]> git.proxmox.com Git - qemu.git/blob - vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vnc: add buffer_free()
[qemu.git] / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static int vnc_cursor_define(VncState *vs);
53
54 static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
56 socklen_t salen) {
57 char *addr;
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
60 int err;
61 size_t addrlen;
62
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
64 host, sizeof(host),
65 serv, sizeof(serv),
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
69 return NULL;
70 }
71
72 /* Enough for the existing format + the 2 vars we're
73 * substituting in. */
74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
77 addr[addrlen] = '\0';
78
79 return addr;
80 }
81
82
83 char *vnc_socket_local_addr(const char *format, int fd) {
84 struct sockaddr_storage sa;
85 socklen_t salen;
86
87 salen = sizeof(sa);
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89 return NULL;
90
91 return addr_to_string(format, &sa, salen);
92 }
93
94 char *vnc_socket_remote_addr(const char *format, int fd) {
95 struct sockaddr_storage sa;
96 socklen_t salen;
97
98 salen = sizeof(sa);
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100 return NULL;
101
102 return addr_to_string(format, &sa, salen);
103 }
104
105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106 socklen_t salen)
107 {
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
110 int err;
111
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
113 host, sizeof(host),
114 serv, sizeof(serv),
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
118 return -1;
119 }
120
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
124
125 return 0;
126 }
127
128 static int vnc_server_addr_put(QDict *qdict, int fd)
129 {
130 struct sockaddr_storage sa;
131 socklen_t salen;
132
133 salen = sizeof(sa);
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135 return -1;
136 }
137
138 return put_addr_qdict(qdict, &sa, salen);
139 }
140
141 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142 {
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148 return -1;
149 }
150
151 return put_addr_qdict(qdict, &sa, salen);
152 }
153
154 static const char *vnc_auth_name(VncDisplay *vd) {
155 switch (vd->auth) {
156 case VNC_AUTH_INVALID:
157 return "invalid";
158 case VNC_AUTH_NONE:
159 return "none";
160 case VNC_AUTH_VNC:
161 return "vnc";
162 case VNC_AUTH_RA2:
163 return "ra2";
164 case VNC_AUTH_RA2NE:
165 return "ra2ne";
166 case VNC_AUTH_TIGHT:
167 return "tight";
168 case VNC_AUTH_ULTRA:
169 return "ultra";
170 case VNC_AUTH_TLS:
171 return "tls";
172 case VNC_AUTH_VENCRYPT:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
193 default:
194 return "vencrypt";
195 }
196 #else
197 return "vencrypt";
198 #endif
199 case VNC_AUTH_SASL:
200 return "sasl";
201 }
202 return "unknown";
203 }
204
205 static int vnc_server_info_put(QDict *qdict)
206 {
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208 return -1;
209 }
210
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212 return 0;
213 }
214
215 static void vnc_client_cache_auth(VncState *client)
216 {
217 QDict *qdict;
218
219 if (!client->info) {
220 return;
221 }
222
223 qdict = qobject_to_qdict(client->info);
224
225 #ifdef CONFIG_VNC_TLS
226 if (client->tls.session &&
227 client->tls.dname) {
228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229 }
230 #endif
231 #ifdef CONFIG_VNC_SASL
232 if (client->sasl.conn &&
233 client->sasl.username) {
234 qdict_put(qdict, "sasl_username",
235 qstring_from_str(client->sasl.username));
236 }
237 #endif
238 }
239
240 static void vnc_client_cache_addr(VncState *client)
241 {
242 QDict *qdict;
243
244 qdict = qdict_new();
245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246 QDECREF(qdict);
247 /* XXX: how to report the error? */
248 return;
249 }
250
251 client->info = QOBJECT(qdict);
252 }
253
254 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255 {
256 QDict *server;
257 QObject *data;
258
259 if (!vs->info) {
260 return;
261 }
262
263 server = qdict_new();
264 if (vnc_server_info_put(server) < 0) {
265 QDECREF(server);
266 return;
267 }
268
269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs->info, QOBJECT(server));
271
272 monitor_protocol_event(event, data);
273
274 qobject_incref(vs->info);
275 qobject_decref(data);
276 }
277
278 static void info_vnc_iter(QObject *obj, void *opaque)
279 {
280 QDict *client;
281 Monitor *mon = opaque;
282
283 client = qobject_to_qdict(obj);
284 monitor_printf(mon, "Client:\n");
285 monitor_printf(mon, " address: %s:%s\n",
286 qdict_get_str(client, "host"),
287 qdict_get_str(client, "service"));
288
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon, " x509_dname: %s\n",
291 qdict_haskey(client, "x509_dname") ?
292 qdict_get_str(client, "x509_dname") : "none");
293 #endif
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon, " username: %s\n",
296 qdict_haskey(client, "sasl_username") ?
297 qdict_get_str(client, "sasl_username") : "none");
298 #endif
299 }
300
301 void do_info_vnc_print(Monitor *mon, const QObject *data)
302 {
303 QDict *server;
304 QList *clients;
305
306 server = qobject_to_qdict(data);
307 if (qdict_get_bool(server, "enabled") == 0) {
308 monitor_printf(mon, "Server: disabled\n");
309 return;
310 }
311
312 monitor_printf(mon, "Server:\n");
313 monitor_printf(mon, " address: %s:%s\n",
314 qdict_get_str(server, "host"),
315 qdict_get_str(server, "service"));
316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
317
318 clients = qdict_get_qlist(server, "clients");
319 if (qlist_empty(clients)) {
320 monitor_printf(mon, "Client: none\n");
321 } else {
322 qlist_iter(clients, info_vnc_iter, mon);
323 }
324 }
325
326 /**
327 * do_info_vnc(): Show VNC server information
328 *
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
331 *
332 * The main QDict contains the following:
333 *
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
340 *
341 * Clients are described by a QDict, with the following information:
342 *
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
348 *
349 * Example:
350 *
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
352 * "family": "ipv4",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
354 */
355 void do_info_vnc(Monitor *mon, QObject **ret_data)
356 {
357 if (vnc_display == NULL || vnc_display->display == NULL) {
358 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
359 } else {
360 QList *clist;
361 VncState *client;
362
363 clist = qlist_new();
364 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
365 if (client->info) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client->info);
368 qlist_append_obj(clist, client->info);
369 }
370 }
371
372 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
373 QOBJECT(clist));
374 assert(*ret_data != NULL);
375
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
377 qobject_decref(*ret_data);
378 *ret_data = NULL;
379 }
380 }
381 }
382
383 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
384 return (vs->features & (1 << feature));
385 }
386
387 /* TODO
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
392 */
393
394 static int vnc_update_client(VncState *vs, int has_dirty);
395 static void vnc_disconnect_start(VncState *vs);
396 static void vnc_disconnect_finish(VncState *vs);
397 static void vnc_init_timer(VncDisplay *vd);
398 static void vnc_remove_timer(VncDisplay *vd);
399
400 static void vnc_colordepth(VncState *vs);
401 static void framebuffer_update_request(VncState *vs, int incremental,
402 int x_position, int y_position,
403 int w, int h);
404 static void vnc_refresh(void *opaque);
405 static int vnc_refresh_server_surface(VncDisplay *vd);
406
407 static inline void vnc_set_bit(uint32_t *d, int k)
408 {
409 d[k >> 5] |= 1 << (k & 0x1f);
410 }
411
412 static inline void vnc_clear_bit(uint32_t *d, int k)
413 {
414 d[k >> 5] &= ~(1 << (k & 0x1f));
415 }
416
417 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
418 {
419 int j;
420
421 j = 0;
422 while (n >= 32) {
423 d[j++] = -1;
424 n -= 32;
425 }
426 if (n > 0)
427 d[j++] = (1 << n) - 1;
428 while (j < nb_words)
429 d[j++] = 0;
430 }
431
432 static inline int vnc_get_bit(const uint32_t *d, int k)
433 {
434 return (d[k >> 5] >> (k & 0x1f)) & 1;
435 }
436
437 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
438 int nb_words)
439 {
440 int i;
441 for(i = 0; i < nb_words; i++) {
442 if ((d1[i] & d2[i]) != 0)
443 return 1;
444 }
445 return 0;
446 }
447
448 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
449 {
450 int i;
451 VncDisplay *vd = ds->opaque;
452 struct VncSurface *s = &vd->guest;
453
454 h += y;
455
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
459 */
460 w += (x % 16);
461 x -= (x % 16);
462
463 x = MIN(x, s->ds->width);
464 y = MIN(y, s->ds->height);
465 w = MIN(x + w, s->ds->width) - x;
466 h = MIN(h, s->ds->height);
467
468 for (; y < h; y++)
469 for (i = 0; i < w; i += 16)
470 vnc_set_bit(s->dirty[y], (x + i) / 16);
471 }
472
473 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
474 int32_t encoding)
475 {
476 vnc_write_u16(vs, x);
477 vnc_write_u16(vs, y);
478 vnc_write_u16(vs, w);
479 vnc_write_u16(vs, h);
480
481 vnc_write_s32(vs, encoding);
482 }
483
484 void buffer_reserve(Buffer *buffer, size_t len)
485 {
486 if ((buffer->capacity - buffer->offset) < len) {
487 buffer->capacity += (len + 1024);
488 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
489 if (buffer->buffer == NULL) {
490 fprintf(stderr, "vnc: out of memory\n");
491 exit(1);
492 }
493 }
494 }
495
496 int buffer_empty(Buffer *buffer)
497 {
498 return buffer->offset == 0;
499 }
500
501 uint8_t *buffer_end(Buffer *buffer)
502 {
503 return buffer->buffer + buffer->offset;
504 }
505
506 void buffer_reset(Buffer *buffer)
507 {
508 buffer->offset = 0;
509 }
510
511 void buffer_free(Buffer *buffer)
512 {
513 qemu_free(buffer->buffer);
514 buffer->offset = 0;
515 buffer->capacity = 0;
516 buffer->buffer = NULL;
517 }
518
519 void buffer_append(Buffer *buffer, const void *data, size_t len)
520 {
521 memcpy(buffer->buffer + buffer->offset, data, len);
522 buffer->offset += len;
523 }
524
525 static void vnc_dpy_resize(DisplayState *ds)
526 {
527 int size_changed;
528 VncDisplay *vd = ds->opaque;
529 VncState *vs;
530
531 /* server surface */
532 if (!vd->server)
533 vd->server = qemu_mallocz(sizeof(*vd->server));
534 if (vd->server->data)
535 qemu_free(vd->server->data);
536 *(vd->server) = *(ds->surface);
537 vd->server->data = qemu_mallocz(vd->server->linesize *
538 vd->server->height);
539
540 /* guest surface */
541 if (!vd->guest.ds)
542 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
543 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
544 console_color_init(ds);
545 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
546 ds_get_height(ds) != vd->guest.ds->height;
547 *(vd->guest.ds) = *(ds->surface);
548 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
549
550 QTAILQ_FOREACH(vs, &vd->clients, next) {
551 vnc_colordepth(vs);
552 if (size_changed) {
553 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
554 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
555 vnc_write_u8(vs, 0);
556 vnc_write_u16(vs, 1); /* number of rects */
557 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
558 VNC_ENCODING_DESKTOPRESIZE);
559 vnc_flush(vs);
560 }
561 }
562 if (vs->vd->cursor) {
563 vnc_cursor_define(vs);
564 }
565 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
566 }
567 }
568
569 /* fastest code */
570 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
571 void *pixels, int size)
572 {
573 vnc_write(vs, pixels, size);
574 }
575
576 /* slowest but generic code. */
577 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
578 {
579 uint8_t r, g, b;
580 VncDisplay *vd = vs->vd;
581
582 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
583 vd->server->pf.rbits);
584 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
585 vd->server->pf.gbits);
586 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
587 vd->server->pf.bbits);
588 v = (r << vs->clientds.pf.rshift) |
589 (g << vs->clientds.pf.gshift) |
590 (b << vs->clientds.pf.bshift);
591 switch(vs->clientds.pf.bytes_per_pixel) {
592 case 1:
593 buf[0] = v;
594 break;
595 case 2:
596 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
597 buf[0] = v >> 8;
598 buf[1] = v;
599 } else {
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 default:
605 case 4:
606 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
607 buf[0] = v >> 24;
608 buf[1] = v >> 16;
609 buf[2] = v >> 8;
610 buf[3] = v;
611 } else {
612 buf[3] = v >> 24;
613 buf[2] = v >> 16;
614 buf[1] = v >> 8;
615 buf[0] = v;
616 }
617 break;
618 }
619 }
620
621 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
622 void *pixels1, int size)
623 {
624 uint8_t buf[4];
625
626 if (pf->bytes_per_pixel == 4) {
627 uint32_t *pixels = pixels1;
628 int n, i;
629 n = size >> 2;
630 for(i = 0; i < n; i++) {
631 vnc_convert_pixel(vs, buf, pixels[i]);
632 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
633 }
634 } else if (pf->bytes_per_pixel == 2) {
635 uint16_t *pixels = pixels1;
636 int n, i;
637 n = size >> 1;
638 for(i = 0; i < n; i++) {
639 vnc_convert_pixel(vs, buf, pixels[i]);
640 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
641 }
642 } else if (pf->bytes_per_pixel == 1) {
643 uint8_t *pixels = pixels1;
644 int n, i;
645 n = size;
646 for(i = 0; i < n; i++) {
647 vnc_convert_pixel(vs, buf, pixels[i]);
648 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
649 }
650 } else {
651 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
652 }
653 }
654
655 void vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
656 {
657 int i;
658 uint8_t *row;
659 VncDisplay *vd = vs->vd;
660
661 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
662 for (i = 0; i < h; i++) {
663 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
664 row += ds_get_linesize(vs->ds);
665 }
666 }
667
668 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
669 {
670 switch(vs->vnc_encoding) {
671 case VNC_ENCODING_ZLIB:
672 vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
673 break;
674 case VNC_ENCODING_HEXTILE:
675 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
676 vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
677 break;
678 default:
679 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
680 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
681 break;
682 }
683 }
684
685 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
686 {
687 /* send bitblit op to the vnc client */
688 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
689 vnc_write_u8(vs, 0);
690 vnc_write_u16(vs, 1); /* number of rects */
691 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
692 vnc_write_u16(vs, src_x);
693 vnc_write_u16(vs, src_y);
694 vnc_flush(vs);
695 }
696
697 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
698 {
699 VncDisplay *vd = ds->opaque;
700 VncState *vs, *vn;
701 uint8_t *src_row;
702 uint8_t *dst_row;
703 int i,x,y,pitch,depth,inc,w_lim,s;
704 int cmp_bytes;
705
706 vnc_refresh_server_surface(vd);
707 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
708 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
709 vs->force_update = 1;
710 vnc_update_client(vs, 1);
711 /* vs might be free()ed here */
712 }
713 }
714
715 /* do bitblit op on the local surface too */
716 pitch = ds_get_linesize(vd->ds);
717 depth = ds_get_bytes_per_pixel(vd->ds);
718 src_row = vd->server->data + pitch * src_y + depth * src_x;
719 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
720 y = dst_y;
721 inc = 1;
722 if (dst_y > src_y) {
723 /* copy backwards */
724 src_row += pitch * (h-1);
725 dst_row += pitch * (h-1);
726 pitch = -pitch;
727 y = dst_y + h - 1;
728 inc = -1;
729 }
730 w_lim = w - (16 - (dst_x % 16));
731 if (w_lim < 0)
732 w_lim = w;
733 else
734 w_lim = w - (w_lim % 16);
735 for (i = 0; i < h; i++) {
736 for (x = 0; x <= w_lim;
737 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
738 if (x == w_lim) {
739 if ((s = w - w_lim) == 0)
740 break;
741 } else if (!x) {
742 s = (16 - (dst_x % 16));
743 s = MIN(s, w_lim);
744 } else {
745 s = 16;
746 }
747 cmp_bytes = s * depth;
748 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
749 continue;
750 memmove(dst_row, src_row, cmp_bytes);
751 QTAILQ_FOREACH(vs, &vd->clients, next) {
752 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
753 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
754 }
755 }
756 }
757 src_row += pitch - w * depth;
758 dst_row += pitch - w * depth;
759 y += inc;
760 }
761
762 QTAILQ_FOREACH(vs, &vd->clients, next) {
763 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
764 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
765 }
766 }
767 }
768
769 static void vnc_mouse_set(int x, int y, int visible)
770 {
771 /* can we ask the client(s) to move the pointer ??? */
772 }
773
774 static int vnc_cursor_define(VncState *vs)
775 {
776 QEMUCursor *c = vs->vd->cursor;
777 PixelFormat pf = qemu_default_pixelformat(32);
778 int isize;
779
780 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
781 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
782 vnc_write_u8(vs, 0); /* padding */
783 vnc_write_u16(vs, 1); /* # of rects */
784 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
785 VNC_ENCODING_RICH_CURSOR);
786 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
787 vnc_write_pixels_generic(vs, &pf, c->data, isize);
788 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
789 return 0;
790 }
791 return -1;
792 }
793
794 static void vnc_dpy_cursor_define(QEMUCursor *c)
795 {
796 VncDisplay *vd = vnc_display;
797 VncState *vs;
798
799 cursor_put(vd->cursor);
800 qemu_free(vd->cursor_mask);
801
802 vd->cursor = c;
803 cursor_get(vd->cursor);
804 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
805 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
806 cursor_get_mono_mask(c, 0, vd->cursor_mask);
807
808 QTAILQ_FOREACH(vs, &vd->clients, next) {
809 vnc_cursor_define(vs);
810 }
811 }
812
813 static int find_and_clear_dirty_height(struct VncState *vs,
814 int y, int last_x, int x)
815 {
816 int h;
817 VncDisplay *vd = vs->vd;
818
819 for (h = 1; h < (vd->server->height - y); h++) {
820 int tmp_x;
821 if (!vnc_get_bit(vs->dirty[y + h], last_x))
822 break;
823 for (tmp_x = last_x; tmp_x < x; tmp_x++)
824 vnc_clear_bit(vs->dirty[y + h], tmp_x);
825 }
826
827 return h;
828 }
829
830 static int vnc_update_client(VncState *vs, int has_dirty)
831 {
832 if (vs->need_update && vs->csock != -1) {
833 VncDisplay *vd = vs->vd;
834 int y;
835 int n_rectangles;
836 int saved_offset;
837
838 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
839 /* kernel send buffers are full -> drop frames to throttle */
840 return 0;
841
842 if (!has_dirty && !vs->audio_cap && !vs->force_update)
843 return 0;
844
845 /*
846 * Send screen updates to the vnc client using the server
847 * surface and server dirty map. guest surface updates
848 * happening in parallel don't disturb us, the next pass will
849 * send them to the client.
850 */
851 n_rectangles = 0;
852 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
853 vnc_write_u8(vs, 0);
854 saved_offset = vs->output.offset;
855 vnc_write_u16(vs, 0);
856
857 for (y = 0; y < vd->server->height; y++) {
858 int x;
859 int last_x = -1;
860 for (x = 0; x < vd->server->width / 16; x++) {
861 if (vnc_get_bit(vs->dirty[y], x)) {
862 if (last_x == -1) {
863 last_x = x;
864 }
865 vnc_clear_bit(vs->dirty[y], x);
866 } else {
867 if (last_x != -1) {
868 int h = find_and_clear_dirty_height(vs, y, last_x, x);
869 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
870 n_rectangles++;
871 }
872 last_x = -1;
873 }
874 }
875 if (last_x != -1) {
876 int h = find_and_clear_dirty_height(vs, y, last_x, x);
877 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
878 n_rectangles++;
879 }
880 }
881 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
882 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
883 vnc_flush(vs);
884 vs->force_update = 0;
885 return n_rectangles;
886 }
887
888 if (vs->csock == -1)
889 vnc_disconnect_finish(vs);
890
891 return 0;
892 }
893
894 /* audio */
895 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
896 {
897 VncState *vs = opaque;
898
899 switch (cmd) {
900 case AUD_CNOTIFY_DISABLE:
901 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
902 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
903 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
904 vnc_flush(vs);
905 break;
906
907 case AUD_CNOTIFY_ENABLE:
908 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
909 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
910 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
911 vnc_flush(vs);
912 break;
913 }
914 }
915
916 static void audio_capture_destroy(void *opaque)
917 {
918 }
919
920 static void audio_capture(void *opaque, void *buf, int size)
921 {
922 VncState *vs = opaque;
923
924 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
925 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
926 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
927 vnc_write_u32(vs, size);
928 vnc_write(vs, buf, size);
929 vnc_flush(vs);
930 }
931
932 static void audio_add(VncState *vs)
933 {
934 struct audio_capture_ops ops;
935
936 if (vs->audio_cap) {
937 monitor_printf(default_mon, "audio already running\n");
938 return;
939 }
940
941 ops.notify = audio_capture_notify;
942 ops.destroy = audio_capture_destroy;
943 ops.capture = audio_capture;
944
945 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
946 if (!vs->audio_cap) {
947 monitor_printf(default_mon, "Failed to add audio capture\n");
948 }
949 }
950
951 static void audio_del(VncState *vs)
952 {
953 if (vs->audio_cap) {
954 AUD_del_capture(vs->audio_cap, vs);
955 vs->audio_cap = NULL;
956 }
957 }
958
959 static void vnc_disconnect_start(VncState *vs)
960 {
961 if (vs->csock == -1)
962 return;
963 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
964 closesocket(vs->csock);
965 vs->csock = -1;
966 }
967
968 static void vnc_disconnect_finish(VncState *vs)
969 {
970 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
971
972 buffer_free(&vs->input);
973 buffer_free(&vs->output);
974
975 qobject_decref(vs->info);
976
977 #ifdef CONFIG_VNC_TLS
978 vnc_tls_client_cleanup(vs);
979 #endif /* CONFIG_VNC_TLS */
980 #ifdef CONFIG_VNC_SASL
981 vnc_sasl_client_cleanup(vs);
982 #endif /* CONFIG_VNC_SASL */
983 audio_del(vs);
984
985 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
986
987 if (QTAILQ_EMPTY(&vs->vd->clients)) {
988 dcl->idle = 1;
989 }
990
991 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
992 vnc_remove_timer(vs->vd);
993 if (vs->vd->lock_key_sync)
994 qemu_remove_led_event_handler(vs->led);
995 qemu_free(vs);
996 }
997
998 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
999 {
1000 if (ret == 0 || ret == -1) {
1001 if (ret == -1) {
1002 switch (last_errno) {
1003 case EINTR:
1004 case EAGAIN:
1005 #ifdef _WIN32
1006 case WSAEWOULDBLOCK:
1007 #endif
1008 return 0;
1009 default:
1010 break;
1011 }
1012 }
1013
1014 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1015 ret, ret < 0 ? last_errno : 0);
1016 vnc_disconnect_start(vs);
1017
1018 return 0;
1019 }
1020 return ret;
1021 }
1022
1023
1024 void vnc_client_error(VncState *vs)
1025 {
1026 VNC_DEBUG("Closing down client sock: protocol error\n");
1027 vnc_disconnect_start(vs);
1028 }
1029
1030
1031 /*
1032 * Called to write a chunk of data to the client socket. The data may
1033 * be the raw data, or may have already been encoded by SASL.
1034 * The data will be written either straight onto the socket, or
1035 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1036 *
1037 * NB, it is theoretically possible to have 2 layers of encryption,
1038 * both SASL, and this TLS layer. It is highly unlikely in practice
1039 * though, since SASL encryption will typically be a no-op if TLS
1040 * is active
1041 *
1042 * Returns the number of bytes written, which may be less than
1043 * the requested 'datalen' if the socket would block. Returns
1044 * -1 on error, and disconnects the client socket.
1045 */
1046 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1047 {
1048 long ret;
1049 #ifdef CONFIG_VNC_TLS
1050 if (vs->tls.session) {
1051 ret = gnutls_write(vs->tls.session, data, datalen);
1052 if (ret < 0) {
1053 if (ret == GNUTLS_E_AGAIN)
1054 errno = EAGAIN;
1055 else
1056 errno = EIO;
1057 ret = -1;
1058 }
1059 } else
1060 #endif /* CONFIG_VNC_TLS */
1061 ret = send(vs->csock, (const void *)data, datalen, 0);
1062 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1063 return vnc_client_io_error(vs, ret, socket_error());
1064 }
1065
1066
1067 /*
1068 * Called to write buffered data to the client socket, when not
1069 * using any SASL SSF encryption layers. Will write as much data
1070 * as possible without blocking. If all buffered data is written,
1071 * will switch the FD poll() handler back to read monitoring.
1072 *
1073 * Returns the number of bytes written, which may be less than
1074 * the buffered output data if the socket would block. Returns
1075 * -1 on error, and disconnects the client socket.
1076 */
1077 static long vnc_client_write_plain(VncState *vs)
1078 {
1079 long ret;
1080
1081 #ifdef CONFIG_VNC_SASL
1082 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1083 vs->output.buffer, vs->output.capacity, vs->output.offset,
1084 vs->sasl.waitWriteSSF);
1085
1086 if (vs->sasl.conn &&
1087 vs->sasl.runSSF &&
1088 vs->sasl.waitWriteSSF) {
1089 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1090 if (ret)
1091 vs->sasl.waitWriteSSF -= ret;
1092 } else
1093 #endif /* CONFIG_VNC_SASL */
1094 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1095 if (!ret)
1096 return 0;
1097
1098 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1099 vs->output.offset -= ret;
1100
1101 if (vs->output.offset == 0) {
1102 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1103 }
1104
1105 return ret;
1106 }
1107
1108
1109 /*
1110 * First function called whenever there is data to be written to
1111 * the client socket. Will delegate actual work according to whether
1112 * SASL SSF layers are enabled (thus requiring encryption calls)
1113 */
1114 void vnc_client_write(void *opaque)
1115 {
1116 VncState *vs = opaque;
1117
1118 #ifdef CONFIG_VNC_SASL
1119 if (vs->sasl.conn &&
1120 vs->sasl.runSSF &&
1121 !vs->sasl.waitWriteSSF) {
1122 vnc_client_write_sasl(vs);
1123 } else
1124 #endif /* CONFIG_VNC_SASL */
1125 vnc_client_write_plain(vs);
1126 }
1127
1128 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1129 {
1130 vs->read_handler = func;
1131 vs->read_handler_expect = expecting;
1132 }
1133
1134
1135 /*
1136 * Called to read a chunk of data from the client socket. The data may
1137 * be the raw data, or may need to be further decoded by SASL.
1138 * The data will be read either straight from to the socket, or
1139 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1140 *
1141 * NB, it is theoretically possible to have 2 layers of encryption,
1142 * both SASL, and this TLS layer. It is highly unlikely in practice
1143 * though, since SASL encryption will typically be a no-op if TLS
1144 * is active
1145 *
1146 * Returns the number of bytes read, which may be less than
1147 * the requested 'datalen' if the socket would block. Returns
1148 * -1 on error, and disconnects the client socket.
1149 */
1150 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1151 {
1152 long ret;
1153 #ifdef CONFIG_VNC_TLS
1154 if (vs->tls.session) {
1155 ret = gnutls_read(vs->tls.session, data, datalen);
1156 if (ret < 0) {
1157 if (ret == GNUTLS_E_AGAIN)
1158 errno = EAGAIN;
1159 else
1160 errno = EIO;
1161 ret = -1;
1162 }
1163 } else
1164 #endif /* CONFIG_VNC_TLS */
1165 ret = recv(vs->csock, (void *)data, datalen, 0);
1166 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1167 return vnc_client_io_error(vs, ret, socket_error());
1168 }
1169
1170
1171 /*
1172 * Called to read data from the client socket to the input buffer,
1173 * when not using any SASL SSF encryption layers. Will read as much
1174 * data as possible without blocking.
1175 *
1176 * Returns the number of bytes read. Returns -1 on error, and
1177 * disconnects the client socket.
1178 */
1179 static long vnc_client_read_plain(VncState *vs)
1180 {
1181 int ret;
1182 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1183 vs->input.buffer, vs->input.capacity, vs->input.offset);
1184 buffer_reserve(&vs->input, 4096);
1185 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1186 if (!ret)
1187 return 0;
1188 vs->input.offset += ret;
1189 return ret;
1190 }
1191
1192
1193 /*
1194 * First function called whenever there is more data to be read from
1195 * the client socket. Will delegate actual work according to whether
1196 * SASL SSF layers are enabled (thus requiring decryption calls)
1197 */
1198 void vnc_client_read(void *opaque)
1199 {
1200 VncState *vs = opaque;
1201 long ret;
1202
1203 #ifdef CONFIG_VNC_SASL
1204 if (vs->sasl.conn && vs->sasl.runSSF)
1205 ret = vnc_client_read_sasl(vs);
1206 else
1207 #endif /* CONFIG_VNC_SASL */
1208 ret = vnc_client_read_plain(vs);
1209 if (!ret) {
1210 if (vs->csock == -1)
1211 vnc_disconnect_finish(vs);
1212 return;
1213 }
1214
1215 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1216 size_t len = vs->read_handler_expect;
1217 int ret;
1218
1219 ret = vs->read_handler(vs, vs->input.buffer, len);
1220 if (vs->csock == -1) {
1221 vnc_disconnect_finish(vs);
1222 return;
1223 }
1224
1225 if (!ret) {
1226 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1227 vs->input.offset -= len;
1228 } else {
1229 vs->read_handler_expect = ret;
1230 }
1231 }
1232 }
1233
1234 void vnc_write(VncState *vs, const void *data, size_t len)
1235 {
1236 buffer_reserve(&vs->output, len);
1237
1238 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1239 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1240 }
1241
1242 buffer_append(&vs->output, data, len);
1243 }
1244
1245 void vnc_write_s32(VncState *vs, int32_t value)
1246 {
1247 vnc_write_u32(vs, *(uint32_t *)&value);
1248 }
1249
1250 void vnc_write_u32(VncState *vs, uint32_t value)
1251 {
1252 uint8_t buf[4];
1253
1254 buf[0] = (value >> 24) & 0xFF;
1255 buf[1] = (value >> 16) & 0xFF;
1256 buf[2] = (value >> 8) & 0xFF;
1257 buf[3] = value & 0xFF;
1258
1259 vnc_write(vs, buf, 4);
1260 }
1261
1262 void vnc_write_u16(VncState *vs, uint16_t value)
1263 {
1264 uint8_t buf[2];
1265
1266 buf[0] = (value >> 8) & 0xFF;
1267 buf[1] = value & 0xFF;
1268
1269 vnc_write(vs, buf, 2);
1270 }
1271
1272 void vnc_write_u8(VncState *vs, uint8_t value)
1273 {
1274 vnc_write(vs, (char *)&value, 1);
1275 }
1276
1277 void vnc_flush(VncState *vs)
1278 {
1279 if (vs->csock != -1 && vs->output.offset)
1280 vnc_client_write(vs);
1281 }
1282
1283 uint8_t read_u8(uint8_t *data, size_t offset)
1284 {
1285 return data[offset];
1286 }
1287
1288 uint16_t read_u16(uint8_t *data, size_t offset)
1289 {
1290 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1291 }
1292
1293 int32_t read_s32(uint8_t *data, size_t offset)
1294 {
1295 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1296 (data[offset + 2] << 8) | data[offset + 3]);
1297 }
1298
1299 uint32_t read_u32(uint8_t *data, size_t offset)
1300 {
1301 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1302 (data[offset + 2] << 8) | data[offset + 3]);
1303 }
1304
1305 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1306 {
1307 }
1308
1309 static void check_pointer_type_change(Notifier *notifier)
1310 {
1311 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1312 int absolute = kbd_mouse_is_absolute();
1313
1314 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1315 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1316 vnc_write_u8(vs, 0);
1317 vnc_write_u16(vs, 1);
1318 vnc_framebuffer_update(vs, absolute, 0,
1319 ds_get_width(vs->ds), ds_get_height(vs->ds),
1320 VNC_ENCODING_POINTER_TYPE_CHANGE);
1321 vnc_flush(vs);
1322 }
1323 vs->absolute = absolute;
1324 }
1325
1326 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1327 {
1328 int buttons = 0;
1329 int dz = 0;
1330
1331 if (button_mask & 0x01)
1332 buttons |= MOUSE_EVENT_LBUTTON;
1333 if (button_mask & 0x02)
1334 buttons |= MOUSE_EVENT_MBUTTON;
1335 if (button_mask & 0x04)
1336 buttons |= MOUSE_EVENT_RBUTTON;
1337 if (button_mask & 0x08)
1338 dz = -1;
1339 if (button_mask & 0x10)
1340 dz = 1;
1341
1342 if (vs->absolute) {
1343 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1344 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1345 ds_get_height(vs->ds) > 1 ?
1346 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1347 dz, buttons);
1348 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1349 x -= 0x7FFF;
1350 y -= 0x7FFF;
1351
1352 kbd_mouse_event(x, y, dz, buttons);
1353 } else {
1354 if (vs->last_x != -1)
1355 kbd_mouse_event(x - vs->last_x,
1356 y - vs->last_y,
1357 dz, buttons);
1358 vs->last_x = x;
1359 vs->last_y = y;
1360 }
1361 }
1362
1363 static void reset_keys(VncState *vs)
1364 {
1365 int i;
1366 for(i = 0; i < 256; i++) {
1367 if (vs->modifiers_state[i]) {
1368 if (i & SCANCODE_GREY)
1369 kbd_put_keycode(SCANCODE_EMUL0);
1370 kbd_put_keycode(i | SCANCODE_UP);
1371 vs->modifiers_state[i] = 0;
1372 }
1373 }
1374 }
1375
1376 static void press_key(VncState *vs, int keysym)
1377 {
1378 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1379 if (keycode & SCANCODE_GREY)
1380 kbd_put_keycode(SCANCODE_EMUL0);
1381 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1382 if (keycode & SCANCODE_GREY)
1383 kbd_put_keycode(SCANCODE_EMUL0);
1384 kbd_put_keycode(keycode | SCANCODE_UP);
1385 }
1386
1387 static void kbd_leds(void *opaque, int ledstate)
1388 {
1389 VncState *vs = opaque;
1390 int caps, num;
1391
1392 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1393 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1394
1395 if (vs->modifiers_state[0x3a] != caps) {
1396 vs->modifiers_state[0x3a] = caps;
1397 }
1398 if (vs->modifiers_state[0x45] != num) {
1399 vs->modifiers_state[0x45] = num;
1400 }
1401 }
1402
1403 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1404 {
1405 /* QEMU console switch */
1406 switch(keycode) {
1407 case 0x2a: /* Left Shift */
1408 case 0x36: /* Right Shift */
1409 case 0x1d: /* Left CTRL */
1410 case 0x9d: /* Right CTRL */
1411 case 0x38: /* Left ALT */
1412 case 0xb8: /* Right ALT */
1413 if (down)
1414 vs->modifiers_state[keycode] = 1;
1415 else
1416 vs->modifiers_state[keycode] = 0;
1417 break;
1418 case 0x02 ... 0x0a: /* '1' to '9' keys */
1419 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1420 /* Reset the modifiers sent to the current console */
1421 reset_keys(vs);
1422 console_select(keycode - 0x02);
1423 return;
1424 }
1425 break;
1426 case 0x3a: /* CapsLock */
1427 case 0x45: /* NumLock */
1428 if (down)
1429 vs->modifiers_state[keycode] ^= 1;
1430 break;
1431 }
1432
1433 if (vs->vd->lock_key_sync &&
1434 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1435 /* If the numlock state needs to change then simulate an additional
1436 keypress before sending this one. This will happen if the user
1437 toggles numlock away from the VNC window.
1438 */
1439 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1440 if (!vs->modifiers_state[0x45]) {
1441 vs->modifiers_state[0x45] = 1;
1442 press_key(vs, 0xff7f);
1443 }
1444 } else {
1445 if (vs->modifiers_state[0x45]) {
1446 vs->modifiers_state[0x45] = 0;
1447 press_key(vs, 0xff7f);
1448 }
1449 }
1450 }
1451
1452 if (vs->vd->lock_key_sync &&
1453 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1454 /* If the capslock state needs to change then simulate an additional
1455 keypress before sending this one. This will happen if the user
1456 toggles capslock away from the VNC window.
1457 */
1458 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1459 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1460 int capslock = !!(vs->modifiers_state[0x3a]);
1461 if (capslock) {
1462 if (uppercase == shift) {
1463 vs->modifiers_state[0x3a] = 0;
1464 press_key(vs, 0xffe5);
1465 }
1466 } else {
1467 if (uppercase != shift) {
1468 vs->modifiers_state[0x3a] = 1;
1469 press_key(vs, 0xffe5);
1470 }
1471 }
1472 }
1473
1474 if (is_graphic_console()) {
1475 if (keycode & SCANCODE_GREY)
1476 kbd_put_keycode(SCANCODE_EMUL0);
1477 if (down)
1478 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1479 else
1480 kbd_put_keycode(keycode | SCANCODE_UP);
1481 } else {
1482 /* QEMU console emulation */
1483 if (down) {
1484 int numlock = vs->modifiers_state[0x45];
1485 switch (keycode) {
1486 case 0x2a: /* Left Shift */
1487 case 0x36: /* Right Shift */
1488 case 0x1d: /* Left CTRL */
1489 case 0x9d: /* Right CTRL */
1490 case 0x38: /* Left ALT */
1491 case 0xb8: /* Right ALT */
1492 break;
1493 case 0xc8:
1494 kbd_put_keysym(QEMU_KEY_UP);
1495 break;
1496 case 0xd0:
1497 kbd_put_keysym(QEMU_KEY_DOWN);
1498 break;
1499 case 0xcb:
1500 kbd_put_keysym(QEMU_KEY_LEFT);
1501 break;
1502 case 0xcd:
1503 kbd_put_keysym(QEMU_KEY_RIGHT);
1504 break;
1505 case 0xd3:
1506 kbd_put_keysym(QEMU_KEY_DELETE);
1507 break;
1508 case 0xc7:
1509 kbd_put_keysym(QEMU_KEY_HOME);
1510 break;
1511 case 0xcf:
1512 kbd_put_keysym(QEMU_KEY_END);
1513 break;
1514 case 0xc9:
1515 kbd_put_keysym(QEMU_KEY_PAGEUP);
1516 break;
1517 case 0xd1:
1518 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1519 break;
1520
1521 case 0x47:
1522 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1523 break;
1524 case 0x48:
1525 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1526 break;
1527 case 0x49:
1528 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1529 break;
1530 case 0x4b:
1531 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1532 break;
1533 case 0x4c:
1534 kbd_put_keysym('5');
1535 break;
1536 case 0x4d:
1537 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1538 break;
1539 case 0x4f:
1540 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1541 break;
1542 case 0x50:
1543 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1544 break;
1545 case 0x51:
1546 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1547 break;
1548 case 0x52:
1549 kbd_put_keysym('0');
1550 break;
1551 case 0x53:
1552 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1553 break;
1554
1555 case 0xb5:
1556 kbd_put_keysym('/');
1557 break;
1558 case 0x37:
1559 kbd_put_keysym('*');
1560 break;
1561 case 0x4a:
1562 kbd_put_keysym('-');
1563 break;
1564 case 0x4e:
1565 kbd_put_keysym('+');
1566 break;
1567 case 0x9c:
1568 kbd_put_keysym('\n');
1569 break;
1570
1571 default:
1572 kbd_put_keysym(sym);
1573 break;
1574 }
1575 }
1576 }
1577 }
1578
1579 static void key_event(VncState *vs, int down, uint32_t sym)
1580 {
1581 int keycode;
1582 int lsym = sym;
1583
1584 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1585 lsym = lsym - 'A' + 'a';
1586 }
1587
1588 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1589 do_key_event(vs, down, keycode, sym);
1590 }
1591
1592 static void ext_key_event(VncState *vs, int down,
1593 uint32_t sym, uint16_t keycode)
1594 {
1595 /* if the user specifies a keyboard layout, always use it */
1596 if (keyboard_layout)
1597 key_event(vs, down, sym);
1598 else
1599 do_key_event(vs, down, keycode, sym);
1600 }
1601
1602 static void framebuffer_update_request(VncState *vs, int incremental,
1603 int x_position, int y_position,
1604 int w, int h)
1605 {
1606 if (y_position > ds_get_height(vs->ds))
1607 y_position = ds_get_height(vs->ds);
1608 if (y_position + h >= ds_get_height(vs->ds))
1609 h = ds_get_height(vs->ds) - y_position;
1610
1611 int i;
1612 vs->need_update = 1;
1613 if (!incremental) {
1614 vs->force_update = 1;
1615 for (i = 0; i < h; i++) {
1616 vnc_set_bits(vs->dirty[y_position + i],
1617 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1618 }
1619 }
1620 }
1621
1622 static void send_ext_key_event_ack(VncState *vs)
1623 {
1624 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1625 vnc_write_u8(vs, 0);
1626 vnc_write_u16(vs, 1);
1627 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1628 VNC_ENCODING_EXT_KEY_EVENT);
1629 vnc_flush(vs);
1630 }
1631
1632 static void send_ext_audio_ack(VncState *vs)
1633 {
1634 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1635 vnc_write_u8(vs, 0);
1636 vnc_write_u16(vs, 1);
1637 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1638 VNC_ENCODING_AUDIO);
1639 vnc_flush(vs);
1640 }
1641
1642 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1643 {
1644 int i;
1645 unsigned int enc = 0;
1646
1647 vs->features = 0;
1648 vs->vnc_encoding = 0;
1649 vs->tight_compression = 9;
1650 vs->tight_quality = 9;
1651 vs->absolute = -1;
1652
1653 /*
1654 * Start from the end because the encodings are sent in order of preference.
1655 * This way the prefered encoding (first encoding defined in the array)
1656 * will be set at the end of the loop.
1657 */
1658 for (i = n_encodings - 1; i >= 0; i--) {
1659 enc = encodings[i];
1660 switch (enc) {
1661 case VNC_ENCODING_RAW:
1662 vs->vnc_encoding = enc;
1663 break;
1664 case VNC_ENCODING_COPYRECT:
1665 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1666 break;
1667 case VNC_ENCODING_HEXTILE:
1668 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1669 vs->vnc_encoding = enc;
1670 break;
1671 case VNC_ENCODING_ZLIB:
1672 vs->features |= VNC_FEATURE_ZLIB_MASK;
1673 vs->vnc_encoding = enc;
1674 break;
1675 case VNC_ENCODING_DESKTOPRESIZE:
1676 vs->features |= VNC_FEATURE_RESIZE_MASK;
1677 break;
1678 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1679 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1680 break;
1681 case VNC_ENCODING_RICH_CURSOR:
1682 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1683 break;
1684 case VNC_ENCODING_EXT_KEY_EVENT:
1685 send_ext_key_event_ack(vs);
1686 break;
1687 case VNC_ENCODING_AUDIO:
1688 send_ext_audio_ack(vs);
1689 break;
1690 case VNC_ENCODING_WMVi:
1691 vs->features |= VNC_FEATURE_WMVI_MASK;
1692 break;
1693 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1694 vs->tight_compression = (enc & 0x0F);
1695 break;
1696 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1697 vs->tight_quality = (enc & 0x0F);
1698 break;
1699 default:
1700 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1701 break;
1702 }
1703 }
1704 check_pointer_type_change(&vs->mouse_mode_notifier);
1705 }
1706
1707 static void set_pixel_conversion(VncState *vs)
1708 {
1709 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1710 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1711 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1712 vs->write_pixels = vnc_write_pixels_copy;
1713 vnc_hextile_set_pixel_conversion(vs, 0);
1714 } else {
1715 vs->write_pixels = vnc_write_pixels_generic;
1716 vnc_hextile_set_pixel_conversion(vs, 1);
1717 }
1718 }
1719
1720 static void set_pixel_format(VncState *vs,
1721 int bits_per_pixel, int depth,
1722 int big_endian_flag, int true_color_flag,
1723 int red_max, int green_max, int blue_max,
1724 int red_shift, int green_shift, int blue_shift)
1725 {
1726 if (!true_color_flag) {
1727 vnc_client_error(vs);
1728 return;
1729 }
1730
1731 vs->clientds = *(vs->vd->guest.ds);
1732 vs->clientds.pf.rmax = red_max;
1733 count_bits(vs->clientds.pf.rbits, red_max);
1734 vs->clientds.pf.rshift = red_shift;
1735 vs->clientds.pf.rmask = red_max << red_shift;
1736 vs->clientds.pf.gmax = green_max;
1737 count_bits(vs->clientds.pf.gbits, green_max);
1738 vs->clientds.pf.gshift = green_shift;
1739 vs->clientds.pf.gmask = green_max << green_shift;
1740 vs->clientds.pf.bmax = blue_max;
1741 count_bits(vs->clientds.pf.bbits, blue_max);
1742 vs->clientds.pf.bshift = blue_shift;
1743 vs->clientds.pf.bmask = blue_max << blue_shift;
1744 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1745 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1746 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1747 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1748
1749 set_pixel_conversion(vs);
1750
1751 vga_hw_invalidate();
1752 vga_hw_update();
1753 }
1754
1755 static void pixel_format_message (VncState *vs) {
1756 char pad[3] = { 0, 0, 0 };
1757
1758 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1759 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1760
1761 #ifdef HOST_WORDS_BIGENDIAN
1762 vnc_write_u8(vs, 1); /* big-endian-flag */
1763 #else
1764 vnc_write_u8(vs, 0); /* big-endian-flag */
1765 #endif
1766 vnc_write_u8(vs, 1); /* true-color-flag */
1767 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1768 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1769 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1770 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1771 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1772 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1773
1774 vnc_hextile_set_pixel_conversion(vs, 0);
1775
1776 vs->clientds = *(vs->ds->surface);
1777 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1778 vs->write_pixels = vnc_write_pixels_copy;
1779
1780 vnc_write(vs, pad, 3); /* padding */
1781 }
1782
1783 static void vnc_dpy_setdata(DisplayState *ds)
1784 {
1785 /* We don't have to do anything */
1786 }
1787
1788 static void vnc_colordepth(VncState *vs)
1789 {
1790 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1791 /* Sending a WMVi message to notify the client*/
1792 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1793 vnc_write_u8(vs, 0);
1794 vnc_write_u16(vs, 1); /* number of rects */
1795 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1796 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1797 pixel_format_message(vs);
1798 vnc_flush(vs);
1799 } else {
1800 set_pixel_conversion(vs);
1801 }
1802 }
1803
1804 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1805 {
1806 int i;
1807 uint16_t limit;
1808 VncDisplay *vd = vs->vd;
1809
1810 if (data[0] > 3) {
1811 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1812 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1813 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1814 }
1815
1816 switch (data[0]) {
1817 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1818 if (len == 1)
1819 return 20;
1820
1821 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1822 read_u8(data, 6), read_u8(data, 7),
1823 read_u16(data, 8), read_u16(data, 10),
1824 read_u16(data, 12), read_u8(data, 14),
1825 read_u8(data, 15), read_u8(data, 16));
1826 break;
1827 case VNC_MSG_CLIENT_SET_ENCODINGS:
1828 if (len == 1)
1829 return 4;
1830
1831 if (len == 4) {
1832 limit = read_u16(data, 2);
1833 if (limit > 0)
1834 return 4 + (limit * 4);
1835 } else
1836 limit = read_u16(data, 2);
1837
1838 for (i = 0; i < limit; i++) {
1839 int32_t val = read_s32(data, 4 + (i * 4));
1840 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1841 }
1842
1843 set_encodings(vs, (int32_t *)(data + 4), limit);
1844 break;
1845 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1846 if (len == 1)
1847 return 10;
1848
1849 framebuffer_update_request(vs,
1850 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1851 read_u16(data, 6), read_u16(data, 8));
1852 break;
1853 case VNC_MSG_CLIENT_KEY_EVENT:
1854 if (len == 1)
1855 return 8;
1856
1857 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1858 break;
1859 case VNC_MSG_CLIENT_POINTER_EVENT:
1860 if (len == 1)
1861 return 6;
1862
1863 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1864 break;
1865 case VNC_MSG_CLIENT_CUT_TEXT:
1866 if (len == 1)
1867 return 8;
1868
1869 if (len == 8) {
1870 uint32_t dlen = read_u32(data, 4);
1871 if (dlen > 0)
1872 return 8 + dlen;
1873 }
1874
1875 client_cut_text(vs, read_u32(data, 4), data + 8);
1876 break;
1877 case VNC_MSG_CLIENT_QEMU:
1878 if (len == 1)
1879 return 2;
1880
1881 switch (read_u8(data, 1)) {
1882 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1883 if (len == 2)
1884 return 12;
1885
1886 ext_key_event(vs, read_u16(data, 2),
1887 read_u32(data, 4), read_u32(data, 8));
1888 break;
1889 case VNC_MSG_CLIENT_QEMU_AUDIO:
1890 if (len == 2)
1891 return 4;
1892
1893 switch (read_u16 (data, 2)) {
1894 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1895 audio_add(vs);
1896 break;
1897 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1898 audio_del(vs);
1899 break;
1900 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1901 if (len == 4)
1902 return 10;
1903 switch (read_u8(data, 4)) {
1904 case 0: vs->as.fmt = AUD_FMT_U8; break;
1905 case 1: vs->as.fmt = AUD_FMT_S8; break;
1906 case 2: vs->as.fmt = AUD_FMT_U16; break;
1907 case 3: vs->as.fmt = AUD_FMT_S16; break;
1908 case 4: vs->as.fmt = AUD_FMT_U32; break;
1909 case 5: vs->as.fmt = AUD_FMT_S32; break;
1910 default:
1911 printf("Invalid audio format %d\n", read_u8(data, 4));
1912 vnc_client_error(vs);
1913 break;
1914 }
1915 vs->as.nchannels = read_u8(data, 5);
1916 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1917 printf("Invalid audio channel coount %d\n",
1918 read_u8(data, 5));
1919 vnc_client_error(vs);
1920 break;
1921 }
1922 vs->as.freq = read_u32(data, 6);
1923 break;
1924 default:
1925 printf ("Invalid audio message %d\n", read_u8(data, 4));
1926 vnc_client_error(vs);
1927 break;
1928 }
1929 break;
1930
1931 default:
1932 printf("Msg: %d\n", read_u16(data, 0));
1933 vnc_client_error(vs);
1934 break;
1935 }
1936 break;
1937 default:
1938 printf("Msg: %d\n", data[0]);
1939 vnc_client_error(vs);
1940 break;
1941 }
1942
1943 vnc_read_when(vs, protocol_client_msg, 1);
1944 return 0;
1945 }
1946
1947 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1948 {
1949 char buf[1024];
1950 int size;
1951
1952 vnc_write_u16(vs, ds_get_width(vs->ds));
1953 vnc_write_u16(vs, ds_get_height(vs->ds));
1954
1955 pixel_format_message(vs);
1956
1957 if (qemu_name)
1958 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1959 else
1960 size = snprintf(buf, sizeof(buf), "QEMU");
1961
1962 vnc_write_u32(vs, size);
1963 vnc_write(vs, buf, size);
1964 vnc_flush(vs);
1965
1966 vnc_client_cache_auth(vs);
1967 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
1968
1969 vnc_read_when(vs, protocol_client_msg, 1);
1970
1971 return 0;
1972 }
1973
1974 void start_client_init(VncState *vs)
1975 {
1976 vnc_read_when(vs, protocol_client_init, 1);
1977 }
1978
1979 static void make_challenge(VncState *vs)
1980 {
1981 int i;
1982
1983 srand(time(NULL)+getpid()+getpid()*987654+rand());
1984
1985 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1986 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1987 }
1988
1989 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1990 {
1991 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1992 int i, j, pwlen;
1993 unsigned char key[8];
1994
1995 if (!vs->vd->password || !vs->vd->password[0]) {
1996 VNC_DEBUG("No password configured on server");
1997 vnc_write_u32(vs, 1); /* Reject auth */
1998 if (vs->minor >= 8) {
1999 static const char err[] = "Authentication failed";
2000 vnc_write_u32(vs, sizeof(err));
2001 vnc_write(vs, err, sizeof(err));
2002 }
2003 vnc_flush(vs);
2004 vnc_client_error(vs);
2005 return 0;
2006 }
2007
2008 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2009
2010 /* Calculate the expected challenge response */
2011 pwlen = strlen(vs->vd->password);
2012 for (i=0; i<sizeof(key); i++)
2013 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2014 deskey(key, EN0);
2015 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2016 des(response+j, response+j);
2017
2018 /* Compare expected vs actual challenge response */
2019 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2020 VNC_DEBUG("Client challenge reponse did not match\n");
2021 vnc_write_u32(vs, 1); /* Reject auth */
2022 if (vs->minor >= 8) {
2023 static const char err[] = "Authentication failed";
2024 vnc_write_u32(vs, sizeof(err));
2025 vnc_write(vs, err, sizeof(err));
2026 }
2027 vnc_flush(vs);
2028 vnc_client_error(vs);
2029 } else {
2030 VNC_DEBUG("Accepting VNC challenge response\n");
2031 vnc_write_u32(vs, 0); /* Accept auth */
2032 vnc_flush(vs);
2033
2034 start_client_init(vs);
2035 }
2036 return 0;
2037 }
2038
2039 void start_auth_vnc(VncState *vs)
2040 {
2041 make_challenge(vs);
2042 /* Send client a 'random' challenge */
2043 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2044 vnc_flush(vs);
2045
2046 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2047 }
2048
2049
2050 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2051 {
2052 /* We only advertise 1 auth scheme at a time, so client
2053 * must pick the one we sent. Verify this */
2054 if (data[0] != vs->vd->auth) { /* Reject auth */
2055 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2056 vnc_write_u32(vs, 1);
2057 if (vs->minor >= 8) {
2058 static const char err[] = "Authentication failed";
2059 vnc_write_u32(vs, sizeof(err));
2060 vnc_write(vs, err, sizeof(err));
2061 }
2062 vnc_client_error(vs);
2063 } else { /* Accept requested auth */
2064 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2065 switch (vs->vd->auth) {
2066 case VNC_AUTH_NONE:
2067 VNC_DEBUG("Accept auth none\n");
2068 if (vs->minor >= 8) {
2069 vnc_write_u32(vs, 0); /* Accept auth completion */
2070 vnc_flush(vs);
2071 }
2072 start_client_init(vs);
2073 break;
2074
2075 case VNC_AUTH_VNC:
2076 VNC_DEBUG("Start VNC auth\n");
2077 start_auth_vnc(vs);
2078 break;
2079
2080 #ifdef CONFIG_VNC_TLS
2081 case VNC_AUTH_VENCRYPT:
2082 VNC_DEBUG("Accept VeNCrypt auth\n");;
2083 start_auth_vencrypt(vs);
2084 break;
2085 #endif /* CONFIG_VNC_TLS */
2086
2087 #ifdef CONFIG_VNC_SASL
2088 case VNC_AUTH_SASL:
2089 VNC_DEBUG("Accept SASL auth\n");
2090 start_auth_sasl(vs);
2091 break;
2092 #endif /* CONFIG_VNC_SASL */
2093
2094 default: /* Should not be possible, but just in case */
2095 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2096 vnc_write_u8(vs, 1);
2097 if (vs->minor >= 8) {
2098 static const char err[] = "Authentication failed";
2099 vnc_write_u32(vs, sizeof(err));
2100 vnc_write(vs, err, sizeof(err));
2101 }
2102 vnc_client_error(vs);
2103 }
2104 }
2105 return 0;
2106 }
2107
2108 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2109 {
2110 char local[13];
2111
2112 memcpy(local, version, 12);
2113 local[12] = 0;
2114
2115 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2116 VNC_DEBUG("Malformed protocol version %s\n", local);
2117 vnc_client_error(vs);
2118 return 0;
2119 }
2120 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2121 if (vs->major != 3 ||
2122 (vs->minor != 3 &&
2123 vs->minor != 4 &&
2124 vs->minor != 5 &&
2125 vs->minor != 7 &&
2126 vs->minor != 8)) {
2127 VNC_DEBUG("Unsupported client version\n");
2128 vnc_write_u32(vs, VNC_AUTH_INVALID);
2129 vnc_flush(vs);
2130 vnc_client_error(vs);
2131 return 0;
2132 }
2133 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2134 * as equivalent to v3.3 by servers
2135 */
2136 if (vs->minor == 4 || vs->minor == 5)
2137 vs->minor = 3;
2138
2139 if (vs->minor == 3) {
2140 if (vs->vd->auth == VNC_AUTH_NONE) {
2141 VNC_DEBUG("Tell client auth none\n");
2142 vnc_write_u32(vs, vs->vd->auth);
2143 vnc_flush(vs);
2144 start_client_init(vs);
2145 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2146 VNC_DEBUG("Tell client VNC auth\n");
2147 vnc_write_u32(vs, vs->vd->auth);
2148 vnc_flush(vs);
2149 start_auth_vnc(vs);
2150 } else {
2151 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2152 vnc_write_u32(vs, VNC_AUTH_INVALID);
2153 vnc_flush(vs);
2154 vnc_client_error(vs);
2155 }
2156 } else {
2157 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2158 vnc_write_u8(vs, 1); /* num auth */
2159 vnc_write_u8(vs, vs->vd->auth);
2160 vnc_read_when(vs, protocol_client_auth, 1);
2161 vnc_flush(vs);
2162 }
2163
2164 return 0;
2165 }
2166
2167 static int vnc_refresh_server_surface(VncDisplay *vd)
2168 {
2169 int y;
2170 uint8_t *guest_row;
2171 uint8_t *server_row;
2172 int cmp_bytes;
2173 uint32_t width_mask[VNC_DIRTY_WORDS];
2174 VncState *vs;
2175 int has_dirty = 0;
2176
2177 /*
2178 * Walk through the guest dirty map.
2179 * Check and copy modified bits from guest to server surface.
2180 * Update server dirty map.
2181 */
2182 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2183 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2184 guest_row = vd->guest.ds->data;
2185 server_row = vd->server->data;
2186 for (y = 0; y < vd->guest.ds->height; y++) {
2187 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2188 int x;
2189 uint8_t *guest_ptr;
2190 uint8_t *server_ptr;
2191
2192 guest_ptr = guest_row;
2193 server_ptr = server_row;
2194
2195 for (x = 0; x < vd->guest.ds->width;
2196 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2197 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2198 continue;
2199 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2200 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2201 continue;
2202 memcpy(server_ptr, guest_ptr, cmp_bytes);
2203 QTAILQ_FOREACH(vs, &vd->clients, next) {
2204 vnc_set_bit(vs->dirty[y], (x / 16));
2205 }
2206 has_dirty++;
2207 }
2208 }
2209 guest_row += ds_get_linesize(vd->ds);
2210 server_row += ds_get_linesize(vd->ds);
2211 }
2212 return has_dirty;
2213 }
2214
2215 static void vnc_refresh(void *opaque)
2216 {
2217 VncDisplay *vd = opaque;
2218 VncState *vs, *vn;
2219 int has_dirty, rects = 0;
2220
2221 vga_hw_update();
2222
2223 has_dirty = vnc_refresh_server_surface(vd);
2224
2225 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2226 rects += vnc_update_client(vs, has_dirty);
2227 /* vs might be free()ed here */
2228 }
2229 /* vd->timer could be NULL now if the last client disconnected,
2230 * in this case don't update the timer */
2231 if (vd->timer == NULL)
2232 return;
2233
2234 if (has_dirty && rects) {
2235 vd->timer_interval /= 2;
2236 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2237 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2238 } else {
2239 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2240 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2241 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2242 }
2243 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2244 }
2245
2246 static void vnc_init_timer(VncDisplay *vd)
2247 {
2248 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2249 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2250 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2251 vnc_refresh(vd);
2252 }
2253 }
2254
2255 static void vnc_remove_timer(VncDisplay *vd)
2256 {
2257 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2258 qemu_del_timer(vd->timer);
2259 qemu_free_timer(vd->timer);
2260 vd->timer = NULL;
2261 }
2262 }
2263
2264 static void vnc_connect(VncDisplay *vd, int csock)
2265 {
2266 VncState *vs = qemu_mallocz(sizeof(VncState));
2267 vs->csock = csock;
2268
2269 VNC_DEBUG("New client on socket %d\n", csock);
2270 dcl->idle = 0;
2271 socket_set_nonblock(vs->csock);
2272 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2273
2274 vnc_client_cache_addr(vs);
2275 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2276
2277 vs->vd = vd;
2278 vs->ds = vd->ds;
2279 vs->last_x = -1;
2280 vs->last_y = -1;
2281
2282 vs->as.freq = 44100;
2283 vs->as.nchannels = 2;
2284 vs->as.fmt = AUD_FMT_S16;
2285 vs->as.endianness = 0;
2286
2287 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2288
2289 vga_hw_update();
2290
2291 vnc_write(vs, "RFB 003.008\n", 12);
2292 vnc_flush(vs);
2293 vnc_read_when(vs, protocol_version, 12);
2294 reset_keys(vs);
2295 if (vs->vd->lock_key_sync)
2296 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2297
2298 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2299 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2300
2301 vnc_init_timer(vd);
2302
2303 /* vs might be free()ed here */
2304 }
2305
2306 static void vnc_listen_read(void *opaque)
2307 {
2308 VncDisplay *vs = opaque;
2309 struct sockaddr_in addr;
2310 socklen_t addrlen = sizeof(addr);
2311
2312 /* Catch-up */
2313 vga_hw_update();
2314
2315 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2316 if (csock != -1) {
2317 vnc_connect(vs, csock);
2318 }
2319 }
2320
2321 void vnc_display_init(DisplayState *ds)
2322 {
2323 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2324
2325 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2326
2327 ds->opaque = vs;
2328 dcl->idle = 1;
2329 vnc_display = vs;
2330
2331 vs->lsock = -1;
2332
2333 vs->ds = ds;
2334 QTAILQ_INIT(&vs->clients);
2335
2336 if (keyboard_layout)
2337 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2338 else
2339 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2340
2341 if (!vs->kbd_layout)
2342 exit(1);
2343
2344 dcl->dpy_copy = vnc_dpy_copy;
2345 dcl->dpy_update = vnc_dpy_update;
2346 dcl->dpy_resize = vnc_dpy_resize;
2347 dcl->dpy_setdata = vnc_dpy_setdata;
2348 register_displaychangelistener(ds, dcl);
2349 ds->mouse_set = vnc_mouse_set;
2350 ds->cursor_define = vnc_dpy_cursor_define;
2351 }
2352
2353
2354 void vnc_display_close(DisplayState *ds)
2355 {
2356 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2357
2358 if (!vs)
2359 return;
2360 if (vs->display) {
2361 qemu_free(vs->display);
2362 vs->display = NULL;
2363 }
2364 if (vs->lsock != -1) {
2365 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2366 close(vs->lsock);
2367 vs->lsock = -1;
2368 }
2369 vs->auth = VNC_AUTH_INVALID;
2370 #ifdef CONFIG_VNC_TLS
2371 vs->subauth = VNC_AUTH_INVALID;
2372 vs->tls.x509verify = 0;
2373 #endif
2374 }
2375
2376 int vnc_display_password(DisplayState *ds, const char *password)
2377 {
2378 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2379
2380 if (!vs) {
2381 return -1;
2382 }
2383
2384 if (vs->password) {
2385 qemu_free(vs->password);
2386 vs->password = NULL;
2387 }
2388 if (password && password[0]) {
2389 if (!(vs->password = qemu_strdup(password)))
2390 return -1;
2391 if (vs->auth == VNC_AUTH_NONE) {
2392 vs->auth = VNC_AUTH_VNC;
2393 }
2394 } else {
2395 vs->auth = VNC_AUTH_NONE;
2396 }
2397
2398 return 0;
2399 }
2400
2401 char *vnc_display_local_addr(DisplayState *ds)
2402 {
2403 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2404
2405 return vnc_socket_local_addr("%s:%s", vs->lsock);
2406 }
2407
2408 int vnc_display_open(DisplayState *ds, const char *display)
2409 {
2410 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2411 const char *options;
2412 int password = 0;
2413 int reverse = 0;
2414 #ifdef CONFIG_VNC_TLS
2415 int tls = 0, x509 = 0;
2416 #endif
2417 #ifdef CONFIG_VNC_SASL
2418 int sasl = 0;
2419 int saslErr;
2420 #endif
2421 int acl = 0;
2422 int lock_key_sync = 1;
2423
2424 if (!vnc_display)
2425 return -1;
2426 vnc_display_close(ds);
2427 if (strcmp(display, "none") == 0)
2428 return 0;
2429
2430 if (!(vs->display = strdup(display)))
2431 return -1;
2432
2433 options = display;
2434 while ((options = strchr(options, ','))) {
2435 options++;
2436 if (strncmp(options, "password", 8) == 0) {
2437 password = 1; /* Require password auth */
2438 } else if (strncmp(options, "reverse", 7) == 0) {
2439 reverse = 1;
2440 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2441 lock_key_sync = 0;
2442 #ifdef CONFIG_VNC_SASL
2443 } else if (strncmp(options, "sasl", 4) == 0) {
2444 sasl = 1; /* Require SASL auth */
2445 #endif
2446 #ifdef CONFIG_VNC_TLS
2447 } else if (strncmp(options, "tls", 3) == 0) {
2448 tls = 1; /* Require TLS */
2449 } else if (strncmp(options, "x509", 4) == 0) {
2450 char *start, *end;
2451 x509 = 1; /* Require x509 certificates */
2452 if (strncmp(options, "x509verify", 10) == 0)
2453 vs->tls.x509verify = 1; /* ...and verify client certs */
2454
2455 /* Now check for 'x509=/some/path' postfix
2456 * and use that to setup x509 certificate/key paths */
2457 start = strchr(options, '=');
2458 end = strchr(options, ',');
2459 if (start && (!end || (start < end))) {
2460 int len = end ? end-(start+1) : strlen(start+1);
2461 char *path = qemu_strndup(start + 1, len);
2462
2463 VNC_DEBUG("Trying certificate path '%s'\n", path);
2464 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2465 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2466 qemu_free(path);
2467 qemu_free(vs->display);
2468 vs->display = NULL;
2469 return -1;
2470 }
2471 qemu_free(path);
2472 } else {
2473 fprintf(stderr, "No certificate path provided\n");
2474 qemu_free(vs->display);
2475 vs->display = NULL;
2476 return -1;
2477 }
2478 #endif
2479 } else if (strncmp(options, "acl", 3) == 0) {
2480 acl = 1;
2481 }
2482 }
2483
2484 #ifdef CONFIG_VNC_TLS
2485 if (acl && x509 && vs->tls.x509verify) {
2486 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2487 fprintf(stderr, "Failed to create x509 dname ACL\n");
2488 exit(1);
2489 }
2490 }
2491 #endif
2492 #ifdef CONFIG_VNC_SASL
2493 if (acl && sasl) {
2494 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2495 fprintf(stderr, "Failed to create username ACL\n");
2496 exit(1);
2497 }
2498 }
2499 #endif
2500
2501 /*
2502 * Combinations we support here:
2503 *
2504 * - no-auth (clear text, no auth)
2505 * - password (clear text, weak auth)
2506 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2507 * - tls (encrypt, weak anonymous creds, no auth)
2508 * - tls + password (encrypt, weak anonymous creds, weak auth)
2509 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2510 * - tls + x509 (encrypt, good x509 creds, no auth)
2511 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2512 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2513 *
2514 * NB1. TLS is a stackable auth scheme.
2515 * NB2. the x509 schemes have option to validate a client cert dname
2516 */
2517 if (password) {
2518 #ifdef CONFIG_VNC_TLS
2519 if (tls) {
2520 vs->auth = VNC_AUTH_VENCRYPT;
2521 if (x509) {
2522 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2523 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2524 } else {
2525 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2526 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2527 }
2528 } else {
2529 #endif /* CONFIG_VNC_TLS */
2530 VNC_DEBUG("Initializing VNC server with password auth\n");
2531 vs->auth = VNC_AUTH_VNC;
2532 #ifdef CONFIG_VNC_TLS
2533 vs->subauth = VNC_AUTH_INVALID;
2534 }
2535 #endif /* CONFIG_VNC_TLS */
2536 #ifdef CONFIG_VNC_SASL
2537 } else if (sasl) {
2538 #ifdef CONFIG_VNC_TLS
2539 if (tls) {
2540 vs->auth = VNC_AUTH_VENCRYPT;
2541 if (x509) {
2542 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2543 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2544 } else {
2545 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2546 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2547 }
2548 } else {
2549 #endif /* CONFIG_VNC_TLS */
2550 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2551 vs->auth = VNC_AUTH_SASL;
2552 #ifdef CONFIG_VNC_TLS
2553 vs->subauth = VNC_AUTH_INVALID;
2554 }
2555 #endif /* CONFIG_VNC_TLS */
2556 #endif /* CONFIG_VNC_SASL */
2557 } else {
2558 #ifdef CONFIG_VNC_TLS
2559 if (tls) {
2560 vs->auth = VNC_AUTH_VENCRYPT;
2561 if (x509) {
2562 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2563 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2564 } else {
2565 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2566 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2567 }
2568 } else {
2569 #endif
2570 VNC_DEBUG("Initializing VNC server with no auth\n");
2571 vs->auth = VNC_AUTH_NONE;
2572 #ifdef CONFIG_VNC_TLS
2573 vs->subauth = VNC_AUTH_INVALID;
2574 }
2575 #endif
2576 }
2577
2578 #ifdef CONFIG_VNC_SASL
2579 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2580 fprintf(stderr, "Failed to initialize SASL auth %s",
2581 sasl_errstring(saslErr, NULL, NULL));
2582 free(vs->display);
2583 vs->display = NULL;
2584 return -1;
2585 }
2586 #endif
2587 vs->lock_key_sync = lock_key_sync;
2588
2589 if (reverse) {
2590 /* connect to viewer */
2591 if (strncmp(display, "unix:", 5) == 0)
2592 vs->lsock = unix_connect(display+5);
2593 else
2594 vs->lsock = inet_connect(display, SOCK_STREAM);
2595 if (-1 == vs->lsock) {
2596 free(vs->display);
2597 vs->display = NULL;
2598 return -1;
2599 } else {
2600 int csock = vs->lsock;
2601 vs->lsock = -1;
2602 vnc_connect(vs, csock);
2603 }
2604 return 0;
2605
2606 } else {
2607 /* listen for connects */
2608 char *dpy;
2609 dpy = qemu_malloc(256);
2610 if (strncmp(display, "unix:", 5) == 0) {
2611 pstrcpy(dpy, 256, "unix:");
2612 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2613 } else {
2614 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2615 }
2616 if (-1 == vs->lsock) {
2617 free(dpy);
2618 return -1;
2619 } else {
2620 free(vs->display);
2621 vs->display = dpy;
2622 }
2623 }
2624 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2625 }
Qemu copy for testing