]> git.proxmox.com Git - qemu.git/blob - vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
m68k-dis: fix unused return value, spotted by clang
[qemu.git] / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static char *addr_to_string(const char *format,
53 struct sockaddr_storage *sa,
54 socklen_t salen) {
55 char *addr;
56 char host[NI_MAXHOST];
57 char serv[NI_MAXSERV];
58 int err;
59 size_t addrlen;
60
61 if ((err = getnameinfo((struct sockaddr *)sa, salen,
62 host, sizeof(host),
63 serv, sizeof(serv),
64 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err, gai_strerror(err));
67 return NULL;
68 }
69
70 /* Enough for the existing format + the 2 vars we're
71 * substituting in. */
72 addrlen = strlen(format) + strlen(host) + strlen(serv);
73 addr = qemu_malloc(addrlen + 1);
74 snprintf(addr, addrlen, format, host, serv);
75 addr[addrlen] = '\0';
76
77 return addr;
78 }
79
80
81 char *vnc_socket_local_addr(const char *format, int fd) {
82 struct sockaddr_storage sa;
83 socklen_t salen;
84
85 salen = sizeof(sa);
86 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
87 return NULL;
88
89 return addr_to_string(format, &sa, salen);
90 }
91
92 char *vnc_socket_remote_addr(const char *format, int fd) {
93 struct sockaddr_storage sa;
94 socklen_t salen;
95
96 salen = sizeof(sa);
97 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return NULL;
99
100 return addr_to_string(format, &sa, salen);
101 }
102
103 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
104 socklen_t salen)
105 {
106 char host[NI_MAXHOST];
107 char serv[NI_MAXSERV];
108 int err;
109
110 if ((err = getnameinfo((struct sockaddr *)sa, salen,
111 host, sizeof(host),
112 serv, sizeof(serv),
113 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err, gai_strerror(err));
116 return -1;
117 }
118
119 qdict_put(qdict, "host", qstring_from_str(host));
120 qdict_put(qdict, "service", qstring_from_str(serv));
121 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
122
123 return 0;
124 }
125
126 static int vnc_server_addr_put(QDict *qdict, int fd)
127 {
128 struct sockaddr_storage sa;
129 socklen_t salen;
130
131 salen = sizeof(sa);
132 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133 return -1;
134 }
135
136 return put_addr_qdict(qdict, &sa, salen);
137 }
138
139 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
140 {
141 struct sockaddr_storage sa;
142 socklen_t salen;
143
144 salen = sizeof(sa);
145 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146 return -1;
147 }
148
149 return put_addr_qdict(qdict, &sa, salen);
150 }
151
152 static const char *vnc_auth_name(VncDisplay *vd) {
153 switch (vd->auth) {
154 case VNC_AUTH_INVALID:
155 return "invalid";
156 case VNC_AUTH_NONE:
157 return "none";
158 case VNC_AUTH_VNC:
159 return "vnc";
160 case VNC_AUTH_RA2:
161 return "ra2";
162 case VNC_AUTH_RA2NE:
163 return "ra2ne";
164 case VNC_AUTH_TIGHT:
165 return "tight";
166 case VNC_AUTH_ULTRA:
167 return "ultra";
168 case VNC_AUTH_TLS:
169 return "tls";
170 case VNC_AUTH_VENCRYPT:
171 #ifdef CONFIG_VNC_TLS
172 switch (vd->subauth) {
173 case VNC_AUTH_VENCRYPT_PLAIN:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN:
186 return "vencrypt+x509+plain";
187 case VNC_AUTH_VENCRYPT_TLSSASL:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL:
190 return "vencrypt+x509+sasl";
191 default:
192 return "vencrypt";
193 }
194 #else
195 return "vencrypt";
196 #endif
197 case VNC_AUTH_SASL:
198 return "sasl";
199 }
200 return "unknown";
201 }
202
203 static int vnc_server_info_put(QDict *qdict)
204 {
205 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206 return -1;
207 }
208
209 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210 return 0;
211 }
212
213 static void vnc_client_cache_auth(VncState *client)
214 {
215 QDict *qdict;
216
217 if (!client->info) {
218 return;
219 }
220
221 qdict = qobject_to_qdict(client->info);
222
223 #ifdef CONFIG_VNC_TLS
224 if (client->tls.session &&
225 client->tls.dname) {
226 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
227 }
228 #endif
229 #ifdef CONFIG_VNC_SASL
230 if (client->sasl.conn &&
231 client->sasl.username) {
232 qdict_put(qdict, "sasl_username",
233 qstring_from_str(client->sasl.username));
234 }
235 #endif
236 }
237
238 static void vnc_client_cache_addr(VncState *client)
239 {
240 QDict *qdict;
241
242 qdict = qdict_new();
243 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
244 QDECREF(qdict);
245 /* XXX: how to report the error? */
246 return;
247 }
248
249 client->info = QOBJECT(qdict);
250 }
251
252 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
253 {
254 QDict *server;
255 QObject *data;
256
257 if (!vs->info) {
258 return;
259 }
260
261 server = qdict_new();
262 if (vnc_server_info_put(server) < 0) {
263 QDECREF(server);
264 return;
265 }
266
267 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs->info, QOBJECT(server));
269
270 monitor_protocol_event(event, data);
271
272 qobject_incref(vs->info);
273 qobject_decref(data);
274 }
275
276 static void info_vnc_iter(QObject *obj, void *opaque)
277 {
278 QDict *client;
279 Monitor *mon = opaque;
280
281 client = qobject_to_qdict(obj);
282 monitor_printf(mon, "Client:\n");
283 monitor_printf(mon, " address: %s:%s\n",
284 qdict_get_str(client, "host"),
285 qdict_get_str(client, "service"));
286
287 #ifdef CONFIG_VNC_TLS
288 monitor_printf(mon, " x509_dname: %s\n",
289 qdict_haskey(client, "x509_dname") ?
290 qdict_get_str(client, "x509_dname") : "none");
291 #endif
292 #ifdef CONFIG_VNC_SASL
293 monitor_printf(mon, " username: %s\n",
294 qdict_haskey(client, "sasl_username") ?
295 qdict_get_str(client, "sasl_username") : "none");
296 #endif
297 }
298
299 void do_info_vnc_print(Monitor *mon, const QObject *data)
300 {
301 QDict *server;
302 QList *clients;
303
304 server = qobject_to_qdict(data);
305 if (qdict_get_bool(server, "enabled") == 0) {
306 monitor_printf(mon, "Server: disabled\n");
307 return;
308 }
309
310 monitor_printf(mon, "Server:\n");
311 monitor_printf(mon, " address: %s:%s\n",
312 qdict_get_str(server, "host"),
313 qdict_get_str(server, "service"));
314 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
315
316 clients = qdict_get_qlist(server, "clients");
317 if (qlist_empty(clients)) {
318 monitor_printf(mon, "Client: none\n");
319 } else {
320 qlist_iter(clients, info_vnc_iter, mon);
321 }
322 }
323
324 /**
325 * do_info_vnc(): Show VNC server information
326 *
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
329 *
330 * The main QDict contains the following:
331 *
332 * - "enabled": true or false
333 * - "host": server's IP address
334 * - "family": address family ("ipv4" or "ipv6")
335 * - "service": server's port number
336 * - "auth": authentication method
337 * - "clients": a QList of all connected clients
338 *
339 * Clients are described by a QDict, with the following information:
340 *
341 * - "host": client's IP address
342 * - "family": address family ("ipv4" or "ipv6")
343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
345 * - "sasl_username": SASL username (optional)
346 *
347 * Example:
348 *
349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
350 * "family": "ipv4",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
352 */
353 void do_info_vnc(Monitor *mon, QObject **ret_data)
354 {
355 if (vnc_display == NULL || vnc_display->display == NULL) {
356 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
357 } else {
358 QList *clist;
359 VncState *client;
360
361 clist = qlist_new();
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 if (client->info) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client->info);
366 qlist_append_obj(clist, client->info);
367 }
368 }
369
370 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
371 QOBJECT(clist));
372 assert(*ret_data != NULL);
373
374 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
375 qobject_decref(*ret_data);
376 *ret_data = NULL;
377 }
378 }
379 }
380
381 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
382 return (vs->features & (1 << feature));
383 }
384
385 /* TODO
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
390 */
391
392 static int vnc_update_client(VncState *vs, int has_dirty);
393 static void vnc_disconnect_start(VncState *vs);
394 static void vnc_disconnect_finish(VncState *vs);
395 static void vnc_init_timer(VncDisplay *vd);
396 static void vnc_remove_timer(VncDisplay *vd);
397
398 static void vnc_colordepth(VncState *vs);
399 static void framebuffer_update_request(VncState *vs, int incremental,
400 int x_position, int y_position,
401 int w, int h);
402 static void vnc_refresh(void *opaque);
403 static int vnc_refresh_server_surface(VncDisplay *vd);
404
405 static inline void vnc_set_bit(uint32_t *d, int k)
406 {
407 d[k >> 5] |= 1 << (k & 0x1f);
408 }
409
410 static inline void vnc_clear_bit(uint32_t *d, int k)
411 {
412 d[k >> 5] &= ~(1 << (k & 0x1f));
413 }
414
415 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
416 {
417 int j;
418
419 j = 0;
420 while (n >= 32) {
421 d[j++] = -1;
422 n -= 32;
423 }
424 if (n > 0)
425 d[j++] = (1 << n) - 1;
426 while (j < nb_words)
427 d[j++] = 0;
428 }
429
430 static inline int vnc_get_bit(const uint32_t *d, int k)
431 {
432 return (d[k >> 5] >> (k & 0x1f)) & 1;
433 }
434
435 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
436 int nb_words)
437 {
438 int i;
439 for(i = 0; i < nb_words; i++) {
440 if ((d1[i] & d2[i]) != 0)
441 return 1;
442 }
443 return 0;
444 }
445
446 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
447 {
448 int i;
449 VncDisplay *vd = ds->opaque;
450 struct VncSurface *s = &vd->guest;
451
452 h += y;
453
454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
457 */
458 w += (x % 16);
459 x -= (x % 16);
460
461 x = MIN(x, s->ds->width);
462 y = MIN(y, s->ds->height);
463 w = MIN(x + w, s->ds->width) - x;
464 h = MIN(h, s->ds->height);
465
466 for (; y < h; y++)
467 for (i = 0; i < w; i += 16)
468 vnc_set_bit(s->dirty[y], (x + i) / 16);
469 }
470
471 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
472 int32_t encoding)
473 {
474 vnc_write_u16(vs, x);
475 vnc_write_u16(vs, y);
476 vnc_write_u16(vs, w);
477 vnc_write_u16(vs, h);
478
479 vnc_write_s32(vs, encoding);
480 }
481
482 void buffer_reserve(Buffer *buffer, size_t len)
483 {
484 if ((buffer->capacity - buffer->offset) < len) {
485 buffer->capacity += (len + 1024);
486 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
487 if (buffer->buffer == NULL) {
488 fprintf(stderr, "vnc: out of memory\n");
489 exit(1);
490 }
491 }
492 }
493
494 int buffer_empty(Buffer *buffer)
495 {
496 return buffer->offset == 0;
497 }
498
499 uint8_t *buffer_end(Buffer *buffer)
500 {
501 return buffer->buffer + buffer->offset;
502 }
503
504 void buffer_reset(Buffer *buffer)
505 {
506 buffer->offset = 0;
507 }
508
509 void buffer_append(Buffer *buffer, const void *data, size_t len)
510 {
511 memcpy(buffer->buffer + buffer->offset, data, len);
512 buffer->offset += len;
513 }
514
515 static void vnc_dpy_resize(DisplayState *ds)
516 {
517 int size_changed;
518 VncDisplay *vd = ds->opaque;
519 VncState *vs;
520
521 /* server surface */
522 if (!vd->server)
523 vd->server = qemu_mallocz(sizeof(*vd->server));
524 if (vd->server->data)
525 qemu_free(vd->server->data);
526 *(vd->server) = *(ds->surface);
527 vd->server->data = qemu_mallocz(vd->server->linesize *
528 vd->server->height);
529
530 /* guest surface */
531 if (!vd->guest.ds)
532 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
533 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
534 console_color_init(ds);
535 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
536 ds_get_height(ds) != vd->guest.ds->height;
537 *(vd->guest.ds) = *(ds->surface);
538 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
539
540 QTAILQ_FOREACH(vs, &vd->clients, next) {
541 vnc_colordepth(vs);
542 if (size_changed) {
543 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
544 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
545 vnc_write_u8(vs, 0);
546 vnc_write_u16(vs, 1); /* number of rects */
547 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
548 VNC_ENCODING_DESKTOPRESIZE);
549 vnc_flush(vs);
550 }
551 }
552 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
553 }
554 }
555
556 /* fastest code */
557 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
558 {
559 vnc_write(vs, pixels, size);
560 }
561
562 /* slowest but generic code. */
563 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
564 {
565 uint8_t r, g, b;
566 VncDisplay *vd = vs->vd;
567
568 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
569 vd->server->pf.rbits);
570 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
571 vd->server->pf.gbits);
572 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
573 vd->server->pf.bbits);
574 v = (r << vs->clientds.pf.rshift) |
575 (g << vs->clientds.pf.gshift) |
576 (b << vs->clientds.pf.bshift);
577 switch(vs->clientds.pf.bytes_per_pixel) {
578 case 1:
579 buf[0] = v;
580 break;
581 case 2:
582 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
583 buf[0] = v >> 8;
584 buf[1] = v;
585 } else {
586 buf[1] = v >> 8;
587 buf[0] = v;
588 }
589 break;
590 default:
591 case 4:
592 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
593 buf[0] = v >> 24;
594 buf[1] = v >> 16;
595 buf[2] = v >> 8;
596 buf[3] = v;
597 } else {
598 buf[3] = v >> 24;
599 buf[2] = v >> 16;
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 }
605 }
606
607 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
608 {
609 uint8_t buf[4];
610 VncDisplay *vd = vs->vd;
611
612 if (vd->server->pf.bytes_per_pixel == 4) {
613 uint32_t *pixels = pixels1;
614 int n, i;
615 n = size >> 2;
616 for(i = 0; i < n; i++) {
617 vnc_convert_pixel(vs, buf, pixels[i]);
618 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
619 }
620 } else if (vd->server->pf.bytes_per_pixel == 2) {
621 uint16_t *pixels = pixels1;
622 int n, i;
623 n = size >> 1;
624 for(i = 0; i < n; i++) {
625 vnc_convert_pixel(vs, buf, pixels[i]);
626 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
627 }
628 } else if (vd->server->pf.bytes_per_pixel == 1) {
629 uint8_t *pixels = pixels1;
630 int n, i;
631 n = size;
632 for(i = 0; i < n; i++) {
633 vnc_convert_pixel(vs, buf, pixels[i]);
634 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
635 }
636 } else {
637 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
638 }
639 }
640
641 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
642 {
643 int i;
644 uint8_t *row;
645 VncDisplay *vd = vs->vd;
646
647 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
648 for (i = 0; i < h; i++) {
649 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
650 row += ds_get_linesize(vs->ds);
651 }
652 }
653
654 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
655 {
656 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
657 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
658 }
659
660 #define BPP 8
661 #include "vnchextile.h"
662 #undef BPP
663
664 #define BPP 16
665 #include "vnchextile.h"
666 #undef BPP
667
668 #define BPP 32
669 #include "vnchextile.h"
670 #undef BPP
671
672 #define GENERIC
673 #define BPP 8
674 #include "vnchextile.h"
675 #undef BPP
676 #undef GENERIC
677
678 #define GENERIC
679 #define BPP 16
680 #include "vnchextile.h"
681 #undef BPP
682 #undef GENERIC
683
684 #define GENERIC
685 #define BPP 32
686 #include "vnchextile.h"
687 #undef BPP
688 #undef GENERIC
689
690 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
691 {
692 int i, j;
693 int has_fg, has_bg;
694 uint8_t *last_fg, *last_bg;
695 VncDisplay *vd = vs->vd;
696
697 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
698 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
699 has_fg = has_bg = 0;
700 for (j = y; j < (y + h); j += 16) {
701 for (i = x; i < (x + w); i += 16) {
702 vs->send_hextile_tile(vs, i, j,
703 MIN(16, x + w - i), MIN(16, y + h - j),
704 last_bg, last_fg, &has_bg, &has_fg);
705 }
706 }
707 free(last_fg);
708 free(last_bg);
709
710 }
711
712 #define ZALLOC_ALIGNMENT 16
713
714 static void *zalloc(void *x, unsigned items, unsigned size)
715 {
716 void *p;
717
718 size *= items;
719 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
720
721 p = qemu_mallocz(size);
722
723 return (p);
724 }
725
726 static void zfree(void *x, void *addr)
727 {
728 qemu_free(addr);
729 }
730
731 static void vnc_zlib_init(VncState *vs)
732 {
733 int i;
734 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
735 vs->zlib_stream[i].opaque = NULL;
736 }
737
738 static void vnc_zlib_start(VncState *vs)
739 {
740 buffer_reset(&vs->zlib);
741
742 // make the output buffer be the zlib buffer, so we can compress it later
743 vs->zlib_tmp = vs->output;
744 vs->output = vs->zlib;
745 }
746
747 static int vnc_zlib_stop(VncState *vs, int stream_id)
748 {
749 z_streamp zstream = &vs->zlib_stream[stream_id];
750 int previous_out;
751
752 // switch back to normal output/zlib buffers
753 vs->zlib = vs->output;
754 vs->output = vs->zlib_tmp;
755
756 // compress the zlib buffer
757
758 // initialize the stream
759 // XXX need one stream per session
760 if (zstream->opaque != vs) {
761 int err;
762
763 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
764 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
765 zstream->zalloc = zalloc;
766 zstream->zfree = zfree;
767
768 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
769 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
770
771 if (err != Z_OK) {
772 fprintf(stderr, "VNC: error initializing zlib\n");
773 return -1;
774 }
775
776 zstream->opaque = vs;
777 }
778
779 // XXX what to do if tight_compression changed in between?
780
781 // reserve memory in output buffer
782 buffer_reserve(&vs->output, vs->zlib.offset + 64);
783
784 // set pointers
785 zstream->next_in = vs->zlib.buffer;
786 zstream->avail_in = vs->zlib.offset;
787 zstream->next_out = vs->output.buffer + vs->output.offset;
788 zstream->avail_out = vs->output.capacity - vs->output.offset;
789 zstream->data_type = Z_BINARY;
790 previous_out = zstream->total_out;
791
792 // start encoding
793 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
794 fprintf(stderr, "VNC: error during zlib compression\n");
795 return -1;
796 }
797
798 vs->output.offset = vs->output.capacity - zstream->avail_out;
799 return zstream->total_out - previous_out;
800 }
801
802 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
803 {
804 int old_offset, new_offset, bytes_written;
805
806 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
807
808 // remember where we put in the follow-up size
809 old_offset = vs->output.offset;
810 vnc_write_s32(vs, 0);
811
812 // compress the stream
813 vnc_zlib_start(vs);
814 send_framebuffer_update_raw(vs, x, y, w, h);
815 bytes_written = vnc_zlib_stop(vs, 0);
816
817 if (bytes_written == -1)
818 return;
819
820 // hack in the size
821 new_offset = vs->output.offset;
822 vs->output.offset = old_offset;
823 vnc_write_u32(vs, bytes_written);
824 vs->output.offset = new_offset;
825 }
826
827 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
828 {
829 switch(vs->vnc_encoding) {
830 case VNC_ENCODING_ZLIB:
831 send_framebuffer_update_zlib(vs, x, y, w, h);
832 break;
833 case VNC_ENCODING_HEXTILE:
834 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
835 send_framebuffer_update_hextile(vs, x, y, w, h);
836 break;
837 default:
838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
839 send_framebuffer_update_raw(vs, x, y, w, h);
840 break;
841 }
842 }
843
844 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
845 {
846 /* send bitblit op to the vnc client */
847 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
848 vnc_write_u8(vs, 0);
849 vnc_write_u16(vs, 1); /* number of rects */
850 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
851 vnc_write_u16(vs, src_x);
852 vnc_write_u16(vs, src_y);
853 vnc_flush(vs);
854 }
855
856 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
857 {
858 VncDisplay *vd = ds->opaque;
859 VncState *vs, *vn;
860 uint8_t *src_row;
861 uint8_t *dst_row;
862 int i,x,y,pitch,depth,inc,w_lim,s;
863 int cmp_bytes;
864
865 vnc_refresh_server_surface(vd);
866 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
867 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
868 vs->force_update = 1;
869 vnc_update_client(vs, 1);
870 /* vs might be free()ed here */
871 }
872 }
873
874 /* do bitblit op on the local surface too */
875 pitch = ds_get_linesize(vd->ds);
876 depth = ds_get_bytes_per_pixel(vd->ds);
877 src_row = vd->server->data + pitch * src_y + depth * src_x;
878 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
879 y = dst_y;
880 inc = 1;
881 if (dst_y > src_y) {
882 /* copy backwards */
883 src_row += pitch * (h-1);
884 dst_row += pitch * (h-1);
885 pitch = -pitch;
886 y = dst_y + h - 1;
887 inc = -1;
888 }
889 w_lim = w - (16 - (dst_x % 16));
890 if (w_lim < 0)
891 w_lim = w;
892 else
893 w_lim = w - (w_lim % 16);
894 for (i = 0; i < h; i++) {
895 for (x = 0; x <= w_lim;
896 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
897 if (x == w_lim) {
898 if ((s = w - w_lim) == 0)
899 break;
900 } else if (!x) {
901 s = (16 - (dst_x % 16));
902 s = MIN(s, w_lim);
903 } else {
904 s = 16;
905 }
906 cmp_bytes = s * depth;
907 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
908 continue;
909 memmove(dst_row, src_row, cmp_bytes);
910 QTAILQ_FOREACH(vs, &vd->clients, next) {
911 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
912 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
913 }
914 }
915 }
916 src_row += pitch - w * depth;
917 dst_row += pitch - w * depth;
918 y += inc;
919 }
920
921 QTAILQ_FOREACH(vs, &vd->clients, next) {
922 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
923 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
924 }
925 }
926 }
927
928 static int find_and_clear_dirty_height(struct VncState *vs,
929 int y, int last_x, int x)
930 {
931 int h;
932 VncDisplay *vd = vs->vd;
933
934 for (h = 1; h < (vd->server->height - y); h++) {
935 int tmp_x;
936 if (!vnc_get_bit(vs->dirty[y + h], last_x))
937 break;
938 for (tmp_x = last_x; tmp_x < x; tmp_x++)
939 vnc_clear_bit(vs->dirty[y + h], tmp_x);
940 }
941
942 return h;
943 }
944
945 static int vnc_update_client(VncState *vs, int has_dirty)
946 {
947 if (vs->need_update && vs->csock != -1) {
948 VncDisplay *vd = vs->vd;
949 int y;
950 int n_rectangles;
951 int saved_offset;
952
953 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
954 /* kernel send buffers are full -> drop frames to throttle */
955 return 0;
956
957 if (!has_dirty && !vs->audio_cap && !vs->force_update)
958 return 0;
959
960 /*
961 * Send screen updates to the vnc client using the server
962 * surface and server dirty map. guest surface updates
963 * happening in parallel don't disturb us, the next pass will
964 * send them to the client.
965 */
966 n_rectangles = 0;
967 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
968 vnc_write_u8(vs, 0);
969 saved_offset = vs->output.offset;
970 vnc_write_u16(vs, 0);
971
972 for (y = 0; y < vd->server->height; y++) {
973 int x;
974 int last_x = -1;
975 for (x = 0; x < vd->server->width / 16; x++) {
976 if (vnc_get_bit(vs->dirty[y], x)) {
977 if (last_x == -1) {
978 last_x = x;
979 }
980 vnc_clear_bit(vs->dirty[y], x);
981 } else {
982 if (last_x != -1) {
983 int h = find_and_clear_dirty_height(vs, y, last_x, x);
984 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
985 n_rectangles++;
986 }
987 last_x = -1;
988 }
989 }
990 if (last_x != -1) {
991 int h = find_and_clear_dirty_height(vs, y, last_x, x);
992 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
993 n_rectangles++;
994 }
995 }
996 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
997 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
998 vnc_flush(vs);
999 vs->force_update = 0;
1000 return n_rectangles;
1001 }
1002
1003 if (vs->csock == -1)
1004 vnc_disconnect_finish(vs);
1005
1006 return 0;
1007 }
1008
1009 /* audio */
1010 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1011 {
1012 VncState *vs = opaque;
1013
1014 switch (cmd) {
1015 case AUD_CNOTIFY_DISABLE:
1016 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1017 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1018 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1019 vnc_flush(vs);
1020 break;
1021
1022 case AUD_CNOTIFY_ENABLE:
1023 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1024 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1025 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1026 vnc_flush(vs);
1027 break;
1028 }
1029 }
1030
1031 static void audio_capture_destroy(void *opaque)
1032 {
1033 }
1034
1035 static void audio_capture(void *opaque, void *buf, int size)
1036 {
1037 VncState *vs = opaque;
1038
1039 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1040 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1041 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1042 vnc_write_u32(vs, size);
1043 vnc_write(vs, buf, size);
1044 vnc_flush(vs);
1045 }
1046
1047 static void audio_add(VncState *vs)
1048 {
1049 struct audio_capture_ops ops;
1050
1051 if (vs->audio_cap) {
1052 monitor_printf(default_mon, "audio already running\n");
1053 return;
1054 }
1055
1056 ops.notify = audio_capture_notify;
1057 ops.destroy = audio_capture_destroy;
1058 ops.capture = audio_capture;
1059
1060 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1061 if (!vs->audio_cap) {
1062 monitor_printf(default_mon, "Failed to add audio capture\n");
1063 }
1064 }
1065
1066 static void audio_del(VncState *vs)
1067 {
1068 if (vs->audio_cap) {
1069 AUD_del_capture(vs->audio_cap, vs);
1070 vs->audio_cap = NULL;
1071 }
1072 }
1073
1074 static void vnc_disconnect_start(VncState *vs)
1075 {
1076 if (vs->csock == -1)
1077 return;
1078 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1079 closesocket(vs->csock);
1080 vs->csock = -1;
1081 }
1082
1083 static void vnc_disconnect_finish(VncState *vs)
1084 {
1085 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1086
1087 if (vs->input.buffer) {
1088 qemu_free(vs->input.buffer);
1089 vs->input.buffer = NULL;
1090 }
1091 if (vs->output.buffer) {
1092 qemu_free(vs->output.buffer);
1093 vs->output.buffer = NULL;
1094 }
1095
1096 qobject_decref(vs->info);
1097
1098 #ifdef CONFIG_VNC_TLS
1099 vnc_tls_client_cleanup(vs);
1100 #endif /* CONFIG_VNC_TLS */
1101 #ifdef CONFIG_VNC_SASL
1102 vnc_sasl_client_cleanup(vs);
1103 #endif /* CONFIG_VNC_SASL */
1104 audio_del(vs);
1105
1106 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1107
1108 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1109 dcl->idle = 1;
1110 }
1111
1112 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1113 vnc_remove_timer(vs->vd);
1114 if (vs->vd->lock_key_sync)
1115 qemu_remove_led_event_handler(vs->led);
1116 qemu_free(vs);
1117 }
1118
1119 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1120 {
1121 if (ret == 0 || ret == -1) {
1122 if (ret == -1) {
1123 switch (last_errno) {
1124 case EINTR:
1125 case EAGAIN:
1126 #ifdef _WIN32
1127 case WSAEWOULDBLOCK:
1128 #endif
1129 return 0;
1130 default:
1131 break;
1132 }
1133 }
1134
1135 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1136 ret, ret < 0 ? last_errno : 0);
1137 vnc_disconnect_start(vs);
1138
1139 return 0;
1140 }
1141 return ret;
1142 }
1143
1144
1145 void vnc_client_error(VncState *vs)
1146 {
1147 VNC_DEBUG("Closing down client sock: protocol error\n");
1148 vnc_disconnect_start(vs);
1149 }
1150
1151
1152 /*
1153 * Called to write a chunk of data to the client socket. The data may
1154 * be the raw data, or may have already been encoded by SASL.
1155 * The data will be written either straight onto the socket, or
1156 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1157 *
1158 * NB, it is theoretically possible to have 2 layers of encryption,
1159 * both SASL, and this TLS layer. It is highly unlikely in practice
1160 * though, since SASL encryption will typically be a no-op if TLS
1161 * is active
1162 *
1163 * Returns the number of bytes written, which may be less than
1164 * the requested 'datalen' if the socket would block. Returns
1165 * -1 on error, and disconnects the client socket.
1166 */
1167 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1168 {
1169 long ret;
1170 #ifdef CONFIG_VNC_TLS
1171 if (vs->tls.session) {
1172 ret = gnutls_write(vs->tls.session, data, datalen);
1173 if (ret < 0) {
1174 if (ret == GNUTLS_E_AGAIN)
1175 errno = EAGAIN;
1176 else
1177 errno = EIO;
1178 ret = -1;
1179 }
1180 } else
1181 #endif /* CONFIG_VNC_TLS */
1182 ret = send(vs->csock, (const void *)data, datalen, 0);
1183 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1184 return vnc_client_io_error(vs, ret, socket_error());
1185 }
1186
1187
1188 /*
1189 * Called to write buffered data to the client socket, when not
1190 * using any SASL SSF encryption layers. Will write as much data
1191 * as possible without blocking. If all buffered data is written,
1192 * will switch the FD poll() handler back to read monitoring.
1193 *
1194 * Returns the number of bytes written, which may be less than
1195 * the buffered output data if the socket would block. Returns
1196 * -1 on error, and disconnects the client socket.
1197 */
1198 static long vnc_client_write_plain(VncState *vs)
1199 {
1200 long ret;
1201
1202 #ifdef CONFIG_VNC_SASL
1203 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1204 vs->output.buffer, vs->output.capacity, vs->output.offset,
1205 vs->sasl.waitWriteSSF);
1206
1207 if (vs->sasl.conn &&
1208 vs->sasl.runSSF &&
1209 vs->sasl.waitWriteSSF) {
1210 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1211 if (ret)
1212 vs->sasl.waitWriteSSF -= ret;
1213 } else
1214 #endif /* CONFIG_VNC_SASL */
1215 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1216 if (!ret)
1217 return 0;
1218
1219 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1220 vs->output.offset -= ret;
1221
1222 if (vs->output.offset == 0) {
1223 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1224 }
1225
1226 return ret;
1227 }
1228
1229
1230 /*
1231 * First function called whenever there is data to be written to
1232 * the client socket. Will delegate actual work according to whether
1233 * SASL SSF layers are enabled (thus requiring encryption calls)
1234 */
1235 void vnc_client_write(void *opaque)
1236 {
1237 long ret;
1238 VncState *vs = opaque;
1239
1240 #ifdef CONFIG_VNC_SASL
1241 if (vs->sasl.conn &&
1242 vs->sasl.runSSF &&
1243 !vs->sasl.waitWriteSSF)
1244 ret = vnc_client_write_sasl(vs);
1245 else
1246 #endif /* CONFIG_VNC_SASL */
1247 ret = vnc_client_write_plain(vs);
1248 }
1249
1250 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1251 {
1252 vs->read_handler = func;
1253 vs->read_handler_expect = expecting;
1254 }
1255
1256
1257 /*
1258 * Called to read a chunk of data from the client socket. The data may
1259 * be the raw data, or may need to be further decoded by SASL.
1260 * The data will be read either straight from to the socket, or
1261 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1262 *
1263 * NB, it is theoretically possible to have 2 layers of encryption,
1264 * both SASL, and this TLS layer. It is highly unlikely in practice
1265 * though, since SASL encryption will typically be a no-op if TLS
1266 * is active
1267 *
1268 * Returns the number of bytes read, which may be less than
1269 * the requested 'datalen' if the socket would block. Returns
1270 * -1 on error, and disconnects the client socket.
1271 */
1272 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1273 {
1274 long ret;
1275 #ifdef CONFIG_VNC_TLS
1276 if (vs->tls.session) {
1277 ret = gnutls_read(vs->tls.session, data, datalen);
1278 if (ret < 0) {
1279 if (ret == GNUTLS_E_AGAIN)
1280 errno = EAGAIN;
1281 else
1282 errno = EIO;
1283 ret = -1;
1284 }
1285 } else
1286 #endif /* CONFIG_VNC_TLS */
1287 ret = recv(vs->csock, (void *)data, datalen, 0);
1288 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1289 return vnc_client_io_error(vs, ret, socket_error());
1290 }
1291
1292
1293 /*
1294 * Called to read data from the client socket to the input buffer,
1295 * when not using any SASL SSF encryption layers. Will read as much
1296 * data as possible without blocking.
1297 *
1298 * Returns the number of bytes read. Returns -1 on error, and
1299 * disconnects the client socket.
1300 */
1301 static long vnc_client_read_plain(VncState *vs)
1302 {
1303 int ret;
1304 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1305 vs->input.buffer, vs->input.capacity, vs->input.offset);
1306 buffer_reserve(&vs->input, 4096);
1307 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1308 if (!ret)
1309 return 0;
1310 vs->input.offset += ret;
1311 return ret;
1312 }
1313
1314
1315 /*
1316 * First function called whenever there is more data to be read from
1317 * the client socket. Will delegate actual work according to whether
1318 * SASL SSF layers are enabled (thus requiring decryption calls)
1319 */
1320 void vnc_client_read(void *opaque)
1321 {
1322 VncState *vs = opaque;
1323 long ret;
1324
1325 #ifdef CONFIG_VNC_SASL
1326 if (vs->sasl.conn && vs->sasl.runSSF)
1327 ret = vnc_client_read_sasl(vs);
1328 else
1329 #endif /* CONFIG_VNC_SASL */
1330 ret = vnc_client_read_plain(vs);
1331 if (!ret) {
1332 if (vs->csock == -1)
1333 vnc_disconnect_finish(vs);
1334 return;
1335 }
1336
1337 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1338 size_t len = vs->read_handler_expect;
1339 int ret;
1340
1341 ret = vs->read_handler(vs, vs->input.buffer, len);
1342 if (vs->csock == -1) {
1343 vnc_disconnect_finish(vs);
1344 return;
1345 }
1346
1347 if (!ret) {
1348 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1349 vs->input.offset -= len;
1350 } else {
1351 vs->read_handler_expect = ret;
1352 }
1353 }
1354 }
1355
1356 void vnc_write(VncState *vs, const void *data, size_t len)
1357 {
1358 buffer_reserve(&vs->output, len);
1359
1360 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1361 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1362 }
1363
1364 buffer_append(&vs->output, data, len);
1365 }
1366
1367 void vnc_write_s32(VncState *vs, int32_t value)
1368 {
1369 vnc_write_u32(vs, *(uint32_t *)&value);
1370 }
1371
1372 void vnc_write_u32(VncState *vs, uint32_t value)
1373 {
1374 uint8_t buf[4];
1375
1376 buf[0] = (value >> 24) & 0xFF;
1377 buf[1] = (value >> 16) & 0xFF;
1378 buf[2] = (value >> 8) & 0xFF;
1379 buf[3] = value & 0xFF;
1380
1381 vnc_write(vs, buf, 4);
1382 }
1383
1384 void vnc_write_u16(VncState *vs, uint16_t value)
1385 {
1386 uint8_t buf[2];
1387
1388 buf[0] = (value >> 8) & 0xFF;
1389 buf[1] = value & 0xFF;
1390
1391 vnc_write(vs, buf, 2);
1392 }
1393
1394 void vnc_write_u8(VncState *vs, uint8_t value)
1395 {
1396 vnc_write(vs, (char *)&value, 1);
1397 }
1398
1399 void vnc_flush(VncState *vs)
1400 {
1401 if (vs->csock != -1 && vs->output.offset)
1402 vnc_client_write(vs);
1403 }
1404
1405 uint8_t read_u8(uint8_t *data, size_t offset)
1406 {
1407 return data[offset];
1408 }
1409
1410 uint16_t read_u16(uint8_t *data, size_t offset)
1411 {
1412 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1413 }
1414
1415 int32_t read_s32(uint8_t *data, size_t offset)
1416 {
1417 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1418 (data[offset + 2] << 8) | data[offset + 3]);
1419 }
1420
1421 uint32_t read_u32(uint8_t *data, size_t offset)
1422 {
1423 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1424 (data[offset + 2] << 8) | data[offset + 3]);
1425 }
1426
1427 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1428 {
1429 }
1430
1431 static void check_pointer_type_change(Notifier *notifier)
1432 {
1433 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1434 int absolute = kbd_mouse_is_absolute();
1435
1436 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1437 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1438 vnc_write_u8(vs, 0);
1439 vnc_write_u16(vs, 1);
1440 vnc_framebuffer_update(vs, absolute, 0,
1441 ds_get_width(vs->ds), ds_get_height(vs->ds),
1442 VNC_ENCODING_POINTER_TYPE_CHANGE);
1443 vnc_flush(vs);
1444 }
1445 vs->absolute = absolute;
1446 }
1447
1448 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1449 {
1450 int buttons = 0;
1451 int dz = 0;
1452
1453 if (button_mask & 0x01)
1454 buttons |= MOUSE_EVENT_LBUTTON;
1455 if (button_mask & 0x02)
1456 buttons |= MOUSE_EVENT_MBUTTON;
1457 if (button_mask & 0x04)
1458 buttons |= MOUSE_EVENT_RBUTTON;
1459 if (button_mask & 0x08)
1460 dz = -1;
1461 if (button_mask & 0x10)
1462 dz = 1;
1463
1464 if (vs->absolute) {
1465 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1466 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1467 ds_get_height(vs->ds) > 1 ?
1468 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1469 dz, buttons);
1470 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1471 x -= 0x7FFF;
1472 y -= 0x7FFF;
1473
1474 kbd_mouse_event(x, y, dz, buttons);
1475 } else {
1476 if (vs->last_x != -1)
1477 kbd_mouse_event(x - vs->last_x,
1478 y - vs->last_y,
1479 dz, buttons);
1480 vs->last_x = x;
1481 vs->last_y = y;
1482 }
1483 }
1484
1485 static void reset_keys(VncState *vs)
1486 {
1487 int i;
1488 for(i = 0; i < 256; i++) {
1489 if (vs->modifiers_state[i]) {
1490 if (i & SCANCODE_GREY)
1491 kbd_put_keycode(SCANCODE_EMUL0);
1492 kbd_put_keycode(i | SCANCODE_UP);
1493 vs->modifiers_state[i] = 0;
1494 }
1495 }
1496 }
1497
1498 static void press_key(VncState *vs, int keysym)
1499 {
1500 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1501 if (keycode & SCANCODE_GREY)
1502 kbd_put_keycode(SCANCODE_EMUL0);
1503 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1504 if (keycode & SCANCODE_GREY)
1505 kbd_put_keycode(SCANCODE_EMUL0);
1506 kbd_put_keycode(keycode | SCANCODE_UP);
1507 }
1508
1509 static void kbd_leds(void *opaque, int ledstate)
1510 {
1511 VncState *vs = opaque;
1512 int caps, num;
1513
1514 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1515 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1516
1517 if (vs->modifiers_state[0x3a] != caps) {
1518 vs->modifiers_state[0x3a] = caps;
1519 }
1520 if (vs->modifiers_state[0x45] != num) {
1521 vs->modifiers_state[0x45] = num;
1522 }
1523 }
1524
1525 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1526 {
1527 /* QEMU console switch */
1528 switch(keycode) {
1529 case 0x2a: /* Left Shift */
1530 case 0x36: /* Right Shift */
1531 case 0x1d: /* Left CTRL */
1532 case 0x9d: /* Right CTRL */
1533 case 0x38: /* Left ALT */
1534 case 0xb8: /* Right ALT */
1535 if (down)
1536 vs->modifiers_state[keycode] = 1;
1537 else
1538 vs->modifiers_state[keycode] = 0;
1539 break;
1540 case 0x02 ... 0x0a: /* '1' to '9' keys */
1541 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1542 /* Reset the modifiers sent to the current console */
1543 reset_keys(vs);
1544 console_select(keycode - 0x02);
1545 return;
1546 }
1547 break;
1548 case 0x3a: /* CapsLock */
1549 case 0x45: /* NumLock */
1550 if (down)
1551 vs->modifiers_state[keycode] ^= 1;
1552 break;
1553 }
1554
1555 if (vs->vd->lock_key_sync &&
1556 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1557 /* If the numlock state needs to change then simulate an additional
1558 keypress before sending this one. This will happen if the user
1559 toggles numlock away from the VNC window.
1560 */
1561 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1562 if (!vs->modifiers_state[0x45]) {
1563 vs->modifiers_state[0x45] = 1;
1564 press_key(vs, 0xff7f);
1565 }
1566 } else {
1567 if (vs->modifiers_state[0x45]) {
1568 vs->modifiers_state[0x45] = 0;
1569 press_key(vs, 0xff7f);
1570 }
1571 }
1572 }
1573
1574 if (vs->vd->lock_key_sync &&
1575 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1576 /* If the capslock state needs to change then simulate an additional
1577 keypress before sending this one. This will happen if the user
1578 toggles capslock away from the VNC window.
1579 */
1580 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1581 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1582 int capslock = !!(vs->modifiers_state[0x3a]);
1583 if (capslock) {
1584 if (uppercase == shift) {
1585 vs->modifiers_state[0x3a] = 0;
1586 press_key(vs, 0xffe5);
1587 }
1588 } else {
1589 if (uppercase != shift) {
1590 vs->modifiers_state[0x3a] = 1;
1591 press_key(vs, 0xffe5);
1592 }
1593 }
1594 }
1595
1596 if (is_graphic_console()) {
1597 if (keycode & SCANCODE_GREY)
1598 kbd_put_keycode(SCANCODE_EMUL0);
1599 if (down)
1600 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1601 else
1602 kbd_put_keycode(keycode | SCANCODE_UP);
1603 } else {
1604 /* QEMU console emulation */
1605 if (down) {
1606 int numlock = vs->modifiers_state[0x45];
1607 switch (keycode) {
1608 case 0x2a: /* Left Shift */
1609 case 0x36: /* Right Shift */
1610 case 0x1d: /* Left CTRL */
1611 case 0x9d: /* Right CTRL */
1612 case 0x38: /* Left ALT */
1613 case 0xb8: /* Right ALT */
1614 break;
1615 case 0xc8:
1616 kbd_put_keysym(QEMU_KEY_UP);
1617 break;
1618 case 0xd0:
1619 kbd_put_keysym(QEMU_KEY_DOWN);
1620 break;
1621 case 0xcb:
1622 kbd_put_keysym(QEMU_KEY_LEFT);
1623 break;
1624 case 0xcd:
1625 kbd_put_keysym(QEMU_KEY_RIGHT);
1626 break;
1627 case 0xd3:
1628 kbd_put_keysym(QEMU_KEY_DELETE);
1629 break;
1630 case 0xc7:
1631 kbd_put_keysym(QEMU_KEY_HOME);
1632 break;
1633 case 0xcf:
1634 kbd_put_keysym(QEMU_KEY_END);
1635 break;
1636 case 0xc9:
1637 kbd_put_keysym(QEMU_KEY_PAGEUP);
1638 break;
1639 case 0xd1:
1640 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1641 break;
1642
1643 case 0x47:
1644 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1645 break;
1646 case 0x48:
1647 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1648 break;
1649 case 0x49:
1650 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1651 break;
1652 case 0x4b:
1653 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1654 break;
1655 case 0x4c:
1656 kbd_put_keysym('5');
1657 break;
1658 case 0x4d:
1659 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1660 break;
1661 case 0x4f:
1662 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1663 break;
1664 case 0x50:
1665 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1666 break;
1667 case 0x51:
1668 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1669 break;
1670 case 0x52:
1671 kbd_put_keysym('0');
1672 break;
1673 case 0x53:
1674 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1675 break;
1676
1677 case 0xb5:
1678 kbd_put_keysym('/');
1679 break;
1680 case 0x37:
1681 kbd_put_keysym('*');
1682 break;
1683 case 0x4a:
1684 kbd_put_keysym('-');
1685 break;
1686 case 0x4e:
1687 kbd_put_keysym('+');
1688 break;
1689 case 0x9c:
1690 kbd_put_keysym('\n');
1691 break;
1692
1693 default:
1694 kbd_put_keysym(sym);
1695 break;
1696 }
1697 }
1698 }
1699 }
1700
1701 static void key_event(VncState *vs, int down, uint32_t sym)
1702 {
1703 int keycode;
1704 int lsym = sym;
1705
1706 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1707 lsym = lsym - 'A' + 'a';
1708 }
1709
1710 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1711 do_key_event(vs, down, keycode, sym);
1712 }
1713
1714 static void ext_key_event(VncState *vs, int down,
1715 uint32_t sym, uint16_t keycode)
1716 {
1717 /* if the user specifies a keyboard layout, always use it */
1718 if (keyboard_layout)
1719 key_event(vs, down, sym);
1720 else
1721 do_key_event(vs, down, keycode, sym);
1722 }
1723
1724 static void framebuffer_update_request(VncState *vs, int incremental,
1725 int x_position, int y_position,
1726 int w, int h)
1727 {
1728 if (x_position > ds_get_width(vs->ds))
1729 x_position = ds_get_width(vs->ds);
1730 if (y_position > ds_get_height(vs->ds))
1731 y_position = ds_get_height(vs->ds);
1732 if (x_position + w >= ds_get_width(vs->ds))
1733 w = ds_get_width(vs->ds) - x_position;
1734 if (y_position + h >= ds_get_height(vs->ds))
1735 h = ds_get_height(vs->ds) - y_position;
1736
1737 int i;
1738 vs->need_update = 1;
1739 if (!incremental) {
1740 vs->force_update = 1;
1741 for (i = 0; i < h; i++) {
1742 vnc_set_bits(vs->dirty[y_position + i],
1743 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1744 }
1745 }
1746 }
1747
1748 static void send_ext_key_event_ack(VncState *vs)
1749 {
1750 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1751 vnc_write_u8(vs, 0);
1752 vnc_write_u16(vs, 1);
1753 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1754 VNC_ENCODING_EXT_KEY_EVENT);
1755 vnc_flush(vs);
1756 }
1757
1758 static void send_ext_audio_ack(VncState *vs)
1759 {
1760 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1761 vnc_write_u8(vs, 0);
1762 vnc_write_u16(vs, 1);
1763 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1764 VNC_ENCODING_AUDIO);
1765 vnc_flush(vs);
1766 }
1767
1768 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1769 {
1770 int i;
1771 unsigned int enc = 0;
1772
1773 vnc_zlib_init(vs);
1774 vs->features = 0;
1775 vs->vnc_encoding = 0;
1776 vs->tight_compression = 9;
1777 vs->tight_quality = 9;
1778 vs->absolute = -1;
1779
1780 for (i = n_encodings - 1; i >= 0; i--) {
1781 enc = encodings[i];
1782 switch (enc) {
1783 case VNC_ENCODING_RAW:
1784 vs->vnc_encoding = enc;
1785 break;
1786 case VNC_ENCODING_COPYRECT:
1787 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1788 break;
1789 case VNC_ENCODING_HEXTILE:
1790 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1791 vs->vnc_encoding = enc;
1792 break;
1793 case VNC_ENCODING_ZLIB:
1794 vs->features |= VNC_FEATURE_ZLIB_MASK;
1795 vs->vnc_encoding = enc;
1796 break;
1797 case VNC_ENCODING_DESKTOPRESIZE:
1798 vs->features |= VNC_FEATURE_RESIZE_MASK;
1799 break;
1800 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1801 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1802 break;
1803 case VNC_ENCODING_EXT_KEY_EVENT:
1804 send_ext_key_event_ack(vs);
1805 break;
1806 case VNC_ENCODING_AUDIO:
1807 send_ext_audio_ack(vs);
1808 break;
1809 case VNC_ENCODING_WMVi:
1810 vs->features |= VNC_FEATURE_WMVI_MASK;
1811 break;
1812 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1813 vs->tight_compression = (enc & 0x0F);
1814 break;
1815 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1816 vs->tight_quality = (enc & 0x0F);
1817 break;
1818 default:
1819 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1820 break;
1821 }
1822 }
1823 }
1824
1825 static void set_pixel_conversion(VncState *vs)
1826 {
1827 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1828 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1829 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1830 vs->write_pixels = vnc_write_pixels_copy;
1831 switch (vs->ds->surface->pf.bits_per_pixel) {
1832 case 8:
1833 vs->send_hextile_tile = send_hextile_tile_8;
1834 break;
1835 case 16:
1836 vs->send_hextile_tile = send_hextile_tile_16;
1837 break;
1838 case 32:
1839 vs->send_hextile_tile = send_hextile_tile_32;
1840 break;
1841 }
1842 } else {
1843 vs->write_pixels = vnc_write_pixels_generic;
1844 switch (vs->ds->surface->pf.bits_per_pixel) {
1845 case 8:
1846 vs->send_hextile_tile = send_hextile_tile_generic_8;
1847 break;
1848 case 16:
1849 vs->send_hextile_tile = send_hextile_tile_generic_16;
1850 break;
1851 case 32:
1852 vs->send_hextile_tile = send_hextile_tile_generic_32;
1853 break;
1854 }
1855 }
1856 }
1857
1858 static void set_pixel_format(VncState *vs,
1859 int bits_per_pixel, int depth,
1860 int big_endian_flag, int true_color_flag,
1861 int red_max, int green_max, int blue_max,
1862 int red_shift, int green_shift, int blue_shift)
1863 {
1864 if (!true_color_flag) {
1865 vnc_client_error(vs);
1866 return;
1867 }
1868
1869 vs->clientds = *(vs->vd->guest.ds);
1870 vs->clientds.pf.rmax = red_max;
1871 count_bits(vs->clientds.pf.rbits, red_max);
1872 vs->clientds.pf.rshift = red_shift;
1873 vs->clientds.pf.rmask = red_max << red_shift;
1874 vs->clientds.pf.gmax = green_max;
1875 count_bits(vs->clientds.pf.gbits, green_max);
1876 vs->clientds.pf.gshift = green_shift;
1877 vs->clientds.pf.gmask = green_max << green_shift;
1878 vs->clientds.pf.bmax = blue_max;
1879 count_bits(vs->clientds.pf.bbits, blue_max);
1880 vs->clientds.pf.bshift = blue_shift;
1881 vs->clientds.pf.bmask = blue_max << blue_shift;
1882 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1883 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1884 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1885 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1886
1887 set_pixel_conversion(vs);
1888
1889 vga_hw_invalidate();
1890 vga_hw_update();
1891 }
1892
1893 static void pixel_format_message (VncState *vs) {
1894 char pad[3] = { 0, 0, 0 };
1895
1896 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1897 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1898
1899 #ifdef HOST_WORDS_BIGENDIAN
1900 vnc_write_u8(vs, 1); /* big-endian-flag */
1901 #else
1902 vnc_write_u8(vs, 0); /* big-endian-flag */
1903 #endif
1904 vnc_write_u8(vs, 1); /* true-color-flag */
1905 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1906 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1907 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1908 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1909 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1910 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1911 if (vs->ds->surface->pf.bits_per_pixel == 32)
1912 vs->send_hextile_tile = send_hextile_tile_32;
1913 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1914 vs->send_hextile_tile = send_hextile_tile_16;
1915 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1916 vs->send_hextile_tile = send_hextile_tile_8;
1917 vs->clientds = *(vs->ds->surface);
1918 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1919 vs->write_pixels = vnc_write_pixels_copy;
1920
1921 vnc_write(vs, pad, 3); /* padding */
1922 }
1923
1924 static void vnc_dpy_setdata(DisplayState *ds)
1925 {
1926 /* We don't have to do anything */
1927 }
1928
1929 static void vnc_colordepth(VncState *vs)
1930 {
1931 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1932 /* Sending a WMVi message to notify the client*/
1933 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1934 vnc_write_u8(vs, 0);
1935 vnc_write_u16(vs, 1); /* number of rects */
1936 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1937 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1938 pixel_format_message(vs);
1939 vnc_flush(vs);
1940 } else {
1941 set_pixel_conversion(vs);
1942 }
1943 }
1944
1945 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1946 {
1947 int i;
1948 uint16_t limit;
1949 VncDisplay *vd = vs->vd;
1950
1951 if (data[0] > 3) {
1952 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1953 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1954 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1955 }
1956
1957 switch (data[0]) {
1958 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1959 if (len == 1)
1960 return 20;
1961
1962 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1963 read_u8(data, 6), read_u8(data, 7),
1964 read_u16(data, 8), read_u16(data, 10),
1965 read_u16(data, 12), read_u8(data, 14),
1966 read_u8(data, 15), read_u8(data, 16));
1967 break;
1968 case VNC_MSG_CLIENT_SET_ENCODINGS:
1969 if (len == 1)
1970 return 4;
1971
1972 if (len == 4) {
1973 limit = read_u16(data, 2);
1974 if (limit > 0)
1975 return 4 + (limit * 4);
1976 } else
1977 limit = read_u16(data, 2);
1978
1979 for (i = 0; i < limit; i++) {
1980 int32_t val = read_s32(data, 4 + (i * 4));
1981 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1982 }
1983
1984 set_encodings(vs, (int32_t *)(data + 4), limit);
1985 break;
1986 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1987 if (len == 1)
1988 return 10;
1989
1990 framebuffer_update_request(vs,
1991 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1992 read_u16(data, 6), read_u16(data, 8));
1993 break;
1994 case VNC_MSG_CLIENT_KEY_EVENT:
1995 if (len == 1)
1996 return 8;
1997
1998 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1999 break;
2000 case VNC_MSG_CLIENT_POINTER_EVENT:
2001 if (len == 1)
2002 return 6;
2003
2004 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2005 break;
2006 case VNC_MSG_CLIENT_CUT_TEXT:
2007 if (len == 1)
2008 return 8;
2009
2010 if (len == 8) {
2011 uint32_t dlen = read_u32(data, 4);
2012 if (dlen > 0)
2013 return 8 + dlen;
2014 }
2015
2016 client_cut_text(vs, read_u32(data, 4), data + 8);
2017 break;
2018 case VNC_MSG_CLIENT_QEMU:
2019 if (len == 1)
2020 return 2;
2021
2022 switch (read_u8(data, 1)) {
2023 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2024 if (len == 2)
2025 return 12;
2026
2027 ext_key_event(vs, read_u16(data, 2),
2028 read_u32(data, 4), read_u32(data, 8));
2029 break;
2030 case VNC_MSG_CLIENT_QEMU_AUDIO:
2031 if (len == 2)
2032 return 4;
2033
2034 switch (read_u16 (data, 2)) {
2035 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2036 audio_add(vs);
2037 break;
2038 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2039 audio_del(vs);
2040 break;
2041 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2042 if (len == 4)
2043 return 10;
2044 switch (read_u8(data, 4)) {
2045 case 0: vs->as.fmt = AUD_FMT_U8; break;
2046 case 1: vs->as.fmt = AUD_FMT_S8; break;
2047 case 2: vs->as.fmt = AUD_FMT_U16; break;
2048 case 3: vs->as.fmt = AUD_FMT_S16; break;
2049 case 4: vs->as.fmt = AUD_FMT_U32; break;
2050 case 5: vs->as.fmt = AUD_FMT_S32; break;
2051 default:
2052 printf("Invalid audio format %d\n", read_u8(data, 4));
2053 vnc_client_error(vs);
2054 break;
2055 }
2056 vs->as.nchannels = read_u8(data, 5);
2057 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2058 printf("Invalid audio channel coount %d\n",
2059 read_u8(data, 5));
2060 vnc_client_error(vs);
2061 break;
2062 }
2063 vs->as.freq = read_u32(data, 6);
2064 break;
2065 default:
2066 printf ("Invalid audio message %d\n", read_u8(data, 4));
2067 vnc_client_error(vs);
2068 break;
2069 }
2070 break;
2071
2072 default:
2073 printf("Msg: %d\n", read_u16(data, 0));
2074 vnc_client_error(vs);
2075 break;
2076 }
2077 break;
2078 default:
2079 printf("Msg: %d\n", data[0]);
2080 vnc_client_error(vs);
2081 break;
2082 }
2083
2084 vnc_read_when(vs, protocol_client_msg, 1);
2085 return 0;
2086 }
2087
2088 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2089 {
2090 char buf[1024];
2091 int size;
2092
2093 vnc_write_u16(vs, ds_get_width(vs->ds));
2094 vnc_write_u16(vs, ds_get_height(vs->ds));
2095
2096 pixel_format_message(vs);
2097
2098 if (qemu_name)
2099 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2100 else
2101 size = snprintf(buf, sizeof(buf), "QEMU");
2102
2103 vnc_write_u32(vs, size);
2104 vnc_write(vs, buf, size);
2105 vnc_flush(vs);
2106
2107 vnc_client_cache_auth(vs);
2108 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2109
2110 vnc_read_when(vs, protocol_client_msg, 1);
2111
2112 return 0;
2113 }
2114
2115 void start_client_init(VncState *vs)
2116 {
2117 vnc_read_when(vs, protocol_client_init, 1);
2118 }
2119
2120 static void make_challenge(VncState *vs)
2121 {
2122 int i;
2123
2124 srand(time(NULL)+getpid()+getpid()*987654+rand());
2125
2126 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2127 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2128 }
2129
2130 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2131 {
2132 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2133 int i, j, pwlen;
2134 unsigned char key[8];
2135
2136 if (!vs->vd->password || !vs->vd->password[0]) {
2137 VNC_DEBUG("No password configured on server");
2138 vnc_write_u32(vs, 1); /* Reject auth */
2139 if (vs->minor >= 8) {
2140 static const char err[] = "Authentication failed";
2141 vnc_write_u32(vs, sizeof(err));
2142 vnc_write(vs, err, sizeof(err));
2143 }
2144 vnc_flush(vs);
2145 vnc_client_error(vs);
2146 return 0;
2147 }
2148
2149 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2150
2151 /* Calculate the expected challenge response */
2152 pwlen = strlen(vs->vd->password);
2153 for (i=0; i<sizeof(key); i++)
2154 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2155 deskey(key, EN0);
2156 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2157 des(response+j, response+j);
2158
2159 /* Compare expected vs actual challenge response */
2160 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2161 VNC_DEBUG("Client challenge reponse did not match\n");
2162 vnc_write_u32(vs, 1); /* Reject auth */
2163 if (vs->minor >= 8) {
2164 static const char err[] = "Authentication failed";
2165 vnc_write_u32(vs, sizeof(err));
2166 vnc_write(vs, err, sizeof(err));
2167 }
2168 vnc_flush(vs);
2169 vnc_client_error(vs);
2170 } else {
2171 VNC_DEBUG("Accepting VNC challenge response\n");
2172 vnc_write_u32(vs, 0); /* Accept auth */
2173 vnc_flush(vs);
2174
2175 start_client_init(vs);
2176 }
2177 return 0;
2178 }
2179
2180 void start_auth_vnc(VncState *vs)
2181 {
2182 make_challenge(vs);
2183 /* Send client a 'random' challenge */
2184 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2185 vnc_flush(vs);
2186
2187 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2188 }
2189
2190
2191 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2192 {
2193 /* We only advertise 1 auth scheme at a time, so client
2194 * must pick the one we sent. Verify this */
2195 if (data[0] != vs->vd->auth) { /* Reject auth */
2196 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2197 vnc_write_u32(vs, 1);
2198 if (vs->minor >= 8) {
2199 static const char err[] = "Authentication failed";
2200 vnc_write_u32(vs, sizeof(err));
2201 vnc_write(vs, err, sizeof(err));
2202 }
2203 vnc_client_error(vs);
2204 } else { /* Accept requested auth */
2205 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2206 switch (vs->vd->auth) {
2207 case VNC_AUTH_NONE:
2208 VNC_DEBUG("Accept auth none\n");
2209 if (vs->minor >= 8) {
2210 vnc_write_u32(vs, 0); /* Accept auth completion */
2211 vnc_flush(vs);
2212 }
2213 start_client_init(vs);
2214 break;
2215
2216 case VNC_AUTH_VNC:
2217 VNC_DEBUG("Start VNC auth\n");
2218 start_auth_vnc(vs);
2219 break;
2220
2221 #ifdef CONFIG_VNC_TLS
2222 case VNC_AUTH_VENCRYPT:
2223 VNC_DEBUG("Accept VeNCrypt auth\n");;
2224 start_auth_vencrypt(vs);
2225 break;
2226 #endif /* CONFIG_VNC_TLS */
2227
2228 #ifdef CONFIG_VNC_SASL
2229 case VNC_AUTH_SASL:
2230 VNC_DEBUG("Accept SASL auth\n");
2231 start_auth_sasl(vs);
2232 break;
2233 #endif /* CONFIG_VNC_SASL */
2234
2235 default: /* Should not be possible, but just in case */
2236 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2237 vnc_write_u8(vs, 1);
2238 if (vs->minor >= 8) {
2239 static const char err[] = "Authentication failed";
2240 vnc_write_u32(vs, sizeof(err));
2241 vnc_write(vs, err, sizeof(err));
2242 }
2243 vnc_client_error(vs);
2244 }
2245 }
2246 return 0;
2247 }
2248
2249 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2250 {
2251 char local[13];
2252
2253 memcpy(local, version, 12);
2254 local[12] = 0;
2255
2256 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2257 VNC_DEBUG("Malformed protocol version %s\n", local);
2258 vnc_client_error(vs);
2259 return 0;
2260 }
2261 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2262 if (vs->major != 3 ||
2263 (vs->minor != 3 &&
2264 vs->minor != 4 &&
2265 vs->minor != 5 &&
2266 vs->minor != 7 &&
2267 vs->minor != 8)) {
2268 VNC_DEBUG("Unsupported client version\n");
2269 vnc_write_u32(vs, VNC_AUTH_INVALID);
2270 vnc_flush(vs);
2271 vnc_client_error(vs);
2272 return 0;
2273 }
2274 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2275 * as equivalent to v3.3 by servers
2276 */
2277 if (vs->minor == 4 || vs->minor == 5)
2278 vs->minor = 3;
2279
2280 if (vs->minor == 3) {
2281 if (vs->vd->auth == VNC_AUTH_NONE) {
2282 VNC_DEBUG("Tell client auth none\n");
2283 vnc_write_u32(vs, vs->vd->auth);
2284 vnc_flush(vs);
2285 start_client_init(vs);
2286 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2287 VNC_DEBUG("Tell client VNC auth\n");
2288 vnc_write_u32(vs, vs->vd->auth);
2289 vnc_flush(vs);
2290 start_auth_vnc(vs);
2291 } else {
2292 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2293 vnc_write_u32(vs, VNC_AUTH_INVALID);
2294 vnc_flush(vs);
2295 vnc_client_error(vs);
2296 }
2297 } else {
2298 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2299 vnc_write_u8(vs, 1); /* num auth */
2300 vnc_write_u8(vs, vs->vd->auth);
2301 vnc_read_when(vs, protocol_client_auth, 1);
2302 vnc_flush(vs);
2303 }
2304
2305 return 0;
2306 }
2307
2308 static int vnc_refresh_server_surface(VncDisplay *vd)
2309 {
2310 int y;
2311 uint8_t *guest_row;
2312 uint8_t *server_row;
2313 int cmp_bytes;
2314 uint32_t width_mask[VNC_DIRTY_WORDS];
2315 VncState *vs;
2316 int has_dirty = 0;
2317
2318 /*
2319 * Walk through the guest dirty map.
2320 * Check and copy modified bits from guest to server surface.
2321 * Update server dirty map.
2322 */
2323 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2324 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2325 guest_row = vd->guest.ds->data;
2326 server_row = vd->server->data;
2327 for (y = 0; y < vd->guest.ds->height; y++) {
2328 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2329 int x;
2330 uint8_t *guest_ptr;
2331 uint8_t *server_ptr;
2332
2333 guest_ptr = guest_row;
2334 server_ptr = server_row;
2335
2336 for (x = 0; x < vd->guest.ds->width;
2337 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2338 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2339 continue;
2340 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2341 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2342 continue;
2343 memcpy(server_ptr, guest_ptr, cmp_bytes);
2344 QTAILQ_FOREACH(vs, &vd->clients, next) {
2345 vnc_set_bit(vs->dirty[y], (x / 16));
2346 }
2347 has_dirty++;
2348 }
2349 }
2350 guest_row += ds_get_linesize(vd->ds);
2351 server_row += ds_get_linesize(vd->ds);
2352 }
2353 return has_dirty;
2354 }
2355
2356 static void vnc_refresh(void *opaque)
2357 {
2358 VncDisplay *vd = opaque;
2359 VncState *vs, *vn;
2360 int has_dirty, rects = 0;
2361
2362 vga_hw_update();
2363
2364 has_dirty = vnc_refresh_server_surface(vd);
2365
2366 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2367 rects += vnc_update_client(vs, has_dirty);
2368 /* vs might be free()ed here */
2369 }
2370 /* vd->timer could be NULL now if the last client disconnected,
2371 * in this case don't update the timer */
2372 if (vd->timer == NULL)
2373 return;
2374
2375 if (has_dirty && rects) {
2376 vd->timer_interval /= 2;
2377 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2378 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2379 } else {
2380 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2381 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2382 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2383 }
2384 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2385 }
2386
2387 static void vnc_init_timer(VncDisplay *vd)
2388 {
2389 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2390 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2391 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2392 vnc_refresh(vd);
2393 }
2394 }
2395
2396 static void vnc_remove_timer(VncDisplay *vd)
2397 {
2398 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2399 qemu_del_timer(vd->timer);
2400 qemu_free_timer(vd->timer);
2401 vd->timer = NULL;
2402 }
2403 }
2404
2405 static void vnc_connect(VncDisplay *vd, int csock)
2406 {
2407 VncState *vs = qemu_mallocz(sizeof(VncState));
2408 vs->csock = csock;
2409
2410 VNC_DEBUG("New client on socket %d\n", csock);
2411 dcl->idle = 0;
2412 socket_set_nonblock(vs->csock);
2413 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2414
2415 vnc_client_cache_addr(vs);
2416 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2417
2418 vs->vd = vd;
2419 vs->ds = vd->ds;
2420 vs->last_x = -1;
2421 vs->last_y = -1;
2422
2423 vs->as.freq = 44100;
2424 vs->as.nchannels = 2;
2425 vs->as.fmt = AUD_FMT_S16;
2426 vs->as.endianness = 0;
2427
2428 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2429
2430 vga_hw_update();
2431
2432 vnc_write(vs, "RFB 003.008\n", 12);
2433 vnc_flush(vs);
2434 vnc_read_when(vs, protocol_version, 12);
2435 reset_keys(vs);
2436 if (vs->vd->lock_key_sync)
2437 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2438
2439 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2440 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2441
2442 vnc_init_timer(vd);
2443
2444 /* vs might be free()ed here */
2445 }
2446
2447 static void vnc_listen_read(void *opaque)
2448 {
2449 VncDisplay *vs = opaque;
2450 struct sockaddr_in addr;
2451 socklen_t addrlen = sizeof(addr);
2452
2453 /* Catch-up */
2454 vga_hw_update();
2455
2456 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2457 if (csock != -1) {
2458 vnc_connect(vs, csock);
2459 }
2460 }
2461
2462 void vnc_display_init(DisplayState *ds)
2463 {
2464 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2465
2466 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2467
2468 ds->opaque = vs;
2469 dcl->idle = 1;
2470 vnc_display = vs;
2471
2472 vs->lsock = -1;
2473
2474 vs->ds = ds;
2475 QTAILQ_INIT(&vs->clients);
2476
2477 if (keyboard_layout)
2478 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2479 else
2480 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2481
2482 if (!vs->kbd_layout)
2483 exit(1);
2484
2485 dcl->dpy_copy = vnc_dpy_copy;
2486 dcl->dpy_update = vnc_dpy_update;
2487 dcl->dpy_resize = vnc_dpy_resize;
2488 dcl->dpy_setdata = vnc_dpy_setdata;
2489 register_displaychangelistener(ds, dcl);
2490 }
2491
2492
2493 void vnc_display_close(DisplayState *ds)
2494 {
2495 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2496
2497 if (!vs)
2498 return;
2499 if (vs->display) {
2500 qemu_free(vs->display);
2501 vs->display = NULL;
2502 }
2503 if (vs->lsock != -1) {
2504 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2505 close(vs->lsock);
2506 vs->lsock = -1;
2507 }
2508 vs->auth = VNC_AUTH_INVALID;
2509 #ifdef CONFIG_VNC_TLS
2510 vs->subauth = VNC_AUTH_INVALID;
2511 vs->tls.x509verify = 0;
2512 #endif
2513 }
2514
2515 int vnc_display_password(DisplayState *ds, const char *password)
2516 {
2517 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2518
2519 if (!vs) {
2520 return -1;
2521 }
2522
2523 if (vs->password) {
2524 qemu_free(vs->password);
2525 vs->password = NULL;
2526 }
2527 if (password && password[0]) {
2528 if (!(vs->password = qemu_strdup(password)))
2529 return -1;
2530 if (vs->auth == VNC_AUTH_NONE) {
2531 vs->auth = VNC_AUTH_VNC;
2532 }
2533 } else {
2534 vs->auth = VNC_AUTH_NONE;
2535 }
2536
2537 return 0;
2538 }
2539
2540 char *vnc_display_local_addr(DisplayState *ds)
2541 {
2542 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2543
2544 return vnc_socket_local_addr("%s:%s", vs->lsock);
2545 }
2546
2547 int vnc_display_open(DisplayState *ds, const char *display)
2548 {
2549 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2550 const char *options;
2551 int password = 0;
2552 int reverse = 0;
2553 #ifdef CONFIG_VNC_TLS
2554 int tls = 0, x509 = 0;
2555 #endif
2556 #ifdef CONFIG_VNC_SASL
2557 int sasl = 0;
2558 int saslErr;
2559 #endif
2560 int acl = 0;
2561 int lock_key_sync = 1;
2562
2563 if (!vnc_display)
2564 return -1;
2565 vnc_display_close(ds);
2566 if (strcmp(display, "none") == 0)
2567 return 0;
2568
2569 if (!(vs->display = strdup(display)))
2570 return -1;
2571
2572 options = display;
2573 while ((options = strchr(options, ','))) {
2574 options++;
2575 if (strncmp(options, "password", 8) == 0) {
2576 password = 1; /* Require password auth */
2577 } else if (strncmp(options, "reverse", 7) == 0) {
2578 reverse = 1;
2579 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2580 lock_key_sync = 0;
2581 #ifdef CONFIG_VNC_SASL
2582 } else if (strncmp(options, "sasl", 4) == 0) {
2583 sasl = 1; /* Require SASL auth */
2584 #endif
2585 #ifdef CONFIG_VNC_TLS
2586 } else if (strncmp(options, "tls", 3) == 0) {
2587 tls = 1; /* Require TLS */
2588 } else if (strncmp(options, "x509", 4) == 0) {
2589 char *start, *end;
2590 x509 = 1; /* Require x509 certificates */
2591 if (strncmp(options, "x509verify", 10) == 0)
2592 vs->tls.x509verify = 1; /* ...and verify client certs */
2593
2594 /* Now check for 'x509=/some/path' postfix
2595 * and use that to setup x509 certificate/key paths */
2596 start = strchr(options, '=');
2597 end = strchr(options, ',');
2598 if (start && (!end || (start < end))) {
2599 int len = end ? end-(start+1) : strlen(start+1);
2600 char *path = qemu_strndup(start + 1, len);
2601
2602 VNC_DEBUG("Trying certificate path '%s'\n", path);
2603 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2604 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2605 qemu_free(path);
2606 qemu_free(vs->display);
2607 vs->display = NULL;
2608 return -1;
2609 }
2610 qemu_free(path);
2611 } else {
2612 fprintf(stderr, "No certificate path provided\n");
2613 qemu_free(vs->display);
2614 vs->display = NULL;
2615 return -1;
2616 }
2617 #endif
2618 } else if (strncmp(options, "acl", 3) == 0) {
2619 acl = 1;
2620 }
2621 }
2622
2623 #ifdef CONFIG_VNC_TLS
2624 if (acl && x509 && vs->tls.x509verify) {
2625 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2626 fprintf(stderr, "Failed to create x509 dname ACL\n");
2627 exit(1);
2628 }
2629 }
2630 #endif
2631 #ifdef CONFIG_VNC_SASL
2632 if (acl && sasl) {
2633 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2634 fprintf(stderr, "Failed to create username ACL\n");
2635 exit(1);
2636 }
2637 }
2638 #endif
2639
2640 /*
2641 * Combinations we support here:
2642 *
2643 * - no-auth (clear text, no auth)
2644 * - password (clear text, weak auth)
2645 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2646 * - tls (encrypt, weak anonymous creds, no auth)
2647 * - tls + password (encrypt, weak anonymous creds, weak auth)
2648 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2649 * - tls + x509 (encrypt, good x509 creds, no auth)
2650 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2651 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2652 *
2653 * NB1. TLS is a stackable auth scheme.
2654 * NB2. the x509 schemes have option to validate a client cert dname
2655 */
2656 if (password) {
2657 #ifdef CONFIG_VNC_TLS
2658 if (tls) {
2659 vs->auth = VNC_AUTH_VENCRYPT;
2660 if (x509) {
2661 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2662 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2663 } else {
2664 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2665 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2666 }
2667 } else {
2668 #endif /* CONFIG_VNC_TLS */
2669 VNC_DEBUG("Initializing VNC server with password auth\n");
2670 vs->auth = VNC_AUTH_VNC;
2671 #ifdef CONFIG_VNC_TLS
2672 vs->subauth = VNC_AUTH_INVALID;
2673 }
2674 #endif /* CONFIG_VNC_TLS */
2675 #ifdef CONFIG_VNC_SASL
2676 } else if (sasl) {
2677 #ifdef CONFIG_VNC_TLS
2678 if (tls) {
2679 vs->auth = VNC_AUTH_VENCRYPT;
2680 if (x509) {
2681 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2682 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2683 } else {
2684 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2685 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2686 }
2687 } else {
2688 #endif /* CONFIG_VNC_TLS */
2689 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2690 vs->auth = VNC_AUTH_SASL;
2691 #ifdef CONFIG_VNC_TLS
2692 vs->subauth = VNC_AUTH_INVALID;
2693 }
2694 #endif /* CONFIG_VNC_TLS */
2695 #endif /* CONFIG_VNC_SASL */
2696 } else {
2697 #ifdef CONFIG_VNC_TLS
2698 if (tls) {
2699 vs->auth = VNC_AUTH_VENCRYPT;
2700 if (x509) {
2701 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2702 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2703 } else {
2704 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2705 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2706 }
2707 } else {
2708 #endif
2709 VNC_DEBUG("Initializing VNC server with no auth\n");
2710 vs->auth = VNC_AUTH_NONE;
2711 #ifdef CONFIG_VNC_TLS
2712 vs->subauth = VNC_AUTH_INVALID;
2713 }
2714 #endif
2715 }
2716
2717 #ifdef CONFIG_VNC_SASL
2718 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2719 fprintf(stderr, "Failed to initialize SASL auth %s",
2720 sasl_errstring(saslErr, NULL, NULL));
2721 free(vs->display);
2722 vs->display = NULL;
2723 return -1;
2724 }
2725 #endif
2726 vs->lock_key_sync = lock_key_sync;
2727
2728 if (reverse) {
2729 /* connect to viewer */
2730 if (strncmp(display, "unix:", 5) == 0)
2731 vs->lsock = unix_connect(display+5);
2732 else
2733 vs->lsock = inet_connect(display, SOCK_STREAM);
2734 if (-1 == vs->lsock) {
2735 free(vs->display);
2736 vs->display = NULL;
2737 return -1;
2738 } else {
2739 int csock = vs->lsock;
2740 vs->lsock = -1;
2741 vnc_connect(vs, csock);
2742 }
2743 return 0;
2744
2745 } else {
2746 /* listen for connects */
2747 char *dpy;
2748 dpy = qemu_malloc(256);
2749 if (strncmp(display, "unix:", 5) == 0) {
2750 pstrcpy(dpy, 256, "unix:");
2751 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2752 } else {
2753 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2754 }
2755 if (-1 == vs->lsock) {
2756 free(dpy);
2757 return -1;
2758 } else {
2759 free(vs->display);
2760 vs->display = dpy;
2761 }
2762 }
2763 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2764 }
Qemu copy for testing