]> git.proxmox.com Git - mirror_qemu.git/blame - vnc.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Expose whether a mouse is an absolute device via QMP and the human monitor.
[mirror_qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
19a490bf 6 * Copyright (C) 2009 Red Hat, Inc
5fafdf24 7 *
7d510b8c
FB		 8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
19a490bf 27#include "vnc.h"
87ecb68b 28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
76655d6d 31#include "acl.h"
d96fd29c 32#include "qemu-objects.h"
24236869 33
2430ffe4
SS		 34#define VNC_REFRESH_INTERVAL_BASE 30
35#define VNC_REFRESH_INTERVAL_INC 50
36#define VNC_REFRESH_INTERVAL_MAX 2000
24236869
FB		 37
38#include "vnc_keysym.h"
70848515
TS		 39#include "d3des.h"
40
90a1e3c0
AL		 41#define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46}
8d5d2d4c 47
24236869 48
753b4053 49static VncDisplay *vnc_display; /* needed for info vnc */
7d957bd8 50static DisplayChangeListener *dcl;
a9ce8590 51
1ff7df1a
AL		 52static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
457772e6 59 size_t addrlen;
1ff7df1a
AL		 60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
457772e6 70 /* Enough for the existing format + the 2 vars we're
f425c278 71 * substituting in. */
457772e6
AL		 72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
1ff7df1a
AL		 76
77 return addr;
78}
79
2f9606b3
AL		 80
81char *vnc_socket_local_addr(const char *format, int fd) {
1ff7df1a
AL		 82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90}
91
2f9606b3 92char *vnc_socket_remote_addr(const char *format, int fd) {
1ff7df1a
AL		 93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101}
102
d96fd29c
LC		 103static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105{
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
dc0d4efc 121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
d96fd29c
LC		 122
123 return 0;
124}
125
a7789382 126static int vnc_server_addr_put(QDict *qdict, int fd)
d96fd29c
LC		 127{
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137}
138
139static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140{
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150}
151
1ff7df1a
AL		 152static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171#ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
28a76be8
AL		 187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
1ff7df1a
AL		 191 default:
192 return "vencrypt";
193 }
194#else
195 return "vencrypt";
196#endif
2f9606b3 197 case VNC_AUTH_SASL:
28a76be8 198 return "sasl";
1ff7df1a
AL		 199 }
200 return "unknown";
201}
202
a7789382
LC		 203static int vnc_server_info_put(QDict *qdict)
204{
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211}
212
4a80dba3 213static void vnc_client_cache_auth(VncState *client)
1ff7df1a 214{
d96fd29c 215 QDict *qdict;
1ff7df1a 216
4a80dba3
LC		 217 if (!client->info) {
218 return;
d96fd29c 219 }
1263b7d6 220
4a80dba3
LC		 221 qdict = qobject_to_qdict(client->info);
222
1263b7d6
AL		 223#ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
d96fd29c
LC		 225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
1263b7d6
AL		 228#endif
229#ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
d96fd29c 231 client->sasl.username) {
76825067
LC		 232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
d96fd29c 234 }
1263b7d6 235#endif
4a80dba3 236}
d96fd29c 237
4a80dba3
LC		 238static void vnc_client_cache_addr(VncState *client)
239{
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
1ff7df1a
AL		 250}
251
586153d9
LC		 252static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253{
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274}
275
d96fd29c 276static void info_vnc_iter(QObject *obj, void *opaque)
a9ce8590 277{
d96fd29c
LC		 278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287#ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291#endif
292#ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
76825067
LC		 294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
d96fd29c
LC		 296#endif
297}
298
299void do_info_vnc_print(Monitor *mon, const QObject *data)
300{
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
8950a950 305 if (qdict_get_bool(server, "enabled") == 0) {
1ff7df1a 306 monitor_printf(mon, "Server: disabled\n");
d96fd29c
LC		 307 return;
308 }
1ff7df1a 309
d96fd29c
LC		 310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
a7789382 314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
d96fd29c
LC		 315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322}
1ff7df1a 323
d96fd29c
LC		 324/**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
8950a950 332 * - "enabled": true or false
d96fd29c 333 * - "host": server's IP address
5c7238c5 334 * - "family": address family ("ipv4" or "ipv6")
d96fd29c 335 * - "service": server's port number
a7789382 336 * - "auth": authentication method
d96fd29c
LC		 337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
5c7238c5 342 * - "family": address family ("ipv4" or "ipv6")
d96fd29c
LC		 343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
76825067 345 * - "sasl_username": SASL username (optional)
d96fd29c
LC		 346 *
347 * Example:
348 *
8950a950 349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
5c7238c5
LC		 350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
d96fd29c
LC		 352 */
353void do_info_vnc(Monitor *mon, QObject **ret_data)
354{
355 if (vnc_display == NULL || vnc_display->display == NULL) {
8950a950 356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
d96fd29c 357 } else {
d96fd29c 358 QList *clist;
41b4bef6 359 VncState *client;
1ff7df1a 360
d96fd29c 361 clist = qlist_new();
41b4bef6
AS		 362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
1ff7df1a 367 }
d96fd29c
LC		 368 }
369
8950a950 370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
d96fd29c
LC		 371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
a7789382 374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
d96fd29c
LC		 375 qobject_decref(*ret_data);
376 *ret_data = NULL;
1ff7df1a 377 }
a9ce8590
FB		 378 }
379}
380
29fa4ed9
AL		 381static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383}
384
24236869
FB		 385/* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390*/
391
2430ffe4 392static int vnc_update_client(VncState *vs, int has_dirty);
198a0039
GH		 393static void vnc_disconnect_start(VncState *vs);
394static void vnc_disconnect_finish(VncState *vs);
703bc68f
SS		 395static void vnc_init_timer(VncDisplay *vd);
396static void vnc_remove_timer(VncDisplay *vd);
24236869 397
753b4053 398static void vnc_colordepth(VncState *vs);
1fc62412
SS		 399static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402static void vnc_refresh(void *opaque);
403static int vnc_refresh_server_surface(VncDisplay *vd);
7eac3a87 404
99589bdc
FB		 405static inline void vnc_set_bit(uint32_t *d, int k)
406{
407 d[k >> 5] |= 1 << (k & 0x1f);
408}
409
410static inline void vnc_clear_bit(uint32_t *d, int k)
411{
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413}
414
415static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416{
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
5fafdf24 424 if (n > 0)
99589bdc
FB		 425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428}
429
430static inline int vnc_get_bit(const uint32_t *d, int k)
431{
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433}
434
5fafdf24 435static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 436 int nb_words)
437{
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444}
445
1fc62412 446static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
24236869 447{
24236869 448 int i;
1fc62412
SS		 449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
24236869
FB		 451
452 h += y;
453
0486e8a7
AZ		 454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
6baebed7
AL		 461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
788abf8e 465
24236869 466 for (; y < h; y++)
28a76be8 467 for (i = 0; i < w; i += 16)
6baebed7 468 vnc_set_bit(s->dirty[y], (x + i) / 16);
24236869
FB		 469}
470
471static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
28a76be8 472 int32_t encoding)
24236869
FB		 473{
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480}
481
2f9606b3 482void buffer_reserve(Buffer *buffer, size_t len)
89064286
AL		 483{
484 if ((buffer->capacity - buffer->offset) < len) {
28a76be8
AL		 485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
89064286
AL		 491 }
492}
493
2f9606b3 494int buffer_empty(Buffer *buffer)
89064286
AL		 495{
496 return buffer->offset == 0;
497}
498
2f9606b3 499uint8_t *buffer_end(Buffer *buffer)
89064286
AL		 500{
501 return buffer->buffer + buffer->offset;
502}
503
2f9606b3 504void buffer_reset(Buffer *buffer)
89064286 505{
28a76be8 506 buffer->offset = 0;
89064286
AL		 507}
508
2f9606b3 509void buffer_append(Buffer *buffer, const void *data, size_t len)
89064286
AL		 510{
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513}
514
1fc62412 515static void vnc_dpy_resize(DisplayState *ds)
24236869 516{
73e14b62 517 int size_changed;
1fc62412 518 VncDisplay *vd = ds->opaque;
41b4bef6 519 VncState *vs;
1fc62412
SS		 520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
24236869 529
6baebed7 530 /* guest surface */
1fc62412
SS		 531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
a528b80c 534 console_color_init(ds);
1fc62412
SS		 535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
24236869 539
41b4bef6 540 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412
SS		 541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
544 vnc_write_u8(vs, 0); /* msg id */
545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
753b4053
AL		 553 }
554}
555
3512779a
FB		 556/* fastest code */
557static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558{
559 vnc_write(vs, pixels, size);
560}
561
562/* slowest but generic code. */
563static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
564{
7eac3a87 565 uint8_t r, g, b;
1fc62412
SS		 566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
6cec5487
AL		 574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
6cec5487 582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
6cec5487 592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605}
606
607static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608{
3512779a 609 uint8_t buf[4];
1fc62412 610 VncDisplay *vd = vs->vd;
3512779a 611
1fc62412 612 if (vd->server->pf.bytes_per_pixel == 4) {
7eac3a87
AL		 613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 619 }
1fc62412 620 } else if (vd->server->pf.bytes_per_pixel == 2) {
7eac3a87
AL		 621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 627 }
1fc62412 628 } else if (vd->server->pf.bytes_per_pixel == 1) {
7eac3a87
AL		 629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 638 }
639}
640
24236869
FB		 641static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
642{
643 int i;
60fe76f3 644 uint8_t *row;
1fc62412 645 VncDisplay *vd = vs->vd;
24236869 646
1fc62412 647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 648 for (i = 0; i < h; i++) {
28a76be8
AL		 649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
24236869
FB		 651 }
652}
653
654static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
655{
656 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
657 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
658}
659
660#define BPP 8
661#include "vnchextile.h"
662#undef BPP
663
664#define BPP 16
665#include "vnchextile.h"
666#undef BPP
667
668#define BPP 32
669#include "vnchextile.h"
670#undef BPP
671
7eac3a87
AL		 672#define GENERIC
673#define BPP 8
674#include "vnchextile.h"
675#undef BPP
676#undef GENERIC
677
678#define GENERIC
679#define BPP 16
680#include "vnchextile.h"
681#undef BPP
682#undef GENERIC
683
3512779a
FB		 684#define GENERIC
685#define BPP 32
686#include "vnchextile.h"
687#undef BPP
688#undef GENERIC
689
24236869
FB		 690static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
691{
692 int i, j;
693 int has_fg, has_bg;
7eac3a87 694 uint8_t *last_fg, *last_bg;
1fc62412 695 VncDisplay *vd = vs->vd;
24236869 696
1fc62412
SS		 697 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
698 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
24236869
FB		 699 has_fg = has_bg = 0;
700 for (j = y; j < (y + h); j += 16) {
28a76be8 701 for (i = x; i < (x + w); i += 16) {
5fafdf24 702 vs->send_hextile_tile(vs, i, j,
3512779a 703 MIN(16, x + w - i), MIN(16, y + h - j),
7eac3a87 704 last_bg, last_fg, &has_bg, &has_fg);
28a76be8 705 }
24236869 706 }
7eac3a87
AL		 707 free(last_fg);
708 free(last_bg);
709
24236869
FB		 710}
711
6c098407
SW		 712#define ZALLOC_ALIGNMENT 16
713
714static void *zalloc(void *x, unsigned items, unsigned size)
715{
716 void *p;
717
718 size *= items;
719 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
720
721 p = qemu_mallocz(size);
722
723 return (p);
724}
725
726static void zfree(void *x, void *addr)
727{
728 qemu_free(addr);
729}
730
059cef40
AL		 731static void vnc_zlib_init(VncState *vs)
732{
733 int i;
734 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
735 vs->zlib_stream[i].opaque = NULL;
736}
737
738static void vnc_zlib_start(VncState *vs)
739{
740 buffer_reset(&vs->zlib);
741
742 // make the output buffer be the zlib buffer, so we can compress it later
743 vs->zlib_tmp = vs->output;
744 vs->output = vs->zlib;
745}
746
747static int vnc_zlib_stop(VncState *vs, int stream_id)
748{
749 z_streamp zstream = &vs->zlib_stream[stream_id];
750 int previous_out;
751
752 // switch back to normal output/zlib buffers
753 vs->zlib = vs->output;
754 vs->output = vs->zlib_tmp;
755
756 // compress the zlib buffer
757
758 // initialize the stream
759 // XXX need one stream per session
760 if (zstream->opaque != vs) {
761 int err;
762
763 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
764 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
6c098407
SW		 765 zstream->zalloc = zalloc;
766 zstream->zfree = zfree;
059cef40
AL		 767
768 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
769 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
770
771 if (err != Z_OK) {
772 fprintf(stderr, "VNC: error initializing zlib\n");
773 return -1;
774 }
775
776 zstream->opaque = vs;
777 }
778
779 // XXX what to do if tight_compression changed in between?
780
781 // reserve memory in output buffer
782 buffer_reserve(&vs->output, vs->zlib.offset + 64);
783
784 // set pointers
785 zstream->next_in = vs->zlib.buffer;
786 zstream->avail_in = vs->zlib.offset;
787 zstream->next_out = vs->output.buffer + vs->output.offset;
788 zstream->avail_out = vs->output.capacity - vs->output.offset;
789 zstream->data_type = Z_BINARY;
790 previous_out = zstream->total_out;
791
792 // start encoding
793 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
794 fprintf(stderr, "VNC: error during zlib compression\n");
795 return -1;
796 }
797
798 vs->output.offset = vs->output.capacity - zstream->avail_out;
799 return zstream->total_out - previous_out;
800}
801
802static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
803{
804 int old_offset, new_offset, bytes_written;
805
806 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
807
808 // remember where we put in the follow-up size
809 old_offset = vs->output.offset;
810 vnc_write_s32(vs, 0);
811
812 // compress the stream
813 vnc_zlib_start(vs);
814 send_framebuffer_update_raw(vs, x, y, w, h);
815 bytes_written = vnc_zlib_stop(vs, 0);
816
817 if (bytes_written == -1)
818 return;
819
820 // hack in the size
821 new_offset = vs->output.offset;
822 vs->output.offset = old_offset;
823 vnc_write_u32(vs, bytes_written);
824 vs->output.offset = new_offset;
825}
826
24236869
FB		 827static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
828{
fb437313 829 switch(vs->vnc_encoding) {
28a76be8
AL		 830 case VNC_ENCODING_ZLIB:
831 send_framebuffer_update_zlib(vs, x, y, w, h);
832 break;
833 case VNC_ENCODING_HEXTILE:
834 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
835 send_framebuffer_update_hextile(vs, x, y, w, h);
836 break;
837 default:
838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
839 send_framebuffer_update_raw(vs, x, y, w, h);
840 break;
fb437313 841 }
24236869
FB		 842}
843
753b4053 844static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
24236869 845{
3e28c9ad 846 /* send bitblit op to the vnc client */
24236869
FB		 847 vnc_write_u8(vs, 0); /* msg id */
848 vnc_write_u8(vs, 0);
849 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9 850 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
24236869
FB		 851 vnc_write_u16(vs, src_x);
852 vnc_write_u16(vs, src_y);
853 vnc_flush(vs);
854}
855
753b4053
AL		 856static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
857{
858 VncDisplay *vd = ds->opaque;
198a0039 859 VncState *vs, *vn;
1fc62412
SS		 860 uint8_t *src_row;
861 uint8_t *dst_row;
862 int i,x,y,pitch,depth,inc,w_lim,s;
863 int cmp_bytes;
198a0039 864
1fc62412 865 vnc_refresh_server_surface(vd);
41b4bef6 866 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
198a0039
GH		 867 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
868 vs->force_update = 1;
1fc62412 869 vnc_update_client(vs, 1);
198a0039
GH		 870 /* vs might be free()ed here */
871 }
872 }
873
1fc62412
SS		 874 /* do bitblit op on the local surface too */
875 pitch = ds_get_linesize(vd->ds);
876 depth = ds_get_bytes_per_pixel(vd->ds);
877 src_row = vd->server->data + pitch * src_y + depth * src_x;
878 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
879 y = dst_y;
880 inc = 1;
881 if (dst_y > src_y) {
882 /* copy backwards */
883 src_row += pitch * (h-1);
884 dst_row += pitch * (h-1);
885 pitch = -pitch;
886 y = dst_y + h - 1;
887 inc = -1;
888 }
889 w_lim = w - (16 - (dst_x % 16));
890 if (w_lim < 0)
891 w_lim = w;
892 else
893 w_lim = w - (w_lim % 16);
894 for (i = 0; i < h; i++) {
895 for (x = 0; x <= w_lim;
896 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
897 if (x == w_lim) {
898 if ((s = w - w_lim) == 0)
899 break;
900 } else if (!x) {
901 s = (16 - (dst_x % 16));
902 s = MIN(s, w_lim);
903 } else {
904 s = 16;
905 }
906 cmp_bytes = s * depth;
907 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
908 continue;
909 memmove(dst_row, src_row, cmp_bytes);
41b4bef6
AS		 910 QTAILQ_FOREACH(vs, &vd->clients, next) {
911 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
1fc62412 912 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
41b4bef6 913 }
1fc62412
SS		 914 }
915 }
916 src_row += pitch - w * depth;
917 dst_row += pitch - w * depth;
918 y += inc;
919 }
920
41b4bef6
AS		 921 QTAILQ_FOREACH(vs, &vd->clients, next) {
922 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
753b4053 923 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
41b4bef6 924 }
753b4053
AL		 925 }
926}
927
1fc62412 928static int find_and_clear_dirty_height(struct VncState *vs,
6baebed7 929 int y, int last_x, int x)
24236869
FB		 930{
931 int h;
1fc62412 932 VncDisplay *vd = vs->vd;
24236869 933
1fc62412 934 for (h = 1; h < (vd->server->height - y); h++) {
28a76be8 935 int tmp_x;
1fc62412 936 if (!vnc_get_bit(vs->dirty[y + h], last_x))
28a76be8
AL		 937 break;
938 for (tmp_x = last_x; tmp_x < x; tmp_x++)
1fc62412 939 vnc_clear_bit(vs->dirty[y + h], tmp_x);
24236869
FB		 940 }
941
942 return h;
943}
944
2430ffe4 945static int vnc_update_client(VncState *vs, int has_dirty)
24236869 946{
24236869 947 if (vs->need_update && vs->csock != -1) {
1fc62412 948 VncDisplay *vd = vs->vd;
28a76be8 949 int y;
28a76be8
AL		 950 int n_rectangles;
951 int saved_offset;
24236869 952
703bc68f 953 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
c522d0e2 954 /* kernel send buffers are full -> drop frames to throttle */
2430ffe4 955 return 0;
a0ecfb73 956
703bc68f 957 if (!has_dirty && !vs->audio_cap && !vs->force_update)
2430ffe4 958 return 0;
28a76be8 959
6baebed7
AL		 960 /*
961 * Send screen updates to the vnc client using the server
962 * surface and server dirty map. guest surface updates
963 * happening in parallel don't disturb us, the next pass will
964 * send them to the client.
965 */
28a76be8
AL		 966 n_rectangles = 0;
967 vnc_write_u8(vs, 0); /* msg id */
968 vnc_write_u8(vs, 0);
969 saved_offset = vs->output.offset;
970 vnc_write_u16(vs, 0);
971
1fc62412 972 for (y = 0; y < vd->server->height; y++) {
28a76be8
AL		 973 int x;
974 int last_x = -1;
1fc62412
SS		 975 for (x = 0; x < vd->server->width / 16; x++) {
976 if (vnc_get_bit(vs->dirty[y], x)) {
28a76be8
AL		 977 if (last_x == -1) {
978 last_x = x;
979 }
1fc62412 980 vnc_clear_bit(vs->dirty[y], x);
28a76be8
AL		 981 } else {
982 if (last_x != -1) {
1fc62412 983 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 984 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
985 n_rectangles++;
986 }
987 last_x = -1;
988 }
989 }
990 if (last_x != -1) {
1fc62412 991 int h = find_and_clear_dirty_height(vs, y, last_x, x);
28a76be8
AL		 992 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
993 n_rectangles++;
994 }
995 }
996 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
997 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
998 vnc_flush(vs);
c522d0e2 999 vs->force_update = 0;
2430ffe4 1000 return n_rectangles;
24236869 1001 }
24236869 1002
703bc68f 1003 if (vs->csock == -1)
198a0039 1004 vnc_disconnect_finish(vs);
2430ffe4
SS		 1005
1006 return 0;
24236869
FB		 1007}
1008
429a8ed3 1009/* audio */
1010static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1011{
1012 VncState *vs = opaque;
1013
1014 switch (cmd) {
1015 case AUD_CNOTIFY_DISABLE:
1016 vnc_write_u8(vs, 255);
1017 vnc_write_u8(vs, 1);
1018 vnc_write_u16(vs, 0);
1019 vnc_flush(vs);
1020 break;
1021
1022 case AUD_CNOTIFY_ENABLE:
1023 vnc_write_u8(vs, 255);
1024 vnc_write_u8(vs, 1);
1025 vnc_write_u16(vs, 1);
1026 vnc_flush(vs);
1027 break;
1028 }
1029}
1030
1031static void audio_capture_destroy(void *opaque)
1032{
1033}
1034
1035static void audio_capture(void *opaque, void *buf, int size)
1036{
1037 VncState *vs = opaque;
1038
1039 vnc_write_u8(vs, 255);
1040 vnc_write_u8(vs, 1);
1041 vnc_write_u16(vs, 2);
1042 vnc_write_u32(vs, size);
1043 vnc_write(vs, buf, size);
1044 vnc_flush(vs);
1045}
1046
1047static void audio_add(VncState *vs)
1048{
1049 struct audio_capture_ops ops;
1050
1051 if (vs->audio_cap) {
8631b608 1052 monitor_printf(default_mon, "audio already running\n");
429a8ed3 1053 return;
1054 }
1055
1056 ops.notify = audio_capture_notify;
1057 ops.destroy = audio_capture_destroy;
1058 ops.capture = audio_capture;
1059
1a7dafce 1060 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
429a8ed3 1061 if (!vs->audio_cap) {
8631b608 1062 monitor_printf(default_mon, "Failed to add audio capture\n");
429a8ed3 1063 }
1064}
1065
1066static void audio_del(VncState *vs)
1067{
1068 if (vs->audio_cap) {
1069 AUD_del_capture(vs->audio_cap, vs);
1070 vs->audio_cap = NULL;
1071 }
1072}
1073
198a0039
GH		 1074static void vnc_disconnect_start(VncState *vs)
1075{
1076 if (vs->csock == -1)
1077 return;
1078 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1079 closesocket(vs->csock);
1080 vs->csock = -1;
1081}
1082
1083static void vnc_disconnect_finish(VncState *vs)
1084{
0d72f3d3
LC		 1085 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1086
fa0cfdf2
SW		 1087 if (vs->input.buffer) {
1088 qemu_free(vs->input.buffer);
1089 vs->input.buffer = NULL;
1090 }
1091 if (vs->output.buffer) {
1092 qemu_free(vs->output.buffer);
1093 vs->output.buffer = NULL;
1094 }
4a80dba3
LC		 1095
1096 qobject_decref(vs->info);
1097
198a0039
GH		 1098#ifdef CONFIG_VNC_TLS
1099 vnc_tls_client_cleanup(vs);
1100#endif /* CONFIG_VNC_TLS */
1101#ifdef CONFIG_VNC_SASL
1102 vnc_sasl_client_cleanup(vs);
1103#endif /* CONFIG_VNC_SASL */
1104 audio_del(vs);
1105
41b4bef6
AS		 1106 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1107
1108 if (QTAILQ_EMPTY(&vs->vd->clients)) {
198a0039 1109 dcl->idle = 1;
41b4bef6 1110 }
198a0039 1111
703bc68f 1112 vnc_remove_timer(vs->vd);
3a0558b5
GH		 1113 if (vs->vd->lock_key_sync)
1114 qemu_remove_led_event_handler(vs->led);
5d95ac5b 1115 qemu_free(vs);
198a0039 1116}
2f9606b3
AL		 1117
1118int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 1119{
1120 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 1121 if (ret == -1) {
1122 switch (last_errno) {
1123 case EINTR:
1124 case EAGAIN:
1125#ifdef _WIN32
1126 case WSAEWOULDBLOCK:
1127#endif
1128 return 0;
1129 default:
1130 break;
1131 }
1132 }
24236869 1133
198a0039
GH		 1134 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1135 ret, ret < 0 ? last_errno : 0);
1136 vnc_disconnect_start(vs);
6baebed7 1137
28a76be8 1138 return 0;
24236869
FB		 1139 }
1140 return ret;
1141}
1142
5fb6c7a8
AL		 1143
1144void vnc_client_error(VncState *vs)
24236869 1145{
198a0039
GH		 1146 VNC_DEBUG("Closing down client sock: protocol error\n");
1147 vnc_disconnect_start(vs);
24236869
FB		 1148}
1149
2f9606b3
AL		 1150
1151/*
1152 * Called to write a chunk of data to the client socket. The data may
1153 * be the raw data, or may have already been encoded by SASL.
1154 * The data will be written either straight onto the socket, or
1155 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1156 *
1157 * NB, it is theoretically possible to have 2 layers of encryption,
1158 * both SASL, and this TLS layer. It is highly unlikely in practice
1159 * though, since SASL encryption will typically be a no-op if TLS
1160 * is active
1161 *
1162 * Returns the number of bytes written, which may be less than
1163 * the requested 'datalen' if the socket would block. Returns
1164 * -1 on error, and disconnects the client socket.
1165 */
1166long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
24236869 1167{
ceb5caaf 1168 long ret;
eb38c52c 1169#ifdef CONFIG_VNC_TLS
5fb6c7a8 1170 if (vs->tls.session) {
28a76be8
AL		 1171 ret = gnutls_write(vs->tls.session, data, datalen);
1172 if (ret < 0) {
1173 if (ret == GNUTLS_E_AGAIN)
1174 errno = EAGAIN;
1175 else
1176 errno = EIO;
1177 ret = -1;
1178 }
8d5d2d4c
TS		 1179 } else
1180#endif /* CONFIG_VNC_TLS */
70503264 1181 ret = send(vs->csock, (const void *)data, datalen, 0);
23decc87 1182 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1183 return vnc_client_io_error(vs, ret, socket_error());
1184}
1185
1186
1187/*
1188 * Called to write buffered data to the client socket, when not
1189 * using any SASL SSF encryption layers. Will write as much data
1190 * as possible without blocking. If all buffered data is written,
1191 * will switch the FD poll() handler back to read monitoring.
1192 *
1193 * Returns the number of bytes written, which may be less than
1194 * the buffered output data if the socket would block. Returns
1195 * -1 on error, and disconnects the client socket.
1196 */
1197static long vnc_client_write_plain(VncState *vs)
1198{
1199 long ret;
1200
1201#ifdef CONFIG_VNC_SASL
23decc87 1202 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
2f9606b3
AL		 1203 vs->output.buffer, vs->output.capacity, vs->output.offset,
1204 vs->sasl.waitWriteSSF);
1205
1206 if (vs->sasl.conn &&
1207 vs->sasl.runSSF &&
1208 vs->sasl.waitWriteSSF) {
1209 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1210 if (ret)
1211 vs->sasl.waitWriteSSF -= ret;
1212 } else
1213#endif /* CONFIG_VNC_SASL */
1214 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
24236869 1215 if (!ret)
2f9606b3 1216 return 0;
24236869
FB		 1217
1218 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1219 vs->output.offset -= ret;
1220
1221 if (vs->output.offset == 0) {
28a76be8 1222 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
24236869 1223 }
2f9606b3
AL		 1224
1225 return ret;
1226}
1227
1228
1229/*
1230 * First function called whenever there is data to be written to
1231 * the client socket. Will delegate actual work according to whether
1232 * SASL SSF layers are enabled (thus requiring encryption calls)
1233 */
1234void vnc_client_write(void *opaque)
1235{
1236 long ret;
1237 VncState *vs = opaque;
1238
1239#ifdef CONFIG_VNC_SASL
1240 if (vs->sasl.conn &&
1241 vs->sasl.runSSF &&
1242 !vs->sasl.waitWriteSSF)
1243 ret = vnc_client_write_sasl(vs);
1244 else
1245#endif /* CONFIG_VNC_SASL */
1246 ret = vnc_client_write_plain(vs);
24236869
FB		 1247}
1248
5fb6c7a8 1249void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
24236869
FB		 1250{
1251 vs->read_handler = func;
1252 vs->read_handler_expect = expecting;
1253}
1254
2f9606b3
AL		 1255
1256/*
1257 * Called to read a chunk of data from the client socket. The data may
1258 * be the raw data, or may need to be further decoded by SASL.
1259 * The data will be read either straight from to the socket, or
1260 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1261 *
1262 * NB, it is theoretically possible to have 2 layers of encryption,
1263 * both SASL, and this TLS layer. It is highly unlikely in practice
1264 * though, since SASL encryption will typically be a no-op if TLS
1265 * is active
1266 *
1267 * Returns the number of bytes read, which may be less than
1268 * the requested 'datalen' if the socket would block. Returns
1269 * -1 on error, and disconnects the client socket.
1270 */
1271long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
24236869 1272{
ceb5caaf 1273 long ret;
eb38c52c 1274#ifdef CONFIG_VNC_TLS
5fb6c7a8 1275 if (vs->tls.session) {
28a76be8
AL		 1276 ret = gnutls_read(vs->tls.session, data, datalen);
1277 if (ret < 0) {
1278 if (ret == GNUTLS_E_AGAIN)
1279 errno = EAGAIN;
1280 else
1281 errno = EIO;
1282 ret = -1;
1283 }
8d5d2d4c
TS		 1284 } else
1285#endif /* CONFIG_VNC_TLS */
c5b76b38 1286 ret = recv(vs->csock, (void *)data, datalen, 0);
23decc87 1287 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
2f9606b3
AL		 1288 return vnc_client_io_error(vs, ret, socket_error());
1289}
24236869 1290
2f9606b3
AL		 1291
1292/*
1293 * Called to read data from the client socket to the input buffer,
1294 * when not using any SASL SSF encryption layers. Will read as much
1295 * data as possible without blocking.
1296 *
1297 * Returns the number of bytes read. Returns -1 on error, and
1298 * disconnects the client socket.
1299 */
1300static long vnc_client_read_plain(VncState *vs)
1301{
1302 int ret;
23decc87 1303 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
2f9606b3
AL		 1304 vs->input.buffer, vs->input.capacity, vs->input.offset);
1305 buffer_reserve(&vs->input, 4096);
1306 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1307 if (!ret)
1308 return 0;
24236869 1309 vs->input.offset += ret;
2f9606b3
AL		 1310 return ret;
1311}
1312
1313
1314/*
1315 * First function called whenever there is more data to be read from
1316 * the client socket. Will delegate actual work according to whether
1317 * SASL SSF layers are enabled (thus requiring decryption calls)
1318 */
1319void vnc_client_read(void *opaque)
1320{
1321 VncState *vs = opaque;
1322 long ret;
1323
1324#ifdef CONFIG_VNC_SASL
1325 if (vs->sasl.conn && vs->sasl.runSSF)
1326 ret = vnc_client_read_sasl(vs);
1327 else
1328#endif /* CONFIG_VNC_SASL */
1329 ret = vnc_client_read_plain(vs);
198a0039
GH		 1330 if (!ret) {
1331 if (vs->csock == -1)
1332 vnc_disconnect_finish(vs);
28a76be8 1333 return;
198a0039 1334 }
24236869
FB		 1335
1336 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
28a76be8
AL		 1337 size_t len = vs->read_handler_expect;
1338 int ret;
1339
1340 ret = vs->read_handler(vs, vs->input.buffer, len);
198a0039
GH		 1341 if (vs->csock == -1) {
1342 vnc_disconnect_finish(vs);
28a76be8 1343 return;
198a0039 1344 }
28a76be8
AL		 1345
1346 if (!ret) {
1347 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1348 vs->input.offset -= len;
1349 } else {
1350 vs->read_handler_expect = ret;
1351 }
24236869
FB		 1352 }
1353}
1354
5fb6c7a8 1355void vnc_write(VncState *vs, const void *data, size_t len)
24236869
FB		 1356{
1357 buffer_reserve(&vs->output, len);
1358
198a0039 1359 if (vs->csock != -1 && buffer_empty(&vs->output)) {
28a76be8 1360 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
24236869
FB		 1361 }
1362
1363 buffer_append(&vs->output, data, len);
1364}
1365
5fb6c7a8 1366void vnc_write_s32(VncState *vs, int32_t value)
24236869
FB		 1367{
1368 vnc_write_u32(vs, *(uint32_t *)&value);
1369}
1370
5fb6c7a8 1371void vnc_write_u32(VncState *vs, uint32_t value)
24236869
FB		 1372{
1373 uint8_t buf[4];
1374
1375 buf[0] = (value >> 24) & 0xFF;
1376 buf[1] = (value >> 16) & 0xFF;
1377 buf[2] = (value >> 8) & 0xFF;
1378 buf[3] = value & 0xFF;
1379
1380 vnc_write(vs, buf, 4);
1381}
1382
5fb6c7a8 1383void vnc_write_u16(VncState *vs, uint16_t value)
24236869 1384{
64f5a135 1385 uint8_t buf[2];
24236869
FB		 1386
1387 buf[0] = (value >> 8) & 0xFF;
1388 buf[1] = value & 0xFF;
1389
1390 vnc_write(vs, buf, 2);
1391}
1392
5fb6c7a8 1393void vnc_write_u8(VncState *vs, uint8_t value)
24236869
FB		 1394{
1395 vnc_write(vs, (char *)&value, 1);
1396}
1397
5fb6c7a8 1398void vnc_flush(VncState *vs)
24236869 1399{
198a0039 1400 if (vs->csock != -1 && vs->output.offset)
28a76be8 1401 vnc_client_write(vs);
24236869
FB		 1402}
1403
5fb6c7a8 1404uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 1405{
1406 return data[offset];
1407}
1408
5fb6c7a8 1409uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 1410{
1411 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1412}
1413
5fb6c7a8 1414int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 1415{
1416 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1417 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1418}
1419
5fb6c7a8 1420uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 1421{
1422 return ((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1423 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1424}
1425
60fe76f3 1426static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 1427{
1428}
1429
564c337e
FB		 1430static void check_pointer_type_change(VncState *vs, int absolute)
1431{
29fa4ed9 1432 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
28a76be8
AL		 1433 vnc_write_u8(vs, 0);
1434 vnc_write_u8(vs, 0);
1435 vnc_write_u16(vs, 1);
1436 vnc_framebuffer_update(vs, absolute, 0,
1437 ds_get_width(vs->ds), ds_get_height(vs->ds),
29fa4ed9 1438 VNC_ENCODING_POINTER_TYPE_CHANGE);
28a76be8 1439 vnc_flush(vs);
564c337e
FB		 1440 }
1441 vs->absolute = absolute;
1442}
1443
24236869
FB		 1444static void pointer_event(VncState *vs, int button_mask, int x, int y)
1445{
1446 int buttons = 0;
1447 int dz = 0;
1448
1449 if (button_mask & 0x01)
28a76be8 1450 buttons |= MOUSE_EVENT_LBUTTON;
24236869 1451 if (button_mask & 0x02)
28a76be8 1452 buttons |= MOUSE_EVENT_MBUTTON;
24236869 1453 if (button_mask & 0x04)
28a76be8 1454 buttons |= MOUSE_EVENT_RBUTTON;
24236869 1455 if (button_mask & 0x08)
28a76be8 1456 dz = -1;
24236869 1457 if (button_mask & 0x10)
28a76be8 1458 dz = 1;
564c337e
FB		 1459
1460 if (vs->absolute) {
cc39a92c
CW		 1461 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1462 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1463 ds_get_height(vs->ds) > 1 ?
1464 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
28a76be8 1465 dz, buttons);
29fa4ed9 1466 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
28a76be8
AL		 1467 x -= 0x7FFF;
1468 y -= 0x7FFF;
24236869 1469
28a76be8 1470 kbd_mouse_event(x, y, dz, buttons);
564c337e 1471 } else {
28a76be8
AL		 1472 if (vs->last_x != -1)
1473 kbd_mouse_event(x - vs->last_x,
1474 y - vs->last_y,
1475 dz, buttons);
1476 vs->last_x = x;
1477 vs->last_y = y;
24236869 1478 }
564c337e
FB		 1479
1480 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1481}
1482
64f5a135
FB		 1483static void reset_keys(VncState *vs)
1484{
1485 int i;
1486 for(i = 0; i < 256; i++) {
1487 if (vs->modifiers_state[i]) {
44bb61c8
ST		 1488 if (i & SCANCODE_GREY)
1489 kbd_put_keycode(SCANCODE_EMUL0);
1490 kbd_put_keycode(i | SCANCODE_UP);
64f5a135
FB		 1491 vs->modifiers_state[i] = 0;
1492 }
1493 }
1494}
1495
a528b80c
AZ		 1496static void press_key(VncState *vs, int keysym)
1497{
44bb61c8
ST		 1498 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1499 if (keycode & SCANCODE_GREY)
1500 kbd_put_keycode(SCANCODE_EMUL0);
1501 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1502 if (keycode & SCANCODE_GREY)
1503 kbd_put_keycode(SCANCODE_EMUL0);
1504 kbd_put_keycode(keycode | SCANCODE_UP);
a528b80c
AZ		 1505}
1506
7ffb82ca
GH		 1507static void kbd_leds(void *opaque, int ledstate)
1508{
1509 VncState *vs = opaque;
1510 int caps, num;
1511
1512 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1513 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1514
1515 if (vs->modifiers_state[0x3a] != caps) {
1516 vs->modifiers_state[0x3a] = caps;
1517 }
1518 if (vs->modifiers_state[0x45] != num) {
1519 vs->modifiers_state[0x45] = num;
1520 }
1521}
1522
9ca313aa 1523static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 1524{
64f5a135
FB		 1525 /* QEMU console switch */
1526 switch(keycode) {
1527 case 0x2a: /* Left Shift */
1528 case 0x36: /* Right Shift */
1529 case 0x1d: /* Left CTRL */
1530 case 0x9d: /* Right CTRL */
1531 case 0x38: /* Left ALT */
1532 case 0xb8: /* Right ALT */
1533 if (down)
1534 vs->modifiers_state[keycode] = 1;
1535 else
1536 vs->modifiers_state[keycode] = 0;
1537 break;
5fafdf24 1538 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1539 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1540 /* Reset the modifiers sent to the current console */
1541 reset_keys(vs);
1542 console_select(keycode - 0x02);
1543 return;
1544 }
1545 break;
28a76be8
AL		 1546 case 0x3a: /* CapsLock */
1547 case 0x45: /* NumLock */
7ffb82ca 1548 if (down)
a528b80c
AZ		 1549 vs->modifiers_state[keycode] ^= 1;
1550 break;
1551 }
1552
3a0558b5
GH		 1553 if (vs->vd->lock_key_sync &&
1554 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
a528b80c
AZ		 1555 /* If the numlock state needs to change then simulate an additional
1556 keypress before sending this one. This will happen if the user
1557 toggles numlock away from the VNC window.
1558 */
753b4053 1559 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
a528b80c
AZ		 1560 if (!vs->modifiers_state[0x45]) {
1561 vs->modifiers_state[0x45] = 1;
1562 press_key(vs, 0xff7f);
1563 }
1564 } else {
1565 if (vs->modifiers_state[0x45]) {
1566 vs->modifiers_state[0x45] = 0;
1567 press_key(vs, 0xff7f);
1568 }
1569 }
64f5a135 1570 }
24236869 1571
3a0558b5
GH		 1572 if (vs->vd->lock_key_sync &&
1573 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
6b132502
GH		 1574 /* If the capslock state needs to change then simulate an additional
1575 keypress before sending this one. This will happen if the user
1576 toggles capslock away from the VNC window.
1577 */
1578 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1579 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1580 int capslock = !!(vs->modifiers_state[0x3a]);
1581 if (capslock) {
1582 if (uppercase == shift) {
1583 vs->modifiers_state[0x3a] = 0;
1584 press_key(vs, 0xffe5);
1585 }
1586 } else {
1587 if (uppercase != shift) {
1588 vs->modifiers_state[0x3a] = 1;
1589 press_key(vs, 0xffe5);
1590 }
1591 }
1592 }
1593
64f5a135 1594 if (is_graphic_console()) {
44bb61c8
ST		 1595 if (keycode & SCANCODE_GREY)
1596 kbd_put_keycode(SCANCODE_EMUL0);
64f5a135 1597 if (down)
44bb61c8 1598 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
64f5a135 1599 else
44bb61c8 1600 kbd_put_keycode(keycode | SCANCODE_UP);
64f5a135
FB		 1601 } else {
1602 /* QEMU console emulation */
1603 if (down) {
bb0a18e1 1604 int numlock = vs->modifiers_state[0x45];
64f5a135
FB		 1605 switch (keycode) {
1606 case 0x2a: /* Left Shift */
1607 case 0x36: /* Right Shift */
1608 case 0x1d: /* Left CTRL */
1609 case 0x9d: /* Right CTRL */
1610 case 0x38: /* Left ALT */
1611 case 0xb8: /* Right ALT */
1612 break;
1613 case 0xc8:
1614 kbd_put_keysym(QEMU_KEY_UP);
1615 break;
1616 case 0xd0:
1617 kbd_put_keysym(QEMU_KEY_DOWN);
1618 break;
1619 case 0xcb:
1620 kbd_put_keysym(QEMU_KEY_LEFT);
1621 break;
1622 case 0xcd:
1623 kbd_put_keysym(QEMU_KEY_RIGHT);
1624 break;
1625 case 0xd3:
1626 kbd_put_keysym(QEMU_KEY_DELETE);
1627 break;
1628 case 0xc7:
1629 kbd_put_keysym(QEMU_KEY_HOME);
1630 break;
1631 case 0xcf:
1632 kbd_put_keysym(QEMU_KEY_END);
1633 break;
1634 case 0xc9:
1635 kbd_put_keysym(QEMU_KEY_PAGEUP);
1636 break;
1637 case 0xd1:
1638 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1639 break;
bb0a18e1
GH		 1640
1641 case 0x47:
1642 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1643 break;
1644 case 0x48:
1645 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1646 break;
1647 case 0x49:
1648 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1649 break;
1650 case 0x4b:
1651 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1652 break;
1653 case 0x4c:
1654 kbd_put_keysym('5');
1655 break;
1656 case 0x4d:
1657 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1658 break;
1659 case 0x4f:
1660 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1661 break;
1662 case 0x50:
1663 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1664 break;
1665 case 0x51:
1666 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1667 break;
1668 case 0x52:
1669 kbd_put_keysym('0');
1670 break;
1671 case 0x53:
1672 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1673 break;
1674
1675 case 0xb5:
1676 kbd_put_keysym('/');
1677 break;
1678 case 0x37:
1679 kbd_put_keysym('*');
1680 break;
1681 case 0x4a:
1682 kbd_put_keysym('-');
1683 break;
1684 case 0x4e:
1685 kbd_put_keysym('+');
1686 break;
1687 case 0x9c:
1688 kbd_put_keysym('\n');
1689 break;
1690
64f5a135
FB		 1691 default:
1692 kbd_put_keysym(sym);
1693 break;
1694 }
1695 }
1696 }
24236869
FB		 1697}
1698
bdbd7676
FB		 1699static void key_event(VncState *vs, int down, uint32_t sym)
1700{
9ca313aa 1701 int keycode;
4a93fe17 1702 int lsym = sym;
9ca313aa 1703
4a93fe17
GH		 1704 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1705 lsym = lsym - 'A' + 'a';
1706 }
9ca313aa 1707
44bb61c8 1708 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
9ca313aa
AL		 1709 do_key_event(vs, down, keycode, sym);
1710}
1711
1712static void ext_key_event(VncState *vs, int down,
1713 uint32_t sym, uint16_t keycode)
1714{
1715 /* if the user specifies a keyboard layout, always use it */
1716 if (keyboard_layout)
1717 key_event(vs, down, sym);
1718 else
1719 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1720}
1721
24236869 1722static void framebuffer_update_request(VncState *vs, int incremental,
28a76be8
AL		 1723 int x_position, int y_position,
1724 int w, int h)
24236869 1725{
0e1f5a0c
AL		 1726 if (x_position > ds_get_width(vs->ds))
1727 x_position = ds_get_width(vs->ds);
1728 if (y_position > ds_get_height(vs->ds))
1729 y_position = ds_get_height(vs->ds);
1730 if (x_position + w >= ds_get_width(vs->ds))
1731 w = ds_get_width(vs->ds) - x_position;
1732 if (y_position + h >= ds_get_height(vs->ds))
1733 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1734
24236869
FB		 1735 int i;
1736 vs->need_update = 1;
1737 if (!incremental) {
24cf0a6e 1738 vs->force_update = 1;
28a76be8 1739 for (i = 0; i < h; i++) {
1fc62412 1740 vnc_set_bits(vs->dirty[y_position + i],
0e1f5a0c 1741 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
28a76be8 1742 }
24236869
FB		 1743 }
1744}
1745
9ca313aa
AL		 1746static void send_ext_key_event_ack(VncState *vs)
1747{
1748 vnc_write_u8(vs, 0);
1749 vnc_write_u8(vs, 0);
1750 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1751 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1752 VNC_ENCODING_EXT_KEY_EVENT);
9ca313aa
AL		 1753 vnc_flush(vs);
1754}
1755
429a8ed3 1756static void send_ext_audio_ack(VncState *vs)
1757{
1758 vnc_write_u8(vs, 0);
1759 vnc_write_u8(vs, 0);
1760 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1761 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1762 VNC_ENCODING_AUDIO);
429a8ed3 1763 vnc_flush(vs);
1764}
1765
24236869
FB		 1766static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1767{
1768 int i;
29fa4ed9 1769 unsigned int enc = 0;
24236869 1770
059cef40 1771 vnc_zlib_init(vs);
29fa4ed9 1772 vs->features = 0;
fb437313
AL		 1773 vs->vnc_encoding = 0;
1774 vs->tight_compression = 9;
1775 vs->tight_quality = 9;
564c337e 1776 vs->absolute = -1;
24236869
FB		 1777
1778 for (i = n_encodings - 1; i >= 0; i--) {
29fa4ed9
AL		 1779 enc = encodings[i];
1780 switch (enc) {
1781 case VNC_ENCODING_RAW:
fb437313 1782 vs->vnc_encoding = enc;
29fa4ed9
AL		 1783 break;
1784 case VNC_ENCODING_COPYRECT:
753b4053 1785 vs->features |= VNC_FEATURE_COPYRECT_MASK;
29fa4ed9
AL		 1786 break;
1787 case VNC_ENCODING_HEXTILE:
1788 vs->features |= VNC_FEATURE_HEXTILE_MASK;
fb437313 1789 vs->vnc_encoding = enc;
29fa4ed9 1790 break;
059cef40
AL		 1791 case VNC_ENCODING_ZLIB:
1792 vs->features |= VNC_FEATURE_ZLIB_MASK;
1793 vs->vnc_encoding = enc;
1794 break;
29fa4ed9
AL		 1795 case VNC_ENCODING_DESKTOPRESIZE:
1796 vs->features |= VNC_FEATURE_RESIZE_MASK;
1797 break;
1798 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1799 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1800 break;
1801 case VNC_ENCODING_EXT_KEY_EVENT:
9ca313aa
AL		 1802 send_ext_key_event_ack(vs);
1803 break;
29fa4ed9 1804 case VNC_ENCODING_AUDIO:
429a8ed3 1805 send_ext_audio_ack(vs);
1806 break;
29fa4ed9
AL		 1807 case VNC_ENCODING_WMVi:
1808 vs->features |= VNC_FEATURE_WMVI_MASK;
ca4cca4d 1809 break;
fb437313
AL		 1810 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1811 vs->tight_compression = (enc & 0x0F);
1812 break;
1813 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1814 vs->tight_quality = (enc & 0x0F);
1815 break;
29fa4ed9
AL		 1816 default:
1817 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1818 break;
1819 }
24236869 1820 }
564c337e
FB		 1821
1822 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1823}
1824
6cec5487
AL		 1825static void set_pixel_conversion(VncState *vs)
1826{
1827 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1828 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1829 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1830 vs->write_pixels = vnc_write_pixels_copy;
1831 switch (vs->ds->surface->pf.bits_per_pixel) {
1832 case 8:
1833 vs->send_hextile_tile = send_hextile_tile_8;
1834 break;
1835 case 16:
1836 vs->send_hextile_tile = send_hextile_tile_16;
1837 break;
1838 case 32:
1839 vs->send_hextile_tile = send_hextile_tile_32;
1840 break;
1841 }
1842 } else {
1843 vs->write_pixels = vnc_write_pixels_generic;
1844 switch (vs->ds->surface->pf.bits_per_pixel) {
1845 case 8:
1846 vs->send_hextile_tile = send_hextile_tile_generic_8;
1847 break;
1848 case 16:
1849 vs->send_hextile_tile = send_hextile_tile_generic_16;
1850 break;
1851 case 32:
1852 vs->send_hextile_tile = send_hextile_tile_generic_32;
1853 break;
1854 }
1855 }
1856}
1857
24236869 1858static void set_pixel_format(VncState *vs,
28a76be8
AL		 1859 int bits_per_pixel, int depth,
1860 int big_endian_flag, int true_color_flag,
1861 int red_max, int green_max, int blue_max,
1862 int red_shift, int green_shift, int blue_shift)
24236869 1863{
3512779a 1864 if (!true_color_flag) {
28a76be8 1865 vnc_client_error(vs);
3512779a
FB		 1866 return;
1867 }
24236869 1868
1fc62412 1869 vs->clientds = *(vs->vd->guest.ds);
6cec5487 1870 vs->clientds.pf.rmax = red_max;
90a1e3c0 1871 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1872 vs->clientds.pf.rshift = red_shift;
1873 vs->clientds.pf.rmask = red_max << red_shift;
1874 vs->clientds.pf.gmax = green_max;
90a1e3c0 1875 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1876 vs->clientds.pf.gshift = green_shift;
1877 vs->clientds.pf.gmask = green_max << green_shift;
1878 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1879 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1880 vs->clientds.pf.bshift = blue_shift;
1881 vs->clientds.pf.bmask = blue_max << blue_shift;
1882 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1883 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1884 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1885 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1886
1887 set_pixel_conversion(vs);
24236869
FB		 1888
1889 vga_hw_invalidate();
1890 vga_hw_update();
1891}
1892
ca4cca4d
AL		 1893static void pixel_format_message (VncState *vs) {
1894 char pad[3] = { 0, 0, 0 };
1895
6cec5487
AL		 1896 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1897 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d 1898
e2542fe2 1899#ifdef HOST_WORDS_BIGENDIAN
ca4cca4d
AL		 1900 vnc_write_u8(vs, 1); /* big-endian-flag */
1901#else
1902 vnc_write_u8(vs, 0); /* big-endian-flag */
1903#endif
1904 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1905 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1906 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1907 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1908 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1909 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1910 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1911 if (vs->ds->surface->pf.bits_per_pixel == 32)
ca4cca4d 1912 vs->send_hextile_tile = send_hextile_tile_32;
6cec5487 1913 else if (vs->ds->surface->pf.bits_per_pixel == 16)
ca4cca4d 1914 vs->send_hextile_tile = send_hextile_tile_16;
6cec5487 1915 else if (vs->ds->surface->pf.bits_per_pixel == 8)
ca4cca4d 1916 vs->send_hextile_tile = send_hextile_tile_8;
6cec5487 1917 vs->clientds = *(vs->ds->surface);
3cded540 1918 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1919 vs->write_pixels = vnc_write_pixels_copy;
1920
1921 vnc_write(vs, pad, 3); /* padding */
1922}
1923
7d957bd8
AL		 1924static void vnc_dpy_setdata(DisplayState *ds)
1925{
1926 /* We don't have to do anything */
1927}
1928
753b4053 1929static void vnc_colordepth(VncState *vs)
7eac3a87 1930{
753b4053 1931 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
ca4cca4d
AL		 1932 /* Sending a WMVi message to notify the client*/
1933 vnc_write_u8(vs, 0); /* msg id */
1934 vnc_write_u8(vs, 0);
1935 vnc_write_u16(vs, 1); /* number of rects */
753b4053
AL		 1936 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1937 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
ca4cca4d
AL		 1938 pixel_format_message(vs);
1939 vnc_flush(vs);
7eac3a87 1940 } else {
6cec5487 1941 set_pixel_conversion(vs);
7eac3a87
AL		 1942 }
1943}
1944
60fe76f3 1945static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1946{
1947 int i;
1948 uint16_t limit;
2430ffe4
SS		 1949 VncDisplay *vd = vs->vd;
1950
1951 if (data[0] > 3) {
1952 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1953 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1954 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1955 }
24236869
FB		 1956
1957 switch (data[0]) {
1958 case 0:
28a76be8
AL		 1959 if (len == 1)
1960 return 20;
1961
1962 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1963 read_u8(data, 6), read_u8(data, 7),
1964 read_u16(data, 8), read_u16(data, 10),
1965 read_u16(data, 12), read_u8(data, 14),
1966 read_u8(data, 15), read_u8(data, 16));
1967 break;
24236869 1968 case 2:
28a76be8
AL		 1969 if (len == 1)
1970 return 4;
24236869 1971
28a76be8 1972 if (len == 4) {
69dd5c9f
AL		 1973 limit = read_u16(data, 2);
1974 if (limit > 0)
1975 return 4 + (limit * 4);
1976 } else
1977 limit = read_u16(data, 2);
24236869 1978
28a76be8
AL		 1979 for (i = 0; i < limit; i++) {
1980 int32_t val = read_s32(data, 4 + (i * 4));
1981 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1982 }
24236869 1983
28a76be8
AL		 1984 set_encodings(vs, (int32_t *)(data + 4), limit);
1985 break;
24236869 1986 case 3:
28a76be8
AL		 1987 if (len == 1)
1988 return 10;
24236869 1989
28a76be8
AL		 1990 framebuffer_update_request(vs,
1991 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1992 read_u16(data, 6), read_u16(data, 8));
1993 break;
24236869 1994 case 4:
28a76be8
AL		 1995 if (len == 1)
1996 return 8;
24236869 1997
28a76be8
AL		 1998 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1999 break;
24236869 2000 case 5:
28a76be8
AL		 2001 if (len == 1)
2002 return 6;
24236869 2003
28a76be8
AL		 2004 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2005 break;
24236869 2006 case 6:
28a76be8
AL		 2007 if (len == 1)
2008 return 8;
24236869 2009
28a76be8 2010 if (len == 8) {
baa7666c
TS		 2011 uint32_t dlen = read_u32(data, 4);
2012 if (dlen > 0)
2013 return 8 + dlen;
2014 }
24236869 2015
28a76be8
AL		 2016 client_cut_text(vs, read_u32(data, 4), data + 8);
2017 break;
9ca313aa
AL		 2018 case 255:
2019 if (len == 1)
2020 return 2;
2021
2022 switch (read_u8(data, 1)) {
2023 case 0:
2024 if (len == 2)
2025 return 12;
2026
2027 ext_key_event(vs, read_u16(data, 2),
2028 read_u32(data, 4), read_u32(data, 8));
2029 break;
429a8ed3 2030 case 1:
2031 if (len == 2)
2032 return 4;
2033
2034 switch (read_u16 (data, 2)) {
2035 case 0:
2036 audio_add(vs);
2037 break;
2038 case 1:
2039 audio_del(vs);
2040 break;
2041 case 2:
2042 if (len == 4)
2043 return 10;
2044 switch (read_u8(data, 4)) {
2045 case 0: vs->as.fmt = AUD_FMT_U8; break;
2046 case 1: vs->as.fmt = AUD_FMT_S8; break;
2047 case 2: vs->as.fmt = AUD_FMT_U16; break;
2048 case 3: vs->as.fmt = AUD_FMT_S16; break;
2049 case 4: vs->as.fmt = AUD_FMT_U32; break;
2050 case 5: vs->as.fmt = AUD_FMT_S32; break;
2051 default:
2052 printf("Invalid audio format %d\n", read_u8(data, 4));
2053 vnc_client_error(vs);
2054 break;
2055 }
2056 vs->as.nchannels = read_u8(data, 5);
2057 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2058 printf("Invalid audio channel coount %d\n",
2059 read_u8(data, 5));
2060 vnc_client_error(vs);
2061 break;
2062 }
2063 vs->as.freq = read_u32(data, 6);
2064 break;
2065 default:
2066 printf ("Invalid audio message %d\n", read_u8(data, 4));
2067 vnc_client_error(vs);
2068 break;
2069 }
2070 break;
2071
9ca313aa
AL		 2072 default:
2073 printf("Msg: %d\n", read_u16(data, 0));
2074 vnc_client_error(vs);
2075 break;
2076 }
2077 break;
24236869 2078 default:
28a76be8
AL		 2079 printf("Msg: %d\n", data[0]);
2080 vnc_client_error(vs);
2081 break;
24236869 2082 }
5fafdf24 2083
24236869
FB		 2084 vnc_read_when(vs, protocol_client_msg, 1);
2085 return 0;
2086}
2087
60fe76f3 2088static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 2089{
c35734b2
TS		 2090 char buf[1024];
2091 int size;
24236869 2092
0e1f5a0c
AL		 2093 vnc_write_u16(vs, ds_get_width(vs->ds));
2094 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 2095
ca4cca4d 2096 pixel_format_message(vs);
24236869 2097
c35734b2
TS		 2098 if (qemu_name)
2099 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2100 else
2101 size = snprintf(buf, sizeof(buf), "QEMU");
2102
2103 vnc_write_u32(vs, size);
2104 vnc_write(vs, buf, size);
24236869
FB		 2105 vnc_flush(vs);
2106
4a80dba3 2107 vnc_client_cache_auth(vs);
0d2ed46a 2108 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
4a80dba3 2109
24236869
FB		 2110 vnc_read_when(vs, protocol_client_msg, 1);
2111
2112 return 0;
2113}
2114
5fb6c7a8
AL		 2115void start_client_init(VncState *vs)
2116{
2117 vnc_read_when(vs, protocol_client_init, 1);
2118}
2119
70848515
TS		 2120static void make_challenge(VncState *vs)
2121{
2122 int i;
2123
2124 srand(time(NULL)+getpid()+getpid()*987654+rand());
2125
2126 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2127 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2128}
2129
60fe76f3 2130static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 2131{
60fe76f3 2132 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 2133 int i, j, pwlen;
60fe76f3 2134 unsigned char key[8];
70848515 2135
753b4053 2136 if (!vs->vd->password || !vs->vd->password[0]) {
28a76be8
AL		 2137 VNC_DEBUG("No password configured on server");
2138 vnc_write_u32(vs, 1); /* Reject auth */
2139 if (vs->minor >= 8) {
2140 static const char err[] = "Authentication failed";
2141 vnc_write_u32(vs, sizeof(err));
2142 vnc_write(vs, err, sizeof(err));
2143 }
2144 vnc_flush(vs);
2145 vnc_client_error(vs);
2146 return 0;
70848515
TS		 2147 }
2148
2149 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2150
2151 /* Calculate the expected challenge response */
753b4053 2152 pwlen = strlen(vs->vd->password);
70848515 2153 for (i=0; i<sizeof(key); i++)
753b4053 2154 key[i] = i<pwlen ? vs->vd->password[i] : 0;
70848515
TS		 2155 deskey(key, EN0);
2156 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2157 des(response+j, response+j);
2158
2159 /* Compare expected vs actual challenge response */
2160 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
28a76be8
AL		 2161 VNC_DEBUG("Client challenge reponse did not match\n");
2162 vnc_write_u32(vs, 1); /* Reject auth */
2163 if (vs->minor >= 8) {
2164 static const char err[] = "Authentication failed";
2165 vnc_write_u32(vs, sizeof(err));
2166 vnc_write(vs, err, sizeof(err));
2167 }
2168 vnc_flush(vs);
2169 vnc_client_error(vs);
70848515 2170 } else {
28a76be8
AL		 2171 VNC_DEBUG("Accepting VNC challenge response\n");
2172 vnc_write_u32(vs, 0); /* Accept auth */
2173 vnc_flush(vs);
70848515 2174
5fb6c7a8 2175 start_client_init(vs);
70848515
TS		 2176 }
2177 return 0;
2178}
2179
5fb6c7a8 2180void start_auth_vnc(VncState *vs)
70848515
TS		 2181{
2182 make_challenge(vs);
2183 /* Send client a 'random' challenge */
2184 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2185 vnc_flush(vs);
2186
2187 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
469b15c6
TS		 2188}
2189
2190
60fe76f3 2191static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 2192{
2193 /* We only advertise 1 auth scheme at a time, so client
2194 * must pick the one we sent. Verify this */
753b4053 2195 if (data[0] != vs->vd->auth) { /* Reject auth */
1263b7d6 2196 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
70848515
TS		 2197 vnc_write_u32(vs, 1);
2198 if (vs->minor >= 8) {
2199 static const char err[] = "Authentication failed";
2200 vnc_write_u32(vs, sizeof(err));
2201 vnc_write(vs, err, sizeof(err));
2202 }
2203 vnc_client_error(vs);
2204 } else { /* Accept requested auth */
2205 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
753b4053 2206 switch (vs->vd->auth) {
70848515
TS		 2207 case VNC_AUTH_NONE:
2208 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 2209 if (vs->minor >= 8) {
2210 vnc_write_u32(vs, 0); /* Accept auth completion */
2211 vnc_flush(vs);
2212 }
5fb6c7a8 2213 start_client_init(vs);
70848515
TS		 2214 break;
2215
2216 case VNC_AUTH_VNC:
2217 VNC_DEBUG("Start VNC auth\n");
5fb6c7a8
AL		 2218 start_auth_vnc(vs);
2219 break;
70848515 2220
eb38c52c 2221#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2222 case VNC_AUTH_VENCRYPT:
2223 VNC_DEBUG("Accept VeNCrypt auth\n");;
5fb6c7a8
AL		 2224 start_auth_vencrypt(vs);
2225 break;
8d5d2d4c
TS		 2226#endif /* CONFIG_VNC_TLS */
2227
2f9606b3
AL		 2228#ifdef CONFIG_VNC_SASL
2229 case VNC_AUTH_SASL:
2230 VNC_DEBUG("Accept SASL auth\n");
2231 start_auth_sasl(vs);
2232 break;
2233#endif /* CONFIG_VNC_SASL */
2234
70848515 2235 default: /* Should not be possible, but just in case */
1263b7d6 2236 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
70848515
TS		 2237 vnc_write_u8(vs, 1);
2238 if (vs->minor >= 8) {
2239 static const char err[] = "Authentication failed";
2240 vnc_write_u32(vs, sizeof(err));
2241 vnc_write(vs, err, sizeof(err));
2242 }
2243 vnc_client_error(vs);
2244 }
2245 }
2246 return 0;
2247}
2248
60fe76f3 2249static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 2250{
2251 char local[13];
24236869
FB		 2252
2253 memcpy(local, version, 12);
2254 local[12] = 0;
2255
70848515 2256 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
28a76be8
AL		 2257 VNC_DEBUG("Malformed protocol version %s\n", local);
2258 vnc_client_error(vs);
2259 return 0;
24236869 2260 }
70848515
TS		 2261 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2262 if (vs->major != 3 ||
28a76be8
AL		 2263 (vs->minor != 3 &&
2264 vs->minor != 4 &&
2265 vs->minor != 5 &&
2266 vs->minor != 7 &&
2267 vs->minor != 8)) {
2268 VNC_DEBUG("Unsupported client version\n");
2269 vnc_write_u32(vs, VNC_AUTH_INVALID);
2270 vnc_flush(vs);
2271 vnc_client_error(vs);
2272 return 0;
70848515 2273 }
b0566f4f 2274 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 2275 * as equivalent to v3.3 by servers
2276 */
b0566f4f 2277 if (vs->minor == 4 || vs->minor == 5)
28a76be8 2278 vs->minor = 3;
70848515
TS		 2279
2280 if (vs->minor == 3) {
28a76be8 2281 if (vs->vd->auth == VNC_AUTH_NONE) {
70848515 2282 VNC_DEBUG("Tell client auth none\n");
753b4053 2283 vnc_write_u32(vs, vs->vd->auth);
70848515 2284 vnc_flush(vs);
28a76be8 2285 start_client_init(vs);
753b4053 2286 } else if (vs->vd->auth == VNC_AUTH_VNC) {
70848515 2287 VNC_DEBUG("Tell client VNC auth\n");
753b4053 2288 vnc_write_u32(vs, vs->vd->auth);
70848515
TS		 2289 vnc_flush(vs);
2290 start_auth_vnc(vs);
2291 } else {
753b4053 2292 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
70848515
TS		 2293 vnc_write_u32(vs, VNC_AUTH_INVALID);
2294 vnc_flush(vs);
2295 vnc_client_error(vs);
2296 }
2297 } else {
28a76be8
AL		 2298 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2299 vnc_write_u8(vs, 1); /* num auth */
2300 vnc_write_u8(vs, vs->vd->auth);
2301 vnc_read_when(vs, protocol_client_auth, 1);
2302 vnc_flush(vs);
70848515 2303 }
24236869
FB		 2304
2305 return 0;
2306}
2307
1fc62412
SS		 2308static int vnc_refresh_server_surface(VncDisplay *vd)
2309{
2310 int y;
2311 uint8_t *guest_row;
2312 uint8_t *server_row;
2313 int cmp_bytes;
2314 uint32_t width_mask[VNC_DIRTY_WORDS];
41b4bef6 2315 VncState *vs;
1fc62412
SS		 2316 int has_dirty = 0;
2317
2318 /*
2319 * Walk through the guest dirty map.
2320 * Check and copy modified bits from guest to server surface.
2321 * Update server dirty map.
2322 */
2323 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2324 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2325 guest_row = vd->guest.ds->data;
2326 server_row = vd->server->data;
2327 for (y = 0; y < vd->guest.ds->height; y++) {
2328 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2329 int x;
2330 uint8_t *guest_ptr;
2331 uint8_t *server_ptr;
2332
2333 guest_ptr = guest_row;
2334 server_ptr = server_row;
2335
2336 for (x = 0; x < vd->guest.ds->width;
2337 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2338 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2339 continue;
2340 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2341 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2342 continue;
2343 memcpy(server_ptr, guest_ptr, cmp_bytes);
41b4bef6 2344 QTAILQ_FOREACH(vs, &vd->clients, next) {
1fc62412 2345 vnc_set_bit(vs->dirty[y], (x / 16));
1fc62412
SS		 2346 }
2347 has_dirty++;
2348 }
2349 }
2350 guest_row += ds_get_linesize(vd->ds);
2351 server_row += ds_get_linesize(vd->ds);
2352 }
2353 return has_dirty;
2354}
2355
703bc68f
SS		 2356static void vnc_refresh(void *opaque)
2357{
2358 VncDisplay *vd = opaque;
41b4bef6
AS		 2359 VncState *vs, *vn;
2360 int has_dirty, rects = 0;
703bc68f
SS		 2361
2362 vga_hw_update();
2363
1fc62412
SS		 2364 has_dirty = vnc_refresh_server_surface(vd);
2365
41b4bef6 2366 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2430ffe4 2367 rects += vnc_update_client(vs, has_dirty);
6185c578 2368 /* vs might be free()ed here */
703bc68f 2369 }
83755c17
SS		 2370 /* vd->timer could be NULL now if the last client disconnected,
2371 * in this case don't update the timer */
2372 if (vd->timer == NULL)
2373 return;
703bc68f 2374
2430ffe4
SS		 2375 if (has_dirty && rects) {
2376 vd->timer_interval /= 2;
2377 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2378 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2379 } else {
2380 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2381 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2382 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2383 }
2384 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
703bc68f
SS		 2385}
2386
2387static void vnc_init_timer(VncDisplay *vd)
2388{
2430ffe4 2389 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
41b4bef6 2390 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
703bc68f 2391 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
1fc62412 2392 vnc_refresh(vd);
703bc68f
SS		 2393 }
2394}
2395
2396static void vnc_remove_timer(VncDisplay *vd)
2397{
41b4bef6 2398 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
703bc68f
SS		 2399 qemu_del_timer(vd->timer);
2400 qemu_free_timer(vd->timer);
2401 vd->timer = NULL;
2402 }
2403}
2404
753b4053 2405static void vnc_connect(VncDisplay *vd, int csock)
3aa3eea3 2406{
753b4053
AL		 2407 VncState *vs = qemu_mallocz(sizeof(VncState));
2408 vs->csock = csock;
2409
2410 VNC_DEBUG("New client on socket %d\n", csock);
7d957bd8 2411 dcl->idle = 0;
3aa3eea3
AZ		 2412 socket_set_nonblock(vs->csock);
2413 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
753b4053 2414
4a80dba3 2415 vnc_client_cache_addr(vs);
586153d9 2416 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
4a80dba3 2417
753b4053
AL		 2418 vs->vd = vd;
2419 vs->ds = vd->ds;
753b4053
AL		 2420 vs->last_x = -1;
2421 vs->last_y = -1;
2422
2423 vs->as.freq = 44100;
2424 vs->as.nchannels = 2;
2425 vs->as.fmt = AUD_FMT_S16;
2426 vs->as.endianness = 0;
2427
41b4bef6 2428 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
1fc62412
SS		 2429
2430 vga_hw_update();
2431
3aa3eea3
AZ		 2432 vnc_write(vs, "RFB 003.008\n", 12);
2433 vnc_flush(vs);
2434 vnc_read_when(vs, protocol_version, 12);
53762ddb 2435 reset_keys(vs);
3a0558b5
GH		 2436 if (vs->vd->lock_key_sync)
2437 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
753b4053 2438
703bc68f 2439 vnc_init_timer(vd);
1fc62412 2440
198a0039 2441 /* vs might be free()ed here */
3aa3eea3
AZ		 2442}
2443
24236869
FB		 2444static void vnc_listen_read(void *opaque)
2445{
753b4053 2446 VncDisplay *vs = opaque;
24236869
FB		 2447 struct sockaddr_in addr;
2448 socklen_t addrlen = sizeof(addr);
2449
9f60ad50
AZ		 2450 /* Catch-up */
2451 vga_hw_update();
2452
40ff6d7e 2453 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
753b4053
AL		 2454 if (csock != -1) {
2455 vnc_connect(vs, csock);
24236869
FB		 2456 }
2457}
2458
71cab5ca 2459void vnc_display_init(DisplayState *ds)
24236869 2460{
afd32160 2461 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
24236869 2462
7d957bd8 2463 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
24236869
FB		 2464
2465 ds->opaque = vs;
7d957bd8 2466 dcl->idle = 1;
753b4053 2467 vnc_display = vs;
24236869
FB		 2468
2469 vs->lsock = -1;
24236869
FB		 2470
2471 vs->ds = ds;
41b4bef6 2472 QTAILQ_INIT(&vs->clients);
24236869 2473
9ca313aa 2474 if (keyboard_layout)
0483755a 2475 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
9ca313aa 2476 else
0483755a 2477 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
24236869 2478
24236869 2479 if (!vs->kbd_layout)
28a76be8 2480 exit(1);
24236869 2481
753b4053 2482 dcl->dpy_copy = vnc_dpy_copy;
7d957bd8
AL		 2483 dcl->dpy_update = vnc_dpy_update;
2484 dcl->dpy_resize = vnc_dpy_resize;
2485 dcl->dpy_setdata = vnc_dpy_setdata;
7d957bd8 2486 register_displaychangelistener(ds, dcl);
71cab5ca
TS		 2487}
2488
6f43024c 2489
71cab5ca
TS		 2490void vnc_display_close(DisplayState *ds)
2491{
753b4053 2492 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
71cab5ca 2493
452b4d88
AL		 2494 if (!vs)
2495 return;
71cab5ca 2496 if (vs->display) {
28a76be8
AL		 2497 qemu_free(vs->display);
2498 vs->display = NULL;
71cab5ca
TS		 2499 }
2500 if (vs->lsock != -1) {
28a76be8
AL		 2501 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2502 close(vs->lsock);
2503 vs->lsock = -1;
71cab5ca 2504 }
70848515 2505 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2506#ifdef CONFIG_VNC_TLS
8d5d2d4c 2507 vs->subauth = VNC_AUTH_INVALID;
5fb6c7a8 2508 vs->tls.x509verify = 0;
8d5d2d4c 2509#endif
70848515
TS		 2510}
2511
2512int vnc_display_password(DisplayState *ds, const char *password)
2513{
753b4053 2514 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515 2515
7ef92331
ZA		 2516 if (!vs) {
2517 return -1;
2518 }
2519
70848515 2520 if (vs->password) {
28a76be8
AL		 2521 qemu_free(vs->password);
2522 vs->password = NULL;
70848515
TS		 2523 }
2524 if (password && password[0]) {
28a76be8
AL		 2525 if (!(vs->password = qemu_strdup(password)))
2526 return -1;
52c18be9
ZA		 2527 if (vs->auth == VNC_AUTH_NONE) {
2528 vs->auth = VNC_AUTH_VNC;
2529 }
2530 } else {
2531 vs->auth = VNC_AUTH_NONE;
70848515
TS		 2532 }
2533
2534 return 0;
71cab5ca
TS		 2535}
2536
f92f8afe
AL		 2537char *vnc_display_local_addr(DisplayState *ds)
2538{
2539 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2540
2541 return vnc_socket_local_addr("%s:%s", vs->lsock);
2542}
2543
70848515 2544int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2545{
753b4053 2546 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515
TS		 2547 const char *options;
2548 int password = 0;
3aa3eea3 2549 int reverse = 0;
eb38c52c 2550#ifdef CONFIG_VNC_TLS
3a702699 2551 int tls = 0, x509 = 0;
8d5d2d4c 2552#endif
2f9606b3
AL		 2553#ifdef CONFIG_VNC_SASL
2554 int sasl = 0;
2555 int saslErr;
2556#endif
76655d6d 2557 int acl = 0;
3a0558b5 2558 int lock_key_sync = 1;
71cab5ca 2559
753b4053 2560 if (!vnc_display)
452b4d88 2561 return -1;
71cab5ca 2562 vnc_display_close(ds);
70848515 2563 if (strcmp(display, "none") == 0)
28a76be8 2564 return 0;
24236869 2565
70848515 2566 if (!(vs->display = strdup(display)))
28a76be8 2567 return -1;
70848515
TS		 2568
2569 options = display;
2570 while ((options = strchr(options, ','))) {
28a76be8
AL		 2571 options++;
2572 if (strncmp(options, "password", 8) == 0) {
2573 password = 1; /* Require password auth */
2574 } else if (strncmp(options, "reverse", 7) == 0) {
2575 reverse = 1;
3a0558b5
GH		 2576 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2577 lock_key_sync = 0;
2f9606b3 2578#ifdef CONFIG_VNC_SASL
28a76be8
AL		 2579 } else if (strncmp(options, "sasl", 4) == 0) {
2580 sasl = 1; /* Require SASL auth */
2f9606b3 2581#endif
eb38c52c 2582#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2583 } else if (strncmp(options, "tls", 3) == 0) {
2584 tls = 1; /* Require TLS */
2585 } else if (strncmp(options, "x509", 4) == 0) {
2586 char *start, *end;
2587 x509 = 1; /* Require x509 certificates */
2588 if (strncmp(options, "x509verify", 10) == 0)
2589 vs->tls.x509verify = 1; /* ...and verify client certs */
2590
2591 /* Now check for 'x509=/some/path' postfix
2592 * and use that to setup x509 certificate/key paths */
2593 start = strchr(options, '=');
2594 end = strchr(options, ',');
2595 if (start && (!end || (start < end))) {
2596 int len = end ? end-(start+1) : strlen(start+1);
2597 char *path = qemu_strndup(start + 1, len);
2598
2599 VNC_DEBUG("Trying certificate path '%s'\n", path);
2600 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2601 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2602 qemu_free(path);
2603 qemu_free(vs->display);
2604 vs->display = NULL;
2605 return -1;
2606 }
2607 qemu_free(path);
2608 } else {
2609 fprintf(stderr, "No certificate path provided\n");
2610 qemu_free(vs->display);
2611 vs->display = NULL;
2612 return -1;
2613 }
8d5d2d4c 2614#endif
28a76be8
AL		 2615 } else if (strncmp(options, "acl", 3) == 0) {
2616 acl = 1;
2617 }
70848515
TS		 2618 }
2619
76655d6d
AL		 2620#ifdef CONFIG_VNC_TLS
2621 if (acl && x509 && vs->tls.x509verify) {
28a76be8
AL		 2622 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2623 fprintf(stderr, "Failed to create x509 dname ACL\n");
2624 exit(1);
2625 }
76655d6d
AL		 2626 }
2627#endif
2628#ifdef CONFIG_VNC_SASL
2629 if (acl && sasl) {
28a76be8
AL		 2630 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2631 fprintf(stderr, "Failed to create username ACL\n");
2632 exit(1);
2633 }
76655d6d
AL		 2634 }
2635#endif
2636
2f9606b3
AL		 2637 /*
2638 * Combinations we support here:
2639 *
2640 * - no-auth (clear text, no auth)
2641 * - password (clear text, weak auth)
2642 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2643 * - tls (encrypt, weak anonymous creds, no auth)
2644 * - tls + password (encrypt, weak anonymous creds, weak auth)
2645 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2646 * - tls + x509 (encrypt, good x509 creds, no auth)
2647 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2648 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2649 *
2650 * NB1. TLS is a stackable auth scheme.
2651 * NB2. the x509 schemes have option to validate a client cert dname
2652 */
70848515 2653 if (password) {
eb38c52c 2654#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2655 if (tls) {
2656 vs->auth = VNC_AUTH_VENCRYPT;
2657 if (x509) {
2658 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2659 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2660 } else {
2661 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2662 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2663 }
2664 } else {
2f9606b3 2665#endif /* CONFIG_VNC_TLS */
28a76be8
AL		 2666 VNC_DEBUG("Initializing VNC server with password auth\n");
2667 vs->auth = VNC_AUTH_VNC;
eb38c52c 2668#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2669 vs->subauth = VNC_AUTH_INVALID;
2670 }
2f9606b3
AL		 2671#endif /* CONFIG_VNC_TLS */
2672#ifdef CONFIG_VNC_SASL
2673 } else if (sasl) {
2674#ifdef CONFIG_VNC_TLS
2675 if (tls) {
2676 vs->auth = VNC_AUTH_VENCRYPT;
2677 if (x509) {
28a76be8 2678 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2f9606b3
AL		 2679 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2680 } else {
28a76be8 2681 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2f9606b3
AL		 2682 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2683 }
2684 } else {
2685#endif /* CONFIG_VNC_TLS */
28a76be8 2686 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2f9606b3
AL		 2687 vs->auth = VNC_AUTH_SASL;
2688#ifdef CONFIG_VNC_TLS
2689 vs->subauth = VNC_AUTH_INVALID;
2690 }
2691#endif /* CONFIG_VNC_TLS */
2692#endif /* CONFIG_VNC_SASL */
70848515 2693 } else {
eb38c52c 2694#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2695 if (tls) {
2696 vs->auth = VNC_AUTH_VENCRYPT;
2697 if (x509) {
2698 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2699 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2700 } else {
2701 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2702 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2703 }
2704 } else {
8d5d2d4c 2705#endif
28a76be8
AL		 2706 VNC_DEBUG("Initializing VNC server with no auth\n");
2707 vs->auth = VNC_AUTH_NONE;
eb38c52c 2708#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2709 vs->subauth = VNC_AUTH_INVALID;
2710 }
8d5d2d4c 2711#endif
70848515 2712 }
24236869 2713
2f9606b3
AL		 2714#ifdef CONFIG_VNC_SASL
2715 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2716 fprintf(stderr, "Failed to initialize SASL auth %s",
2717 sasl_errstring(saslErr, NULL, NULL));
2718 free(vs->display);
2719 vs->display = NULL;
2720 return -1;
2721 }
2722#endif
3a0558b5 2723 vs->lock_key_sync = lock_key_sync;
2f9606b3 2724
3aa3eea3 2725 if (reverse) {
9712ecaf
AL		 2726 /* connect to viewer */
2727 if (strncmp(display, "unix:", 5) == 0)
2728 vs->lsock = unix_connect(display+5);
2729 else
2730 vs->lsock = inet_connect(display, SOCK_STREAM);
2731 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2732 free(vs->display);
2733 vs->display = NULL;
2734 return -1;
2735 } else {
753b4053 2736 int csock = vs->lsock;
3aa3eea3 2737 vs->lsock = -1;
753b4053 2738 vnc_connect(vs, csock);
3aa3eea3 2739 }
9712ecaf 2740 return 0;
24236869 2741
9712ecaf
AL		 2742 } else {
2743 /* listen for connects */
2744 char *dpy;
2745 dpy = qemu_malloc(256);
2746 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2747 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2748 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2749 } else {
2750 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2751 }
2752 if (-1 == vs->lsock) {
2753 free(dpy);
d0513623 2754 return -1;
9712ecaf
AL		 2755 } else {
2756 free(vs->display);
2757 vs->display = dpy;
2758 }
24236869 2759 }
753b4053 2760 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
24236869 2761}
QEMU mirror