]> git.proxmox.com Git - qemu.git/blame - vnc.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
virtio-9p: Add P9_TWALK support
[qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
19a490bf 6 * Copyright (C) 2009 Red Hat, Inc
5fafdf24 7 *
7d510b8c
FB		 8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
19a490bf 27#include "vnc.h"
87ecb68b 28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
76655d6d 31#include "acl.h"
d96fd29c 32#include "qemu-objects.h"
24236869 33
2430ffe4
SS		 34#define VNC_REFRESH_INTERVAL_BASE 30
35#define VNC_REFRESH_INTERVAL_INC 50
36#define VNC_REFRESH_INTERVAL_MAX 2000
24236869
FB		 37
38#include "vnc_keysym.h"
70848515
TS		 39#include "d3des.h"
40
90a1e3c0
AL		 41#define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46}
8d5d2d4c 47
24236869 48
753b4053 49static VncDisplay *vnc_display; /* needed for info vnc */
7d957bd8 50static DisplayChangeListener *dcl;
a9ce8590 51
1ff7df1a
AL		 52static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
457772e6 59 size_t addrlen;
1ff7df1a
AL		 60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
457772e6 70 /* Enough for the existing format + the 2 vars we're
f425c278 71 * substituting in. */
457772e6
AL		 72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
1ff7df1a
AL		 76
77 return addr;
78}
79
2f9606b3
AL		 80
81char *vnc_socket_local_addr(const char *format, int fd) {
1ff7df1a
AL		 82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90}
91
2f9606b3 92char *vnc_socket_remote_addr(const char *format, int fd) {
1ff7df1a
AL		 93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101}
102
d96fd29c
LC		 103static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105{
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
dc0d4efc 121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
d96fd29c
LC		 122
123 return 0;
124}
125
a7789382 126static int vnc_server_addr_put(QDict *qdict, int fd)
d96fd29c
LC		 127{
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137}
138
139static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140{
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150}
151
1ff7df1a
AL		 152static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171#ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
28a76be8
AL		 187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
1ff7df1a
AL		 191 default:
192 return "vencrypt";
193 }
194#else
195 return "vencrypt";
196#endif
2f9606b3 197 case VNC_AUTH_SASL:
28a76be8 198 return "sasl";
1ff7df1a
AL		 199 }
200 return "unknown";
201}
202
a7789382
LC		 203static int vnc_server_info_put(QDict *qdict)
204{
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211}
212
4a80dba3 213static void vnc_client_cache_auth(VncState *client)
1ff7df1a 214{
d96fd29c 215 QDict *qdict;
1ff7df1a 216
4a80dba3
LC		 217 if (!client->info) {
218 return;
d96fd29c 219 }
1263b7d6 220
4a80dba3
LC		 221 qdict = qobject_to_qdict(client->info);
222
1263b7d6
AL		 223#ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
d96fd29c
LC		 225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
1263b7d6
AL		 228#endif
229#ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
d96fd29c 231 client->sasl.username) {
76825067
LC		 232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
d96fd29c 234 }
1263b7d6 235#endif
4a80dba3 236}
d96fd29c 237
4a80dba3
LC		 238static void vnc_client_cache_addr(VncState *client)
239{
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
1ff7df1a
AL		 250}
251
586153d9
LC		 252static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253{
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274}
275
d96fd29c 276static void info_vnc_iter(QObject *obj, void *opaque)
a9ce8590 277{
d96fd29c
LC		 278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287#ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291#endif
292#ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
76825067
LC		 294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
d96fd29c
LC		 296#endif
297}
298
299void do_info_vnc_print(Monitor *mon, const QObject *data)
300{
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
8950a950 305 if (qdict_get_bool(server, "enabled") == 0) {
1ff7df1a 306 monitor_printf(mon, "Server: disabled\n");
d96fd29c
LC		 307 return;
308 }
1ff7df1a 309
d96fd29c
LC		 310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
a7789382 314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
d96fd29c
LC		 315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322}
1ff7df1a 323
d96fd29c
LC		 324/**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
8950a950 332 * - "enabled": true or false
d96fd29c 333 * - "host": server's IP address
5c7238c5 334 * - "family": address family ("ipv4" or "ipv6")
d96fd29c 335 * - "service": server's port number
a7789382 336 * - "auth": authentication method
d96fd29c
LC		 337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
5c7238c5 342 * - "family": address family ("ipv4" or "ipv6")
d96fd29c
LC		 343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
76825067 345 * - "sasl_username": SASL username (optional)
d96fd29c
LC		 346 *
347 * Example:
348 *
8950a950 349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
5c7238c5
LC		 350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
d96fd29c
LC		 352 */
353void do_info_vnc(Monitor *mon, QObject **ret_data)
354{
355 if (vnc_display == NULL || vnc_display->display == NULL) {
8950a950 356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
d96fd29c 357 } else {
d96fd29c 358 QList *clist;
41b4bef6 359 VncState *client;
1ff7df1a 360
d96fd29c 361 clist = qlist_new();
41b4bef6
AS		 362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
1ff7df1a 367 }
d96fd29c
LC		 368 }
369
8950a950 370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
d96fd29c
LC		 371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
a7789382 374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
d96fd29c
LC		 375 qobject_decref(*ret_data);
376 *ret_data = NULL;
1ff7df1a 377 }
a9ce8590
FB		 378 }
379}
380
29fa4ed9
AL		 381static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383}
384
24236869
FB		 385/* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390*/
391
2430ffe4 392static int vnc_update_client(VncState *vs, int has_dirty);
198a0039
GH		 393static void vnc_disconnect_start(VncState *vs);
394static void vnc_disconnect_finish(VncState *vs);
703bc68f
SS		 395static void vnc_init_timer(VncDisplay *vd);
396static void vnc_remove_timer(VncDisplay *vd);
24236869 397
753b4053 398static void vnc_colordepth(VncState *vs);
1fc62412
SS		 399static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402static void vnc_refresh(void *opaque);
403static int vnc_refresh_server_surface(VncDisplay *vd);
7eac3a87 404
99589bdc
FB		 405static inline void vnc_set_bit(uint32_t *d, int k)
406{
407 d[k >> 5] |= 1 << (k & 0x1f);
408}
409
410static inline void vnc_clear_bit(uint32_t *d, int k)
411{
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413}
414
415static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416{
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
5fafdf24 424 if (n > 0)
99589bdc
FB		 425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428}
429
430static inline int vnc_get_bit(const uint32_t *d, int k)
431{
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433}
434
5fafdf24 435static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 436 int nb_words)
437{
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444}
445
1fc62412 446static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
24236869 447{
24236869 448 int i;
1fc62412
SS		 449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
24236869
FB		 451
452 h += y;
453
0486e8a7
AZ		 454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
6baebed7
AL		 461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
788abf8e 465
24236869 466 for (; y < h; y++)
28a76be8 467 for (i = 0; i < w; i += 16)
6baebed7 468 vnc_set_bit(s->dirty[y], (x + i) / 16);
24236869
FB		 469}
470
70a4568f
CC		 471void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
472 int32_t encoding)
24236869
FB		 473{
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480}
481
2f9606b3 482void buffer_reserve(Buffer *buffer, size_t len)
89064286
AL		 483{
484 if ((buffer->capacity - buffer->offset) < len) {
28a76be8
AL		 485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
89064286
AL		 491 }
492}
493
2f9606b3 494int buffer_empty(Buffer *buffer)
89064286
AL		 495{
496 return buffer->offset == 0;
497}
498
2f9606b3 499uint8_t *buffer_end(Buffer *buffer)
89064286
AL		 500{
501 return buffer->buffer + buffer->offset;
502}
503
2f9606b3 504void buffer_reset(Buffer *buffer)
89064286 505{
28a76be8 506 buffer->offset = 0;
89064286
AL		 507}
508
2f9606b3 509void buffer_append(Buffer *buffer, const void *data, size_t len)
89064286
AL		 510{
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513}
514
1fc62412 515static void vnc_dpy_resize(DisplayState *ds)
24236869 516{
73e14b62 517 int size_changed;
1fc62412 518 VncDisplay *vd = ds->opaque;
41b4bef6 519 VncState *vs;
1fc62412
SS		 520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
24236869 529
6baebed7 530 /* guest surface */
1fc62412
SS		 531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
a528b80c 534 console_color_init(ds);
1fc62412
SS		 535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
24236869 539
41b4bef6 540 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412
SS		 541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
46a183da 544 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1fc62412
SS		 545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
753b4053
AL		 553 }
554}
555
3512779a
FB		 556/* fastest code */
557static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558{
559 vnc_write(vs, pixels, size);
560}
561
562/* slowest but generic code. */
70a4568f 563void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
3512779a 564{
7eac3a87 565 uint8_t r, g, b;
1fc62412
SS		 566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
6cec5487
AL		 574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
6cec5487 582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
6cec5487 592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605}
606
607static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608{
3512779a 609 uint8_t buf[4];
1fc62412 610 VncDisplay *vd = vs->vd;
3512779a 611
1fc62412 612 if (vd->server->pf.bytes_per_pixel == 4) {
7eac3a87
AL		 613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 619 }
1fc62412 620 } else if (vd->server->pf.bytes_per_pixel == 2) {
7eac3a87
AL		 621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 627 }
1fc62412 628 } else if (vd->server->pf.bytes_per_pixel == 1) {
7eac3a87
AL		 629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 638 }
639}
640
70a4568f 641void vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
24236869
FB		 642{
643 int i;
60fe76f3 644 uint8_t *row;
1fc62412 645 VncDisplay *vd = vs->vd;
24236869 646
1fc62412 647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 648 for (i = 0; i < h; i++) {
28a76be8
AL		 649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
24236869
FB		 651 }
652}
653
24236869
FB		 654static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
655{
fb437313 656 switch(vs->vnc_encoding) {
28a76be8 657 case VNC_ENCODING_ZLIB:
70a4568f 658 vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
28a76be8
AL		 659 break;
660 case VNC_ENCODING_HEXTILE:
661 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
70a4568f 662 vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
28a76be8
AL		 663 break;
664 default:
665 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
70a4568f 666 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
28a76be8 667 break;
fb437313 668 }
24236869
FB		 669}
670
753b4053 671static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
24236869 672{
3e28c9ad 673 /* send bitblit op to the vnc client */
46a183da 674 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
24236869
FB		 675 vnc_write_u8(vs, 0);
676 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9 677 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
24236869
FB		 678 vnc_write_u16(vs, src_x);
679 vnc_write_u16(vs, src_y);
680 vnc_flush(vs);
681}
682
753b4053
AL		 683static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
684{
685 VncDisplay *vd = ds->opaque;
198a0039 686 VncState *vs, *vn;
1fc62412
SS		 687 uint8_t *src_row;
688 uint8_t *dst_row;
689 int i,x,y,pitch,depth,inc,w_lim,s;
690 int cmp_bytes;
198a0039 691
1fc62412 692 vnc_refresh_server_surface(vd);
41b4bef6 693 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
198a0039
GH		 694 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
695 vs->force_update = 1;
1fc62412 696 vnc_update_client(vs, 1);
198a0039
GH		 697 /* vs might be free()ed here */
698 }
699 }
700
1fc62412
SS		 701 /* do bitblit op on the local surface too */
702 pitch = ds_get_linesize(vd->ds);
703 depth = ds_get_bytes_per_pixel(vd->ds);
704 src_row = vd->server->data + pitch * src_y + depth * src_x;
705 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
706 y = dst_y;
707 inc = 1;
708 if (dst_y > src_y) {
709 /* copy backwards */
710 src_row += pitch * (h-1);
711 dst_row += pitch * (h-1);
712 pitch = -pitch;
713 y = dst_y + h - 1;
714 inc = -1;
715 }
716 w_lim = w - (16 - (dst_x % 16));
717 if (w_lim < 0)
718 w_lim = w;
719 else
720 w_lim = w - (w_lim % 16);
721 for (i = 0; i < h; i++) {
722 for (x = 0; x <= w_lim;
723 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
724 if (x == w_lim) {
725 if ((s = w - w_lim) == 0)
726 break;
727 } else if (!x) {
728 s = (16 - (dst_x % 16));
729 s = MIN(s, w_lim);
730 } else {
731 s = 16;
732 }
733 cmp_bytes = s * depth;
734 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
735 continue;
736 memmove(dst_row, src_row, cmp_bytes);
41b4bef6
AS		 737 QTAILQ_FOREACH(vs, &vd->clients, next) {
738 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
1fc62412 739 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
41b4bef6 740 }
1fc62412
SS		 741 }
742 }
743 src_row += pitch - w * depth;
744 dst_row += pitch - w * depth;
745 y += inc;
746 }
747
41b4bef6
AS		 748 QTAILQ_FOREACH(vs, &vd->clients, next) {
749 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
753b4053 750 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
41b4bef6 751 }
753b4053
AL		 752 }
753}
754
1fc62412 755static int find_and_clear_dirty_height(struct VncState *vs,
6baebed7 756 int y, int last_x, int x)
24236869
FB		 757{
758 int h;
1fc62412 759 VncDisplay *vd = vs->vd;
24236869 760
1fc62412 761 for (h = 1; h < (vd->server->height - y); h++) {
28a76be8 762 int tmp_x;
1fc62412 763 if (!vnc_get_bit(vs->dirty[y + h], last_x))
28a76be8
AL		 764 break;
765 for (tmp_x = last_x; tmp_x < x; tmp_x++)
1fc62412 766 vnc_clear_bit(vs->dirty[y + h], tmp_x);
24236869
FB		 767 }
768
769 return h;
770}
771
2430ffe4 772static int vnc_update_client(VncState *vs, int has_dirty)
24236869 773{
24236869 774 if (vs->need_update && vs->csock != -1) {
1fc62412 775 VncDisplay *vd = vs->vd;
28a76be8 776 int y;
28a76be8
AL		 777 int n_rectangles;
778 int saved_offset;
24236869 779
703bc68f 780 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
c522d0e2 781 /* kernel send buffers are full -> drop frames to throttle */
2430ffe4 782 return 0;
a0ecfb73 783
703bc68f 784 if (!has_dirty && !vs->audio_cap && !vs->force_update)
2430ffe4 785 return 0;
28a76be8 786
6baebed7
AL		 787 /*
788 * Send screen updates to the vnc client using the server
789 * surface and server dirty map. guest surface updates
790 * happening in parallel don't disturb us, the next pass will
791 * send them to the client.
792 */
28a76be8 793 n_rectangles = 0;
46a183da 794 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
28a76be8
AL		 795 vnc_write_u8(vs, 0);
796 saved_offset = vs->output.offset;
797 vnc_write_u16(vs, 0);
798
1fc62412 799 for (y = 0; y < vd->server->height; y++) {
28a76be8
AL		 800 int x;
801 int last_x = -1;
1fc62412
SS		 802 for (x = 0; x < vd->server->width / 16; x++) {
803 if (vnc_get_bit(vs->dirty[y], x)) {
28a76be8
AL		 804 if (last_x == -1) {
805 last_x = x;
806 }
1fc62412 807 vnc_clear_bit(vs->dirty[y], x);
28a76be8
AL		 808 } else {
809 if (last_x != -1) {
1fc62412 810 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 811 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
812 n_rectangles++;
813 }
814 last_x = -1;
815 }
816 }
817 if (last_x != -1) {
1fc62412 818 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 819 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
820 n_rectangles++;
821 }
822 }
823 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
824 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
825 vnc_flush(vs);
c522d0e2 826 vs->force_update = 0;
2430ffe4 827 return n_rectangles;
24236869 828 }
24236869 829
703bc68f 830 if (vs->csock == -1)
198a0039 831 vnc_disconnect_finish(vs);
2430ffe4
SS		 832
833 return 0;
24236869
FB		 834}
835
429a8ed3 836/* audio */
837static void audio_capture_notify(void *opaque, audcnotification_e cmd)
838{
839 VncState *vs = opaque;
840
841 switch (cmd) {
842 case AUD_CNOTIFY_DISABLE:
46a183da
DB		 843 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
844 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
845 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
429a8ed3 846 vnc_flush(vs);
847 break;
848
849 case AUD_CNOTIFY_ENABLE:
46a183da
DB		 850 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
851 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
852 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
429a8ed3 853 vnc_flush(vs);
854 break;
855 }
856}
857
858static void audio_capture_destroy(void *opaque)
859{
860}
861
862static void audio_capture(void *opaque, void *buf, int size)
863{
864 VncState *vs = opaque;
865
46a183da
DB		 866 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
867 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
868 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
429a8ed3 869 vnc_write_u32(vs, size);
870 vnc_write(vs, buf, size);
871 vnc_flush(vs);
872}
873
874static void audio_add(VncState *vs)
875{
876 struct audio_capture_ops ops;
877
878 if (vs->audio_cap) {
8631b608 879 monitor_printf(default_mon, "audio already running\n");
429a8ed3 880 return;
881 }
882
883 ops.notify = audio_capture_notify;
884 ops.destroy = audio_capture_destroy;
885 ops.capture = audio_capture;
886
1a7dafce 887 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
429a8ed3 888 if (!vs->audio_cap) {
8631b608 889 monitor_printf(default_mon, "Failed to add audio capture\n");
429a8ed3 890 }
891}
892
893static void audio_del(VncState *vs)
894{
895 if (vs->audio_cap) {
896 AUD_del_capture(vs->audio_cap, vs);
897 vs->audio_cap = NULL;
898 }
899}
900
198a0039
GH		 901static void vnc_disconnect_start(VncState *vs)
902{
903 if (vs->csock == -1)
904 return;
905 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
906 closesocket(vs->csock);
907 vs->csock = -1;
908}
909
910static void vnc_disconnect_finish(VncState *vs)
911{
0d72f3d3
LC		 912 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
913
fa0cfdf2
SW		 914 if (vs->input.buffer) {
915 qemu_free(vs->input.buffer);
916 vs->input.buffer = NULL;
917 }
918 if (vs->output.buffer) {
919 qemu_free(vs->output.buffer);
920 vs->output.buffer = NULL;
921 }
4a80dba3
LC		 922
923 qobject_decref(vs->info);
924
198a0039
GH		 925#ifdef CONFIG_VNC_TLS
926 vnc_tls_client_cleanup(vs);
927#endif /* CONFIG_VNC_TLS */
928#ifdef CONFIG_VNC_SASL
929 vnc_sasl_client_cleanup(vs);
930#endif /* CONFIG_VNC_SASL */
931 audio_del(vs);
932
41b4bef6
AS		 933 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
934
935 if (QTAILQ_EMPTY(&vs->vd->clients)) {
198a0039 936 dcl->idle = 1;
41b4bef6 937 }
198a0039 938
37c34d9d 939 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
703bc68f 940 vnc_remove_timer(vs->vd);
3a0558b5
GH		 941 if (vs->vd->lock_key_sync)
942 qemu_remove_led_event_handler(vs->led);
5d95ac5b 943 qemu_free(vs);
198a0039 944}
2f9606b3
AL		 945
946int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 947{
948 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 949 if (ret == -1) {
950 switch (last_errno) {
951 case EINTR:
952 case EAGAIN:
953#ifdef _WIN32
954 case WSAEWOULDBLOCK:
955#endif
956 return 0;
957 default:
958 break;
959 }
960 }
24236869 961
198a0039
GH		 962 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
963 ret, ret < 0 ? last_errno : 0);
964 vnc_disconnect_start(vs);
6baebed7 965
28a76be8 966 return 0;
24236869
FB		 967 }
968 return ret;
969}
970
5fb6c7a8
AL		 971
972void vnc_client_error(VncState *vs)
24236869 973{
198a0039
GH		 974 VNC_DEBUG("Closing down client sock: protocol error\n");
975 vnc_disconnect_start(vs);
24236869
FB		 976}
977
2f9606b3
AL		 978
979/*
980 * Called to write a chunk of data to the client socket. The data may
981 * be the raw data, or may have already been encoded by SASL.
982 * The data will be written either straight onto the socket, or
983 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
984 *
985 * NB, it is theoretically possible to have 2 layers of encryption,
986 * both SASL, and this TLS layer. It is highly unlikely in practice
987 * though, since SASL encryption will typically be a no-op if TLS
988 * is active
989 *
990 * Returns the number of bytes written, which may be less than
991 * the requested 'datalen' if the socket would block. Returns
992 * -1 on error, and disconnects the client socket.
993 */
994long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
24236869 995{
ceb5caaf 996 long ret;
eb38c52c 997#ifdef CONFIG_VNC_TLS
5fb6c7a8 998 if (vs->tls.session) {
28a76be8
AL		 999 ret = gnutls_write(vs->tls.session, data, datalen);
1000 if (ret < 0) {
1001 if (ret == GNUTLS_E_AGAIN)
1002 errno = EAGAIN;
1003 else
1004 errno = EIO;
1005 ret = -1;
1006 }
8d5d2d4c
TS		 1007 } else
1008#endif /* CONFIG_VNC_TLS */
70503264 1009 ret = send(vs->csock, (const void *)data, datalen, 0);
23decc87 1010 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1011 return vnc_client_io_error(vs, ret, socket_error());
1012}
1013
1014
1015/*
1016 * Called to write buffered data to the client socket, when not
1017 * using any SASL SSF encryption layers. Will write as much data
1018 * as possible without blocking. If all buffered data is written,
1019 * will switch the FD poll() handler back to read monitoring.
1020 *
1021 * Returns the number of bytes written, which may be less than
1022 * the buffered output data if the socket would block. Returns
1023 * -1 on error, and disconnects the client socket.
1024 */
1025static long vnc_client_write_plain(VncState *vs)
1026{
1027 long ret;
1028
1029#ifdef CONFIG_VNC_SASL
23decc87 1030 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
2f9606b3
AL		 1031 vs->output.buffer, vs->output.capacity, vs->output.offset,
1032 vs->sasl.waitWriteSSF);
1033
1034 if (vs->sasl.conn &&
1035 vs->sasl.runSSF &&
1036 vs->sasl.waitWriteSSF) {
1037 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1038 if (ret)
1039 vs->sasl.waitWriteSSF -= ret;
1040 } else
1041#endif /* CONFIG_VNC_SASL */
1042 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
24236869 1043 if (!ret)
2f9606b3 1044 return 0;
24236869
FB		 1045
1046 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1047 vs->output.offset -= ret;
1048
1049 if (vs->output.offset == 0) {
28a76be8 1050 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
24236869 1051 }
2f9606b3
AL		 1052
1053 return ret;
1054}
1055
1056
1057/*
1058 * First function called whenever there is data to be written to
1059 * the client socket. Will delegate actual work according to whether
1060 * SASL SSF layers are enabled (thus requiring encryption calls)
1061 */
1062void vnc_client_write(void *opaque)
1063{
2f9606b3
AL		 1064 VncState *vs = opaque;
1065
1066#ifdef CONFIG_VNC_SASL
1067 if (vs->sasl.conn &&
1068 vs->sasl.runSSF &&
9678d950
BS		 1069 !vs->sasl.waitWriteSSF) {
1070 vnc_client_write_sasl(vs);
1071 } else
2f9606b3 1072#endif /* CONFIG_VNC_SASL */
9678d950 1073 vnc_client_write_plain(vs);
24236869
FB		 1074}
1075
5fb6c7a8 1076void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
24236869
FB		 1077{
1078 vs->read_handler = func;
1079 vs->read_handler_expect = expecting;
1080}
1081
2f9606b3
AL		 1082
1083/*
1084 * Called to read a chunk of data from the client socket. The data may
1085 * be the raw data, or may need to be further decoded by SASL.
1086 * The data will be read either straight from to the socket, or
1087 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1088 *
1089 * NB, it is theoretically possible to have 2 layers of encryption,
1090 * both SASL, and this TLS layer. It is highly unlikely in practice
1091 * though, since SASL encryption will typically be a no-op if TLS
1092 * is active
1093 *
1094 * Returns the number of bytes read, which may be less than
1095 * the requested 'datalen' if the socket would block. Returns
1096 * -1 on error, and disconnects the client socket.
1097 */
1098long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
24236869 1099{
ceb5caaf 1100 long ret;
eb38c52c 1101#ifdef CONFIG_VNC_TLS
5fb6c7a8 1102 if (vs->tls.session) {
28a76be8
AL		 1103 ret = gnutls_read(vs->tls.session, data, datalen);
1104 if (ret < 0) {
1105 if (ret == GNUTLS_E_AGAIN)
1106 errno = EAGAIN;
1107 else
1108 errno = EIO;
1109 ret = -1;
1110 }
8d5d2d4c
TS		 1111 } else
1112#endif /* CONFIG_VNC_TLS */
c5b76b38 1113 ret = recv(vs->csock, (void *)data, datalen, 0);
23decc87 1114 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1115 return vnc_client_io_error(vs, ret, socket_error());
1116}
24236869 1117
2f9606b3
AL		 1118
1119/*
1120 * Called to read data from the client socket to the input buffer,
1121 * when not using any SASL SSF encryption layers. Will read as much
1122 * data as possible without blocking.
1123 *
1124 * Returns the number of bytes read. Returns -1 on error, and
1125 * disconnects the client socket.
1126 */
1127static long vnc_client_read_plain(VncState *vs)
1128{
1129 int ret;
23decc87 1130 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
2f9606b3
AL		 1131 vs->input.buffer, vs->input.capacity, vs->input.offset);
1132 buffer_reserve(&vs->input, 4096);
1133 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1134 if (!ret)
1135 return 0;
24236869 1136 vs->input.offset += ret;
2f9606b3
AL		 1137 return ret;
1138}
1139
1140
1141/*
1142 * First function called whenever there is more data to be read from
1143 * the client socket. Will delegate actual work according to whether
1144 * SASL SSF layers are enabled (thus requiring decryption calls)
1145 */
1146void vnc_client_read(void *opaque)
1147{
1148 VncState *vs = opaque;
1149 long ret;
1150
1151#ifdef CONFIG_VNC_SASL
1152 if (vs->sasl.conn && vs->sasl.runSSF)
1153 ret = vnc_client_read_sasl(vs);
1154 else
1155#endif /* CONFIG_VNC_SASL */
1156 ret = vnc_client_read_plain(vs);
198a0039
GH		 1157 if (!ret) {
1158 if (vs->csock == -1)
1159 vnc_disconnect_finish(vs);
28a76be8 1160 return;
198a0039 1161 }
24236869
FB		 1162
1163 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
28a76be8
AL		 1164 size_t len = vs->read_handler_expect;
1165 int ret;
1166
1167 ret = vs->read_handler(vs, vs->input.buffer, len);
198a0039
GH		 1168 if (vs->csock == -1) {
1169 vnc_disconnect_finish(vs);
28a76be8 1170 return;
198a0039 1171 }
28a76be8
AL		 1172
1173 if (!ret) {
1174 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1175 vs->input.offset -= len;
1176 } else {
1177 vs->read_handler_expect = ret;
1178 }
24236869
FB		 1179 }
1180}
1181
5fb6c7a8 1182void vnc_write(VncState *vs, const void *data, size_t len)
24236869
FB		 1183{
1184 buffer_reserve(&vs->output, len);
1185
198a0039 1186 if (vs->csock != -1 && buffer_empty(&vs->output)) {
28a76be8 1187 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
24236869
FB		 1188 }
1189
1190 buffer_append(&vs->output, data, len);
1191}
1192
5fb6c7a8 1193void vnc_write_s32(VncState *vs, int32_t value)
24236869
FB		 1194{
1195 vnc_write_u32(vs, *(uint32_t *)&value);
1196}
1197
5fb6c7a8 1198void vnc_write_u32(VncState *vs, uint32_t value)
24236869
FB		 1199{
1200 uint8_t buf[4];
1201
1202 buf[0] = (value >> 24) & 0xFF;
1203 buf[1] = (value >> 16) & 0xFF;
1204 buf[2] = (value >> 8) & 0xFF;
1205 buf[3] = value & 0xFF;
1206
1207 vnc_write(vs, buf, 4);
1208}
1209
5fb6c7a8 1210void vnc_write_u16(VncState *vs, uint16_t value)
24236869 1211{
64f5a135 1212 uint8_t buf[2];
24236869
FB		 1213
1214 buf[0] = (value >> 8) & 0xFF;
1215 buf[1] = value & 0xFF;
1216
1217 vnc_write(vs, buf, 2);
1218}
1219
5fb6c7a8 1220void vnc_write_u8(VncState *vs, uint8_t value)
24236869
FB		 1221{
1222 vnc_write(vs, (char *)&value, 1);
1223}
1224
5fb6c7a8 1225void vnc_flush(VncState *vs)
24236869 1226{
198a0039 1227 if (vs->csock != -1 && vs->output.offset)
28a76be8 1228 vnc_client_write(vs);
24236869
FB		 1229}
1230
5fb6c7a8 1231uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 1232{
1233 return data[offset];
1234}
1235
5fb6c7a8 1236uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 1237{
1238 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1239}
1240
5fb6c7a8 1241int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 1242{
1243 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1244 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1245}
1246
5fb6c7a8 1247uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 1248{
1249 return ((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1250 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1251}
1252
60fe76f3 1253static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 1254{
1255}
1256
37c34d9d 1257static void check_pointer_type_change(Notifier *notifier)
564c337e 1258{
37c34d9d
AL		 1259 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1260 int absolute = kbd_mouse_is_absolute();
1261
29fa4ed9 1262 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
46a183da 1263 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
28a76be8
AL		 1264 vnc_write_u8(vs, 0);
1265 vnc_write_u16(vs, 1);
1266 vnc_framebuffer_update(vs, absolute, 0,
1267 ds_get_width(vs->ds), ds_get_height(vs->ds),
29fa4ed9 1268 VNC_ENCODING_POINTER_TYPE_CHANGE);
28a76be8 1269 vnc_flush(vs);
564c337e
FB		 1270 }
1271 vs->absolute = absolute;
1272}
1273
24236869
FB		 1274static void pointer_event(VncState *vs, int button_mask, int x, int y)
1275{
1276 int buttons = 0;
1277 int dz = 0;
1278
1279 if (button_mask & 0x01)
28a76be8 1280 buttons |= MOUSE_EVENT_LBUTTON;
24236869 1281 if (button_mask & 0x02)
28a76be8 1282 buttons |= MOUSE_EVENT_MBUTTON;
24236869 1283 if (button_mask & 0x04)
28a76be8 1284 buttons |= MOUSE_EVENT_RBUTTON;
24236869 1285 if (button_mask & 0x08)
28a76be8 1286 dz = -1;
24236869 1287 if (button_mask & 0x10)
28a76be8 1288 dz = 1;
564c337e
FB		 1289
1290 if (vs->absolute) {
cc39a92c
CW		 1291 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1292 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1293 ds_get_height(vs->ds) > 1 ?
1294 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
28a76be8 1295 dz, buttons);
29fa4ed9 1296 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
28a76be8
AL		 1297 x -= 0x7FFF;
1298 y -= 0x7FFF;
24236869 1299
28a76be8 1300 kbd_mouse_event(x, y, dz, buttons);
564c337e 1301 } else {
28a76be8
AL		 1302 if (vs->last_x != -1)
1303 kbd_mouse_event(x - vs->last_x,
1304 y - vs->last_y,
1305 dz, buttons);
1306 vs->last_x = x;
1307 vs->last_y = y;
24236869
FB		 1308 }
1309}
1310
64f5a135
FB		 1311static void reset_keys(VncState *vs)
1312{
1313 int i;
1314 for(i = 0; i < 256; i++) {
1315 if (vs->modifiers_state[i]) {
44bb61c8
ST		 1316 if (i & SCANCODE_GREY)
1317 kbd_put_keycode(SCANCODE_EMUL0);
1318 kbd_put_keycode(i | SCANCODE_UP);
64f5a135
FB		 1319 vs->modifiers_state[i] = 0;
1320 }
1321 }
1322}
1323
a528b80c
AZ		 1324static void press_key(VncState *vs, int keysym)
1325{
44bb61c8
ST		 1326 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1327 if (keycode & SCANCODE_GREY)
1328 kbd_put_keycode(SCANCODE_EMUL0);
1329 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1330 if (keycode & SCANCODE_GREY)
1331 kbd_put_keycode(SCANCODE_EMUL0);
1332 kbd_put_keycode(keycode | SCANCODE_UP);
a528b80c
AZ		 1333}
1334
7ffb82ca
GH		 1335static void kbd_leds(void *opaque, int ledstate)
1336{
1337 VncState *vs = opaque;
1338 int caps, num;
1339
1340 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1341 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1342
1343 if (vs->modifiers_state[0x3a] != caps) {
1344 vs->modifiers_state[0x3a] = caps;
1345 }
1346 if (vs->modifiers_state[0x45] != num) {
1347 vs->modifiers_state[0x45] = num;
1348 }
1349}
1350
9ca313aa 1351static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 1352{
64f5a135
FB		 1353 /* QEMU console switch */
1354 switch(keycode) {
1355 case 0x2a: /* Left Shift */
1356 case 0x36: /* Right Shift */
1357 case 0x1d: /* Left CTRL */
1358 case 0x9d: /* Right CTRL */
1359 case 0x38: /* Left ALT */
1360 case 0xb8: /* Right ALT */
1361 if (down)
1362 vs->modifiers_state[keycode] = 1;
1363 else
1364 vs->modifiers_state[keycode] = 0;
1365 break;
5fafdf24 1366 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1367 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1368 /* Reset the modifiers sent to the current console */
1369 reset_keys(vs);
1370 console_select(keycode - 0x02);
1371 return;
1372 }
1373 break;
28a76be8
AL		 1374 case 0x3a: /* CapsLock */
1375 case 0x45: /* NumLock */
7ffb82ca 1376 if (down)
a528b80c
AZ		 1377 vs->modifiers_state[keycode] ^= 1;
1378 break;
1379 }
1380
3a0558b5
GH		 1381 if (vs->vd->lock_key_sync &&
1382 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
a528b80c
AZ		 1383 /* If the numlock state needs to change then simulate an additional
1384 keypress before sending this one. This will happen if the user
1385 toggles numlock away from the VNC window.
1386 */
753b4053 1387 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
a528b80c
AZ		 1388 if (!vs->modifiers_state[0x45]) {
1389 vs->modifiers_state[0x45] = 1;
1390 press_key(vs, 0xff7f);
1391 }
1392 } else {
1393 if (vs->modifiers_state[0x45]) {
1394 vs->modifiers_state[0x45] = 0;
1395 press_key(vs, 0xff7f);
1396 }
1397 }
64f5a135 1398 }
24236869 1399
3a0558b5
GH		 1400 if (vs->vd->lock_key_sync &&
1401 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
6b132502
GH		 1402 /* If the capslock state needs to change then simulate an additional
1403 keypress before sending this one. This will happen if the user
1404 toggles capslock away from the VNC window.
1405 */
1406 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1407 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1408 int capslock = !!(vs->modifiers_state[0x3a]);
1409 if (capslock) {
1410 if (uppercase == shift) {
1411 vs->modifiers_state[0x3a] = 0;
1412 press_key(vs, 0xffe5);
1413 }
1414 } else {
1415 if (uppercase != shift) {
1416 vs->modifiers_state[0x3a] = 1;
1417 press_key(vs, 0xffe5);
1418 }
1419 }
1420 }
1421
64f5a135 1422 if (is_graphic_console()) {
44bb61c8
ST		 1423 if (keycode & SCANCODE_GREY)
1424 kbd_put_keycode(SCANCODE_EMUL0);
64f5a135 1425 if (down)
44bb61c8 1426 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
64f5a135 1427 else
44bb61c8 1428 kbd_put_keycode(keycode | SCANCODE_UP);
64f5a135
FB		 1429 } else {
1430 /* QEMU console emulation */
1431 if (down) {
bb0a18e1 1432 int numlock = vs->modifiers_state[0x45];
64f5a135
FB		 1433 switch (keycode) {
1434 case 0x2a: /* Left Shift */
1435 case 0x36: /* Right Shift */
1436 case 0x1d: /* Left CTRL */
1437 case 0x9d: /* Right CTRL */
1438 case 0x38: /* Left ALT */
1439 case 0xb8: /* Right ALT */
1440 break;
1441 case 0xc8:
1442 kbd_put_keysym(QEMU_KEY_UP);
1443 break;
1444 case 0xd0:
1445 kbd_put_keysym(QEMU_KEY_DOWN);
1446 break;
1447 case 0xcb:
1448 kbd_put_keysym(QEMU_KEY_LEFT);
1449 break;
1450 case 0xcd:
1451 kbd_put_keysym(QEMU_KEY_RIGHT);
1452 break;
1453 case 0xd3:
1454 kbd_put_keysym(QEMU_KEY_DELETE);
1455 break;
1456 case 0xc7:
1457 kbd_put_keysym(QEMU_KEY_HOME);
1458 break;
1459 case 0xcf:
1460 kbd_put_keysym(QEMU_KEY_END);
1461 break;
1462 case 0xc9:
1463 kbd_put_keysym(QEMU_KEY_PAGEUP);
1464 break;
1465 case 0xd1:
1466 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1467 break;
bb0a18e1
GH		 1468
1469 case 0x47:
1470 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1471 break;
1472 case 0x48:
1473 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1474 break;
1475 case 0x49:
1476 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1477 break;
1478 case 0x4b:
1479 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1480 break;
1481 case 0x4c:
1482 kbd_put_keysym('5');
1483 break;
1484 case 0x4d:
1485 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1486 break;
1487 case 0x4f:
1488 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1489 break;
1490 case 0x50:
1491 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1492 break;
1493 case 0x51:
1494 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1495 break;
1496 case 0x52:
1497 kbd_put_keysym('0');
1498 break;
1499 case 0x53:
1500 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1501 break;
1502
1503 case 0xb5:
1504 kbd_put_keysym('/');
1505 break;
1506 case 0x37:
1507 kbd_put_keysym('*');
1508 break;
1509 case 0x4a:
1510 kbd_put_keysym('-');
1511 break;
1512 case 0x4e:
1513 kbd_put_keysym('+');
1514 break;
1515 case 0x9c:
1516 kbd_put_keysym('\n');
1517 break;
1518
64f5a135
FB		 1519 default:
1520 kbd_put_keysym(sym);
1521 break;
1522 }
1523 }
1524 }
24236869
FB		 1525}
1526
bdbd7676
FB		 1527static void key_event(VncState *vs, int down, uint32_t sym)
1528{
9ca313aa 1529 int keycode;
4a93fe17 1530 int lsym = sym;
9ca313aa 1531
4a93fe17
GH		 1532 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1533 lsym = lsym - 'A' + 'a';
1534 }
9ca313aa 1535
44bb61c8 1536 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
9ca313aa
AL		 1537 do_key_event(vs, down, keycode, sym);
1538}
1539
1540static void ext_key_event(VncState *vs, int down,
1541 uint32_t sym, uint16_t keycode)
1542{
1543 /* if the user specifies a keyboard layout, always use it */
1544 if (keyboard_layout)
1545 key_event(vs, down, sym);
1546 else
1547 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1548}
1549
24236869 1550static void framebuffer_update_request(VncState *vs, int incremental,
28a76be8
AL		 1551 int x_position, int y_position,
1552 int w, int h)
24236869 1553{
0e1f5a0c
AL		 1554 if (y_position > ds_get_height(vs->ds))
1555 y_position = ds_get_height(vs->ds);
0e1f5a0c
AL		 1556 if (y_position + h >= ds_get_height(vs->ds))
1557 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1558
24236869
FB		 1559 int i;
1560 vs->need_update = 1;
1561 if (!incremental) {
24cf0a6e 1562 vs->force_update = 1;
28a76be8 1563 for (i = 0; i < h; i++) {
1fc62412 1564 vnc_set_bits(vs->dirty[y_position + i],
0e1f5a0c 1565 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
28a76be8 1566 }
24236869
FB		 1567 }
1568}
1569
9ca313aa
AL		 1570static void send_ext_key_event_ack(VncState *vs)
1571{
46a183da 1572 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
9ca313aa
AL		 1573 vnc_write_u8(vs, 0);
1574 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1575 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1576 VNC_ENCODING_EXT_KEY_EVENT);
9ca313aa
AL		 1577 vnc_flush(vs);
1578}
1579
429a8ed3 1580static void send_ext_audio_ack(VncState *vs)
1581{
46a183da 1582 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
429a8ed3 1583 vnc_write_u8(vs, 0);
1584 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1585 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1586 VNC_ENCODING_AUDIO);
429a8ed3 1587 vnc_flush(vs);
1588}
1589
24236869
FB		 1590static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1591{
1592 int i;
29fa4ed9 1593 unsigned int enc = 0;
24236869 1594
059cef40 1595 vnc_zlib_init(vs);
29fa4ed9 1596 vs->features = 0;
fb437313
AL		 1597 vs->vnc_encoding = 0;
1598 vs->tight_compression = 9;
1599 vs->tight_quality = 9;
564c337e 1600 vs->absolute = -1;
24236869
FB		 1601
1602 for (i = n_encodings - 1; i >= 0; i--) {
29fa4ed9
AL		 1603 enc = encodings[i];
1604 switch (enc) {
1605 case VNC_ENCODING_RAW:
fb437313 1606 vs->vnc_encoding = enc;
29fa4ed9
AL		 1607 break;
1608 case VNC_ENCODING_COPYRECT:
753b4053 1609 vs->features |= VNC_FEATURE_COPYRECT_MASK;
29fa4ed9
AL		 1610 break;
1611 case VNC_ENCODING_HEXTILE:
1612 vs->features |= VNC_FEATURE_HEXTILE_MASK;
fb437313 1613 vs->vnc_encoding = enc;
29fa4ed9 1614 break;
059cef40
AL		 1615 case VNC_ENCODING_ZLIB:
1616 vs->features |= VNC_FEATURE_ZLIB_MASK;
1617 vs->vnc_encoding = enc;
1618 break;
29fa4ed9
AL		 1619 case VNC_ENCODING_DESKTOPRESIZE:
1620 vs->features |= VNC_FEATURE_RESIZE_MASK;
1621 break;
1622 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1623 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1624 break;
1625 case VNC_ENCODING_EXT_KEY_EVENT:
9ca313aa
AL		 1626 send_ext_key_event_ack(vs);
1627 break;
29fa4ed9 1628 case VNC_ENCODING_AUDIO:
429a8ed3 1629 send_ext_audio_ack(vs);
1630 break;
29fa4ed9
AL		 1631 case VNC_ENCODING_WMVi:
1632 vs->features |= VNC_FEATURE_WMVI_MASK;
ca4cca4d 1633 break;
fb437313
AL		 1634 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1635 vs->tight_compression = (enc & 0x0F);
1636 break;
1637 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1638 vs->tight_quality = (enc & 0x0F);
1639 break;
29fa4ed9
AL		 1640 default:
1641 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1642 break;
1643 }
24236869
FB		 1644 }
1645}
1646
6cec5487
AL		 1647static void set_pixel_conversion(VncState *vs)
1648{
1649 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1650 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1651 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1652 vs->write_pixels = vnc_write_pixels_copy;
70a4568f 1653 vnc_hextile_set_pixel_conversion(vs, 0);
6cec5487
AL		 1654 } else {
1655 vs->write_pixels = vnc_write_pixels_generic;
70a4568f 1656 vnc_hextile_set_pixel_conversion(vs, 1);
6cec5487
AL		 1657 }
1658}
1659
24236869 1660static void set_pixel_format(VncState *vs,
28a76be8
AL		 1661 int bits_per_pixel, int depth,
1662 int big_endian_flag, int true_color_flag,
1663 int red_max, int green_max, int blue_max,
1664 int red_shift, int green_shift, int blue_shift)
24236869 1665{
3512779a 1666 if (!true_color_flag) {
28a76be8 1667 vnc_client_error(vs);
3512779a
FB		 1668 return;
1669 }
24236869 1670
1fc62412 1671 vs->clientds = *(vs->vd->guest.ds);
6cec5487 1672 vs->clientds.pf.rmax = red_max;
90a1e3c0 1673 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1674 vs->clientds.pf.rshift = red_shift;
1675 vs->clientds.pf.rmask = red_max << red_shift;
1676 vs->clientds.pf.gmax = green_max;
90a1e3c0 1677 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1678 vs->clientds.pf.gshift = green_shift;
1679 vs->clientds.pf.gmask = green_max << green_shift;
1680 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1681 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1682 vs->clientds.pf.bshift = blue_shift;
1683 vs->clientds.pf.bmask = blue_max << blue_shift;
1684 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1685 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1686 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1687 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1688
1689 set_pixel_conversion(vs);
24236869
FB		 1690
1691 vga_hw_invalidate();
1692 vga_hw_update();
1693}
1694
ca4cca4d
AL		 1695static void pixel_format_message (VncState *vs) {
1696 char pad[3] = { 0, 0, 0 };
1697
6cec5487
AL		 1698 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1699 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d 1700
e2542fe2 1701#ifdef HOST_WORDS_BIGENDIAN
ca4cca4d
AL		 1702 vnc_write_u8(vs, 1); /* big-endian-flag */
1703#else
1704 vnc_write_u8(vs, 0); /* big-endian-flag */
1705#endif
1706 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1707 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1708 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1709 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1710 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1711 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1712 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
70a4568f
CC		 1713
1714 vnc_hextile_set_pixel_conversion(vs, 0);
1715
6cec5487 1716 vs->clientds = *(vs->ds->surface);
3cded540 1717 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1718 vs->write_pixels = vnc_write_pixels_copy;
1719
1720 vnc_write(vs, pad, 3); /* padding */
1721}
1722
7d957bd8
AL		 1723static void vnc_dpy_setdata(DisplayState *ds)
1724{
1725 /* We don't have to do anything */
1726}
1727
753b4053 1728static void vnc_colordepth(VncState *vs)
7eac3a87 1729{
753b4053 1730 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
ca4cca4d 1731 /* Sending a WMVi message to notify the client*/
46a183da 1732 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
ca4cca4d
AL		 1733 vnc_write_u8(vs, 0);
1734 vnc_write_u16(vs, 1); /* number of rects */
753b4053
AL		 1735 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1736 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
ca4cca4d
AL		 1737 pixel_format_message(vs);
1738 vnc_flush(vs);
7eac3a87 1739 } else {
6cec5487 1740 set_pixel_conversion(vs);
7eac3a87
AL		 1741 }
1742}
1743
60fe76f3 1744static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1745{
1746 int i;
1747 uint16_t limit;
2430ffe4
SS		 1748 VncDisplay *vd = vs->vd;
1749
1750 if (data[0] > 3) {
1751 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1752 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1753 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1754 }
24236869
FB		 1755
1756 switch (data[0]) {
46a183da 1757 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
28a76be8
AL		 1758 if (len == 1)
1759 return 20;
1760
1761 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1762 read_u8(data, 6), read_u8(data, 7),
1763 read_u16(data, 8), read_u16(data, 10),
1764 read_u16(data, 12), read_u8(data, 14),
1765 read_u8(data, 15), read_u8(data, 16));
1766 break;
46a183da 1767 case VNC_MSG_CLIENT_SET_ENCODINGS:
28a76be8
AL		 1768 if (len == 1)
1769 return 4;
24236869 1770
28a76be8 1771 if (len == 4) {
69dd5c9f
AL		 1772 limit = read_u16(data, 2);
1773 if (limit > 0)
1774 return 4 + (limit * 4);
1775 } else
1776 limit = read_u16(data, 2);
24236869 1777
28a76be8
AL		 1778 for (i = 0; i < limit; i++) {
1779 int32_t val = read_s32(data, 4 + (i * 4));
1780 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1781 }
24236869 1782
28a76be8
AL		 1783 set_encodings(vs, (int32_t *)(data + 4), limit);
1784 break;
46a183da 1785 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
28a76be8
AL		 1786 if (len == 1)
1787 return 10;
24236869 1788
28a76be8
AL		 1789 framebuffer_update_request(vs,
1790 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1791 read_u16(data, 6), read_u16(data, 8));
1792 break;
46a183da 1793 case VNC_MSG_CLIENT_KEY_EVENT:
28a76be8
AL		 1794 if (len == 1)
1795 return 8;
24236869 1796
28a76be8
AL		 1797 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1798 break;
46a183da 1799 case VNC_MSG_CLIENT_POINTER_EVENT:
28a76be8
AL		 1800 if (len == 1)
1801 return 6;
24236869 1802
28a76be8
AL		 1803 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1804 break;
46a183da 1805 case VNC_MSG_CLIENT_CUT_TEXT:
28a76be8
AL		 1806 if (len == 1)
1807 return 8;
24236869 1808
28a76be8 1809 if (len == 8) {
baa7666c
TS		 1810 uint32_t dlen = read_u32(data, 4);
1811 if (dlen > 0)
1812 return 8 + dlen;
1813 }
24236869 1814
28a76be8
AL		 1815 client_cut_text(vs, read_u32(data, 4), data + 8);
1816 break;
46a183da 1817 case VNC_MSG_CLIENT_QEMU:
9ca313aa
AL		 1818 if (len == 1)
1819 return 2;
1820
1821 switch (read_u8(data, 1)) {
46a183da 1822 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
9ca313aa
AL		 1823 if (len == 2)
1824 return 12;
1825
1826 ext_key_event(vs, read_u16(data, 2),
1827 read_u32(data, 4), read_u32(data, 8));
1828 break;
46a183da 1829 case VNC_MSG_CLIENT_QEMU_AUDIO:
429a8ed3 1830 if (len == 2)
1831 return 4;
1832
1833 switch (read_u16 (data, 2)) {
46a183da 1834 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
429a8ed3 1835 audio_add(vs);
1836 break;
46a183da 1837 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
429a8ed3 1838 audio_del(vs);
1839 break;
46a183da 1840 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
429a8ed3 1841 if (len == 4)
1842 return 10;
1843 switch (read_u8(data, 4)) {
1844 case 0: vs->as.fmt = AUD_FMT_U8; break;
1845 case 1: vs->as.fmt = AUD_FMT_S8; break;
1846 case 2: vs->as.fmt = AUD_FMT_U16; break;
1847 case 3: vs->as.fmt = AUD_FMT_S16; break;
1848 case 4: vs->as.fmt = AUD_FMT_U32; break;
1849 case 5: vs->as.fmt = AUD_FMT_S32; break;
1850 default:
1851 printf("Invalid audio format %d\n", read_u8(data, 4));
1852 vnc_client_error(vs);
1853 break;
1854 }
1855 vs->as.nchannels = read_u8(data, 5);
1856 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1857 printf("Invalid audio channel coount %d\n",
1858 read_u8(data, 5));
1859 vnc_client_error(vs);
1860 break;
1861 }
1862 vs->as.freq = read_u32(data, 6);
1863 break;
1864 default:
1865 printf ("Invalid audio message %d\n", read_u8(data, 4));
1866 vnc_client_error(vs);
1867 break;
1868 }
1869 break;
1870
9ca313aa
AL		 1871 default:
1872 printf("Msg: %d\n", read_u16(data, 0));
1873 vnc_client_error(vs);
1874 break;
1875 }
1876 break;
24236869 1877 default:
28a76be8
AL		 1878 printf("Msg: %d\n", data[0]);
1879 vnc_client_error(vs);
1880 break;
24236869 1881 }
5fafdf24 1882
24236869
FB		 1883 vnc_read_when(vs, protocol_client_msg, 1);
1884 return 0;
1885}
1886
60fe76f3 1887static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 1888{
c35734b2
TS		 1889 char buf[1024];
1890 int size;
24236869 1891
0e1f5a0c
AL		 1892 vnc_write_u16(vs, ds_get_width(vs->ds));
1893 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 1894
ca4cca4d 1895 pixel_format_message(vs);
24236869 1896
c35734b2
TS		 1897 if (qemu_name)
1898 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1899 else
1900 size = snprintf(buf, sizeof(buf), "QEMU");
1901
1902 vnc_write_u32(vs, size);
1903 vnc_write(vs, buf, size);
24236869
FB		 1904 vnc_flush(vs);
1905
4a80dba3 1906 vnc_client_cache_auth(vs);
0d2ed46a 1907 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
4a80dba3 1908
24236869
FB		 1909 vnc_read_when(vs, protocol_client_msg, 1);
1910
1911 return 0;
1912}
1913
5fb6c7a8
AL		 1914void start_client_init(VncState *vs)
1915{
1916 vnc_read_when(vs, protocol_client_init, 1);
1917}
1918
70848515
TS		 1919static void make_challenge(VncState *vs)
1920{
1921 int i;
1922
1923 srand(time(NULL)+getpid()+getpid()*987654+rand());
1924
1925 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1926 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1927}
1928
60fe76f3 1929static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 1930{
60fe76f3 1931 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 1932 int i, j, pwlen;
60fe76f3 1933 unsigned char key[8];
70848515 1934
753b4053 1935 if (!vs->vd->password || !vs->vd->password[0]) {
28a76be8
AL		 1936 VNC_DEBUG("No password configured on server");
1937 vnc_write_u32(vs, 1); /* Reject auth */
1938 if (vs->minor >= 8) {
1939 static const char err[] = "Authentication failed";
1940 vnc_write_u32(vs, sizeof(err));
1941 vnc_write(vs, err, sizeof(err));
1942 }
1943 vnc_flush(vs);
1944 vnc_client_error(vs);
1945 return 0;
70848515
TS		 1946 }
1947
1948 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1949
1950 /* Calculate the expected challenge response */
753b4053 1951 pwlen = strlen(vs->vd->password);
70848515 1952 for (i=0; i<sizeof(key); i++)
753b4053 1953 key[i] = i<pwlen ? vs->vd->password[i] : 0;
70848515
TS		 1954 deskey(key, EN0);
1955 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1956 des(response+j, response+j);
1957
1958 /* Compare expected vs actual challenge response */
1959 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
28a76be8
AL		 1960 VNC_DEBUG("Client challenge reponse did not match\n");
1961 vnc_write_u32(vs, 1); /* Reject auth */
1962 if (vs->minor >= 8) {
1963 static const char err[] = "Authentication failed";
1964 vnc_write_u32(vs, sizeof(err));
1965 vnc_write(vs, err, sizeof(err));
1966 }
1967 vnc_flush(vs);
1968 vnc_client_error(vs);
70848515 1969 } else {
28a76be8
AL		 1970 VNC_DEBUG("Accepting VNC challenge response\n");
1971 vnc_write_u32(vs, 0); /* Accept auth */
1972 vnc_flush(vs);
70848515 1973
5fb6c7a8 1974 start_client_init(vs);
70848515
TS		 1975 }
1976 return 0;
1977}
1978
5fb6c7a8 1979void start_auth_vnc(VncState *vs)
70848515
TS		 1980{
1981 make_challenge(vs);
1982 /* Send client a 'random' challenge */
1983 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1984 vnc_flush(vs);
1985
1986 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
469b15c6
TS		 1987}
1988
1989
60fe76f3 1990static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 1991{
1992 /* We only advertise 1 auth scheme at a time, so client
1993 * must pick the one we sent. Verify this */
753b4053 1994 if (data[0] != vs->vd->auth) { /* Reject auth */
1263b7d6 1995 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
70848515
TS		 1996 vnc_write_u32(vs, 1);
1997 if (vs->minor >= 8) {
1998 static const char err[] = "Authentication failed";
1999 vnc_write_u32(vs, sizeof(err));
2000 vnc_write(vs, err, sizeof(err));
2001 }
2002 vnc_client_error(vs);
2003 } else { /* Accept requested auth */
2004 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
753b4053 2005 switch (vs->vd->auth) {
70848515
TS		 2006 case VNC_AUTH_NONE:
2007 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 2008 if (vs->minor >= 8) {
2009 vnc_write_u32(vs, 0); /* Accept auth completion */
2010 vnc_flush(vs);
2011 }
5fb6c7a8 2012 start_client_init(vs);
70848515
TS		 2013 break;
2014
2015 case VNC_AUTH_VNC:
2016 VNC_DEBUG("Start VNC auth\n");
5fb6c7a8
AL		 2017 start_auth_vnc(vs);
2018 break;
70848515 2019
eb38c52c 2020#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2021 case VNC_AUTH_VENCRYPT:
2022 VNC_DEBUG("Accept VeNCrypt auth\n");;
5fb6c7a8
AL		 2023 start_auth_vencrypt(vs);
2024 break;
8d5d2d4c
TS		 2025#endif /* CONFIG_VNC_TLS */
2026
2f9606b3
AL		 2027#ifdef CONFIG_VNC_SASL
2028 case VNC_AUTH_SASL:
2029 VNC_DEBUG("Accept SASL auth\n");
2030 start_auth_sasl(vs);
2031 break;
2032#endif /* CONFIG_VNC_SASL */
2033
70848515 2034 default: /* Should not be possible, but just in case */
1263b7d6 2035 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
70848515
TS		 2036 vnc_write_u8(vs, 1);
2037 if (vs->minor >= 8) {
2038 static const char err[] = "Authentication failed";
2039 vnc_write_u32(vs, sizeof(err));
2040 vnc_write(vs, err, sizeof(err));
2041 }
2042 vnc_client_error(vs);
2043 }
2044 }
2045 return 0;
2046}
2047
60fe76f3 2048static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 2049{
2050 char local[13];
24236869
FB		 2051
2052 memcpy(local, version, 12);
2053 local[12] = 0;
2054
70848515 2055 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
28a76be8
AL		 2056 VNC_DEBUG("Malformed protocol version %s\n", local);
2057 vnc_client_error(vs);
2058 return 0;
24236869 2059 }
70848515
TS		 2060 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2061 if (vs->major != 3 ||
28a76be8
AL		 2062 (vs->minor != 3 &&
2063 vs->minor != 4 &&
2064 vs->minor != 5 &&
2065 vs->minor != 7 &&
2066 vs->minor != 8)) {
2067 VNC_DEBUG("Unsupported client version\n");
2068 vnc_write_u32(vs, VNC_AUTH_INVALID);
2069 vnc_flush(vs);
2070 vnc_client_error(vs);
2071 return 0;
70848515 2072 }
b0566f4f 2073 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 2074 * as equivalent to v3.3 by servers
2075 */
b0566f4f 2076 if (vs->minor == 4 || vs->minor == 5)
28a76be8 2077 vs->minor = 3;
70848515
TS		 2078
2079 if (vs->minor == 3) {
28a76be8 2080 if (vs->vd->auth == VNC_AUTH_NONE) {
70848515 2081 VNC_DEBUG("Tell client auth none\n");
753b4053 2082 vnc_write_u32(vs, vs->vd->auth);
70848515 2083 vnc_flush(vs);
28a76be8 2084 start_client_init(vs);
753b4053 2085 } else if (vs->vd->auth == VNC_AUTH_VNC) {
70848515 2086 VNC_DEBUG("Tell client VNC auth\n");
753b4053 2087 vnc_write_u32(vs, vs->vd->auth);
70848515
TS		 2088 vnc_flush(vs);
2089 start_auth_vnc(vs);
2090 } else {
753b4053 2091 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
70848515
TS		 2092 vnc_write_u32(vs, VNC_AUTH_INVALID);
2093 vnc_flush(vs);
2094 vnc_client_error(vs);
2095 }
2096 } else {
28a76be8
AL		 2097 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2098 vnc_write_u8(vs, 1); /* num auth */
2099 vnc_write_u8(vs, vs->vd->auth);
2100 vnc_read_when(vs, protocol_client_auth, 1);
2101 vnc_flush(vs);
70848515 2102 }
24236869
FB		 2103
2104 return 0;
2105}
2106
1fc62412
SS		 2107static int vnc_refresh_server_surface(VncDisplay *vd)
2108{
2109 int y;
2110 uint8_t *guest_row;
2111 uint8_t *server_row;
2112 int cmp_bytes;
2113 uint32_t width_mask[VNC_DIRTY_WORDS];
41b4bef6 2114 VncState *vs;
1fc62412
SS		 2115 int has_dirty = 0;
2116
2117 /*
2118 * Walk through the guest dirty map.
2119 * Check and copy modified bits from guest to server surface.
2120 * Update server dirty map.
2121 */
2122 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2123 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2124 guest_row = vd->guest.ds->data;
2125 server_row = vd->server->data;
2126 for (y = 0; y < vd->guest.ds->height; y++) {
2127 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2128 int x;
2129 uint8_t *guest_ptr;
2130 uint8_t *server_ptr;
2131
2132 guest_ptr = guest_row;
2133 server_ptr = server_row;
2134
2135 for (x = 0; x < vd->guest.ds->width;
2136 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2137 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2138 continue;
2139 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2140 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2141 continue;
2142 memcpy(server_ptr, guest_ptr, cmp_bytes);
41b4bef6 2143 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412 2144 vnc_set_bit(vs->dirty[y], (x / 16));
1fc62412
SS		 2145 }
2146 has_dirty++;
2147 }
2148 }
2149 guest_row += ds_get_linesize(vd->ds);
2150 server_row += ds_get_linesize(vd->ds);
2151 }
2152 return has_dirty;
2153}
2154
703bc68f
SS		 2155static void vnc_refresh(void *opaque)
2156{
2157 VncDisplay *vd = opaque;
41b4bef6
AS		 2158 VncState *vs, *vn;
2159 int has_dirty, rects = 0;
703bc68f
SS		 2160
2161 vga_hw_update();
2162
1fc62412
SS		 2163 has_dirty = vnc_refresh_server_surface(vd);
2164
41b4bef6 2165 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2430ffe4 2166 rects += vnc_update_client(vs, has_dirty);
6185c578 2167 /* vs might be free()ed here */
703bc68f 2168 }
83755c17
SS		 2169 /* vd->timer could be NULL now if the last client disconnected,
2170 * in this case don't update the timer */
2171 if (vd->timer == NULL)
2172 return;
703bc68f 2173
2430ffe4
SS		 2174 if (has_dirty && rects) {
2175 vd->timer_interval /= 2;
2176 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2177 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2178 } else {
2179 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2180 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2181 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2182 }
2183 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
703bc68f
SS		 2184}
2185
2186static void vnc_init_timer(VncDisplay *vd)
2187{
2430ffe4 2188 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
41b4bef6 2189 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
703bc68f 2190 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
1fc62412 2191 vnc_refresh(vd);
703bc68f
SS		 2192 }
2193}
2194
2195static void vnc_remove_timer(VncDisplay *vd)
2196{
41b4bef6 2197 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
703bc68f
SS		 2198 qemu_del_timer(vd->timer);
2199 qemu_free_timer(vd->timer);
2200 vd->timer = NULL;
2201 }
2202}
2203
753b4053 2204static void vnc_connect(VncDisplay *vd, int csock)
3aa3eea3 2205{
753b4053
AL		 2206 VncState *vs = qemu_mallocz(sizeof(VncState));
2207 vs->csock = csock;
2208
2209 VNC_DEBUG("New client on socket %d\n", csock);
7d957bd8 2210 dcl->idle = 0;
3aa3eea3
AZ		 2211 socket_set_nonblock(vs->csock);
2212 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
753b4053 2213
4a80dba3 2214 vnc_client_cache_addr(vs);
586153d9 2215 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
4a80dba3 2216
753b4053
AL		 2217 vs->vd = vd;
2218 vs->ds = vd->ds;
753b4053
AL		 2219 vs->last_x = -1;
2220 vs->last_y = -1;
2221
2222 vs->as.freq = 44100;
2223 vs->as.nchannels = 2;
2224 vs->as.fmt = AUD_FMT_S16;
2225 vs->as.endianness = 0;
2226
41b4bef6 2227 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
1fc62412
SS		 2228
2229 vga_hw_update();
2230
3aa3eea3
AZ		 2231 vnc_write(vs, "RFB 003.008\n", 12);
2232 vnc_flush(vs);
2233 vnc_read_when(vs, protocol_version, 12);
53762ddb 2234 reset_keys(vs);
3a0558b5
GH		 2235 if (vs->vd->lock_key_sync)
2236 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
753b4053 2237
37c34d9d
AL		 2238 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2239 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2240
703bc68f 2241 vnc_init_timer(vd);
1fc62412 2242
198a0039 2243 /* vs might be free()ed here */
3aa3eea3
AZ		 2244}
2245
24236869
FB		 2246static void vnc_listen_read(void *opaque)
2247{
753b4053 2248 VncDisplay *vs = opaque;
24236869
FB		 2249 struct sockaddr_in addr;
2250 socklen_t addrlen = sizeof(addr);
2251
9f60ad50
AZ		 2252 /* Catch-up */
2253 vga_hw_update();
2254
40ff6d7e 2255 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
753b4053
AL		 2256 if (csock != -1) {
2257 vnc_connect(vs, csock);
24236869
FB		 2258 }
2259}
2260
71cab5ca 2261void vnc_display_init(DisplayState *ds)
24236869 2262{
afd32160 2263 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
24236869 2264
7d957bd8 2265 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
24236869
FB		 2266
2267 ds->opaque = vs;
7d957bd8 2268 dcl->idle = 1;
753b4053 2269 vnc_display = vs;
24236869
FB		 2270
2271 vs->lsock = -1;
24236869
FB		 2272
2273 vs->ds = ds;
41b4bef6 2274 QTAILQ_INIT(&vs->clients);
24236869 2275
9ca313aa 2276 if (keyboard_layout)
0483755a 2277 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
9ca313aa 2278 else
0483755a 2279 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
24236869 2280
24236869 2281 if (!vs->kbd_layout)
28a76be8 2282 exit(1);
24236869 2283
753b4053 2284 dcl->dpy_copy = vnc_dpy_copy;
7d957bd8
AL		 2285 dcl->dpy_update = vnc_dpy_update;
2286 dcl->dpy_resize = vnc_dpy_resize;
2287 dcl->dpy_setdata = vnc_dpy_setdata;
7d957bd8 2288 register_displaychangelistener(ds, dcl);
71cab5ca
TS		 2289}
2290
6f43024c 2291
71cab5ca
TS		 2292void vnc_display_close(DisplayState *ds)
2293{
753b4053 2294 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
71cab5ca 2295
452b4d88
AL		 2296 if (!vs)
2297 return;
71cab5ca 2298 if (vs->display) {
28a76be8
AL		 2299 qemu_free(vs->display);
2300 vs->display = NULL;
71cab5ca
TS		 2301 }
2302 if (vs->lsock != -1) {
28a76be8
AL		 2303 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2304 close(vs->lsock);
2305 vs->lsock = -1;
71cab5ca 2306 }
70848515 2307 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2308#ifdef CONFIG_VNC_TLS
8d5d2d4c 2309 vs->subauth = VNC_AUTH_INVALID;
5fb6c7a8 2310 vs->tls.x509verify = 0;
8d5d2d4c 2311#endif
70848515
TS		 2312}
2313
2314int vnc_display_password(DisplayState *ds, const char *password)
2315{
753b4053 2316 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515 2317
7ef92331
ZA		 2318 if (!vs) {
2319 return -1;
2320 }
2321
70848515 2322 if (vs->password) {
28a76be8
AL		 2323 qemu_free(vs->password);
2324 vs->password = NULL;
70848515
TS		 2325 }
2326 if (password && password[0]) {
28a76be8
AL		 2327 if (!(vs->password = qemu_strdup(password)))
2328 return -1;
52c18be9
ZA		 2329 if (vs->auth == VNC_AUTH_NONE) {
2330 vs->auth = VNC_AUTH_VNC;
2331 }
2332 } else {
2333 vs->auth = VNC_AUTH_NONE;
70848515
TS		 2334 }
2335
2336 return 0;
71cab5ca
TS		 2337}
2338
f92f8afe
AL		 2339char *vnc_display_local_addr(DisplayState *ds)
2340{
2341 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2342
2343 return vnc_socket_local_addr("%s:%s", vs->lsock);
2344}
2345
70848515 2346int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2347{
753b4053 2348 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515
TS		 2349 const char *options;
2350 int password = 0;
3aa3eea3 2351 int reverse = 0;
eb38c52c 2352#ifdef CONFIG_VNC_TLS
3a702699 2353 int tls = 0, x509 = 0;
8d5d2d4c 2354#endif
2f9606b3
AL		 2355#ifdef CONFIG_VNC_SASL
2356 int sasl = 0;
2357 int saslErr;
2358#endif
76655d6d 2359 int acl = 0;
3a0558b5 2360 int lock_key_sync = 1;
71cab5ca 2361
753b4053 2362 if (!vnc_display)
452b4d88 2363 return -1;
71cab5ca 2364 vnc_display_close(ds);
70848515 2365 if (strcmp(display, "none") == 0)
28a76be8 2366 return 0;
24236869 2367
70848515 2368 if (!(vs->display = strdup(display)))
28a76be8 2369 return -1;
70848515
TS		 2370
2371 options = display;
2372 while ((options = strchr(options, ','))) {
28a76be8
AL		 2373 options++;
2374 if (strncmp(options, "password", 8) == 0) {
2375 password = 1; /* Require password auth */
2376 } else if (strncmp(options, "reverse", 7) == 0) {
2377 reverse = 1;
3a0558b5
GH		 2378 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2379 lock_key_sync = 0;
2f9606b3 2380#ifdef CONFIG_VNC_SASL
28a76be8
AL		 2381 } else if (strncmp(options, "sasl", 4) == 0) {
2382 sasl = 1; /* Require SASL auth */
2f9606b3 2383#endif
eb38c52c 2384#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2385 } else if (strncmp(options, "tls", 3) == 0) {
2386 tls = 1; /* Require TLS */
2387 } else if (strncmp(options, "x509", 4) == 0) {
2388 char *start, *end;
2389 x509 = 1; /* Require x509 certificates */
2390 if (strncmp(options, "x509verify", 10) == 0)
2391 vs->tls.x509verify = 1; /* ...and verify client certs */
2392
2393 /* Now check for 'x509=/some/path' postfix
2394 * and use that to setup x509 certificate/key paths */
2395 start = strchr(options, '=');
2396 end = strchr(options, ',');
2397 if (start && (!end || (start < end))) {
2398 int len = end ? end-(start+1) : strlen(start+1);
2399 char *path = qemu_strndup(start + 1, len);
2400
2401 VNC_DEBUG("Trying certificate path '%s'\n", path);
2402 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2403 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2404 qemu_free(path);
2405 qemu_free(vs->display);
2406 vs->display = NULL;
2407 return -1;
2408 }
2409 qemu_free(path);
2410 } else {
2411 fprintf(stderr, "No certificate path provided\n");
2412 qemu_free(vs->display);
2413 vs->display = NULL;
2414 return -1;
2415 }
8d5d2d4c 2416#endif
28a76be8
AL		 2417 } else if (strncmp(options, "acl", 3) == 0) {
2418 acl = 1;
2419 }
70848515
TS		 2420 }
2421
76655d6d
AL		 2422#ifdef CONFIG_VNC_TLS
2423 if (acl && x509 && vs->tls.x509verify) {
28a76be8
AL		 2424 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2425 fprintf(stderr, "Failed to create x509 dname ACL\n");
2426 exit(1);
2427 }
76655d6d
AL		 2428 }
2429#endif
2430#ifdef CONFIG_VNC_SASL
2431 if (acl && sasl) {
28a76be8
AL		 2432 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2433 fprintf(stderr, "Failed to create username ACL\n");
2434 exit(1);
2435 }
76655d6d
AL		 2436 }
2437#endif
2438
2f9606b3
AL		 2439 /*
2440 * Combinations we support here:
2441 *
2442 * - no-auth (clear text, no auth)
2443 * - password (clear text, weak auth)
2444 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2445 * - tls (encrypt, weak anonymous creds, no auth)
2446 * - tls + password (encrypt, weak anonymous creds, weak auth)
2447 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2448 * - tls + x509 (encrypt, good x509 creds, no auth)
2449 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2450 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2451 *
2452 * NB1. TLS is a stackable auth scheme.
2453 * NB2. the x509 schemes have option to validate a client cert dname
2454 */
70848515 2455 if (password) {
eb38c52c 2456#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2457 if (tls) {
2458 vs->auth = VNC_AUTH_VENCRYPT;
2459 if (x509) {
2460 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2461 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2462 } else {
2463 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2464 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2465 }
2466 } else {
2f9606b3 2467#endif /* CONFIG_VNC_TLS */
28a76be8
AL		 2468 VNC_DEBUG("Initializing VNC server with password auth\n");
2469 vs->auth = VNC_AUTH_VNC;
eb38c52c 2470#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2471 vs->subauth = VNC_AUTH_INVALID;
2472 }
2f9606b3
AL		 2473#endif /* CONFIG_VNC_TLS */
2474#ifdef CONFIG_VNC_SASL
2475 } else if (sasl) {
2476#ifdef CONFIG_VNC_TLS
2477 if (tls) {
2478 vs->auth = VNC_AUTH_VENCRYPT;
2479 if (x509) {
28a76be8 2480 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2f9606b3
AL		 2481 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2482 } else {
28a76be8 2483 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2f9606b3
AL		 2484 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2485 }
2486 } else {
2487#endif /* CONFIG_VNC_TLS */
28a76be8 2488 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2f9606b3
AL		 2489 vs->auth = VNC_AUTH_SASL;
2490#ifdef CONFIG_VNC_TLS
2491 vs->subauth = VNC_AUTH_INVALID;
2492 }
2493#endif /* CONFIG_VNC_TLS */
2494#endif /* CONFIG_VNC_SASL */
70848515 2495 } else {
eb38c52c 2496#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2497 if (tls) {
2498 vs->auth = VNC_AUTH_VENCRYPT;
2499 if (x509) {
2500 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2501 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2502 } else {
2503 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2504 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2505 }
2506 } else {
8d5d2d4c 2507#endif
28a76be8
AL		 2508 VNC_DEBUG("Initializing VNC server with no auth\n");
2509 vs->auth = VNC_AUTH_NONE;
eb38c52c 2510#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2511 vs->subauth = VNC_AUTH_INVALID;
2512 }
8d5d2d4c 2513#endif
70848515 2514 }
24236869 2515
2f9606b3
AL		 2516#ifdef CONFIG_VNC_SASL
2517 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2518 fprintf(stderr, "Failed to initialize SASL auth %s",
2519 sasl_errstring(saslErr, NULL, NULL));
2520 free(vs->display);
2521 vs->display = NULL;
2522 return -1;
2523 }
2524#endif
3a0558b5 2525 vs->lock_key_sync = lock_key_sync;
2f9606b3 2526
3aa3eea3 2527 if (reverse) {
9712ecaf
AL		 2528 /* connect to viewer */
2529 if (strncmp(display, "unix:", 5) == 0)
2530 vs->lsock = unix_connect(display+5);
2531 else
2532 vs->lsock = inet_connect(display, SOCK_STREAM);
2533 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2534 free(vs->display);
2535 vs->display = NULL;
2536 return -1;
2537 } else {
753b4053 2538 int csock = vs->lsock;
3aa3eea3 2539 vs->lsock = -1;
753b4053 2540 vnc_connect(vs, csock);
3aa3eea3 2541 }
9712ecaf 2542 return 0;
24236869 2543
9712ecaf
AL		 2544 } else {
2545 /* listen for connects */
2546 char *dpy;
2547 dpy = qemu_malloc(256);
2548 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2549 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2550 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2551 } else {
2552 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2553 }
2554 if (-1 == vs->lsock) {
2555 free(dpy);
d0513623 2556 return -1;
9712ecaf
AL		 2557 } else {
2558 free(vs->display);
2559 vs->display = dpy;
2560 }
24236869 2561 }
753b4053 2562 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
24236869 2563}
Qemu copy for testing