Statistics
| Branch: | Revision:

root / vnc.c @ d78f3995

History | View | Annotate | Download (65.6 kB)

1
/*
2
 * QEMU VNC display driver
3
 *
4
 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5
 * Copyright (C) 2006 Fabrice Bellard
6
 * Copyright (C) 2009 Red Hat, Inc
7
 *
8
 * Permission is hereby granted, free of charge, to any person obtaining a copy
9
 * of this software and associated documentation files (the "Software"), to deal
10
 * in the Software without restriction, including without limitation the rights
11
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12
 * copies of the Software, and to permit persons to whom the Software is
13
 * furnished to do so, subject to the following conditions:
14
 *
15
 * The above copyright notice and this permission notice shall be included in
16
 * all copies or substantial portions of the Software.
17
 *
18
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24
 * THE SOFTWARE.
25
 */
26

    
27
#include "vnc.h"
28
#include "sysemu.h"
29
#include "qemu_socket.h"
30
#include "qemu-timer.h"
31
#include "acl.h"
32

    
33
#define VNC_REFRESH_INTERVAL (1000 / 30)
34

    
35
#include "vnc_keysym.h"
36
#include "d3des.h"
37

    
38
#define count_bits(c, v) { \
39
    for (c = 0; v; v >>= 1) \
40
    { \
41
        c += v & 1; \
42
    } \
43
}
44

    
45

    
46
static VncDisplay *vnc_display; /* needed for info vnc */
47
static DisplayChangeListener *dcl;
48

    
49
static char *addr_to_string(const char *format,
50
                            struct sockaddr_storage *sa,
51
                            socklen_t salen) {
52
    char *addr;
53
    char host[NI_MAXHOST];
54
    char serv[NI_MAXSERV];
55
    int err;
56
    size_t addrlen;
57

    
58
    if ((err = getnameinfo((struct sockaddr *)sa, salen,
59
                           host, sizeof(host),
60
                           serv, sizeof(serv),
61
                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
62
        VNC_DEBUG("Cannot resolve address %d: %s\n",
63
                  err, gai_strerror(err));
64
        return NULL;
65
    }
66

    
67
    /* Enough for the existing format + the 2 vars we're
68
     * subsituting in. */
69
    addrlen = strlen(format) + strlen(host) + strlen(serv);
70
    addr = qemu_malloc(addrlen + 1);
71
    snprintf(addr, addrlen, format, host, serv);
72
    addr[addrlen] = '\0';
73

    
74
    return addr;
75
}
76

    
77

    
78
char *vnc_socket_local_addr(const char *format, int fd) {
79
    struct sockaddr_storage sa;
80
    socklen_t salen;
81

    
82
    salen = sizeof(sa);
83
    if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
84
        return NULL;
85

    
86
    return addr_to_string(format, &sa, salen);
87
}
88

    
89

    
90
char *vnc_socket_remote_addr(const char *format, int fd) {
91
    struct sockaddr_storage sa;
92
    socklen_t salen;
93

    
94
    salen = sizeof(sa);
95
    if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
96
        return NULL;
97

    
98
    return addr_to_string(format, &sa, salen);
99
}
100

    
101
static const char *vnc_auth_name(VncDisplay *vd) {
102
    switch (vd->auth) {
103
    case VNC_AUTH_INVALID:
104
        return "invalid";
105
    case VNC_AUTH_NONE:
106
        return "none";
107
    case VNC_AUTH_VNC:
108
        return "vnc";
109
    case VNC_AUTH_RA2:
110
        return "ra2";
111
    case VNC_AUTH_RA2NE:
112
        return "ra2ne";
113
    case VNC_AUTH_TIGHT:
114
        return "tight";
115
    case VNC_AUTH_ULTRA:
116
        return "ultra";
117
    case VNC_AUTH_TLS:
118
        return "tls";
119
    case VNC_AUTH_VENCRYPT:
120
#ifdef CONFIG_VNC_TLS
121
        switch (vd->subauth) {
122
        case VNC_AUTH_VENCRYPT_PLAIN:
123
            return "vencrypt+plain";
124
        case VNC_AUTH_VENCRYPT_TLSNONE:
125
            return "vencrypt+tls+none";
126
        case VNC_AUTH_VENCRYPT_TLSVNC:
127
            return "vencrypt+tls+vnc";
128
        case VNC_AUTH_VENCRYPT_TLSPLAIN:
129
            return "vencrypt+tls+plain";
130
        case VNC_AUTH_VENCRYPT_X509NONE:
131
            return "vencrypt+x509+none";
132
        case VNC_AUTH_VENCRYPT_X509VNC:
133
            return "vencrypt+x509+vnc";
134
        case VNC_AUTH_VENCRYPT_X509PLAIN:
135
            return "vencrypt+x509+plain";
136
        case VNC_AUTH_VENCRYPT_TLSSASL:
137
            return "vencrypt+tls+sasl";
138
        case VNC_AUTH_VENCRYPT_X509SASL:
139
            return "vencrypt+x509+sasl";
140
        default:
141
            return "vencrypt";
142
        }
143
#else
144
        return "vencrypt";
145
#endif
146
    case VNC_AUTH_SASL:
147
        return "sasl";
148
    }
149
    return "unknown";
150
}
151

    
152
static void do_info_vnc_client(Monitor *mon, VncState *client)
153
{
154
    char *clientAddr =
155
        vnc_socket_remote_addr("     address: %s:%s\n",
156
                               client->csock);
157
    if (!clientAddr)
158
        return;
159

    
160
    monitor_printf(mon, "Client:\n");
161
    monitor_printf(mon, "%s", clientAddr);
162
    free(clientAddr);
163

    
164
#ifdef CONFIG_VNC_TLS
165
    if (client->tls.session &&
166
        client->tls.dname)
167
        monitor_printf(mon, "  x509 dname: %s\n", client->tls.dname);
168
    else
169
        monitor_printf(mon, "  x509 dname: none\n");
170
#endif
171
#ifdef CONFIG_VNC_SASL
172
    if (client->sasl.conn &&
173
        client->sasl.username)
174
        monitor_printf(mon, "    username: %s\n", client->sasl.username);
175
    else
176
        monitor_printf(mon, "    username: none\n");
177
#endif
178
}
179

    
180
void do_info_vnc(Monitor *mon)
181
{
182
    if (vnc_display == NULL || vnc_display->display == NULL) {
183
        monitor_printf(mon, "Server: disabled\n");
184
    } else {
185
        char *serverAddr = vnc_socket_local_addr("     address: %s:%s\n",
186
                                                 vnc_display->lsock);
187

    
188
        if (!serverAddr)
189
            return;
190

    
191
        monitor_printf(mon, "Server:\n");
192
        monitor_printf(mon, "%s", serverAddr);
193
        free(serverAddr);
194
        monitor_printf(mon, "        auth: %s\n", vnc_auth_name(vnc_display));
195

    
196
        if (vnc_display->clients) {
197
            VncState *client = vnc_display->clients;
198
            while (client) {
199
                do_info_vnc_client(mon, client);
200
                client = client->next;
201
            }
202
        } else {
203
            monitor_printf(mon, "Client: none\n");
204
        }
205
    }
206
}
207

    
208
static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
209
    return (vs->features & (1 << feature));
210
}
211

    
212
/* TODO
213
   1) Get the queue working for IO.
214
   2) there is some weirdness when using the -S option (the screen is grey
215
      and not totally invalidated
216
   3) resolutions > 1024
217
*/
218

    
219
static void vnc_update_client(void *opaque);
220

    
221
static void vnc_colordepth(VncState *vs);
222

    
223
static inline void vnc_set_bit(uint32_t *d, int k)
224
{
225
    d[k >> 5] |= 1 << (k & 0x1f);
226
}
227

    
228
static inline void vnc_clear_bit(uint32_t *d, int k)
229
{
230
    d[k >> 5] &= ~(1 << (k & 0x1f));
231
}
232

    
233
static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
234
{
235
    int j;
236

    
237
    j = 0;
238
    while (n >= 32) {
239
        d[j++] = -1;
240
        n -= 32;
241
    }
242
    if (n > 0)
243
        d[j++] = (1 << n) - 1;
244
    while (j < nb_words)
245
        d[j++] = 0;
246
}
247

    
248
static inline int vnc_get_bit(const uint32_t *d, int k)
249
{
250
    return (d[k >> 5] >> (k & 0x1f)) & 1;
251
}
252

    
253
static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
254
                               int nb_words)
255
{
256
    int i;
257
    for(i = 0; i < nb_words; i++) {
258
        if ((d1[i] & d2[i]) != 0)
259
            return 1;
260
    }
261
    return 0;
262
}
263

    
264
static void vnc_update(VncState *vs, int x, int y, int w, int h)
265
{
266
    int i;
267

    
268
    h += y;
269

    
270
    /* round x down to ensure the loop only spans one 16-pixel block per,
271
       iteration.  otherwise, if (x % 16) != 0, the last iteration may span
272
       two 16-pixel blocks but we only mark the first as dirty
273
    */
274
    w += (x % 16);
275
    x -= (x % 16);
276

    
277
    x = MIN(x, vs->serverds.width);
278
    y = MIN(y, vs->serverds.height);
279
    w = MIN(x + w, vs->serverds.width) - x;
280
    h = MIN(h, vs->serverds.height);
281

    
282
    for (; y < h; y++)
283
        for (i = 0; i < w; i += 16)
284
            vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
285
}
286

    
287
static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
288
{
289
    VncDisplay *vd = ds->opaque;
290
    VncState *vs = vd->clients;
291
    while (vs != NULL) {
292
        vnc_update(vs, x, y, w, h);
293
        vs = vs->next;
294
    }
295
}
296

    
297
static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
298
                                   int32_t encoding)
299
{
300
    vnc_write_u16(vs, x);
301
    vnc_write_u16(vs, y);
302
    vnc_write_u16(vs, w);
303
    vnc_write_u16(vs, h);
304

    
305
    vnc_write_s32(vs, encoding);
306
}
307

    
308
void buffer_reserve(Buffer *buffer, size_t len)
309
{
310
    if ((buffer->capacity - buffer->offset) < len) {
311
        buffer->capacity += (len + 1024);
312
        buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
313
        if (buffer->buffer == NULL) {
314
            fprintf(stderr, "vnc: out of memory\n");
315
            exit(1);
316
        }
317
    }
318
}
319

    
320
int buffer_empty(Buffer *buffer)
321
{
322
    return buffer->offset == 0;
323
}
324

    
325
uint8_t *buffer_end(Buffer *buffer)
326
{
327
    return buffer->buffer + buffer->offset;
328
}
329

    
330
void buffer_reset(Buffer *buffer)
331
{
332
        buffer->offset = 0;
333
}
334

    
335
void buffer_append(Buffer *buffer, const void *data, size_t len)
336
{
337
    memcpy(buffer->buffer + buffer->offset, data, len);
338
    buffer->offset += len;
339
}
340

    
341
static void vnc_resize(VncState *vs)
342
{
343
    DisplayState *ds = vs->ds;
344

    
345
    int size_changed;
346

    
347
    vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
348

    
349
    if (vs->old_data == NULL) {
350
        fprintf(stderr, "vnc: memory allocation failed\n");
351
        exit(1);
352
    }
353

    
354
    if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
355
        console_color_init(ds);
356
    vnc_colordepth(vs);
357
    size_changed = ds_get_width(ds) != vs->serverds.width ||
358
                   ds_get_height(ds) != vs->serverds.height;
359
    vs->serverds = *(ds->surface);
360
    if (size_changed) {
361
        if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
362
            vnc_write_u8(vs, 0);  /* msg id */
363
            vnc_write_u8(vs, 0);
364
            vnc_write_u16(vs, 1); /* number of rects */
365
            vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
366
                                   VNC_ENCODING_DESKTOPRESIZE);
367
            vnc_flush(vs);
368
        }
369
    }
370

    
371
    memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
372
    memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
373
}
374

    
375
static void vnc_dpy_resize(DisplayState *ds)
376
{
377
    VncDisplay *vd = ds->opaque;
378
    VncState *vs = vd->clients;
379
    while (vs != NULL) {
380
        vnc_resize(vs);
381
        vs = vs->next;
382
    }
383
}
384

    
385
/* fastest code */
386
static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
387
{
388
    vnc_write(vs, pixels, size);
389
}
390

    
391
/* slowest but generic code. */
392
static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
393
{
394
    uint8_t r, g, b;
395

    
396
    r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
397
        vs->serverds.pf.rbits);
398
    g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
399
        vs->serverds.pf.gbits);
400
    b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
401
        vs->serverds.pf.bbits);
402
    v = (r << vs->clientds.pf.rshift) |
403
        (g << vs->clientds.pf.gshift) |
404
        (b << vs->clientds.pf.bshift);
405
    switch(vs->clientds.pf.bytes_per_pixel) {
406
    case 1:
407
        buf[0] = v;
408
        break;
409
    case 2:
410
        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
411
            buf[0] = v >> 8;
412
            buf[1] = v;
413
        } else {
414
            buf[1] = v >> 8;
415
            buf[0] = v;
416
        }
417
        break;
418
    default:
419
    case 4:
420
        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
421
            buf[0] = v >> 24;
422
            buf[1] = v >> 16;
423
            buf[2] = v >> 8;
424
            buf[3] = v;
425
        } else {
426
            buf[3] = v >> 24;
427
            buf[2] = v >> 16;
428
            buf[1] = v >> 8;
429
            buf[0] = v;
430
        }
431
        break;
432
    }
433
}
434

    
435
static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
436
{
437
    uint8_t buf[4];
438

    
439
    if (vs->serverds.pf.bytes_per_pixel == 4) {
440
        uint32_t *pixels = pixels1;
441
        int n, i;
442
        n = size >> 2;
443
        for(i = 0; i < n; i++) {
444
            vnc_convert_pixel(vs, buf, pixels[i]);
445
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
446
        }
447
    } else if (vs->serverds.pf.bytes_per_pixel == 2) {
448
        uint16_t *pixels = pixels1;
449
        int n, i;
450
        n = size >> 1;
451
        for(i = 0; i < n; i++) {
452
            vnc_convert_pixel(vs, buf, pixels[i]);
453
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
454
        }
455
    } else if (vs->serverds.pf.bytes_per_pixel == 1) {
456
        uint8_t *pixels = pixels1;
457
        int n, i;
458
        n = size;
459
        for(i = 0; i < n; i++) {
460
            vnc_convert_pixel(vs, buf, pixels[i]);
461
            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
462
        }
463
    } else {
464
        fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
465
    }
466
}
467

    
468
static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
469
{
470
    int i;
471
    uint8_t *row;
472

    
473
    row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
474
    for (i = 0; i < h; i++) {
475
        vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
476
        row += ds_get_linesize(vs->ds);
477
    }
478
}
479

    
480
static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
481
{
482
    ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
483
    ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
484
}
485

    
486
#define BPP 8
487
#include "vnchextile.h"
488
#undef BPP
489

    
490
#define BPP 16
491
#include "vnchextile.h"
492
#undef BPP
493

    
494
#define BPP 32
495
#include "vnchextile.h"
496
#undef BPP
497

    
498
#define GENERIC
499
#define BPP 8
500
#include "vnchextile.h"
501
#undef BPP
502
#undef GENERIC
503

    
504
#define GENERIC
505
#define BPP 16
506
#include "vnchextile.h"
507
#undef BPP
508
#undef GENERIC
509

    
510
#define GENERIC
511
#define BPP 32
512
#include "vnchextile.h"
513
#undef BPP
514
#undef GENERIC
515

    
516
static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
517
{
518
    int i, j;
519
    int has_fg, has_bg;
520
    uint8_t *last_fg, *last_bg;
521

    
522
    last_fg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
523
    last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
524
    has_fg = has_bg = 0;
525
    for (j = y; j < (y + h); j += 16) {
526
        for (i = x; i < (x + w); i += 16) {
527
            vs->send_hextile_tile(vs, i, j,
528
                                  MIN(16, x + w - i), MIN(16, y + h - j),
529
                                  last_bg, last_fg, &has_bg, &has_fg);
530
        }
531
    }
532
    free(last_fg);
533
    free(last_bg);
534

    
535
}
536

    
537
static void vnc_zlib_init(VncState *vs)
538
{
539
    int i;
540
    for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
541
        vs->zlib_stream[i].opaque = NULL;
542
}
543

    
544
static void vnc_zlib_start(VncState *vs)
545
{
546
    buffer_reset(&vs->zlib);
547

    
548
    // make the output buffer be the zlib buffer, so we can compress it later
549
    vs->zlib_tmp = vs->output;
550
    vs->output = vs->zlib;
551
}
552

    
553
static int vnc_zlib_stop(VncState *vs, int stream_id)
554
{
555
    z_streamp zstream = &vs->zlib_stream[stream_id];
556
    int previous_out;
557

    
558
    // switch back to normal output/zlib buffers
559
    vs->zlib = vs->output;
560
    vs->output = vs->zlib_tmp;
561

    
562
    // compress the zlib buffer
563

    
564
    // initialize the stream
565
    // XXX need one stream per session
566
    if (zstream->opaque != vs) {
567
        int err;
568

    
569
        VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
570
        VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
571
        zstream->zalloc = Z_NULL;
572
        zstream->zfree = Z_NULL;
573

    
574
        err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
575
                           MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
576

    
577
        if (err != Z_OK) {
578
            fprintf(stderr, "VNC: error initializing zlib\n");
579
            return -1;
580
        }
581

    
582
        zstream->opaque = vs;
583
    }
584

    
585
    // XXX what to do if tight_compression changed in between?
586

    
587
    // reserve memory in output buffer
588
    buffer_reserve(&vs->output, vs->zlib.offset + 64);
589

    
590
    // set pointers
591
    zstream->next_in = vs->zlib.buffer;
592
    zstream->avail_in = vs->zlib.offset;
593
    zstream->next_out = vs->output.buffer + vs->output.offset;
594
    zstream->avail_out = vs->output.capacity - vs->output.offset;
595
    zstream->data_type = Z_BINARY;
596
    previous_out = zstream->total_out;
597

    
598
    // start encoding
599
    if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
600
        fprintf(stderr, "VNC: error during zlib compression\n");
601
        return -1;
602
    }
603

    
604
    vs->output.offset = vs->output.capacity - zstream->avail_out;
605
    return zstream->total_out - previous_out;
606
}
607

    
608
static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
609
{
610
    int old_offset, new_offset, bytes_written;
611

    
612
    vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
613

    
614
    // remember where we put in the follow-up size
615
    old_offset = vs->output.offset;
616
    vnc_write_s32(vs, 0);
617

    
618
    // compress the stream
619
    vnc_zlib_start(vs);
620
    send_framebuffer_update_raw(vs, x, y, w, h);
621
    bytes_written = vnc_zlib_stop(vs, 0);
622

    
623
    if (bytes_written == -1)
624
        return;
625

    
626
    // hack in the size
627
    new_offset = vs->output.offset;
628
    vs->output.offset = old_offset;
629
    vnc_write_u32(vs, bytes_written);
630
    vs->output.offset = new_offset;
631
}
632

    
633
static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
634
{
635
    switch(vs->vnc_encoding) {
636
        case VNC_ENCODING_ZLIB:
637
            send_framebuffer_update_zlib(vs, x, y, w, h);
638
            break;
639
        case VNC_ENCODING_HEXTILE:
640
            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
641
            send_framebuffer_update_hextile(vs, x, y, w, h);
642
            break;
643
        default:
644
            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
645
            send_framebuffer_update_raw(vs, x, y, w, h);
646
            break;
647
    }
648
}
649

    
650
static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
651
{
652
    vnc_update_client(vs);
653

    
654
    vnc_write_u8(vs, 0);  /* msg id */
655
    vnc_write_u8(vs, 0);
656
    vnc_write_u16(vs, 1); /* number of rects */
657
    vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
658
    vnc_write_u16(vs, src_x);
659
    vnc_write_u16(vs, src_y);
660
    vnc_flush(vs);
661
}
662

    
663
static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
664
{
665
    VncDisplay *vd = ds->opaque;
666
    VncState *vs = vd->clients;
667
    while (vs != NULL) {
668
        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
669
            vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
670
        else /* TODO */
671
            vnc_update(vs, dst_x, dst_y, w, h);
672
        vs = vs->next;
673
    }
674
}
675

    
676
static int find_dirty_height(VncState *vs, int y, int last_x, int x)
677
{
678
    int h;
679

    
680
    for (h = 1; h < (vs->serverds.height - y); h++) {
681
        int tmp_x;
682
        if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
683
            break;
684
        for (tmp_x = last_x; tmp_x < x; tmp_x++)
685
            vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
686
    }
687

    
688
    return h;
689
}
690

    
691
static void vnc_update_client(void *opaque)
692
{
693
    VncState *vs = opaque;
694
    if (vs->need_update && vs->csock != -1) {
695
        int y;
696
        uint8_t *row;
697
        char *old_row;
698
        uint32_t width_mask[VNC_DIRTY_WORDS];
699
        int n_rectangles;
700
        int saved_offset;
701
        int has_dirty = 0;
702

    
703
        vga_hw_update();
704

    
705
        vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
706

    
707
        /* Walk through the dirty map and eliminate tiles that
708
           really aren't dirty */
709
        row = ds_get_data(vs->ds);
710
        old_row = vs->old_data;
711

    
712
        for (y = 0; y < ds_get_height(vs->ds); y++) {
713
            if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
714
                int x;
715
                uint8_t *ptr;
716
                char *old_ptr;
717

    
718
                ptr = row;
719
                old_ptr = (char*)old_row;
720

    
721
                for (x = 0; x < ds_get_width(vs->ds); x += 16) {
722
                    if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
723
                        vnc_clear_bit(vs->dirty_row[y], (x / 16));
724
                    } else {
725
                        has_dirty = 1;
726
                        memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
727
                    }
728

    
729
                    ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
730
                    old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
731
                }
732
            }
733

    
734
            row += ds_get_linesize(vs->ds);
735
            old_row += ds_get_linesize(vs->ds);
736
        }
737

    
738
        if (!has_dirty && !vs->audio_cap) {
739
            qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
740
            return;
741
        }
742

    
743
        /* Count rectangles */
744
        n_rectangles = 0;
745
        vnc_write_u8(vs, 0);  /* msg id */
746
        vnc_write_u8(vs, 0);
747
        saved_offset = vs->output.offset;
748
        vnc_write_u16(vs, 0);
749

    
750
        for (y = 0; y < vs->serverds.height; y++) {
751
            int x;
752
            int last_x = -1;
753
            for (x = 0; x < vs->serverds.width / 16; x++) {
754
                if (vnc_get_bit(vs->dirty_row[y], x)) {
755
                    if (last_x == -1) {
756
                        last_x = x;
757
                    }
758
                    vnc_clear_bit(vs->dirty_row[y], x);
759
                } else {
760
                    if (last_x != -1) {
761
                        int h = find_dirty_height(vs, y, last_x, x);
762
                        send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
763
                        n_rectangles++;
764
                    }
765
                    last_x = -1;
766
                }
767
            }
768
            if (last_x != -1) {
769
                int h = find_dirty_height(vs, y, last_x, x);
770
                send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
771
                n_rectangles++;
772
            }
773
        }
774
        vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
775
        vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
776
        vnc_flush(vs);
777

    
778
    }
779

    
780
    if (vs->csock != -1) {
781
        qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
782
    }
783

    
784
}
785

    
786
/* audio */
787
static void audio_capture_notify(void *opaque, audcnotification_e cmd)
788
{
789
    VncState *vs = opaque;
790

    
791
    switch (cmd) {
792
    case AUD_CNOTIFY_DISABLE:
793
        vnc_write_u8(vs, 255);
794
        vnc_write_u8(vs, 1);
795
        vnc_write_u16(vs, 0);
796
        vnc_flush(vs);
797
        break;
798

    
799
    case AUD_CNOTIFY_ENABLE:
800
        vnc_write_u8(vs, 255);
801
        vnc_write_u8(vs, 1);
802
        vnc_write_u16(vs, 1);
803
        vnc_flush(vs);
804
        break;
805
    }
806
}
807

    
808
static void audio_capture_destroy(void *opaque)
809
{
810
}
811

    
812
static void audio_capture(void *opaque, void *buf, int size)
813
{
814
    VncState *vs = opaque;
815

    
816
    vnc_write_u8(vs, 255);
817
    vnc_write_u8(vs, 1);
818
    vnc_write_u16(vs, 2);
819
    vnc_write_u32(vs, size);
820
    vnc_write(vs, buf, size);
821
    vnc_flush(vs);
822
}
823

    
824
static void audio_add(VncState *vs)
825
{
826
    Monitor *mon = cur_mon;
827
    struct audio_capture_ops ops;
828

    
829
    if (vs->audio_cap) {
830
        monitor_printf(mon, "audio already running\n");
831
        return;
832
    }
833

    
834
    ops.notify = audio_capture_notify;
835
    ops.destroy = audio_capture_destroy;
836
    ops.capture = audio_capture;
837

    
838
    vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
839
    if (!vs->audio_cap) {
840
        monitor_printf(mon, "Failed to add audio capture\n");
841
    }
842
}
843

    
844
static void audio_del(VncState *vs)
845
{
846
    if (vs->audio_cap) {
847
        AUD_del_capture(vs->audio_cap, vs);
848
        vs->audio_cap = NULL;
849
    }
850
}
851

    
852

    
853
int vnc_client_io_error(VncState *vs, int ret, int last_errno)
854
{
855
    if (ret == 0 || ret == -1) {
856
        if (ret == -1) {
857
            switch (last_errno) {
858
                case EINTR:
859
                case EAGAIN:
860
#ifdef _WIN32
861
                case WSAEWOULDBLOCK:
862
#endif
863
                    return 0;
864
                default:
865
                    break;
866
            }
867
        }
868

    
869
        VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
870
        qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
871
        closesocket(vs->csock);
872
        qemu_del_timer(vs->timer);
873
        qemu_free_timer(vs->timer);
874
        if (vs->input.buffer) qemu_free(vs->input.buffer);
875
        if (vs->output.buffer) qemu_free(vs->output.buffer);
876
#ifdef CONFIG_VNC_TLS
877
        vnc_tls_client_cleanup(vs);
878
#endif /* CONFIG_VNC_TLS */
879
#ifdef CONFIG_VNC_SASL
880
        vnc_sasl_client_cleanup(vs);
881
#endif /* CONFIG_VNC_SASL */
882
        audio_del(vs);
883

    
884
        VncState *p, *parent = NULL;
885
        for (p = vs->vd->clients; p != NULL; p = p->next) {
886
            if (p == vs) {
887
                if (parent)
888
                    parent->next = p->next;
889
                else
890
                    vs->vd->clients = p->next;
891
                break;
892
            }
893
            parent = p;
894
        }
895
        if (!vs->vd->clients)
896
            dcl->idle = 1;
897

    
898
        qemu_free(vs->old_data);
899
        qemu_free(vs);
900
  
901
        return 0;
902
    }
903
    return ret;
904
}
905

    
906

    
907
void vnc_client_error(VncState *vs)
908
{
909
    vnc_client_io_error(vs, -1, EINVAL);
910
}
911

    
912

    
913
/*
914
 * Called to write a chunk of data to the client socket. The data may
915
 * be the raw data, or may have already been encoded by SASL.
916
 * The data will be written either straight onto the socket, or
917
 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
918
 *
919
 * NB, it is theoretically possible to have 2 layers of encryption,
920
 * both SASL, and this TLS layer. It is highly unlikely in practice
921
 * though, since SASL encryption will typically be a no-op if TLS
922
 * is active
923
 *
924
 * Returns the number of bytes written, which may be less than
925
 * the requested 'datalen' if the socket would block. Returns
926
 * -1 on error, and disconnects the client socket.
927
 */
928
long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
929
{
930
    long ret;
931
#ifdef CONFIG_VNC_TLS
932
    if (vs->tls.session) {
933
        ret = gnutls_write(vs->tls.session, data, datalen);
934
        if (ret < 0) {
935
            if (ret == GNUTLS_E_AGAIN)
936
                errno = EAGAIN;
937
            else
938
                errno = EIO;
939
            ret = -1;
940
        }
941
    } else
942
#endif /* CONFIG_VNC_TLS */
943
        ret = send(vs->csock, data, datalen, 0);
944
    VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
945
    return vnc_client_io_error(vs, ret, socket_error());
946
}
947

    
948

    
949
/*
950
 * Called to write buffered data to the client socket, when not
951
 * using any SASL SSF encryption layers. Will write as much data
952
 * as possible without blocking. If all buffered data is written,
953
 * will switch the FD poll() handler back to read monitoring.
954
 *
955
 * Returns the number of bytes written, which may be less than
956
 * the buffered output data if the socket would block. Returns
957
 * -1 on error, and disconnects the client socket.
958
 */
959
static long vnc_client_write_plain(VncState *vs)
960
{
961
    long ret;
962

    
963
#ifdef CONFIG_VNC_SASL
964
    VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
965
              vs->output.buffer, vs->output.capacity, vs->output.offset,
966
              vs->sasl.waitWriteSSF);
967

    
968
    if (vs->sasl.conn &&
969
        vs->sasl.runSSF &&
970
        vs->sasl.waitWriteSSF) {
971
        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
972
        if (ret)
973
            vs->sasl.waitWriteSSF -= ret;
974
    } else
975
#endif /* CONFIG_VNC_SASL */
976
        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
977
    if (!ret)
978
        return 0;
979

    
980
    memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
981
    vs->output.offset -= ret;
982

    
983
    if (vs->output.offset == 0) {
984
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
985
    }
986

    
987
    return ret;
988
}
989

    
990

    
991
/*
992
 * First function called whenever there is data to be written to
993
 * the client socket. Will delegate actual work according to whether
994
 * SASL SSF layers are enabled (thus requiring encryption calls)
995
 */
996
void vnc_client_write(void *opaque)
997
{
998
    long ret;
999
    VncState *vs = opaque;
1000

    
1001
#ifdef CONFIG_VNC_SASL
1002
    if (vs->sasl.conn &&
1003
        vs->sasl.runSSF &&
1004
        !vs->sasl.waitWriteSSF)
1005
        ret = vnc_client_write_sasl(vs);
1006
    else
1007
#endif /* CONFIG_VNC_SASL */
1008
        ret = vnc_client_write_plain(vs);
1009
}
1010

    
1011
void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1012
{
1013
    vs->read_handler = func;
1014
    vs->read_handler_expect = expecting;
1015
}
1016

    
1017

    
1018
/*
1019
 * Called to read a chunk of data from the client socket. The data may
1020
 * be the raw data, or may need to be further decoded by SASL.
1021
 * The data will be read either straight from to the socket, or
1022
 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1023
 *
1024
 * NB, it is theoretically possible to have 2 layers of encryption,
1025
 * both SASL, and this TLS layer. It is highly unlikely in practice
1026
 * though, since SASL encryption will typically be a no-op if TLS
1027
 * is active
1028
 *
1029
 * Returns the number of bytes read, which may be less than
1030
 * the requested 'datalen' if the socket would block. Returns
1031
 * -1 on error, and disconnects the client socket.
1032
 */
1033
long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1034
{
1035
    long ret;
1036
#ifdef CONFIG_VNC_TLS
1037
    if (vs->tls.session) {
1038
        ret = gnutls_read(vs->tls.session, data, datalen);
1039
        if (ret < 0) {
1040
            if (ret == GNUTLS_E_AGAIN)
1041
                errno = EAGAIN;
1042
            else
1043
                errno = EIO;
1044
            ret = -1;
1045
        }
1046
    } else
1047
#endif /* CONFIG_VNC_TLS */
1048
        ret = recv(vs->csock, data, datalen, 0);
1049
    VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
1050
    return vnc_client_io_error(vs, ret, socket_error());
1051
}
1052

    
1053

    
1054
/*
1055
 * Called to read data from the client socket to the input buffer,
1056
 * when not using any SASL SSF encryption layers. Will read as much
1057
 * data as possible without blocking.
1058
 *
1059
 * Returns the number of bytes read. Returns -1 on error, and
1060
 * disconnects the client socket.
1061
 */
1062
static long vnc_client_read_plain(VncState *vs)
1063
{
1064
    int ret;
1065
    VNC_DEBUG("Read plain %p size %d offset %d\n",
1066
              vs->input.buffer, vs->input.capacity, vs->input.offset);
1067
    buffer_reserve(&vs->input, 4096);
1068
    ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1069
    if (!ret)
1070
        return 0;
1071
    vs->input.offset += ret;
1072
    return ret;
1073
}
1074

    
1075

    
1076
/*
1077
 * First function called whenever there is more data to be read from
1078
 * the client socket. Will delegate actual work according to whether
1079
 * SASL SSF layers are enabled (thus requiring decryption calls)
1080
 */
1081
void vnc_client_read(void *opaque)
1082
{
1083
    VncState *vs = opaque;
1084
    long ret;
1085

    
1086
#ifdef CONFIG_VNC_SASL
1087
    if (vs->sasl.conn && vs->sasl.runSSF)
1088
        ret = vnc_client_read_sasl(vs);
1089
    else
1090
#endif /* CONFIG_VNC_SASL */
1091
        ret = vnc_client_read_plain(vs);
1092
    if (!ret)
1093
        return;
1094

    
1095
    while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1096
        size_t len = vs->read_handler_expect;
1097
        int ret;
1098

    
1099
        ret = vs->read_handler(vs, vs->input.buffer, len);
1100
        if (vs->csock == -1)
1101
            return;
1102

    
1103
        if (!ret) {
1104
            memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1105
            vs->input.offset -= len;
1106
        } else {
1107
            vs->read_handler_expect = ret;
1108
        }
1109
    }
1110
}
1111

    
1112
void vnc_write(VncState *vs, const void *data, size_t len)
1113
{
1114
    buffer_reserve(&vs->output, len);
1115

    
1116
    if (buffer_empty(&vs->output)) {
1117
        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1118
    }
1119

    
1120
    buffer_append(&vs->output, data, len);
1121
}
1122

    
1123
void vnc_write_s32(VncState *vs, int32_t value)
1124
{
1125
    vnc_write_u32(vs, *(uint32_t *)&value);
1126
}
1127

    
1128
void vnc_write_u32(VncState *vs, uint32_t value)
1129
{
1130
    uint8_t buf[4];
1131

    
1132
    buf[0] = (value >> 24) & 0xFF;
1133
    buf[1] = (value >> 16) & 0xFF;
1134
    buf[2] = (value >>  8) & 0xFF;
1135
    buf[3] = value & 0xFF;
1136

    
1137
    vnc_write(vs, buf, 4);
1138
}
1139

    
1140
void vnc_write_u16(VncState *vs, uint16_t value)
1141
{
1142
    uint8_t buf[2];
1143

    
1144
    buf[0] = (value >> 8) & 0xFF;
1145
    buf[1] = value & 0xFF;
1146

    
1147
    vnc_write(vs, buf, 2);
1148
}
1149

    
1150
void vnc_write_u8(VncState *vs, uint8_t value)
1151
{
1152
    vnc_write(vs, (char *)&value, 1);
1153
}
1154

    
1155
void vnc_flush(VncState *vs)
1156
{
1157
    if (vs->output.offset)
1158
        vnc_client_write(vs);
1159
}
1160

    
1161
uint8_t read_u8(uint8_t *data, size_t offset)
1162
{
1163
    return data[offset];
1164
}
1165

    
1166
uint16_t read_u16(uint8_t *data, size_t offset)
1167
{
1168
    return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1169
}
1170

    
1171
int32_t read_s32(uint8_t *data, size_t offset)
1172
{
1173
    return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1174
                     (data[offset + 2] << 8) | data[offset + 3]);
1175
}
1176

    
1177
uint32_t read_u32(uint8_t *data, size_t offset)
1178
{
1179
    return ((data[offset] << 24) | (data[offset + 1] << 16) |
1180
            (data[offset + 2] << 8) | data[offset + 3]);
1181
}
1182

    
1183
static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1184
{
1185
}
1186

    
1187
static void check_pointer_type_change(VncState *vs, int absolute)
1188
{
1189
    if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1190
        vnc_write_u8(vs, 0);
1191
        vnc_write_u8(vs, 0);
1192
        vnc_write_u16(vs, 1);
1193
        vnc_framebuffer_update(vs, absolute, 0,
1194
                               ds_get_width(vs->ds), ds_get_height(vs->ds),
1195
                               VNC_ENCODING_POINTER_TYPE_CHANGE);
1196
        vnc_flush(vs);
1197
    }
1198
    vs->absolute = absolute;
1199
}
1200

    
1201
static void pointer_event(VncState *vs, int button_mask, int x, int y)
1202
{
1203
    int buttons = 0;
1204
    int dz = 0;
1205

    
1206
    if (button_mask & 0x01)
1207
        buttons |= MOUSE_EVENT_LBUTTON;
1208
    if (button_mask & 0x02)
1209
        buttons |= MOUSE_EVENT_MBUTTON;
1210
    if (button_mask & 0x04)
1211
        buttons |= MOUSE_EVENT_RBUTTON;
1212
    if (button_mask & 0x08)
1213
        dz = -1;
1214
    if (button_mask & 0x10)
1215
        dz = 1;
1216

    
1217
    if (vs->absolute) {
1218
        kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1219
                        y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1220
                        dz, buttons);
1221
    } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1222
        x -= 0x7FFF;
1223
        y -= 0x7FFF;
1224

    
1225
        kbd_mouse_event(x, y, dz, buttons);
1226
    } else {
1227
        if (vs->last_x != -1)
1228
            kbd_mouse_event(x - vs->last_x,
1229
                            y - vs->last_y,
1230
                            dz, buttons);
1231
        vs->last_x = x;
1232
        vs->last_y = y;
1233
    }
1234

    
1235
    check_pointer_type_change(vs, kbd_mouse_is_absolute());
1236
}
1237

    
1238
static void reset_keys(VncState *vs)
1239
{
1240
    int i;
1241
    for(i = 0; i < 256; i++) {
1242
        if (vs->modifiers_state[i]) {
1243
            if (i & 0x80)
1244
                kbd_put_keycode(0xe0);
1245
            kbd_put_keycode(i | 0x80);
1246
            vs->modifiers_state[i] = 0;
1247
        }
1248
    }
1249
}
1250

    
1251
static void press_key(VncState *vs, int keysym)
1252
{
1253
    kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1254
    kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1255
}
1256

    
1257
static void do_key_event(VncState *vs, int down, int keycode, int sym)
1258
{
1259
    /* QEMU console switch */
1260
    switch(keycode) {
1261
    case 0x2a:                          /* Left Shift */
1262
    case 0x36:                          /* Right Shift */
1263
    case 0x1d:                          /* Left CTRL */
1264
    case 0x9d:                          /* Right CTRL */
1265
    case 0x38:                          /* Left ALT */
1266
    case 0xb8:                          /* Right ALT */
1267
        if (down)
1268
            vs->modifiers_state[keycode] = 1;
1269
        else
1270
            vs->modifiers_state[keycode] = 0;
1271
        break;
1272
    case 0x02 ... 0x0a: /* '1' to '9' keys */
1273
        if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1274
            /* Reset the modifiers sent to the current console */
1275
            reset_keys(vs);
1276
            console_select(keycode - 0x02);
1277
            return;
1278
        }
1279
        break;
1280
    case 0x3a:                        /* CapsLock */
1281
    case 0x45:                        /* NumLock */
1282
        if (!down)
1283
            vs->modifiers_state[keycode] ^= 1;
1284
        break;
1285
    }
1286

    
1287
    if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1288
        /* If the numlock state needs to change then simulate an additional
1289
           keypress before sending this one.  This will happen if the user
1290
           toggles numlock away from the VNC window.
1291
        */
1292
        if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1293
            if (!vs->modifiers_state[0x45]) {
1294
                vs->modifiers_state[0x45] = 1;
1295
                press_key(vs, 0xff7f);
1296
            }
1297
        } else {
1298
            if (vs->modifiers_state[0x45]) {
1299
                vs->modifiers_state[0x45] = 0;
1300
                press_key(vs, 0xff7f);
1301
            }
1302
        }
1303
    }
1304

    
1305
    if (is_graphic_console()) {
1306
        if (keycode & 0x80)
1307
            kbd_put_keycode(0xe0);
1308
        if (down)
1309
            kbd_put_keycode(keycode & 0x7f);
1310
        else
1311
            kbd_put_keycode(keycode | 0x80);
1312
    } else {
1313
        /* QEMU console emulation */
1314
        if (down) {
1315
            switch (keycode) {
1316
            case 0x2a:                          /* Left Shift */
1317
            case 0x36:                          /* Right Shift */
1318
            case 0x1d:                          /* Left CTRL */
1319
            case 0x9d:                          /* Right CTRL */
1320
            case 0x38:                          /* Left ALT */
1321
            case 0xb8:                          /* Right ALT */
1322
                break;
1323
            case 0xc8:
1324
                kbd_put_keysym(QEMU_KEY_UP);
1325
                break;
1326
            case 0xd0:
1327
                kbd_put_keysym(QEMU_KEY_DOWN);
1328
                break;
1329
            case 0xcb:
1330
                kbd_put_keysym(QEMU_KEY_LEFT);
1331
                break;
1332
            case 0xcd:
1333
                kbd_put_keysym(QEMU_KEY_RIGHT);
1334
                break;
1335
            case 0xd3:
1336
                kbd_put_keysym(QEMU_KEY_DELETE);
1337
                break;
1338
            case 0xc7:
1339
                kbd_put_keysym(QEMU_KEY_HOME);
1340
                break;
1341
            case 0xcf:
1342
                kbd_put_keysym(QEMU_KEY_END);
1343
                break;
1344
            case 0xc9:
1345
                kbd_put_keysym(QEMU_KEY_PAGEUP);
1346
                break;
1347
            case 0xd1:
1348
                kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1349
                break;
1350
            default:
1351
                kbd_put_keysym(sym);
1352
                break;
1353
            }
1354
        }
1355
    }
1356
}
1357

    
1358
static void key_event(VncState *vs, int down, uint32_t sym)
1359
{
1360
    int keycode;
1361

    
1362
    if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1363
        sym = sym - 'A' + 'a';
1364

    
1365
    keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1366
    do_key_event(vs, down, keycode, sym);
1367
}
1368

    
1369
static void ext_key_event(VncState *vs, int down,
1370
                          uint32_t sym, uint16_t keycode)
1371
{
1372
    /* if the user specifies a keyboard layout, always use it */
1373
    if (keyboard_layout)
1374
        key_event(vs, down, sym);
1375
    else
1376
        do_key_event(vs, down, keycode, sym);
1377
}
1378

    
1379
static void framebuffer_update_request(VncState *vs, int incremental,
1380
                                       int x_position, int y_position,
1381
                                       int w, int h)
1382
{
1383
    if (x_position > ds_get_width(vs->ds))
1384
        x_position = ds_get_width(vs->ds);
1385
    if (y_position > ds_get_height(vs->ds))
1386
        y_position = ds_get_height(vs->ds);
1387
    if (x_position + w >= ds_get_width(vs->ds))
1388
        w = ds_get_width(vs->ds)  - x_position;
1389
    if (y_position + h >= ds_get_height(vs->ds))
1390
        h = ds_get_height(vs->ds) - y_position;
1391

    
1392
    int i;
1393
    vs->need_update = 1;
1394
    if (!incremental) {
1395
        char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1396

    
1397
        for (i = 0; i < h; i++) {
1398
            vnc_set_bits(vs->dirty_row[y_position + i],
1399
                         (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1400
            memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1401
            old_row += ds_get_linesize(vs->ds);
1402
        }
1403
    }
1404
}
1405

    
1406
static void send_ext_key_event_ack(VncState *vs)
1407
{
1408
    vnc_write_u8(vs, 0);
1409
    vnc_write_u8(vs, 0);
1410
    vnc_write_u16(vs, 1);
1411
    vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1412
                           VNC_ENCODING_EXT_KEY_EVENT);
1413
    vnc_flush(vs);
1414
}
1415

    
1416
static void send_ext_audio_ack(VncState *vs)
1417
{
1418
    vnc_write_u8(vs, 0);
1419
    vnc_write_u8(vs, 0);
1420
    vnc_write_u16(vs, 1);
1421
    vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1422
                           VNC_ENCODING_AUDIO);
1423
    vnc_flush(vs);
1424
}
1425

    
1426
static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1427
{
1428
    int i;
1429
    unsigned int enc = 0;
1430

    
1431
    vnc_zlib_init(vs);
1432
    vs->features = 0;
1433
    vs->vnc_encoding = 0;
1434
    vs->tight_compression = 9;
1435
    vs->tight_quality = 9;
1436
    vs->absolute = -1;
1437

    
1438
    for (i = n_encodings - 1; i >= 0; i--) {
1439
        enc = encodings[i];
1440
        switch (enc) {
1441
        case VNC_ENCODING_RAW:
1442
            vs->vnc_encoding = enc;
1443
            break;
1444
        case VNC_ENCODING_COPYRECT:
1445
            vs->features |= VNC_FEATURE_COPYRECT_MASK;
1446
            break;
1447
        case VNC_ENCODING_HEXTILE:
1448
            vs->features |= VNC_FEATURE_HEXTILE_MASK;
1449
            vs->vnc_encoding = enc;
1450
            break;
1451
        case VNC_ENCODING_ZLIB:
1452
            vs->features |= VNC_FEATURE_ZLIB_MASK;
1453
            vs->vnc_encoding = enc;
1454
            break;
1455
        case VNC_ENCODING_DESKTOPRESIZE:
1456
            vs->features |= VNC_FEATURE_RESIZE_MASK;
1457
            break;
1458
        case VNC_ENCODING_POINTER_TYPE_CHANGE:
1459
            vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1460
            break;
1461
        case VNC_ENCODING_EXT_KEY_EVENT:
1462
            send_ext_key_event_ack(vs);
1463
            break;
1464
        case VNC_ENCODING_AUDIO:
1465
            send_ext_audio_ack(vs);
1466
            break;
1467
        case VNC_ENCODING_WMVi:
1468
            vs->features |= VNC_FEATURE_WMVI_MASK;
1469
            break;
1470
        case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1471
            vs->tight_compression = (enc & 0x0F);
1472
            break;
1473
        case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1474
            vs->tight_quality = (enc & 0x0F);
1475
            break;
1476
        default:
1477
            VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1478
            break;
1479
        }
1480
    }
1481

    
1482
    check_pointer_type_change(vs, kbd_mouse_is_absolute());
1483
}
1484

    
1485
static void set_pixel_conversion(VncState *vs)
1486
{
1487
    if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1488
        (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) && 
1489
        !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1490
        vs->write_pixels = vnc_write_pixels_copy;
1491
        switch (vs->ds->surface->pf.bits_per_pixel) {
1492
            case 8:
1493
                vs->send_hextile_tile = send_hextile_tile_8;
1494
                break;
1495
            case 16:
1496
                vs->send_hextile_tile = send_hextile_tile_16;
1497
                break;
1498
            case 32:
1499
                vs->send_hextile_tile = send_hextile_tile_32;
1500
                break;
1501
        }
1502
    } else {
1503
        vs->write_pixels = vnc_write_pixels_generic;
1504
        switch (vs->ds->surface->pf.bits_per_pixel) {
1505
            case 8:
1506
                vs->send_hextile_tile = send_hextile_tile_generic_8;
1507
                break;
1508
            case 16:
1509
                vs->send_hextile_tile = send_hextile_tile_generic_16;
1510
                break;
1511
            case 32:
1512
                vs->send_hextile_tile = send_hextile_tile_generic_32;
1513
                break;
1514
        }
1515
    }
1516
}
1517

    
1518
static void set_pixel_format(VncState *vs,
1519
                             int bits_per_pixel, int depth,
1520
                             int big_endian_flag, int true_color_flag,
1521
                             int red_max, int green_max, int blue_max,
1522
                             int red_shift, int green_shift, int blue_shift)
1523
{
1524
    if (!true_color_flag) {
1525
        vnc_client_error(vs);
1526
        return;
1527
    }
1528

    
1529
    vs->clientds = vs->serverds;
1530
    vs->clientds.pf.rmax = red_max;
1531
    count_bits(vs->clientds.pf.rbits, red_max);
1532
    vs->clientds.pf.rshift = red_shift;
1533
    vs->clientds.pf.rmask = red_max << red_shift;
1534
    vs->clientds.pf.gmax = green_max;
1535
    count_bits(vs->clientds.pf.gbits, green_max);
1536
    vs->clientds.pf.gshift = green_shift;
1537
    vs->clientds.pf.gmask = green_max << green_shift;
1538
    vs->clientds.pf.bmax = blue_max;
1539
    count_bits(vs->clientds.pf.bbits, blue_max);
1540
    vs->clientds.pf.bshift = blue_shift;
1541
    vs->clientds.pf.bmask = blue_max << blue_shift;
1542
    vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1543
    vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1544
    vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1545
    vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1546

    
1547
    set_pixel_conversion(vs);
1548

    
1549
    vga_hw_invalidate();
1550
    vga_hw_update();
1551
}
1552

    
1553
static void pixel_format_message (VncState *vs) {
1554
    char pad[3] = { 0, 0, 0 };
1555

    
1556
    vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1557
    vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1558

    
1559
#ifdef WORDS_BIGENDIAN
1560
    vnc_write_u8(vs, 1);             /* big-endian-flag */
1561
#else
1562
    vnc_write_u8(vs, 0);             /* big-endian-flag */
1563
#endif
1564
    vnc_write_u8(vs, 1);             /* true-color-flag */
1565
    vnc_write_u16(vs, vs->ds->surface->pf.rmax);     /* red-max */
1566
    vnc_write_u16(vs, vs->ds->surface->pf.gmax);     /* green-max */
1567
    vnc_write_u16(vs, vs->ds->surface->pf.bmax);     /* blue-max */
1568
    vnc_write_u8(vs, vs->ds->surface->pf.rshift);    /* red-shift */
1569
    vnc_write_u8(vs, vs->ds->surface->pf.gshift);    /* green-shift */
1570
    vnc_write_u8(vs, vs->ds->surface->pf.bshift);    /* blue-shift */
1571
    if (vs->ds->surface->pf.bits_per_pixel == 32)
1572
        vs->send_hextile_tile = send_hextile_tile_32;
1573
    else if (vs->ds->surface->pf.bits_per_pixel == 16)
1574
        vs->send_hextile_tile = send_hextile_tile_16;
1575
    else if (vs->ds->surface->pf.bits_per_pixel == 8)
1576
        vs->send_hextile_tile = send_hextile_tile_8;
1577
    vs->clientds = *(vs->ds->surface);
1578
    vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1579
    vs->write_pixels = vnc_write_pixels_copy;
1580

    
1581
    vnc_write(vs, pad, 3);           /* padding */
1582
}
1583

    
1584
static void vnc_dpy_setdata(DisplayState *ds)
1585
{
1586
    /* We don't have to do anything */
1587
}
1588

    
1589
static void vnc_colordepth(VncState *vs)
1590
{
1591
    if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1592
        /* Sending a WMVi message to notify the client*/
1593
        vnc_write_u8(vs, 0);  /* msg id */
1594
        vnc_write_u8(vs, 0);
1595
        vnc_write_u16(vs, 1); /* number of rects */
1596
        vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 
1597
                               ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1598
        pixel_format_message(vs);
1599
        vnc_flush(vs);
1600
    } else {
1601
        set_pixel_conversion(vs);
1602
    }
1603
}
1604

    
1605
static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1606
{
1607
    int i;
1608
    uint16_t limit;
1609

    
1610
    switch (data[0]) {
1611
    case 0:
1612
        if (len == 1)
1613
            return 20;
1614

    
1615
        set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1616
                         read_u8(data, 6), read_u8(data, 7),
1617
                         read_u16(data, 8), read_u16(data, 10),
1618
                         read_u16(data, 12), read_u8(data, 14),
1619
                         read_u8(data, 15), read_u8(data, 16));
1620
        break;
1621
    case 2:
1622
        if (len == 1)
1623
            return 4;
1624

    
1625
        if (len == 4) {
1626
            limit = read_u16(data, 2);
1627
            if (limit > 0)
1628
                return 4 + (limit * 4);
1629
        } else
1630
            limit = read_u16(data, 2);
1631

    
1632
        for (i = 0; i < limit; i++) {
1633
            int32_t val = read_s32(data, 4 + (i * 4));
1634
            memcpy(data + 4 + (i * 4), &val, sizeof(val));
1635
        }
1636

    
1637
        set_encodings(vs, (int32_t *)(data + 4), limit);
1638
        break;
1639
    case 3:
1640
        if (len == 1)
1641
            return 10;
1642

    
1643
        framebuffer_update_request(vs,
1644
                                   read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1645
                                   read_u16(data, 6), read_u16(data, 8));
1646
        break;
1647
    case 4:
1648
        if (len == 1)
1649
            return 8;
1650

    
1651
        key_event(vs, read_u8(data, 1), read_u32(data, 4));
1652
        break;
1653
    case 5:
1654
        if (len == 1)
1655
            return 6;
1656

    
1657
        pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1658
        break;
1659
    case 6:
1660
        if (len == 1)
1661
            return 8;
1662

    
1663
        if (len == 8) {
1664
            uint32_t dlen = read_u32(data, 4);
1665
            if (dlen > 0)
1666
                return 8 + dlen;
1667
        }
1668

    
1669
        client_cut_text(vs, read_u32(data, 4), data + 8);
1670
        break;
1671
    case 255:
1672
        if (len == 1)
1673
            return 2;
1674

    
1675
        switch (read_u8(data, 1)) {
1676
        case 0:
1677
            if (len == 2)
1678
                return 12;
1679

    
1680
            ext_key_event(vs, read_u16(data, 2),
1681
                          read_u32(data, 4), read_u32(data, 8));
1682
            break;
1683
        case 1:
1684
            if (len == 2)
1685
                return 4;
1686

    
1687
            switch (read_u16 (data, 2)) {
1688
            case 0:
1689
                audio_add(vs);
1690
                break;
1691
            case 1:
1692
                audio_del(vs);
1693
                break;
1694
            case 2:
1695
                if (len == 4)
1696
                    return 10;
1697
                switch (read_u8(data, 4)) {
1698
                case 0: vs->as.fmt = AUD_FMT_U8; break;
1699
                case 1: vs->as.fmt = AUD_FMT_S8; break;
1700
                case 2: vs->as.fmt = AUD_FMT_U16; break;
1701
                case 3: vs->as.fmt = AUD_FMT_S16; break;
1702
                case 4: vs->as.fmt = AUD_FMT_U32; break;
1703
                case 5: vs->as.fmt = AUD_FMT_S32; break;
1704
                default:
1705
                    printf("Invalid audio format %d\n", read_u8(data, 4));
1706
                    vnc_client_error(vs);
1707
                    break;
1708
                }
1709
                vs->as.nchannels = read_u8(data, 5);
1710
                if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1711
                    printf("Invalid audio channel coount %d\n",
1712
                           read_u8(data, 5));
1713
                    vnc_client_error(vs);
1714
                    break;
1715
                }
1716
                vs->as.freq = read_u32(data, 6);
1717
                break;
1718
            default:
1719
                printf ("Invalid audio message %d\n", read_u8(data, 4));
1720
                vnc_client_error(vs);
1721
                break;
1722
            }
1723
            break;
1724

    
1725
        default:
1726
            printf("Msg: %d\n", read_u16(data, 0));
1727
            vnc_client_error(vs);
1728
            break;
1729
        }
1730
        break;
1731
    default:
1732
        printf("Msg: %d\n", data[0]);
1733
        vnc_client_error(vs);
1734
        break;
1735
    }
1736

    
1737
    vnc_read_when(vs, protocol_client_msg, 1);
1738
    return 0;
1739
}
1740

    
1741
static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1742
{
1743
    char buf[1024];
1744
    int size;
1745

    
1746
    vnc_write_u16(vs, ds_get_width(vs->ds));
1747
    vnc_write_u16(vs, ds_get_height(vs->ds));
1748

    
1749
    pixel_format_message(vs);
1750

    
1751
    if (qemu_name)
1752
        size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1753
    else
1754
        size = snprintf(buf, sizeof(buf), "QEMU");
1755

    
1756
    vnc_write_u32(vs, size);
1757
    vnc_write(vs, buf, size);
1758
    vnc_flush(vs);
1759

    
1760
    vnc_read_when(vs, protocol_client_msg, 1);
1761

    
1762
    return 0;
1763
}
1764

    
1765
void start_client_init(VncState *vs)
1766
{
1767
    vnc_read_when(vs, protocol_client_init, 1);
1768
}
1769

    
1770
static void make_challenge(VncState *vs)
1771
{
1772
    int i;
1773

    
1774
    srand(time(NULL)+getpid()+getpid()*987654+rand());
1775

    
1776
    for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1777
        vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1778
}
1779

    
1780
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1781
{
1782
    unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1783
    int i, j, pwlen;
1784
    unsigned char key[8];
1785

    
1786
    if (!vs->vd->password || !vs->vd->password[0]) {
1787
        VNC_DEBUG("No password configured on server");
1788
        vnc_write_u32(vs, 1); /* Reject auth */
1789
        if (vs->minor >= 8) {
1790
            static const char err[] = "Authentication failed";
1791
            vnc_write_u32(vs, sizeof(err));
1792
            vnc_write(vs, err, sizeof(err));
1793
        }
1794
        vnc_flush(vs);
1795
        vnc_client_error(vs);
1796
        return 0;
1797
    }
1798

    
1799
    memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1800

    
1801
    /* Calculate the expected challenge response */
1802
    pwlen = strlen(vs->vd->password);
1803
    for (i=0; i<sizeof(key); i++)
1804
        key[i] = i<pwlen ? vs->vd->password[i] : 0;
1805
    deskey(key, EN0);
1806
    for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1807
        des(response+j, response+j);
1808

    
1809
    /* Compare expected vs actual challenge response */
1810
    if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1811
        VNC_DEBUG("Client challenge reponse did not match\n");
1812
        vnc_write_u32(vs, 1); /* Reject auth */
1813
        if (vs->minor >= 8) {
1814
            static const char err[] = "Authentication failed";
1815
            vnc_write_u32(vs, sizeof(err));
1816
            vnc_write(vs, err, sizeof(err));
1817
        }
1818
        vnc_flush(vs);
1819
        vnc_client_error(vs);
1820
    } else {
1821
        VNC_DEBUG("Accepting VNC challenge response\n");
1822
        vnc_write_u32(vs, 0); /* Accept auth */
1823
        vnc_flush(vs);
1824

    
1825
        start_client_init(vs);
1826
    }
1827
    return 0;
1828
}
1829

    
1830
void start_auth_vnc(VncState *vs)
1831
{
1832
    make_challenge(vs);
1833
    /* Send client a 'random' challenge */
1834
    vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1835
    vnc_flush(vs);
1836

    
1837
    vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1838
}
1839

    
1840

    
1841
static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1842
{
1843
    /* We only advertise 1 auth scheme at a time, so client
1844
     * must pick the one we sent. Verify this */
1845
    if (data[0] != vs->vd->auth) { /* Reject auth */
1846
       VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1847
       vnc_write_u32(vs, 1);
1848
       if (vs->minor >= 8) {
1849
           static const char err[] = "Authentication failed";
1850
           vnc_write_u32(vs, sizeof(err));
1851
           vnc_write(vs, err, sizeof(err));
1852
       }
1853
       vnc_client_error(vs);
1854
    } else { /* Accept requested auth */
1855
       VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1856
       switch (vs->vd->auth) {
1857
       case VNC_AUTH_NONE:
1858
           VNC_DEBUG("Accept auth none\n");
1859
           if (vs->minor >= 8) {
1860
               vnc_write_u32(vs, 0); /* Accept auth completion */
1861
               vnc_flush(vs);
1862
           }
1863
           start_client_init(vs);
1864
           break;
1865

    
1866
       case VNC_AUTH_VNC:
1867
           VNC_DEBUG("Start VNC auth\n");
1868
           start_auth_vnc(vs);
1869
           break;
1870

    
1871
#ifdef CONFIG_VNC_TLS
1872
       case VNC_AUTH_VENCRYPT:
1873
           VNC_DEBUG("Accept VeNCrypt auth\n");;
1874
           start_auth_vencrypt(vs);
1875
           break;
1876
#endif /* CONFIG_VNC_TLS */
1877

    
1878
#ifdef CONFIG_VNC_SASL
1879
       case VNC_AUTH_SASL:
1880
           VNC_DEBUG("Accept SASL auth\n");
1881
           start_auth_sasl(vs);
1882
           break;
1883
#endif /* CONFIG_VNC_SASL */
1884

    
1885
       default: /* Should not be possible, but just in case */
1886
           VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1887
           vnc_write_u8(vs, 1);
1888
           if (vs->minor >= 8) {
1889
               static const char err[] = "Authentication failed";
1890
               vnc_write_u32(vs, sizeof(err));
1891
               vnc_write(vs, err, sizeof(err));
1892
           }
1893
           vnc_client_error(vs);
1894
       }
1895
    }
1896
    return 0;
1897
}
1898

    
1899
static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1900
{
1901
    char local[13];
1902

    
1903
    memcpy(local, version, 12);
1904
    local[12] = 0;
1905

    
1906
    if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1907
        VNC_DEBUG("Malformed protocol version %s\n", local);
1908
        vnc_client_error(vs);
1909
        return 0;
1910
    }
1911
    VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1912
    if (vs->major != 3 ||
1913
        (vs->minor != 3 &&
1914
         vs->minor != 4 &&
1915
         vs->minor != 5 &&
1916
         vs->minor != 7 &&
1917
         vs->minor != 8)) {
1918
        VNC_DEBUG("Unsupported client version\n");
1919
        vnc_write_u32(vs, VNC_AUTH_INVALID);
1920
        vnc_flush(vs);
1921
        vnc_client_error(vs);
1922
        return 0;
1923
    }
1924
    /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1925
     * as equivalent to v3.3 by servers
1926
     */
1927
    if (vs->minor == 4 || vs->minor == 5)
1928
        vs->minor = 3;
1929

    
1930
    if (vs->minor == 3) {
1931
        if (vs->vd->auth == VNC_AUTH_NONE) {
1932
            VNC_DEBUG("Tell client auth none\n");
1933
            vnc_write_u32(vs, vs->vd->auth);
1934
            vnc_flush(vs);
1935
            start_client_init(vs);
1936
       } else if (vs->vd->auth == VNC_AUTH_VNC) {
1937
            VNC_DEBUG("Tell client VNC auth\n");
1938
            vnc_write_u32(vs, vs->vd->auth);
1939
            vnc_flush(vs);
1940
            start_auth_vnc(vs);
1941
       } else {
1942
            VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
1943
            vnc_write_u32(vs, VNC_AUTH_INVALID);
1944
            vnc_flush(vs);
1945
            vnc_client_error(vs);
1946
       }
1947
    } else {
1948
        VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
1949
        vnc_write_u8(vs, 1); /* num auth */
1950
        vnc_write_u8(vs, vs->vd->auth);
1951
        vnc_read_when(vs, protocol_client_auth, 1);
1952
        vnc_flush(vs);
1953
    }
1954

    
1955
    return 0;
1956
}
1957

    
1958
static void vnc_connect(VncDisplay *vd, int csock)
1959
{
1960
    VncState *vs = qemu_mallocz(sizeof(VncState));
1961
    vs->csock = csock;
1962

    
1963
    VNC_DEBUG("New client on socket %d\n", csock);
1964
    dcl->idle = 0;
1965
    socket_set_nonblock(vs->csock);
1966
    qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1967

    
1968
    vs->vd = vd;
1969
    vs->ds = vd->ds;
1970
    vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1971
    vs->last_x = -1;
1972
    vs->last_y = -1;
1973

    
1974
    vs->as.freq = 44100;
1975
    vs->as.nchannels = 2;
1976
    vs->as.fmt = AUD_FMT_S16;
1977
    vs->as.endianness = 0;
1978

    
1979
    vnc_resize(vs);
1980
    vnc_write(vs, "RFB 003.008\n", 12);
1981
    vnc_flush(vs);
1982
    vnc_read_when(vs, protocol_version, 12);
1983
    memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
1984
    memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1985
    vnc_update_client(vs);
1986
    reset_keys(vs);
1987

    
1988
    vs->next = vd->clients;
1989
    vd->clients = vs;
1990
}
1991

    
1992
static void vnc_listen_read(void *opaque)
1993
{
1994
    VncDisplay *vs = opaque;
1995
    struct sockaddr_in addr;
1996
    socklen_t addrlen = sizeof(addr);
1997

    
1998
    /* Catch-up */
1999
    vga_hw_update();
2000

    
2001
    int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2002
    if (csock != -1) {
2003
        vnc_connect(vs, csock);
2004
    }
2005
}
2006

    
2007
void vnc_display_init(DisplayState *ds)
2008
{
2009
    VncDisplay *vs;
2010

    
2011
    vs = qemu_mallocz(sizeof(VncState));
2012
    dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2013

    
2014
    ds->opaque = vs;
2015
    dcl->idle = 1;
2016
    vnc_display = vs;
2017

    
2018
    vs->lsock = -1;
2019

    
2020
    vs->ds = ds;
2021

    
2022
    if (keyboard_layout)
2023
        vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2024
    else
2025
        vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2026

    
2027
    if (!vs->kbd_layout)
2028
        exit(1);
2029

    
2030
    dcl->dpy_copy = vnc_dpy_copy;
2031
    dcl->dpy_update = vnc_dpy_update;
2032
    dcl->dpy_resize = vnc_dpy_resize;
2033
    dcl->dpy_setdata = vnc_dpy_setdata;
2034
    register_displaychangelistener(ds, dcl);
2035
}
2036

    
2037

    
2038
void vnc_display_close(DisplayState *ds)
2039
{
2040
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2041

    
2042
    if (!vs)
2043
        return;
2044
    if (vs->display) {
2045
        qemu_free(vs->display);
2046
        vs->display = NULL;
2047
    }
2048
    if (vs->lsock != -1) {
2049
        qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2050
        close(vs->lsock);
2051
        vs->lsock = -1;
2052
    }
2053
    vs->auth = VNC_AUTH_INVALID;
2054
#ifdef CONFIG_VNC_TLS
2055
    vs->subauth = VNC_AUTH_INVALID;
2056
    vs->tls.x509verify = 0;
2057
#endif
2058
}
2059

    
2060
int vnc_display_password(DisplayState *ds, const char *password)
2061
{
2062
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2063

    
2064
    if (vs->password) {
2065
        qemu_free(vs->password);
2066
        vs->password = NULL;
2067
    }
2068
    if (password && password[0]) {
2069
        if (!(vs->password = qemu_strdup(password)))
2070
            return -1;
2071
    }
2072

    
2073
    return 0;
2074
}
2075

    
2076
int vnc_display_open(DisplayState *ds, const char *display)
2077
{
2078
    VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2079
    const char *options;
2080
    int password = 0;
2081
    int reverse = 0;
2082
    int to_port = 0;
2083
#ifdef CONFIG_VNC_TLS
2084
    int tls = 0, x509 = 0;
2085
#endif
2086
#ifdef CONFIG_VNC_SASL
2087
    int sasl = 0;
2088
    int saslErr;
2089
#endif
2090
    int acl = 0;
2091

    
2092
    if (!vnc_display)
2093
        return -1;
2094
    vnc_display_close(ds);
2095
    if (strcmp(display, "none") == 0)
2096
        return 0;
2097

    
2098
    if (!(vs->display = strdup(display)))
2099
        return -1;
2100

    
2101
    options = display;
2102
    while ((options = strchr(options, ','))) {
2103
        options++;
2104
        if (strncmp(options, "password", 8) == 0) {
2105
            password = 1; /* Require password auth */
2106
        } else if (strncmp(options, "reverse", 7) == 0) {
2107
            reverse = 1;
2108
        } else if (strncmp(options, "to=", 3) == 0) {
2109
            to_port = atoi(options+3) + 5900;
2110
#ifdef CONFIG_VNC_SASL
2111
        } else if (strncmp(options, "sasl", 4) == 0) {
2112
            sasl = 1; /* Require SASL auth */
2113
#endif
2114
#ifdef CONFIG_VNC_TLS
2115
        } else if (strncmp(options, "tls", 3) == 0) {
2116
            tls = 1; /* Require TLS */
2117
        } else if (strncmp(options, "x509", 4) == 0) {
2118
            char *start, *end;
2119
            x509 = 1; /* Require x509 certificates */
2120
            if (strncmp(options, "x509verify", 10) == 0)
2121
                vs->tls.x509verify = 1; /* ...and verify client certs */
2122

    
2123
            /* Now check for 'x509=/some/path' postfix
2124
             * and use that to setup x509 certificate/key paths */
2125
            start = strchr(options, '=');
2126
            end = strchr(options, ',');
2127
            if (start && (!end || (start < end))) {
2128
                int len = end ? end-(start+1) : strlen(start+1);
2129
                char *path = qemu_strndup(start + 1, len);
2130

    
2131
                VNC_DEBUG("Trying certificate path '%s'\n", path);
2132
                if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2133
                    fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2134
                    qemu_free(path);
2135
                    qemu_free(vs->display);
2136
                    vs->display = NULL;
2137
                    return -1;
2138
                }
2139
                qemu_free(path);
2140
            } else {
2141
                fprintf(stderr, "No certificate path provided\n");
2142
                qemu_free(vs->display);
2143
                vs->display = NULL;
2144
                return -1;
2145
            }
2146
#endif
2147
        } else if (strncmp(options, "acl", 3) == 0) {
2148
            acl = 1;
2149
        }
2150
    }
2151

    
2152
#ifdef CONFIG_VNC_TLS
2153
    if (acl && x509 && vs->tls.x509verify) {
2154
        if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2155
            fprintf(stderr, "Failed to create x509 dname ACL\n");
2156
            exit(1);
2157
        }
2158
    }
2159
#endif
2160
#ifdef CONFIG_VNC_SASL
2161
    if (acl && sasl) {
2162
        if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2163
            fprintf(stderr, "Failed to create username ACL\n");
2164
            exit(1);
2165
        }
2166
    }
2167
#endif
2168

    
2169
    /*
2170
     * Combinations we support here:
2171
     *
2172
     *  - no-auth                (clear text, no auth)
2173
     *  - password               (clear text, weak auth)
2174
     *  - sasl                   (encrypt, good auth *IF* using Kerberos via GSSAPI)
2175
     *  - tls                    (encrypt, weak anonymous creds, no auth)
2176
     *  - tls + password         (encrypt, weak anonymous creds, weak auth)
2177
     *  - tls + sasl             (encrypt, weak anonymous creds, good auth)
2178
     *  - tls + x509             (encrypt, good x509 creds, no auth)
2179
     *  - tls + x509 + password  (encrypt, good x509 creds, weak auth)
2180
     *  - tls + x509 + sasl      (encrypt, good x509 creds, good auth)
2181
     *
2182
     * NB1. TLS is a stackable auth scheme.
2183
     * NB2. the x509 schemes have option to validate a client cert dname
2184
     */
2185
    if (password) {
2186
#ifdef CONFIG_VNC_TLS
2187
        if (tls) {
2188
            vs->auth = VNC_AUTH_VENCRYPT;
2189
            if (x509) {
2190
                VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2191
                vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2192
            } else {
2193
                VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2194
                vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2195
            }
2196
        } else {
2197
#endif /* CONFIG_VNC_TLS */
2198
            VNC_DEBUG("Initializing VNC server with password auth\n");
2199
            vs->auth = VNC_AUTH_VNC;
2200
#ifdef CONFIG_VNC_TLS
2201
            vs->subauth = VNC_AUTH_INVALID;
2202
        }
2203
#endif /* CONFIG_VNC_TLS */
2204
#ifdef CONFIG_VNC_SASL
2205
    } else if (sasl) {
2206
#ifdef CONFIG_VNC_TLS
2207
        if (tls) {
2208
            vs->auth = VNC_AUTH_VENCRYPT;
2209
            if (x509) {
2210
                VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2211
                vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2212
            } else {
2213
                VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2214
                vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2215
            }
2216
        } else {
2217
#endif /* CONFIG_VNC_TLS */
2218
            VNC_DEBUG("Initializing VNC server with SASL auth\n");
2219
            vs->auth = VNC_AUTH_SASL;
2220
#ifdef CONFIG_VNC_TLS
2221
            vs->subauth = VNC_AUTH_INVALID;
2222
        }
2223
#endif /* CONFIG_VNC_TLS */
2224
#endif /* CONFIG_VNC_SASL */
2225
    } else {
2226
#ifdef CONFIG_VNC_TLS
2227
        if (tls) {
2228
            vs->auth = VNC_AUTH_VENCRYPT;
2229
            if (x509) {
2230
                VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2231
                vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2232
            } else {
2233
                VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2234
                vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2235
            }
2236
        } else {
2237
#endif
2238
            VNC_DEBUG("Initializing VNC server with no auth\n");
2239
            vs->auth = VNC_AUTH_NONE;
2240
#ifdef CONFIG_VNC_TLS
2241
            vs->subauth = VNC_AUTH_INVALID;
2242
        }
2243
#endif
2244
    }
2245

    
2246
#ifdef CONFIG_VNC_SASL
2247
    if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2248
        fprintf(stderr, "Failed to initialize SASL auth %s",
2249
                sasl_errstring(saslErr, NULL, NULL));
2250
        free(vs->display);
2251
        vs->display = NULL;
2252
        return -1;
2253
    }
2254
#endif
2255

    
2256
    if (reverse) {
2257
        /* connect to viewer */
2258
        if (strncmp(display, "unix:", 5) == 0)
2259
            vs->lsock = unix_connect(display+5);
2260
        else
2261
            vs->lsock = inet_connect(display, SOCK_STREAM);
2262
        if (-1 == vs->lsock) {
2263
            free(vs->display);
2264
            vs->display = NULL;
2265
            return -1;
2266
        } else {
2267
            int csock = vs->lsock;
2268
            vs->lsock = -1;
2269
            vnc_connect(vs, csock);
2270
        }
2271
        return 0;
2272

    
2273
    } else {
2274
        /* listen for connects */
2275
        char *dpy;
2276
        dpy = qemu_malloc(256);
2277
        if (strncmp(display, "unix:", 5) == 0) {
2278
            pstrcpy(dpy, 256, "unix:");
2279
            vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2280
        } else {
2281
            vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2282
        }
2283
        if (-1 == vs->lsock) {
2284
            free(dpy);
2285
            return -1;
2286
        } else {
2287
            free(vs->display);
2288
            vs->display = dpy;
2289
        }
2290
    }
2291
    return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2292
}