]> git.proxmox.com Git - qemu.git/blob - vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
monitor: Reorder info documentation
[qemu.git] / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static int vnc_cursor_define(VncState *vs);
53
54 static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
56 socklen_t salen) {
57 char *addr;
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
60 int err;
61 size_t addrlen;
62
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
64 host, sizeof(host),
65 serv, sizeof(serv),
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
69 return NULL;
70 }
71
72 /* Enough for the existing format + the 2 vars we're
73 * substituting in. */
74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
77 addr[addrlen] = '\0';
78
79 return addr;
80 }
81
82
83 char *vnc_socket_local_addr(const char *format, int fd) {
84 struct sockaddr_storage sa;
85 socklen_t salen;
86
87 salen = sizeof(sa);
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89 return NULL;
90
91 return addr_to_string(format, &sa, salen);
92 }
93
94 char *vnc_socket_remote_addr(const char *format, int fd) {
95 struct sockaddr_storage sa;
96 socklen_t salen;
97
98 salen = sizeof(sa);
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100 return NULL;
101
102 return addr_to_string(format, &sa, salen);
103 }
104
105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106 socklen_t salen)
107 {
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
110 int err;
111
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
113 host, sizeof(host),
114 serv, sizeof(serv),
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
118 return -1;
119 }
120
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
124
125 return 0;
126 }
127
128 static int vnc_server_addr_put(QDict *qdict, int fd)
129 {
130 struct sockaddr_storage sa;
131 socklen_t salen;
132
133 salen = sizeof(sa);
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135 return -1;
136 }
137
138 return put_addr_qdict(qdict, &sa, salen);
139 }
140
141 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142 {
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148 return -1;
149 }
150
151 return put_addr_qdict(qdict, &sa, salen);
152 }
153
154 static const char *vnc_auth_name(VncDisplay *vd) {
155 switch (vd->auth) {
156 case VNC_AUTH_INVALID:
157 return "invalid";
158 case VNC_AUTH_NONE:
159 return "none";
160 case VNC_AUTH_VNC:
161 return "vnc";
162 case VNC_AUTH_RA2:
163 return "ra2";
164 case VNC_AUTH_RA2NE:
165 return "ra2ne";
166 case VNC_AUTH_TIGHT:
167 return "tight";
168 case VNC_AUTH_ULTRA:
169 return "ultra";
170 case VNC_AUTH_TLS:
171 return "tls";
172 case VNC_AUTH_VENCRYPT:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
193 default:
194 return "vencrypt";
195 }
196 #else
197 return "vencrypt";
198 #endif
199 case VNC_AUTH_SASL:
200 return "sasl";
201 }
202 return "unknown";
203 }
204
205 static int vnc_server_info_put(QDict *qdict)
206 {
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208 return -1;
209 }
210
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212 return 0;
213 }
214
215 static void vnc_client_cache_auth(VncState *client)
216 {
217 QDict *qdict;
218
219 if (!client->info) {
220 return;
221 }
222
223 qdict = qobject_to_qdict(client->info);
224
225 #ifdef CONFIG_VNC_TLS
226 if (client->tls.session &&
227 client->tls.dname) {
228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229 }
230 #endif
231 #ifdef CONFIG_VNC_SASL
232 if (client->sasl.conn &&
233 client->sasl.username) {
234 qdict_put(qdict, "sasl_username",
235 qstring_from_str(client->sasl.username));
236 }
237 #endif
238 }
239
240 static void vnc_client_cache_addr(VncState *client)
241 {
242 QDict *qdict;
243
244 qdict = qdict_new();
245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246 QDECREF(qdict);
247 /* XXX: how to report the error? */
248 return;
249 }
250
251 client->info = QOBJECT(qdict);
252 }
253
254 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255 {
256 QDict *server;
257 QObject *data;
258
259 if (!vs->info) {
260 return;
261 }
262
263 server = qdict_new();
264 if (vnc_server_info_put(server) < 0) {
265 QDECREF(server);
266 return;
267 }
268
269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs->info, QOBJECT(server));
271
272 monitor_protocol_event(event, data);
273
274 qobject_incref(vs->info);
275 qobject_decref(data);
276 }
277
278 static void info_vnc_iter(QObject *obj, void *opaque)
279 {
280 QDict *client;
281 Monitor *mon = opaque;
282
283 client = qobject_to_qdict(obj);
284 monitor_printf(mon, "Client:\n");
285 monitor_printf(mon, " address: %s:%s\n",
286 qdict_get_str(client, "host"),
287 qdict_get_str(client, "service"));
288
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon, " x509_dname: %s\n",
291 qdict_haskey(client, "x509_dname") ?
292 qdict_get_str(client, "x509_dname") : "none");
293 #endif
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon, " username: %s\n",
296 qdict_haskey(client, "sasl_username") ?
297 qdict_get_str(client, "sasl_username") : "none");
298 #endif
299 }
300
301 void do_info_vnc_print(Monitor *mon, const QObject *data)
302 {
303 QDict *server;
304 QList *clients;
305
306 server = qobject_to_qdict(data);
307 if (qdict_get_bool(server, "enabled") == 0) {
308 monitor_printf(mon, "Server: disabled\n");
309 return;
310 }
311
312 monitor_printf(mon, "Server:\n");
313 monitor_printf(mon, " address: %s:%s\n",
314 qdict_get_str(server, "host"),
315 qdict_get_str(server, "service"));
316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
317
318 clients = qdict_get_qlist(server, "clients");
319 if (qlist_empty(clients)) {
320 monitor_printf(mon, "Client: none\n");
321 } else {
322 qlist_iter(clients, info_vnc_iter, mon);
323 }
324 }
325
326 /**
327 * do_info_vnc(): Show VNC server information
328 *
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
331 *
332 * The main QDict contains the following:
333 *
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
340 *
341 * Clients are described by a QDict, with the following information:
342 *
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
348 *
349 * Example:
350 *
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
352 * "family": "ipv4",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
354 */
355 void do_info_vnc(Monitor *mon, QObject **ret_data)
356 {
357 if (vnc_display == NULL || vnc_display->display == NULL) {
358 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
359 } else {
360 QList *clist;
361 VncState *client;
362
363 clist = qlist_new();
364 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
365 if (client->info) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client->info);
368 qlist_append_obj(clist, client->info);
369 }
370 }
371
372 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
373 QOBJECT(clist));
374 assert(*ret_data != NULL);
375
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
377 qobject_decref(*ret_data);
378 *ret_data = NULL;
379 }
380 }
381 }
382
383 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
384 return (vs->features & (1 << feature));
385 }
386
387 /* TODO
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
392 */
393
394 static int vnc_update_client(VncState *vs, int has_dirty);
395 static void vnc_disconnect_start(VncState *vs);
396 static void vnc_disconnect_finish(VncState *vs);
397 static void vnc_init_timer(VncDisplay *vd);
398 static void vnc_remove_timer(VncDisplay *vd);
399
400 static void vnc_colordepth(VncState *vs);
401 static void framebuffer_update_request(VncState *vs, int incremental,
402 int x_position, int y_position,
403 int w, int h);
404 static void vnc_refresh(void *opaque);
405 static int vnc_refresh_server_surface(VncDisplay *vd);
406
407 static inline void vnc_set_bit(uint32_t *d, int k)
408 {
409 d[k >> 5] |= 1 << (k & 0x1f);
410 }
411
412 static inline void vnc_clear_bit(uint32_t *d, int k)
413 {
414 d[k >> 5] &= ~(1 << (k & 0x1f));
415 }
416
417 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
418 {
419 int j;
420
421 j = 0;
422 while (n >= 32) {
423 d[j++] = -1;
424 n -= 32;
425 }
426 if (n > 0)
427 d[j++] = (1 << n) - 1;
428 while (j < nb_words)
429 d[j++] = 0;
430 }
431
432 static inline int vnc_get_bit(const uint32_t *d, int k)
433 {
434 return (d[k >> 5] >> (k & 0x1f)) & 1;
435 }
436
437 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
438 int nb_words)
439 {
440 int i;
441 for(i = 0; i < nb_words; i++) {
442 if ((d1[i] & d2[i]) != 0)
443 return 1;
444 }
445 return 0;
446 }
447
448 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
449 {
450 int i;
451 VncDisplay *vd = ds->opaque;
452 struct VncSurface *s = &vd->guest;
453
454 h += y;
455
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
459 */
460 w += (x % 16);
461 x -= (x % 16);
462
463 x = MIN(x, s->ds->width);
464 y = MIN(y, s->ds->height);
465 w = MIN(x + w, s->ds->width) - x;
466 h = MIN(h, s->ds->height);
467
468 for (; y < h; y++)
469 for (i = 0; i < w; i += 16)
470 vnc_set_bit(s->dirty[y], (x + i) / 16);
471 }
472
473 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
474 int32_t encoding)
475 {
476 vnc_write_u16(vs, x);
477 vnc_write_u16(vs, y);
478 vnc_write_u16(vs, w);
479 vnc_write_u16(vs, h);
480
481 vnc_write_s32(vs, encoding);
482 }
483
484 void buffer_reserve(Buffer *buffer, size_t len)
485 {
486 if ((buffer->capacity - buffer->offset) < len) {
487 buffer->capacity += (len + 1024);
488 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
489 if (buffer->buffer == NULL) {
490 fprintf(stderr, "vnc: out of memory\n");
491 exit(1);
492 }
493 }
494 }
495
496 int buffer_empty(Buffer *buffer)
497 {
498 return buffer->offset == 0;
499 }
500
501 uint8_t *buffer_end(Buffer *buffer)
502 {
503 return buffer->buffer + buffer->offset;
504 }
505
506 void buffer_reset(Buffer *buffer)
507 {
508 buffer->offset = 0;
509 }
510
511 void buffer_free(Buffer *buffer)
512 {
513 qemu_free(buffer->buffer);
514 buffer->offset = 0;
515 buffer->capacity = 0;
516 buffer->buffer = NULL;
517 }
518
519 void buffer_append(Buffer *buffer, const void *data, size_t len)
520 {
521 memcpy(buffer->buffer + buffer->offset, data, len);
522 buffer->offset += len;
523 }
524
525 static void vnc_desktop_resize(VncState *vs)
526 {
527 DisplayState *ds = vs->ds;
528
529 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
530 return;
531 }
532 if (vs->client_width == ds_get_width(ds) &&
533 vs->client_height == ds_get_height(ds)) {
534 return;
535 }
536 vs->client_width = ds_get_width(ds);
537 vs->client_height = ds_get_height(ds);
538 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
539 vnc_write_u8(vs, 0);
540 vnc_write_u16(vs, 1); /* number of rects */
541 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
542 VNC_ENCODING_DESKTOPRESIZE);
543 vnc_flush(vs);
544 }
545
546 static void vnc_dpy_resize(DisplayState *ds)
547 {
548 VncDisplay *vd = ds->opaque;
549 VncState *vs;
550
551 /* server surface */
552 if (!vd->server)
553 vd->server = qemu_mallocz(sizeof(*vd->server));
554 if (vd->server->data)
555 qemu_free(vd->server->data);
556 *(vd->server) = *(ds->surface);
557 vd->server->data = qemu_mallocz(vd->server->linesize *
558 vd->server->height);
559
560 /* guest surface */
561 if (!vd->guest.ds)
562 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
563 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
564 console_color_init(ds);
565 *(vd->guest.ds) = *(ds->surface);
566 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
567
568 QTAILQ_FOREACH(vs, &vd->clients, next) {
569 vnc_colordepth(vs);
570 vnc_desktop_resize(vs);
571 if (vs->vd->cursor) {
572 vnc_cursor_define(vs);
573 }
574 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
575 }
576 }
577
578 /* fastest code */
579 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
580 void *pixels, int size)
581 {
582 vnc_write(vs, pixels, size);
583 }
584
585 /* slowest but generic code. */
586 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
587 {
588 uint8_t r, g, b;
589 VncDisplay *vd = vs->vd;
590
591 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
592 vd->server->pf.rbits);
593 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
594 vd->server->pf.gbits);
595 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
596 vd->server->pf.bbits);
597 v = (r << vs->clientds.pf.rshift) |
598 (g << vs->clientds.pf.gshift) |
599 (b << vs->clientds.pf.bshift);
600 switch(vs->clientds.pf.bytes_per_pixel) {
601 case 1:
602 buf[0] = v;
603 break;
604 case 2:
605 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
606 buf[0] = v >> 8;
607 buf[1] = v;
608 } else {
609 buf[1] = v >> 8;
610 buf[0] = v;
611 }
612 break;
613 default:
614 case 4:
615 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
616 buf[0] = v >> 24;
617 buf[1] = v >> 16;
618 buf[2] = v >> 8;
619 buf[3] = v;
620 } else {
621 buf[3] = v >> 24;
622 buf[2] = v >> 16;
623 buf[1] = v >> 8;
624 buf[0] = v;
625 }
626 break;
627 }
628 }
629
630 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
631 void *pixels1, int size)
632 {
633 uint8_t buf[4];
634
635 if (pf->bytes_per_pixel == 4) {
636 uint32_t *pixels = pixels1;
637 int n, i;
638 n = size >> 2;
639 for(i = 0; i < n; i++) {
640 vnc_convert_pixel(vs, buf, pixels[i]);
641 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
642 }
643 } else if (pf->bytes_per_pixel == 2) {
644 uint16_t *pixels = pixels1;
645 int n, i;
646 n = size >> 1;
647 for(i = 0; i < n; i++) {
648 vnc_convert_pixel(vs, buf, pixels[i]);
649 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
650 }
651 } else if (pf->bytes_per_pixel == 1) {
652 uint8_t *pixels = pixels1;
653 int n, i;
654 n = size;
655 for(i = 0; i < n; i++) {
656 vnc_convert_pixel(vs, buf, pixels[i]);
657 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
658 }
659 } else {
660 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
661 }
662 }
663
664 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
665 {
666 int i;
667 uint8_t *row;
668 VncDisplay *vd = vs->vd;
669
670 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
671 for (i = 0; i < h; i++) {
672 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
673 row += ds_get_linesize(vs->ds);
674 }
675 return 1;
676 }
677
678 static int send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
679 {
680 int n = 0;
681
682 switch(vs->vnc_encoding) {
683 case VNC_ENCODING_ZLIB:
684 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
685 break;
686 case VNC_ENCODING_HEXTILE:
687 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
688 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
689 break;
690 case VNC_ENCODING_TIGHT:
691 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
692 break;
693 default:
694 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
695 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
696 break;
697 }
698 return n;
699 }
700
701 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
702 {
703 /* send bitblit op to the vnc client */
704 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
705 vnc_write_u8(vs, 0);
706 vnc_write_u16(vs, 1); /* number of rects */
707 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
708 vnc_write_u16(vs, src_x);
709 vnc_write_u16(vs, src_y);
710 vnc_flush(vs);
711 }
712
713 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
714 {
715 VncDisplay *vd = ds->opaque;
716 VncState *vs, *vn;
717 uint8_t *src_row;
718 uint8_t *dst_row;
719 int i,x,y,pitch,depth,inc,w_lim,s;
720 int cmp_bytes;
721
722 vnc_refresh_server_surface(vd);
723 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
724 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
725 vs->force_update = 1;
726 vnc_update_client(vs, 1);
727 /* vs might be free()ed here */
728 }
729 }
730
731 /* do bitblit op on the local surface too */
732 pitch = ds_get_linesize(vd->ds);
733 depth = ds_get_bytes_per_pixel(vd->ds);
734 src_row = vd->server->data + pitch * src_y + depth * src_x;
735 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
736 y = dst_y;
737 inc = 1;
738 if (dst_y > src_y) {
739 /* copy backwards */
740 src_row += pitch * (h-1);
741 dst_row += pitch * (h-1);
742 pitch = -pitch;
743 y = dst_y + h - 1;
744 inc = -1;
745 }
746 w_lim = w - (16 - (dst_x % 16));
747 if (w_lim < 0)
748 w_lim = w;
749 else
750 w_lim = w - (w_lim % 16);
751 for (i = 0; i < h; i++) {
752 for (x = 0; x <= w_lim;
753 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
754 if (x == w_lim) {
755 if ((s = w - w_lim) == 0)
756 break;
757 } else if (!x) {
758 s = (16 - (dst_x % 16));
759 s = MIN(s, w_lim);
760 } else {
761 s = 16;
762 }
763 cmp_bytes = s * depth;
764 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
765 continue;
766 memmove(dst_row, src_row, cmp_bytes);
767 QTAILQ_FOREACH(vs, &vd->clients, next) {
768 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
769 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
770 }
771 }
772 }
773 src_row += pitch - w * depth;
774 dst_row += pitch - w * depth;
775 y += inc;
776 }
777
778 QTAILQ_FOREACH(vs, &vd->clients, next) {
779 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
780 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
781 }
782 }
783 }
784
785 static void vnc_mouse_set(int x, int y, int visible)
786 {
787 /* can we ask the client(s) to move the pointer ??? */
788 }
789
790 static int vnc_cursor_define(VncState *vs)
791 {
792 QEMUCursor *c = vs->vd->cursor;
793 PixelFormat pf = qemu_default_pixelformat(32);
794 int isize;
795
796 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
797 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
798 vnc_write_u8(vs, 0); /* padding */
799 vnc_write_u16(vs, 1); /* # of rects */
800 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
801 VNC_ENCODING_RICH_CURSOR);
802 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
803 vnc_write_pixels_generic(vs, &pf, c->data, isize);
804 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
805 return 0;
806 }
807 return -1;
808 }
809
810 static void vnc_dpy_cursor_define(QEMUCursor *c)
811 {
812 VncDisplay *vd = vnc_display;
813 VncState *vs;
814
815 cursor_put(vd->cursor);
816 qemu_free(vd->cursor_mask);
817
818 vd->cursor = c;
819 cursor_get(vd->cursor);
820 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
821 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
822 cursor_get_mono_mask(c, 0, vd->cursor_mask);
823
824 QTAILQ_FOREACH(vs, &vd->clients, next) {
825 vnc_cursor_define(vs);
826 }
827 }
828
829 static int find_and_clear_dirty_height(struct VncState *vs,
830 int y, int last_x, int x)
831 {
832 int h;
833 VncDisplay *vd = vs->vd;
834
835 for (h = 1; h < (vd->server->height - y); h++) {
836 int tmp_x;
837 if (!vnc_get_bit(vs->dirty[y + h], last_x))
838 break;
839 for (tmp_x = last_x; tmp_x < x; tmp_x++)
840 vnc_clear_bit(vs->dirty[y + h], tmp_x);
841 }
842
843 return h;
844 }
845
846 static int vnc_update_client(VncState *vs, int has_dirty)
847 {
848 if (vs->need_update && vs->csock != -1) {
849 VncDisplay *vd = vs->vd;
850 int y;
851 int n_rectangles;
852 int saved_offset;
853 int width, height;
854 int n;
855
856 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
857 /* kernel send buffers are full -> drop frames to throttle */
858 return 0;
859
860 if (!has_dirty && !vs->audio_cap && !vs->force_update)
861 return 0;
862
863 /*
864 * Send screen updates to the vnc client using the server
865 * surface and server dirty map. guest surface updates
866 * happening in parallel don't disturb us, the next pass will
867 * send them to the client.
868 */
869 n_rectangles = 0;
870 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
871 vnc_write_u8(vs, 0);
872 saved_offset = vs->output.offset;
873 vnc_write_u16(vs, 0);
874
875 width = MIN(vd->server->width, vs->client_width);
876 height = MIN(vd->server->height, vs->client_height);
877
878 for (y = 0; y < height; y++) {
879 int x;
880 int last_x = -1;
881 for (x = 0; x < width / 16; x++) {
882 if (vnc_get_bit(vs->dirty[y], x)) {
883 if (last_x == -1) {
884 last_x = x;
885 }
886 vnc_clear_bit(vs->dirty[y], x);
887 } else {
888 if (last_x != -1) {
889 int h = find_and_clear_dirty_height(vs, y, last_x, x);
890 n = send_framebuffer_update(vs, last_x * 16, y,
891 (x - last_x) * 16, h);
892 n_rectangles += n;
893 }
894 last_x = -1;
895 }
896 }
897 if (last_x != -1) {
898 int h = find_and_clear_dirty_height(vs, y, last_x, x);
899 n = send_framebuffer_update(vs, last_x * 16, y,
900 (x - last_x) * 16, h);
901 n_rectangles += n;
902 }
903 }
904 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
905 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
906 vnc_flush(vs);
907 vs->force_update = 0;
908 return n_rectangles;
909 }
910
911 if (vs->csock == -1)
912 vnc_disconnect_finish(vs);
913
914 return 0;
915 }
916
917 /* audio */
918 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
919 {
920 VncState *vs = opaque;
921
922 switch (cmd) {
923 case AUD_CNOTIFY_DISABLE:
924 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
925 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
926 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
927 vnc_flush(vs);
928 break;
929
930 case AUD_CNOTIFY_ENABLE:
931 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
932 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
933 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
934 vnc_flush(vs);
935 break;
936 }
937 }
938
939 static void audio_capture_destroy(void *opaque)
940 {
941 }
942
943 static void audio_capture(void *opaque, void *buf, int size)
944 {
945 VncState *vs = opaque;
946
947 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
948 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
949 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
950 vnc_write_u32(vs, size);
951 vnc_write(vs, buf, size);
952 vnc_flush(vs);
953 }
954
955 static void audio_add(VncState *vs)
956 {
957 struct audio_capture_ops ops;
958
959 if (vs->audio_cap) {
960 monitor_printf(default_mon, "audio already running\n");
961 return;
962 }
963
964 ops.notify = audio_capture_notify;
965 ops.destroy = audio_capture_destroy;
966 ops.capture = audio_capture;
967
968 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
969 if (!vs->audio_cap) {
970 monitor_printf(default_mon, "Failed to add audio capture\n");
971 }
972 }
973
974 static void audio_del(VncState *vs)
975 {
976 if (vs->audio_cap) {
977 AUD_del_capture(vs->audio_cap, vs);
978 vs->audio_cap = NULL;
979 }
980 }
981
982 static void vnc_disconnect_start(VncState *vs)
983 {
984 if (vs->csock == -1)
985 return;
986 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
987 closesocket(vs->csock);
988 vs->csock = -1;
989 }
990
991 static void vnc_disconnect_finish(VncState *vs)
992 {
993 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
994
995 buffer_free(&vs->input);
996 buffer_free(&vs->output);
997
998 qobject_decref(vs->info);
999
1000 vnc_zlib_clear(vs);
1001 vnc_tight_clear(vs);
1002
1003 #ifdef CONFIG_VNC_TLS
1004 vnc_tls_client_cleanup(vs);
1005 #endif /* CONFIG_VNC_TLS */
1006 #ifdef CONFIG_VNC_SASL
1007 vnc_sasl_client_cleanup(vs);
1008 #endif /* CONFIG_VNC_SASL */
1009 audio_del(vs);
1010
1011 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1012
1013 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1014 dcl->idle = 1;
1015 }
1016
1017 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1018 vnc_remove_timer(vs->vd);
1019 if (vs->vd->lock_key_sync)
1020 qemu_remove_led_event_handler(vs->led);
1021 qemu_free(vs);
1022 }
1023
1024 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1025 {
1026 if (ret == 0 || ret == -1) {
1027 if (ret == -1) {
1028 switch (last_errno) {
1029 case EINTR:
1030 case EAGAIN:
1031 #ifdef _WIN32
1032 case WSAEWOULDBLOCK:
1033 #endif
1034 return 0;
1035 default:
1036 break;
1037 }
1038 }
1039
1040 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1041 ret, ret < 0 ? last_errno : 0);
1042 vnc_disconnect_start(vs);
1043
1044 return 0;
1045 }
1046 return ret;
1047 }
1048
1049
1050 void vnc_client_error(VncState *vs)
1051 {
1052 VNC_DEBUG("Closing down client sock: protocol error\n");
1053 vnc_disconnect_start(vs);
1054 }
1055
1056
1057 /*
1058 * Called to write a chunk of data to the client socket. The data may
1059 * be the raw data, or may have already been encoded by SASL.
1060 * The data will be written either straight onto the socket, or
1061 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1062 *
1063 * NB, it is theoretically possible to have 2 layers of encryption,
1064 * both SASL, and this TLS layer. It is highly unlikely in practice
1065 * though, since SASL encryption will typically be a no-op if TLS
1066 * is active
1067 *
1068 * Returns the number of bytes written, which may be less than
1069 * the requested 'datalen' if the socket would block. Returns
1070 * -1 on error, and disconnects the client socket.
1071 */
1072 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1073 {
1074 long ret;
1075 #ifdef CONFIG_VNC_TLS
1076 if (vs->tls.session) {
1077 ret = gnutls_write(vs->tls.session, data, datalen);
1078 if (ret < 0) {
1079 if (ret == GNUTLS_E_AGAIN)
1080 errno = EAGAIN;
1081 else
1082 errno = EIO;
1083 ret = -1;
1084 }
1085 } else
1086 #endif /* CONFIG_VNC_TLS */
1087 ret = send(vs->csock, (const void *)data, datalen, 0);
1088 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1089 return vnc_client_io_error(vs, ret, socket_error());
1090 }
1091
1092
1093 /*
1094 * Called to write buffered data to the client socket, when not
1095 * using any SASL SSF encryption layers. Will write as much data
1096 * as possible without blocking. If all buffered data is written,
1097 * will switch the FD poll() handler back to read monitoring.
1098 *
1099 * Returns the number of bytes written, which may be less than
1100 * the buffered output data if the socket would block. Returns
1101 * -1 on error, and disconnects the client socket.
1102 */
1103 static long vnc_client_write_plain(VncState *vs)
1104 {
1105 long ret;
1106
1107 #ifdef CONFIG_VNC_SASL
1108 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1109 vs->output.buffer, vs->output.capacity, vs->output.offset,
1110 vs->sasl.waitWriteSSF);
1111
1112 if (vs->sasl.conn &&
1113 vs->sasl.runSSF &&
1114 vs->sasl.waitWriteSSF) {
1115 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1116 if (ret)
1117 vs->sasl.waitWriteSSF -= ret;
1118 } else
1119 #endif /* CONFIG_VNC_SASL */
1120 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1121 if (!ret)
1122 return 0;
1123
1124 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1125 vs->output.offset -= ret;
1126
1127 if (vs->output.offset == 0) {
1128 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1129 }
1130
1131 return ret;
1132 }
1133
1134
1135 /*
1136 * First function called whenever there is data to be written to
1137 * the client socket. Will delegate actual work according to whether
1138 * SASL SSF layers are enabled (thus requiring encryption calls)
1139 */
1140 void vnc_client_write(void *opaque)
1141 {
1142 VncState *vs = opaque;
1143
1144 #ifdef CONFIG_VNC_SASL
1145 if (vs->sasl.conn &&
1146 vs->sasl.runSSF &&
1147 !vs->sasl.waitWriteSSF) {
1148 vnc_client_write_sasl(vs);
1149 } else
1150 #endif /* CONFIG_VNC_SASL */
1151 vnc_client_write_plain(vs);
1152 }
1153
1154 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1155 {
1156 vs->read_handler = func;
1157 vs->read_handler_expect = expecting;
1158 }
1159
1160
1161 /*
1162 * Called to read a chunk of data from the client socket. The data may
1163 * be the raw data, or may need to be further decoded by SASL.
1164 * The data will be read either straight from to the socket, or
1165 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1166 *
1167 * NB, it is theoretically possible to have 2 layers of encryption,
1168 * both SASL, and this TLS layer. It is highly unlikely in practice
1169 * though, since SASL encryption will typically be a no-op if TLS
1170 * is active
1171 *
1172 * Returns the number of bytes read, which may be less than
1173 * the requested 'datalen' if the socket would block. Returns
1174 * -1 on error, and disconnects the client socket.
1175 */
1176 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1177 {
1178 long ret;
1179 #ifdef CONFIG_VNC_TLS
1180 if (vs->tls.session) {
1181 ret = gnutls_read(vs->tls.session, data, datalen);
1182 if (ret < 0) {
1183 if (ret == GNUTLS_E_AGAIN)
1184 errno = EAGAIN;
1185 else
1186 errno = EIO;
1187 ret = -1;
1188 }
1189 } else
1190 #endif /* CONFIG_VNC_TLS */
1191 ret = recv(vs->csock, (void *)data, datalen, 0);
1192 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1193 return vnc_client_io_error(vs, ret, socket_error());
1194 }
1195
1196
1197 /*
1198 * Called to read data from the client socket to the input buffer,
1199 * when not using any SASL SSF encryption layers. Will read as much
1200 * data as possible without blocking.
1201 *
1202 * Returns the number of bytes read. Returns -1 on error, and
1203 * disconnects the client socket.
1204 */
1205 static long vnc_client_read_plain(VncState *vs)
1206 {
1207 int ret;
1208 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1209 vs->input.buffer, vs->input.capacity, vs->input.offset);
1210 buffer_reserve(&vs->input, 4096);
1211 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1212 if (!ret)
1213 return 0;
1214 vs->input.offset += ret;
1215 return ret;
1216 }
1217
1218
1219 /*
1220 * First function called whenever there is more data to be read from
1221 * the client socket. Will delegate actual work according to whether
1222 * SASL SSF layers are enabled (thus requiring decryption calls)
1223 */
1224 void vnc_client_read(void *opaque)
1225 {
1226 VncState *vs = opaque;
1227 long ret;
1228
1229 #ifdef CONFIG_VNC_SASL
1230 if (vs->sasl.conn && vs->sasl.runSSF)
1231 ret = vnc_client_read_sasl(vs);
1232 else
1233 #endif /* CONFIG_VNC_SASL */
1234 ret = vnc_client_read_plain(vs);
1235 if (!ret) {
1236 if (vs->csock == -1)
1237 vnc_disconnect_finish(vs);
1238 return;
1239 }
1240
1241 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1242 size_t len = vs->read_handler_expect;
1243 int ret;
1244
1245 ret = vs->read_handler(vs, vs->input.buffer, len);
1246 if (vs->csock == -1) {
1247 vnc_disconnect_finish(vs);
1248 return;
1249 }
1250
1251 if (!ret) {
1252 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1253 vs->input.offset -= len;
1254 } else {
1255 vs->read_handler_expect = ret;
1256 }
1257 }
1258 }
1259
1260 void vnc_write(VncState *vs, const void *data, size_t len)
1261 {
1262 buffer_reserve(&vs->output, len);
1263
1264 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1265 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1266 }
1267
1268 buffer_append(&vs->output, data, len);
1269 }
1270
1271 void vnc_write_s32(VncState *vs, int32_t value)
1272 {
1273 vnc_write_u32(vs, *(uint32_t *)&value);
1274 }
1275
1276 void vnc_write_u32(VncState *vs, uint32_t value)
1277 {
1278 uint8_t buf[4];
1279
1280 buf[0] = (value >> 24) & 0xFF;
1281 buf[1] = (value >> 16) & 0xFF;
1282 buf[2] = (value >> 8) & 0xFF;
1283 buf[3] = value & 0xFF;
1284
1285 vnc_write(vs, buf, 4);
1286 }
1287
1288 void vnc_write_u16(VncState *vs, uint16_t value)
1289 {
1290 uint8_t buf[2];
1291
1292 buf[0] = (value >> 8) & 0xFF;
1293 buf[1] = value & 0xFF;
1294
1295 vnc_write(vs, buf, 2);
1296 }
1297
1298 void vnc_write_u8(VncState *vs, uint8_t value)
1299 {
1300 vnc_write(vs, (char *)&value, 1);
1301 }
1302
1303 void vnc_flush(VncState *vs)
1304 {
1305 if (vs->csock != -1 && vs->output.offset)
1306 vnc_client_write(vs);
1307 }
1308
1309 uint8_t read_u8(uint8_t *data, size_t offset)
1310 {
1311 return data[offset];
1312 }
1313
1314 uint16_t read_u16(uint8_t *data, size_t offset)
1315 {
1316 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1317 }
1318
1319 int32_t read_s32(uint8_t *data, size_t offset)
1320 {
1321 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1322 (data[offset + 2] << 8) | data[offset + 3]);
1323 }
1324
1325 uint32_t read_u32(uint8_t *data, size_t offset)
1326 {
1327 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1328 (data[offset + 2] << 8) | data[offset + 3]);
1329 }
1330
1331 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1332 {
1333 }
1334
1335 static void check_pointer_type_change(Notifier *notifier)
1336 {
1337 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1338 int absolute = kbd_mouse_is_absolute();
1339
1340 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1341 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1342 vnc_write_u8(vs, 0);
1343 vnc_write_u16(vs, 1);
1344 vnc_framebuffer_update(vs, absolute, 0,
1345 ds_get_width(vs->ds), ds_get_height(vs->ds),
1346 VNC_ENCODING_POINTER_TYPE_CHANGE);
1347 vnc_flush(vs);
1348 }
1349 vs->absolute = absolute;
1350 }
1351
1352 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1353 {
1354 int buttons = 0;
1355 int dz = 0;
1356
1357 if (button_mask & 0x01)
1358 buttons |= MOUSE_EVENT_LBUTTON;
1359 if (button_mask & 0x02)
1360 buttons |= MOUSE_EVENT_MBUTTON;
1361 if (button_mask & 0x04)
1362 buttons |= MOUSE_EVENT_RBUTTON;
1363 if (button_mask & 0x08)
1364 dz = -1;
1365 if (button_mask & 0x10)
1366 dz = 1;
1367
1368 if (vs->absolute) {
1369 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1370 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1371 ds_get_height(vs->ds) > 1 ?
1372 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1373 dz, buttons);
1374 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1375 x -= 0x7FFF;
1376 y -= 0x7FFF;
1377
1378 kbd_mouse_event(x, y, dz, buttons);
1379 } else {
1380 if (vs->last_x != -1)
1381 kbd_mouse_event(x - vs->last_x,
1382 y - vs->last_y,
1383 dz, buttons);
1384 vs->last_x = x;
1385 vs->last_y = y;
1386 }
1387 }
1388
1389 static void reset_keys(VncState *vs)
1390 {
1391 int i;
1392 for(i = 0; i < 256; i++) {
1393 if (vs->modifiers_state[i]) {
1394 if (i & SCANCODE_GREY)
1395 kbd_put_keycode(SCANCODE_EMUL0);
1396 kbd_put_keycode(i | SCANCODE_UP);
1397 vs->modifiers_state[i] = 0;
1398 }
1399 }
1400 }
1401
1402 static void press_key(VncState *vs, int keysym)
1403 {
1404 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1405 if (keycode & SCANCODE_GREY)
1406 kbd_put_keycode(SCANCODE_EMUL0);
1407 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1408 if (keycode & SCANCODE_GREY)
1409 kbd_put_keycode(SCANCODE_EMUL0);
1410 kbd_put_keycode(keycode | SCANCODE_UP);
1411 }
1412
1413 static void kbd_leds(void *opaque, int ledstate)
1414 {
1415 VncState *vs = opaque;
1416 int caps, num;
1417
1418 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1419 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1420
1421 if (vs->modifiers_state[0x3a] != caps) {
1422 vs->modifiers_state[0x3a] = caps;
1423 }
1424 if (vs->modifiers_state[0x45] != num) {
1425 vs->modifiers_state[0x45] = num;
1426 }
1427 }
1428
1429 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1430 {
1431 /* QEMU console switch */
1432 switch(keycode) {
1433 case 0x2a: /* Left Shift */
1434 case 0x36: /* Right Shift */
1435 case 0x1d: /* Left CTRL */
1436 case 0x9d: /* Right CTRL */
1437 case 0x38: /* Left ALT */
1438 case 0xb8: /* Right ALT */
1439 if (down)
1440 vs->modifiers_state[keycode] = 1;
1441 else
1442 vs->modifiers_state[keycode] = 0;
1443 break;
1444 case 0x02 ... 0x0a: /* '1' to '9' keys */
1445 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1446 /* Reset the modifiers sent to the current console */
1447 reset_keys(vs);
1448 console_select(keycode - 0x02);
1449 return;
1450 }
1451 break;
1452 case 0x3a: /* CapsLock */
1453 case 0x45: /* NumLock */
1454 if (down)
1455 vs->modifiers_state[keycode] ^= 1;
1456 break;
1457 }
1458
1459 if (vs->vd->lock_key_sync &&
1460 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1461 /* If the numlock state needs to change then simulate an additional
1462 keypress before sending this one. This will happen if the user
1463 toggles numlock away from the VNC window.
1464 */
1465 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1466 if (!vs->modifiers_state[0x45]) {
1467 vs->modifiers_state[0x45] = 1;
1468 press_key(vs, 0xff7f);
1469 }
1470 } else {
1471 if (vs->modifiers_state[0x45]) {
1472 vs->modifiers_state[0x45] = 0;
1473 press_key(vs, 0xff7f);
1474 }
1475 }
1476 }
1477
1478 if (vs->vd->lock_key_sync &&
1479 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1480 /* If the capslock state needs to change then simulate an additional
1481 keypress before sending this one. This will happen if the user
1482 toggles capslock away from the VNC window.
1483 */
1484 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1485 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1486 int capslock = !!(vs->modifiers_state[0x3a]);
1487 if (capslock) {
1488 if (uppercase == shift) {
1489 vs->modifiers_state[0x3a] = 0;
1490 press_key(vs, 0xffe5);
1491 }
1492 } else {
1493 if (uppercase != shift) {
1494 vs->modifiers_state[0x3a] = 1;
1495 press_key(vs, 0xffe5);
1496 }
1497 }
1498 }
1499
1500 if (is_graphic_console()) {
1501 if (keycode & SCANCODE_GREY)
1502 kbd_put_keycode(SCANCODE_EMUL0);
1503 if (down)
1504 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1505 else
1506 kbd_put_keycode(keycode | SCANCODE_UP);
1507 } else {
1508 /* QEMU console emulation */
1509 if (down) {
1510 int numlock = vs->modifiers_state[0x45];
1511 switch (keycode) {
1512 case 0x2a: /* Left Shift */
1513 case 0x36: /* Right Shift */
1514 case 0x1d: /* Left CTRL */
1515 case 0x9d: /* Right CTRL */
1516 case 0x38: /* Left ALT */
1517 case 0xb8: /* Right ALT */
1518 break;
1519 case 0xc8:
1520 kbd_put_keysym(QEMU_KEY_UP);
1521 break;
1522 case 0xd0:
1523 kbd_put_keysym(QEMU_KEY_DOWN);
1524 break;
1525 case 0xcb:
1526 kbd_put_keysym(QEMU_KEY_LEFT);
1527 break;
1528 case 0xcd:
1529 kbd_put_keysym(QEMU_KEY_RIGHT);
1530 break;
1531 case 0xd3:
1532 kbd_put_keysym(QEMU_KEY_DELETE);
1533 break;
1534 case 0xc7:
1535 kbd_put_keysym(QEMU_KEY_HOME);
1536 break;
1537 case 0xcf:
1538 kbd_put_keysym(QEMU_KEY_END);
1539 break;
1540 case 0xc9:
1541 kbd_put_keysym(QEMU_KEY_PAGEUP);
1542 break;
1543 case 0xd1:
1544 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1545 break;
1546
1547 case 0x47:
1548 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1549 break;
1550 case 0x48:
1551 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1552 break;
1553 case 0x49:
1554 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1555 break;
1556 case 0x4b:
1557 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1558 break;
1559 case 0x4c:
1560 kbd_put_keysym('5');
1561 break;
1562 case 0x4d:
1563 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1564 break;
1565 case 0x4f:
1566 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1567 break;
1568 case 0x50:
1569 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1570 break;
1571 case 0x51:
1572 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1573 break;
1574 case 0x52:
1575 kbd_put_keysym('0');
1576 break;
1577 case 0x53:
1578 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1579 break;
1580
1581 case 0xb5:
1582 kbd_put_keysym('/');
1583 break;
1584 case 0x37:
1585 kbd_put_keysym('*');
1586 break;
1587 case 0x4a:
1588 kbd_put_keysym('-');
1589 break;
1590 case 0x4e:
1591 kbd_put_keysym('+');
1592 break;
1593 case 0x9c:
1594 kbd_put_keysym('\n');
1595 break;
1596
1597 default:
1598 kbd_put_keysym(sym);
1599 break;
1600 }
1601 }
1602 }
1603 }
1604
1605 static void key_event(VncState *vs, int down, uint32_t sym)
1606 {
1607 int keycode;
1608 int lsym = sym;
1609
1610 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1611 lsym = lsym - 'A' + 'a';
1612 }
1613
1614 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1615 do_key_event(vs, down, keycode, sym);
1616 }
1617
1618 static void ext_key_event(VncState *vs, int down,
1619 uint32_t sym, uint16_t keycode)
1620 {
1621 /* if the user specifies a keyboard layout, always use it */
1622 if (keyboard_layout)
1623 key_event(vs, down, sym);
1624 else
1625 do_key_event(vs, down, keycode, sym);
1626 }
1627
1628 static void framebuffer_update_request(VncState *vs, int incremental,
1629 int x_position, int y_position,
1630 int w, int h)
1631 {
1632 if (y_position > ds_get_height(vs->ds))
1633 y_position = ds_get_height(vs->ds);
1634 if (y_position + h >= ds_get_height(vs->ds))
1635 h = ds_get_height(vs->ds) - y_position;
1636
1637 int i;
1638 vs->need_update = 1;
1639 if (!incremental) {
1640 vs->force_update = 1;
1641 for (i = 0; i < h; i++) {
1642 vnc_set_bits(vs->dirty[y_position + i],
1643 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1644 }
1645 }
1646 }
1647
1648 static void send_ext_key_event_ack(VncState *vs)
1649 {
1650 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1651 vnc_write_u8(vs, 0);
1652 vnc_write_u16(vs, 1);
1653 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1654 VNC_ENCODING_EXT_KEY_EVENT);
1655 vnc_flush(vs);
1656 }
1657
1658 static void send_ext_audio_ack(VncState *vs)
1659 {
1660 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1661 vnc_write_u8(vs, 0);
1662 vnc_write_u16(vs, 1);
1663 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1664 VNC_ENCODING_AUDIO);
1665 vnc_flush(vs);
1666 }
1667
1668 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1669 {
1670 int i;
1671 unsigned int enc = 0;
1672
1673 vs->features = 0;
1674 vs->vnc_encoding = 0;
1675 vs->tight_compression = 9;
1676 vs->tight_quality = 9;
1677 vs->absolute = -1;
1678
1679 /*
1680 * Start from the end because the encodings are sent in order of preference.
1681 * This way the prefered encoding (first encoding defined in the array)
1682 * will be set at the end of the loop.
1683 */
1684 for (i = n_encodings - 1; i >= 0; i--) {
1685 enc = encodings[i];
1686 switch (enc) {
1687 case VNC_ENCODING_RAW:
1688 vs->vnc_encoding = enc;
1689 break;
1690 case VNC_ENCODING_COPYRECT:
1691 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1692 break;
1693 case VNC_ENCODING_HEXTILE:
1694 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1695 vs->vnc_encoding = enc;
1696 break;
1697 case VNC_ENCODING_TIGHT:
1698 vs->features |= VNC_FEATURE_TIGHT_MASK;
1699 vs->vnc_encoding = enc;
1700 break;
1701 case VNC_ENCODING_ZLIB:
1702 vs->features |= VNC_FEATURE_ZLIB_MASK;
1703 vs->vnc_encoding = enc;
1704 break;
1705 case VNC_ENCODING_DESKTOPRESIZE:
1706 vs->features |= VNC_FEATURE_RESIZE_MASK;
1707 break;
1708 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1709 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1710 break;
1711 case VNC_ENCODING_RICH_CURSOR:
1712 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1713 break;
1714 case VNC_ENCODING_EXT_KEY_EVENT:
1715 send_ext_key_event_ack(vs);
1716 break;
1717 case VNC_ENCODING_AUDIO:
1718 send_ext_audio_ack(vs);
1719 break;
1720 case VNC_ENCODING_WMVi:
1721 vs->features |= VNC_FEATURE_WMVI_MASK;
1722 break;
1723 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1724 vs->tight_compression = (enc & 0x0F);
1725 break;
1726 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1727 vs->tight_quality = (enc & 0x0F);
1728 break;
1729 default:
1730 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1731 break;
1732 }
1733 }
1734 vnc_desktop_resize(vs);
1735 check_pointer_type_change(&vs->mouse_mode_notifier);
1736 }
1737
1738 static void set_pixel_conversion(VncState *vs)
1739 {
1740 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1741 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1742 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1743 vs->write_pixels = vnc_write_pixels_copy;
1744 vnc_hextile_set_pixel_conversion(vs, 0);
1745 } else {
1746 vs->write_pixels = vnc_write_pixels_generic;
1747 vnc_hextile_set_pixel_conversion(vs, 1);
1748 }
1749 }
1750
1751 static void set_pixel_format(VncState *vs,
1752 int bits_per_pixel, int depth,
1753 int big_endian_flag, int true_color_flag,
1754 int red_max, int green_max, int blue_max,
1755 int red_shift, int green_shift, int blue_shift)
1756 {
1757 if (!true_color_flag) {
1758 vnc_client_error(vs);
1759 return;
1760 }
1761
1762 vs->clientds = *(vs->vd->guest.ds);
1763 vs->clientds.pf.rmax = red_max;
1764 count_bits(vs->clientds.pf.rbits, red_max);
1765 vs->clientds.pf.rshift = red_shift;
1766 vs->clientds.pf.rmask = red_max << red_shift;
1767 vs->clientds.pf.gmax = green_max;
1768 count_bits(vs->clientds.pf.gbits, green_max);
1769 vs->clientds.pf.gshift = green_shift;
1770 vs->clientds.pf.gmask = green_max << green_shift;
1771 vs->clientds.pf.bmax = blue_max;
1772 count_bits(vs->clientds.pf.bbits, blue_max);
1773 vs->clientds.pf.bshift = blue_shift;
1774 vs->clientds.pf.bmask = blue_max << blue_shift;
1775 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1776 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1777 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1778 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1779
1780 set_pixel_conversion(vs);
1781
1782 vga_hw_invalidate();
1783 vga_hw_update();
1784 }
1785
1786 static void pixel_format_message (VncState *vs) {
1787 char pad[3] = { 0, 0, 0 };
1788
1789 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1790 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1791
1792 #ifdef HOST_WORDS_BIGENDIAN
1793 vnc_write_u8(vs, 1); /* big-endian-flag */
1794 #else
1795 vnc_write_u8(vs, 0); /* big-endian-flag */
1796 #endif
1797 vnc_write_u8(vs, 1); /* true-color-flag */
1798 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1799 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1800 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1801 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1802 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1803 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1804
1805 vnc_hextile_set_pixel_conversion(vs, 0);
1806
1807 vs->clientds = *(vs->ds->surface);
1808 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1809 vs->write_pixels = vnc_write_pixels_copy;
1810
1811 vnc_write(vs, pad, 3); /* padding */
1812 }
1813
1814 static void vnc_dpy_setdata(DisplayState *ds)
1815 {
1816 /* We don't have to do anything */
1817 }
1818
1819 static void vnc_colordepth(VncState *vs)
1820 {
1821 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1822 /* Sending a WMVi message to notify the client*/
1823 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1824 vnc_write_u8(vs, 0);
1825 vnc_write_u16(vs, 1); /* number of rects */
1826 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1827 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1828 pixel_format_message(vs);
1829 vnc_flush(vs);
1830 } else {
1831 set_pixel_conversion(vs);
1832 }
1833 }
1834
1835 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1836 {
1837 int i;
1838 uint16_t limit;
1839 VncDisplay *vd = vs->vd;
1840
1841 if (data[0] > 3) {
1842 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1843 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1844 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1845 }
1846
1847 switch (data[0]) {
1848 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1849 if (len == 1)
1850 return 20;
1851
1852 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1853 read_u8(data, 6), read_u8(data, 7),
1854 read_u16(data, 8), read_u16(data, 10),
1855 read_u16(data, 12), read_u8(data, 14),
1856 read_u8(data, 15), read_u8(data, 16));
1857 break;
1858 case VNC_MSG_CLIENT_SET_ENCODINGS:
1859 if (len == 1)
1860 return 4;
1861
1862 if (len == 4) {
1863 limit = read_u16(data, 2);
1864 if (limit > 0)
1865 return 4 + (limit * 4);
1866 } else
1867 limit = read_u16(data, 2);
1868
1869 for (i = 0; i < limit; i++) {
1870 int32_t val = read_s32(data, 4 + (i * 4));
1871 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1872 }
1873
1874 set_encodings(vs, (int32_t *)(data + 4), limit);
1875 break;
1876 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1877 if (len == 1)
1878 return 10;
1879
1880 framebuffer_update_request(vs,
1881 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1882 read_u16(data, 6), read_u16(data, 8));
1883 break;
1884 case VNC_MSG_CLIENT_KEY_EVENT:
1885 if (len == 1)
1886 return 8;
1887
1888 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1889 break;
1890 case VNC_MSG_CLIENT_POINTER_EVENT:
1891 if (len == 1)
1892 return 6;
1893
1894 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1895 break;
1896 case VNC_MSG_CLIENT_CUT_TEXT:
1897 if (len == 1)
1898 return 8;
1899
1900 if (len == 8) {
1901 uint32_t dlen = read_u32(data, 4);
1902 if (dlen > 0)
1903 return 8 + dlen;
1904 }
1905
1906 client_cut_text(vs, read_u32(data, 4), data + 8);
1907 break;
1908 case VNC_MSG_CLIENT_QEMU:
1909 if (len == 1)
1910 return 2;
1911
1912 switch (read_u8(data, 1)) {
1913 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1914 if (len == 2)
1915 return 12;
1916
1917 ext_key_event(vs, read_u16(data, 2),
1918 read_u32(data, 4), read_u32(data, 8));
1919 break;
1920 case VNC_MSG_CLIENT_QEMU_AUDIO:
1921 if (len == 2)
1922 return 4;
1923
1924 switch (read_u16 (data, 2)) {
1925 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1926 audio_add(vs);
1927 break;
1928 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1929 audio_del(vs);
1930 break;
1931 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1932 if (len == 4)
1933 return 10;
1934 switch (read_u8(data, 4)) {
1935 case 0: vs->as.fmt = AUD_FMT_U8; break;
1936 case 1: vs->as.fmt = AUD_FMT_S8; break;
1937 case 2: vs->as.fmt = AUD_FMT_U16; break;
1938 case 3: vs->as.fmt = AUD_FMT_S16; break;
1939 case 4: vs->as.fmt = AUD_FMT_U32; break;
1940 case 5: vs->as.fmt = AUD_FMT_S32; break;
1941 default:
1942 printf("Invalid audio format %d\n", read_u8(data, 4));
1943 vnc_client_error(vs);
1944 break;
1945 }
1946 vs->as.nchannels = read_u8(data, 5);
1947 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1948 printf("Invalid audio channel coount %d\n",
1949 read_u8(data, 5));
1950 vnc_client_error(vs);
1951 break;
1952 }
1953 vs->as.freq = read_u32(data, 6);
1954 break;
1955 default:
1956 printf ("Invalid audio message %d\n", read_u8(data, 4));
1957 vnc_client_error(vs);
1958 break;
1959 }
1960 break;
1961
1962 default:
1963 printf("Msg: %d\n", read_u16(data, 0));
1964 vnc_client_error(vs);
1965 break;
1966 }
1967 break;
1968 default:
1969 printf("Msg: %d\n", data[0]);
1970 vnc_client_error(vs);
1971 break;
1972 }
1973
1974 vnc_read_when(vs, protocol_client_msg, 1);
1975 return 0;
1976 }
1977
1978 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1979 {
1980 char buf[1024];
1981 int size;
1982
1983 vs->client_width = ds_get_width(vs->ds);
1984 vs->client_height = ds_get_height(vs->ds);
1985 vnc_write_u16(vs, vs->client_width);
1986 vnc_write_u16(vs, vs->client_height);
1987
1988 pixel_format_message(vs);
1989
1990 if (qemu_name)
1991 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1992 else
1993 size = snprintf(buf, sizeof(buf), "QEMU");
1994
1995 vnc_write_u32(vs, size);
1996 vnc_write(vs, buf, size);
1997 vnc_flush(vs);
1998
1999 vnc_client_cache_auth(vs);
2000 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2001
2002 vnc_read_when(vs, protocol_client_msg, 1);
2003
2004 return 0;
2005 }
2006
2007 void start_client_init(VncState *vs)
2008 {
2009 vnc_read_when(vs, protocol_client_init, 1);
2010 }
2011
2012 static void make_challenge(VncState *vs)
2013 {
2014 int i;
2015
2016 srand(time(NULL)+getpid()+getpid()*987654+rand());
2017
2018 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2019 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2020 }
2021
2022 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2023 {
2024 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2025 int i, j, pwlen;
2026 unsigned char key[8];
2027
2028 if (!vs->vd->password || !vs->vd->password[0]) {
2029 VNC_DEBUG("No password configured on server");
2030 vnc_write_u32(vs, 1); /* Reject auth */
2031 if (vs->minor >= 8) {
2032 static const char err[] = "Authentication failed";
2033 vnc_write_u32(vs, sizeof(err));
2034 vnc_write(vs, err, sizeof(err));
2035 }
2036 vnc_flush(vs);
2037 vnc_client_error(vs);
2038 return 0;
2039 }
2040
2041 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2042
2043 /* Calculate the expected challenge response */
2044 pwlen = strlen(vs->vd->password);
2045 for (i=0; i<sizeof(key); i++)
2046 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2047 deskey(key, EN0);
2048 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2049 des(response+j, response+j);
2050
2051 /* Compare expected vs actual challenge response */
2052 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2053 VNC_DEBUG("Client challenge reponse did not match\n");
2054 vnc_write_u32(vs, 1); /* Reject auth */
2055 if (vs->minor >= 8) {
2056 static const char err[] = "Authentication failed";
2057 vnc_write_u32(vs, sizeof(err));
2058 vnc_write(vs, err, sizeof(err));
2059 }
2060 vnc_flush(vs);
2061 vnc_client_error(vs);
2062 } else {
2063 VNC_DEBUG("Accepting VNC challenge response\n");
2064 vnc_write_u32(vs, 0); /* Accept auth */
2065 vnc_flush(vs);
2066
2067 start_client_init(vs);
2068 }
2069 return 0;
2070 }
2071
2072 void start_auth_vnc(VncState *vs)
2073 {
2074 make_challenge(vs);
2075 /* Send client a 'random' challenge */
2076 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2077 vnc_flush(vs);
2078
2079 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2080 }
2081
2082
2083 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2084 {
2085 /* We only advertise 1 auth scheme at a time, so client
2086 * must pick the one we sent. Verify this */
2087 if (data[0] != vs->vd->auth) { /* Reject auth */
2088 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2089 vnc_write_u32(vs, 1);
2090 if (vs->minor >= 8) {
2091 static const char err[] = "Authentication failed";
2092 vnc_write_u32(vs, sizeof(err));
2093 vnc_write(vs, err, sizeof(err));
2094 }
2095 vnc_client_error(vs);
2096 } else { /* Accept requested auth */
2097 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2098 switch (vs->vd->auth) {
2099 case VNC_AUTH_NONE:
2100 VNC_DEBUG("Accept auth none\n");
2101 if (vs->minor >= 8) {
2102 vnc_write_u32(vs, 0); /* Accept auth completion */
2103 vnc_flush(vs);
2104 }
2105 start_client_init(vs);
2106 break;
2107
2108 case VNC_AUTH_VNC:
2109 VNC_DEBUG("Start VNC auth\n");
2110 start_auth_vnc(vs);
2111 break;
2112
2113 #ifdef CONFIG_VNC_TLS
2114 case VNC_AUTH_VENCRYPT:
2115 VNC_DEBUG("Accept VeNCrypt auth\n");;
2116 start_auth_vencrypt(vs);
2117 break;
2118 #endif /* CONFIG_VNC_TLS */
2119
2120 #ifdef CONFIG_VNC_SASL
2121 case VNC_AUTH_SASL:
2122 VNC_DEBUG("Accept SASL auth\n");
2123 start_auth_sasl(vs);
2124 break;
2125 #endif /* CONFIG_VNC_SASL */
2126
2127 default: /* Should not be possible, but just in case */
2128 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2129 vnc_write_u8(vs, 1);
2130 if (vs->minor >= 8) {
2131 static const char err[] = "Authentication failed";
2132 vnc_write_u32(vs, sizeof(err));
2133 vnc_write(vs, err, sizeof(err));
2134 }
2135 vnc_client_error(vs);
2136 }
2137 }
2138 return 0;
2139 }
2140
2141 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2142 {
2143 char local[13];
2144
2145 memcpy(local, version, 12);
2146 local[12] = 0;
2147
2148 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2149 VNC_DEBUG("Malformed protocol version %s\n", local);
2150 vnc_client_error(vs);
2151 return 0;
2152 }
2153 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2154 if (vs->major != 3 ||
2155 (vs->minor != 3 &&
2156 vs->minor != 4 &&
2157 vs->minor != 5 &&
2158 vs->minor != 7 &&
2159 vs->minor != 8)) {
2160 VNC_DEBUG("Unsupported client version\n");
2161 vnc_write_u32(vs, VNC_AUTH_INVALID);
2162 vnc_flush(vs);
2163 vnc_client_error(vs);
2164 return 0;
2165 }
2166 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2167 * as equivalent to v3.3 by servers
2168 */
2169 if (vs->minor == 4 || vs->minor == 5)
2170 vs->minor = 3;
2171
2172 if (vs->minor == 3) {
2173 if (vs->vd->auth == VNC_AUTH_NONE) {
2174 VNC_DEBUG("Tell client auth none\n");
2175 vnc_write_u32(vs, vs->vd->auth);
2176 vnc_flush(vs);
2177 start_client_init(vs);
2178 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2179 VNC_DEBUG("Tell client VNC auth\n");
2180 vnc_write_u32(vs, vs->vd->auth);
2181 vnc_flush(vs);
2182 start_auth_vnc(vs);
2183 } else {
2184 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2185 vnc_write_u32(vs, VNC_AUTH_INVALID);
2186 vnc_flush(vs);
2187 vnc_client_error(vs);
2188 }
2189 } else {
2190 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2191 vnc_write_u8(vs, 1); /* num auth */
2192 vnc_write_u8(vs, vs->vd->auth);
2193 vnc_read_when(vs, protocol_client_auth, 1);
2194 vnc_flush(vs);
2195 }
2196
2197 return 0;
2198 }
2199
2200 static int vnc_refresh_server_surface(VncDisplay *vd)
2201 {
2202 int y;
2203 uint8_t *guest_row;
2204 uint8_t *server_row;
2205 int cmp_bytes;
2206 uint32_t width_mask[VNC_DIRTY_WORDS];
2207 VncState *vs;
2208 int has_dirty = 0;
2209
2210 /*
2211 * Walk through the guest dirty map.
2212 * Check and copy modified bits from guest to server surface.
2213 * Update server dirty map.
2214 */
2215 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2216 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2217 guest_row = vd->guest.ds->data;
2218 server_row = vd->server->data;
2219 for (y = 0; y < vd->guest.ds->height; y++) {
2220 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2221 int x;
2222 uint8_t *guest_ptr;
2223 uint8_t *server_ptr;
2224
2225 guest_ptr = guest_row;
2226 server_ptr = server_row;
2227
2228 for (x = 0; x < vd->guest.ds->width;
2229 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2230 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2231 continue;
2232 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2233 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2234 continue;
2235 memcpy(server_ptr, guest_ptr, cmp_bytes);
2236 QTAILQ_FOREACH(vs, &vd->clients, next) {
2237 vnc_set_bit(vs->dirty[y], (x / 16));
2238 }
2239 has_dirty++;
2240 }
2241 }
2242 guest_row += ds_get_linesize(vd->ds);
2243 server_row += ds_get_linesize(vd->ds);
2244 }
2245 return has_dirty;
2246 }
2247
2248 static void vnc_refresh(void *opaque)
2249 {
2250 VncDisplay *vd = opaque;
2251 VncState *vs, *vn;
2252 int has_dirty, rects = 0;
2253
2254 vga_hw_update();
2255
2256 has_dirty = vnc_refresh_server_surface(vd);
2257
2258 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2259 rects += vnc_update_client(vs, has_dirty);
2260 /* vs might be free()ed here */
2261 }
2262 /* vd->timer could be NULL now if the last client disconnected,
2263 * in this case don't update the timer */
2264 if (vd->timer == NULL)
2265 return;
2266
2267 if (has_dirty && rects) {
2268 vd->timer_interval /= 2;
2269 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2270 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2271 } else {
2272 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2273 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2274 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2275 }
2276 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2277 }
2278
2279 static void vnc_init_timer(VncDisplay *vd)
2280 {
2281 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2282 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2283 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2284 vnc_refresh(vd);
2285 }
2286 }
2287
2288 static void vnc_remove_timer(VncDisplay *vd)
2289 {
2290 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2291 qemu_del_timer(vd->timer);
2292 qemu_free_timer(vd->timer);
2293 vd->timer = NULL;
2294 }
2295 }
2296
2297 static void vnc_connect(VncDisplay *vd, int csock)
2298 {
2299 VncState *vs = qemu_mallocz(sizeof(VncState));
2300 vs->csock = csock;
2301
2302 VNC_DEBUG("New client on socket %d\n", csock);
2303 dcl->idle = 0;
2304 socket_set_nonblock(vs->csock);
2305 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2306
2307 vnc_client_cache_addr(vs);
2308 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2309
2310 vs->vd = vd;
2311 vs->ds = vd->ds;
2312 vs->last_x = -1;
2313 vs->last_y = -1;
2314
2315 vs->as.freq = 44100;
2316 vs->as.nchannels = 2;
2317 vs->as.fmt = AUD_FMT_S16;
2318 vs->as.endianness = 0;
2319
2320 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2321
2322 vga_hw_update();
2323
2324 vnc_write(vs, "RFB 003.008\n", 12);
2325 vnc_flush(vs);
2326 vnc_read_when(vs, protocol_version, 12);
2327 reset_keys(vs);
2328 if (vs->vd->lock_key_sync)
2329 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2330
2331 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2332 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2333
2334 vnc_init_timer(vd);
2335
2336 /* vs might be free()ed here */
2337 }
2338
2339 static void vnc_listen_read(void *opaque)
2340 {
2341 VncDisplay *vs = opaque;
2342 struct sockaddr_in addr;
2343 socklen_t addrlen = sizeof(addr);
2344
2345 /* Catch-up */
2346 vga_hw_update();
2347
2348 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2349 if (csock != -1) {
2350 vnc_connect(vs, csock);
2351 }
2352 }
2353
2354 void vnc_display_init(DisplayState *ds)
2355 {
2356 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2357
2358 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2359
2360 ds->opaque = vs;
2361 dcl->idle = 1;
2362 vnc_display = vs;
2363
2364 vs->lsock = -1;
2365
2366 vs->ds = ds;
2367 QTAILQ_INIT(&vs->clients);
2368
2369 if (keyboard_layout)
2370 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2371 else
2372 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2373
2374 if (!vs->kbd_layout)
2375 exit(1);
2376
2377 dcl->dpy_copy = vnc_dpy_copy;
2378 dcl->dpy_update = vnc_dpy_update;
2379 dcl->dpy_resize = vnc_dpy_resize;
2380 dcl->dpy_setdata = vnc_dpy_setdata;
2381 register_displaychangelistener(ds, dcl);
2382 ds->mouse_set = vnc_mouse_set;
2383 ds->cursor_define = vnc_dpy_cursor_define;
2384 }
2385
2386
2387 void vnc_display_close(DisplayState *ds)
2388 {
2389 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2390
2391 if (!vs)
2392 return;
2393 if (vs->display) {
2394 qemu_free(vs->display);
2395 vs->display = NULL;
2396 }
2397 if (vs->lsock != -1) {
2398 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2399 close(vs->lsock);
2400 vs->lsock = -1;
2401 }
2402 vs->auth = VNC_AUTH_INVALID;
2403 #ifdef CONFIG_VNC_TLS
2404 vs->subauth = VNC_AUTH_INVALID;
2405 vs->tls.x509verify = 0;
2406 #endif
2407 }
2408
2409 int vnc_display_password(DisplayState *ds, const char *password)
2410 {
2411 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2412
2413 if (!vs) {
2414 return -1;
2415 }
2416
2417 if (vs->password) {
2418 qemu_free(vs->password);
2419 vs->password = NULL;
2420 }
2421 if (password && password[0]) {
2422 if (!(vs->password = qemu_strdup(password)))
2423 return -1;
2424 if (vs->auth == VNC_AUTH_NONE) {
2425 vs->auth = VNC_AUTH_VNC;
2426 }
2427 } else {
2428 vs->auth = VNC_AUTH_NONE;
2429 }
2430
2431 return 0;
2432 }
2433
2434 char *vnc_display_local_addr(DisplayState *ds)
2435 {
2436 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2437
2438 return vnc_socket_local_addr("%s:%s", vs->lsock);
2439 }
2440
2441 int vnc_display_open(DisplayState *ds, const char *display)
2442 {
2443 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2444 const char *options;
2445 int password = 0;
2446 int reverse = 0;
2447 #ifdef CONFIG_VNC_TLS
2448 int tls = 0, x509 = 0;
2449 #endif
2450 #ifdef CONFIG_VNC_SASL
2451 int sasl = 0;
2452 int saslErr;
2453 #endif
2454 int acl = 0;
2455 int lock_key_sync = 1;
2456
2457 if (!vnc_display)
2458 return -1;
2459 vnc_display_close(ds);
2460 if (strcmp(display, "none") == 0)
2461 return 0;
2462
2463 if (!(vs->display = strdup(display)))
2464 return -1;
2465
2466 options = display;
2467 while ((options = strchr(options, ','))) {
2468 options++;
2469 if (strncmp(options, "password", 8) == 0) {
2470 password = 1; /* Require password auth */
2471 } else if (strncmp(options, "reverse", 7) == 0) {
2472 reverse = 1;
2473 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2474 lock_key_sync = 0;
2475 #ifdef CONFIG_VNC_SASL
2476 } else if (strncmp(options, "sasl", 4) == 0) {
2477 sasl = 1; /* Require SASL auth */
2478 #endif
2479 #ifdef CONFIG_VNC_TLS
2480 } else if (strncmp(options, "tls", 3) == 0) {
2481 tls = 1; /* Require TLS */
2482 } else if (strncmp(options, "x509", 4) == 0) {
2483 char *start, *end;
2484 x509 = 1; /* Require x509 certificates */
2485 if (strncmp(options, "x509verify", 10) == 0)
2486 vs->tls.x509verify = 1; /* ...and verify client certs */
2487
2488 /* Now check for 'x509=/some/path' postfix
2489 * and use that to setup x509 certificate/key paths */
2490 start = strchr(options, '=');
2491 end = strchr(options, ',');
2492 if (start && (!end || (start < end))) {
2493 int len = end ? end-(start+1) : strlen(start+1);
2494 char *path = qemu_strndup(start + 1, len);
2495
2496 VNC_DEBUG("Trying certificate path '%s'\n", path);
2497 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2498 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2499 qemu_free(path);
2500 qemu_free(vs->display);
2501 vs->display = NULL;
2502 return -1;
2503 }
2504 qemu_free(path);
2505 } else {
2506 fprintf(stderr, "No certificate path provided\n");
2507 qemu_free(vs->display);
2508 vs->display = NULL;
2509 return -1;
2510 }
2511 #endif
2512 } else if (strncmp(options, "acl", 3) == 0) {
2513 acl = 1;
2514 }
2515 }
2516
2517 #ifdef CONFIG_VNC_TLS
2518 if (acl && x509 && vs->tls.x509verify) {
2519 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2520 fprintf(stderr, "Failed to create x509 dname ACL\n");
2521 exit(1);
2522 }
2523 }
2524 #endif
2525 #ifdef CONFIG_VNC_SASL
2526 if (acl && sasl) {
2527 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2528 fprintf(stderr, "Failed to create username ACL\n");
2529 exit(1);
2530 }
2531 }
2532 #endif
2533
2534 /*
2535 * Combinations we support here:
2536 *
2537 * - no-auth (clear text, no auth)
2538 * - password (clear text, weak auth)
2539 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2540 * - tls (encrypt, weak anonymous creds, no auth)
2541 * - tls + password (encrypt, weak anonymous creds, weak auth)
2542 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2543 * - tls + x509 (encrypt, good x509 creds, no auth)
2544 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2545 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2546 *
2547 * NB1. TLS is a stackable auth scheme.
2548 * NB2. the x509 schemes have option to validate a client cert dname
2549 */
2550 if (password) {
2551 #ifdef CONFIG_VNC_TLS
2552 if (tls) {
2553 vs->auth = VNC_AUTH_VENCRYPT;
2554 if (x509) {
2555 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2556 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2557 } else {
2558 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2559 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2560 }
2561 } else {
2562 #endif /* CONFIG_VNC_TLS */
2563 VNC_DEBUG("Initializing VNC server with password auth\n");
2564 vs->auth = VNC_AUTH_VNC;
2565 #ifdef CONFIG_VNC_TLS
2566 vs->subauth = VNC_AUTH_INVALID;
2567 }
2568 #endif /* CONFIG_VNC_TLS */
2569 #ifdef CONFIG_VNC_SASL
2570 } else if (sasl) {
2571 #ifdef CONFIG_VNC_TLS
2572 if (tls) {
2573 vs->auth = VNC_AUTH_VENCRYPT;
2574 if (x509) {
2575 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2576 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2577 } else {
2578 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2579 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2580 }
2581 } else {
2582 #endif /* CONFIG_VNC_TLS */
2583 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2584 vs->auth = VNC_AUTH_SASL;
2585 #ifdef CONFIG_VNC_TLS
2586 vs->subauth = VNC_AUTH_INVALID;
2587 }
2588 #endif /* CONFIG_VNC_TLS */
2589 #endif /* CONFIG_VNC_SASL */
2590 } else {
2591 #ifdef CONFIG_VNC_TLS
2592 if (tls) {
2593 vs->auth = VNC_AUTH_VENCRYPT;
2594 if (x509) {
2595 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2596 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2597 } else {
2598 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2599 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2600 }
2601 } else {
2602 #endif
2603 VNC_DEBUG("Initializing VNC server with no auth\n");
2604 vs->auth = VNC_AUTH_NONE;
2605 #ifdef CONFIG_VNC_TLS
2606 vs->subauth = VNC_AUTH_INVALID;
2607 }
2608 #endif
2609 }
2610
2611 #ifdef CONFIG_VNC_SASL
2612 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2613 fprintf(stderr, "Failed to initialize SASL auth %s",
2614 sasl_errstring(saslErr, NULL, NULL));
2615 free(vs->display);
2616 vs->display = NULL;
2617 return -1;
2618 }
2619 #endif
2620 vs->lock_key_sync = lock_key_sync;
2621
2622 if (reverse) {
2623 /* connect to viewer */
2624 if (strncmp(display, "unix:", 5) == 0)
2625 vs->lsock = unix_connect(display+5);
2626 else
2627 vs->lsock = inet_connect(display, SOCK_STREAM);
2628 if (-1 == vs->lsock) {
2629 free(vs->display);
2630 vs->display = NULL;
2631 return -1;
2632 } else {
2633 int csock = vs->lsock;
2634 vs->lsock = -1;
2635 vnc_connect(vs, csock);
2636 }
2637 return 0;
2638
2639 } else {
2640 /* listen for connects */
2641 char *dpy;
2642 dpy = qemu_malloc(256);
2643 if (strncmp(display, "unix:", 5) == 0) {
2644 pstrcpy(dpy, 256, "unix:");
2645 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2646 } else {
2647 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2648 }
2649 if (-1 == vs->lsock) {
2650 free(dpy);
2651 return -1;
2652 } else {
2653 free(vs->display);
2654 vs->display = dpy;
2655 }
2656 }
2657 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2658 }
Qemu copy for testing