]> git.proxmox.com Git - qemu.git/blob - ui/vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vnc: Add ZRLE and ZYWRLE encodings.
[qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "vnc-jobs.h"
29 #include "sysemu.h"
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
32 #include "acl.h"
33 #include "qemu-objects.h"
34
35 #define VNC_REFRESH_INTERVAL_BASE 30
36 #define VNC_REFRESH_INTERVAL_INC 50
37 #define VNC_REFRESH_INTERVAL_MAX 2000
38 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
39 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
40
41 #include "vnc_keysym.h"
42 #include "d3des.h"
43
44 #define count_bits(c, v) { \
45 for (c = 0; v; v >>= 1) \
46 { \
47 c += v & 1; \
48 } \
49 }
50
51 static VncDisplay *vnc_display; /* needed for info vnc */
52 static DisplayChangeListener *dcl;
53
54 static int vnc_cursor_define(VncState *vs);
55
56 static char *addr_to_string(const char *format,
57 struct sockaddr_storage *sa,
58 socklen_t salen) {
59 char *addr;
60 char host[NI_MAXHOST];
61 char serv[NI_MAXSERV];
62 int err;
63 size_t addrlen;
64
65 if ((err = getnameinfo((struct sockaddr *)sa, salen,
66 host, sizeof(host),
67 serv, sizeof(serv),
68 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
69 VNC_DEBUG("Cannot resolve address %d: %s\n",
70 err, gai_strerror(err));
71 return NULL;
72 }
73
74 /* Enough for the existing format + the 2 vars we're
75 * substituting in. */
76 addrlen = strlen(format) + strlen(host) + strlen(serv);
77 addr = qemu_malloc(addrlen + 1);
78 snprintf(addr, addrlen, format, host, serv);
79 addr[addrlen] = '\0';
80
81 return addr;
82 }
83
84
85 char *vnc_socket_local_addr(const char *format, int fd) {
86 struct sockaddr_storage sa;
87 socklen_t salen;
88
89 salen = sizeof(sa);
90 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
91 return NULL;
92
93 return addr_to_string(format, &sa, salen);
94 }
95
96 char *vnc_socket_remote_addr(const char *format, int fd) {
97 struct sockaddr_storage sa;
98 socklen_t salen;
99
100 salen = sizeof(sa);
101 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
102 return NULL;
103
104 return addr_to_string(format, &sa, salen);
105 }
106
107 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
108 socklen_t salen)
109 {
110 char host[NI_MAXHOST];
111 char serv[NI_MAXSERV];
112 int err;
113
114 if ((err = getnameinfo((struct sockaddr *)sa, salen,
115 host, sizeof(host),
116 serv, sizeof(serv),
117 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
118 VNC_DEBUG("Cannot resolve address %d: %s\n",
119 err, gai_strerror(err));
120 return -1;
121 }
122
123 qdict_put(qdict, "host", qstring_from_str(host));
124 qdict_put(qdict, "service", qstring_from_str(serv));
125 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
126
127 return 0;
128 }
129
130 static int vnc_server_addr_put(QDict *qdict, int fd)
131 {
132 struct sockaddr_storage sa;
133 socklen_t salen;
134
135 salen = sizeof(sa);
136 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
137 return -1;
138 }
139
140 return put_addr_qdict(qdict, &sa, salen);
141 }
142
143 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
144 {
145 struct sockaddr_storage sa;
146 socklen_t salen;
147
148 salen = sizeof(sa);
149 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
150 return -1;
151 }
152
153 return put_addr_qdict(qdict, &sa, salen);
154 }
155
156 static const char *vnc_auth_name(VncDisplay *vd) {
157 switch (vd->auth) {
158 case VNC_AUTH_INVALID:
159 return "invalid";
160 case VNC_AUTH_NONE:
161 return "none";
162 case VNC_AUTH_VNC:
163 return "vnc";
164 case VNC_AUTH_RA2:
165 return "ra2";
166 case VNC_AUTH_RA2NE:
167 return "ra2ne";
168 case VNC_AUTH_TIGHT:
169 return "tight";
170 case VNC_AUTH_ULTRA:
171 return "ultra";
172 case VNC_AUTH_TLS:
173 return "tls";
174 case VNC_AUTH_VENCRYPT:
175 #ifdef CONFIG_VNC_TLS
176 switch (vd->subauth) {
177 case VNC_AUTH_VENCRYPT_PLAIN:
178 return "vencrypt+plain";
179 case VNC_AUTH_VENCRYPT_TLSNONE:
180 return "vencrypt+tls+none";
181 case VNC_AUTH_VENCRYPT_TLSVNC:
182 return "vencrypt+tls+vnc";
183 case VNC_AUTH_VENCRYPT_TLSPLAIN:
184 return "vencrypt+tls+plain";
185 case VNC_AUTH_VENCRYPT_X509NONE:
186 return "vencrypt+x509+none";
187 case VNC_AUTH_VENCRYPT_X509VNC:
188 return "vencrypt+x509+vnc";
189 case VNC_AUTH_VENCRYPT_X509PLAIN:
190 return "vencrypt+x509+plain";
191 case VNC_AUTH_VENCRYPT_TLSSASL:
192 return "vencrypt+tls+sasl";
193 case VNC_AUTH_VENCRYPT_X509SASL:
194 return "vencrypt+x509+sasl";
195 default:
196 return "vencrypt";
197 }
198 #else
199 return "vencrypt";
200 #endif
201 case VNC_AUTH_SASL:
202 return "sasl";
203 }
204 return "unknown";
205 }
206
207 static int vnc_server_info_put(QDict *qdict)
208 {
209 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
210 return -1;
211 }
212
213 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
214 return 0;
215 }
216
217 static void vnc_client_cache_auth(VncState *client)
218 {
219 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
220 QDict *qdict;
221 #endif
222
223 if (!client->info) {
224 return;
225 }
226
227 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
228 qdict = qobject_to_qdict(client->info);
229 #endif
230
231 #ifdef CONFIG_VNC_TLS
232 if (client->tls.session &&
233 client->tls.dname) {
234 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
235 }
236 #endif
237 #ifdef CONFIG_VNC_SASL
238 if (client->sasl.conn &&
239 client->sasl.username) {
240 qdict_put(qdict, "sasl_username",
241 qstring_from_str(client->sasl.username));
242 }
243 #endif
244 }
245
246 static void vnc_client_cache_addr(VncState *client)
247 {
248 QDict *qdict;
249
250 qdict = qdict_new();
251 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
252 QDECREF(qdict);
253 /* XXX: how to report the error? */
254 return;
255 }
256
257 client->info = QOBJECT(qdict);
258 }
259
260 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
261 {
262 QDict *server;
263 QObject *data;
264
265 if (!vs->info) {
266 return;
267 }
268
269 server = qdict_new();
270 if (vnc_server_info_put(server) < 0) {
271 QDECREF(server);
272 return;
273 }
274
275 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
276 vs->info, QOBJECT(server));
277
278 monitor_protocol_event(event, data);
279
280 qobject_incref(vs->info);
281 qobject_decref(data);
282 }
283
284 static void info_vnc_iter(QObject *obj, void *opaque)
285 {
286 QDict *client;
287 Monitor *mon = opaque;
288
289 client = qobject_to_qdict(obj);
290 monitor_printf(mon, "Client:\n");
291 monitor_printf(mon, " address: %s:%s\n",
292 qdict_get_str(client, "host"),
293 qdict_get_str(client, "service"));
294
295 #ifdef CONFIG_VNC_TLS
296 monitor_printf(mon, " x509_dname: %s\n",
297 qdict_haskey(client, "x509_dname") ?
298 qdict_get_str(client, "x509_dname") : "none");
299 #endif
300 #ifdef CONFIG_VNC_SASL
301 monitor_printf(mon, " username: %s\n",
302 qdict_haskey(client, "sasl_username") ?
303 qdict_get_str(client, "sasl_username") : "none");
304 #endif
305 }
306
307 void do_info_vnc_print(Monitor *mon, const QObject *data)
308 {
309 QDict *server;
310 QList *clients;
311
312 server = qobject_to_qdict(data);
313 if (qdict_get_bool(server, "enabled") == 0) {
314 monitor_printf(mon, "Server: disabled\n");
315 return;
316 }
317
318 monitor_printf(mon, "Server:\n");
319 monitor_printf(mon, " address: %s:%s\n",
320 qdict_get_str(server, "host"),
321 qdict_get_str(server, "service"));
322 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
323
324 clients = qdict_get_qlist(server, "clients");
325 if (qlist_empty(clients)) {
326 monitor_printf(mon, "Client: none\n");
327 } else {
328 qlist_iter(clients, info_vnc_iter, mon);
329 }
330 }
331
332 void do_info_vnc(Monitor *mon, QObject **ret_data)
333 {
334 if (vnc_display == NULL || vnc_display->display == NULL) {
335 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
336 } else {
337 QList *clist;
338 VncState *client;
339
340 clist = qlist_new();
341 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
342 if (client->info) {
343 /* incref so that it's not freed by upper layers */
344 qobject_incref(client->info);
345 qlist_append_obj(clist, client->info);
346 }
347 }
348
349 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
350 QOBJECT(clist));
351 assert(*ret_data != NULL);
352
353 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
354 qobject_decref(*ret_data);
355 *ret_data = NULL;
356 }
357 }
358 }
359
360 /* TODO
361 1) Get the queue working for IO.
362 2) there is some weirdness when using the -S option (the screen is grey
363 and not totally invalidated
364 3) resolutions > 1024
365 */
366
367 static int vnc_update_client(VncState *vs, int has_dirty);
368 static int vnc_update_client_sync(VncState *vs, int has_dirty);
369 static void vnc_disconnect_start(VncState *vs);
370 static void vnc_disconnect_finish(VncState *vs);
371 static void vnc_init_timer(VncDisplay *vd);
372 static void vnc_remove_timer(VncDisplay *vd);
373
374 static void vnc_colordepth(VncState *vs);
375 static void framebuffer_update_request(VncState *vs, int incremental,
376 int x_position, int y_position,
377 int w, int h);
378 static void vnc_refresh(void *opaque);
379 static int vnc_refresh_server_surface(VncDisplay *vd);
380
381 static inline void vnc_set_bit(uint32_t *d, int k)
382 {
383 d[k >> 5] |= 1 << (k & 0x1f);
384 }
385
386 static inline void vnc_clear_bit(uint32_t *d, int k)
387 {
388 d[k >> 5] &= ~(1 << (k & 0x1f));
389 }
390
391 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
392 {
393 int j;
394
395 j = 0;
396 while (n >= 32) {
397 d[j++] = -1;
398 n -= 32;
399 }
400 if (n > 0)
401 d[j++] = (1 << n) - 1;
402 while (j < nb_words)
403 d[j++] = 0;
404 }
405
406 static inline int vnc_get_bit(const uint32_t *d, int k)
407 {
408 return (d[k >> 5] >> (k & 0x1f)) & 1;
409 }
410
411 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
412 int nb_words)
413 {
414 int i;
415 for(i = 0; i < nb_words; i++) {
416 if ((d1[i] & d2[i]) != 0)
417 return 1;
418 }
419 return 0;
420 }
421
422 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
423 {
424 int i;
425 VncDisplay *vd = ds->opaque;
426 struct VncSurface *s = &vd->guest;
427
428 h += y;
429
430 /* round x down to ensure the loop only spans one 16-pixel block per,
431 iteration. otherwise, if (x % 16) != 0, the last iteration may span
432 two 16-pixel blocks but we only mark the first as dirty
433 */
434 w += (x % 16);
435 x -= (x % 16);
436
437 x = MIN(x, s->ds->width);
438 y = MIN(y, s->ds->height);
439 w = MIN(x + w, s->ds->width) - x;
440 h = MIN(h, s->ds->height);
441
442 for (; y < h; y++)
443 for (i = 0; i < w; i += 16)
444 vnc_set_bit(s->dirty[y], (x + i) / 16);
445 }
446
447 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
448 int32_t encoding)
449 {
450 vnc_write_u16(vs, x);
451 vnc_write_u16(vs, y);
452 vnc_write_u16(vs, w);
453 vnc_write_u16(vs, h);
454
455 vnc_write_s32(vs, encoding);
456 }
457
458 void buffer_reserve(Buffer *buffer, size_t len)
459 {
460 if ((buffer->capacity - buffer->offset) < len) {
461 buffer->capacity += (len + 1024);
462 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
463 if (buffer->buffer == NULL) {
464 fprintf(stderr, "vnc: out of memory\n");
465 exit(1);
466 }
467 }
468 }
469
470 int buffer_empty(Buffer *buffer)
471 {
472 return buffer->offset == 0;
473 }
474
475 uint8_t *buffer_end(Buffer *buffer)
476 {
477 return buffer->buffer + buffer->offset;
478 }
479
480 void buffer_reset(Buffer *buffer)
481 {
482 buffer->offset = 0;
483 }
484
485 void buffer_free(Buffer *buffer)
486 {
487 qemu_free(buffer->buffer);
488 buffer->offset = 0;
489 buffer->capacity = 0;
490 buffer->buffer = NULL;
491 }
492
493 void buffer_append(Buffer *buffer, const void *data, size_t len)
494 {
495 memcpy(buffer->buffer + buffer->offset, data, len);
496 buffer->offset += len;
497 }
498
499 static void vnc_desktop_resize(VncState *vs)
500 {
501 DisplayState *ds = vs->ds;
502
503 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
504 return;
505 }
506 if (vs->client_width == ds_get_width(ds) &&
507 vs->client_height == ds_get_height(ds)) {
508 return;
509 }
510 vs->client_width = ds_get_width(ds);
511 vs->client_height = ds_get_height(ds);
512 vnc_lock_output(vs);
513 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
514 vnc_write_u8(vs, 0);
515 vnc_write_u16(vs, 1); /* number of rects */
516 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
517 VNC_ENCODING_DESKTOPRESIZE);
518 vnc_unlock_output(vs);
519 vnc_flush(vs);
520 }
521
522 #ifdef CONFIG_VNC_THREAD
523 static void vnc_abort_display_jobs(VncDisplay *vd)
524 {
525 VncState *vs;
526
527 QTAILQ_FOREACH(vs, &vd->clients, next) {
528 vnc_lock_output(vs);
529 vs->abort = true;
530 vnc_unlock_output(vs);
531 }
532 QTAILQ_FOREACH(vs, &vd->clients, next) {
533 vnc_jobs_join(vs);
534 }
535 QTAILQ_FOREACH(vs, &vd->clients, next) {
536 vnc_lock_output(vs);
537 vs->abort = false;
538 vnc_unlock_output(vs);
539 }
540 }
541 #else
542 static void vnc_abort_display_jobs(VncDisplay *vd)
543 {
544 }
545 #endif
546
547 static void vnc_dpy_resize(DisplayState *ds)
548 {
549 VncDisplay *vd = ds->opaque;
550 VncState *vs;
551
552 vnc_abort_display_jobs(vd);
553
554 /* server surface */
555 if (!vd->server)
556 vd->server = qemu_mallocz(sizeof(*vd->server));
557 if (vd->server->data)
558 qemu_free(vd->server->data);
559 *(vd->server) = *(ds->surface);
560 vd->server->data = qemu_mallocz(vd->server->linesize *
561 vd->server->height);
562
563 /* guest surface */
564 if (!vd->guest.ds)
565 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
566 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
567 console_color_init(ds);
568 *(vd->guest.ds) = *(ds->surface);
569 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
570
571 QTAILQ_FOREACH(vs, &vd->clients, next) {
572 vnc_colordepth(vs);
573 vnc_desktop_resize(vs);
574 if (vs->vd->cursor) {
575 vnc_cursor_define(vs);
576 }
577 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
578 }
579 }
580
581 /* fastest code */
582 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
583 void *pixels, int size)
584 {
585 vnc_write(vs, pixels, size);
586 }
587
588 /* slowest but generic code. */
589 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
590 {
591 uint8_t r, g, b;
592 VncDisplay *vd = vs->vd;
593
594 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
595 vd->server->pf.rbits);
596 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
597 vd->server->pf.gbits);
598 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
599 vd->server->pf.bbits);
600 v = (r << vs->clientds.pf.rshift) |
601 (g << vs->clientds.pf.gshift) |
602 (b << vs->clientds.pf.bshift);
603 switch(vs->clientds.pf.bytes_per_pixel) {
604 case 1:
605 buf[0] = v;
606 break;
607 case 2:
608 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
609 buf[0] = v >> 8;
610 buf[1] = v;
611 } else {
612 buf[1] = v >> 8;
613 buf[0] = v;
614 }
615 break;
616 default:
617 case 4:
618 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
619 buf[0] = v >> 24;
620 buf[1] = v >> 16;
621 buf[2] = v >> 8;
622 buf[3] = v;
623 } else {
624 buf[3] = v >> 24;
625 buf[2] = v >> 16;
626 buf[1] = v >> 8;
627 buf[0] = v;
628 }
629 break;
630 }
631 }
632
633 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
634 void *pixels1, int size)
635 {
636 uint8_t buf[4];
637
638 if (pf->bytes_per_pixel == 4) {
639 uint32_t *pixels = pixels1;
640 int n, i;
641 n = size >> 2;
642 for(i = 0; i < n; i++) {
643 vnc_convert_pixel(vs, buf, pixels[i]);
644 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
645 }
646 } else if (pf->bytes_per_pixel == 2) {
647 uint16_t *pixels = pixels1;
648 int n, i;
649 n = size >> 1;
650 for(i = 0; i < n; i++) {
651 vnc_convert_pixel(vs, buf, pixels[i]);
652 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
653 }
654 } else if (pf->bytes_per_pixel == 1) {
655 uint8_t *pixels = pixels1;
656 int n, i;
657 n = size;
658 for(i = 0; i < n; i++) {
659 vnc_convert_pixel(vs, buf, pixels[i]);
660 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
661 }
662 } else {
663 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
664 }
665 }
666
667 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
668 {
669 int i;
670 uint8_t *row;
671 VncDisplay *vd = vs->vd;
672
673 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
674 for (i = 0; i < h; i++) {
675 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
676 row += ds_get_linesize(vs->ds);
677 }
678 return 1;
679 }
680
681 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
682 {
683 int n = 0;
684
685 switch(vs->vnc_encoding) {
686 case VNC_ENCODING_ZLIB:
687 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
688 break;
689 case VNC_ENCODING_HEXTILE:
690 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
691 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
692 break;
693 case VNC_ENCODING_TIGHT:
694 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
695 break;
696 case VNC_ENCODING_TIGHT_PNG:
697 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
698 break;
699 case VNC_ENCODING_ZRLE:
700 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
701 break;
702 case VNC_ENCODING_ZYWRLE:
703 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
704 break;
705 default:
706 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
707 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
708 break;
709 }
710 return n;
711 }
712
713 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
714 {
715 /* send bitblit op to the vnc client */
716 vnc_lock_output(vs);
717 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
718 vnc_write_u8(vs, 0);
719 vnc_write_u16(vs, 1); /* number of rects */
720 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
721 vnc_write_u16(vs, src_x);
722 vnc_write_u16(vs, src_y);
723 vnc_unlock_output(vs);
724 vnc_flush(vs);
725 }
726
727 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
728 {
729 VncDisplay *vd = ds->opaque;
730 VncState *vs, *vn;
731 uint8_t *src_row;
732 uint8_t *dst_row;
733 int i,x,y,pitch,depth,inc,w_lim,s;
734 int cmp_bytes;
735
736 vnc_refresh_server_surface(vd);
737 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
738 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
739 vs->force_update = 1;
740 vnc_update_client_sync(vs, 1);
741 /* vs might be free()ed here */
742 }
743 }
744
745 /* do bitblit op on the local surface too */
746 pitch = ds_get_linesize(vd->ds);
747 depth = ds_get_bytes_per_pixel(vd->ds);
748 src_row = vd->server->data + pitch * src_y + depth * src_x;
749 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
750 y = dst_y;
751 inc = 1;
752 if (dst_y > src_y) {
753 /* copy backwards */
754 src_row += pitch * (h-1);
755 dst_row += pitch * (h-1);
756 pitch = -pitch;
757 y = dst_y + h - 1;
758 inc = -1;
759 }
760 w_lim = w - (16 - (dst_x % 16));
761 if (w_lim < 0)
762 w_lim = w;
763 else
764 w_lim = w - (w_lim % 16);
765 for (i = 0; i < h; i++) {
766 for (x = 0; x <= w_lim;
767 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
768 if (x == w_lim) {
769 if ((s = w - w_lim) == 0)
770 break;
771 } else if (!x) {
772 s = (16 - (dst_x % 16));
773 s = MIN(s, w_lim);
774 } else {
775 s = 16;
776 }
777 cmp_bytes = s * depth;
778 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
779 continue;
780 memmove(dst_row, src_row, cmp_bytes);
781 QTAILQ_FOREACH(vs, &vd->clients, next) {
782 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
783 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
784 }
785 }
786 }
787 src_row += pitch - w * depth;
788 dst_row += pitch - w * depth;
789 y += inc;
790 }
791
792 QTAILQ_FOREACH(vs, &vd->clients, next) {
793 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
794 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
795 }
796 }
797 }
798
799 static void vnc_mouse_set(int x, int y, int visible)
800 {
801 /* can we ask the client(s) to move the pointer ??? */
802 }
803
804 static int vnc_cursor_define(VncState *vs)
805 {
806 QEMUCursor *c = vs->vd->cursor;
807 PixelFormat pf = qemu_default_pixelformat(32);
808 int isize;
809
810 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
811 vnc_lock_output(vs);
812 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
813 vnc_write_u8(vs, 0); /* padding */
814 vnc_write_u16(vs, 1); /* # of rects */
815 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
816 VNC_ENCODING_RICH_CURSOR);
817 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
818 vnc_write_pixels_generic(vs, &pf, c->data, isize);
819 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
820 vnc_unlock_output(vs);
821 return 0;
822 }
823 return -1;
824 }
825
826 static void vnc_dpy_cursor_define(QEMUCursor *c)
827 {
828 VncDisplay *vd = vnc_display;
829 VncState *vs;
830
831 cursor_put(vd->cursor);
832 qemu_free(vd->cursor_mask);
833
834 vd->cursor = c;
835 cursor_get(vd->cursor);
836 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
837 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
838 cursor_get_mono_mask(c, 0, vd->cursor_mask);
839
840 QTAILQ_FOREACH(vs, &vd->clients, next) {
841 vnc_cursor_define(vs);
842 }
843 }
844
845 static int find_and_clear_dirty_height(struct VncState *vs,
846 int y, int last_x, int x)
847 {
848 int h;
849 VncDisplay *vd = vs->vd;
850
851 for (h = 1; h < (vd->server->height - y); h++) {
852 int tmp_x;
853 if (!vnc_get_bit(vs->dirty[y + h], last_x))
854 break;
855 for (tmp_x = last_x; tmp_x < x; tmp_x++)
856 vnc_clear_bit(vs->dirty[y + h], tmp_x);
857 }
858
859 return h;
860 }
861
862 #ifdef CONFIG_VNC_THREAD
863 static int vnc_update_client_sync(VncState *vs, int has_dirty)
864 {
865 int ret = vnc_update_client(vs, has_dirty);
866 vnc_jobs_join(vs);
867 return ret;
868 }
869 #else
870 static int vnc_update_client_sync(VncState *vs, int has_dirty)
871 {
872 return vnc_update_client(vs, has_dirty);
873 }
874 #endif
875
876 static int vnc_update_client(VncState *vs, int has_dirty)
877 {
878 if (vs->need_update && vs->csock != -1) {
879 VncDisplay *vd = vs->vd;
880 VncJob *job;
881 int y;
882 int width, height;
883 int n = 0;
884
885
886 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
887 /* kernel send buffers are full -> drop frames to throttle */
888 return 0;
889
890 if (!has_dirty && !vs->audio_cap && !vs->force_update)
891 return 0;
892
893 /*
894 * Send screen updates to the vnc client using the server
895 * surface and server dirty map. guest surface updates
896 * happening in parallel don't disturb us, the next pass will
897 * send them to the client.
898 */
899 job = vnc_job_new(vs);
900
901 width = MIN(vd->server->width, vs->client_width);
902 height = MIN(vd->server->height, vs->client_height);
903
904 for (y = 0; y < height; y++) {
905 int x;
906 int last_x = -1;
907 for (x = 0; x < width / 16; x++) {
908 if (vnc_get_bit(vs->dirty[y], x)) {
909 if (last_x == -1) {
910 last_x = x;
911 }
912 vnc_clear_bit(vs->dirty[y], x);
913 } else {
914 if (last_x != -1) {
915 int h = find_and_clear_dirty_height(vs, y, last_x, x);
916
917 n += vnc_job_add_rect(job, last_x * 16, y,
918 (x - last_x) * 16, h);
919 }
920 last_x = -1;
921 }
922 }
923 if (last_x != -1) {
924 int h = find_and_clear_dirty_height(vs, y, last_x, x);
925 n += vnc_job_add_rect(job, last_x * 16, y,
926 (x - last_x) * 16, h);
927 }
928 }
929
930 vnc_job_push(job);
931 vs->force_update = 0;
932 return n;
933 }
934
935 if (vs->csock == -1)
936 vnc_disconnect_finish(vs);
937
938 return 0;
939 }
940
941 /* audio */
942 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
943 {
944 VncState *vs = opaque;
945
946 switch (cmd) {
947 case AUD_CNOTIFY_DISABLE:
948 vnc_lock_output(vs);
949 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
950 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
951 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
952 vnc_unlock_output(vs);
953 vnc_flush(vs);
954 break;
955
956 case AUD_CNOTIFY_ENABLE:
957 vnc_lock_output(vs);
958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
959 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
960 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
961 vnc_unlock_output(vs);
962 vnc_flush(vs);
963 break;
964 }
965 }
966
967 static void audio_capture_destroy(void *opaque)
968 {
969 }
970
971 static void audio_capture(void *opaque, void *buf, int size)
972 {
973 VncState *vs = opaque;
974
975 vnc_lock_output(vs);
976 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
977 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
978 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
979 vnc_write_u32(vs, size);
980 vnc_write(vs, buf, size);
981 vnc_unlock_output(vs);
982 vnc_flush(vs);
983 }
984
985 static void audio_add(VncState *vs)
986 {
987 struct audio_capture_ops ops;
988
989 if (vs->audio_cap) {
990 monitor_printf(default_mon, "audio already running\n");
991 return;
992 }
993
994 ops.notify = audio_capture_notify;
995 ops.destroy = audio_capture_destroy;
996 ops.capture = audio_capture;
997
998 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
999 if (!vs->audio_cap) {
1000 monitor_printf(default_mon, "Failed to add audio capture\n");
1001 }
1002 }
1003
1004 static void audio_del(VncState *vs)
1005 {
1006 if (vs->audio_cap) {
1007 AUD_del_capture(vs->audio_cap, vs);
1008 vs->audio_cap = NULL;
1009 }
1010 }
1011
1012 static void vnc_disconnect_start(VncState *vs)
1013 {
1014 if (vs->csock == -1)
1015 return;
1016 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1017 closesocket(vs->csock);
1018 vs->csock = -1;
1019 }
1020
1021 static void vnc_disconnect_finish(VncState *vs)
1022 {
1023 int i;
1024
1025 vnc_jobs_join(vs); /* Wait encoding jobs */
1026
1027 vnc_lock_output(vs);
1028 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1029
1030 buffer_free(&vs->input);
1031 buffer_free(&vs->output);
1032
1033 qobject_decref(vs->info);
1034
1035 vnc_zlib_clear(vs);
1036 vnc_tight_clear(vs);
1037 vnc_zrle_clear(vs);
1038
1039 #ifdef CONFIG_VNC_TLS
1040 vnc_tls_client_cleanup(vs);
1041 #endif /* CONFIG_VNC_TLS */
1042 #ifdef CONFIG_VNC_SASL
1043 vnc_sasl_client_cleanup(vs);
1044 #endif /* CONFIG_VNC_SASL */
1045 audio_del(vs);
1046
1047 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1048
1049 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1050 dcl->idle = 1;
1051 }
1052
1053 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1054 vnc_remove_timer(vs->vd);
1055 if (vs->vd->lock_key_sync)
1056 qemu_remove_led_event_handler(vs->led);
1057 vnc_unlock_output(vs);
1058
1059 #ifdef CONFIG_VNC_THREAD
1060 qemu_mutex_destroy(&vs->output_mutex);
1061 #endif
1062 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1063 qemu_free(vs->lossy_rect[i]);
1064 }
1065 qemu_free(vs->lossy_rect);
1066 qemu_free(vs);
1067 }
1068
1069 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1070 {
1071 if (ret == 0 || ret == -1) {
1072 if (ret == -1) {
1073 switch (last_errno) {
1074 case EINTR:
1075 case EAGAIN:
1076 #ifdef _WIN32
1077 case WSAEWOULDBLOCK:
1078 #endif
1079 return 0;
1080 default:
1081 break;
1082 }
1083 }
1084
1085 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1086 ret, ret < 0 ? last_errno : 0);
1087 vnc_disconnect_start(vs);
1088
1089 return 0;
1090 }
1091 return ret;
1092 }
1093
1094
1095 void vnc_client_error(VncState *vs)
1096 {
1097 VNC_DEBUG("Closing down client sock: protocol error\n");
1098 vnc_disconnect_start(vs);
1099 }
1100
1101
1102 /*
1103 * Called to write a chunk of data to the client socket. The data may
1104 * be the raw data, or may have already been encoded by SASL.
1105 * The data will be written either straight onto the socket, or
1106 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1107 *
1108 * NB, it is theoretically possible to have 2 layers of encryption,
1109 * both SASL, and this TLS layer. It is highly unlikely in practice
1110 * though, since SASL encryption will typically be a no-op if TLS
1111 * is active
1112 *
1113 * Returns the number of bytes written, which may be less than
1114 * the requested 'datalen' if the socket would block. Returns
1115 * -1 on error, and disconnects the client socket.
1116 */
1117 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1118 {
1119 long ret;
1120 #ifdef CONFIG_VNC_TLS
1121 if (vs->tls.session) {
1122 ret = gnutls_write(vs->tls.session, data, datalen);
1123 if (ret < 0) {
1124 if (ret == GNUTLS_E_AGAIN)
1125 errno = EAGAIN;
1126 else
1127 errno = EIO;
1128 ret = -1;
1129 }
1130 } else
1131 #endif /* CONFIG_VNC_TLS */
1132 ret = send(vs->csock, (const void *)data, datalen, 0);
1133 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1134 return vnc_client_io_error(vs, ret, socket_error());
1135 }
1136
1137
1138 /*
1139 * Called to write buffered data to the client socket, when not
1140 * using any SASL SSF encryption layers. Will write as much data
1141 * as possible without blocking. If all buffered data is written,
1142 * will switch the FD poll() handler back to read monitoring.
1143 *
1144 * Returns the number of bytes written, which may be less than
1145 * the buffered output data if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1147 */
1148 static long vnc_client_write_plain(VncState *vs)
1149 {
1150 long ret;
1151
1152 #ifdef CONFIG_VNC_SASL
1153 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1154 vs->output.buffer, vs->output.capacity, vs->output.offset,
1155 vs->sasl.waitWriteSSF);
1156
1157 if (vs->sasl.conn &&
1158 vs->sasl.runSSF &&
1159 vs->sasl.waitWriteSSF) {
1160 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1161 if (ret)
1162 vs->sasl.waitWriteSSF -= ret;
1163 } else
1164 #endif /* CONFIG_VNC_SASL */
1165 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1166 if (!ret)
1167 return 0;
1168
1169 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1170 vs->output.offset -= ret;
1171
1172 if (vs->output.offset == 0) {
1173 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1174 }
1175
1176 return ret;
1177 }
1178
1179
1180 /*
1181 * First function called whenever there is data to be written to
1182 * the client socket. Will delegate actual work according to whether
1183 * SASL SSF layers are enabled (thus requiring encryption calls)
1184 */
1185 static void vnc_client_write_locked(void *opaque)
1186 {
1187 VncState *vs = opaque;
1188
1189 #ifdef CONFIG_VNC_SASL
1190 if (vs->sasl.conn &&
1191 vs->sasl.runSSF &&
1192 !vs->sasl.waitWriteSSF) {
1193 vnc_client_write_sasl(vs);
1194 } else
1195 #endif /* CONFIG_VNC_SASL */
1196 vnc_client_write_plain(vs);
1197 }
1198
1199 void vnc_client_write(void *opaque)
1200 {
1201 VncState *vs = opaque;
1202
1203 vnc_lock_output(vs);
1204 if (vs->output.offset) {
1205 vnc_client_write_locked(opaque);
1206 } else if (vs->csock != -1) {
1207 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1208 }
1209 vnc_unlock_output(vs);
1210 }
1211
1212 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1213 {
1214 vs->read_handler = func;
1215 vs->read_handler_expect = expecting;
1216 }
1217
1218
1219 /*
1220 * Called to read a chunk of data from the client socket. The data may
1221 * be the raw data, or may need to be further decoded by SASL.
1222 * The data will be read either straight from to the socket, or
1223 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1224 *
1225 * NB, it is theoretically possible to have 2 layers of encryption,
1226 * both SASL, and this TLS layer. It is highly unlikely in practice
1227 * though, since SASL encryption will typically be a no-op if TLS
1228 * is active
1229 *
1230 * Returns the number of bytes read, which may be less than
1231 * the requested 'datalen' if the socket would block. Returns
1232 * -1 on error, and disconnects the client socket.
1233 */
1234 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1235 {
1236 long ret;
1237 #ifdef CONFIG_VNC_TLS
1238 if (vs->tls.session) {
1239 ret = gnutls_read(vs->tls.session, data, datalen);
1240 if (ret < 0) {
1241 if (ret == GNUTLS_E_AGAIN)
1242 errno = EAGAIN;
1243 else
1244 errno = EIO;
1245 ret = -1;
1246 }
1247 } else
1248 #endif /* CONFIG_VNC_TLS */
1249 ret = recv(vs->csock, (void *)data, datalen, 0);
1250 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1251 return vnc_client_io_error(vs, ret, socket_error());
1252 }
1253
1254
1255 /*
1256 * Called to read data from the client socket to the input buffer,
1257 * when not using any SASL SSF encryption layers. Will read as much
1258 * data as possible without blocking.
1259 *
1260 * Returns the number of bytes read. Returns -1 on error, and
1261 * disconnects the client socket.
1262 */
1263 static long vnc_client_read_plain(VncState *vs)
1264 {
1265 int ret;
1266 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1267 vs->input.buffer, vs->input.capacity, vs->input.offset);
1268 buffer_reserve(&vs->input, 4096);
1269 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1270 if (!ret)
1271 return 0;
1272 vs->input.offset += ret;
1273 return ret;
1274 }
1275
1276
1277 /*
1278 * First function called whenever there is more data to be read from
1279 * the client socket. Will delegate actual work according to whether
1280 * SASL SSF layers are enabled (thus requiring decryption calls)
1281 */
1282 void vnc_client_read(void *opaque)
1283 {
1284 VncState *vs = opaque;
1285 long ret;
1286
1287 #ifdef CONFIG_VNC_SASL
1288 if (vs->sasl.conn && vs->sasl.runSSF)
1289 ret = vnc_client_read_sasl(vs);
1290 else
1291 #endif /* CONFIG_VNC_SASL */
1292 ret = vnc_client_read_plain(vs);
1293 if (!ret) {
1294 if (vs->csock == -1)
1295 vnc_disconnect_finish(vs);
1296 return;
1297 }
1298
1299 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1300 size_t len = vs->read_handler_expect;
1301 int ret;
1302
1303 ret = vs->read_handler(vs, vs->input.buffer, len);
1304 if (vs->csock == -1) {
1305 vnc_disconnect_finish(vs);
1306 return;
1307 }
1308
1309 if (!ret) {
1310 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1311 vs->input.offset -= len;
1312 } else {
1313 vs->read_handler_expect = ret;
1314 }
1315 }
1316 }
1317
1318 void vnc_write(VncState *vs, const void *data, size_t len)
1319 {
1320 buffer_reserve(&vs->output, len);
1321
1322 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1323 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1324 }
1325
1326 buffer_append(&vs->output, data, len);
1327 }
1328
1329 void vnc_write_s32(VncState *vs, int32_t value)
1330 {
1331 vnc_write_u32(vs, *(uint32_t *)&value);
1332 }
1333
1334 void vnc_write_u32(VncState *vs, uint32_t value)
1335 {
1336 uint8_t buf[4];
1337
1338 buf[0] = (value >> 24) & 0xFF;
1339 buf[1] = (value >> 16) & 0xFF;
1340 buf[2] = (value >> 8) & 0xFF;
1341 buf[3] = value & 0xFF;
1342
1343 vnc_write(vs, buf, 4);
1344 }
1345
1346 void vnc_write_u16(VncState *vs, uint16_t value)
1347 {
1348 uint8_t buf[2];
1349
1350 buf[0] = (value >> 8) & 0xFF;
1351 buf[1] = value & 0xFF;
1352
1353 vnc_write(vs, buf, 2);
1354 }
1355
1356 void vnc_write_u8(VncState *vs, uint8_t value)
1357 {
1358 vnc_write(vs, (char *)&value, 1);
1359 }
1360
1361 void vnc_flush(VncState *vs)
1362 {
1363 vnc_lock_output(vs);
1364 if (vs->csock != -1 && vs->output.offset) {
1365 vnc_client_write_locked(vs);
1366 }
1367 vnc_unlock_output(vs);
1368 }
1369
1370 uint8_t read_u8(uint8_t *data, size_t offset)
1371 {
1372 return data[offset];
1373 }
1374
1375 uint16_t read_u16(uint8_t *data, size_t offset)
1376 {
1377 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1378 }
1379
1380 int32_t read_s32(uint8_t *data, size_t offset)
1381 {
1382 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1383 (data[offset + 2] << 8) | data[offset + 3]);
1384 }
1385
1386 uint32_t read_u32(uint8_t *data, size_t offset)
1387 {
1388 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1389 (data[offset + 2] << 8) | data[offset + 3]);
1390 }
1391
1392 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1393 {
1394 }
1395
1396 static void check_pointer_type_change(Notifier *notifier)
1397 {
1398 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1399 int absolute = kbd_mouse_is_absolute();
1400
1401 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1402 vnc_lock_output(vs);
1403 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1404 vnc_write_u8(vs, 0);
1405 vnc_write_u16(vs, 1);
1406 vnc_framebuffer_update(vs, absolute, 0,
1407 ds_get_width(vs->ds), ds_get_height(vs->ds),
1408 VNC_ENCODING_POINTER_TYPE_CHANGE);
1409 vnc_unlock_output(vs);
1410 vnc_flush(vs);
1411 }
1412 vs->absolute = absolute;
1413 }
1414
1415 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1416 {
1417 int buttons = 0;
1418 int dz = 0;
1419
1420 if (button_mask & 0x01)
1421 buttons |= MOUSE_EVENT_LBUTTON;
1422 if (button_mask & 0x02)
1423 buttons |= MOUSE_EVENT_MBUTTON;
1424 if (button_mask & 0x04)
1425 buttons |= MOUSE_EVENT_RBUTTON;
1426 if (button_mask & 0x08)
1427 dz = -1;
1428 if (button_mask & 0x10)
1429 dz = 1;
1430
1431 if (vs->absolute) {
1432 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1433 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1434 ds_get_height(vs->ds) > 1 ?
1435 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1436 dz, buttons);
1437 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1438 x -= 0x7FFF;
1439 y -= 0x7FFF;
1440
1441 kbd_mouse_event(x, y, dz, buttons);
1442 } else {
1443 if (vs->last_x != -1)
1444 kbd_mouse_event(x - vs->last_x,
1445 y - vs->last_y,
1446 dz, buttons);
1447 vs->last_x = x;
1448 vs->last_y = y;
1449 }
1450 }
1451
1452 static void reset_keys(VncState *vs)
1453 {
1454 int i;
1455 for(i = 0; i < 256; i++) {
1456 if (vs->modifiers_state[i]) {
1457 if (i & SCANCODE_GREY)
1458 kbd_put_keycode(SCANCODE_EMUL0);
1459 kbd_put_keycode(i | SCANCODE_UP);
1460 vs->modifiers_state[i] = 0;
1461 }
1462 }
1463 }
1464
1465 static void press_key(VncState *vs, int keysym)
1466 {
1467 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1468 if (keycode & SCANCODE_GREY)
1469 kbd_put_keycode(SCANCODE_EMUL0);
1470 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1471 if (keycode & SCANCODE_GREY)
1472 kbd_put_keycode(SCANCODE_EMUL0);
1473 kbd_put_keycode(keycode | SCANCODE_UP);
1474 }
1475
1476 static void kbd_leds(void *opaque, int ledstate)
1477 {
1478 VncState *vs = opaque;
1479 int caps, num;
1480
1481 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1482 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1483
1484 if (vs->modifiers_state[0x3a] != caps) {
1485 vs->modifiers_state[0x3a] = caps;
1486 }
1487 if (vs->modifiers_state[0x45] != num) {
1488 vs->modifiers_state[0x45] = num;
1489 }
1490 }
1491
1492 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1493 {
1494 /* QEMU console switch */
1495 switch(keycode) {
1496 case 0x2a: /* Left Shift */
1497 case 0x36: /* Right Shift */
1498 case 0x1d: /* Left CTRL */
1499 case 0x9d: /* Right CTRL */
1500 case 0x38: /* Left ALT */
1501 case 0xb8: /* Right ALT */
1502 if (down)
1503 vs->modifiers_state[keycode] = 1;
1504 else
1505 vs->modifiers_state[keycode] = 0;
1506 break;
1507 case 0x02 ... 0x0a: /* '1' to '9' keys */
1508 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1509 /* Reset the modifiers sent to the current console */
1510 reset_keys(vs);
1511 console_select(keycode - 0x02);
1512 return;
1513 }
1514 break;
1515 case 0x3a: /* CapsLock */
1516 case 0x45: /* NumLock */
1517 if (down)
1518 vs->modifiers_state[keycode] ^= 1;
1519 break;
1520 }
1521
1522 if (down && vs->vd->lock_key_sync &&
1523 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1524 /* If the numlock state needs to change then simulate an additional
1525 keypress before sending this one. This will happen if the user
1526 toggles numlock away from the VNC window.
1527 */
1528 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1529 if (!vs->modifiers_state[0x45]) {
1530 vs->modifiers_state[0x45] = 1;
1531 press_key(vs, 0xff7f);
1532 }
1533 } else {
1534 if (vs->modifiers_state[0x45]) {
1535 vs->modifiers_state[0x45] = 0;
1536 press_key(vs, 0xff7f);
1537 }
1538 }
1539 }
1540
1541 if (down && vs->vd->lock_key_sync &&
1542 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1543 /* If the capslock state needs to change then simulate an additional
1544 keypress before sending this one. This will happen if the user
1545 toggles capslock away from the VNC window.
1546 */
1547 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1548 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1549 int capslock = !!(vs->modifiers_state[0x3a]);
1550 if (capslock) {
1551 if (uppercase == shift) {
1552 vs->modifiers_state[0x3a] = 0;
1553 press_key(vs, 0xffe5);
1554 }
1555 } else {
1556 if (uppercase != shift) {
1557 vs->modifiers_state[0x3a] = 1;
1558 press_key(vs, 0xffe5);
1559 }
1560 }
1561 }
1562
1563 if (is_graphic_console()) {
1564 if (keycode & SCANCODE_GREY)
1565 kbd_put_keycode(SCANCODE_EMUL0);
1566 if (down)
1567 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1568 else
1569 kbd_put_keycode(keycode | SCANCODE_UP);
1570 } else {
1571 /* QEMU console emulation */
1572 if (down) {
1573 int numlock = vs->modifiers_state[0x45];
1574 switch (keycode) {
1575 case 0x2a: /* Left Shift */
1576 case 0x36: /* Right Shift */
1577 case 0x1d: /* Left CTRL */
1578 case 0x9d: /* Right CTRL */
1579 case 0x38: /* Left ALT */
1580 case 0xb8: /* Right ALT */
1581 break;
1582 case 0xc8:
1583 kbd_put_keysym(QEMU_KEY_UP);
1584 break;
1585 case 0xd0:
1586 kbd_put_keysym(QEMU_KEY_DOWN);
1587 break;
1588 case 0xcb:
1589 kbd_put_keysym(QEMU_KEY_LEFT);
1590 break;
1591 case 0xcd:
1592 kbd_put_keysym(QEMU_KEY_RIGHT);
1593 break;
1594 case 0xd3:
1595 kbd_put_keysym(QEMU_KEY_DELETE);
1596 break;
1597 case 0xc7:
1598 kbd_put_keysym(QEMU_KEY_HOME);
1599 break;
1600 case 0xcf:
1601 kbd_put_keysym(QEMU_KEY_END);
1602 break;
1603 case 0xc9:
1604 kbd_put_keysym(QEMU_KEY_PAGEUP);
1605 break;
1606 case 0xd1:
1607 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1608 break;
1609
1610 case 0x47:
1611 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1612 break;
1613 case 0x48:
1614 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1615 break;
1616 case 0x49:
1617 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1618 break;
1619 case 0x4b:
1620 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1621 break;
1622 case 0x4c:
1623 kbd_put_keysym('5');
1624 break;
1625 case 0x4d:
1626 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1627 break;
1628 case 0x4f:
1629 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1630 break;
1631 case 0x50:
1632 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1633 break;
1634 case 0x51:
1635 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1636 break;
1637 case 0x52:
1638 kbd_put_keysym('0');
1639 break;
1640 case 0x53:
1641 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1642 break;
1643
1644 case 0xb5:
1645 kbd_put_keysym('/');
1646 break;
1647 case 0x37:
1648 kbd_put_keysym('*');
1649 break;
1650 case 0x4a:
1651 kbd_put_keysym('-');
1652 break;
1653 case 0x4e:
1654 kbd_put_keysym('+');
1655 break;
1656 case 0x9c:
1657 kbd_put_keysym('\n');
1658 break;
1659
1660 default:
1661 kbd_put_keysym(sym);
1662 break;
1663 }
1664 }
1665 }
1666 }
1667
1668 static void key_event(VncState *vs, int down, uint32_t sym)
1669 {
1670 int keycode;
1671 int lsym = sym;
1672
1673 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1674 lsym = lsym - 'A' + 'a';
1675 }
1676
1677 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1678 do_key_event(vs, down, keycode, sym);
1679 }
1680
1681 static void ext_key_event(VncState *vs, int down,
1682 uint32_t sym, uint16_t keycode)
1683 {
1684 /* if the user specifies a keyboard layout, always use it */
1685 if (keyboard_layout)
1686 key_event(vs, down, sym);
1687 else
1688 do_key_event(vs, down, keycode, sym);
1689 }
1690
1691 static void framebuffer_update_request(VncState *vs, int incremental,
1692 int x_position, int y_position,
1693 int w, int h)
1694 {
1695 if (y_position > ds_get_height(vs->ds))
1696 y_position = ds_get_height(vs->ds);
1697 if (y_position + h >= ds_get_height(vs->ds))
1698 h = ds_get_height(vs->ds) - y_position;
1699
1700 int i;
1701 vs->need_update = 1;
1702 if (!incremental) {
1703 vs->force_update = 1;
1704 for (i = 0; i < h; i++) {
1705 vnc_set_bits(vs->dirty[y_position + i],
1706 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1707 }
1708 }
1709 }
1710
1711 static void send_ext_key_event_ack(VncState *vs)
1712 {
1713 vnc_lock_output(vs);
1714 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1715 vnc_write_u8(vs, 0);
1716 vnc_write_u16(vs, 1);
1717 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1718 VNC_ENCODING_EXT_KEY_EVENT);
1719 vnc_unlock_output(vs);
1720 vnc_flush(vs);
1721 }
1722
1723 static void send_ext_audio_ack(VncState *vs)
1724 {
1725 vnc_lock_output(vs);
1726 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1727 vnc_write_u8(vs, 0);
1728 vnc_write_u16(vs, 1);
1729 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1730 VNC_ENCODING_AUDIO);
1731 vnc_unlock_output(vs);
1732 vnc_flush(vs);
1733 }
1734
1735 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1736 {
1737 int i;
1738 unsigned int enc = 0;
1739
1740 vs->features = 0;
1741 vs->vnc_encoding = 0;
1742 vs->tight.compression = 9;
1743 vs->tight.quality = -1; /* Lossless by default */
1744 vs->absolute = -1;
1745
1746 /*
1747 * Start from the end because the encodings are sent in order of preference.
1748 * This way the prefered encoding (first encoding defined in the array)
1749 * will be set at the end of the loop.
1750 */
1751 for (i = n_encodings - 1; i >= 0; i--) {
1752 enc = encodings[i];
1753 switch (enc) {
1754 case VNC_ENCODING_RAW:
1755 vs->vnc_encoding = enc;
1756 break;
1757 case VNC_ENCODING_COPYRECT:
1758 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1759 break;
1760 case VNC_ENCODING_HEXTILE:
1761 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1762 vs->vnc_encoding = enc;
1763 break;
1764 case VNC_ENCODING_TIGHT:
1765 vs->features |= VNC_FEATURE_TIGHT_MASK;
1766 vs->vnc_encoding = enc;
1767 break;
1768 case VNC_ENCODING_TIGHT_PNG:
1769 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1770 vs->vnc_encoding = enc;
1771 break;
1772 case VNC_ENCODING_ZLIB:
1773 vs->features |= VNC_FEATURE_ZLIB_MASK;
1774 vs->vnc_encoding = enc;
1775 break;
1776 case VNC_ENCODING_ZRLE:
1777 vs->features |= VNC_FEATURE_ZRLE_MASK;
1778 vs->vnc_encoding = enc;
1779 break;
1780 case VNC_ENCODING_ZYWRLE:
1781 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1782 vs->vnc_encoding = enc;
1783 break;
1784 case VNC_ENCODING_DESKTOPRESIZE:
1785 vs->features |= VNC_FEATURE_RESIZE_MASK;
1786 break;
1787 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1788 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1789 break;
1790 case VNC_ENCODING_RICH_CURSOR:
1791 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1792 break;
1793 case VNC_ENCODING_EXT_KEY_EVENT:
1794 send_ext_key_event_ack(vs);
1795 break;
1796 case VNC_ENCODING_AUDIO:
1797 send_ext_audio_ack(vs);
1798 break;
1799 case VNC_ENCODING_WMVi:
1800 vs->features |= VNC_FEATURE_WMVI_MASK;
1801 break;
1802 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1803 vs->tight.compression = (enc & 0x0F);
1804 break;
1805 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1806 if (vs->vd->lossy) {
1807 vs->tight.quality = (enc & 0x0F);
1808 }
1809 break;
1810 default:
1811 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1812 break;
1813 }
1814 }
1815 vnc_desktop_resize(vs);
1816 check_pointer_type_change(&vs->mouse_mode_notifier);
1817 }
1818
1819 static void set_pixel_conversion(VncState *vs)
1820 {
1821 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1822 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1823 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1824 vs->write_pixels = vnc_write_pixels_copy;
1825 vnc_hextile_set_pixel_conversion(vs, 0);
1826 } else {
1827 vs->write_pixels = vnc_write_pixels_generic;
1828 vnc_hextile_set_pixel_conversion(vs, 1);
1829 }
1830 }
1831
1832 static void set_pixel_format(VncState *vs,
1833 int bits_per_pixel, int depth,
1834 int big_endian_flag, int true_color_flag,
1835 int red_max, int green_max, int blue_max,
1836 int red_shift, int green_shift, int blue_shift)
1837 {
1838 if (!true_color_flag) {
1839 vnc_client_error(vs);
1840 return;
1841 }
1842
1843 vs->clientds = *(vs->vd->guest.ds);
1844 vs->clientds.pf.rmax = red_max;
1845 count_bits(vs->clientds.pf.rbits, red_max);
1846 vs->clientds.pf.rshift = red_shift;
1847 vs->clientds.pf.rmask = red_max << red_shift;
1848 vs->clientds.pf.gmax = green_max;
1849 count_bits(vs->clientds.pf.gbits, green_max);
1850 vs->clientds.pf.gshift = green_shift;
1851 vs->clientds.pf.gmask = green_max << green_shift;
1852 vs->clientds.pf.bmax = blue_max;
1853 count_bits(vs->clientds.pf.bbits, blue_max);
1854 vs->clientds.pf.bshift = blue_shift;
1855 vs->clientds.pf.bmask = blue_max << blue_shift;
1856 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1857 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1858 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1859 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1860
1861 set_pixel_conversion(vs);
1862
1863 vga_hw_invalidate();
1864 vga_hw_update();
1865 }
1866
1867 static void pixel_format_message (VncState *vs) {
1868 char pad[3] = { 0, 0, 0 };
1869
1870 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1871 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1872
1873 #ifdef HOST_WORDS_BIGENDIAN
1874 vnc_write_u8(vs, 1); /* big-endian-flag */
1875 #else
1876 vnc_write_u8(vs, 0); /* big-endian-flag */
1877 #endif
1878 vnc_write_u8(vs, 1); /* true-color-flag */
1879 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1880 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1881 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1882 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1883 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1884 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1885
1886 vnc_hextile_set_pixel_conversion(vs, 0);
1887
1888 vs->clientds = *(vs->ds->surface);
1889 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1890 vs->write_pixels = vnc_write_pixels_copy;
1891
1892 vnc_write(vs, pad, 3); /* padding */
1893 }
1894
1895 static void vnc_dpy_setdata(DisplayState *ds)
1896 {
1897 /* We don't have to do anything */
1898 }
1899
1900 static void vnc_colordepth(VncState *vs)
1901 {
1902 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1903 /* Sending a WMVi message to notify the client*/
1904 vnc_lock_output(vs);
1905 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1906 vnc_write_u8(vs, 0);
1907 vnc_write_u16(vs, 1); /* number of rects */
1908 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1909 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1910 pixel_format_message(vs);
1911 vnc_unlock_output(vs);
1912 vnc_flush(vs);
1913 } else {
1914 set_pixel_conversion(vs);
1915 }
1916 }
1917
1918 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1919 {
1920 int i;
1921 uint16_t limit;
1922 VncDisplay *vd = vs->vd;
1923
1924 if (data[0] > 3) {
1925 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1926 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1927 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1928 }
1929
1930 switch (data[0]) {
1931 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1932 if (len == 1)
1933 return 20;
1934
1935 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1936 read_u8(data, 6), read_u8(data, 7),
1937 read_u16(data, 8), read_u16(data, 10),
1938 read_u16(data, 12), read_u8(data, 14),
1939 read_u8(data, 15), read_u8(data, 16));
1940 break;
1941 case VNC_MSG_CLIENT_SET_ENCODINGS:
1942 if (len == 1)
1943 return 4;
1944
1945 if (len == 4) {
1946 limit = read_u16(data, 2);
1947 if (limit > 0)
1948 return 4 + (limit * 4);
1949 } else
1950 limit = read_u16(data, 2);
1951
1952 for (i = 0; i < limit; i++) {
1953 int32_t val = read_s32(data, 4 + (i * 4));
1954 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1955 }
1956
1957 set_encodings(vs, (int32_t *)(data + 4), limit);
1958 break;
1959 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1960 if (len == 1)
1961 return 10;
1962
1963 framebuffer_update_request(vs,
1964 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1965 read_u16(data, 6), read_u16(data, 8));
1966 break;
1967 case VNC_MSG_CLIENT_KEY_EVENT:
1968 if (len == 1)
1969 return 8;
1970
1971 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1972 break;
1973 case VNC_MSG_CLIENT_POINTER_EVENT:
1974 if (len == 1)
1975 return 6;
1976
1977 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1978 break;
1979 case VNC_MSG_CLIENT_CUT_TEXT:
1980 if (len == 1)
1981 return 8;
1982
1983 if (len == 8) {
1984 uint32_t dlen = read_u32(data, 4);
1985 if (dlen > 0)
1986 return 8 + dlen;
1987 }
1988
1989 client_cut_text(vs, read_u32(data, 4), data + 8);
1990 break;
1991 case VNC_MSG_CLIENT_QEMU:
1992 if (len == 1)
1993 return 2;
1994
1995 switch (read_u8(data, 1)) {
1996 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1997 if (len == 2)
1998 return 12;
1999
2000 ext_key_event(vs, read_u16(data, 2),
2001 read_u32(data, 4), read_u32(data, 8));
2002 break;
2003 case VNC_MSG_CLIENT_QEMU_AUDIO:
2004 if (len == 2)
2005 return 4;
2006
2007 switch (read_u16 (data, 2)) {
2008 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2009 audio_add(vs);
2010 break;
2011 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2012 audio_del(vs);
2013 break;
2014 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2015 if (len == 4)
2016 return 10;
2017 switch (read_u8(data, 4)) {
2018 case 0: vs->as.fmt = AUD_FMT_U8; break;
2019 case 1: vs->as.fmt = AUD_FMT_S8; break;
2020 case 2: vs->as.fmt = AUD_FMT_U16; break;
2021 case 3: vs->as.fmt = AUD_FMT_S16; break;
2022 case 4: vs->as.fmt = AUD_FMT_U32; break;
2023 case 5: vs->as.fmt = AUD_FMT_S32; break;
2024 default:
2025 printf("Invalid audio format %d\n", read_u8(data, 4));
2026 vnc_client_error(vs);
2027 break;
2028 }
2029 vs->as.nchannels = read_u8(data, 5);
2030 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2031 printf("Invalid audio channel coount %d\n",
2032 read_u8(data, 5));
2033 vnc_client_error(vs);
2034 break;
2035 }
2036 vs->as.freq = read_u32(data, 6);
2037 break;
2038 default:
2039 printf ("Invalid audio message %d\n", read_u8(data, 4));
2040 vnc_client_error(vs);
2041 break;
2042 }
2043 break;
2044
2045 default:
2046 printf("Msg: %d\n", read_u16(data, 0));
2047 vnc_client_error(vs);
2048 break;
2049 }
2050 break;
2051 default:
2052 printf("Msg: %d\n", data[0]);
2053 vnc_client_error(vs);
2054 break;
2055 }
2056
2057 vnc_read_when(vs, protocol_client_msg, 1);
2058 return 0;
2059 }
2060
2061 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2062 {
2063 char buf[1024];
2064 int size;
2065
2066 vs->client_width = ds_get_width(vs->ds);
2067 vs->client_height = ds_get_height(vs->ds);
2068 vnc_write_u16(vs, vs->client_width);
2069 vnc_write_u16(vs, vs->client_height);
2070
2071 pixel_format_message(vs);
2072
2073 if (qemu_name)
2074 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2075 else
2076 size = snprintf(buf, sizeof(buf), "QEMU");
2077
2078 vnc_write_u32(vs, size);
2079 vnc_write(vs, buf, size);
2080 vnc_flush(vs);
2081
2082 vnc_client_cache_auth(vs);
2083 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2084
2085 vnc_read_when(vs, protocol_client_msg, 1);
2086
2087 return 0;
2088 }
2089
2090 void start_client_init(VncState *vs)
2091 {
2092 vnc_read_when(vs, protocol_client_init, 1);
2093 }
2094
2095 static void make_challenge(VncState *vs)
2096 {
2097 int i;
2098
2099 srand(time(NULL)+getpid()+getpid()*987654+rand());
2100
2101 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2102 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2103 }
2104
2105 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2106 {
2107 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2108 int i, j, pwlen;
2109 unsigned char key[8];
2110 time_t now = time(NULL);
2111
2112 if (!vs->vd->password) {
2113 VNC_DEBUG("No password configured on server");
2114 goto reject;
2115 }
2116 if (vs->vd->expires < now) {
2117 VNC_DEBUG("Password is expired");
2118 goto reject;
2119 }
2120
2121 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2122
2123 /* Calculate the expected challenge response */
2124 pwlen = strlen(vs->vd->password);
2125 for (i=0; i<sizeof(key); i++)
2126 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2127 deskey(key, EN0);
2128 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2129 des(response+j, response+j);
2130
2131 /* Compare expected vs actual challenge response */
2132 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2133 VNC_DEBUG("Client challenge reponse did not match\n");
2134 goto reject;
2135 } else {
2136 VNC_DEBUG("Accepting VNC challenge response\n");
2137 vnc_write_u32(vs, 0); /* Accept auth */
2138 vnc_flush(vs);
2139
2140 start_client_init(vs);
2141 }
2142 return 0;
2143
2144 reject:
2145 vnc_write_u32(vs, 1); /* Reject auth */
2146 if (vs->minor >= 8) {
2147 static const char err[] = "Authentication failed";
2148 vnc_write_u32(vs, sizeof(err));
2149 vnc_write(vs, err, sizeof(err));
2150 }
2151 vnc_flush(vs);
2152 vnc_client_error(vs);
2153 return 0;
2154 }
2155
2156 void start_auth_vnc(VncState *vs)
2157 {
2158 make_challenge(vs);
2159 /* Send client a 'random' challenge */
2160 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2161 vnc_flush(vs);
2162
2163 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2164 }
2165
2166
2167 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2168 {
2169 /* We only advertise 1 auth scheme at a time, so client
2170 * must pick the one we sent. Verify this */
2171 if (data[0] != vs->vd->auth) { /* Reject auth */
2172 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2173 vnc_write_u32(vs, 1);
2174 if (vs->minor >= 8) {
2175 static const char err[] = "Authentication failed";
2176 vnc_write_u32(vs, sizeof(err));
2177 vnc_write(vs, err, sizeof(err));
2178 }
2179 vnc_client_error(vs);
2180 } else { /* Accept requested auth */
2181 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2182 switch (vs->vd->auth) {
2183 case VNC_AUTH_NONE:
2184 VNC_DEBUG("Accept auth none\n");
2185 if (vs->minor >= 8) {
2186 vnc_write_u32(vs, 0); /* Accept auth completion */
2187 vnc_flush(vs);
2188 }
2189 start_client_init(vs);
2190 break;
2191
2192 case VNC_AUTH_VNC:
2193 VNC_DEBUG("Start VNC auth\n");
2194 start_auth_vnc(vs);
2195 break;
2196
2197 #ifdef CONFIG_VNC_TLS
2198 case VNC_AUTH_VENCRYPT:
2199 VNC_DEBUG("Accept VeNCrypt auth\n");;
2200 start_auth_vencrypt(vs);
2201 break;
2202 #endif /* CONFIG_VNC_TLS */
2203
2204 #ifdef CONFIG_VNC_SASL
2205 case VNC_AUTH_SASL:
2206 VNC_DEBUG("Accept SASL auth\n");
2207 start_auth_sasl(vs);
2208 break;
2209 #endif /* CONFIG_VNC_SASL */
2210
2211 default: /* Should not be possible, but just in case */
2212 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2213 vnc_write_u8(vs, 1);
2214 if (vs->minor >= 8) {
2215 static const char err[] = "Authentication failed";
2216 vnc_write_u32(vs, sizeof(err));
2217 vnc_write(vs, err, sizeof(err));
2218 }
2219 vnc_client_error(vs);
2220 }
2221 }
2222 return 0;
2223 }
2224
2225 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2226 {
2227 char local[13];
2228
2229 memcpy(local, version, 12);
2230 local[12] = 0;
2231
2232 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2233 VNC_DEBUG("Malformed protocol version %s\n", local);
2234 vnc_client_error(vs);
2235 return 0;
2236 }
2237 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2238 if (vs->major != 3 ||
2239 (vs->minor != 3 &&
2240 vs->minor != 4 &&
2241 vs->minor != 5 &&
2242 vs->minor != 7 &&
2243 vs->minor != 8)) {
2244 VNC_DEBUG("Unsupported client version\n");
2245 vnc_write_u32(vs, VNC_AUTH_INVALID);
2246 vnc_flush(vs);
2247 vnc_client_error(vs);
2248 return 0;
2249 }
2250 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2251 * as equivalent to v3.3 by servers
2252 */
2253 if (vs->minor == 4 || vs->minor == 5)
2254 vs->minor = 3;
2255
2256 if (vs->minor == 3) {
2257 if (vs->vd->auth == VNC_AUTH_NONE) {
2258 VNC_DEBUG("Tell client auth none\n");
2259 vnc_write_u32(vs, vs->vd->auth);
2260 vnc_flush(vs);
2261 start_client_init(vs);
2262 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2263 VNC_DEBUG("Tell client VNC auth\n");
2264 vnc_write_u32(vs, vs->vd->auth);
2265 vnc_flush(vs);
2266 start_auth_vnc(vs);
2267 } else {
2268 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2269 vnc_write_u32(vs, VNC_AUTH_INVALID);
2270 vnc_flush(vs);
2271 vnc_client_error(vs);
2272 }
2273 } else {
2274 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2275 vnc_write_u8(vs, 1); /* num auth */
2276 vnc_write_u8(vs, vs->vd->auth);
2277 vnc_read_when(vs, protocol_client_auth, 1);
2278 vnc_flush(vs);
2279 }
2280
2281 return 0;
2282 }
2283
2284 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2285 {
2286 struct VncSurface *vs = &vd->guest;
2287
2288 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2289 }
2290
2291 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2292 {
2293 int i, j;
2294
2295 w = (x + w) / VNC_STAT_RECT;
2296 h = (y + h) / VNC_STAT_RECT;
2297 x /= VNC_STAT_RECT;
2298 y /= VNC_STAT_RECT;
2299
2300 for (j = y; j <= y + h; j++) {
2301 for (i = x; i <= x + w; i++) {
2302 vs->lossy_rect[j][i] = 1;
2303 }
2304 }
2305 }
2306
2307 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2308 {
2309 VncState *vs;
2310 int sty = y / VNC_STAT_RECT;
2311 int stx = x / VNC_STAT_RECT;
2312 int has_dirty = 0;
2313
2314 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2315 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2316
2317 QTAILQ_FOREACH(vs, &vd->clients, next) {
2318 int j;
2319
2320 /* kernel send buffers are full -> refresh later */
2321 if (vs->output.offset) {
2322 continue;
2323 }
2324
2325 if (!vs->lossy_rect[sty][stx]) {
2326 continue;
2327 }
2328 vs->lossy_rect[sty][stx] = 0;
2329 for (j = 0; j < VNC_STAT_RECT; ++j) {
2330 vnc_set_bits(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2331 }
2332 has_dirty++;
2333 }
2334 return has_dirty;
2335 }
2336
2337 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2338 {
2339 int x, y;
2340 struct timeval res;
2341 int has_dirty = 0;
2342
2343 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2344 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2345 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2346
2347 rect->updated = false;
2348 }
2349 }
2350
2351 timersub(tv, &VNC_REFRESH_STATS, &res);
2352
2353 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2354 return has_dirty;
2355 }
2356 vd->guest.last_freq_check = *tv;
2357
2358 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2359 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2360 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2361 int count = ARRAY_SIZE(rect->times);
2362 struct timeval min, max;
2363
2364 if (!timerisset(&rect->times[count - 1])) {
2365 continue ;
2366 }
2367
2368 max = rect->times[(rect->idx + count - 1) % count];
2369 timersub(tv, &max, &res);
2370
2371 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2372 rect->freq = 0;
2373 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2374 memset(rect->times, 0, sizeof (rect->times));
2375 continue ;
2376 }
2377
2378 min = rect->times[rect->idx];
2379 max = rect->times[(rect->idx + count - 1) % count];
2380 timersub(&max, &min, &res);
2381
2382 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2383 rect->freq /= count;
2384 rect->freq = 1. / rect->freq;
2385 }
2386 }
2387 return has_dirty;
2388 }
2389
2390 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2391 {
2392 int i, j;
2393 double total = 0;
2394 int num = 0;
2395
2396 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2397 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2398
2399 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2400 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2401 total += vnc_stat_rect(vs->vd, i, j)->freq;
2402 num++;
2403 }
2404 }
2405
2406 if (num) {
2407 return total / num;
2408 } else {
2409 return 0;
2410 }
2411 }
2412
2413 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2414 {
2415 VncRectStat *rect;
2416
2417 rect = vnc_stat_rect(vd, x, y);
2418 if (rect->updated) {
2419 return ;
2420 }
2421 rect->times[rect->idx] = *tv;
2422 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2423 rect->updated = true;
2424 }
2425
2426 static int vnc_refresh_server_surface(VncDisplay *vd)
2427 {
2428 int y;
2429 uint8_t *guest_row;
2430 uint8_t *server_row;
2431 int cmp_bytes;
2432 uint32_t width_mask[VNC_DIRTY_WORDS];
2433 VncState *vs;
2434 int has_dirty = 0;
2435
2436 struct timeval tv;
2437
2438 gettimeofday(&tv, NULL);
2439 has_dirty = vnc_update_stats(vd, &tv);
2440
2441 /*
2442 * Walk through the guest dirty map.
2443 * Check and copy modified bits from guest to server surface.
2444 * Update server dirty map.
2445 */
2446 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2447 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2448 guest_row = vd->guest.ds->data;
2449 server_row = vd->server->data;
2450 for (y = 0; y < vd->guest.ds->height; y++) {
2451 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2452 int x;
2453 uint8_t *guest_ptr;
2454 uint8_t *server_ptr;
2455
2456 guest_ptr = guest_row;
2457 server_ptr = server_row;
2458
2459 for (x = 0; x < vd->guest.ds->width;
2460 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2461 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2462 continue;
2463 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2464 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2465 continue;
2466 memcpy(server_ptr, guest_ptr, cmp_bytes);
2467 vnc_rect_updated(vd, x, y, &tv);
2468 QTAILQ_FOREACH(vs, &vd->clients, next) {
2469 vnc_set_bit(vs->dirty[y], (x / 16));
2470 }
2471 has_dirty++;
2472 }
2473 }
2474 guest_row += ds_get_linesize(vd->ds);
2475 server_row += ds_get_linesize(vd->ds);
2476 }
2477 return has_dirty;
2478 }
2479
2480 static void vnc_refresh(void *opaque)
2481 {
2482 VncDisplay *vd = opaque;
2483 VncState *vs, *vn;
2484 int has_dirty, rects = 0;
2485
2486 vga_hw_update();
2487
2488 if (vnc_trylock_display(vd)) {
2489 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2490 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) +
2491 vd->timer_interval);
2492 return;
2493 }
2494
2495 has_dirty = vnc_refresh_server_surface(vd);
2496 vnc_unlock_display(vd);
2497
2498 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2499 rects += vnc_update_client(vs, has_dirty);
2500 /* vs might be free()ed here */
2501 }
2502
2503 /* vd->timer could be NULL now if the last client disconnected,
2504 * in this case don't update the timer */
2505 if (vd->timer == NULL)
2506 return;
2507
2508 if (has_dirty && rects) {
2509 vd->timer_interval /= 2;
2510 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2511 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2512 } else {
2513 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2514 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2515 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2516 }
2517 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2518 }
2519
2520 static void vnc_init_timer(VncDisplay *vd)
2521 {
2522 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2523 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2524 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2525 vnc_refresh(vd);
2526 }
2527 }
2528
2529 static void vnc_remove_timer(VncDisplay *vd)
2530 {
2531 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2532 qemu_del_timer(vd->timer);
2533 qemu_free_timer(vd->timer);
2534 vd->timer = NULL;
2535 }
2536 }
2537
2538 static void vnc_connect(VncDisplay *vd, int csock)
2539 {
2540 VncState *vs = qemu_mallocz(sizeof(VncState));
2541 int i;
2542
2543 vs->csock = csock;
2544 vs->lossy_rect = qemu_mallocz(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2545 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2546 vs->lossy_rect[i] = qemu_mallocz(VNC_STAT_COLS * sizeof (uint8_t));
2547 }
2548
2549 VNC_DEBUG("New client on socket %d\n", csock);
2550 dcl->idle = 0;
2551 socket_set_nonblock(vs->csock);
2552 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2553
2554 vnc_client_cache_addr(vs);
2555 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2556
2557 vs->vd = vd;
2558 vs->ds = vd->ds;
2559 vs->last_x = -1;
2560 vs->last_y = -1;
2561
2562 vs->as.freq = 44100;
2563 vs->as.nchannels = 2;
2564 vs->as.fmt = AUD_FMT_S16;
2565 vs->as.endianness = 0;
2566
2567 #ifdef CONFIG_VNC_THREAD
2568 qemu_mutex_init(&vs->output_mutex);
2569 #endif
2570
2571 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2572
2573 vga_hw_update();
2574
2575 vnc_write(vs, "RFB 003.008\n", 12);
2576 vnc_flush(vs);
2577 vnc_read_when(vs, protocol_version, 12);
2578 reset_keys(vs);
2579 if (vs->vd->lock_key_sync)
2580 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2581
2582 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2583 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2584
2585 vnc_init_timer(vd);
2586
2587 /* vs might be free()ed here */
2588 }
2589
2590 static void vnc_listen_read(void *opaque)
2591 {
2592 VncDisplay *vs = opaque;
2593 struct sockaddr_in addr;
2594 socklen_t addrlen = sizeof(addr);
2595
2596 /* Catch-up */
2597 vga_hw_update();
2598
2599 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2600 if (csock != -1) {
2601 vnc_connect(vs, csock);
2602 }
2603 }
2604
2605 void vnc_display_init(DisplayState *ds)
2606 {
2607 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2608
2609 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2610
2611 ds->opaque = vs;
2612 dcl->idle = 1;
2613 vnc_display = vs;
2614
2615 vs->lsock = -1;
2616
2617 vs->ds = ds;
2618 QTAILQ_INIT(&vs->clients);
2619 vs->expires = TIME_MAX;
2620
2621 if (keyboard_layout)
2622 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2623 else
2624 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2625
2626 if (!vs->kbd_layout)
2627 exit(1);
2628
2629 #ifdef CONFIG_VNC_THREAD
2630 qemu_mutex_init(&vs->mutex);
2631 vnc_start_worker_thread();
2632 #endif
2633
2634 dcl->dpy_copy = vnc_dpy_copy;
2635 dcl->dpy_update = vnc_dpy_update;
2636 dcl->dpy_resize = vnc_dpy_resize;
2637 dcl->dpy_setdata = vnc_dpy_setdata;
2638 register_displaychangelistener(ds, dcl);
2639 ds->mouse_set = vnc_mouse_set;
2640 ds->cursor_define = vnc_dpy_cursor_define;
2641 }
2642
2643
2644 void vnc_display_close(DisplayState *ds)
2645 {
2646 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2647
2648 if (!vs)
2649 return;
2650 if (vs->display) {
2651 qemu_free(vs->display);
2652 vs->display = NULL;
2653 }
2654 if (vs->lsock != -1) {
2655 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2656 close(vs->lsock);
2657 vs->lsock = -1;
2658 }
2659 vs->auth = VNC_AUTH_INVALID;
2660 #ifdef CONFIG_VNC_TLS
2661 vs->subauth = VNC_AUTH_INVALID;
2662 vs->tls.x509verify = 0;
2663 #endif
2664 }
2665
2666 int vnc_display_disable_login(DisplayState *ds)
2667 {
2668 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2669
2670 if (!vs) {
2671 return -1;
2672 }
2673
2674 if (vs->password) {
2675 qemu_free(vs->password);
2676 }
2677
2678 vs->password = NULL;
2679 vs->auth = VNC_AUTH_VNC;
2680
2681 return 0;
2682 }
2683
2684 int vnc_display_password(DisplayState *ds, const char *password)
2685 {
2686 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2687
2688 if (!vs) {
2689 return -1;
2690 }
2691
2692 if (!password) {
2693 /* This is not the intention of this interface but err on the side
2694 of being safe */
2695 return vnc_display_disable_login(ds);
2696 }
2697
2698 if (vs->password) {
2699 qemu_free(vs->password);
2700 vs->password = NULL;
2701 }
2702 vs->password = qemu_strdup(password);
2703 vs->auth = VNC_AUTH_VNC;
2704
2705 return 0;
2706 }
2707
2708 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2709 {
2710 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2711
2712 vs->expires = expires;
2713 return 0;
2714 }
2715
2716 char *vnc_display_local_addr(DisplayState *ds)
2717 {
2718 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2719
2720 return vnc_socket_local_addr("%s:%s", vs->lsock);
2721 }
2722
2723 int vnc_display_open(DisplayState *ds, const char *display)
2724 {
2725 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2726 const char *options;
2727 int password = 0;
2728 int reverse = 0;
2729 #ifdef CONFIG_VNC_TLS
2730 int tls = 0, x509 = 0;
2731 #endif
2732 #ifdef CONFIG_VNC_SASL
2733 int sasl = 0;
2734 int saslErr;
2735 #endif
2736 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2737 int acl = 0;
2738 #endif
2739 int lock_key_sync = 1;
2740
2741 if (!vnc_display)
2742 return -1;
2743 vnc_display_close(ds);
2744 if (strcmp(display, "none") == 0)
2745 return 0;
2746
2747 if (!(vs->display = strdup(display)))
2748 return -1;
2749
2750 options = display;
2751 while ((options = strchr(options, ','))) {
2752 options++;
2753 if (strncmp(options, "password", 8) == 0) {
2754 password = 1; /* Require password auth */
2755 } else if (strncmp(options, "reverse", 7) == 0) {
2756 reverse = 1;
2757 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2758 lock_key_sync = 0;
2759 #ifdef CONFIG_VNC_SASL
2760 } else if (strncmp(options, "sasl", 4) == 0) {
2761 sasl = 1; /* Require SASL auth */
2762 #endif
2763 #ifdef CONFIG_VNC_TLS
2764 } else if (strncmp(options, "tls", 3) == 0) {
2765 tls = 1; /* Require TLS */
2766 } else if (strncmp(options, "x509", 4) == 0) {
2767 char *start, *end;
2768 x509 = 1; /* Require x509 certificates */
2769 if (strncmp(options, "x509verify", 10) == 0)
2770 vs->tls.x509verify = 1; /* ...and verify client certs */
2771
2772 /* Now check for 'x509=/some/path' postfix
2773 * and use that to setup x509 certificate/key paths */
2774 start = strchr(options, '=');
2775 end = strchr(options, ',');
2776 if (start && (!end || (start < end))) {
2777 int len = end ? end-(start+1) : strlen(start+1);
2778 char *path = qemu_strndup(start + 1, len);
2779
2780 VNC_DEBUG("Trying certificate path '%s'\n", path);
2781 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2782 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2783 qemu_free(path);
2784 qemu_free(vs->display);
2785 vs->display = NULL;
2786 return -1;
2787 }
2788 qemu_free(path);
2789 } else {
2790 fprintf(stderr, "No certificate path provided\n");
2791 qemu_free(vs->display);
2792 vs->display = NULL;
2793 return -1;
2794 }
2795 #endif
2796 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2797 } else if (strncmp(options, "acl", 3) == 0) {
2798 acl = 1;
2799 #endif
2800 } else if (strncmp(options, "lossy", 5) == 0) {
2801 vs->lossy = true;
2802 }
2803 }
2804
2805 #ifdef CONFIG_VNC_TLS
2806 if (acl && x509 && vs->tls.x509verify) {
2807 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2808 fprintf(stderr, "Failed to create x509 dname ACL\n");
2809 exit(1);
2810 }
2811 }
2812 #endif
2813 #ifdef CONFIG_VNC_SASL
2814 if (acl && sasl) {
2815 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2816 fprintf(stderr, "Failed to create username ACL\n");
2817 exit(1);
2818 }
2819 }
2820 #endif
2821
2822 /*
2823 * Combinations we support here:
2824 *
2825 * - no-auth (clear text, no auth)
2826 * - password (clear text, weak auth)
2827 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2828 * - tls (encrypt, weak anonymous creds, no auth)
2829 * - tls + password (encrypt, weak anonymous creds, weak auth)
2830 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2831 * - tls + x509 (encrypt, good x509 creds, no auth)
2832 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2833 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2834 *
2835 * NB1. TLS is a stackable auth scheme.
2836 * NB2. the x509 schemes have option to validate a client cert dname
2837 */
2838 if (password) {
2839 #ifdef CONFIG_VNC_TLS
2840 if (tls) {
2841 vs->auth = VNC_AUTH_VENCRYPT;
2842 if (x509) {
2843 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2844 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2845 } else {
2846 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2847 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2848 }
2849 } else {
2850 #endif /* CONFIG_VNC_TLS */
2851 VNC_DEBUG("Initializing VNC server with password auth\n");
2852 vs->auth = VNC_AUTH_VNC;
2853 #ifdef CONFIG_VNC_TLS
2854 vs->subauth = VNC_AUTH_INVALID;
2855 }
2856 #endif /* CONFIG_VNC_TLS */
2857 #ifdef CONFIG_VNC_SASL
2858 } else if (sasl) {
2859 #ifdef CONFIG_VNC_TLS
2860 if (tls) {
2861 vs->auth = VNC_AUTH_VENCRYPT;
2862 if (x509) {
2863 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2864 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2865 } else {
2866 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2867 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2868 }
2869 } else {
2870 #endif /* CONFIG_VNC_TLS */
2871 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2872 vs->auth = VNC_AUTH_SASL;
2873 #ifdef CONFIG_VNC_TLS
2874 vs->subauth = VNC_AUTH_INVALID;
2875 }
2876 #endif /* CONFIG_VNC_TLS */
2877 #endif /* CONFIG_VNC_SASL */
2878 } else {
2879 #ifdef CONFIG_VNC_TLS
2880 if (tls) {
2881 vs->auth = VNC_AUTH_VENCRYPT;
2882 if (x509) {
2883 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2884 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2885 } else {
2886 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2887 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2888 }
2889 } else {
2890 #endif
2891 VNC_DEBUG("Initializing VNC server with no auth\n");
2892 vs->auth = VNC_AUTH_NONE;
2893 #ifdef CONFIG_VNC_TLS
2894 vs->subauth = VNC_AUTH_INVALID;
2895 }
2896 #endif
2897 }
2898
2899 #ifdef CONFIG_VNC_SASL
2900 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2901 fprintf(stderr, "Failed to initialize SASL auth %s",
2902 sasl_errstring(saslErr, NULL, NULL));
2903 free(vs->display);
2904 vs->display = NULL;
2905 return -1;
2906 }
2907 #endif
2908 vs->lock_key_sync = lock_key_sync;
2909
2910 if (reverse) {
2911 /* connect to viewer */
2912 if (strncmp(display, "unix:", 5) == 0)
2913 vs->lsock = unix_connect(display+5);
2914 else
2915 vs->lsock = inet_connect(display, SOCK_STREAM);
2916 if (-1 == vs->lsock) {
2917 free(vs->display);
2918 vs->display = NULL;
2919 return -1;
2920 } else {
2921 int csock = vs->lsock;
2922 vs->lsock = -1;
2923 vnc_connect(vs, csock);
2924 }
2925 return 0;
2926
2927 } else {
2928 /* listen for connects */
2929 char *dpy;
2930 dpy = qemu_malloc(256);
2931 if (strncmp(display, "unix:", 5) == 0) {
2932 pstrcpy(dpy, 256, "unix:");
2933 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2934 } else {
2935 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2936 }
2937 if (-1 == vs->lsock) {
2938 free(dpy);
2939 return -1;
2940 } else {
2941 free(vs->display);
2942 vs->display = dpy;
2943 }
2944 }
2945 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2946 }
Qemu copy for testing