]> git.proxmox.com Git - qemu.git/blob - ui/vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
[qemu.git] / ui / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "vnc-jobs.h"
29 #include "sysemu.h"
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
32 #include "acl.h"
33 #include "qemu-objects.h"
34 #include "qmp-commands.h"
35 #include "osdep.h"
36
37 #define VNC_REFRESH_INTERVAL_BASE 30
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX 2000
40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
42
43 #include "vnc_keysym.h"
44 #include "d3des.h"
45
46 static VncDisplay *vnc_display; /* needed for info vnc */
47 static DisplayChangeListener *dcl;
48
49 static int vnc_cursor_define(VncState *vs);
50 static void vnc_release_modifiers(VncState *vs);
51
52 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
53 {
54 #ifdef _VNC_DEBUG
55 static const char *mn[] = {
56 [0] = "undefined",
57 [VNC_SHARE_MODE_CONNECTING] = "connecting",
58 [VNC_SHARE_MODE_SHARED] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
61 };
62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
63 vs->csock, mn[vs->share_mode], mn[mode]);
64 #endif
65
66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
67 vs->vd->num_exclusive--;
68 }
69 vs->share_mode = mode;
70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
71 vs->vd->num_exclusive++;
72 }
73 }
74
75 static char *addr_to_string(const char *format,
76 struct sockaddr_storage *sa,
77 socklen_t salen) {
78 char *addr;
79 char host[NI_MAXHOST];
80 char serv[NI_MAXSERV];
81 int err;
82 size_t addrlen;
83
84 if ((err = getnameinfo((struct sockaddr *)sa, salen,
85 host, sizeof(host),
86 serv, sizeof(serv),
87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err, gai_strerror(err));
90 return NULL;
91 }
92
93 /* Enough for the existing format + the 2 vars we're
94 * substituting in. */
95 addrlen = strlen(format) + strlen(host) + strlen(serv);
96 addr = g_malloc(addrlen + 1);
97 snprintf(addr, addrlen, format, host, serv);
98 addr[addrlen] = '\0';
99
100 return addr;
101 }
102
103
104 char *vnc_socket_local_addr(const char *format, int fd) {
105 struct sockaddr_storage sa;
106 socklen_t salen;
107
108 salen = sizeof(sa);
109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
110 return NULL;
111
112 return addr_to_string(format, &sa, salen);
113 }
114
115 char *vnc_socket_remote_addr(const char *format, int fd) {
116 struct sockaddr_storage sa;
117 socklen_t salen;
118
119 salen = sizeof(sa);
120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
121 return NULL;
122
123 return addr_to_string(format, &sa, salen);
124 }
125
126 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
127 socklen_t salen)
128 {
129 char host[NI_MAXHOST];
130 char serv[NI_MAXSERV];
131 int err;
132
133 if ((err = getnameinfo((struct sockaddr *)sa, salen,
134 host, sizeof(host),
135 serv, sizeof(serv),
136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err, gai_strerror(err));
139 return -1;
140 }
141
142 qdict_put(qdict, "host", qstring_from_str(host));
143 qdict_put(qdict, "service", qstring_from_str(serv));
144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
145
146 return 0;
147 }
148
149 static int vnc_server_addr_put(QDict *qdict, int fd)
150 {
151 struct sockaddr_storage sa;
152 socklen_t salen;
153
154 salen = sizeof(sa);
155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
156 return -1;
157 }
158
159 return put_addr_qdict(qdict, &sa, salen);
160 }
161
162 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
163 {
164 struct sockaddr_storage sa;
165 socklen_t salen;
166
167 salen = sizeof(sa);
168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
169 return -1;
170 }
171
172 return put_addr_qdict(qdict, &sa, salen);
173 }
174
175 static const char *vnc_auth_name(VncDisplay *vd) {
176 switch (vd->auth) {
177 case VNC_AUTH_INVALID:
178 return "invalid";
179 case VNC_AUTH_NONE:
180 return "none";
181 case VNC_AUTH_VNC:
182 return "vnc";
183 case VNC_AUTH_RA2:
184 return "ra2";
185 case VNC_AUTH_RA2NE:
186 return "ra2ne";
187 case VNC_AUTH_TIGHT:
188 return "tight";
189 case VNC_AUTH_ULTRA:
190 return "ultra";
191 case VNC_AUTH_TLS:
192 return "tls";
193 case VNC_AUTH_VENCRYPT:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd->subauth) {
196 case VNC_AUTH_VENCRYPT_PLAIN:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL:
213 return "vencrypt+x509+sasl";
214 default:
215 return "vencrypt";
216 }
217 #else
218 return "vencrypt";
219 #endif
220 case VNC_AUTH_SASL:
221 return "sasl";
222 }
223 return "unknown";
224 }
225
226 static int vnc_server_info_put(QDict *qdict)
227 {
228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
229 return -1;
230 }
231
232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
233 return 0;
234 }
235
236 static void vnc_client_cache_auth(VncState *client)
237 {
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
239 QDict *qdict;
240 #endif
241
242 if (!client->info) {
243 return;
244 }
245
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict = qobject_to_qdict(client->info);
248 #endif
249
250 #ifdef CONFIG_VNC_TLS
251 if (client->tls.session &&
252 client->tls.dname) {
253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
254 }
255 #endif
256 #ifdef CONFIG_VNC_SASL
257 if (client->sasl.conn &&
258 client->sasl.username) {
259 qdict_put(qdict, "sasl_username",
260 qstring_from_str(client->sasl.username));
261 }
262 #endif
263 }
264
265 static void vnc_client_cache_addr(VncState *client)
266 {
267 QDict *qdict;
268
269 qdict = qdict_new();
270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
271 QDECREF(qdict);
272 /* XXX: how to report the error? */
273 return;
274 }
275
276 client->info = QOBJECT(qdict);
277 }
278
279 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
280 {
281 QDict *server;
282 QObject *data;
283
284 if (!vs->info) {
285 return;
286 }
287
288 server = qdict_new();
289 if (vnc_server_info_put(server) < 0) {
290 QDECREF(server);
291 return;
292 }
293
294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs->info, QOBJECT(server));
296
297 monitor_protocol_event(event, data);
298
299 qobject_incref(vs->info);
300 qobject_decref(data);
301 }
302
303 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
304 {
305 struct sockaddr_storage sa;
306 socklen_t salen = sizeof(sa);
307 char host[NI_MAXHOST];
308 char serv[NI_MAXSERV];
309 VncClientInfo *info;
310
311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
312 return NULL;
313 }
314
315 if (getnameinfo((struct sockaddr *)&sa, salen,
316 host, sizeof(host),
317 serv, sizeof(serv),
318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
319 return NULL;
320 }
321
322 info = g_malloc0(sizeof(*info));
323 info->host = g_strdup(host);
324 info->service = g_strdup(serv);
325 info->family = g_strdup(inet_strfamily(sa.ss_family));
326
327 #ifdef CONFIG_VNC_TLS
328 if (client->tls.session && client->tls.dname) {
329 info->has_x509_dname = true;
330 info->x509_dname = g_strdup(client->tls.dname);
331 }
332 #endif
333 #ifdef CONFIG_VNC_SASL
334 if (client->sasl.conn && client->sasl.username) {
335 info->has_sasl_username = true;
336 info->sasl_username = g_strdup(client->sasl.username);
337 }
338 #endif
339
340 return info;
341 }
342
343 VncInfo *qmp_query_vnc(Error **errp)
344 {
345 VncInfo *info = g_malloc0(sizeof(*info));
346
347 if (vnc_display == NULL || vnc_display->display == NULL) {
348 info->enabled = false;
349 } else {
350 VncClientInfoList *cur_item = NULL;
351 struct sockaddr_storage sa;
352 socklen_t salen = sizeof(sa);
353 char host[NI_MAXHOST];
354 char serv[NI_MAXSERV];
355 VncState *client;
356
357 info->enabled = true;
358
359 /* for compatibility with the original command */
360 info->has_clients = true;
361
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
364 cinfo->value = qmp_query_vnc_client(client);
365
366 /* XXX: waiting for the qapi to support GSList */
367 if (!cur_item) {
368 info->clients = cur_item = cinfo;
369 } else {
370 cur_item->next = cinfo;
371 cur_item = cinfo;
372 }
373 }
374
375 if (vnc_display->lsock == -1) {
376 return info;
377 }
378
379 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
380 &salen) == -1) {
381 error_set(errp, QERR_UNDEFINED_ERROR);
382 goto out_error;
383 }
384
385 if (getnameinfo((struct sockaddr *)&sa, salen,
386 host, sizeof(host),
387 serv, sizeof(serv),
388 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
389 error_set(errp, QERR_UNDEFINED_ERROR);
390 goto out_error;
391 }
392
393 info->has_host = true;
394 info->host = g_strdup(host);
395
396 info->has_service = true;
397 info->service = g_strdup(serv);
398
399 info->has_family = true;
400 info->family = g_strdup(inet_strfamily(sa.ss_family));
401
402 info->has_auth = true;
403 info->auth = g_strdup(vnc_auth_name(vnc_display));
404 }
405
406 return info;
407
408 out_error:
409 qapi_free_VncInfo(info);
410 return NULL;
411 }
412
413 /* TODO
414 1) Get the queue working for IO.
415 2) there is some weirdness when using the -S option (the screen is grey
416 and not totally invalidated
417 3) resolutions > 1024
418 */
419
420 static int vnc_update_client(VncState *vs, int has_dirty);
421 static int vnc_update_client_sync(VncState *vs, int has_dirty);
422 static void vnc_disconnect_start(VncState *vs);
423 static void vnc_disconnect_finish(VncState *vs);
424 static void vnc_init_timer(VncDisplay *vd);
425 static void vnc_remove_timer(VncDisplay *vd);
426
427 static void vnc_colordepth(VncState *vs);
428 static void framebuffer_update_request(VncState *vs, int incremental,
429 int x_position, int y_position,
430 int w, int h);
431 static void vnc_refresh(void *opaque);
432 static int vnc_refresh_server_surface(VncDisplay *vd);
433
434 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
435 {
436 int i;
437 VncDisplay *vd = ds->opaque;
438 struct VncSurface *s = &vd->guest;
439
440 h += y;
441
442 /* round x down to ensure the loop only spans one 16-pixel block per,
443 iteration. otherwise, if (x % 16) != 0, the last iteration may span
444 two 16-pixel blocks but we only mark the first as dirty
445 */
446 w += (x % 16);
447 x -= (x % 16);
448
449 x = MIN(x, s->ds->width);
450 y = MIN(y, s->ds->height);
451 w = MIN(x + w, s->ds->width) - x;
452 h = MIN(h, s->ds->height);
453
454 for (; y < h; y++)
455 for (i = 0; i < w; i += 16)
456 set_bit((x + i) / 16, s->dirty[y]);
457 }
458
459 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
460 int32_t encoding)
461 {
462 vnc_write_u16(vs, x);
463 vnc_write_u16(vs, y);
464 vnc_write_u16(vs, w);
465 vnc_write_u16(vs, h);
466
467 vnc_write_s32(vs, encoding);
468 }
469
470 void buffer_reserve(Buffer *buffer, size_t len)
471 {
472 if ((buffer->capacity - buffer->offset) < len) {
473 buffer->capacity += (len + 1024);
474 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
475 if (buffer->buffer == NULL) {
476 fprintf(stderr, "vnc: out of memory\n");
477 exit(1);
478 }
479 }
480 }
481
482 int buffer_empty(Buffer *buffer)
483 {
484 return buffer->offset == 0;
485 }
486
487 uint8_t *buffer_end(Buffer *buffer)
488 {
489 return buffer->buffer + buffer->offset;
490 }
491
492 void buffer_reset(Buffer *buffer)
493 {
494 buffer->offset = 0;
495 }
496
497 void buffer_free(Buffer *buffer)
498 {
499 g_free(buffer->buffer);
500 buffer->offset = 0;
501 buffer->capacity = 0;
502 buffer->buffer = NULL;
503 }
504
505 void buffer_append(Buffer *buffer, const void *data, size_t len)
506 {
507 memcpy(buffer->buffer + buffer->offset, data, len);
508 buffer->offset += len;
509 }
510
511 static void vnc_desktop_resize(VncState *vs)
512 {
513 DisplayState *ds = vs->ds;
514
515 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
516 return;
517 }
518 if (vs->client_width == ds_get_width(ds) &&
519 vs->client_height == ds_get_height(ds)) {
520 return;
521 }
522 vs->client_width = ds_get_width(ds);
523 vs->client_height = ds_get_height(ds);
524 vnc_lock_output(vs);
525 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
526 vnc_write_u8(vs, 0);
527 vnc_write_u16(vs, 1); /* number of rects */
528 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
529 VNC_ENCODING_DESKTOPRESIZE);
530 vnc_unlock_output(vs);
531 vnc_flush(vs);
532 }
533
534 static void vnc_abort_display_jobs(VncDisplay *vd)
535 {
536 VncState *vs;
537
538 QTAILQ_FOREACH(vs, &vd->clients, next) {
539 vnc_lock_output(vs);
540 vs->abort = true;
541 vnc_unlock_output(vs);
542 }
543 QTAILQ_FOREACH(vs, &vd->clients, next) {
544 vnc_jobs_join(vs);
545 }
546 QTAILQ_FOREACH(vs, &vd->clients, next) {
547 vnc_lock_output(vs);
548 vs->abort = false;
549 vnc_unlock_output(vs);
550 }
551 }
552
553 static void vnc_dpy_resize(DisplayState *ds)
554 {
555 VncDisplay *vd = ds->opaque;
556 VncState *vs;
557
558 vnc_abort_display_jobs(vd);
559
560 /* server surface */
561 if (!vd->server)
562 vd->server = g_malloc0(sizeof(*vd->server));
563 if (vd->server->data)
564 g_free(vd->server->data);
565 *(vd->server) = *(ds->surface);
566 vd->server->data = g_malloc0(vd->server->linesize *
567 vd->server->height);
568
569 /* guest surface */
570 if (!vd->guest.ds)
571 vd->guest.ds = g_malloc0(sizeof(*vd->guest.ds));
572 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
573 console_color_init(ds);
574 *(vd->guest.ds) = *(ds->surface);
575 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
576
577 QTAILQ_FOREACH(vs, &vd->clients, next) {
578 vnc_colordepth(vs);
579 vnc_desktop_resize(vs);
580 if (vs->vd->cursor) {
581 vnc_cursor_define(vs);
582 }
583 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
584 }
585 }
586
587 /* fastest code */
588 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
589 void *pixels, int size)
590 {
591 vnc_write(vs, pixels, size);
592 }
593
594 /* slowest but generic code. */
595 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
596 {
597 uint8_t r, g, b;
598 VncDisplay *vd = vs->vd;
599
600 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
601 vd->server->pf.rbits);
602 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
603 vd->server->pf.gbits);
604 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
605 vd->server->pf.bbits);
606 v = (r << vs->clientds.pf.rshift) |
607 (g << vs->clientds.pf.gshift) |
608 (b << vs->clientds.pf.bshift);
609 switch(vs->clientds.pf.bytes_per_pixel) {
610 case 1:
611 buf[0] = v;
612 break;
613 case 2:
614 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
615 buf[0] = v >> 8;
616 buf[1] = v;
617 } else {
618 buf[1] = v >> 8;
619 buf[0] = v;
620 }
621 break;
622 default:
623 case 4:
624 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
625 buf[0] = v >> 24;
626 buf[1] = v >> 16;
627 buf[2] = v >> 8;
628 buf[3] = v;
629 } else {
630 buf[3] = v >> 24;
631 buf[2] = v >> 16;
632 buf[1] = v >> 8;
633 buf[0] = v;
634 }
635 break;
636 }
637 }
638
639 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
640 void *pixels1, int size)
641 {
642 uint8_t buf[4];
643
644 if (pf->bytes_per_pixel == 4) {
645 uint32_t *pixels = pixels1;
646 int n, i;
647 n = size >> 2;
648 for(i = 0; i < n; i++) {
649 vnc_convert_pixel(vs, buf, pixels[i]);
650 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
651 }
652 } else if (pf->bytes_per_pixel == 2) {
653 uint16_t *pixels = pixels1;
654 int n, i;
655 n = size >> 1;
656 for(i = 0; i < n; i++) {
657 vnc_convert_pixel(vs, buf, pixels[i]);
658 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
659 }
660 } else if (pf->bytes_per_pixel == 1) {
661 uint8_t *pixels = pixels1;
662 int n, i;
663 n = size;
664 for(i = 0; i < n; i++) {
665 vnc_convert_pixel(vs, buf, pixels[i]);
666 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
667 }
668 } else {
669 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
670 }
671 }
672
673 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
674 {
675 int i;
676 uint8_t *row;
677 VncDisplay *vd = vs->vd;
678
679 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
680 for (i = 0; i < h; i++) {
681 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
682 row += ds_get_linesize(vs->ds);
683 }
684 return 1;
685 }
686
687 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
688 {
689 int n = 0;
690
691 switch(vs->vnc_encoding) {
692 case VNC_ENCODING_ZLIB:
693 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
694 break;
695 case VNC_ENCODING_HEXTILE:
696 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
697 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
698 break;
699 case VNC_ENCODING_TIGHT:
700 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
701 break;
702 case VNC_ENCODING_TIGHT_PNG:
703 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
704 break;
705 case VNC_ENCODING_ZRLE:
706 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
707 break;
708 case VNC_ENCODING_ZYWRLE:
709 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
710 break;
711 default:
712 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
713 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
714 break;
715 }
716 return n;
717 }
718
719 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
720 {
721 /* send bitblit op to the vnc client */
722 vnc_lock_output(vs);
723 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
724 vnc_write_u8(vs, 0);
725 vnc_write_u16(vs, 1); /* number of rects */
726 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
727 vnc_write_u16(vs, src_x);
728 vnc_write_u16(vs, src_y);
729 vnc_unlock_output(vs);
730 vnc_flush(vs);
731 }
732
733 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
734 {
735 VncDisplay *vd = ds->opaque;
736 VncState *vs, *vn;
737 uint8_t *src_row;
738 uint8_t *dst_row;
739 int i,x,y,pitch,depth,inc,w_lim,s;
740 int cmp_bytes;
741
742 vnc_refresh_server_surface(vd);
743 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
744 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
745 vs->force_update = 1;
746 vnc_update_client_sync(vs, 1);
747 /* vs might be free()ed here */
748 }
749 }
750
751 /* do bitblit op on the local surface too */
752 pitch = ds_get_linesize(vd->ds);
753 depth = ds_get_bytes_per_pixel(vd->ds);
754 src_row = vd->server->data + pitch * src_y + depth * src_x;
755 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
756 y = dst_y;
757 inc = 1;
758 if (dst_y > src_y) {
759 /* copy backwards */
760 src_row += pitch * (h-1);
761 dst_row += pitch * (h-1);
762 pitch = -pitch;
763 y = dst_y + h - 1;
764 inc = -1;
765 }
766 w_lim = w - (16 - (dst_x % 16));
767 if (w_lim < 0)
768 w_lim = w;
769 else
770 w_lim = w - (w_lim % 16);
771 for (i = 0; i < h; i++) {
772 for (x = 0; x <= w_lim;
773 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
774 if (x == w_lim) {
775 if ((s = w - w_lim) == 0)
776 break;
777 } else if (!x) {
778 s = (16 - (dst_x % 16));
779 s = MIN(s, w_lim);
780 } else {
781 s = 16;
782 }
783 cmp_bytes = s * depth;
784 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
785 continue;
786 memmove(dst_row, src_row, cmp_bytes);
787 QTAILQ_FOREACH(vs, &vd->clients, next) {
788 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
789 set_bit(((x + dst_x) / 16), vs->dirty[y]);
790 }
791 }
792 }
793 src_row += pitch - w * depth;
794 dst_row += pitch - w * depth;
795 y += inc;
796 }
797
798 QTAILQ_FOREACH(vs, &vd->clients, next) {
799 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
800 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
801 }
802 }
803 }
804
805 static void vnc_mouse_set(int x, int y, int visible)
806 {
807 /* can we ask the client(s) to move the pointer ??? */
808 }
809
810 static int vnc_cursor_define(VncState *vs)
811 {
812 QEMUCursor *c = vs->vd->cursor;
813 PixelFormat pf = qemu_default_pixelformat(32);
814 int isize;
815
816 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
817 vnc_lock_output(vs);
818 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
819 vnc_write_u8(vs, 0); /* padding */
820 vnc_write_u16(vs, 1); /* # of rects */
821 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
822 VNC_ENCODING_RICH_CURSOR);
823 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
824 vnc_write_pixels_generic(vs, &pf, c->data, isize);
825 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
826 vnc_unlock_output(vs);
827 return 0;
828 }
829 return -1;
830 }
831
832 static void vnc_dpy_cursor_define(QEMUCursor *c)
833 {
834 VncDisplay *vd = vnc_display;
835 VncState *vs;
836
837 cursor_put(vd->cursor);
838 g_free(vd->cursor_mask);
839
840 vd->cursor = c;
841 cursor_get(vd->cursor);
842 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
843 vd->cursor_mask = g_malloc0(vd->cursor_msize);
844 cursor_get_mono_mask(c, 0, vd->cursor_mask);
845
846 QTAILQ_FOREACH(vs, &vd->clients, next) {
847 vnc_cursor_define(vs);
848 }
849 }
850
851 static int find_and_clear_dirty_height(struct VncState *vs,
852 int y, int last_x, int x, int height)
853 {
854 int h;
855
856 for (h = 1; h < (height - y); h++) {
857 int tmp_x;
858 if (!test_bit(last_x, vs->dirty[y + h])) {
859 break;
860 }
861 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
862 clear_bit(tmp_x, vs->dirty[y + h]);
863 }
864 }
865
866 return h;
867 }
868
869 static int vnc_update_client_sync(VncState *vs, int has_dirty)
870 {
871 int ret = vnc_update_client(vs, has_dirty);
872 vnc_jobs_join(vs);
873 return ret;
874 }
875
876 static int vnc_update_client(VncState *vs, int has_dirty)
877 {
878 if (vs->need_update && vs->csock != -1) {
879 VncDisplay *vd = vs->vd;
880 VncJob *job;
881 int y;
882 int width, height;
883 int n = 0;
884
885
886 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
887 /* kernel send buffers are full -> drop frames to throttle */
888 return 0;
889
890 if (!has_dirty && !vs->audio_cap && !vs->force_update)
891 return 0;
892
893 /*
894 * Send screen updates to the vnc client using the server
895 * surface and server dirty map. guest surface updates
896 * happening in parallel don't disturb us, the next pass will
897 * send them to the client.
898 */
899 job = vnc_job_new(vs);
900
901 width = MIN(vd->server->width, vs->client_width);
902 height = MIN(vd->server->height, vs->client_height);
903
904 for (y = 0; y < height; y++) {
905 int x;
906 int last_x = -1;
907 for (x = 0; x < width / 16; x++) {
908 if (test_and_clear_bit(x, vs->dirty[y])) {
909 if (last_x == -1) {
910 last_x = x;
911 }
912 } else {
913 if (last_x != -1) {
914 int h = find_and_clear_dirty_height(vs, y, last_x, x,
915 height);
916
917 n += vnc_job_add_rect(job, last_x * 16, y,
918 (x - last_x) * 16, h);
919 }
920 last_x = -1;
921 }
922 }
923 if (last_x != -1) {
924 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
925 n += vnc_job_add_rect(job, last_x * 16, y,
926 (x - last_x) * 16, h);
927 }
928 }
929
930 vnc_job_push(job);
931 vs->force_update = 0;
932 return n;
933 }
934
935 if (vs->csock == -1)
936 vnc_disconnect_finish(vs);
937
938 return 0;
939 }
940
941 /* audio */
942 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
943 {
944 VncState *vs = opaque;
945
946 switch (cmd) {
947 case AUD_CNOTIFY_DISABLE:
948 vnc_lock_output(vs);
949 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
950 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
951 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
952 vnc_unlock_output(vs);
953 vnc_flush(vs);
954 break;
955
956 case AUD_CNOTIFY_ENABLE:
957 vnc_lock_output(vs);
958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
959 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
960 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
961 vnc_unlock_output(vs);
962 vnc_flush(vs);
963 break;
964 }
965 }
966
967 static void audio_capture_destroy(void *opaque)
968 {
969 }
970
971 static void audio_capture(void *opaque, void *buf, int size)
972 {
973 VncState *vs = opaque;
974
975 vnc_lock_output(vs);
976 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
977 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
978 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
979 vnc_write_u32(vs, size);
980 vnc_write(vs, buf, size);
981 vnc_unlock_output(vs);
982 vnc_flush(vs);
983 }
984
985 static void audio_add(VncState *vs)
986 {
987 struct audio_capture_ops ops;
988
989 if (vs->audio_cap) {
990 monitor_printf(default_mon, "audio already running\n");
991 return;
992 }
993
994 ops.notify = audio_capture_notify;
995 ops.destroy = audio_capture_destroy;
996 ops.capture = audio_capture;
997
998 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
999 if (!vs->audio_cap) {
1000 monitor_printf(default_mon, "Failed to add audio capture\n");
1001 }
1002 }
1003
1004 static void audio_del(VncState *vs)
1005 {
1006 if (vs->audio_cap) {
1007 AUD_del_capture(vs->audio_cap, vs);
1008 vs->audio_cap = NULL;
1009 }
1010 }
1011
1012 static void vnc_disconnect_start(VncState *vs)
1013 {
1014 if (vs->csock == -1)
1015 return;
1016 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1017 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1018 closesocket(vs->csock);
1019 vs->csock = -1;
1020 }
1021
1022 static void vnc_disconnect_finish(VncState *vs)
1023 {
1024 int i;
1025
1026 vnc_jobs_join(vs); /* Wait encoding jobs */
1027
1028 vnc_lock_output(vs);
1029 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1030
1031 buffer_free(&vs->input);
1032 buffer_free(&vs->output);
1033
1034 qobject_decref(vs->info);
1035
1036 vnc_zlib_clear(vs);
1037 vnc_tight_clear(vs);
1038 vnc_zrle_clear(vs);
1039
1040 #ifdef CONFIG_VNC_TLS
1041 vnc_tls_client_cleanup(vs);
1042 #endif /* CONFIG_VNC_TLS */
1043 #ifdef CONFIG_VNC_SASL
1044 vnc_sasl_client_cleanup(vs);
1045 #endif /* CONFIG_VNC_SASL */
1046 audio_del(vs);
1047 vnc_release_modifiers(vs);
1048
1049 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1050
1051 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1052 dcl->idle = 1;
1053 }
1054
1055 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1056 vnc_remove_timer(vs->vd);
1057 if (vs->vd->lock_key_sync)
1058 qemu_remove_led_event_handler(vs->led);
1059 vnc_unlock_output(vs);
1060
1061 qemu_mutex_destroy(&vs->output_mutex);
1062 qemu_bh_delete(vs->bh);
1063 buffer_free(&vs->jobs_buffer);
1064
1065 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1066 g_free(vs->lossy_rect[i]);
1067 }
1068 g_free(vs->lossy_rect);
1069 g_free(vs);
1070 }
1071
1072 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1073 {
1074 if (ret == 0 || ret == -1) {
1075 if (ret == -1) {
1076 switch (last_errno) {
1077 case EINTR:
1078 case EAGAIN:
1079 #ifdef _WIN32
1080 case WSAEWOULDBLOCK:
1081 #endif
1082 return 0;
1083 default:
1084 break;
1085 }
1086 }
1087
1088 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1089 ret, ret < 0 ? last_errno : 0);
1090 vnc_disconnect_start(vs);
1091
1092 return 0;
1093 }
1094 return ret;
1095 }
1096
1097
1098 void vnc_client_error(VncState *vs)
1099 {
1100 VNC_DEBUG("Closing down client sock: protocol error\n");
1101 vnc_disconnect_start(vs);
1102 }
1103
1104
1105 /*
1106 * Called to write a chunk of data to the client socket. The data may
1107 * be the raw data, or may have already been encoded by SASL.
1108 * The data will be written either straight onto the socket, or
1109 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1110 *
1111 * NB, it is theoretically possible to have 2 layers of encryption,
1112 * both SASL, and this TLS layer. It is highly unlikely in practice
1113 * though, since SASL encryption will typically be a no-op if TLS
1114 * is active
1115 *
1116 * Returns the number of bytes written, which may be less than
1117 * the requested 'datalen' if the socket would block. Returns
1118 * -1 on error, and disconnects the client socket.
1119 */
1120 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1121 {
1122 long ret;
1123 #ifdef CONFIG_VNC_TLS
1124 if (vs->tls.session) {
1125 ret = gnutls_write(vs->tls.session, data, datalen);
1126 if (ret < 0) {
1127 if (ret == GNUTLS_E_AGAIN)
1128 errno = EAGAIN;
1129 else
1130 errno = EIO;
1131 ret = -1;
1132 }
1133 } else
1134 #endif /* CONFIG_VNC_TLS */
1135 ret = send(vs->csock, (const void *)data, datalen, 0);
1136 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1137 return vnc_client_io_error(vs, ret, socket_error());
1138 }
1139
1140
1141 /*
1142 * Called to write buffered data to the client socket, when not
1143 * using any SASL SSF encryption layers. Will write as much data
1144 * as possible without blocking. If all buffered data is written,
1145 * will switch the FD poll() handler back to read monitoring.
1146 *
1147 * Returns the number of bytes written, which may be less than
1148 * the buffered output data if the socket would block. Returns
1149 * -1 on error, and disconnects the client socket.
1150 */
1151 static long vnc_client_write_plain(VncState *vs)
1152 {
1153 long ret;
1154
1155 #ifdef CONFIG_VNC_SASL
1156 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1157 vs->output.buffer, vs->output.capacity, vs->output.offset,
1158 vs->sasl.waitWriteSSF);
1159
1160 if (vs->sasl.conn &&
1161 vs->sasl.runSSF &&
1162 vs->sasl.waitWriteSSF) {
1163 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1164 if (ret)
1165 vs->sasl.waitWriteSSF -= ret;
1166 } else
1167 #endif /* CONFIG_VNC_SASL */
1168 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1169 if (!ret)
1170 return 0;
1171
1172 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1173 vs->output.offset -= ret;
1174
1175 if (vs->output.offset == 0) {
1176 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1177 }
1178
1179 return ret;
1180 }
1181
1182
1183 /*
1184 * First function called whenever there is data to be written to
1185 * the client socket. Will delegate actual work according to whether
1186 * SASL SSF layers are enabled (thus requiring encryption calls)
1187 */
1188 static void vnc_client_write_locked(void *opaque)
1189 {
1190 VncState *vs = opaque;
1191
1192 #ifdef CONFIG_VNC_SASL
1193 if (vs->sasl.conn &&
1194 vs->sasl.runSSF &&
1195 !vs->sasl.waitWriteSSF) {
1196 vnc_client_write_sasl(vs);
1197 } else
1198 #endif /* CONFIG_VNC_SASL */
1199 vnc_client_write_plain(vs);
1200 }
1201
1202 void vnc_client_write(void *opaque)
1203 {
1204 VncState *vs = opaque;
1205
1206 vnc_lock_output(vs);
1207 if (vs->output.offset) {
1208 vnc_client_write_locked(opaque);
1209 } else if (vs->csock != -1) {
1210 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1211 }
1212 vnc_unlock_output(vs);
1213 }
1214
1215 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1216 {
1217 vs->read_handler = func;
1218 vs->read_handler_expect = expecting;
1219 }
1220
1221
1222 /*
1223 * Called to read a chunk of data from the client socket. The data may
1224 * be the raw data, or may need to be further decoded by SASL.
1225 * The data will be read either straight from to the socket, or
1226 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1227 *
1228 * NB, it is theoretically possible to have 2 layers of encryption,
1229 * both SASL, and this TLS layer. It is highly unlikely in practice
1230 * though, since SASL encryption will typically be a no-op if TLS
1231 * is active
1232 *
1233 * Returns the number of bytes read, which may be less than
1234 * the requested 'datalen' if the socket would block. Returns
1235 * -1 on error, and disconnects the client socket.
1236 */
1237 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1238 {
1239 long ret;
1240 #ifdef CONFIG_VNC_TLS
1241 if (vs->tls.session) {
1242 ret = gnutls_read(vs->tls.session, data, datalen);
1243 if (ret < 0) {
1244 if (ret == GNUTLS_E_AGAIN)
1245 errno = EAGAIN;
1246 else
1247 errno = EIO;
1248 ret = -1;
1249 }
1250 } else
1251 #endif /* CONFIG_VNC_TLS */
1252 ret = qemu_recv(vs->csock, data, datalen, 0);
1253 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1254 return vnc_client_io_error(vs, ret, socket_error());
1255 }
1256
1257
1258 /*
1259 * Called to read data from the client socket to the input buffer,
1260 * when not using any SASL SSF encryption layers. Will read as much
1261 * data as possible without blocking.
1262 *
1263 * Returns the number of bytes read. Returns -1 on error, and
1264 * disconnects the client socket.
1265 */
1266 static long vnc_client_read_plain(VncState *vs)
1267 {
1268 int ret;
1269 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1270 vs->input.buffer, vs->input.capacity, vs->input.offset);
1271 buffer_reserve(&vs->input, 4096);
1272 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1273 if (!ret)
1274 return 0;
1275 vs->input.offset += ret;
1276 return ret;
1277 }
1278
1279 static void vnc_jobs_bh(void *opaque)
1280 {
1281 VncState *vs = opaque;
1282
1283 vnc_jobs_consume_buffer(vs);
1284 }
1285
1286 /*
1287 * First function called whenever there is more data to be read from
1288 * the client socket. Will delegate actual work according to whether
1289 * SASL SSF layers are enabled (thus requiring decryption calls)
1290 */
1291 void vnc_client_read(void *opaque)
1292 {
1293 VncState *vs = opaque;
1294 long ret;
1295
1296 #ifdef CONFIG_VNC_SASL
1297 if (vs->sasl.conn && vs->sasl.runSSF)
1298 ret = vnc_client_read_sasl(vs);
1299 else
1300 #endif /* CONFIG_VNC_SASL */
1301 ret = vnc_client_read_plain(vs);
1302 if (!ret) {
1303 if (vs->csock == -1)
1304 vnc_disconnect_finish(vs);
1305 return;
1306 }
1307
1308 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1309 size_t len = vs->read_handler_expect;
1310 int ret;
1311
1312 ret = vs->read_handler(vs, vs->input.buffer, len);
1313 if (vs->csock == -1) {
1314 vnc_disconnect_finish(vs);
1315 return;
1316 }
1317
1318 if (!ret) {
1319 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1320 vs->input.offset -= len;
1321 } else {
1322 vs->read_handler_expect = ret;
1323 }
1324 }
1325 }
1326
1327 void vnc_write(VncState *vs, const void *data, size_t len)
1328 {
1329 buffer_reserve(&vs->output, len);
1330
1331 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1332 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1333 }
1334
1335 buffer_append(&vs->output, data, len);
1336 }
1337
1338 void vnc_write_s32(VncState *vs, int32_t value)
1339 {
1340 vnc_write_u32(vs, *(uint32_t *)&value);
1341 }
1342
1343 void vnc_write_u32(VncState *vs, uint32_t value)
1344 {
1345 uint8_t buf[4];
1346
1347 buf[0] = (value >> 24) & 0xFF;
1348 buf[1] = (value >> 16) & 0xFF;
1349 buf[2] = (value >> 8) & 0xFF;
1350 buf[3] = value & 0xFF;
1351
1352 vnc_write(vs, buf, 4);
1353 }
1354
1355 void vnc_write_u16(VncState *vs, uint16_t value)
1356 {
1357 uint8_t buf[2];
1358
1359 buf[0] = (value >> 8) & 0xFF;
1360 buf[1] = value & 0xFF;
1361
1362 vnc_write(vs, buf, 2);
1363 }
1364
1365 void vnc_write_u8(VncState *vs, uint8_t value)
1366 {
1367 vnc_write(vs, (char *)&value, 1);
1368 }
1369
1370 void vnc_flush(VncState *vs)
1371 {
1372 vnc_lock_output(vs);
1373 if (vs->csock != -1 && vs->output.offset) {
1374 vnc_client_write_locked(vs);
1375 }
1376 vnc_unlock_output(vs);
1377 }
1378
1379 uint8_t read_u8(uint8_t *data, size_t offset)
1380 {
1381 return data[offset];
1382 }
1383
1384 uint16_t read_u16(uint8_t *data, size_t offset)
1385 {
1386 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1387 }
1388
1389 int32_t read_s32(uint8_t *data, size_t offset)
1390 {
1391 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1392 (data[offset + 2] << 8) | data[offset + 3]);
1393 }
1394
1395 uint32_t read_u32(uint8_t *data, size_t offset)
1396 {
1397 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1398 (data[offset + 2] << 8) | data[offset + 3]);
1399 }
1400
1401 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1402 {
1403 }
1404
1405 static void check_pointer_type_change(Notifier *notifier, void *data)
1406 {
1407 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1408 int absolute = kbd_mouse_is_absolute();
1409
1410 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1411 vnc_lock_output(vs);
1412 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1413 vnc_write_u8(vs, 0);
1414 vnc_write_u16(vs, 1);
1415 vnc_framebuffer_update(vs, absolute, 0,
1416 ds_get_width(vs->ds), ds_get_height(vs->ds),
1417 VNC_ENCODING_POINTER_TYPE_CHANGE);
1418 vnc_unlock_output(vs);
1419 vnc_flush(vs);
1420 }
1421 vs->absolute = absolute;
1422 }
1423
1424 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1425 {
1426 int buttons = 0;
1427 int dz = 0;
1428
1429 if (button_mask & 0x01)
1430 buttons |= MOUSE_EVENT_LBUTTON;
1431 if (button_mask & 0x02)
1432 buttons |= MOUSE_EVENT_MBUTTON;
1433 if (button_mask & 0x04)
1434 buttons |= MOUSE_EVENT_RBUTTON;
1435 if (button_mask & 0x08)
1436 dz = -1;
1437 if (button_mask & 0x10)
1438 dz = 1;
1439
1440 if (vs->absolute) {
1441 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1442 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1443 ds_get_height(vs->ds) > 1 ?
1444 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1445 dz, buttons);
1446 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1447 x -= 0x7FFF;
1448 y -= 0x7FFF;
1449
1450 kbd_mouse_event(x, y, dz, buttons);
1451 } else {
1452 if (vs->last_x != -1)
1453 kbd_mouse_event(x - vs->last_x,
1454 y - vs->last_y,
1455 dz, buttons);
1456 vs->last_x = x;
1457 vs->last_y = y;
1458 }
1459 }
1460
1461 static void reset_keys(VncState *vs)
1462 {
1463 int i;
1464 for(i = 0; i < 256; i++) {
1465 if (vs->modifiers_state[i]) {
1466 if (i & SCANCODE_GREY)
1467 kbd_put_keycode(SCANCODE_EMUL0);
1468 kbd_put_keycode(i | SCANCODE_UP);
1469 vs->modifiers_state[i] = 0;
1470 }
1471 }
1472 }
1473
1474 static void press_key(VncState *vs, int keysym)
1475 {
1476 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1477 if (keycode & SCANCODE_GREY)
1478 kbd_put_keycode(SCANCODE_EMUL0);
1479 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1480 if (keycode & SCANCODE_GREY)
1481 kbd_put_keycode(SCANCODE_EMUL0);
1482 kbd_put_keycode(keycode | SCANCODE_UP);
1483 }
1484
1485 static void kbd_leds(void *opaque, int ledstate)
1486 {
1487 VncState *vs = opaque;
1488 int caps, num;
1489
1490 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1491 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1492
1493 if (vs->modifiers_state[0x3a] != caps) {
1494 vs->modifiers_state[0x3a] = caps;
1495 }
1496 if (vs->modifiers_state[0x45] != num) {
1497 vs->modifiers_state[0x45] = num;
1498 }
1499 }
1500
1501 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1502 {
1503 /* QEMU console switch */
1504 switch(keycode) {
1505 case 0x2a: /* Left Shift */
1506 case 0x36: /* Right Shift */
1507 case 0x1d: /* Left CTRL */
1508 case 0x9d: /* Right CTRL */
1509 case 0x38: /* Left ALT */
1510 case 0xb8: /* Right ALT */
1511 if (down)
1512 vs->modifiers_state[keycode] = 1;
1513 else
1514 vs->modifiers_state[keycode] = 0;
1515 break;
1516 case 0x02 ... 0x0a: /* '1' to '9' keys */
1517 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1518 /* Reset the modifiers sent to the current console */
1519 reset_keys(vs);
1520 console_select(keycode - 0x02);
1521 return;
1522 }
1523 break;
1524 case 0x3a: /* CapsLock */
1525 case 0x45: /* NumLock */
1526 if (down)
1527 vs->modifiers_state[keycode] ^= 1;
1528 break;
1529 }
1530
1531 if (down && vs->vd->lock_key_sync &&
1532 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1533 /* If the numlock state needs to change then simulate an additional
1534 keypress before sending this one. This will happen if the user
1535 toggles numlock away from the VNC window.
1536 */
1537 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1538 if (!vs->modifiers_state[0x45]) {
1539 vs->modifiers_state[0x45] = 1;
1540 press_key(vs, 0xff7f);
1541 }
1542 } else {
1543 if (vs->modifiers_state[0x45]) {
1544 vs->modifiers_state[0x45] = 0;
1545 press_key(vs, 0xff7f);
1546 }
1547 }
1548 }
1549
1550 if (down && vs->vd->lock_key_sync &&
1551 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1552 /* If the capslock state needs to change then simulate an additional
1553 keypress before sending this one. This will happen if the user
1554 toggles capslock away from the VNC window.
1555 */
1556 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1557 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1558 int capslock = !!(vs->modifiers_state[0x3a]);
1559 if (capslock) {
1560 if (uppercase == shift) {
1561 vs->modifiers_state[0x3a] = 0;
1562 press_key(vs, 0xffe5);
1563 }
1564 } else {
1565 if (uppercase != shift) {
1566 vs->modifiers_state[0x3a] = 1;
1567 press_key(vs, 0xffe5);
1568 }
1569 }
1570 }
1571
1572 if (is_graphic_console()) {
1573 if (keycode & SCANCODE_GREY)
1574 kbd_put_keycode(SCANCODE_EMUL0);
1575 if (down)
1576 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1577 else
1578 kbd_put_keycode(keycode | SCANCODE_UP);
1579 } else {
1580 bool numlock = vs->modifiers_state[0x45];
1581 bool control = (vs->modifiers_state[0x1d] ||
1582 vs->modifiers_state[0x9d]);
1583 /* QEMU console emulation */
1584 if (down) {
1585 switch (keycode) {
1586 case 0x2a: /* Left Shift */
1587 case 0x36: /* Right Shift */
1588 case 0x1d: /* Left CTRL */
1589 case 0x9d: /* Right CTRL */
1590 case 0x38: /* Left ALT */
1591 case 0xb8: /* Right ALT */
1592 break;
1593 case 0xc8:
1594 kbd_put_keysym(QEMU_KEY_UP);
1595 break;
1596 case 0xd0:
1597 kbd_put_keysym(QEMU_KEY_DOWN);
1598 break;
1599 case 0xcb:
1600 kbd_put_keysym(QEMU_KEY_LEFT);
1601 break;
1602 case 0xcd:
1603 kbd_put_keysym(QEMU_KEY_RIGHT);
1604 break;
1605 case 0xd3:
1606 kbd_put_keysym(QEMU_KEY_DELETE);
1607 break;
1608 case 0xc7:
1609 kbd_put_keysym(QEMU_KEY_HOME);
1610 break;
1611 case 0xcf:
1612 kbd_put_keysym(QEMU_KEY_END);
1613 break;
1614 case 0xc9:
1615 kbd_put_keysym(QEMU_KEY_PAGEUP);
1616 break;
1617 case 0xd1:
1618 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1619 break;
1620
1621 case 0x47:
1622 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1623 break;
1624 case 0x48:
1625 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1626 break;
1627 case 0x49:
1628 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1629 break;
1630 case 0x4b:
1631 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1632 break;
1633 case 0x4c:
1634 kbd_put_keysym('5');
1635 break;
1636 case 0x4d:
1637 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1638 break;
1639 case 0x4f:
1640 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1641 break;
1642 case 0x50:
1643 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1644 break;
1645 case 0x51:
1646 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1647 break;
1648 case 0x52:
1649 kbd_put_keysym('0');
1650 break;
1651 case 0x53:
1652 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1653 break;
1654
1655 case 0xb5:
1656 kbd_put_keysym('/');
1657 break;
1658 case 0x37:
1659 kbd_put_keysym('*');
1660 break;
1661 case 0x4a:
1662 kbd_put_keysym('-');
1663 break;
1664 case 0x4e:
1665 kbd_put_keysym('+');
1666 break;
1667 case 0x9c:
1668 kbd_put_keysym('\n');
1669 break;
1670
1671 default:
1672 if (control) {
1673 kbd_put_keysym(sym & 0x1f);
1674 } else {
1675 kbd_put_keysym(sym);
1676 }
1677 break;
1678 }
1679 }
1680 }
1681 }
1682
1683 static void vnc_release_modifiers(VncState *vs)
1684 {
1685 static const int keycodes[] = {
1686 /* shift, control, alt keys, both left & right */
1687 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1688 };
1689 int i, keycode;
1690
1691 if (!is_graphic_console()) {
1692 return;
1693 }
1694 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1695 keycode = keycodes[i];
1696 if (!vs->modifiers_state[keycode]) {
1697 continue;
1698 }
1699 if (keycode & SCANCODE_GREY) {
1700 kbd_put_keycode(SCANCODE_EMUL0);
1701 }
1702 kbd_put_keycode(keycode | SCANCODE_UP);
1703 }
1704 }
1705
1706 static void key_event(VncState *vs, int down, uint32_t sym)
1707 {
1708 int keycode;
1709 int lsym = sym;
1710
1711 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1712 lsym = lsym - 'A' + 'a';
1713 }
1714
1715 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1716 do_key_event(vs, down, keycode, sym);
1717 }
1718
1719 static void ext_key_event(VncState *vs, int down,
1720 uint32_t sym, uint16_t keycode)
1721 {
1722 /* if the user specifies a keyboard layout, always use it */
1723 if (keyboard_layout)
1724 key_event(vs, down, sym);
1725 else
1726 do_key_event(vs, down, keycode, sym);
1727 }
1728
1729 static void framebuffer_update_request(VncState *vs, int incremental,
1730 int x_position, int y_position,
1731 int w, int h)
1732 {
1733 int i;
1734 const size_t width = ds_get_width(vs->ds) / 16;
1735
1736 if (y_position > ds_get_height(vs->ds))
1737 y_position = ds_get_height(vs->ds);
1738 if (y_position + h >= ds_get_height(vs->ds))
1739 h = ds_get_height(vs->ds) - y_position;
1740
1741 vs->need_update = 1;
1742 if (!incremental) {
1743 vs->force_update = 1;
1744 for (i = 0; i < h; i++) {
1745 bitmap_set(vs->dirty[y_position + i], 0, width);
1746 bitmap_clear(vs->dirty[y_position + i], width,
1747 VNC_DIRTY_BITS - width);
1748 }
1749 }
1750 }
1751
1752 static void send_ext_key_event_ack(VncState *vs)
1753 {
1754 vnc_lock_output(vs);
1755 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1756 vnc_write_u8(vs, 0);
1757 vnc_write_u16(vs, 1);
1758 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1759 VNC_ENCODING_EXT_KEY_EVENT);
1760 vnc_unlock_output(vs);
1761 vnc_flush(vs);
1762 }
1763
1764 static void send_ext_audio_ack(VncState *vs)
1765 {
1766 vnc_lock_output(vs);
1767 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1768 vnc_write_u8(vs, 0);
1769 vnc_write_u16(vs, 1);
1770 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1771 VNC_ENCODING_AUDIO);
1772 vnc_unlock_output(vs);
1773 vnc_flush(vs);
1774 }
1775
1776 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1777 {
1778 int i;
1779 unsigned int enc = 0;
1780
1781 vs->features = 0;
1782 vs->vnc_encoding = 0;
1783 vs->tight.compression = 9;
1784 vs->tight.quality = -1; /* Lossless by default */
1785 vs->absolute = -1;
1786
1787 /*
1788 * Start from the end because the encodings are sent in order of preference.
1789 * This way the preferred encoding (first encoding defined in the array)
1790 * will be set at the end of the loop.
1791 */
1792 for (i = n_encodings - 1; i >= 0; i--) {
1793 enc = encodings[i];
1794 switch (enc) {
1795 case VNC_ENCODING_RAW:
1796 vs->vnc_encoding = enc;
1797 break;
1798 case VNC_ENCODING_COPYRECT:
1799 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1800 break;
1801 case VNC_ENCODING_HEXTILE:
1802 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1803 vs->vnc_encoding = enc;
1804 break;
1805 case VNC_ENCODING_TIGHT:
1806 vs->features |= VNC_FEATURE_TIGHT_MASK;
1807 vs->vnc_encoding = enc;
1808 break;
1809 case VNC_ENCODING_TIGHT_PNG:
1810 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1811 vs->vnc_encoding = enc;
1812 break;
1813 case VNC_ENCODING_ZLIB:
1814 vs->features |= VNC_FEATURE_ZLIB_MASK;
1815 vs->vnc_encoding = enc;
1816 break;
1817 case VNC_ENCODING_ZRLE:
1818 vs->features |= VNC_FEATURE_ZRLE_MASK;
1819 vs->vnc_encoding = enc;
1820 break;
1821 case VNC_ENCODING_ZYWRLE:
1822 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1823 vs->vnc_encoding = enc;
1824 break;
1825 case VNC_ENCODING_DESKTOPRESIZE:
1826 vs->features |= VNC_FEATURE_RESIZE_MASK;
1827 break;
1828 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1829 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1830 break;
1831 case VNC_ENCODING_RICH_CURSOR:
1832 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1833 break;
1834 case VNC_ENCODING_EXT_KEY_EVENT:
1835 send_ext_key_event_ack(vs);
1836 break;
1837 case VNC_ENCODING_AUDIO:
1838 send_ext_audio_ack(vs);
1839 break;
1840 case VNC_ENCODING_WMVi:
1841 vs->features |= VNC_FEATURE_WMVI_MASK;
1842 break;
1843 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1844 vs->tight.compression = (enc & 0x0F);
1845 break;
1846 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1847 if (vs->vd->lossy) {
1848 vs->tight.quality = (enc & 0x0F);
1849 }
1850 break;
1851 default:
1852 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1853 break;
1854 }
1855 }
1856 vnc_desktop_resize(vs);
1857 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1858 }
1859
1860 static void set_pixel_conversion(VncState *vs)
1861 {
1862 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1863 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1864 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1865 vs->write_pixels = vnc_write_pixels_copy;
1866 vnc_hextile_set_pixel_conversion(vs, 0);
1867 } else {
1868 vs->write_pixels = vnc_write_pixels_generic;
1869 vnc_hextile_set_pixel_conversion(vs, 1);
1870 }
1871 }
1872
1873 static void set_pixel_format(VncState *vs,
1874 int bits_per_pixel, int depth,
1875 int big_endian_flag, int true_color_flag,
1876 int red_max, int green_max, int blue_max,
1877 int red_shift, int green_shift, int blue_shift)
1878 {
1879 if (!true_color_flag) {
1880 vnc_client_error(vs);
1881 return;
1882 }
1883
1884 vs->clientds = *(vs->vd->guest.ds);
1885 vs->clientds.pf.rmax = red_max;
1886 vs->clientds.pf.rbits = hweight_long(red_max);
1887 vs->clientds.pf.rshift = red_shift;
1888 vs->clientds.pf.rmask = red_max << red_shift;
1889 vs->clientds.pf.gmax = green_max;
1890 vs->clientds.pf.gbits = hweight_long(green_max);
1891 vs->clientds.pf.gshift = green_shift;
1892 vs->clientds.pf.gmask = green_max << green_shift;
1893 vs->clientds.pf.bmax = blue_max;
1894 vs->clientds.pf.bbits = hweight_long(blue_max);
1895 vs->clientds.pf.bshift = blue_shift;
1896 vs->clientds.pf.bmask = blue_max << blue_shift;
1897 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1898 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1899 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1900 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1901
1902 set_pixel_conversion(vs);
1903
1904 vga_hw_invalidate();
1905 vga_hw_update();
1906 }
1907
1908 static void pixel_format_message (VncState *vs) {
1909 char pad[3] = { 0, 0, 0 };
1910
1911 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1912 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1913
1914 #ifdef HOST_WORDS_BIGENDIAN
1915 vnc_write_u8(vs, 1); /* big-endian-flag */
1916 #else
1917 vnc_write_u8(vs, 0); /* big-endian-flag */
1918 #endif
1919 vnc_write_u8(vs, 1); /* true-color-flag */
1920 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1921 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1922 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1923 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1924 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1925 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1926
1927 vnc_hextile_set_pixel_conversion(vs, 0);
1928
1929 vs->clientds = *(vs->ds->surface);
1930 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1931 vs->write_pixels = vnc_write_pixels_copy;
1932
1933 vnc_write(vs, pad, 3); /* padding */
1934 }
1935
1936 static void vnc_dpy_setdata(DisplayState *ds)
1937 {
1938 VncDisplay *vd = ds->opaque;
1939
1940 *(vd->guest.ds) = *(ds->surface);
1941 vnc_dpy_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds));
1942 }
1943
1944 static void vnc_colordepth(VncState *vs)
1945 {
1946 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1947 /* Sending a WMVi message to notify the client*/
1948 vnc_lock_output(vs);
1949 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1950 vnc_write_u8(vs, 0);
1951 vnc_write_u16(vs, 1); /* number of rects */
1952 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1953 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1954 pixel_format_message(vs);
1955 vnc_unlock_output(vs);
1956 vnc_flush(vs);
1957 } else {
1958 set_pixel_conversion(vs);
1959 }
1960 }
1961
1962 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1963 {
1964 int i;
1965 uint16_t limit;
1966 VncDisplay *vd = vs->vd;
1967
1968 if (data[0] > 3) {
1969 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1970 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
1971 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
1972 }
1973
1974 switch (data[0]) {
1975 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1976 if (len == 1)
1977 return 20;
1978
1979 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1980 read_u8(data, 6), read_u8(data, 7),
1981 read_u16(data, 8), read_u16(data, 10),
1982 read_u16(data, 12), read_u8(data, 14),
1983 read_u8(data, 15), read_u8(data, 16));
1984 break;
1985 case VNC_MSG_CLIENT_SET_ENCODINGS:
1986 if (len == 1)
1987 return 4;
1988
1989 if (len == 4) {
1990 limit = read_u16(data, 2);
1991 if (limit > 0)
1992 return 4 + (limit * 4);
1993 } else
1994 limit = read_u16(data, 2);
1995
1996 for (i = 0; i < limit; i++) {
1997 int32_t val = read_s32(data, 4 + (i * 4));
1998 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1999 }
2000
2001 set_encodings(vs, (int32_t *)(data + 4), limit);
2002 break;
2003 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2004 if (len == 1)
2005 return 10;
2006
2007 framebuffer_update_request(vs,
2008 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2009 read_u16(data, 6), read_u16(data, 8));
2010 break;
2011 case VNC_MSG_CLIENT_KEY_EVENT:
2012 if (len == 1)
2013 return 8;
2014
2015 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2016 break;
2017 case VNC_MSG_CLIENT_POINTER_EVENT:
2018 if (len == 1)
2019 return 6;
2020
2021 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2022 break;
2023 case VNC_MSG_CLIENT_CUT_TEXT:
2024 if (len == 1)
2025 return 8;
2026
2027 if (len == 8) {
2028 uint32_t dlen = read_u32(data, 4);
2029 if (dlen > 0)
2030 return 8 + dlen;
2031 }
2032
2033 client_cut_text(vs, read_u32(data, 4), data + 8);
2034 break;
2035 case VNC_MSG_CLIENT_QEMU:
2036 if (len == 1)
2037 return 2;
2038
2039 switch (read_u8(data, 1)) {
2040 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2041 if (len == 2)
2042 return 12;
2043
2044 ext_key_event(vs, read_u16(data, 2),
2045 read_u32(data, 4), read_u32(data, 8));
2046 break;
2047 case VNC_MSG_CLIENT_QEMU_AUDIO:
2048 if (len == 2)
2049 return 4;
2050
2051 switch (read_u16 (data, 2)) {
2052 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2053 audio_add(vs);
2054 break;
2055 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2056 audio_del(vs);
2057 break;
2058 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2059 if (len == 4)
2060 return 10;
2061 switch (read_u8(data, 4)) {
2062 case 0: vs->as.fmt = AUD_FMT_U8; break;
2063 case 1: vs->as.fmt = AUD_FMT_S8; break;
2064 case 2: vs->as.fmt = AUD_FMT_U16; break;
2065 case 3: vs->as.fmt = AUD_FMT_S16; break;
2066 case 4: vs->as.fmt = AUD_FMT_U32; break;
2067 case 5: vs->as.fmt = AUD_FMT_S32; break;
2068 default:
2069 printf("Invalid audio format %d\n", read_u8(data, 4));
2070 vnc_client_error(vs);
2071 break;
2072 }
2073 vs->as.nchannels = read_u8(data, 5);
2074 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2075 printf("Invalid audio channel coount %d\n",
2076 read_u8(data, 5));
2077 vnc_client_error(vs);
2078 break;
2079 }
2080 vs->as.freq = read_u32(data, 6);
2081 break;
2082 default:
2083 printf ("Invalid audio message %d\n", read_u8(data, 4));
2084 vnc_client_error(vs);
2085 break;
2086 }
2087 break;
2088
2089 default:
2090 printf("Msg: %d\n", read_u16(data, 0));
2091 vnc_client_error(vs);
2092 break;
2093 }
2094 break;
2095 default:
2096 printf("Msg: %d\n", data[0]);
2097 vnc_client_error(vs);
2098 break;
2099 }
2100
2101 vnc_read_when(vs, protocol_client_msg, 1);
2102 return 0;
2103 }
2104
2105 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2106 {
2107 char buf[1024];
2108 VncShareMode mode;
2109 int size;
2110
2111 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2112 switch (vs->vd->share_policy) {
2113 case VNC_SHARE_POLICY_IGNORE:
2114 /*
2115 * Ignore the shared flag. Nothing to do here.
2116 *
2117 * Doesn't conform to the rfb spec but is traditional qemu
2118 * behavior, thus left here as option for compatibility
2119 * reasons.
2120 */
2121 break;
2122 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2123 /*
2124 * Policy: Allow clients ask for exclusive access.
2125 *
2126 * Implementation: When a client asks for exclusive access,
2127 * disconnect all others. Shared connects are allowed as long
2128 * as no exclusive connection exists.
2129 *
2130 * This is how the rfb spec suggests to handle the shared flag.
2131 */
2132 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2133 VncState *client;
2134 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2135 if (vs == client) {
2136 continue;
2137 }
2138 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2139 client->share_mode != VNC_SHARE_MODE_SHARED) {
2140 continue;
2141 }
2142 vnc_disconnect_start(client);
2143 }
2144 }
2145 if (mode == VNC_SHARE_MODE_SHARED) {
2146 if (vs->vd->num_exclusive > 0) {
2147 vnc_disconnect_start(vs);
2148 return 0;
2149 }
2150 }
2151 break;
2152 case VNC_SHARE_POLICY_FORCE_SHARED:
2153 /*
2154 * Policy: Shared connects only.
2155 * Implementation: Disallow clients asking for exclusive access.
2156 *
2157 * Useful for shared desktop sessions where you don't want
2158 * someone forgetting to say -shared when running the vnc
2159 * client disconnect everybody else.
2160 */
2161 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2162 vnc_disconnect_start(vs);
2163 return 0;
2164 }
2165 break;
2166 }
2167 vnc_set_share_mode(vs, mode);
2168
2169 vs->client_width = ds_get_width(vs->ds);
2170 vs->client_height = ds_get_height(vs->ds);
2171 vnc_write_u16(vs, vs->client_width);
2172 vnc_write_u16(vs, vs->client_height);
2173
2174 pixel_format_message(vs);
2175
2176 if (qemu_name)
2177 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2178 else
2179 size = snprintf(buf, sizeof(buf), "QEMU");
2180
2181 vnc_write_u32(vs, size);
2182 vnc_write(vs, buf, size);
2183 vnc_flush(vs);
2184
2185 vnc_client_cache_auth(vs);
2186 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2187
2188 vnc_read_when(vs, protocol_client_msg, 1);
2189
2190 return 0;
2191 }
2192
2193 void start_client_init(VncState *vs)
2194 {
2195 vnc_read_when(vs, protocol_client_init, 1);
2196 }
2197
2198 static void make_challenge(VncState *vs)
2199 {
2200 int i;
2201
2202 srand(time(NULL)+getpid()+getpid()*987654+rand());
2203
2204 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2205 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2206 }
2207
2208 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2209 {
2210 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2211 int i, j, pwlen;
2212 unsigned char key[8];
2213 time_t now = time(NULL);
2214
2215 if (!vs->vd->password) {
2216 VNC_DEBUG("No password configured on server");
2217 goto reject;
2218 }
2219 if (vs->vd->expires < now) {
2220 VNC_DEBUG("Password is expired");
2221 goto reject;
2222 }
2223
2224 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2225
2226 /* Calculate the expected challenge response */
2227 pwlen = strlen(vs->vd->password);
2228 for (i=0; i<sizeof(key); i++)
2229 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2230 deskey(key, EN0);
2231 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2232 des(response+j, response+j);
2233
2234 /* Compare expected vs actual challenge response */
2235 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2236 VNC_DEBUG("Client challenge response did not match\n");
2237 goto reject;
2238 } else {
2239 VNC_DEBUG("Accepting VNC challenge response\n");
2240 vnc_write_u32(vs, 0); /* Accept auth */
2241 vnc_flush(vs);
2242
2243 start_client_init(vs);
2244 }
2245 return 0;
2246
2247 reject:
2248 vnc_write_u32(vs, 1); /* Reject auth */
2249 if (vs->minor >= 8) {
2250 static const char err[] = "Authentication failed";
2251 vnc_write_u32(vs, sizeof(err));
2252 vnc_write(vs, err, sizeof(err));
2253 }
2254 vnc_flush(vs);
2255 vnc_client_error(vs);
2256 return 0;
2257 }
2258
2259 void start_auth_vnc(VncState *vs)
2260 {
2261 make_challenge(vs);
2262 /* Send client a 'random' challenge */
2263 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2264 vnc_flush(vs);
2265
2266 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2267 }
2268
2269
2270 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2271 {
2272 /* We only advertise 1 auth scheme at a time, so client
2273 * must pick the one we sent. Verify this */
2274 if (data[0] != vs->auth) { /* Reject auth */
2275 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2276 vnc_write_u32(vs, 1);
2277 if (vs->minor >= 8) {
2278 static const char err[] = "Authentication failed";
2279 vnc_write_u32(vs, sizeof(err));
2280 vnc_write(vs, err, sizeof(err));
2281 }
2282 vnc_client_error(vs);
2283 } else { /* Accept requested auth */
2284 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2285 switch (vs->auth) {
2286 case VNC_AUTH_NONE:
2287 VNC_DEBUG("Accept auth none\n");
2288 if (vs->minor >= 8) {
2289 vnc_write_u32(vs, 0); /* Accept auth completion */
2290 vnc_flush(vs);
2291 }
2292 start_client_init(vs);
2293 break;
2294
2295 case VNC_AUTH_VNC:
2296 VNC_DEBUG("Start VNC auth\n");
2297 start_auth_vnc(vs);
2298 break;
2299
2300 #ifdef CONFIG_VNC_TLS
2301 case VNC_AUTH_VENCRYPT:
2302 VNC_DEBUG("Accept VeNCrypt auth\n");
2303 start_auth_vencrypt(vs);
2304 break;
2305 #endif /* CONFIG_VNC_TLS */
2306
2307 #ifdef CONFIG_VNC_SASL
2308 case VNC_AUTH_SASL:
2309 VNC_DEBUG("Accept SASL auth\n");
2310 start_auth_sasl(vs);
2311 break;
2312 #endif /* CONFIG_VNC_SASL */
2313
2314 default: /* Should not be possible, but just in case */
2315 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2316 vnc_write_u8(vs, 1);
2317 if (vs->minor >= 8) {
2318 static const char err[] = "Authentication failed";
2319 vnc_write_u32(vs, sizeof(err));
2320 vnc_write(vs, err, sizeof(err));
2321 }
2322 vnc_client_error(vs);
2323 }
2324 }
2325 return 0;
2326 }
2327
2328 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2329 {
2330 char local[13];
2331
2332 memcpy(local, version, 12);
2333 local[12] = 0;
2334
2335 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2336 VNC_DEBUG("Malformed protocol version %s\n", local);
2337 vnc_client_error(vs);
2338 return 0;
2339 }
2340 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2341 if (vs->major != 3 ||
2342 (vs->minor != 3 &&
2343 vs->minor != 4 &&
2344 vs->minor != 5 &&
2345 vs->minor != 7 &&
2346 vs->minor != 8)) {
2347 VNC_DEBUG("Unsupported client version\n");
2348 vnc_write_u32(vs, VNC_AUTH_INVALID);
2349 vnc_flush(vs);
2350 vnc_client_error(vs);
2351 return 0;
2352 }
2353 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2354 * as equivalent to v3.3 by servers
2355 */
2356 if (vs->minor == 4 || vs->minor == 5)
2357 vs->minor = 3;
2358
2359 if (vs->minor == 3) {
2360 if (vs->auth == VNC_AUTH_NONE) {
2361 VNC_DEBUG("Tell client auth none\n");
2362 vnc_write_u32(vs, vs->auth);
2363 vnc_flush(vs);
2364 start_client_init(vs);
2365 } else if (vs->auth == VNC_AUTH_VNC) {
2366 VNC_DEBUG("Tell client VNC auth\n");
2367 vnc_write_u32(vs, vs->auth);
2368 vnc_flush(vs);
2369 start_auth_vnc(vs);
2370 } else {
2371 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2372 vnc_write_u32(vs, VNC_AUTH_INVALID);
2373 vnc_flush(vs);
2374 vnc_client_error(vs);
2375 }
2376 } else {
2377 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2378 vnc_write_u8(vs, 1); /* num auth */
2379 vnc_write_u8(vs, vs->auth);
2380 vnc_read_when(vs, protocol_client_auth, 1);
2381 vnc_flush(vs);
2382 }
2383
2384 return 0;
2385 }
2386
2387 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2388 {
2389 struct VncSurface *vs = &vd->guest;
2390
2391 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2392 }
2393
2394 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2395 {
2396 int i, j;
2397
2398 w = (x + w) / VNC_STAT_RECT;
2399 h = (y + h) / VNC_STAT_RECT;
2400 x /= VNC_STAT_RECT;
2401 y /= VNC_STAT_RECT;
2402
2403 for (j = y; j <= h; j++) {
2404 for (i = x; i <= w; i++) {
2405 vs->lossy_rect[j][i] = 1;
2406 }
2407 }
2408 }
2409
2410 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2411 {
2412 VncState *vs;
2413 int sty = y / VNC_STAT_RECT;
2414 int stx = x / VNC_STAT_RECT;
2415 int has_dirty = 0;
2416
2417 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2418 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2419
2420 QTAILQ_FOREACH(vs, &vd->clients, next) {
2421 int j;
2422
2423 /* kernel send buffers are full -> refresh later */
2424 if (vs->output.offset) {
2425 continue;
2426 }
2427
2428 if (!vs->lossy_rect[sty][stx]) {
2429 continue;
2430 }
2431
2432 vs->lossy_rect[sty][stx] = 0;
2433 for (j = 0; j < VNC_STAT_RECT; ++j) {
2434 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2435 }
2436 has_dirty++;
2437 }
2438
2439 return has_dirty;
2440 }
2441
2442 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2443 {
2444 int x, y;
2445 struct timeval res;
2446 int has_dirty = 0;
2447
2448 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2449 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2450 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2451
2452 rect->updated = false;
2453 }
2454 }
2455
2456 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2457
2458 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2459 return has_dirty;
2460 }
2461 vd->guest.last_freq_check = *tv;
2462
2463 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2464 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2465 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2466 int count = ARRAY_SIZE(rect->times);
2467 struct timeval min, max;
2468
2469 if (!timerisset(&rect->times[count - 1])) {
2470 continue ;
2471 }
2472
2473 max = rect->times[(rect->idx + count - 1) % count];
2474 qemu_timersub(tv, &max, &res);
2475
2476 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2477 rect->freq = 0;
2478 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2479 memset(rect->times, 0, sizeof (rect->times));
2480 continue ;
2481 }
2482
2483 min = rect->times[rect->idx];
2484 max = rect->times[(rect->idx + count - 1) % count];
2485 qemu_timersub(&max, &min, &res);
2486
2487 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2488 rect->freq /= count;
2489 rect->freq = 1. / rect->freq;
2490 }
2491 }
2492 return has_dirty;
2493 }
2494
2495 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2496 {
2497 int i, j;
2498 double total = 0;
2499 int num = 0;
2500
2501 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2502 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2503
2504 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2505 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2506 total += vnc_stat_rect(vs->vd, i, j)->freq;
2507 num++;
2508 }
2509 }
2510
2511 if (num) {
2512 return total / num;
2513 } else {
2514 return 0;
2515 }
2516 }
2517
2518 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2519 {
2520 VncRectStat *rect;
2521
2522 rect = vnc_stat_rect(vd, x, y);
2523 if (rect->updated) {
2524 return ;
2525 }
2526 rect->times[rect->idx] = *tv;
2527 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2528 rect->updated = true;
2529 }
2530
2531 static int vnc_refresh_server_surface(VncDisplay *vd)
2532 {
2533 int y;
2534 uint8_t *guest_row;
2535 uint8_t *server_row;
2536 int cmp_bytes;
2537 VncState *vs;
2538 int has_dirty = 0;
2539
2540 struct timeval tv = { 0, 0 };
2541
2542 if (!vd->non_adaptive) {
2543 gettimeofday(&tv, NULL);
2544 has_dirty = vnc_update_stats(vd, &tv);
2545 }
2546
2547 /*
2548 * Walk through the guest dirty map.
2549 * Check and copy modified bits from guest to server surface.
2550 * Update server dirty map.
2551 */
2552 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2553 if (cmp_bytes > vd->ds->surface->linesize) {
2554 cmp_bytes = vd->ds->surface->linesize;
2555 }
2556 guest_row = vd->guest.ds->data;
2557 server_row = vd->server->data;
2558 for (y = 0; y < vd->guest.ds->height; y++) {
2559 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2560 int x;
2561 uint8_t *guest_ptr;
2562 uint8_t *server_ptr;
2563
2564 guest_ptr = guest_row;
2565 server_ptr = server_row;
2566
2567 for (x = 0; x + 15 < vd->guest.ds->width;
2568 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2569 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2570 continue;
2571 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2572 continue;
2573 memcpy(server_ptr, guest_ptr, cmp_bytes);
2574 if (!vd->non_adaptive)
2575 vnc_rect_updated(vd, x, y, &tv);
2576 QTAILQ_FOREACH(vs, &vd->clients, next) {
2577 set_bit((x / 16), vs->dirty[y]);
2578 }
2579 has_dirty++;
2580 }
2581 }
2582 guest_row += ds_get_linesize(vd->ds);
2583 server_row += ds_get_linesize(vd->ds);
2584 }
2585 return has_dirty;
2586 }
2587
2588 static void vnc_refresh(void *opaque)
2589 {
2590 VncDisplay *vd = opaque;
2591 VncState *vs, *vn;
2592 int has_dirty, rects = 0;
2593
2594 vga_hw_update();
2595
2596 if (vnc_trylock_display(vd)) {
2597 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2598 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2599 vd->timer_interval);
2600 return;
2601 }
2602
2603 has_dirty = vnc_refresh_server_surface(vd);
2604 vnc_unlock_display(vd);
2605
2606 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2607 rects += vnc_update_client(vs, has_dirty);
2608 /* vs might be free()ed here */
2609 }
2610
2611 /* vd->timer could be NULL now if the last client disconnected,
2612 * in this case don't update the timer */
2613 if (vd->timer == NULL)
2614 return;
2615
2616 if (has_dirty && rects) {
2617 vd->timer_interval /= 2;
2618 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2619 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2620 } else {
2621 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2622 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2623 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2624 }
2625 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2626 }
2627
2628 static void vnc_init_timer(VncDisplay *vd)
2629 {
2630 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2631 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2632 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2633 vnc_dpy_resize(vd->ds);
2634 vnc_refresh(vd);
2635 }
2636 }
2637
2638 static void vnc_remove_timer(VncDisplay *vd)
2639 {
2640 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2641 qemu_del_timer(vd->timer);
2642 qemu_free_timer(vd->timer);
2643 vd->timer = NULL;
2644 }
2645 }
2646
2647 static void vnc_connect(VncDisplay *vd, int csock, int skipauth)
2648 {
2649 VncState *vs = g_malloc0(sizeof(VncState));
2650 int i;
2651
2652 vs->csock = csock;
2653
2654 if (skipauth) {
2655 vs->auth = VNC_AUTH_NONE;
2656 #ifdef CONFIG_VNC_TLS
2657 vs->subauth = VNC_AUTH_INVALID;
2658 #endif
2659 } else {
2660 vs->auth = vd->auth;
2661 #ifdef CONFIG_VNC_TLS
2662 vs->subauth = vd->subauth;
2663 #endif
2664 }
2665
2666 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2667 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2668 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2669 }
2670
2671 VNC_DEBUG("New client on socket %d\n", csock);
2672 dcl->idle = 0;
2673 socket_set_nonblock(vs->csock);
2674 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2675
2676 vnc_client_cache_addr(vs);
2677 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2678 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2679
2680 vs->vd = vd;
2681 vs->ds = vd->ds;
2682 vs->last_x = -1;
2683 vs->last_y = -1;
2684
2685 vs->as.freq = 44100;
2686 vs->as.nchannels = 2;
2687 vs->as.fmt = AUD_FMT_S16;
2688 vs->as.endianness = 0;
2689
2690 qemu_mutex_init(&vs->output_mutex);
2691 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2692
2693 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2694
2695 vga_hw_update();
2696
2697 vnc_write(vs, "RFB 003.008\n", 12);
2698 vnc_flush(vs);
2699 vnc_read_when(vs, protocol_version, 12);
2700 reset_keys(vs);
2701 if (vs->vd->lock_key_sync)
2702 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2703
2704 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2705 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2706
2707 vnc_init_timer(vd);
2708
2709 /* vs might be free()ed here */
2710 }
2711
2712 static void vnc_listen_read(void *opaque)
2713 {
2714 VncDisplay *vs = opaque;
2715 struct sockaddr_in addr;
2716 socklen_t addrlen = sizeof(addr);
2717
2718 /* Catch-up */
2719 vga_hw_update();
2720
2721 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2722 if (csock != -1) {
2723 vnc_connect(vs, csock, 0);
2724 }
2725 }
2726
2727 void vnc_display_init(DisplayState *ds)
2728 {
2729 VncDisplay *vs = g_malloc0(sizeof(*vs));
2730
2731 dcl = g_malloc0(sizeof(DisplayChangeListener));
2732
2733 ds->opaque = vs;
2734 dcl->idle = 1;
2735 vnc_display = vs;
2736
2737 vs->lsock = -1;
2738
2739 vs->ds = ds;
2740 QTAILQ_INIT(&vs->clients);
2741 vs->expires = TIME_MAX;
2742
2743 if (keyboard_layout)
2744 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2745 else
2746 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2747
2748 if (!vs->kbd_layout)
2749 exit(1);
2750
2751 qemu_mutex_init(&vs->mutex);
2752 vnc_start_worker_thread();
2753
2754 dcl->dpy_copy = vnc_dpy_copy;
2755 dcl->dpy_update = vnc_dpy_update;
2756 dcl->dpy_resize = vnc_dpy_resize;
2757 dcl->dpy_setdata = vnc_dpy_setdata;
2758 register_displaychangelistener(ds, dcl);
2759 ds->mouse_set = vnc_mouse_set;
2760 ds->cursor_define = vnc_dpy_cursor_define;
2761 }
2762
2763
2764 void vnc_display_close(DisplayState *ds)
2765 {
2766 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2767
2768 if (!vs)
2769 return;
2770 if (vs->display) {
2771 g_free(vs->display);
2772 vs->display = NULL;
2773 }
2774 if (vs->lsock != -1) {
2775 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2776 close(vs->lsock);
2777 vs->lsock = -1;
2778 }
2779 vs->auth = VNC_AUTH_INVALID;
2780 #ifdef CONFIG_VNC_TLS
2781 vs->subauth = VNC_AUTH_INVALID;
2782 vs->tls.x509verify = 0;
2783 #endif
2784 }
2785
2786 int vnc_display_disable_login(DisplayState *ds)
2787 {
2788 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2789
2790 if (!vs) {
2791 return -1;
2792 }
2793
2794 if (vs->password) {
2795 g_free(vs->password);
2796 }
2797
2798 vs->password = NULL;
2799 if (vs->auth == VNC_AUTH_NONE) {
2800 vs->auth = VNC_AUTH_VNC;
2801 }
2802
2803 return 0;
2804 }
2805
2806 int vnc_display_password(DisplayState *ds, const char *password)
2807 {
2808 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2809
2810 if (!vs) {
2811 return -EINVAL;
2812 }
2813
2814 if (!password) {
2815 /* This is not the intention of this interface but err on the side
2816 of being safe */
2817 return vnc_display_disable_login(ds);
2818 }
2819
2820 if (vs->password) {
2821 g_free(vs->password);
2822 vs->password = NULL;
2823 }
2824 vs->password = g_strdup(password);
2825 if (vs->auth == VNC_AUTH_NONE) {
2826 vs->auth = VNC_AUTH_VNC;
2827 }
2828
2829 return 0;
2830 }
2831
2832 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2833 {
2834 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2835
2836 if (!vs) {
2837 return -EINVAL;
2838 }
2839
2840 vs->expires = expires;
2841 return 0;
2842 }
2843
2844 char *vnc_display_local_addr(DisplayState *ds)
2845 {
2846 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2847
2848 return vnc_socket_local_addr("%s:%s", vs->lsock);
2849 }
2850
2851 int vnc_display_open(DisplayState *ds, const char *display)
2852 {
2853 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2854 const char *options;
2855 int password = 0;
2856 int reverse = 0;
2857 #ifdef CONFIG_VNC_TLS
2858 int tls = 0, x509 = 0;
2859 #endif
2860 #ifdef CONFIG_VNC_SASL
2861 int sasl = 0;
2862 int saslErr;
2863 #endif
2864 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2865 int acl = 0;
2866 #endif
2867 int lock_key_sync = 1;
2868
2869 if (!vnc_display)
2870 return -1;
2871 vnc_display_close(ds);
2872 if (strcmp(display, "none") == 0)
2873 return 0;
2874
2875 if (!(vs->display = strdup(display)))
2876 return -1;
2877 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2878
2879 options = display;
2880 while ((options = strchr(options, ','))) {
2881 options++;
2882 if (strncmp(options, "password", 8) == 0) {
2883 if (fips_get_state()) {
2884 fprintf(stderr,
2885 "VNC password auth disabled due to FIPS mode, "
2886 "consider using the VeNCrypt or SASL authentication "
2887 "methods as an alternative\n");
2888 g_free(vs->display);
2889 vs->display = NULL;
2890 return -1;
2891 }
2892 password = 1; /* Require password auth */
2893 } else if (strncmp(options, "reverse", 7) == 0) {
2894 reverse = 1;
2895 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
2896 lock_key_sync = 0;
2897 #ifdef CONFIG_VNC_SASL
2898 } else if (strncmp(options, "sasl", 4) == 0) {
2899 sasl = 1; /* Require SASL auth */
2900 #endif
2901 #ifdef CONFIG_VNC_TLS
2902 } else if (strncmp(options, "tls", 3) == 0) {
2903 tls = 1; /* Require TLS */
2904 } else if (strncmp(options, "x509", 4) == 0) {
2905 char *start, *end;
2906 x509 = 1; /* Require x509 certificates */
2907 if (strncmp(options, "x509verify", 10) == 0)
2908 vs->tls.x509verify = 1; /* ...and verify client certs */
2909
2910 /* Now check for 'x509=/some/path' postfix
2911 * and use that to setup x509 certificate/key paths */
2912 start = strchr(options, '=');
2913 end = strchr(options, ',');
2914 if (start && (!end || (start < end))) {
2915 int len = end ? end-(start+1) : strlen(start+1);
2916 char *path = g_strndup(start + 1, len);
2917
2918 VNC_DEBUG("Trying certificate path '%s'\n", path);
2919 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2920 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2921 g_free(path);
2922 g_free(vs->display);
2923 vs->display = NULL;
2924 return -1;
2925 }
2926 g_free(path);
2927 } else {
2928 fprintf(stderr, "No certificate path provided\n");
2929 g_free(vs->display);
2930 vs->display = NULL;
2931 return -1;
2932 }
2933 #endif
2934 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2935 } else if (strncmp(options, "acl", 3) == 0) {
2936 acl = 1;
2937 #endif
2938 } else if (strncmp(options, "lossy", 5) == 0) {
2939 vs->lossy = true;
2940 } else if (strncmp(options, "non-adapative", 13) == 0) {
2941 vs->non_adaptive = true;
2942 } else if (strncmp(options, "share=", 6) == 0) {
2943 if (strncmp(options+6, "ignore", 6) == 0) {
2944 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
2945 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
2946 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2947 } else if (strncmp(options+6, "force-shared", 12) == 0) {
2948 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
2949 } else {
2950 fprintf(stderr, "unknown vnc share= option\n");
2951 g_free(vs->display);
2952 vs->display = NULL;
2953 return -1;
2954 }
2955 }
2956 }
2957
2958 #ifdef CONFIG_VNC_TLS
2959 if (acl && x509 && vs->tls.x509verify) {
2960 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2961 fprintf(stderr, "Failed to create x509 dname ACL\n");
2962 exit(1);
2963 }
2964 }
2965 #endif
2966 #ifdef CONFIG_VNC_SASL
2967 if (acl && sasl) {
2968 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2969 fprintf(stderr, "Failed to create username ACL\n");
2970 exit(1);
2971 }
2972 }
2973 #endif
2974
2975 /*
2976 * Combinations we support here:
2977 *
2978 * - no-auth (clear text, no auth)
2979 * - password (clear text, weak auth)
2980 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2981 * - tls (encrypt, weak anonymous creds, no auth)
2982 * - tls + password (encrypt, weak anonymous creds, weak auth)
2983 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2984 * - tls + x509 (encrypt, good x509 creds, no auth)
2985 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2986 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2987 *
2988 * NB1. TLS is a stackable auth scheme.
2989 * NB2. the x509 schemes have option to validate a client cert dname
2990 */
2991 if (password) {
2992 #ifdef CONFIG_VNC_TLS
2993 if (tls) {
2994 vs->auth = VNC_AUTH_VENCRYPT;
2995 if (x509) {
2996 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2997 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2998 } else {
2999 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3000 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3001 }
3002 } else {
3003 #endif /* CONFIG_VNC_TLS */
3004 VNC_DEBUG("Initializing VNC server with password auth\n");
3005 vs->auth = VNC_AUTH_VNC;
3006 #ifdef CONFIG_VNC_TLS
3007 vs->subauth = VNC_AUTH_INVALID;
3008 }
3009 #endif /* CONFIG_VNC_TLS */
3010 #ifdef CONFIG_VNC_SASL
3011 } else if (sasl) {
3012 #ifdef CONFIG_VNC_TLS
3013 if (tls) {
3014 vs->auth = VNC_AUTH_VENCRYPT;
3015 if (x509) {
3016 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3017 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3018 } else {
3019 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3020 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3021 }
3022 } else {
3023 #endif /* CONFIG_VNC_TLS */
3024 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3025 vs->auth = VNC_AUTH_SASL;
3026 #ifdef CONFIG_VNC_TLS
3027 vs->subauth = VNC_AUTH_INVALID;
3028 }
3029 #endif /* CONFIG_VNC_TLS */
3030 #endif /* CONFIG_VNC_SASL */
3031 } else {
3032 #ifdef CONFIG_VNC_TLS
3033 if (tls) {
3034 vs->auth = VNC_AUTH_VENCRYPT;
3035 if (x509) {
3036 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3037 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3038 } else {
3039 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3040 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3041 }
3042 } else {
3043 #endif
3044 VNC_DEBUG("Initializing VNC server with no auth\n");
3045 vs->auth = VNC_AUTH_NONE;
3046 #ifdef CONFIG_VNC_TLS
3047 vs->subauth = VNC_AUTH_INVALID;
3048 }
3049 #endif
3050 }
3051
3052 #ifdef CONFIG_VNC_SASL
3053 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3054 fprintf(stderr, "Failed to initialize SASL auth %s",
3055 sasl_errstring(saslErr, NULL, NULL));
3056 g_free(vs->display);
3057 vs->display = NULL;
3058 return -1;
3059 }
3060 #endif
3061 vs->lock_key_sync = lock_key_sync;
3062
3063 if (reverse) {
3064 /* connect to viewer */
3065 if (strncmp(display, "unix:", 5) == 0)
3066 vs->lsock = unix_connect(display+5);
3067 else
3068 vs->lsock = inet_connect(display, NULL);
3069 if (-1 == vs->lsock) {
3070 g_free(vs->display);
3071 vs->display = NULL;
3072 return -1;
3073 } else {
3074 int csock = vs->lsock;
3075 vs->lsock = -1;
3076 vnc_connect(vs, csock, 0);
3077 }
3078 return 0;
3079
3080 } else {
3081 /* listen for connects */
3082 char *dpy;
3083 dpy = g_malloc(256);
3084 if (strncmp(display, "unix:", 5) == 0) {
3085 pstrcpy(dpy, 256, "unix:");
3086 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
3087 } else {
3088 vs->lsock = inet_listen(display, dpy, 256,
3089 SOCK_STREAM, 5900, NULL);
3090 }
3091 if (-1 == vs->lsock) {
3092 g_free(dpy);
3093 return -1;
3094 } else {
3095 g_free(vs->display);
3096 vs->display = dpy;
3097 }
3098 }
3099 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
3100 }
3101
3102 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3103 {
3104 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
3105
3106 vnc_connect(vs, csock, skipauth);
3107 }
Qemu copy for testing