]> git.proxmox.com Git - mirror_qemu.git/blame - vnc.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vnc: cleanup surface handling, fix screen corruption bug. (Gerd Hoffmann)
[mirror_qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
19a490bf 6 * Copyright (C) 2009 Red Hat, Inc
5fafdf24 7 *
7d510b8c
FB		 8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
19a490bf 27#include "vnc.h"
87ecb68b 28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
76655d6d 31#include "acl.h"
24236869
FB		 32
33#define VNC_REFRESH_INTERVAL (1000 / 30)
34
35#include "vnc_keysym.h"
70848515
TS		 36#include "d3des.h"
37
90a1e3c0
AL		 38#define count_bits(c, v) { \
39 for (c = 0; v; v >>= 1) \
40 { \
41 c += v & 1; \
42 } \
43}
8d5d2d4c 44
24236869 45
753b4053 46static VncDisplay *vnc_display; /* needed for info vnc */
7d957bd8 47static DisplayChangeListener *dcl;
a9ce8590 48
1ff7df1a
AL		 49static char *addr_to_string(const char *format,
50 struct sockaddr_storage *sa,
51 socklen_t salen) {
52 char *addr;
53 char host[NI_MAXHOST];
54 char serv[NI_MAXSERV];
55 int err;
457772e6 56 size_t addrlen;
1ff7df1a
AL		 57
58 if ((err = getnameinfo((struct sockaddr *)sa, salen,
59 host, sizeof(host),
60 serv, sizeof(serv),
61 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
62 VNC_DEBUG("Cannot resolve address %d: %s\n",
63 err, gai_strerror(err));
64 return NULL;
65 }
66
457772e6
AL		 67 /* Enough for the existing format + the 2 vars we're
68 * subsituting in. */
69 addrlen = strlen(format) + strlen(host) + strlen(serv);
70 addr = qemu_malloc(addrlen + 1);
71 snprintf(addr, addrlen, format, host, serv);
72 addr[addrlen] = '\0';
1ff7df1a
AL		 73
74 return addr;
75}
76
2f9606b3
AL		 77
78char *vnc_socket_local_addr(const char *format, int fd) {
1ff7df1a
AL		 79 struct sockaddr_storage sa;
80 socklen_t salen;
81
82 salen = sizeof(sa);
83 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
84 return NULL;
85
86 return addr_to_string(format, &sa, salen);
87}
88
2f9606b3
AL		 89
90char *vnc_socket_remote_addr(const char *format, int fd) {
1ff7df1a
AL		 91 struct sockaddr_storage sa;
92 socklen_t salen;
93
94 salen = sizeof(sa);
95 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
96 return NULL;
97
98 return addr_to_string(format, &sa, salen);
99}
100
101static const char *vnc_auth_name(VncDisplay *vd) {
102 switch (vd->auth) {
103 case VNC_AUTH_INVALID:
104 return "invalid";
105 case VNC_AUTH_NONE:
106 return "none";
107 case VNC_AUTH_VNC:
108 return "vnc";
109 case VNC_AUTH_RA2:
110 return "ra2";
111 case VNC_AUTH_RA2NE:
112 return "ra2ne";
113 case VNC_AUTH_TIGHT:
114 return "tight";
115 case VNC_AUTH_ULTRA:
116 return "ultra";
117 case VNC_AUTH_TLS:
118 return "tls";
119 case VNC_AUTH_VENCRYPT:
120#ifdef CONFIG_VNC_TLS
121 switch (vd->subauth) {
122 case VNC_AUTH_VENCRYPT_PLAIN:
123 return "vencrypt+plain";
124 case VNC_AUTH_VENCRYPT_TLSNONE:
125 return "vencrypt+tls+none";
126 case VNC_AUTH_VENCRYPT_TLSVNC:
127 return "vencrypt+tls+vnc";
128 case VNC_AUTH_VENCRYPT_TLSPLAIN:
129 return "vencrypt+tls+plain";
130 case VNC_AUTH_VENCRYPT_X509NONE:
131 return "vencrypt+x509+none";
132 case VNC_AUTH_VENCRYPT_X509VNC:
133 return "vencrypt+x509+vnc";
134 case VNC_AUTH_VENCRYPT_X509PLAIN:
135 return "vencrypt+x509+plain";
28a76be8
AL		 136 case VNC_AUTH_VENCRYPT_TLSSASL:
137 return "vencrypt+tls+sasl";
138 case VNC_AUTH_VENCRYPT_X509SASL:
139 return "vencrypt+x509+sasl";
1ff7df1a
AL		 140 default:
141 return "vencrypt";
142 }
143#else
144 return "vencrypt";
145#endif
2f9606b3 146 case VNC_AUTH_SASL:
28a76be8 147 return "sasl";
1ff7df1a
AL		 148 }
149 return "unknown";
150}
151
1ff7df1a
AL		 152static void do_info_vnc_client(Monitor *mon, VncState *client)
153{
154 char *clientAddr =
155 vnc_socket_remote_addr(" address: %s:%s\n",
156 client->csock);
157 if (!clientAddr)
158 return;
159
160 monitor_printf(mon, "Client:\n");
161 monitor_printf(mon, "%s", clientAddr);
162 free(clientAddr);
1263b7d6
AL		 163
164#ifdef CONFIG_VNC_TLS
165 if (client->tls.session &&
28a76be8
AL		 166 client->tls.dname)
167 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
1263b7d6 168 else
28a76be8 169 monitor_printf(mon, " x509 dname: none\n");
1263b7d6
AL		 170#endif
171#ifdef CONFIG_VNC_SASL
172 if (client->sasl.conn &&
28a76be8
AL		 173 client->sasl.username)
174 monitor_printf(mon, " username: %s\n", client->sasl.username);
1263b7d6 175 else
28a76be8 176 monitor_printf(mon, " username: none\n");
1263b7d6 177#endif
1ff7df1a
AL		 178}
179
376253ec 180void do_info_vnc(Monitor *mon)
a9ce8590 181{
1ff7df1a
AL		 182 if (vnc_display == NULL || vnc_display->display == NULL) {
183 monitor_printf(mon, "Server: disabled\n");
184 } else {
185 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
186 vnc_display->lsock);
187
188 if (!serverAddr)
189 return;
190
191 monitor_printf(mon, "Server:\n");
192 monitor_printf(mon, "%s", serverAddr);
193 free(serverAddr);
194 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
195
196 if (vnc_display->clients) {
197 VncState *client = vnc_display->clients;
198 while (client) {
199 do_info_vnc_client(mon, client);
200 client = client->next;
201 }
202 } else {
203 monitor_printf(mon, "Client: none\n");
204 }
a9ce8590
FB		 205 }
206}
207
29fa4ed9
AL		 208static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
209 return (vs->features & (1 << feature));
210}
211
24236869
FB		 212/* TODO
213 1) Get the queue working for IO.
214 2) there is some weirdness when using the -S option (the screen is grey
215 and not totally invalidated
216 3) resolutions > 1024
217*/
218
24236869 219static void vnc_update_client(void *opaque);
24236869 220
753b4053 221static void vnc_colordepth(VncState *vs);
7eac3a87 222
99589bdc
FB		 223static inline void vnc_set_bit(uint32_t *d, int k)
224{
225 d[k >> 5] |= 1 << (k & 0x1f);
226}
227
228static inline void vnc_clear_bit(uint32_t *d, int k)
229{
230 d[k >> 5] &= ~(1 << (k & 0x1f));
231}
232
233static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
234{
235 int j;
236
237 j = 0;
238 while (n >= 32) {
239 d[j++] = -1;
240 n -= 32;
241 }
5fafdf24 242 if (n > 0)
99589bdc
FB		 243 d[j++] = (1 << n) - 1;
244 while (j < nb_words)
245 d[j++] = 0;
246}
247
248static inline int vnc_get_bit(const uint32_t *d, int k)
249{
250 return (d[k >> 5] >> (k & 0x1f)) & 1;
251}
252
5fafdf24 253static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 254 int nb_words)
255{
256 int i;
257 for(i = 0; i < nb_words; i++) {
258 if ((d1[i] & d2[i]) != 0)
259 return 1;
260 }
261 return 0;
262}
263
753b4053 264static void vnc_update(VncState *vs, int x, int y, int w, int h)
24236869 265{
6baebed7 266 struct VncSurface *s = &vs->guest;
24236869
FB		 267 int i;
268
269 h += y;
270
0486e8a7
AZ		 271 /* round x down to ensure the loop only spans one 16-pixel block per,
272 iteration. otherwise, if (x % 16) != 0, the last iteration may span
273 two 16-pixel blocks but we only mark the first as dirty
274 */
275 w += (x % 16);
276 x -= (x % 16);
277
6baebed7
AL		 278 x = MIN(x, s->ds->width);
279 y = MIN(y, s->ds->height);
280 w = MIN(x + w, s->ds->width) - x;
281 h = MIN(h, s->ds->height);
788abf8e 282
24236869 283 for (; y < h; y++)
28a76be8 284 for (i = 0; i < w; i += 16)
6baebed7 285 vnc_set_bit(s->dirty[y], (x + i) / 16);
24236869
FB		 286}
287
753b4053
AL		 288static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
289{
290 VncDisplay *vd = ds->opaque;
291 VncState *vs = vd->clients;
292 while (vs != NULL) {
293 vnc_update(vs, x, y, w, h);
294 vs = vs->next;
295 }
296}
297
24236869 298static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
28a76be8 299 int32_t encoding)
24236869
FB		 300{
301 vnc_write_u16(vs, x);
302 vnc_write_u16(vs, y);
303 vnc_write_u16(vs, w);
304 vnc_write_u16(vs, h);
305
306 vnc_write_s32(vs, encoding);
307}
308
2f9606b3 309void buffer_reserve(Buffer *buffer, size_t len)
89064286
AL		 310{
311 if ((buffer->capacity - buffer->offset) < len) {
28a76be8
AL		 312 buffer->capacity += (len + 1024);
313 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
314 if (buffer->buffer == NULL) {
315 fprintf(stderr, "vnc: out of memory\n");
316 exit(1);
317 }
89064286
AL		 318 }
319}
320
2f9606b3 321int buffer_empty(Buffer *buffer)
89064286
AL		 322{
323 return buffer->offset == 0;
324}
325
2f9606b3 326uint8_t *buffer_end(Buffer *buffer)
89064286
AL		 327{
328 return buffer->buffer + buffer->offset;
329}
330
2f9606b3 331void buffer_reset(Buffer *buffer)
89064286 332{
28a76be8 333 buffer->offset = 0;
89064286
AL		 334}
335
2f9606b3 336void buffer_append(Buffer *buffer, const void *data, size_t len)
89064286
AL		 337{
338 memcpy(buffer->buffer + buffer->offset, data, len);
339 buffer->offset += len;
340}
341
753b4053 342static void vnc_resize(VncState *vs)
24236869 343{
753b4053 344 DisplayState *ds = vs->ds;
73e14b62 345 int size_changed;
24236869 346
6baebed7
AL		 347 /* guest surface */
348 if (!vs->guest.ds)
349 vs->guest.ds = qemu_mallocz(sizeof(*vs->guest.ds));
350 if (ds_get_bytes_per_pixel(ds) != vs->guest.ds->pf.bytes_per_pixel)
a528b80c 351 console_color_init(ds);
753b4053 352 vnc_colordepth(vs);
6baebed7
AL		 353 size_changed = ds_get_width(ds) != vs->guest.ds->width ||
354 ds_get_height(ds) != vs->guest.ds->height;
355 *(vs->guest.ds) = *(ds->surface);
b94eb43f 356 if (size_changed) {
29fa4ed9 357 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
b94eb43f
AZ		 358 vnc_write_u8(vs, 0); /* msg id */
359 vnc_write_u8(vs, 0);
360 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9
AL		 361 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
362 VNC_ENCODING_DESKTOPRESIZE);
b94eb43f
AZ		 363 vnc_flush(vs);
364 }
24236869 365 }
6baebed7 366 memset(vs->guest.dirty, 0xFF, sizeof(vs->guest.dirty));
8bba5c81 367
6baebed7
AL		 368 /* server surface */
369 if (!vs->server.ds) {
370 vs->server.ds = default_allocator.create_displaysurface(ds_get_width(ds),
371 ds_get_height(ds));
372 } else {
373 default_allocator.resize_displaysurface(vs->server.ds,
374 ds_get_width(ds), ds_get_height(ds));
375 }
376 if (vs->server.ds->data == NULL) {
377 fprintf(stderr, "vnc: memory allocation failed\n");
378 exit(1);
379 }
380 memset(vs->server.dirty, 0xFF, sizeof(vs->guest.dirty));
24236869
FB		 381}
382
753b4053
AL		 383static void vnc_dpy_resize(DisplayState *ds)
384{
385 VncDisplay *vd = ds->opaque;
386 VncState *vs = vd->clients;
387 while (vs != NULL) {
388 vnc_resize(vs);
389 vs = vs->next;
390 }
391}
392
3512779a
FB		 393/* fastest code */
394static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
395{
396 vnc_write(vs, pixels, size);
397}
398
399/* slowest but generic code. */
400static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
401{
7eac3a87
AL		 402 uint8_t r, g, b;
403
6baebed7
AL		 404 r = ((((v & vs->server.ds->pf.rmask) >> vs->server.ds->pf.rshift) << vs->clientds.pf.rbits) >>
405 vs->server.ds->pf.rbits);
406 g = ((((v & vs->server.ds->pf.gmask) >> vs->server.ds->pf.gshift) << vs->clientds.pf.gbits) >>
407 vs->server.ds->pf.gbits);
408 b = ((((v & vs->server.ds->pf.bmask) >> vs->server.ds->pf.bshift) << vs->clientds.pf.bbits) >>
409 vs->server.ds->pf.bbits);
6cec5487
AL		 410 v = (r << vs->clientds.pf.rshift) |
411 (g << vs->clientds.pf.gshift) |
412 (b << vs->clientds.pf.bshift);
413 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 414 case 1:
415 buf[0] = v;
416 break;
417 case 2:
6cec5487 418 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 419 buf[0] = v >> 8;
420 buf[1] = v;
421 } else {
422 buf[1] = v >> 8;
423 buf[0] = v;
424 }
425 break;
426 default:
427 case 4:
6cec5487 428 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 429 buf[0] = v >> 24;
430 buf[1] = v >> 16;
431 buf[2] = v >> 8;
432 buf[3] = v;
433 } else {
434 buf[3] = v >> 24;
435 buf[2] = v >> 16;
436 buf[1] = v >> 8;
437 buf[0] = v;
438 }
439 break;
440 }
441}
442
443static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
444{
3512779a 445 uint8_t buf[4];
3512779a 446
6baebed7 447 if (vs->server.ds->pf.bytes_per_pixel == 4) {
7eac3a87
AL		 448 uint32_t *pixels = pixels1;
449 int n, i;
450 n = size >> 2;
451 for(i = 0; i < n; i++) {
452 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 453 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 454 }
6baebed7 455 } else if (vs->server.ds->pf.bytes_per_pixel == 2) {
7eac3a87
AL		 456 uint16_t *pixels = pixels1;
457 int n, i;
458 n = size >> 1;
459 for(i = 0; i < n; i++) {
460 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 461 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 462 }
6baebed7 463 } else if (vs->server.ds->pf.bytes_per_pixel == 1) {
7eac3a87
AL		 464 uint8_t *pixels = pixels1;
465 int n, i;
466 n = size;
467 for(i = 0; i < n; i++) {
468 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 469 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 470 }
471 } else {
472 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 473 }
474}
475
24236869
FB		 476static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
477{
478 int i;
60fe76f3 479 uint8_t *row;
24236869 480
6baebed7 481 row = vs->server.ds->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 482 for (i = 0; i < h; i++) {
28a76be8
AL		 483 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
484 row += ds_get_linesize(vs->ds);
24236869
FB		 485 }
486}
487
488static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
489{
490 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
491 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
492}
493
494#define BPP 8
495#include "vnchextile.h"
496#undef BPP
497
498#define BPP 16
499#include "vnchextile.h"
500#undef BPP
501
502#define BPP 32
503#include "vnchextile.h"
504#undef BPP
505
7eac3a87
AL		 506#define GENERIC
507#define BPP 8
508#include "vnchextile.h"
509#undef BPP
510#undef GENERIC
511
512#define GENERIC
513#define BPP 16
514#include "vnchextile.h"
515#undef BPP
516#undef GENERIC
517
3512779a
FB		 518#define GENERIC
519#define BPP 32
520#include "vnchextile.h"
521#undef BPP
522#undef GENERIC
523
24236869
FB		 524static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
525{
526 int i, j;
527 int has_fg, has_bg;
7eac3a87 528 uint8_t *last_fg, *last_bg;
24236869 529
6baebed7
AL		 530 last_fg = (uint8_t *) qemu_malloc(vs->server.ds->pf.bytes_per_pixel);
531 last_bg = (uint8_t *) qemu_malloc(vs->server.ds->pf.bytes_per_pixel);
24236869
FB		 532 has_fg = has_bg = 0;
533 for (j = y; j < (y + h); j += 16) {
28a76be8 534 for (i = x; i < (x + w); i += 16) {
5fafdf24 535 vs->send_hextile_tile(vs, i, j,
3512779a 536 MIN(16, x + w - i), MIN(16, y + h - j),
7eac3a87 537 last_bg, last_fg, &has_bg, &has_fg);
28a76be8 538 }
24236869 539 }
7eac3a87
AL		 540 free(last_fg);
541 free(last_bg);
542
24236869
FB		 543}
544
059cef40
AL		 545static void vnc_zlib_init(VncState *vs)
546{
547 int i;
548 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
549 vs->zlib_stream[i].opaque = NULL;
550}
551
552static void vnc_zlib_start(VncState *vs)
553{
554 buffer_reset(&vs->zlib);
555
556 // make the output buffer be the zlib buffer, so we can compress it later
557 vs->zlib_tmp = vs->output;
558 vs->output = vs->zlib;
559}
560
561static int vnc_zlib_stop(VncState *vs, int stream_id)
562{
563 z_streamp zstream = &vs->zlib_stream[stream_id];
564 int previous_out;
565
566 // switch back to normal output/zlib buffers
567 vs->zlib = vs->output;
568 vs->output = vs->zlib_tmp;
569
570 // compress the zlib buffer
571
572 // initialize the stream
573 // XXX need one stream per session
574 if (zstream->opaque != vs) {
575 int err;
576
577 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
578 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
579 zstream->zalloc = Z_NULL;
580 zstream->zfree = Z_NULL;
581
582 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
583 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
584
585 if (err != Z_OK) {
586 fprintf(stderr, "VNC: error initializing zlib\n");
587 return -1;
588 }
589
590 zstream->opaque = vs;
591 }
592
593 // XXX what to do if tight_compression changed in between?
594
595 // reserve memory in output buffer
596 buffer_reserve(&vs->output, vs->zlib.offset + 64);
597
598 // set pointers
599 zstream->next_in = vs->zlib.buffer;
600 zstream->avail_in = vs->zlib.offset;
601 zstream->next_out = vs->output.buffer + vs->output.offset;
602 zstream->avail_out = vs->output.capacity - vs->output.offset;
603 zstream->data_type = Z_BINARY;
604 previous_out = zstream->total_out;
605
606 // start encoding
607 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
608 fprintf(stderr, "VNC: error during zlib compression\n");
609 return -1;
610 }
611
612 vs->output.offset = vs->output.capacity - zstream->avail_out;
613 return zstream->total_out - previous_out;
614}
615
616static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
617{
618 int old_offset, new_offset, bytes_written;
619
620 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
621
622 // remember where we put in the follow-up size
623 old_offset = vs->output.offset;
624 vnc_write_s32(vs, 0);
625
626 // compress the stream
627 vnc_zlib_start(vs);
628 send_framebuffer_update_raw(vs, x, y, w, h);
629 bytes_written = vnc_zlib_stop(vs, 0);
630
631 if (bytes_written == -1)
632 return;
633
634 // hack in the size
635 new_offset = vs->output.offset;
636 vs->output.offset = old_offset;
637 vnc_write_u32(vs, bytes_written);
638 vs->output.offset = new_offset;
639}
640
24236869
FB		 641static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
642{
fb437313 643 switch(vs->vnc_encoding) {
28a76be8
AL		 644 case VNC_ENCODING_ZLIB:
645 send_framebuffer_update_zlib(vs, x, y, w, h);
646 break;
647 case VNC_ENCODING_HEXTILE:
648 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
649 send_framebuffer_update_hextile(vs, x, y, w, h);
650 break;
651 default:
652 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
653 send_framebuffer_update_raw(vs, x, y, w, h);
654 break;
fb437313 655 }
24236869
FB		 656}
657
753b4053 658static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
24236869 659{
24236869
FB		 660 vnc_update_client(vs);
661
24236869
FB		 662 vnc_write_u8(vs, 0); /* msg id */
663 vnc_write_u8(vs, 0);
664 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9 665 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
24236869
FB		 666 vnc_write_u16(vs, src_x);
667 vnc_write_u16(vs, src_y);
668 vnc_flush(vs);
669}
670
753b4053
AL		 671static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
672{
673 VncDisplay *vd = ds->opaque;
674 VncState *vs = vd->clients;
675 while (vs != NULL) {
676 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
677 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
678 else /* TODO */
679 vnc_update(vs, dst_x, dst_y, w, h);
680 vs = vs->next;
681 }
682}
683
6baebed7
AL		 684static int find_and_clear_dirty_height(struct VncSurface *s,
685 int y, int last_x, int x)
24236869
FB		 686{
687 int h;
688
6baebed7 689 for (h = 1; h < (s->ds->height - y) && h < 1; h++) {
28a76be8 690 int tmp_x;
6baebed7 691 if (!vnc_get_bit(s->dirty[y + h], last_x))
28a76be8
AL		 692 break;
693 for (tmp_x = last_x; tmp_x < x; tmp_x++)
6baebed7 694 vnc_clear_bit(s->dirty[y + h], tmp_x);
24236869
FB		 695 }
696
697 return h;
698}
699
700static void vnc_update_client(void *opaque)
701{
702 VncState *vs = opaque;
24236869 703 if (vs->need_update && vs->csock != -1) {
28a76be8 704 int y;
6baebed7
AL		 705 uint8_t *guest_row;
706 uint8_t *server_row;
707 int cmp_bytes = 16 * ds_get_bytes_per_pixel(vs->ds);
28a76be8
AL		 708 uint32_t width_mask[VNC_DIRTY_WORDS];
709 int n_rectangles;
710 int saved_offset;
711 int has_dirty = 0;
24236869 712
a0ecfb73
AZ		 713 vga_hw_update();
714
6baebed7
AL		 715 /*
716 * Walk through the guest dirty map.
717 * Check and copy modified bits from guest to server surface.
718 * Update server dirty map.
719 */
6cec5487 720 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
6baebed7
AL		 721 guest_row = vs->guest.ds->data;
722 server_row = vs->server.ds->data;
723 for (y = 0; y < vs->guest.ds->height; y++) {
724 if (vnc_and_bits(vs->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
28a76be8 725 int x;
6baebed7
AL		 726 uint8_t *guest_ptr;
727 uint8_t *server_ptr;
728
729 guest_ptr = guest_row;
730 server_ptr = server_row;
731
732 for (x = 0; x < vs->guest.ds->width;
733 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
734 if (!vnc_get_bit(vs->guest.dirty[y], (x / 16)))
735 continue;
736 vnc_clear_bit(vs->guest.dirty[y], (x / 16));
737 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
738 continue;
739 memcpy(server_ptr, guest_ptr, cmp_bytes);
740 vnc_set_bit(vs->server.dirty[y], (x / 16));
741 has_dirty++;
28a76be8
AL		 742 }
743 }
6baebed7
AL		 744 guest_row += ds_get_linesize(vs->ds);
745 server_row += ds_get_linesize(vs->ds);
28a76be8
AL		 746 }
747
748 if (!has_dirty && !vs->audio_cap) {
749 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
750 return;
751 }
752
6baebed7
AL		 753 /*
754 * Send screen updates to the vnc client using the server
755 * surface and server dirty map. guest surface updates
756 * happening in parallel don't disturb us, the next pass will
757 * send them to the client.
758 */
28a76be8
AL		 759 n_rectangles = 0;
760 vnc_write_u8(vs, 0); /* msg id */
761 vnc_write_u8(vs, 0);
762 saved_offset = vs->output.offset;
763 vnc_write_u16(vs, 0);
764
6baebed7 765 for (y = 0; y < vs->server.ds->height; y++) {
28a76be8
AL		 766 int x;
767 int last_x = -1;
6baebed7
AL		 768 for (x = 0; x < vs->server.ds->width / 16; x++) {
769 if (vnc_get_bit(vs->server.dirty[y], x)) {
28a76be8
AL		 770 if (last_x == -1) {
771 last_x = x;
772 }
6baebed7 773 vnc_clear_bit(vs->server.dirty[y], x);
28a76be8
AL		 774 } else {
775 if (last_x != -1) {
6baebed7 776 int h = find_and_clear_dirty_height(&vs->server, y, last_x, x);
28a76be8
AL		 777 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
778 n_rectangles++;
779 }
780 last_x = -1;
781 }
782 }
783 if (last_x != -1) {
6baebed7 784 int h = find_and_clear_dirty_height(&vs->server, y, last_x, x);
28a76be8
AL		 785 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
786 n_rectangles++;
787 }
788 }
789 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
790 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
791 vnc_flush(vs);
24236869
FB		 792
793 }
24236869 794
a0ecfb73
AZ		 795 if (vs->csock != -1) {
796 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
24236869 797 }
24236869 798
24236869
FB		 799}
800
429a8ed3 801/* audio */
802static void audio_capture_notify(void *opaque, audcnotification_e cmd)
803{
804 VncState *vs = opaque;
805
806 switch (cmd) {
807 case AUD_CNOTIFY_DISABLE:
808 vnc_write_u8(vs, 255);
809 vnc_write_u8(vs, 1);
810 vnc_write_u16(vs, 0);
811 vnc_flush(vs);
812 break;
813
814 case AUD_CNOTIFY_ENABLE:
815 vnc_write_u8(vs, 255);
816 vnc_write_u8(vs, 1);
817 vnc_write_u16(vs, 1);
818 vnc_flush(vs);
819 break;
820 }
821}
822
823static void audio_capture_destroy(void *opaque)
824{
825}
826
827static void audio_capture(void *opaque, void *buf, int size)
828{
829 VncState *vs = opaque;
830
831 vnc_write_u8(vs, 255);
832 vnc_write_u8(vs, 1);
833 vnc_write_u16(vs, 2);
834 vnc_write_u32(vs, size);
835 vnc_write(vs, buf, size);
836 vnc_flush(vs);
837}
838
839static void audio_add(VncState *vs)
840{
376253ec 841 Monitor *mon = cur_mon;
429a8ed3 842 struct audio_capture_ops ops;
843
844 if (vs->audio_cap) {
376253ec 845 monitor_printf(mon, "audio already running\n");
429a8ed3 846 return;
847 }
848
849 ops.notify = audio_capture_notify;
850 ops.destroy = audio_capture_destroy;
851 ops.capture = audio_capture;
852
853 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
854 if (!vs->audio_cap) {
376253ec 855 monitor_printf(mon, "Failed to add audio capture\n");
429a8ed3 856 }
857}
858
859static void audio_del(VncState *vs)
860{
861 if (vs->audio_cap) {
862 AUD_del_capture(vs->audio_cap, vs);
863 vs->audio_cap = NULL;
864 }
865}
866
2f9606b3
AL		 867
868int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 869{
870 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 871 if (ret == -1) {
872 switch (last_errno) {
873 case EINTR:
874 case EAGAIN:
875#ifdef _WIN32
876 case WSAEWOULDBLOCK:
877#endif
878 return 0;
879 default:
880 break;
881 }
882 }
24236869 883
28a76be8
AL		 884 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
885 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
886 closesocket(vs->csock);
753b4053
AL		 887 qemu_del_timer(vs->timer);
888 qemu_free_timer(vs->timer);
889 if (vs->input.buffer) qemu_free(vs->input.buffer);
890 if (vs->output.buffer) qemu_free(vs->output.buffer);
eb38c52c 891#ifdef CONFIG_VNC_TLS
28a76be8 892 vnc_tls_client_cleanup(vs);
8d5d2d4c 893#endif /* CONFIG_VNC_TLS */
2f9606b3
AL		 894#ifdef CONFIG_VNC_SASL
895 vnc_sasl_client_cleanup(vs);
896#endif /* CONFIG_VNC_SASL */
429a8ed3 897 audio_del(vs);
753b4053
AL		 898
899 VncState *p, *parent = NULL;
900 for (p = vs->vd->clients; p != NULL; p = p->next) {
901 if (p == vs) {
902 if (parent)
903 parent->next = p->next;
904 else
905 vs->vd->clients = p->next;
906 break;
907 }
908 parent = p;
909 }
910 if (!vs->vd->clients)
911 dcl->idle = 1;
912
6baebed7
AL		 913 default_allocator.free_displaysurface(vs->server.ds);
914 qemu_free(vs->guest.ds);
753b4053 915 qemu_free(vs);
6baebed7 916
28a76be8 917 return 0;
24236869
FB		 918 }
919 return ret;
920}
921
5fb6c7a8
AL		 922
923void vnc_client_error(VncState *vs)
24236869 924{
6ca957f0 925 vnc_client_io_error(vs, -1, EINVAL);
24236869
FB		 926}
927
2f9606b3
AL		 928
929/*
930 * Called to write a chunk of data to the client socket. The data may
931 * be the raw data, or may have already been encoded by SASL.
932 * The data will be written either straight onto the socket, or
933 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
934 *
935 * NB, it is theoretically possible to have 2 layers of encryption,
936 * both SASL, and this TLS layer. It is highly unlikely in practice
937 * though, since SASL encryption will typically be a no-op if TLS
938 * is active
939 *
940 * Returns the number of bytes written, which may be less than
941 * the requested 'datalen' if the socket would block. Returns
942 * -1 on error, and disconnects the client socket.
943 */
944long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
24236869 945{
ceb5caaf 946 long ret;
eb38c52c 947#ifdef CONFIG_VNC_TLS
5fb6c7a8 948 if (vs->tls.session) {
28a76be8
AL		 949 ret = gnutls_write(vs->tls.session, data, datalen);
950 if (ret < 0) {
951 if (ret == GNUTLS_E_AGAIN)
952 errno = EAGAIN;
953 else
954 errno = EIO;
955 ret = -1;
956 }
8d5d2d4c
TS		 957 } else
958#endif /* CONFIG_VNC_TLS */
28a76be8 959 ret = send(vs->csock, data, datalen, 0);
2f9606b3
AL		 960 VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
961 return vnc_client_io_error(vs, ret, socket_error());
962}
963
964
965/*
966 * Called to write buffered data to the client socket, when not
967 * using any SASL SSF encryption layers. Will write as much data
968 * as possible without blocking. If all buffered data is written,
969 * will switch the FD poll() handler back to read monitoring.
970 *
971 * Returns the number of bytes written, which may be less than
972 * the buffered output data if the socket would block. Returns
973 * -1 on error, and disconnects the client socket.
974 */
975static long vnc_client_write_plain(VncState *vs)
976{
977 long ret;
978
979#ifdef CONFIG_VNC_SASL
980 VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
981 vs->output.buffer, vs->output.capacity, vs->output.offset,
982 vs->sasl.waitWriteSSF);
983
984 if (vs->sasl.conn &&
985 vs->sasl.runSSF &&
986 vs->sasl.waitWriteSSF) {
987 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
988 if (ret)
989 vs->sasl.waitWriteSSF -= ret;
990 } else
991#endif /* CONFIG_VNC_SASL */
992 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
24236869 993 if (!ret)
2f9606b3 994 return 0;
24236869
FB		 995
996 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
997 vs->output.offset -= ret;
998
999 if (vs->output.offset == 0) {
28a76be8 1000 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
24236869 1001 }
2f9606b3
AL		 1002
1003 return ret;
1004}
1005
1006
1007/*
1008 * First function called whenever there is data to be written to
1009 * the client socket. Will delegate actual work according to whether
1010 * SASL SSF layers are enabled (thus requiring encryption calls)
1011 */
1012void vnc_client_write(void *opaque)
1013{
1014 long ret;
1015 VncState *vs = opaque;
1016
1017#ifdef CONFIG_VNC_SASL
1018 if (vs->sasl.conn &&
1019 vs->sasl.runSSF &&
1020 !vs->sasl.waitWriteSSF)
1021 ret = vnc_client_write_sasl(vs);
1022 else
1023#endif /* CONFIG_VNC_SASL */
1024 ret = vnc_client_write_plain(vs);
24236869
FB		 1025}
1026
5fb6c7a8 1027void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
24236869
FB		 1028{
1029 vs->read_handler = func;
1030 vs->read_handler_expect = expecting;
1031}
1032
2f9606b3
AL		 1033
1034/*
1035 * Called to read a chunk of data from the client socket. The data may
1036 * be the raw data, or may need to be further decoded by SASL.
1037 * The data will be read either straight from to the socket, or
1038 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1039 *
1040 * NB, it is theoretically possible to have 2 layers of encryption,
1041 * both SASL, and this TLS layer. It is highly unlikely in practice
1042 * though, since SASL encryption will typically be a no-op if TLS
1043 * is active
1044 *
1045 * Returns the number of bytes read, which may be less than
1046 * the requested 'datalen' if the socket would block. Returns
1047 * -1 on error, and disconnects the client socket.
1048 */
1049long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
24236869 1050{
ceb5caaf 1051 long ret;
eb38c52c 1052#ifdef CONFIG_VNC_TLS
5fb6c7a8 1053 if (vs->tls.session) {
28a76be8
AL		 1054 ret = gnutls_read(vs->tls.session, data, datalen);
1055 if (ret < 0) {
1056 if (ret == GNUTLS_E_AGAIN)
1057 errno = EAGAIN;
1058 else
1059 errno = EIO;
1060 ret = -1;
1061 }
8d5d2d4c
TS		 1062 } else
1063#endif /* CONFIG_VNC_TLS */
28a76be8 1064 ret = recv(vs->csock, data, datalen, 0);
2f9606b3
AL		 1065 VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
1066 return vnc_client_io_error(vs, ret, socket_error());
1067}
24236869 1068
2f9606b3
AL		 1069
1070/*
1071 * Called to read data from the client socket to the input buffer,
1072 * when not using any SASL SSF encryption layers. Will read as much
1073 * data as possible without blocking.
1074 *
1075 * Returns the number of bytes read. Returns -1 on error, and
1076 * disconnects the client socket.
1077 */
1078static long vnc_client_read_plain(VncState *vs)
1079{
1080 int ret;
1081 VNC_DEBUG("Read plain %p size %d offset %d\n",
1082 vs->input.buffer, vs->input.capacity, vs->input.offset);
1083 buffer_reserve(&vs->input, 4096);
1084 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1085 if (!ret)
1086 return 0;
24236869 1087 vs->input.offset += ret;
2f9606b3
AL		 1088 return ret;
1089}
1090
1091
1092/*
1093 * First function called whenever there is more data to be read from
1094 * the client socket. Will delegate actual work according to whether
1095 * SASL SSF layers are enabled (thus requiring decryption calls)
1096 */
1097void vnc_client_read(void *opaque)
1098{
1099 VncState *vs = opaque;
1100 long ret;
1101
1102#ifdef CONFIG_VNC_SASL
1103 if (vs->sasl.conn && vs->sasl.runSSF)
1104 ret = vnc_client_read_sasl(vs);
1105 else
1106#endif /* CONFIG_VNC_SASL */
1107 ret = vnc_client_read_plain(vs);
1108 if (!ret)
28a76be8 1109 return;
24236869
FB		 1110
1111 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
28a76be8
AL		 1112 size_t len = vs->read_handler_expect;
1113 int ret;
1114
1115 ret = vs->read_handler(vs, vs->input.buffer, len);
1116 if (vs->csock == -1)
1117 return;
1118
1119 if (!ret) {
1120 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1121 vs->input.offset -= len;
1122 } else {
1123 vs->read_handler_expect = ret;
1124 }
24236869
FB		 1125 }
1126}
1127
5fb6c7a8 1128void vnc_write(VncState *vs, const void *data, size_t len)
24236869
FB		 1129{
1130 buffer_reserve(&vs->output, len);
1131
1132 if (buffer_empty(&vs->output)) {
28a76be8 1133 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
24236869
FB		 1134 }
1135
1136 buffer_append(&vs->output, data, len);
1137}
1138
5fb6c7a8 1139void vnc_write_s32(VncState *vs, int32_t value)
24236869
FB		 1140{
1141 vnc_write_u32(vs, *(uint32_t *)&value);
1142}
1143
5fb6c7a8 1144void vnc_write_u32(VncState *vs, uint32_t value)
24236869
FB		 1145{
1146 uint8_t buf[4];
1147
1148 buf[0] = (value >> 24) & 0xFF;
1149 buf[1] = (value >> 16) & 0xFF;
1150 buf[2] = (value >> 8) & 0xFF;
1151 buf[3] = value & 0xFF;
1152
1153 vnc_write(vs, buf, 4);
1154}
1155
5fb6c7a8 1156void vnc_write_u16(VncState *vs, uint16_t value)
24236869 1157{
64f5a135 1158 uint8_t buf[2];
24236869
FB		 1159
1160 buf[0] = (value >> 8) & 0xFF;
1161 buf[1] = value & 0xFF;
1162
1163 vnc_write(vs, buf, 2);
1164}
1165
5fb6c7a8 1166void vnc_write_u8(VncState *vs, uint8_t value)
24236869
FB		 1167{
1168 vnc_write(vs, (char *)&value, 1);
1169}
1170
5fb6c7a8 1171void vnc_flush(VncState *vs)
24236869
FB		 1172{
1173 if (vs->output.offset)
28a76be8 1174 vnc_client_write(vs);
24236869
FB		 1175}
1176
5fb6c7a8 1177uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 1178{
1179 return data[offset];
1180}
1181
5fb6c7a8 1182uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 1183{
1184 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1185}
1186
5fb6c7a8 1187int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 1188{
1189 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1190 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1191}
1192
5fb6c7a8 1193uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 1194{
1195 return ((data[offset] << 24) | (data[offset + 1] << 16) |
28a76be8 1196 (data[offset + 2] << 8) | data[offset + 3]);
24236869
FB		 1197}
1198
60fe76f3 1199static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 1200{
1201}
1202
564c337e
FB		 1203static void check_pointer_type_change(VncState *vs, int absolute)
1204{
29fa4ed9 1205 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
28a76be8
AL		 1206 vnc_write_u8(vs, 0);
1207 vnc_write_u8(vs, 0);
1208 vnc_write_u16(vs, 1);
1209 vnc_framebuffer_update(vs, absolute, 0,
1210 ds_get_width(vs->ds), ds_get_height(vs->ds),
29fa4ed9 1211 VNC_ENCODING_POINTER_TYPE_CHANGE);
28a76be8 1212 vnc_flush(vs);
564c337e
FB		 1213 }
1214 vs->absolute = absolute;
1215}
1216
24236869
FB		 1217static void pointer_event(VncState *vs, int button_mask, int x, int y)
1218{
1219 int buttons = 0;
1220 int dz = 0;
1221
1222 if (button_mask & 0x01)
28a76be8 1223 buttons |= MOUSE_EVENT_LBUTTON;
24236869 1224 if (button_mask & 0x02)
28a76be8 1225 buttons |= MOUSE_EVENT_MBUTTON;
24236869 1226 if (button_mask & 0x04)
28a76be8 1227 buttons |= MOUSE_EVENT_RBUTTON;
24236869 1228 if (button_mask & 0x08)
28a76be8 1229 dz = -1;
24236869 1230 if (button_mask & 0x10)
28a76be8 1231 dz = 1;
564c337e
FB		 1232
1233 if (vs->absolute) {
28a76be8
AL		 1234 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1235 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1236 dz, buttons);
29fa4ed9 1237 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
28a76be8
AL		 1238 x -= 0x7FFF;
1239 y -= 0x7FFF;
24236869 1240
28a76be8 1241 kbd_mouse_event(x, y, dz, buttons);
564c337e 1242 } else {
28a76be8
AL		 1243 if (vs->last_x != -1)
1244 kbd_mouse_event(x - vs->last_x,
1245 y - vs->last_y,
1246 dz, buttons);
1247 vs->last_x = x;
1248 vs->last_y = y;
24236869 1249 }
564c337e
FB		 1250
1251 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1252}
1253
64f5a135
FB		 1254static void reset_keys(VncState *vs)
1255{
1256 int i;
1257 for(i = 0; i < 256; i++) {
1258 if (vs->modifiers_state[i]) {
1259 if (i & 0x80)
1260 kbd_put_keycode(0xe0);
1261 kbd_put_keycode(i | 0x80);
1262 vs->modifiers_state[i] = 0;
1263 }
1264 }
1265}
1266
a528b80c
AZ		 1267static void press_key(VncState *vs, int keysym)
1268{
753b4053
AL		 1269 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1270 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
a528b80c
AZ		 1271}
1272
9ca313aa 1273static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 1274{
64f5a135
FB		 1275 /* QEMU console switch */
1276 switch(keycode) {
1277 case 0x2a: /* Left Shift */
1278 case 0x36: /* Right Shift */
1279 case 0x1d: /* Left CTRL */
1280 case 0x9d: /* Right CTRL */
1281 case 0x38: /* Left ALT */
1282 case 0xb8: /* Right ALT */
1283 if (down)
1284 vs->modifiers_state[keycode] = 1;
1285 else
1286 vs->modifiers_state[keycode] = 0;
1287 break;
5fafdf24 1288 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1289 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1290 /* Reset the modifiers sent to the current console */
1291 reset_keys(vs);
1292 console_select(keycode - 0x02);
1293 return;
1294 }
1295 break;
28a76be8
AL		 1296 case 0x3a: /* CapsLock */
1297 case 0x45: /* NumLock */
a528b80c
AZ		 1298 if (!down)
1299 vs->modifiers_state[keycode] ^= 1;
1300 break;
1301 }
1302
753b4053 1303 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
a528b80c
AZ		 1304 /* If the numlock state needs to change then simulate an additional
1305 keypress before sending this one. This will happen if the user
1306 toggles numlock away from the VNC window.
1307 */
753b4053 1308 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
a528b80c
AZ		 1309 if (!vs->modifiers_state[0x45]) {
1310 vs->modifiers_state[0x45] = 1;
1311 press_key(vs, 0xff7f);
1312 }
1313 } else {
1314 if (vs->modifiers_state[0x45]) {
1315 vs->modifiers_state[0x45] = 0;
1316 press_key(vs, 0xff7f);
1317 }
1318 }
64f5a135 1319 }
24236869 1320
64f5a135
FB		 1321 if (is_graphic_console()) {
1322 if (keycode & 0x80)
1323 kbd_put_keycode(0xe0);
1324 if (down)
1325 kbd_put_keycode(keycode & 0x7f);
1326 else
1327 kbd_put_keycode(keycode | 0x80);
1328 } else {
1329 /* QEMU console emulation */
1330 if (down) {
1331 switch (keycode) {
1332 case 0x2a: /* Left Shift */
1333 case 0x36: /* Right Shift */
1334 case 0x1d: /* Left CTRL */
1335 case 0x9d: /* Right CTRL */
1336 case 0x38: /* Left ALT */
1337 case 0xb8: /* Right ALT */
1338 break;
1339 case 0xc8:
1340 kbd_put_keysym(QEMU_KEY_UP);
1341 break;
1342 case 0xd0:
1343 kbd_put_keysym(QEMU_KEY_DOWN);
1344 break;
1345 case 0xcb:
1346 kbd_put_keysym(QEMU_KEY_LEFT);
1347 break;
1348 case 0xcd:
1349 kbd_put_keysym(QEMU_KEY_RIGHT);
1350 break;
1351 case 0xd3:
1352 kbd_put_keysym(QEMU_KEY_DELETE);
1353 break;
1354 case 0xc7:
1355 kbd_put_keysym(QEMU_KEY_HOME);
1356 break;
1357 case 0xcf:
1358 kbd_put_keysym(QEMU_KEY_END);
1359 break;
1360 case 0xc9:
1361 kbd_put_keysym(QEMU_KEY_PAGEUP);
1362 break;
1363 case 0xd1:
1364 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1365 break;
1366 default:
1367 kbd_put_keysym(sym);
1368 break;
1369 }
1370 }
1371 }
24236869
FB		 1372}
1373
bdbd7676
FB		 1374static void key_event(VncState *vs, int down, uint32_t sym)
1375{
9ca313aa
AL		 1376 int keycode;
1377
a528b80c 1378 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
28a76be8 1379 sym = sym - 'A' + 'a';
9ca313aa 1380
753b4053 1381 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
9ca313aa
AL		 1382 do_key_event(vs, down, keycode, sym);
1383}
1384
1385static void ext_key_event(VncState *vs, int down,
1386 uint32_t sym, uint16_t keycode)
1387{
1388 /* if the user specifies a keyboard layout, always use it */
1389 if (keyboard_layout)
1390 key_event(vs, down, sym);
1391 else
1392 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1393}
1394
24236869 1395static void framebuffer_update_request(VncState *vs, int incremental,
28a76be8
AL		 1396 int x_position, int y_position,
1397 int w, int h)
24236869 1398{
0e1f5a0c
AL		 1399 if (x_position > ds_get_width(vs->ds))
1400 x_position = ds_get_width(vs->ds);
1401 if (y_position > ds_get_height(vs->ds))
1402 y_position = ds_get_height(vs->ds);
1403 if (x_position + w >= ds_get_width(vs->ds))
1404 w = ds_get_width(vs->ds) - x_position;
1405 if (y_position + h >= ds_get_height(vs->ds))
1406 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1407
24236869
FB		 1408 int i;
1409 vs->need_update = 1;
1410 if (!incremental) {
28a76be8 1411 for (i = 0; i < h; i++) {
6baebed7
AL		 1412 vnc_set_bits(vs->guest.dirty[y_position + i],
1413 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1414 vnc_set_bits(vs->server.dirty[y_position + i],
0e1f5a0c 1415 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
28a76be8 1416 }
24236869
FB		 1417 }
1418}
1419
9ca313aa
AL		 1420static void send_ext_key_event_ack(VncState *vs)
1421{
1422 vnc_write_u8(vs, 0);
1423 vnc_write_u8(vs, 0);
1424 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1425 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1426 VNC_ENCODING_EXT_KEY_EVENT);
9ca313aa
AL		 1427 vnc_flush(vs);
1428}
1429
429a8ed3 1430static void send_ext_audio_ack(VncState *vs)
1431{
1432 vnc_write_u8(vs, 0);
1433 vnc_write_u8(vs, 0);
1434 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1435 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1436 VNC_ENCODING_AUDIO);
429a8ed3 1437 vnc_flush(vs);
1438}
1439
24236869
FB		 1440static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1441{
1442 int i;
29fa4ed9 1443 unsigned int enc = 0;
24236869 1444
059cef40 1445 vnc_zlib_init(vs);
29fa4ed9 1446 vs->features = 0;
fb437313
AL		 1447 vs->vnc_encoding = 0;
1448 vs->tight_compression = 9;
1449 vs->tight_quality = 9;
564c337e 1450 vs->absolute = -1;
24236869
FB		 1451
1452 for (i = n_encodings - 1; i >= 0; i--) {
29fa4ed9
AL		 1453 enc = encodings[i];
1454 switch (enc) {
1455 case VNC_ENCODING_RAW:
fb437313 1456 vs->vnc_encoding = enc;
29fa4ed9
AL		 1457 break;
1458 case VNC_ENCODING_COPYRECT:
753b4053 1459 vs->features |= VNC_FEATURE_COPYRECT_MASK;
29fa4ed9
AL		 1460 break;
1461 case VNC_ENCODING_HEXTILE:
1462 vs->features |= VNC_FEATURE_HEXTILE_MASK;
fb437313 1463 vs->vnc_encoding = enc;
29fa4ed9 1464 break;
059cef40
AL		 1465 case VNC_ENCODING_ZLIB:
1466 vs->features |= VNC_FEATURE_ZLIB_MASK;
1467 vs->vnc_encoding = enc;
1468 break;
29fa4ed9
AL		 1469 case VNC_ENCODING_DESKTOPRESIZE:
1470 vs->features |= VNC_FEATURE_RESIZE_MASK;
1471 break;
1472 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1473 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1474 break;
1475 case VNC_ENCODING_EXT_KEY_EVENT:
9ca313aa
AL		 1476 send_ext_key_event_ack(vs);
1477 break;
29fa4ed9 1478 case VNC_ENCODING_AUDIO:
429a8ed3 1479 send_ext_audio_ack(vs);
1480 break;
29fa4ed9
AL		 1481 case VNC_ENCODING_WMVi:
1482 vs->features |= VNC_FEATURE_WMVI_MASK;
ca4cca4d 1483 break;
fb437313
AL		 1484 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1485 vs->tight_compression = (enc & 0x0F);
1486 break;
1487 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1488 vs->tight_quality = (enc & 0x0F);
1489 break;
29fa4ed9
AL		 1490 default:
1491 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1492 break;
1493 }
24236869 1494 }
564c337e
FB		 1495
1496 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1497}
1498
6cec5487
AL		 1499static void set_pixel_conversion(VncState *vs)
1500{
1501 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1502 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1503 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1504 vs->write_pixels = vnc_write_pixels_copy;
1505 switch (vs->ds->surface->pf.bits_per_pixel) {
1506 case 8:
1507 vs->send_hextile_tile = send_hextile_tile_8;
1508 break;
1509 case 16:
1510 vs->send_hextile_tile = send_hextile_tile_16;
1511 break;
1512 case 32:
1513 vs->send_hextile_tile = send_hextile_tile_32;
1514 break;
1515 }
1516 } else {
1517 vs->write_pixels = vnc_write_pixels_generic;
1518 switch (vs->ds->surface->pf.bits_per_pixel) {
1519 case 8:
1520 vs->send_hextile_tile = send_hextile_tile_generic_8;
1521 break;
1522 case 16:
1523 vs->send_hextile_tile = send_hextile_tile_generic_16;
1524 break;
1525 case 32:
1526 vs->send_hextile_tile = send_hextile_tile_generic_32;
1527 break;
1528 }
1529 }
1530}
1531
24236869 1532static void set_pixel_format(VncState *vs,
28a76be8
AL		 1533 int bits_per_pixel, int depth,
1534 int big_endian_flag, int true_color_flag,
1535 int red_max, int green_max, int blue_max,
1536 int red_shift, int green_shift, int blue_shift)
24236869 1537{
3512779a 1538 if (!true_color_flag) {
28a76be8 1539 vnc_client_error(vs);
3512779a
FB		 1540 return;
1541 }
24236869 1542
6baebed7 1543 vs->clientds = *(vs->guest.ds);
6cec5487 1544 vs->clientds.pf.rmax = red_max;
90a1e3c0 1545 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1546 vs->clientds.pf.rshift = red_shift;
1547 vs->clientds.pf.rmask = red_max << red_shift;
1548 vs->clientds.pf.gmax = green_max;
90a1e3c0 1549 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1550 vs->clientds.pf.gshift = green_shift;
1551 vs->clientds.pf.gmask = green_max << green_shift;
1552 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1553 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1554 vs->clientds.pf.bshift = blue_shift;
1555 vs->clientds.pf.bmask = blue_max << blue_shift;
1556 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1557 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1558 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1559 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1560
1561 set_pixel_conversion(vs);
24236869
FB		 1562
1563 vga_hw_invalidate();
1564 vga_hw_update();
1565}
1566
ca4cca4d
AL		 1567static void pixel_format_message (VncState *vs) {
1568 char pad[3] = { 0, 0, 0 };
1569
6cec5487
AL		 1570 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1571 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d
AL		 1572
1573#ifdef WORDS_BIGENDIAN
1574 vnc_write_u8(vs, 1); /* big-endian-flag */
1575#else
1576 vnc_write_u8(vs, 0); /* big-endian-flag */
1577#endif
1578 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1579 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1580 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1581 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1582 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1583 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1584 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1585 if (vs->ds->surface->pf.bits_per_pixel == 32)
ca4cca4d 1586 vs->send_hextile_tile = send_hextile_tile_32;
6cec5487 1587 else if (vs->ds->surface->pf.bits_per_pixel == 16)
ca4cca4d 1588 vs->send_hextile_tile = send_hextile_tile_16;
6cec5487 1589 else if (vs->ds->surface->pf.bits_per_pixel == 8)
ca4cca4d 1590 vs->send_hextile_tile = send_hextile_tile_8;
6cec5487
AL		 1591 vs->clientds = *(vs->ds->surface);
1592 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1593 vs->write_pixels = vnc_write_pixels_copy;
1594
1595 vnc_write(vs, pad, 3); /* padding */
1596}
1597
7d957bd8
AL		 1598static void vnc_dpy_setdata(DisplayState *ds)
1599{
1600 /* We don't have to do anything */
1601}
1602
753b4053 1603static void vnc_colordepth(VncState *vs)
7eac3a87 1604{
753b4053 1605 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
ca4cca4d
AL		 1606 /* Sending a WMVi message to notify the client*/
1607 vnc_write_u8(vs, 0); /* msg id */
1608 vnc_write_u8(vs, 0);
1609 vnc_write_u16(vs, 1); /* number of rects */
753b4053
AL		 1610 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1611 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
ca4cca4d
AL		 1612 pixel_format_message(vs);
1613 vnc_flush(vs);
7eac3a87 1614 } else {
6cec5487 1615 set_pixel_conversion(vs);
7eac3a87
AL		 1616 }
1617}
1618
60fe76f3 1619static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1620{
1621 int i;
1622 uint16_t limit;
1623
1624 switch (data[0]) {
1625 case 0:
28a76be8
AL		 1626 if (len == 1)
1627 return 20;
1628
1629 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1630 read_u8(data, 6), read_u8(data, 7),
1631 read_u16(data, 8), read_u16(data, 10),
1632 read_u16(data, 12), read_u8(data, 14),
1633 read_u8(data, 15), read_u8(data, 16));
1634 break;
24236869 1635 case 2:
28a76be8
AL		 1636 if (len == 1)
1637 return 4;
24236869 1638
28a76be8 1639 if (len == 4) {
69dd5c9f
AL		 1640 limit = read_u16(data, 2);
1641 if (limit > 0)
1642 return 4 + (limit * 4);
1643 } else
1644 limit = read_u16(data, 2);
24236869 1645
28a76be8
AL		 1646 for (i = 0; i < limit; i++) {
1647 int32_t val = read_s32(data, 4 + (i * 4));
1648 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1649 }
24236869 1650
28a76be8
AL		 1651 set_encodings(vs, (int32_t *)(data + 4), limit);
1652 break;
24236869 1653 case 3:
28a76be8
AL		 1654 if (len == 1)
1655 return 10;
24236869 1656
28a76be8
AL		 1657 framebuffer_update_request(vs,
1658 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1659 read_u16(data, 6), read_u16(data, 8));
1660 break;
24236869 1661 case 4:
28a76be8
AL		 1662 if (len == 1)
1663 return 8;
24236869 1664
28a76be8
AL		 1665 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1666 break;
24236869 1667 case 5:
28a76be8
AL		 1668 if (len == 1)
1669 return 6;
24236869 1670
28a76be8
AL		 1671 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1672 break;
24236869 1673 case 6:
28a76be8
AL		 1674 if (len == 1)
1675 return 8;
24236869 1676
28a76be8 1677 if (len == 8) {
baa7666c
TS		 1678 uint32_t dlen = read_u32(data, 4);
1679 if (dlen > 0)
1680 return 8 + dlen;
1681 }
24236869 1682
28a76be8
AL		 1683 client_cut_text(vs, read_u32(data, 4), data + 8);
1684 break;
9ca313aa
AL		 1685 case 255:
1686 if (len == 1)
1687 return 2;
1688
1689 switch (read_u8(data, 1)) {
1690 case 0:
1691 if (len == 2)
1692 return 12;
1693
1694 ext_key_event(vs, read_u16(data, 2),
1695 read_u32(data, 4), read_u32(data, 8));
1696 break;
429a8ed3 1697 case 1:
1698 if (len == 2)
1699 return 4;
1700
1701 switch (read_u16 (data, 2)) {
1702 case 0:
1703 audio_add(vs);
1704 break;
1705 case 1:
1706 audio_del(vs);
1707 break;
1708 case 2:
1709 if (len == 4)
1710 return 10;
1711 switch (read_u8(data, 4)) {
1712 case 0: vs->as.fmt = AUD_FMT_U8; break;
1713 case 1: vs->as.fmt = AUD_FMT_S8; break;
1714 case 2: vs->as.fmt = AUD_FMT_U16; break;
1715 case 3: vs->as.fmt = AUD_FMT_S16; break;
1716 case 4: vs->as.fmt = AUD_FMT_U32; break;
1717 case 5: vs->as.fmt = AUD_FMT_S32; break;
1718 default:
1719 printf("Invalid audio format %d\n", read_u8(data, 4));
1720 vnc_client_error(vs);
1721 break;
1722 }
1723 vs->as.nchannels = read_u8(data, 5);
1724 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1725 printf("Invalid audio channel coount %d\n",
1726 read_u8(data, 5));
1727 vnc_client_error(vs);
1728 break;
1729 }
1730 vs->as.freq = read_u32(data, 6);
1731 break;
1732 default:
1733 printf ("Invalid audio message %d\n", read_u8(data, 4));
1734 vnc_client_error(vs);
1735 break;
1736 }
1737 break;
1738
9ca313aa
AL		 1739 default:
1740 printf("Msg: %d\n", read_u16(data, 0));
1741 vnc_client_error(vs);
1742 break;
1743 }
1744 break;
24236869 1745 default:
28a76be8
AL		 1746 printf("Msg: %d\n", data[0]);
1747 vnc_client_error(vs);
1748 break;
24236869 1749 }
5fafdf24 1750
24236869
FB		 1751 vnc_read_when(vs, protocol_client_msg, 1);
1752 return 0;
1753}
1754
60fe76f3 1755static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 1756{
c35734b2
TS		 1757 char buf[1024];
1758 int size;
24236869 1759
0e1f5a0c
AL		 1760 vnc_write_u16(vs, ds_get_width(vs->ds));
1761 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 1762
ca4cca4d 1763 pixel_format_message(vs);
24236869 1764
c35734b2
TS		 1765 if (qemu_name)
1766 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1767 else
1768 size = snprintf(buf, sizeof(buf), "QEMU");
1769
1770 vnc_write_u32(vs, size);
1771 vnc_write(vs, buf, size);
24236869
FB		 1772 vnc_flush(vs);
1773
1774 vnc_read_when(vs, protocol_client_msg, 1);
1775
1776 return 0;
1777}
1778
5fb6c7a8
AL		 1779void start_client_init(VncState *vs)
1780{
1781 vnc_read_when(vs, protocol_client_init, 1);
1782}
1783
70848515
TS		 1784static void make_challenge(VncState *vs)
1785{
1786 int i;
1787
1788 srand(time(NULL)+getpid()+getpid()*987654+rand());
1789
1790 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1791 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1792}
1793
60fe76f3 1794static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 1795{
60fe76f3 1796 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 1797 int i, j, pwlen;
60fe76f3 1798 unsigned char key[8];
70848515 1799
753b4053 1800 if (!vs->vd->password || !vs->vd->password[0]) {
28a76be8
AL		 1801 VNC_DEBUG("No password configured on server");
1802 vnc_write_u32(vs, 1); /* Reject auth */
1803 if (vs->minor >= 8) {
1804 static const char err[] = "Authentication failed";
1805 vnc_write_u32(vs, sizeof(err));
1806 vnc_write(vs, err, sizeof(err));
1807 }
1808 vnc_flush(vs);
1809 vnc_client_error(vs);
1810 return 0;
70848515
TS		 1811 }
1812
1813 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1814
1815 /* Calculate the expected challenge response */
753b4053 1816 pwlen = strlen(vs->vd->password);
70848515 1817 for (i=0; i<sizeof(key); i++)
753b4053 1818 key[i] = i<pwlen ? vs->vd->password[i] : 0;
70848515
TS		 1819 deskey(key, EN0);
1820 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1821 des(response+j, response+j);
1822
1823 /* Compare expected vs actual challenge response */
1824 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
28a76be8
AL		 1825 VNC_DEBUG("Client challenge reponse did not match\n");
1826 vnc_write_u32(vs, 1); /* Reject auth */
1827 if (vs->minor >= 8) {
1828 static const char err[] = "Authentication failed";
1829 vnc_write_u32(vs, sizeof(err));
1830 vnc_write(vs, err, sizeof(err));
1831 }
1832 vnc_flush(vs);
1833 vnc_client_error(vs);
70848515 1834 } else {
28a76be8
AL		 1835 VNC_DEBUG("Accepting VNC challenge response\n");
1836 vnc_write_u32(vs, 0); /* Accept auth */
1837 vnc_flush(vs);
70848515 1838
5fb6c7a8 1839 start_client_init(vs);
70848515
TS		 1840 }
1841 return 0;
1842}
1843
5fb6c7a8 1844void start_auth_vnc(VncState *vs)
70848515
TS		 1845{
1846 make_challenge(vs);
1847 /* Send client a 'random' challenge */
1848 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1849 vnc_flush(vs);
1850
1851 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
469b15c6
TS		 1852}
1853
1854
60fe76f3 1855static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 1856{
1857 /* We only advertise 1 auth scheme at a time, so client
1858 * must pick the one we sent. Verify this */
753b4053 1859 if (data[0] != vs->vd->auth) { /* Reject auth */
1263b7d6 1860 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
70848515
TS		 1861 vnc_write_u32(vs, 1);
1862 if (vs->minor >= 8) {
1863 static const char err[] = "Authentication failed";
1864 vnc_write_u32(vs, sizeof(err));
1865 vnc_write(vs, err, sizeof(err));
1866 }
1867 vnc_client_error(vs);
1868 } else { /* Accept requested auth */
1869 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
753b4053 1870 switch (vs->vd->auth) {
70848515
TS		 1871 case VNC_AUTH_NONE:
1872 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 1873 if (vs->minor >= 8) {
1874 vnc_write_u32(vs, 0); /* Accept auth completion */
1875 vnc_flush(vs);
1876 }
5fb6c7a8 1877 start_client_init(vs);
70848515
TS		 1878 break;
1879
1880 case VNC_AUTH_VNC:
1881 VNC_DEBUG("Start VNC auth\n");
5fb6c7a8
AL		 1882 start_auth_vnc(vs);
1883 break;
70848515 1884
eb38c52c 1885#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 1886 case VNC_AUTH_VENCRYPT:
1887 VNC_DEBUG("Accept VeNCrypt auth\n");;
5fb6c7a8
AL		 1888 start_auth_vencrypt(vs);
1889 break;
8d5d2d4c
TS		 1890#endif /* CONFIG_VNC_TLS */
1891
2f9606b3
AL		 1892#ifdef CONFIG_VNC_SASL
1893 case VNC_AUTH_SASL:
1894 VNC_DEBUG("Accept SASL auth\n");
1895 start_auth_sasl(vs);
1896 break;
1897#endif /* CONFIG_VNC_SASL */
1898
70848515 1899 default: /* Should not be possible, but just in case */
1263b7d6 1900 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
70848515
TS		 1901 vnc_write_u8(vs, 1);
1902 if (vs->minor >= 8) {
1903 static const char err[] = "Authentication failed";
1904 vnc_write_u32(vs, sizeof(err));
1905 vnc_write(vs, err, sizeof(err));
1906 }
1907 vnc_client_error(vs);
1908 }
1909 }
1910 return 0;
1911}
1912
60fe76f3 1913static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 1914{
1915 char local[13];
24236869
FB		 1916
1917 memcpy(local, version, 12);
1918 local[12] = 0;
1919
70848515 1920 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
28a76be8
AL		 1921 VNC_DEBUG("Malformed protocol version %s\n", local);
1922 vnc_client_error(vs);
1923 return 0;
24236869 1924 }
70848515
TS		 1925 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1926 if (vs->major != 3 ||
28a76be8
AL		 1927 (vs->minor != 3 &&
1928 vs->minor != 4 &&
1929 vs->minor != 5 &&
1930 vs->minor != 7 &&
1931 vs->minor != 8)) {
1932 VNC_DEBUG("Unsupported client version\n");
1933 vnc_write_u32(vs, VNC_AUTH_INVALID);
1934 vnc_flush(vs);
1935 vnc_client_error(vs);
1936 return 0;
70848515 1937 }
b0566f4f 1938 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 1939 * as equivalent to v3.3 by servers
1940 */
b0566f4f 1941 if (vs->minor == 4 || vs->minor == 5)
28a76be8 1942 vs->minor = 3;
70848515
TS		 1943
1944 if (vs->minor == 3) {
28a76be8 1945 if (vs->vd->auth == VNC_AUTH_NONE) {
70848515 1946 VNC_DEBUG("Tell client auth none\n");
753b4053 1947 vnc_write_u32(vs, vs->vd->auth);
70848515 1948 vnc_flush(vs);
28a76be8 1949 start_client_init(vs);
753b4053 1950 } else if (vs->vd->auth == VNC_AUTH_VNC) {
70848515 1951 VNC_DEBUG("Tell client VNC auth\n");
753b4053 1952 vnc_write_u32(vs, vs->vd->auth);
70848515
TS		 1953 vnc_flush(vs);
1954 start_auth_vnc(vs);
1955 } else {
753b4053 1956 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
70848515
TS		 1957 vnc_write_u32(vs, VNC_AUTH_INVALID);
1958 vnc_flush(vs);
1959 vnc_client_error(vs);
1960 }
1961 } else {
28a76be8
AL		 1962 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
1963 vnc_write_u8(vs, 1); /* num auth */
1964 vnc_write_u8(vs, vs->vd->auth);
1965 vnc_read_when(vs, protocol_client_auth, 1);
1966 vnc_flush(vs);
70848515 1967 }
24236869
FB		 1968
1969 return 0;
1970}
1971
753b4053 1972static void vnc_connect(VncDisplay *vd, int csock)
3aa3eea3 1973{
753b4053
AL		 1974 VncState *vs = qemu_mallocz(sizeof(VncState));
1975 vs->csock = csock;
1976
1977 VNC_DEBUG("New client on socket %d\n", csock);
7d957bd8 1978 dcl->idle = 0;
3aa3eea3
AZ		 1979 socket_set_nonblock(vs->csock);
1980 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
753b4053
AL		 1981
1982 vs->vd = vd;
1983 vs->ds = vd->ds;
1984 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1985 vs->last_x = -1;
1986 vs->last_y = -1;
1987
1988 vs->as.freq = 44100;
1989 vs->as.nchannels = 2;
1990 vs->as.fmt = AUD_FMT_S16;
1991 vs->as.endianness = 0;
1992
1993 vnc_resize(vs);
3aa3eea3
AZ		 1994 vnc_write(vs, "RFB 003.008\n", 12);
1995 vnc_flush(vs);
1996 vnc_read_when(vs, protocol_version, 12);
3aa3eea3 1997 vnc_update_client(vs);
53762ddb 1998 reset_keys(vs);
753b4053
AL		 1999
2000 vs->next = vd->clients;
2001 vd->clients = vs;
3aa3eea3
AZ		 2002}
2003
24236869
FB		 2004static void vnc_listen_read(void *opaque)
2005{
753b4053 2006 VncDisplay *vs = opaque;
24236869
FB		 2007 struct sockaddr_in addr;
2008 socklen_t addrlen = sizeof(addr);
2009
9f60ad50
AZ		 2010 /* Catch-up */
2011 vga_hw_update();
2012
753b4053
AL		 2013 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2014 if (csock != -1) {
2015 vnc_connect(vs, csock);
24236869
FB		 2016 }
2017}
2018
71cab5ca 2019void vnc_display_init(DisplayState *ds)
24236869 2020{
753b4053 2021 VncDisplay *vs;
24236869
FB		 2022
2023 vs = qemu_mallocz(sizeof(VncState));
7d957bd8 2024 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
24236869
FB		 2025
2026 ds->opaque = vs;
7d957bd8 2027 dcl->idle = 1;
753b4053 2028 vnc_display = vs;
24236869
FB		 2029
2030 vs->lsock = -1;
24236869
FB		 2031
2032 vs->ds = ds;
2033
9ca313aa 2034 if (keyboard_layout)
0483755a 2035 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
9ca313aa 2036 else
0483755a 2037 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
24236869 2038
24236869 2039 if (!vs->kbd_layout)
28a76be8 2040 exit(1);
24236869 2041
753b4053 2042 dcl->dpy_copy = vnc_dpy_copy;
7d957bd8
AL		 2043 dcl->dpy_update = vnc_dpy_update;
2044 dcl->dpy_resize = vnc_dpy_resize;
2045 dcl->dpy_setdata = vnc_dpy_setdata;
7d957bd8 2046 register_displaychangelistener(ds, dcl);
71cab5ca
TS		 2047}
2048
6f43024c 2049
71cab5ca
TS		 2050void vnc_display_close(DisplayState *ds)
2051{
753b4053 2052 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
71cab5ca 2053
452b4d88
AL		 2054 if (!vs)
2055 return;
71cab5ca 2056 if (vs->display) {
28a76be8
AL		 2057 qemu_free(vs->display);
2058 vs->display = NULL;
71cab5ca
TS		 2059 }
2060 if (vs->lsock != -1) {
28a76be8
AL		 2061 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2062 close(vs->lsock);
2063 vs->lsock = -1;
71cab5ca 2064 }
70848515 2065 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2066#ifdef CONFIG_VNC_TLS
8d5d2d4c 2067 vs->subauth = VNC_AUTH_INVALID;
5fb6c7a8 2068 vs->tls.x509verify = 0;
8d5d2d4c 2069#endif
70848515
TS		 2070}
2071
2072int vnc_display_password(DisplayState *ds, const char *password)
2073{
753b4053 2074 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515
TS		 2075
2076 if (vs->password) {
28a76be8
AL		 2077 qemu_free(vs->password);
2078 vs->password = NULL;
70848515
TS		 2079 }
2080 if (password && password[0]) {
28a76be8
AL		 2081 if (!(vs->password = qemu_strdup(password)))
2082 return -1;
70848515
TS		 2083 }
2084
2085 return 0;
71cab5ca
TS		 2086}
2087
70848515 2088int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2089{
753b4053 2090 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
70848515
TS		 2091 const char *options;
2092 int password = 0;
3aa3eea3 2093 int reverse = 0;
9712ecaf 2094 int to_port = 0;
eb38c52c 2095#ifdef CONFIG_VNC_TLS
3a702699 2096 int tls = 0, x509 = 0;
8d5d2d4c 2097#endif
2f9606b3
AL		 2098#ifdef CONFIG_VNC_SASL
2099 int sasl = 0;
2100 int saslErr;
2101#endif
76655d6d 2102 int acl = 0;
71cab5ca 2103
753b4053 2104 if (!vnc_display)
452b4d88 2105 return -1;
71cab5ca 2106 vnc_display_close(ds);
70848515 2107 if (strcmp(display, "none") == 0)
28a76be8 2108 return 0;
24236869 2109
70848515 2110 if (!(vs->display = strdup(display)))
28a76be8 2111 return -1;
70848515
TS		 2112
2113 options = display;
2114 while ((options = strchr(options, ','))) {
28a76be8
AL		 2115 options++;
2116 if (strncmp(options, "password", 8) == 0) {
2117 password = 1; /* Require password auth */
2118 } else if (strncmp(options, "reverse", 7) == 0) {
2119 reverse = 1;
2120 } else if (strncmp(options, "to=", 3) == 0) {
9712ecaf 2121 to_port = atoi(options+3) + 5900;
2f9606b3 2122#ifdef CONFIG_VNC_SASL
28a76be8
AL		 2123 } else if (strncmp(options, "sasl", 4) == 0) {
2124 sasl = 1; /* Require SASL auth */
2f9606b3 2125#endif
eb38c52c 2126#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2127 } else if (strncmp(options, "tls", 3) == 0) {
2128 tls = 1; /* Require TLS */
2129 } else if (strncmp(options, "x509", 4) == 0) {
2130 char *start, *end;
2131 x509 = 1; /* Require x509 certificates */
2132 if (strncmp(options, "x509verify", 10) == 0)
2133 vs->tls.x509verify = 1; /* ...and verify client certs */
2134
2135 /* Now check for 'x509=/some/path' postfix
2136 * and use that to setup x509 certificate/key paths */
2137 start = strchr(options, '=');
2138 end = strchr(options, ',');
2139 if (start && (!end || (start < end))) {
2140 int len = end ? end-(start+1) : strlen(start+1);
2141 char *path = qemu_strndup(start + 1, len);
2142
2143 VNC_DEBUG("Trying certificate path '%s'\n", path);
2144 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2145 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2146 qemu_free(path);
2147 qemu_free(vs->display);
2148 vs->display = NULL;
2149 return -1;
2150 }
2151 qemu_free(path);
2152 } else {
2153 fprintf(stderr, "No certificate path provided\n");
2154 qemu_free(vs->display);
2155 vs->display = NULL;
2156 return -1;
2157 }
8d5d2d4c 2158#endif
28a76be8
AL		 2159 } else if (strncmp(options, "acl", 3) == 0) {
2160 acl = 1;
2161 }
70848515
TS		 2162 }
2163
76655d6d
AL		 2164#ifdef CONFIG_VNC_TLS
2165 if (acl && x509 && vs->tls.x509verify) {
28a76be8
AL		 2166 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2167 fprintf(stderr, "Failed to create x509 dname ACL\n");
2168 exit(1);
2169 }
76655d6d
AL		 2170 }
2171#endif
2172#ifdef CONFIG_VNC_SASL
2173 if (acl && sasl) {
28a76be8
AL		 2174 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2175 fprintf(stderr, "Failed to create username ACL\n");
2176 exit(1);
2177 }
76655d6d
AL		 2178 }
2179#endif
2180
2f9606b3
AL		 2181 /*
2182 * Combinations we support here:
2183 *
2184 * - no-auth (clear text, no auth)
2185 * - password (clear text, weak auth)
2186 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2187 * - tls (encrypt, weak anonymous creds, no auth)
2188 * - tls + password (encrypt, weak anonymous creds, weak auth)
2189 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2190 * - tls + x509 (encrypt, good x509 creds, no auth)
2191 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2192 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2193 *
2194 * NB1. TLS is a stackable auth scheme.
2195 * NB2. the x509 schemes have option to validate a client cert dname
2196 */
70848515 2197 if (password) {
eb38c52c 2198#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2199 if (tls) {
2200 vs->auth = VNC_AUTH_VENCRYPT;
2201 if (x509) {
2202 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2203 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2204 } else {
2205 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2206 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2207 }
2208 } else {
2f9606b3 2209#endif /* CONFIG_VNC_TLS */
28a76be8
AL		 2210 VNC_DEBUG("Initializing VNC server with password auth\n");
2211 vs->auth = VNC_AUTH_VNC;
eb38c52c 2212#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2213 vs->subauth = VNC_AUTH_INVALID;
2214 }
2f9606b3
AL		 2215#endif /* CONFIG_VNC_TLS */
2216#ifdef CONFIG_VNC_SASL
2217 } else if (sasl) {
2218#ifdef CONFIG_VNC_TLS
2219 if (tls) {
2220 vs->auth = VNC_AUTH_VENCRYPT;
2221 if (x509) {
28a76be8 2222 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2f9606b3
AL		 2223 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2224 } else {
28a76be8 2225 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2f9606b3
AL		 2226 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2227 }
2228 } else {
2229#endif /* CONFIG_VNC_TLS */
28a76be8 2230 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2f9606b3
AL		 2231 vs->auth = VNC_AUTH_SASL;
2232#ifdef CONFIG_VNC_TLS
2233 vs->subauth = VNC_AUTH_INVALID;
2234 }
2235#endif /* CONFIG_VNC_TLS */
2236#endif /* CONFIG_VNC_SASL */
70848515 2237 } else {
eb38c52c 2238#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2239 if (tls) {
2240 vs->auth = VNC_AUTH_VENCRYPT;
2241 if (x509) {
2242 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2243 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2244 } else {
2245 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2246 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2247 }
2248 } else {
8d5d2d4c 2249#endif
28a76be8
AL		 2250 VNC_DEBUG("Initializing VNC server with no auth\n");
2251 vs->auth = VNC_AUTH_NONE;
eb38c52c 2252#ifdef CONFIG_VNC_TLS
28a76be8
AL		 2253 vs->subauth = VNC_AUTH_INVALID;
2254 }
8d5d2d4c 2255#endif
70848515 2256 }
24236869 2257
2f9606b3
AL		 2258#ifdef CONFIG_VNC_SASL
2259 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2260 fprintf(stderr, "Failed to initialize SASL auth %s",
2261 sasl_errstring(saslErr, NULL, NULL));
2262 free(vs->display);
2263 vs->display = NULL;
2264 return -1;
2265 }
2266#endif
2267
3aa3eea3 2268 if (reverse) {
9712ecaf
AL		 2269 /* connect to viewer */
2270 if (strncmp(display, "unix:", 5) == 0)
2271 vs->lsock = unix_connect(display+5);
2272 else
2273 vs->lsock = inet_connect(display, SOCK_STREAM);
2274 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2275 free(vs->display);
2276 vs->display = NULL;
2277 return -1;
2278 } else {
753b4053 2279 int csock = vs->lsock;
3aa3eea3 2280 vs->lsock = -1;
753b4053 2281 vnc_connect(vs, csock);
3aa3eea3 2282 }
9712ecaf 2283 return 0;
24236869 2284
9712ecaf
AL		 2285 } else {
2286 /* listen for connects */
2287 char *dpy;
2288 dpy = qemu_malloc(256);
2289 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2290 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2291 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2292 } else {
2293 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2294 }
2295 if (-1 == vs->lsock) {
2296 free(dpy);
d0513623 2297 return -1;
9712ecaf
AL		 2298 } else {
2299 free(vs->display);
2300 vs->display = dpy;
2301 }
24236869 2302 }
753b4053 2303 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
24236869 2304}
QEMU mirror