]> git.proxmox.com Git - qemu.git/blob - vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vnc: Set invalid buffer pointers to NULL
[qemu.git] / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32
33 #define VNC_REFRESH_INTERVAL_BASE 30
34 #define VNC_REFRESH_INTERVAL_INC 50
35 #define VNC_REFRESH_INTERVAL_MAX 2000
36
37 #include "vnc_keysym.h"
38 #include "d3des.h"
39
40 #define count_bits(c, v) { \
41 for (c = 0; v; v >>= 1) \
42 { \
43 c += v & 1; \
44 } \
45 }
46
47
48 static VncDisplay *vnc_display; /* needed for info vnc */
49 static DisplayChangeListener *dcl;
50
51 static char *addr_to_string(const char *format,
52 struct sockaddr_storage *sa,
53 socklen_t salen) {
54 char *addr;
55 char host[NI_MAXHOST];
56 char serv[NI_MAXSERV];
57 int err;
58 size_t addrlen;
59
60 if ((err = getnameinfo((struct sockaddr *)sa, salen,
61 host, sizeof(host),
62 serv, sizeof(serv),
63 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
64 VNC_DEBUG("Cannot resolve address %d: %s\n",
65 err, gai_strerror(err));
66 return NULL;
67 }
68
69 /* Enough for the existing format + the 2 vars we're
70 * substituting in. */
71 addrlen = strlen(format) + strlen(host) + strlen(serv);
72 addr = qemu_malloc(addrlen + 1);
73 snprintf(addr, addrlen, format, host, serv);
74 addr[addrlen] = '\0';
75
76 return addr;
77 }
78
79
80 char *vnc_socket_local_addr(const char *format, int fd) {
81 struct sockaddr_storage sa;
82 socklen_t salen;
83
84 salen = sizeof(sa);
85 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86 return NULL;
87
88 return addr_to_string(format, &sa, salen);
89 }
90
91 char *vnc_socket_remote_addr(const char *format, int fd) {
92 struct sockaddr_storage sa;
93 socklen_t salen;
94
95 salen = sizeof(sa);
96 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
97 return NULL;
98
99 return addr_to_string(format, &sa, salen);
100 }
101
102 static const char *vnc_auth_name(VncDisplay *vd) {
103 switch (vd->auth) {
104 case VNC_AUTH_INVALID:
105 return "invalid";
106 case VNC_AUTH_NONE:
107 return "none";
108 case VNC_AUTH_VNC:
109 return "vnc";
110 case VNC_AUTH_RA2:
111 return "ra2";
112 case VNC_AUTH_RA2NE:
113 return "ra2ne";
114 case VNC_AUTH_TIGHT:
115 return "tight";
116 case VNC_AUTH_ULTRA:
117 return "ultra";
118 case VNC_AUTH_TLS:
119 return "tls";
120 case VNC_AUTH_VENCRYPT:
121 #ifdef CONFIG_VNC_TLS
122 switch (vd->subauth) {
123 case VNC_AUTH_VENCRYPT_PLAIN:
124 return "vencrypt+plain";
125 case VNC_AUTH_VENCRYPT_TLSNONE:
126 return "vencrypt+tls+none";
127 case VNC_AUTH_VENCRYPT_TLSVNC:
128 return "vencrypt+tls+vnc";
129 case VNC_AUTH_VENCRYPT_TLSPLAIN:
130 return "vencrypt+tls+plain";
131 case VNC_AUTH_VENCRYPT_X509NONE:
132 return "vencrypt+x509+none";
133 case VNC_AUTH_VENCRYPT_X509VNC:
134 return "vencrypt+x509+vnc";
135 case VNC_AUTH_VENCRYPT_X509PLAIN:
136 return "vencrypt+x509+plain";
137 case VNC_AUTH_VENCRYPT_TLSSASL:
138 return "vencrypt+tls+sasl";
139 case VNC_AUTH_VENCRYPT_X509SASL:
140 return "vencrypt+x509+sasl";
141 default:
142 return "vencrypt";
143 }
144 #else
145 return "vencrypt";
146 #endif
147 case VNC_AUTH_SASL:
148 return "sasl";
149 }
150 return "unknown";
151 }
152
153 static void do_info_vnc_client(Monitor *mon, VncState *client)
154 {
155 char *clientAddr =
156 vnc_socket_remote_addr(" address: %s:%s\n",
157 client->csock);
158 if (!clientAddr)
159 return;
160
161 monitor_printf(mon, "Client:\n");
162 monitor_printf(mon, "%s", clientAddr);
163 free(clientAddr);
164
165 #ifdef CONFIG_VNC_TLS
166 if (client->tls.session &&
167 client->tls.dname)
168 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
169 else
170 monitor_printf(mon, " x509 dname: none\n");
171 #endif
172 #ifdef CONFIG_VNC_SASL
173 if (client->sasl.conn &&
174 client->sasl.username)
175 monitor_printf(mon, " username: %s\n", client->sasl.username);
176 else
177 monitor_printf(mon, " username: none\n");
178 #endif
179 }
180
181 void do_info_vnc(Monitor *mon)
182 {
183 if (vnc_display == NULL || vnc_display->display == NULL) {
184 monitor_printf(mon, "Server: disabled\n");
185 } else {
186 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
187 vnc_display->lsock);
188
189 if (!serverAddr)
190 return;
191
192 monitor_printf(mon, "Server:\n");
193 monitor_printf(mon, "%s", serverAddr);
194 free(serverAddr);
195 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
196
197 if (vnc_display->clients) {
198 VncState *client = vnc_display->clients;
199 while (client) {
200 do_info_vnc_client(mon, client);
201 client = client->next;
202 }
203 } else {
204 monitor_printf(mon, "Client: none\n");
205 }
206 }
207 }
208
209 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
210 return (vs->features & (1 << feature));
211 }
212
213 /* TODO
214 1) Get the queue working for IO.
215 2) there is some weirdness when using the -S option (the screen is grey
216 and not totally invalidated
217 3) resolutions > 1024
218 */
219
220 static int vnc_update_client(VncState *vs, int has_dirty);
221 static void vnc_disconnect_start(VncState *vs);
222 static void vnc_disconnect_finish(VncState *vs);
223 static void vnc_init_timer(VncDisplay *vd);
224 static void vnc_remove_timer(VncDisplay *vd);
225
226 static void vnc_colordepth(VncState *vs);
227 static void framebuffer_update_request(VncState *vs, int incremental,
228 int x_position, int y_position,
229 int w, int h);
230 static void vnc_refresh(void *opaque);
231 static int vnc_refresh_server_surface(VncDisplay *vd);
232
233 static inline void vnc_set_bit(uint32_t *d, int k)
234 {
235 d[k >> 5] |= 1 << (k & 0x1f);
236 }
237
238 static inline void vnc_clear_bit(uint32_t *d, int k)
239 {
240 d[k >> 5] &= ~(1 << (k & 0x1f));
241 }
242
243 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
244 {
245 int j;
246
247 j = 0;
248 while (n >= 32) {
249 d[j++] = -1;
250 n -= 32;
251 }
252 if (n > 0)
253 d[j++] = (1 << n) - 1;
254 while (j < nb_words)
255 d[j++] = 0;
256 }
257
258 static inline int vnc_get_bit(const uint32_t *d, int k)
259 {
260 return (d[k >> 5] >> (k & 0x1f)) & 1;
261 }
262
263 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
264 int nb_words)
265 {
266 int i;
267 for(i = 0; i < nb_words; i++) {
268 if ((d1[i] & d2[i]) != 0)
269 return 1;
270 }
271 return 0;
272 }
273
274 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
275 {
276 int i;
277 VncDisplay *vd = ds->opaque;
278 struct VncSurface *s = &vd->guest;
279
280 h += y;
281
282 /* round x down to ensure the loop only spans one 16-pixel block per,
283 iteration. otherwise, if (x % 16) != 0, the last iteration may span
284 two 16-pixel blocks but we only mark the first as dirty
285 */
286 w += (x % 16);
287 x -= (x % 16);
288
289 x = MIN(x, s->ds->width);
290 y = MIN(y, s->ds->height);
291 w = MIN(x + w, s->ds->width) - x;
292 h = MIN(h, s->ds->height);
293
294 for (; y < h; y++)
295 for (i = 0; i < w; i += 16)
296 vnc_set_bit(s->dirty[y], (x + i) / 16);
297 }
298
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
300 int32_t encoding)
301 {
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
306
307 vnc_write_s32(vs, encoding);
308 }
309
310 void buffer_reserve(Buffer *buffer, size_t len)
311 {
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
317 exit(1);
318 }
319 }
320 }
321
322 int buffer_empty(Buffer *buffer)
323 {
324 return buffer->offset == 0;
325 }
326
327 uint8_t *buffer_end(Buffer *buffer)
328 {
329 return buffer->buffer + buffer->offset;
330 }
331
332 void buffer_reset(Buffer *buffer)
333 {
334 buffer->offset = 0;
335 }
336
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
338 {
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
341 }
342
343 static void vnc_dpy_resize(DisplayState *ds)
344 {
345 int size_changed;
346 VncDisplay *vd = ds->opaque;
347 VncState *vs = vd->clients;
348
349 /* server surface */
350 if (!vd->server)
351 vd->server = qemu_mallocz(sizeof(*vd->server));
352 if (vd->server->data)
353 qemu_free(vd->server->data);
354 *(vd->server) = *(ds->surface);
355 vd->server->data = qemu_mallocz(vd->server->linesize *
356 vd->server->height);
357
358 /* guest surface */
359 if (!vd->guest.ds)
360 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
361 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
362 console_color_init(ds);
363 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
364 ds_get_height(ds) != vd->guest.ds->height;
365 *(vd->guest.ds) = *(ds->surface);
366 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
367
368 while (vs != NULL) {
369 vnc_colordepth(vs);
370 if (size_changed) {
371 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
372 vnc_write_u8(vs, 0); /* msg id */
373 vnc_write_u8(vs, 0);
374 vnc_write_u16(vs, 1); /* number of rects */
375 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
376 VNC_ENCODING_DESKTOPRESIZE);
377 vnc_flush(vs);
378 }
379 }
380 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
381 vs = vs->next;
382 }
383 }
384
385 /* fastest code */
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
387 {
388 vnc_write(vs, pixels, size);
389 }
390
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
393 {
394 uint8_t r, g, b;
395 VncDisplay *vd = vs->vd;
396
397 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
398 vd->server->pf.rbits);
399 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
400 vd->server->pf.gbits);
401 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
402 vd->server->pf.bbits);
403 v = (r << vs->clientds.pf.rshift) |
404 (g << vs->clientds.pf.gshift) |
405 (b << vs->clientds.pf.bshift);
406 switch(vs->clientds.pf.bytes_per_pixel) {
407 case 1:
408 buf[0] = v;
409 break;
410 case 2:
411 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
412 buf[0] = v >> 8;
413 buf[1] = v;
414 } else {
415 buf[1] = v >> 8;
416 buf[0] = v;
417 }
418 break;
419 default:
420 case 4:
421 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
422 buf[0] = v >> 24;
423 buf[1] = v >> 16;
424 buf[2] = v >> 8;
425 buf[3] = v;
426 } else {
427 buf[3] = v >> 24;
428 buf[2] = v >> 16;
429 buf[1] = v >> 8;
430 buf[0] = v;
431 }
432 break;
433 }
434 }
435
436 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
437 {
438 uint8_t buf[4];
439 VncDisplay *vd = vs->vd;
440
441 if (vd->server->pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
443 int n, i;
444 n = size >> 2;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
448 }
449 } else if (vd->server->pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
451 int n, i;
452 n = size >> 1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
456 }
457 } else if (vd->server->pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
459 int n, i;
460 n = size;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
464 }
465 } else {
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
467 }
468 }
469
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
471 {
472 int i;
473 uint8_t *row;
474 VncDisplay *vd = vs->vd;
475
476 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
477 for (i = 0; i < h; i++) {
478 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
479 row += ds_get_linesize(vs->ds);
480 }
481 }
482
483 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
484 {
485 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
486 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
487 }
488
489 #define BPP 8
490 #include "vnchextile.h"
491 #undef BPP
492
493 #define BPP 16
494 #include "vnchextile.h"
495 #undef BPP
496
497 #define BPP 32
498 #include "vnchextile.h"
499 #undef BPP
500
501 #define GENERIC
502 #define BPP 8
503 #include "vnchextile.h"
504 #undef BPP
505 #undef GENERIC
506
507 #define GENERIC
508 #define BPP 16
509 #include "vnchextile.h"
510 #undef BPP
511 #undef GENERIC
512
513 #define GENERIC
514 #define BPP 32
515 #include "vnchextile.h"
516 #undef BPP
517 #undef GENERIC
518
519 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
520 {
521 int i, j;
522 int has_fg, has_bg;
523 uint8_t *last_fg, *last_bg;
524 VncDisplay *vd = vs->vd;
525
526 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
527 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
528 has_fg = has_bg = 0;
529 for (j = y; j < (y + h); j += 16) {
530 for (i = x; i < (x + w); i += 16) {
531 vs->send_hextile_tile(vs, i, j,
532 MIN(16, x + w - i), MIN(16, y + h - j),
533 last_bg, last_fg, &has_bg, &has_fg);
534 }
535 }
536 free(last_fg);
537 free(last_bg);
538
539 }
540
541 static void vnc_zlib_init(VncState *vs)
542 {
543 int i;
544 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
545 vs->zlib_stream[i].opaque = NULL;
546 }
547
548 static void vnc_zlib_start(VncState *vs)
549 {
550 buffer_reset(&vs->zlib);
551
552 // make the output buffer be the zlib buffer, so we can compress it later
553 vs->zlib_tmp = vs->output;
554 vs->output = vs->zlib;
555 }
556
557 static int vnc_zlib_stop(VncState *vs, int stream_id)
558 {
559 z_streamp zstream = &vs->zlib_stream[stream_id];
560 int previous_out;
561
562 // switch back to normal output/zlib buffers
563 vs->zlib = vs->output;
564 vs->output = vs->zlib_tmp;
565
566 // compress the zlib buffer
567
568 // initialize the stream
569 // XXX need one stream per session
570 if (zstream->opaque != vs) {
571 int err;
572
573 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
574 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
575 zstream->zalloc = Z_NULL;
576 zstream->zfree = Z_NULL;
577
578 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
579 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
580
581 if (err != Z_OK) {
582 fprintf(stderr, "VNC: error initializing zlib\n");
583 return -1;
584 }
585
586 zstream->opaque = vs;
587 }
588
589 // XXX what to do if tight_compression changed in between?
590
591 // reserve memory in output buffer
592 buffer_reserve(&vs->output, vs->zlib.offset + 64);
593
594 // set pointers
595 zstream->next_in = vs->zlib.buffer;
596 zstream->avail_in = vs->zlib.offset;
597 zstream->next_out = vs->output.buffer + vs->output.offset;
598 zstream->avail_out = vs->output.capacity - vs->output.offset;
599 zstream->data_type = Z_BINARY;
600 previous_out = zstream->total_out;
601
602 // start encoding
603 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
604 fprintf(stderr, "VNC: error during zlib compression\n");
605 return -1;
606 }
607
608 vs->output.offset = vs->output.capacity - zstream->avail_out;
609 return zstream->total_out - previous_out;
610 }
611
612 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
613 {
614 int old_offset, new_offset, bytes_written;
615
616 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
617
618 // remember where we put in the follow-up size
619 old_offset = vs->output.offset;
620 vnc_write_s32(vs, 0);
621
622 // compress the stream
623 vnc_zlib_start(vs);
624 send_framebuffer_update_raw(vs, x, y, w, h);
625 bytes_written = vnc_zlib_stop(vs, 0);
626
627 if (bytes_written == -1)
628 return;
629
630 // hack in the size
631 new_offset = vs->output.offset;
632 vs->output.offset = old_offset;
633 vnc_write_u32(vs, bytes_written);
634 vs->output.offset = new_offset;
635 }
636
637 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
638 {
639 switch(vs->vnc_encoding) {
640 case VNC_ENCODING_ZLIB:
641 send_framebuffer_update_zlib(vs, x, y, w, h);
642 break;
643 case VNC_ENCODING_HEXTILE:
644 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
645 send_framebuffer_update_hextile(vs, x, y, w, h);
646 break;
647 default:
648 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
649 send_framebuffer_update_raw(vs, x, y, w, h);
650 break;
651 }
652 }
653
654 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
655 {
656 /* send bitblit op to the vnc client */
657 vnc_write_u8(vs, 0); /* msg id */
658 vnc_write_u8(vs, 0);
659 vnc_write_u16(vs, 1); /* number of rects */
660 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
661 vnc_write_u16(vs, src_x);
662 vnc_write_u16(vs, src_y);
663 vnc_flush(vs);
664 }
665
666 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
667 {
668 VncDisplay *vd = ds->opaque;
669 VncState *vs, *vn;
670 uint8_t *src_row;
671 uint8_t *dst_row;
672 int i,x,y,pitch,depth,inc,w_lim,s;
673 int cmp_bytes;
674
675 vnc_refresh_server_surface(vd);
676 for (vs = vd->clients; vs != NULL; vs = vn) {
677 vn = vs->next;
678 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
679 vs->force_update = 1;
680 vnc_update_client(vs, 1);
681 /* vs might be free()ed here */
682 }
683 }
684
685 /* do bitblit op on the local surface too */
686 pitch = ds_get_linesize(vd->ds);
687 depth = ds_get_bytes_per_pixel(vd->ds);
688 src_row = vd->server->data + pitch * src_y + depth * src_x;
689 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
690 y = dst_y;
691 inc = 1;
692 if (dst_y > src_y) {
693 /* copy backwards */
694 src_row += pitch * (h-1);
695 dst_row += pitch * (h-1);
696 pitch = -pitch;
697 y = dst_y + h - 1;
698 inc = -1;
699 }
700 w_lim = w - (16 - (dst_x % 16));
701 if (w_lim < 0)
702 w_lim = w;
703 else
704 w_lim = w - (w_lim % 16);
705 for (i = 0; i < h; i++) {
706 for (x = 0; x <= w_lim;
707 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
708 if (x == w_lim) {
709 if ((s = w - w_lim) == 0)
710 break;
711 } else if (!x) {
712 s = (16 - (dst_x % 16));
713 s = MIN(s, w_lim);
714 } else {
715 s = 16;
716 }
717 cmp_bytes = s * depth;
718 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
719 continue;
720 memmove(dst_row, src_row, cmp_bytes);
721 vs = vd->clients;
722 while (vs != NULL) {
723 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
724 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
725 vs = vs->next;
726 }
727 }
728 src_row += pitch - w * depth;
729 dst_row += pitch - w * depth;
730 y += inc;
731 }
732
733 for (vs = vd->clients; vs != NULL; vs = vs->next) {
734 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
735 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
736 }
737 }
738
739 static int find_and_clear_dirty_height(struct VncState *vs,
740 int y, int last_x, int x)
741 {
742 int h;
743 VncDisplay *vd = vs->vd;
744
745 for (h = 1; h < (vd->server->height - y); h++) {
746 int tmp_x;
747 if (!vnc_get_bit(vs->dirty[y + h], last_x))
748 break;
749 for (tmp_x = last_x; tmp_x < x; tmp_x++)
750 vnc_clear_bit(vs->dirty[y + h], tmp_x);
751 }
752
753 return h;
754 }
755
756 static int vnc_update_client(VncState *vs, int has_dirty)
757 {
758 if (vs->need_update && vs->csock != -1) {
759 VncDisplay *vd = vs->vd;
760 int y;
761 int n_rectangles;
762 int saved_offset;
763
764 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
765 /* kernel send buffers are full -> drop frames to throttle */
766 return 0;
767
768 if (!has_dirty && !vs->audio_cap && !vs->force_update)
769 return 0;
770
771 /*
772 * Send screen updates to the vnc client using the server
773 * surface and server dirty map. guest surface updates
774 * happening in parallel don't disturb us, the next pass will
775 * send them to the client.
776 */
777 n_rectangles = 0;
778 vnc_write_u8(vs, 0); /* msg id */
779 vnc_write_u8(vs, 0);
780 saved_offset = vs->output.offset;
781 vnc_write_u16(vs, 0);
782
783 for (y = 0; y < vd->server->height; y++) {
784 int x;
785 int last_x = -1;
786 for (x = 0; x < vd->server->width / 16; x++) {
787 if (vnc_get_bit(vs->dirty[y], x)) {
788 if (last_x == -1) {
789 last_x = x;
790 }
791 vnc_clear_bit(vs->dirty[y], x);
792 } else {
793 if (last_x != -1) {
794 int h = find_and_clear_dirty_height(vs, y, last_x, x);
795 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
796 n_rectangles++;
797 }
798 last_x = -1;
799 }
800 }
801 if (last_x != -1) {
802 int h = find_and_clear_dirty_height(vs, y, last_x, x);
803 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
804 n_rectangles++;
805 }
806 }
807 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
808 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
809 vnc_flush(vs);
810 vs->force_update = 0;
811 return n_rectangles;
812 }
813
814 if (vs->csock == -1)
815 vnc_disconnect_finish(vs);
816
817 return 0;
818 }
819
820 /* audio */
821 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
822 {
823 VncState *vs = opaque;
824
825 switch (cmd) {
826 case AUD_CNOTIFY_DISABLE:
827 vnc_write_u8(vs, 255);
828 vnc_write_u8(vs, 1);
829 vnc_write_u16(vs, 0);
830 vnc_flush(vs);
831 break;
832
833 case AUD_CNOTIFY_ENABLE:
834 vnc_write_u8(vs, 255);
835 vnc_write_u8(vs, 1);
836 vnc_write_u16(vs, 1);
837 vnc_flush(vs);
838 break;
839 }
840 }
841
842 static void audio_capture_destroy(void *opaque)
843 {
844 }
845
846 static void audio_capture(void *opaque, void *buf, int size)
847 {
848 VncState *vs = opaque;
849
850 vnc_write_u8(vs, 255);
851 vnc_write_u8(vs, 1);
852 vnc_write_u16(vs, 2);
853 vnc_write_u32(vs, size);
854 vnc_write(vs, buf, size);
855 vnc_flush(vs);
856 }
857
858 static void audio_add(VncState *vs)
859 {
860 Monitor *mon = cur_mon;
861 struct audio_capture_ops ops;
862
863 if (vs->audio_cap) {
864 monitor_printf(mon, "audio already running\n");
865 return;
866 }
867
868 ops.notify = audio_capture_notify;
869 ops.destroy = audio_capture_destroy;
870 ops.capture = audio_capture;
871
872 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
873 if (!vs->audio_cap) {
874 monitor_printf(mon, "Failed to add audio capture\n");
875 }
876 }
877
878 static void audio_del(VncState *vs)
879 {
880 if (vs->audio_cap) {
881 AUD_del_capture(vs->audio_cap, vs);
882 vs->audio_cap = NULL;
883 }
884 }
885
886 static void vnc_disconnect_start(VncState *vs)
887 {
888 if (vs->csock == -1)
889 return;
890 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
891 closesocket(vs->csock);
892 vs->csock = -1;
893 }
894
895 static void vnc_disconnect_finish(VncState *vs)
896 {
897 if (vs->input.buffer) {
898 qemu_free(vs->input.buffer);
899 vs->input.buffer = NULL;
900 }
901 if (vs->output.buffer) {
902 qemu_free(vs->output.buffer);
903 vs->output.buffer = NULL;
904 }
905 #ifdef CONFIG_VNC_TLS
906 vnc_tls_client_cleanup(vs);
907 #endif /* CONFIG_VNC_TLS */
908 #ifdef CONFIG_VNC_SASL
909 vnc_sasl_client_cleanup(vs);
910 #endif /* CONFIG_VNC_SASL */
911 audio_del(vs);
912
913 VncState *p, *parent = NULL;
914 for (p = vs->vd->clients; p != NULL; p = p->next) {
915 if (p == vs) {
916 if (parent)
917 parent->next = p->next;
918 else
919 vs->vd->clients = p->next;
920 break;
921 }
922 parent = p;
923 }
924 if (!vs->vd->clients)
925 dcl->idle = 1;
926
927 vnc_remove_timer(vs->vd);
928 qemu_free(vs);
929 }
930
931 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
932 {
933 if (ret == 0 || ret == -1) {
934 if (ret == -1) {
935 switch (last_errno) {
936 case EINTR:
937 case EAGAIN:
938 #ifdef _WIN32
939 case WSAEWOULDBLOCK:
940 #endif
941 return 0;
942 default:
943 break;
944 }
945 }
946
947 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
948 ret, ret < 0 ? last_errno : 0);
949 vnc_disconnect_start(vs);
950
951 return 0;
952 }
953 return ret;
954 }
955
956
957 void vnc_client_error(VncState *vs)
958 {
959 VNC_DEBUG("Closing down client sock: protocol error\n");
960 vnc_disconnect_start(vs);
961 }
962
963
964 /*
965 * Called to write a chunk of data to the client socket. The data may
966 * be the raw data, or may have already been encoded by SASL.
967 * The data will be written either straight onto the socket, or
968 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
969 *
970 * NB, it is theoretically possible to have 2 layers of encryption,
971 * both SASL, and this TLS layer. It is highly unlikely in practice
972 * though, since SASL encryption will typically be a no-op if TLS
973 * is active
974 *
975 * Returns the number of bytes written, which may be less than
976 * the requested 'datalen' if the socket would block. Returns
977 * -1 on error, and disconnects the client socket.
978 */
979 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
980 {
981 long ret;
982 #ifdef CONFIG_VNC_TLS
983 if (vs->tls.session) {
984 ret = gnutls_write(vs->tls.session, data, datalen);
985 if (ret < 0) {
986 if (ret == GNUTLS_E_AGAIN)
987 errno = EAGAIN;
988 else
989 errno = EIO;
990 ret = -1;
991 }
992 } else
993 #endif /* CONFIG_VNC_TLS */
994 ret = send(vs->csock, (const void *)data, datalen, 0);
995 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
996 return vnc_client_io_error(vs, ret, socket_error());
997 }
998
999
1000 /*
1001 * Called to write buffered data to the client socket, when not
1002 * using any SASL SSF encryption layers. Will write as much data
1003 * as possible without blocking. If all buffered data is written,
1004 * will switch the FD poll() handler back to read monitoring.
1005 *
1006 * Returns the number of bytes written, which may be less than
1007 * the buffered output data if the socket would block. Returns
1008 * -1 on error, and disconnects the client socket.
1009 */
1010 static long vnc_client_write_plain(VncState *vs)
1011 {
1012 long ret;
1013
1014 #ifdef CONFIG_VNC_SASL
1015 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1016 vs->output.buffer, vs->output.capacity, vs->output.offset,
1017 vs->sasl.waitWriteSSF);
1018
1019 if (vs->sasl.conn &&
1020 vs->sasl.runSSF &&
1021 vs->sasl.waitWriteSSF) {
1022 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1023 if (ret)
1024 vs->sasl.waitWriteSSF -= ret;
1025 } else
1026 #endif /* CONFIG_VNC_SASL */
1027 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1028 if (!ret)
1029 return 0;
1030
1031 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1032 vs->output.offset -= ret;
1033
1034 if (vs->output.offset == 0) {
1035 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1036 }
1037
1038 return ret;
1039 }
1040
1041
1042 /*
1043 * First function called whenever there is data to be written to
1044 * the client socket. Will delegate actual work according to whether
1045 * SASL SSF layers are enabled (thus requiring encryption calls)
1046 */
1047 void vnc_client_write(void *opaque)
1048 {
1049 long ret;
1050 VncState *vs = opaque;
1051
1052 #ifdef CONFIG_VNC_SASL
1053 if (vs->sasl.conn &&
1054 vs->sasl.runSSF &&
1055 !vs->sasl.waitWriteSSF)
1056 ret = vnc_client_write_sasl(vs);
1057 else
1058 #endif /* CONFIG_VNC_SASL */
1059 ret = vnc_client_write_plain(vs);
1060 }
1061
1062 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1063 {
1064 vs->read_handler = func;
1065 vs->read_handler_expect = expecting;
1066 }
1067
1068
1069 /*
1070 * Called to read a chunk of data from the client socket. The data may
1071 * be the raw data, or may need to be further decoded by SASL.
1072 * The data will be read either straight from to the socket, or
1073 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1074 *
1075 * NB, it is theoretically possible to have 2 layers of encryption,
1076 * both SASL, and this TLS layer. It is highly unlikely in practice
1077 * though, since SASL encryption will typically be a no-op if TLS
1078 * is active
1079 *
1080 * Returns the number of bytes read, which may be less than
1081 * the requested 'datalen' if the socket would block. Returns
1082 * -1 on error, and disconnects the client socket.
1083 */
1084 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1085 {
1086 long ret;
1087 #ifdef CONFIG_VNC_TLS
1088 if (vs->tls.session) {
1089 ret = gnutls_read(vs->tls.session, data, datalen);
1090 if (ret < 0) {
1091 if (ret == GNUTLS_E_AGAIN)
1092 errno = EAGAIN;
1093 else
1094 errno = EIO;
1095 ret = -1;
1096 }
1097 } else
1098 #endif /* CONFIG_VNC_TLS */
1099 ret = recv(vs->csock, (void *)data, datalen, 0);
1100 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1101 return vnc_client_io_error(vs, ret, socket_error());
1102 }
1103
1104
1105 /*
1106 * Called to read data from the client socket to the input buffer,
1107 * when not using any SASL SSF encryption layers. Will read as much
1108 * data as possible without blocking.
1109 *
1110 * Returns the number of bytes read. Returns -1 on error, and
1111 * disconnects the client socket.
1112 */
1113 static long vnc_client_read_plain(VncState *vs)
1114 {
1115 int ret;
1116 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1117 vs->input.buffer, vs->input.capacity, vs->input.offset);
1118 buffer_reserve(&vs->input, 4096);
1119 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1120 if (!ret)
1121 return 0;
1122 vs->input.offset += ret;
1123 return ret;
1124 }
1125
1126
1127 /*
1128 * First function called whenever there is more data to be read from
1129 * the client socket. Will delegate actual work according to whether
1130 * SASL SSF layers are enabled (thus requiring decryption calls)
1131 */
1132 void vnc_client_read(void *opaque)
1133 {
1134 VncState *vs = opaque;
1135 long ret;
1136
1137 #ifdef CONFIG_VNC_SASL
1138 if (vs->sasl.conn && vs->sasl.runSSF)
1139 ret = vnc_client_read_sasl(vs);
1140 else
1141 #endif /* CONFIG_VNC_SASL */
1142 ret = vnc_client_read_plain(vs);
1143 if (!ret) {
1144 if (vs->csock == -1)
1145 vnc_disconnect_finish(vs);
1146 return;
1147 }
1148
1149 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1150 size_t len = vs->read_handler_expect;
1151 int ret;
1152
1153 ret = vs->read_handler(vs, vs->input.buffer, len);
1154 if (vs->csock == -1) {
1155 vnc_disconnect_finish(vs);
1156 return;
1157 }
1158
1159 if (!ret) {
1160 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1161 vs->input.offset -= len;
1162 } else {
1163 vs->read_handler_expect = ret;
1164 }
1165 }
1166 }
1167
1168 void vnc_write(VncState *vs, const void *data, size_t len)
1169 {
1170 buffer_reserve(&vs->output, len);
1171
1172 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1173 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1174 }
1175
1176 buffer_append(&vs->output, data, len);
1177 }
1178
1179 void vnc_write_s32(VncState *vs, int32_t value)
1180 {
1181 vnc_write_u32(vs, *(uint32_t *)&value);
1182 }
1183
1184 void vnc_write_u32(VncState *vs, uint32_t value)
1185 {
1186 uint8_t buf[4];
1187
1188 buf[0] = (value >> 24) & 0xFF;
1189 buf[1] = (value >> 16) & 0xFF;
1190 buf[2] = (value >> 8) & 0xFF;
1191 buf[3] = value & 0xFF;
1192
1193 vnc_write(vs, buf, 4);
1194 }
1195
1196 void vnc_write_u16(VncState *vs, uint16_t value)
1197 {
1198 uint8_t buf[2];
1199
1200 buf[0] = (value >> 8) & 0xFF;
1201 buf[1] = value & 0xFF;
1202
1203 vnc_write(vs, buf, 2);
1204 }
1205
1206 void vnc_write_u8(VncState *vs, uint8_t value)
1207 {
1208 vnc_write(vs, (char *)&value, 1);
1209 }
1210
1211 void vnc_flush(VncState *vs)
1212 {
1213 if (vs->csock != -1 && vs->output.offset)
1214 vnc_client_write(vs);
1215 }
1216
1217 uint8_t read_u8(uint8_t *data, size_t offset)
1218 {
1219 return data[offset];
1220 }
1221
1222 uint16_t read_u16(uint8_t *data, size_t offset)
1223 {
1224 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1225 }
1226
1227 int32_t read_s32(uint8_t *data, size_t offset)
1228 {
1229 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1230 (data[offset + 2] << 8) | data[offset + 3]);
1231 }
1232
1233 uint32_t read_u32(uint8_t *data, size_t offset)
1234 {
1235 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1236 (data[offset + 2] << 8) | data[offset + 3]);
1237 }
1238
1239 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1240 {
1241 }
1242
1243 static void check_pointer_type_change(VncState *vs, int absolute)
1244 {
1245 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1246 vnc_write_u8(vs, 0);
1247 vnc_write_u8(vs, 0);
1248 vnc_write_u16(vs, 1);
1249 vnc_framebuffer_update(vs, absolute, 0,
1250 ds_get_width(vs->ds), ds_get_height(vs->ds),
1251 VNC_ENCODING_POINTER_TYPE_CHANGE);
1252 vnc_flush(vs);
1253 }
1254 vs->absolute = absolute;
1255 }
1256
1257 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1258 {
1259 int buttons = 0;
1260 int dz = 0;
1261
1262 if (button_mask & 0x01)
1263 buttons |= MOUSE_EVENT_LBUTTON;
1264 if (button_mask & 0x02)
1265 buttons |= MOUSE_EVENT_MBUTTON;
1266 if (button_mask & 0x04)
1267 buttons |= MOUSE_EVENT_RBUTTON;
1268 if (button_mask & 0x08)
1269 dz = -1;
1270 if (button_mask & 0x10)
1271 dz = 1;
1272
1273 if (vs->absolute) {
1274 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1275 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1276 dz, buttons);
1277 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1278 x -= 0x7FFF;
1279 y -= 0x7FFF;
1280
1281 kbd_mouse_event(x, y, dz, buttons);
1282 } else {
1283 if (vs->last_x != -1)
1284 kbd_mouse_event(x - vs->last_x,
1285 y - vs->last_y,
1286 dz, buttons);
1287 vs->last_x = x;
1288 vs->last_y = y;
1289 }
1290
1291 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1292 }
1293
1294 static void reset_keys(VncState *vs)
1295 {
1296 int i;
1297 for(i = 0; i < 256; i++) {
1298 if (vs->modifiers_state[i]) {
1299 if (i & 0x80)
1300 kbd_put_keycode(0xe0);
1301 kbd_put_keycode(i | 0x80);
1302 vs->modifiers_state[i] = 0;
1303 }
1304 }
1305 }
1306
1307 static void press_key(VncState *vs, int keysym)
1308 {
1309 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1310 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1311 }
1312
1313 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1314 {
1315 /* QEMU console switch */
1316 switch(keycode) {
1317 case 0x2a: /* Left Shift */
1318 case 0x36: /* Right Shift */
1319 case 0x1d: /* Left CTRL */
1320 case 0x9d: /* Right CTRL */
1321 case 0x38: /* Left ALT */
1322 case 0xb8: /* Right ALT */
1323 if (down)
1324 vs->modifiers_state[keycode] = 1;
1325 else
1326 vs->modifiers_state[keycode] = 0;
1327 break;
1328 case 0x02 ... 0x0a: /* '1' to '9' keys */
1329 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1330 /* Reset the modifiers sent to the current console */
1331 reset_keys(vs);
1332 console_select(keycode - 0x02);
1333 return;
1334 }
1335 break;
1336 case 0x3a: /* CapsLock */
1337 case 0x45: /* NumLock */
1338 if (!down)
1339 vs->modifiers_state[keycode] ^= 1;
1340 break;
1341 }
1342
1343 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1344 /* If the numlock state needs to change then simulate an additional
1345 keypress before sending this one. This will happen if the user
1346 toggles numlock away from the VNC window.
1347 */
1348 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1349 if (!vs->modifiers_state[0x45]) {
1350 vs->modifiers_state[0x45] = 1;
1351 press_key(vs, 0xff7f);
1352 }
1353 } else {
1354 if (vs->modifiers_state[0x45]) {
1355 vs->modifiers_state[0x45] = 0;
1356 press_key(vs, 0xff7f);
1357 }
1358 }
1359 }
1360
1361 if (is_graphic_console()) {
1362 if (keycode & 0x80)
1363 kbd_put_keycode(0xe0);
1364 if (down)
1365 kbd_put_keycode(keycode & 0x7f);
1366 else
1367 kbd_put_keycode(keycode | 0x80);
1368 } else {
1369 /* QEMU console emulation */
1370 if (down) {
1371 int numlock = vs->modifiers_state[0x45];
1372 switch (keycode) {
1373 case 0x2a: /* Left Shift */
1374 case 0x36: /* Right Shift */
1375 case 0x1d: /* Left CTRL */
1376 case 0x9d: /* Right CTRL */
1377 case 0x38: /* Left ALT */
1378 case 0xb8: /* Right ALT */
1379 break;
1380 case 0xc8:
1381 kbd_put_keysym(QEMU_KEY_UP);
1382 break;
1383 case 0xd0:
1384 kbd_put_keysym(QEMU_KEY_DOWN);
1385 break;
1386 case 0xcb:
1387 kbd_put_keysym(QEMU_KEY_LEFT);
1388 break;
1389 case 0xcd:
1390 kbd_put_keysym(QEMU_KEY_RIGHT);
1391 break;
1392 case 0xd3:
1393 kbd_put_keysym(QEMU_KEY_DELETE);
1394 break;
1395 case 0xc7:
1396 kbd_put_keysym(QEMU_KEY_HOME);
1397 break;
1398 case 0xcf:
1399 kbd_put_keysym(QEMU_KEY_END);
1400 break;
1401 case 0xc9:
1402 kbd_put_keysym(QEMU_KEY_PAGEUP);
1403 break;
1404 case 0xd1:
1405 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1406 break;
1407
1408 case 0x47:
1409 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1410 break;
1411 case 0x48:
1412 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1413 break;
1414 case 0x49:
1415 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1416 break;
1417 case 0x4b:
1418 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1419 break;
1420 case 0x4c:
1421 kbd_put_keysym('5');
1422 break;
1423 case 0x4d:
1424 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1425 break;
1426 case 0x4f:
1427 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1428 break;
1429 case 0x50:
1430 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1431 break;
1432 case 0x51:
1433 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1434 break;
1435 case 0x52:
1436 kbd_put_keysym('0');
1437 break;
1438 case 0x53:
1439 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1440 break;
1441
1442 case 0xb5:
1443 kbd_put_keysym('/');
1444 break;
1445 case 0x37:
1446 kbd_put_keysym('*');
1447 break;
1448 case 0x4a:
1449 kbd_put_keysym('-');
1450 break;
1451 case 0x4e:
1452 kbd_put_keysym('+');
1453 break;
1454 case 0x9c:
1455 kbd_put_keysym('\n');
1456 break;
1457
1458 default:
1459 kbd_put_keysym(sym);
1460 break;
1461 }
1462 }
1463 }
1464 }
1465
1466 static void key_event(VncState *vs, int down, uint32_t sym)
1467 {
1468 int keycode;
1469
1470 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1471 sym = sym - 'A' + 'a';
1472
1473 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1474 do_key_event(vs, down, keycode, sym);
1475 }
1476
1477 static void ext_key_event(VncState *vs, int down,
1478 uint32_t sym, uint16_t keycode)
1479 {
1480 /* if the user specifies a keyboard layout, always use it */
1481 if (keyboard_layout)
1482 key_event(vs, down, sym);
1483 else
1484 do_key_event(vs, down, keycode, sym);
1485 }
1486
1487 static void framebuffer_update_request(VncState *vs, int incremental,
1488 int x_position, int y_position,
1489 int w, int h)
1490 {
1491 if (x_position > ds_get_width(vs->ds))
1492 x_position = ds_get_width(vs->ds);
1493 if (y_position > ds_get_height(vs->ds))
1494 y_position = ds_get_height(vs->ds);
1495 if (x_position + w >= ds_get_width(vs->ds))
1496 w = ds_get_width(vs->ds) - x_position;
1497 if (y_position + h >= ds_get_height(vs->ds))
1498 h = ds_get_height(vs->ds) - y_position;
1499
1500 int i;
1501 vs->need_update = 1;
1502 if (!incremental) {
1503 vs->force_update = 1;
1504 for (i = 0; i < h; i++) {
1505 vnc_set_bits(vs->dirty[y_position + i],
1506 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1507 }
1508 }
1509 }
1510
1511 static void send_ext_key_event_ack(VncState *vs)
1512 {
1513 vnc_write_u8(vs, 0);
1514 vnc_write_u8(vs, 0);
1515 vnc_write_u16(vs, 1);
1516 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1517 VNC_ENCODING_EXT_KEY_EVENT);
1518 vnc_flush(vs);
1519 }
1520
1521 static void send_ext_audio_ack(VncState *vs)
1522 {
1523 vnc_write_u8(vs, 0);
1524 vnc_write_u8(vs, 0);
1525 vnc_write_u16(vs, 1);
1526 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1527 VNC_ENCODING_AUDIO);
1528 vnc_flush(vs);
1529 }
1530
1531 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1532 {
1533 int i;
1534 unsigned int enc = 0;
1535
1536 vnc_zlib_init(vs);
1537 vs->features = 0;
1538 vs->vnc_encoding = 0;
1539 vs->tight_compression = 9;
1540 vs->tight_quality = 9;
1541 vs->absolute = -1;
1542
1543 for (i = n_encodings - 1; i >= 0; i--) {
1544 enc = encodings[i];
1545 switch (enc) {
1546 case VNC_ENCODING_RAW:
1547 vs->vnc_encoding = enc;
1548 break;
1549 case VNC_ENCODING_COPYRECT:
1550 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1551 break;
1552 case VNC_ENCODING_HEXTILE:
1553 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1554 vs->vnc_encoding = enc;
1555 break;
1556 case VNC_ENCODING_ZLIB:
1557 vs->features |= VNC_FEATURE_ZLIB_MASK;
1558 vs->vnc_encoding = enc;
1559 break;
1560 case VNC_ENCODING_DESKTOPRESIZE:
1561 vs->features |= VNC_FEATURE_RESIZE_MASK;
1562 break;
1563 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1564 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1565 break;
1566 case VNC_ENCODING_EXT_KEY_EVENT:
1567 send_ext_key_event_ack(vs);
1568 break;
1569 case VNC_ENCODING_AUDIO:
1570 send_ext_audio_ack(vs);
1571 break;
1572 case VNC_ENCODING_WMVi:
1573 vs->features |= VNC_FEATURE_WMVI_MASK;
1574 break;
1575 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1576 vs->tight_compression = (enc & 0x0F);
1577 break;
1578 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1579 vs->tight_quality = (enc & 0x0F);
1580 break;
1581 default:
1582 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1583 break;
1584 }
1585 }
1586
1587 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1588 }
1589
1590 static void set_pixel_conversion(VncState *vs)
1591 {
1592 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1593 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1594 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1595 vs->write_pixels = vnc_write_pixels_copy;
1596 switch (vs->ds->surface->pf.bits_per_pixel) {
1597 case 8:
1598 vs->send_hextile_tile = send_hextile_tile_8;
1599 break;
1600 case 16:
1601 vs->send_hextile_tile = send_hextile_tile_16;
1602 break;
1603 case 32:
1604 vs->send_hextile_tile = send_hextile_tile_32;
1605 break;
1606 }
1607 } else {
1608 vs->write_pixels = vnc_write_pixels_generic;
1609 switch (vs->ds->surface->pf.bits_per_pixel) {
1610 case 8:
1611 vs->send_hextile_tile = send_hextile_tile_generic_8;
1612 break;
1613 case 16:
1614 vs->send_hextile_tile = send_hextile_tile_generic_16;
1615 break;
1616 case 32:
1617 vs->send_hextile_tile = send_hextile_tile_generic_32;
1618 break;
1619 }
1620 }
1621 }
1622
1623 static void set_pixel_format(VncState *vs,
1624 int bits_per_pixel, int depth,
1625 int big_endian_flag, int true_color_flag,
1626 int red_max, int green_max, int blue_max,
1627 int red_shift, int green_shift, int blue_shift)
1628 {
1629 if (!true_color_flag) {
1630 vnc_client_error(vs);
1631 return;
1632 }
1633
1634 vs->clientds = *(vs->vd->guest.ds);
1635 vs->clientds.pf.rmax = red_max;
1636 count_bits(vs->clientds.pf.rbits, red_max);
1637 vs->clientds.pf.rshift = red_shift;
1638 vs->clientds.pf.rmask = red_max << red_shift;
1639 vs->clientds.pf.gmax = green_max;
1640 count_bits(vs->clientds.pf.gbits, green_max);
1641 vs->clientds.pf.gshift = green_shift;
1642 vs->clientds.pf.gmask = green_max << green_shift;
1643 vs->clientds.pf.bmax = blue_max;
1644 count_bits(vs->clientds.pf.bbits, blue_max);
1645 vs->clientds.pf.bshift = blue_shift;
1646 vs->clientds.pf.bmask = blue_max << blue_shift;
1647 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1648 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1649 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1650 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1651
1652 set_pixel_conversion(vs);
1653
1654 vga_hw_invalidate();
1655 vga_hw_update();
1656 }
1657
1658 static void pixel_format_message (VncState *vs) {
1659 char pad[3] = { 0, 0, 0 };
1660
1661 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1662 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1663
1664 #ifdef HOST_WORDS_BIGENDIAN
1665 vnc_write_u8(vs, 1); /* big-endian-flag */
1666 #else
1667 vnc_write_u8(vs, 0); /* big-endian-flag */
1668 #endif
1669 vnc_write_u8(vs, 1); /* true-color-flag */
1670 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1671 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1672 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1673 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1674 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1675 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1676 if (vs->ds->surface->pf.bits_per_pixel == 32)
1677 vs->send_hextile_tile = send_hextile_tile_32;
1678 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1679 vs->send_hextile_tile = send_hextile_tile_16;
1680 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1681 vs->send_hextile_tile = send_hextile_tile_8;
1682 vs->clientds = *(vs->ds->surface);
1683 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1684 vs->write_pixels = vnc_write_pixels_copy;
1685
1686 vnc_write(vs, pad, 3); /* padding */
1687 }
1688
1689 static void vnc_dpy_setdata(DisplayState *ds)
1690 {
1691 /* We don't have to do anything */
1692 }
1693
1694 static void vnc_colordepth(VncState *vs)
1695 {
1696 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1697 /* Sending a WMVi message to notify the client*/
1698 vnc_write_u8(vs, 0); /* msg id */
1699 vnc_write_u8(vs, 0);
1700 vnc_write_u16(vs, 1); /* number of rects */
1701 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1702 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1703 pixel_format_message(vs);
1704 vnc_flush(vs);
1705 } else {
1706 set_pixel_conversion(vs);
1707 }
1708 }
1709
1710 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1711 {
1712 int i;
1713 uint16_t limit;
1714 VncDisplay *vd = vs->vd;
1715
1716 if (data[0] > 3) {
1717 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1718 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1719 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1720 }
1721
1722 switch (data[0]) {
1723 case 0:
1724 if (len == 1)
1725 return 20;
1726
1727 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1728 read_u8(data, 6), read_u8(data, 7),
1729 read_u16(data, 8), read_u16(data, 10),
1730 read_u16(data, 12), read_u8(data, 14),
1731 read_u8(data, 15), read_u8(data, 16));
1732 break;
1733 case 2:
1734 if (len == 1)
1735 return 4;
1736
1737 if (len == 4) {
1738 limit = read_u16(data, 2);
1739 if (limit > 0)
1740 return 4 + (limit * 4);
1741 } else
1742 limit = read_u16(data, 2);
1743
1744 for (i = 0; i < limit; i++) {
1745 int32_t val = read_s32(data, 4 + (i * 4));
1746 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1747 }
1748
1749 set_encodings(vs, (int32_t *)(data + 4), limit);
1750 break;
1751 case 3:
1752 if (len == 1)
1753 return 10;
1754
1755 framebuffer_update_request(vs,
1756 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1757 read_u16(data, 6), read_u16(data, 8));
1758 break;
1759 case 4:
1760 if (len == 1)
1761 return 8;
1762
1763 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1764 break;
1765 case 5:
1766 if (len == 1)
1767 return 6;
1768
1769 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1770 break;
1771 case 6:
1772 if (len == 1)
1773 return 8;
1774
1775 if (len == 8) {
1776 uint32_t dlen = read_u32(data, 4);
1777 if (dlen > 0)
1778 return 8 + dlen;
1779 }
1780
1781 client_cut_text(vs, read_u32(data, 4), data + 8);
1782 break;
1783 case 255:
1784 if (len == 1)
1785 return 2;
1786
1787 switch (read_u8(data, 1)) {
1788 case 0:
1789 if (len == 2)
1790 return 12;
1791
1792 ext_key_event(vs, read_u16(data, 2),
1793 read_u32(data, 4), read_u32(data, 8));
1794 break;
1795 case 1:
1796 if (len == 2)
1797 return 4;
1798
1799 switch (read_u16 (data, 2)) {
1800 case 0:
1801 audio_add(vs);
1802 break;
1803 case 1:
1804 audio_del(vs);
1805 break;
1806 case 2:
1807 if (len == 4)
1808 return 10;
1809 switch (read_u8(data, 4)) {
1810 case 0: vs->as.fmt = AUD_FMT_U8; break;
1811 case 1: vs->as.fmt = AUD_FMT_S8; break;
1812 case 2: vs->as.fmt = AUD_FMT_U16; break;
1813 case 3: vs->as.fmt = AUD_FMT_S16; break;
1814 case 4: vs->as.fmt = AUD_FMT_U32; break;
1815 case 5: vs->as.fmt = AUD_FMT_S32; break;
1816 default:
1817 printf("Invalid audio format %d\n", read_u8(data, 4));
1818 vnc_client_error(vs);
1819 break;
1820 }
1821 vs->as.nchannels = read_u8(data, 5);
1822 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1823 printf("Invalid audio channel coount %d\n",
1824 read_u8(data, 5));
1825 vnc_client_error(vs);
1826 break;
1827 }
1828 vs->as.freq = read_u32(data, 6);
1829 break;
1830 default:
1831 printf ("Invalid audio message %d\n", read_u8(data, 4));
1832 vnc_client_error(vs);
1833 break;
1834 }
1835 break;
1836
1837 default:
1838 printf("Msg: %d\n", read_u16(data, 0));
1839 vnc_client_error(vs);
1840 break;
1841 }
1842 break;
1843 default:
1844 printf("Msg: %d\n", data[0]);
1845 vnc_client_error(vs);
1846 break;
1847 }
1848
1849 vnc_read_when(vs, protocol_client_msg, 1);
1850 return 0;
1851 }
1852
1853 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1854 {
1855 char buf[1024];
1856 int size;
1857
1858 vnc_write_u16(vs, ds_get_width(vs->ds));
1859 vnc_write_u16(vs, ds_get_height(vs->ds));
1860
1861 pixel_format_message(vs);
1862
1863 if (qemu_name)
1864 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1865 else
1866 size = snprintf(buf, sizeof(buf), "QEMU");
1867
1868 vnc_write_u32(vs, size);
1869 vnc_write(vs, buf, size);
1870 vnc_flush(vs);
1871
1872 vnc_read_when(vs, protocol_client_msg, 1);
1873
1874 return 0;
1875 }
1876
1877 void start_client_init(VncState *vs)
1878 {
1879 vnc_read_when(vs, protocol_client_init, 1);
1880 }
1881
1882 static void make_challenge(VncState *vs)
1883 {
1884 int i;
1885
1886 srand(time(NULL)+getpid()+getpid()*987654+rand());
1887
1888 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1889 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1890 }
1891
1892 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1893 {
1894 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1895 int i, j, pwlen;
1896 unsigned char key[8];
1897
1898 if (!vs->vd->password || !vs->vd->password[0]) {
1899 VNC_DEBUG("No password configured on server");
1900 vnc_write_u32(vs, 1); /* Reject auth */
1901 if (vs->minor >= 8) {
1902 static const char err[] = "Authentication failed";
1903 vnc_write_u32(vs, sizeof(err));
1904 vnc_write(vs, err, sizeof(err));
1905 }
1906 vnc_flush(vs);
1907 vnc_client_error(vs);
1908 return 0;
1909 }
1910
1911 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1912
1913 /* Calculate the expected challenge response */
1914 pwlen = strlen(vs->vd->password);
1915 for (i=0; i<sizeof(key); i++)
1916 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1917 deskey(key, EN0);
1918 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1919 des(response+j, response+j);
1920
1921 /* Compare expected vs actual challenge response */
1922 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1923 VNC_DEBUG("Client challenge reponse did not match\n");
1924 vnc_write_u32(vs, 1); /* Reject auth */
1925 if (vs->minor >= 8) {
1926 static const char err[] = "Authentication failed";
1927 vnc_write_u32(vs, sizeof(err));
1928 vnc_write(vs, err, sizeof(err));
1929 }
1930 vnc_flush(vs);
1931 vnc_client_error(vs);
1932 } else {
1933 VNC_DEBUG("Accepting VNC challenge response\n");
1934 vnc_write_u32(vs, 0); /* Accept auth */
1935 vnc_flush(vs);
1936
1937 start_client_init(vs);
1938 }
1939 return 0;
1940 }
1941
1942 void start_auth_vnc(VncState *vs)
1943 {
1944 make_challenge(vs);
1945 /* Send client a 'random' challenge */
1946 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1947 vnc_flush(vs);
1948
1949 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1950 }
1951
1952
1953 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1954 {
1955 /* We only advertise 1 auth scheme at a time, so client
1956 * must pick the one we sent. Verify this */
1957 if (data[0] != vs->vd->auth) { /* Reject auth */
1958 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1959 vnc_write_u32(vs, 1);
1960 if (vs->minor >= 8) {
1961 static const char err[] = "Authentication failed";
1962 vnc_write_u32(vs, sizeof(err));
1963 vnc_write(vs, err, sizeof(err));
1964 }
1965 vnc_client_error(vs);
1966 } else { /* Accept requested auth */
1967 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1968 switch (vs->vd->auth) {
1969 case VNC_AUTH_NONE:
1970 VNC_DEBUG("Accept auth none\n");
1971 if (vs->minor >= 8) {
1972 vnc_write_u32(vs, 0); /* Accept auth completion */
1973 vnc_flush(vs);
1974 }
1975 start_client_init(vs);
1976 break;
1977
1978 case VNC_AUTH_VNC:
1979 VNC_DEBUG("Start VNC auth\n");
1980 start_auth_vnc(vs);
1981 break;
1982
1983 #ifdef CONFIG_VNC_TLS
1984 case VNC_AUTH_VENCRYPT:
1985 VNC_DEBUG("Accept VeNCrypt auth\n");;
1986 start_auth_vencrypt(vs);
1987 break;
1988 #endif /* CONFIG_VNC_TLS */
1989
1990 #ifdef CONFIG_VNC_SASL
1991 case VNC_AUTH_SASL:
1992 VNC_DEBUG("Accept SASL auth\n");
1993 start_auth_sasl(vs);
1994 break;
1995 #endif /* CONFIG_VNC_SASL */
1996
1997 default: /* Should not be possible, but just in case */
1998 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1999 vnc_write_u8(vs, 1);
2000 if (vs->minor >= 8) {
2001 static const char err[] = "Authentication failed";
2002 vnc_write_u32(vs, sizeof(err));
2003 vnc_write(vs, err, sizeof(err));
2004 }
2005 vnc_client_error(vs);
2006 }
2007 }
2008 return 0;
2009 }
2010
2011 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2012 {
2013 char local[13];
2014
2015 memcpy(local, version, 12);
2016 local[12] = 0;
2017
2018 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2019 VNC_DEBUG("Malformed protocol version %s\n", local);
2020 vnc_client_error(vs);
2021 return 0;
2022 }
2023 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2024 if (vs->major != 3 ||
2025 (vs->minor != 3 &&
2026 vs->minor != 4 &&
2027 vs->minor != 5 &&
2028 vs->minor != 7 &&
2029 vs->minor != 8)) {
2030 VNC_DEBUG("Unsupported client version\n");
2031 vnc_write_u32(vs, VNC_AUTH_INVALID);
2032 vnc_flush(vs);
2033 vnc_client_error(vs);
2034 return 0;
2035 }
2036 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2037 * as equivalent to v3.3 by servers
2038 */
2039 if (vs->minor == 4 || vs->minor == 5)
2040 vs->minor = 3;
2041
2042 if (vs->minor == 3) {
2043 if (vs->vd->auth == VNC_AUTH_NONE) {
2044 VNC_DEBUG("Tell client auth none\n");
2045 vnc_write_u32(vs, vs->vd->auth);
2046 vnc_flush(vs);
2047 start_client_init(vs);
2048 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2049 VNC_DEBUG("Tell client VNC auth\n");
2050 vnc_write_u32(vs, vs->vd->auth);
2051 vnc_flush(vs);
2052 start_auth_vnc(vs);
2053 } else {
2054 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2055 vnc_write_u32(vs, VNC_AUTH_INVALID);
2056 vnc_flush(vs);
2057 vnc_client_error(vs);
2058 }
2059 } else {
2060 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2061 vnc_write_u8(vs, 1); /* num auth */
2062 vnc_write_u8(vs, vs->vd->auth);
2063 vnc_read_when(vs, protocol_client_auth, 1);
2064 vnc_flush(vs);
2065 }
2066
2067 return 0;
2068 }
2069
2070 static int vnc_refresh_server_surface(VncDisplay *vd)
2071 {
2072 int y;
2073 uint8_t *guest_row;
2074 uint8_t *server_row;
2075 int cmp_bytes;
2076 uint32_t width_mask[VNC_DIRTY_WORDS];
2077 VncState *vs = NULL;
2078 int has_dirty = 0;
2079
2080 /*
2081 * Walk through the guest dirty map.
2082 * Check and copy modified bits from guest to server surface.
2083 * Update server dirty map.
2084 */
2085 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2086 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2087 guest_row = vd->guest.ds->data;
2088 server_row = vd->server->data;
2089 for (y = 0; y < vd->guest.ds->height; y++) {
2090 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2091 int x;
2092 uint8_t *guest_ptr;
2093 uint8_t *server_ptr;
2094
2095 guest_ptr = guest_row;
2096 server_ptr = server_row;
2097
2098 for (x = 0; x < vd->guest.ds->width;
2099 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2100 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2101 continue;
2102 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2103 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2104 continue;
2105 memcpy(server_ptr, guest_ptr, cmp_bytes);
2106 vs = vd->clients;
2107 while (vs != NULL) {
2108 vnc_set_bit(vs->dirty[y], (x / 16));
2109 vs = vs->next;
2110 }
2111 has_dirty++;
2112 }
2113 }
2114 guest_row += ds_get_linesize(vd->ds);
2115 server_row += ds_get_linesize(vd->ds);
2116 }
2117 return has_dirty;
2118 }
2119
2120 static void vnc_refresh(void *opaque)
2121 {
2122 VncDisplay *vd = opaque;
2123 VncState *vs = NULL;
2124 int has_dirty = 0, rects = 0;
2125
2126 vga_hw_update();
2127
2128 has_dirty = vnc_refresh_server_surface(vd);
2129
2130 vs = vd->clients;
2131 while (vs != NULL) {
2132 rects += vnc_update_client(vs, has_dirty);
2133 vs = vs->next;
2134 }
2135
2136 if (has_dirty && rects) {
2137 vd->timer_interval /= 2;
2138 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2139 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2140 } else {
2141 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2142 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2143 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2144 }
2145 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2146 }
2147
2148 static void vnc_init_timer(VncDisplay *vd)
2149 {
2150 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2151 if (vd->timer == NULL && vd->clients != NULL) {
2152 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2153 vnc_refresh(vd);
2154 }
2155 }
2156
2157 static void vnc_remove_timer(VncDisplay *vd)
2158 {
2159 if (vd->timer != NULL && vd->clients == NULL) {
2160 qemu_del_timer(vd->timer);
2161 qemu_free_timer(vd->timer);
2162 vd->timer = NULL;
2163 }
2164 }
2165
2166 static void vnc_connect(VncDisplay *vd, int csock)
2167 {
2168 VncState *vs = qemu_mallocz(sizeof(VncState));
2169 vs->csock = csock;
2170
2171 VNC_DEBUG("New client on socket %d\n", csock);
2172 dcl->idle = 0;
2173 socket_set_nonblock(vs->csock);
2174 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2175
2176 vs->vd = vd;
2177 vs->ds = vd->ds;
2178 vs->last_x = -1;
2179 vs->last_y = -1;
2180
2181 vs->as.freq = 44100;
2182 vs->as.nchannels = 2;
2183 vs->as.fmt = AUD_FMT_S16;
2184 vs->as.endianness = 0;
2185
2186 vs->next = vd->clients;
2187 vd->clients = vs;
2188
2189 vga_hw_update();
2190
2191 vnc_write(vs, "RFB 003.008\n", 12);
2192 vnc_flush(vs);
2193 vnc_read_when(vs, protocol_version, 12);
2194 reset_keys(vs);
2195
2196 vnc_init_timer(vd);
2197
2198 /* vs might be free()ed here */
2199 }
2200
2201 static void vnc_listen_read(void *opaque)
2202 {
2203 VncDisplay *vs = opaque;
2204 struct sockaddr_in addr;
2205 socklen_t addrlen = sizeof(addr);
2206
2207 /* Catch-up */
2208 vga_hw_update();
2209
2210 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2211 if (csock != -1) {
2212 vnc_connect(vs, csock);
2213 }
2214 }
2215
2216 void vnc_display_init(DisplayState *ds)
2217 {
2218 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2219
2220 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2221
2222 ds->opaque = vs;
2223 dcl->idle = 1;
2224 vnc_display = vs;
2225
2226 vs->lsock = -1;
2227
2228 vs->ds = ds;
2229
2230 if (keyboard_layout)
2231 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2232 else
2233 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2234
2235 if (!vs->kbd_layout)
2236 exit(1);
2237
2238 dcl->dpy_copy = vnc_dpy_copy;
2239 dcl->dpy_update = vnc_dpy_update;
2240 dcl->dpy_resize = vnc_dpy_resize;
2241 dcl->dpy_setdata = vnc_dpy_setdata;
2242 register_displaychangelistener(ds, dcl);
2243 }
2244
2245
2246 void vnc_display_close(DisplayState *ds)
2247 {
2248 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2249
2250 if (!vs)
2251 return;
2252 if (vs->display) {
2253 qemu_free(vs->display);
2254 vs->display = NULL;
2255 }
2256 if (vs->lsock != -1) {
2257 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2258 close(vs->lsock);
2259 vs->lsock = -1;
2260 }
2261 vs->auth = VNC_AUTH_INVALID;
2262 #ifdef CONFIG_VNC_TLS
2263 vs->subauth = VNC_AUTH_INVALID;
2264 vs->tls.x509verify = 0;
2265 #endif
2266 }
2267
2268 int vnc_display_password(DisplayState *ds, const char *password)
2269 {
2270 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2271
2272 if (!vs) {
2273 return -1;
2274 }
2275
2276 if (vs->password) {
2277 qemu_free(vs->password);
2278 vs->password = NULL;
2279 }
2280 if (password && password[0]) {
2281 if (!(vs->password = qemu_strdup(password)))
2282 return -1;
2283 if (vs->auth == VNC_AUTH_NONE) {
2284 vs->auth = VNC_AUTH_VNC;
2285 }
2286 } else {
2287 vs->auth = VNC_AUTH_NONE;
2288 }
2289
2290 return 0;
2291 }
2292
2293 char *vnc_display_local_addr(DisplayState *ds)
2294 {
2295 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2296
2297 return vnc_socket_local_addr("%s:%s", vs->lsock);
2298 }
2299
2300 int vnc_display_open(DisplayState *ds, const char *display)
2301 {
2302 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2303 const char *options;
2304 int password = 0;
2305 int reverse = 0;
2306 int to_port = 0;
2307 #ifdef CONFIG_VNC_TLS
2308 int tls = 0, x509 = 0;
2309 #endif
2310 #ifdef CONFIG_VNC_SASL
2311 int sasl = 0;
2312 int saslErr;
2313 #endif
2314 int acl = 0;
2315
2316 if (!vnc_display)
2317 return -1;
2318 vnc_display_close(ds);
2319 if (strcmp(display, "none") == 0)
2320 return 0;
2321
2322 if (!(vs->display = strdup(display)))
2323 return -1;
2324
2325 options = display;
2326 while ((options = strchr(options, ','))) {
2327 options++;
2328 if (strncmp(options, "password", 8) == 0) {
2329 password = 1; /* Require password auth */
2330 } else if (strncmp(options, "reverse", 7) == 0) {
2331 reverse = 1;
2332 } else if (strncmp(options, "to=", 3) == 0) {
2333 to_port = atoi(options+3) + 5900;
2334 #ifdef CONFIG_VNC_SASL
2335 } else if (strncmp(options, "sasl", 4) == 0) {
2336 sasl = 1; /* Require SASL auth */
2337 #endif
2338 #ifdef CONFIG_VNC_TLS
2339 } else if (strncmp(options, "tls", 3) == 0) {
2340 tls = 1; /* Require TLS */
2341 } else if (strncmp(options, "x509", 4) == 0) {
2342 char *start, *end;
2343 x509 = 1; /* Require x509 certificates */
2344 if (strncmp(options, "x509verify", 10) == 0)
2345 vs->tls.x509verify = 1; /* ...and verify client certs */
2346
2347 /* Now check for 'x509=/some/path' postfix
2348 * and use that to setup x509 certificate/key paths */
2349 start = strchr(options, '=');
2350 end = strchr(options, ',');
2351 if (start && (!end || (start < end))) {
2352 int len = end ? end-(start+1) : strlen(start+1);
2353 char *path = qemu_strndup(start + 1, len);
2354
2355 VNC_DEBUG("Trying certificate path '%s'\n", path);
2356 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2357 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2358 qemu_free(path);
2359 qemu_free(vs->display);
2360 vs->display = NULL;
2361 return -1;
2362 }
2363 qemu_free(path);
2364 } else {
2365 fprintf(stderr, "No certificate path provided\n");
2366 qemu_free(vs->display);
2367 vs->display = NULL;
2368 return -1;
2369 }
2370 #endif
2371 } else if (strncmp(options, "acl", 3) == 0) {
2372 acl = 1;
2373 }
2374 }
2375
2376 #ifdef CONFIG_VNC_TLS
2377 if (acl && x509 && vs->tls.x509verify) {
2378 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2379 fprintf(stderr, "Failed to create x509 dname ACL\n");
2380 exit(1);
2381 }
2382 }
2383 #endif
2384 #ifdef CONFIG_VNC_SASL
2385 if (acl && sasl) {
2386 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2387 fprintf(stderr, "Failed to create username ACL\n");
2388 exit(1);
2389 }
2390 }
2391 #endif
2392
2393 /*
2394 * Combinations we support here:
2395 *
2396 * - no-auth (clear text, no auth)
2397 * - password (clear text, weak auth)
2398 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2399 * - tls (encrypt, weak anonymous creds, no auth)
2400 * - tls + password (encrypt, weak anonymous creds, weak auth)
2401 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2402 * - tls + x509 (encrypt, good x509 creds, no auth)
2403 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2404 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2405 *
2406 * NB1. TLS is a stackable auth scheme.
2407 * NB2. the x509 schemes have option to validate a client cert dname
2408 */
2409 if (password) {
2410 #ifdef CONFIG_VNC_TLS
2411 if (tls) {
2412 vs->auth = VNC_AUTH_VENCRYPT;
2413 if (x509) {
2414 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2415 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2416 } else {
2417 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2418 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2419 }
2420 } else {
2421 #endif /* CONFIG_VNC_TLS */
2422 VNC_DEBUG("Initializing VNC server with password auth\n");
2423 vs->auth = VNC_AUTH_VNC;
2424 #ifdef CONFIG_VNC_TLS
2425 vs->subauth = VNC_AUTH_INVALID;
2426 }
2427 #endif /* CONFIG_VNC_TLS */
2428 #ifdef CONFIG_VNC_SASL
2429 } else if (sasl) {
2430 #ifdef CONFIG_VNC_TLS
2431 if (tls) {
2432 vs->auth = VNC_AUTH_VENCRYPT;
2433 if (x509) {
2434 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2435 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2436 } else {
2437 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2438 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2439 }
2440 } else {
2441 #endif /* CONFIG_VNC_TLS */
2442 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2443 vs->auth = VNC_AUTH_SASL;
2444 #ifdef CONFIG_VNC_TLS
2445 vs->subauth = VNC_AUTH_INVALID;
2446 }
2447 #endif /* CONFIG_VNC_TLS */
2448 #endif /* CONFIG_VNC_SASL */
2449 } else {
2450 #ifdef CONFIG_VNC_TLS
2451 if (tls) {
2452 vs->auth = VNC_AUTH_VENCRYPT;
2453 if (x509) {
2454 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2455 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2456 } else {
2457 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2458 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2459 }
2460 } else {
2461 #endif
2462 VNC_DEBUG("Initializing VNC server with no auth\n");
2463 vs->auth = VNC_AUTH_NONE;
2464 #ifdef CONFIG_VNC_TLS
2465 vs->subauth = VNC_AUTH_INVALID;
2466 }
2467 #endif
2468 }
2469
2470 #ifdef CONFIG_VNC_SASL
2471 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2472 fprintf(stderr, "Failed to initialize SASL auth %s",
2473 sasl_errstring(saslErr, NULL, NULL));
2474 free(vs->display);
2475 vs->display = NULL;
2476 return -1;
2477 }
2478 #endif
2479
2480 if (reverse) {
2481 /* connect to viewer */
2482 if (strncmp(display, "unix:", 5) == 0)
2483 vs->lsock = unix_connect(display+5);
2484 else
2485 vs->lsock = inet_connect(display, SOCK_STREAM);
2486 if (-1 == vs->lsock) {
2487 free(vs->display);
2488 vs->display = NULL;
2489 return -1;
2490 } else {
2491 int csock = vs->lsock;
2492 vs->lsock = -1;
2493 vnc_connect(vs, csock);
2494 }
2495 return 0;
2496
2497 } else {
2498 /* listen for connects */
2499 char *dpy;
2500 dpy = qemu_malloc(256);
2501 if (strncmp(display, "unix:", 5) == 0) {
2502 pstrcpy(dpy, 256, "unix:");
2503 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2504 } else {
2505 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2506 }
2507 if (-1 == vs->lsock) {
2508 free(dpy);
2509 return -1;
2510 } else {
2511 free(vs->display);
2512 vs->display = dpy;
2513 }
2514 }
2515 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2516 }
Qemu copy for testing