]> git.proxmox.com Git - qemu.git/blame - vnc.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
eepro100: Replace variable name to fix a compiler warning
[qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
19a490bf 6 * Copyright (C) 2009 Red Hat, Inc
5fafdf24 7 *
7d510b8c
FB		 8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
19a490bf 27#include "vnc.h"
87ecb68b 28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
76655d6d 31#include "acl.h"
d96fd29c 32#include "qemu-objects.h"
24236869 33
2430ffe4
SS		 34#define VNC_REFRESH_INTERVAL_BASE 30
35#define VNC_REFRESH_INTERVAL_INC 50
36#define VNC_REFRESH_INTERVAL_MAX 2000
24236869
FB		 37
38#include "vnc_keysym.h"
70848515
TS		 39#include "d3des.h"
40
90a1e3c0
AL		 41#define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46}
8d5d2d4c 47
24236869 48
753b4053 49static VncDisplay *vnc_display; /* needed for info vnc */
7d957bd8 50static DisplayChangeListener *dcl;
a9ce8590 51
1ff7df1a
AL		 52static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
457772e6 59 size_t addrlen;
1ff7df1a
AL		 60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
457772e6 70 /* Enough for the existing format + the 2 vars we're
f425c278 71 * substituting in. */
457772e6
AL		 72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
1ff7df1a
AL		 76
77 return addr;
78}
79
2f9606b3
AL		 80
81char *vnc_socket_local_addr(const char *format, int fd) {
1ff7df1a
AL		 82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90}
91
2f9606b3 92char *vnc_socket_remote_addr(const char *format, int fd) {
1ff7df1a
AL		 93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101}
102
d96fd29c
LC		 103static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105{
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
dc0d4efc 121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
d96fd29c
LC		 122
123 return 0;
124}
125
a7789382 126static int vnc_server_addr_put(QDict *qdict, int fd)
d96fd29c
LC		 127{
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137}
138
139static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140{
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150}
151
1ff7df1a
AL		 152static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171#ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
28a76be8
AL		 187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
1ff7df1a
AL		 191 default:
192 return "vencrypt";
193 }
194#else
195 return "vencrypt";
196#endif
2f9606b3 197 case VNC_AUTH_SASL:
28a76be8 198 return "sasl";
1ff7df1a
AL		 199 }
200 return "unknown";
201}
202
a7789382
LC		 203static int vnc_server_info_put(QDict *qdict)
204{
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211}
212
4a80dba3 213static void vnc_client_cache_auth(VncState *client)
1ff7df1a 214{
d96fd29c 215 QDict *qdict;
1ff7df1a 216
4a80dba3
LC		 217 if (!client->info) {
218 return;
d96fd29c 219 }
1263b7d6 220
4a80dba3
LC		 221 qdict = qobject_to_qdict(client->info);
222
1263b7d6
AL		 223#ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
d96fd29c
LC		 225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
1263b7d6
AL		 228#endif
229#ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
d96fd29c 231 client->sasl.username) {
76825067
LC		 232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
d96fd29c 234 }
1263b7d6 235#endif
4a80dba3 236}
d96fd29c 237
4a80dba3
LC		 238static void vnc_client_cache_addr(VncState *client)
239{
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
1ff7df1a
AL		 250}
251
586153d9
LC		 252static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253{
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274}
275
d96fd29c 276static void info_vnc_iter(QObject *obj, void *opaque)
a9ce8590 277{
d96fd29c
LC		 278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287#ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291#endif
292#ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
76825067
LC		 294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
d96fd29c
LC		 296#endif
297}
298
299void do_info_vnc_print(Monitor *mon, const QObject *data)
300{
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
8950a950 305 if (qdict_get_bool(server, "enabled") == 0) {
1ff7df1a 306 monitor_printf(mon, "Server: disabled\n");
d96fd29c
LC		 307 return;
308 }
1ff7df1a 309
d96fd29c
LC		 310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
a7789382 314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
d96fd29c
LC		 315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322}
1ff7df1a 323
d96fd29c
LC		 324/**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
8950a950 332 * - "enabled": true or false
d96fd29c 333 * - "host": server's IP address
5c7238c5 334 * - "family": address family ("ipv4" or "ipv6")
d96fd29c 335 * - "service": server's port number
a7789382 336 * - "auth": authentication method
d96fd29c
LC		 337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
5c7238c5 342 * - "family": address family ("ipv4" or "ipv6")
d96fd29c
LC		 343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
76825067 345 * - "sasl_username": SASL username (optional)
d96fd29c
LC		 346 *
347 * Example:
348 *
8950a950 349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
5c7238c5
LC		 350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
d96fd29c
LC		 352 */
353void do_info_vnc(Monitor *mon, QObject **ret_data)
354{
355 if (vnc_display == NULL || vnc_display->display == NULL) {
8950a950 356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
d96fd29c 357 } else {
d96fd29c 358 QList *clist;
41b4bef6 359 VncState *client;
1ff7df1a 360
d96fd29c 361 clist = qlist_new();
41b4bef6
AS		 362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
1ff7df1a 367 }
d96fd29c
LC		 368 }
369
8950a950 370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
d96fd29c
LC		 371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
a7789382 374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
d96fd29c
LC		 375 qobject_decref(*ret_data);
376 *ret_data = NULL;
1ff7df1a 377 }
a9ce8590
FB		 378 }
379}
380
29fa4ed9
AL		 381static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383}
384
24236869
FB		 385/* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390*/
391
2430ffe4 392static int vnc_update_client(VncState *vs, int has_dirty);
198a0039
GH		 393static void vnc_disconnect_start(VncState *vs);
394static void vnc_disconnect_finish(VncState *vs);
703bc68f
SS		 395static void vnc_init_timer(VncDisplay *vd);
396static void vnc_remove_timer(VncDisplay *vd);
24236869 397
753b4053 398static void vnc_colordepth(VncState *vs);
1fc62412
SS		 399static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402static void vnc_refresh(void *opaque);
403static int vnc_refresh_server_surface(VncDisplay *vd);
7eac3a87 404
99589bdc
FB		 405static inline void vnc_set_bit(uint32_t *d, int k)
406{
407 d[k >> 5] |= 1 << (k & 0x1f);
408}
409
410static inline void vnc_clear_bit(uint32_t *d, int k)
411{
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413}
414
415static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416{
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
5fafdf24 424 if (n > 0)
99589bdc
FB		 425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428}
429
430static inline int vnc_get_bit(const uint32_t *d, int k)
431{
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433}
434
5fafdf24 435static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 436 int nb_words)
437{
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444}
445
1fc62412 446static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
24236869 447{
24236869 448 int i;
1fc62412
SS		 449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
24236869
FB		 451
452 h += y;
453
0486e8a7
AZ		 454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
6baebed7
AL		 461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
788abf8e 465
24236869 466 for (; y < h; y++)
28a76be8 467 for (i = 0; i < w; i += 16)
6baebed7 468 vnc_set_bit(s->dirty[y], (x + i) / 16);
24236869
FB		 469}
470
471static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
28a76be8 472 int32_t encoding)
24236869
FB		 473{
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480}
481
2f9606b3 482void buffer_reserve(Buffer *buffer, size_t len)
89064286
AL		 483{
484 if ((buffer->capacity - buffer->offset) < len) {
28a76be8
AL		 485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
89064286
AL		 491 }
492}
493
2f9606b3 494int buffer_empty(Buffer *buffer)
89064286
AL		 495{
496 return buffer->offset == 0;
497}
498
2f9606b3 499uint8_t *buffer_end(Buffer *buffer)
89064286
AL		 500{
501 return buffer->buffer + buffer->offset;
502}
503
2f9606b3 504void buffer_reset(Buffer *buffer)
89064286 505{
28a76be8 506 buffer->offset = 0;
89064286
AL		 507}
508
2f9606b3 509void buffer_append(Buffer *buffer, const void *data, size_t len)
89064286
AL		 510{
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513}
514
1fc62412 515static void vnc_dpy_resize(DisplayState *ds)
24236869 516{
73e14b62 517 int size_changed;
1fc62412 518 VncDisplay *vd = ds->opaque;
41b4bef6 519 VncState *vs;
1fc62412
SS		 520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
24236869 529
6baebed7 530 /* guest surface */
1fc62412
SS		 531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
a528b80c 534 console_color_init(ds);
1fc62412
SS		 535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
24236869 539
41b4bef6 540 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412
SS		 541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
544 vnc_write_u8(vs, 0); /* msg id */
545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
753b4053
AL		 553 }
554}
555
3512779a
FB		 556/* fastest code */
557static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558{
559 vnc_write(vs, pixels, size);
560}
561
562/* slowest but generic code. */
563static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
564{
7eac3a87 565 uint8_t r, g, b;
1fc62412
SS		 566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
6cec5487
AL		 574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
6cec5487 582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
6cec5487 592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605}
606
607static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608{
3512779a 609 uint8_t buf[4];
1fc62412 610 VncDisplay *vd = vs->vd;
3512779a 611
1fc62412 612 if (vd->server->pf.bytes_per_pixel == 4) {
7eac3a87
AL		 613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 619 }
1fc62412 620 } else if (vd->server->pf.bytes_per_pixel == 2) {
7eac3a87
AL		 621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 627 }
1fc62412 628 } else if (vd->server->pf.bytes_per_pixel == 1) {
7eac3a87
AL		 629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 638 }
639}
640
24236869
FB		 641static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
642{
643 int i;
60fe76f3 644 uint8_t *row;
1fc62412 645 VncDisplay *vd = vs->vd;
24236869 646
1fc62412 647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 648 for (i = 0; i < h; i++) {
28a76be8
AL		 649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
24236869
FB		 651 }
652}
653
654static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
655{
656 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
657 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
658}
659
660#define BPP 8
661#include "vnchextile.h"
662#undef BPP
663
664#define BPP 16
665#include "vnchextile.h"
666#undef BPP
667
668#define BPP 32
669#include "vnchextile.h"
670#undef BPP
671
7eac3a87
AL		 672#define GENERIC
673#define BPP 8
674#include "vnchextile.h"
675#undef BPP
676#undef GENERIC
677
678#define GENERIC
679#define BPP 16
680#include "vnchextile.h"
681#undef BPP
682#undef GENERIC
683
3512779a
FB		 684#define GENERIC
685#define BPP 32
686#include "vnchextile.h"
687#undef BPP
688#undef GENERIC
689
24236869
FB		 690static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
691{
692 int i, j;
693 int has_fg, has_bg;
7eac3a87 694 uint8_t *last_fg, *last_bg;
1fc62412 695 VncDisplay *vd = vs->vd;
24236869 696
1fc62412
SS		 697 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
698 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
24236869
FB		 699 has_fg = has_bg = 0;
700 for (j = y; j < (y + h); j += 16) {
28a76be8 701 for (i = x; i < (x + w); i += 16) {
5fafdf24 702 vs->send_hextile_tile(vs, i, j,
3512779a 703 MIN(16, x + w - i), MIN(16, y + h - j),
7eac3a87 704 last_bg, last_fg, &has_bg, &has_fg);
28a76be8 705 }
24236869 706 }
7eac3a87
AL		 707 free(last_fg);
708 free(last_bg);
709
24236869
FB		 710}
711
6c098407
SW		 712#define ZALLOC_ALIGNMENT 16
713
714static void *zalloc(void *x, unsigned items, unsigned size)
715{
716 void *p;
717
718 size *= items;
719 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
720
721 p = qemu_mallocz(size);
722
723 return (p);
724}
725
726static void zfree(void *x, void *addr)
727{
728 qemu_free(addr);
729}
730
059cef40
AL		 731static void vnc_zlib_init(VncState *vs)
732{
733 int i;
734 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
735 vs->zlib_stream[i].opaque = NULL;
736}
737
738static void vnc_zlib_start(VncState *vs)
739{
740 buffer_reset(&vs->zlib);
741
742 // make the output buffer be the zlib buffer, so we can compress it later
743 vs->zlib_tmp = vs->output;
744 vs->output = vs->zlib;
745}
746
747static int vnc_zlib_stop(VncState *vs, int stream_id)
748{
749 z_streamp zstream = &vs->zlib_stream[stream_id];
750 int previous_out;
751
752 // switch back to normal output/zlib buffers
753 vs->zlib = vs->output;
754 vs->output = vs->zlib_tmp;
755
756 // compress the zlib buffer
757
758 // initialize the stream
759 // XXX need one stream per session
760 if (zstream->opaque != vs) {
761 int err;
762
763 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
764 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
6c098407
SW		 765 zstream->zalloc = zalloc;
766 zstream->zfree = zfree;
059cef40
AL		 767
768 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
769 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
770
771 if (err != Z_OK) {
772 fprintf(stderr, "VNC: error initializing zlib\n");
773 return -1;
774 }
775
776 zstream->opaque = vs;
777 }
778
779 // XXX what to do if tight_compression changed in between?
780
781 // reserve memory in output buffer
782 buffer_reserve(&vs->output, vs->zlib.offset + 64);
783
784 // set pointers
785 zstream->next_in = vs->zlib.buffer;
786 zstream->avail_in = vs->zlib.offset;
787 zstream->next_out = vs->output.buffer + vs->output.offset;
788 zstream->avail_out = vs->output.capacity - vs->output.offset;
789 zstream->data_type = Z_BINARY;
790 previous_out = zstream->total_out;
791
792 // start encoding
793 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
794 fprintf(stderr, "VNC: error during zlib compression\n");
795 return -1;
796 }
797
798 vs->output.offset = vs->output.capacity - zstream->avail_out;
799 return zstream->total_out - previous_out;
800}
801
802static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
803{
804 int old_offset, new_offset, bytes_written;
805
806 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
807
808 // remember where we put in the follow-up size
809 old_offset = vs->output.offset;
810 vnc_write_s32(vs, 0);
811
812 // compress the stream
813 vnc_zlib_start(vs);
814 send_framebuffer_update_raw(vs, x, y, w, h);
815 bytes_written = vnc_zlib_stop(vs, 0);
816
817 if (bytes_written == -1)
818 return;
819
820 // hack in the size
821 new_offset = vs->output.offset;
822 vs->output.offset = old_offset;
823 vnc_write_u32(vs, bytes_written);
824 vs->output.offset = new_offset;
825}
826
24236869
FB		 827static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
828{
fb437313 829 switch(vs->vnc_encoding) {
28a76be8
AL		 830 case VNC_ENCODING_ZLIB:
831 send_framebuffer_update_zlib(vs, x, y, w, h);
832 break;
833 case VNC_ENCODING_HEXTILE:
834 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
835 send_framebuffer_update_hextile(vs, x, y, w, h);
836 break;
837 default:
838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
839 send_framebuffer_update_raw(vs, x, y, w, h);
840 break;
fb437313 841 }
24236869
FB		 842}
843
753b4053 844static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
24236869 845{
3e28c9ad 846 /* send bitblit op to the vnc client */
24236869
FB		 847 vnc_write_u8(vs, 0); /* msg id */
848 vnc_write_u8(vs, 0);
849 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9 850 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
24236869
FB		 851 vnc_write_u16(vs, src_x);
852 vnc_write_u16(vs, src_y);
853 vnc_flush(vs);
854}
855
753b4053
AL		 856static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
857{
858 VncDisplay *vd = ds->opaque;
198a0039 859 VncState *vs, *vn;
1fc62412
SS		 860 uint8_t *src_row;
861 uint8_t *dst_row;
862 int i,x,y,pitch,depth,inc,w_lim,s;
863 int cmp_bytes;
198a0039 864
1fc62412 865 vnc_refresh_server_surface(vd);
41b4bef6 866 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
198a0039
GH		 867 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
868 vs->force_update = 1;
1fc62412 869 vnc_update_client(vs, 1);
198a0039
GH		 870 /* vs might be free()ed here */
871 }
872 }
873
1fc62412
SS		 874 /* do bitblit op on the local surface too */
875 pitch = ds_get_linesize(vd->ds);
876 depth = ds_get_bytes_per_pixel(vd->ds);
877 src_row = vd->server->data + pitch * src_y + depth * src_x;
878 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
879 y = dst_y;
880 inc = 1;
881 if (dst_y > src_y) {
882 /* copy backwards */
883 src_row += pitch * (h-1);
884 dst_row += pitch * (h-1);
885 pitch = -pitch;
886 y = dst_y + h - 1;
887 inc = -1;
888 }
889 w_lim = w - (16 - (dst_x % 16));
890 if (w_lim < 0)
891 w_lim = w;
892 else
893 w_lim = w - (w_lim % 16);
894 for (i = 0; i < h; i++) {
895 for (x = 0; x <= w_lim;
896 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
897 if (x == w_lim) {
898 if ((s = w - w_lim) == 0)
899 break;
900 } else if (!x) {
901 s = (16 - (dst_x % 16));
902 s = MIN(s, w_lim);
903 } else {
904 s = 16;
905 }
906 cmp_bytes = s * depth;
907 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
908 continue;
909 memmove(dst_row, src_row, cmp_bytes);
41b4bef6
AS		 910 QTAILQ_FOREACH(vs, &vd->clients, next) {
911 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
1fc62412 912 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
41b4bef6 913 }
1fc62412
SS		 914 }
915 }
916 src_row += pitch - w * depth;
917 dst_row += pitch - w * depth;
918 y += inc;
919 }
920
41b4bef6
AS		 921 QTAILQ_FOREACH(vs, &vd->clients, next) {
922 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
753b4053 923 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
41b4bef6 924 }
753b4053
AL		 925 }
926}
927
1fc62412 928static int find_and_clear_dirty_height(struct VncState *vs,
6baebed7 929 int y, int last_x, int x)
24236869
FB		 930{
931 int h;
1fc62412 932 VncDisplay *vd = vs->vd;
24236869 933
1fc62412 934 for (h = 1; h < (vd->server->height - y); h++) {
28a76be8 935 int tmp_x;
1fc62412 936 if (!vnc_get_bit(vs->dirty[y + h], last_x))
28a76be8
AL		 937 break;
938 for (tmp_x = last_x; tmp_x < x; tmp_x++)
1fc62412 939 vnc_clear_bit(vs->dirty[y + h], tmp_x);
24236869
FB		 940 }
941
942 return h;
943}
944
2430ffe4 945static int vnc_update_client(VncState *vs, int has_dirty)
24236869 946{
24236869 947 if (vs->need_update && vs->csock != -1) {
1fc62412 948 VncDisplay *vd = vs->vd;
28a76be8 949 int y;
28a76be8
AL		 950 int n_rectangles;
951 int saved_offset;
24236869 952
703bc68f 953 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
c522d0e2 954 /* kernel send buffers are full -> drop frames to throttle */
2430ffe4 955 return 0;
a0ecfb73 956
703bc68f 957 if (!has_dirty && !vs->audio_cap && !vs->force_update)
2430ffe4 958 return 0;
28a76be8 959
6baebed7
AL		 960 /*
961 * Send screen updates to the vnc client using the server
962 * surface and server dirty map. guest surface updates
963 * happening in parallel don't disturb us, the next pass will
964 * send them to the client.
965 */
28a76be8
AL		 966 n_rectangles = 0;
967 vnc_write_u8(vs, 0); /* msg id */
968 vnc_write_u8(vs, 0);
969 saved_offset = vs->output.offset;
970 vnc_write_u16(vs, 0);
971
1fc62412 972 for (y = 0; y < vd->server->height; y++) {
28a76be8
AL		 973 int x;
974 int last_x = -1;
1fc62412
SS		 975 for (x = 0; x < vd->server->width / 16; x++) {
976 if (vnc_get_bit(vs->dirty[y], x)) {
28a76be8
AL		 977 if (last_x == -1) {
978 last_x = x;
979 }
1fc62412 980 vnc_clear_bit(vs->dirty[y], x);
28a76be8
AL		 981 } else {
982 if (last_x != -1) {
1fc62412 983 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 984 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
985 n_rectangles++;
986 }
987 last_x = -1;
988 }
989 }
990 if (last_x != -1) {
1fc62412 991 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 992 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
993 n_rectangles++;
994 }
995 }
996 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
997 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
998 vnc_flush(vs);
c522d0e2 999 vs->force_update = 0;
2430ffe4 1000 return n_rectangles;
24236869 1001 }
24236869 1002
703bc68f 1003 if (vs->csock == -1)
198a0039 1004 vnc_disconnect_finish(vs);
2430ffe4
SS		 1005
1006 return 0;
24236869
FB		 1007}
1008
429a8ed3 1009/* audio */
1010static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1011{
1012 VncState *vs = opaque;
1013
1014 switch (cmd) {
1015 case AUD_CNOTIFY_DISABLE:
1016 vnc_write_u8(vs, 255);
1017 vnc_write_u8(vs, 1);
1018 vnc_write_u16(vs, 0);
1019 vnc_flush(vs);
1020 break;
1021
1022 case AUD_CNOTIFY_ENABLE:
1023 vnc_write_u8(vs, 255);
1024 vnc_write_u8(vs, 1);
1025 vnc_write_u16(vs, 1);
1026 vnc_flush(vs);
1027 break;
1028 }
1029}
1030
1031static void audio_capture_destroy(void *opaque)
1032{
1033}
1034
1035static void audio_capture(void *opaque, void *buf, int size)
1036{
1037 VncState *vs = opaque;
1038
1039 vnc_write_u8(vs, 255);
1040 vnc_write_u8(vs, 1);
1041 vnc_write_u16(vs, 2);
1042 vnc_write_u32(vs, size);
1043 vnc_write(vs, buf, size);
1044 vnc_flush(vs);
1045}
1046
1047static void audio_add(VncState *vs)
1048{
376253ec 1049 Monitor *mon = cur_mon;
429a8ed3 1050 struct audio_capture_ops ops;
1051
1052 if (vs->audio_cap) {
376253ec 1053 monitor_printf(mon, "audio already running\n");
429a8ed3 1054 return;
1055 }
1056
1057 ops.notify = audio_capture_notify;
1058 ops.destroy = audio_capture_destroy;
1059 ops.capture = audio_capture;
1060
1a7dafce 1061 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
429a8ed3 1062 if (!vs->audio_cap) {
376253ec 1063 monitor_printf(mon, "Failed to add audio capture\n");
429a8ed3 1064 }
1065}
1066
1067static void audio_del(VncState *vs)
1068{
1069 if (vs->audio_cap) {
1070 AUD_del_capture(vs->audio_cap, vs);
1071 vs->audio_cap = NULL;
1072 }
1073}
1074
198a0039
GH		 1075static void vnc_disconnect_start(VncState *vs)
1076{
1077 if (vs->csock == -1)
1078 return;
1079 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1080 closesocket(vs->csock);
1081 vs->csock = -1;
1082}
1083
1084static void vnc_disconnect_finish(VncState *vs)
1085{
0d72f3d3
LC		 1086 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1087
fa0cfdf2
SW		 1088 if (vs->input.buffer) {
1089 qemu_free(vs->input.buffer);
1090 vs->input.buffer = NULL;
1091 }
1092 if (vs->output.buffer) {
1093 qemu_free(vs->output.buffer);
1094 vs->output.buffer = NULL;
1095 }
4a80dba3
LC		 1096
1097 qobject_decref(vs->info);
1098
198a0039
GH		 1099#ifdef CONFIG_VNC_TLS
1100 vnc_tls_client_cleanup(vs);
1101#endif /* CONFIG_VNC_TLS */
1102#ifdef CONFIG_VNC_SASL
1103 vnc_sasl_client_cleanup(vs);
1104#endif /* CONFIG_VNC_SASL */
1105 audio_del(vs);
1106
41b4bef6
AS		 1107 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1108
1109 if (QTAILQ_EMPTY(&vs->vd->clients)) {
198a0039 1110 dcl->idle = 1;
41b4bef6 1111 }
198a0039 1112
703bc68f 1113 vnc_remove_timer(vs->vd);
5d95ac5b 1114 qemu_free(vs);
198a0039 1115}
2f9606b3
AL		 1116
1117int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 1118{
1119 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 1120 if (ret == -1) {
1121 switch (last_errno) {
1122 case EINTR:
1123 case EAGAIN:
1124#ifdef _WIN32
1125 case WSAEWOULDBLOCK:
1126#endif
1127 return 0;
1128 default:
1129 break;
1130 }
1131 }
24236869 1132
198a0039
GH		 1133 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1134 ret, ret < 0 ? last_errno : 0);
1135 vnc_disconnect_start(vs);
6baebed7 1136
28a76be8 1137 return 0;
24236869
FB		 1138 }
1139 return ret;
1140}
1141
5fb6c7a8
AL		 1142
1143void vnc_client_error(VncState *vs)
24236869 1144{
198a0039
GH		 1145 VNC_DEBUG("Closing down client sock: protocol error\n");
1146 vnc_disconnect_start(vs);
24236869
FB		 1147}
1148
2f9606b3
AL		 1149
1150/*
1151 * Called to write a chunk of data to the client socket. The data may
1152 * be the raw data, or may have already been encoded by SASL.
1153 * The data will be written either straight onto the socket, or
1154 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1155 *
1156 * NB, it is theoretically possible to have 2 layers of encryption,
1157 * both SASL, and this TLS layer. It is highly unlikely in practice
1158 * though, since SASL encryption will typically be a no-op if TLS
1159 * is active
1160 *
1161 * Returns the number of bytes written, which may be less than
1162 * the requested 'datalen' if the socket would block. Returns
1163 * -1 on error, and disconnects the client socket.
1164 */
1165long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
24236869 1166{
ceb5caaf 1167 long ret;
eb38c52c 1168#ifdef CONFIG_VNC_TLS
5fb6c7a8 1169 if (vs->tls.session) {
28a76be8
AL		 1170 ret = gnutls_write(vs->tls.session, data, datalen);
1171 if (ret < 0) {
1172 if (ret == GNUTLS_E_AGAIN)
1173 errno = EAGAIN;
1174 else
1175 errno = EIO;
1176 ret = -1;
1177 }
8d5d2d4c
TS		 1178 } else
1179#endif /* CONFIG_VNC_TLS */
70503264 1180 ret = send(vs->csock, (const void *)data, datalen, 0);
23decc87 1181 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1182 return vnc_client_io_error(vs, ret, socket_error());
1183}
1184
1185
1186/*
1187 * Called to write buffered data to the client socket, when not
1188 * using any SASL SSF encryption layers. Will write as much data
1189 * as possible without blocking. If all buffered data is written,
1190 * will switch the FD poll() handler back to read monitoring.
1191 *
1192 * Returns the number of bytes written, which may be less than
1193 * the buffered output data if the socket would block. Returns
1194 * -1 on error, and disconnects the client socket.
1195 */
1196static long vnc_client_write_plain(VncState *vs)
1197{
1198 long ret;
1199
1200#ifdef CONFIG_VNC_SASL
23decc87 1201 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
2f9606b3
AL		 1202 vs->output.buffer, vs->output.capacity, vs->output.offset,
1203 vs->sasl.waitWriteSSF);
1204
1205 if (vs->sasl.conn &&
1206 vs->sasl.runSSF &&
1207 vs->sasl.waitWriteSSF) {
1208 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1209 if (ret)
1210 vs->sasl.waitWriteSSF -= ret;
1211 } else
1212#endif /* CONFIG_VNC_SASL */
1213 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
24236869 1214 if (!ret)
2f9606b3 1215 return 0;
24236869
FB		 1216
1217 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1218 vs->output.offset -= ret;
1219
1220 if (vs->output.offset == 0) {
28a76be8 1221 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
24236869 1222 }
2f9606b3
AL		 1223
1224 return ret;
1225}
1226
1227
1228/*
1229 * First function called whenever there is data to be written to
1230 * the client socket. Will delegate actual work according to whether
1231 * SASL SSF layers are enabled (thus requiring encryption calls)
1232 */
1233void vnc_client_write(void *opaque)
1234{
1235 long ret;
1236 VncState *vs = opaque;
1237
1238#ifdef CONFIG_VNC_SASL
1239 if (vs->sasl.conn &&
1240 vs->sasl.runSSF &&
1241 !vs->sasl.waitWriteSSF)
1242 ret = vnc_client_write_sasl(vs);
1243 else
1244#endif /* CONFIG_VNC_SASL */
1245 ret = vnc_client_write_plain(vs);
24236869
FB		 1246}
1247
5fb6c7a8 1248void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
24236869
FB		 1249{
1250 vs->read_handler = func;
1251 vs->read_handler_expect = expecting;
1252}
1253
2f9606b3
AL		 1254
1255/*
1256 * Called to read a chunk of data from the client socket. The data may
1257 * be the raw data, or may need to be further decoded by SASL.
1258 * The data will be read either straight from to the socket, or
1259 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1260 *
1261 * NB, it is theoretically possible to have 2 layers of encryption,
1262 * both SASL, and this TLS layer. It is highly unlikely in practice
1263 * though, since SASL encryption will typically be a no-op if TLS
1264 * is active
1265 *
1266 * Returns the number of bytes read, which may be less than
1267 * the requested 'datalen' if the socket would block. Returns
1268 * -1 on error, and disconnects the client socket.
1269 */
1270long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
24236869 1271{
ceb5caaf 1272 long ret;
eb38c52c 1273#ifdef CONFIG_VNC_TLS
5fb6c7a8 1274 if (vs->tls.session) {
28a76be8
AL		 1275 ret = gnutls_read(vs->tls.session, data, datalen);
1276 if (ret < 0) {
1277 if (ret == GNUTLS_E_AGAIN)
1278 errno = EAGAIN;
1279 else
1280 errno = EIO;
1281 ret = -1;
1282 }
8d5d2d4c
TS		 1283 } else
1284#endif /* CONFIG_VNC_TLS */
c5b76b38 1285 ret = recv(vs->csock, (void *)data, datalen, 0);
23decc87 1286 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1287 return vnc_client_io_error(vs, ret, socket_error());
1288}
24236869 1289
2f9606b3
AL		 1290
1291/*
1292 * Called to read data from the client socket to the input buffer,
1293 * when not using any SASL SSF encryption layers. Will read as much
1294 * data as possible without blocking.
1295 *
1296 * Returns the number of bytes read. Returns -1 on error, and
1297 * disconnects the client socket.
1298 */
1299static long vnc_client_read_plain(VncState *vs)
1300{
1301 int ret;
23decc87 1302 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
2f9606b3
AL		 1303 vs->input.buffer, vs->input.capacity, vs->input.offset);
1304 buffer_reserve(&vs->input, 4096);
1305 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1306 if (!ret)
1307 return 0;
24236869 1308 vs->input.offset += ret;
2f9606b3
AL		 1309 return ret;
1310}
1311
1312
1313/*
1314 * First function called whenever there is more data to be read from
1315 * the client socket. Will delegate actual work according to whether
1316 * SASL SSF layers are enabled (thus requiring decryption calls)
1317 */
1318void vnc_client_read(void *opaque)
1319{
1320 VncState *vs = opaque;
1321 long ret;
1322
1323#ifdef CONFIG_VNC_SASL
1324 if (vs->sasl.conn && vs->sasl.runSSF)
1325 ret = vnc_client_read_sasl(vs);
1326 else
1327#endif /* CONFIG_VNC_SASL */
1328 ret = vnc_client_read_plain(vs);
198a0039
GH		 1329 if (!ret) {
1330 if (vs->csock == -1)
1331 vnc_disconnect_finish(vs);
28a76be8 1332 return;
198a0039 1333 }
24236869
FB		 1334
1335 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
28a76be8
AL		 1336 size_t len = vs->read_handler_expect;
1337 int ret;
1338
1339 ret = vs->read_handler(vs, vs->input.buffer, len);
198a0039
GH		 1340 if (vs->csock == -1) {
1341 vnc_disconnect_finish(vs);
28a76be8 1342 return;
198a0039 1343 }
28a76be8
AL		 1344
1345 if (!ret) {
1346 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1347 vs->input.offset -= len;
1348 } else {
1349 vs->read_handler_expect = ret;
1350 }
24236869
FB		 1351 }
1352}
1353
5fb6c7a8 1354void vnc_write(VncState *vs, const void *data, size_t len)
24236869
FB		 1355{
1356 buffer_reserve(&vs->output, len);
1357
198a0039 1358 if (vs->csock != -1 && buffer_empty(&vs->output)) {
28a76be8 1359 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
24236869
FB		 1360 }
1361
1362 buffer_append(&vs->output, data, len);
1363}
1364
5fb6c7a8 1365void vnc_write_s32(VncState *vs, int32_t value)
24236869
FB		 1366{
1367 vnc_write_u32(vs, *(uint32_t *)&value);
1368}
1369
5fb6c7a8 1370void vnc_write_u32(VncState *vs, uint32_t value)
24236869
FB		 1371{
1372 uint8_t buf[4];
1373
1374 buf[0] = (value >> 24) & 0xFF;
1375 buf[1] = (value >> 16) & 0xFF;
1376 buf[2] = (value >> 8) & 0xFF;
1377 buf[3] = value & 0xFF;
1378
1379 vnc_write(vs, buf, 4);
1380}
1381
5fb6c7a8 1382void vnc_write_u16(VncState *vs, uint16_t value)
24236869 1383{
64f5a135 1384 uint8_t buf[2];
24236869
FB		 1385
1386 buf[0] = (value >> 8) & 0xFF;
1387 buf[1] = value & 0xFF;
1388
1389 vnc_write(vs, buf, 2);
1390}
1391
5fb6c7a8 1392void vnc_write_u8(VncState *vs, uint8_t value)
24236869
FB		 1393{
1394 vnc_write(vs, (char *)&value, 1);
1395}
1396
5fb6c7a8 1397void vnc_flush(VncState *vs)
24236869 1398{
198a0039 1399 if (vs->csock != -1 && vs->output.offset)
28a76be8 1400 vnc_client_write(vs);
24236869
FB		 1401}
1402
5fb6c7a8 1403uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 1404{
1405 return data[offset];
1406}
1407
5fb6c7a8 1408uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 1409{
1410 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1411}
1412
5fb6c7a8 1413int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 1414{
1415 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1416 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1417}
1418
5fb6c7a8 1419uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 1420{
1421 return ((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1422 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1423}
1424
60fe76f3 1425static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 1426{
1427}
1428
564c337e
FB		 1429static void check_pointer_type_change(VncState *vs, int absolute)
1430{
29fa4ed9 1431 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
28a76be8
AL		 1432 vnc_write_u8(vs, 0);
1433 vnc_write_u8(vs, 0);
1434 vnc_write_u16(vs, 1);
1435 vnc_framebuffer_update(vs, absolute, 0,
1436 ds_get_width(vs->ds), ds_get_height(vs->ds),
29fa4ed9 1437 VNC_ENCODING_POINTER_TYPE_CHANGE);
28a76be8 1438 vnc_flush(vs);
564c337e
FB		 1439 }
1440 vs->absolute = absolute;
1441}
1442
24236869
FB		 1443static void pointer_event(VncState *vs, int button_mask, int x, int y)
1444{
1445 int buttons = 0;
1446 int dz = 0;
1447
1448 if (button_mask & 0x01)
28a76be8 1449 buttons |= MOUSE_EVENT_LBUTTON;
24236869 1450 if (button_mask & 0x02)
28a76be8 1451 buttons |= MOUSE_EVENT_MBUTTON;
24236869 1452 if (button_mask & 0x04)
28a76be8 1453 buttons |= MOUSE_EVENT_RBUTTON;
24236869 1454 if (button_mask & 0x08)
28a76be8 1455 dz = -1;
24236869 1456 if (button_mask & 0x10)
28a76be8 1457 dz = 1;
564c337e
FB		 1458
1459 if (vs->absolute) {
28a76be8
AL		 1460 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1461 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1462 dz, buttons);
29fa4ed9 1463 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
28a76be8
AL		 1464 x -= 0x7FFF;
1465 y -= 0x7FFF;
24236869 1466
28a76be8 1467 kbd_mouse_event(x, y, dz, buttons);
564c337e 1468 } else {
28a76be8
AL		 1469 if (vs->last_x != -1)
1470 kbd_mouse_event(x - vs->last_x,
1471 y - vs->last_y,
1472 dz, buttons);
1473 vs->last_x = x;
1474 vs->last_y = y;
24236869 1475 }
564c337e
FB		 1476
1477 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1478}
1479
64f5a135
FB		 1480static void reset_keys(VncState *vs)
1481{
1482 int i;
1483 for(i = 0; i < 256; i++) {
1484 if (vs->modifiers_state[i]) {
1485 if (i & 0x80)
1486 kbd_put_keycode(0xe0);
1487 kbd_put_keycode(i | 0x80);
1488 vs->modifiers_state[i] = 0;
1489 }
1490 }
1491}
1492
a528b80c
AZ		 1493static void press_key(VncState *vs, int keysym)
1494{
753b4053
AL		 1495 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1496 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
a528b80c
AZ		 1497}
1498
9ca313aa 1499static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 1500{
64f5a135
FB		 1501 /* QEMU console switch */
1502 switch(keycode) {
1503 case 0x2a: /* Left Shift */
1504 case 0x36: /* Right Shift */
1505 case 0x1d: /* Left CTRL */
1506 case 0x9d: /* Right CTRL */
1507 case 0x38: /* Left ALT */
1508 case 0xb8: /* Right ALT */
1509 if (down)
1510 vs->modifiers_state[keycode] = 1;
1511 else
1512 vs->modifiers_state[keycode] = 0;
1513 break;
5fafdf24 1514 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1515 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1516 /* Reset the modifiers sent to the current console */
1517 reset_keys(vs);
1518 console_select(keycode - 0x02);
1519 return;
1520 }
1521 break;
28a76be8
AL		 1522 case 0x3a: /* CapsLock */
1523 case 0x45: /* NumLock */
a528b80c
AZ		 1524 if (!down)
1525 vs->modifiers_state[keycode] ^= 1;
1526 break;
1527 }
1528
753b4053 1529 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
a528b80c
AZ		 1530 /* If the numlock state needs to change then simulate an additional
1531 keypress before sending this one. This will happen if the user
1532 toggles numlock away from the VNC window.
1533 */
753b4053 1534 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
a528b80c
AZ		 1535 if (!vs->modifiers_state[0x45]) {
1536 vs->modifiers_state[0x45] = 1;
1537 press_key(vs, 0xff7f);
1538 }
1539 } else {
1540 if (vs->modifiers_state[0x45]) {
1541 vs->modifiers_state[0x45] = 0;
1542 press_key(vs, 0xff7f);
1543 }
1544 }
64f5a135 1545 }
24236869 1546
6b132502
GH		 1547 if ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z')) {
1548 /* If the capslock state needs to change then simulate an additional
1549 keypress before sending this one. This will happen if the user
1550 toggles capslock away from the VNC window.
1551 */
1552 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1553 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1554 int capslock = !!(vs->modifiers_state[0x3a]);
1555 if (capslock) {
1556 if (uppercase == shift) {
1557 vs->modifiers_state[0x3a] = 0;
1558 press_key(vs, 0xffe5);
1559 }
1560 } else {
1561 if (uppercase != shift) {
1562 vs->modifiers_state[0x3a] = 1;
1563 press_key(vs, 0xffe5);
1564 }
1565 }
1566 }
1567
64f5a135
FB		 1568 if (is_graphic_console()) {
1569 if (keycode & 0x80)
1570 kbd_put_keycode(0xe0);
1571 if (down)
1572 kbd_put_keycode(keycode & 0x7f);
1573 else
1574 kbd_put_keycode(keycode | 0x80);
1575 } else {
1576 /* QEMU console emulation */
1577 if (down) {
bb0a18e1 1578 int numlock = vs->modifiers_state[0x45];
64f5a135
FB		 1579 switch (keycode) {
1580 case 0x2a: /* Left Shift */
1581 case 0x36: /* Right Shift */
1582 case 0x1d: /* Left CTRL */
1583 case 0x9d: /* Right CTRL */
1584 case 0x38: /* Left ALT */
1585 case 0xb8: /* Right ALT */
1586 break;
1587 case 0xc8:
1588 kbd_put_keysym(QEMU_KEY_UP);
1589 break;
1590 case 0xd0:
1591 kbd_put_keysym(QEMU_KEY_DOWN);
1592 break;
1593 case 0xcb:
1594 kbd_put_keysym(QEMU_KEY_LEFT);
1595 break;
1596 case 0xcd:
1597 kbd_put_keysym(QEMU_KEY_RIGHT);
1598 break;
1599 case 0xd3:
1600 kbd_put_keysym(QEMU_KEY_DELETE);
1601 break;
1602 case 0xc7:
1603 kbd_put_keysym(QEMU_KEY_HOME);
1604 break;
1605 case 0xcf:
1606 kbd_put_keysym(QEMU_KEY_END);
1607 break;
1608 case 0xc9:
1609 kbd_put_keysym(QEMU_KEY_PAGEUP);
1610 break;
1611 case 0xd1:
1612 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1613 break;
bb0a18e1
GH		 1614
1615 case 0x47:
1616 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1617 break;
1618 case 0x48:
1619 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1620 break;
1621 case 0x49:
1622 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1623 break;
1624 case 0x4b:
1625 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1626 break;
1627 case 0x4c:
1628 kbd_put_keysym('5');
1629 break;
1630 case 0x4d:
1631 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1632 break;
1633 case 0x4f:
1634 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1635 break;
1636 case 0x50:
1637 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1638 break;
1639 case 0x51:
1640 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1641 break;
1642 case 0x52:
1643 kbd_put_keysym('0');
1644 break;
1645 case 0x53:
1646 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1647 break;
1648
1649 case 0xb5:
1650 kbd_put_keysym('/');
1651 break;
1652 case 0x37:
1653 kbd_put_keysym('*');
1654 break;
1655 case 0x4a:
1656 kbd_put_keysym('-');
1657 break;
1658 case 0x4e:
1659 kbd_put_keysym('+');
1660 break;
1661 case 0x9c:
1662 kbd_put_keysym('\n');
1663 break;
1664
64f5a135
FB		 1665 default:
1666 kbd_put_keysym(sym);
1667 break;
1668 }
1669 }
1670 }
24236869
FB		 1671}
1672
bdbd7676
FB		 1673static void key_event(VncState *vs, int down, uint32_t sym)
1674{
9ca313aa 1675 int keycode;
4a93fe17 1676 int lsym = sym;
9ca313aa 1677
4a93fe17
GH		 1678 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1679 lsym = lsym - 'A' + 'a';
1680 }
9ca313aa 1681
4a93fe17 1682 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF);
9ca313aa
AL		 1683 do_key_event(vs, down, keycode, sym);
1684}
1685
1686static void ext_key_event(VncState *vs, int down,
1687 uint32_t sym, uint16_t keycode)
1688{
1689 /* if the user specifies a keyboard layout, always use it */
1690 if (keyboard_layout)
1691 key_event(vs, down, sym);
1692 else
1693 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1694}
1695
24236869 1696static void framebuffer_update_request(VncState *vs, int incremental,
28a76be8
AL		 1697 int x_position, int y_position,
1698 int w, int h)
24236869 1699{
0e1f5a0c
AL		 1700 if (x_position > ds_get_width(vs->ds))
1701 x_position = ds_get_width(vs->ds);
1702 if (y_position > ds_get_height(vs->ds))
1703 y_position = ds_get_height(vs->ds);
1704 if (x_position + w >= ds_get_width(vs->ds))
1705 w = ds_get_width(vs->ds) - x_position;
1706 if (y_position + h >= ds_get_height(vs->ds))
1707 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1708
24236869
FB		 1709 int i;
1710 vs->need_update = 1;
1711 if (!incremental) {
24cf0a6e 1712 vs->force_update = 1;
28a76be8 1713 for (i = 0; i < h; i++) {
1fc62412 1714 vnc_set_bits(vs->dirty[y_position + i],
0e1f5a0c 1715 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
28a76be8 1716 }
24236869
FB		 1717 }
1718}
1719
9ca313aa
AL		 1720static void send_ext_key_event_ack(VncState *vs)
1721{
1722 vnc_write_u8(vs, 0);
1723 vnc_write_u8(vs, 0);
1724 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1725 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1726 VNC_ENCODING_EXT_KEY_EVENT);
9ca313aa
AL		 1727 vnc_flush(vs);
1728}
1729
429a8ed3 1730static void send_ext_audio_ack(VncState *vs)
1731{
1732 vnc_write_u8(vs, 0);
1733 vnc_write_u8(vs, 0);
1734 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1735 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1736 VNC_ENCODING_AUDIO);
429a8ed3 1737 vnc_flush(vs);
1738}
1739
24236869
FB		 1740static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1741{
1742 int i;
29fa4ed9 1743 unsigned int enc = 0;
24236869 1744
059cef40 1745 vnc_zlib_init(vs);
29fa4ed9 1746 vs->features = 0;
fb437313
AL		 1747 vs->vnc_encoding = 0;
1748 vs->tight_compression = 9;
1749 vs->tight_quality = 9;
564c337e 1750 vs->absolute = -1;
24236869
FB		 1751
1752 for (i = n_encodings - 1; i >= 0; i--) {
29fa4ed9
AL		 1753 enc = encodings[i];
1754 switch (enc) {
1755 case VNC_ENCODING_RAW:
fb437313 1756 vs->vnc_encoding = enc;
29fa4ed9
AL		 1757 break;
1758 case VNC_ENCODING_COPYRECT:
753b4053 1759 vs->features |= VNC_FEATURE_COPYRECT_MASK;
29fa4ed9
AL		 1760 break;
1761 case VNC_ENCODING_HEXTILE:
1762 vs->features |= VNC_FEATURE_HEXTILE_MASK;
fb437313 1763 vs->vnc_encoding = enc;
29fa4ed9 1764 break;
059cef40
AL		 1765 case VNC_ENCODING_ZLIB:
1766 vs->features |= VNC_FEATURE_ZLIB_MASK;
1767 vs->vnc_encoding = enc;
1768 break;
29fa4ed9
AL		 1769 case VNC_ENCODING_DESKTOPRESIZE:
1770 vs->features |= VNC_FEATURE_RESIZE_MASK;
1771 break;
1772 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1773 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1774 break;
1775 case VNC_ENCODING_EXT_KEY_EVENT:
9ca313aa
AL		 1776 send_ext_key_event_ack(vs);
1777 break;
29fa4ed9 1778 case VNC_ENCODING_AUDIO:
429a8ed3 1779 send_ext_audio_ack(vs);
1780 break;
29fa4ed9
AL		 1781 case VNC_ENCODING_WMVi:
1782 vs->features |= VNC_FEATURE_WMVI_MASK;
ca4cca4d 1783 break;
fb437313
AL		 1784 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1785 vs->tight_compression = (enc & 0x0F);
1786 break;
1787 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1788 vs->tight_quality = (enc & 0x0F);
1789 break;
29fa4ed9
AL		 1790 default:
1791 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1792 break;
1793 }
24236869 1794 }
564c337e
FB		 1795
1796 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1797}
1798
6cec5487
AL		 1799static void set_pixel_conversion(VncState *vs)
1800{
1801 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1802 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1803 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1804 vs->write_pixels = vnc_write_pixels_copy;
1805 switch (vs->ds->surface->pf.bits_per_pixel) {
1806 case 8:
1807 vs->send_hextile_tile = send_hextile_tile_8;
1808 break;
1809 case 16:
1810 vs->send_hextile_tile = send_hextile_tile_16;
1811 break;
1812 case 32:
1813 vs->send_hextile_tile = send_hextile_tile_32;
1814 break;
1815 }
1816 } else {
1817 vs->write_pixels = vnc_write_pixels_generic;
1818 switch (vs->ds->surface->pf.bits_per_pixel) {
1819 case 8:
1820 vs->send_hextile_tile = send_hextile_tile_generic_8;
1821 break;
1822 case 16:
1823 vs->send_hextile_tile = send_hextile_tile_generic_16;
1824 break;
1825 case 32:
1826 vs->send_hextile_tile = send_hextile_tile_generic_32;
1827 break;
1828 }
1829 }
1830}
1831
24236869 1832static void set_pixel_format(VncState *vs,
28a76be8
AL		 1833 int bits_per_pixel, int depth,
1834 int big_endian_flag, int true_color_flag,
1835 int red_max, int green_max, int blue_max,
1836 int red_shift, int green_shift, int blue_shift)
24236869 1837{
3512779a 1838 if (!true_color_flag) {
28a76be8 1839 vnc_client_error(vs);
3512779a
FB		 1840 return;
1841 }
24236869 1842
1fc62412 1843 vs->clientds = *(vs->vd->guest.ds);
6cec5487 1844 vs->clientds.pf.rmax = red_max;
90a1e3c0 1845 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1846 vs->clientds.pf.rshift = red_shift;
1847 vs->clientds.pf.rmask = red_max << red_shift;
1848 vs->clientds.pf.gmax = green_max;
90a1e3c0 1849 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1850 vs->clientds.pf.gshift = green_shift;
1851 vs->clientds.pf.gmask = green_max << green_shift;
1852 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1853 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1854 vs->clientds.pf.bshift = blue_shift;
1855 vs->clientds.pf.bmask = blue_max << blue_shift;
1856 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1857 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1858 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1859 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1860
1861 set_pixel_conversion(vs);
24236869
FB		 1862
1863 vga_hw_invalidate();
1864 vga_hw_update();
1865}
1866
ca4cca4d
AL		 1867static void pixel_format_message (VncState *vs) {
1868 char pad[3] = { 0, 0, 0 };
1869
6cec5487
AL		 1870 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1871 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d 1872
e2542fe2 1873#ifdef HOST_WORDS_BIGENDIAN
ca4cca4d
AL		 1874 vnc_write_u8(vs, 1); /* big-endian-flag */
1875#else
1876 vnc_write_u8(vs, 0); /* big-endian-flag */
1877#endif
1878 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1879 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1880 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1881 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1882 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1883 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1884 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1885 if (vs->ds->surface->pf.bits_per_pixel == 32)
ca4cca4d 1886 vs->send_hextile_tile = send_hextile_tile_32;
6cec5487 1887 else if (vs->ds->surface->pf.bits_per_pixel == 16)
ca4cca4d 1888 vs->send_hextile_tile = send_hextile_tile_16;
6cec5487 1889 else if (vs->ds->surface->pf.bits_per_pixel == 8)
ca4cca4d 1890 vs->send_hextile_tile = send_hextile_tile_8;
6cec5487 1891 vs->clientds = *(vs->ds->surface);
3cded540 1892 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1893 vs->write_pixels = vnc_write_pixels_copy;
1894
1895 vnc_write(vs, pad, 3); /* padding */
1896}
1897
7d957bd8
AL		 1898static void vnc_dpy_setdata(DisplayState *ds)
1899{
1900 /* We don't have to do anything */
1901}
1902
753b4053 1903static void vnc_colordepth(VncState *vs)
7eac3a87 1904{
753b4053 1905 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
ca4cca4d
AL		 1906 /* Sending a WMVi message to notify the client*/
1907 vnc_write_u8(vs, 0); /* msg id */
1908 vnc_write_u8(vs, 0);
1909 vnc_write_u16(vs, 1); /* number of rects */
753b4053
AL		 1910 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1911 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
ca4cca4d
AL		 1912 pixel_format_message(vs);
1913 vnc_flush(vs);
7eac3a87 1914 } else {
6cec5487 1915 set_pixel_conversion(vs);
7eac3a87
AL		 1916 }
1917}
1918
60fe76f3 1919static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1920{
1921 int i;
1922 uint16_t limit;
2430ffe4
SS		 1923 VncDisplay *vd = vs->vd;
1924
1925 if (data[0] > 3) {
1926 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1927 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1928 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1929 }
24236869
FB		 1930
1931 switch (data[0]) {
1932 case 0:
28a76be8
AL		 1933 if (len == 1)
1934 return 20;
1935
1936 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1937 read_u8(data, 6), read_u8(data, 7),
1938 read_u16(data, 8), read_u16(data, 10),
1939 read_u16(data, 12), read_u8(data, 14),
1940 read_u8(data, 15), read_u8(data, 16));
1941 break;
24236869 1942 case 2:
28a76be8
AL		 1943 if (len == 1)
1944 return 4;
24236869 1945
28a76be8 1946 if (len == 4) {
69dd5c9f
AL		 1947 limit = read_u16(data, 2);
1948 if (limit > 0)
1949 return 4 + (limit * 4);
1950 } else
1951 limit = read_u16(data, 2);
24236869 1952
28a76be8
AL		 1953 for (i = 0; i < limit; i++) {
1954 int32_t val = read_s32(data, 4 + (i * 4));
1955 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1956 }
24236869 1957
28a76be8
AL		 1958 set_encodings(vs, (int32_t *)(data + 4), limit);
1959 break;
24236869 1960 case 3:
28a76be8
AL		 1961 if (len == 1)
1962 return 10;
24236869 1963
28a76be8
AL		 1964 framebuffer_update_request(vs,
1965 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1966 read_u16(data, 6), read_u16(data, 8));
1967 break;
24236869 1968 case 4:
28a76be8
AL		 1969 if (len == 1)
1970 return 8;
24236869 1971
28a76be8
AL		 1972 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1973 break;
24236869 1974 case 5:
28a76be8
AL		 1975 if (len == 1)
1976 return 6;
24236869 1977
28a76be8
AL		 1978 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1979 break;
24236869 1980 case 6:
28a76be8
AL		 1981 if (len == 1)
1982 return 8;
24236869 1983
28a76be8 1984 if (len == 8) {
baa7666c
TS		 1985 uint32_t dlen = read_u32(data, 4);
1986 if (dlen > 0)
1987 return 8 + dlen;
1988 }
24236869 1989
28a76be8
AL		 1990 client_cut_text(vs, read_u32(data, 4), data + 8);
1991 break;
9ca313aa
AL		 1992 case 255:
1993 if (len == 1)
1994 return 2;
1995
1996 switch (read_u8(data, 1)) {
1997 case 0:
1998 if (len == 2)
1999 return 12;
2000
2001 ext_key_event(vs, read_u16(data, 2),
2002 read_u32(data, 4), read_u32(data, 8));
2003 break;
429a8ed3 2004 case 1:
2005 if (len == 2)
2006 return 4;
2007
2008 switch (read_u16 (data, 2)) {
2009 case 0:
2010 audio_add(vs);
2011 break;
2012 case 1:
2013 audio_del(vs);
2014 break;
2015 case 2:
2016 if (len == 4)
2017 return 10;
2018 switch (read_u8(data, 4)) {
2019 case 0: vs->as.fmt = AUD_FMT_U8; break;
2020 case 1: vs->as.fmt = AUD_FMT_S8; break;
2021 case 2: vs->as.fmt = AUD_FMT_U16; break;
2022 case 3: vs->as.fmt = AUD_FMT_S16; break;
2023 case 4: vs->as.fmt = AUD_FMT_U32; break;
2024 case 5: vs->as.fmt = AUD_FMT_S32; break;
2025 default:
2026 printf("Invalid audio format %d\n", read_u8(data, 4));
2027 vnc_client_error(vs);
2028 break;
2029 }
2030 vs->as.nchannels = read_u8(data, 5);
2031 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2032 printf("Invalid audio channel coount %d\n",
2033 read_u8(data, 5));
2034 vnc_client_error(vs);
2035 break;
2036 }
2037 vs->as.freq = read_u32(data, 6);
2038 break;
2039 default:
2040 printf ("Invalid audio message %d\n", read_u8(data, 4));
2041 vnc_client_error(vs);
2042 break;
2043 }
2044 break;
2045
9ca313aa
AL		 2046 default:
2047 printf("Msg: %d\n", read_u16(data, 0));
2048 vnc_client_error(vs);
2049 break;
2050 }
2051 break;
24236869 2052 default:
28a76be8
AL		 2053 printf("Msg: %d\n", data[0]);
2054 vnc_client_error(vs);
2055 break;
24236869 2056 }
5fafdf24 2057
24236869
FB		 2058 vnc_read_when(vs, protocol_client_msg, 1);
2059 return 0;
2060}
2061
60fe76f3 2062static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 2063{
c35734b2
TS		 2064 char buf[1024];
2065 int size;
24236869 2066
0e1f5a0c
AL		 2067 vnc_write_u16(vs, ds_get_width(vs->ds));
2068 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 2069
ca4cca4d 2070 pixel_format_message(vs);
24236869 2071
c35734b2
TS		 2072 if (qemu_name)
2073 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2074 else
2075 size = snprintf(buf, sizeof(buf), "QEMU");
2076
2077 vnc_write_u32(vs, size);
2078 vnc_write(vs, buf, size);
24236869
FB		 2079 vnc_flush(vs);
2080
4a80dba3 2081 vnc_client_cache_auth(vs);
0d2ed46a 2082 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
4a80dba3 2083
24236869
FB		 2084 vnc_read_when(vs, protocol_client_msg, 1);
2085
2086 return 0;
2087}
2088
5fb6c7a8
AL		 2089void start_client_init(VncState *vs)
2090{
2091 vnc_read_when(vs, protocol_client_init, 1);
2092}
2093
70848515
TS		 2094static void make_challenge(VncState *vs)
2095{
2096 int i;
2097
2098 srand(time(NULL)+getpid()+getpid()*987654+rand());
2099
2100 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2101 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2102}
2103
60fe76f3 2104static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 2105{
60fe76f3 2106 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 2107 int i, j, pwlen;
60fe76f3 2108 unsigned char key[8];
70848515 2109
753b4053 2110 if (!vs->vd->password || !vs->vd->password[0]) {
28a76be8
AL		 2111 VNC_DEBUG("No password configured on server");
2112 vnc_write_u32(vs, 1); /* Reject auth */
2113 if (vs->minor >= 8) {
2114 static const char err[] = "Authentication failed";
2115 vnc_write_u32(vs, sizeof(err));
2116 vnc_write(vs, err, sizeof(err));
2117 }
2118 vnc_flush(vs);
2119 vnc_client_error(vs);
2120 return 0;
70848515
TS		 2121 }
2122
2123 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2124
2125 /* Calculate the expected challenge response */
753b4053 2126 pwlen = strlen(vs->vd->password);
70848515 2127 for (i=0; i<sizeof(key); i++)
753b4053 2128 key[i] = i<pwlen ? vs->vd->password[i] : 0;
70848515
TS		 2129 deskey(key, EN0);
2130 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2131 des(response+j, response+j);
2132
2133 /* Compare expected vs actual challenge response */
2134 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
28a76be8
AL		 2135 VNC_DEBUG("Client challenge reponse did not match\n");
2136 vnc_write_u32(vs, 1); /* Reject auth */
2137 if (vs->minor >= 8) {
2138 static const char err[] = "Authentication failed";
2139 vnc_write_u32(vs, sizeof(err));
2140 vnc_write(vs, err, sizeof(err));
2141 }
2142 vnc_flush(vs);
2143 vnc_client_error(vs);
70848515 2144 } else {
28a76be8
AL		 2145 VNC_DEBUG("Accepting VNC challenge response\n");
2146 vnc_write_u32(vs, 0); /* Accept auth */
2147 vnc_flush(vs);
70848515 2148
5fb6c7a8 2149 start_client_init(vs);
70848515
TS		 2150 }
2151 return 0;
2152}
2153
5fb6c7a8 2154void start_auth_vnc(VncState *vs)
70848515
TS		 2155{
2156 make_challenge(vs);
2157 /* Send client a 'random' challenge */
2158 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2159 vnc_flush(vs);
2160
2161 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
469b15c6
TS		 2162}
2163
2164
60fe76f3 2165static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 2166{
2167 /* We only advertise 1 auth scheme at a time, so client
2168 * must pick the one we sent. Verify this */
753b4053 2169 if (data[0] != vs->vd->auth) { /* Reject auth */
1263b7d6 2170 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
70848515
TS		 2171 vnc_write_u32(vs, 1);
2172 if (vs->minor >= 8) {
2173 static const char err[] = "Authentication failed";
2174 vnc_write_u32(vs, sizeof(err));
2175 vnc_write(vs, err, sizeof(err));
2176 }
2177 vnc_client_error(vs);
2178 } else { /* Accept requested auth */
2179 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
753b4053 2180 switch (vs->vd->auth) {
70848515
TS		 2181 case VNC_AUTH_NONE:
2182 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 2183 if (vs->minor >= 8) {
2184 vnc_write_u32(vs, 0); /* Accept auth completion */
2185 vnc_flush(vs);
2186 }
5fb6c7a8 2187 start_client_init(vs);
70848515
TS		 2188 break;
2189
2190 case VNC_AUTH_VNC:
2191 VNC_DEBUG("Start VNC auth\n");
5fb6c7a8
AL		 2192 start_auth_vnc(vs);
2193 break;
70848515 2194
eb38c52c 2195#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2196 case VNC_AUTH_VENCRYPT:
2197 VNC_DEBUG("Accept VeNCrypt auth\n");;
5fb6c7a8
AL		 2198 start_auth_vencrypt(vs);
2199 break;
8d5d2d4c
TS		 2200#endif /* CONFIG_VNC_TLS */
2201
2f9606b3
AL		 2202#ifdef CONFIG_VNC_SASL
2203 case VNC_AUTH_SASL:
2204 VNC_DEBUG("Accept SASL auth\n");
2205 start_auth_sasl(vs);
2206 break;
2207#endif /* CONFIG_VNC_SASL */
2208
70848515 2209 default: /* Should not be possible, but just in case */
1263b7d6 2210 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
70848515
TS		 2211 vnc_write_u8(vs, 1);
2212 if (vs->minor >= 8) {
2213 static const char err[] = "Authentication failed";
2214 vnc_write_u32(vs, sizeof(err));
2215 vnc_write(vs, err, sizeof(err));
2216 }
2217 vnc_client_error(vs);
2218 }
2219 }
2220 return 0;
2221}
2222
60fe76f3 2223static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 2224{
2225 char local[13];
24236869
FB		 2226
2227 memcpy(local, version, 12);
2228 local[12] = 0;
2229
70848515 2230 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
28a76be8
AL		 2231 VNC_DEBUG("Malformed protocol version %s\n", local);
2232 vnc_client_error(vs);
2233 return 0;
24236869 2234 }
70848515
TS		 2235 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2236 if (vs->major != 3 ||
28a76be8
AL		 2237 (vs->minor != 3 &&
2238 vs->minor != 4 &&
2239 vs->minor != 5 &&
2240 vs->minor != 7 &&
2241 vs->minor != 8)) {
2242 VNC_DEBUG("Unsupported client version\n");
2243 vnc_write_u32(vs, VNC_AUTH_INVALID);
2244 vnc_flush(vs);
2245 vnc_client_error(vs);
2246 return 0;
70848515 2247 }
b0566f4f 2248 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 2249 * as equivalent to v3.3 by servers
2250 */
b0566f4f 2251 if (vs->minor == 4 || vs->minor == 5)
28a76be8 2252 vs->minor = 3;
70848515
TS		 2253
2254 if (vs->minor == 3) {
28a76be8 2255 if (vs->vd->auth == VNC_AUTH_NONE) {
70848515 2256 VNC_DEBUG("Tell client auth none\n");
753b4053 2257 vnc_write_u32(vs, vs->vd->auth);
70848515 2258 vnc_flush(vs);
28a76be8 2259 start_client_init(vs);
753b4053 2260 } else if (vs->vd->auth == VNC_AUTH_VNC) {
70848515 2261 VNC_DEBUG("Tell client VNC auth\n");
753b4053 2262 vnc_write_u32(vs, vs->vd->auth);
70848515
TS		 2263 vnc_flush(vs);
2264 start_auth_vnc(vs);
2265 } else {
753b4053 2266 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
70848515
TS		 2267 vnc_write_u32(vs, VNC_AUTH_INVALID);
2268 vnc_flush(vs);
2269 vnc_client_error(vs);
2270 }
2271 } else {
28a76be8
AL		 2272 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2273 vnc_write_u8(vs, 1); /* num auth */
2274 vnc_write_u8(vs, vs->vd->auth);
2275 vnc_read_when(vs, protocol_client_auth, 1);
2276 vnc_flush(vs);
70848515 2277 }
24236869
FB		 2278
2279 return 0;
2280}
2281
1fc62412
SS		 2282static int vnc_refresh_server_surface(VncDisplay *vd)
2283{
2284 int y;
2285 uint8_t *guest_row;
2286 uint8_t *server_row;
2287 int cmp_bytes;
2288 uint32_t width_mask[VNC_DIRTY_WORDS];
41b4bef6 2289 VncState *vs;
1fc62412
SS		 2290 int has_dirty = 0;
2291
2292 /*
2293 * Walk through the guest dirty map.
2294 * Check and copy modified bits from guest to server surface.
2295 * Update server dirty map.
2296 */
2297 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2298 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2299 guest_row = vd->guest.ds->data;
2300 server_row = vd->server->data;
2301 for (y = 0; y < vd->guest.ds->height; y++) {
2302 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2303 int x;
2304 uint8_t *guest_ptr;
2305 uint8_t *server_ptr;
2306
2307 guest_ptr = guest_row;
2308 server_ptr = server_row;
2309
2310 for (x = 0; x < vd->guest.ds->width;
2311 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2312 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2313 continue;
2314 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2315 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2316 continue;
2317 memcpy(server_ptr, guest_ptr, cmp_bytes);
41b4bef6 2318 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412 2319 vnc_set_bit(vs->dirty[y], (x / 16));
1fc62412
SS		 2320 }
2321 has_dirty++;
2322 }
2323 }
2324 guest_row += ds_get_linesize(vd->ds);
2325 server_row += ds_get_linesize(vd->ds);
2326 }
2327 return has_dirty;
2328}
2329
703bc68f
SS		 2330static void vnc_refresh(void *opaque)
2331{
2332 VncDisplay *vd = opaque;
41b4bef6
AS		 2333 VncState *vs, *vn;
2334 int has_dirty, rects = 0;
703bc68f
SS		 2335
2336 vga_hw_update();
2337
1fc62412
SS		 2338 has_dirty = vnc_refresh_server_surface(vd);
2339
41b4bef6 2340 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2430ffe4 2341 rects += vnc_update_client(vs, has_dirty);
6185c578 2342 /* vs might be free()ed here */
703bc68f 2343 }
83755c17
SS		 2344 /* vd->timer could be NULL now if the last client disconnected,
2345 * in this case don't update the timer */
2346 if (vd->timer == NULL)
2347 return;
703bc68f 2348
2430ffe4
SS		 2349 if (has_dirty && rects) {
2350 vd->timer_interval /= 2;
2351 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2352 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2353 } else {
2354 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2355 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2356 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2357 }
2358 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
703bc68f
SS		 2359}
2360
2361static void vnc_init_timer(VncDisplay *vd)
2362{
2430ffe4 2363 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
41b4bef6 2364 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
703bc68f 2365 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
1fc62412 2366 vnc_refresh(vd);
703bc68f
SS		 2367 }
2368}
2369
2370static void vnc_remove_timer(VncDisplay *vd)
2371{
41b4bef6 2372 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
703bc68f
SS		 2373 qemu_del_timer(vd->timer);
2374 qemu_free_timer(vd->timer);
2375 vd->timer = NULL;
2376 }
2377}
2378
753b4053 2379static void vnc_connect(VncDisplay *vd, int csock)
3aa3eea3 2380{
753b4053
AL		 2381 VncState *vs = qemu_mallocz(sizeof(VncState));
2382 vs->csock = csock;
2383
2384 VNC_DEBUG("New client on socket %d\n", csock);
7d957bd8 2385 dcl->idle = 0;
3aa3eea3
AZ		 2386 socket_set_nonblock(vs->csock);
2387 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
753b4053 2388
4a80dba3 2389 vnc_client_cache_addr(vs);
586153d9 2390 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
4a80dba3 2391
753b4053
AL		 2392 vs->vd = vd;
2393 vs->ds = vd->ds;
753b4053
AL		 2394 vs->last_x = -1;
2395 vs->last_y = -1;
2396
2397 vs->as.freq = 44100;
2398 vs->as.nchannels = 2;
2399 vs->as.fmt = AUD_FMT_S16;
2400 vs->as.endianness = 0;
2401
41b4bef6 2402 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
1fc62412
SS		 2403
2404 vga_hw_update();
2405
3aa3eea3
AZ		 2406 vnc_write(vs, "RFB 003.008\n", 12);
2407 vnc_flush(vs);
2408 vnc_read_when(vs, protocol_version, 12);
53762ddb 2409 reset_keys(vs);
753b4053 2410
703bc68f 2411 vnc_init_timer(vd);
1fc62412 2412
198a0039 2413 /* vs might be free()ed here */
3aa3eea3
AZ		 2414}
2415
24236869
FB		 2416static void vnc_listen_read(void *opaque)
2417{
753b4053 2418 VncDisplay *vs = opaque;
24236869
FB		 2419 struct sockaddr_in addr;
2420 socklen_t addrlen = sizeof(addr);
2421
9f60ad50
AZ		 2422 /* Catch-up */
2423 vga_hw_update();
2424
40ff6d7e 2425 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
753b4053
AL		 2426 if (csock != -1) {
2427 vnc_connect(vs, csock);
24236869
FB		 2428 }
2429}
2430
71cab5ca 2431void vnc_display_init(DisplayState *ds)
24236869 2432{
afd32160 2433 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
24236869 2434
7d957bd8 2435 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
24236869
FB		 2436
2437 ds->opaque = vs;
7d957bd8 2438 dcl->idle = 1;
753b4053 2439 vnc_display = vs;
24236869
FB		 2440
2441 vs->lsock = -1;
24236869
FB		 2442
2443 vs->ds = ds;
41b4bef6 2444 QTAILQ_INIT(&vs->clients);
24236869 2445
9ca313aa 2446 if (keyboard_layout)
0483755a 2447 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
9ca313aa 2448 else
0483755a 2449 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
24236869 2450
24236869 2451 if (!vs->kbd_layout)
28a76be8 2452 exit(1);
24236869 2453
753b4053 2454 dcl->dpy_copy = vnc_dpy_copy;
7d957bd8
AL		 2455 dcl->dpy_update = vnc_dpy_update;
2456 dcl->dpy_resize = vnc_dpy_resize;
2457 dcl->dpy_setdata = vnc_dpy_setdata;
7d957bd8 2458 register_displaychangelistener(ds, dcl);
71cab5ca
TS		 2459}
2460
6f43024c 2461
71cab5ca
TS		 2462void vnc_display_close(DisplayState *ds)
2463{
753b4053 2464 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
71cab5ca 2465
452b4d88
AL		 2466 if (!vs)
2467 return;
71cab5ca 2468 if (vs->display) {
28a76be8
AL		 2469 qemu_free(vs->display);
2470 vs->display = NULL;
71cab5ca
TS		 2471 }
2472 if (vs->lsock != -1) {
28a76be8
AL		 2473 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2474 close(vs->lsock);
2475 vs->lsock = -1;
71cab5ca 2476 }
70848515 2477 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2478#ifdef CONFIG_VNC_TLS
8d5d2d4c 2479 vs->subauth = VNC_AUTH_INVALID;
5fb6c7a8 2480 vs->tls.x509verify = 0;
8d5d2d4c 2481#endif
70848515
TS		 2482}
2483
2484int vnc_display_password(DisplayState *ds, const char *password)
2485{
753b4053 2486 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515 2487
7ef92331
ZA		 2488 if (!vs) {
2489 return -1;
2490 }
2491
70848515 2492 if (vs->password) {
28a76be8
AL		 2493 qemu_free(vs->password);
2494 vs->password = NULL;
70848515
TS		 2495 }
2496 if (password && password[0]) {
28a76be8
AL		 2497 if (!(vs->password = qemu_strdup(password)))
2498 return -1;
52c18be9
ZA		 2499 if (vs->auth == VNC_AUTH_NONE) {
2500 vs->auth = VNC_AUTH_VNC;
2501 }
2502 } else {
2503 vs->auth = VNC_AUTH_NONE;
70848515
TS		 2504 }
2505
2506 return 0;
71cab5ca
TS		 2507}
2508
f92f8afe
AL		 2509char *vnc_display_local_addr(DisplayState *ds)
2510{
2511 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2512
2513 return vnc_socket_local_addr("%s:%s", vs->lsock);
2514}
2515
70848515 2516int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2517{
753b4053 2518 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515
TS		 2519 const char *options;
2520 int password = 0;
3aa3eea3 2521 int reverse = 0;
eb38c52c 2522#ifdef CONFIG_VNC_TLS
3a702699 2523 int tls = 0, x509 = 0;
8d5d2d4c 2524#endif
2f9606b3
AL		 2525#ifdef CONFIG_VNC_SASL
2526 int sasl = 0;
2527 int saslErr;
2528#endif
76655d6d 2529 int acl = 0;
71cab5ca 2530
753b4053 2531 if (!vnc_display)
452b4d88 2532 return -1;
71cab5ca 2533 vnc_display_close(ds);
70848515 2534 if (strcmp(display, "none") == 0)
28a76be8 2535 return 0;
24236869 2536
70848515 2537 if (!(vs->display = strdup(display)))
28a76be8 2538 return -1;
70848515
TS		 2539
2540 options = display;
2541 while ((options = strchr(options, ','))) {
28a76be8
AL		 2542 options++;
2543 if (strncmp(options, "password", 8) == 0) {
2544 password = 1; /* Require password auth */
2545 } else if (strncmp(options, "reverse", 7) == 0) {
2546 reverse = 1;
2f9606b3 2547#ifdef CONFIG_VNC_SASL
28a76be8
AL		 2548 } else if (strncmp(options, "sasl", 4) == 0) {
2549 sasl = 1; /* Require SASL auth */
2f9606b3 2550#endif
eb38c52c 2551#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2552 } else if (strncmp(options, "tls", 3) == 0) {
2553 tls = 1; /* Require TLS */
2554 } else if (strncmp(options, "x509", 4) == 0) {
2555 char *start, *end;
2556 x509 = 1; /* Require x509 certificates */
2557 if (strncmp(options, "x509verify", 10) == 0)
2558 vs->tls.x509verify = 1; /* ...and verify client certs */
2559
2560 /* Now check for 'x509=/some/path' postfix
2561 * and use that to setup x509 certificate/key paths */
2562 start = strchr(options, '=');
2563 end = strchr(options, ',');
2564 if (start && (!end || (start < end))) {
2565 int len = end ? end-(start+1) : strlen(start+1);
2566 char *path = qemu_strndup(start + 1, len);
2567
2568 VNC_DEBUG("Trying certificate path '%s'\n", path);
2569 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2570 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2571 qemu_free(path);
2572 qemu_free(vs->display);
2573 vs->display = NULL;
2574 return -1;
2575 }
2576 qemu_free(path);
2577 } else {
2578 fprintf(stderr, "No certificate path provided\n");
2579 qemu_free(vs->display);
2580 vs->display = NULL;
2581 return -1;
2582 }
8d5d2d4c 2583#endif
28a76be8
AL		 2584 } else if (strncmp(options, "acl", 3) == 0) {
2585 acl = 1;
2586 }
70848515
TS		 2587 }
2588
76655d6d
AL		 2589#ifdef CONFIG_VNC_TLS
2590 if (acl && x509 && vs->tls.x509verify) {
28a76be8
AL		 2591 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2592 fprintf(stderr, "Failed to create x509 dname ACL\n");
2593 exit(1);
2594 }
76655d6d
AL		 2595 }
2596#endif
2597#ifdef CONFIG_VNC_SASL
2598 if (acl && sasl) {
28a76be8
AL		 2599 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2600 fprintf(stderr, "Failed to create username ACL\n");
2601 exit(1);
2602 }
76655d6d
AL		 2603 }
2604#endif
2605
2f9606b3
AL		 2606 /*
2607 * Combinations we support here:
2608 *
2609 * - no-auth (clear text, no auth)
2610 * - password (clear text, weak auth)
2611 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2612 * - tls (encrypt, weak anonymous creds, no auth)
2613 * - tls + password (encrypt, weak anonymous creds, weak auth)
2614 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2615 * - tls + x509 (encrypt, good x509 creds, no auth)
2616 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2617 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2618 *
2619 * NB1. TLS is a stackable auth scheme.
2620 * NB2. the x509 schemes have option to validate a client cert dname
2621 */
70848515 2622 if (password) {
eb38c52c 2623#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2624 if (tls) {
2625 vs->auth = VNC_AUTH_VENCRYPT;
2626 if (x509) {
2627 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2628 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2629 } else {
2630 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2631 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2632 }
2633 } else {
2f9606b3 2634#endif /* CONFIG_VNC_TLS */
28a76be8
AL		 2635 VNC_DEBUG("Initializing VNC server with password auth\n");
2636 vs->auth = VNC_AUTH_VNC;
eb38c52c 2637#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2638 vs->subauth = VNC_AUTH_INVALID;
2639 }
2f9606b3
AL		 2640#endif /* CONFIG_VNC_TLS */
2641#ifdef CONFIG_VNC_SASL
2642 } else if (sasl) {
2643#ifdef CONFIG_VNC_TLS
2644 if (tls) {
2645 vs->auth = VNC_AUTH_VENCRYPT;
2646 if (x509) {
28a76be8 2647 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2f9606b3
AL		 2648 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2649 } else {
28a76be8 2650 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2f9606b3
AL		 2651 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2652 }
2653 } else {
2654#endif /* CONFIG_VNC_TLS */
28a76be8 2655 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2f9606b3
AL		 2656 vs->auth = VNC_AUTH_SASL;
2657#ifdef CONFIG_VNC_TLS
2658 vs->subauth = VNC_AUTH_INVALID;
2659 }
2660#endif /* CONFIG_VNC_TLS */
2661#endif /* CONFIG_VNC_SASL */
70848515 2662 } else {
eb38c52c 2663#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2664 if (tls) {
2665 vs->auth = VNC_AUTH_VENCRYPT;
2666 if (x509) {
2667 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2668 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2669 } else {
2670 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2671 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2672 }
2673 } else {
8d5d2d4c 2674#endif
28a76be8
AL		 2675 VNC_DEBUG("Initializing VNC server with no auth\n");
2676 vs->auth = VNC_AUTH_NONE;
eb38c52c 2677#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2678 vs->subauth = VNC_AUTH_INVALID;
2679 }
8d5d2d4c 2680#endif
70848515 2681 }
24236869 2682
2f9606b3
AL		 2683#ifdef CONFIG_VNC_SASL
2684 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2685 fprintf(stderr, "Failed to initialize SASL auth %s",
2686 sasl_errstring(saslErr, NULL, NULL));
2687 free(vs->display);
2688 vs->display = NULL;
2689 return -1;
2690 }
2691#endif
2692
3aa3eea3 2693 if (reverse) {
9712ecaf
AL		 2694 /* connect to viewer */
2695 if (strncmp(display, "unix:", 5) == 0)
2696 vs->lsock = unix_connect(display+5);
2697 else
2698 vs->lsock = inet_connect(display, SOCK_STREAM);
2699 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2700 free(vs->display);
2701 vs->display = NULL;
2702 return -1;
2703 } else {
753b4053 2704 int csock = vs->lsock;
3aa3eea3 2705 vs->lsock = -1;
753b4053 2706 vnc_connect(vs, csock);
3aa3eea3 2707 }
9712ecaf 2708 return 0;
24236869 2709
9712ecaf
AL		 2710 } else {
2711 /* listen for connects */
2712 char *dpy;
2713 dpy = qemu_malloc(256);
2714 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2715 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2716 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2717 } else {
2718 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2719 }
2720 if (-1 == vs->lsock) {
2721 free(dpy);
d0513623 2722 return -1;
9712ecaf
AL		 2723 } else {
2724 free(vs->display);
2725 vs->display = dpy;
2726 }
24236869 2727 }
753b4053 2728 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
24236869 2729}
Qemu copy for testing