE_CONNECTING] = "connecting",
57 [VNC_SHARE_MODE_SHARED] = "shared",
58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
60 };
61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
62 vs->csock, mn[vs->share_mode], mn[mode]);
63 #endif
64
65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
66 vs->vd->num_exclusive--;
67 }
68 vs->share_mode = mode;
69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
70 vs->vd->num_exclusive++;
71 }
72 }
73
74 static char *addr_to_string(const char *format,
75 struct sockaddr_storage *sa,
76 socklen_t salen) {
77 char *addr;
78 char host[NI_MAXHOST];
79 char serv[NI_MAXSERV];
80 int err;
81 size_t addrlen;
82
83 if ((err = getnameinfo((struct sockaddr *)sa, salen,
84 host, sizeof(host),
85 serv, sizeof(serv),
86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
87 VNC_DEBUG("Cannot resolve address %d: %s\n",
88 err, gai_strerror(err));
89 return NULL;
90 }
91
92 /* Enough for the existing format + the 2 vars we're
93 * substituting in. */
94 addrlen = strlen(format) + strlen(host) + strlen(serv);
95 addr = g_malloc(addrlen + 1);
96 snprintf(addr, addrlen, format, host, serv);
97 addr[addrlen] = '\0';
98
99 return addr;
100 }
101
102
103 char *vnc_socket_local_addr(const char *format, int fd) {
104 struct sockaddr_storage sa;
105 socklen_t salen;
106
107 salen = sizeof(sa);
108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
109 return NULL;
110
111 return addr_to_string(format, &sa, salen);
112 }
113
114 char *vnc_socket_remote_addr(const char *format, int fd) {
115 struct sockaddr_storage sa;
116 socklen_t salen;
117
118 salen = sizeof(sa);
119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
120 return NULL;
121
122 return addr_to_string(format, &sa, salen);
123 }
124
125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
126 socklen_t salen)
127 {
128 char host[NI_MAXHOST];
129 char serv[NI_MAXSERV];
130 int err;
131
132 if ((err = getnameinfo((struct sockaddr *)sa, salen,
133 host, sizeof(host),
134 serv, sizeof(serv),
135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
136 VNC_DEBUG("Cannot resolve address %d: %s\n",
137 err, gai_strerror(err));
138 return -1;
139 }
140
141 qdict_put(qdict, "host", qstring_from_str(host));
142 qdict_put(qdict, "service", qstring_from_str(serv));
143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
144
145 return 0;
146 }
147
148 static int vnc_server_addr_put(QDict *qdict, int fd)
149 {
150 struct sockaddr_storage sa;
151 socklen_t salen;
152
153 salen = sizeof(sa);
154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
155 return -1;
156 }
157
158 return put_addr_qdict(qdict, &sa, salen);
159 }
160
161 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
162 {
163 struct sockaddr_storage sa;
164 socklen_t salen;
165
166 salen = sizeof(sa);
167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
168 return -1;
169 }
170
171 return put_addr_qdict(qdict, &sa, salen);
172 }
173
174 static const char *vnc_auth_name(VncDisplay *vd) {
175 switch (vd->auth) {
176 case VNC_AUTH_INVALID:
177 return "invalid";
178 case VNC_AUTH_NONE:
179 return "none";
180 case VNC_AUTH_VNC:
181 return "vnc";
182 case VNC_AUTH_RA2:
183 return "ra2";
184 case VNC_AUTH_RA2NE:
185 return "ra2ne";
186 case VNC_AUTH_TIGHT:
187 return "tight";
188 case VNC_AUTH_ULTRA:
189 return "ultra";
190 case VNC_AUTH_TLS:
191 return "tls";
192 case VNC_AUTH_VENCRYPT:
193 #ifdef CONFIG_VNC_TLS
194 switch (vd->subauth) {
195 case VNC_AUTH_VENCRYPT_PLAIN:
196 return "vencrypt+plain";
197 case VNC_AUTH_VENCRYPT_TLSNONE:
198 return "vencrypt+tls+none";
199 case VNC_AUTH_VENCRYPT_TLSVNC:
200 return "vencrypt+tls+vnc";
201 case VNC_AUTH_VENCRYPT_TLSPLAIN:
202 return "vencrypt+tls+plain";
203 case VNC_AUTH_VENCRYPT_X509NONE:
204 return "vencrypt+x509+none";
205 case VNC_AUTH_VENCRYPT_X509VNC:
206 return "vencrypt+x509+vnc";
207 case VNC_AUTH_VENCRYPT_X509PLAIN:
208 return "vencrypt+x509+plain";
209 case VNC_AUTH_VENCRYPT_TLSSASL:
210 return "vencrypt+tls+sasl";
211 case VNC_AUTH_VENCRYPT_X509SASL:
212 return "vencrypt+x509+sasl";
213 default:
214 return "vencrypt";
215 }
216 #else
217 return "vencrypt";
218 #endif
219 case VNC_AUTH_SASL:
220 return "sasl";
221 }
222 return "unknown";
223 }
224
225 static int vnc_server_info_put(QDict *qdict)
226 {
227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
228 return -1;
229 }
230
231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
232 return 0;
233 }
234
235 static void vnc_client_cache_auth(VncState *client)
236 {
237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
238 QDict *qdict;
239 #endif
240
241 if (!client->info) {
242 return;
243 }
244
245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 qdict = qobject_to_qdict(client->info);
247 #endif
248
249 #ifdef CONFIG_VNC_TLS
250 if (client->tls.session &&
251 client->tls.dname) {
252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
253 }
254 #endif
255 #ifdef CONFIG_VNC_SASL
256 if (client->sasl.conn &&
257 client->sasl.username) {
258 qdict_put(qdict, "sasl_username",
259 qstring_from_str(client->sasl.username));
260 }
261 #endif
262 }
263
264 static void vnc_client_cache_addr(VncState *client)
265 {
266 QDict *qdict;
267
268 qdict = qdict_new();
269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
270 QDECREF(qdict);
271 /* XXX: how to report the error? */
272 return;
273 }
274
275 client->info = QOBJECT(qdict);
276 }
277
278 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
279 {
280 QDict *server;
281 QObject *data;
282
283 if (!vs->info) {
284 return;
285 }
286
287 server = qdict_new();
288 if (vnc_server_info_put(server) < 0) {
289 QDECREF(server);
290 return;
291 }
292
293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
294 vs->info, QOBJECT(server));
295
296 monitor_protocol_event(event, data);
297
298 qobject_incref(vs->info);
299 qobject_decref(data);
300 }
301
302 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
303 {
304 struct sockaddr_storage sa;
305 socklen_t salen = sizeof(sa);
306 char host[NI_MAXHOST];
307 char serv[NI_MAXSERV];
308 VncClientInfo *info;
309
310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
311 return NULL;
312 }
313
314 if (getnameinfo((struct sockaddr *)&sa, salen,
315 host, sizeof(host),
316 serv, sizeof(serv),
317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
318 return NULL;
319 }
320
321 info = g_malloc0(sizeof(*info));
322 info->host = g_strdup(host);
323 info->service = g_strdup(serv);
324 info->family = g_strdup(inet_strfamily(sa.ss_family));
325
326 #ifdef CONFIG_VNC_TLS
327 if (client->tls.session && client->tls.dname) {
328 info->has_x509_dname = true;
329 info->x509_dname = g_strdup(client->tls.dname);
330 }
331 #endif
332 #ifdef CONFIG_VNC_SASL
333 if (client->sasl.conn && client->sasl.username) {
334 info->has_sasl_username = true;
335 info->sasl_username = g_strdup(client->sasl.username);
336 }
337 #endif
338
339 return info;
340 }
341
342 VncInfo *qmp_query_vnc(Error **errp)
343 {
344 VncInfo *info = g_malloc0(sizeof(*info));
345
346 if (vnc_display == NULL || vnc_display->display == NULL) {
347 info->enabled = false;
348 } else {
349 VncClientInfoList *cur_item = NULL;
350 struct sockaddr_storage sa;
351 socklen_t salen = sizeof(sa);
352 char host[NI_MAXHOST];
353 char serv[NI_MAXSERV];
354 VncState *client;
355
356 info->enabled = true;
357
358 /* for compatibility with the original command */
359 info->has_clients = true;
360
361 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
363 cinfo->value = qmp_query_vnc_client(client);
364
365 /* XXX: waiting for the qapi to support GSList */
366 if (!cur_item) {
367 info->clients = cur_item = cinfo;
368 } else {
369 cur_item->next = cinfo;
370 cur_item = cinfo;
371 }
372 }
373
374 if (vnc_display->lsock == -1) {
375 return info;
376 }
377
378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
379 &salen) == -1) {
380 error_set(errp, QERR_UNDEFINED_ERROR);
381 goto out_error;
382 }
383
384 if (getnameinfo((struct sockaddr *)&sa, salen,
385 host, sizeof(host),
386 serv, sizeof(serv),
387 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
388 error_set(errp, QERR_UNDEFINED_ERROR);
389 goto out_error;
390 }
391
392 info->has_host = true;
393 info->host = g_strdup(host);
394
395 info->has_service = true;
396 info->service = g_strdup(serv);
397
398 info->has_family = true;
399 info->family = g_strdup(inet_strfamily(sa.ss_family));
400
401 info->has_auth = true;
402 info->auth = g_strdup(vnc_auth_name(vnc_display));
403 }
404
405 return info;
406
407 out_error:
408 qapi_free_VncInfo(info);
409 return NULL;
410 }
411
412 /* TODO
413 1) Get the queue working for IO.
414 2) there is some weirdness when using the -S option (the screen is grey
415 and not totally invalidated
416 3) resolutions > 1024
417 */
418
419 static int vnc_update_client(VncState *vs, int has_dirty);
420 static int vnc_update_client_sync(VncState *vs, int has_dirty);
421 static void vnc_disconnect_start(VncState *vs);
422
423 static void vnc_colordepth(VncState *vs);
424 static void framebuffer_update_request(VncState *vs, int incremental,
425 int x_position, int y_position,
426 int w, int h);
427 static void vnc_refresh(DisplayChangeListener *dcl);
428 static int vnc_refresh_server_surface(VncDisplay *vd);
429
430 static void vnc_dpy_update(DisplayChangeListener *dcl,
431 int x, int y, int w, int h)
432 {
433 int i;
434 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
435 struct VncSurface *s = &vd->guest;
436 int width = surface_width(vd->ds);
437 int height = surface_height(vd->ds);
438
439 h += y;
440
441 /* round x down to ensure the loop only spans one 16-pixel block per,
442 iteration. otherwise, if (x % 16) != 0, the last iteration may span
443 two 16-pixel blocks but we only mark the first as dirty
444 */
445 w += (x % 16);
446 x -= (x % 16);
447
448 x = MIN(x, width);
449 y = MIN(y, height);
450 w = MIN(x + w, width) - x;
451 h = MIN(h, height);
452
453 for (; y < h; y++)
454 for (i = 0; i < w; i += 16)
455 set_bit((x + i) / 16, s->dirty[y]);
456 }
457
458 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
459 int32_t encoding)
460 {
461 vnc_write_u16(vs, x);
462 vnc_write_u16(vs, y);
463 vnc_write_u16(vs, w);
464 vnc_write_u16(vs, h);
465
466 vnc_write_s32(vs, encoding);
467 }
468
469 void buffer_reserve(Buffer *buffer, size_t len)
470 {
471 if ((buffer->capacity - buffer->offset) < len) {
472 buffer->capacity += (len + 1024);
473 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
474 if (buffer->buffer == NULL) {
475 fprintf(stderr, "vnc: out of memory\n");
476 exit(1);
477 }
478 }
479 }
480
481 static int buffer_empty(Buffer *buffer)
482 {
483 return buffer->offset == 0;
484 }
485
486 uint8_t *buffer_end(Buffer *buffer)
487 {
488 return buffer->buffer + buffer->offset;
489 }
490
491 void buffer_reset(Buffer *buffer)
492 {
493 buffer->offset = 0;
494 }
495
496 void buffer_free(Buffer *buffer)
497 {
498 g_free(buffer->buffer);
499 buffer->offset = 0;
500 buffer->capacity = 0;
501 buffer->buffer = NULL;
502 }
503
504 void buffer_append(Buffer *buffer, const void *data, size_t len)
505 {
506 memcpy(buffer->buffer + buffer->offset, data, len);
507 buffer->offset += len;
508 }
509
510 void buffer_advance(Buffer *buf, size_t len)
511 {
512 memmove(buf->buffer, buf->buffer + len,
513 (buf->offset - len));
514 buf->offset -= len;
515 }
516
517 static void vnc_desktop_resize(VncState *vs)
518 {
519 DisplaySurface *ds = vs->vd->ds;
520
521 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
522 return;
523 }
524 if (vs->client_width == surface_width(ds) &&
525 vs->client_height == surface_height(ds)) {
526 return;
527 }
528 vs->client_width = surface_width(ds);
529 vs->client_height = surface_height(ds);
530 vnc_lock_output(vs);
531 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
532 vnc_write_u8(vs, 0);
533 vnc_write_u16(vs, 1); /* number of rects */
534 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
535 VNC_ENCODING_DESKTOPRESIZE);
536 vnc_unlock_output(vs);
537 vnc_flush(vs);
538 }
539
540 static void vnc_abort_display_jobs(VncDisplay *vd)
541 {
542 VncState *vs;
543
544 QTAILQ_FOREACH(vs, &vd->clients, next) {
545 vnc_lock_output(vs);
546 vs->abort = true;
547 vnc_unlock_output(vs);
548 }
549 QTAILQ_FOREACH(vs, &vd->clients, next) {
550 vnc_jobs_join(vs);
551 }
552 QTAILQ_FOREACH(vs, &vd->clients, next) {
553 vnc_lock_output(vs);
554 vs->abort = false;
555 vnc_unlock_output(vs);
556 }
557 }
558
559 int vnc_server_fb_stride(VncDisplay *vd)
560 {
561 return pixman_image_get_stride(vd->server);
562 }
563
564 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
565 {
566 uint8_t *ptr;
567
568 ptr = (uint8_t *)pixman_image_get_data(vd->server);
569 ptr += y * vnc_server_fb_stride(vd);
570 ptr += x * VNC_SERVER_FB_BYTES;
571 return ptr;
572 }
573
574 static void vnc_dpy_switch(DisplayChangeListener *dcl,
575 DisplaySurface *surface)
576 {
577 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
578 VncState *vs;
579
580 vnc_abort_display_jobs(vd);
581
582 /* server surface */
583 qemu_pixman_image_unref(vd->server);
584 vd->ds = surface;
585 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
586 surface_width(vd->ds),
587 surface_height(vd->ds),
588 NULL, 0);
589
590 /* guest surface */
591 #if 0 /* FIXME */
592 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
593 console_color_init(ds);
594 #endif
595 qemu_pixman_image_unref(vd->guest.fb);
596 vd->guest.fb = pixman_image_ref(surface->image);
597 vd->guest.format = surface->format;
598 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
599
600 QTAILQ_FOREACH(vs, &vd->clients, next) {
601 vnc_colordepth(vs);
602 vnc_desktop_resize(vs);
603 if (vs->vd->cursor) {
604 vnc_cursor_define(vs);
605 }
606 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
607 }
608 }
609
610 /* fastest code */
611 static void vnc_write_pixels_copy(VncState *vs,
612 void *pixels, int size)
613 {
614 vnc_write(vs, pixels, size);
615 }
616
617 /* slowest but generic code. */
618 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
619 {
620 uint8_t r, g, b;
621
622 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
623 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
624 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
625 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
626 #else
627 # error need some bits here if you change VNC_SERVER_FB_FORMAT
628 #endif
629 v = (r << vs->client_pf.rshift) |
630 (g << vs->client_pf.gshift) |
631 (b << vs->client_pf.bshift);
632 switch (vs->client_pf.bytes_per_pixel) {
633 case 1:
634 buf[0] = v;
635 break;
636 case 2:
637 if (vs->client_be) {
638 buf[0] = v >> 8;
639 buf[1] = v;
640 } else {
641 buf[1] = v >> 8;
642 buf[0] = v;
643 }
644 break;
645 default:
646 case 4:
647 if (vs->client_be) {
648 buf[0] = v >> 24;
649 buf[1] = v >> 16;
650 buf[2] = v >> 8;
651 buf[3] = v;
652 } else {
653 buf[3] = v >> 24;
654 buf[2] = v >> 16;
655 buf[1] = v >> 8;
656 buf[0] = v;
657 }
658 break;
659 }
660 }
661
662 static void vnc_write_pixels_generic(VncState *vs,
663 void *pixels1, int size)
664 {
665 uint8_t buf[4];
666
667 if (VNC_SERVER_FB_BYTES == 4) {
668 uint32_t *pixels = pixels1;
669 int n, i;
670 n = size >> 2;
671 for (i = 0; i < n; i++) {
672 vnc_convert_pixel(vs, buf, pixels[i]);
673 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
674 }
675 }
676 }
677
678 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
679 {
680 int i;
681 uint8_t *row;
682 VncDisplay *vd = vs->vd;
683
684 row = vnc_server_fb_ptr(vd, x, y);
685 for (i = 0; i < h; i++) {
686 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
687 row += vnc_server_fb_stride(vd);
688 }
689 return 1;
690 }
691
692 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
693 {
694 int n = 0;
695
696 switch(vs->vnc_encoding) {
697 case VNC_ENCODING_ZLIB:
698 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
699 break;
700 case VNC_ENCODING_HEXTILE:
701 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
702 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
703 break;
704 case VNC_ENCODING_TIGHT:
705 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
706 break;
707 case VNC_ENCODING_TIGHT_PNG:
708 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
709 break;
710 case VNC_ENCODING_ZRLE:
711 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
712 break;
713 case VNC_ENCODING_ZYWRLE:
714 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
715 break;
716 default:
717 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
718 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
719 break;
720 }
721 return n;
722 }
723
724 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
725 {
726 /* send bitblit op to the vnc client */
727 vnc_lock_output(vs);
728 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
729 vnc_write_u8(vs, 0);
730 vnc_write_u16(vs, 1); /* number of rects */
731 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
732 vnc_write_u16(vs, src_x);
733 vnc_write_u16(vs, src_y);
734 vnc_unlock_output(vs);
735 vnc_flush(vs);
736 }
737
738 static void vnc_dpy_copy(DisplayChangeListener *dcl,
739 int src_x, int src_y,
740 int dst_x, int dst_y, int w, int h)
741 {
742 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
743 VncState *vs, *vn;
744 uint8_t *src_row;
745 uint8_t *dst_row;
746 int i, x, y, pitch, inc, w_lim, s;
747 int cmp_bytes;
748
749 vnc_refresh_server_surface(vd);
750 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
751 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
752 vs->force_update = 1;
753 vnc_update_client_sync(vs, 1);
754 /* vs might be free()ed here */
755 }
756 }
757
758 /* do bitblit op on the local surface too */
759 pitch = vnc_server_fb_stride(vd);
760 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
761 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
762 y = dst_y;
763 inc = 1;
764 if (dst_y > src_y) {
765 /* copy backwards */
766 src_row += pitch * (h-1);
767 dst_row += pitch * (h-1);
768 pitch = -pitch;
769 y = dst_y + h - 1;
770 inc = -1;
771 }
772 w_lim = w - (16 - (dst_x % 16));
773 if (w_lim < 0)
774 w_lim = w;
775 else
776 w_lim = w - (w_lim % 16);
777 for (i = 0; i < h; i++) {
778 for (x = 0; x <= w_lim;
779 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
780 if (x == w_lim) {
781 if ((s = w - w_lim) == 0)
782 break;
783 } else if (!x) {
784 s = (16 - (dst_x % 16));
785 s = MIN(s, w_lim);
786 } else {
787 s = 16;
788 }
789 cmp_bytes = s * VNC_SERVER_FB_BYTES;
790 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
791 continue;
792 memmove(dst_row, src_row, cmp_bytes);
793 QTAILQ_FOREACH(vs, &vd->clients, next) {
794 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
795 set_bit(((x + dst_x) / 16), vs->dirty[y]);
796 }
797 }
798 }
799 src_row += pitch - w * VNC_SERVER_FB_BYTES;
800 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
801 y += inc;
802 }
803
804 QTAILQ_FOREACH(vs, &vd->clients, next) {
805 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
806 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
807 }
808 }
809 }
810
811 static void vnc_mouse_set(DisplayChangeListener *dcl,
812 int x, int y, int visible)
813 {
814 /* can we ask the client(s) to move the pointer ??? */
815 }
816
817 static int vnc_cursor_define(VncState *vs)
818 {
819 QEMUCursor *c = vs->vd->cursor;
820 int isize;
821
822 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
823 vnc_lock_output(vs);
824 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
825 vnc_write_u8(vs, 0); /* padding */
826 vnc_write_u16(vs, 1); /* # of rects */
827 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
828 VNC_ENCODING_RICH_CURSOR);
829 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
830 vnc_write_pixels_generic(vs, c->data, isize);
831 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
832 vnc_unlock_output(vs);
833 return 0;
834 }
835 return -1;
836 }
837
838 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
839 QEMUCursor *c)
840 {
841 VncDisplay *vd = vnc_display;
842 VncState *vs;
843
844 cursor_put(vd->cursor);
845 g_free(vd->cursor_mask);
846
847 vd->cursor = c;
848 cursor_get(vd->cursor);
849 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
850 vd->cursor_mask = g_malloc0(vd->cursor_msize);
851 cursor_get_mono_mask(c, 0, vd->cursor_mask);
852
853 QTAILQ_FOREACH(vs, &vd->clients, next) {
854 vnc_cursor_define(vs);
855 }
856 }
857
858 static int find_and_clear_dirty_height(struct VncState *vs,
859 int y, int last_x, int x, int height)
860 {
861 int h;
862
863 for (h = 1; h < (height - y); h++) {
864 int tmp_x;
865 if (!test_bit(last_x, vs->dirty[y + h])) {
866 break;
867 }
868 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
869 clear_bit(tmp_x, vs->dirty[y + h]);
870 }
871 }
872
873 return h;
874 }
875
876 static int vnc_update_client_sync(VncState *vs, int has_dirty)
877 {
878 int ret = vnc_update_client(vs, has_dirty);
879 vnc_jobs_join(vs);
880 return ret;
881 }
882
883 static int vnc_update_client(VncState *vs, int has_dirty)
884 {
885 if (vs->need_update && vs->csock != -1) {
886 VncDisplay *vd = vs->vd;
887 VncJob *job;
888 int y;
889 int width, height;
890 int n = 0;
891
892
893 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
894 /* kernel send buffers are full -> drop frames to throttle */
895 return 0;
896
897 if (!has_dirty && !vs->audio_cap && !vs->force_update)
898 return 0;
899
900 /*
901 * Send screen updates to the vnc client using the server
902 * surface and server dirty map. guest surface updates
903 * happening in parallel don't disturb us, the next pass will
904 * send them to the client.
905 */
906 job = vnc_job_new(vs);
907
908 width = MIN(pixman_image_get_width(vd->server), vs->client_width);
909 height = MIN(pixman_image_get_height(vd->server), vs->client_height);
910
911 for (y = 0; y < height; y++) {
912 int x;
913 int last_x = -1;
914 for (x = 0; x < width / 16; x++) {
915 if (test_and_clear_bit(x, vs->dirty[y])) {
916 if (last_x == -1) {
917 last_x = x;
918 }
919 } else {
920 if (last_x != -1) {
921 int h = find_and_clear_dirty_height(vs, y, last_x, x,
922 height);
923
924 n += vnc_job_add_rect(job, last_x * 16, y,
925 (x - last_x) * 16, h);
926 }
927 last_x = -1;
928 }
929 }
930 if (last_x != -1) {
931 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
932 n += vnc_job_add_rect(job, last_x * 16, y,
933 (x - last_x) * 16, h);
934 }
935 }
936
937 vnc_job_push(job);
938 vs->force_update = 0;
939 return n;
940 }
941
942 if (vs->csock == -1)
943 vnc_disconnect_finish(vs);
944
945 return 0;
946 }
947
948 /* audio */
949 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
950 {
951 VncState *vs = opaque;
952
953 switch (cmd) {
954 case AUD_CNOTIFY_DISABLE:
955 vnc_lock_output(vs);
956 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
958 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
959 vnc_unlock_output(vs);
960 vnc_flush(vs);
961 break;
962
963 case AUD_CNOTIFY_ENABLE:
964 vnc_lock_output(vs);
965 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
967 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
968 vnc_unlock_output(vs);
969 vnc_flush(vs);
970 break;
971 }
972 }
973
974 static void audio_capture_destroy(void *opaque)
975 {
976 }
977
978 static void audio_capture(void *opaque, void *buf, int size)
979 {
980 VncState *vs = opaque;
981
982 vnc_lock_output(vs);
983 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
985 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
986 vnc_write_u32(vs, size);
987 vnc_write(vs, buf, size);
988 vnc_unlock_output(vs);
989 vnc_flush(vs);
990 }
991
992 static void audio_add(VncState *vs)
993 {
994 struct audio_capture_ops ops;
995
996 if (vs->audio_cap) {
997 monitor_printf(default_mon, "audio already running\n");
998 return;
999 }
1000
1001 ops.notify = audio_capture_notify;
1002 ops.destroy = audio_capture_destroy;
1003 ops.capture = audio_capture;
1004
1005 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1006 if (!vs->audio_cap) {
1007 monitor_printf(default_mon, "Failed to add audio capture\n");
1008 }
1009 }
1010
1011 static void audio_del(VncState *vs)
1012 {
1013 if (vs->audio_cap) {
1014 AUD_del_capture(vs->audio_cap, vs);
1015 vs->audio_cap = NULL;
1016 }
1017 }
1018
1019 static void vnc_disconnect_start(VncState *vs)
1020 {
1021 if (vs->csock == -1)
1022 return;
1023 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1024 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1025 closesocket(vs->csock);
1026 vs->csock = -1;
1027 }
1028
1029 void vnc_disconnect_finish(VncState *vs)
1030 {
1031 int i;
1032
1033 vnc_jobs_join(vs); /* Wait encoding jobs */
1034
1035 vnc_lock_output(vs);
1036 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1037
1038 buffer_free(&vs->input);
1039 buffer_free(&vs->output);
1040 #ifdef CONFIG_VNC_WS
1041 buffer_free(&vs->ws_input);
1042 buffer_free(&vs->ws_output);
1043 #endif /* CONFIG_VNC_WS */
1044
1045 qobject_decref(vs->info);
1046
1047 vnc_zlib_clear(vs);
1048 vnc_tight_clear(vs);
1049 vnc_zrle_clear(vs);
1050
1051 #ifdef CONFIG_VNC_TLS
1052 vnc_tls_client_cleanup(vs);
1053 #endif /* CONFIG_VNC_TLS */
1054 #ifdef CONFIG_VNC_SASL
1055 vnc_sasl_client_cleanup(vs);
1056 #endif /* CONFIG_VNC_SASL */
1057 audio_del(vs);
1058 vnc_release_modifiers(vs);
1059
1060 if (vs->initialized) {
1061 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1062 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1063 }
1064
1065 if (vs->vd->lock_key_sync)
1066 qemu_remove_led_event_handler(vs->led);
1067 vnc_unlock_output(vs);
1068
1069 qemu_mutex_destroy(&vs->output_mutex);
1070 if (vs->bh != NULL) {
1071 qemu_bh_delete(vs->bh);
1072 }
1073 buffer_free(&vs->jobs_buffer);
1074
1075 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1076 g_free(vs->lossy_rect[i]);
1077 }
1078 g_free(vs->lossy_rect);
1079 g_free(vs);
1080 }
1081
1082 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1083 {
1084 if (ret == 0 || ret == -1) {
1085 if (ret == -1) {
1086 switch (last_errno) {
1087 case EINTR:
1088 case EAGAIN:
1089 #ifdef _WIN32
1090 case WSAEWOULDBLOCK:
1091 #endif
1092 return 0;
1093 default:
1094 break;
1095 }
1096 }
1097
1098 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1099 ret, ret < 0 ? last_errno : 0);
1100 vnc_disconnect_start(vs);
1101
1102 return 0;
1103 }
1104 return ret;
1105 }
1106
1107
1108 void vnc_client_error(VncState *vs)
1109 {
1110 VNC_DEBUG("Closing down client sock: protocol error\n");
1111 vnc_disconnect_start(vs);
1112 }
1113
1114
1115 /*
1116 * Called to write a chunk of data to the client socket. The data may
1117 * be the raw data, or may have already been encoded by SASL.
1118 * The data will be written either straight onto the socket, or
1119 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1120 *
1121 * NB, it is theoretically possible to have 2 layers of encryption,
1122 * both SASL, and this TLS layer. It is highly unlikely in practice
1123 * though, since SASL encryption will typically be a no-op if TLS
1124 * is active
1125 *
1126 * Returns the number of bytes written, which may be less than
1127 * the requested 'datalen' if the socket would block. Returns
1128 * -1 on error, and disconnects the client socket.
1129 */
1130 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1131 {
1132 long ret;
1133 #ifdef CONFIG_VNC_TLS
1134 if (vs->tls.session) {
1135 ret = gnutls_write(vs->tls.session, data, datalen);
1136 if (ret < 0) {
1137 if (ret == GNUTLS_E_AGAIN)
1138 errno = EAGAIN;
1139 else
1140 errno = EIO;
1141 ret = -1;
1142 }
1143 } else
1144 #endif /* CONFIG_VNC_TLS */
1145 ret = send(vs->csock, (const void *)data, datalen, 0);
1146 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1147 return vnc_client_io_error(vs, ret, socket_error());
1148 }
1149
1150
1151 /*
1152 * Called to write buffered data to the client socket, when not
1153 * using any SASL SSF encryption layers. Will write as much data
1154 * as possible without blocking. If all buffered data is written,
1155 * will switch the FD poll() handler back to read monitoring.
1156 *
1157 * Returns the number of bytes written, which may be less than
1158 * the buffered output data if the socket would block. Returns
1159 * -1 on error, and disconnects the client socket.
1160 */
1161 static long vnc_client_write_plain(VncState *vs)
1162 {
1163 long ret;
1164
1165 #ifdef CONFIG_VNC_SASL
1166 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1167 vs->output.buffer, vs->output.capacity, vs->output.offset,
1168 vs->sasl.waitWriteSSF);
1169
1170 if (vs->sasl.conn &&
1171 vs->sasl.runSSF &&
1172 vs->sasl.waitWriteSSF) {
1173 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1174 if (ret)
1175 vs->sasl.waitWriteSSF -= ret;
1176 } else
1177 #endif /* CONFIG_VNC_SASL */
1178 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1179 if (!ret)
1180 return 0;
1181
1182 buffer_advance(&vs->output, ret);
1183
1184 if (vs->output.offset == 0) {
1185 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1186 }
1187
1188 return ret;
1189 }
1190
1191
1192 /*
1193 * First function called whenever there is data to be written to
1194 * the client socket. Will delegate actual work according to whether
1195 * SASL SSF layers are enabled (thus requiring encryption calls)
1196 */
1197 static void vnc_client_write_locked(void *opaque)
1198 {
1199 VncState *vs = opaque;
1200
1201 #ifdef CONFIG_VNC_SASL
1202 if (vs->sasl.conn &&
1203 vs->sasl.runSSF &&
1204 !vs->sasl.waitWriteSSF) {
1205 vnc_client_write_sasl(vs);
1206 } else
1207 #endif /* CONFIG_VNC_SASL */
1208 {
1209 #ifdef CONFIG_VNC_WS
1210 if (vs->encode_ws) {
1211 vnc_client_write_ws(vs);
1212 } else
1213 #endif /* CONFIG_VNC_WS */
1214 {
1215 vnc_client_write_plain(vs);
1216 }
1217 }
1218 }
1219
1220 void vnc_client_write(void *opaque)
1221 {
1222 VncState *vs = opaque;
1223
1224 vnc_lock_output(vs);
1225 if (vs->output.offset
1226 #ifdef CONFIG_VNC_WS
1227 || vs->ws_output.offset
1228 #endif
1229 ) {
1230 vnc_client_write_locked(opaque);
1231 } else if (vs->csock != -1) {
1232 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1233 }
1234 vnc_unlock_output(vs);
1235 }
1236
1237 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1238 {
1239 vs->read_handler = func;
1240 vs->read_handler_expect = expecting;
1241 }
1242
1243
1244 /*
1245 * Called to read a chunk of data from the client socket. The data may
1246 * be the raw data, or may need to be further decoded by SASL.
1247 * The data will be read either straight from to the socket, or
1248 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1249 *
1250 * NB, it is theoretically possible to have 2 layers of encryption,
1251 * both SASL, and this TLS layer. It is highly unlikely in practice
1252 * though, since SASL encryption will typically be a no-op if TLS
1253 * is active
1254 *
1255 * Returns the number of bytes read, which may be less than
1256 * the requested 'datalen' if the socket would block. Returns
1257 * -1 on error, and disconnects the client socket.
1258 */
1259 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1260 {
1261 long ret;
1262 #ifdef CONFIG_VNC_TLS
1263 if (vs->tls.session) {
1264 ret = gnutls_read(vs->tls.session, data, datalen);
1265 if (ret < 0) {
1266 if (ret == GNUTLS_E_AGAIN)
1267 errno = EAGAIN;
1268 else
1269 errno = EIO;
1270 ret = -1;
1271 }
1272 } else
1273 #endif /* CONFIG_VNC_TLS */
1274 ret = qemu_recv(vs->csock, data, datalen, 0);
1275 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1276 return vnc_client_io_error(vs, ret, socket_error());
1277 }
1278
1279
1280 /*
1281 * Called to read data from the client socket to the input buffer,
1282 * when not using any SASL SSF encryption layers. Will read as much
1283 * data as possible without blocking.
1284 *
1285 * Returns the number of bytes read. Returns -1 on error, and
1286 * disconnects the client socket.
1287 */
1288 static long vnc_client_read_plain(VncState *vs)
1289 {
1290 int ret;
1291 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1292 vs->input.buffer, vs->input.capacity, vs->input.offset);
1293 buffer_reserve(&vs->input, 4096);
1294 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1295 if (!ret)
1296 return 0;
1297 vs->input.offset += ret;
1298 return ret;
1299 }
1300
1301 static void vnc_jobs_bh(void *opaque)
1302 {
1303 VncState *vs = opaque;
1304
1305 vnc_jobs_consume_buffer(vs);
1306 }
1307
1308 /*
1309 * First function called whenever there is more data to be read from
1310 * the client socket. Will delegate actual work according to whether
1311 * SASL SSF layers are enabled (thus requiring decryption calls)
1312 */
1313 void vnc_client_read(void *opaque)
1314 {
1315 VncState *vs = opaque;
1316 long ret;
1317
1318 #ifdef CONFIG_VNC_SASL
1319 if (vs->sasl.conn && vs->sasl.runSSF)
1320 ret = vnc_client_read_sasl(vs);
1321 else
1322 #endif /* CONFIG_VNC_SASL */
1323 #ifdef CONFIG_VNC_WS
1324 if (vs->encode_ws) {
1325 ret = vnc_client_read_ws(vs);
1326 if (ret == -1) {
1327 vnc_disconnect_start(vs);
1328 return;
1329 } else if (ret == -2) {
1330 vnc_client_error(vs);
1331 return;
1332 }
1333 } else
1334 #endif /* CONFIG_VNC_WS */
1335 {
1336 ret = vnc_client_read_plain(vs);
1337 }
1338 if (!ret) {
1339 if (vs->csock == -1)
1340 vnc_disconnect_finish(vs);
1341 return;
1342 }
1343
1344 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1345 size_t len = vs->read_handler_expect;
1346 int ret;
1347
1348 ret = vs->read_handler(vs, vs->input.buffer, len);
1349 if (vs->csock == -1) {
1350 vnc_disconnect_finish(vs);
1351 return;
1352 }
1353
1354 if (!ret) {
1355 buffer_advance(&vs->input, len);
1356 } else {
1357 vs->read_handler_expect = ret;
1358 }
1359 }
1360 }
1361
1362 void vnc_write(VncState *vs, const void *data, size_t len)
1363 {
1364 buffer_reserve(&vs->output, len);
1365
1366 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1367 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1368 }
1369
1370 buffer_append(&vs->output, data, len);
1371 }
1372
1373 void vnc_write_s32(VncState *vs, int32_t value)
1374 {
1375 vnc_write_u32(vs, *(uint32_t *)&value);
1376 }
1377
1378 void vnc_write_u32(VncState *vs, uint32_t value)
1379 {
1380 uint8_t buf[4];
1381
1382 buf[0] = (value >> 24) & 0xFF;
1383 buf[1] = (value >> 16) & 0xFF;
1384 buf[2] = (value >> 8) & 0xFF;
1385 buf[3] = value & 0xFF;
1386
1387 vnc_write(vs, buf, 4);
1388 }
1389
1390 void vnc_write_u16(VncState *vs, uint16_t value)
1391 {
1392 uint8_t buf[2];
1393
1394 buf[0] = (value >> 8) & 0xFF;
1395 buf[1] = value & 0xFF;
1396
1397 vnc_write(vs, buf, 2);
1398 }
1399
1400 void vnc_write_u8(VncState *vs, uint8_t value)
1401 {
1402 vnc_write(vs, (char *)&value, 1);
1403 }
1404
1405 void vnc_flush(VncState *vs)
1406 {
1407 vnc_lock_output(vs);
1408 if (vs->csock != -1 && (vs->output.offset
1409 #ifdef CONFIG_VNC_WS
1410 || vs->ws_output.offset
1411 #endif
1412 )) {
1413 vnc_client_write_locked(vs);
1414 }
1415 vnc_unlock_output(vs);
1416 }
1417
1418 static uint8_t read_u8(uint8_t *data, size_t offset)
1419 {
1420 return data[offset];
1421 }
1422
1423 static uint16_t read_u16(uint8_t *data, size_t offset)
1424 {
1425 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1426 }
1427
1428 static int32_t read_s32(uint8_t *data, size_t offset)
1429 {
1430 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1431 (data[offset + 2] << 8) | data[offset + 3]);
1432 }
1433
1434 uint32_t read_u32(uint8_t *data, size_t offset)
1435 {
1436 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1437 (data[offset + 2] << 8) | data[offset + 3]);
1438 }
1439
1440 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1441 {
1442 }
1443
1444 static void check_pointer_type_change(Notifier *notifier, void *data)
1445 {
1446 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1447 int absolute = kbd_mouse_is_absolute();
1448
1449 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1450 vnc_lock_output(vs);
1451 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1452 vnc_write_u8(vs, 0);
1453 vnc_write_u16(vs, 1);
1454 vnc_framebuffer_update(vs, absolute, 0,
1455 surface_width(vs->vd->ds),
1456 surface_height(vs->vd->ds),
1457 VNC_ENCODING_POINTER_TYPE_CHANGE);
1458 vnc_unlock_output(vs);
1459 vnc_flush(vs);
1460 }
1461 vs->absolute = absolute;
1462 }
1463
1464 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1465 {
1466 int buttons = 0;
1467 int dz = 0;
1468 int width = surface_width(vs->vd->ds);
1469 int height = surface_height(vs->vd->ds);
1470
1471 if (button_mask & 0x01)
1472 buttons |= MOUSE_EVENT_LBUTTON;
1473 if (button_mask & 0x02)
1474 buttons |= MOUSE_EVENT_MBUTTON;
1475 if (button_mask & 0x04)
1476 buttons |= MOUSE_EVENT_RBUTTON;
1477 if (button_mask & 0x08)
1478 dz = -1;
1479 if (button_mask & 0x10)
1480 dz = 1;
1481
1482 if (vs->absolute) {
1483 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000,
1484 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000,
1485 dz, buttons);
1486 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1487 x -= 0x7FFF;
1488 y -= 0x7FFF;
1489
1490 kbd_mouse_event(x, y, dz, buttons);
1491 } else {
1492 if (vs->last_x != -1)
1493 kbd_mouse_event(x - vs->last_x,
1494 y - vs->last_y,
1495 dz, buttons);
1496 vs->last_x = x;
1497 vs->last_y = y;
1498 }
1499 }
1500
1501 static void reset_keys(VncState *vs)
1502 {
1503 int i;
1504 for(i = 0; i < 256; i++) {
1505 if (vs->modifiers_state[i]) {
1506 if (i & SCANCODE_GREY)
1507 kbd_put_keycode(SCANCODE_EMUL0);
1508 kbd_put_keycode(i | SCANCODE_UP);
1509 vs->modifiers_state[i] = 0;
1510 }
1511 }
1512 }
1513
1514 static void press_key(VncState *vs, int keysym)
1515 {
1516 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1517 if (keycode & SCANCODE_GREY)
1518 kbd_put_keycode(SCANCODE_EMUL0);
1519 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1520 if (keycode & SCANCODE_GREY)
1521 kbd_put_keycode(SCANCODE_EMUL0);
1522 kbd_put_keycode(keycode | SCANCODE_UP);
1523 }
1524
1525 static void kbd_leds(void *opaque, int ledstate)
1526 {
1527 VncState *vs = opaque;
1528 int caps, num;
1529
1530 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1531 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1532
1533 if (vs->modifiers_state[0x3a] != caps) {
1534 vs->modifiers_state[0x3a] = caps;
1535 }
1536 if (vs->modifiers_state[0x45] != num) {
1537 vs->modifiers_state[0x45] = num;
1538 }
1539 }
1540
1541 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1542 {
1543 /* QEMU console switch */
1544 switch(keycode) {
1545 case 0x2a: /* Left Shift */
1546 case 0x36: /* Right Shift */
1547 case 0x1d: /* Left CTRL */
1548 case 0x9d: /* Right CTRL */
1549 case 0x38: /* Left ALT */
1550 case 0xb8: /* Right ALT */
1551 if (down)
1552 vs->modifiers_state[keycode] = 1;
1553 else
1554 vs->modifiers_state[keycode] = 0;
1555 break;
1556 case 0x02 ... 0x0a: /* '1' to '9' keys */
1557 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1558 /* Reset the modifiers sent to the current console */
1559 reset_keys(vs);
1560 console_select(keycode - 0x02);
1561 return;
1562 }
1563 break;
1564 case 0x3a: /* CapsLock */
1565 case 0x45: /* NumLock */
1566 if (down)
1567 vs->modifiers_state[keycode] ^= 1;
1568 break;
1569 }
1570
1571 if (down && vs->vd->lock_key_sync &&
1572 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1573 /* If the numlock state needs to change then simulate an additional
1574 keypress before sending this one. This will happen if the user
1575 toggles numlock away from the VNC window.
1576 */
1577 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1578 if (!vs->modifiers_state[0x45]) {
1579 vs->modifiers_state[0x45] = 1;
1580 press_key(vs, 0xff7f);
1581 }
1582 } else {
1583 if (vs->modifiers_state[0x45]) {
1584 vs->modifiers_state[0x45] = 0;
1585 press_key(vs, 0xff7f);
1586 }
1587 }
1588 }
1589
1590 if (down && vs->vd->lock_key_sync &&
1591 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1592 /* If the capslock state needs to change then simulate an additional
1593 keypress before sending this one. This will happen if the user
1594 toggles capslock away from the VNC window.
1595 */
1596 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1597 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1598 int capslock = !!(vs->modifiers_state[0x3a]);
1599 if (capslock) {
1600 if (uppercase == shift) {
1601 vs->modifiers_state[0x3a] = 0;
1602 press_key(vs, 0xffe5);
1603 }
1604 } else {
1605 if (uppercase != shift) {
1606 vs->modifiers_state[0x3a] = 1;
1607 press_key(vs, 0xffe5);
1608 }
1609 }
1610 }
1611
1612 if (qemu_console_is_graphic(NULL)) {
1613 if (keycode & SCANCODE_GREY)
1614 kbd_put_keycode(SCANCODE_EMUL0);
1615 if (down)
1616 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1617 else
1618 kbd_put_keycode(keycode | SCANCODE_UP);
1619 } else {
1620 bool numlock = vs->modifiers_state[0x45];
1621 bool control = (vs->modifiers_state[0x1d] ||
1622 vs->modifiers_state[0x9d]);
1623 /* QEMU console emulation */
1624 if (down) {
1625 switch (keycode) {
1626 case 0x2a: /* Left Shift */
1627 case 0x36: /* Right Shift */
1628 case 0x1d: /* Left CTRL */
1629 case 0x9d: /* Right CTRL */
1630 case 0x38: /* Left ALT */
1631 case 0xb8: /* Right ALT */
1632 break;
1633 case 0xc8:
1634 kbd_put_keysym(QEMU_KEY_UP);
1635 break;
1636 case 0xd0:
1637 kbd_put_keysym(QEMU_KEY_DOWN);
1638 break;
1639 case 0xcb:
1640 kbd_put_keysym(QEMU_KEY_LEFT);
1641 break;
1642 case 0xcd:
1643 kbd_put_keysym(QEMU_KEY_RIGHT);
1644 break;
1645 case 0xd3:
1646 kbd_put_keysym(QEMU_KEY_DELETE);
1647 break;
1648 case 0xc7:
1649 kbd_put_keysym(QEMU_KEY_HOME);
1650 break;
1651 case 0xcf:
1652 kbd_put_keysym(QEMU_KEY_END);
1653 break;
1654 case 0xc9:
1655 kbd_put_keysym(QEMU_KEY_PAGEUP);
1656 break;
1657 case 0xd1:
1658 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1659 break;
1660
1661 case 0x47:
1662 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1663 break;
1664 case 0x48:
1665 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1666 break;
1667 case 0x49:
1668 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1669 break;
1670 case 0x4b:
1671 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1672 break;
1673 case 0x4c:
1674 kbd_put_keysym('5');
1675 break;
1676 case 0x4d:
1677 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1678 break;
1679 case 0x4f:
1680 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1681 break;
1682 case 0x50:
1683 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1684 break;
1685 case 0x51:
1686 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1687 break;
1688 case 0x52:
1689 kbd_put_keysym('0');
1690 break;
1691 case 0x53:
1692 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1693 break;
1694
1695 case 0xb5:
1696 kbd_put_keysym('/');
1697 break;
1698 case 0x37:
1699 kbd_put_keysym('*');
1700 break;
1701 case 0x4a:
1702 kbd_put_keysym('-');
1703 break;
1704 case 0x4e:
1705 kbd_put_keysym('+');
1706 break;
1707 case 0x9c:
1708 kbd_put_keysym('\n');
1709 break;
1710
1711 default:
1712 if (control) {
1713 kbd_put_keysym(sym & 0x1f);
1714 } else {
1715 kbd_put_keysym(sym);
1716 }
1717 break;
1718 }
1719 }
1720 }
1721 }
1722
1723 static void vnc_release_modifiers(VncState *vs)
1724 {
1725 static const int keycodes[] = {
1726 /* shift, control, alt keys, both left & right */
1727 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1728 };
1729 int i, keycode;
1730
1731 if (!qemu_console_is_graphic(NULL)) {
1732 return;
1733 }
1734 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1735 keycode = keycodes[i];
1736 if (!vs->modifiers_state[keycode]) {
1737 continue;
1738 }
1739 if (keycode & SCANCODE_GREY) {
1740 kbd_put_keycode(SCANCODE_EMUL0);
1741 }
1742 kbd_put_keycode(keycode | SCANCODE_UP);
1743 }
1744 }
1745
1746 static void key_event(VncState *vs, int down, uint32_t sym)
1747 {
1748 int keycode;
1749 int lsym = sym;
1750
1751 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1752 lsym = lsym - 'A' + 'a';
1753 }
1754
1755 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1756 do_key_event(vs, down, keycode, sym);
1757 }
1758
1759 static void ext_key_event(VncState *vs, int down,
1760 uint32_t sym, uint16_t keycode)
1761 {
1762 /* if the user specifies a keyboard layout, always use it */
1763 if (keyboard_layout)
1764 key_event(vs, down, sym);
1765 else
1766 do_key_event(vs, down, keycode, sym);
1767 }
1768
1769 static void framebuffer_update_request(VncState *vs, int incremental,
1770 int x_position, int y_position,
1771 int w, int h)
1772 {
1773 int i;
1774 const size_t width = surface_width(vs->vd->ds) / 16;
1775 const size_t height = surface_height(vs->vd->ds);
1776
1777 if (y_position > height) {
1778 y_position = height;
1779 }
1780 if (y_position + h >= height) {
1781 h = height - y_position;
1782 }
1783
1784 vs->need_update = 1;
1785 if (!incremental) {
1786 vs->force_update = 1;
1787 for (i = 0; i < h; i++) {
1788 bitmap_set(vs->dirty[y_position + i], 0, width);
1789 bitmap_clear(vs->dirty[y_position + i], width,
1790 VNC_DIRTY_BITS - width);
1791 }
1792 }
1793 }
1794
1795 static void send_ext_key_event_ack(VncState *vs)
1796 {
1797 vnc_lock_output(vs);
1798 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1799 vnc_write_u8(vs, 0);
1800 vnc_write_u16(vs, 1);
1801 vnc_framebuffer_update(vs, 0, 0,
1802 surface_width(vs->vd->ds),
1803 surface_height(vs->vd->ds),
1804 VNC_ENCODING_EXT_KEY_EVENT);
1805 vnc_unlock_output(vs);
1806 vnc_flush(vs);
1807 }
1808
1809 static void send_ext_audio_ack(VncState *vs)
1810 {
1811 vnc_lock_output(vs);
1812 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1813 vnc_write_u8(vs, 0);
1814 vnc_write_u16(vs, 1);
1815 vnc_framebuffer_update(vs, 0, 0,
1816 surface_width(vs->vd->ds),
1817 surface_height(vs->vd->ds),
1818 VNC_ENCODING_AUDIO);
1819 vnc_unlock_output(vs);
1820 vnc_flush(vs);
1821 }
1822
1823 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1824 {
1825 int i;
1826 unsigned int enc = 0;
1827
1828 vs->features = 0;
1829 vs->vnc_encoding = 0;
1830 vs->tight.compression = 9;
1831 vs->tight.quality = -1; /* Lossless by default */
1832 vs->absolute = -1;
1833
1834 /*
1835 * Start from the end because the encodings are sent in order of preference.
1836 * This way the preferred encoding (first encoding defined in the array)
1837 * will be set at the end of the loop.
1838 */
1839 for (i = n_encodings - 1; i >= 0; i--) {
1840 enc = encodings[i];
1841 switch (enc) {
1842 case VNC_ENCODING_RAW:
1843 vs->vnc_encoding = enc;
1844 break;
1845 case VNC_ENCODING_COPYRECT:
1846 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1847 break;
1848 case VNC_ENCODING_HEXTILE:
1849 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1850 vs->vnc_encoding = enc;
1851 break;
1852 case VNC_ENCODING_TIGHT:
1853 vs->features |= VNC_FEATURE_TIGHT_MASK;
1854 vs->vnc_encoding = enc;
1855 break;
1856 #ifdef CONFIG_VNC_PNG
1857 case VNC_ENCODING_TIGHT_PNG:
1858 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1859 vs->vnc_encoding = enc;
1860 break;
1861 #endif
1862 case VNC_ENCODING_ZLIB:
1863 vs->features |= VNC_FEATURE_ZLIB_MASK;
1864 vs->vnc_encoding = enc;
1865 break;
1866 case VNC_ENCODING_ZRLE:
1867 vs->features |= VNC_FEATURE_ZRLE_MASK;
1868 vs->vnc_encoding = enc;
1869 break;
1870 case VNC_ENCODING_ZYWRLE:
1871 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1872 vs->vnc_encoding = enc;
1873 break;
1874 case VNC_ENCODING_DESKTOPRESIZE:
1875 vs->features |= VNC_FEATURE_RESIZE_MASK;
1876 break;
1877 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1878 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1879 break;
1880 case VNC_ENCODING_RICH_CURSOR:
1881 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1882 break;
1883 case VNC_ENCODING_EXT_KEY_EVENT:
1884 send_ext_key_event_ack(vs);
1885 break;
1886 case VNC_ENCODING_AUDIO:
1887 send_ext_audio_ack(vs);
1888 break;
1889 case VNC_ENCODING_WMVi:
1890 vs->features |= VNC_FEATURE_WMVI_MASK;
1891 break;
1892 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1893 vs->tight.compression = (enc & 0x0F);
1894 break;
1895 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1896 if (vs->vd->lossy) {
1897 vs->tight.quality = (enc & 0x0F);
1898 }
1899 break;
1900 default:
1901 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1902 break;
1903 }
1904 }
1905 vnc_desktop_resize(vs);
1906 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1907 }
1908
1909 static void set_pixel_conversion(VncState *vs)
1910 {
1911 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
1912
1913 if (fmt == VNC_SERVER_FB_FORMAT) {
1914 vs->write_pixels = vnc_write_pixels_copy;
1915 vnc_hextile_set_pixel_conversion(vs, 0);
1916 } else {
1917 vs->write_pixels = vnc_write_pixels_generic;
1918 vnc_hextile_set_pixel_conversion(vs, 1);
1919 }
1920 }
1921
1922 static void set_pixel_format(VncState *vs,
1923 int bits_per_pixel, int depth,
1924 int big_endian_flag, int true_color_flag,
1925 int red_max, int green_max, int blue_max,
1926 int red_shift, int green_shift, int blue_shift)
1927 {
1928 if (!true_color_flag) {
1929 vnc_client_error(vs);
1930 return;
1931 }
1932
1933 vs->client_pf.rmax = red_max;
1934 vs->client_pf.rbits = hweight_long(red_max);
1935 vs->client_pf.rshift = red_shift;
1936 vs->client_pf.rmask = red_max << red_shift;
1937 vs->client_pf.gmax = green_max;
1938 vs->client_pf.gbits = hweight_long(green_max);
1939 vs->client_pf.gshift = green_shift;
1940 vs->client_pf.gmask = green_max << green_shift;
1941 vs->client_pf.bmax = blue_max;
1942 vs->client_pf.bbits = hweight_long(blue_max);
1943 vs->client_pf.bshift = blue_shift;
1944 vs->client_pf.bmask = blue_max << blue_shift;
1945 vs->client_pf.bits_per_pixel = bits_per_pixel;
1946 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
1947 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1948 vs->client_be = big_endian_flag;
1949
1950 set_pixel_conversion(vs);
1951
1952 graphic_hw_invalidate(NULL);
1953 graphic_hw_update(NULL);
1954 }
1955
1956 static void pixel_format_message (VncState *vs) {
1957 char pad[3] = { 0, 0, 0 };
1958
1959 vs->client_pf = qemu_default_pixelformat(32);
1960
1961 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
1962 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
1963
1964 #ifdef HOST_WORDS_BIGENDIAN
1965 vnc_write_u8(vs, 1); /* big-endian-flag */
1966 #else
1967 vnc_write_u8(vs, 0); /* big-endian-flag */
1968 #endif
1969 vnc_write_u8(vs, 1); /* true-color-flag */
1970 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
1971 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
1972 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
1973 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
1974 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
1975 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
1976 vnc_write(vs, pad, 3); /* padding */
1977
1978 vnc_hextile_set_pixel_conversion(vs, 0);
1979 vs->write_pixels = vnc_write_pixels_copy;
1980 }
1981
1982 static void vnc_colordepth(VncState *vs)
1983 {
1984 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1985 /* Sending a WMVi message to notify the client*/
1986 vnc_lock_output(vs);
1987 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1988 vnc_write_u8(vs, 0);
1989 vnc_write_u16(vs, 1); /* number of rects */
1990 vnc_framebuffer_update(vs, 0, 0,
1991 surface_width(vs->vd->ds),
1992 surface_height(vs->vd->ds),
1993 VNC_ENCODING_WMVi);
1994 pixel_format_message(vs);
1995 vnc_unlock_output(vs);
1996 vnc_flush(vs);
1997 } else {
1998 set_pixel_conversion(vs);
1999 }
2000 }
2001
2002 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2003 {
2004 int i;
2005 uint16_t limit;
2006 VncDisplay *vd = vs->vd;
2007
2008 if (data[0] > 3) {
2009 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2010 }
2011
2012 switch (data[0]) {
2013 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2014 if (len == 1)
2015 return 20;
2016
2017 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2018 read_u8(data, 6), read_u8(data, 7),
2019 read_u16(data, 8), read_u16(data, 10),
2020 read_u16(data, 12), read_u8(data, 14),
2021 read_u8(data, 15), read_u8(data, 16));
2022 break;
2023 case VNC_MSG_CLIENT_SET_ENCODINGS:
2024 if (len == 1)
2025 return 4;
2026
2027 if (len == 4) {
2028 limit = read_u16(data, 2);
2029 if (limit > 0)
2030 return 4 + (limit * 4);
2031 } else
2032 limit = read_u16(data, 2);
2033
2034 for (i = 0; i < limit; i++) {
2035 int32_t val = read_s32(data, 4 + (i * 4));
2036 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2037 }
2038
2039 set_encodings(vs, (int32_t *)(data + 4), limit);
2040 break;
2041 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2042 if (len == 1)
2043 return 10;
2044
2045 framebuffer_update_request(vs,
2046 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2047 read_u16(data, 6), read_u16(data, 8));
2048 break;
2049 case VNC_MSG_CLIENT_KEY_EVENT:
2050 if (len == 1)
2051 return 8;
2052
2053 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2054 break;
2055 case VNC_MSG_CLIENT_POINTER_EVENT:
2056 if (len == 1)
2057 return 6;
2058
2059 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2060 break;
2061 case VNC_MSG_CLIENT_CUT_TEXT:
2062 if (len == 1)
2063 return 8;
2064
2065 if (len == 8) {
2066 uint32_t dlen = read_u32(data, 4);
2067 if (dlen > 0)
2068 return 8 + dlen;
2069 }
2070
2071 client_cut_text(vs, read_u32(data, 4), data + 8);
2072 break;
2073 case VNC_MSG_CLIENT_QEMU:
2074 if (len == 1)
2075 return 2;
2076
2077 switch (read_u8(data, 1)) {
2078 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2079 if (len == 2)
2080 return 12;
2081
2082 ext_key_event(vs, read_u16(data, 2),
2083 read_u32(data, 4), read_u32(data, 8));
2084 break;
2085 case VNC_MSG_CLIENT_QEMU_AUDIO:
2086 if (len == 2)
2087 return 4;
2088
2089 switch (read_u16 (data, 2)) {
2090 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2091 audio_add(vs);
2092 break;
2093 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2094 audio_del(vs);
2095 break;
2096 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2097 if (len == 4)
2098 return 10;
2099 switch (read_u8(data, 4)) {
2100 case 0: vs->as.fmt = AUD_FMT_U8; break;
2101 case 1: vs->as.fmt = AUD_FMT_S8; break;
2102 case 2: vs->as.fmt = AUD_FMT_U16; break;
2103 case 3: vs->as.fmt = AUD_FMT_S16; break;
2104 case 4: vs->as.fmt = AUD_FMT_U32; break;
2105 case 5: vs->as.fmt = AUD_FMT_S32; break;
2106 default:
2107 printf("Invalid audio format %d\n", read_u8(data, 4));
2108 vnc_client_error(vs);
2109 break;
2110 }
2111 vs->as.nchannels = read_u8(data, 5);
2112 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2113 printf("Invalid audio channel coount %d\n",
2114 read_u8(data, 5));
2115 vnc_client_error(vs);
2116 break;
2117 }
2118 vs->as.freq = read_u32(data, 6);
2119 break;
2120 default:
2121 printf ("Invalid audio message %d\n", read_u8(data, 4));
2122 vnc_client_error(vs);
2123 break;
2124 }
2125 break;
2126
2127 default:
2128 printf("Msg: %d\n", read_u16(data, 0));
2129 vnc_client_error(vs);
2130 break;
2131 }
2132 break;
2133 default:
2134 printf("Msg: %d\n", data[0]);
2135 vnc_client_error(vs);
2136 break;
2137 }
2138
2139 vnc_read_when(vs, protocol_client_msg, 1);
2140 return 0;
2141 }
2142
2143 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2144 {
2145 char buf[1024];
2146 VncShareMode mode;
2147 int size;
2148
2149 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2150 switch (vs->vd->share_policy) {
2151 case VNC_SHARE_POLICY_IGNORE:
2152 /*
2153 * Ignore the shared flag. Nothing to do here.
2154 *
2155 * Doesn't conform to the rfb spec but is traditional qemu
2156 * behavior, thus left here as option for compatibility
2157 * reasons.
2158 */
2159 break;
2160 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2161 /*
2162 * Policy: Allow clients ask for exclusive access.
2163 *
2164 * Implementation: When a client asks for exclusive access,
2165 * disconnect all others. Shared connects are allowed as long
2166 * as no exclusive connection exists.
2167 *
2168 * This is how the rfb spec suggests to handle the shared flag.
2169 */
2170 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2171 VncState *client;
2172 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2173 if (vs == client) {
2174 continue;
2175 }
2176 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2177 client->share_mode != VNC_SHARE_MODE_SHARED) {
2178 continue;
2179 }
2180 vnc_disconnect_start(client);
2181 }
2182 }
2183 if (mode == VNC_SHARE_MODE_SHARED) {
2184 if (vs->vd->num_exclusive > 0) {
2185 vnc_disconnect_start(vs);
2186 return 0;
2187 }
2188 }
2189 break;
2190 case VNC_SHARE_POLICY_FORCE_SHARED:
2191 /*
2192 * Policy: Shared connects only.
2193 * Implementation: Disallow clients asking for exclusive access.
2194 *
2195 * Useful for shared desktop sessions where you don't want
2196 * someone forgetting to say -shared when running the vnc
2197 * client disconnect everybody else.
2198 */
2199 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2200 vnc_disconnect_start(vs);
2201 return 0;
2202 }
2203 break;
2204 }
2205 vnc_set_share_mode(vs, mode);
2206
2207 vs->client_width = surface_width(vs->vd->ds);
2208 vs->client_height = surface_height(vs->vd->ds);
2209 vnc_write_u16(vs, vs->client_width);
2210 vnc_write_u16(vs, vs->client_height);
2211
2212 pixel_format_message(vs);
2213
2214 if (qemu_name)
2215 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2216 else
2217 size = snprintf(buf, sizeof(buf), "QEMU");
2218
2219 vnc_write_u32(vs, size);
2220 vnc_write(vs, buf, size);
2221 vnc_flush(vs);
2222
2223 vnc_client_cache_auth(vs);
2224 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2225
2226 vnc_read_when(vs, protocol_client_msg, 1);
2227
2228 return 0;
2229 }
2230
2231 void start_client_init(VncState *vs)
2232 {
2233 vnc_read_when(vs, protocol_client_init, 1);
2234 }
2235
2236 static void make_challenge(VncState *vs)
2237 {
2238 int i;
2239
2240 srand(time(NULL)+getpid()+getpid()*987654+rand());
2241
2242 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2243 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2244 }
2245
2246 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2247 {
2248 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2249 int i, j, pwlen;
2250 unsigned char key[8];
2251 time_t now = time(NULL);
2252
2253 if (!vs->vd->password) {
2254 VNC_DEBUG("No password configured on server");
2255 goto reject;
2256 }
2257 if (vs->vd->expires < now) {
2258 VNC_DEBUG("Password is expired");
2259 goto reject;
2260 }
2261
2262 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2263
2264 /* Calculate the expected challenge response */
2265 pwlen = strlen(vs->vd->password);
2266 for (i=0; i<sizeof(key); i++)
2267 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2268 deskey(key, EN0);
2269 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2270 des(response+j, response+j);
2271
2272 /* Compare expected vs actual challenge response */
2273 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2274 VNC_DEBUG("Client challenge response did not match\n");
2275 goto reject;
2276 } else {
2277 VNC_DEBUG("Accepting VNC challenge response\n");
2278 vnc_write_u32(vs, 0); /* Accept auth */
2279 vnc_flush(vs);
2280
2281 start_client_init(vs);
2282 }
2283 return 0;
2284
2285 reject:
2286 vnc_write_u32(vs, 1); /* Reject auth */
2287 if (vs->minor >= 8) {
2288 static const char err[] = "Authentication failed";
2289 vnc_write_u32(vs, sizeof(err));
2290 vnc_write(vs, err, sizeof(err));
2291 }
2292 vnc_flush(vs);
2293 vnc_client_error(vs);
2294 return 0;
2295 }
2296
2297 void start_auth_vnc(VncState *vs)
2298 {
2299 make_challenge(vs);
2300 /* Send client a 'random' challenge */
2301 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2302 vnc_flush(vs);
2303
2304 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2305 }
2306
2307
2308 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2309 {
2310 /* We only advertise 1 auth scheme at a time, so client
2311 * must pick the one we sent. Verify this */
2312 if (data[0] != vs->auth) { /* Reject auth */
2313 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2314 vnc_write_u32(vs, 1);
2315 if (vs->minor >= 8) {
2316 static const char err[] = "Authentication failed";
2317 vnc_write_u32(vs, sizeof(err));
2318 vnc_write(vs, err, sizeof(err));
2319 }
2320 vnc_client_error(vs);
2321 } else { /* Accept requested auth */
2322 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2323 switch (vs->auth) {
2324 case VNC_AUTH_NONE:
2325 VNC_DEBUG("Accept auth none\n");
2326 if (vs->minor >= 8) {
2327 vnc_write_u32(vs, 0); /* Accept auth completion */
2328 vnc_flush(vs);
2329 }
2330 start_client_init(vs);
2331 break;
2332
2333 case VNC_AUTH_VNC:
2334 VNC_DEBUG("Start VNC auth\n");
2335 start_auth_vnc(vs);
2336 break;
2337
2338 #ifdef CONFIG_VNC_TLS
2339 case VNC_AUTH_VENCRYPT:
2340 VNC_DEBUG("Accept VeNCrypt auth\n");
2341 start_auth_vencrypt(vs);
2342 break;
2343 #endif /* CONFIG_VNC_TLS */
2344
2345 #ifdef CONFIG_VNC_SASL
2346 case VNC_AUTH_SASL:
2347 VNC_DEBUG("Accept SASL auth\n");
2348 start_auth_sasl(vs);
2349 break;
2350 #endif /* CONFIG_VNC_SASL */
2351
2352 default: /* Should not be possible, but just in case */
2353 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2354 vnc_write_u8(vs, 1);
2355 if (vs->minor >= 8) {
2356 static const char err[] = "Authentication failed";
2357 vnc_write_u32(vs, sizeof(err));
2358 vnc_write(vs, err, sizeof(err));
2359 }
2360 vnc_client_error(vs);
2361 }
2362 }
2363 return 0;
2364 }
2365
2366 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2367 {
2368 char local[13];
2369
2370 memcpy(local, version, 12);
2371 local[12] = 0;
2372
2373 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2374 VNC_DEBUG("Malformed protocol version %s\n", local);
2375 vnc_client_error(vs);
2376 return 0;
2377 }
2378 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2379 if (vs->major != 3 ||
2380 (vs->minor != 3 &&
2381 vs->minor != 4 &&
2382 vs->minor != 5 &&
2383 vs->minor != 7 &&
2384 vs->minor != 8)) {
2385 VNC_DEBUG("Unsupported client version\n");
2386 vnc_write_u32(vs, VNC_AUTH_INVALID);
2387 vnc_flush(vs);
2388 vnc_client_error(vs);
2389 return 0;
2390 }
2391 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2392 * as equivalent to v3.3 by servers
2393 */
2394 if (vs->minor == 4 || vs->minor == 5)
2395 vs->minor = 3;
2396
2397 if (vs->minor == 3) {
2398 if (vs->auth == VNC_AUTH_NONE) {
2399 VNC_DEBUG("Tell client auth none\n");
2400 vnc_write_u32(vs, vs->auth);
2401 vnc_flush(vs);
2402 start_client_init(vs);
2403 } else if (vs->auth == VNC_AUTH_VNC) {
2404 VNC_DEBUG("Tell client VNC auth\n");
2405 vnc_write_u32(vs, vs->auth);
2406 vnc_flush(vs);
2407 start_auth_vnc(vs);
2408 } else {
2409 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2410 vnc_write_u32(vs, VNC_AUTH_INVALID);
2411 vnc_flush(vs);
2412 vnc_client_error(vs);
2413 }
2414 } else {
2415 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2416 vnc_write_u8(vs, 1); /* num auth */
2417 vnc_write_u8(vs, vs->auth);
2418 vnc_read_when(vs, protocol_client_auth, 1);
2419 vnc_flush(vs);
2420 }
2421
2422 return 0;
2423 }
2424
2425 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2426 {
2427 struct VncSurface *vs = &vd->guest;
2428
2429 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2430 }
2431
2432 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2433 {
2434 int i, j;
2435
2436 w = (x + w) / VNC_STAT_RECT;
2437 h = (y + h) / VNC_STAT_RECT;
2438 x /= VNC_STAT_RECT;
2439 y /= VNC_STAT_RECT;
2440
2441 for (j = y; j <= h; j++) {
2442 for (i = x; i <= w; i++) {
2443 vs->lossy_rect[j][i] = 1;
2444 }
2445 }
2446 }
2447
2448 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2449 {
2450 VncState *vs;
2451 int sty = y / VNC_STAT_RECT;
2452 int stx = x / VNC_STAT_RECT;
2453 int has_dirty = 0;
2454
2455 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2456 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2457
2458 QTAILQ_FOREACH(vs, &vd->clients, next) {
2459 int j;
2460
2461 /* kernel send buffers are full -> refresh later */
2462 if (vs->output.offset) {
2463 continue;
2464 }
2465
2466 if (!vs->lossy_rect[sty][stx]) {
2467 continue;
2468 }
2469
2470 vs->lossy_rect[sty][stx] = 0;
2471 for (j = 0; j < VNC_STAT_RECT; ++j) {
2472 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2473 }
2474 has_dirty++;
2475 }
2476
2477 return has_dirty;
2478 }
2479
2480 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2481 {
2482 int width = pixman_image_get_width(vd->guest.fb);
2483 int height = pixman_image_get_height(vd->guest.fb);
2484 int x, y;
2485 struct timeval res;
2486 int has_dirty = 0;
2487
2488 for (y = 0; y < height; y += VNC_STAT_RECT) {
2489 for (x = 0; x < width; x += VNC_STAT_RECT) {
2490 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2491
2492 rect->updated = false;
2493 }
2494 }
2495
2496 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2497
2498 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2499 return has_dirty;
2500 }
2501 vd->guest.last_freq_check = *tv;
2502
2503 for (y = 0; y < height; y += VNC_STAT_RECT) {
2504 for (x = 0; x < width; x += VNC_STAT_RECT) {
2505 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2506 int count = ARRAY_SIZE(rect->times);
2507 struct timeval min, max;
2508
2509 if (!timerisset(&rect->times[count - 1])) {
2510 continue ;
2511 }
2512
2513 max = rect->times[(rect->idx + count - 1) % count];
2514 qemu_timersub(tv, &max, &res);
2515
2516 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2517 rect->freq = 0;
2518 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2519 memset(rect->times, 0, sizeof (rect->times));
2520 continue ;
2521 }
2522
2523 min = rect->times[rect->idx];
2524 max = rect->times[(rect->idx + count - 1) % count];
2525 qemu_timersub(&max, &min, &res);
2526
2527 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2528 rect->freq /= count;
2529 rect->freq = 1. / rect->freq;
2530 }
2531 }
2532 return has_dirty;
2533 }
2534
2535 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2536 {
2537 int i, j;
2538 double total = 0;
2539 int num = 0;
2540
2541 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2542 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2543
2544 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2545 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2546 total += vnc_stat_rect(vs->vd, i, j)->freq;
2547 num++;
2548 }
2549 }
2550
2551 if (num) {
2552 return total / num;
2553 } else {
2554 return 0;
2555 }
2556 }
2557
2558 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2559 {
2560 VncRectStat *rect;
2561
2562 rect = vnc_stat_rect(vd, x, y);
2563 if (rect->updated) {
2564 return ;
2565 }
2566 rect->times[rect->idx] = *tv;
2567 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2568 rect->updated = true;
2569 }
2570
2571 static int vnc_refresh_server_surface(VncDisplay *vd)
2572 {
2573 int width = pixman_image_get_width(vd->guest.fb);
2574 int height = pixman_image_get_height(vd->guest.fb);
2575 int y;
2576 uint8_t *guest_row;
2577 uint8_t *server_row;
2578 int cmp_bytes;
2579 VncState *vs;
2580 int has_dirty = 0;
2581 pixman_image_t *tmpbuf = NULL;
2582
2583 struct timeval tv = { 0, 0 };
2584
2585 if (!vd->non_adaptive) {
2586 gettimeofday(&tv, NULL);
2587 has_dirty = vnc_update_stats(vd, &tv);
2588 }
2589
2590 /*
2591 * Walk through the guest dirty map.
2592 * Check and copy modified bits from guest to server surface.
2593 * Update server dirty map.
2594 */
2595 cmp_bytes = 64;
2596 if (cmp_bytes > vnc_server_fb_stride(vd)) {
2597 cmp_bytes = vnc_server_fb_stride(vd);
2598 }
2599 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2600 int width = pixman_image_get_width(vd->server);
2601 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2602 }
2603 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2604 server_row = (uint8_t *)pixman_image_get_data(vd->server);
2605 for (y = 0; y < height; y++) {
2606 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2607 int x;
2608 uint8_t *guest_ptr;
2609 uint8_t *server_ptr;
2610
2611 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2612 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2613 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2614 } else {
2615 guest_ptr = guest_row;
2616 }
2617 server_ptr = server_row;
2618
2619 for (x = 0; x + 15 < width;
2620 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2621 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2622 continue;
2623 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2624 continue;
2625 memcpy(server_ptr, guest_ptr, cmp_bytes);
2626 if (!vd->non_adaptive)
2627 vnc_rect_updated(vd, x, y, &tv);
2628 QTAILQ_FOREACH(vs, &vd->clients, next) {
2629 set_bit((x / 16), vs->dirty[y]);
2630 }
2631 has_dirty++;
2632 }
2633 }
2634 guest_row += pixman_image_get_stride(vd->guest.fb);
2635 server_row += pixman_image_get_stride(vd->server);
2636 }
2637 qemu_pixman_image_unref(tmpbuf);
2638 return has_dirty;
2639 }
2640
2641 static void vnc_refresh(DisplayChangeListener *dcl)
2642 {
2643 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2644 VncState *vs, *vn;
2645 int has_dirty, rects = 0;
2646
2647 graphic_hw_update(NULL);
2648
2649 if (vnc_trylock_display(vd)) {
2650 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2651 return;
2652 }
2653
2654 has_dirty = vnc_refresh_server_surface(vd);
2655 vnc_unlock_display(vd);
2656
2657 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2658 rects += vnc_update_client(vs, has_dirty);
2659 /* vs might be free()ed here */
2660 }
2661
2662 if (QTAILQ_EMPTY(&vd->clients)) {
2663 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2664 return;
2665 }
2666
2667 if (has_dirty && rects) {
2668 vd->dcl.update_interval /= 2;
2669 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2670 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2671 }
2672 } else {
2673 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2674 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2675 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2676 }
2677 }
2678 }
2679
2680 static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket)
2681 {
2682 VncState *vs = g_malloc0(sizeof(VncState));
2683 int i;
2684
2685 vs->csock = csock;
2686
2687 if (skipauth) {
2688 vs->auth = VNC_AUTH_NONE;
2689 #ifdef CONFIG_VNC_TLS
2690 vs->subauth = VNC_AUTH_INVALID;
2691 #endif
2692 } else {
2693 vs->auth = vd->auth;
2694 #ifdef CONFIG_VNC_TLS
2695 vs->subauth = vd->subauth;
2696 #endif
2697 }
2698
2699 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2700 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2701 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2702 }
2703
2704 VNC_DEBUG("New client on socket %d\n", csock);
2705 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2706 qemu_set_nonblock(vs->csock);
2707 #ifdef CONFIG_VNC_WS
2708 if (websocket) {
2709 vs->websocket = 1;
2710 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
2711 } else
2712 #endif /* CONFIG_VNC_WS */
2713 {
2714 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2715 }
2716
2717 vnc_client_cache_addr(vs);
2718 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2719 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2720
2721 vs->vd = vd;
2722
2723 #ifdef CONFIG_VNC_WS
2724 if (!vs->websocket)
2725 #endif
2726 {
2727 vnc_init_state(vs);
2728 }
2729 }
2730
2731 void vnc_init_state(VncState *vs)
2732 {
2733 vs->initialized = true;
2734 VncDisplay *vd = vs->vd;
2735
2736 vs->last_x = -1;
2737 vs->last_y = -1;
2738
2739 vs->as.freq = 44100;
2740 vs->as.nchannels = 2;
2741 vs->as.fmt = AUD_FMT_S16;
2742 vs->as.endianness = 0;
2743
2744 qemu_mutex_init(&vs->output_mutex);
2745 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2746
2747 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2748
2749 graphic_hw_update(NULL);
2750
2751 vnc_write(vs, "RFB 003.008\n", 12);
2752 vnc_flush(vs);
2753 vnc_read_when(vs, protocol_version, 12);
2754 reset_keys(vs);
2755 if (vs->vd->lock_key_sync)
2756 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2757
2758 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2759 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2760
2761 /* vs might be free()ed here */
2762 }
2763
2764 static void vnc_listen_read(void *opaque, bool websocket)
2765 {
2766 VncDisplay *vs = opaque;
2767 struct sockaddr_in addr;
2768 socklen_t addrlen = sizeof(addr);
2769 int csock;
2770
2771 /* Catch-up */
2772 graphic_hw_update(NULL);
2773 #ifdef CONFIG_VNC_WS
2774 if (websocket) {
2775 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen);
2776 } else
2777 #endif /* CONFIG_VNC_WS */
2778 {
2779 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2780 }
2781
2782 if (csock != -1) {
2783 vnc_connect(vs, csock, 0, websocket);
2784 }
2785 }
2786
2787 static void vnc_listen_regular_read(void *opaque)
2788 {
2789 vnc_listen_read(opaque, 0);
2790 }
2791
2792 #ifdef CONFIG_VNC_WS
2793 static void vnc_listen_websocket_read(void *opaque)
2794 {
2795 vnc_listen_read(opaque, 1);
2796 }
2797 #endif /* CONFIG_VNC_WS */
2798
2799 static const DisplayChangeListenerOps dcl_ops = {
2800 .dpy_name = "vnc",
2801 .dpy_refresh = vnc_refresh,
2802 .dpy_gfx_copy = vnc_dpy_copy,
2803 .dpy_gfx_update = vnc_dpy_update,
2804 .dpy_gfx_switch = vnc_dpy_switch,
2805 .dpy_mouse_set = vnc_mouse_set,
2806 .dpy_cursor_define = vnc_dpy_cursor_define,
2807 };
2808
2809 void vnc_display_init(DisplayState *ds)
2810 {
2811 VncDisplay *vs = g_malloc0(sizeof(*vs));
2812
2813 vnc_display = vs;
2814
2815 vs->lsock = -1;
2816 #ifdef CONFIG_VNC_WS
2817 vs->lwebsock = -1;
2818 #endif
2819
2820 QTAILQ_INIT(&vs->clients);
2821 vs->expires = TIME_MAX;
2822
2823 if (keyboard_layout)
2824 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2825 else
2826 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2827
2828 if (!vs->kbd_layout)
2829 exit(1);
2830
2831 qemu_mutex_init(&vs->mutex);
2832 vnc_start_worker_thread();
2833
2834 vs->dcl.ops = &dcl_ops;
2835 register_displaychangelistener(ds, &vs->dcl);
2836 }
2837
2838
2839 static void vnc_display_close(DisplayState *ds)
2840 {
2841 VncDisplay *vs = vnc_display;
2842
2843 if (!vs)
2844 return;
2845 if (vs->display) {
2846 g_free(vs->display);
2847 vs->display = NULL;
2848 }
2849 if (vs->lsock != -1) {
2850 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2851 close(vs->lsock);
2852 vs->lsock = -1;
2853 }
2854 #ifdef CONFIG_VNC_WS
2855 g_free(vs->ws_display);
2856 vs->ws_display = NULL;
2857 if (vs->lwebsock != -1) {
2858 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL);
2859 close(vs->lwebsock);
2860 vs->lwebsock = -1;
2861 }
2862 #endif /* CONFIG_VNC_WS */
2863 vs->auth = VNC_AUTH_INVALID;
2864 #ifdef CONFIG_VNC_TLS
2865 vs->subauth = VNC_AUTH_INVALID;
2866 vs->tls.x509verify = 0;
2867 #endif
2868 }
2869
2870 static int vnc_display_disable_login(DisplayState *ds)
2871 {
2872 VncDisplay *vs = vnc_display;
2873
2874 if (!vs) {
2875 return -1;
2876 }
2877
2878 if (vs->password) {
2879 g_free(vs->password);
2880 }
2881
2882 vs->password = NULL;
2883 if (vs->auth == VNC_AUTH_NONE) {
2884 vs->auth = VNC_AUTH_VNC;
2885 }
2886
2887 return 0;
2888 }
2889
2890 int vnc_display_password(DisplayState *ds, const char *password)
2891 {
2892 VncDisplay *vs = vnc_display;
2893
2894 if (!vs) {
2895 return -EINVAL;
2896 }
2897
2898 if (!password) {
2899 /* This is not the intention of this interface but err on the side
2900 of being safe */
2901 return vnc_display_disable_login(ds);
2902 }
2903
2904 if (vs->password) {
2905 g_free(vs->password);
2906 vs->password = NULL;
2907 }
2908 vs->password = g_strdup(password);
2909 if (vs->auth == VNC_AUTH_NONE) {
2910 vs->auth = VNC_AUTH_VNC;
2911 }
2912
2913 return 0;
2914 }
2915
2916 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2917 {
2918 VncDisplay *vs = vnc_display;
2919
2920 if (!vs) {
2921 return -EINVAL;
2922 }
2923
2924 vs->expires = expires;
2925 return 0;
2926 }
2927
2928 char *vnc_display_local_addr(DisplayState *ds)
2929 {
2930 VncDisplay *vs = vnc_display;
2931
2932 return vnc_socket_local_addr("%s:%s", vs->lsock);
2933 }
2934
2935 void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
2936 {
2937 VncDisplay *vs = vnc_display;
2938 const char *options;
2939 int password = 0;
2940 int reverse = 0;
2941 #ifdef CONFIG_VNC_TLS
2942 int tls = 0, x509 = 0;
2943 #endif
2944 #ifdef CONFIG_VNC_SASL
2945 int sasl = 0;
2946 int saslErr;
2947 #endif
2948 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2949 int acl = 0;
2950 #endif
2951 int lock_key_sync = 1;
2952
2953 if (!vnc_display) {
2954 error_setg(errp, "VNC display not active");
2955 return;
2956 }
2957 vnc_display_close(ds);
2958 if (strcmp(display, "none") == 0)
2959 return;
2960
2961 vs->display = g_strdup(display);
2962 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2963
2964 options = display;
2965 while ((options = strchr(options, ','))) {
2966 options++;
2967 if (strncmp(options, "password", 8) == 0) {
2968 if (fips_get_state()) {
2969 error_setg(errp,
2970 "VNC password auth disabled due to FIPS mode, "
2971 "consider using the VeNCrypt or SASL authentication "
2972 "methods as an alternative");
2973 goto fail;
2974 }
2975 password = 1; /* Require password auth */
2976 } else if (strncmp(options, "reverse", 7) == 0) {
2977 reverse = 1;
2978 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
2979 lock_key_sync = 0;
2980 #ifdef CONFIG_VNC_SASL
2981 } else if (strncmp(options, "sasl", 4) == 0) {
2982 sasl = 1; /* Require SASL auth */
2983 #endif
2984 #ifdef CONFIG_VNC_WS
2985 } else if (strncmp(options, "websocket", 9) == 0) {
2986 char *start, *end;
2987 vs->websocket = 1;
2988
2989 /* Check for 'websocket=<port>' */
2990 start = strchr(options, '=');
2991 end = strchr(options, ',');
2992 if (start && (!end || (start < end))) {
2993 int len = end ? end-(start+1) : strlen(start+1);
2994 if (len < 6) {
2995 /* extract the host specification from display */
2996 char *host = NULL, *port = NULL, *host_end = NULL;
2997 port = g_strndup(start + 1, len);
2998
2999 /* ipv6 hosts have colons */
3000 end = strchr(display, ',');
3001 host_end = g_strrstr_len(display, end - display, ":");
3002
3003 if (host_end) {
3004 host = g_strndup(display, host_end - display + 1);
3005 } else {
3006 host = g_strndup(":", 1);
3007 }
3008 vs->ws_display = g_strconcat(host, port, NULL);
3009 g_free(host);
3010 g_free(port);
3011 }
3012 }
3013 #endif /* CONFIG_VNC_WS */
3014 #ifdef CONFIG_VNC_TLS
3015 } else if (strncmp(options, "tls", 3) == 0) {
3016 tls = 1; /* Require TLS */
3017 } else if (strncmp(options, "x509", 4) == 0) {
3018 char *start, *end;
3019 x509 = 1; /* Require x509 certificates */
3020 if (strncmp(options, "x509verify", 10) == 0)
3021 vs->tls.x509verify = 1; /* ...and verify client certs */
3022
3023 /* Now check for 'x509=/some/path' postfix
3024 * and use that to setup x509 certificate/key paths */
3025 start = strchr(options, '=');
3026 end = strchr(options, ',');
3027 if (start && (!end || (start < end))) {
3028 int len = end ? end-(start+1) : strlen(start+1);
3029 char *path = g_strndup(start + 1, len);
3030
3031 VNC_DEBUG("Trying certificate path '%s'\n", path);
3032 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
3033 error_setg(errp, "Failed to find x509 certificates/keys in %s", path);
3034 g_free(path);
3035 goto fail;
3036 }
3037 g_free(path);
3038 } else {
3039 error_setg(errp, "No certificate path provided");
3040 goto fail;
3041 }
3042 #endif
3043 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3044 } else if (strncmp(options, "acl", 3) == 0) {
3045 acl = 1;
3046 #endif
3047 } else if (strncmp(options, "lossy", 5) == 0) {
3048 vs->lossy = true;
3049 } else if (strncmp(options, "non-adaptive", 12) == 0) {
3050 vs->non_adaptive = true;
3051 } else if (strncmp(options, "share=", 6) == 0) {
3052 if (strncmp(options+6, "ignore", 6) == 0) {
3053 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3054 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
3055 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3056 } else if (strncmp(options+6, "force-shared", 12) == 0) {
3057 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3058 } else {
3059 error_setg(errp, "unknown vnc share= option");
3060 goto fail;
3061 }
3062 }
3063 }
3064
3065 #ifdef CONFIG_VNC_TLS
3066 if (acl && x509 && vs->tls.x509verify) {
3067 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
3068 fprintf(stderr, "Failed to create x509 dname ACL\n");
3069 exit(1);
3070 }
3071 }
3072 #endif
3073 #ifdef CONFIG_VNC_SASL
3074 if (acl && sasl) {
3075 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
3076 fprintf(stderr, "Failed to create username ACL\n");
3077 exit(1);
3078 }
3079 }
3080 #endif
3081
3082 /*
3083 * Combinations we support here:
3084 *
3085 * - no-auth (clear text, no auth)
3086 * - password (clear text, weak auth)
3087 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3088 * - tls (encrypt, weak anonymous creds, no auth)
3089 * - tls + password (encrypt, weak anonymous creds, weak auth)
3090 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3091 * - tls + x509 (encrypt, good x509 creds, no auth)
3092 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3093 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3094 *
3095 * NB1. TLS is a stackable auth scheme.
3096 * NB2. the x509 schemes have option to validate a client cert dname
3097 */
3098 if (password) {
3099 #ifdef CONFIG_VNC_TLS
3100 if (tls) {
3101 vs->auth = VNC_AUTH_VENCRYPT;
3102 if (x509) {
3103 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3104 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3105 } else {
3106 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3107 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3108 }
3109 } else {
3110 #endif /* CONFIG_VNC_TLS */
3111 VNC_DEBUG("Initializing VNC server with password auth\n");
3112 vs->auth = VNC_AUTH_VNC;
3113 #ifdef CONFIG_VNC_TLS
3114 vs->subauth = VNC_AUTH_INVALID;
3115 }
3116 #endif /* CONFIG_VNC_TLS */
3117 #ifdef CONFIG_VNC_SASL
3118 } else if (sasl) {
3119 #ifdef CONFIG_VNC_TLS
3120 if (tls) {
3121 vs->auth = VNC_AUTH_VENCRYPT;
3122 if (x509) {
3123 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3124 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3125 } else {
3126 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3127 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3128 }
3129 } else {
3130 #endif /* CONFIG_VNC_TLS */
3131 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3132 vs->auth = VNC_AUTH_SASL;
3133 #ifdef CONFIG_VNC_TLS
3134 vs->subauth = VNC_AUTH_INVALID;
3135 }
3136 #endif /* CONFIG_VNC_TLS */
3137 #endif /* CONFIG_VNC_SASL */
3138 } else {
3139 #ifdef CONFIG_VNC_TLS
3140 if (tls) {
3141 vs->auth = VNC_AUTH_VENCRYPT;
3142 if (x509) {
3143 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3144 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3145 } else {
3146 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3147 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3148 }
3149 } else {
3150 #endif
3151 VNC_DEBUG("Initializing VNC server with no auth\n");
3152 vs->auth = VNC_AUTH_NONE;
3153 #ifdef CONFIG_VNC_TLS
3154 vs->subauth = VNC_AUTH_INVALID;
3155 }
3156 #endif
3157 }
3158
3159 #ifdef CONFIG_VNC_SASL
3160 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3161 error_setg(errp, "Failed to initialize SASL auth: %s",
3162 sasl_errstring(saslErr, NULL, NULL));
3163 goto fail;
3164 }
3165 #endif
3166 vs->lock_key_sync = lock_key_sync;
3167
3168 if (reverse) {
3169 /* connect to viewer */
3170 int csock;
3171 vs->lsock = -1;
3172 #ifdef CONFIG_VNC_WS
3173 vs->lwebsock = -1;
3174 #endif
3175 if (strncmp(display, "unix:", 5) == 0) {
3176 csock = unix_connect(display+5, errp);
3177 } else {
3178 csock = inet_connect(display, errp);
3179 }
3180 if (csock < 0) {
3181 goto fail;
3182 }
3183 vnc_connect(vs, csock, 0, 0);
3184 } else {
3185 /* listen for connects */
3186 char *dpy;
3187 dpy = g_malloc(256);
3188 if (strncmp(display, "unix:", 5) == 0) {
3189 pstrcpy(dpy, 256, "unix:");
3190 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp);
3191 } else {
3192 vs->lsock = inet_listen(display, dpy, 256,
3193 SOCK_STREAM, 5900, errp);
3194 if (vs->lsock < 0) {
3195 g_free(dpy);
3196 goto fail;
3197 }
3198 #ifdef CONFIG_VNC_WS
3199 if (vs->websocket) {
3200 if (vs->ws_display) {
3201 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256,
3202 SOCK_STREAM, 0, errp);
3203 } else {
3204 vs->lwebsock = inet_listen(vs->display, NULL, 256,
3205 SOCK_STREAM, 5700, errp);
3206 }
3207
3208 if (vs->lwebsock < 0) {
3209 if (vs->lsock) {
3210 close(vs->lsock);
3211 vs->lsock = -1;
3212 }
3213 g_free(dpy);
3214 goto fail;
3215 }
3216 }
3217 #endif /* CONFIG_VNC_WS */
3218 }
3219 g_free(vs->display);
3220 vs->display = dpy;
3221 qemu_set_fd_handler2(vs->lsock, NULL,
3222 vnc_listen_regular_read, NULL, vs);
3223 #ifdef CONFIG_VNC_WS
3224 if (vs->websocket) {
3225 qemu_set_fd_handler2(vs->lwebsock, NULL,
3226 vnc_listen_websocket_read, NULL, vs);
3227 }
3228 #endif /* CONFIG_VNC_WS */
3229 }
3230 return;
3231
3232 fail:
3233 g_free(vs->display);
3234 vs->display = NULL;
3235 #ifdef CONFIG_VNC_WS
3236 g_free(vs->ws_display);
3237 vs->ws_display = NULL;
3238 #endif /* CONFIG_VNC_WS */
3239 }
3240
3241 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3242 {
3243 VncDisplay *vs = vnc_display;
3244
3245 vnc_connect(vs, csock, skipauth, 0);
3246 }
AR7 emulation for QEMU