Statistics
| Branch: | Revision:

root / ui / vnc.c @ d01f9595

History | View | Annotate | Download (78.5 kB)

1
/*
2
 * QEMU VNC display driver
3
 *
4
 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5
 * Copyright (C) 2006 Fabrice Bellard
6
 * Copyright (C) 2009 Red Hat, Inc
7
 *
8
 * Permission is hereby granted, free of charge, to any person obtaining a copy
9
 * of this software and associated documentation files (the "Software"), to deal
10
 * in the Software without restriction, including without limitation the rights
11
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12
 * copies of the Software, and to permit persons to whom the Software is
13
 * furnished to do so, subject to the following conditions:
14
 *
15
 * The above copyright notice and this permission notice shall be included in
16
 * all copies or substantial portions of the Software.
17
 *
18
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24
 * THE SOFTWARE.
25
 */
26

    
27
#include "vnc.h"
28
#include "vnc-jobs.h"
29
#include "sysemu.h"
30
#include "qemu_socket.h"
31
#include "qemu-timer.h"
32
#include "acl.h"
33
#include "qemu-objects.h"
34

    
35
#define VNC_REFRESH_INTERVAL_BASE 30
36
#define VNC_REFRESH_INTERVAL_INC  50
37
#define VNC_REFRESH_INTERVAL_MAX  2000
38

    
39
#include "vnc_keysym.h"
40
#include "d3des.h"
41

    
42
#define count_bits(c, v) { \
43
    for (c = 0; v; v >>= 1) \
44
    { \
45
        c += v & 1; \
46
    } \
47
}
48

    
49
static VncDisplay *vnc_display; /* needed for info vnc */
50
static DisplayChangeListener *dcl;
51

    
52
static int vnc_cursor_define(VncState *vs);
53

    
54
static char *addr_to_string(const char *format,
55
                            struct sockaddr_storage *sa,
56
                            socklen_t salen) {
57
    char *addr;
58
    char host[NI_MAXHOST];
59
    char serv[NI_MAXSERV];
60
    int err;
61
    size_t addrlen;
62

    
63
    if ((err = getnameinfo((struct sockaddr *)sa, salen,
64
                           host, sizeof(host),
65
                           serv, sizeof(serv),
66
                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67
        VNC_DEBUG("Cannot resolve address %d: %s\n",
68
                  err, gai_strerror(err));
69
        return NULL;
70
    }
71

    
72
    /* Enough for the existing format + the 2 vars we're
73
     * substituting in. */
74
    addrlen = strlen(format) + strlen(host) + strlen(serv);
75
    addr = qemu_malloc(addrlen + 1);
76
    snprintf(addr, addrlen, format, host, serv);
77
    addr[addrlen] = '\0';
78

    
79
    return addr;
80
}
81

    
82

    
83
char *vnc_socket_local_addr(const char *format, int fd) {
84
    struct sockaddr_storage sa;
85
    socklen_t salen;
86

    
87
    salen = sizeof(sa);
88
    if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89
        return NULL;
90

    
91
    return addr_to_string(format, &sa, salen);
92
}
93

    
94
char *vnc_socket_remote_addr(const char *format, int fd) {
95
    struct sockaddr_storage sa;
96
    socklen_t salen;
97

    
98
    salen = sizeof(sa);
99
    if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100
        return NULL;
101

    
102
    return addr_to_string(format, &sa, salen);
103
}
104

    
105
static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106
                          socklen_t salen)
107
{
108
    char host[NI_MAXHOST];
109
    char serv[NI_MAXSERV];
110
    int err;
111

    
112
    if ((err = getnameinfo((struct sockaddr *)sa, salen,
113
                           host, sizeof(host),
114
                           serv, sizeof(serv),
115
                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116
        VNC_DEBUG("Cannot resolve address %d: %s\n",
117
                  err, gai_strerror(err));
118
        return -1;
119
    }
120

    
121
    qdict_put(qdict, "host", qstring_from_str(host));
122
    qdict_put(qdict, "service", qstring_from_str(serv));
123
    qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
124

    
125
    return 0;
126
}
127

    
128
static int vnc_server_addr_put(QDict *qdict, int fd)
129
{
130
    struct sockaddr_storage sa;
131
    socklen_t salen;
132

    
133
    salen = sizeof(sa);
134
    if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135
        return -1;
136
    }
137

    
138
    return put_addr_qdict(qdict, &sa, salen);
139
}
140

    
141
static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142
{
143
    struct sockaddr_storage sa;
144
    socklen_t salen;
145

    
146
    salen = sizeof(sa);
147
    if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148
        return -1;
149
    }
150

    
151
    return put_addr_qdict(qdict, &sa, salen);
152
}
153

    
154
static const char *vnc_auth_name(VncDisplay *vd) {
155
    switch (vd->auth) {
156
    case VNC_AUTH_INVALID:
157
        return "invalid";
158
    case VNC_AUTH_NONE:
159
        return "none";
160
    case VNC_AUTH_VNC:
161
        return "vnc";
162
    case VNC_AUTH_RA2:
163
        return "ra2";
164
    case VNC_AUTH_RA2NE:
165
        return "ra2ne";
166
    case VNC_AUTH_TIGHT:
167
        return "tight";
168
    case VNC_AUTH_ULTRA:
169
        return "ultra";
170
    case VNC_AUTH_TLS:
171
        return "tls";
172
    case VNC_AUTH_VENCRYPT:
173
#ifdef CONFIG_VNC_TLS
174
        switch (vd->subauth) {
175
        case VNC_AUTH_VENCRYPT_PLAIN:
176
            return "vencrypt+plain";
177
        case VNC_AUTH_VENCRYPT_TLSNONE:
178
            return "vencrypt+tls+none";
179
        case VNC_AUTH_VENCRYPT_TLSVNC:
180
            return "vencrypt+tls+vnc";
181
        case VNC_AUTH_VENCRYPT_TLSPLAIN:
182
            return "vencrypt+tls+plain";
183
        case VNC_AUTH_VENCRYPT_X509NONE:
184
            return "vencrypt+x509+none";
185
        case VNC_AUTH_VENCRYPT_X509VNC:
186
            return "vencrypt+x509+vnc";
187
        case VNC_AUTH_VENCRYPT_X509PLAIN:
188
            return "vencrypt+x509+plain";
189
        case VNC_AUTH_VENCRYPT_TLSSASL:
190
            return "vencrypt+tls+sasl";
191
        case VNC_AUTH_VENCRYPT_X509SASL:
192
            return "vencrypt+x509+sasl";
193
        default:
194
            return "vencrypt";
195
        }
196
#else
197
        return "vencrypt";
198
#endif
199
    case VNC_AUTH_SASL:
200
        return "sasl";
201
    }
202
    return "unknown";
203
}
204

    
205
static int vnc_server_info_put(QDict *qdict)
206
{
207
    if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208
        return -1;
209
    }
210

    
211
    qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212
    return 0;
213
}
214

    
215
static void vnc_client_cache_auth(VncState *client)
216
{
217
    QDict *qdict;
218

    
219
    if (!client->info) {
220
        return;
221
    }
222

    
223
    qdict = qobject_to_qdict(client->info);
224

    
225
#ifdef CONFIG_VNC_TLS
226
    if (client->tls.session &&
227
        client->tls.dname) {
228
        qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229
    }
230
#endif
231
#ifdef CONFIG_VNC_SASL
232
    if (client->sasl.conn &&
233
        client->sasl.username) {
234
        qdict_put(qdict, "sasl_username",
235
                  qstring_from_str(client->sasl.username));
236
    }
237
#endif
238
}
239

    
240
static void vnc_client_cache_addr(VncState *client)
241
{
242
    QDict *qdict;
243

    
244
    qdict = qdict_new();
245
    if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246
        QDECREF(qdict);
247
        /* XXX: how to report the error? */
248
        return;
249
    }
250

    
251
    client->info = QOBJECT(qdict);
252
}
253

    
254
static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255
{
256
    QDict *server;
257
    QObject *data;
258

    
259
    if (!vs->info) {
260
        return;
261
    }
262

    
263
    server = qdict_new();
264
    if (vnc_server_info_put(server) < 0) {
265
        QDECREF(server);
266
        return;
267
    }
268

    
269
    data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270
                              vs->info, QOBJECT(server));
271

    
272
    monitor_protocol_event(event, data);
273

    
274
    qobject_incref(vs->info);
275
    qobject_decref(data);
276
}
277

    
278
static void info_vnc_iter(QObject *obj, void *opaque)
279
{
280
    QDict *client;
281
    Monitor *mon = opaque;
282

    
283
    client = qobject_to_qdict(obj);
284
    monitor_printf(mon, "Client:\n");
285
    monitor_printf(mon, "     address: %s:%s\n",
286
                   qdict_get_str(client, "host"),
287
                   qdict_get_str(client, "service"));
288

    
289
#ifdef CONFIG_VNC_TLS
290
    monitor_printf(mon, "  x509_dname: %s\n",
291
        qdict_haskey(client, "x509_dname") ?
292
        qdict_get_str(client, "x509_dname") : "none");
293
#endif
294
#ifdef CONFIG_VNC_SASL
295
    monitor_printf(mon, "    username: %s\n",
296
        qdict_haskey(client, "sasl_username") ?
297
        qdict_get_str(client, "sasl_username") : "none");
298
#endif
299
}
300

    
301
void do_info_vnc_print(Monitor *mon, const QObject *data)
302
{
303
    QDict *server;
304
    QList *clients;
305

    
306
    server = qobject_to_qdict(data);
307
    if (qdict_get_bool(server, "enabled") == 0) {
308
        monitor_printf(mon, "Server: disabled\n");
309
        return;
310
    }
311

    
312
    monitor_printf(mon, "Server:\n");
313
    monitor_printf(mon, "     address: %s:%s\n",
314
                   qdict_get_str(server, "host"),
315
                   qdict_get_str(server, "service"));
316
    monitor_printf(mon, "        auth: %s\n", qdict_get_str(server, "auth"));
317

    
318
    clients = qdict_get_qlist(server, "clients");
319
    if (qlist_empty(clients)) {
320
        monitor_printf(mon, "Client: none\n");
321
    } else {
322
        qlist_iter(clients, info_vnc_iter, mon);
323
    }
324
}
325

    
326
void do_info_vnc(Monitor *mon, QObject **ret_data)
327
{
328
    if (vnc_display == NULL || vnc_display->display == NULL) {
329
        *ret_data = qobject_from_jsonf("{ 'enabled': false }");
330
    } else {
331
        QList *clist;
332
        VncState *client;
333

    
334
        clist = qlist_new();
335
        QTAILQ_FOREACH(client, &vnc_display->clients, next) {
336
            if (client->info) {
337
                /* incref so that it's not freed by upper layers */
338
                qobject_incref(client->info);
339
                qlist_append_obj(clist, client->info);
340
            }
341
        }
342

    
343
        *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
344
                                       QOBJECT(clist));
345
        assert(*ret_data != NULL);
346

    
347
        if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
348
            qobject_decref(*ret_data);
349
            *ret_data = NULL;
350
        }
351
    }
352
}
353

    
354
/* TODO
355
   1) Get the queue working for IO.
356
   2) there is some weirdness when using the -S option (the screen is grey
357
      and not totally invalidated
358
   3) resolutions > 1024
359
*/
360

    
361
static int vnc_update_client(VncState *vs, int has_dirty);
362
static int vnc_update_client_sync(VncState *vs, int has_dirty);
363
static void vnc_disconnect_start(VncState *vs);
364
static void vnc_disconnect_finish(VncState *vs);
365
static void vnc_init_timer(VncDisplay *vd);
366
static void vnc_remove_timer(VncDisplay *vd);
367

    
368
static void vnc_colordepth(VncState *vs);
369
static void framebuffer_update_request(VncState *vs, int incremental,
370
                                       int x_position, int y_position,
371
                                       int w, int h);
372
static void vnc_refresh(void *opaque);
373
static int vnc_refresh_server_surface(VncDisplay *vd);
374

    
375
static inline void vnc_set_bit(uint32_t *d, int k)
376
{
377
    d[k >> 5] |= 1 << (k & 0x1f);
378
}
379

    
380
static inline void vnc_clear_bit(uint32_t *d, int k)
381
{
382
    d[k >> 5] &= ~(1 << (k & 0x1f));
383
}
384

    
385
static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
386
{
387
    int j;
388

    
389
    j = 0;
390
    while (n >= 32) {
391
        d[j++] = -1;
392
        n -= 32;
393
    }
394
    if (n > 0)
395
        d[j++] = (1 << n) - 1;
396
    while (j < nb_words)
397
        d[j++] = 0;
398
}
399

    
400
static inline int vnc_get_bit(const uint32_t *d, int k)
401
{
402
    return (d[k >> 5] >> (k & 0x1f)) & 1;
403
}
404

    
405
static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
406
                               int nb_words)
407
{
408
    int i;
409
    for(i = 0; i < nb_words; i++) {
410
        if ((d1[i] & d2[i]) != 0)
411
            return 1;
412
    }
413
    return 0;
414
}
415

    
416
static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
417
{
418
    int i;
419
    VncDisplay *vd = ds->opaque;
420
    struct VncSurface *s = &vd->guest;
421

    
422
    h += y;
423

    
424
    /* round x down to ensure the loop only spans one 16-pixel block per,
425
       iteration.  otherwise, if (x % 16) != 0, the last iteration may span
426
       two 16-pixel blocks but we only mark the first as dirty
427
    */
428
    w += (x % 16);
429
    x -= (x % 16);
430

    
431
    x = MIN(x, s->ds->width);
432
    y = MIN(y, s->ds->height);
433
    w = MIN(x + w, s->ds->width) - x;
434
    h = MIN(h, s->ds->height);
435

    
436
    for (; y < h; y++)
437
        for (i = 0; i < w; i += 16)
438
            vnc_set_bit(s->dirty[y], (x + i) / 16);
439
}
440

    
441
void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
442
                            int32_t encoding)
443
{
444
    vnc_write_u16(vs, x);
445
    vnc_write_u16(vs, y);
446
    vnc_write_u16(vs, w);
447
    vnc_write_u16(vs, h);
448

    
449
    vnc_write_s32(vs, encoding);
450
}
451

    
452
void buffer_reserve(Buffer *buffer, size_t len)
453
{
454
    if ((buffer->capacity - buffer->offset) < len) {
455
        buffer->capacity += (len + 1024);
456
        buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
457
        if (buffer->buffer == NULL) {
458
            fprintf(stderr, "vnc: out of memory\n");
459
            exit(1);
460
        }
461
    }
462
}
463

    
464
int buffer_empty(Buffer *buffer)
465
{
466
    return buffer->offset == 0;
467
}
468

    
469
uint8_t *buffer_end(Buffer *buffer)
470
{
471
    return buffer->buffer + buffer->offset;
472
}
473

    
474
void buffer_reset(Buffer *buffer)
475
{
476
        buffer->offset = 0;
477
}
478

    
479
void buffer_free(Buffer *buffer)
480
{
481
    qemu_free(buffer->buffer);
482
    buffer->offset = 0;
483
    buffer->capacity = 0;
484
    buffer->buffer = NULL;
485
}
486

    
487
void buffer_append(Buffer *buffer, const void *data, size_t len)
488
{
489
    memcpy(buffer->buffer + buffer->offset, data, len);
490
    buffer->offset += len;
491
}
492

    
493
static void vnc_desktop_resize(VncState *vs)
494
{
495
    DisplayState *ds = vs->ds;
496

    
497
    if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
498
        return;
499
    }
500
    if (vs->client_width == ds_get_width(ds) &&
501
        vs->client_height == ds_get_height(ds)) {
502
        return;
503
    }
504
    vs->client_width = ds_get_width(ds);
505
    vs->client_height = ds_get_height(ds);
506
    vnc_lock_output(vs);
507
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
508
    vnc_write_u8(vs, 0);
509
    vnc_write_u16(vs, 1); /* number of rects */
510
    vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
511
                           VNC_ENCODING_DESKTOPRESIZE);
512
    vnc_unlock_output(vs);
513
    vnc_flush(vs);
514
}
515

    
516
#ifdef CONFIG_VNC_THREAD
517
static void vnc_abort_display_jobs(VncDisplay *vd)
518
{
519
    VncState *vs;
520

    
521
    QTAILQ_FOREACH(vs, &vd->clients, next) {
522
        vnc_lock_output(vs);
523
        vs->abort = true;
524
        vnc_unlock_output(vs);
525
    }
526
    QTAILQ_FOREACH(vs, &vd->clients, next) {
527
        vnc_jobs_join(vs);
528
    }
529
    QTAILQ_FOREACH(vs, &vd->clients, next) {
530
        vnc_lock_output(vs);
531
        vs->abort = false;
532
        vnc_unlock_output(vs);
533
    }
534
}
535
#else
536
static void vnc_abort_display_jobs(VncDisplay *vd)
537
{
538
}
539
#endif
540

    
541
static void vnc_dpy_resize(DisplayState *ds)
542
{
543
    VncDisplay *vd = ds->opaque;
544
    VncState *vs;
545

    
546
    vnc_abort_display_jobs(vd);
547

    
548
    /* server surface */
549
    if (!vd->server)
550
        vd->server = qemu_mallocz(sizeof(*vd->server));
551
    if (vd->server->data)
552
        qemu_free(vd->server->data);
553
    *(vd->server) = *(ds->surface);
554
    vd->server->data = qemu_mallocz(vd->server->linesize *
555
                                    vd->server->height);
556

    
557
    /* guest surface */
558
    if (!vd->guest.ds)
559
        vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
560
    if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
561
        console_color_init(ds);
562
    *(vd->guest.ds) = *(ds->surface);
563
    memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
564

    
565
    QTAILQ_FOREACH(vs, &vd->clients, next) {
566
        vnc_colordepth(vs);
567
        vnc_desktop_resize(vs);
568
        if (vs->vd->cursor) {
569
            vnc_cursor_define(vs);
570
        }
571
        memset(vs->dirty, 0xFF, sizeof(vs->dirty));
572
    }
573
}
574

    
575
/* fastest code */
576
static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
577
                                  void *pixels, int size)
578
{
579
    vnc_write(vs, pixels, size);
580
}
581

    
582
/* slowest but generic code. */
583
void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
584
{
585
    uint8_t r, g, b;
586
    VncDisplay *vd = vs->vd;
587

    
588
    r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
589
        vd->server->pf.rbits);
590
    g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
591
        vd->server->pf.gbits);
592
    b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
593
        vd->server->pf.bbits);
594
    v = (r << vs->clientds.pf.rshift) |
595
        (g << vs->clientds.pf.gshift) |
596
        (b << vs->clientds.pf.bshift);
597
    switch(vs->clientds.pf.bytes_per_pixel) {
598
    case 1:
599
        buf[0] = v;
600
        break;
601
    case 2:
602
        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
603
            buf[0] = v >> 8;
604
            buf[1] = v;
605
        } else {
606
            buf[1] = v >> 8;
607
            buf[0] = v;
608
        }
609
        break;
610
    default:
611
    case 4:
612
        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
613
            buf[0] = v >> 24;
614
            buf[1] = v >> 16;
615
            buf[2] = v >> 8;
616
            buf[3] = v;
617
        } else {
618
            buf[3] = v >> 24;
619
            buf[2] = v >> 16;
620
            buf[1] = v >> 8;
621
            buf[0] = v;
622
        }
623
        break;
624
    }
625
}
626

    
627
static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
628
                                     void *pixels1, int size)
629
{
630
    uint8_t buf[4];
631

    
632
    if (pf->bytes_per_pixel == 4) {
633
        uint32_t *pixels = pixels1;
634
        int n, i;
635
        n = size >> 2;
636
        for(i = 0; i < n; i++) {
637
            vnc_convert_pixel(vs, buf, pixels[i]);
638
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
639
        }
640
    } else if (pf->bytes_per_pixel == 2) {
641
        uint16_t *pixels = pixels1;
642
        int n, i;
643
        n = size >> 1;
644
        for(i = 0; i < n; i++) {
645
            vnc_convert_pixel(vs, buf, pixels[i]);
646
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
647
        }
648
    } else if (pf->bytes_per_pixel == 1) {
649
        uint8_t *pixels = pixels1;
650
        int n, i;
651
        n = size;
652
        for(i = 0; i < n; i++) {
653
            vnc_convert_pixel(vs, buf, pixels[i]);
654
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
655
        }
656
    } else {
657
        fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
658
    }
659
}
660

    
661
int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
662
{
663
    int i;
664
    uint8_t *row;
665
    VncDisplay *vd = vs->vd;
666

    
667
    row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
668
    for (i = 0; i < h; i++) {
669
        vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
670
        row += ds_get_linesize(vs->ds);
671
    }
672
    return 1;
673
}
674

    
675
int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
676
{
677
    int n = 0;
678

    
679
    switch(vs->vnc_encoding) {
680
        case VNC_ENCODING_ZLIB:
681
            n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
682
            break;
683
        case VNC_ENCODING_HEXTILE:
684
            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
685
            n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
686
            break;
687
        case VNC_ENCODING_TIGHT:
688
            n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
689
            break;
690
        case VNC_ENCODING_TIGHT_PNG:
691
            n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
692
            break;
693
        default:
694
            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
695
            n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
696
            break;
697
    }
698
    return n;
699
}
700

    
701
static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
702
{
703
    /* send bitblit op to the vnc client */
704
    vnc_lock_output(vs);
705
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
706
    vnc_write_u8(vs, 0);
707
    vnc_write_u16(vs, 1); /* number of rects */
708
    vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
709
    vnc_write_u16(vs, src_x);
710
    vnc_write_u16(vs, src_y);
711
    vnc_unlock_output(vs);
712
    vnc_flush(vs);
713
}
714

    
715
static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
716
{
717
    VncDisplay *vd = ds->opaque;
718
    VncState *vs, *vn;
719
    uint8_t *src_row;
720
    uint8_t *dst_row;
721
    int i,x,y,pitch,depth,inc,w_lim,s;
722
    int cmp_bytes;
723

    
724
    vnc_refresh_server_surface(vd);
725
    QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
726
        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
727
            vs->force_update = 1;
728
            vnc_update_client_sync(vs, 1);
729
            /* vs might be free()ed here */
730
        }
731
    }
732

    
733
    /* do bitblit op on the local surface too */
734
    pitch = ds_get_linesize(vd->ds);
735
    depth = ds_get_bytes_per_pixel(vd->ds);
736
    src_row = vd->server->data + pitch * src_y + depth * src_x;
737
    dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
738
    y = dst_y;
739
    inc = 1;
740
    if (dst_y > src_y) {
741
        /* copy backwards */
742
        src_row += pitch * (h-1);
743
        dst_row += pitch * (h-1);
744
        pitch = -pitch;
745
        y = dst_y + h - 1;
746
        inc = -1;
747
    }
748
    w_lim = w - (16 - (dst_x % 16));
749
    if (w_lim < 0)
750
        w_lim = w;
751
    else
752
        w_lim = w - (w_lim % 16);
753
    for (i = 0; i < h; i++) {
754
        for (x = 0; x <= w_lim;
755
                x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
756
            if (x == w_lim) {
757
                if ((s = w - w_lim) == 0)
758
                    break;
759
            } else if (!x) {
760
                s = (16 - (dst_x % 16));
761
                s = MIN(s, w_lim);
762
            } else {
763
                s = 16;
764
            }
765
            cmp_bytes = s * depth;
766
            if (memcmp(src_row, dst_row, cmp_bytes) == 0)
767
                continue;
768
            memmove(dst_row, src_row, cmp_bytes);
769
            QTAILQ_FOREACH(vs, &vd->clients, next) {
770
                if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
771
                    vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
772
                }
773
            }
774
        }
775
        src_row += pitch - w * depth;
776
        dst_row += pitch - w * depth;
777
        y += inc;
778
    }
779

    
780
    QTAILQ_FOREACH(vs, &vd->clients, next) {
781
        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
782
            vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
783
        }
784
    }
785
}
786

    
787
static void vnc_mouse_set(int x, int y, int visible)
788
{
789
    /* can we ask the client(s) to move the pointer ??? */
790
}
791

    
792
static int vnc_cursor_define(VncState *vs)
793
{
794
    QEMUCursor *c = vs->vd->cursor;
795
    PixelFormat pf = qemu_default_pixelformat(32);
796
    int isize;
797

    
798
    if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
799
        vnc_lock_output(vs);
800
        vnc_write_u8(vs,  VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
801
        vnc_write_u8(vs,  0);  /*  padding     */
802
        vnc_write_u16(vs, 1);  /*  # of rects  */
803
        vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
804
                               VNC_ENCODING_RICH_CURSOR);
805
        isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
806
        vnc_write_pixels_generic(vs, &pf, c->data, isize);
807
        vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
808
        vnc_unlock_output(vs);
809
        return 0;
810
    }
811
    return -1;
812
}
813

    
814
static void vnc_dpy_cursor_define(QEMUCursor *c)
815
{
816
    VncDisplay *vd = vnc_display;
817
    VncState *vs;
818

    
819
    cursor_put(vd->cursor);
820
    qemu_free(vd->cursor_mask);
821

    
822
    vd->cursor = c;
823
    cursor_get(vd->cursor);
824
    vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
825
    vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
826
    cursor_get_mono_mask(c, 0, vd->cursor_mask);
827

    
828
    QTAILQ_FOREACH(vs, &vd->clients, next) {
829
        vnc_cursor_define(vs);
830
    }
831
}
832

    
833
static int find_and_clear_dirty_height(struct VncState *vs,
834
                                       int y, int last_x, int x)
835
{
836
    int h;
837
    VncDisplay *vd = vs->vd;
838

    
839
    for (h = 1; h < (vd->server->height - y); h++) {
840
        int tmp_x;
841
        if (!vnc_get_bit(vs->dirty[y + h], last_x))
842
            break;
843
        for (tmp_x = last_x; tmp_x < x; tmp_x++)
844
            vnc_clear_bit(vs->dirty[y + h], tmp_x);
845
    }
846

    
847
    return h;
848
}
849

    
850
#ifdef CONFIG_VNC_THREAD
851
static int vnc_update_client_sync(VncState *vs, int has_dirty)
852
{
853
    int ret = vnc_update_client(vs, has_dirty);
854
    vnc_jobs_join(vs);
855
    return ret;
856
}
857
#else
858
static int vnc_update_client_sync(VncState *vs, int has_dirty)
859
{
860
    return vnc_update_client(vs, has_dirty);
861
}
862
#endif
863

    
864
static int vnc_update_client(VncState *vs, int has_dirty)
865
{
866
    if (vs->need_update && vs->csock != -1) {
867
        VncDisplay *vd = vs->vd;
868
        VncJob *job;
869
        int y;
870
        int width, height;
871
        int n = 0;
872

    
873

    
874
        if (vs->output.offset && !vs->audio_cap && !vs->force_update)
875
            /* kernel send buffers are full -> drop frames to throttle */
876
            return 0;
877

    
878
        if (!has_dirty && !vs->audio_cap && !vs->force_update)
879
            return 0;
880

    
881
        /*
882
         * Send screen updates to the vnc client using the server
883
         * surface and server dirty map.  guest surface updates
884
         * happening in parallel don't disturb us, the next pass will
885
         * send them to the client.
886
         */
887
        job = vnc_job_new(vs);
888

    
889
        width = MIN(vd->server->width, vs->client_width);
890
        height = MIN(vd->server->height, vs->client_height);
891

    
892
        for (y = 0; y < height; y++) {
893
            int x;
894
            int last_x = -1;
895
            for (x = 0; x < width / 16; x++) {
896
                if (vnc_get_bit(vs->dirty[y], x)) {
897
                    if (last_x == -1) {
898
                        last_x = x;
899
                    }
900
                    vnc_clear_bit(vs->dirty[y], x);
901
                } else {
902
                    if (last_x != -1) {
903
                        int h = find_and_clear_dirty_height(vs, y, last_x, x);
904

    
905
                        n += vnc_job_add_rect(job, last_x * 16, y,
906
                                              (x - last_x) * 16, h);
907
                    }
908
                    last_x = -1;
909
                }
910
            }
911
            if (last_x != -1) {
912
                int h = find_and_clear_dirty_height(vs, y, last_x, x);
913
                n += vnc_job_add_rect(job, last_x * 16, y,
914
                                      (x - last_x) * 16, h);
915
            }
916
        }
917

    
918
        vnc_job_push(job);
919
        vs->force_update = 0;
920
        return n;
921
    }
922

    
923
    if (vs->csock == -1)
924
        vnc_disconnect_finish(vs);
925

    
926
    return 0;
927
}
928

    
929
/* audio */
930
static void audio_capture_notify(void *opaque, audcnotification_e cmd)
931
{
932
    VncState *vs = opaque;
933

    
934
    switch (cmd) {
935
    case AUD_CNOTIFY_DISABLE:
936
        vnc_lock_output(vs);
937
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
938
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
939
        vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
940
        vnc_unlock_output(vs);
941
        vnc_flush(vs);
942
        break;
943

    
944
    case AUD_CNOTIFY_ENABLE:
945
        vnc_lock_output(vs);
946
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
947
        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
948
        vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
949
        vnc_unlock_output(vs);
950
        vnc_flush(vs);
951
        break;
952
    }
953
}
954

    
955
static void audio_capture_destroy(void *opaque)
956
{
957
}
958

    
959
static void audio_capture(void *opaque, void *buf, int size)
960
{
961
    VncState *vs = opaque;
962

    
963
    vnc_lock_output(vs);
964
    vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
965
    vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
966
    vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
967
    vnc_write_u32(vs, size);
968
    vnc_write(vs, buf, size);
969
    vnc_unlock_output(vs);
970
    vnc_flush(vs);
971
}
972

    
973
static void audio_add(VncState *vs)
974
{
975
    struct audio_capture_ops ops;
976

    
977
    if (vs->audio_cap) {
978
        monitor_printf(default_mon, "audio already running\n");
979
        return;
980
    }
981

    
982
    ops.notify = audio_capture_notify;
983
    ops.destroy = audio_capture_destroy;
984
    ops.capture = audio_capture;
985

    
986
    vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
987
    if (!vs->audio_cap) {
988
        monitor_printf(default_mon, "Failed to add audio capture\n");
989
    }
990
}
991

    
992
static void audio_del(VncState *vs)
993
{
994
    if (vs->audio_cap) {
995
        AUD_del_capture(vs->audio_cap, vs);
996
        vs->audio_cap = NULL;
997
    }
998
}
999

    
1000
static void vnc_disconnect_start(VncState *vs)
1001
{
1002
    if (vs->csock == -1)
1003
        return;
1004
    qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1005
    closesocket(vs->csock);
1006
    vs->csock = -1;
1007
}
1008

    
1009
static void vnc_disconnect_finish(VncState *vs)
1010
{
1011
    vnc_jobs_join(vs); /* Wait encoding jobs */
1012

    
1013
    vnc_lock_output(vs);
1014
    vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1015

    
1016
    buffer_free(&vs->input);
1017
    buffer_free(&vs->output);
1018

    
1019
    qobject_decref(vs->info);
1020

    
1021
    vnc_zlib_clear(vs);
1022
    vnc_tight_clear(vs);
1023

    
1024
#ifdef CONFIG_VNC_TLS
1025
    vnc_tls_client_cleanup(vs);
1026
#endif /* CONFIG_VNC_TLS */
1027
#ifdef CONFIG_VNC_SASL
1028
    vnc_sasl_client_cleanup(vs);
1029
#endif /* CONFIG_VNC_SASL */
1030
    audio_del(vs);
1031

    
1032
    QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1033

    
1034
    if (QTAILQ_EMPTY(&vs->vd->clients)) {
1035
        dcl->idle = 1;
1036
    }
1037

    
1038
    qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1039
    vnc_remove_timer(vs->vd);
1040
    if (vs->vd->lock_key_sync)
1041
        qemu_remove_led_event_handler(vs->led);
1042
    vnc_unlock_output(vs);
1043

    
1044
#ifdef CONFIG_VNC_THREAD
1045
    qemu_mutex_destroy(&vs->output_mutex);
1046
#endif
1047
    qemu_free(vs);
1048
}
1049

    
1050
int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1051
{
1052
    if (ret == 0 || ret == -1) {
1053
        if (ret == -1) {
1054
            switch (last_errno) {
1055
                case EINTR:
1056
                case EAGAIN:
1057
#ifdef _WIN32
1058
                case WSAEWOULDBLOCK:
1059
#endif
1060
                    return 0;
1061
                default:
1062
                    break;
1063
            }
1064
        }
1065

    
1066
        VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1067
                  ret, ret < 0 ? last_errno : 0);
1068
        vnc_disconnect_start(vs);
1069

    
1070
        return 0;
1071
    }
1072
    return ret;
1073
}
1074

    
1075

    
1076
void vnc_client_error(VncState *vs)
1077
{
1078
    VNC_DEBUG("Closing down client sock: protocol error\n");
1079
    vnc_disconnect_start(vs);
1080
}
1081

    
1082

    
1083
/*
1084
 * Called to write a chunk of data to the client socket. The data may
1085
 * be the raw data, or may have already been encoded by SASL.
1086
 * The data will be written either straight onto the socket, or
1087
 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1088
 *
1089
 * NB, it is theoretically possible to have 2 layers of encryption,
1090
 * both SASL, and this TLS layer. It is highly unlikely in practice
1091
 * though, since SASL encryption will typically be a no-op if TLS
1092
 * is active
1093
 *
1094
 * Returns the number of bytes written, which may be less than
1095
 * the requested 'datalen' if the socket would block. Returns
1096
 * -1 on error, and disconnects the client socket.
1097
 */
1098
long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1099
{
1100
    long ret;
1101
#ifdef CONFIG_VNC_TLS
1102
    if (vs->tls.session) {
1103
        ret = gnutls_write(vs->tls.session, data, datalen);
1104
        if (ret < 0) {
1105
            if (ret == GNUTLS_E_AGAIN)
1106
                errno = EAGAIN;
1107
            else
1108
                errno = EIO;
1109
            ret = -1;
1110
        }
1111
    } else
1112
#endif /* CONFIG_VNC_TLS */
1113
        ret = send(vs->csock, (const void *)data, datalen, 0);
1114
    VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1115
    return vnc_client_io_error(vs, ret, socket_error());
1116
}
1117

    
1118

    
1119
/*
1120
 * Called to write buffered data to the client socket, when not
1121
 * using any SASL SSF encryption layers. Will write as much data
1122
 * as possible without blocking. If all buffered data is written,
1123
 * will switch the FD poll() handler back to read monitoring.
1124
 *
1125
 * Returns the number of bytes written, which may be less than
1126
 * the buffered output data if the socket would block. Returns
1127
 * -1 on error, and disconnects the client socket.
1128
 */
1129
static long vnc_client_write_plain(VncState *vs)
1130
{
1131
    long ret;
1132

    
1133
#ifdef CONFIG_VNC_SASL
1134
    VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1135
              vs->output.buffer, vs->output.capacity, vs->output.offset,
1136
              vs->sasl.waitWriteSSF);
1137

    
1138
    if (vs->sasl.conn &&
1139
        vs->sasl.runSSF &&
1140
        vs->sasl.waitWriteSSF) {
1141
        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1142
        if (ret)
1143
            vs->sasl.waitWriteSSF -= ret;
1144
    } else
1145
#endif /* CONFIG_VNC_SASL */
1146
        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1147
    if (!ret)
1148
        return 0;
1149

    
1150
    memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1151
    vs->output.offset -= ret;
1152

    
1153
    if (vs->output.offset == 0) {
1154
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1155
    }
1156

    
1157
    return ret;
1158
}
1159

    
1160

    
1161
/*
1162
 * First function called whenever there is data to be written to
1163
 * the client socket. Will delegate actual work according to whether
1164
 * SASL SSF layers are enabled (thus requiring encryption calls)
1165
 */
1166
static void vnc_client_write_locked(void *opaque)
1167
{
1168
    VncState *vs = opaque;
1169

    
1170
#ifdef CONFIG_VNC_SASL
1171
    if (vs->sasl.conn &&
1172
        vs->sasl.runSSF &&
1173
        !vs->sasl.waitWriteSSF) {
1174
        vnc_client_write_sasl(vs);
1175
    } else
1176
#endif /* CONFIG_VNC_SASL */
1177
        vnc_client_write_plain(vs);
1178
}
1179

    
1180
void vnc_client_write(void *opaque)
1181
{
1182
    VncState *vs = opaque;
1183

    
1184
    vnc_lock_output(vs);
1185
    if (vs->output.offset) {
1186
        vnc_client_write_locked(opaque);
1187
    } else {
1188
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1189
    }
1190
    vnc_unlock_output(vs);
1191
}
1192

    
1193
void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1194
{
1195
    vs->read_handler = func;
1196
    vs->read_handler_expect = expecting;
1197
}
1198

    
1199

    
1200
/*
1201
 * Called to read a chunk of data from the client socket. The data may
1202
 * be the raw data, or may need to be further decoded by SASL.
1203
 * The data will be read either straight from to the socket, or
1204
 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1205
 *
1206
 * NB, it is theoretically possible to have 2 layers of encryption,
1207
 * both SASL, and this TLS layer. It is highly unlikely in practice
1208
 * though, since SASL encryption will typically be a no-op if TLS
1209
 * is active
1210
 *
1211
 * Returns the number of bytes read, which may be less than
1212
 * the requested 'datalen' if the socket would block. Returns
1213
 * -1 on error, and disconnects the client socket.
1214
 */
1215
long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1216
{
1217
    long ret;
1218
#ifdef CONFIG_VNC_TLS
1219
    if (vs->tls.session) {
1220
        ret = gnutls_read(vs->tls.session, data, datalen);
1221
        if (ret < 0) {
1222
            if (ret == GNUTLS_E_AGAIN)
1223
                errno = EAGAIN;
1224
            else
1225
                errno = EIO;
1226
            ret = -1;
1227
        }
1228
    } else
1229
#endif /* CONFIG_VNC_TLS */
1230
        ret = recv(vs->csock, (void *)data, datalen, 0);
1231
    VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1232
    return vnc_client_io_error(vs, ret, socket_error());
1233
}
1234

    
1235

    
1236
/*
1237
 * Called to read data from the client socket to the input buffer,
1238
 * when not using any SASL SSF encryption layers. Will read as much
1239
 * data as possible without blocking.
1240
 *
1241
 * Returns the number of bytes read. Returns -1 on error, and
1242
 * disconnects the client socket.
1243
 */
1244
static long vnc_client_read_plain(VncState *vs)
1245
{
1246
    int ret;
1247
    VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1248
              vs->input.buffer, vs->input.capacity, vs->input.offset);
1249
    buffer_reserve(&vs->input, 4096);
1250
    ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1251
    if (!ret)
1252
        return 0;
1253
    vs->input.offset += ret;
1254
    return ret;
1255
}
1256

    
1257

    
1258
/*
1259
 * First function called whenever there is more data to be read from
1260
 * the client socket. Will delegate actual work according to whether
1261
 * SASL SSF layers are enabled (thus requiring decryption calls)
1262
 */
1263
void vnc_client_read(void *opaque)
1264
{
1265
    VncState *vs = opaque;
1266
    long ret;
1267

    
1268
#ifdef CONFIG_VNC_SASL
1269
    if (vs->sasl.conn && vs->sasl.runSSF)
1270
        ret = vnc_client_read_sasl(vs);
1271
    else
1272
#endif /* CONFIG_VNC_SASL */
1273
        ret = vnc_client_read_plain(vs);
1274
    if (!ret) {
1275
        if (vs->csock == -1)
1276
            vnc_disconnect_finish(vs);
1277
        return;
1278
    }
1279

    
1280
    while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1281
        size_t len = vs->read_handler_expect;
1282
        int ret;
1283

    
1284
        ret = vs->read_handler(vs, vs->input.buffer, len);
1285
        if (vs->csock == -1) {
1286
            vnc_disconnect_finish(vs);
1287
            return;
1288
        }
1289

    
1290
        if (!ret) {
1291
            memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1292
            vs->input.offset -= len;
1293
        } else {
1294
            vs->read_handler_expect = ret;
1295
        }
1296
    }
1297
}
1298

    
1299
void vnc_write(VncState *vs, const void *data, size_t len)
1300
{
1301
    buffer_reserve(&vs->output, len);
1302

    
1303
    if (vs->csock != -1 && buffer_empty(&vs->output)) {
1304
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1305
    }
1306

    
1307
    buffer_append(&vs->output, data, len);
1308
}
1309

    
1310
void vnc_write_s32(VncState *vs, int32_t value)
1311
{
1312
    vnc_write_u32(vs, *(uint32_t *)&value);
1313
}
1314

    
1315
void vnc_write_u32(VncState *vs, uint32_t value)
1316
{
1317
    uint8_t buf[4];
1318

    
1319
    buf[0] = (value >> 24) & 0xFF;
1320
    buf[1] = (value >> 16) & 0xFF;
1321
    buf[2] = (value >>  8) & 0xFF;
1322
    buf[3] = value & 0xFF;
1323

    
1324
    vnc_write(vs, buf, 4);
1325
}
1326

    
1327
void vnc_write_u16(VncState *vs, uint16_t value)
1328
{
1329
    uint8_t buf[2];
1330

    
1331
    buf[0] = (value >> 8) & 0xFF;
1332
    buf[1] = value & 0xFF;
1333

    
1334
    vnc_write(vs, buf, 2);
1335
}
1336

    
1337
void vnc_write_u8(VncState *vs, uint8_t value)
1338
{
1339
    vnc_write(vs, (char *)&value, 1);
1340
}
1341

    
1342
void vnc_flush(VncState *vs)
1343
{
1344
    vnc_lock_output(vs);
1345
    if (vs->csock != -1 && vs->output.offset) {
1346
        vnc_client_write_locked(vs);
1347
    }
1348
    vnc_unlock_output(vs);
1349
}
1350

    
1351
uint8_t read_u8(uint8_t *data, size_t offset)
1352
{
1353
    return data[offset];
1354
}
1355

    
1356
uint16_t read_u16(uint8_t *data, size_t offset)
1357
{
1358
    return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1359
}
1360

    
1361
int32_t read_s32(uint8_t *data, size_t offset)
1362
{
1363
    return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1364
                     (data[offset + 2] << 8) | data[offset + 3]);
1365
}
1366

    
1367
uint32_t read_u32(uint8_t *data, size_t offset)
1368
{
1369
    return ((data[offset] << 24) | (data[offset + 1] << 16) |
1370
            (data[offset + 2] << 8) | data[offset + 3]);
1371
}
1372

    
1373
static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1374
{
1375
}
1376

    
1377
static void check_pointer_type_change(Notifier *notifier)
1378
{
1379
    VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1380
    int absolute = kbd_mouse_is_absolute();
1381

    
1382
    if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1383
        vnc_lock_output(vs);
1384
        vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1385
        vnc_write_u8(vs, 0);
1386
        vnc_write_u16(vs, 1);
1387
        vnc_framebuffer_update(vs, absolute, 0,
1388
                               ds_get_width(vs->ds), ds_get_height(vs->ds),
1389
                               VNC_ENCODING_POINTER_TYPE_CHANGE);
1390
        vnc_unlock_output(vs);
1391
        vnc_flush(vs);
1392
    }
1393
    vs->absolute = absolute;
1394
}
1395

    
1396
static void pointer_event(VncState *vs, int button_mask, int x, int y)
1397
{
1398
    int buttons = 0;
1399
    int dz = 0;
1400

    
1401
    if (button_mask & 0x01)
1402
        buttons |= MOUSE_EVENT_LBUTTON;
1403
    if (button_mask & 0x02)
1404
        buttons |= MOUSE_EVENT_MBUTTON;
1405
    if (button_mask & 0x04)
1406
        buttons |= MOUSE_EVENT_RBUTTON;
1407
    if (button_mask & 0x08)
1408
        dz = -1;
1409
    if (button_mask & 0x10)
1410
        dz = 1;
1411

    
1412
    if (vs->absolute) {
1413
        kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1414
                          x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1415
                        ds_get_height(vs->ds) > 1 ?
1416
                          y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1417
                        dz, buttons);
1418
    } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1419
        x -= 0x7FFF;
1420
        y -= 0x7FFF;
1421

    
1422
        kbd_mouse_event(x, y, dz, buttons);
1423
    } else {
1424
        if (vs->last_x != -1)
1425
            kbd_mouse_event(x - vs->last_x,
1426
                            y - vs->last_y,
1427
                            dz, buttons);
1428
        vs->last_x = x;
1429
        vs->last_y = y;
1430
    }
1431
}
1432

    
1433
static void reset_keys(VncState *vs)
1434
{
1435
    int i;
1436
    for(i = 0; i < 256; i++) {
1437
        if (vs->modifiers_state[i]) {
1438
            if (i & SCANCODE_GREY)
1439
                kbd_put_keycode(SCANCODE_EMUL0);
1440
            kbd_put_keycode(i | SCANCODE_UP);
1441
            vs->modifiers_state[i] = 0;
1442
        }
1443
    }
1444
}
1445

    
1446
static void press_key(VncState *vs, int keysym)
1447
{
1448
    int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1449
    if (keycode & SCANCODE_GREY)
1450
        kbd_put_keycode(SCANCODE_EMUL0);
1451
    kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1452
    if (keycode & SCANCODE_GREY)
1453
        kbd_put_keycode(SCANCODE_EMUL0);
1454
    kbd_put_keycode(keycode | SCANCODE_UP);
1455
}
1456

    
1457
static void kbd_leds(void *opaque, int ledstate)
1458
{
1459
    VncState *vs = opaque;
1460
    int caps, num;
1461

    
1462
    caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1463
    num  = ledstate & QEMU_NUM_LOCK_LED  ? 1 : 0;
1464

    
1465
    if (vs->modifiers_state[0x3a] != caps) {
1466
        vs->modifiers_state[0x3a] = caps;
1467
    }
1468
    if (vs->modifiers_state[0x45] != num) {
1469
        vs->modifiers_state[0x45] = num;
1470
    }
1471
}
1472

    
1473
static void do_key_event(VncState *vs, int down, int keycode, int sym)
1474
{
1475
    /* QEMU console switch */
1476
    switch(keycode) {
1477
    case 0x2a:                          /* Left Shift */
1478
    case 0x36:                          /* Right Shift */
1479
    case 0x1d:                          /* Left CTRL */
1480
    case 0x9d:                          /* Right CTRL */
1481
    case 0x38:                          /* Left ALT */
1482
    case 0xb8:                          /* Right ALT */
1483
        if (down)
1484
            vs->modifiers_state[keycode] = 1;
1485
        else
1486
            vs->modifiers_state[keycode] = 0;
1487
        break;
1488
    case 0x02 ... 0x0a: /* '1' to '9' keys */
1489
        if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1490
            /* Reset the modifiers sent to the current console */
1491
            reset_keys(vs);
1492
            console_select(keycode - 0x02);
1493
            return;
1494
        }
1495
        break;
1496
    case 0x3a:                        /* CapsLock */
1497
    case 0x45:                        /* NumLock */
1498
        if (down)
1499
            vs->modifiers_state[keycode] ^= 1;
1500
        break;
1501
    }
1502

    
1503
    if (vs->vd->lock_key_sync &&
1504
        keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1505
        /* If the numlock state needs to change then simulate an additional
1506
           keypress before sending this one.  This will happen if the user
1507
           toggles numlock away from the VNC window.
1508
        */
1509
        if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1510
            if (!vs->modifiers_state[0x45]) {
1511
                vs->modifiers_state[0x45] = 1;
1512
                press_key(vs, 0xff7f);
1513
            }
1514
        } else {
1515
            if (vs->modifiers_state[0x45]) {
1516
                vs->modifiers_state[0x45] = 0;
1517
                press_key(vs, 0xff7f);
1518
            }
1519
        }
1520
    }
1521

    
1522
    if (vs->vd->lock_key_sync &&
1523
        ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1524
        /* If the capslock state needs to change then simulate an additional
1525
           keypress before sending this one.  This will happen if the user
1526
           toggles capslock away from the VNC window.
1527
        */
1528
        int uppercase = !!(sym >= 'A' && sym <= 'Z');
1529
        int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1530
        int capslock = !!(vs->modifiers_state[0x3a]);
1531
        if (capslock) {
1532
            if (uppercase == shift) {
1533
                vs->modifiers_state[0x3a] = 0;
1534
                press_key(vs, 0xffe5);
1535
            }
1536
        } else {
1537
            if (uppercase != shift) {
1538
                vs->modifiers_state[0x3a] = 1;
1539
                press_key(vs, 0xffe5);
1540
            }
1541
        }
1542
    }
1543

    
1544
    if (is_graphic_console()) {
1545
        if (keycode & SCANCODE_GREY)
1546
            kbd_put_keycode(SCANCODE_EMUL0);
1547
        if (down)
1548
            kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1549
        else
1550
            kbd_put_keycode(keycode | SCANCODE_UP);
1551
    } else {
1552
        /* QEMU console emulation */
1553
        if (down) {
1554
            int numlock = vs->modifiers_state[0x45];
1555
            switch (keycode) {
1556
            case 0x2a:                          /* Left Shift */
1557
            case 0x36:                          /* Right Shift */
1558
            case 0x1d:                          /* Left CTRL */
1559
            case 0x9d:                          /* Right CTRL */
1560
            case 0x38:                          /* Left ALT */
1561
            case 0xb8:                          /* Right ALT */
1562
                break;
1563
            case 0xc8:
1564
                kbd_put_keysym(QEMU_KEY_UP);
1565
                break;
1566
            case 0xd0:
1567
                kbd_put_keysym(QEMU_KEY_DOWN);
1568
                break;
1569
            case 0xcb:
1570
                kbd_put_keysym(QEMU_KEY_LEFT);
1571
                break;
1572
            case 0xcd:
1573
                kbd_put_keysym(QEMU_KEY_RIGHT);
1574
                break;
1575
            case 0xd3:
1576
                kbd_put_keysym(QEMU_KEY_DELETE);
1577
                break;
1578
            case 0xc7:
1579
                kbd_put_keysym(QEMU_KEY_HOME);
1580
                break;
1581
            case 0xcf:
1582
                kbd_put_keysym(QEMU_KEY_END);
1583
                break;
1584
            case 0xc9:
1585
                kbd_put_keysym(QEMU_KEY_PAGEUP);
1586
                break;
1587
            case 0xd1:
1588
                kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1589
                break;
1590

    
1591
            case 0x47:
1592
                kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1593
                break;
1594
            case 0x48:
1595
                kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1596
                break;
1597
            case 0x49:
1598
                kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1599
                break;
1600
            case 0x4b:
1601
                kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1602
                break;
1603
            case 0x4c:
1604
                kbd_put_keysym('5');
1605
                break;
1606
            case 0x4d:
1607
                kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1608
                break;
1609
            case 0x4f:
1610
                kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1611
                break;
1612
            case 0x50:
1613
                kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1614
                break;
1615
            case 0x51:
1616
                kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1617
                break;
1618
            case 0x52:
1619
                kbd_put_keysym('0');
1620
                break;
1621
            case 0x53:
1622
                kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1623
                break;
1624

    
1625
            case 0xb5:
1626
                kbd_put_keysym('/');
1627
                break;
1628
            case 0x37:
1629
                kbd_put_keysym('*');
1630
                break;
1631
            case 0x4a:
1632
                kbd_put_keysym('-');
1633
                break;
1634
            case 0x4e:
1635
                kbd_put_keysym('+');
1636
                break;
1637
            case 0x9c:
1638
                kbd_put_keysym('\n');
1639
                break;
1640

    
1641
            default:
1642
                kbd_put_keysym(sym);
1643
                break;
1644
            }
1645
        }
1646
    }
1647
}
1648

    
1649
static void key_event(VncState *vs, int down, uint32_t sym)
1650
{
1651
    int keycode;
1652
    int lsym = sym;
1653

    
1654
    if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1655
        lsym = lsym - 'A' + 'a';
1656
    }
1657

    
1658
    keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1659
    do_key_event(vs, down, keycode, sym);
1660
}
1661

    
1662
static void ext_key_event(VncState *vs, int down,
1663
                          uint32_t sym, uint16_t keycode)
1664
{
1665
    /* if the user specifies a keyboard layout, always use it */
1666
    if (keyboard_layout)
1667
        key_event(vs, down, sym);
1668
    else
1669
        do_key_event(vs, down, keycode, sym);
1670
}
1671

    
1672
static void framebuffer_update_request(VncState *vs, int incremental,
1673
                                       int x_position, int y_position,
1674
                                       int w, int h)
1675
{
1676
    if (y_position > ds_get_height(vs->ds))
1677
        y_position = ds_get_height(vs->ds);
1678
    if (y_position + h >= ds_get_height(vs->ds))
1679
        h = ds_get_height(vs->ds) - y_position;
1680

    
1681
    int i;
1682
    vs->need_update = 1;
1683
    if (!incremental) {
1684
        vs->force_update = 1;
1685
        for (i = 0; i < h; i++) {
1686
            vnc_set_bits(vs->dirty[y_position + i],
1687
                         (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1688
        }
1689
    }
1690
}
1691

    
1692
static void send_ext_key_event_ack(VncState *vs)
1693
{
1694
    vnc_lock_output(vs);
1695
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1696
    vnc_write_u8(vs, 0);
1697
    vnc_write_u16(vs, 1);
1698
    vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1699
                           VNC_ENCODING_EXT_KEY_EVENT);
1700
    vnc_unlock_output(vs);
1701
    vnc_flush(vs);
1702
}
1703

    
1704
static void send_ext_audio_ack(VncState *vs)
1705
{
1706
    vnc_lock_output(vs);
1707
    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1708
    vnc_write_u8(vs, 0);
1709
    vnc_write_u16(vs, 1);
1710
    vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1711
                           VNC_ENCODING_AUDIO);
1712
    vnc_unlock_output(vs);
1713
    vnc_flush(vs);
1714
}
1715

    
1716
static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1717
{
1718
    int i;
1719
    unsigned int enc = 0;
1720

    
1721
    vs->features = 0;
1722
    vs->vnc_encoding = 0;
1723
    vs->tight.compression = 9;
1724
    vs->tight.quality = -1; /* Lossless by default */
1725
    vs->absolute = -1;
1726

    
1727
    /*
1728
     * Start from the end because the encodings are sent in order of preference.
1729
     * This way the prefered encoding (first encoding defined in the array)
1730
     * will be set at the end of the loop.
1731
     */
1732
    for (i = n_encodings - 1; i >= 0; i--) {
1733
        enc = encodings[i];
1734
        switch (enc) {
1735
        case VNC_ENCODING_RAW:
1736
            vs->vnc_encoding = enc;
1737
            break;
1738
        case VNC_ENCODING_COPYRECT:
1739
            vs->features |= VNC_FEATURE_COPYRECT_MASK;
1740
            break;
1741
        case VNC_ENCODING_HEXTILE:
1742
            vs->features |= VNC_FEATURE_HEXTILE_MASK;
1743
            vs->vnc_encoding = enc;
1744
            break;
1745
        case VNC_ENCODING_TIGHT:
1746
            vs->features |= VNC_FEATURE_TIGHT_MASK;
1747
            vs->vnc_encoding = enc;
1748
            break;
1749
        case VNC_ENCODING_TIGHT_PNG:
1750
            vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1751
            vs->vnc_encoding = enc;
1752
            break;
1753
        case VNC_ENCODING_ZLIB:
1754
            vs->features |= VNC_FEATURE_ZLIB_MASK;
1755
            vs->vnc_encoding = enc;
1756
            break;
1757
        case VNC_ENCODING_DESKTOPRESIZE:
1758
            vs->features |= VNC_FEATURE_RESIZE_MASK;
1759
            break;
1760
        case VNC_ENCODING_POINTER_TYPE_CHANGE:
1761
            vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1762
            break;
1763
        case VNC_ENCODING_RICH_CURSOR:
1764
            vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1765
            break;
1766
        case VNC_ENCODING_EXT_KEY_EVENT:
1767
            send_ext_key_event_ack(vs);
1768
            break;
1769
        case VNC_ENCODING_AUDIO:
1770
            send_ext_audio_ack(vs);
1771
            break;
1772
        case VNC_ENCODING_WMVi:
1773
            vs->features |= VNC_FEATURE_WMVI_MASK;
1774
            break;
1775
        case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1776
            vs->tight.compression = (enc & 0x0F);
1777
            break;
1778
        case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1779
            vs->tight.quality = (enc & 0x0F);
1780
            break;
1781
        default:
1782
            VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1783
            break;
1784
        }
1785
    }
1786
    vnc_desktop_resize(vs);
1787
    check_pointer_type_change(&vs->mouse_mode_notifier);
1788
}
1789

    
1790
static void set_pixel_conversion(VncState *vs)
1791
{
1792
    if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1793
        (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) && 
1794
        !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1795
        vs->write_pixels = vnc_write_pixels_copy;
1796
        vnc_hextile_set_pixel_conversion(vs, 0);
1797
    } else {
1798
        vs->write_pixels = vnc_write_pixels_generic;
1799
        vnc_hextile_set_pixel_conversion(vs, 1);
1800
    }
1801
}
1802

    
1803
static void set_pixel_format(VncState *vs,
1804
                             int bits_per_pixel, int depth,
1805
                             int big_endian_flag, int true_color_flag,
1806
                             int red_max, int green_max, int blue_max,
1807
                             int red_shift, int green_shift, int blue_shift)
1808
{
1809
    if (!true_color_flag) {
1810
        vnc_client_error(vs);
1811
        return;
1812
    }
1813

    
1814
    vs->clientds = *(vs->vd->guest.ds);
1815
    vs->clientds.pf.rmax = red_max;
1816
    count_bits(vs->clientds.pf.rbits, red_max);
1817
    vs->clientds.pf.rshift = red_shift;
1818
    vs->clientds.pf.rmask = red_max << red_shift;
1819
    vs->clientds.pf.gmax = green_max;
1820
    count_bits(vs->clientds.pf.gbits, green_max);
1821
    vs->clientds.pf.gshift = green_shift;
1822
    vs->clientds.pf.gmask = green_max << green_shift;
1823
    vs->clientds.pf.bmax = blue_max;
1824
    count_bits(vs->clientds.pf.bbits, blue_max);
1825
    vs->clientds.pf.bshift = blue_shift;
1826
    vs->clientds.pf.bmask = blue_max << blue_shift;
1827
    vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1828
    vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1829
    vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1830
    vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1831

    
1832
    set_pixel_conversion(vs);
1833

    
1834
    vga_hw_invalidate();
1835
    vga_hw_update();
1836
}
1837

    
1838
static void pixel_format_message (VncState *vs) {
1839
    char pad[3] = { 0, 0, 0 };
1840

    
1841
    vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1842
    vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1843

    
1844
#ifdef HOST_WORDS_BIGENDIAN
1845
    vnc_write_u8(vs, 1);             /* big-endian-flag */
1846
#else
1847
    vnc_write_u8(vs, 0);             /* big-endian-flag */
1848
#endif
1849
    vnc_write_u8(vs, 1);             /* true-color-flag */
1850
    vnc_write_u16(vs, vs->ds->surface->pf.rmax);     /* red-max */
1851
    vnc_write_u16(vs, vs->ds->surface->pf.gmax);     /* green-max */
1852
    vnc_write_u16(vs, vs->ds->surface->pf.bmax);     /* blue-max */
1853
    vnc_write_u8(vs, vs->ds->surface->pf.rshift);    /* red-shift */
1854
    vnc_write_u8(vs, vs->ds->surface->pf.gshift);    /* green-shift */
1855
    vnc_write_u8(vs, vs->ds->surface->pf.bshift);    /* blue-shift */
1856

    
1857
    vnc_hextile_set_pixel_conversion(vs, 0);
1858

    
1859
    vs->clientds = *(vs->ds->surface);
1860
    vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1861
    vs->write_pixels = vnc_write_pixels_copy;
1862

    
1863
    vnc_write(vs, pad, 3);           /* padding */
1864
}
1865

    
1866
static void vnc_dpy_setdata(DisplayState *ds)
1867
{
1868
    /* We don't have to do anything */
1869
}
1870

    
1871
static void vnc_colordepth(VncState *vs)
1872
{
1873
    if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1874
        /* Sending a WMVi message to notify the client*/
1875
        vnc_lock_output(vs);
1876
        vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1877
        vnc_write_u8(vs, 0);
1878
        vnc_write_u16(vs, 1); /* number of rects */
1879
        vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 
1880
                               ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1881
        pixel_format_message(vs);
1882
        vnc_unlock_output(vs);
1883
        vnc_flush(vs);
1884
    } else {
1885
        set_pixel_conversion(vs);
1886
    }
1887
}
1888

    
1889
static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1890
{
1891
    int i;
1892
    uint16_t limit;
1893
    VncDisplay *vd = vs->vd;
1894

    
1895
    if (data[0] > 3) {
1896
        vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1897
        if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1898
            qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1899
    }
1900

    
1901
    switch (data[0]) {
1902
    case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1903
        if (len == 1)
1904
            return 20;
1905

    
1906
        set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1907
                         read_u8(data, 6), read_u8(data, 7),
1908
                         read_u16(data, 8), read_u16(data, 10),
1909
                         read_u16(data, 12), read_u8(data, 14),
1910
                         read_u8(data, 15), read_u8(data, 16));
1911
        break;
1912
    case VNC_MSG_CLIENT_SET_ENCODINGS:
1913
        if (len == 1)
1914
            return 4;
1915

    
1916
        if (len == 4) {
1917
            limit = read_u16(data, 2);
1918
            if (limit > 0)
1919
                return 4 + (limit * 4);
1920
        } else
1921
            limit = read_u16(data, 2);
1922

    
1923
        for (i = 0; i < limit; i++) {
1924
            int32_t val = read_s32(data, 4 + (i * 4));
1925
            memcpy(data + 4 + (i * 4), &val, sizeof(val));
1926
        }
1927

    
1928
        set_encodings(vs, (int32_t *)(data + 4), limit);
1929
        break;
1930
    case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1931
        if (len == 1)
1932
            return 10;
1933

    
1934
        framebuffer_update_request(vs,
1935
                                   read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1936
                                   read_u16(data, 6), read_u16(data, 8));
1937
        break;
1938
    case VNC_MSG_CLIENT_KEY_EVENT:
1939
        if (len == 1)
1940
            return 8;
1941

    
1942
        key_event(vs, read_u8(data, 1), read_u32(data, 4));
1943
        break;
1944
    case VNC_MSG_CLIENT_POINTER_EVENT:
1945
        if (len == 1)
1946
            return 6;
1947

    
1948
        pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1949
        break;
1950
    case VNC_MSG_CLIENT_CUT_TEXT:
1951
        if (len == 1)
1952
            return 8;
1953

    
1954
        if (len == 8) {
1955
            uint32_t dlen = read_u32(data, 4);
1956
            if (dlen > 0)
1957
                return 8 + dlen;
1958
        }
1959

    
1960
        client_cut_text(vs, read_u32(data, 4), data + 8);
1961
        break;
1962
    case VNC_MSG_CLIENT_QEMU:
1963
        if (len == 1)
1964
            return 2;
1965

    
1966
        switch (read_u8(data, 1)) {
1967
        case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1968
            if (len == 2)
1969
                return 12;
1970

    
1971
            ext_key_event(vs, read_u16(data, 2),
1972
                          read_u32(data, 4), read_u32(data, 8));
1973
            break;
1974
        case VNC_MSG_CLIENT_QEMU_AUDIO:
1975
            if (len == 2)
1976
                return 4;
1977

    
1978
            switch (read_u16 (data, 2)) {
1979
            case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1980
                audio_add(vs);
1981
                break;
1982
            case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1983
                audio_del(vs);
1984
                break;
1985
            case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1986
                if (len == 4)
1987
                    return 10;
1988
                switch (read_u8(data, 4)) {
1989
                case 0: vs->as.fmt = AUD_FMT_U8; break;
1990
                case 1: vs->as.fmt = AUD_FMT_S8; break;
1991
                case 2: vs->as.fmt = AUD_FMT_U16; break;
1992
                case 3: vs->as.fmt = AUD_FMT_S16; break;
1993
                case 4: vs->as.fmt = AUD_FMT_U32; break;
1994
                case 5: vs->as.fmt = AUD_FMT_S32; break;
1995
                default:
1996
                    printf("Invalid audio format %d\n", read_u8(data, 4));
1997
                    vnc_client_error(vs);
1998
                    break;
1999
                }
2000
                vs->as.nchannels = read_u8(data, 5);
2001
                if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2002
                    printf("Invalid audio channel coount %d\n",
2003
                           read_u8(data, 5));
2004
                    vnc_client_error(vs);
2005
                    break;
2006
                }
2007
                vs->as.freq = read_u32(data, 6);
2008
                break;
2009
            default:
2010
                printf ("Invalid audio message %d\n", read_u8(data, 4));
2011
                vnc_client_error(vs);
2012
                break;
2013
            }
2014
            break;
2015

    
2016
        default:
2017
            printf("Msg: %d\n", read_u16(data, 0));
2018
            vnc_client_error(vs);
2019
            break;
2020
        }
2021
        break;
2022
    default:
2023
        printf("Msg: %d\n", data[0]);
2024
        vnc_client_error(vs);
2025
        break;
2026
    }
2027

    
2028
    vnc_read_when(vs, protocol_client_msg, 1);
2029
    return 0;
2030
}
2031

    
2032
static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2033
{
2034
    char buf[1024];
2035
    int size;
2036

    
2037
    vs->client_width = ds_get_width(vs->ds);
2038
    vs->client_height = ds_get_height(vs->ds);
2039
    vnc_write_u16(vs, vs->client_width);
2040
    vnc_write_u16(vs, vs->client_height);
2041

    
2042
    pixel_format_message(vs);
2043

    
2044
    if (qemu_name)
2045
        size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2046
    else
2047
        size = snprintf(buf, sizeof(buf), "QEMU");
2048

    
2049
    vnc_write_u32(vs, size);
2050
    vnc_write(vs, buf, size);
2051
    vnc_flush(vs);
2052

    
2053
    vnc_client_cache_auth(vs);
2054
    vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2055

    
2056
    vnc_read_when(vs, protocol_client_msg, 1);
2057

    
2058
    return 0;
2059
}
2060

    
2061
void start_client_init(VncState *vs)
2062
{
2063
    vnc_read_when(vs, protocol_client_init, 1);
2064
}
2065

    
2066
static void make_challenge(VncState *vs)
2067
{
2068
    int i;
2069

    
2070
    srand(time(NULL)+getpid()+getpid()*987654+rand());
2071

    
2072
    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2073
        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2074
}
2075

    
2076
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2077
{
2078
    unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2079
    int i, j, pwlen;
2080
    unsigned char key[8];
2081

    
2082
    if (!vs->vd->password || !vs->vd->password[0]) {
2083
        VNC_DEBUG("No password configured on server");
2084
        vnc_write_u32(vs, 1); /* Reject auth */
2085
        if (vs->minor >= 8) {
2086
            static const char err[] = "Authentication failed";
2087
            vnc_write_u32(vs, sizeof(err));
2088
            vnc_write(vs, err, sizeof(err));
2089
        }
2090
        vnc_flush(vs);
2091
        vnc_client_error(vs);
2092
        return 0;
2093
    }
2094

    
2095
    memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2096

    
2097
    /* Calculate the expected challenge response */
2098
    pwlen = strlen(vs->vd->password);
2099
    for (i=0; i<sizeof(key); i++)
2100
        key[i] = i<pwlen ? vs->vd->password[i] : 0;
2101
    deskey(key, EN0);
2102
    for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2103
        des(response+j, response+j);
2104

    
2105
    /* Compare expected vs actual challenge response */
2106
    if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2107
        VNC_DEBUG("Client challenge reponse did not match\n");
2108
        vnc_write_u32(vs, 1); /* Reject auth */
2109
        if (vs->minor >= 8) {
2110
            static const char err[] = "Authentication failed";
2111
            vnc_write_u32(vs, sizeof(err));
2112
            vnc_write(vs, err, sizeof(err));
2113
        }
2114
        vnc_flush(vs);
2115
        vnc_client_error(vs);
2116
    } else {
2117
        VNC_DEBUG("Accepting VNC challenge response\n");
2118
        vnc_write_u32(vs, 0); /* Accept auth */
2119
        vnc_flush(vs);
2120

    
2121
        start_client_init(vs);
2122
    }
2123
    return 0;
2124
}
2125

    
2126
void start_auth_vnc(VncState *vs)
2127
{
2128
    make_challenge(vs);
2129
    /* Send client a 'random' challenge */
2130
    vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2131
    vnc_flush(vs);
2132

    
2133
    vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2134
}
2135

    
2136

    
2137
static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2138
{
2139
    /* We only advertise 1 auth scheme at a time, so client
2140
     * must pick the one we sent. Verify this */
2141
    if (data[0] != vs->vd->auth) { /* Reject auth */
2142
       VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2143
       vnc_write_u32(vs, 1);
2144
       if (vs->minor >= 8) {
2145
           static const char err[] = "Authentication failed";
2146
           vnc_write_u32(vs, sizeof(err));
2147
           vnc_write(vs, err, sizeof(err));
2148
       }
2149
       vnc_client_error(vs);
2150
    } else { /* Accept requested auth */
2151
       VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2152
       switch (vs->vd->auth) {
2153
       case VNC_AUTH_NONE:
2154
           VNC_DEBUG("Accept auth none\n");
2155
           if (vs->minor >= 8) {
2156
               vnc_write_u32(vs, 0); /* Accept auth completion */
2157
               vnc_flush(vs);
2158
           }
2159
           start_client_init(vs);
2160
           break;
2161

    
2162
       case VNC_AUTH_VNC:
2163
           VNC_DEBUG("Start VNC auth\n");
2164
           start_auth_vnc(vs);
2165
           break;
2166

    
2167
#ifdef CONFIG_VNC_TLS
2168
       case VNC_AUTH_VENCRYPT:
2169
           VNC_DEBUG("Accept VeNCrypt auth\n");;
2170
           start_auth_vencrypt(vs);
2171
           break;
2172
#endif /* CONFIG_VNC_TLS */
2173

    
2174
#ifdef CONFIG_VNC_SASL
2175
       case VNC_AUTH_SASL:
2176
           VNC_DEBUG("Accept SASL auth\n");
2177
           start_auth_sasl(vs);
2178
           break;
2179
#endif /* CONFIG_VNC_SASL */
2180

    
2181
       default: /* Should not be possible, but just in case */
2182
           VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2183
           vnc_write_u8(vs, 1);
2184
           if (vs->minor >= 8) {
2185
               static const char err[] = "Authentication failed";
2186
               vnc_write_u32(vs, sizeof(err));
2187
               vnc_write(vs, err, sizeof(err));
2188
           }
2189
           vnc_client_error(vs);
2190
       }
2191
    }
2192
    return 0;
2193
}
2194

    
2195
static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2196
{
2197
    char local[13];
2198

    
2199
    memcpy(local, version, 12);
2200
    local[12] = 0;
2201

    
2202
    if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2203
        VNC_DEBUG("Malformed protocol version %s\n", local);
2204
        vnc_client_error(vs);
2205
        return 0;
2206
    }
2207
    VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2208
    if (vs->major != 3 ||
2209
        (vs->minor != 3 &&
2210
         vs->minor != 4 &&
2211
         vs->minor != 5 &&
2212
         vs->minor != 7 &&
2213
         vs->minor != 8)) {
2214
        VNC_DEBUG("Unsupported client version\n");
2215
        vnc_write_u32(vs, VNC_AUTH_INVALID);
2216
        vnc_flush(vs);
2217
        vnc_client_error(vs);
2218
        return 0;
2219
    }
2220
    /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2221
     * as equivalent to v3.3 by servers
2222
     */
2223
    if (vs->minor == 4 || vs->minor == 5)
2224
        vs->minor = 3;
2225

    
2226
    if (vs->minor == 3) {
2227
        if (vs->vd->auth == VNC_AUTH_NONE) {
2228
            VNC_DEBUG("Tell client auth none\n");
2229
            vnc_write_u32(vs, vs->vd->auth);
2230
            vnc_flush(vs);
2231
            start_client_init(vs);
2232
       } else if (vs->vd->auth == VNC_AUTH_VNC) {
2233
            VNC_DEBUG("Tell client VNC auth\n");
2234
            vnc_write_u32(vs, vs->vd->auth);
2235
            vnc_flush(vs);
2236
            start_auth_vnc(vs);
2237
       } else {
2238
            VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2239
            vnc_write_u32(vs, VNC_AUTH_INVALID);
2240
            vnc_flush(vs);
2241
            vnc_client_error(vs);
2242
       }
2243
    } else {
2244
        VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2245
        vnc_write_u8(vs, 1); /* num auth */
2246
        vnc_write_u8(vs, vs->vd->auth);
2247
        vnc_read_when(vs, protocol_client_auth, 1);
2248
        vnc_flush(vs);
2249
    }
2250

    
2251
    return 0;
2252
}
2253

    
2254
static int vnc_refresh_server_surface(VncDisplay *vd)
2255
{
2256
    int y;
2257
    uint8_t *guest_row;
2258
    uint8_t *server_row;
2259
    int cmp_bytes;
2260
    uint32_t width_mask[VNC_DIRTY_WORDS];
2261
    VncState *vs;
2262
    int has_dirty = 0;
2263

    
2264
    /*
2265
     * Walk through the guest dirty map.
2266
     * Check and copy modified bits from guest to server surface.
2267
     * Update server dirty map.
2268
     */
2269
    vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2270
    cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2271
    guest_row  = vd->guest.ds->data;
2272
    server_row = vd->server->data;
2273
    for (y = 0; y < vd->guest.ds->height; y++) {
2274
        if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2275
            int x;
2276
            uint8_t *guest_ptr;
2277
            uint8_t *server_ptr;
2278

    
2279
            guest_ptr  = guest_row;
2280
            server_ptr = server_row;
2281

    
2282
            for (x = 0; x < vd->guest.ds->width;
2283
                    x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2284
                if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2285
                    continue;
2286
                vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2287
                if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2288
                    continue;
2289
                memcpy(server_ptr, guest_ptr, cmp_bytes);
2290
                QTAILQ_FOREACH(vs, &vd->clients, next) {
2291
                    vnc_set_bit(vs->dirty[y], (x / 16));
2292
                }
2293
                has_dirty++;
2294
            }
2295
        }
2296
        guest_row  += ds_get_linesize(vd->ds);
2297
        server_row += ds_get_linesize(vd->ds);
2298
    }
2299
    return has_dirty;
2300
}
2301

    
2302
static void vnc_refresh(void *opaque)
2303
{
2304
    VncDisplay *vd = opaque;
2305
    VncState *vs, *vn;
2306
    int has_dirty, rects = 0;
2307

    
2308
    vga_hw_update();
2309

    
2310
    if (vnc_trylock_display(vd)) {
2311
        vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2312
        qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) +
2313
                       vd->timer_interval);
2314
        return;
2315
    }
2316

    
2317
    has_dirty = vnc_refresh_server_surface(vd);
2318
    vnc_unlock_display(vd);
2319

    
2320
    QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2321
        rects += vnc_update_client(vs, has_dirty);
2322
        /* vs might be free()ed here */
2323
    }
2324

    
2325
    /* vd->timer could be NULL now if the last client disconnected,
2326
     * in this case don't update the timer */
2327
    if (vd->timer == NULL)
2328
        return;
2329

    
2330
    if (has_dirty && rects) {
2331
        vd->timer_interval /= 2;
2332
        if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2333
            vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2334
    } else {
2335
        vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2336
        if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2337
            vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2338
    }
2339
    qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2340
}
2341

    
2342
static void vnc_init_timer(VncDisplay *vd)
2343
{
2344
    vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2345
    if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2346
        vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2347
        vnc_refresh(vd);
2348
    }
2349
}
2350

    
2351
static void vnc_remove_timer(VncDisplay *vd)
2352
{
2353
    if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2354
        qemu_del_timer(vd->timer);
2355
        qemu_free_timer(vd->timer);
2356
        vd->timer = NULL;
2357
    }
2358
}
2359

    
2360
static void vnc_connect(VncDisplay *vd, int csock)
2361
{
2362
    VncState *vs = qemu_mallocz(sizeof(VncState));
2363
    vs->csock = csock;
2364

    
2365
    VNC_DEBUG("New client on socket %d\n", csock);
2366
    dcl->idle = 0;
2367
    socket_set_nonblock(vs->csock);
2368
    qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2369

    
2370
    vnc_client_cache_addr(vs);
2371
    vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2372

    
2373
    vs->vd = vd;
2374
    vs->ds = vd->ds;
2375
    vs->last_x = -1;
2376
    vs->last_y = -1;
2377

    
2378
    vs->as.freq = 44100;
2379
    vs->as.nchannels = 2;
2380
    vs->as.fmt = AUD_FMT_S16;
2381
    vs->as.endianness = 0;
2382

    
2383
#ifdef CONFIG_VNC_THREAD
2384
    qemu_mutex_init(&vs->output_mutex);
2385
#endif
2386

    
2387
    QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2388

    
2389
    vga_hw_update();
2390

    
2391
    vnc_write(vs, "RFB 003.008\n", 12);
2392
    vnc_flush(vs);
2393
    vnc_read_when(vs, protocol_version, 12);
2394
    reset_keys(vs);
2395
    if (vs->vd->lock_key_sync)
2396
        vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2397

    
2398
    vs->mouse_mode_notifier.notify = check_pointer_type_change;
2399
    qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2400

    
2401
    vnc_init_timer(vd);
2402

    
2403
    /* vs might be free()ed here */
2404
}
2405

    
2406
static void vnc_listen_read(void *opaque)
2407
{
2408
    VncDisplay *vs = opaque;
2409
    struct sockaddr_in addr;
2410
    socklen_t addrlen = sizeof(addr);
2411

    
2412
    /* Catch-up */
2413
    vga_hw_update();
2414

    
2415
    int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2416
    if (csock != -1) {
2417
        vnc_connect(vs, csock);
2418
    }
2419
}
2420

    
2421
void vnc_display_init(DisplayState *ds)
2422
{
2423
    VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2424

    
2425
    dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2426

    
2427
    ds->opaque = vs;
2428
    dcl->idle = 1;
2429
    vnc_display = vs;
2430

    
2431
    vs->lsock = -1;
2432

    
2433
    vs->ds = ds;
2434
    QTAILQ_INIT(&vs->clients);
2435

    
2436
    if (keyboard_layout)
2437
        vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2438
    else
2439
        vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2440

    
2441
    if (!vs->kbd_layout)
2442
        exit(1);
2443

    
2444
#ifdef CONFIG_VNC_THREAD
2445
    qemu_mutex_init(&vs->mutex);
2446
    vnc_start_worker_thread();
2447
#endif
2448

    
2449
    dcl->dpy_copy = vnc_dpy_copy;
2450
    dcl->dpy_update = vnc_dpy_update;
2451
    dcl->dpy_resize = vnc_dpy_resize;
2452
    dcl->dpy_setdata = vnc_dpy_setdata;
2453
    register_displaychangelistener(ds, dcl);
2454
    ds->mouse_set = vnc_mouse_set;
2455
    ds->cursor_define = vnc_dpy_cursor_define;
2456
}
2457

    
2458

    
2459
void vnc_display_close(DisplayState *ds)
2460
{
2461
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2462

    
2463
    if (!vs)
2464
        return;
2465
    if (vs->display) {
2466
        qemu_free(vs->display);
2467
        vs->display = NULL;
2468
    }
2469
    if (vs->lsock != -1) {
2470
        qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2471
        close(vs->lsock);
2472
        vs->lsock = -1;
2473
    }
2474
    vs->auth = VNC_AUTH_INVALID;
2475
#ifdef CONFIG_VNC_TLS
2476
    vs->subauth = VNC_AUTH_INVALID;
2477
    vs->tls.x509verify = 0;
2478
#endif
2479
}
2480

    
2481
int vnc_display_password(DisplayState *ds, const char *password)
2482
{
2483
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2484

    
2485
    if (!vs) {
2486
        return -1;
2487
    }
2488

    
2489
    if (vs->password) {
2490
        qemu_free(vs->password);
2491
        vs->password = NULL;
2492
    }
2493
    if (password && password[0]) {
2494
        if (!(vs->password = qemu_strdup(password)))
2495
            return -1;
2496
        if (vs->auth == VNC_AUTH_NONE) {
2497
            vs->auth = VNC_AUTH_VNC;
2498
        }
2499
    } else {
2500
        vs->auth = VNC_AUTH_NONE;
2501
    }
2502

    
2503
    return 0;
2504
}
2505

    
2506
char *vnc_display_local_addr(DisplayState *ds)
2507
{
2508
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2509
    
2510
    return vnc_socket_local_addr("%s:%s", vs->lsock);
2511
}
2512

    
2513
int vnc_display_open(DisplayState *ds, const char *display)
2514
{
2515
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2516
    const char *options;
2517
    int password = 0;
2518
    int reverse = 0;
2519
#ifdef CONFIG_VNC_TLS
2520
    int tls = 0, x509 = 0;
2521
#endif
2522
#ifdef CONFIG_VNC_SASL
2523
    int sasl = 0;
2524
    int saslErr;
2525
#endif
2526
    int acl = 0;
2527
    int lock_key_sync = 1;
2528

    
2529
    if (!vnc_display)
2530
        return -1;
2531
    vnc_display_close(ds);
2532
    if (strcmp(display, "none") == 0)
2533
        return 0;
2534

    
2535
    if (!(vs->display = strdup(display)))
2536
        return -1;
2537

    
2538
    options = display;
2539
    while ((options = strchr(options, ','))) {
2540
        options++;
2541
        if (strncmp(options, "password", 8) == 0) {
2542
            password = 1; /* Require password auth */
2543
        } else if (strncmp(options, "reverse", 7) == 0) {
2544
            reverse = 1;
2545
        } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2546
            lock_key_sync = 0;
2547
#ifdef CONFIG_VNC_SASL
2548
        } else if (strncmp(options, "sasl", 4) == 0) {
2549
            sasl = 1; /* Require SASL auth */
2550
#endif
2551
#ifdef CONFIG_VNC_TLS
2552
        } else if (strncmp(options, "tls", 3) == 0) {
2553
            tls = 1; /* Require TLS */
2554
        } else if (strncmp(options, "x509", 4) == 0) {
2555
            char *start, *end;
2556
            x509 = 1; /* Require x509 certificates */
2557
            if (strncmp(options, "x509verify", 10) == 0)
2558
                vs->tls.x509verify = 1; /* ...and verify client certs */
2559

    
2560
            /* Now check for 'x509=/some/path' postfix
2561
             * and use that to setup x509 certificate/key paths */
2562
            start = strchr(options, '=');
2563
            end = strchr(options, ',');
2564
            if (start && (!end || (start < end))) {
2565
                int len = end ? end-(start+1) : strlen(start+1);
2566
                char *path = qemu_strndup(start + 1, len);
2567

    
2568
                VNC_DEBUG("Trying certificate path '%s'\n", path);
2569
                if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2570
                    fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2571
                    qemu_free(path);
2572
                    qemu_free(vs->display);
2573
                    vs->display = NULL;
2574
                    return -1;
2575
                }
2576
                qemu_free(path);
2577
            } else {
2578
                fprintf(stderr, "No certificate path provided\n");
2579
                qemu_free(vs->display);
2580
                vs->display = NULL;
2581
                return -1;
2582
            }
2583
#endif
2584
        } else if (strncmp(options, "acl", 3) == 0) {
2585
            acl = 1;
2586
        } else if (strncmp(options, "lossy", 5) == 0) {
2587
            vs->lossy = true;
2588
        }
2589
    }
2590

    
2591
#ifdef CONFIG_VNC_TLS
2592
    if (acl && x509 && vs->tls.x509verify) {
2593
        if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2594
            fprintf(stderr, "Failed to create x509 dname ACL\n");
2595
            exit(1);
2596
        }
2597
    }
2598
#endif
2599
#ifdef CONFIG_VNC_SASL
2600
    if (acl && sasl) {
2601
        if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2602
            fprintf(stderr, "Failed to create username ACL\n");
2603
            exit(1);
2604
        }
2605
    }
2606
#endif
2607

    
2608
    /*
2609
     * Combinations we support here:
2610
     *
2611
     *  - no-auth                (clear text, no auth)
2612
     *  - password               (clear text, weak auth)
2613
     *  - sasl                   (encrypt, good auth *IF* using Kerberos via GSSAPI)
2614
     *  - tls                    (encrypt, weak anonymous creds, no auth)
2615
     *  - tls + password         (encrypt, weak anonymous creds, weak auth)
2616
     *  - tls + sasl             (encrypt, weak anonymous creds, good auth)
2617
     *  - tls + x509             (encrypt, good x509 creds, no auth)
2618
     *  - tls + x509 + password  (encrypt, good x509 creds, weak auth)
2619
     *  - tls + x509 + sasl      (encrypt, good x509 creds, good auth)
2620
     *
2621
     * NB1. TLS is a stackable auth scheme.
2622
     * NB2. the x509 schemes have option to validate a client cert dname
2623
     */
2624
    if (password) {
2625
#ifdef CONFIG_VNC_TLS
2626
        if (tls) {
2627
            vs->auth = VNC_AUTH_VENCRYPT;
2628
            if (x509) {
2629
                VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2630
                vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2631
            } else {
2632
                VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2633
                vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2634
            }
2635
        } else {
2636
#endif /* CONFIG_VNC_TLS */
2637
            VNC_DEBUG("Initializing VNC server with password auth\n");
2638
            vs->auth = VNC_AUTH_VNC;
2639
#ifdef CONFIG_VNC_TLS
2640
            vs->subauth = VNC_AUTH_INVALID;
2641
        }
2642
#endif /* CONFIG_VNC_TLS */
2643
#ifdef CONFIG_VNC_SASL
2644
    } else if (sasl) {
2645
#ifdef CONFIG_VNC_TLS
2646
        if (tls) {
2647
            vs->auth = VNC_AUTH_VENCRYPT;
2648
            if (x509) {
2649
                VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2650
                vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2651
            } else {
2652
                VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2653
                vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2654
            }
2655
        } else {
2656
#endif /* CONFIG_VNC_TLS */
2657
            VNC_DEBUG("Initializing VNC server with SASL auth\n");
2658
            vs->auth = VNC_AUTH_SASL;
2659
#ifdef CONFIG_VNC_TLS
2660
            vs->subauth = VNC_AUTH_INVALID;
2661
        }
2662
#endif /* CONFIG_VNC_TLS */
2663
#endif /* CONFIG_VNC_SASL */
2664
    } else {
2665
#ifdef CONFIG_VNC_TLS
2666
        if (tls) {
2667
            vs->auth = VNC_AUTH_VENCRYPT;
2668
            if (x509) {
2669
                VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2670
                vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2671
            } else {
2672
                VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2673
                vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2674
            }
2675
        } else {
2676
#endif
2677
            VNC_DEBUG("Initializing VNC server with no auth\n");
2678
            vs->auth = VNC_AUTH_NONE;
2679
#ifdef CONFIG_VNC_TLS
2680
            vs->subauth = VNC_AUTH_INVALID;
2681
        }
2682
#endif
2683
    }
2684

    
2685
#ifdef CONFIG_VNC_SASL
2686
    if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2687
        fprintf(stderr, "Failed to initialize SASL auth %s",
2688
                sasl_errstring(saslErr, NULL, NULL));
2689
        free(vs->display);
2690
        vs->display = NULL;
2691
        return -1;
2692
    }
2693
#endif
2694
    vs->lock_key_sync = lock_key_sync;
2695

    
2696
    if (reverse) {
2697
        /* connect to viewer */
2698
        if (strncmp(display, "unix:", 5) == 0)
2699
            vs->lsock = unix_connect(display+5);
2700
        else
2701
            vs->lsock = inet_connect(display, SOCK_STREAM);
2702
        if (-1 == vs->lsock) {
2703
            free(vs->display);
2704
            vs->display = NULL;
2705
            return -1;
2706
        } else {
2707
            int csock = vs->lsock;
2708
            vs->lsock = -1;
2709
            vnc_connect(vs, csock);
2710
        }
2711
        return 0;
2712

    
2713
    } else {
2714
        /* listen for connects */
2715
        char *dpy;
2716
        dpy = qemu_malloc(256);
2717
        if (strncmp(display, "unix:", 5) == 0) {
2718
            pstrcpy(dpy, 256, "unix:");
2719
            vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2720
        } else {
2721
            vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2722
        }
2723
        if (-1 == vs->lsock) {
2724
            free(dpy);
2725
            return -1;
2726
        } else {
2727
            free(vs->display);
2728
            vs->display = dpy;
2729
        }
2730
    }
2731
    return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2732
}