search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tcg-i386: Tidy movi.
[qemu/lumag.git] / vnc.c
blob1f7ad733c1ce61643114315940f09a7314caa6a5
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
59 size_t addrlen;
60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
70 /* Enough for the existing format + the 2 vars we're
71 * substituting in. */
72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
76
77 return addr;
78 }
79
80
81 char *vnc_socket_local_addr(const char *format, int fd) {
82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90 }
91
92 char *vnc_socket_remote_addr(const char *format, int fd) {
93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101 }
102
103 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105 {
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
122
123 return 0;
124 }
125
126 static int vnc_server_addr_put(QDict *qdict, int fd)
127 {
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137 }
138
139 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140 {
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150 }
151
152 static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171 #ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
191 default:
192 return "vencrypt";
193 }
194 #else
195 return "vencrypt";
196 #endif
197 case VNC_AUTH_SASL:
198 return "sasl";
199 }
200 return "unknown";
201 }
202
203 static int vnc_server_info_put(QDict *qdict)
204 {
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211 }
212
213 static void vnc_client_cache_auth(VncState *client)
214 {
215 QDict *qdict;
216
217 if (!client->info) {
218 return;
219 }
220
221 qdict = qobject_to_qdict(client->info);
222
223 #ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
228 #endif
229 #ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
231 client->sasl.username) {
232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
234 }
235 #endif
236 }
237
238 static void vnc_client_cache_addr(VncState *client)
239 {
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
250 }
251
252 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253 {
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274 }
275
276 static void info_vnc_iter(QObject *obj, void *opaque)
277 {
278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287 #ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291 #endif
292 #ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
296 #endif
297 }
298
299 void do_info_vnc_print(Monitor *mon, const QObject *data)
300 {
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
305 if (qdict_get_bool(server, "enabled") == 0) {
306 monitor_printf(mon, "Server: disabled\n");
307 return;
308 }
309
310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322 }
323
324 /**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
332 * - "enabled": true or false
333 * - "host": server's IP address
334 * - "family": address family ("ipv4" or "ipv6")
335 * - "service": server's port number
336 * - "auth": authentication method
337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
342 * - "family": address family ("ipv4" or "ipv6")
343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
345 * - "sasl_username": SASL username (optional)
346 *
347 * Example:
348 *
349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
352 */
353 void do_info_vnc(Monitor *mon, QObject **ret_data)
354 {
355 if (vnc_display == NULL || vnc_display->display == NULL) {
356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
357 } else {
358 QList *clist;
359 VncState *client;
360
361 clist = qlist_new();
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
367 }
368 }
369
370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
375 qobject_decref(*ret_data);
376 *ret_data = NULL;
377 }
378 }
379 }
380
381 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383 }
384
385 /* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390 */
391
392 static int vnc_update_client(VncState *vs, int has_dirty);
393 static void vnc_disconnect_start(VncState *vs);
394 static void vnc_disconnect_finish(VncState *vs);
395 static void vnc_init_timer(VncDisplay *vd);
396 static void vnc_remove_timer(VncDisplay *vd);
397
398 static void vnc_colordepth(VncState *vs);
399 static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402 static void vnc_refresh(void *opaque);
403 static int vnc_refresh_server_surface(VncDisplay *vd);
404
405 static inline void vnc_set_bit(uint32_t *d, int k)
406 {
407 d[k >> 5] |= 1 << (k & 0x1f);
408 }
409
410 static inline void vnc_clear_bit(uint32_t *d, int k)
411 {
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413 }
414
415 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416 {
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
424 if (n > 0)
425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428 }
429
430 static inline int vnc_get_bit(const uint32_t *d, int k)
431 {
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433 }
434
435 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
436 int nb_words)
437 {
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444 }
445
446 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
447 {
448 int i;
449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
451
452 h += y;
453
454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
465
466 for (; y < h; y++)
467 for (i = 0; i < w; i += 16)
468 vnc_set_bit(s->dirty[y], (x + i) / 16);
469 }
470
471 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
472 int32_t encoding)
473 {
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480 }
481
482 void buffer_reserve(Buffer *buffer, size_t len)
483 {
484 if ((buffer->capacity - buffer->offset) < len) {
485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
491 }
492 }
493
494 int buffer_empty(Buffer *buffer)
495 {
496 return buffer->offset == 0;
497 }
498
499 uint8_t *buffer_end(Buffer *buffer)
500 {
501 return buffer->buffer + buffer->offset;
502 }
503
504 void buffer_reset(Buffer *buffer)
505 {
506 buffer->offset = 0;
507 }
508
509 void buffer_append(Buffer *buffer, const void *data, size_t len)
510 {
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513 }
514
515 static void vnc_dpy_resize(DisplayState *ds)
516 {
517 int size_changed;
518 VncDisplay *vd = ds->opaque;
519 VncState *vs;
520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
529
530 /* guest surface */
531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
534 console_color_init(ds);
535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
539
540 QTAILQ_FOREACH(vs, &vd->clients, next) {
541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
544 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
553 }
554 }
555
556 /* fastest code */
557 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558 {
559 vnc_write(vs, pixels, size);
560 }
561
562 /* slowest but generic code. */
563 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
564 {
565 uint8_t r, g, b;
566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605 }
606
607 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608 {
609 uint8_t buf[4];
610 VncDisplay *vd = vs->vd;
611
612 if (vd->server->pf.bytes_per_pixel == 4) {
613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
619 }
620 } else if (vd->server->pf.bytes_per_pixel == 2) {
621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
627 }
628 } else if (vd->server->pf.bytes_per_pixel == 1) {
629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
638 }
639 }
640
641 void vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
642 {
643 int i;
644 uint8_t *row;
645 VncDisplay *vd = vs->vd;
646
647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
648 for (i = 0; i < h; i++) {
649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
651 }
652 }
653
654 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
655 {
656 switch(vs->vnc_encoding) {
657 case VNC_ENCODING_ZLIB:
658 vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
659 break;
660 case VNC_ENCODING_HEXTILE:
661 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
662 vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
663 break;
664 default:
665 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
666 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
667 break;
668 }
669 }
670
671 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
672 {
673 /* send bitblit op to the vnc client */
674 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
675 vnc_write_u8(vs, 0);
676 vnc_write_u16(vs, 1); /* number of rects */
677 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
678 vnc_write_u16(vs, src_x);
679 vnc_write_u16(vs, src_y);
680 vnc_flush(vs);
681 }
682
683 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
684 {
685 VncDisplay *vd = ds->opaque;
686 VncState *vs, *vn;
687 uint8_t *src_row;
688 uint8_t *dst_row;
689 int i,x,y,pitch,depth,inc,w_lim,s;
690 int cmp_bytes;
691
692 vnc_refresh_server_surface(vd);
693 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
694 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
695 vs->force_update = 1;
696 vnc_update_client(vs, 1);
697 /* vs might be free()ed here */
698 }
699 }
700
701 /* do bitblit op on the local surface too */
702 pitch = ds_get_linesize(vd->ds);
703 depth = ds_get_bytes_per_pixel(vd->ds);
704 src_row = vd->server->data + pitch * src_y + depth * src_x;
705 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
706 y = dst_y;
707 inc = 1;
708 if (dst_y > src_y) {
709 /* copy backwards */
710 src_row += pitch * (h-1);
711 dst_row += pitch * (h-1);
712 pitch = -pitch;
713 y = dst_y + h - 1;
714 inc = -1;
715 }
716 w_lim = w - (16 - (dst_x % 16));
717 if (w_lim < 0)
718 w_lim = w;
719 else
720 w_lim = w - (w_lim % 16);
721 for (i = 0; i < h; i++) {
722 for (x = 0; x <= w_lim;
723 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
724 if (x == w_lim) {
725 if ((s = w - w_lim) == 0)
726 break;
727 } else if (!x) {
728 s = (16 - (dst_x % 16));
729 s = MIN(s, w_lim);
730 } else {
731 s = 16;
732 }
733 cmp_bytes = s * depth;
734 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
735 continue;
736 memmove(dst_row, src_row, cmp_bytes);
737 QTAILQ_FOREACH(vs, &vd->clients, next) {
738 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
739 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
740 }
741 }
742 }
743 src_row += pitch - w * depth;
744 dst_row += pitch - w * depth;
745 y += inc;
746 }
747
748 QTAILQ_FOREACH(vs, &vd->clients, next) {
749 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
750 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
751 }
752 }
753 }
754
755 static int find_and_clear_dirty_height(struct VncState *vs,
756 int y, int last_x, int x)
757 {
758 int h;
759 VncDisplay *vd = vs->vd;
760
761 for (h = 1; h < (vd->server->height - y); h++) {
762 int tmp_x;
763 if (!vnc_get_bit(vs->dirty[y + h], last_x))
764 break;
765 for (tmp_x = last_x; tmp_x < x; tmp_x++)
766 vnc_clear_bit(vs->dirty[y + h], tmp_x);
767 }
768
769 return h;
770 }
771
772 static int vnc_update_client(VncState *vs, int has_dirty)
773 {
774 if (vs->need_update && vs->csock != -1) {
775 VncDisplay *vd = vs->vd;
776 int y;
777 int n_rectangles;
778 int saved_offset;
779
780 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
781 /* kernel send buffers are full -> drop frames to throttle */
782 return 0;
783
784 if (!has_dirty && !vs->audio_cap && !vs->force_update)
785 return 0;
786
787 /*
788 * Send screen updates to the vnc client using the server
789 * surface and server dirty map. guest surface updates
790 * happening in parallel don't disturb us, the next pass will
791 * send them to the client.
792 */
793 n_rectangles = 0;
794 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
795 vnc_write_u8(vs, 0);
796 saved_offset = vs->output.offset;
797 vnc_write_u16(vs, 0);
798
799 for (y = 0; y < vd->server->height; y++) {
800 int x;
801 int last_x = -1;
802 for (x = 0; x < vd->server->width / 16; x++) {
803 if (vnc_get_bit(vs->dirty[y], x)) {
804 if (last_x == -1) {
805 last_x = x;
806 }
807 vnc_clear_bit(vs->dirty[y], x);
808 } else {
809 if (last_x != -1) {
810 int h = find_and_clear_dirty_height(vs, y, last_x, x);
811 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
812 n_rectangles++;
813 }
814 last_x = -1;
815 }
816 }
817 if (last_x != -1) {
818 int h = find_and_clear_dirty_height(vs, y, last_x, x);
819 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
820 n_rectangles++;
821 }
822 }
823 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
824 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
825 vnc_flush(vs);
826 vs->force_update = 0;
827 return n_rectangles;
828 }
829
830 if (vs->csock == -1)
831 vnc_disconnect_finish(vs);
832
833 return 0;
834 }
835
836 /* audio */
837 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
838 {
839 VncState *vs = opaque;
840
841 switch (cmd) {
842 case AUD_CNOTIFY_DISABLE:
843 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
844 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
845 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
846 vnc_flush(vs);
847 break;
848
849 case AUD_CNOTIFY_ENABLE:
850 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
851 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
852 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
853 vnc_flush(vs);
854 break;
855 }
856 }
857
858 static void audio_capture_destroy(void *opaque)
859 {
860 }
861
862 static void audio_capture(void *opaque, void *buf, int size)
863 {
864 VncState *vs = opaque;
865
866 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
867 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
868 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
869 vnc_write_u32(vs, size);
870 vnc_write(vs, buf, size);
871 vnc_flush(vs);
872 }
873
874 static void audio_add(VncState *vs)
875 {
876 struct audio_capture_ops ops;
877
878 if (vs->audio_cap) {
879 monitor_printf(default_mon, "audio already running\n");
880 return;
881 }
882
883 ops.notify = audio_capture_notify;
884 ops.destroy = audio_capture_destroy;
885 ops.capture = audio_capture;
886
887 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
888 if (!vs->audio_cap) {
889 monitor_printf(default_mon, "Failed to add audio capture\n");
890 }
891 }
892
893 static void audio_del(VncState *vs)
894 {
895 if (vs->audio_cap) {
896 AUD_del_capture(vs->audio_cap, vs);
897 vs->audio_cap = NULL;
898 }
899 }
900
901 static void vnc_disconnect_start(VncState *vs)
902 {
903 if (vs->csock == -1)
904 return;
905 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
906 closesocket(vs->csock);
907 vs->csock = -1;
908 }
909
910 static void vnc_disconnect_finish(VncState *vs)
911 {
912 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
913
914 if (vs->input.buffer) {
915 qemu_free(vs->input.buffer);
916 vs->input.buffer = NULL;
917 }
918 if (vs->output.buffer) {
919 qemu_free(vs->output.buffer);
920 vs->output.buffer = NULL;
921 }
922
923 qobject_decref(vs->info);
924
925 #ifdef CONFIG_VNC_TLS
926 vnc_tls_client_cleanup(vs);
927 #endif /* CONFIG_VNC_TLS */
928 #ifdef CONFIG_VNC_SASL
929 vnc_sasl_client_cleanup(vs);
930 #endif /* CONFIG_VNC_SASL */
931 audio_del(vs);
932
933 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
934
935 if (QTAILQ_EMPTY(&vs->vd->clients)) {
936 dcl->idle = 1;
937 }
938
939 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
940 vnc_remove_timer(vs->vd);
941 if (vs->vd->lock_key_sync)
942 qemu_remove_led_event_handler(vs->led);
943 qemu_free(vs);
944 }
945
946 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
947 {
948 if (ret == 0 || ret == -1) {
949 if (ret == -1) {
950 switch (last_errno) {
951 case EINTR:
952 case EAGAIN:
953 #ifdef _WIN32
954 case WSAEWOULDBLOCK:
955 #endif
956 return 0;
957 default:
958 break;
959 }
960 }
961
962 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
963 ret, ret < 0 ? last_errno : 0);
964 vnc_disconnect_start(vs);
965
966 return 0;
967 }
968 return ret;
969 }
970
971
972 void vnc_client_error(VncState *vs)
973 {
974 VNC_DEBUG("Closing down client sock: protocol error\n");
975 vnc_disconnect_start(vs);
976 }
977
978
979 /*
980 * Called to write a chunk of data to the client socket. The data may
981 * be the raw data, or may have already been encoded by SASL.
982 * The data will be written either straight onto the socket, or
983 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
984 *
985 * NB, it is theoretically possible to have 2 layers of encryption,
986 * both SASL, and this TLS layer. It is highly unlikely in practice
987 * though, since SASL encryption will typically be a no-op if TLS
988 * is active
989 *
990 * Returns the number of bytes written, which may be less than
991 * the requested 'datalen' if the socket would block. Returns
992 * -1 on error, and disconnects the client socket.
993 */
994 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
995 {
996 long ret;
997 #ifdef CONFIG_VNC_TLS
998 if (vs->tls.session) {
999 ret = gnutls_write(vs->tls.session, data, datalen);
1000 if (ret < 0) {
1001 if (ret == GNUTLS_E_AGAIN)
1002 errno = EAGAIN;
1003 else
1004 errno = EIO;
1005 ret = -1;
1006 }
1007 } else
1008 #endif /* CONFIG_VNC_TLS */
1009 ret = send(vs->csock, (const void *)data, datalen, 0);
1010 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1011 return vnc_client_io_error(vs, ret, socket_error());
1012 }
1013
1014
1015 /*
1016 * Called to write buffered data to the client socket, when not
1017 * using any SASL SSF encryption layers. Will write as much data
1018 * as possible without blocking. If all buffered data is written,
1019 * will switch the FD poll() handler back to read monitoring.
1020 *
1021 * Returns the number of bytes written, which may be less than
1022 * the buffered output data if the socket would block. Returns
1023 * -1 on error, and disconnects the client socket.
1024 */
1025 static long vnc_client_write_plain(VncState *vs)
1026 {
1027 long ret;
1028
1029 #ifdef CONFIG_VNC_SASL
1030 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1031 vs->output.buffer, vs->output.capacity, vs->output.offset,
1032 vs->sasl.waitWriteSSF);
1033
1034 if (vs->sasl.conn &&
1035 vs->sasl.runSSF &&
1036 vs->sasl.waitWriteSSF) {
1037 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1038 if (ret)
1039 vs->sasl.waitWriteSSF -= ret;
1040 } else
1041 #endif /* CONFIG_VNC_SASL */
1042 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1043 if (!ret)
1044 return 0;
1045
1046 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1047 vs->output.offset -= ret;
1048
1049 if (vs->output.offset == 0) {
1050 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1051 }
1052
1053 return ret;
1054 }
1055
1056
1057 /*
1058 * First function called whenever there is data to be written to
1059 * the client socket. Will delegate actual work according to whether
1060 * SASL SSF layers are enabled (thus requiring encryption calls)
1061 */
1062 void vnc_client_write(void *opaque)
1063 {
1064 VncState *vs = opaque;
1065
1066 #ifdef CONFIG_VNC_SASL
1067 if (vs->sasl.conn &&
1068 vs->sasl.runSSF &&
1069 !vs->sasl.waitWriteSSF) {
1070 vnc_client_write_sasl(vs);
1071 } else
1072 #endif /* CONFIG_VNC_SASL */
1073 vnc_client_write_plain(vs);
1074 }
1075
1076 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1077 {
1078 vs->read_handler = func;
1079 vs->read_handler_expect = expecting;
1080 }
1081
1082
1083 /*
1084 * Called to read a chunk of data from the client socket. The data may
1085 * be the raw data, or may need to be further decoded by SASL.
1086 * The data will be read either straight from to the socket, or
1087 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1088 *
1089 * NB, it is theoretically possible to have 2 layers of encryption,
1090 * both SASL, and this TLS layer. It is highly unlikely in practice
1091 * though, since SASL encryption will typically be a no-op if TLS
1092 * is active
1093 *
1094 * Returns the number of bytes read, which may be less than
1095 * the requested 'datalen' if the socket would block. Returns
1096 * -1 on error, and disconnects the client socket.
1097 */
1098 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1099 {
1100 long ret;
1101 #ifdef CONFIG_VNC_TLS
1102 if (vs->tls.session) {
1103 ret = gnutls_read(vs->tls.session, data, datalen);
1104 if (ret < 0) {
1105 if (ret == GNUTLS_E_AGAIN)
1106 errno = EAGAIN;
1107 else
1108 errno = EIO;
1109 ret = -1;
1110 }
1111 } else
1112 #endif /* CONFIG_VNC_TLS */
1113 ret = recv(vs->csock, (void *)data, datalen, 0);
1114 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1115 return vnc_client_io_error(vs, ret, socket_error());
1116 }
1117
1118
1119 /*
1120 * Called to read data from the client socket to the input buffer,
1121 * when not using any SASL SSF encryption layers. Will read as much
1122 * data as possible without blocking.
1123 *
1124 * Returns the number of bytes read. Returns -1 on error, and
1125 * disconnects the client socket.
1126 */
1127 static long vnc_client_read_plain(VncState *vs)
1128 {
1129 int ret;
1130 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1131 vs->input.buffer, vs->input.capacity, vs->input.offset);
1132 buffer_reserve(&vs->input, 4096);
1133 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1134 if (!ret)
1135 return 0;
1136 vs->input.offset += ret;
1137 return ret;
1138 }
1139
1140
1141 /*
1142 * First function called whenever there is more data to be read from
1143 * the client socket. Will delegate actual work according to whether
1144 * SASL SSF layers are enabled (thus requiring decryption calls)
1145 */
1146 void vnc_client_read(void *opaque)
1147 {
1148 VncState *vs = opaque;
1149 long ret;
1150
1151 #ifdef CONFIG_VNC_SASL
1152 if (vs->sasl.conn && vs->sasl.runSSF)
1153 ret = vnc_client_read_sasl(vs);
1154 else
1155 #endif /* CONFIG_VNC_SASL */
1156 ret = vnc_client_read_plain(vs);
1157 if (!ret) {
1158 if (vs->csock == -1)
1159 vnc_disconnect_finish(vs);
1160 return;
1161 }
1162
1163 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1164 size_t len = vs->read_handler_expect;
1165 int ret;
1166
1167 ret = vs->read_handler(vs, vs->input.buffer, len);
1168 if (vs->csock == -1) {
1169 vnc_disconnect_finish(vs);
1170 return;
1171 }
1172
1173 if (!ret) {
1174 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1175 vs->input.offset -= len;
1176 } else {
1177 vs->read_handler_expect = ret;
1178 }
1179 }
1180 }
1181
1182 void vnc_write(VncState *vs, const void *data, size_t len)
1183 {
1184 buffer_reserve(&vs->output, len);
1185
1186 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1187 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1188 }
1189
1190 buffer_append(&vs->output, data, len);
1191 }
1192
1193 void vnc_write_s32(VncState *vs, int32_t value)
1194 {
1195 vnc_write_u32(vs, *(uint32_t *)&value);
1196 }
1197
1198 void vnc_write_u32(VncState *vs, uint32_t value)
1199 {
1200 uint8_t buf[4];
1201
1202 buf[0] = (value >> 24) & 0xFF;
1203 buf[1] = (value >> 16) & 0xFF;
1204 buf[2] = (value >> 8) & 0xFF;
1205 buf[3] = value & 0xFF;
1206
1207 vnc_write(vs, buf, 4);
1208 }
1209
1210 void vnc_write_u16(VncState *vs, uint16_t value)
1211 {
1212 uint8_t buf[2];
1213
1214 buf[0] = (value >> 8) & 0xFF;
1215 buf[1] = value & 0xFF;
1216
1217 vnc_write(vs, buf, 2);
1218 }
1219
1220 void vnc_write_u8(VncState *vs, uint8_t value)
1221 {
1222 vnc_write(vs, (char *)&value, 1);
1223 }
1224
1225 void vnc_flush(VncState *vs)
1226 {
1227 if (vs->csock != -1 && vs->output.offset)
1228 vnc_client_write(vs);
1229 }
1230
1231 uint8_t read_u8(uint8_t *data, size_t offset)
1232 {
1233 return data[offset];
1234 }
1235
1236 uint16_t read_u16(uint8_t *data, size_t offset)
1237 {
1238 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1239 }
1240
1241 int32_t read_s32(uint8_t *data, size_t offset)
1242 {
1243 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1244 (data[offset + 2] << 8) | data[offset + 3]);
1245 }
1246
1247 uint32_t read_u32(uint8_t *data, size_t offset)
1248 {
1249 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1250 (data[offset + 2] << 8) | data[offset + 3]);
1251 }
1252
1253 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1254 {
1255 }
1256
1257 static void check_pointer_type_change(Notifier *notifier)
1258 {
1259 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1260 int absolute = kbd_mouse_is_absolute();
1261
1262 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1263 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1264 vnc_write_u8(vs, 0);
1265 vnc_write_u16(vs, 1);
1266 vnc_framebuffer_update(vs, absolute, 0,
1267 ds_get_width(vs->ds), ds_get_height(vs->ds),
1268 VNC_ENCODING_POINTER_TYPE_CHANGE);
1269 vnc_flush(vs);
1270 }
1271 vs->absolute = absolute;
1272 }
1273
1274 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1275 {
1276 int buttons = 0;
1277 int dz = 0;
1278
1279 if (button_mask & 0x01)
1280 buttons |= MOUSE_EVENT_LBUTTON;
1281 if (button_mask & 0x02)
1282 buttons |= MOUSE_EVENT_MBUTTON;
1283 if (button_mask & 0x04)
1284 buttons |= MOUSE_EVENT_RBUTTON;
1285 if (button_mask & 0x08)
1286 dz = -1;
1287 if (button_mask & 0x10)
1288 dz = 1;
1289
1290 if (vs->absolute) {
1291 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1292 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1293 ds_get_height(vs->ds) > 1 ?
1294 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1295 dz, buttons);
1296 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1297 x -= 0x7FFF;
1298 y -= 0x7FFF;
1299
1300 kbd_mouse_event(x, y, dz, buttons);
1301 } else {
1302 if (vs->last_x != -1)
1303 kbd_mouse_event(x - vs->last_x,
1304 y - vs->last_y,
1305 dz, buttons);
1306 vs->last_x = x;
1307 vs->last_y = y;
1308 }
1309 }
1310
1311 static void reset_keys(VncState *vs)
1312 {
1313 int i;
1314 for(i = 0; i < 256; i++) {
1315 if (vs->modifiers_state[i]) {
1316 if (i & SCANCODE_GREY)
1317 kbd_put_keycode(SCANCODE_EMUL0);
1318 kbd_put_keycode(i | SCANCODE_UP);
1319 vs->modifiers_state[i] = 0;
1320 }
1321 }
1322 }
1323
1324 static void press_key(VncState *vs, int keysym)
1325 {
1326 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1327 if (keycode & SCANCODE_GREY)
1328 kbd_put_keycode(SCANCODE_EMUL0);
1329 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1330 if (keycode & SCANCODE_GREY)
1331 kbd_put_keycode(SCANCODE_EMUL0);
1332 kbd_put_keycode(keycode | SCANCODE_UP);
1333 }
1334
1335 static void kbd_leds(void *opaque, int ledstate)
1336 {
1337 VncState *vs = opaque;
1338 int caps, num;
1339
1340 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1341 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1342
1343 if (vs->modifiers_state[0x3a] != caps) {
1344 vs->modifiers_state[0x3a] = caps;
1345 }
1346 if (vs->modifiers_state[0x45] != num) {
1347 vs->modifiers_state[0x45] = num;
1348 }
1349 }
1350
1351 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1352 {
1353 /* QEMU console switch */
1354 switch(keycode) {
1355 case 0x2a: /* Left Shift */
1356 case 0x36: /* Right Shift */
1357 case 0x1d: /* Left CTRL */
1358 case 0x9d: /* Right CTRL */
1359 case 0x38: /* Left ALT */
1360 case 0xb8: /* Right ALT */
1361 if (down)
1362 vs->modifiers_state[keycode] = 1;
1363 else
1364 vs->modifiers_state[keycode] = 0;
1365 break;
1366 case 0x02 ... 0x0a: /* '1' to '9' keys */
1367 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1368 /* Reset the modifiers sent to the current console */
1369 reset_keys(vs);
1370 console_select(keycode - 0x02);
1371 return;
1372 }
1373 break;
1374 case 0x3a: /* CapsLock */
1375 case 0x45: /* NumLock */
1376 if (down)
1377 vs->modifiers_state[keycode] ^= 1;
1378 break;
1379 }
1380
1381 if (vs->vd->lock_key_sync &&
1382 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1383 /* If the numlock state needs to change then simulate an additional
1384 keypress before sending this one. This will happen if the user
1385 toggles numlock away from the VNC window.
1386 */
1387 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1388 if (!vs->modifiers_state[0x45]) {
1389 vs->modifiers_state[0x45] = 1;
1390 press_key(vs, 0xff7f);
1391 }
1392 } else {
1393 if (vs->modifiers_state[0x45]) {
1394 vs->modifiers_state[0x45] = 0;
1395 press_key(vs, 0xff7f);
1396 }
1397 }
1398 }
1399
1400 if (vs->vd->lock_key_sync &&
1401 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1402 /* If the capslock state needs to change then simulate an additional
1403 keypress before sending this one. This will happen if the user
1404 toggles capslock away from the VNC window.
1405 */
1406 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1407 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1408 int capslock = !!(vs->modifiers_state[0x3a]);
1409 if (capslock) {
1410 if (uppercase == shift) {
1411 vs->modifiers_state[0x3a] = 0;
1412 press_key(vs, 0xffe5);
1413 }
1414 } else {
1415 if (uppercase != shift) {
1416 vs->modifiers_state[0x3a] = 1;
1417 press_key(vs, 0xffe5);
1418 }
1419 }
1420 }
1421
1422 if (is_graphic_console()) {
1423 if (keycode & SCANCODE_GREY)
1424 kbd_put_keycode(SCANCODE_EMUL0);
1425 if (down)
1426 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1427 else
1428 kbd_put_keycode(keycode | SCANCODE_UP);
1429 } else {
1430 /* QEMU console emulation */
1431 if (down) {
1432 int numlock = vs->modifiers_state[0x45];
1433 switch (keycode) {
1434 case 0x2a: /* Left Shift */
1435 case 0x36: /* Right Shift */
1436 case 0x1d: /* Left CTRL */
1437 case 0x9d: /* Right CTRL */
1438 case 0x38: /* Left ALT */
1439 case 0xb8: /* Right ALT */
1440 break;
1441 case 0xc8:
1442 kbd_put_keysym(QEMU_KEY_UP);
1443 break;
1444 case 0xd0:
1445 kbd_put_keysym(QEMU_KEY_DOWN);
1446 break;
1447 case 0xcb:
1448 kbd_put_keysym(QEMU_KEY_LEFT);
1449 break;
1450 case 0xcd:
1451 kbd_put_keysym(QEMU_KEY_RIGHT);
1452 break;
1453 case 0xd3:
1454 kbd_put_keysym(QEMU_KEY_DELETE);
1455 break;
1456 case 0xc7:
1457 kbd_put_keysym(QEMU_KEY_HOME);
1458 break;
1459 case 0xcf:
1460 kbd_put_keysym(QEMU_KEY_END);
1461 break;
1462 case 0xc9:
1463 kbd_put_keysym(QEMU_KEY_PAGEUP);
1464 break;
1465 case 0xd1:
1466 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1467 break;
1468
1469 case 0x47:
1470 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1471 break;
1472 case 0x48:
1473 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1474 break;
1475 case 0x49:
1476 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1477 break;
1478 case 0x4b:
1479 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1480 break;
1481 case 0x4c:
1482 kbd_put_keysym('5');
1483 break;
1484 case 0x4d:
1485 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1486 break;
1487 case 0x4f:
1488 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1489 break;
1490 case 0x50:
1491 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1492 break;
1493 case 0x51:
1494 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1495 break;
1496 case 0x52:
1497 kbd_put_keysym('0');
1498 break;
1499 case 0x53:
1500 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1501 break;
1502
1503 case 0xb5:
1504 kbd_put_keysym('/');
1505 break;
1506 case 0x37:
1507 kbd_put_keysym('*');
1508 break;
1509 case 0x4a:
1510 kbd_put_keysym('-');
1511 break;
1512 case 0x4e:
1513 kbd_put_keysym('+');
1514 break;
1515 case 0x9c:
1516 kbd_put_keysym('\n');
1517 break;
1518
1519 default:
1520 kbd_put_keysym(sym);
1521 break;
1522 }
1523 }
1524 }
1525 }
1526
1527 static void key_event(VncState *vs, int down, uint32_t sym)
1528 {
1529 int keycode;
1530 int lsym = sym;
1531
1532 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1533 lsym = lsym - 'A' + 'a';
1534 }
1535
1536 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1537 do_key_event(vs, down, keycode, sym);
1538 }
1539
1540 static void ext_key_event(VncState *vs, int down,
1541 uint32_t sym, uint16_t keycode)
1542 {
1543 /* if the user specifies a keyboard layout, always use it */
1544 if (keyboard_layout)
1545 key_event(vs, down, sym);
1546 else
1547 do_key_event(vs, down, keycode, sym);
1548 }
1549
1550 static void framebuffer_update_request(VncState *vs, int incremental,
1551 int x_position, int y_position,
1552 int w, int h)
1553 {
1554 if (y_position > ds_get_height(vs->ds))
1555 y_position = ds_get_height(vs->ds);
1556 if (y_position + h >= ds_get_height(vs->ds))
1557 h = ds_get_height(vs->ds) - y_position;
1558
1559 int i;
1560 vs->need_update = 1;
1561 if (!incremental) {
1562 vs->force_update = 1;
1563 for (i = 0; i < h; i++) {
1564 vnc_set_bits(vs->dirty[y_position + i],
1565 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1566 }
1567 }
1568 }
1569
1570 static void send_ext_key_event_ack(VncState *vs)
1571 {
1572 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1573 vnc_write_u8(vs, 0);
1574 vnc_write_u16(vs, 1);
1575 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1576 VNC_ENCODING_EXT_KEY_EVENT);
1577 vnc_flush(vs);
1578 }
1579
1580 static void send_ext_audio_ack(VncState *vs)
1581 {
1582 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1583 vnc_write_u8(vs, 0);
1584 vnc_write_u16(vs, 1);
1585 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1586 VNC_ENCODING_AUDIO);
1587 vnc_flush(vs);
1588 }
1589
1590 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1591 {
1592 int i;
1593 unsigned int enc = 0;
1594
1595 vnc_zlib_init(vs);
1596 vs->features = 0;
1597 vs->vnc_encoding = -1;
1598 vs->tight_compression = 9;
1599 vs->tight_quality = 9;
1600 vs->absolute = -1;
1601
1602 for (i = n_encodings - 1; i >= 0; i--) {
1603 enc = encodings[i];
1604 switch (enc) {
1605 case VNC_ENCODING_RAW:
1606 if (vs->vnc_encoding != -1) {
1607 vs->vnc_encoding = enc;
1608 }
1609 break;
1610 case VNC_ENCODING_COPYRECT:
1611 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1612 break;
1613 case VNC_ENCODING_HEXTILE:
1614 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1615 if (vs->vnc_encoding != -1) {
1616 vs->vnc_encoding = enc;
1617 }
1618 break;
1619 case VNC_ENCODING_ZLIB:
1620 vs->features |= VNC_FEATURE_ZLIB_MASK;
1621 if (vs->vnc_encoding != -1) {
1622 vs->vnc_encoding = enc;
1623 }
1624 break;
1625 case VNC_ENCODING_DESKTOPRESIZE:
1626 vs->features |= VNC_FEATURE_RESIZE_MASK;
1627 break;
1628 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1629 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1630 break;
1631 case VNC_ENCODING_EXT_KEY_EVENT:
1632 send_ext_key_event_ack(vs);
1633 break;
1634 case VNC_ENCODING_AUDIO:
1635 send_ext_audio_ack(vs);
1636 break;
1637 case VNC_ENCODING_WMVi:
1638 vs->features |= VNC_FEATURE_WMVI_MASK;
1639 break;
1640 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1641 vs->tight_compression = (enc & 0x0F);
1642 break;
1643 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1644 vs->tight_quality = (enc & 0x0F);
1645 break;
1646 default:
1647 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1648 break;
1649 }
1650 }
1651
1652 check_pointer_type_change(&vs->mouse_mode_notifier);
1653 }
1654
1655 static void set_pixel_conversion(VncState *vs)
1656 {
1657 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1658 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1659 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1660 vs->write_pixels = vnc_write_pixels_copy;
1661 vnc_hextile_set_pixel_conversion(vs, 0);
1662 } else {
1663 vs->write_pixels = vnc_write_pixels_generic;
1664 vnc_hextile_set_pixel_conversion(vs, 1);
1665 }
1666 }
1667
1668 static void set_pixel_format(VncState *vs,
1669 int bits_per_pixel, int depth,
1670 int big_endian_flag, int true_color_flag,
1671 int red_max, int green_max, int blue_max,
1672 int red_shift, int green_shift, int blue_shift)
1673 {
1674 if (!true_color_flag) {
1675 vnc_client_error(vs);
1676 return;
1677 }
1678
1679 vs->clientds = *(vs->vd->guest.ds);
1680 vs->clientds.pf.rmax = red_max;
1681 count_bits(vs->clientds.pf.rbits, red_max);
1682 vs->clientds.pf.rshift = red_shift;
1683 vs->clientds.pf.rmask = red_max << red_shift;
1684 vs->clientds.pf.gmax = green_max;
1685 count_bits(vs->clientds.pf.gbits, green_max);
1686 vs->clientds.pf.gshift = green_shift;
1687 vs->clientds.pf.gmask = green_max << green_shift;
1688 vs->clientds.pf.bmax = blue_max;
1689 count_bits(vs->clientds.pf.bbits, blue_max);
1690 vs->clientds.pf.bshift = blue_shift;
1691 vs->clientds.pf.bmask = blue_max << blue_shift;
1692 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1693 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1694 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1695 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1696
1697 set_pixel_conversion(vs);
1698
1699 vga_hw_invalidate();
1700 vga_hw_update();
1701 }
1702
1703 static void pixel_format_message (VncState *vs) {
1704 char pad[3] = { 0, 0, 0 };
1705
1706 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1707 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1708
1709 #ifdef HOST_WORDS_BIGENDIAN
1710 vnc_write_u8(vs, 1); /* big-endian-flag */
1711 #else
1712 vnc_write_u8(vs, 0); /* big-endian-flag */
1713 #endif
1714 vnc_write_u8(vs, 1); /* true-color-flag */
1715 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1716 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1717 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1718 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1719 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1720 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1721
1722 vnc_hextile_set_pixel_conversion(vs, 0);
1723
1724 vs->clientds = *(vs->ds->surface);
1725 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1726 vs->write_pixels = vnc_write_pixels_copy;
1727
1728 vnc_write(vs, pad, 3); /* padding */
1729 }
1730
1731 static void vnc_dpy_setdata(DisplayState *ds)
1732 {
1733 /* We don't have to do anything */
1734 }
1735
1736 static void vnc_colordepth(VncState *vs)
1737 {
1738 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1739 /* Sending a WMVi message to notify the client*/
1740 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1741 vnc_write_u8(vs, 0);
1742 vnc_write_u16(vs, 1); /* number of rects */
1743 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1744 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1745 pixel_format_message(vs);
1746 vnc_flush(vs);
1747 } else {
1748 set_pixel_conversion(vs);
1749 }
1750 }
1751
1752 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1753 {
1754 int i;
1755 uint16_t limit;
1756 VncDisplay *vd = vs->vd;
1757
1758 if (data[0] > 3) {
1759 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1760 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1761 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1762 }
1763
1764 switch (data[0]) {
1765 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1766 if (len == 1)
1767 return 20;
1768
1769 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1770 read_u8(data, 6), read_u8(data, 7),
1771 read_u16(data, 8), read_u16(data, 10),
1772 read_u16(data, 12), read_u8(data, 14),
1773 read_u8(data, 15), read_u8(data, 16));
1774 break;
1775 case VNC_MSG_CLIENT_SET_ENCODINGS:
1776 if (len == 1)
1777 return 4;
1778
1779 if (len == 4) {
1780 limit = read_u16(data, 2);
1781 if (limit > 0)
1782 return 4 + (limit * 4);
1783 } else
1784 limit = read_u16(data, 2);
1785
1786 for (i = 0; i < limit; i++) {
1787 int32_t val = read_s32(data, 4 + (i * 4));
1788 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1789 }
1790
1791 set_encodings(vs, (int32_t *)(data + 4), limit);
1792 break;
1793 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1794 if (len == 1)
1795 return 10;
1796
1797 framebuffer_update_request(vs,
1798 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1799 read_u16(data, 6), read_u16(data, 8));
1800 break;
1801 case VNC_MSG_CLIENT_KEY_EVENT:
1802 if (len == 1)
1803 return 8;
1804
1805 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1806 break;
1807 case VNC_MSG_CLIENT_POINTER_EVENT:
1808 if (len == 1)
1809 return 6;
1810
1811 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1812 break;
1813 case VNC_MSG_CLIENT_CUT_TEXT:
1814 if (len == 1)
1815 return 8;
1816
1817 if (len == 8) {
1818 uint32_t dlen = read_u32(data, 4);
1819 if (dlen > 0)
1820 return 8 + dlen;
1821 }
1822
1823 client_cut_text(vs, read_u32(data, 4), data + 8);
1824 break;
1825 case VNC_MSG_CLIENT_QEMU:
1826 if (len == 1)
1827 return 2;
1828
1829 switch (read_u8(data, 1)) {
1830 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1831 if (len == 2)
1832 return 12;
1833
1834 ext_key_event(vs, read_u16(data, 2),
1835 read_u32(data, 4), read_u32(data, 8));
1836 break;
1837 case VNC_MSG_CLIENT_QEMU_AUDIO:
1838 if (len == 2)
1839 return 4;
1840
1841 switch (read_u16 (data, 2)) {
1842 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1843 audio_add(vs);
1844 break;
1845 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1846 audio_del(vs);
1847 break;
1848 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1849 if (len == 4)
1850 return 10;
1851 switch (read_u8(data, 4)) {
1852 case 0: vs->as.fmt = AUD_FMT_U8; break;
1853 case 1: vs->as.fmt = AUD_FMT_S8; break;
1854 case 2: vs->as.fmt = AUD_FMT_U16; break;
1855 case 3: vs->as.fmt = AUD_FMT_S16; break;
1856 case 4: vs->as.fmt = AUD_FMT_U32; break;
1857 case 5: vs->as.fmt = AUD_FMT_S32; break;
1858 default:
1859 printf("Invalid audio format %d\n", read_u8(data, 4));
1860 vnc_client_error(vs);
1861 break;
1862 }
1863 vs->as.nchannels = read_u8(data, 5);
1864 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1865 printf("Invalid audio channel coount %d\n",
1866 read_u8(data, 5));
1867 vnc_client_error(vs);
1868 break;
1869 }
1870 vs->as.freq = read_u32(data, 6);
1871 break;
1872 default:
1873 printf ("Invalid audio message %d\n", read_u8(data, 4));
1874 vnc_client_error(vs);
1875 break;
1876 }
1877 break;
1878
1879 default:
1880 printf("Msg: %d\n", read_u16(data, 0));
1881 vnc_client_error(vs);
1882 break;
1883 }
1884 break;
1885 default:
1886 printf("Msg: %d\n", data[0]);
1887 vnc_client_error(vs);
1888 break;
1889 }
1890
1891 vnc_read_when(vs, protocol_client_msg, 1);
1892 return 0;
1893 }
1894
1895 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1896 {
1897 char buf[1024];
1898 int size;
1899
1900 vnc_write_u16(vs, ds_get_width(vs->ds));
1901 vnc_write_u16(vs, ds_get_height(vs->ds));
1902
1903 pixel_format_message(vs);
1904
1905 if (qemu_name)
1906 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1907 else
1908 size = snprintf(buf, sizeof(buf), "QEMU");
1909
1910 vnc_write_u32(vs, size);
1911 vnc_write(vs, buf, size);
1912 vnc_flush(vs);
1913
1914 vnc_client_cache_auth(vs);
1915 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
1916
1917 vnc_read_when(vs, protocol_client_msg, 1);
1918
1919 return 0;
1920 }
1921
1922 void start_client_init(VncState *vs)
1923 {
1924 vnc_read_when(vs, protocol_client_init, 1);
1925 }
1926
1927 static void make_challenge(VncState *vs)
1928 {
1929 int i;
1930
1931 srand(time(NULL)+getpid()+getpid()*987654+rand());
1932
1933 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1934 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1935 }
1936
1937 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1938 {
1939 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1940 int i, j, pwlen;
1941 unsigned char key[8];
1942
1943 if (!vs->vd->password || !vs->vd->password[0]) {
1944 VNC_DEBUG("No password configured on server");
1945 vnc_write_u32(vs, 1); /* Reject auth */
1946 if (vs->minor >= 8) {
1947 static const char err[] = "Authentication failed";
1948 vnc_write_u32(vs, sizeof(err));
1949 vnc_write(vs, err, sizeof(err));
1950 }
1951 vnc_flush(vs);
1952 vnc_client_error(vs);
1953 return 0;
1954 }
1955
1956 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1957
1958 /* Calculate the expected challenge response */
1959 pwlen = strlen(vs->vd->password);
1960 for (i=0; i<sizeof(key); i++)
1961 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1962 deskey(key, EN0);
1963 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1964 des(response+j, response+j);
1965
1966 /* Compare expected vs actual challenge response */
1967 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1968 VNC_DEBUG("Client challenge reponse did not match\n");
1969 vnc_write_u32(vs, 1); /* Reject auth */
1970 if (vs->minor >= 8) {
1971 static const char err[] = "Authentication failed";
1972 vnc_write_u32(vs, sizeof(err));
1973 vnc_write(vs, err, sizeof(err));
1974 }
1975 vnc_flush(vs);
1976 vnc_client_error(vs);
1977 } else {
1978 VNC_DEBUG("Accepting VNC challenge response\n");
1979 vnc_write_u32(vs, 0); /* Accept auth */
1980 vnc_flush(vs);
1981
1982 start_client_init(vs);
1983 }
1984 return 0;
1985 }
1986
1987 void start_auth_vnc(VncState *vs)
1988 {
1989 make_challenge(vs);
1990 /* Send client a 'random' challenge */
1991 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1992 vnc_flush(vs);
1993
1994 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1995 }
1996
1997
1998 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1999 {
2000 /* We only advertise 1 auth scheme at a time, so client
2001 * must pick the one we sent. Verify this */
2002 if (data[0] != vs->vd->auth) { /* Reject auth */
2003 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2004 vnc_write_u32(vs, 1);
2005 if (vs->minor >= 8) {
2006 static const char err[] = "Authentication failed";
2007 vnc_write_u32(vs, sizeof(err));
2008 vnc_write(vs, err, sizeof(err));
2009 }
2010 vnc_client_error(vs);
2011 } else { /* Accept requested auth */
2012 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2013 switch (vs->vd->auth) {
2014 case VNC_AUTH_NONE:
2015 VNC_DEBUG("Accept auth none\n");
2016 if (vs->minor >= 8) {
2017 vnc_write_u32(vs, 0); /* Accept auth completion */
2018 vnc_flush(vs);
2019 }
2020 start_client_init(vs);
2021 break;
2022
2023 case VNC_AUTH_VNC:
2024 VNC_DEBUG("Start VNC auth\n");
2025 start_auth_vnc(vs);
2026 break;
2027
2028 #ifdef CONFIG_VNC_TLS
2029 case VNC_AUTH_VENCRYPT:
2030 VNC_DEBUG("Accept VeNCrypt auth\n");;
2031 start_auth_vencrypt(vs);
2032 break;
2033 #endif /* CONFIG_VNC_TLS */
2034
2035 #ifdef CONFIG_VNC_SASL
2036 case VNC_AUTH_SASL:
2037 VNC_DEBUG("Accept SASL auth\n");
2038 start_auth_sasl(vs);
2039 break;
2040 #endif /* CONFIG_VNC_SASL */
2041
2042 default: /* Should not be possible, but just in case */
2043 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2044 vnc_write_u8(vs, 1);
2045 if (vs->minor >= 8) {
2046 static const char err[] = "Authentication failed";
2047 vnc_write_u32(vs, sizeof(err));
2048 vnc_write(vs, err, sizeof(err));
2049 }
2050 vnc_client_error(vs);
2051 }
2052 }
2053 return 0;
2054 }
2055
2056 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2057 {
2058 char local[13];
2059
2060 memcpy(local, version, 12);
2061 local[12] = 0;
2062
2063 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2064 VNC_DEBUG("Malformed protocol version %s\n", local);
2065 vnc_client_error(vs);
2066 return 0;
2067 }
2068 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2069 if (vs->major != 3 ||
2070 (vs->minor != 3 &&
2071 vs->minor != 4 &&
2072 vs->minor != 5 &&
2073 vs->minor != 7 &&
2074 vs->minor != 8)) {
2075 VNC_DEBUG("Unsupported client version\n");
2076 vnc_write_u32(vs, VNC_AUTH_INVALID);
2077 vnc_flush(vs);
2078 vnc_client_error(vs);
2079 return 0;
2080 }
2081 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2082 * as equivalent to v3.3 by servers
2083 */
2084 if (vs->minor == 4 || vs->minor == 5)
2085 vs->minor = 3;
2086
2087 if (vs->minor == 3) {
2088 if (vs->vd->auth == VNC_AUTH_NONE) {
2089 VNC_DEBUG("Tell client auth none\n");
2090 vnc_write_u32(vs, vs->vd->auth);
2091 vnc_flush(vs);
2092 start_client_init(vs);
2093 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2094 VNC_DEBUG("Tell client VNC auth\n");
2095 vnc_write_u32(vs, vs->vd->auth);
2096 vnc_flush(vs);
2097 start_auth_vnc(vs);
2098 } else {
2099 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2100 vnc_write_u32(vs, VNC_AUTH_INVALID);
2101 vnc_flush(vs);
2102 vnc_client_error(vs);
2103 }
2104 } else {
2105 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2106 vnc_write_u8(vs, 1); /* num auth */
2107 vnc_write_u8(vs, vs->vd->auth);
2108 vnc_read_when(vs, protocol_client_auth, 1);
2109 vnc_flush(vs);
2110 }
2111
2112 return 0;
2113 }
2114
2115 static int vnc_refresh_server_surface(VncDisplay *vd)
2116 {
2117 int y;
2118 uint8_t *guest_row;
2119 uint8_t *server_row;
2120 int cmp_bytes;
2121 uint32_t width_mask[VNC_DIRTY_WORDS];
2122 VncState *vs;
2123 int has_dirty = 0;
2124
2125 /*
2126 * Walk through the guest dirty map.
2127 * Check and copy modified bits from guest to server surface.
2128 * Update server dirty map.
2129 */
2130 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2131 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2132 guest_row = vd->guest.ds->data;
2133 server_row = vd->server->data;
2134 for (y = 0; y < vd->guest.ds->height; y++) {
2135 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2136 int x;
2137 uint8_t *guest_ptr;
2138 uint8_t *server_ptr;
2139
2140 guest_ptr = guest_row;
2141 server_ptr = server_row;
2142
2143 for (x = 0; x < vd->guest.ds->width;
2144 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2145 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2146 continue;
2147 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2148 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2149 continue;
2150 memcpy(server_ptr, guest_ptr, cmp_bytes);
2151 QTAILQ_FOREACH(vs, &vd->clients, next) {
2152 vnc_set_bit(vs->dirty[y], (x / 16));
2153 }
2154 has_dirty++;
2155 }
2156 }
2157 guest_row += ds_get_linesize(vd->ds);
2158 server_row += ds_get_linesize(vd->ds);
2159 }
2160 return has_dirty;
2161 }
2162
2163 static void vnc_refresh(void *opaque)
2164 {
2165 VncDisplay *vd = opaque;
2166 VncState *vs, *vn;
2167 int has_dirty, rects = 0;
2168
2169 vga_hw_update();
2170
2171 has_dirty = vnc_refresh_server_surface(vd);
2172
2173 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2174 rects += vnc_update_client(vs, has_dirty);
2175 /* vs might be free()ed here */
2176 }
2177 /* vd->timer could be NULL now if the last client disconnected,
2178 * in this case don't update the timer */
2179 if (vd->timer == NULL)
2180 return;
2181
2182 if (has_dirty && rects) {
2183 vd->timer_interval /= 2;
2184 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2185 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2186 } else {
2187 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2188 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2189 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2190 }
2191 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2192 }
2193
2194 static void vnc_init_timer(VncDisplay *vd)
2195 {
2196 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2197 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2198 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2199 vnc_refresh(vd);
2200 }
2201 }
2202
2203 static void vnc_remove_timer(VncDisplay *vd)
2204 {
2205 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2206 qemu_del_timer(vd->timer);
2207 qemu_free_timer(vd->timer);
2208 vd->timer = NULL;
2209 }
2210 }
2211
2212 static void vnc_connect(VncDisplay *vd, int csock)
2213 {
2214 VncState *vs = qemu_mallocz(sizeof(VncState));
2215 vs->csock = csock;
2216
2217 VNC_DEBUG("New client on socket %d\n", csock);
2218 dcl->idle = 0;
2219 socket_set_nonblock(vs->csock);
2220 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2221
2222 vnc_client_cache_addr(vs);
2223 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2224
2225 vs->vd = vd;
2226 vs->ds = vd->ds;
2227 vs->last_x = -1;
2228 vs->last_y = -1;
2229
2230 vs->as.freq = 44100;
2231 vs->as.nchannels = 2;
2232 vs->as.fmt = AUD_FMT_S16;
2233 vs->as.endianness = 0;
2234
2235 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2236
2237 vga_hw_update();
2238
2239 vnc_write(vs, "RFB 003.008\n", 12);
2240 vnc_flush(vs);
2241 vnc_read_when(vs, protocol_version, 12);
2242 reset_keys(vs);
2243 if (vs->vd->lock_key_sync)
2244 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2245
2246 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2247 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2248
2249 vnc_init_timer(vd);
2250
2251 /* vs might be free()ed here */
2252 }
2253
2254 static void vnc_listen_read(void *opaque)
2255 {
2256 VncDisplay *vs = opaque;
2257 struct sockaddr_in addr;
2258 socklen_t addrlen = sizeof(addr);
2259
2260 /* Catch-up */
2261 vga_hw_update();
2262
2263 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2264 if (csock != -1) {
2265 vnc_connect(vs, csock);
2266 }
2267 }
2268
2269 void vnc_display_init(DisplayState *ds)
2270 {
2271 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2272
2273 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2274
2275 ds->opaque = vs;
2276 dcl->idle = 1;
2277 vnc_display = vs;
2278
2279 vs->lsock = -1;
2280
2281 vs->ds = ds;
2282 QTAILQ_INIT(&vs->clients);
2283
2284 if (keyboard_layout)
2285 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2286 else
2287 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2288
2289 if (!vs->kbd_layout)
2290 exit(1);
2291
2292 dcl->dpy_copy = vnc_dpy_copy;
2293 dcl->dpy_update = vnc_dpy_update;
2294 dcl->dpy_resize = vnc_dpy_resize;
2295 dcl->dpy_setdata = vnc_dpy_setdata;
2296 register_displaychangelistener(ds, dcl);
2297 }
2298
2299
2300 void vnc_display_close(DisplayState *ds)
2301 {
2302 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2303
2304 if (!vs)
2305 return;
2306 if (vs->display) {
2307 qemu_free(vs->display);
2308 vs->display = NULL;
2309 }
2310 if (vs->lsock != -1) {
2311 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2312 close(vs->lsock);
2313 vs->lsock = -1;
2314 }
2315 vs->auth = VNC_AUTH_INVALID;
2316 #ifdef CONFIG_VNC_TLS
2317 vs->subauth = VNC_AUTH_INVALID;
2318 vs->tls.x509verify = 0;
2319 #endif
2320 }
2321
2322 int vnc_display_password(DisplayState *ds, const char *password)
2323 {
2324 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2325
2326 if (!vs) {
2327 return -1;
2328 }
2329
2330 if (vs->password) {
2331 qemu_free(vs->password);
2332 vs->password = NULL;
2333 }
2334 if (password && password[0]) {
2335 if (!(vs->password = qemu_strdup(password)))
2336 return -1;
2337 if (vs->auth == VNC_AUTH_NONE) {
2338 vs->auth = VNC_AUTH_VNC;
2339 }
2340 } else {
2341 vs->auth = VNC_AUTH_NONE;
2342 }
2343
2344 return 0;
2345 }
2346
2347 char *vnc_display_local_addr(DisplayState *ds)
2348 {
2349 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2350
2351 return vnc_socket_local_addr("%s:%s", vs->lsock);
2352 }
2353
2354 int vnc_display_open(DisplayState *ds, const char *display)
2355 {
2356 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2357 const char *options;
2358 int password = 0;
2359 int reverse = 0;
2360 #ifdef CONFIG_VNC_TLS
2361 int tls = 0, x509 = 0;
2362 #endif
2363 #ifdef CONFIG_VNC_SASL
2364 int sasl = 0;
2365 int saslErr;
2366 #endif
2367 int acl = 0;
2368 int lock_key_sync = 1;
2369
2370 if (!vnc_display)
2371 return -1;
2372 vnc_display_close(ds);
2373 if (strcmp(display, "none") == 0)
2374 return 0;
2375
2376 if (!(vs->display = strdup(display)))
2377 return -1;
2378
2379 options = display;
2380 while ((options = strchr(options, ','))) {
2381 options++;
2382 if (strncmp(options, "password", 8) == 0) {
2383 password = 1; /* Require password auth */
2384 } else if (strncmp(options, "reverse", 7) == 0) {
2385 reverse = 1;
2386 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2387 lock_key_sync = 0;
2388 #ifdef CONFIG_VNC_SASL
2389 } else if (strncmp(options, "sasl", 4) == 0) {
2390 sasl = 1; /* Require SASL auth */
2391 #endif
2392 #ifdef CONFIG_VNC_TLS
2393 } else if (strncmp(options, "tls", 3) == 0) {
2394 tls = 1; /* Require TLS */
2395 } else if (strncmp(options, "x509", 4) == 0) {
2396 char *start, *end;
2397 x509 = 1; /* Require x509 certificates */
2398 if (strncmp(options, "x509verify", 10) == 0)
2399 vs->tls.x509verify = 1; /* ...and verify client certs */
2400
2401 /* Now check for 'x509=/some/path' postfix
2402 * and use that to setup x509 certificate/key paths */
2403 start = strchr(options, '=');
2404 end = strchr(options, ',');
2405 if (start && (!end || (start < end))) {
2406 int len = end ? end-(start+1) : strlen(start+1);
2407 char *path = qemu_strndup(start + 1, len);
2408
2409 VNC_DEBUG("Trying certificate path '%s'\n", path);
2410 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2411 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2412 qemu_free(path);
2413 qemu_free(vs->display);
2414 vs->display = NULL;
2415 return -1;
2416 }
2417 qemu_free(path);
2418 } else {
2419 fprintf(stderr, "No certificate path provided\n");
2420 qemu_free(vs->display);
2421 vs->display = NULL;
2422 return -1;
2423 }
2424 #endif
2425 } else if (strncmp(options, "acl", 3) == 0) {
2426 acl = 1;
2427 }
2428 }
2429
2430 #ifdef CONFIG_VNC_TLS
2431 if (acl && x509 && vs->tls.x509verify) {
2432 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2433 fprintf(stderr, "Failed to create x509 dname ACL\n");
2434 exit(1);
2435 }
2436 }
2437 #endif
2438 #ifdef CONFIG_VNC_SASL
2439 if (acl && sasl) {
2440 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2441 fprintf(stderr, "Failed to create username ACL\n");
2442 exit(1);
2443 }
2444 }
2445 #endif
2446
2447 /*
2448 * Combinations we support here:
2449 *
2450 * - no-auth (clear text, no auth)
2451 * - password (clear text, weak auth)
2452 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2453 * - tls (encrypt, weak anonymous creds, no auth)
2454 * - tls + password (encrypt, weak anonymous creds, weak auth)
2455 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2456 * - tls + x509 (encrypt, good x509 creds, no auth)
2457 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2458 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2459 *
2460 * NB1. TLS is a stackable auth scheme.
2461 * NB2. the x509 schemes have option to validate a client cert dname
2462 */
2463 if (password) {
2464 #ifdef CONFIG_VNC_TLS
2465 if (tls) {
2466 vs->auth = VNC_AUTH_VENCRYPT;
2467 if (x509) {
2468 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2469 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2470 } else {
2471 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2472 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2473 }
2474 } else {
2475 #endif /* CONFIG_VNC_TLS */
2476 VNC_DEBUG("Initializing VNC server with password auth\n");
2477 vs->auth = VNC_AUTH_VNC;
2478 #ifdef CONFIG_VNC_TLS
2479 vs->subauth = VNC_AUTH_INVALID;
2480 }
2481 #endif /* CONFIG_VNC_TLS */
2482 #ifdef CONFIG_VNC_SASL
2483 } else if (sasl) {
2484 #ifdef CONFIG_VNC_TLS
2485 if (tls) {
2486 vs->auth = VNC_AUTH_VENCRYPT;
2487 if (x509) {
2488 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2489 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2490 } else {
2491 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2492 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2493 }
2494 } else {
2495 #endif /* CONFIG_VNC_TLS */
2496 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2497 vs->auth = VNC_AUTH_SASL;
2498 #ifdef CONFIG_VNC_TLS
2499 vs->subauth = VNC_AUTH_INVALID;
2500 }
2501 #endif /* CONFIG_VNC_TLS */
2502 #endif /* CONFIG_VNC_SASL */
2503 } else {
2504 #ifdef CONFIG_VNC_TLS
2505 if (tls) {
2506 vs->auth = VNC_AUTH_VENCRYPT;
2507 if (x509) {
2508 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2509 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2510 } else {
2511 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2512 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2513 }
2514 } else {
2515 #endif
2516 VNC_DEBUG("Initializing VNC server with no auth\n");
2517 vs->auth = VNC_AUTH_NONE;
2518 #ifdef CONFIG_VNC_TLS
2519 vs->subauth = VNC_AUTH_INVALID;
2520 }
2521 #endif
2522 }
2523
2524 #ifdef CONFIG_VNC_SASL
2525 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2526 fprintf(stderr, "Failed to initialize SASL auth %s",
2527 sasl_errstring(saslErr, NULL, NULL));
2528 free(vs->display);
2529 vs->display = NULL;
2530 return -1;
2531 }
2532 #endif
2533 vs->lock_key_sync = lock_key_sync;
2534
2535 if (reverse) {
2536 /* connect to viewer */
2537 if (strncmp(display, "unix:", 5) == 0)
2538 vs->lsock = unix_connect(display+5);
2539 else
2540 vs->lsock = inet_connect(display, SOCK_STREAM);
2541 if (-1 == vs->lsock) {
2542 free(vs->display);
2543 vs->display = NULL;
2544 return -1;
2545 } else {
2546 int csock = vs->lsock;
2547 vs->lsock = -1;
2548 vnc_connect(vs, csock);
2549 }
2550 return 0;
2551
2552 } else {
2553 /* listen for connects */
2554 char *dpy;
2555 dpy = qemu_malloc(256);
2556 if (strncmp(display, "unix:", 5) == 0) {
2557 pstrcpy(dpy, 256, "unix:");
2558 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2559 } else {
2560 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2561 }
2562 if (-1 == vs->lsock) {
2563 free(dpy);
2564 return -1;
2565 } else {
2566 free(vs->display);
2567 vs->display = dpy;
2568 }
2569 }
2570 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2571 }
various patches