]> git.proxmox.com Git - mirror_qemu.git/blame - vnc.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vnc fixes and improvements (Stefano Stabellini)
[mirror_qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
5fafdf24 6 *
7d510b8c
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
87ecb68b
PB		 26#include "qemu-common.h"
27#include "console.h"
28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
429a8ed3 31#include "audio/audio.h"
24236869
FB		 32
33#define VNC_REFRESH_INTERVAL (1000 / 30)
34
35#include "vnc_keysym.h"
36#include "keymaps.c"
70848515
TS		 37#include "d3des.h"
38
eb38c52c 39#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 40#include <gnutls/gnutls.h>
41#include <gnutls/x509.h>
42#endif /* CONFIG_VNC_TLS */
70848515 43
8d5d2d4c
TS		 44// #define _VNC_DEBUG 1
45
eb38c52c 46#ifdef _VNC_DEBUG
70848515 47#define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
8d5d2d4c
TS		 48
49#if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
50/* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
51static void vnc_debug_gnutls_log(int level, const char* str) {
52 VNC_DEBUG("%d %s", level, str);
53}
54#endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
70848515
TS		 55#else
56#define VNC_DEBUG(fmt, ...) do { } while (0)
57#endif
24236869 58
90a1e3c0
AL		 59#define count_bits(c, v) { \
60 for (c = 0; v; v >>= 1) \
61 { \
62 c += v & 1; \
63 } \
64}
8d5d2d4c 65
24236869
FB		 66typedef struct Buffer
67{
68 size_t capacity;
69 size_t offset;
60fe76f3 70 uint8_t *buffer;
24236869
FB		 71} Buffer;
72
73typedef struct VncState VncState;
74
60fe76f3 75typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
24236869 76
3512779a
FB		 77typedef void VncWritePixels(VncState *vs, void *data, int size);
78
79typedef void VncSendHextileTile(VncState *vs,
80 int x, int y, int w, int h,
7eac3a87
AL		 81 void *last_bg,
82 void *last_fg,
3512779a
FB		 83 int *has_bg, int *has_fg);
84
99589bdc
FB		 85#define VNC_MAX_WIDTH 2048
86#define VNC_MAX_HEIGHT 2048
87#define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
88
70848515
TS		 89#define VNC_AUTH_CHALLENGE_SIZE 16
90
91enum {
92 VNC_AUTH_INVALID = 0,
93 VNC_AUTH_NONE = 1,
94 VNC_AUTH_VNC = 2,
95 VNC_AUTH_RA2 = 5,
96 VNC_AUTH_RA2NE = 6,
97 VNC_AUTH_TIGHT = 16,
98 VNC_AUTH_ULTRA = 17,
99 VNC_AUTH_TLS = 18,
100 VNC_AUTH_VENCRYPT = 19
101};
102
eb38c52c 103#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 104enum {
105 VNC_WIREMODE_CLEAR,
106 VNC_WIREMODE_TLS,
107};
108
109enum {
110 VNC_AUTH_VENCRYPT_PLAIN = 256,
111 VNC_AUTH_VENCRYPT_TLSNONE = 257,
112 VNC_AUTH_VENCRYPT_TLSVNC = 258,
113 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
114 VNC_AUTH_VENCRYPT_X509NONE = 260,
115 VNC_AUTH_VENCRYPT_X509VNC = 261,
116 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
117};
3a702699 118
3a702699
TS		 119#define X509_CA_CERT_FILE "ca-cert.pem"
120#define X509_CA_CRL_FILE "ca-crl.pem"
121#define X509_SERVER_KEY_FILE "server-key.pem"
122#define X509_SERVER_CERT_FILE "server-cert.pem"
3a702699 123
8d5d2d4c
TS		 124#endif /* CONFIG_VNC_TLS */
125
24236869
FB		 126struct VncState
127{
128 QEMUTimer *timer;
129 int lsock;
130 int csock;
131 DisplayState *ds;
132 int need_update;
99589bdc 133 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
24236869 134 char *old_data;
24236869
FB		 135 int has_resize;
136 int has_hextile;
564c337e 137 int has_pointer_type_change;
ca4cca4d 138 int has_WMVi;
564c337e
FB		 139 int absolute;
140 int last_x;
141 int last_y;
142
70848515
TS		 143 int major;
144 int minor;
145
71cab5ca 146 char *display;
70848515
TS		 147 char *password;
148 int auth;
eb38c52c 149#ifdef CONFIG_VNC_TLS
8d5d2d4c 150 int subauth;
469b15c6 151 int x509verify;
6f43024c
TS		 152
153 char *x509cacert;
154 char *x509cacrl;
155 char *x509cert;
156 char *x509key;
8d5d2d4c 157#endif
70848515 158 char challenge[VNC_AUTH_CHALLENGE_SIZE];
a9ce8590 159
eb38c52c 160#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 161 int wiremode;
162 gnutls_session_t tls_session;
163#endif
164
24236869
FB		 165 Buffer output;
166 Buffer input;
167 kbd_layout_t *kbd_layout;
3512779a
FB		 168 /* current output mode information */
169 VncWritePixels *write_pixels;
170 VncSendHextileTile *send_hextile_tile;
6cec5487 171 DisplaySurface clientds, serverds;
24236869 172
429a8ed3 173 CaptureVoiceOut *audio_cap;
1ea879e5 174 struct audsettings as;
429a8ed3 175
24236869
FB		 176 VncReadEvent *read_handler;
177 size_t read_handler_expect;
64f5a135
FB		 178 /* input */
179 uint8_t modifiers_state[256];
24236869
FB		 180};
181
a9ce8590 182static VncState *vnc_state; /* needed for info vnc */
7d957bd8 183static DisplayChangeListener *dcl;
a9ce8590
FB		 184
185void do_info_vnc(void)
186{
13412c9d 187 if (vnc_state == NULL || vnc_state->display == NULL)
a9ce8590
FB		 188 term_printf("VNC server disabled\n");
189 else {
190 term_printf("VNC server active on: ");
191 term_print_filename(vnc_state->display);
192 term_printf("\n");
193
194 if (vnc_state->csock == -1)
195 term_printf("No client connected\n");
196 else
197 term_printf("Client connected\n");
198 }
199}
200
24236869
FB		 201/* TODO
202 1) Get the queue working for IO.
203 2) there is some weirdness when using the -S option (the screen is grey
204 and not totally invalidated
205 3) resolutions > 1024
206*/
207
208static void vnc_write(VncState *vs, const void *data, size_t len);
209static void vnc_write_u32(VncState *vs, uint32_t value);
210static void vnc_write_s32(VncState *vs, int32_t value);
211static void vnc_write_u16(VncState *vs, uint16_t value);
212static void vnc_write_u8(VncState *vs, uint8_t value);
213static void vnc_flush(VncState *vs);
214static void vnc_update_client(void *opaque);
215static void vnc_client_read(void *opaque);
216
7d957bd8 217static void vnc_colordepth(DisplayState *ds);
7eac3a87 218
99589bdc
FB		 219static inline void vnc_set_bit(uint32_t *d, int k)
220{
221 d[k >> 5] |= 1 << (k & 0x1f);
222}
223
224static inline void vnc_clear_bit(uint32_t *d, int k)
225{
226 d[k >> 5] &= ~(1 << (k & 0x1f));
227}
228
229static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
230{
231 int j;
232
233 j = 0;
234 while (n >= 32) {
235 d[j++] = -1;
236 n -= 32;
237 }
5fafdf24 238 if (n > 0)
99589bdc
FB		 239 d[j++] = (1 << n) - 1;
240 while (j < nb_words)
241 d[j++] = 0;
242}
243
244static inline int vnc_get_bit(const uint32_t *d, int k)
245{
246 return (d[k >> 5] >> (k & 0x1f)) & 1;
247}
248
5fafdf24 249static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 250 int nb_words)
251{
252 int i;
253 for(i = 0; i < nb_words; i++) {
254 if ((d1[i] & d2[i]) != 0)
255 return 1;
256 }
257 return 0;
258}
259
24236869
FB		 260static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
261{
262 VncState *vs = ds->opaque;
263 int i;
264
265 h += y;
266
0486e8a7
AZ		 267 /* round x down to ensure the loop only spans one 16-pixel block per,
268 iteration. otherwise, if (x % 16) != 0, the last iteration may span
269 two 16-pixel blocks but we only mark the first as dirty
270 */
271 w += (x % 16);
272 x -= (x % 16);
273
6cec5487
AL		 274 x = MIN(x, vs->serverds.width);
275 y = MIN(y, vs->serverds.height);
276 w = MIN(x + w, vs->serverds.width) - x;
277 h = MIN(h, vs->serverds.height);
788abf8e 278
24236869
FB		 279 for (; y < h; y++)
280 for (i = 0; i < w; i += 16)
99589bdc 281 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
24236869
FB		 282}
283
284static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
285 int32_t encoding)
286{
287 vnc_write_u16(vs, x);
288 vnc_write_u16(vs, y);
289 vnc_write_u16(vs, w);
290 vnc_write_u16(vs, h);
291
292 vnc_write_s32(vs, encoding);
293}
294
7d957bd8 295static void vnc_dpy_resize(DisplayState *ds)
24236869 296{
73e14b62 297 int size_changed;
24236869
FB		 298 VncState *vs = ds->opaque;
299
7d957bd8 300 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
24236869 301
7d957bd8 302 if (vs->old_data == NULL) {
24236869
FB		 303 fprintf(stderr, "vnc: memory allocation failed\n");
304 exit(1);
305 }
306
6cec5487 307 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
a528b80c 308 console_color_init(ds);
7d957bd8 309 vnc_colordepth(ds);
6cec5487
AL		 310 size_changed = ds_get_width(ds) != vs->serverds.width ||
311 ds_get_height(ds) != vs->serverds.height;
312 vs->serverds = *(ds->surface);
b94eb43f 313 if (size_changed) {
b94eb43f
AZ		 314 if (vs->csock != -1 && vs->has_resize) {
315 vnc_write_u8(vs, 0); /* msg id */
316 vnc_write_u8(vs, 0);
317 vnc_write_u16(vs, 1); /* number of rects */
7d957bd8 318 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), -223);
b94eb43f
AZ		 319 vnc_flush(vs);
320 }
24236869 321 }
8bba5c81
AZ		 322
323 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
0e1f5a0c 324 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
24236869
FB		 325}
326
3512779a
FB		 327/* fastest code */
328static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
329{
330 vnc_write(vs, pixels, size);
331}
332
333/* slowest but generic code. */
334static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
335{
7eac3a87
AL		 336 uint8_t r, g, b;
337
90a1e3c0
AL		 338 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
339 vs->serverds.pf.rbits);
340 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
341 vs->serverds.pf.gbits);
342 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
343 vs->serverds.pf.bbits);
6cec5487
AL		 344 v = (r << vs->clientds.pf.rshift) |
345 (g << vs->clientds.pf.gshift) |
346 (b << vs->clientds.pf.bshift);
347 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 348 case 1:
349 buf[0] = v;
350 break;
351 case 2:
6cec5487 352 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 353 buf[0] = v >> 8;
354 buf[1] = v;
355 } else {
356 buf[1] = v >> 8;
357 buf[0] = v;
358 }
359 break;
360 default:
361 case 4:
6cec5487 362 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 363 buf[0] = v >> 24;
364 buf[1] = v >> 16;
365 buf[2] = v >> 8;
366 buf[3] = v;
367 } else {
368 buf[3] = v >> 24;
369 buf[2] = v >> 16;
370 buf[1] = v >> 8;
371 buf[0] = v;
372 }
373 break;
374 }
375}
376
377static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
378{
3512779a 379 uint8_t buf[4];
3512779a 380
6cec5487 381 if (vs->serverds.pf.bytes_per_pixel == 4) {
7eac3a87
AL		 382 uint32_t *pixels = pixels1;
383 int n, i;
384 n = size >> 2;
385 for(i = 0; i < n; i++) {
386 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 387 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 388 }
6cec5487 389 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
7eac3a87
AL		 390 uint16_t *pixels = pixels1;
391 int n, i;
392 n = size >> 1;
393 for(i = 0; i < n; i++) {
394 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 395 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 396 }
6cec5487 397 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
7eac3a87
AL		 398 uint8_t *pixels = pixels1;
399 int n, i;
400 n = size;
401 for(i = 0; i < n; i++) {
402 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 403 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 404 }
405 } else {
406 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 407 }
408}
409
24236869
FB		 410static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
411{
412 int i;
60fe76f3 413 uint8_t *row;
24236869
FB		 414
415 vnc_framebuffer_update(vs, x, y, w, h, 0);
416
6cec5487 417 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 418 for (i = 0; i < h; i++) {
6cec5487 419 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
0e1f5a0c 420 row += ds_get_linesize(vs->ds);
24236869
FB		 421 }
422}
423
424static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
425{
426 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
427 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
428}
429
430#define BPP 8
431#include "vnchextile.h"
432#undef BPP
433
434#define BPP 16
435#include "vnchextile.h"
436#undef BPP
437
438#define BPP 32
439#include "vnchextile.h"
440#undef BPP
441
7eac3a87
AL		 442#define GENERIC
443#define BPP 8
444#include "vnchextile.h"
445#undef BPP
446#undef GENERIC
447
448#define GENERIC
449#define BPP 16
450#include "vnchextile.h"
451#undef BPP
452#undef GENERIC
453
3512779a
FB		 454#define GENERIC
455#define BPP 32
456#include "vnchextile.h"
457#undef BPP
458#undef GENERIC
459
24236869
FB		 460static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
461{
462 int i, j;
463 int has_fg, has_bg;
7eac3a87 464 uint8_t *last_fg, *last_bg;
24236869
FB		 465
466 vnc_framebuffer_update(vs, x, y, w, h, 5);
467
6cec5487
AL		 468 last_fg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
469 last_bg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
24236869
FB		 470 has_fg = has_bg = 0;
471 for (j = y; j < (y + h); j += 16) {
472 for (i = x; i < (x + w); i += 16) {
5fafdf24 473 vs->send_hextile_tile(vs, i, j,
3512779a 474 MIN(16, x + w - i), MIN(16, y + h - j),
7eac3a87 475 last_bg, last_fg, &has_bg, &has_fg);
24236869
FB		 476 }
477 }
7eac3a87
AL		 478 free(last_fg);
479 free(last_bg);
480
24236869
FB		 481}
482
483static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
484{
485 if (vs->has_hextile)
486 send_framebuffer_update_hextile(vs, x, y, w, h);
487 else
488 send_framebuffer_update_raw(vs, x, y, w, h);
489}
490
491static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
492{
24236869
FB		 493 VncState *vs = ds->opaque;
494
495 vnc_update_client(vs);
496
24236869
FB		 497 vnc_write_u8(vs, 0); /* msg id */
498 vnc_write_u8(vs, 0);
499 vnc_write_u16(vs, 1); /* number of rects */
500 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
501 vnc_write_u16(vs, src_x);
502 vnc_write_u16(vs, src_y);
503 vnc_flush(vs);
504}
505
506static int find_dirty_height(VncState *vs, int y, int last_x, int x)
507{
508 int h;
509
6cec5487 510 for (h = 1; h < (vs->serverds.height - y); h++) {
24236869 511 int tmp_x;
99589bdc 512 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
24236869
FB		 513 break;
514 for (tmp_x = last_x; tmp_x < x; tmp_x++)
99589bdc 515 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
24236869
FB		 516 }
517
518 return h;
519}
520
521static void vnc_update_client(void *opaque)
522{
523 VncState *vs = opaque;
524
525 if (vs->need_update && vs->csock != -1) {
526 int y;
60fe76f3 527 uint8_t *row;
24236869 528 char *old_row;
99589bdc 529 uint32_t width_mask[VNC_DIRTY_WORDS];
24236869
FB		 530 int n_rectangles;
531 int saved_offset;
532 int has_dirty = 0;
533
a0ecfb73
AZ		 534 vga_hw_update();
535
6cec5487 536 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
24236869
FB		 537
538 /* Walk through the dirty map and eliminate tiles that
539 really aren't dirty */
0e1f5a0c 540 row = ds_get_data(vs->ds);
24236869
FB		 541 old_row = vs->old_data;
542
6cec5487 543 for (y = 0; y < ds_get_height(vs->ds); y++) {
99589bdc 544 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
24236869 545 int x;
60fe76f3
TS		 546 uint8_t *ptr;
547 char *old_ptr;
24236869
FB		 548
549 ptr = row;
60fe76f3 550 old_ptr = (char*)old_row;
24236869 551
0e1f5a0c 552 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
6cec5487 553 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
99589bdc 554 vnc_clear_bit(vs->dirty_row[y], (x / 16));
24236869
FB		 555 } else {
556 has_dirty = 1;
6cec5487 557 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
24236869
FB		 558 }
559
6cec5487
AL		 560 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
561 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
24236869
FB		 562 }
563 }
564
0e1f5a0c
AL		 565 row += ds_get_linesize(vs->ds);
566 old_row += ds_get_linesize(vs->ds);
24236869
FB		 567 }
568
429a8ed3 569 if (!has_dirty && !vs->audio_cap) {
24236869
FB		 570 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
571 return;
572 }
573
574 /* Count rectangles */
575 n_rectangles = 0;
576 vnc_write_u8(vs, 0); /* msg id */
577 vnc_write_u8(vs, 0);
578 saved_offset = vs->output.offset;
579 vnc_write_u16(vs, 0);
580
6cec5487 581 for (y = 0; y < vs->serverds.height; y++) {
24236869
FB		 582 int x;
583 int last_x = -1;
6cec5487 584 for (x = 0; x < vs->serverds.width / 16; x++) {
99589bdc 585 if (vnc_get_bit(vs->dirty_row[y], x)) {
24236869
FB		 586 if (last_x == -1) {
587 last_x = x;
588 }
99589bdc 589 vnc_clear_bit(vs->dirty_row[y], x);
24236869
FB		 590 } else {
591 if (last_x != -1) {
592 int h = find_dirty_height(vs, y, last_x, x);
593 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
594 n_rectangles++;
595 }
596 last_x = -1;
597 }
598 }
599 if (last_x != -1) {
600 int h = find_dirty_height(vs, y, last_x, x);
601 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
602 n_rectangles++;
603 }
604 }
605 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
606 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
607 vnc_flush(vs);
608
609 }
24236869 610
a0ecfb73
AZ		 611 if (vs->csock != -1) {
612 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
24236869 613 }
24236869 614
24236869
FB		 615}
616
617static int vnc_listen_poll(void *opaque)
618{
619 VncState *vs = opaque;
620 if (vs->csock == -1)
621 return 1;
622 return 0;
623}
624
625static void buffer_reserve(Buffer *buffer, size_t len)
626{
627 if ((buffer->capacity - buffer->offset) < len) {
628 buffer->capacity += (len + 1024);
2137b4cc 629 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
24236869
FB		 630 if (buffer->buffer == NULL) {
631 fprintf(stderr, "vnc: out of memory\n");
632 exit(1);
633 }
634 }
635}
636
637static int buffer_empty(Buffer *buffer)
638{
639 return buffer->offset == 0;
640}
641
60fe76f3 642static uint8_t *buffer_end(Buffer *buffer)
24236869
FB		 643{
644 return buffer->buffer + buffer->offset;
645}
646
647static void buffer_reset(Buffer *buffer)
648{
649 buffer->offset = 0;
650}
651
652static void buffer_append(Buffer *buffer, const void *data, size_t len)
653{
654 memcpy(buffer->buffer + buffer->offset, data, len);
655 buffer->offset += len;
656}
657
429a8ed3 658/* audio */
659static void audio_capture_notify(void *opaque, audcnotification_e cmd)
660{
661 VncState *vs = opaque;
662
663 switch (cmd) {
664 case AUD_CNOTIFY_DISABLE:
665 vnc_write_u8(vs, 255);
666 vnc_write_u8(vs, 1);
667 vnc_write_u16(vs, 0);
668 vnc_flush(vs);
669 break;
670
671 case AUD_CNOTIFY_ENABLE:
672 vnc_write_u8(vs, 255);
673 vnc_write_u8(vs, 1);
674 vnc_write_u16(vs, 1);
675 vnc_flush(vs);
676 break;
677 }
678}
679
680static void audio_capture_destroy(void *opaque)
681{
682}
683
684static void audio_capture(void *opaque, void *buf, int size)
685{
686 VncState *vs = opaque;
687
688 vnc_write_u8(vs, 255);
689 vnc_write_u8(vs, 1);
690 vnc_write_u16(vs, 2);
691 vnc_write_u32(vs, size);
692 vnc_write(vs, buf, size);
693 vnc_flush(vs);
694}
695
696static void audio_add(VncState *vs)
697{
698 struct audio_capture_ops ops;
699
700 if (vs->audio_cap) {
701 term_printf ("audio already running\n");
702 return;
703 }
704
705 ops.notify = audio_capture_notify;
706 ops.destroy = audio_capture_destroy;
707 ops.capture = audio_capture;
708
709 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
710 if (!vs->audio_cap) {
711 term_printf ("Failed to add audio capture\n");
712 }
713}
714
715static void audio_del(VncState *vs)
716{
717 if (vs->audio_cap) {
718 AUD_del_capture(vs->audio_cap, vs);
719 vs->audio_cap = NULL;
720 }
721}
722
6ca957f0 723static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 724{
725 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 726 if (ret == -1) {
727 switch (last_errno) {
728 case EINTR:
729 case EAGAIN:
730#ifdef _WIN32
731 case WSAEWOULDBLOCK:
732#endif
733 return 0;
734 default:
735 break;
736 }
737 }
24236869 738
8d5d2d4c 739 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
24236869 740 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
6ca957f0 741 closesocket(vs->csock);
24236869 742 vs->csock = -1;
7d957bd8 743 dcl->idle = 1;
24236869
FB		 744 buffer_reset(&vs->input);
745 buffer_reset(&vs->output);
746 vs->need_update = 0;
eb38c52c 747#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 748 if (vs->tls_session) {
749 gnutls_deinit(vs->tls_session);
750 vs->tls_session = NULL;
751 }
752 vs->wiremode = VNC_WIREMODE_CLEAR;
753#endif /* CONFIG_VNC_TLS */
429a8ed3 754 audio_del(vs);
24236869
FB		 755 return 0;
756 }
757 return ret;
758}
759
760static void vnc_client_error(VncState *vs)
761{
6ca957f0 762 vnc_client_io_error(vs, -1, EINVAL);
24236869
FB		 763}
764
765static void vnc_client_write(void *opaque)
766{
ceb5caaf 767 long ret;
24236869
FB		 768 VncState *vs = opaque;
769
eb38c52c 770#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 771 if (vs->tls_session) {
772 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
773 if (ret < 0) {
774 if (ret == GNUTLS_E_AGAIN)
775 errno = EAGAIN;
776 else
777 errno = EIO;
778 ret = -1;
779 }
780 } else
781#endif /* CONFIG_VNC_TLS */
782 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
6ca957f0 783 ret = vnc_client_io_error(vs, ret, socket_error());
24236869
FB		 784 if (!ret)
785 return;
786
787 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
788 vs->output.offset -= ret;
789
790 if (vs->output.offset == 0) {
791 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
792 }
793}
794
795static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
796{
797 vs->read_handler = func;
798 vs->read_handler_expect = expecting;
799}
800
801static void vnc_client_read(void *opaque)
802{
803 VncState *vs = opaque;
ceb5caaf 804 long ret;
24236869
FB		 805
806 buffer_reserve(&vs->input, 4096);
807
eb38c52c 808#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 809 if (vs->tls_session) {
810 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
811 if (ret < 0) {
812 if (ret == GNUTLS_E_AGAIN)
813 errno = EAGAIN;
814 else
815 errno = EIO;
816 ret = -1;
817 }
818 } else
819#endif /* CONFIG_VNC_TLS */
820 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
6ca957f0 821 ret = vnc_client_io_error(vs, ret, socket_error());
24236869
FB		 822 if (!ret)
823 return;
824
825 vs->input.offset += ret;
826
827 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
828 size_t len = vs->read_handler_expect;
829 int ret;
830
831 ret = vs->read_handler(vs, vs->input.buffer, len);
832 if (vs->csock == -1)
833 return;
834
835 if (!ret) {
836 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
837 vs->input.offset -= len;
838 } else {
839 vs->read_handler_expect = ret;
840 }
841 }
842}
843
844static void vnc_write(VncState *vs, const void *data, size_t len)
845{
846 buffer_reserve(&vs->output, len);
847
848 if (buffer_empty(&vs->output)) {
849 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
850 }
851
852 buffer_append(&vs->output, data, len);
853}
854
855static void vnc_write_s32(VncState *vs, int32_t value)
856{
857 vnc_write_u32(vs, *(uint32_t *)&value);
858}
859
860static void vnc_write_u32(VncState *vs, uint32_t value)
861{
862 uint8_t buf[4];
863
864 buf[0] = (value >> 24) & 0xFF;
865 buf[1] = (value >> 16) & 0xFF;
866 buf[2] = (value >> 8) & 0xFF;
867 buf[3] = value & 0xFF;
868
869 vnc_write(vs, buf, 4);
870}
871
872static void vnc_write_u16(VncState *vs, uint16_t value)
873{
64f5a135 874 uint8_t buf[2];
24236869
FB		 875
876 buf[0] = (value >> 8) & 0xFF;
877 buf[1] = value & 0xFF;
878
879 vnc_write(vs, buf, 2);
880}
881
882static void vnc_write_u8(VncState *vs, uint8_t value)
883{
884 vnc_write(vs, (char *)&value, 1);
885}
886
887static void vnc_flush(VncState *vs)
888{
889 if (vs->output.offset)
890 vnc_client_write(vs);
891}
892
64f5a135 893static uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 894{
895 return data[offset];
896}
897
64f5a135 898static uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 899{
900 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
901}
902
64f5a135 903static int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 904{
905 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
906 (data[offset + 2] << 8) | data[offset + 3]);
907}
908
64f5a135 909static uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 910{
911 return ((data[offset] << 24) | (data[offset + 1] << 16) |
912 (data[offset + 2] << 8) | data[offset + 3]);
913}
914
eb38c52c 915#ifdef CONFIG_VNC_TLS
9596ebb7
PB		 916static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
917 const void *data,
918 size_t len) {
8d5d2d4c
TS		 919 struct VncState *vs = (struct VncState *)transport;
920 int ret;
921
922 retry:
923 ret = send(vs->csock, data, len, 0);
924 if (ret < 0) {
925 if (errno == EINTR)
926 goto retry;
927 return -1;
928 }
929 return ret;
930}
931
932
9596ebb7
PB		 933static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
934 void *data,
935 size_t len) {
8d5d2d4c
TS		 936 struct VncState *vs = (struct VncState *)transport;
937 int ret;
938
939 retry:
940 ret = recv(vs->csock, data, len, 0);
941 if (ret < 0) {
942 if (errno == EINTR)
943 goto retry;
944 return -1;
945 }
946 return ret;
947}
948#endif /* CONFIG_VNC_TLS */
949
60fe76f3 950static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 951{
952}
953
564c337e
FB		 954static void check_pointer_type_change(VncState *vs, int absolute)
955{
956 if (vs->has_pointer_type_change && vs->absolute != absolute) {
957 vnc_write_u8(vs, 0);
958 vnc_write_u8(vs, 0);
959 vnc_write_u16(vs, 1);
960 vnc_framebuffer_update(vs, absolute, 0,
0e1f5a0c 961 ds_get_width(vs->ds), ds_get_height(vs->ds), -257);
564c337e
FB		 962 vnc_flush(vs);
963 }
964 vs->absolute = absolute;
965}
966
24236869
FB		 967static void pointer_event(VncState *vs, int button_mask, int x, int y)
968{
969 int buttons = 0;
970 int dz = 0;
971
972 if (button_mask & 0x01)
973 buttons |= MOUSE_EVENT_LBUTTON;
974 if (button_mask & 0x02)
975 buttons |= MOUSE_EVENT_MBUTTON;
976 if (button_mask & 0x04)
977 buttons |= MOUSE_EVENT_RBUTTON;
978 if (button_mask & 0x08)
979 dz = -1;
980 if (button_mask & 0x10)
981 dz = 1;
564c337e
FB		 982
983 if (vs->absolute) {
0e1f5a0c
AL		 984 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
985 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
24236869 986 dz, buttons);
564c337e
FB		 987 } else if (vs->has_pointer_type_change) {
988 x -= 0x7FFF;
989 y -= 0x7FFF;
24236869 990
564c337e
FB		 991 kbd_mouse_event(x, y, dz, buttons);
992 } else {
993 if (vs->last_x != -1)
994 kbd_mouse_event(x - vs->last_x,
995 y - vs->last_y,
996 dz, buttons);
997 vs->last_x = x;
998 vs->last_y = y;
24236869 999 }
564c337e
FB		 1000
1001 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1002}
1003
64f5a135
FB		 1004static void reset_keys(VncState *vs)
1005{
1006 int i;
1007 for(i = 0; i < 256; i++) {
1008 if (vs->modifiers_state[i]) {
1009 if (i & 0x80)
1010 kbd_put_keycode(0xe0);
1011 kbd_put_keycode(i | 0x80);
1012 vs->modifiers_state[i] = 0;
1013 }
1014 }
1015}
1016
a528b80c
AZ		 1017static void press_key(VncState *vs, int keysym)
1018{
1019 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
1020 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
1021}
1022
9ca313aa 1023static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 1024{
64f5a135
FB		 1025 /* QEMU console switch */
1026 switch(keycode) {
1027 case 0x2a: /* Left Shift */
1028 case 0x36: /* Right Shift */
1029 case 0x1d: /* Left CTRL */
1030 case 0x9d: /* Right CTRL */
1031 case 0x38: /* Left ALT */
1032 case 0xb8: /* Right ALT */
1033 if (down)
1034 vs->modifiers_state[keycode] = 1;
1035 else
1036 vs->modifiers_state[keycode] = 0;
1037 break;
5fafdf24 1038 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1039 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1040 /* Reset the modifiers sent to the current console */
1041 reset_keys(vs);
1042 console_select(keycode - 0x02);
1043 return;
1044 }
1045 break;
4d3b6f6e 1046 case 0x3a: /* CapsLock */
a528b80c
AZ		 1047 case 0x45: /* NumLock */
1048 if (!down)
1049 vs->modifiers_state[keycode] ^= 1;
1050 break;
1051 }
1052
1053 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1054 /* If the numlock state needs to change then simulate an additional
1055 keypress before sending this one. This will happen if the user
1056 toggles numlock away from the VNC window.
1057 */
1058 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1059 if (!vs->modifiers_state[0x45]) {
1060 vs->modifiers_state[0x45] = 1;
1061 press_key(vs, 0xff7f);
1062 }
1063 } else {
1064 if (vs->modifiers_state[0x45]) {
1065 vs->modifiers_state[0x45] = 0;
1066 press_key(vs, 0xff7f);
1067 }
1068 }
64f5a135 1069 }
24236869 1070
64f5a135
FB		 1071 if (is_graphic_console()) {
1072 if (keycode & 0x80)
1073 kbd_put_keycode(0xe0);
1074 if (down)
1075 kbd_put_keycode(keycode & 0x7f);
1076 else
1077 kbd_put_keycode(keycode | 0x80);
1078 } else {
1079 /* QEMU console emulation */
1080 if (down) {
1081 switch (keycode) {
1082 case 0x2a: /* Left Shift */
1083 case 0x36: /* Right Shift */
1084 case 0x1d: /* Left CTRL */
1085 case 0x9d: /* Right CTRL */
1086 case 0x38: /* Left ALT */
1087 case 0xb8: /* Right ALT */
1088 break;
1089 case 0xc8:
1090 kbd_put_keysym(QEMU_KEY_UP);
1091 break;
1092 case 0xd0:
1093 kbd_put_keysym(QEMU_KEY_DOWN);
1094 break;
1095 case 0xcb:
1096 kbd_put_keysym(QEMU_KEY_LEFT);
1097 break;
1098 case 0xcd:
1099 kbd_put_keysym(QEMU_KEY_RIGHT);
1100 break;
1101 case 0xd3:
1102 kbd_put_keysym(QEMU_KEY_DELETE);
1103 break;
1104 case 0xc7:
1105 kbd_put_keysym(QEMU_KEY_HOME);
1106 break;
1107 case 0xcf:
1108 kbd_put_keysym(QEMU_KEY_END);
1109 break;
1110 case 0xc9:
1111 kbd_put_keysym(QEMU_KEY_PAGEUP);
1112 break;
1113 case 0xd1:
1114 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1115 break;
1116 default:
1117 kbd_put_keysym(sym);
1118 break;
1119 }
1120 }
1121 }
24236869
FB		 1122}
1123
bdbd7676
FB		 1124static void key_event(VncState *vs, int down, uint32_t sym)
1125{
9ca313aa
AL		 1126 int keycode;
1127
a528b80c 1128 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
bdbd7676 1129 sym = sym - 'A' + 'a';
9ca313aa
AL		 1130
1131 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1132 do_key_event(vs, down, keycode, sym);
1133}
1134
1135static void ext_key_event(VncState *vs, int down,
1136 uint32_t sym, uint16_t keycode)
1137{
1138 /* if the user specifies a keyboard layout, always use it */
1139 if (keyboard_layout)
1140 key_event(vs, down, sym);
1141 else
1142 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1143}
1144
24236869
FB		 1145static void framebuffer_update_request(VncState *vs, int incremental,
1146 int x_position, int y_position,
1147 int w, int h)
1148{
0e1f5a0c
AL		 1149 if (x_position > ds_get_width(vs->ds))
1150 x_position = ds_get_width(vs->ds);
1151 if (y_position > ds_get_height(vs->ds))
1152 y_position = ds_get_height(vs->ds);
1153 if (x_position + w >= ds_get_width(vs->ds))
1154 w = ds_get_width(vs->ds) - x_position;
1155 if (y_position + h >= ds_get_height(vs->ds))
1156 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1157
24236869
FB		 1158 int i;
1159 vs->need_update = 1;
1160 if (!incremental) {
0e1f5a0c 1161 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
24236869
FB		 1162
1163 for (i = 0; i < h; i++) {
5fafdf24 1164 vnc_set_bits(vs->dirty_row[y_position + i],
0e1f5a0c 1165 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
6cec5487 1166 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
0e1f5a0c 1167 old_row += ds_get_linesize(vs->ds);
24236869
FB		 1168 }
1169 }
1170}
1171
9ca313aa
AL		 1172static void send_ext_key_event_ack(VncState *vs)
1173{
1174 vnc_write_u8(vs, 0);
1175 vnc_write_u8(vs, 0);
1176 vnc_write_u16(vs, 1);
0e1f5a0c 1177 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -258);
9ca313aa
AL		 1178 vnc_flush(vs);
1179}
1180
429a8ed3 1181static void send_ext_audio_ack(VncState *vs)
1182{
1183 vnc_write_u8(vs, 0);
1184 vnc_write_u8(vs, 0);
1185 vnc_write_u16(vs, 1);
1186 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -259);
1187 vnc_flush(vs);
1188}
1189
24236869
FB		 1190static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1191{
1192 int i;
1193
1194 vs->has_hextile = 0;
1195 vs->has_resize = 0;
564c337e 1196 vs->has_pointer_type_change = 0;
ca4cca4d 1197 vs->has_WMVi = 0;
564c337e 1198 vs->absolute = -1;
7d957bd8 1199 dcl->dpy_copy = NULL;
24236869
FB		 1200
1201 for (i = n_encodings - 1; i >= 0; i--) {
1202 switch (encodings[i]) {
1203 case 0: /* Raw */
1204 vs->has_hextile = 0;
1205 break;
1206 case 1: /* CopyRect */
7d957bd8 1207 dcl->dpy_copy = vnc_copy;
24236869
FB		 1208 break;
1209 case 5: /* Hextile */
1210 vs->has_hextile = 1;
1211 break;
1212 case -223: /* DesktopResize */
1213 vs->has_resize = 1;
1214 break;
564c337e
FB		 1215 case -257:
1216 vs->has_pointer_type_change = 1;
1217 break;
9ca313aa
AL		 1218 case -258:
1219 send_ext_key_event_ack(vs);
1220 break;
429a8ed3 1221 case -259:
1222 send_ext_audio_ack(vs);
1223 break;
ca4cca4d
AL		 1224 case 0x574D5669:
1225 vs->has_WMVi = 1;
1226 break;
24236869
FB		 1227 default:
1228 break;
1229 }
1230 }
564c337e
FB		 1231
1232 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1233}
1234
6cec5487
AL		 1235static void set_pixel_conversion(VncState *vs)
1236{
1237 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1238 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1239 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1240 vs->write_pixels = vnc_write_pixels_copy;
1241 switch (vs->ds->surface->pf.bits_per_pixel) {
1242 case 8:
1243 vs->send_hextile_tile = send_hextile_tile_8;
1244 break;
1245 case 16:
1246 vs->send_hextile_tile = send_hextile_tile_16;
1247 break;
1248 case 32:
1249 vs->send_hextile_tile = send_hextile_tile_32;
1250 break;
1251 }
1252 } else {
1253 vs->write_pixels = vnc_write_pixels_generic;
1254 switch (vs->ds->surface->pf.bits_per_pixel) {
1255 case 8:
1256 vs->send_hextile_tile = send_hextile_tile_generic_8;
1257 break;
1258 case 16:
1259 vs->send_hextile_tile = send_hextile_tile_generic_16;
1260 break;
1261 case 32:
1262 vs->send_hextile_tile = send_hextile_tile_generic_32;
1263 break;
1264 }
1265 }
1266}
1267
24236869
FB		 1268static void set_pixel_format(VncState *vs,
1269 int bits_per_pixel, int depth,
1270 int big_endian_flag, int true_color_flag,
1271 int red_max, int green_max, int blue_max,
1272 int red_shift, int green_shift, int blue_shift)
1273{
3512779a 1274 if (!true_color_flag) {
24236869 1275 vnc_client_error(vs);
3512779a
FB		 1276 return;
1277 }
24236869 1278
6cec5487
AL		 1279 vs->clientds = vs->serverds;
1280 vs->clientds.pf.rmax = red_max;
90a1e3c0 1281 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1282 vs->clientds.pf.rshift = red_shift;
1283 vs->clientds.pf.rmask = red_max << red_shift;
1284 vs->clientds.pf.gmax = green_max;
90a1e3c0 1285 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1286 vs->clientds.pf.gshift = green_shift;
1287 vs->clientds.pf.gmask = green_max << green_shift;
1288 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1289 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1290 vs->clientds.pf.bshift = blue_shift;
1291 vs->clientds.pf.bmask = blue_max << blue_shift;
1292 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1293 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1294 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1295 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1296
1297 set_pixel_conversion(vs);
24236869
FB		 1298
1299 vga_hw_invalidate();
1300 vga_hw_update();
1301}
1302
ca4cca4d
AL		 1303static void pixel_format_message (VncState *vs) {
1304 char pad[3] = { 0, 0, 0 };
1305
6cec5487
AL		 1306 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1307 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d
AL		 1308
1309#ifdef WORDS_BIGENDIAN
1310 vnc_write_u8(vs, 1); /* big-endian-flag */
1311#else
1312 vnc_write_u8(vs, 0); /* big-endian-flag */
1313#endif
1314 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1315 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1316 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1317 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1318 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1319 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1320 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1321 if (vs->ds->surface->pf.bits_per_pixel == 32)
ca4cca4d 1322 vs->send_hextile_tile = send_hextile_tile_32;
6cec5487 1323 else if (vs->ds->surface->pf.bits_per_pixel == 16)
ca4cca4d 1324 vs->send_hextile_tile = send_hextile_tile_16;
6cec5487 1325 else if (vs->ds->surface->pf.bits_per_pixel == 8)
ca4cca4d 1326 vs->send_hextile_tile = send_hextile_tile_8;
6cec5487
AL		 1327 vs->clientds = *(vs->ds->surface);
1328 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1329 vs->write_pixels = vnc_write_pixels_copy;
1330
1331 vnc_write(vs, pad, 3); /* padding */
1332}
1333
7d957bd8
AL		 1334static void vnc_dpy_setdata(DisplayState *ds)
1335{
1336 /* We don't have to do anything */
1337}
1338
1339static void vnc_colordepth(DisplayState *ds)
7eac3a87 1340{
7eac3a87
AL		 1341 struct VncState *vs = ds->opaque;
1342
ca4cca4d
AL		 1343 if (vs->csock != -1 && vs->has_WMVi) {
1344 /* Sending a WMVi message to notify the client*/
1345 vnc_write_u8(vs, 0); /* msg id */
1346 vnc_write_u8(vs, 0);
1347 vnc_write_u16(vs, 1); /* number of rects */
7d957bd8 1348 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), 0x574D5669);
ca4cca4d
AL		 1349 pixel_format_message(vs);
1350 vnc_flush(vs);
7eac3a87 1351 } else {
6cec5487 1352 set_pixel_conversion(vs);
7eac3a87
AL		 1353 }
1354}
1355
60fe76f3 1356static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1357{
1358 int i;
1359 uint16_t limit;
1360
1361 switch (data[0]) {
1362 case 0:
1363 if (len == 1)
1364 return 20;
1365
1366 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1367 read_u8(data, 6), read_u8(data, 7),
1368 read_u16(data, 8), read_u16(data, 10),
1369 read_u16(data, 12), read_u8(data, 14),
1370 read_u8(data, 15), read_u8(data, 16));
1371 break;
1372 case 2:
1373 if (len == 1)
1374 return 4;
1375
69dd5c9f
AL		 1376 if (len == 4) {
1377 limit = read_u16(data, 2);
1378 if (limit > 0)
1379 return 4 + (limit * 4);
1380 } else
1381 limit = read_u16(data, 2);
24236869 1382
24236869
FB		 1383 for (i = 0; i < limit; i++) {
1384 int32_t val = read_s32(data, 4 + (i * 4));
1385 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1386 }
1387
1388 set_encodings(vs, (int32_t *)(data + 4), limit);
1389 break;
1390 case 3:
1391 if (len == 1)
1392 return 10;
1393
1394 framebuffer_update_request(vs,
1395 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1396 read_u16(data, 6), read_u16(data, 8));
1397 break;
1398 case 4:
1399 if (len == 1)
1400 return 8;
1401
1402 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1403 break;
1404 case 5:
1405 if (len == 1)
1406 return 6;
1407
1408 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1409 break;
1410 case 6:
1411 if (len == 1)
1412 return 8;
1413
baa7666c
TS		 1414 if (len == 8) {
1415 uint32_t dlen = read_u32(data, 4);
1416 if (dlen > 0)
1417 return 8 + dlen;
1418 }
24236869
FB		 1419
1420 client_cut_text(vs, read_u32(data, 4), data + 8);
1421 break;
9ca313aa
AL		 1422 case 255:
1423 if (len == 1)
1424 return 2;
1425
1426 switch (read_u8(data, 1)) {
1427 case 0:
1428 if (len == 2)
1429 return 12;
1430
1431 ext_key_event(vs, read_u16(data, 2),
1432 read_u32(data, 4), read_u32(data, 8));
1433 break;
429a8ed3 1434 case 1:
1435 if (len == 2)
1436 return 4;
1437
1438 switch (read_u16 (data, 2)) {
1439 case 0:
1440 audio_add(vs);
1441 break;
1442 case 1:
1443 audio_del(vs);
1444 break;
1445 case 2:
1446 if (len == 4)
1447 return 10;
1448 switch (read_u8(data, 4)) {
1449 case 0: vs->as.fmt = AUD_FMT_U8; break;
1450 case 1: vs->as.fmt = AUD_FMT_S8; break;
1451 case 2: vs->as.fmt = AUD_FMT_U16; break;
1452 case 3: vs->as.fmt = AUD_FMT_S16; break;
1453 case 4: vs->as.fmt = AUD_FMT_U32; break;
1454 case 5: vs->as.fmt = AUD_FMT_S32; break;
1455 default:
1456 printf("Invalid audio format %d\n", read_u8(data, 4));
1457 vnc_client_error(vs);
1458 break;
1459 }
1460 vs->as.nchannels = read_u8(data, 5);
1461 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1462 printf("Invalid audio channel coount %d\n",
1463 read_u8(data, 5));
1464 vnc_client_error(vs);
1465 break;
1466 }
1467 vs->as.freq = read_u32(data, 6);
1468 break;
1469 default:
1470 printf ("Invalid audio message %d\n", read_u8(data, 4));
1471 vnc_client_error(vs);
1472 break;
1473 }
1474 break;
1475
9ca313aa
AL		 1476 default:
1477 printf("Msg: %d\n", read_u16(data, 0));
1478 vnc_client_error(vs);
1479 break;
1480 }
1481 break;
24236869
FB		 1482 default:
1483 printf("Msg: %d\n", data[0]);
1484 vnc_client_error(vs);
1485 break;
1486 }
5fafdf24 1487
24236869
FB		 1488 vnc_read_when(vs, protocol_client_msg, 1);
1489 return 0;
1490}
1491
60fe76f3 1492static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 1493{
c35734b2
TS		 1494 char buf[1024];
1495 int size;
24236869 1496
0e1f5a0c
AL		 1497 vnc_write_u16(vs, ds_get_width(vs->ds));
1498 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 1499
ca4cca4d 1500 pixel_format_message(vs);
24236869 1501
c35734b2
TS		 1502 if (qemu_name)
1503 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1504 else
1505 size = snprintf(buf, sizeof(buf), "QEMU");
1506
1507 vnc_write_u32(vs, size);
1508 vnc_write(vs, buf, size);
24236869
FB		 1509 vnc_flush(vs);
1510
1511 vnc_read_when(vs, protocol_client_msg, 1);
1512
1513 return 0;
1514}
1515
70848515
TS		 1516static void make_challenge(VncState *vs)
1517{
1518 int i;
1519
1520 srand(time(NULL)+getpid()+getpid()*987654+rand());
1521
1522 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1523 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1524}
1525
60fe76f3 1526static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 1527{
60fe76f3 1528 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 1529 int i, j, pwlen;
60fe76f3 1530 unsigned char key[8];
70848515
TS		 1531
1532 if (!vs->password || !vs->password[0]) {
1533 VNC_DEBUG("No password configured on server");
1534 vnc_write_u32(vs, 1); /* Reject auth */
1535 if (vs->minor >= 8) {
1536 static const char err[] = "Authentication failed";
1537 vnc_write_u32(vs, sizeof(err));
1538 vnc_write(vs, err, sizeof(err));
1539 }
1540 vnc_flush(vs);
1541 vnc_client_error(vs);
1542 return 0;
1543 }
1544
1545 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1546
1547 /* Calculate the expected challenge response */
1548 pwlen = strlen(vs->password);
1549 for (i=0; i<sizeof(key); i++)
1550 key[i] = i<pwlen ? vs->password[i] : 0;
1551 deskey(key, EN0);
1552 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1553 des(response+j, response+j);
1554
1555 /* Compare expected vs actual challenge response */
1556 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1557 VNC_DEBUG("Client challenge reponse did not match\n");
1558 vnc_write_u32(vs, 1); /* Reject auth */
1559 if (vs->minor >= 8) {
1560 static const char err[] = "Authentication failed";
1561 vnc_write_u32(vs, sizeof(err));
1562 vnc_write(vs, err, sizeof(err));
1563 }
1564 vnc_flush(vs);
1565 vnc_client_error(vs);
1566 } else {
1567 VNC_DEBUG("Accepting VNC challenge response\n");
1568 vnc_write_u32(vs, 0); /* Accept auth */
1569 vnc_flush(vs);
1570
1571 vnc_read_when(vs, protocol_client_init, 1);
1572 }
1573 return 0;
1574}
1575
1576static int start_auth_vnc(VncState *vs)
1577{
1578 make_challenge(vs);
1579 /* Send client a 'random' challenge */
1580 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1581 vnc_flush(vs);
1582
1583 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1584 return 0;
1585}
1586
8d5d2d4c 1587
eb38c52c 1588#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 1589#define DH_BITS 1024
1590static gnutls_dh_params_t dh_params;
1591
1592static int vnc_tls_initialize(void)
1593{
1594 static int tlsinitialized = 0;
1595
1596 if (tlsinitialized)
1597 return 1;
1598
1599 if (gnutls_global_init () < 0)
1600 return 0;
1601
1602 /* XXX ought to re-generate diffie-hellmen params periodically */
1603 if (gnutls_dh_params_init (&dh_params) < 0)
1604 return 0;
1605 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1606 return 0;
1607
234c9bcd 1608#if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
8d5d2d4c
TS		 1609 gnutls_global_set_log_level(10);
1610 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1611#endif
1612
1613 tlsinitialized = 1;
1614
1615 return 1;
1616}
1617
1618static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1619{
1620 gnutls_anon_server_credentials anon_cred;
1621 int ret;
1622
1623 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1624 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1625 return NULL;
1626 }
1627
1628 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1629
1630 return anon_cred;
1631}
1632
1633
6f43024c 1634static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
3a702699
TS		 1635{
1636 gnutls_certificate_credentials_t x509_cred;
1637 int ret;
6f43024c
TS		 1638
1639 if (!vs->x509cacert) {
1640 VNC_DEBUG("No CA x509 certificate specified\n");
1641 return NULL;
1642 }
1643 if (!vs->x509cert) {
1644 VNC_DEBUG("No server x509 certificate specified\n");
1645 return NULL;
1646 }
1647 if (!vs->x509key) {
1648 VNC_DEBUG("No server private key specified\n");
1649 return NULL;
1650 }
3a702699
TS		 1651
1652 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1653 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1654 return NULL;
1655 }
6f43024c
TS		 1656 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1657 vs->x509cacert,
1658 GNUTLS_X509_FMT_PEM)) < 0) {
3a702699
TS		 1659 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1660 gnutls_certificate_free_credentials(x509_cred);
1661 return NULL;
1662 }
1663
6f43024c
TS		 1664 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1665 vs->x509cert,
1666 vs->x509key,
3a702699
TS		 1667 GNUTLS_X509_FMT_PEM)) < 0) {
1668 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1669 gnutls_certificate_free_credentials(x509_cred);
1670 return NULL;
1671 }
1672
6f43024c
TS		 1673 if (vs->x509cacrl) {
1674 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1675 vs->x509cacrl,
1676 GNUTLS_X509_FMT_PEM)) < 0) {
3a702699
TS		 1677 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1678 gnutls_certificate_free_credentials(x509_cred);
1679 return NULL;
1680 }
1681 }
1682
1683 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1684
1685 return x509_cred;
1686}
1687
469b15c6
TS		 1688static int vnc_validate_certificate(struct VncState *vs)
1689{
1690 int ret;
1691 unsigned int status;
1692 const gnutls_datum_t *certs;
1693 unsigned int nCerts, i;
1694 time_t now;
1695
1696 VNC_DEBUG("Validating client certificate\n");
1697 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1698 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1699 return -1;
1700 }
1701
1702 if ((now = time(NULL)) == ((time_t)-1)) {
1703 return -1;
1704 }
1705
1706 if (status != 0) {
1707 if (status & GNUTLS_CERT_INVALID)
1708 VNC_DEBUG("The certificate is not trusted.\n");
1709
1710 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1711 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1712
1713 if (status & GNUTLS_CERT_REVOKED)
1714 VNC_DEBUG("The certificate has been revoked.\n");
1715
1716 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1717 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1718
1719 return -1;
1720 } else {
1721 VNC_DEBUG("Certificate is valid!\n");
1722 }
1723
1724 /* Only support x509 for now */
1725 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1726 return -1;
1727
1728 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1729 return -1;
1730
1731 for (i = 0 ; i < nCerts ; i++) {
1732 gnutls_x509_crt_t cert;
1733 VNC_DEBUG ("Checking certificate chain %d\n", i);
1734 if (gnutls_x509_crt_init (&cert) < 0)
1735 return -1;
1736
1737 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1738 gnutls_x509_crt_deinit (cert);
1739 return -1;
1740 }
1741
1742 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1743 VNC_DEBUG("The certificate has expired\n");
1744 gnutls_x509_crt_deinit (cert);
1745 return -1;
1746 }
1747
1748 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1749 VNC_DEBUG("The certificate is not yet activated\n");
1750 gnutls_x509_crt_deinit (cert);
1751 return -1;
1752 }
1753
1754 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1755 VNC_DEBUG("The certificate is not yet activated\n");
1756 gnutls_x509_crt_deinit (cert);
1757 return -1;
1758 }
1759
1760 gnutls_x509_crt_deinit (cert);
1761 }
1762
1763 return 0;
1764}
1765
1766
8d5d2d4c
TS		 1767static int start_auth_vencrypt_subauth(VncState *vs)
1768{
1769 switch (vs->subauth) {
1770 case VNC_AUTH_VENCRYPT_TLSNONE:
3a702699 1771 case VNC_AUTH_VENCRYPT_X509NONE:
8d5d2d4c
TS		 1772 VNC_DEBUG("Accept TLS auth none\n");
1773 vnc_write_u32(vs, 0); /* Accept auth completion */
1774 vnc_read_when(vs, protocol_client_init, 1);
1775 break;
1776
1777 case VNC_AUTH_VENCRYPT_TLSVNC:
3a702699 1778 case VNC_AUTH_VENCRYPT_X509VNC:
8d5d2d4c
TS		 1779 VNC_DEBUG("Start TLS auth VNC\n");
1780 return start_auth_vnc(vs);
1781
1782 default: /* Should not be possible, but just in case */
1783 VNC_DEBUG("Reject auth %d\n", vs->auth);
1784 vnc_write_u8(vs, 1);
1785 if (vs->minor >= 8) {
1786 static const char err[] = "Unsupported authentication type";
1787 vnc_write_u32(vs, sizeof(err));
1788 vnc_write(vs, err, sizeof(err));
1789 }
1790 vnc_client_error(vs);
1791 }
1792
1793 return 0;
1794}
1795
1796static void vnc_handshake_io(void *opaque);
1797
1798static int vnc_continue_handshake(struct VncState *vs) {
1799 int ret;
1800
1801 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1802 if (!gnutls_error_is_fatal(ret)) {
1803 VNC_DEBUG("Handshake interrupted (blocking)\n");
1804 if (!gnutls_record_get_direction(vs->tls_session))
1805 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1806 else
1807 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1808 return 0;
1809 }
1810 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1811 vnc_client_error(vs);
1812 return -1;
1813 }
1814
469b15c6
TS		 1815 if (vs->x509verify) {
1816 if (vnc_validate_certificate(vs) < 0) {
1817 VNC_DEBUG("Client verification failed\n");
1818 vnc_client_error(vs);
1819 return -1;
1820 } else {
1821 VNC_DEBUG("Client verification passed\n");
1822 }
1823 }
1824
8d5d2d4c
TS		 1825 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1826 vs->wiremode = VNC_WIREMODE_TLS;
1827 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1828
1829 return start_auth_vencrypt_subauth(vs);
1830}
1831
1832static void vnc_handshake_io(void *opaque) {
1833 struct VncState *vs = (struct VncState *)opaque;
1834
1835 VNC_DEBUG("Handshake IO continue\n");
1836 vnc_continue_handshake(vs);
1837}
1838
3a702699
TS		 1839#define NEED_X509_AUTH(vs) \
1840 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1841 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1842 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1843
1844
8d5d2d4c
TS		 1845static int vnc_start_tls(struct VncState *vs) {
1846 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1847 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1848 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
3a702699 1849 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
8d5d2d4c
TS		 1850
1851 VNC_DEBUG("Do TLS setup\n");
1852 if (vnc_tls_initialize() < 0) {
1853 VNC_DEBUG("Failed to init TLS\n");
1854 vnc_client_error(vs);
1855 return -1;
1856 }
1857 if (vs->tls_session == NULL) {
1858 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1859 vnc_client_error(vs);
1860 return -1;
1861 }
1862
1863 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1864 gnutls_deinit(vs->tls_session);
1865 vs->tls_session = NULL;
1866 vnc_client_error(vs);
1867 return -1;
1868 }
1869
3a702699 1870 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
8d5d2d4c
TS		 1871 gnutls_deinit(vs->tls_session);
1872 vs->tls_session = NULL;
1873 vnc_client_error(vs);
1874 return -1;
1875 }
1876
1877 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1878 gnutls_deinit(vs->tls_session);
1879 vs->tls_session = NULL;
1880 vnc_client_error(vs);
1881 return -1;
1882 }
1883
1884 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1885 gnutls_deinit(vs->tls_session);
1886 vs->tls_session = NULL;
1887 vnc_client_error(vs);
1888 return -1;
1889 }
1890
3a702699 1891 if (NEED_X509_AUTH(vs)) {
6f43024c 1892 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
3a702699
TS		 1893 if (!x509_cred) {
1894 gnutls_deinit(vs->tls_session);
1895 vs->tls_session = NULL;
1896 vnc_client_error(vs);
1897 return -1;
1898 }
1899 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1900 gnutls_deinit(vs->tls_session);
1901 vs->tls_session = NULL;
1902 gnutls_certificate_free_credentials(x509_cred);
1903 vnc_client_error(vs);
1904 return -1;
1905 }
469b15c6
TS		 1906 if (vs->x509verify) {
1907 VNC_DEBUG("Requesting a client certificate\n");
1908 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1909 }
1910
3a702699
TS		 1911 } else {
1912 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1913 if (!anon_cred) {
1914 gnutls_deinit(vs->tls_session);
1915 vs->tls_session = NULL;
1916 vnc_client_error(vs);
1917 return -1;
1918 }
1919 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1920 gnutls_deinit(vs->tls_session);
1921 vs->tls_session = NULL;
1922 gnutls_anon_free_server_credentials(anon_cred);
1923 vnc_client_error(vs);
1924 return -1;
1925 }
8d5d2d4c
TS		 1926 }
1927
1928 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1929 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1930 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1931 }
1932
1933 VNC_DEBUG("Start TLS handshake process\n");
1934 return vnc_continue_handshake(vs);
1935}
1936
60fe76f3 1937static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
8d5d2d4c
TS		 1938{
1939 int auth = read_u32(data, 0);
1940
1941 if (auth != vs->subauth) {
1942 VNC_DEBUG("Rejecting auth %d\n", auth);
1943 vnc_write_u8(vs, 0); /* Reject auth */
1944 vnc_flush(vs);
1945 vnc_client_error(vs);
1946 } else {
1947 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1948 vnc_write_u8(vs, 1); /* Accept auth */
1949 vnc_flush(vs);
1950
1951 if (vnc_start_tls(vs) < 0) {
1952 VNC_DEBUG("Failed to complete TLS\n");
1953 return 0;
1954 }
1955
1956 if (vs->wiremode == VNC_WIREMODE_TLS) {
1957 VNC_DEBUG("Starting VeNCrypt subauth\n");
1958 return start_auth_vencrypt_subauth(vs);
1959 } else {
1960 VNC_DEBUG("TLS handshake blocked\n");
1961 return 0;
1962 }
1963 }
1964 return 0;
1965}
1966
60fe76f3 1967static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
8d5d2d4c
TS		 1968{
1969 if (data[0] != 0 ||
1970 data[1] != 2) {
1971 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1972 vnc_write_u8(vs, 1); /* Reject version */
1973 vnc_flush(vs);
1974 vnc_client_error(vs);
1975 } else {
1976 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1977 vnc_write_u8(vs, 0); /* Accept version */
1978 vnc_write_u8(vs, 1); /* Number of sub-auths */
1979 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1980 vnc_flush(vs);
1981 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1982 }
1983 return 0;
1984}
1985
1986static int start_auth_vencrypt(VncState *vs)
1987{
1988 /* Send VeNCrypt version 0.2 */
1989 vnc_write_u8(vs, 0);
1990 vnc_write_u8(vs, 2);
1991
1992 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1993 return 0;
1994}
1995#endif /* CONFIG_VNC_TLS */
1996
60fe76f3 1997static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 1998{
1999 /* We only advertise 1 auth scheme at a time, so client
2000 * must pick the one we sent. Verify this */
2001 if (data[0] != vs->auth) { /* Reject auth */
2002 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
2003 vnc_write_u32(vs, 1);
2004 if (vs->minor >= 8) {
2005 static const char err[] = "Authentication failed";
2006 vnc_write_u32(vs, sizeof(err));
2007 vnc_write(vs, err, sizeof(err));
2008 }
2009 vnc_client_error(vs);
2010 } else { /* Accept requested auth */
2011 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2012 switch (vs->auth) {
2013 case VNC_AUTH_NONE:
2014 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 2015 if (vs->minor >= 8) {
2016 vnc_write_u32(vs, 0); /* Accept auth completion */
2017 vnc_flush(vs);
2018 }
70848515
TS		 2019 vnc_read_when(vs, protocol_client_init, 1);
2020 break;
2021
2022 case VNC_AUTH_VNC:
2023 VNC_DEBUG("Start VNC auth\n");
2024 return start_auth_vnc(vs);
2025
eb38c52c 2026#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2027 case VNC_AUTH_VENCRYPT:
2028 VNC_DEBUG("Accept VeNCrypt auth\n");;
2029 return start_auth_vencrypt(vs);
2030#endif /* CONFIG_VNC_TLS */
2031
70848515
TS		 2032 default: /* Should not be possible, but just in case */
2033 VNC_DEBUG("Reject auth %d\n", vs->auth);
2034 vnc_write_u8(vs, 1);
2035 if (vs->minor >= 8) {
2036 static const char err[] = "Authentication failed";
2037 vnc_write_u32(vs, sizeof(err));
2038 vnc_write(vs, err, sizeof(err));
2039 }
2040 vnc_client_error(vs);
2041 }
2042 }
2043 return 0;
2044}
2045
60fe76f3 2046static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 2047{
2048 char local[13];
24236869
FB		 2049
2050 memcpy(local, version, 12);
2051 local[12] = 0;
2052
70848515
TS		 2053 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2054 VNC_DEBUG("Malformed protocol version %s\n", local);
24236869
FB		 2055 vnc_client_error(vs);
2056 return 0;
2057 }
70848515
TS		 2058 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2059 if (vs->major != 3 ||
2060 (vs->minor != 3 &&
b0566f4f 2061 vs->minor != 4 &&
70848515
TS		 2062 vs->minor != 5 &&
2063 vs->minor != 7 &&
2064 vs->minor != 8)) {
2065 VNC_DEBUG("Unsupported client version\n");
2066 vnc_write_u32(vs, VNC_AUTH_INVALID);
2067 vnc_flush(vs);
2068 vnc_client_error(vs);
2069 return 0;
2070 }
b0566f4f 2071 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 2072 * as equivalent to v3.3 by servers
2073 */
b0566f4f 2074 if (vs->minor == 4 || vs->minor == 5)
70848515
TS		 2075 vs->minor = 3;
2076
2077 if (vs->minor == 3) {
2078 if (vs->auth == VNC_AUTH_NONE) {
2079 VNC_DEBUG("Tell client auth none\n");
2080 vnc_write_u32(vs, vs->auth);
2081 vnc_flush(vs);
2082 vnc_read_when(vs, protocol_client_init, 1);
2083 } else if (vs->auth == VNC_AUTH_VNC) {
2084 VNC_DEBUG("Tell client VNC auth\n");
2085 vnc_write_u32(vs, vs->auth);
2086 vnc_flush(vs);
2087 start_auth_vnc(vs);
2088 } else {
2089 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2090 vnc_write_u32(vs, VNC_AUTH_INVALID);
2091 vnc_flush(vs);
2092 vnc_client_error(vs);
2093 }
2094 } else {
2095 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2096 vnc_write_u8(vs, 1); /* num auth */
2097 vnc_write_u8(vs, vs->auth);
2098 vnc_read_when(vs, protocol_client_auth, 1);
2099 vnc_flush(vs);
2100 }
24236869
FB		 2101
2102 return 0;
2103}
2104
3aa3eea3
AZ		 2105static void vnc_connect(VncState *vs)
2106{
2107 VNC_DEBUG("New client on socket %d\n", vs->csock);
7d957bd8 2108 dcl->idle = 0;
3aa3eea3
AZ		 2109 socket_set_nonblock(vs->csock);
2110 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2111 vnc_write(vs, "RFB 003.008\n", 12);
2112 vnc_flush(vs);
2113 vnc_read_when(vs, protocol_version, 12);
0e1f5a0c 2114 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
3aa3eea3
AZ		 2115 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2116 vs->has_resize = 0;
2117 vs->has_hextile = 0;
90a1e3c0 2118 vs->has_WMVi = 0;
7d957bd8 2119 dcl->dpy_copy = NULL;
3aa3eea3 2120 vnc_update_client(vs);
53762ddb 2121 reset_keys(vs);
3aa3eea3
AZ		 2122}
2123
24236869
FB		 2124static void vnc_listen_read(void *opaque)
2125{
2126 VncState *vs = opaque;
2127 struct sockaddr_in addr;
2128 socklen_t addrlen = sizeof(addr);
2129
9f60ad50
AZ		 2130 /* Catch-up */
2131 vga_hw_update();
2132
24236869
FB		 2133 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2134 if (vs->csock != -1) {
3aa3eea3 2135 vnc_connect(vs);
24236869
FB		 2136 }
2137}
2138
71cab5ca 2139void vnc_display_init(DisplayState *ds)
24236869 2140{
24236869
FB		 2141 VncState *vs;
2142
2143 vs = qemu_mallocz(sizeof(VncState));
7d957bd8
AL		 2144 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2145 if (!vs || !dcl)
24236869
FB		 2146 exit(1);
2147
2148 ds->opaque = vs;
7d957bd8 2149 dcl->idle = 1;
a9ce8590 2150 vnc_state = vs;
71cab5ca 2151 vs->display = NULL;
70848515 2152 vs->password = NULL;
24236869
FB		 2153
2154 vs->lsock = -1;
2155 vs->csock = -1;
564c337e
FB		 2156 vs->last_x = -1;
2157 vs->last_y = -1;
24236869
FB		 2158
2159 vs->ds = ds;
2160
9ca313aa
AL		 2161 if (keyboard_layout)
2162 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2163 else
2164 vs->kbd_layout = init_keyboard_layout("en-us");
24236869 2165
24236869
FB		 2166 if (!vs->kbd_layout)
2167 exit(1);
2168
a0ecfb73
AZ		 2169 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2170
7d957bd8
AL		 2171 dcl->dpy_update = vnc_dpy_update;
2172 dcl->dpy_resize = vnc_dpy_resize;
2173 dcl->dpy_setdata = vnc_dpy_setdata;
2174 dcl->dpy_refresh = NULL;
2175 register_displaychangelistener(ds, dcl);
429a8ed3 2176
2177 vs->as.freq = 44100;
2178 vs->as.nchannels = 2;
2179 vs->as.fmt = AUD_FMT_S16;
2180 vs->as.endianness = 0;
71cab5ca
TS		 2181}
2182
eb38c52c 2183#ifdef CONFIG_VNC_TLS
6f43024c
TS		 2184static int vnc_set_x509_credential(VncState *vs,
2185 const char *certdir,
2186 const char *filename,
2187 char **cred,
2188 int ignoreMissing)
2189{
2190 struct stat sb;
2191
2192 if (*cred) {
2193 qemu_free(*cred);
2194 *cred = NULL;
2195 }
2196
2197 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2198 return -1;
2199
2200 strcpy(*cred, certdir);
2201 strcat(*cred, "/");
2202 strcat(*cred, filename);
2203
2204 VNC_DEBUG("Check %s\n", *cred);
2205 if (stat(*cred, &sb) < 0) {
2206 qemu_free(*cred);
2207 *cred = NULL;
2208 if (ignoreMissing && errno == ENOENT)
2209 return 0;
2210 return -1;
2211 }
2212
2213 return 0;
2214}
2215
2216static int vnc_set_x509_credential_dir(VncState *vs,
2217 const char *certdir)
2218{
2219 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2220 goto cleanup;
2221 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2222 goto cleanup;
2223 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2224 goto cleanup;
2225 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2226 goto cleanup;
2227
2228 return 0;
2229
2230 cleanup:
2231 qemu_free(vs->x509cacert);
2232 qemu_free(vs->x509cacrl);
2233 qemu_free(vs->x509cert);
2234 qemu_free(vs->x509key);
2235 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2236 return -1;
2237}
2238#endif /* CONFIG_VNC_TLS */
2239
71cab5ca
TS		 2240void vnc_display_close(DisplayState *ds)
2241{
e25a5822 2242 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
71cab5ca
TS		 2243
2244 if (vs->display) {
2245 qemu_free(vs->display);
2246 vs->display = NULL;
2247 }
2248 if (vs->lsock != -1) {
2249 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2250 close(vs->lsock);
2251 vs->lsock = -1;
2252 }
2253 if (vs->csock != -1) {
2254 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2255 closesocket(vs->csock);
2256 vs->csock = -1;
2257 buffer_reset(&vs->input);
2258 buffer_reset(&vs->output);
2259 vs->need_update = 0;
eb38c52c 2260#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2261 if (vs->tls_session) {
2262 gnutls_deinit(vs->tls_session);
2263 vs->tls_session = NULL;
2264 }
2265 vs->wiremode = VNC_WIREMODE_CLEAR;
2266#endif /* CONFIG_VNC_TLS */
71cab5ca 2267 }
70848515 2268 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2269#ifdef CONFIG_VNC_TLS
8d5d2d4c 2270 vs->subauth = VNC_AUTH_INVALID;
469b15c6 2271 vs->x509verify = 0;
8d5d2d4c 2272#endif
429a8ed3 2273 audio_del(vs);
70848515
TS		 2274}
2275
2276int vnc_display_password(DisplayState *ds, const char *password)
2277{
2278 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2279
2280 if (vs->password) {
2281 qemu_free(vs->password);
2282 vs->password = NULL;
2283 }
2284 if (password && password[0]) {
2285 if (!(vs->password = qemu_strdup(password)))
2286 return -1;
2287 }
2288
2289 return 0;
71cab5ca
TS		 2290}
2291
70848515 2292int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2293{
e25a5822 2294 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
70848515
TS		 2295 const char *options;
2296 int password = 0;
3aa3eea3 2297 int reverse = 0;
9712ecaf 2298 int to_port = 0;
eb38c52c 2299#ifdef CONFIG_VNC_TLS
3a702699 2300 int tls = 0, x509 = 0;
8d5d2d4c 2301#endif
71cab5ca
TS		 2302
2303 vnc_display_close(ds);
70848515 2304 if (strcmp(display, "none") == 0)
71cab5ca 2305 return 0;
24236869 2306
70848515 2307 if (!(vs->display = strdup(display)))
71cab5ca 2308 return -1;
70848515
TS		 2309
2310 options = display;
2311 while ((options = strchr(options, ','))) {
2312 options++;
469b15c6 2313 if (strncmp(options, "password", 8) == 0) {
70848515 2314 password = 1; /* Require password auth */
3aa3eea3
AZ		 2315 } else if (strncmp(options, "reverse", 7) == 0) {
2316 reverse = 1;
9712ecaf
AL		 2317 } else if (strncmp(options, "to=", 3) == 0) {
2318 to_port = atoi(options+3) + 5900;
eb38c52c 2319#ifdef CONFIG_VNC_TLS
469b15c6 2320 } else if (strncmp(options, "tls", 3) == 0) {
8d5d2d4c 2321 tls = 1; /* Require TLS */
469b15c6 2322 } else if (strncmp(options, "x509", 4) == 0) {
6f43024c 2323 char *start, *end;
3a702699 2324 x509 = 1; /* Require x509 certificates */
6f43024c
TS		 2325 if (strncmp(options, "x509verify", 10) == 0)
2326 vs->x509verify = 1; /* ...and verify client certs */
2327
2328 /* Now check for 'x509=/some/path' postfix
2329 * and use that to setup x509 certificate/key paths */
2330 start = strchr(options, '=');
2331 end = strchr(options, ',');
2332 if (start && (!end || (start < end))) {
2333 int len = end ? end-(start+1) : strlen(start+1);
be351261 2334 char *path = qemu_strndup(start + 1, len);
be15b141 2335
6f43024c
TS		 2336 VNC_DEBUG("Trying certificate path '%s'\n", path);
2337 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2338 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2339 qemu_free(path);
2340 qemu_free(vs->display);
2341 vs->display = NULL;
2342 return -1;
2343 }
2344 qemu_free(path);
2345 } else {
2346 fprintf(stderr, "No certificate path provided\n");
2347 qemu_free(vs->display);
2348 vs->display = NULL;
2349 return -1;
2350 }
8d5d2d4c 2351#endif
469b15c6 2352 }
70848515
TS		 2353 }
2354
2355 if (password) {
eb38c52c 2356#ifdef CONFIG_VNC_TLS
8d5d2d4c 2357 if (tls) {
8d5d2d4c 2358 vs->auth = VNC_AUTH_VENCRYPT;
3a702699
TS		 2359 if (x509) {
2360 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2361 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2362 } else {
2363 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2364 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2365 }
8d5d2d4c
TS		 2366 } else {
2367#endif
2368 VNC_DEBUG("Initializing VNC server with password auth\n");
2369 vs->auth = VNC_AUTH_VNC;
eb38c52c 2370#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2371 vs->subauth = VNC_AUTH_INVALID;
2372 }
2373#endif
70848515 2374 } else {
eb38c52c 2375#ifdef CONFIG_VNC_TLS
8d5d2d4c 2376 if (tls) {
8d5d2d4c 2377 vs->auth = VNC_AUTH_VENCRYPT;
3a702699
TS		 2378 if (x509) {
2379 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2380 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2381 } else {
2382 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2383 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2384 }
8d5d2d4c
TS		 2385 } else {
2386#endif
2387 VNC_DEBUG("Initializing VNC server with no auth\n");
2388 vs->auth = VNC_AUTH_NONE;
eb38c52c 2389#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2390 vs->subauth = VNC_AUTH_INVALID;
2391 }
2392#endif
70848515 2393 }
24236869 2394
3aa3eea3 2395 if (reverse) {
9712ecaf
AL		 2396 /* connect to viewer */
2397 if (strncmp(display, "unix:", 5) == 0)
2398 vs->lsock = unix_connect(display+5);
2399 else
2400 vs->lsock = inet_connect(display, SOCK_STREAM);
2401 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2402 free(vs->display);
2403 vs->display = NULL;
2404 return -1;
2405 } else {
2406 vs->csock = vs->lsock;
2407 vs->lsock = -1;
2408 vnc_connect(vs);
3aa3eea3 2409 }
9712ecaf 2410 return 0;
24236869 2411
9712ecaf
AL		 2412 } else {
2413 /* listen for connects */
2414 char *dpy;
2415 dpy = qemu_malloc(256);
2416 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2417 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2418 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2419 } else {
2420 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2421 }
2422 if (-1 == vs->lsock) {
2423 free(dpy);
d0513623 2424 return -1;
9712ecaf
AL		 2425 } else {
2426 free(vs->display);
2427 vs->display = dpy;
2428 }
24236869
FB		 2429 }
2430
71cab5ca 2431 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
24236869 2432}
QEMU mirror