Statistics
| Branch: | Revision:

root / ui / vnc.c @ 148954fa

History | View | Annotate | Download (83.8 kB)

1
/*
2
 * QEMU VNC display driver
3
 *
4
 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5
 * Copyright (C) 2006 Fabrice Bellard
6
 * Copyright (C) 2009 Red Hat, Inc
7
 *
8
 * Permission is hereby granted, free of charge, to any person obtaining a copy
9
 * of this software and associated documentation files (the "Software"), to deal
10
 * in the Software without restriction, including without limitation the rights
11
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12
 * copies of the Software, and to permit persons to whom the Software is
13
 * furnished to do so, subject to the following conditions:
14
 *
15
 * The above copyright notice and this permission notice shall be included in
16
 * all copies or substantial portions of the Software.
17
 *
18
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24
 * THE SOFTWARE.
25
 */
26

    
27
#include "vnc.h"
28
#include "vnc-jobs.h"
29
#include "sysemu.h"
30
#include "qemu_socket.h"
31
#include "qemu-timer.h"
32
#include "acl.h"
33
#include "qemu-objects.h"
34

    
35
#define VNC_REFRESH_INTERVAL_BASE 30
36
#define VNC_REFRESH_INTERVAL_INC  50
37
#define VNC_REFRESH_INTERVAL_MAX  2000
38
static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
39
static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
40

    
41
#include "vnc_keysym.h"
42
#include "d3des.h"
43

    
44
#define count_bits(c, v) { \
45
    for (c = 0; v; v >>= 1) \
46
    { \
47
        c += v & 1; \
48
    } \
49
}
50

    
51
static VncDisplay *vnc_display; /* needed for info vnc */
52
static DisplayChangeListener *dcl;
53

    
54
static int vnc_cursor_define(VncState *vs);
55

    
56
static char *addr_to_string(const char *format,
57
                            struct sockaddr_storage *sa,
58
                            socklen_t salen) {
59
    char *addr;
60
    char host[NI_MAXHOST];
61
    char serv[NI_MAXSERV];
62
    int err;
63
    size_t addrlen;
64

    
65
    if ((err = getnameinfo((struct sockaddr *)sa, salen,
66
                           host, sizeof(host),
67
                           serv, sizeof(serv),
68
                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
69
        VNC_DEBUG("Cannot resolve address %d: %s\n",
70
                  err, gai_strerror(err));
71
        return NULL;
72
    }
73

    
74
    /* Enough for the existing format + the 2 vars we're
75
     * substituting in. */
76
    addrlen = strlen(format) + strlen(host) + strlen(serv);
77
    addr = qemu_malloc(addrlen + 1);
78
    snprintf(addr, addrlen, format, host, serv);
79
    addr[addrlen] = '\0';
80

    
81
    return addr;
82
}
83

    
84

    
85
char *vnc_socket_local_addr(const char *format, int fd) {
86
    struct sockaddr_storage sa;
87
    socklen_t salen;
88

    
89
    salen = sizeof(sa);
90
    if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
91
        return NULL;
92

    
93
    return addr_to_string(format, &sa, salen);
94
}
95

    
96
char *vnc_socket_remote_addr(const char *format, int fd) {
97
    struct sockaddr_storage sa;
98
    socklen_t salen;
99

    
100
    salen = sizeof(sa);
101
    if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
102
        return NULL;
103

    
104
    return addr_to_string(format, &sa, salen);
105
}
106

    
107
static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
108
                          socklen_t salen)
109
{
110
    char host[NI_MAXHOST];
111
    char serv[NI_MAXSERV];
112
    int err;
113

    
114
    if ((err = getnameinfo((struct sockaddr *)sa, salen,
115
                           host, sizeof(host),
116
                           serv, sizeof(serv),
117
                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
118
        VNC_DEBUG("Cannot resolve address %d: %s\n",
119
                  err, gai_strerror(err));
120
        return -1;
121
    }
122

    
123
    qdict_put(qdict, "host", qstring_from_str(host));
124
    qdict_put(qdict, "service", qstring_from_str(serv));
125
    qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
126

    
127
    return 0;
128
}
129

    
130
static int vnc_server_addr_put(QDict *qdict, int fd)
131
{
132
    struct sockaddr_storage sa;
133
    socklen_t salen;
134

    
135
    salen = sizeof(sa);
136
    if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
137
        return -1;
138
    }
139

    
140
    return put_addr_qdict(qdict, &sa, salen);
141
}
142

    
143
static int vnc_qdict_remote_addr(QDict *qdict, int fd)
144
{
145
    struct sockaddr_storage sa;
146
    socklen_t salen;
147

    
148
    salen = sizeof(sa);
149
    if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
150
        return -1;
151
    }
152

    
153
    return put_addr_qdict(qdict, &sa, salen);
154
}
155

    
156
static const char *vnc_auth_name(VncDisplay *vd) {
157
    switch (vd->auth) {
158
    case VNC_AUTH_INVALID:
159
        return "invalid";
160
    case VNC_AUTH_NONE:
161
        return "none";
162
    case VNC_AUTH_VNC:
163
        return "vnc";
164
    case VNC_AUTH_RA2:
165
        return "ra2";
166
    case VNC_AUTH_RA2NE:
167
        return "ra2ne";
168
    case VNC_AUTH_TIGHT:
169
        return "tight";
170
    case VNC_AUTH_ULTRA:
171
        return "ultra";
172
    case VNC_AUTH_TLS:
173
        return "tls";
174
    case VNC_AUTH_VENCRYPT:
175
#ifdef CONFIG_VNC_TLS
176
        switch (vd->subauth) {
177
        case VNC_AUTH_VENCRYPT_PLAIN:
178
            return "vencrypt+plain";
179
        case VNC_AUTH_VENCRYPT_TLSNONE:
180
            return "vencrypt+tls+none";
181
        case VNC_AUTH_VENCRYPT_TLSVNC:
182
            return "vencrypt+tls+vnc";
183
        case VNC_AUTH_VENCRYPT_TLSPLAIN:
184
            return "vencrypt+tls+plain";
185
        case VNC_AUTH_VENCRYPT_X509NONE:
186
            return "vencrypt+x509+none";
187
        case VNC_AUTH_VENCRYPT_X509VNC:
188
            return "vencrypt+x509+vnc";
189
        case VNC_AUTH_VENCRYPT_X509PLAIN:
190
            return "vencrypt+x509+plain";
191
        case VNC_AUTH_VENCRYPT_TLSSASL:
192
            return "vencrypt+tls+sasl";
193
        case VNC_AUTH_VENCRYPT_X509SASL:
194
            return "vencrypt+x509+sasl";
195
        default:
196
            return "vencrypt";
197
        }
198
#else
199
        return "vencrypt";
200
#endif
201
    case VNC_AUTH_SASL:
202
        return "sasl";
203
    }
204
    return "unknown";
205
}
206

    
207
static int vnc_server_info_put(QDict *qdict)
208
{
209
    if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
210
        return -1;
211
    }
212

    
213
    qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
214
    return 0;
215
}
216

    
217
static void vnc_client_cache_auth(VncState *client)
218
{
219
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
220
    QDict *qdict;
221
#endif
222

    
223
    if (!client->info) {
224
        return;
225
    }
226

    
227
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
228
    qdict = qobject_to_qdict(client->info);
229
#endif
230

    
231
#ifdef CONFIG_VNC_TLS
232
    if (client->tls.session &&
233
        client->tls.dname) {
234
        qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
235
    }
236
#endif
237
#ifdef CONFIG_VNC_SASL
238
    if (client->sasl.conn &&
239
        client->sasl.username) {
240
        qdict_put(qdict, "sasl_username",
241
                  qstring_from_str(client->sasl.username));
242
    }
243
#endif
244
}
245

    
246
static void vnc_client_cache_addr(VncState *client)
247
{
248
    QDict *qdict;
249

    
250
    qdict = qdict_new();
251
    if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
252
        QDECREF(qdict);
253
        /* XXX: how to report the error? */
254
        return;
255
    }
256

    
257
    client->info = QOBJECT(qdict);
258
}
259

    
260
static void vnc_qmp_event(VncState *vs, MonitorEvent event)
261
{
262
    QDict *server;
263
    QObject *data;
264

    
265
    if (!vs->info) {
266
        return;
267
    }
268

    
269
    server = qdict_new();
270
    if (vnc_server_info_put(server) < 0) {
271
        QDECREF(server);
272
        return;
273
    }
274

    
275
    data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
276
                              vs->info, QOBJECT(server));
277

    
278
    monitor_protocol_event(event, data);
279

    
280
    qobject_incref(vs->info);
281
    qobject_decref(data);
282
}
283

    
284
static void info_vnc_iter(QObject *obj, void *opaque)
285
{
286
    QDict *client;
287
    Monitor *mon = opaque;
288

    
289
    client = qobject_to_qdict(obj);
290
    monitor_printf(mon, "Client:\n");
291
    monitor_printf(mon, "     address: %s:%s\n",
292
                   qdict_get_str(client, "host"),
293
                   qdict_get_str(client, "service"));
294

    
295
#ifdef CONFIG_VNC_TLS
296
    monitor_printf(mon, "  x509_dname: %s\n",
297
        qdict_haskey(client, "x509_dname") ?
298
        qdict_get_str(client, "x509_dname") : "none");
299
#endif
300
#ifdef CONFIG_VNC_SASL
301
    monitor_printf(mon, "    username: %s\n",
302
        qdict_haskey(client, "sasl_username") ?
303
        qdict_get_str(client, "sasl_username") : "none");
304
#endif
305
}
306

    
307
void do_info_vnc_print(Monitor *mon, const QObject *data)
308
{
309
    QDict *server;
310
    QList *clients;
311

    
312
    server = qobject_to_qdict(data);
313
    if (qdict_get_bool(server, "enabled") == 0) {
314
        monitor_printf(mon, "Server: disabled\n");
315
        return;
316
    }
317

    
318
    monitor_printf(mon, "Server:\n");
319
    monitor_printf(mon, "     address: %s:%s\n",
320
                   qdict_get_str(server, "host"),
321
                   qdict_get_str(server, "service"));
322
    monitor_printf(mon, "        auth: %s\n", qdict_get_str(server, "auth"));
323

    
324
    clients = qdict_get_qlist(server, "clients");
325
    if (qlist_empty(clients)) {
326
        monitor_printf(mon, "Client: none\n");
327
    } else {
328
        qlist_iter(clients, info_vnc_iter, mon);
329
    }
330
}
331

    
332
void do_info_vnc(Monitor *mon, QObject **ret_data)
333
{
334
    if (vnc_display == NULL || vnc_display->display == NULL) {
335
        *ret_data = qobject_from_jsonf("{ 'enabled': false }");
336
    } else {
337
        QList *clist;
338
        VncState *client;
339

    
340
        clist = qlist_new();
341
        QTAILQ_FOREACH(client, &vnc_display->clients, next) {
342
            if (client->info) {
343
                /* incref so that it's not freed by upper layers */
344
                qobject_incref(client->info);
345
                qlist_append_obj(clist, client->info);
346
            }
347
        }
348

    
349
        *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
350
                                       QOBJECT(clist));
351
        assert(*ret_data != NULL);
352

    
353
        if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
354
            qobject_decref(*ret_data);
355
            *ret_data = NULL;
356
        }
357
    }
358
}
359

    
360
/* TODO
361
   1) Get the queue working for IO.
362
   2) there is some weirdness when using the -S option (the screen is grey
363
      and not totally invalidated
364
   3) resolutions > 1024
365
*/
366

    
367
static int vnc_update_client(VncState *vs, int has_dirty);
368
static int vnc_update_client_sync(VncState *vs, int has_dirty);
369
static void vnc_disconnect_start(VncState *vs);
370
static void vnc_disconnect_finish(VncState *vs);
371
static void vnc_init_timer(VncDisplay *vd);
372
static void vnc_remove_timer(VncDisplay *vd);
373

    
374
static void vnc_colordepth(VncState *vs);
375
static void framebuffer_update_request(VncState *vs, int incremental,
376
                                       int x_position, int y_position,
377
                                       int w, int h);
378
static void vnc_refresh(void *opaque);
379
static int vnc_refresh_server_surface(VncDisplay *vd);
380

    
381
static inline void vnc_set_bit(uint32_t *d, int k)
382
{
383
    d[k >> 5] |= 1 << (k & 0x1f);
384
}
385

    
386
static inline void vnc_clear_bit(uint32_t *d, int k)
387
{
388
    d[k >> 5] &= ~(1 << (k & 0x1f));
389
}
390

    
391
static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
392
{
393
    int j;
394

    
395
    j = 0;
396
    while (n >= 32) {
397
        d[j++] = -1;
398
        n -= 32;
399
    }
400
    if (n > 0)
401
        d[j++] = (1 << n) - 1;
402
    while (j < nb_words)
403
        d[j++] = 0;
404
}
405

    
406
static inline int vnc_get_bit(const uint32_t *d, int k)
407
{
408
    return (d[k >> 5] >> (k & 0x1f)) & 1;
409
}
410

    
411
static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
412
                               int nb_words)
413
{
414
    int i;
415
    for(i = 0; i < nb_words; i++) {
416
        if ((d1[i] & d2[i]) != 0)
417
            return 1;
418
    }
419
    return 0;
420
}
421

    
422
static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
423
{
424
    int i;
425
    VncDisplay *vd = ds->opaque;
426
    struct VncSurface *s = &vd->guest;
427

    
428
    h += y;
429

    
430
    /* round x down to ensure the loop only spans one 16-pixel block per,
431
       iteration.  otherwise, if (x % 16) != 0, the last iteration may span
432
       two 16-pixel blocks but we only mark the first as dirty
433
    */
434
    w += (x % 16);
435
    x -= (x % 16);
436

    
437
    x = MIN(x, s->ds->width);
438
    y = MIN(y, s->ds->height);
439
    w = MIN(x + w, s->ds->width) - x;
440
    h = MIN(h, s->ds->height);
441

    
442
    for (; y < h; y++)
443
        for (i = 0; i < w; i += 16)
444
            vnc_set_bit(s->dirty[y], (x + i) / 16);
445
}
446

    
447
void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
448
                            int32_t encoding)
449
{
450
    vnc_write_u16(vs, x);
451
    vnc_write_u16(vs, y);
452
    vnc_write_u16(vs, w);
453
    vnc_write_u16(vs, h);
454

    
455
    vnc_write_s32(vs, encoding);
456
}
457

    
458
void buffer_reserve(Buffer *buffer, size_t len)
459
{
460
    if ((buffer->capacity - buffer->offset) < len) {
461
        buffer->capacity += (len + 1024);
462
        buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
463
        if (buffer->buffer == NULL) {
464
            fprintf(stderr, "vnc: out of memory\n");
465
            exit(1);
466
        }
467
    }
468
}
469

    
470
int buffer_empty(Buffer *buffer)
471
{
472
    return buffer->offset == 0;
473
}
474

    
475
uint8_t *buffer_end(Buffer *buffer)
476
{
477
    return buffer->buffer + buffer->offset;
478
}
479

    
480
void buffer_reset(Buffer *buffer)
481
{
482
        buffer->offset = 0;
483
}
484

    
485
void buffer_free(Buffer *buffer)
486
{
487
    qemu_free(buffer->buffer);
488
    buffer->offset = 0;
489
    buffer->capacity = 0;
490
    buffer->buffer = NULL;
491
}
492

    
493
void buffer_append(Buffer *buffer, const void *data, size_t len)
494
{
495
    memcpy(buffer->buffer + buffer->offset, data, len);
496
    buffer->offset += len;
497
}
498

    
499
static void vnc_desktop_resize(VncState *vs)
500
{
501
    DisplayState *ds = vs->ds;
502

    
503
    if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
504
        return;
505
    }
506
    if (vs->client_width == ds_get_width(ds) &&
507
        vs->client_height == ds_get_height(ds)) {
508
        return;
509
    }
510
    vs->client_width = ds_get_width(ds);
511
    vs->client_height = ds_get_height(ds);
512
    vnc_lock_output(vs);
513
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
514
    vnc_write_u8(vs, 0);
515
    vnc_write_u16(vs, 1); /* number of rects */
516
    vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
517
                           VNC_ENCODING_DESKTOPRESIZE);
518
    vnc_unlock_output(vs);
519
    vnc_flush(vs);
520
}
521

    
522
#ifdef CONFIG_VNC_THREAD
523
static void vnc_abort_display_jobs(VncDisplay *vd)
524
{
525
    VncState *vs;
526

    
527
    QTAILQ_FOREACH(vs, &vd->clients, next) {
528
        vnc_lock_output(vs);
529
        vs->abort = true;
530
        vnc_unlock_output(vs);
531
    }
532
    QTAILQ_FOREACH(vs, &vd->clients, next) {
533
        vnc_jobs_join(vs);
534
    }
535
    QTAILQ_FOREACH(vs, &vd->clients, next) {
536
        vnc_lock_output(vs);
537
        vs->abort = false;
538
        vnc_unlock_output(vs);
539
    }
540
}
541
#else
542
static void vnc_abort_display_jobs(VncDisplay *vd)
543
{
544
}
545
#endif
546

    
547
static void vnc_dpy_resize(DisplayState *ds)
548
{
549
    VncDisplay *vd = ds->opaque;
550
    VncState *vs;
551

    
552
    vnc_abort_display_jobs(vd);
553

    
554
    /* server surface */
555
    if (!vd->server)
556
        vd->server = qemu_mallocz(sizeof(*vd->server));
557
    if (vd->server->data)
558
        qemu_free(vd->server->data);
559
    *(vd->server) = *(ds->surface);
560
    vd->server->data = qemu_mallocz(vd->server->linesize *
561
                                    vd->server->height);
562

    
563
    /* guest surface */
564
    if (!vd->guest.ds)
565
        vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
566
    if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
567
        console_color_init(ds);
568
    *(vd->guest.ds) = *(ds->surface);
569
    memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
570

    
571
    QTAILQ_FOREACH(vs, &vd->clients, next) {
572
        vnc_colordepth(vs);
573
        vnc_desktop_resize(vs);
574
        if (vs->vd->cursor) {
575
            vnc_cursor_define(vs);
576
        }
577
        memset(vs->dirty, 0xFF, sizeof(vs->dirty));
578
    }
579
}
580

    
581
/* fastest code */
582
static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
583
                                  void *pixels, int size)
584
{
585
    vnc_write(vs, pixels, size);
586
}
587

    
588
/* slowest but generic code. */
589
void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
590
{
591
    uint8_t r, g, b;
592
    VncDisplay *vd = vs->vd;
593

    
594
    r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
595
        vd->server->pf.rbits);
596
    g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
597
        vd->server->pf.gbits);
598
    b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
599
        vd->server->pf.bbits);
600
    v = (r << vs->clientds.pf.rshift) |
601
        (g << vs->clientds.pf.gshift) |
602
        (b << vs->clientds.pf.bshift);
603
    switch(vs->clientds.pf.bytes_per_pixel) {
604
    case 1:
605
        buf[0] = v;
606
        break;
607
    case 2:
608
        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
609
            buf[0] = v >> 8;
610
            buf[1] = v;
611
        } else {
612
            buf[1] = v >> 8;
613
            buf[0] = v;
614
        }
615
        break;
616
    default:
617
    case 4:
618
        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
619
            buf[0] = v >> 24;
620
            buf[1] = v >> 16;
621
            buf[2] = v >> 8;
622
            buf[3] = v;
623
        } else {
624
            buf[3] = v >> 24;
625
            buf[2] = v >> 16;
626
            buf[1] = v >> 8;
627
            buf[0] = v;
628
        }
629
        break;
630
    }
631
}
632

    
633
static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
634
                                     void *pixels1, int size)
635
{
636
    uint8_t buf[4];
637

    
638
    if (pf->bytes_per_pixel == 4) {
639
        uint32_t *pixels = pixels1;
640
        int n, i;
641
        n = size >> 2;
642
        for(i = 0; i < n; i++) {
643
            vnc_convert_pixel(vs, buf, pixels[i]);
644
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
645
        }
646
    } else if (pf->bytes_per_pixel == 2) {
647
        uint16_t *pixels = pixels1;
648
        int n, i;
649
        n = size >> 1;
650
        for(i = 0; i < n; i++) {
651
            vnc_convert_pixel(vs, buf, pixels[i]);
652
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
653
        }
654
    } else if (pf->bytes_per_pixel == 1) {
655
        uint8_t *pixels = pixels1;
656
        int n, i;
657
        n = size;
658
        for(i = 0; i < n; i++) {
659
            vnc_convert_pixel(vs, buf, pixels[i]);
660
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
661
        }
662
    } else {
663
        fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
664
    }
665
}
666

    
667
int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
668
{
669
    int i;
670
    uint8_t *row;
671
    VncDisplay *vd = vs->vd;
672

    
673
    row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
674
    for (i = 0; i < h; i++) {
675
        vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
676
        row += ds_get_linesize(vs->ds);
677
    }
678
    return 1;
679
}
680

    
681
int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
682
{
683
    int n = 0;
684

    
685
    switch(vs->vnc_encoding) {
686
        case VNC_ENCODING_ZLIB:
687
            n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
688
            break;
689
        case VNC_ENCODING_HEXTILE:
690
            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
691
            n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
692
            break;
693
        case VNC_ENCODING_TIGHT:
694
            n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
695
            break;
696
        case VNC_ENCODING_TIGHT_PNG:
697
            n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
698
            break;
699
        case VNC_ENCODING_ZRLE:
700
            n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
701
            break;
702
        case VNC_ENCODING_ZYWRLE:
703
            n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
704
            break;
705
        default:
706
            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
707
            n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
708
            break;
709
    }
710
    return n;
711
}
712

    
713
static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
714
{
715
    /* send bitblit op to the vnc client */
716
    vnc_lock_output(vs);
717
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
718
    vnc_write_u8(vs, 0);
719
    vnc_write_u16(vs, 1); /* number of rects */
720
    vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
721
    vnc_write_u16(vs, src_x);
722
    vnc_write_u16(vs, src_y);
723
    vnc_unlock_output(vs);
724
    vnc_flush(vs);
725
}
726

    
727
static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
728
{
729
    VncDisplay *vd = ds->opaque;
730
    VncState *vs, *vn;
731
    uint8_t *src_row;
732
    uint8_t *dst_row;
733
    int i,x,y,pitch,depth,inc,w_lim,s;
734
    int cmp_bytes;
735

    
736
    vnc_refresh_server_surface(vd);
737
    QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
738
        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
739
            vs->force_update = 1;
740
            vnc_update_client_sync(vs, 1);
741
            /* vs might be free()ed here */
742
        }
743
    }
744

    
745
    /* do bitblit op on the local surface too */
746
    pitch = ds_get_linesize(vd->ds);
747
    depth = ds_get_bytes_per_pixel(vd->ds);
748
    src_row = vd->server->data + pitch * src_y + depth * src_x;
749
    dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
750
    y = dst_y;
751
    inc = 1;
752
    if (dst_y > src_y) {
753
        /* copy backwards */
754
        src_row += pitch * (h-1);
755
        dst_row += pitch * (h-1);
756
        pitch = -pitch;
757
        y = dst_y + h - 1;
758
        inc = -1;
759
    }
760
    w_lim = w - (16 - (dst_x % 16));
761
    if (w_lim < 0)
762
        w_lim = w;
763
    else
764
        w_lim = w - (w_lim % 16);
765
    for (i = 0; i < h; i++) {
766
        for (x = 0; x <= w_lim;
767
                x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
768
            if (x == w_lim) {
769
                if ((s = w - w_lim) == 0)
770
                    break;
771
            } else if (!x) {
772
                s = (16 - (dst_x % 16));
773
                s = MIN(s, w_lim);
774
            } else {
775
                s = 16;
776
            }
777
            cmp_bytes = s * depth;
778
            if (memcmp(src_row, dst_row, cmp_bytes) == 0)
779
                continue;
780
            memmove(dst_row, src_row, cmp_bytes);
781
            QTAILQ_FOREACH(vs, &vd->clients, next) {
782
                if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
783
                    vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
784
                }
785
            }
786
        }
787
        src_row += pitch - w * depth;
788
        dst_row += pitch - w * depth;
789
        y += inc;
790
    }
791

    
792
    QTAILQ_FOREACH(vs, &vd->clients, next) {
793
        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
794
            vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
795
        }
796
    }
797
}
798

    
799
static void vnc_mouse_set(int x, int y, int visible)
800
{
801
    /* can we ask the client(s) to move the pointer ??? */
802
}
803

    
804
static int vnc_cursor_define(VncState *vs)
805
{
806
    QEMUCursor *c = vs->vd->cursor;
807
    PixelFormat pf = qemu_default_pixelformat(32);
808
    int isize;
809

    
810
    if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
811
        vnc_lock_output(vs);
812
        vnc_write_u8(vs,  VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
813
        vnc_write_u8(vs,  0);  /*  padding     */
814
        vnc_write_u16(vs, 1);  /*  # of rects  */
815
        vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
816
                               VNC_ENCODING_RICH_CURSOR);
817
        isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
818
        vnc_write_pixels_generic(vs, &pf, c->data, isize);
819
        vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
820
        vnc_unlock_output(vs);
821
        return 0;
822
    }
823
    return -1;
824
}
825

    
826
static void vnc_dpy_cursor_define(QEMUCursor *c)
827
{
828
    VncDisplay *vd = vnc_display;
829
    VncState *vs;
830

    
831
    cursor_put(vd->cursor);
832
    qemu_free(vd->cursor_mask);
833

    
834
    vd->cursor = c;
835
    cursor_get(vd->cursor);
836
    vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
837
    vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
838
    cursor_get_mono_mask(c, 0, vd->cursor_mask);
839

    
840
    QTAILQ_FOREACH(vs, &vd->clients, next) {
841
        vnc_cursor_define(vs);
842
    }
843
}
844

    
845
static int find_and_clear_dirty_height(struct VncState *vs,
846
                                       int y, int last_x, int x)
847
{
848
    int h;
849
    VncDisplay *vd = vs->vd;
850

    
851
    for (h = 1; h < (vd->server->height - y); h++) {
852
        int tmp_x;
853
        if (!vnc_get_bit(vs->dirty[y + h], last_x))
854
            break;
855
        for (tmp_x = last_x; tmp_x < x; tmp_x++)
856
            vnc_clear_bit(vs->dirty[y + h], tmp_x);
857
    }
858

    
859
    return h;
860
}
861

    
862
#ifdef CONFIG_VNC_THREAD
863
static int vnc_update_client_sync(VncState *vs, int has_dirty)
864
{
865
    int ret = vnc_update_client(vs, has_dirty);
866
    vnc_jobs_join(vs);
867
    return ret;
868
}
869
#else
870
static int vnc_update_client_sync(VncState *vs, int has_dirty)
871
{
872
    return vnc_update_client(vs, has_dirty);
873
}
874
#endif
875

    
876
static int vnc_update_client(VncState *vs, int has_dirty)
877
{
878
    if (vs->need_update && vs->csock != -1) {
879
        VncDisplay *vd = vs->vd;
880
        VncJob *job;
881
        int y;
882
        int width, height;
883
        int n = 0;
884

    
885

    
886
        if (vs->output.offset && !vs->audio_cap && !vs->force_update)
887
            /* kernel send buffers are full -> drop frames to throttle */
888
            return 0;
889

    
890
        if (!has_dirty && !vs->audio_cap && !vs->force_update)
891
            return 0;
892

    
893
        /*
894
         * Send screen updates to the vnc client using the server
895
         * surface and server dirty map.  guest surface updates
896
         * happening in parallel don't disturb us, the next pass will
897
         * send them to the client.
898
         */
899
        job = vnc_job_new(vs);
900

    
901
        width = MIN(vd->server->width, vs->client_width);
902
        height = MIN(vd->server->height, vs->client_height);
903

    
904
        for (y = 0; y < height; y++) {
905
            int x;
906
            int last_x = -1;
907
            for (x = 0; x < width / 16; x++) {
908
                if (vnc_get_bit(vs->dirty[y], x)) {
909
                    if (last_x == -1) {
910
                        last_x = x;
911
                    }
912
                    vnc_clear_bit(vs->dirty[y], x);
913
                } else {
914
                    if (last_x != -1) {
915
                        int h = find_and_clear_dirty_height(vs, y, last_x, x);
916

    
917
                        n += vnc_job_add_rect(job, last_x * 16, y,
918
                                              (x - last_x) * 16, h);
919
                    }
920
                    last_x = -1;
921
                }
922
            }
923
            if (last_x != -1) {
924
                int h = find_and_clear_dirty_height(vs, y, last_x, x);
925
                n += vnc_job_add_rect(job, last_x * 16, y,
926
                                      (x - last_x) * 16, h);
927
            }
928
        }
929

    
930
        vnc_job_push(job);
931
        vs->force_update = 0;
932
        return n;
933
    }
934

    
935
    if (vs->csock == -1)
936
        vnc_disconnect_finish(vs);
937

    
938
    return 0;
939
}
940

    
941
/* audio */
942
static void audio_capture_notify(void *opaque, audcnotification_e cmd)
943
{
944
    VncState *vs = opaque;
945

    
946
    switch (cmd) {
947
    case AUD_CNOTIFY_DISABLE:
948
        vnc_lock_output(vs);
949
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
950
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
951
        vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
952
        vnc_unlock_output(vs);
953
        vnc_flush(vs);
954
        break;
955

    
956
    case AUD_CNOTIFY_ENABLE:
957
        vnc_lock_output(vs);
958
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
959
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
960
        vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
961
        vnc_unlock_output(vs);
962
        vnc_flush(vs);
963
        break;
964
    }
965
}
966

    
967
static void audio_capture_destroy(void *opaque)
968
{
969
}
970

    
971
static void audio_capture(void *opaque, void *buf, int size)
972
{
973
    VncState *vs = opaque;
974

    
975
    vnc_lock_output(vs);
976
    vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
977
    vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
978
    vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
979
    vnc_write_u32(vs, size);
980
    vnc_write(vs, buf, size);
981
    vnc_unlock_output(vs);
982
    vnc_flush(vs);
983
}
984

    
985
static void audio_add(VncState *vs)
986
{
987
    struct audio_capture_ops ops;
988

    
989
    if (vs->audio_cap) {
990
        monitor_printf(default_mon, "audio already running\n");
991
        return;
992
    }
993

    
994
    ops.notify = audio_capture_notify;
995
    ops.destroy = audio_capture_destroy;
996
    ops.capture = audio_capture;
997

    
998
    vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
999
    if (!vs->audio_cap) {
1000
        monitor_printf(default_mon, "Failed to add audio capture\n");
1001
    }
1002
}
1003

    
1004
static void audio_del(VncState *vs)
1005
{
1006
    if (vs->audio_cap) {
1007
        AUD_del_capture(vs->audio_cap, vs);
1008
        vs->audio_cap = NULL;
1009
    }
1010
}
1011

    
1012
static void vnc_disconnect_start(VncState *vs)
1013
{
1014
    if (vs->csock == -1)
1015
        return;
1016
    qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1017
    closesocket(vs->csock);
1018
    vs->csock = -1;
1019
}
1020

    
1021
static void vnc_disconnect_finish(VncState *vs)
1022
{
1023
    int i;
1024

    
1025
    vnc_jobs_join(vs); /* Wait encoding jobs */
1026

    
1027
    vnc_lock_output(vs);
1028
    vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1029

    
1030
    buffer_free(&vs->input);
1031
    buffer_free(&vs->output);
1032

    
1033
    qobject_decref(vs->info);
1034

    
1035
    vnc_zlib_clear(vs);
1036
    vnc_tight_clear(vs);
1037
    vnc_zrle_clear(vs);
1038

    
1039
#ifdef CONFIG_VNC_TLS
1040
    vnc_tls_client_cleanup(vs);
1041
#endif /* CONFIG_VNC_TLS */
1042
#ifdef CONFIG_VNC_SASL
1043
    vnc_sasl_client_cleanup(vs);
1044
#endif /* CONFIG_VNC_SASL */
1045
    audio_del(vs);
1046

    
1047
    QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1048

    
1049
    if (QTAILQ_EMPTY(&vs->vd->clients)) {
1050
        dcl->idle = 1;
1051
    }
1052

    
1053
    qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1054
    vnc_remove_timer(vs->vd);
1055
    if (vs->vd->lock_key_sync)
1056
        qemu_remove_led_event_handler(vs->led);
1057
    vnc_unlock_output(vs);
1058

    
1059
#ifdef CONFIG_VNC_THREAD
1060
    qemu_mutex_destroy(&vs->output_mutex);
1061
#endif
1062
    for (i = 0; i < VNC_STAT_ROWS; ++i) {
1063
        qemu_free(vs->lossy_rect[i]);
1064
    }
1065
    qemu_free(vs->lossy_rect);
1066
    qemu_free(vs);
1067
}
1068

    
1069
int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1070
{
1071
    if (ret == 0 || ret == -1) {
1072
        if (ret == -1) {
1073
            switch (last_errno) {
1074
                case EINTR:
1075
                case EAGAIN:
1076
#ifdef _WIN32
1077
                case WSAEWOULDBLOCK:
1078
#endif
1079
                    return 0;
1080
                default:
1081
                    break;
1082
            }
1083
        }
1084

    
1085
        VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1086
                  ret, ret < 0 ? last_errno : 0);
1087
        vnc_disconnect_start(vs);
1088

    
1089
        return 0;
1090
    }
1091
    return ret;
1092
}
1093

    
1094

    
1095
void vnc_client_error(VncState *vs)
1096
{
1097
    VNC_DEBUG("Closing down client sock: protocol error\n");
1098
    vnc_disconnect_start(vs);
1099
}
1100

    
1101

    
1102
/*
1103
 * Called to write a chunk of data to the client socket. The data may
1104
 * be the raw data, or may have already been encoded by SASL.
1105
 * The data will be written either straight onto the socket, or
1106
 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1107
 *
1108
 * NB, it is theoretically possible to have 2 layers of encryption,
1109
 * both SASL, and this TLS layer. It is highly unlikely in practice
1110
 * though, since SASL encryption will typically be a no-op if TLS
1111
 * is active
1112
 *
1113
 * Returns the number of bytes written, which may be less than
1114
 * the requested 'datalen' if the socket would block. Returns
1115
 * -1 on error, and disconnects the client socket.
1116
 */
1117
long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1118
{
1119
    long ret;
1120
#ifdef CONFIG_VNC_TLS
1121
    if (vs->tls.session) {
1122
        ret = gnutls_write(vs->tls.session, data, datalen);
1123
        if (ret < 0) {
1124
            if (ret == GNUTLS_E_AGAIN)
1125
                errno = EAGAIN;
1126
            else
1127
                errno = EIO;
1128
            ret = -1;
1129
        }
1130
    } else
1131
#endif /* CONFIG_VNC_TLS */
1132
        ret = send(vs->csock, (const void *)data, datalen, 0);
1133
    VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1134
    return vnc_client_io_error(vs, ret, socket_error());
1135
}
1136

    
1137

    
1138
/*
1139
 * Called to write buffered data to the client socket, when not
1140
 * using any SASL SSF encryption layers. Will write as much data
1141
 * as possible without blocking. If all buffered data is written,
1142
 * will switch the FD poll() handler back to read monitoring.
1143
 *
1144
 * Returns the number of bytes written, which may be less than
1145
 * the buffered output data if the socket would block. Returns
1146
 * -1 on error, and disconnects the client socket.
1147
 */
1148
static long vnc_client_write_plain(VncState *vs)
1149
{
1150
    long ret;
1151

    
1152
#ifdef CONFIG_VNC_SASL
1153
    VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1154
              vs->output.buffer, vs->output.capacity, vs->output.offset,
1155
              vs->sasl.waitWriteSSF);
1156

    
1157
    if (vs->sasl.conn &&
1158
        vs->sasl.runSSF &&
1159
        vs->sasl.waitWriteSSF) {
1160
        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1161
        if (ret)
1162
            vs->sasl.waitWriteSSF -= ret;
1163
    } else
1164
#endif /* CONFIG_VNC_SASL */
1165
        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1166
    if (!ret)
1167
        return 0;
1168

    
1169
    memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1170
    vs->output.offset -= ret;
1171

    
1172
    if (vs->output.offset == 0) {
1173
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1174
    }
1175

    
1176
    return ret;
1177
}
1178

    
1179

    
1180
/*
1181
 * First function called whenever there is data to be written to
1182
 * the client socket. Will delegate actual work according to whether
1183
 * SASL SSF layers are enabled (thus requiring encryption calls)
1184
 */
1185
static void vnc_client_write_locked(void *opaque)
1186
{
1187
    VncState *vs = opaque;
1188

    
1189
#ifdef CONFIG_VNC_SASL
1190
    if (vs->sasl.conn &&
1191
        vs->sasl.runSSF &&
1192
        !vs->sasl.waitWriteSSF) {
1193
        vnc_client_write_sasl(vs);
1194
    } else
1195
#endif /* CONFIG_VNC_SASL */
1196
        vnc_client_write_plain(vs);
1197
}
1198

    
1199
void vnc_client_write(void *opaque)
1200
{
1201
    VncState *vs = opaque;
1202

    
1203
    vnc_lock_output(vs);
1204
    if (vs->output.offset) {
1205
        vnc_client_write_locked(opaque);
1206
    } else if (vs->csock != -1) {
1207
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1208
    }
1209
    vnc_unlock_output(vs);
1210
}
1211

    
1212
void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1213
{
1214
    vs->read_handler = func;
1215
    vs->read_handler_expect = expecting;
1216
}
1217

    
1218

    
1219
/*
1220
 * Called to read a chunk of data from the client socket. The data may
1221
 * be the raw data, or may need to be further decoded by SASL.
1222
 * The data will be read either straight from to the socket, or
1223
 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1224
 *
1225
 * NB, it is theoretically possible to have 2 layers of encryption,
1226
 * both SASL, and this TLS layer. It is highly unlikely in practice
1227
 * though, since SASL encryption will typically be a no-op if TLS
1228
 * is active
1229
 *
1230
 * Returns the number of bytes read, which may be less than
1231
 * the requested 'datalen' if the socket would block. Returns
1232
 * -1 on error, and disconnects the client socket.
1233
 */
1234
long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1235
{
1236
    long ret;
1237
#ifdef CONFIG_VNC_TLS
1238
    if (vs->tls.session) {
1239
        ret = gnutls_read(vs->tls.session, data, datalen);
1240
        if (ret < 0) {
1241
            if (ret == GNUTLS_E_AGAIN)
1242
                errno = EAGAIN;
1243
            else
1244
                errno = EIO;
1245
            ret = -1;
1246
        }
1247
    } else
1248
#endif /* CONFIG_VNC_TLS */
1249
        ret = recv(vs->csock, (void *)data, datalen, 0);
1250
    VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1251
    return vnc_client_io_error(vs, ret, socket_error());
1252
}
1253

    
1254

    
1255
/*
1256
 * Called to read data from the client socket to the input buffer,
1257
 * when not using any SASL SSF encryption layers. Will read as much
1258
 * data as possible without blocking.
1259
 *
1260
 * Returns the number of bytes read. Returns -1 on error, and
1261
 * disconnects the client socket.
1262
 */
1263
static long vnc_client_read_plain(VncState *vs)
1264
{
1265
    int ret;
1266
    VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1267
              vs->input.buffer, vs->input.capacity, vs->input.offset);
1268
    buffer_reserve(&vs->input, 4096);
1269
    ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1270
    if (!ret)
1271
        return 0;
1272
    vs->input.offset += ret;
1273
    return ret;
1274
}
1275

    
1276

    
1277
/*
1278
 * First function called whenever there is more data to be read from
1279
 * the client socket. Will delegate actual work according to whether
1280
 * SASL SSF layers are enabled (thus requiring decryption calls)
1281
 */
1282
void vnc_client_read(void *opaque)
1283
{
1284
    VncState *vs = opaque;
1285
    long ret;
1286

    
1287
#ifdef CONFIG_VNC_SASL
1288
    if (vs->sasl.conn && vs->sasl.runSSF)
1289
        ret = vnc_client_read_sasl(vs);
1290
    else
1291
#endif /* CONFIG_VNC_SASL */
1292
        ret = vnc_client_read_plain(vs);
1293
    if (!ret) {
1294
        if (vs->csock == -1)
1295
            vnc_disconnect_finish(vs);
1296
        return;
1297
    }
1298

    
1299
    while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1300
        size_t len = vs->read_handler_expect;
1301
        int ret;
1302

    
1303
        ret = vs->read_handler(vs, vs->input.buffer, len);
1304
        if (vs->csock == -1) {
1305
            vnc_disconnect_finish(vs);
1306
            return;
1307
        }
1308

    
1309
        if (!ret) {
1310
            memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1311
            vs->input.offset -= len;
1312
        } else {
1313
            vs->read_handler_expect = ret;
1314
        }
1315
    }
1316
}
1317

    
1318
void vnc_write(VncState *vs, const void *data, size_t len)
1319
{
1320
    buffer_reserve(&vs->output, len);
1321

    
1322
    if (vs->csock != -1 && buffer_empty(&vs->output)) {
1323
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1324
    }
1325

    
1326
    buffer_append(&vs->output, data, len);
1327
}
1328

    
1329
void vnc_write_s32(VncState *vs, int32_t value)
1330
{
1331
    vnc_write_u32(vs, *(uint32_t *)&value);
1332
}
1333

    
1334
void vnc_write_u32(VncState *vs, uint32_t value)
1335
{
1336
    uint8_t buf[4];
1337

    
1338
    buf[0] = (value >> 24) & 0xFF;
1339
    buf[1] = (value >> 16) & 0xFF;
1340
    buf[2] = (value >>  8) & 0xFF;
1341
    buf[3] = value & 0xFF;
1342

    
1343
    vnc_write(vs, buf, 4);
1344
}
1345

    
1346
void vnc_write_u16(VncState *vs, uint16_t value)
1347
{
1348
    uint8_t buf[2];
1349

    
1350
    buf[0] = (value >> 8) & 0xFF;
1351
    buf[1] = value & 0xFF;
1352

    
1353
    vnc_write(vs, buf, 2);
1354
}
1355

    
1356
void vnc_write_u8(VncState *vs, uint8_t value)
1357
{
1358
    vnc_write(vs, (char *)&value, 1);
1359
}
1360

    
1361
void vnc_flush(VncState *vs)
1362
{
1363
    vnc_lock_output(vs);
1364
    if (vs->csock != -1 && vs->output.offset) {
1365
        vnc_client_write_locked(vs);
1366
    }
1367
    vnc_unlock_output(vs);
1368
}
1369

    
1370
uint8_t read_u8(uint8_t *data, size_t offset)
1371
{
1372
    return data[offset];
1373
}
1374

    
1375
uint16_t read_u16(uint8_t *data, size_t offset)
1376
{
1377
    return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1378
}
1379

    
1380
int32_t read_s32(uint8_t *data, size_t offset)
1381
{
1382
    return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1383
                     (data[offset + 2] << 8) | data[offset + 3]);
1384
}
1385

    
1386
uint32_t read_u32(uint8_t *data, size_t offset)
1387
{
1388
    return ((data[offset] << 24) | (data[offset + 1] << 16) |
1389
            (data[offset + 2] << 8) | data[offset + 3]);
1390
}
1391

    
1392
static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1393
{
1394
}
1395

    
1396
static void check_pointer_type_change(Notifier *notifier)
1397
{
1398
    VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1399
    int absolute = kbd_mouse_is_absolute();
1400

    
1401
    if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1402
        vnc_lock_output(vs);
1403
        vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1404
        vnc_write_u8(vs, 0);
1405
        vnc_write_u16(vs, 1);
1406
        vnc_framebuffer_update(vs, absolute, 0,
1407
                               ds_get_width(vs->ds), ds_get_height(vs->ds),
1408
                               VNC_ENCODING_POINTER_TYPE_CHANGE);
1409
        vnc_unlock_output(vs);
1410
        vnc_flush(vs);
1411
    }
1412
    vs->absolute = absolute;
1413
}
1414

    
1415
static void pointer_event(VncState *vs, int button_mask, int x, int y)
1416
{
1417
    int buttons = 0;
1418
    int dz = 0;
1419

    
1420
    if (button_mask & 0x01)
1421
        buttons |= MOUSE_EVENT_LBUTTON;
1422
    if (button_mask & 0x02)
1423
        buttons |= MOUSE_EVENT_MBUTTON;
1424
    if (button_mask & 0x04)
1425
        buttons |= MOUSE_EVENT_RBUTTON;
1426
    if (button_mask & 0x08)
1427
        dz = -1;
1428
    if (button_mask & 0x10)
1429
        dz = 1;
1430

    
1431
    if (vs->absolute) {
1432
        kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1433
                          x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1434
                        ds_get_height(vs->ds) > 1 ?
1435
                          y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1436
                        dz, buttons);
1437
    } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1438
        x -= 0x7FFF;
1439
        y -= 0x7FFF;
1440

    
1441
        kbd_mouse_event(x, y, dz, buttons);
1442
    } else {
1443
        if (vs->last_x != -1)
1444
            kbd_mouse_event(x - vs->last_x,
1445
                            y - vs->last_y,
1446
                            dz, buttons);
1447
        vs->last_x = x;
1448
        vs->last_y = y;
1449
    }
1450
}
1451

    
1452
static void reset_keys(VncState *vs)
1453
{
1454
    int i;
1455
    for(i = 0; i < 256; i++) {
1456
        if (vs->modifiers_state[i]) {
1457
            if (i & SCANCODE_GREY)
1458
                kbd_put_keycode(SCANCODE_EMUL0);
1459
            kbd_put_keycode(i | SCANCODE_UP);
1460
            vs->modifiers_state[i] = 0;
1461
        }
1462
    }
1463
}
1464

    
1465
static void press_key(VncState *vs, int keysym)
1466
{
1467
    int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1468
    if (keycode & SCANCODE_GREY)
1469
        kbd_put_keycode(SCANCODE_EMUL0);
1470
    kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1471
    if (keycode & SCANCODE_GREY)
1472
        kbd_put_keycode(SCANCODE_EMUL0);
1473
    kbd_put_keycode(keycode | SCANCODE_UP);
1474
}
1475

    
1476
static void kbd_leds(void *opaque, int ledstate)
1477
{
1478
    VncState *vs = opaque;
1479
    int caps, num;
1480

    
1481
    caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1482
    num  = ledstate & QEMU_NUM_LOCK_LED  ? 1 : 0;
1483

    
1484
    if (vs->modifiers_state[0x3a] != caps) {
1485
        vs->modifiers_state[0x3a] = caps;
1486
    }
1487
    if (vs->modifiers_state[0x45] != num) {
1488
        vs->modifiers_state[0x45] = num;
1489
    }
1490
}
1491

    
1492
static void do_key_event(VncState *vs, int down, int keycode, int sym)
1493
{
1494
    /* QEMU console switch */
1495
    switch(keycode) {
1496
    case 0x2a:                          /* Left Shift */
1497
    case 0x36:                          /* Right Shift */
1498
    case 0x1d:                          /* Left CTRL */
1499
    case 0x9d:                          /* Right CTRL */
1500
    case 0x38:                          /* Left ALT */
1501
    case 0xb8:                          /* Right ALT */
1502
        if (down)
1503
            vs->modifiers_state[keycode] = 1;
1504
        else
1505
            vs->modifiers_state[keycode] = 0;
1506
        break;
1507
    case 0x02 ... 0x0a: /* '1' to '9' keys */
1508
        if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1509
            /* Reset the modifiers sent to the current console */
1510
            reset_keys(vs);
1511
            console_select(keycode - 0x02);
1512
            return;
1513
        }
1514
        break;
1515
    case 0x3a:                        /* CapsLock */
1516
    case 0x45:                        /* NumLock */
1517
        if (down)
1518
            vs->modifiers_state[keycode] ^= 1;
1519
        break;
1520
    }
1521

    
1522
    if (down && vs->vd->lock_key_sync &&
1523
        keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1524
        /* If the numlock state needs to change then simulate an additional
1525
           keypress before sending this one.  This will happen if the user
1526
           toggles numlock away from the VNC window.
1527
        */
1528
        if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1529
            if (!vs->modifiers_state[0x45]) {
1530
                vs->modifiers_state[0x45] = 1;
1531
                press_key(vs, 0xff7f);
1532
            }
1533
        } else {
1534
            if (vs->modifiers_state[0x45]) {
1535
                vs->modifiers_state[0x45] = 0;
1536
                press_key(vs, 0xff7f);
1537
            }
1538
        }
1539
    }
1540

    
1541
    if (down && vs->vd->lock_key_sync &&
1542
        ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1543
        /* If the capslock state needs to change then simulate an additional
1544
           keypress before sending this one.  This will happen if the user
1545
           toggles capslock away from the VNC window.
1546
        */
1547
        int uppercase = !!(sym >= 'A' && sym <= 'Z');
1548
        int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1549
        int capslock = !!(vs->modifiers_state[0x3a]);
1550
        if (capslock) {
1551
            if (uppercase == shift) {
1552
                vs->modifiers_state[0x3a] = 0;
1553
                press_key(vs, 0xffe5);
1554
            }
1555
        } else {
1556
            if (uppercase != shift) {
1557
                vs->modifiers_state[0x3a] = 1;
1558
                press_key(vs, 0xffe5);
1559
            }
1560
        }
1561
    }
1562

    
1563
    if (is_graphic_console()) {
1564
        if (keycode & SCANCODE_GREY)
1565
            kbd_put_keycode(SCANCODE_EMUL0);
1566
        if (down)
1567
            kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1568
        else
1569
            kbd_put_keycode(keycode | SCANCODE_UP);
1570
    } else {
1571
        /* QEMU console emulation */
1572
        if (down) {
1573
            int numlock = vs->modifiers_state[0x45];
1574
            switch (keycode) {
1575
            case 0x2a:                          /* Left Shift */
1576
            case 0x36:                          /* Right Shift */
1577
            case 0x1d:                          /* Left CTRL */
1578
            case 0x9d:                          /* Right CTRL */
1579
            case 0x38:                          /* Left ALT */
1580
            case 0xb8:                          /* Right ALT */
1581
                break;
1582
            case 0xc8:
1583
                kbd_put_keysym(QEMU_KEY_UP);
1584
                break;
1585
            case 0xd0:
1586
                kbd_put_keysym(QEMU_KEY_DOWN);
1587
                break;
1588
            case 0xcb:
1589
                kbd_put_keysym(QEMU_KEY_LEFT);
1590
                break;
1591
            case 0xcd:
1592
                kbd_put_keysym(QEMU_KEY_RIGHT);
1593
                break;
1594
            case 0xd3:
1595
                kbd_put_keysym(QEMU_KEY_DELETE);
1596
                break;
1597
            case 0xc7:
1598
                kbd_put_keysym(QEMU_KEY_HOME);
1599
                break;
1600
            case 0xcf:
1601
                kbd_put_keysym(QEMU_KEY_END);
1602
                break;
1603
            case 0xc9:
1604
                kbd_put_keysym(QEMU_KEY_PAGEUP);
1605
                break;
1606
            case 0xd1:
1607
                kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1608
                break;
1609

    
1610
            case 0x47:
1611
                kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1612
                break;
1613
            case 0x48:
1614
                kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1615
                break;
1616
            case 0x49:
1617
                kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1618
                break;
1619
            case 0x4b:
1620
                kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1621
                break;
1622
            case 0x4c:
1623
                kbd_put_keysym('5');
1624
                break;
1625
            case 0x4d:
1626
                kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1627
                break;
1628
            case 0x4f:
1629
                kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1630
                break;
1631
            case 0x50:
1632
                kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1633
                break;
1634
            case 0x51:
1635
                kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1636
                break;
1637
            case 0x52:
1638
                kbd_put_keysym('0');
1639
                break;
1640
            case 0x53:
1641
                kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1642
                break;
1643

    
1644
            case 0xb5:
1645
                kbd_put_keysym('/');
1646
                break;
1647
            case 0x37:
1648
                kbd_put_keysym('*');
1649
                break;
1650
            case 0x4a:
1651
                kbd_put_keysym('-');
1652
                break;
1653
            case 0x4e:
1654
                kbd_put_keysym('+');
1655
                break;
1656
            case 0x9c:
1657
                kbd_put_keysym('\n');
1658
                break;
1659

    
1660
            default:
1661
                kbd_put_keysym(sym);
1662
                break;
1663
            }
1664
        }
1665
    }
1666
}
1667

    
1668
static void key_event(VncState *vs, int down, uint32_t sym)
1669
{
1670
    int keycode;
1671
    int lsym = sym;
1672

    
1673
    if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1674
        lsym = lsym - 'A' + 'a';
1675
    }
1676

    
1677
    keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1678
    do_key_event(vs, down, keycode, sym);
1679
}
1680

    
1681
static void ext_key_event(VncState *vs, int down,
1682
                          uint32_t sym, uint16_t keycode)
1683
{
1684
    /* if the user specifies a keyboard layout, always use it */
1685
    if (keyboard_layout)
1686
        key_event(vs, down, sym);
1687
    else
1688
        do_key_event(vs, down, keycode, sym);
1689
}
1690

    
1691
static void framebuffer_update_request(VncState *vs, int incremental,
1692
                                       int x_position, int y_position,
1693
                                       int w, int h)
1694
{
1695
    if (y_position > ds_get_height(vs->ds))
1696
        y_position = ds_get_height(vs->ds);
1697
    if (y_position + h >= ds_get_height(vs->ds))
1698
        h = ds_get_height(vs->ds) - y_position;
1699

    
1700
    int i;
1701
    vs->need_update = 1;
1702
    if (!incremental) {
1703
        vs->force_update = 1;
1704
        for (i = 0; i < h; i++) {
1705
            vnc_set_bits(vs->dirty[y_position + i],
1706
                         (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1707
        }
1708
    }
1709
}
1710

    
1711
static void send_ext_key_event_ack(VncState *vs)
1712
{
1713
    vnc_lock_output(vs);
1714
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1715
    vnc_write_u8(vs, 0);
1716
    vnc_write_u16(vs, 1);
1717
    vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1718
                           VNC_ENCODING_EXT_KEY_EVENT);
1719
    vnc_unlock_output(vs);
1720
    vnc_flush(vs);
1721
}
1722

    
1723
static void send_ext_audio_ack(VncState *vs)
1724
{
1725
    vnc_lock_output(vs);
1726
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1727
    vnc_write_u8(vs, 0);
1728
    vnc_write_u16(vs, 1);
1729
    vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1730
                           VNC_ENCODING_AUDIO);
1731
    vnc_unlock_output(vs);
1732
    vnc_flush(vs);
1733
}
1734

    
1735
static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1736
{
1737
    int i;
1738
    unsigned int enc = 0;
1739

    
1740
    vs->features = 0;
1741
    vs->vnc_encoding = 0;
1742
    vs->tight.compression = 9;
1743
    vs->tight.quality = -1; /* Lossless by default */
1744
    vs->absolute = -1;
1745

    
1746
    /*
1747
     * Start from the end because the encodings are sent in order of preference.
1748
     * This way the prefered encoding (first encoding defined in the array)
1749
     * will be set at the end of the loop.
1750
     */
1751
    for (i = n_encodings - 1; i >= 0; i--) {
1752
        enc = encodings[i];
1753
        switch (enc) {
1754
        case VNC_ENCODING_RAW:
1755
            vs->vnc_encoding = enc;
1756
            break;
1757
        case VNC_ENCODING_COPYRECT:
1758
            vs->features |= VNC_FEATURE_COPYRECT_MASK;
1759
            break;
1760
        case VNC_ENCODING_HEXTILE:
1761
            vs->features |= VNC_FEATURE_HEXTILE_MASK;
1762
            vs->vnc_encoding = enc;
1763
            break;
1764
        case VNC_ENCODING_TIGHT:
1765
            vs->features |= VNC_FEATURE_TIGHT_MASK;
1766
            vs->vnc_encoding = enc;
1767
            break;
1768
        case VNC_ENCODING_TIGHT_PNG:
1769
            vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1770
            vs->vnc_encoding = enc;
1771
            break;
1772
        case VNC_ENCODING_ZLIB:
1773
            vs->features |= VNC_FEATURE_ZLIB_MASK;
1774
            vs->vnc_encoding = enc;
1775
            break;
1776
        case VNC_ENCODING_ZRLE:
1777
            vs->features |= VNC_FEATURE_ZRLE_MASK;
1778
            vs->vnc_encoding = enc;
1779
            break;
1780
        case VNC_ENCODING_ZYWRLE:
1781
            vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1782
            vs->vnc_encoding = enc;
1783
            break;
1784
        case VNC_ENCODING_DESKTOPRESIZE:
1785
            vs->features |= VNC_FEATURE_RESIZE_MASK;
1786
            break;
1787
        case VNC_ENCODING_POINTER_TYPE_CHANGE:
1788
            vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1789
            break;
1790
        case VNC_ENCODING_RICH_CURSOR:
1791
            vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1792
            break;
1793
        case VNC_ENCODING_EXT_KEY_EVENT:
1794
            send_ext_key_event_ack(vs);
1795
            break;
1796
        case VNC_ENCODING_AUDIO:
1797
            send_ext_audio_ack(vs);
1798
            break;
1799
        case VNC_ENCODING_WMVi:
1800
            vs->features |= VNC_FEATURE_WMVI_MASK;
1801
            break;
1802
        case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1803
            vs->tight.compression = (enc & 0x0F);
1804
            break;
1805
        case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1806
            if (vs->vd->lossy) {
1807
                vs->tight.quality = (enc & 0x0F);
1808
            }
1809
            break;
1810
        default:
1811
            VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1812
            break;
1813
        }
1814
    }
1815
    vnc_desktop_resize(vs);
1816
    check_pointer_type_change(&vs->mouse_mode_notifier);
1817
}
1818

    
1819
static void set_pixel_conversion(VncState *vs)
1820
{
1821
    if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1822
        (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) && 
1823
        !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1824
        vs->write_pixels = vnc_write_pixels_copy;
1825
        vnc_hextile_set_pixel_conversion(vs, 0);
1826
    } else {
1827
        vs->write_pixels = vnc_write_pixels_generic;
1828
        vnc_hextile_set_pixel_conversion(vs, 1);
1829
    }
1830
}
1831

    
1832
static void set_pixel_format(VncState *vs,
1833
                             int bits_per_pixel, int depth,
1834
                             int big_endian_flag, int true_color_flag,
1835
                             int red_max, int green_max, int blue_max,
1836
                             int red_shift, int green_shift, int blue_shift)
1837
{
1838
    if (!true_color_flag) {
1839
        vnc_client_error(vs);
1840
        return;
1841
    }
1842

    
1843
    vs->clientds = *(vs->vd->guest.ds);
1844
    vs->clientds.pf.rmax = red_max;
1845
    count_bits(vs->clientds.pf.rbits, red_max);
1846
    vs->clientds.pf.rshift = red_shift;
1847
    vs->clientds.pf.rmask = red_max << red_shift;
1848
    vs->clientds.pf.gmax = green_max;
1849
    count_bits(vs->clientds.pf.gbits, green_max);
1850
    vs->clientds.pf.gshift = green_shift;
1851
    vs->clientds.pf.gmask = green_max << green_shift;
1852
    vs->clientds.pf.bmax = blue_max;
1853
    count_bits(vs->clientds.pf.bbits, blue_max);
1854
    vs->clientds.pf.bshift = blue_shift;
1855
    vs->clientds.pf.bmask = blue_max << blue_shift;
1856
    vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1857
    vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1858
    vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1859
    vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1860

    
1861
    set_pixel_conversion(vs);
1862

    
1863
    vga_hw_invalidate();
1864
    vga_hw_update();
1865
}
1866

    
1867
static void pixel_format_message (VncState *vs) {
1868
    char pad[3] = { 0, 0, 0 };
1869

    
1870
    vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1871
    vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1872

    
1873
#ifdef HOST_WORDS_BIGENDIAN
1874
    vnc_write_u8(vs, 1);             /* big-endian-flag */
1875
#else
1876
    vnc_write_u8(vs, 0);             /* big-endian-flag */
1877
#endif
1878
    vnc_write_u8(vs, 1);             /* true-color-flag */
1879
    vnc_write_u16(vs, vs->ds->surface->pf.rmax);     /* red-max */
1880
    vnc_write_u16(vs, vs->ds->surface->pf.gmax);     /* green-max */
1881
    vnc_write_u16(vs, vs->ds->surface->pf.bmax);     /* blue-max */
1882
    vnc_write_u8(vs, vs->ds->surface->pf.rshift);    /* red-shift */
1883
    vnc_write_u8(vs, vs->ds->surface->pf.gshift);    /* green-shift */
1884
    vnc_write_u8(vs, vs->ds->surface->pf.bshift);    /* blue-shift */
1885

    
1886
    vnc_hextile_set_pixel_conversion(vs, 0);
1887

    
1888
    vs->clientds = *(vs->ds->surface);
1889
    vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1890
    vs->write_pixels = vnc_write_pixels_copy;
1891

    
1892
    vnc_write(vs, pad, 3);           /* padding */
1893
}
1894

    
1895
static void vnc_dpy_setdata(DisplayState *ds)
1896
{
1897
    /* We don't have to do anything */
1898
}
1899

    
1900
static void vnc_colordepth(VncState *vs)
1901
{
1902
    if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1903
        /* Sending a WMVi message to notify the client*/
1904
        vnc_lock_output(vs);
1905
        vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1906
        vnc_write_u8(vs, 0);
1907
        vnc_write_u16(vs, 1); /* number of rects */
1908
        vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 
1909
                               ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1910
        pixel_format_message(vs);
1911
        vnc_unlock_output(vs);
1912
        vnc_flush(vs);
1913
    } else {
1914
        set_pixel_conversion(vs);
1915
    }
1916
}
1917

    
1918
static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1919
{
1920
    int i;
1921
    uint16_t limit;
1922
    VncDisplay *vd = vs->vd;
1923

    
1924
    if (data[0] > 3) {
1925
        vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1926
        if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1927
            qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1928
    }
1929

    
1930
    switch (data[0]) {
1931
    case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1932
        if (len == 1)
1933
            return 20;
1934

    
1935
        set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1936
                         read_u8(data, 6), read_u8(data, 7),
1937
                         read_u16(data, 8), read_u16(data, 10),
1938
                         read_u16(data, 12), read_u8(data, 14),
1939
                         read_u8(data, 15), read_u8(data, 16));
1940
        break;
1941
    case VNC_MSG_CLIENT_SET_ENCODINGS:
1942
        if (len == 1)
1943
            return 4;
1944

    
1945
        if (len == 4) {
1946
            limit = read_u16(data, 2);
1947
            if (limit > 0)
1948
                return 4 + (limit * 4);
1949
        } else
1950
            limit = read_u16(data, 2);
1951

    
1952
        for (i = 0; i < limit; i++) {
1953
            int32_t val = read_s32(data, 4 + (i * 4));
1954
            memcpy(data + 4 + (i * 4), &val, sizeof(val));
1955
        }
1956

    
1957
        set_encodings(vs, (int32_t *)(data + 4), limit);
1958
        break;
1959
    case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1960
        if (len == 1)
1961
            return 10;
1962

    
1963
        framebuffer_update_request(vs,
1964
                                   read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1965
                                   read_u16(data, 6), read_u16(data, 8));
1966
        break;
1967
    case VNC_MSG_CLIENT_KEY_EVENT:
1968
        if (len == 1)
1969
            return 8;
1970

    
1971
        key_event(vs, read_u8(data, 1), read_u32(data, 4));
1972
        break;
1973
    case VNC_MSG_CLIENT_POINTER_EVENT:
1974
        if (len == 1)
1975
            return 6;
1976

    
1977
        pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1978
        break;
1979
    case VNC_MSG_CLIENT_CUT_TEXT:
1980
        if (len == 1)
1981
            return 8;
1982

    
1983
        if (len == 8) {
1984
            uint32_t dlen = read_u32(data, 4);
1985
            if (dlen > 0)
1986
                return 8 + dlen;
1987
        }
1988

    
1989
        client_cut_text(vs, read_u32(data, 4), data + 8);
1990
        break;
1991
    case VNC_MSG_CLIENT_QEMU:
1992
        if (len == 1)
1993
            return 2;
1994

    
1995
        switch (read_u8(data, 1)) {
1996
        case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1997
            if (len == 2)
1998
                return 12;
1999

    
2000
            ext_key_event(vs, read_u16(data, 2),
2001
                          read_u32(data, 4), read_u32(data, 8));
2002
            break;
2003
        case VNC_MSG_CLIENT_QEMU_AUDIO:
2004
            if (len == 2)
2005
                return 4;
2006

    
2007
            switch (read_u16 (data, 2)) {
2008
            case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2009
                audio_add(vs);
2010
                break;
2011
            case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2012
                audio_del(vs);
2013
                break;
2014
            case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2015
                if (len == 4)
2016
                    return 10;
2017
                switch (read_u8(data, 4)) {
2018
                case 0: vs->as.fmt = AUD_FMT_U8; break;
2019
                case 1: vs->as.fmt = AUD_FMT_S8; break;
2020
                case 2: vs->as.fmt = AUD_FMT_U16; break;
2021
                case 3: vs->as.fmt = AUD_FMT_S16; break;
2022
                case 4: vs->as.fmt = AUD_FMT_U32; break;
2023
                case 5: vs->as.fmt = AUD_FMT_S32; break;
2024
                default:
2025
                    printf("Invalid audio format %d\n", read_u8(data, 4));
2026
                    vnc_client_error(vs);
2027
                    break;
2028
                }
2029
                vs->as.nchannels = read_u8(data, 5);
2030
                if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2031
                    printf("Invalid audio channel coount %d\n",
2032
                           read_u8(data, 5));
2033
                    vnc_client_error(vs);
2034
                    break;
2035
                }
2036
                vs->as.freq = read_u32(data, 6);
2037
                break;
2038
            default:
2039
                printf ("Invalid audio message %d\n", read_u8(data, 4));
2040
                vnc_client_error(vs);
2041
                break;
2042
            }
2043
            break;
2044

    
2045
        default:
2046
            printf("Msg: %d\n", read_u16(data, 0));
2047
            vnc_client_error(vs);
2048
            break;
2049
        }
2050
        break;
2051
    default:
2052
        printf("Msg: %d\n", data[0]);
2053
        vnc_client_error(vs);
2054
        break;
2055
    }
2056

    
2057
    vnc_read_when(vs, protocol_client_msg, 1);
2058
    return 0;
2059
}
2060

    
2061
static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2062
{
2063
    char buf[1024];
2064
    int size;
2065

    
2066
    vs->client_width = ds_get_width(vs->ds);
2067
    vs->client_height = ds_get_height(vs->ds);
2068
    vnc_write_u16(vs, vs->client_width);
2069
    vnc_write_u16(vs, vs->client_height);
2070

    
2071
    pixel_format_message(vs);
2072

    
2073
    if (qemu_name)
2074
        size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2075
    else
2076
        size = snprintf(buf, sizeof(buf), "QEMU");
2077

    
2078
    vnc_write_u32(vs, size);
2079
    vnc_write(vs, buf, size);
2080
    vnc_flush(vs);
2081

    
2082
    vnc_client_cache_auth(vs);
2083
    vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2084

    
2085
    vnc_read_when(vs, protocol_client_msg, 1);
2086

    
2087
    return 0;
2088
}
2089

    
2090
void start_client_init(VncState *vs)
2091
{
2092
    vnc_read_when(vs, protocol_client_init, 1);
2093
}
2094

    
2095
static void make_challenge(VncState *vs)
2096
{
2097
    int i;
2098

    
2099
    srand(time(NULL)+getpid()+getpid()*987654+rand());
2100

    
2101
    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2102
        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2103
}
2104

    
2105
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2106
{
2107
    unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2108
    int i, j, pwlen;
2109
    unsigned char key[8];
2110
    time_t now = time(NULL);
2111

    
2112
    if (!vs->vd->password) {
2113
        VNC_DEBUG("No password configured on server");
2114
        goto reject;
2115
    }
2116
    if (vs->vd->expires < now) {
2117
        VNC_DEBUG("Password is expired");
2118
        goto reject;
2119
    }
2120

    
2121
    memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2122

    
2123
    /* Calculate the expected challenge response */
2124
    pwlen = strlen(vs->vd->password);
2125
    for (i=0; i<sizeof(key); i++)
2126
        key[i] = i<pwlen ? vs->vd->password[i] : 0;
2127
    deskey(key, EN0);
2128
    for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2129
        des(response+j, response+j);
2130

    
2131
    /* Compare expected vs actual challenge response */
2132
    if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2133
        VNC_DEBUG("Client challenge reponse did not match\n");
2134
        goto reject;
2135
    } else {
2136
        VNC_DEBUG("Accepting VNC challenge response\n");
2137
        vnc_write_u32(vs, 0); /* Accept auth */
2138
        vnc_flush(vs);
2139

    
2140
        start_client_init(vs);
2141
    }
2142
    return 0;
2143

    
2144
reject:
2145
    vnc_write_u32(vs, 1); /* Reject auth */
2146
    if (vs->minor >= 8) {
2147
        static const char err[] = "Authentication failed";
2148
        vnc_write_u32(vs, sizeof(err));
2149
        vnc_write(vs, err, sizeof(err));
2150
    }
2151
    vnc_flush(vs);
2152
    vnc_client_error(vs);
2153
    return 0;
2154
}
2155

    
2156
void start_auth_vnc(VncState *vs)
2157
{
2158
    make_challenge(vs);
2159
    /* Send client a 'random' challenge */
2160
    vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2161
    vnc_flush(vs);
2162

    
2163
    vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2164
}
2165

    
2166

    
2167
static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2168
{
2169
    /* We only advertise 1 auth scheme at a time, so client
2170
     * must pick the one we sent. Verify this */
2171
    if (data[0] != vs->vd->auth) { /* Reject auth */
2172
       VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2173
       vnc_write_u32(vs, 1);
2174
       if (vs->minor >= 8) {
2175
           static const char err[] = "Authentication failed";
2176
           vnc_write_u32(vs, sizeof(err));
2177
           vnc_write(vs, err, sizeof(err));
2178
       }
2179
       vnc_client_error(vs);
2180
    } else { /* Accept requested auth */
2181
       VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2182
       switch (vs->vd->auth) {
2183
       case VNC_AUTH_NONE:
2184
           VNC_DEBUG("Accept auth none\n");
2185
           if (vs->minor >= 8) {
2186
               vnc_write_u32(vs, 0); /* Accept auth completion */
2187
               vnc_flush(vs);
2188
           }
2189
           start_client_init(vs);
2190
           break;
2191

    
2192
       case VNC_AUTH_VNC:
2193
           VNC_DEBUG("Start VNC auth\n");
2194
           start_auth_vnc(vs);
2195
           break;
2196

    
2197
#ifdef CONFIG_VNC_TLS
2198
       case VNC_AUTH_VENCRYPT:
2199
           VNC_DEBUG("Accept VeNCrypt auth\n");;
2200
           start_auth_vencrypt(vs);
2201
           break;
2202
#endif /* CONFIG_VNC_TLS */
2203

    
2204
#ifdef CONFIG_VNC_SASL
2205
       case VNC_AUTH_SASL:
2206
           VNC_DEBUG("Accept SASL auth\n");
2207
           start_auth_sasl(vs);
2208
           break;
2209
#endif /* CONFIG_VNC_SASL */
2210

    
2211
       default: /* Should not be possible, but just in case */
2212
           VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2213
           vnc_write_u8(vs, 1);
2214
           if (vs->minor >= 8) {
2215
               static const char err[] = "Authentication failed";
2216
               vnc_write_u32(vs, sizeof(err));
2217
               vnc_write(vs, err, sizeof(err));
2218
           }
2219
           vnc_client_error(vs);
2220
       }
2221
    }
2222
    return 0;
2223
}
2224

    
2225
static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2226
{
2227
    char local[13];
2228

    
2229
    memcpy(local, version, 12);
2230
    local[12] = 0;
2231

    
2232
    if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2233
        VNC_DEBUG("Malformed protocol version %s\n", local);
2234
        vnc_client_error(vs);
2235
        return 0;
2236
    }
2237
    VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2238
    if (vs->major != 3 ||
2239
        (vs->minor != 3 &&
2240
         vs->minor != 4 &&
2241
         vs->minor != 5 &&
2242
         vs->minor != 7 &&
2243
         vs->minor != 8)) {
2244
        VNC_DEBUG("Unsupported client version\n");
2245
        vnc_write_u32(vs, VNC_AUTH_INVALID);
2246
        vnc_flush(vs);
2247
        vnc_client_error(vs);
2248
        return 0;
2249
    }
2250
    /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2251
     * as equivalent to v3.3 by servers
2252
     */
2253
    if (vs->minor == 4 || vs->minor == 5)
2254
        vs->minor = 3;
2255

    
2256
    if (vs->minor == 3) {
2257
        if (vs->vd->auth == VNC_AUTH_NONE) {
2258
            VNC_DEBUG("Tell client auth none\n");
2259
            vnc_write_u32(vs, vs->vd->auth);
2260
            vnc_flush(vs);
2261
            start_client_init(vs);
2262
       } else if (vs->vd->auth == VNC_AUTH_VNC) {
2263
            VNC_DEBUG("Tell client VNC auth\n");
2264
            vnc_write_u32(vs, vs->vd->auth);
2265
            vnc_flush(vs);
2266
            start_auth_vnc(vs);
2267
       } else {
2268
            VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2269
            vnc_write_u32(vs, VNC_AUTH_INVALID);
2270
            vnc_flush(vs);
2271
            vnc_client_error(vs);
2272
       }
2273
    } else {
2274
        VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2275
        vnc_write_u8(vs, 1); /* num auth */
2276
        vnc_write_u8(vs, vs->vd->auth);
2277
        vnc_read_when(vs, protocol_client_auth, 1);
2278
        vnc_flush(vs);
2279
    }
2280

    
2281
    return 0;
2282
}
2283

    
2284
static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2285
{
2286
    struct VncSurface *vs = &vd->guest;
2287

    
2288
    return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2289
}
2290

    
2291
void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2292
{
2293
    int i, j;
2294

    
2295
    w = (x + w) / VNC_STAT_RECT;
2296
    h = (y + h) / VNC_STAT_RECT;
2297
    x /= VNC_STAT_RECT;
2298
    y /= VNC_STAT_RECT;
2299

    
2300
    for (j = y; j <= y + h; j++) {
2301
        for (i = x; i <= x + w; i++) {
2302
            vs->lossy_rect[j][i] = 1;
2303
        }
2304
    }
2305
}
2306

    
2307
static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2308
{
2309
    VncState *vs;
2310
    int sty = y / VNC_STAT_RECT;
2311
    int stx = x / VNC_STAT_RECT;
2312
    int has_dirty = 0;
2313

    
2314
    y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2315
    x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2316

    
2317
    QTAILQ_FOREACH(vs, &vd->clients, next) {
2318
        int j;
2319

    
2320
        /* kernel send buffers are full -> refresh later */
2321
        if (vs->output.offset) {
2322
            continue;
2323
        }
2324

    
2325
        if (!vs->lossy_rect[sty][stx]) {
2326
            continue;
2327
        }
2328
        vs->lossy_rect[sty][stx] = 0;
2329
        for (j = 0; j < VNC_STAT_RECT; ++j) {
2330
            vnc_set_bits(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2331
        }
2332
        has_dirty++;
2333
    }
2334
    return has_dirty;
2335
}
2336

    
2337
static int vnc_update_stats(VncDisplay *vd,  struct timeval * tv)
2338
{
2339
    int x, y;
2340
    struct timeval res;
2341
    int has_dirty = 0;
2342

    
2343
    for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2344
        for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2345
            VncRectStat *rect = vnc_stat_rect(vd, x, y);
2346

    
2347
            rect->updated = false;
2348
        }
2349
    }
2350

    
2351
    timersub(tv, &VNC_REFRESH_STATS, &res);
2352

    
2353
    if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2354
        return has_dirty;
2355
    }
2356
    vd->guest.last_freq_check = *tv;
2357

    
2358
    for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2359
        for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2360
            VncRectStat *rect= vnc_stat_rect(vd, x, y);
2361
            int count = ARRAY_SIZE(rect->times);
2362
            struct timeval min, max;
2363

    
2364
            if (!timerisset(&rect->times[count - 1])) {
2365
                continue ;
2366
            }
2367

    
2368
            max = rect->times[(rect->idx + count - 1) % count];
2369
            timersub(tv, &max, &res);
2370

    
2371
            if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2372
                rect->freq = 0;
2373
                has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2374
                memset(rect->times, 0, sizeof (rect->times));
2375
                continue ;
2376
            }
2377

    
2378
            min = rect->times[rect->idx];
2379
            max = rect->times[(rect->idx + count - 1) % count];
2380
            timersub(&max, &min, &res);
2381

    
2382
            rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2383
            rect->freq /= count;
2384
            rect->freq = 1. / rect->freq;
2385
        }
2386
    }
2387
    return has_dirty;
2388
}
2389

    
2390
double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2391
{
2392
    int i, j;
2393
    double total = 0;
2394
    int num = 0;
2395

    
2396
    x =  (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2397
    y =  (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2398

    
2399
    for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2400
        for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2401
            total += vnc_stat_rect(vs->vd, i, j)->freq;
2402
            num++;
2403
        }
2404
    }
2405

    
2406
    if (num) {
2407
        return total / num;
2408
    } else {
2409
        return 0;
2410
    }
2411
}
2412

    
2413
static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2414
{
2415
    VncRectStat *rect;
2416

    
2417
    rect = vnc_stat_rect(vd, x, y);
2418
    if (rect->updated) {
2419
        return ;
2420
    }
2421
    rect->times[rect->idx] = *tv;
2422
    rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2423
    rect->updated = true;
2424
}
2425

    
2426
static int vnc_refresh_server_surface(VncDisplay *vd)
2427
{
2428
    int y;
2429
    uint8_t *guest_row;
2430
    uint8_t *server_row;
2431
    int cmp_bytes;
2432
    uint32_t width_mask[VNC_DIRTY_WORDS];
2433
    VncState *vs;
2434
    int has_dirty = 0;
2435

    
2436
    struct timeval tv;
2437

    
2438
    gettimeofday(&tv, NULL);
2439
    has_dirty = vnc_update_stats(vd, &tv);
2440

    
2441
    /*
2442
     * Walk through the guest dirty map.
2443
     * Check and copy modified bits from guest to server surface.
2444
     * Update server dirty map.
2445
     */
2446
    vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2447
    cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2448
    guest_row  = vd->guest.ds->data;
2449
    server_row = vd->server->data;
2450
    for (y = 0; y < vd->guest.ds->height; y++) {
2451
        if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2452
            int x;
2453
            uint8_t *guest_ptr;
2454
            uint8_t *server_ptr;
2455

    
2456
            guest_ptr  = guest_row;
2457
            server_ptr = server_row;
2458

    
2459
            for (x = 0; x < vd->guest.ds->width;
2460
                    x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2461
                if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2462
                    continue;
2463
                vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2464
                if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2465
                    continue;
2466
                memcpy(server_ptr, guest_ptr, cmp_bytes);
2467
                vnc_rect_updated(vd, x, y, &tv);
2468
                QTAILQ_FOREACH(vs, &vd->clients, next) {
2469
                    vnc_set_bit(vs->dirty[y], (x / 16));
2470
                }
2471
                has_dirty++;
2472
            }
2473
        }
2474
        guest_row  += ds_get_linesize(vd->ds);
2475
        server_row += ds_get_linesize(vd->ds);
2476
    }
2477
    return has_dirty;
2478
}
2479

    
2480
static void vnc_refresh(void *opaque)
2481
{
2482
    VncDisplay *vd = opaque;
2483
    VncState *vs, *vn;
2484
    int has_dirty, rects = 0;
2485

    
2486
    vga_hw_update();
2487

    
2488
    if (vnc_trylock_display(vd)) {
2489
        vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2490
        qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) +
2491
                       vd->timer_interval);
2492
        return;
2493
    }
2494

    
2495
    has_dirty = vnc_refresh_server_surface(vd);
2496
    vnc_unlock_display(vd);
2497

    
2498
    QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2499
        rects += vnc_update_client(vs, has_dirty);
2500
        /* vs might be free()ed here */
2501
    }
2502

    
2503
    /* vd->timer could be NULL now if the last client disconnected,
2504
     * in this case don't update the timer */
2505
    if (vd->timer == NULL)
2506
        return;
2507

    
2508
    if (has_dirty && rects) {
2509
        vd->timer_interval /= 2;
2510
        if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2511
            vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2512
    } else {
2513
        vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2514
        if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2515
            vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2516
    }
2517
    qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2518
}
2519

    
2520
static void vnc_init_timer(VncDisplay *vd)
2521
{
2522
    vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2523
    if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2524
        vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2525
        vnc_refresh(vd);
2526
    }
2527
}
2528

    
2529
static void vnc_remove_timer(VncDisplay *vd)
2530
{
2531
    if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2532
        qemu_del_timer(vd->timer);
2533
        qemu_free_timer(vd->timer);
2534
        vd->timer = NULL;
2535
    }
2536
}
2537

    
2538
static void vnc_connect(VncDisplay *vd, int csock)
2539
{
2540
    VncState *vs = qemu_mallocz(sizeof(VncState));
2541
    int i;
2542

    
2543
    vs->csock = csock;
2544
    vs->lossy_rect = qemu_mallocz(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2545
    for (i = 0; i < VNC_STAT_ROWS; ++i) {
2546
        vs->lossy_rect[i] = qemu_mallocz(VNC_STAT_COLS * sizeof (uint8_t));
2547
    }
2548

    
2549
    VNC_DEBUG("New client on socket %d\n", csock);
2550
    dcl->idle = 0;
2551
    socket_set_nonblock(vs->csock);
2552
    qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2553

    
2554
    vnc_client_cache_addr(vs);
2555
    vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2556

    
2557
    vs->vd = vd;
2558
    vs->ds = vd->ds;
2559
    vs->last_x = -1;
2560
    vs->last_y = -1;
2561

    
2562
    vs->as.freq = 44100;
2563
    vs->as.nchannels = 2;
2564
    vs->as.fmt = AUD_FMT_S16;
2565
    vs->as.endianness = 0;
2566

    
2567
#ifdef CONFIG_VNC_THREAD
2568
    qemu_mutex_init(&vs->output_mutex);
2569
#endif
2570

    
2571
    QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2572

    
2573
    vga_hw_update();
2574

    
2575
    vnc_write(vs, "RFB 003.008\n", 12);
2576
    vnc_flush(vs);
2577
    vnc_read_when(vs, protocol_version, 12);
2578
    reset_keys(vs);
2579
    if (vs->vd->lock_key_sync)
2580
        vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2581

    
2582
    vs->mouse_mode_notifier.notify = check_pointer_type_change;
2583
    qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2584

    
2585
    vnc_init_timer(vd);
2586

    
2587
    /* vs might be free()ed here */
2588
}
2589

    
2590
static void vnc_listen_read(void *opaque)
2591
{
2592
    VncDisplay *vs = opaque;
2593
    struct sockaddr_in addr;
2594
    socklen_t addrlen = sizeof(addr);
2595

    
2596
    /* Catch-up */
2597
    vga_hw_update();
2598

    
2599
    int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2600
    if (csock != -1) {
2601
        vnc_connect(vs, csock);
2602
    }
2603
}
2604

    
2605
void vnc_display_init(DisplayState *ds)
2606
{
2607
    VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2608

    
2609
    dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2610

    
2611
    ds->opaque = vs;
2612
    dcl->idle = 1;
2613
    vnc_display = vs;
2614

    
2615
    vs->lsock = -1;
2616

    
2617
    vs->ds = ds;
2618
    QTAILQ_INIT(&vs->clients);
2619
    vs->expires = TIME_MAX;
2620

    
2621
    if (keyboard_layout)
2622
        vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2623
    else
2624
        vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2625

    
2626
    if (!vs->kbd_layout)
2627
        exit(1);
2628

    
2629
#ifdef CONFIG_VNC_THREAD
2630
    qemu_mutex_init(&vs->mutex);
2631
    vnc_start_worker_thread();
2632
#endif
2633

    
2634
    dcl->dpy_copy = vnc_dpy_copy;
2635
    dcl->dpy_update = vnc_dpy_update;
2636
    dcl->dpy_resize = vnc_dpy_resize;
2637
    dcl->dpy_setdata = vnc_dpy_setdata;
2638
    register_displaychangelistener(ds, dcl);
2639
    ds->mouse_set = vnc_mouse_set;
2640
    ds->cursor_define = vnc_dpy_cursor_define;
2641
}
2642

    
2643

    
2644
void vnc_display_close(DisplayState *ds)
2645
{
2646
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2647

    
2648
    if (!vs)
2649
        return;
2650
    if (vs->display) {
2651
        qemu_free(vs->display);
2652
        vs->display = NULL;
2653
    }
2654
    if (vs->lsock != -1) {
2655
        qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2656
        close(vs->lsock);
2657
        vs->lsock = -1;
2658
    }
2659
    vs->auth = VNC_AUTH_INVALID;
2660
#ifdef CONFIG_VNC_TLS
2661
    vs->subauth = VNC_AUTH_INVALID;
2662
    vs->tls.x509verify = 0;
2663
#endif
2664
}
2665

    
2666
int vnc_display_disable_login(DisplayState *ds)
2667
{
2668
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2669

    
2670
    if (!vs) {
2671
        return -1;
2672
    }
2673

    
2674
    if (vs->password) {
2675
        qemu_free(vs->password);
2676
    }
2677

    
2678
    vs->password = NULL;
2679
    vs->auth = VNC_AUTH_VNC;
2680

    
2681
    return 0;
2682
}
2683

    
2684
int vnc_display_password(DisplayState *ds, const char *password)
2685
{
2686
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2687

    
2688
    if (!vs) {
2689
        return -1;
2690
    }
2691

    
2692
    if (!password) {
2693
        /* This is not the intention of this interface but err on the side
2694
           of being safe */
2695
        return vnc_display_disable_login(ds);
2696
    }
2697

    
2698
    if (vs->password) {
2699
        qemu_free(vs->password);
2700
        vs->password = NULL;
2701
    }
2702
    vs->password = qemu_strdup(password);
2703
    vs->auth = VNC_AUTH_VNC;
2704

    
2705
    return 0;
2706
}
2707

    
2708
int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2709
{
2710
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2711

    
2712
    vs->expires = expires;
2713
    return 0;
2714
}
2715

    
2716
char *vnc_display_local_addr(DisplayState *ds)
2717
{
2718
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2719
    
2720
    return vnc_socket_local_addr("%s:%s", vs->lsock);
2721
}
2722

    
2723
int vnc_display_open(DisplayState *ds, const char *display)
2724
{
2725
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2726
    const char *options;
2727
    int password = 0;
2728
    int reverse = 0;
2729
#ifdef CONFIG_VNC_TLS
2730
    int tls = 0, x509 = 0;
2731
#endif
2732
#ifdef CONFIG_VNC_SASL
2733
    int sasl = 0;
2734
    int saslErr;
2735
#endif
2736
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2737
    int acl = 0;
2738
#endif
2739
    int lock_key_sync = 1;
2740

    
2741
    if (!vnc_display)
2742
        return -1;
2743
    vnc_display_close(ds);
2744
    if (strcmp(display, "none") == 0)
2745
        return 0;
2746

    
2747
    if (!(vs->display = strdup(display)))
2748
        return -1;
2749

    
2750
    options = display;
2751
    while ((options = strchr(options, ','))) {
2752
        options++;
2753
        if (strncmp(options, "password", 8) == 0) {
2754
            password = 1; /* Require password auth */
2755
        } else if (strncmp(options, "reverse", 7) == 0) {
2756
            reverse = 1;
2757
        } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2758
            lock_key_sync = 0;
2759
#ifdef CONFIG_VNC_SASL
2760
        } else if (strncmp(options, "sasl", 4) == 0) {
2761
            sasl = 1; /* Require SASL auth */
2762
#endif
2763
#ifdef CONFIG_VNC_TLS
2764
        } else if (strncmp(options, "tls", 3) == 0) {
2765
            tls = 1; /* Require TLS */
2766
        } else if (strncmp(options, "x509", 4) == 0) {
2767
            char *start, *end;
2768
            x509 = 1; /* Require x509 certificates */
2769
            if (strncmp(options, "x509verify", 10) == 0)
2770
                vs->tls.x509verify = 1; /* ...and verify client certs */
2771

    
2772
            /* Now check for 'x509=/some/path' postfix
2773
             * and use that to setup x509 certificate/key paths */
2774
            start = strchr(options, '=');
2775
            end = strchr(options, ',');
2776
            if (start && (!end || (start < end))) {
2777
                int len = end ? end-(start+1) : strlen(start+1);
2778
                char *path = qemu_strndup(start + 1, len);
2779

    
2780
                VNC_DEBUG("Trying certificate path '%s'\n", path);
2781
                if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2782
                    fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2783
                    qemu_free(path);
2784
                    qemu_free(vs->display);
2785
                    vs->display = NULL;
2786
                    return -1;
2787
                }
2788
                qemu_free(path);
2789
            } else {
2790
                fprintf(stderr, "No certificate path provided\n");
2791
                qemu_free(vs->display);
2792
                vs->display = NULL;
2793
                return -1;
2794
            }
2795
#endif
2796
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2797
        } else if (strncmp(options, "acl", 3) == 0) {
2798
            acl = 1;
2799
#endif
2800
        } else if (strncmp(options, "lossy", 5) == 0) {
2801
            vs->lossy = true;
2802
        }
2803
    }
2804

    
2805
#ifdef CONFIG_VNC_TLS
2806
    if (acl && x509 && vs->tls.x509verify) {
2807
        if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2808
            fprintf(stderr, "Failed to create x509 dname ACL\n");
2809
            exit(1);
2810
        }
2811
    }
2812
#endif
2813
#ifdef CONFIG_VNC_SASL
2814
    if (acl && sasl) {
2815
        if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2816
            fprintf(stderr, "Failed to create username ACL\n");
2817
            exit(1);
2818
        }
2819
    }
2820
#endif
2821

    
2822
    /*
2823
     * Combinations we support here:
2824
     *
2825
     *  - no-auth                (clear text, no auth)
2826
     *  - password               (clear text, weak auth)
2827
     *  - sasl                   (encrypt, good auth *IF* using Kerberos via GSSAPI)
2828
     *  - tls                    (encrypt, weak anonymous creds, no auth)
2829
     *  - tls + password         (encrypt, weak anonymous creds, weak auth)
2830
     *  - tls + sasl             (encrypt, weak anonymous creds, good auth)
2831
     *  - tls + x509             (encrypt, good x509 creds, no auth)
2832
     *  - tls + x509 + password  (encrypt, good x509 creds, weak auth)
2833
     *  - tls + x509 + sasl      (encrypt, good x509 creds, good auth)
2834
     *
2835
     * NB1. TLS is a stackable auth scheme.
2836
     * NB2. the x509 schemes have option to validate a client cert dname
2837
     */
2838
    if (password) {
2839
#ifdef CONFIG_VNC_TLS
2840
        if (tls) {
2841
            vs->auth = VNC_AUTH_VENCRYPT;
2842
            if (x509) {
2843
                VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2844
                vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2845
            } else {
2846
                VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2847
                vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2848
            }
2849
        } else {
2850
#endif /* CONFIG_VNC_TLS */
2851
            VNC_DEBUG("Initializing VNC server with password auth\n");
2852
            vs->auth = VNC_AUTH_VNC;
2853
#ifdef CONFIG_VNC_TLS
2854
            vs->subauth = VNC_AUTH_INVALID;
2855
        }
2856
#endif /* CONFIG_VNC_TLS */
2857
#ifdef CONFIG_VNC_SASL
2858
    } else if (sasl) {
2859
#ifdef CONFIG_VNC_TLS
2860
        if (tls) {
2861
            vs->auth = VNC_AUTH_VENCRYPT;
2862
            if (x509) {
2863
                VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2864
                vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2865
            } else {
2866
                VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2867
                vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2868
            }
2869
        } else {
2870
#endif /* CONFIG_VNC_TLS */
2871
            VNC_DEBUG("Initializing VNC server with SASL auth\n");
2872
            vs->auth = VNC_AUTH_SASL;
2873
#ifdef CONFIG_VNC_TLS
2874
            vs->subauth = VNC_AUTH_INVALID;
2875
        }
2876
#endif /* CONFIG_VNC_TLS */
2877
#endif /* CONFIG_VNC_SASL */
2878
    } else {
2879
#ifdef CONFIG_VNC_TLS
2880
        if (tls) {
2881
            vs->auth = VNC_AUTH_VENCRYPT;
2882
            if (x509) {
2883
                VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2884
                vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2885
            } else {
2886
                VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2887
                vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2888
            }
2889
        } else {
2890
#endif
2891
            VNC_DEBUG("Initializing VNC server with no auth\n");
2892
            vs->auth = VNC_AUTH_NONE;
2893
#ifdef CONFIG_VNC_TLS
2894
            vs->subauth = VNC_AUTH_INVALID;
2895
        }
2896
#endif
2897
    }
2898

    
2899
#ifdef CONFIG_VNC_SASL
2900
    if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2901
        fprintf(stderr, "Failed to initialize SASL auth %s",
2902
                sasl_errstring(saslErr, NULL, NULL));
2903
        free(vs->display);
2904
        vs->display = NULL;
2905
        return -1;
2906
    }
2907
#endif
2908
    vs->lock_key_sync = lock_key_sync;
2909

    
2910
    if (reverse) {
2911
        /* connect to viewer */
2912
        if (strncmp(display, "unix:", 5) == 0)
2913
            vs->lsock = unix_connect(display+5);
2914
        else
2915
            vs->lsock = inet_connect(display, SOCK_STREAM);
2916
        if (-1 == vs->lsock) {
2917
            free(vs->display);
2918
            vs->display = NULL;
2919
            return -1;
2920
        } else {
2921
            int csock = vs->lsock;
2922
            vs->lsock = -1;
2923
            vnc_connect(vs, csock);
2924
        }
2925
        return 0;
2926

    
2927
    } else {
2928
        /* listen for connects */
2929
        char *dpy;
2930
        dpy = qemu_malloc(256);
2931
        if (strncmp(display, "unix:", 5) == 0) {
2932
            pstrcpy(dpy, 256, "unix:");
2933
            vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2934
        } else {
2935
            vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2936
        }
2937
        if (-1 == vs->lsock) {
2938
            free(dpy);
2939
            return -1;
2940
        } else {
2941
            free(vs->display);
2942
            vs->display = dpy;
2943
        }
2944
    }
2945
    return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2946
}