]> git.proxmox.com Git - qemu.git/blob - ui/vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'x86cpu_qom_tcg_v2' of git://github.com/imammedo/qemu
[qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "vnc-jobs.h"
29 #include "sysemu.h"
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
32 #include "acl.h"
33 #include "qemu-objects.h"
34 #include "qmp-commands.h"
35 #include "osdep.h"
36
37 #define VNC_REFRESH_INTERVAL_BASE 30
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX 2000
40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
42
43 #include "vnc_keysym.h"
44 #include "d3des.h"
45
46 static VncDisplay *vnc_display; /* needed for info vnc */
47 static DisplayChangeListener *dcl;
48
49 static int vnc_cursor_define(VncState *vs);
50 static void vnc_release_modifiers(VncState *vs);
51
52 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
53 {
54 #ifdef _VNC_DEBUG
55 static const char *mn[] = {
56 [0] = "undefined",
57 [VNC_SHARE_MODE_CONNECTING] = "connecting",
58 [VNC_SHARE_MODE_SHARED] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
61 };
62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
63 vs->csock, mn[vs->share_mode], mn[mode]);
64 #endif
65
66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
67 vs->vd->num_exclusive--;
68 }
69 vs->share_mode = mode;
70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
71 vs->vd->num_exclusive++;
72 }
73 }
74
75 static char *addr_to_string(const char *format,
76 struct sockaddr_storage *sa,
77 socklen_t salen) {
78 char *addr;
79 char host[NI_MAXHOST];
80 char serv[NI_MAXSERV];
81 int err;
82 size_t addrlen;
83
84 if ((err = getnameinfo((struct sockaddr *)sa, salen,
85 host, sizeof(host),
86 serv, sizeof(serv),
87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err, gai_strerror(err));
90 return NULL;
91 }
92
93 /* Enough for the existing format + the 2 vars we're
94 * substituting in. */
95 addrlen = strlen(format) + strlen(host) + strlen(serv);
96 addr = g_malloc(addrlen + 1);
97 snprintf(addr, addrlen, format, host, serv);
98 addr[addrlen] = '\0';
99
100 return addr;
101 }
102
103
104 char *vnc_socket_local_addr(const char *format, int fd) {
105 struct sockaddr_storage sa;
106 socklen_t salen;
107
108 salen = sizeof(sa);
109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
110 return NULL;
111
112 return addr_to_string(format, &sa, salen);
113 }
114
115 char *vnc_socket_remote_addr(const char *format, int fd) {
116 struct sockaddr_storage sa;
117 socklen_t salen;
118
119 salen = sizeof(sa);
120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
121 return NULL;
122
123 return addr_to_string(format, &sa, salen);
124 }
125
126 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
127 socklen_t salen)
128 {
129 char host[NI_MAXHOST];
130 char serv[NI_MAXSERV];
131 int err;
132
133 if ((err = getnameinfo((struct sockaddr *)sa, salen,
134 host, sizeof(host),
135 serv, sizeof(serv),
136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err, gai_strerror(err));
139 return -1;
140 }
141
142 qdict_put(qdict, "host", qstring_from_str(host));
143 qdict_put(qdict, "service", qstring_from_str(serv));
144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
145
146 return 0;
147 }
148
149 static int vnc_server_addr_put(QDict *qdict, int fd)
150 {
151 struct sockaddr_storage sa;
152 socklen_t salen;
153
154 salen = sizeof(sa);
155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
156 return -1;
157 }
158
159 return put_addr_qdict(qdict, &sa, salen);
160 }
161
162 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
163 {
164 struct sockaddr_storage sa;
165 socklen_t salen;
166
167 salen = sizeof(sa);
168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
169 return -1;
170 }
171
172 return put_addr_qdict(qdict, &sa, salen);
173 }
174
175 static const char *vnc_auth_name(VncDisplay *vd) {
176 switch (vd->auth) {
177 case VNC_AUTH_INVALID:
178 return "invalid";
179 case VNC_AUTH_NONE:
180 return "none";
181 case VNC_AUTH_VNC:
182 return "vnc";
183 case VNC_AUTH_RA2:
184 return "ra2";
185 case VNC_AUTH_RA2NE:
186 return "ra2ne";
187 case VNC_AUTH_TIGHT:
188 return "tight";
189 case VNC_AUTH_ULTRA:
190 return "ultra";
191 case VNC_AUTH_TLS:
192 return "tls";
193 case VNC_AUTH_VENCRYPT:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd->subauth) {
196 case VNC_AUTH_VENCRYPT_PLAIN:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL:
213 return "vencrypt+x509+sasl";
214 default:
215 return "vencrypt";
216 }
217 #else
218 return "vencrypt";
219 #endif
220 case VNC_AUTH_SASL:
221 return "sasl";
222 }
223 return "unknown";
224 }
225
226 static int vnc_server_info_put(QDict *qdict)
227 {
228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
229 return -1;
230 }
231
232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
233 return 0;
234 }
235
236 static void vnc_client_cache_auth(VncState *client)
237 {
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
239 QDict *qdict;
240 #endif
241
242 if (!client->info) {
243 return;
244 }
245
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict = qobject_to_qdict(client->info);
248 #endif
249
250 #ifdef CONFIG_VNC_TLS
251 if (client->tls.session &&
252 client->tls.dname) {
253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
254 }
255 #endif
256 #ifdef CONFIG_VNC_SASL
257 if (client->sasl.conn &&
258 client->sasl.username) {
259 qdict_put(qdict, "sasl_username",
260 qstring_from_str(client->sasl.username));
261 }
262 #endif
263 }
264
265 static void vnc_client_cache_addr(VncState *client)
266 {
267 QDict *qdict;
268
269 qdict = qdict_new();
270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
271 QDECREF(qdict);
272 /* XXX: how to report the error? */
273 return;
274 }
275
276 client->info = QOBJECT(qdict);
277 }
278
279 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
280 {
281 QDict *server;
282 QObject *data;
283
284 if (!vs->info) {
285 return;
286 }
287
288 server = qdict_new();
289 if (vnc_server_info_put(server) < 0) {
290 QDECREF(server);
291 return;
292 }
293
294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs->info, QOBJECT(server));
296
297 monitor_protocol_event(event, data);
298
299 qobject_incref(vs->info);
300 qobject_decref(data);
301 }
302
303 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
304 {
305 struct sockaddr_storage sa;
306 socklen_t salen = sizeof(sa);
307 char host[NI_MAXHOST];
308 char serv[NI_MAXSERV];
309 VncClientInfo *info;
310
311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
312 return NULL;
313 }
314
315 if (getnameinfo((struct sockaddr *)&sa, salen,
316 host, sizeof(host),
317 serv, sizeof(serv),
318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
319 return NULL;
320 }
321
322 info = g_malloc0(sizeof(*info));
323 info->host = g_strdup(host);
324 info->service = g_strdup(serv);
325 info->family = g_strdup(inet_strfamily(sa.ss_family));
326
327 #ifdef CONFIG_VNC_TLS
328 if (client->tls.session && client->tls.dname) {
329 info->has_x509_dname = true;
330 info->x509_dname = g_strdup(client->tls.dname);
331 }
332 #endif
333 #ifdef CONFIG_VNC_SASL
334 if (client->sasl.conn && client->sasl.username) {
335 info->has_sasl_username = true;
336 info->sasl_username = g_strdup(client->sasl.username);
337 }
338 #endif
339
340 return info;
341 }
342
343 VncInfo *qmp_query_vnc(Error **errp)
344 {
345 VncInfo *info = g_malloc0(sizeof(*info));
346
347 if (vnc_display == NULL || vnc_display->display == NULL) {
348 info->enabled = false;
349 } else {
350 VncClientInfoList *cur_item = NULL;
351 struct sockaddr_storage sa;
352 socklen_t salen = sizeof(sa);
353 char host[NI_MAXHOST];
354 char serv[NI_MAXSERV];
355 VncState *client;
356
357 info->enabled = true;
358
359 /* for compatibility with the original command */
360 info->has_clients = true;
361
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
364 cinfo->value = qmp_query_vnc_client(client);
365
366 /* XXX: waiting for the qapi to support GSList */
367 if (!cur_item) {
368 info->clients = cur_item = cinfo;
369 } else {
370 cur_item->next = cinfo;
371 cur_item = cinfo;
372 }
373 }
374
375 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
376 &salen) == -1) {
377 error_set(errp, QERR_UNDEFINED_ERROR);
378 goto out_error;
379 }
380
381 if (getnameinfo((struct sockaddr *)&sa, salen,
382 host, sizeof(host),
383 serv, sizeof(serv),
384 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
385 error_set(errp, QERR_UNDEFINED_ERROR);
386 goto out_error;
387 }
388
389 info->has_host = true;
390 info->host = g_strdup(host);
391
392 info->has_service = true;
393 info->service = g_strdup(serv);
394
395 info->has_family = true;
396 info->family = g_strdup(inet_strfamily(sa.ss_family));
397
398 info->has_auth = true;
399 info->auth = g_strdup(vnc_auth_name(vnc_display));
400 }
401
402 return info;
403
404 out_error:
405 qapi_free_VncInfo(info);
406 return NULL;
407 }
408
409 /* TODO
410 1) Get the queue working for IO.
411 2) there is some weirdness when using the -S option (the screen is grey
412 and not totally invalidated
413 3) resolutions > 1024
414 */
415
416 static int vnc_update_client(VncState *vs, int has_dirty);
417 static int vnc_update_client_sync(VncState *vs, int has_dirty);
418 static void vnc_disconnect_start(VncState *vs);
419 static void vnc_disconnect_finish(VncState *vs);
420 static void vnc_init_timer(VncDisplay *vd);
421 static void vnc_remove_timer(VncDisplay *vd);
422
423 static void vnc_colordepth(VncState *vs);
424 static void framebuffer_update_request(VncState *vs, int incremental,
425 int x_position, int y_position,
426 int w, int h);
427 static void vnc_refresh(void *opaque);
428 static int vnc_refresh_server_surface(VncDisplay *vd);
429
430 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
431 {
432 int i;
433 VncDisplay *vd = ds->opaque;
434 struct VncSurface *s = &vd->guest;
435
436 h += y;
437
438 /* round x down to ensure the loop only spans one 16-pixel block per,
439 iteration. otherwise, if (x % 16) != 0, the last iteration may span
440 two 16-pixel blocks but we only mark the first as dirty
441 */
442 w += (x % 16);
443 x -= (x % 16);
444
445 x = MIN(x, s->ds->width);
446 y = MIN(y, s->ds->height);
447 w = MIN(x + w, s->ds->width) - x;
448 h = MIN(h, s->ds->height);
449
450 for (; y < h; y++)
451 for (i = 0; i < w; i += 16)
452 set_bit((x + i) / 16, s->dirty[y]);
453 }
454
455 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
456 int32_t encoding)
457 {
458 vnc_write_u16(vs, x);
459 vnc_write_u16(vs, y);
460 vnc_write_u16(vs, w);
461 vnc_write_u16(vs, h);
462
463 vnc_write_s32(vs, encoding);
464 }
465
466 void buffer_reserve(Buffer *buffer, size_t len)
467 {
468 if ((buffer->capacity - buffer->offset) < len) {
469 buffer->capacity += (len + 1024);
470 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
471 if (buffer->buffer == NULL) {
472 fprintf(stderr, "vnc: out of memory\n");
473 exit(1);
474 }
475 }
476 }
477
478 int buffer_empty(Buffer *buffer)
479 {
480 return buffer->offset == 0;
481 }
482
483 uint8_t *buffer_end(Buffer *buffer)
484 {
485 return buffer->buffer + buffer->offset;
486 }
487
488 void buffer_reset(Buffer *buffer)
489 {
490 buffer->offset = 0;
491 }
492
493 void buffer_free(Buffer *buffer)
494 {
495 g_free(buffer->buffer);
496 buffer->offset = 0;
497 buffer->capacity = 0;
498 buffer->buffer = NULL;
499 }
500
501 void buffer_append(Buffer *buffer, const void *data, size_t len)
502 {
503 memcpy(buffer->buffer + buffer->offset, data, len);
504 buffer->offset += len;
505 }
506
507 static void vnc_desktop_resize(VncState *vs)
508 {
509 DisplayState *ds = vs->ds;
510
511 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
512 return;
513 }
514 if (vs->client_width == ds_get_width(ds) &&
515 vs->client_height == ds_get_height(ds)) {
516 return;
517 }
518 vs->client_width = ds_get_width(ds);
519 vs->client_height = ds_get_height(ds);
520 vnc_lock_output(vs);
521 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
522 vnc_write_u8(vs, 0);
523 vnc_write_u16(vs, 1); /* number of rects */
524 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
525 VNC_ENCODING_DESKTOPRESIZE);
526 vnc_unlock_output(vs);
527 vnc_flush(vs);
528 }
529
530 static void vnc_abort_display_jobs(VncDisplay *vd)
531 {
532 VncState *vs;
533
534 QTAILQ_FOREACH(vs, &vd->clients, next) {
535 vnc_lock_output(vs);
536 vs->abort = true;
537 vnc_unlock_output(vs);
538 }
539 QTAILQ_FOREACH(vs, &vd->clients, next) {
540 vnc_jobs_join(vs);
541 }
542 QTAILQ_FOREACH(vs, &vd->clients, next) {
543 vnc_lock_output(vs);
544 vs->abort = false;
545 vnc_unlock_output(vs);
546 }
547 }
548
549 static void vnc_dpy_resize(DisplayState *ds)
550 {
551 VncDisplay *vd = ds->opaque;
552 VncState *vs;
553
554 vnc_abort_display_jobs(vd);
555
556 /* server surface */
557 if (!vd->server)
558 vd->server = g_malloc0(sizeof(*vd->server));
559 if (vd->server->data)
560 g_free(vd->server->data);
561 *(vd->server) = *(ds->surface);
562 vd->server->data = g_malloc0(vd->server->linesize *
563 vd->server->height);
564
565 /* guest surface */
566 if (!vd->guest.ds)
567 vd->guest.ds = g_malloc0(sizeof(*vd->guest.ds));
568 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
569 console_color_init(ds);
570 *(vd->guest.ds) = *(ds->surface);
571 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
572
573 QTAILQ_FOREACH(vs, &vd->clients, next) {
574 vnc_colordepth(vs);
575 vnc_desktop_resize(vs);
576 if (vs->vd->cursor) {
577 vnc_cursor_define(vs);
578 }
579 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
580 }
581 }
582
583 /* fastest code */
584 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
585 void *pixels, int size)
586 {
587 vnc_write(vs, pixels, size);
588 }
589
590 /* slowest but generic code. */
591 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
592 {
593 uint8_t r, g, b;
594 VncDisplay *vd = vs->vd;
595
596 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
597 vd->server->pf.rbits);
598 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
599 vd->server->pf.gbits);
600 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
601 vd->server->pf.bbits);
602 v = (r << vs->clientds.pf.rshift) |
603 (g << vs->clientds.pf.gshift) |
604 (b << vs->clientds.pf.bshift);
605 switch(vs->clientds.pf.bytes_per_pixel) {
606 case 1:
607 buf[0] = v;
608 break;
609 case 2:
610 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
611 buf[0] = v >> 8;
612 buf[1] = v;
613 } else {
614 buf[1] = v >> 8;
615 buf[0] = v;
616 }
617 break;
618 default:
619 case 4:
620 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
621 buf[0] = v >> 24;
622 buf[1] = v >> 16;
623 buf[2] = v >> 8;
624 buf[3] = v;
625 } else {
626 buf[3] = v >> 24;
627 buf[2] = v >> 16;
628 buf[1] = v >> 8;
629 buf[0] = v;
630 }
631 break;
632 }
633 }
634
635 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
636 void *pixels1, int size)
637 {
638 uint8_t buf[4];
639
640 if (pf->bytes_per_pixel == 4) {
641 uint32_t *pixels = pixels1;
642 int n, i;
643 n = size >> 2;
644 for(i = 0; i < n; i++) {
645 vnc_convert_pixel(vs, buf, pixels[i]);
646 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
647 }
648 } else if (pf->bytes_per_pixel == 2) {
649 uint16_t *pixels = pixels1;
650 int n, i;
651 n = size >> 1;
652 for(i = 0; i < n; i++) {
653 vnc_convert_pixel(vs, buf, pixels[i]);
654 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
655 }
656 } else if (pf->bytes_per_pixel == 1) {
657 uint8_t *pixels = pixels1;
658 int n, i;
659 n = size;
660 for(i = 0; i < n; i++) {
661 vnc_convert_pixel(vs, buf, pixels[i]);
662 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
663 }
664 } else {
665 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
666 }
667 }
668
669 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
670 {
671 int i;
672 uint8_t *row;
673 VncDisplay *vd = vs->vd;
674
675 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
676 for (i = 0; i < h; i++) {
677 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
678 row += ds_get_linesize(vs->ds);
679 }
680 return 1;
681 }
682
683 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
684 {
685 int n = 0;
686
687 switch(vs->vnc_encoding) {
688 case VNC_ENCODING_ZLIB:
689 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
690 break;
691 case VNC_ENCODING_HEXTILE:
692 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
693 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
694 break;
695 case VNC_ENCODING_TIGHT:
696 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
697 break;
698 case VNC_ENCODING_TIGHT_PNG:
699 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
700 break;
701 case VNC_ENCODING_ZRLE:
702 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
703 break;
704 case VNC_ENCODING_ZYWRLE:
705 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
706 break;
707 default:
708 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
709 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
710 break;
711 }
712 return n;
713 }
714
715 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
716 {
717 /* send bitblit op to the vnc client */
718 vnc_lock_output(vs);
719 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
720 vnc_write_u8(vs, 0);
721 vnc_write_u16(vs, 1); /* number of rects */
722 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
723 vnc_write_u16(vs, src_x);
724 vnc_write_u16(vs, src_y);
725 vnc_unlock_output(vs);
726 vnc_flush(vs);
727 }
728
729 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
730 {
731 VncDisplay *vd = ds->opaque;
732 VncState *vs, *vn;
733 uint8_t *src_row;
734 uint8_t *dst_row;
735 int i,x,y,pitch,depth,inc,w_lim,s;
736 int cmp_bytes;
737
738 vnc_refresh_server_surface(vd);
739 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
740 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
741 vs->force_update = 1;
742 vnc_update_client_sync(vs, 1);
743 /* vs might be free()ed here */
744 }
745 }
746
747 /* do bitblit op on the local surface too */
748 pitch = ds_get_linesize(vd->ds);
749 depth = ds_get_bytes_per_pixel(vd->ds);
750 src_row = vd->server->data + pitch * src_y + depth * src_x;
751 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
752 y = dst_y;
753 inc = 1;
754 if (dst_y > src_y) {
755 /* copy backwards */
756 src_row += pitch * (h-1);
757 dst_row += pitch * (h-1);
758 pitch = -pitch;
759 y = dst_y + h - 1;
760 inc = -1;
761 }
762 w_lim = w - (16 - (dst_x % 16));
763 if (w_lim < 0)
764 w_lim = w;
765 else
766 w_lim = w - (w_lim % 16);
767 for (i = 0; i < h; i++) {
768 for (x = 0; x <= w_lim;
769 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
770 if (x == w_lim) {
771 if ((s = w - w_lim) == 0)
772 break;
773 } else if (!x) {
774 s = (16 - (dst_x % 16));
775 s = MIN(s, w_lim);
776 } else {
777 s = 16;
778 }
779 cmp_bytes = s * depth;
780 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
781 continue;
782 memmove(dst_row, src_row, cmp_bytes);
783 QTAILQ_FOREACH(vs, &vd->clients, next) {
784 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
785 set_bit(((x + dst_x) / 16), vs->dirty[y]);
786 }
787 }
788 }
789 src_row += pitch - w * depth;
790 dst_row += pitch - w * depth;
791 y += inc;
792 }
793
794 QTAILQ_FOREACH(vs, &vd->clients, next) {
795 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
796 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
797 }
798 }
799 }
800
801 static void vnc_mouse_set(int x, int y, int visible)
802 {
803 /* can we ask the client(s) to move the pointer ??? */
804 }
805
806 static int vnc_cursor_define(VncState *vs)
807 {
808 QEMUCursor *c = vs->vd->cursor;
809 PixelFormat pf = qemu_default_pixelformat(32);
810 int isize;
811
812 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
813 vnc_lock_output(vs);
814 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
815 vnc_write_u8(vs, 0); /* padding */
816 vnc_write_u16(vs, 1); /* # of rects */
817 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
818 VNC_ENCODING_RICH_CURSOR);
819 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
820 vnc_write_pixels_generic(vs, &pf, c->data, isize);
821 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
822 vnc_unlock_output(vs);
823 return 0;
824 }
825 return -1;
826 }
827
828 static void vnc_dpy_cursor_define(QEMUCursor *c)
829 {
830 VncDisplay *vd = vnc_display;
831 VncState *vs;
832
833 cursor_put(vd->cursor);
834 g_free(vd->cursor_mask);
835
836 vd->cursor = c;
837 cursor_get(vd->cursor);
838 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
839 vd->cursor_mask = g_malloc0(vd->cursor_msize);
840 cursor_get_mono_mask(c, 0, vd->cursor_mask);
841
842 QTAILQ_FOREACH(vs, &vd->clients, next) {
843 vnc_cursor_define(vs);
844 }
845 }
846
847 static int find_and_clear_dirty_height(struct VncState *vs,
848 int y, int last_x, int x, int height)
849 {
850 int h;
851
852 for (h = 1; h < (height - y); h++) {
853 int tmp_x;
854 if (!test_bit(last_x, vs->dirty[y + h])) {
855 break;
856 }
857 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
858 clear_bit(tmp_x, vs->dirty[y + h]);
859 }
860 }
861
862 return h;
863 }
864
865 static int vnc_update_client_sync(VncState *vs, int has_dirty)
866 {
867 int ret = vnc_update_client(vs, has_dirty);
868 vnc_jobs_join(vs);
869 return ret;
870 }
871
872 static int vnc_update_client(VncState *vs, int has_dirty)
873 {
874 if (vs->need_update && vs->csock != -1) {
875 VncDisplay *vd = vs->vd;
876 VncJob *job;
877 int y;
878 int width, height;
879 int n = 0;
880
881
882 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
883 /* kernel send buffers are full -> drop frames to throttle */
884 return 0;
885
886 if (!has_dirty && !vs->audio_cap && !vs->force_update)
887 return 0;
888
889 /*
890 * Send screen updates to the vnc client using the server
891 * surface and server dirty map. guest surface updates
892 * happening in parallel don't disturb us, the next pass will
893 * send them to the client.
894 */
895 job = vnc_job_new(vs);
896
897 width = MIN(vd->server->width, vs->client_width);
898 height = MIN(vd->server->height, vs->client_height);
899
900 for (y = 0; y < height; y++) {
901 int x;
902 int last_x = -1;
903 for (x = 0; x < width / 16; x++) {
904 if (test_and_clear_bit(x, vs->dirty[y])) {
905 if (last_x == -1) {
906 last_x = x;
907 }
908 } else {
909 if (last_x != -1) {
910 int h = find_and_clear_dirty_height(vs, y, last_x, x,
911 height);
912
913 n += vnc_job_add_rect(job, last_x * 16, y,
914 (x - last_x) * 16, h);
915 }
916 last_x = -1;
917 }
918 }
919 if (last_x != -1) {
920 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
921 n += vnc_job_add_rect(job, last_x * 16, y,
922 (x - last_x) * 16, h);
923 }
924 }
925
926 vnc_job_push(job);
927 vs->force_update = 0;
928 return n;
929 }
930
931 if (vs->csock == -1)
932 vnc_disconnect_finish(vs);
933
934 return 0;
935 }
936
937 /* audio */
938 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
939 {
940 VncState *vs = opaque;
941
942 switch (cmd) {
943 case AUD_CNOTIFY_DISABLE:
944 vnc_lock_output(vs);
945 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
946 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
947 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
948 vnc_unlock_output(vs);
949 vnc_flush(vs);
950 break;
951
952 case AUD_CNOTIFY_ENABLE:
953 vnc_lock_output(vs);
954 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
955 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
956 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
957 vnc_unlock_output(vs);
958 vnc_flush(vs);
959 break;
960 }
961 }
962
963 static void audio_capture_destroy(void *opaque)
964 {
965 }
966
967 static void audio_capture(void *opaque, void *buf, int size)
968 {
969 VncState *vs = opaque;
970
971 vnc_lock_output(vs);
972 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
973 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
974 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
975 vnc_write_u32(vs, size);
976 vnc_write(vs, buf, size);
977 vnc_unlock_output(vs);
978 vnc_flush(vs);
979 }
980
981 static void audio_add(VncState *vs)
982 {
983 struct audio_capture_ops ops;
984
985 if (vs->audio_cap) {
986 monitor_printf(default_mon, "audio already running\n");
987 return;
988 }
989
990 ops.notify = audio_capture_notify;
991 ops.destroy = audio_capture_destroy;
992 ops.capture = audio_capture;
993
994 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
995 if (!vs->audio_cap) {
996 monitor_printf(default_mon, "Failed to add audio capture\n");
997 }
998 }
999
1000 static void audio_del(VncState *vs)
1001 {
1002 if (vs->audio_cap) {
1003 AUD_del_capture(vs->audio_cap, vs);
1004 vs->audio_cap = NULL;
1005 }
1006 }
1007
1008 static void vnc_disconnect_start(VncState *vs)
1009 {
1010 if (vs->csock == -1)
1011 return;
1012 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1013 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1014 closesocket(vs->csock);
1015 vs->csock = -1;
1016 }
1017
1018 static void vnc_disconnect_finish(VncState *vs)
1019 {
1020 int i;
1021
1022 vnc_jobs_join(vs); /* Wait encoding jobs */
1023
1024 vnc_lock_output(vs);
1025 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1026
1027 buffer_free(&vs->input);
1028 buffer_free(&vs->output);
1029
1030 qobject_decref(vs->info);
1031
1032 vnc_zlib_clear(vs);
1033 vnc_tight_clear(vs);
1034 vnc_zrle_clear(vs);
1035
1036 #ifdef CONFIG_VNC_TLS
1037 vnc_tls_client_cleanup(vs);
1038 #endif /* CONFIG_VNC_TLS */
1039 #ifdef CONFIG_VNC_SASL
1040 vnc_sasl_client_cleanup(vs);
1041 #endif /* CONFIG_VNC_SASL */
1042 audio_del(vs);
1043 vnc_release_modifiers(vs);
1044
1045 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1046
1047 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1048 dcl->idle = 1;
1049 }
1050
1051 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1052 vnc_remove_timer(vs->vd);
1053 if (vs->vd->lock_key_sync)
1054 qemu_remove_led_event_handler(vs->led);
1055 vnc_unlock_output(vs);
1056
1057 qemu_mutex_destroy(&vs->output_mutex);
1058 qemu_bh_delete(vs->bh);
1059 buffer_free(&vs->jobs_buffer);
1060
1061 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1062 g_free(vs->lossy_rect[i]);
1063 }
1064 g_free(vs->lossy_rect);
1065 g_free(vs);
1066 }
1067
1068 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1069 {
1070 if (ret == 0 || ret == -1) {
1071 if (ret == -1) {
1072 switch (last_errno) {
1073 case EINTR:
1074 case EAGAIN:
1075 #ifdef _WIN32
1076 case WSAEWOULDBLOCK:
1077 #endif
1078 return 0;
1079 default:
1080 break;
1081 }
1082 }
1083
1084 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1085 ret, ret < 0 ? last_errno : 0);
1086 vnc_disconnect_start(vs);
1087
1088 return 0;
1089 }
1090 return ret;
1091 }
1092
1093
1094 void vnc_client_error(VncState *vs)
1095 {
1096 VNC_DEBUG("Closing down client sock: protocol error\n");
1097 vnc_disconnect_start(vs);
1098 }
1099
1100
1101 /*
1102 * Called to write a chunk of data to the client socket. The data may
1103 * be the raw data, or may have already been encoded by SASL.
1104 * The data will be written either straight onto the socket, or
1105 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1106 *
1107 * NB, it is theoretically possible to have 2 layers of encryption,
1108 * both SASL, and this TLS layer. It is highly unlikely in practice
1109 * though, since SASL encryption will typically be a no-op if TLS
1110 * is active
1111 *
1112 * Returns the number of bytes written, which may be less than
1113 * the requested 'datalen' if the socket would block. Returns
1114 * -1 on error, and disconnects the client socket.
1115 */
1116 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1117 {
1118 long ret;
1119 #ifdef CONFIG_VNC_TLS
1120 if (vs->tls.session) {
1121 ret = gnutls_write(vs->tls.session, data, datalen);
1122 if (ret < 0) {
1123 if (ret == GNUTLS_E_AGAIN)
1124 errno = EAGAIN;
1125 else
1126 errno = EIO;
1127 ret = -1;
1128 }
1129 } else
1130 #endif /* CONFIG_VNC_TLS */
1131 ret = send(vs->csock, (const void *)data, datalen, 0);
1132 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1133 return vnc_client_io_error(vs, ret, socket_error());
1134 }
1135
1136
1137 /*
1138 * Called to write buffered data to the client socket, when not
1139 * using any SASL SSF encryption layers. Will write as much data
1140 * as possible without blocking. If all buffered data is written,
1141 * will switch the FD poll() handler back to read monitoring.
1142 *
1143 * Returns the number of bytes written, which may be less than
1144 * the buffered output data if the socket would block. Returns
1145 * -1 on error, and disconnects the client socket.
1146 */
1147 static long vnc_client_write_plain(VncState *vs)
1148 {
1149 long ret;
1150
1151 #ifdef CONFIG_VNC_SASL
1152 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1153 vs->output.buffer, vs->output.capacity, vs->output.offset,
1154 vs->sasl.waitWriteSSF);
1155
1156 if (vs->sasl.conn &&
1157 vs->sasl.runSSF &&
1158 vs->sasl.waitWriteSSF) {
1159 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1160 if (ret)
1161 vs->sasl.waitWriteSSF -= ret;
1162 } else
1163 #endif /* CONFIG_VNC_SASL */
1164 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1165 if (!ret)
1166 return 0;
1167
1168 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1169 vs->output.offset -= ret;
1170
1171 if (vs->output.offset == 0) {
1172 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1173 }
1174
1175 return ret;
1176 }
1177
1178
1179 /*
1180 * First function called whenever there is data to be written to
1181 * the client socket. Will delegate actual work according to whether
1182 * SASL SSF layers are enabled (thus requiring encryption calls)
1183 */
1184 static void vnc_client_write_locked(void *opaque)
1185 {
1186 VncState *vs = opaque;
1187
1188 #ifdef CONFIG_VNC_SASL
1189 if (vs->sasl.conn &&
1190 vs->sasl.runSSF &&
1191 !vs->sasl.waitWriteSSF) {
1192 vnc_client_write_sasl(vs);
1193 } else
1194 #endif /* CONFIG_VNC_SASL */
1195 vnc_client_write_plain(vs);
1196 }
1197
1198 void vnc_client_write(void *opaque)
1199 {
1200 VncState *vs = opaque;
1201
1202 vnc_lock_output(vs);
1203 if (vs->output.offset) {
1204 vnc_client_write_locked(opaque);
1205 } else if (vs->csock != -1) {
1206 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1207 }
1208 vnc_unlock_output(vs);
1209 }
1210
1211 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1212 {
1213 vs->read_handler = func;
1214 vs->read_handler_expect = expecting;
1215 }
1216
1217
1218 /*
1219 * Called to read a chunk of data from the client socket. The data may
1220 * be the raw data, or may need to be further decoded by SASL.
1221 * The data will be read either straight from to the socket, or
1222 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1223 *
1224 * NB, it is theoretically possible to have 2 layers of encryption,
1225 * both SASL, and this TLS layer. It is highly unlikely in practice
1226 * though, since SASL encryption will typically be a no-op if TLS
1227 * is active
1228 *
1229 * Returns the number of bytes read, which may be less than
1230 * the requested 'datalen' if the socket would block. Returns
1231 * -1 on error, and disconnects the client socket.
1232 */
1233 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1234 {
1235 long ret;
1236 #ifdef CONFIG_VNC_TLS
1237 if (vs->tls.session) {
1238 ret = gnutls_read(vs->tls.session, data, datalen);
1239 if (ret < 0) {
1240 if (ret == GNUTLS_E_AGAIN)
1241 errno = EAGAIN;
1242 else
1243 errno = EIO;
1244 ret = -1;
1245 }
1246 } else
1247 #endif /* CONFIG_VNC_TLS */
1248 ret = qemu_recv(vs->csock, data, datalen, 0);
1249 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1250 return vnc_client_io_error(vs, ret, socket_error());
1251 }
1252
1253
1254 /*
1255 * Called to read data from the client socket to the input buffer,
1256 * when not using any SASL SSF encryption layers. Will read as much
1257 * data as possible without blocking.
1258 *
1259 * Returns the number of bytes read. Returns -1 on error, and
1260 * disconnects the client socket.
1261 */
1262 static long vnc_client_read_plain(VncState *vs)
1263 {
1264 int ret;
1265 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1266 vs->input.buffer, vs->input.capacity, vs->input.offset);
1267 buffer_reserve(&vs->input, 4096);
1268 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1269 if (!ret)
1270 return 0;
1271 vs->input.offset += ret;
1272 return ret;
1273 }
1274
1275 static void vnc_jobs_bh(void *opaque)
1276 {
1277 VncState *vs = opaque;
1278
1279 vnc_jobs_consume_buffer(vs);
1280 }
1281
1282 /*
1283 * First function called whenever there is more data to be read from
1284 * the client socket. Will delegate actual work according to whether
1285 * SASL SSF layers are enabled (thus requiring decryption calls)
1286 */
1287 void vnc_client_read(void *opaque)
1288 {
1289 VncState *vs = opaque;
1290 long ret;
1291
1292 #ifdef CONFIG_VNC_SASL
1293 if (vs->sasl.conn && vs->sasl.runSSF)
1294 ret = vnc_client_read_sasl(vs);
1295 else
1296 #endif /* CONFIG_VNC_SASL */
1297 ret = vnc_client_read_plain(vs);
1298 if (!ret) {
1299 if (vs->csock == -1)
1300 vnc_disconnect_finish(vs);
1301 return;
1302 }
1303
1304 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1305 size_t len = vs->read_handler_expect;
1306 int ret;
1307
1308 ret = vs->read_handler(vs, vs->input.buffer, len);
1309 if (vs->csock == -1) {
1310 vnc_disconnect_finish(vs);
1311 return;
1312 }
1313
1314 if (!ret) {
1315 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1316 vs->input.offset -= len;
1317 } else {
1318 vs->read_handler_expect = ret;
1319 }
1320 }
1321 }
1322
1323 void vnc_write(VncState *vs, const void *data, size_t len)
1324 {
1325 buffer_reserve(&vs->output, len);
1326
1327 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1328 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1329 }
1330
1331 buffer_append(&vs->output, data, len);
1332 }
1333
1334 void vnc_write_s32(VncState *vs, int32_t value)
1335 {
1336 vnc_write_u32(vs, *(uint32_t *)&value);
1337 }
1338
1339 void vnc_write_u32(VncState *vs, uint32_t value)
1340 {
1341 uint8_t buf[4];
1342
1343 buf[0] = (value >> 24) & 0xFF;
1344 buf[1] = (value >> 16) & 0xFF;
1345 buf[2] = (value >> 8) & 0xFF;
1346 buf[3] = value & 0xFF;
1347
1348 vnc_write(vs, buf, 4);
1349 }
1350
1351 void vnc_write_u16(VncState *vs, uint16_t value)
1352 {
1353 uint8_t buf[2];
1354
1355 buf[0] = (value >> 8) & 0xFF;
1356 buf[1] = value & 0xFF;
1357
1358 vnc_write(vs, buf, 2);
1359 }
1360
1361 void vnc_write_u8(VncState *vs, uint8_t value)
1362 {
1363 vnc_write(vs, (char *)&value, 1);
1364 }
1365
1366 void vnc_flush(VncState *vs)
1367 {
1368 vnc_lock_output(vs);
1369 if (vs->csock != -1 && vs->output.offset) {
1370 vnc_client_write_locked(vs);
1371 }
1372 vnc_unlock_output(vs);
1373 }
1374
1375 uint8_t read_u8(uint8_t *data, size_t offset)
1376 {
1377 return data[offset];
1378 }
1379
1380 uint16_t read_u16(uint8_t *data, size_t offset)
1381 {
1382 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1383 }
1384
1385 int32_t read_s32(uint8_t *data, size_t offset)
1386 {
1387 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1388 (data[offset + 2] << 8) | data[offset + 3]);
1389 }
1390
1391 uint32_t read_u32(uint8_t *data, size_t offset)
1392 {
1393 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1394 (data[offset + 2] << 8) | data[offset + 3]);
1395 }
1396
1397 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1398 {
1399 }
1400
1401 static void check_pointer_type_change(Notifier *notifier, void *data)
1402 {
1403 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1404 int absolute = kbd_mouse_is_absolute();
1405
1406 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1407 vnc_lock_output(vs);
1408 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1409 vnc_write_u8(vs, 0);
1410 vnc_write_u16(vs, 1);
1411 vnc_framebuffer_update(vs, absolute, 0,
1412 ds_get_width(vs->ds), ds_get_height(vs->ds),
1413 VNC_ENCODING_POINTER_TYPE_CHANGE);
1414 vnc_unlock_output(vs);
1415 vnc_flush(vs);
1416 }
1417 vs->absolute = absolute;
1418 }
1419
1420 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1421 {
1422 int buttons = 0;
1423 int dz = 0;
1424
1425 if (button_mask & 0x01)
1426 buttons |= MOUSE_EVENT_LBUTTON;
1427 if (button_mask & 0x02)
1428 buttons |= MOUSE_EVENT_MBUTTON;
1429 if (button_mask & 0x04)
1430 buttons |= MOUSE_EVENT_RBUTTON;
1431 if (button_mask & 0x08)
1432 dz = -1;
1433 if (button_mask & 0x10)
1434 dz = 1;
1435
1436 if (vs->absolute) {
1437 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1438 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1439 ds_get_height(vs->ds) > 1 ?
1440 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1441 dz, buttons);
1442 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1443 x -= 0x7FFF;
1444 y -= 0x7FFF;
1445
1446 kbd_mouse_event(x, y, dz, buttons);
1447 } else {
1448 if (vs->last_x != -1)
1449 kbd_mouse_event(x - vs->last_x,
1450 y - vs->last_y,
1451 dz, buttons);
1452 vs->last_x = x;
1453 vs->last_y = y;
1454 }
1455 }
1456
1457 static void reset_keys(VncState *vs)
1458 {
1459 int i;
1460 for(i = 0; i < 256; i++) {
1461 if (vs->modifiers_state[i]) {
1462 if (i & SCANCODE_GREY)
1463 kbd_put_keycode(SCANCODE_EMUL0);
1464 kbd_put_keycode(i | SCANCODE_UP);
1465 vs->modifiers_state[i] = 0;
1466 }
1467 }
1468 }
1469
1470 static void press_key(VncState *vs, int keysym)
1471 {
1472 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1473 if (keycode & SCANCODE_GREY)
1474 kbd_put_keycode(SCANCODE_EMUL0);
1475 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1476 if (keycode & SCANCODE_GREY)
1477 kbd_put_keycode(SCANCODE_EMUL0);
1478 kbd_put_keycode(keycode | SCANCODE_UP);
1479 }
1480
1481 static void kbd_leds(void *opaque, int ledstate)
1482 {
1483 VncState *vs = opaque;
1484 int caps, num;
1485
1486 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1487 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1488
1489 if (vs->modifiers_state[0x3a] != caps) {
1490 vs->modifiers_state[0x3a] = caps;
1491 }
1492 if (vs->modifiers_state[0x45] != num) {
1493 vs->modifiers_state[0x45] = num;
1494 }
1495 }
1496
1497 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1498 {
1499 /* QEMU console switch */
1500 switch(keycode) {
1501 case 0x2a: /* Left Shift */
1502 case 0x36: /* Right Shift */
1503 case 0x1d: /* Left CTRL */
1504 case 0x9d: /* Right CTRL */
1505 case 0x38: /* Left ALT */
1506 case 0xb8: /* Right ALT */
1507 if (down)
1508 vs->modifiers_state[keycode] = 1;
1509 else
1510 vs->modifiers_state[keycode] = 0;
1511 break;
1512 case 0x02 ... 0x0a: /* '1' to '9' keys */
1513 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1514 /* Reset the modifiers sent to the current console */
1515 reset_keys(vs);
1516 console_select(keycode - 0x02);
1517 return;
1518 }
1519 break;
1520 case 0x3a: /* CapsLock */
1521 case 0x45: /* NumLock */
1522 if (down)
1523 vs->modifiers_state[keycode] ^= 1;
1524 break;
1525 }
1526
1527 if (down && vs->vd->lock_key_sync &&
1528 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1529 /* If the numlock state needs to change then simulate an additional
1530 keypress before sending this one. This will happen if the user
1531 toggles numlock away from the VNC window.
1532 */
1533 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1534 if (!vs->modifiers_state[0x45]) {
1535 vs->modifiers_state[0x45] = 1;
1536 press_key(vs, 0xff7f);
1537 }
1538 } else {
1539 if (vs->modifiers_state[0x45]) {
1540 vs->modifiers_state[0x45] = 0;
1541 press_key(vs, 0xff7f);
1542 }
1543 }
1544 }
1545
1546 if (down && vs->vd->lock_key_sync &&
1547 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1548 /* If the capslock state needs to change then simulate an additional
1549 keypress before sending this one. This will happen if the user
1550 toggles capslock away from the VNC window.
1551 */
1552 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1553 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1554 int capslock = !!(vs->modifiers_state[0x3a]);
1555 if (capslock) {
1556 if (uppercase == shift) {
1557 vs->modifiers_state[0x3a] = 0;
1558 press_key(vs, 0xffe5);
1559 }
1560 } else {
1561 if (uppercase != shift) {
1562 vs->modifiers_state[0x3a] = 1;
1563 press_key(vs, 0xffe5);
1564 }
1565 }
1566 }
1567
1568 if (is_graphic_console()) {
1569 if (keycode & SCANCODE_GREY)
1570 kbd_put_keycode(SCANCODE_EMUL0);
1571 if (down)
1572 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1573 else
1574 kbd_put_keycode(keycode | SCANCODE_UP);
1575 } else {
1576 bool numlock = vs->modifiers_state[0x45];
1577 bool control = (vs->modifiers_state[0x1d] ||
1578 vs->modifiers_state[0x9d]);
1579 /* QEMU console emulation */
1580 if (down) {
1581 switch (keycode) {
1582 case 0x2a: /* Left Shift */
1583 case 0x36: /* Right Shift */
1584 case 0x1d: /* Left CTRL */
1585 case 0x9d: /* Right CTRL */
1586 case 0x38: /* Left ALT */
1587 case 0xb8: /* Right ALT */
1588 break;
1589 case 0xc8:
1590 kbd_put_keysym(QEMU_KEY_UP);
1591 break;
1592 case 0xd0:
1593 kbd_put_keysym(QEMU_KEY_DOWN);
1594 break;
1595 case 0xcb:
1596 kbd_put_keysym(QEMU_KEY_LEFT);
1597 break;
1598 case 0xcd:
1599 kbd_put_keysym(QEMU_KEY_RIGHT);
1600 break;
1601 case 0xd3:
1602 kbd_put_keysym(QEMU_KEY_DELETE);
1603 break;
1604 case 0xc7:
1605 kbd_put_keysym(QEMU_KEY_HOME);
1606 break;
1607 case 0xcf:
1608 kbd_put_keysym(QEMU_KEY_END);
1609 break;
1610 case 0xc9:
1611 kbd_put_keysym(QEMU_KEY_PAGEUP);
1612 break;
1613 case 0xd1:
1614 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1615 break;
1616
1617 case 0x47:
1618 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1619 break;
1620 case 0x48:
1621 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1622 break;
1623 case 0x49:
1624 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1625 break;
1626 case 0x4b:
1627 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1628 break;
1629 case 0x4c:
1630 kbd_put_keysym('5');
1631 break;
1632 case 0x4d:
1633 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1634 break;
1635 case 0x4f:
1636 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1637 break;
1638 case 0x50:
1639 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1640 break;
1641 case 0x51:
1642 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1643 break;
1644 case 0x52:
1645 kbd_put_keysym('0');
1646 break;
1647 case 0x53:
1648 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1649 break;
1650
1651 case 0xb5:
1652 kbd_put_keysym('/');
1653 break;
1654 case 0x37:
1655 kbd_put_keysym('*');
1656 break;
1657 case 0x4a:
1658 kbd_put_keysym('-');
1659 break;
1660 case 0x4e:
1661 kbd_put_keysym('+');
1662 break;
1663 case 0x9c:
1664 kbd_put_keysym('\n');
1665 break;
1666
1667 default:
1668 if (control) {
1669 kbd_put_keysym(sym & 0x1f);
1670 } else {
1671 kbd_put_keysym(sym);
1672 }
1673 break;
1674 }
1675 }
1676 }
1677 }
1678
1679 static void vnc_release_modifiers(VncState *vs)
1680 {
1681 static const int keycodes[] = {
1682 /* shift, control, alt keys, both left & right */
1683 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1684 };
1685 int i, keycode;
1686
1687 if (!is_graphic_console()) {
1688 return;
1689 }
1690 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1691 keycode = keycodes[i];
1692 if (!vs->modifiers_state[keycode]) {
1693 continue;
1694 }
1695 if (keycode & SCANCODE_GREY) {
1696 kbd_put_keycode(SCANCODE_EMUL0);
1697 }
1698 kbd_put_keycode(keycode | SCANCODE_UP);
1699 }
1700 }
1701
1702 static void key_event(VncState *vs, int down, uint32_t sym)
1703 {
1704 int keycode;
1705 int lsym = sym;
1706
1707 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1708 lsym = lsym - 'A' + 'a';
1709 }
1710
1711 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1712 do_key_event(vs, down, keycode, sym);
1713 }
1714
1715 static void ext_key_event(VncState *vs, int down,
1716 uint32_t sym, uint16_t keycode)
1717 {
1718 /* if the user specifies a keyboard layout, always use it */
1719 if (keyboard_layout)
1720 key_event(vs, down, sym);
1721 else
1722 do_key_event(vs, down, keycode, sym);
1723 }
1724
1725 static void framebuffer_update_request(VncState *vs, int incremental,
1726 int x_position, int y_position,
1727 int w, int h)
1728 {
1729 int i;
1730 const size_t width = ds_get_width(vs->ds) / 16;
1731
1732 if (y_position > ds_get_height(vs->ds))
1733 y_position = ds_get_height(vs->ds);
1734 if (y_position + h >= ds_get_height(vs->ds))
1735 h = ds_get_height(vs->ds) - y_position;
1736
1737 vs->need_update = 1;
1738 if (!incremental) {
1739 vs->force_update = 1;
1740 for (i = 0; i < h; i++) {
1741 bitmap_set(vs->dirty[y_position + i], 0, width);
1742 bitmap_clear(vs->dirty[y_position + i], width,
1743 VNC_DIRTY_BITS - width);
1744 }
1745 }
1746 }
1747
1748 static void send_ext_key_event_ack(VncState *vs)
1749 {
1750 vnc_lock_output(vs);
1751 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1752 vnc_write_u8(vs, 0);
1753 vnc_write_u16(vs, 1);
1754 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1755 VNC_ENCODING_EXT_KEY_EVENT);
1756 vnc_unlock_output(vs);
1757 vnc_flush(vs);
1758 }
1759
1760 static void send_ext_audio_ack(VncState *vs)
1761 {
1762 vnc_lock_output(vs);
1763 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1764 vnc_write_u8(vs, 0);
1765 vnc_write_u16(vs, 1);
1766 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1767 VNC_ENCODING_AUDIO);
1768 vnc_unlock_output(vs);
1769 vnc_flush(vs);
1770 }
1771
1772 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1773 {
1774 int i;
1775 unsigned int enc = 0;
1776
1777 vs->features = 0;
1778 vs->vnc_encoding = 0;
1779 vs->tight.compression = 9;
1780 vs->tight.quality = -1; /* Lossless by default */
1781 vs->absolute = -1;
1782
1783 /*
1784 * Start from the end because the encodings are sent in order of preference.
1785 * This way the preferred encoding (first encoding defined in the array)
1786 * will be set at the end of the loop.
1787 */
1788 for (i = n_encodings - 1; i >= 0; i--) {
1789 enc = encodings[i];
1790 switch (enc) {
1791 case VNC_ENCODING_RAW:
1792 vs->vnc_encoding = enc;
1793 break;
1794 case VNC_ENCODING_COPYRECT:
1795 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1796 break;
1797 case VNC_ENCODING_HEXTILE:
1798 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1799 vs->vnc_encoding = enc;
1800 break;
1801 case VNC_ENCODING_TIGHT:
1802 vs->features |= VNC_FEATURE_TIGHT_MASK;
1803 vs->vnc_encoding = enc;
1804 break;
1805 case VNC_ENCODING_TIGHT_PNG:
1806 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1807 vs->vnc_encoding = enc;
1808 break;
1809 case VNC_ENCODING_ZLIB:
1810 vs->features |= VNC_FEATURE_ZLIB_MASK;
1811 vs->vnc_encoding = enc;
1812 break;
1813 case VNC_ENCODING_ZRLE:
1814 vs->features |= VNC_FEATURE_ZRLE_MASK;
1815 vs->vnc_encoding = enc;
1816 break;
1817 case VNC_ENCODING_ZYWRLE:
1818 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1819 vs->vnc_encoding = enc;
1820 break;
1821 case VNC_ENCODING_DESKTOPRESIZE:
1822 vs->features |= VNC_FEATURE_RESIZE_MASK;
1823 break;
1824 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1825 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1826 break;
1827 case VNC_ENCODING_RICH_CURSOR:
1828 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1829 break;
1830 case VNC_ENCODING_EXT_KEY_EVENT:
1831 send_ext_key_event_ack(vs);
1832 break;
1833 case VNC_ENCODING_AUDIO:
1834 send_ext_audio_ack(vs);
1835 break;
1836 case VNC_ENCODING_WMVi:
1837 vs->features |= VNC_FEATURE_WMVI_MASK;
1838 break;
1839 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1840 vs->tight.compression = (enc & 0x0F);
1841 break;
1842 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1843 if (vs->vd->lossy) {
1844 vs->tight.quality = (enc & 0x0F);
1845 }
1846 break;
1847 default:
1848 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1849 break;
1850 }
1851 }
1852 vnc_desktop_resize(vs);
1853 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1854 }
1855
1856 static void set_pixel_conversion(VncState *vs)
1857 {
1858 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1859 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1860 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1861 vs->write_pixels = vnc_write_pixels_copy;
1862 vnc_hextile_set_pixel_conversion(vs, 0);
1863 } else {
1864 vs->write_pixels = vnc_write_pixels_generic;
1865 vnc_hextile_set_pixel_conversion(vs, 1);
1866 }
1867 }
1868
1869 static void set_pixel_format(VncState *vs,
1870 int bits_per_pixel, int depth,
1871 int big_endian_flag, int true_color_flag,
1872 int red_max, int green_max, int blue_max,
1873 int red_shift, int green_shift, int blue_shift)
1874 {
1875 if (!true_color_flag) {
1876 vnc_client_error(vs);
1877 return;
1878 }
1879
1880 vs->clientds = *(vs->vd->guest.ds);
1881 vs->clientds.pf.rmax = red_max;
1882 vs->clientds.pf.rbits = hweight_long(red_max);
1883 vs->clientds.pf.rshift = red_shift;
1884 vs->clientds.pf.rmask = red_max << red_shift;
1885 vs->clientds.pf.gmax = green_max;
1886 vs->clientds.pf.gbits = hweight_long(green_max);
1887 vs->clientds.pf.gshift = green_shift;
1888 vs->clientds.pf.gmask = green_max << green_shift;
1889 vs->clientds.pf.bmax = blue_max;
1890 vs->clientds.pf.bbits = hweight_long(blue_max);
1891 vs->clientds.pf.bshift = blue_shift;
1892 vs->clientds.pf.bmask = blue_max << blue_shift;
1893 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1894 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1895 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1896 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1897
1898 set_pixel_conversion(vs);
1899
1900 vga_hw_invalidate();
1901 vga_hw_update();
1902 }
1903
1904 static void pixel_format_message (VncState *vs) {
1905 char pad[3] = { 0, 0, 0 };
1906
1907 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1908 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1909
1910 #ifdef HOST_WORDS_BIGENDIAN
1911 vnc_write_u8(vs, 1); /* big-endian-flag */
1912 #else
1913 vnc_write_u8(vs, 0); /* big-endian-flag */
1914 #endif
1915 vnc_write_u8(vs, 1); /* true-color-flag */
1916 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1917 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1918 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1919 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1920 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1921 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1922
1923 vnc_hextile_set_pixel_conversion(vs, 0);
1924
1925 vs->clientds = *(vs->ds->surface);
1926 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1927 vs->write_pixels = vnc_write_pixels_copy;
1928
1929 vnc_write(vs, pad, 3); /* padding */
1930 }
1931
1932 static void vnc_dpy_setdata(DisplayState *ds)
1933 {
1934 VncDisplay *vd = ds->opaque;
1935
1936 *(vd->guest.ds) = *(ds->surface);
1937 vnc_dpy_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds));
1938 }
1939
1940 static void vnc_colordepth(VncState *vs)
1941 {
1942 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1943 /* Sending a WMVi message to notify the client*/
1944 vnc_lock_output(vs);
1945 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1946 vnc_write_u8(vs, 0);
1947 vnc_write_u16(vs, 1); /* number of rects */
1948 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1949 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1950 pixel_format_message(vs);
1951 vnc_unlock_output(vs);
1952 vnc_flush(vs);
1953 } else {
1954 set_pixel_conversion(vs);
1955 }
1956 }
1957
1958 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1959 {
1960 int i;
1961 uint16_t limit;
1962 VncDisplay *vd = vs->vd;
1963
1964 if (data[0] > 3) {
1965 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1966 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
1967 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
1968 }
1969
1970 switch (data[0]) {
1971 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1972 if (len == 1)
1973 return 20;
1974
1975 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1976 read_u8(data, 6), read_u8(data, 7),
1977 read_u16(data, 8), read_u16(data, 10),
1978 read_u16(data, 12), read_u8(data, 14),
1979 read_u8(data, 15), read_u8(data, 16));
1980 break;
1981 case VNC_MSG_CLIENT_SET_ENCODINGS:
1982 if (len == 1)
1983 return 4;
1984
1985 if (len == 4) {
1986 limit = read_u16(data, 2);
1987 if (limit > 0)
1988 return 4 + (limit * 4);
1989 } else
1990 limit = read_u16(data, 2);
1991
1992 for (i = 0; i < limit; i++) {
1993 int32_t val = read_s32(data, 4 + (i * 4));
1994 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1995 }
1996
1997 set_encodings(vs, (int32_t *)(data + 4), limit);
1998 break;
1999 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2000 if (len == 1)
2001 return 10;
2002
2003 framebuffer_update_request(vs,
2004 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2005 read_u16(data, 6), read_u16(data, 8));
2006 break;
2007 case VNC_MSG_CLIENT_KEY_EVENT:
2008 if (len == 1)
2009 return 8;
2010
2011 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2012 break;
2013 case VNC_MSG_CLIENT_POINTER_EVENT:
2014 if (len == 1)
2015 return 6;
2016
2017 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2018 break;
2019 case VNC_MSG_CLIENT_CUT_TEXT:
2020 if (len == 1)
2021 return 8;
2022
2023 if (len == 8) {
2024 uint32_t dlen = read_u32(data, 4);
2025 if (dlen > 0)
2026 return 8 + dlen;
2027 }
2028
2029 client_cut_text(vs, read_u32(data, 4), data + 8);
2030 break;
2031 case VNC_MSG_CLIENT_QEMU:
2032 if (len == 1)
2033 return 2;
2034
2035 switch (read_u8(data, 1)) {
2036 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2037 if (len == 2)
2038 return 12;
2039
2040 ext_key_event(vs, read_u16(data, 2),
2041 read_u32(data, 4), read_u32(data, 8));
2042 break;
2043 case VNC_MSG_CLIENT_QEMU_AUDIO:
2044 if (len == 2)
2045 return 4;
2046
2047 switch (read_u16 (data, 2)) {
2048 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2049 audio_add(vs);
2050 break;
2051 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2052 audio_del(vs);
2053 break;
2054 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2055 if (len == 4)
2056 return 10;
2057 switch (read_u8(data, 4)) {
2058 case 0: vs->as.fmt = AUD_FMT_U8; break;
2059 case 1: vs->as.fmt = AUD_FMT_S8; break;
2060 case 2: vs->as.fmt = AUD_FMT_U16; break;
2061 case 3: vs->as.fmt = AUD_FMT_S16; break;
2062 case 4: vs->as.fmt = AUD_FMT_U32; break;
2063 case 5: vs->as.fmt = AUD_FMT_S32; break;
2064 default:
2065 printf("Invalid audio format %d\n", read_u8(data, 4));
2066 vnc_client_error(vs);
2067 break;
2068 }
2069 vs->as.nchannels = read_u8(data, 5);
2070 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2071 printf("Invalid audio channel coount %d\n",
2072 read_u8(data, 5));
2073 vnc_client_error(vs);
2074 break;
2075 }
2076 vs->as.freq = read_u32(data, 6);
2077 break;
2078 default:
2079 printf ("Invalid audio message %d\n", read_u8(data, 4));
2080 vnc_client_error(vs);
2081 break;
2082 }
2083 break;
2084
2085 default:
2086 printf("Msg: %d\n", read_u16(data, 0));
2087 vnc_client_error(vs);
2088 break;
2089 }
2090 break;
2091 default:
2092 printf("Msg: %d\n", data[0]);
2093 vnc_client_error(vs);
2094 break;
2095 }
2096
2097 vnc_read_when(vs, protocol_client_msg, 1);
2098 return 0;
2099 }
2100
2101 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2102 {
2103 char buf[1024];
2104 VncShareMode mode;
2105 int size;
2106
2107 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2108 switch (vs->vd->share_policy) {
2109 case VNC_SHARE_POLICY_IGNORE:
2110 /*
2111 * Ignore the shared flag. Nothing to do here.
2112 *
2113 * Doesn't conform to the rfb spec but is traditional qemu
2114 * behavior, thus left here as option for compatibility
2115 * reasons.
2116 */
2117 break;
2118 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2119 /*
2120 * Policy: Allow clients ask for exclusive access.
2121 *
2122 * Implementation: When a client asks for exclusive access,
2123 * disconnect all others. Shared connects are allowed as long
2124 * as no exclusive connection exists.
2125 *
2126 * This is how the rfb spec suggests to handle the shared flag.
2127 */
2128 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2129 VncState *client;
2130 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2131 if (vs == client) {
2132 continue;
2133 }
2134 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2135 client->share_mode != VNC_SHARE_MODE_SHARED) {
2136 continue;
2137 }
2138 vnc_disconnect_start(client);
2139 }
2140 }
2141 if (mode == VNC_SHARE_MODE_SHARED) {
2142 if (vs->vd->num_exclusive > 0) {
2143 vnc_disconnect_start(vs);
2144 return 0;
2145 }
2146 }
2147 break;
2148 case VNC_SHARE_POLICY_FORCE_SHARED:
2149 /*
2150 * Policy: Shared connects only.
2151 * Implementation: Disallow clients asking for exclusive access.
2152 *
2153 * Useful for shared desktop sessions where you don't want
2154 * someone forgetting to say -shared when running the vnc
2155 * client disconnect everybody else.
2156 */
2157 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2158 vnc_disconnect_start(vs);
2159 return 0;
2160 }
2161 break;
2162 }
2163 vnc_set_share_mode(vs, mode);
2164
2165 vs->client_width = ds_get_width(vs->ds);
2166 vs->client_height = ds_get_height(vs->ds);
2167 vnc_write_u16(vs, vs->client_width);
2168 vnc_write_u16(vs, vs->client_height);
2169
2170 pixel_format_message(vs);
2171
2172 if (qemu_name)
2173 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2174 else
2175 size = snprintf(buf, sizeof(buf), "QEMU");
2176
2177 vnc_write_u32(vs, size);
2178 vnc_write(vs, buf, size);
2179 vnc_flush(vs);
2180
2181 vnc_client_cache_auth(vs);
2182 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2183
2184 vnc_read_when(vs, protocol_client_msg, 1);
2185
2186 return 0;
2187 }
2188
2189 void start_client_init(VncState *vs)
2190 {
2191 vnc_read_when(vs, protocol_client_init, 1);
2192 }
2193
2194 static void make_challenge(VncState *vs)
2195 {
2196 int i;
2197
2198 srand(time(NULL)+getpid()+getpid()*987654+rand());
2199
2200 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2201 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2202 }
2203
2204 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2205 {
2206 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2207 int i, j, pwlen;
2208 unsigned char key[8];
2209 time_t now = time(NULL);
2210
2211 if (!vs->vd->password) {
2212 VNC_DEBUG("No password configured on server");
2213 goto reject;
2214 }
2215 if (vs->vd->expires < now) {
2216 VNC_DEBUG("Password is expired");
2217 goto reject;
2218 }
2219
2220 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2221
2222 /* Calculate the expected challenge response */
2223 pwlen = strlen(vs->vd->password);
2224 for (i=0; i<sizeof(key); i++)
2225 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2226 deskey(key, EN0);
2227 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2228 des(response+j, response+j);
2229
2230 /* Compare expected vs actual challenge response */
2231 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2232 VNC_DEBUG("Client challenge response did not match\n");
2233 goto reject;
2234 } else {
2235 VNC_DEBUG("Accepting VNC challenge response\n");
2236 vnc_write_u32(vs, 0); /* Accept auth */
2237 vnc_flush(vs);
2238
2239 start_client_init(vs);
2240 }
2241 return 0;
2242
2243 reject:
2244 vnc_write_u32(vs, 1); /* Reject auth */
2245 if (vs->minor >= 8) {
2246 static const char err[] = "Authentication failed";
2247 vnc_write_u32(vs, sizeof(err));
2248 vnc_write(vs, err, sizeof(err));
2249 }
2250 vnc_flush(vs);
2251 vnc_client_error(vs);
2252 return 0;
2253 }
2254
2255 void start_auth_vnc(VncState *vs)
2256 {
2257 make_challenge(vs);
2258 /* Send client a 'random' challenge */
2259 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2260 vnc_flush(vs);
2261
2262 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2263 }
2264
2265
2266 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2267 {
2268 /* We only advertise 1 auth scheme at a time, so client
2269 * must pick the one we sent. Verify this */
2270 if (data[0] != vs->auth) { /* Reject auth */
2271 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2272 vnc_write_u32(vs, 1);
2273 if (vs->minor >= 8) {
2274 static const char err[] = "Authentication failed";
2275 vnc_write_u32(vs, sizeof(err));
2276 vnc_write(vs, err, sizeof(err));
2277 }
2278 vnc_client_error(vs);
2279 } else { /* Accept requested auth */
2280 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2281 switch (vs->auth) {
2282 case VNC_AUTH_NONE:
2283 VNC_DEBUG("Accept auth none\n");
2284 if (vs->minor >= 8) {
2285 vnc_write_u32(vs, 0); /* Accept auth completion */
2286 vnc_flush(vs);
2287 }
2288 start_client_init(vs);
2289 break;
2290
2291 case VNC_AUTH_VNC:
2292 VNC_DEBUG("Start VNC auth\n");
2293 start_auth_vnc(vs);
2294 break;
2295
2296 #ifdef CONFIG_VNC_TLS
2297 case VNC_AUTH_VENCRYPT:
2298 VNC_DEBUG("Accept VeNCrypt auth\n");
2299 start_auth_vencrypt(vs);
2300 break;
2301 #endif /* CONFIG_VNC_TLS */
2302
2303 #ifdef CONFIG_VNC_SASL
2304 case VNC_AUTH_SASL:
2305 VNC_DEBUG("Accept SASL auth\n");
2306 start_auth_sasl(vs);
2307 break;
2308 #endif /* CONFIG_VNC_SASL */
2309
2310 default: /* Should not be possible, but just in case */
2311 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2312 vnc_write_u8(vs, 1);
2313 if (vs->minor >= 8) {
2314 static const char err[] = "Authentication failed";
2315 vnc_write_u32(vs, sizeof(err));
2316 vnc_write(vs, err, sizeof(err));
2317 }
2318 vnc_client_error(vs);
2319 }
2320 }
2321 return 0;
2322 }
2323
2324 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2325 {
2326 char local[13];
2327
2328 memcpy(local, version, 12);
2329 local[12] = 0;
2330
2331 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2332 VNC_DEBUG("Malformed protocol version %s\n", local);
2333 vnc_client_error(vs);
2334 return 0;
2335 }
2336 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2337 if (vs->major != 3 ||
2338 (vs->minor != 3 &&
2339 vs->minor != 4 &&
2340 vs->minor != 5 &&
2341 vs->minor != 7 &&
2342 vs->minor != 8)) {
2343 VNC_DEBUG("Unsupported client version\n");
2344 vnc_write_u32(vs, VNC_AUTH_INVALID);
2345 vnc_flush(vs);
2346 vnc_client_error(vs);
2347 return 0;
2348 }
2349 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2350 * as equivalent to v3.3 by servers
2351 */
2352 if (vs->minor == 4 || vs->minor == 5)
2353 vs->minor = 3;
2354
2355 if (vs->minor == 3) {
2356 if (vs->auth == VNC_AUTH_NONE) {
2357 VNC_DEBUG("Tell client auth none\n");
2358 vnc_write_u32(vs, vs->auth);
2359 vnc_flush(vs);
2360 start_client_init(vs);
2361 } else if (vs->auth == VNC_AUTH_VNC) {
2362 VNC_DEBUG("Tell client VNC auth\n");
2363 vnc_write_u32(vs, vs->auth);
2364 vnc_flush(vs);
2365 start_auth_vnc(vs);
2366 } else {
2367 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2368 vnc_write_u32(vs, VNC_AUTH_INVALID);
2369 vnc_flush(vs);
2370 vnc_client_error(vs);
2371 }
2372 } else {
2373 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2374 vnc_write_u8(vs, 1); /* num auth */
2375 vnc_write_u8(vs, vs->auth);
2376 vnc_read_when(vs, protocol_client_auth, 1);
2377 vnc_flush(vs);
2378 }
2379
2380 return 0;
2381 }
2382
2383 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2384 {
2385 struct VncSurface *vs = &vd->guest;
2386
2387 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2388 }
2389
2390 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2391 {
2392 int i, j;
2393
2394 w = (x + w) / VNC_STAT_RECT;
2395 h = (y + h) / VNC_STAT_RECT;
2396 x /= VNC_STAT_RECT;
2397 y /= VNC_STAT_RECT;
2398
2399 for (j = y; j <= h; j++) {
2400 for (i = x; i <= w; i++) {
2401 vs->lossy_rect[j][i] = 1;
2402 }
2403 }
2404 }
2405
2406 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2407 {
2408 VncState *vs;
2409 int sty = y / VNC_STAT_RECT;
2410 int stx = x / VNC_STAT_RECT;
2411 int has_dirty = 0;
2412
2413 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2414 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2415
2416 QTAILQ_FOREACH(vs, &vd->clients, next) {
2417 int j;
2418
2419 /* kernel send buffers are full -> refresh later */
2420 if (vs->output.offset) {
2421 continue;
2422 }
2423
2424 if (!vs->lossy_rect[sty][stx]) {
2425 continue;
2426 }
2427
2428 vs->lossy_rect[sty][stx] = 0;
2429 for (j = 0; j < VNC_STAT_RECT; ++j) {
2430 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2431 }
2432 has_dirty++;
2433 }
2434
2435 return has_dirty;
2436 }
2437
2438 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2439 {
2440 int x, y;
2441 struct timeval res;
2442 int has_dirty = 0;
2443
2444 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2445 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2446 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2447
2448 rect->updated = false;
2449 }
2450 }
2451
2452 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2453
2454 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2455 return has_dirty;
2456 }
2457 vd->guest.last_freq_check = *tv;
2458
2459 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2460 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2461 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2462 int count = ARRAY_SIZE(rect->times);
2463 struct timeval min, max;
2464
2465 if (!timerisset(&rect->times[count - 1])) {
2466 continue ;
2467 }
2468
2469 max = rect->times[(rect->idx + count - 1) % count];
2470 qemu_timersub(tv, &max, &res);
2471
2472 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2473 rect->freq = 0;
2474 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2475 memset(rect->times, 0, sizeof (rect->times));
2476 continue ;
2477 }
2478
2479 min = rect->times[rect->idx];
2480 max = rect->times[(rect->idx + count - 1) % count];
2481 qemu_timersub(&max, &min, &res);
2482
2483 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2484 rect->freq /= count;
2485 rect->freq = 1. / rect->freq;
2486 }
2487 }
2488 return has_dirty;
2489 }
2490
2491 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2492 {
2493 int i, j;
2494 double total = 0;
2495 int num = 0;
2496
2497 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2498 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2499
2500 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2501 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2502 total += vnc_stat_rect(vs->vd, i, j)->freq;
2503 num++;
2504 }
2505 }
2506
2507 if (num) {
2508 return total / num;
2509 } else {
2510 return 0;
2511 }
2512 }
2513
2514 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2515 {
2516 VncRectStat *rect;
2517
2518 rect = vnc_stat_rect(vd, x, y);
2519 if (rect->updated) {
2520 return ;
2521 }
2522 rect->times[rect->idx] = *tv;
2523 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2524 rect->updated = true;
2525 }
2526
2527 static int vnc_refresh_server_surface(VncDisplay *vd)
2528 {
2529 int y;
2530 uint8_t *guest_row;
2531 uint8_t *server_row;
2532 int cmp_bytes;
2533 VncState *vs;
2534 int has_dirty = 0;
2535
2536 struct timeval tv = { 0, 0 };
2537
2538 if (!vd->non_adaptive) {
2539 gettimeofday(&tv, NULL);
2540 has_dirty = vnc_update_stats(vd, &tv);
2541 }
2542
2543 /*
2544 * Walk through the guest dirty map.
2545 * Check and copy modified bits from guest to server surface.
2546 * Update server dirty map.
2547 */
2548 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2549 if (cmp_bytes > vd->ds->surface->linesize) {
2550 cmp_bytes = vd->ds->surface->linesize;
2551 }
2552 guest_row = vd->guest.ds->data;
2553 server_row = vd->server->data;
2554 for (y = 0; y < vd->guest.ds->height; y++) {
2555 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2556 int x;
2557 uint8_t *guest_ptr;
2558 uint8_t *server_ptr;
2559
2560 guest_ptr = guest_row;
2561 server_ptr = server_row;
2562
2563 for (x = 0; x + 15 < vd->guest.ds->width;
2564 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2565 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2566 continue;
2567 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2568 continue;
2569 memcpy(server_ptr, guest_ptr, cmp_bytes);
2570 if (!vd->non_adaptive)
2571 vnc_rect_updated(vd, x, y, &tv);
2572 QTAILQ_FOREACH(vs, &vd->clients, next) {
2573 set_bit((x / 16), vs->dirty[y]);
2574 }
2575 has_dirty++;
2576 }
2577 }
2578 guest_row += ds_get_linesize(vd->ds);
2579 server_row += ds_get_linesize(vd->ds);
2580 }
2581 return has_dirty;
2582 }
2583
2584 static void vnc_refresh(void *opaque)
2585 {
2586 VncDisplay *vd = opaque;
2587 VncState *vs, *vn;
2588 int has_dirty, rects = 0;
2589
2590 vga_hw_update();
2591
2592 if (vnc_trylock_display(vd)) {
2593 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2594 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2595 vd->timer_interval);
2596 return;
2597 }
2598
2599 has_dirty = vnc_refresh_server_surface(vd);
2600 vnc_unlock_display(vd);
2601
2602 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2603 rects += vnc_update_client(vs, has_dirty);
2604 /* vs might be free()ed here */
2605 }
2606
2607 /* vd->timer could be NULL now if the last client disconnected,
2608 * in this case don't update the timer */
2609 if (vd->timer == NULL)
2610 return;
2611
2612 if (has_dirty && rects) {
2613 vd->timer_interval /= 2;
2614 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2615 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2616 } else {
2617 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2618 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2619 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2620 }
2621 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2622 }
2623
2624 static void vnc_init_timer(VncDisplay *vd)
2625 {
2626 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2627 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2628 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2629 vnc_dpy_resize(vd->ds);
2630 vnc_refresh(vd);
2631 }
2632 }
2633
2634 static void vnc_remove_timer(VncDisplay *vd)
2635 {
2636 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2637 qemu_del_timer(vd->timer);
2638 qemu_free_timer(vd->timer);
2639 vd->timer = NULL;
2640 }
2641 }
2642
2643 static void vnc_connect(VncDisplay *vd, int csock, int skipauth)
2644 {
2645 VncState *vs = g_malloc0(sizeof(VncState));
2646 int i;
2647
2648 vs->csock = csock;
2649
2650 if (skipauth) {
2651 vs->auth = VNC_AUTH_NONE;
2652 #ifdef CONFIG_VNC_TLS
2653 vs->subauth = VNC_AUTH_INVALID;
2654 #endif
2655 } else {
2656 vs->auth = vd->auth;
2657 #ifdef CONFIG_VNC_TLS
2658 vs->subauth = vd->subauth;
2659 #endif
2660 }
2661
2662 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2663 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2664 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2665 }
2666
2667 VNC_DEBUG("New client on socket %d\n", csock);
2668 dcl->idle = 0;
2669 socket_set_nonblock(vs->csock);
2670 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2671
2672 vnc_client_cache_addr(vs);
2673 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2674 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2675
2676 vs->vd = vd;
2677 vs->ds = vd->ds;
2678 vs->last_x = -1;
2679 vs->last_y = -1;
2680
2681 vs->as.freq = 44100;
2682 vs->as.nchannels = 2;
2683 vs->as.fmt = AUD_FMT_S16;
2684 vs->as.endianness = 0;
2685
2686 qemu_mutex_init(&vs->output_mutex);
2687 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2688
2689 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2690
2691 vga_hw_update();
2692
2693 vnc_write(vs, "RFB 003.008\n", 12);
2694 vnc_flush(vs);
2695 vnc_read_when(vs, protocol_version, 12);
2696 reset_keys(vs);
2697 if (vs->vd->lock_key_sync)
2698 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2699
2700 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2701 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2702
2703 vnc_init_timer(vd);
2704
2705 /* vs might be free()ed here */
2706 }
2707
2708 static void vnc_listen_read(void *opaque)
2709 {
2710 VncDisplay *vs = opaque;
2711 struct sockaddr_in addr;
2712 socklen_t addrlen = sizeof(addr);
2713
2714 /* Catch-up */
2715 vga_hw_update();
2716
2717 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2718 if (csock != -1) {
2719 vnc_connect(vs, csock, 0);
2720 }
2721 }
2722
2723 void vnc_display_init(DisplayState *ds)
2724 {
2725 VncDisplay *vs = g_malloc0(sizeof(*vs));
2726
2727 dcl = g_malloc0(sizeof(DisplayChangeListener));
2728
2729 ds->opaque = vs;
2730 dcl->idle = 1;
2731 vnc_display = vs;
2732
2733 vs->lsock = -1;
2734
2735 vs->ds = ds;
2736 QTAILQ_INIT(&vs->clients);
2737 vs->expires = TIME_MAX;
2738
2739 if (keyboard_layout)
2740 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2741 else
2742 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2743
2744 if (!vs->kbd_layout)
2745 exit(1);
2746
2747 qemu_mutex_init(&vs->mutex);
2748 vnc_start_worker_thread();
2749
2750 dcl->dpy_copy = vnc_dpy_copy;
2751 dcl->dpy_update = vnc_dpy_update;
2752 dcl->dpy_resize = vnc_dpy_resize;
2753 dcl->dpy_setdata = vnc_dpy_setdata;
2754 register_displaychangelistener(ds, dcl);
2755 ds->mouse_set = vnc_mouse_set;
2756 ds->cursor_define = vnc_dpy_cursor_define;
2757 }
2758
2759
2760 void vnc_display_close(DisplayState *ds)
2761 {
2762 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2763
2764 if (!vs)
2765 return;
2766 if (vs->display) {
2767 g_free(vs->display);
2768 vs->display = NULL;
2769 }
2770 if (vs->lsock != -1) {
2771 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2772 close(vs->lsock);
2773 vs->lsock = -1;
2774 }
2775 vs->auth = VNC_AUTH_INVALID;
2776 #ifdef CONFIG_VNC_TLS
2777 vs->subauth = VNC_AUTH_INVALID;
2778 vs->tls.x509verify = 0;
2779 #endif
2780 }
2781
2782 int vnc_display_disable_login(DisplayState *ds)
2783 {
2784 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2785
2786 if (!vs) {
2787 return -1;
2788 }
2789
2790 if (vs->password) {
2791 g_free(vs->password);
2792 }
2793
2794 vs->password = NULL;
2795 if (vs->auth == VNC_AUTH_NONE) {
2796 vs->auth = VNC_AUTH_VNC;
2797 }
2798
2799 return 0;
2800 }
2801
2802 int vnc_display_password(DisplayState *ds, const char *password)
2803 {
2804 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2805
2806 if (!vs) {
2807 return -EINVAL;
2808 }
2809
2810 if (!password) {
2811 /* This is not the intention of this interface but err on the side
2812 of being safe */
2813 return vnc_display_disable_login(ds);
2814 }
2815
2816 if (vs->password) {
2817 g_free(vs->password);
2818 vs->password = NULL;
2819 }
2820 vs->password = g_strdup(password);
2821 if (vs->auth == VNC_AUTH_NONE) {
2822 vs->auth = VNC_AUTH_VNC;
2823 }
2824
2825 return 0;
2826 }
2827
2828 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2829 {
2830 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2831
2832 if (!vs) {
2833 return -EINVAL;
2834 }
2835
2836 vs->expires = expires;
2837 return 0;
2838 }
2839
2840 char *vnc_display_local_addr(DisplayState *ds)
2841 {
2842 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2843
2844 return vnc_socket_local_addr("%s:%s", vs->lsock);
2845 }
2846
2847 int vnc_display_open(DisplayState *ds, const char *display)
2848 {
2849 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2850 const char *options;
2851 int password = 0;
2852 int reverse = 0;
2853 #ifdef CONFIG_VNC_TLS
2854 int tls = 0, x509 = 0;
2855 #endif
2856 #ifdef CONFIG_VNC_SASL
2857 int sasl = 0;
2858 int saslErr;
2859 #endif
2860 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2861 int acl = 0;
2862 #endif
2863 int lock_key_sync = 1;
2864
2865 if (!vnc_display)
2866 return -1;
2867 vnc_display_close(ds);
2868 if (strcmp(display, "none") == 0)
2869 return 0;
2870
2871 if (!(vs->display = strdup(display)))
2872 return -1;
2873 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2874
2875 options = display;
2876 while ((options = strchr(options, ','))) {
2877 options++;
2878 if (strncmp(options, "password", 8) == 0) {
2879 if (fips_get_state()) {
2880 fprintf(stderr,
2881 "VNC password auth disabled due to FIPS mode, "
2882 "consider using the VeNCrypt or SASL authentication "
2883 "methods as an alternative\n");
2884 g_free(vs->display);
2885 vs->display = NULL;
2886 return -1;
2887 }
2888 password = 1; /* Require password auth */
2889 } else if (strncmp(options, "reverse", 7) == 0) {
2890 reverse = 1;
2891 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
2892 lock_key_sync = 0;
2893 #ifdef CONFIG_VNC_SASL
2894 } else if (strncmp(options, "sasl", 4) == 0) {
2895 sasl = 1; /* Require SASL auth */
2896 #endif
2897 #ifdef CONFIG_VNC_TLS
2898 } else if (strncmp(options, "tls", 3) == 0) {
2899 tls = 1; /* Require TLS */
2900 } else if (strncmp(options, "x509", 4) == 0) {
2901 char *start, *end;
2902 x509 = 1; /* Require x509 certificates */
2903 if (strncmp(options, "x509verify", 10) == 0)
2904 vs->tls.x509verify = 1; /* ...and verify client certs */
2905
2906 /* Now check for 'x509=/some/path' postfix
2907 * and use that to setup x509 certificate/key paths */
2908 start = strchr(options, '=');
2909 end = strchr(options, ',');
2910 if (start && (!end || (start < end))) {
2911 int len = end ? end-(start+1) : strlen(start+1);
2912 char *path = g_strndup(start + 1, len);
2913
2914 VNC_DEBUG("Trying certificate path '%s'\n", path);
2915 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2916 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2917 g_free(path);
2918 g_free(vs->display);
2919 vs->display = NULL;
2920 return -1;
2921 }
2922 g_free(path);
2923 } else {
2924 fprintf(stderr, "No certificate path provided\n");
2925 g_free(vs->display);
2926 vs->display = NULL;
2927 return -1;
2928 }
2929 #endif
2930 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2931 } else if (strncmp(options, "acl", 3) == 0) {
2932 acl = 1;
2933 #endif
2934 } else if (strncmp(options, "lossy", 5) == 0) {
2935 vs->lossy = true;
2936 } else if (strncmp(options, "non-adapative", 13) == 0) {
2937 vs->non_adaptive = true;
2938 } else if (strncmp(options, "share=", 6) == 0) {
2939 if (strncmp(options+6, "ignore", 6) == 0) {
2940 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
2941 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
2942 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2943 } else if (strncmp(options+6, "force-shared", 12) == 0) {
2944 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
2945 } else {
2946 fprintf(stderr, "unknown vnc share= option\n");
2947 g_free(vs->display);
2948 vs->display = NULL;
2949 return -1;
2950 }
2951 }
2952 }
2953
2954 #ifdef CONFIG_VNC_TLS
2955 if (acl && x509 && vs->tls.x509verify) {
2956 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2957 fprintf(stderr, "Failed to create x509 dname ACL\n");
2958 exit(1);
2959 }
2960 }
2961 #endif
2962 #ifdef CONFIG_VNC_SASL
2963 if (acl && sasl) {
2964 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2965 fprintf(stderr, "Failed to create username ACL\n");
2966 exit(1);
2967 }
2968 }
2969 #endif
2970
2971 /*
2972 * Combinations we support here:
2973 *
2974 * - no-auth (clear text, no auth)
2975 * - password (clear text, weak auth)
2976 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2977 * - tls (encrypt, weak anonymous creds, no auth)
2978 * - tls + password (encrypt, weak anonymous creds, weak auth)
2979 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2980 * - tls + x509 (encrypt, good x509 creds, no auth)
2981 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2982 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2983 *
2984 * NB1. TLS is a stackable auth scheme.
2985 * NB2. the x509 schemes have option to validate a client cert dname
2986 */
2987 if (password) {
2988 #ifdef CONFIG_VNC_TLS
2989 if (tls) {
2990 vs->auth = VNC_AUTH_VENCRYPT;
2991 if (x509) {
2992 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2993 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2994 } else {
2995 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2996 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2997 }
2998 } else {
2999 #endif /* CONFIG_VNC_TLS */
3000 VNC_DEBUG("Initializing VNC server with password auth\n");
3001 vs->auth = VNC_AUTH_VNC;
3002 #ifdef CONFIG_VNC_TLS
3003 vs->subauth = VNC_AUTH_INVALID;
3004 }
3005 #endif /* CONFIG_VNC_TLS */
3006 #ifdef CONFIG_VNC_SASL
3007 } else if (sasl) {
3008 #ifdef CONFIG_VNC_TLS
3009 if (tls) {
3010 vs->auth = VNC_AUTH_VENCRYPT;
3011 if (x509) {
3012 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3013 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3014 } else {
3015 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3016 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3017 }
3018 } else {
3019 #endif /* CONFIG_VNC_TLS */
3020 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3021 vs->auth = VNC_AUTH_SASL;
3022 #ifdef CONFIG_VNC_TLS
3023 vs->subauth = VNC_AUTH_INVALID;
3024 }
3025 #endif /* CONFIG_VNC_TLS */
3026 #endif /* CONFIG_VNC_SASL */
3027 } else {
3028 #ifdef CONFIG_VNC_TLS
3029 if (tls) {
3030 vs->auth = VNC_AUTH_VENCRYPT;
3031 if (x509) {
3032 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3033 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3034 } else {
3035 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3036 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3037 }
3038 } else {
3039 #endif
3040 VNC_DEBUG("Initializing VNC server with no auth\n");
3041 vs->auth = VNC_AUTH_NONE;
3042 #ifdef CONFIG_VNC_TLS
3043 vs->subauth = VNC_AUTH_INVALID;
3044 }
3045 #endif
3046 }
3047
3048 #ifdef CONFIG_VNC_SASL
3049 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3050 fprintf(stderr, "Failed to initialize SASL auth %s",
3051 sasl_errstring(saslErr, NULL, NULL));
3052 g_free(vs->display);
3053 vs->display = NULL;
3054 return -1;
3055 }
3056 #endif
3057 vs->lock_key_sync = lock_key_sync;
3058
3059 if (reverse) {
3060 /* connect to viewer */
3061 if (strncmp(display, "unix:", 5) == 0)
3062 vs->lsock = unix_connect(display+5);
3063 else
3064 vs->lsock = inet_connect(display, true, NULL);
3065 if (-1 == vs->lsock) {
3066 g_free(vs->display);
3067 vs->display = NULL;
3068 return -1;
3069 } else {
3070 int csock = vs->lsock;
3071 vs->lsock = -1;
3072 vnc_connect(vs, csock, 0);
3073 }
3074 return 0;
3075
3076 } else {
3077 /* listen for connects */
3078 char *dpy;
3079 dpy = g_malloc(256);
3080 if (strncmp(display, "unix:", 5) == 0) {
3081 pstrcpy(dpy, 256, "unix:");
3082 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
3083 } else {
3084 vs->lsock = inet_listen(display, dpy, 256,
3085 SOCK_STREAM, 5900, NULL);
3086 }
3087 if (-1 == vs->lsock) {
3088 g_free(dpy);
3089 return -1;
3090 } else {
3091 g_free(vs->display);
3092 vs->display = dpy;
3093 }
3094 }
3095 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
3096 }
3097
3098 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3099 {
3100 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
3101
3102 vnc_connect(vs, csock, skipauth);
3103 }
Qemu copy for testing