search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
QError: New QERR_QMP_BAD_INPUT_OBJECT_MEMBER
[qemu/stefanha.git] / vnc.c
blobd332099ffdff05fa43893a16cbacf9f7dccbe7cc
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
59 size_t addrlen;
60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
70 /* Enough for the existing format + the 2 vars we're
71 * substituting in. */
72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
76
77 return addr;
78 }
79
80
81 char *vnc_socket_local_addr(const char *format, int fd) {
82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90 }
91
92 char *vnc_socket_remote_addr(const char *format, int fd) {
93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101 }
102
103 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105 {
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
122
123 return 0;
124 }
125
126 static int vnc_server_addr_put(QDict *qdict, int fd)
127 {
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137 }
138
139 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140 {
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150 }
151
152 static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171 #ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
191 default:
192 return "vencrypt";
193 }
194 #else
195 return "vencrypt";
196 #endif
197 case VNC_AUTH_SASL:
198 return "sasl";
199 }
200 return "unknown";
201 }
202
203 static int vnc_server_info_put(QDict *qdict)
204 {
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211 }
212
213 static void vnc_client_cache_auth(VncState *client)
214 {
215 QDict *qdict;
216
217 if (!client->info) {
218 return;
219 }
220
221 qdict = qobject_to_qdict(client->info);
222
223 #ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
228 #endif
229 #ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
231 client->sasl.username) {
232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
234 }
235 #endif
236 }
237
238 static void vnc_client_cache_addr(VncState *client)
239 {
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
250 }
251
252 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253 {
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274 }
275
276 static void info_vnc_iter(QObject *obj, void *opaque)
277 {
278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287 #ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291 #endif
292 #ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
296 #endif
297 }
298
299 void do_info_vnc_print(Monitor *mon, const QObject *data)
300 {
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
305 if (qdict_get_bool(server, "enabled") == 0) {
306 monitor_printf(mon, "Server: disabled\n");
307 return;
308 }
309
310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322 }
323
324 /**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
332 * - "enabled": true or false
333 * - "host": server's IP address
334 * - "family": address family ("ipv4" or "ipv6")
335 * - "service": server's port number
336 * - "auth": authentication method
337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
342 * - "family": address family ("ipv4" or "ipv6")
343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
345 * - "sasl_username": SASL username (optional)
346 *
347 * Example:
348 *
349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
352 */
353 void do_info_vnc(Monitor *mon, QObject **ret_data)
354 {
355 if (vnc_display == NULL || vnc_display->display == NULL) {
356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
357 } else {
358 QList *clist;
359 VncState *client;
360
361 clist = qlist_new();
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
367 }
368 }
369
370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
375 qobject_decref(*ret_data);
376 *ret_data = NULL;
377 }
378 }
379 }
380
381 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383 }
384
385 /* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390 */
391
392 static int vnc_update_client(VncState *vs, int has_dirty);
393 static void vnc_disconnect_start(VncState *vs);
394 static void vnc_disconnect_finish(VncState *vs);
395 static void vnc_init_timer(VncDisplay *vd);
396 static void vnc_remove_timer(VncDisplay *vd);
397
398 static void vnc_colordepth(VncState *vs);
399 static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402 static void vnc_refresh(void *opaque);
403 static int vnc_refresh_server_surface(VncDisplay *vd);
404
405 static inline void vnc_set_bit(uint32_t *d, int k)
406 {
407 d[k >> 5] |= 1 << (k & 0x1f);
408 }
409
410 static inline void vnc_clear_bit(uint32_t *d, int k)
411 {
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413 }
414
415 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416 {
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
424 if (n > 0)
425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428 }
429
430 static inline int vnc_get_bit(const uint32_t *d, int k)
431 {
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433 }
434
435 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
436 int nb_words)
437 {
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444 }
445
446 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
447 {
448 int i;
449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
451
452 h += y;
453
454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
465
466 for (; y < h; y++)
467 for (i = 0; i < w; i += 16)
468 vnc_set_bit(s->dirty[y], (x + i) / 16);
469 }
470
471 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
472 int32_t encoding)
473 {
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480 }
481
482 void buffer_reserve(Buffer *buffer, size_t len)
483 {
484 if ((buffer->capacity - buffer->offset) < len) {
485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
491 }
492 }
493
494 int buffer_empty(Buffer *buffer)
495 {
496 return buffer->offset == 0;
497 }
498
499 uint8_t *buffer_end(Buffer *buffer)
500 {
501 return buffer->buffer + buffer->offset;
502 }
503
504 void buffer_reset(Buffer *buffer)
505 {
506 buffer->offset = 0;
507 }
508
509 void buffer_append(Buffer *buffer, const void *data, size_t len)
510 {
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513 }
514
515 static void vnc_dpy_resize(DisplayState *ds)
516 {
517 int size_changed;
518 VncDisplay *vd = ds->opaque;
519 VncState *vs;
520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
529
530 /* guest surface */
531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
534 console_color_init(ds);
535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
539
540 QTAILQ_FOREACH(vs, &vd->clients, next) {
541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
544 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
553 }
554 }
555
556 /* fastest code */
557 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558 {
559 vnc_write(vs, pixels, size);
560 }
561
562 /* slowest but generic code. */
563 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
564 {
565 uint8_t r, g, b;
566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605 }
606
607 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608 {
609 uint8_t buf[4];
610 VncDisplay *vd = vs->vd;
611
612 if (vd->server->pf.bytes_per_pixel == 4) {
613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
619 }
620 } else if (vd->server->pf.bytes_per_pixel == 2) {
621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
627 }
628 } else if (vd->server->pf.bytes_per_pixel == 1) {
629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
638 }
639 }
640
641 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
642 {
643 int i;
644 uint8_t *row;
645 VncDisplay *vd = vs->vd;
646
647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
648 for (i = 0; i < h; i++) {
649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
651 }
652 }
653
654 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
655 {
656 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
657 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
658 }
659
660 #define BPP 8
661 #include "vnchextile.h"
662 #undef BPP
663
664 #define BPP 16
665 #include "vnchextile.h"
666 #undef BPP
667
668 #define BPP 32
669 #include "vnchextile.h"
670 #undef BPP
671
672 #define GENERIC
673 #define BPP 8
674 #include "vnchextile.h"
675 #undef BPP
676 #undef GENERIC
677
678 #define GENERIC
679 #define BPP 16
680 #include "vnchextile.h"
681 #undef BPP
682 #undef GENERIC
683
684 #define GENERIC
685 #define BPP 32
686 #include "vnchextile.h"
687 #undef BPP
688 #undef GENERIC
689
690 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
691 {
692 int i, j;
693 int has_fg, has_bg;
694 uint8_t *last_fg, *last_bg;
695 VncDisplay *vd = vs->vd;
696
697 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
698 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
699 has_fg = has_bg = 0;
700 for (j = y; j < (y + h); j += 16) {
701 for (i = x; i < (x + w); i += 16) {
702 vs->send_hextile_tile(vs, i, j,
703 MIN(16, x + w - i), MIN(16, y + h - j),
704 last_bg, last_fg, &has_bg, &has_fg);
705 }
706 }
707 free(last_fg);
708 free(last_bg);
709
710 }
711
712 #define ZALLOC_ALIGNMENT 16
713
714 static void *zalloc(void *x, unsigned items, unsigned size)
715 {
716 void *p;
717
718 size *= items;
719 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
720
721 p = qemu_mallocz(size);
722
723 return (p);
724 }
725
726 static void zfree(void *x, void *addr)
727 {
728 qemu_free(addr);
729 }
730
731 static void vnc_zlib_init(VncState *vs)
732 {
733 int i;
734 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
735 vs->zlib_stream[i].opaque = NULL;
736 }
737
738 static void vnc_zlib_start(VncState *vs)
739 {
740 buffer_reset(&vs->zlib);
741
742 // make the output buffer be the zlib buffer, so we can compress it later
743 vs->zlib_tmp = vs->output;
744 vs->output = vs->zlib;
745 }
746
747 static int vnc_zlib_stop(VncState *vs, int stream_id)
748 {
749 z_streamp zstream = &vs->zlib_stream[stream_id];
750 int previous_out;
751
752 // switch back to normal output/zlib buffers
753 vs->zlib = vs->output;
754 vs->output = vs->zlib_tmp;
755
756 // compress the zlib buffer
757
758 // initialize the stream
759 // XXX need one stream per session
760 if (zstream->opaque != vs) {
761 int err;
762
763 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
764 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
765 zstream->zalloc = zalloc;
766 zstream->zfree = zfree;
767
768 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
769 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
770
771 if (err != Z_OK) {
772 fprintf(stderr, "VNC: error initializing zlib\n");
773 return -1;
774 }
775
776 zstream->opaque = vs;
777 }
778
779 // XXX what to do if tight_compression changed in between?
780
781 // reserve memory in output buffer
782 buffer_reserve(&vs->output, vs->zlib.offset + 64);
783
784 // set pointers
785 zstream->next_in = vs->zlib.buffer;
786 zstream->avail_in = vs->zlib.offset;
787 zstream->next_out = vs->output.buffer + vs->output.offset;
788 zstream->avail_out = vs->output.capacity - vs->output.offset;
789 zstream->data_type = Z_BINARY;
790 previous_out = zstream->total_out;
791
792 // start encoding
793 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
794 fprintf(stderr, "VNC: error during zlib compression\n");
795 return -1;
796 }
797
798 vs->output.offset = vs->output.capacity - zstream->avail_out;
799 return zstream->total_out - previous_out;
800 }
801
802 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
803 {
804 int old_offset, new_offset, bytes_written;
805
806 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
807
808 // remember where we put in the follow-up size
809 old_offset = vs->output.offset;
810 vnc_write_s32(vs, 0);
811
812 // compress the stream
813 vnc_zlib_start(vs);
814 send_framebuffer_update_raw(vs, x, y, w, h);
815 bytes_written = vnc_zlib_stop(vs, 0);
816
817 if (bytes_written == -1)
818 return;
819
820 // hack in the size
821 new_offset = vs->output.offset;
822 vs->output.offset = old_offset;
823 vnc_write_u32(vs, bytes_written);
824 vs->output.offset = new_offset;
825 }
826
827 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
828 {
829 switch(vs->vnc_encoding) {
830 case VNC_ENCODING_ZLIB:
831 send_framebuffer_update_zlib(vs, x, y, w, h);
832 break;
833 case VNC_ENCODING_HEXTILE:
834 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
835 send_framebuffer_update_hextile(vs, x, y, w, h);
836 break;
837 default:
838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
839 send_framebuffer_update_raw(vs, x, y, w, h);
840 break;
841 }
842 }
843
844 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
845 {
846 /* send bitblit op to the vnc client */
847 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
848 vnc_write_u8(vs, 0);
849 vnc_write_u16(vs, 1); /* number of rects */
850 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
851 vnc_write_u16(vs, src_x);
852 vnc_write_u16(vs, src_y);
853 vnc_flush(vs);
854 }
855
856 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
857 {
858 VncDisplay *vd = ds->opaque;
859 VncState *vs, *vn;
860 uint8_t *src_row;
861 uint8_t *dst_row;
862 int i,x,y,pitch,depth,inc,w_lim,s;
863 int cmp_bytes;
864
865 vnc_refresh_server_surface(vd);
866 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
867 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
868 vs->force_update = 1;
869 vnc_update_client(vs, 1);
870 /* vs might be free()ed here */
871 }
872 }
873
874 /* do bitblit op on the local surface too */
875 pitch = ds_get_linesize(vd->ds);
876 depth = ds_get_bytes_per_pixel(vd->ds);
877 src_row = vd->server->data + pitch * src_y + depth * src_x;
878 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
879 y = dst_y;
880 inc = 1;
881 if (dst_y > src_y) {
882 /* copy backwards */
883 src_row += pitch * (h-1);
884 dst_row += pitch * (h-1);
885 pitch = -pitch;
886 y = dst_y + h - 1;
887 inc = -1;
888 }
889 w_lim = w - (16 - (dst_x % 16));
890 if (w_lim < 0)
891 w_lim = w;
892 else
893 w_lim = w - (w_lim % 16);
894 for (i = 0; i < h; i++) {
895 for (x = 0; x <= w_lim;
896 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
897 if (x == w_lim) {
898 if ((s = w - w_lim) == 0)
899 break;
900 } else if (!x) {
901 s = (16 - (dst_x % 16));
902 s = MIN(s, w_lim);
903 } else {
904 s = 16;
905 }
906 cmp_bytes = s * depth;
907 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
908 continue;
909 memmove(dst_row, src_row, cmp_bytes);
910 QTAILQ_FOREACH(vs, &vd->clients, next) {
911 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
912 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
913 }
914 }
915 }
916 src_row += pitch - w * depth;
917 dst_row += pitch - w * depth;
918 y += inc;
919 }
920
921 QTAILQ_FOREACH(vs, &vd->clients, next) {
922 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
923 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
924 }
925 }
926 }
927
928 static int find_and_clear_dirty_height(struct VncState *vs,
929 int y, int last_x, int x)
930 {
931 int h;
932 VncDisplay *vd = vs->vd;
933
934 for (h = 1; h < (vd->server->height - y); h++) {
935 int tmp_x;
936 if (!vnc_get_bit(vs->dirty[y + h], last_x))
937 break;
938 for (tmp_x = last_x; tmp_x < x; tmp_x++)
939 vnc_clear_bit(vs->dirty[y + h], tmp_x);
940 }
941
942 return h;
943 }
944
945 static int vnc_update_client(VncState *vs, int has_dirty)
946 {
947 if (vs->need_update && vs->csock != -1) {
948 VncDisplay *vd = vs->vd;
949 int y;
950 int n_rectangles;
951 int saved_offset;
952
953 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
954 /* kernel send buffers are full -> drop frames to throttle */
955 return 0;
956
957 if (!has_dirty && !vs->audio_cap && !vs->force_update)
958 return 0;
959
960 /*
961 * Send screen updates to the vnc client using the server
962 * surface and server dirty map. guest surface updates
963 * happening in parallel don't disturb us, the next pass will
964 * send them to the client.
965 */
966 n_rectangles = 0;
967 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
968 vnc_write_u8(vs, 0);
969 saved_offset = vs->output.offset;
970 vnc_write_u16(vs, 0);
971
972 for (y = 0; y < vd->server->height; y++) {
973 int x;
974 int last_x = -1;
975 for (x = 0; x < vd->server->width / 16; x++) {
976 if (vnc_get_bit(vs->dirty[y], x)) {
977 if (last_x == -1) {
978 last_x = x;
979 }
980 vnc_clear_bit(vs->dirty[y], x);
981 } else {
982 if (last_x != -1) {
983 int h = find_and_clear_dirty_height(vs, y, last_x, x);
984 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
985 n_rectangles++;
986 }
987 last_x = -1;
988 }
989 }
990 if (last_x != -1) {
991 int h = find_and_clear_dirty_height(vs, y, last_x, x);
992 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
993 n_rectangles++;
994 }
995 }
996 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
997 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
998 vnc_flush(vs);
999 vs->force_update = 0;
1000 return n_rectangles;
1001 }
1002
1003 if (vs->csock == -1)
1004 vnc_disconnect_finish(vs);
1005
1006 return 0;
1007 }
1008
1009 /* audio */
1010 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1011 {
1012 VncState *vs = opaque;
1013
1014 switch (cmd) {
1015 case AUD_CNOTIFY_DISABLE:
1016 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1017 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1018 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1019 vnc_flush(vs);
1020 break;
1021
1022 case AUD_CNOTIFY_ENABLE:
1023 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1024 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1025 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1026 vnc_flush(vs);
1027 break;
1028 }
1029 }
1030
1031 static void audio_capture_destroy(void *opaque)
1032 {
1033 }
1034
1035 static void audio_capture(void *opaque, void *buf, int size)
1036 {
1037 VncState *vs = opaque;
1038
1039 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1040 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1041 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1042 vnc_write_u32(vs, size);
1043 vnc_write(vs, buf, size);
1044 vnc_flush(vs);
1045 }
1046
1047 static void audio_add(VncState *vs)
1048 {
1049 struct audio_capture_ops ops;
1050
1051 if (vs->audio_cap) {
1052 monitor_printf(default_mon, "audio already running\n");
1053 return;
1054 }
1055
1056 ops.notify = audio_capture_notify;
1057 ops.destroy = audio_capture_destroy;
1058 ops.capture = audio_capture;
1059
1060 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1061 if (!vs->audio_cap) {
1062 monitor_printf(default_mon, "Failed to add audio capture\n");
1063 }
1064 }
1065
1066 static void audio_del(VncState *vs)
1067 {
1068 if (vs->audio_cap) {
1069 AUD_del_capture(vs->audio_cap, vs);
1070 vs->audio_cap = NULL;
1071 }
1072 }
1073
1074 static void vnc_disconnect_start(VncState *vs)
1075 {
1076 if (vs->csock == -1)
1077 return;
1078 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1079 closesocket(vs->csock);
1080 vs->csock = -1;
1081 }
1082
1083 static void vnc_disconnect_finish(VncState *vs)
1084 {
1085 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1086
1087 if (vs->input.buffer) {
1088 qemu_free(vs->input.buffer);
1089 vs->input.buffer = NULL;
1090 }
1091 if (vs->output.buffer) {
1092 qemu_free(vs->output.buffer);
1093 vs->output.buffer = NULL;
1094 }
1095
1096 qobject_decref(vs->info);
1097
1098 #ifdef CONFIG_VNC_TLS
1099 vnc_tls_client_cleanup(vs);
1100 #endif /* CONFIG_VNC_TLS */
1101 #ifdef CONFIG_VNC_SASL
1102 vnc_sasl_client_cleanup(vs);
1103 #endif /* CONFIG_VNC_SASL */
1104 audio_del(vs);
1105
1106 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1107
1108 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1109 dcl->idle = 1;
1110 }
1111
1112 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1113 vnc_remove_timer(vs->vd);
1114 if (vs->vd->lock_key_sync)
1115 qemu_remove_led_event_handler(vs->led);
1116 qemu_free(vs);
1117 }
1118
1119 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1120 {
1121 if (ret == 0 || ret == -1) {
1122 if (ret == -1) {
1123 switch (last_errno) {
1124 case EINTR:
1125 case EAGAIN:
1126 #ifdef _WIN32
1127 case WSAEWOULDBLOCK:
1128 #endif
1129 return 0;
1130 default:
1131 break;
1132 }
1133 }
1134
1135 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1136 ret, ret < 0 ? last_errno : 0);
1137 vnc_disconnect_start(vs);
1138
1139 return 0;
1140 }
1141 return ret;
1142 }
1143
1144
1145 void vnc_client_error(VncState *vs)
1146 {
1147 VNC_DEBUG("Closing down client sock: protocol error\n");
1148 vnc_disconnect_start(vs);
1149 }
1150
1151
1152 /*
1153 * Called to write a chunk of data to the client socket. The data may
1154 * be the raw data, or may have already been encoded by SASL.
1155 * The data will be written either straight onto the socket, or
1156 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1157 *
1158 * NB, it is theoretically possible to have 2 layers of encryption,
1159 * both SASL, and this TLS layer. It is highly unlikely in practice
1160 * though, since SASL encryption will typically be a no-op if TLS
1161 * is active
1162 *
1163 * Returns the number of bytes written, which may be less than
1164 * the requested 'datalen' if the socket would block. Returns
1165 * -1 on error, and disconnects the client socket.
1166 */
1167 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1168 {
1169 long ret;
1170 #ifdef CONFIG_VNC_TLS
1171 if (vs->tls.session) {
1172 ret = gnutls_write(vs->tls.session, data, datalen);
1173 if (ret < 0) {
1174 if (ret == GNUTLS_E_AGAIN)
1175 errno = EAGAIN;
1176 else
1177 errno = EIO;
1178 ret = -1;
1179 }
1180 } else
1181 #endif /* CONFIG_VNC_TLS */
1182 ret = send(vs->csock, (const void *)data, datalen, 0);
1183 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1184 return vnc_client_io_error(vs, ret, socket_error());
1185 }
1186
1187
1188 /*
1189 * Called to write buffered data to the client socket, when not
1190 * using any SASL SSF encryption layers. Will write as much data
1191 * as possible without blocking. If all buffered data is written,
1192 * will switch the FD poll() handler back to read monitoring.
1193 *
1194 * Returns the number of bytes written, which may be less than
1195 * the buffered output data if the socket would block. Returns
1196 * -1 on error, and disconnects the client socket.
1197 */
1198 static long vnc_client_write_plain(VncState *vs)
1199 {
1200 long ret;
1201
1202 #ifdef CONFIG_VNC_SASL
1203 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1204 vs->output.buffer, vs->output.capacity, vs->output.offset,
1205 vs->sasl.waitWriteSSF);
1206
1207 if (vs->sasl.conn &&
1208 vs->sasl.runSSF &&
1209 vs->sasl.waitWriteSSF) {
1210 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1211 if (ret)
1212 vs->sasl.waitWriteSSF -= ret;
1213 } else
1214 #endif /* CONFIG_VNC_SASL */
1215 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1216 if (!ret)
1217 return 0;
1218
1219 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1220 vs->output.offset -= ret;
1221
1222 if (vs->output.offset == 0) {
1223 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1224 }
1225
1226 return ret;
1227 }
1228
1229
1230 /*
1231 * First function called whenever there is data to be written to
1232 * the client socket. Will delegate actual work according to whether
1233 * SASL SSF layers are enabled (thus requiring encryption calls)
1234 */
1235 void vnc_client_write(void *opaque)
1236 {
1237 VncState *vs = opaque;
1238
1239 #ifdef CONFIG_VNC_SASL
1240 if (vs->sasl.conn &&
1241 vs->sasl.runSSF &&
1242 !vs->sasl.waitWriteSSF) {
1243 vnc_client_write_sasl(vs);
1244 } else
1245 #endif /* CONFIG_VNC_SASL */
1246 vnc_client_write_plain(vs);
1247 }
1248
1249 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1250 {
1251 vs->read_handler = func;
1252 vs->read_handler_expect = expecting;
1253 }
1254
1255
1256 /*
1257 * Called to read a chunk of data from the client socket. The data may
1258 * be the raw data, or may need to be further decoded by SASL.
1259 * The data will be read either straight from to the socket, or
1260 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1261 *
1262 * NB, it is theoretically possible to have 2 layers of encryption,
1263 * both SASL, and this TLS layer. It is highly unlikely in practice
1264 * though, since SASL encryption will typically be a no-op if TLS
1265 * is active
1266 *
1267 * Returns the number of bytes read, which may be less than
1268 * the requested 'datalen' if the socket would block. Returns
1269 * -1 on error, and disconnects the client socket.
1270 */
1271 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1272 {
1273 long ret;
1274 #ifdef CONFIG_VNC_TLS
1275 if (vs->tls.session) {
1276 ret = gnutls_read(vs->tls.session, data, datalen);
1277 if (ret < 0) {
1278 if (ret == GNUTLS_E_AGAIN)
1279 errno = EAGAIN;
1280 else
1281 errno = EIO;
1282 ret = -1;
1283 }
1284 } else
1285 #endif /* CONFIG_VNC_TLS */
1286 ret = recv(vs->csock, (void *)data, datalen, 0);
1287 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1288 return vnc_client_io_error(vs, ret, socket_error());
1289 }
1290
1291
1292 /*
1293 * Called to read data from the client socket to the input buffer,
1294 * when not using any SASL SSF encryption layers. Will read as much
1295 * data as possible without blocking.
1296 *
1297 * Returns the number of bytes read. Returns -1 on error, and
1298 * disconnects the client socket.
1299 */
1300 static long vnc_client_read_plain(VncState *vs)
1301 {
1302 int ret;
1303 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1304 vs->input.buffer, vs->input.capacity, vs->input.offset);
1305 buffer_reserve(&vs->input, 4096);
1306 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1307 if (!ret)
1308 return 0;
1309 vs->input.offset += ret;
1310 return ret;
1311 }
1312
1313
1314 /*
1315 * First function called whenever there is more data to be read from
1316 * the client socket. Will delegate actual work according to whether
1317 * SASL SSF layers are enabled (thus requiring decryption calls)
1318 */
1319 void vnc_client_read(void *opaque)
1320 {
1321 VncState *vs = opaque;
1322 long ret;
1323
1324 #ifdef CONFIG_VNC_SASL
1325 if (vs->sasl.conn && vs->sasl.runSSF)
1326 ret = vnc_client_read_sasl(vs);
1327 else
1328 #endif /* CONFIG_VNC_SASL */
1329 ret = vnc_client_read_plain(vs);
1330 if (!ret) {
1331 if (vs->csock == -1)
1332 vnc_disconnect_finish(vs);
1333 return;
1334 }
1335
1336 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1337 size_t len = vs->read_handler_expect;
1338 int ret;
1339
1340 ret = vs->read_handler(vs, vs->input.buffer, len);
1341 if (vs->csock == -1) {
1342 vnc_disconnect_finish(vs);
1343 return;
1344 }
1345
1346 if (!ret) {
1347 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1348 vs->input.offset -= len;
1349 } else {
1350 vs->read_handler_expect = ret;
1351 }
1352 }
1353 }
1354
1355 void vnc_write(VncState *vs, const void *data, size_t len)
1356 {
1357 buffer_reserve(&vs->output, len);
1358
1359 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1360 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1361 }
1362
1363 buffer_append(&vs->output, data, len);
1364 }
1365
1366 void vnc_write_s32(VncState *vs, int32_t value)
1367 {
1368 vnc_write_u32(vs, *(uint32_t *)&value);
1369 }
1370
1371 void vnc_write_u32(VncState *vs, uint32_t value)
1372 {
1373 uint8_t buf[4];
1374
1375 buf[0] = (value >> 24) & 0xFF;
1376 buf[1] = (value >> 16) & 0xFF;
1377 buf[2] = (value >> 8) & 0xFF;
1378 buf[3] = value & 0xFF;
1379
1380 vnc_write(vs, buf, 4);
1381 }
1382
1383 void vnc_write_u16(VncState *vs, uint16_t value)
1384 {
1385 uint8_t buf[2];
1386
1387 buf[0] = (value >> 8) & 0xFF;
1388 buf[1] = value & 0xFF;
1389
1390 vnc_write(vs, buf, 2);
1391 }
1392
1393 void vnc_write_u8(VncState *vs, uint8_t value)
1394 {
1395 vnc_write(vs, (char *)&value, 1);
1396 }
1397
1398 void vnc_flush(VncState *vs)
1399 {
1400 if (vs->csock != -1 && vs->output.offset)
1401 vnc_client_write(vs);
1402 }
1403
1404 uint8_t read_u8(uint8_t *data, size_t offset)
1405 {
1406 return data[offset];
1407 }
1408
1409 uint16_t read_u16(uint8_t *data, size_t offset)
1410 {
1411 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1412 }
1413
1414 int32_t read_s32(uint8_t *data, size_t offset)
1415 {
1416 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1417 (data[offset + 2] << 8) | data[offset + 3]);
1418 }
1419
1420 uint32_t read_u32(uint8_t *data, size_t offset)
1421 {
1422 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1423 (data[offset + 2] << 8) | data[offset + 3]);
1424 }
1425
1426 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1427 {
1428 }
1429
1430 static void check_pointer_type_change(Notifier *notifier)
1431 {
1432 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1433 int absolute = kbd_mouse_is_absolute();
1434
1435 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1436 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1437 vnc_write_u8(vs, 0);
1438 vnc_write_u16(vs, 1);
1439 vnc_framebuffer_update(vs, absolute, 0,
1440 ds_get_width(vs->ds), ds_get_height(vs->ds),
1441 VNC_ENCODING_POINTER_TYPE_CHANGE);
1442 vnc_flush(vs);
1443 }
1444 vs->absolute = absolute;
1445 }
1446
1447 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1448 {
1449 int buttons = 0;
1450 int dz = 0;
1451
1452 if (button_mask & 0x01)
1453 buttons |= MOUSE_EVENT_LBUTTON;
1454 if (button_mask & 0x02)
1455 buttons |= MOUSE_EVENT_MBUTTON;
1456 if (button_mask & 0x04)
1457 buttons |= MOUSE_EVENT_RBUTTON;
1458 if (button_mask & 0x08)
1459 dz = -1;
1460 if (button_mask & 0x10)
1461 dz = 1;
1462
1463 if (vs->absolute) {
1464 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1465 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1466 ds_get_height(vs->ds) > 1 ?
1467 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1468 dz, buttons);
1469 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1470 x -= 0x7FFF;
1471 y -= 0x7FFF;
1472
1473 kbd_mouse_event(x, y, dz, buttons);
1474 } else {
1475 if (vs->last_x != -1)
1476 kbd_mouse_event(x - vs->last_x,
1477 y - vs->last_y,
1478 dz, buttons);
1479 vs->last_x = x;
1480 vs->last_y = y;
1481 }
1482 }
1483
1484 static void reset_keys(VncState *vs)
1485 {
1486 int i;
1487 for(i = 0; i < 256; i++) {
1488 if (vs->modifiers_state[i]) {
1489 if (i & SCANCODE_GREY)
1490 kbd_put_keycode(SCANCODE_EMUL0);
1491 kbd_put_keycode(i | SCANCODE_UP);
1492 vs->modifiers_state[i] = 0;
1493 }
1494 }
1495 }
1496
1497 static void press_key(VncState *vs, int keysym)
1498 {
1499 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1500 if (keycode & SCANCODE_GREY)
1501 kbd_put_keycode(SCANCODE_EMUL0);
1502 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1503 if (keycode & SCANCODE_GREY)
1504 kbd_put_keycode(SCANCODE_EMUL0);
1505 kbd_put_keycode(keycode | SCANCODE_UP);
1506 }
1507
1508 static void kbd_leds(void *opaque, int ledstate)
1509 {
1510 VncState *vs = opaque;
1511 int caps, num;
1512
1513 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1514 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1515
1516 if (vs->modifiers_state[0x3a] != caps) {
1517 vs->modifiers_state[0x3a] = caps;
1518 }
1519 if (vs->modifiers_state[0x45] != num) {
1520 vs->modifiers_state[0x45] = num;
1521 }
1522 }
1523
1524 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1525 {
1526 /* QEMU console switch */
1527 switch(keycode) {
1528 case 0x2a: /* Left Shift */
1529 case 0x36: /* Right Shift */
1530 case 0x1d: /* Left CTRL */
1531 case 0x9d: /* Right CTRL */
1532 case 0x38: /* Left ALT */
1533 case 0xb8: /* Right ALT */
1534 if (down)
1535 vs->modifiers_state[keycode] = 1;
1536 else
1537 vs->modifiers_state[keycode] = 0;
1538 break;
1539 case 0x02 ... 0x0a: /* '1' to '9' keys */
1540 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1541 /* Reset the modifiers sent to the current console */
1542 reset_keys(vs);
1543 console_select(keycode - 0x02);
1544 return;
1545 }
1546 break;
1547 case 0x3a: /* CapsLock */
1548 case 0x45: /* NumLock */
1549 if (down)
1550 vs->modifiers_state[keycode] ^= 1;
1551 break;
1552 }
1553
1554 if (vs->vd->lock_key_sync &&
1555 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1556 /* If the numlock state needs to change then simulate an additional
1557 keypress before sending this one. This will happen if the user
1558 toggles numlock away from the VNC window.
1559 */
1560 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1561 if (!vs->modifiers_state[0x45]) {
1562 vs->modifiers_state[0x45] = 1;
1563 press_key(vs, 0xff7f);
1564 }
1565 } else {
1566 if (vs->modifiers_state[0x45]) {
1567 vs->modifiers_state[0x45] = 0;
1568 press_key(vs, 0xff7f);
1569 }
1570 }
1571 }
1572
1573 if (vs->vd->lock_key_sync &&
1574 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1575 /* If the capslock state needs to change then simulate an additional
1576 keypress before sending this one. This will happen if the user
1577 toggles capslock away from the VNC window.
1578 */
1579 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1580 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1581 int capslock = !!(vs->modifiers_state[0x3a]);
1582 if (capslock) {
1583 if (uppercase == shift) {
1584 vs->modifiers_state[0x3a] = 0;
1585 press_key(vs, 0xffe5);
1586 }
1587 } else {
1588 if (uppercase != shift) {
1589 vs->modifiers_state[0x3a] = 1;
1590 press_key(vs, 0xffe5);
1591 }
1592 }
1593 }
1594
1595 if (is_graphic_console()) {
1596 if (keycode & SCANCODE_GREY)
1597 kbd_put_keycode(SCANCODE_EMUL0);
1598 if (down)
1599 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1600 else
1601 kbd_put_keycode(keycode | SCANCODE_UP);
1602 } else {
1603 /* QEMU console emulation */
1604 if (down) {
1605 int numlock = vs->modifiers_state[0x45];
1606 switch (keycode) {
1607 case 0x2a: /* Left Shift */
1608 case 0x36: /* Right Shift */
1609 case 0x1d: /* Left CTRL */
1610 case 0x9d: /* Right CTRL */
1611 case 0x38: /* Left ALT */
1612 case 0xb8: /* Right ALT */
1613 break;
1614 case 0xc8:
1615 kbd_put_keysym(QEMU_KEY_UP);
1616 break;
1617 case 0xd0:
1618 kbd_put_keysym(QEMU_KEY_DOWN);
1619 break;
1620 case 0xcb:
1621 kbd_put_keysym(QEMU_KEY_LEFT);
1622 break;
1623 case 0xcd:
1624 kbd_put_keysym(QEMU_KEY_RIGHT);
1625 break;
1626 case 0xd3:
1627 kbd_put_keysym(QEMU_KEY_DELETE);
1628 break;
1629 case 0xc7:
1630 kbd_put_keysym(QEMU_KEY_HOME);
1631 break;
1632 case 0xcf:
1633 kbd_put_keysym(QEMU_KEY_END);
1634 break;
1635 case 0xc9:
1636 kbd_put_keysym(QEMU_KEY_PAGEUP);
1637 break;
1638 case 0xd1:
1639 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1640 break;
1641
1642 case 0x47:
1643 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1644 break;
1645 case 0x48:
1646 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1647 break;
1648 case 0x49:
1649 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1650 break;
1651 case 0x4b:
1652 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1653 break;
1654 case 0x4c:
1655 kbd_put_keysym('5');
1656 break;
1657 case 0x4d:
1658 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1659 break;
1660 case 0x4f:
1661 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1662 break;
1663 case 0x50:
1664 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1665 break;
1666 case 0x51:
1667 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1668 break;
1669 case 0x52:
1670 kbd_put_keysym('0');
1671 break;
1672 case 0x53:
1673 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1674 break;
1675
1676 case 0xb5:
1677 kbd_put_keysym('/');
1678 break;
1679 case 0x37:
1680 kbd_put_keysym('*');
1681 break;
1682 case 0x4a:
1683 kbd_put_keysym('-');
1684 break;
1685 case 0x4e:
1686 kbd_put_keysym('+');
1687 break;
1688 case 0x9c:
1689 kbd_put_keysym('\n');
1690 break;
1691
1692 default:
1693 kbd_put_keysym(sym);
1694 break;
1695 }
1696 }
1697 }
1698 }
1699
1700 static void key_event(VncState *vs, int down, uint32_t sym)
1701 {
1702 int keycode;
1703 int lsym = sym;
1704
1705 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1706 lsym = lsym - 'A' + 'a';
1707 }
1708
1709 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1710 do_key_event(vs, down, keycode, sym);
1711 }
1712
1713 static void ext_key_event(VncState *vs, int down,
1714 uint32_t sym, uint16_t keycode)
1715 {
1716 /* if the user specifies a keyboard layout, always use it */
1717 if (keyboard_layout)
1718 key_event(vs, down, sym);
1719 else
1720 do_key_event(vs, down, keycode, sym);
1721 }
1722
1723 static void framebuffer_update_request(VncState *vs, int incremental,
1724 int x_position, int y_position,
1725 int w, int h)
1726 {
1727 if (y_position > ds_get_height(vs->ds))
1728 y_position = ds_get_height(vs->ds);
1729 if (y_position + h >= ds_get_height(vs->ds))
1730 h = ds_get_height(vs->ds) - y_position;
1731
1732 int i;
1733 vs->need_update = 1;
1734 if (!incremental) {
1735 vs->force_update = 1;
1736 for (i = 0; i < h; i++) {
1737 vnc_set_bits(vs->dirty[y_position + i],
1738 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1739 }
1740 }
1741 }
1742
1743 static void send_ext_key_event_ack(VncState *vs)
1744 {
1745 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1746 vnc_write_u8(vs, 0);
1747 vnc_write_u16(vs, 1);
1748 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1749 VNC_ENCODING_EXT_KEY_EVENT);
1750 vnc_flush(vs);
1751 }
1752
1753 static void send_ext_audio_ack(VncState *vs)
1754 {
1755 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1756 vnc_write_u8(vs, 0);
1757 vnc_write_u16(vs, 1);
1758 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1759 VNC_ENCODING_AUDIO);
1760 vnc_flush(vs);
1761 }
1762
1763 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1764 {
1765 int i;
1766 unsigned int enc = 0;
1767
1768 vnc_zlib_init(vs);
1769 vs->features = 0;
1770 vs->vnc_encoding = 0;
1771 vs->tight_compression = 9;
1772 vs->tight_quality = 9;
1773 vs->absolute = -1;
1774
1775 for (i = n_encodings - 1; i >= 0; i--) {
1776 enc = encodings[i];
1777 switch (enc) {
1778 case VNC_ENCODING_RAW:
1779 vs->vnc_encoding = enc;
1780 break;
1781 case VNC_ENCODING_COPYRECT:
1782 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1783 break;
1784 case VNC_ENCODING_HEXTILE:
1785 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1786 vs->vnc_encoding = enc;
1787 break;
1788 case VNC_ENCODING_ZLIB:
1789 vs->features |= VNC_FEATURE_ZLIB_MASK;
1790 vs->vnc_encoding = enc;
1791 break;
1792 case VNC_ENCODING_DESKTOPRESIZE:
1793 vs->features |= VNC_FEATURE_RESIZE_MASK;
1794 break;
1795 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1796 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1797 break;
1798 case VNC_ENCODING_EXT_KEY_EVENT:
1799 send_ext_key_event_ack(vs);
1800 break;
1801 case VNC_ENCODING_AUDIO:
1802 send_ext_audio_ack(vs);
1803 break;
1804 case VNC_ENCODING_WMVi:
1805 vs->features |= VNC_FEATURE_WMVI_MASK;
1806 break;
1807 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1808 vs->tight_compression = (enc & 0x0F);
1809 break;
1810 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1811 vs->tight_quality = (enc & 0x0F);
1812 break;
1813 default:
1814 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1815 break;
1816 }
1817 }
1818 }
1819
1820 static void set_pixel_conversion(VncState *vs)
1821 {
1822 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1823 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1824 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1825 vs->write_pixels = vnc_write_pixels_copy;
1826 switch (vs->ds->surface->pf.bits_per_pixel) {
1827 case 8:
1828 vs->send_hextile_tile = send_hextile_tile_8;
1829 break;
1830 case 16:
1831 vs->send_hextile_tile = send_hextile_tile_16;
1832 break;
1833 case 32:
1834 vs->send_hextile_tile = send_hextile_tile_32;
1835 break;
1836 }
1837 } else {
1838 vs->write_pixels = vnc_write_pixels_generic;
1839 switch (vs->ds->surface->pf.bits_per_pixel) {
1840 case 8:
1841 vs->send_hextile_tile = send_hextile_tile_generic_8;
1842 break;
1843 case 16:
1844 vs->send_hextile_tile = send_hextile_tile_generic_16;
1845 break;
1846 case 32:
1847 vs->send_hextile_tile = send_hextile_tile_generic_32;
1848 break;
1849 }
1850 }
1851 }
1852
1853 static void set_pixel_format(VncState *vs,
1854 int bits_per_pixel, int depth,
1855 int big_endian_flag, int true_color_flag,
1856 int red_max, int green_max, int blue_max,
1857 int red_shift, int green_shift, int blue_shift)
1858 {
1859 if (!true_color_flag) {
1860 vnc_client_error(vs);
1861 return;
1862 }
1863
1864 vs->clientds = *(vs->vd->guest.ds);
1865 vs->clientds.pf.rmax = red_max;
1866 count_bits(vs->clientds.pf.rbits, red_max);
1867 vs->clientds.pf.rshift = red_shift;
1868 vs->clientds.pf.rmask = red_max << red_shift;
1869 vs->clientds.pf.gmax = green_max;
1870 count_bits(vs->clientds.pf.gbits, green_max);
1871 vs->clientds.pf.gshift = green_shift;
1872 vs->clientds.pf.gmask = green_max << green_shift;
1873 vs->clientds.pf.bmax = blue_max;
1874 count_bits(vs->clientds.pf.bbits, blue_max);
1875 vs->clientds.pf.bshift = blue_shift;
1876 vs->clientds.pf.bmask = blue_max << blue_shift;
1877 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1878 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1879 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1880 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1881
1882 set_pixel_conversion(vs);
1883
1884 vga_hw_invalidate();
1885 vga_hw_update();
1886 }
1887
1888 static void pixel_format_message (VncState *vs) {
1889 char pad[3] = { 0, 0, 0 };
1890
1891 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1892 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1893
1894 #ifdef HOST_WORDS_BIGENDIAN
1895 vnc_write_u8(vs, 1); /* big-endian-flag */
1896 #else
1897 vnc_write_u8(vs, 0); /* big-endian-flag */
1898 #endif
1899 vnc_write_u8(vs, 1); /* true-color-flag */
1900 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1901 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1902 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1903 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1904 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1905 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1906 if (vs->ds->surface->pf.bits_per_pixel == 32)
1907 vs->send_hextile_tile = send_hextile_tile_32;
1908 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1909 vs->send_hextile_tile = send_hextile_tile_16;
1910 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1911 vs->send_hextile_tile = send_hextile_tile_8;
1912 vs->clientds = *(vs->ds->surface);
1913 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1914 vs->write_pixels = vnc_write_pixels_copy;
1915
1916 vnc_write(vs, pad, 3); /* padding */
1917 }
1918
1919 static void vnc_dpy_setdata(DisplayState *ds)
1920 {
1921 /* We don't have to do anything */
1922 }
1923
1924 static void vnc_colordepth(VncState *vs)
1925 {
1926 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1927 /* Sending a WMVi message to notify the client*/
1928 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1929 vnc_write_u8(vs, 0);
1930 vnc_write_u16(vs, 1); /* number of rects */
1931 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1932 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1933 pixel_format_message(vs);
1934 vnc_flush(vs);
1935 } else {
1936 set_pixel_conversion(vs);
1937 }
1938 }
1939
1940 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1941 {
1942 int i;
1943 uint16_t limit;
1944 VncDisplay *vd = vs->vd;
1945
1946 if (data[0] > 3) {
1947 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1948 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1949 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1950 }
1951
1952 switch (data[0]) {
1953 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1954 if (len == 1)
1955 return 20;
1956
1957 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1958 read_u8(data, 6), read_u8(data, 7),
1959 read_u16(data, 8), read_u16(data, 10),
1960 read_u16(data, 12), read_u8(data, 14),
1961 read_u8(data, 15), read_u8(data, 16));
1962 break;
1963 case VNC_MSG_CLIENT_SET_ENCODINGS:
1964 if (len == 1)
1965 return 4;
1966
1967 if (len == 4) {
1968 limit = read_u16(data, 2);
1969 if (limit > 0)
1970 return 4 + (limit * 4);
1971 } else
1972 limit = read_u16(data, 2);
1973
1974 for (i = 0; i < limit; i++) {
1975 int32_t val = read_s32(data, 4 + (i * 4));
1976 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1977 }
1978
1979 set_encodings(vs, (int32_t *)(data + 4), limit);
1980 break;
1981 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1982 if (len == 1)
1983 return 10;
1984
1985 framebuffer_update_request(vs,
1986 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1987 read_u16(data, 6), read_u16(data, 8));
1988 break;
1989 case VNC_MSG_CLIENT_KEY_EVENT:
1990 if (len == 1)
1991 return 8;
1992
1993 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1994 break;
1995 case VNC_MSG_CLIENT_POINTER_EVENT:
1996 if (len == 1)
1997 return 6;
1998
1999 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2000 break;
2001 case VNC_MSG_CLIENT_CUT_TEXT:
2002 if (len == 1)
2003 return 8;
2004
2005 if (len == 8) {
2006 uint32_t dlen = read_u32(data, 4);
2007 if (dlen > 0)
2008 return 8 + dlen;
2009 }
2010
2011 client_cut_text(vs, read_u32(data, 4), data + 8);
2012 break;
2013 case VNC_MSG_CLIENT_QEMU:
2014 if (len == 1)
2015 return 2;
2016
2017 switch (read_u8(data, 1)) {
2018 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2019 if (len == 2)
2020 return 12;
2021
2022 ext_key_event(vs, read_u16(data, 2),
2023 read_u32(data, 4), read_u32(data, 8));
2024 break;
2025 case VNC_MSG_CLIENT_QEMU_AUDIO:
2026 if (len == 2)
2027 return 4;
2028
2029 switch (read_u16 (data, 2)) {
2030 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2031 audio_add(vs);
2032 break;
2033 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2034 audio_del(vs);
2035 break;
2036 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2037 if (len == 4)
2038 return 10;
2039 switch (read_u8(data, 4)) {
2040 case 0: vs->as.fmt = AUD_FMT_U8; break;
2041 case 1: vs->as.fmt = AUD_FMT_S8; break;
2042 case 2: vs->as.fmt = AUD_FMT_U16; break;
2043 case 3: vs->as.fmt = AUD_FMT_S16; break;
2044 case 4: vs->as.fmt = AUD_FMT_U32; break;
2045 case 5: vs->as.fmt = AUD_FMT_S32; break;
2046 default:
2047 printf("Invalid audio format %d\n", read_u8(data, 4));
2048 vnc_client_error(vs);
2049 break;
2050 }
2051 vs->as.nchannels = read_u8(data, 5);
2052 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2053 printf("Invalid audio channel coount %d\n",
2054 read_u8(data, 5));
2055 vnc_client_error(vs);
2056 break;
2057 }
2058 vs->as.freq = read_u32(data, 6);
2059 break;
2060 default:
2061 printf ("Invalid audio message %d\n", read_u8(data, 4));
2062 vnc_client_error(vs);
2063 break;
2064 }
2065 break;
2066
2067 default:
2068 printf("Msg: %d\n", read_u16(data, 0));
2069 vnc_client_error(vs);
2070 break;
2071 }
2072 break;
2073 default:
2074 printf("Msg: %d\n", data[0]);
2075 vnc_client_error(vs);
2076 break;
2077 }
2078
2079 vnc_read_when(vs, protocol_client_msg, 1);
2080 return 0;
2081 }
2082
2083 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2084 {
2085 char buf[1024];
2086 int size;
2087
2088 vnc_write_u16(vs, ds_get_width(vs->ds));
2089 vnc_write_u16(vs, ds_get_height(vs->ds));
2090
2091 pixel_format_message(vs);
2092
2093 if (qemu_name)
2094 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2095 else
2096 size = snprintf(buf, sizeof(buf), "QEMU");
2097
2098 vnc_write_u32(vs, size);
2099 vnc_write(vs, buf, size);
2100 vnc_flush(vs);
2101
2102 vnc_client_cache_auth(vs);
2103 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2104
2105 vnc_read_when(vs, protocol_client_msg, 1);
2106
2107 return 0;
2108 }
2109
2110 void start_client_init(VncState *vs)
2111 {
2112 vnc_read_when(vs, protocol_client_init, 1);
2113 }
2114
2115 static void make_challenge(VncState *vs)
2116 {
2117 int i;
2118
2119 srand(time(NULL)+getpid()+getpid()*987654+rand());
2120
2121 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2122 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2123 }
2124
2125 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2126 {
2127 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2128 int i, j, pwlen;
2129 unsigned char key[8];
2130
2131 if (!vs->vd->password || !vs->vd->password[0]) {
2132 VNC_DEBUG("No password configured on server");
2133 vnc_write_u32(vs, 1); /* Reject auth */
2134 if (vs->minor >= 8) {
2135 static const char err[] = "Authentication failed";
2136 vnc_write_u32(vs, sizeof(err));
2137 vnc_write(vs, err, sizeof(err));
2138 }
2139 vnc_flush(vs);
2140 vnc_client_error(vs);
2141 return 0;
2142 }
2143
2144 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2145
2146 /* Calculate the expected challenge response */
2147 pwlen = strlen(vs->vd->password);
2148 for (i=0; i<sizeof(key); i++)
2149 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2150 deskey(key, EN0);
2151 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2152 des(response+j, response+j);
2153
2154 /* Compare expected vs actual challenge response */
2155 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2156 VNC_DEBUG("Client challenge reponse did not match\n");
2157 vnc_write_u32(vs, 1); /* Reject auth */
2158 if (vs->minor >= 8) {
2159 static const char err[] = "Authentication failed";
2160 vnc_write_u32(vs, sizeof(err));
2161 vnc_write(vs, err, sizeof(err));
2162 }
2163 vnc_flush(vs);
2164 vnc_client_error(vs);
2165 } else {
2166 VNC_DEBUG("Accepting VNC challenge response\n");
2167 vnc_write_u32(vs, 0); /* Accept auth */
2168 vnc_flush(vs);
2169
2170 start_client_init(vs);
2171 }
2172 return 0;
2173 }
2174
2175 void start_auth_vnc(VncState *vs)
2176 {
2177 make_challenge(vs);
2178 /* Send client a 'random' challenge */
2179 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2180 vnc_flush(vs);
2181
2182 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2183 }
2184
2185
2186 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2187 {
2188 /* We only advertise 1 auth scheme at a time, so client
2189 * must pick the one we sent. Verify this */
2190 if (data[0] != vs->vd->auth) { /* Reject auth */
2191 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2192 vnc_write_u32(vs, 1);
2193 if (vs->minor >= 8) {
2194 static const char err[] = "Authentication failed";
2195 vnc_write_u32(vs, sizeof(err));
2196 vnc_write(vs, err, sizeof(err));
2197 }
2198 vnc_client_error(vs);
2199 } else { /* Accept requested auth */
2200 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2201 switch (vs->vd->auth) {
2202 case VNC_AUTH_NONE:
2203 VNC_DEBUG("Accept auth none\n");
2204 if (vs->minor >= 8) {
2205 vnc_write_u32(vs, 0); /* Accept auth completion */
2206 vnc_flush(vs);
2207 }
2208 start_client_init(vs);
2209 break;
2210
2211 case VNC_AUTH_VNC:
2212 VNC_DEBUG("Start VNC auth\n");
2213 start_auth_vnc(vs);
2214 break;
2215
2216 #ifdef CONFIG_VNC_TLS
2217 case VNC_AUTH_VENCRYPT:
2218 VNC_DEBUG("Accept VeNCrypt auth\n");;
2219 start_auth_vencrypt(vs);
2220 break;
2221 #endif /* CONFIG_VNC_TLS */
2222
2223 #ifdef CONFIG_VNC_SASL
2224 case VNC_AUTH_SASL:
2225 VNC_DEBUG("Accept SASL auth\n");
2226 start_auth_sasl(vs);
2227 break;
2228 #endif /* CONFIG_VNC_SASL */
2229
2230 default: /* Should not be possible, but just in case */
2231 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2232 vnc_write_u8(vs, 1);
2233 if (vs->minor >= 8) {
2234 static const char err[] = "Authentication failed";
2235 vnc_write_u32(vs, sizeof(err));
2236 vnc_write(vs, err, sizeof(err));
2237 }
2238 vnc_client_error(vs);
2239 }
2240 }
2241 return 0;
2242 }
2243
2244 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2245 {
2246 char local[13];
2247
2248 memcpy(local, version, 12);
2249 local[12] = 0;
2250
2251 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2252 VNC_DEBUG("Malformed protocol version %s\n", local);
2253 vnc_client_error(vs);
2254 return 0;
2255 }
2256 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2257 if (vs->major != 3 ||
2258 (vs->minor != 3 &&
2259 vs->minor != 4 &&
2260 vs->minor != 5 &&
2261 vs->minor != 7 &&
2262 vs->minor != 8)) {
2263 VNC_DEBUG("Unsupported client version\n");
2264 vnc_write_u32(vs, VNC_AUTH_INVALID);
2265 vnc_flush(vs);
2266 vnc_client_error(vs);
2267 return 0;
2268 }
2269 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2270 * as equivalent to v3.3 by servers
2271 */
2272 if (vs->minor == 4 || vs->minor == 5)
2273 vs->minor = 3;
2274
2275 if (vs->minor == 3) {
2276 if (vs->vd->auth == VNC_AUTH_NONE) {
2277 VNC_DEBUG("Tell client auth none\n");
2278 vnc_write_u32(vs, vs->vd->auth);
2279 vnc_flush(vs);
2280 start_client_init(vs);
2281 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2282 VNC_DEBUG("Tell client VNC auth\n");
2283 vnc_write_u32(vs, vs->vd->auth);
2284 vnc_flush(vs);
2285 start_auth_vnc(vs);
2286 } else {
2287 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2288 vnc_write_u32(vs, VNC_AUTH_INVALID);
2289 vnc_flush(vs);
2290 vnc_client_error(vs);
2291 }
2292 } else {
2293 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2294 vnc_write_u8(vs, 1); /* num auth */
2295 vnc_write_u8(vs, vs->vd->auth);
2296 vnc_read_when(vs, protocol_client_auth, 1);
2297 vnc_flush(vs);
2298 }
2299
2300 return 0;
2301 }
2302
2303 static int vnc_refresh_server_surface(VncDisplay *vd)
2304 {
2305 int y;
2306 uint8_t *guest_row;
2307 uint8_t *server_row;
2308 int cmp_bytes;
2309 uint32_t width_mask[VNC_DIRTY_WORDS];
2310 VncState *vs;
2311 int has_dirty = 0;
2312
2313 /*
2314 * Walk through the guest dirty map.
2315 * Check and copy modified bits from guest to server surface.
2316 * Update server dirty map.
2317 */
2318 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2319 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2320 guest_row = vd->guest.ds->data;
2321 server_row = vd->server->data;
2322 for (y = 0; y < vd->guest.ds->height; y++) {
2323 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2324 int x;
2325 uint8_t *guest_ptr;
2326 uint8_t *server_ptr;
2327
2328 guest_ptr = guest_row;
2329 server_ptr = server_row;
2330
2331 for (x = 0; x < vd->guest.ds->width;
2332 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2333 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2334 continue;
2335 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2336 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2337 continue;
2338 memcpy(server_ptr, guest_ptr, cmp_bytes);
2339 QTAILQ_FOREACH(vs, &vd->clients, next) {
2340 vnc_set_bit(vs->dirty[y], (x / 16));
2341 }
2342 has_dirty++;
2343 }
2344 }
2345 guest_row += ds_get_linesize(vd->ds);
2346 server_row += ds_get_linesize(vd->ds);
2347 }
2348 return has_dirty;
2349 }
2350
2351 static void vnc_refresh(void *opaque)
2352 {
2353 VncDisplay *vd = opaque;
2354 VncState *vs, *vn;
2355 int has_dirty, rects = 0;
2356
2357 vga_hw_update();
2358
2359 has_dirty = vnc_refresh_server_surface(vd);
2360
2361 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2362 rects += vnc_update_client(vs, has_dirty);
2363 /* vs might be free()ed here */
2364 }
2365 /* vd->timer could be NULL now if the last client disconnected,
2366 * in this case don't update the timer */
2367 if (vd->timer == NULL)
2368 return;
2369
2370 if (has_dirty && rects) {
2371 vd->timer_interval /= 2;
2372 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2373 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2374 } else {
2375 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2376 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2377 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2378 }
2379 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2380 }
2381
2382 static void vnc_init_timer(VncDisplay *vd)
2383 {
2384 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2385 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2386 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2387 vnc_refresh(vd);
2388 }
2389 }
2390
2391 static void vnc_remove_timer(VncDisplay *vd)
2392 {
2393 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2394 qemu_del_timer(vd->timer);
2395 qemu_free_timer(vd->timer);
2396 vd->timer = NULL;
2397 }
2398 }
2399
2400 static void vnc_connect(VncDisplay *vd, int csock)
2401 {
2402 VncState *vs = qemu_mallocz(sizeof(VncState));
2403 vs->csock = csock;
2404
2405 VNC_DEBUG("New client on socket %d\n", csock);
2406 dcl->idle = 0;
2407 socket_set_nonblock(vs->csock);
2408 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2409
2410 vnc_client_cache_addr(vs);
2411 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2412
2413 vs->vd = vd;
2414 vs->ds = vd->ds;
2415 vs->last_x = -1;
2416 vs->last_y = -1;
2417
2418 vs->as.freq = 44100;
2419 vs->as.nchannels = 2;
2420 vs->as.fmt = AUD_FMT_S16;
2421 vs->as.endianness = 0;
2422
2423 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2424
2425 vga_hw_update();
2426
2427 vnc_write(vs, "RFB 003.008\n", 12);
2428 vnc_flush(vs);
2429 vnc_read_when(vs, protocol_version, 12);
2430 reset_keys(vs);
2431 if (vs->vd->lock_key_sync)
2432 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2433
2434 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2435 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2436
2437 vnc_init_timer(vd);
2438
2439 /* vs might be free()ed here */
2440 }
2441
2442 static void vnc_listen_read(void *opaque)
2443 {
2444 VncDisplay *vs = opaque;
2445 struct sockaddr_in addr;
2446 socklen_t addrlen = sizeof(addr);
2447
2448 /* Catch-up */
2449 vga_hw_update();
2450
2451 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2452 if (csock != -1) {
2453 vnc_connect(vs, csock);
2454 }
2455 }
2456
2457 void vnc_display_init(DisplayState *ds)
2458 {
2459 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2460
2461 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2462
2463 ds->opaque = vs;
2464 dcl->idle = 1;
2465 vnc_display = vs;
2466
2467 vs->lsock = -1;
2468
2469 vs->ds = ds;
2470 QTAILQ_INIT(&vs->clients);
2471
2472 if (keyboard_layout)
2473 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2474 else
2475 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2476
2477 if (!vs->kbd_layout)
2478 exit(1);
2479
2480 dcl->dpy_copy = vnc_dpy_copy;
2481 dcl->dpy_update = vnc_dpy_update;
2482 dcl->dpy_resize = vnc_dpy_resize;
2483 dcl->dpy_setdata = vnc_dpy_setdata;
2484 register_displaychangelistener(ds, dcl);
2485 }
2486
2487
2488 void vnc_display_close(DisplayState *ds)
2489 {
2490 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2491
2492 if (!vs)
2493 return;
2494 if (vs->display) {
2495 qemu_free(vs->display);
2496 vs->display = NULL;
2497 }
2498 if (vs->lsock != -1) {
2499 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2500 close(vs->lsock);
2501 vs->lsock = -1;
2502 }
2503 vs->auth = VNC_AUTH_INVALID;
2504 #ifdef CONFIG_VNC_TLS
2505 vs->subauth = VNC_AUTH_INVALID;
2506 vs->tls.x509verify = 0;
2507 #endif
2508 }
2509
2510 int vnc_display_password(DisplayState *ds, const char *password)
2511 {
2512 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2513
2514 if (!vs) {
2515 return -1;
2516 }
2517
2518 if (vs->password) {
2519 qemu_free(vs->password);
2520 vs->password = NULL;
2521 }
2522 if (password && password[0]) {
2523 if (!(vs->password = qemu_strdup(password)))
2524 return -1;
2525 if (vs->auth == VNC_AUTH_NONE) {
2526 vs->auth = VNC_AUTH_VNC;
2527 }
2528 } else {
2529 vs->auth = VNC_AUTH_NONE;
2530 }
2531
2532 return 0;
2533 }
2534
2535 char *vnc_display_local_addr(DisplayState *ds)
2536 {
2537 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2538
2539 return vnc_socket_local_addr("%s:%s", vs->lsock);
2540 }
2541
2542 int vnc_display_open(DisplayState *ds, const char *display)
2543 {
2544 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2545 const char *options;
2546 int password = 0;
2547 int reverse = 0;
2548 #ifdef CONFIG_VNC_TLS
2549 int tls = 0, x509 = 0;
2550 #endif
2551 #ifdef CONFIG_VNC_SASL
2552 int sasl = 0;
2553 int saslErr;
2554 #endif
2555 int acl = 0;
2556 int lock_key_sync = 1;
2557
2558 if (!vnc_display)
2559 return -1;
2560 vnc_display_close(ds);
2561 if (strcmp(display, "none") == 0)
2562 return 0;
2563
2564 if (!(vs->display = strdup(display)))
2565 return -1;
2566
2567 options = display;
2568 while ((options = strchr(options, ','))) {
2569 options++;
2570 if (strncmp(options, "password", 8) == 0) {
2571 password = 1; /* Require password auth */
2572 } else if (strncmp(options, "reverse", 7) == 0) {
2573 reverse = 1;
2574 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2575 lock_key_sync = 0;
2576 #ifdef CONFIG_VNC_SASL
2577 } else if (strncmp(options, "sasl", 4) == 0) {
2578 sasl = 1; /* Require SASL auth */
2579 #endif
2580 #ifdef CONFIG_VNC_TLS
2581 } else if (strncmp(options, "tls", 3) == 0) {
2582 tls = 1; /* Require TLS */
2583 } else if (strncmp(options, "x509", 4) == 0) {
2584 char *start, *end;
2585 x509 = 1; /* Require x509 certificates */
2586 if (strncmp(options, "x509verify", 10) == 0)
2587 vs->tls.x509verify = 1; /* ...and verify client certs */
2588
2589 /* Now check for 'x509=/some/path' postfix
2590 * and use that to setup x509 certificate/key paths */
2591 start = strchr(options, '=');
2592 end = strchr(options, ',');
2593 if (start && (!end || (start < end))) {
2594 int len = end ? end-(start+1) : strlen(start+1);
2595 char *path = qemu_strndup(start + 1, len);
2596
2597 VNC_DEBUG("Trying certificate path '%s'\n", path);
2598 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2599 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2600 qemu_free(path);
2601 qemu_free(vs->display);
2602 vs->display = NULL;
2603 return -1;
2604 }
2605 qemu_free(path);
2606 } else {
2607 fprintf(stderr, "No certificate path provided\n");
2608 qemu_free(vs->display);
2609 vs->display = NULL;
2610 return -1;
2611 }
2612 #endif
2613 } else if (strncmp(options, "acl", 3) == 0) {
2614 acl = 1;
2615 }
2616 }
2617
2618 #ifdef CONFIG_VNC_TLS
2619 if (acl && x509 && vs->tls.x509verify) {
2620 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2621 fprintf(stderr, "Failed to create x509 dname ACL\n");
2622 exit(1);
2623 }
2624 }
2625 #endif
2626 #ifdef CONFIG_VNC_SASL
2627 if (acl && sasl) {
2628 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2629 fprintf(stderr, "Failed to create username ACL\n");
2630 exit(1);
2631 }
2632 }
2633 #endif
2634
2635 /*
2636 * Combinations we support here:
2637 *
2638 * - no-auth (clear text, no auth)
2639 * - password (clear text, weak auth)
2640 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2641 * - tls (encrypt, weak anonymous creds, no auth)
2642 * - tls + password (encrypt, weak anonymous creds, weak auth)
2643 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2644 * - tls + x509 (encrypt, good x509 creds, no auth)
2645 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2646 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2647 *
2648 * NB1. TLS is a stackable auth scheme.
2649 * NB2. the x509 schemes have option to validate a client cert dname
2650 */
2651 if (password) {
2652 #ifdef CONFIG_VNC_TLS
2653 if (tls) {
2654 vs->auth = VNC_AUTH_VENCRYPT;
2655 if (x509) {
2656 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2657 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2658 } else {
2659 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2660 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2661 }
2662 } else {
2663 #endif /* CONFIG_VNC_TLS */
2664 VNC_DEBUG("Initializing VNC server with password auth\n");
2665 vs->auth = VNC_AUTH_VNC;
2666 #ifdef CONFIG_VNC_TLS
2667 vs->subauth = VNC_AUTH_INVALID;
2668 }
2669 #endif /* CONFIG_VNC_TLS */
2670 #ifdef CONFIG_VNC_SASL
2671 } else if (sasl) {
2672 #ifdef CONFIG_VNC_TLS
2673 if (tls) {
2674 vs->auth = VNC_AUTH_VENCRYPT;
2675 if (x509) {
2676 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2677 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2678 } else {
2679 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2680 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2681 }
2682 } else {
2683 #endif /* CONFIG_VNC_TLS */
2684 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2685 vs->auth = VNC_AUTH_SASL;
2686 #ifdef CONFIG_VNC_TLS
2687 vs->subauth = VNC_AUTH_INVALID;
2688 }
2689 #endif /* CONFIG_VNC_TLS */
2690 #endif /* CONFIG_VNC_SASL */
2691 } else {
2692 #ifdef CONFIG_VNC_TLS
2693 if (tls) {
2694 vs->auth = VNC_AUTH_VENCRYPT;
2695 if (x509) {
2696 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2697 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2698 } else {
2699 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2700 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2701 }
2702 } else {
2703 #endif
2704 VNC_DEBUG("Initializing VNC server with no auth\n");
2705 vs->auth = VNC_AUTH_NONE;
2706 #ifdef CONFIG_VNC_TLS
2707 vs->subauth = VNC_AUTH_INVALID;
2708 }
2709 #endif
2710 }
2711
2712 #ifdef CONFIG_VNC_SASL
2713 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2714 fprintf(stderr, "Failed to initialize SASL auth %s",
2715 sasl_errstring(saslErr, NULL, NULL));
2716 free(vs->display);
2717 vs->display = NULL;
2718 return -1;
2719 }
2720 #endif
2721 vs->lock_key_sync = lock_key_sync;
2722
2723 if (reverse) {
2724 /* connect to viewer */
2725 if (strncmp(display, "unix:", 5) == 0)
2726 vs->lsock = unix_connect(display+5);
2727 else
2728 vs->lsock = inet_connect(display, SOCK_STREAM);
2729 if (-1 == vs->lsock) {
2730 free(vs->display);
2731 vs->display = NULL;
2732 return -1;
2733 } else {
2734 int csock = vs->lsock;
2735 vs->lsock = -1;
2736 vnc_connect(vs, csock);
2737 }
2738 return 0;
2739
2740 } else {
2741 /* listen for connects */
2742 char *dpy;
2743 dpy = qemu_malloc(256);
2744 if (strncmp(display, "unix:", 5) == 0) {
2745 pstrcpy(dpy, 256, "unix:");
2746 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2747 } else {
2748 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2749 }
2750 if (-1 == vs->lsock) {
2751 free(dpy);
2752 return -1;
2753 } else {
2754 free(vs->display);
2755 vs->display = dpy;
2756 }
2757 }
2758 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2759 }
Stefan Hajnoczi's patches