]> git.proxmox.com Git - mirror_qemu.git/blob - vnc.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vnc: return the number of rectangles
[mirror_qemu.git] / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static int vnc_cursor_define(VncState *vs);
53
54 static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
56 socklen_t salen) {
57 char *addr;
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
60 int err;
61 size_t addrlen;
62
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
64 host, sizeof(host),
65 serv, sizeof(serv),
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
69 return NULL;
70 }
71
72 /* Enough for the existing format + the 2 vars we're
73 * substituting in. */
74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
77 addr[addrlen] = '\0';
78
79 return addr;
80 }
81
82
83 char *vnc_socket_local_addr(const char *format, int fd) {
84 struct sockaddr_storage sa;
85 socklen_t salen;
86
87 salen = sizeof(sa);
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89 return NULL;
90
91 return addr_to_string(format, &sa, salen);
92 }
93
94 char *vnc_socket_remote_addr(const char *format, int fd) {
95 struct sockaddr_storage sa;
96 socklen_t salen;
97
98 salen = sizeof(sa);
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100 return NULL;
101
102 return addr_to_string(format, &sa, salen);
103 }
104
105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106 socklen_t salen)
107 {
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
110 int err;
111
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
113 host, sizeof(host),
114 serv, sizeof(serv),
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
118 return -1;
119 }
120
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
124
125 return 0;
126 }
127
128 static int vnc_server_addr_put(QDict *qdict, int fd)
129 {
130 struct sockaddr_storage sa;
131 socklen_t salen;
132
133 salen = sizeof(sa);
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135 return -1;
136 }
137
138 return put_addr_qdict(qdict, &sa, salen);
139 }
140
141 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142 {
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148 return -1;
149 }
150
151 return put_addr_qdict(qdict, &sa, salen);
152 }
153
154 static const char *vnc_auth_name(VncDisplay *vd) {
155 switch (vd->auth) {
156 case VNC_AUTH_INVALID:
157 return "invalid";
158 case VNC_AUTH_NONE:
159 return "none";
160 case VNC_AUTH_VNC:
161 return "vnc";
162 case VNC_AUTH_RA2:
163 return "ra2";
164 case VNC_AUTH_RA2NE:
165 return "ra2ne";
166 case VNC_AUTH_TIGHT:
167 return "tight";
168 case VNC_AUTH_ULTRA:
169 return "ultra";
170 case VNC_AUTH_TLS:
171 return "tls";
172 case VNC_AUTH_VENCRYPT:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
193 default:
194 return "vencrypt";
195 }
196 #else
197 return "vencrypt";
198 #endif
199 case VNC_AUTH_SASL:
200 return "sasl";
201 }
202 return "unknown";
203 }
204
205 static int vnc_server_info_put(QDict *qdict)
206 {
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208 return -1;
209 }
210
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212 return 0;
213 }
214
215 static void vnc_client_cache_auth(VncState *client)
216 {
217 QDict *qdict;
218
219 if (!client->info) {
220 return;
221 }
222
223 qdict = qobject_to_qdict(client->info);
224
225 #ifdef CONFIG_VNC_TLS
226 if (client->tls.session &&
227 client->tls.dname) {
228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229 }
230 #endif
231 #ifdef CONFIG_VNC_SASL
232 if (client->sasl.conn &&
233 client->sasl.username) {
234 qdict_put(qdict, "sasl_username",
235 qstring_from_str(client->sasl.username));
236 }
237 #endif
238 }
239
240 static void vnc_client_cache_addr(VncState *client)
241 {
242 QDict *qdict;
243
244 qdict = qdict_new();
245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246 QDECREF(qdict);
247 /* XXX: how to report the error? */
248 return;
249 }
250
251 client->info = QOBJECT(qdict);
252 }
253
254 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255 {
256 QDict *server;
257 QObject *data;
258
259 if (!vs->info) {
260 return;
261 }
262
263 server = qdict_new();
264 if (vnc_server_info_put(server) < 0) {
265 QDECREF(server);
266 return;
267 }
268
269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs->info, QOBJECT(server));
271
272 monitor_protocol_event(event, data);
273
274 qobject_incref(vs->info);
275 qobject_decref(data);
276 }
277
278 static void info_vnc_iter(QObject *obj, void *opaque)
279 {
280 QDict *client;
281 Monitor *mon = opaque;
282
283 client = qobject_to_qdict(obj);
284 monitor_printf(mon, "Client:\n");
285 monitor_printf(mon, " address: %s:%s\n",
286 qdict_get_str(client, "host"),
287 qdict_get_str(client, "service"));
288
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon, " x509_dname: %s\n",
291 qdict_haskey(client, "x509_dname") ?
292 qdict_get_str(client, "x509_dname") : "none");
293 #endif
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon, " username: %s\n",
296 qdict_haskey(client, "sasl_username") ?
297 qdict_get_str(client, "sasl_username") : "none");
298 #endif
299 }
300
301 void do_info_vnc_print(Monitor *mon, const QObject *data)
302 {
303 QDict *server;
304 QList *clients;
305
306 server = qobject_to_qdict(data);
307 if (qdict_get_bool(server, "enabled") == 0) {
308 monitor_printf(mon, "Server: disabled\n");
309 return;
310 }
311
312 monitor_printf(mon, "Server:\n");
313 monitor_printf(mon, " address: %s:%s\n",
314 qdict_get_str(server, "host"),
315 qdict_get_str(server, "service"));
316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
317
318 clients = qdict_get_qlist(server, "clients");
319 if (qlist_empty(clients)) {
320 monitor_printf(mon, "Client: none\n");
321 } else {
322 qlist_iter(clients, info_vnc_iter, mon);
323 }
324 }
325
326 /**
327 * do_info_vnc(): Show VNC server information
328 *
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
331 *
332 * The main QDict contains the following:
333 *
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
340 *
341 * Clients are described by a QDict, with the following information:
342 *
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
348 *
349 * Example:
350 *
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
352 * "family": "ipv4",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
354 */
355 void do_info_vnc(Monitor *mon, QObject **ret_data)
356 {
357 if (vnc_display == NULL || vnc_display->display == NULL) {
358 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
359 } else {
360 QList *clist;
361 VncState *client;
362
363 clist = qlist_new();
364 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
365 if (client->info) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client->info);
368 qlist_append_obj(clist, client->info);
369 }
370 }
371
372 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
373 QOBJECT(clist));
374 assert(*ret_data != NULL);
375
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
377 qobject_decref(*ret_data);
378 *ret_data = NULL;
379 }
380 }
381 }
382
383 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
384 return (vs->features & (1 << feature));
385 }
386
387 /* TODO
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
392 */
393
394 static int vnc_update_client(VncState *vs, int has_dirty);
395 static void vnc_disconnect_start(VncState *vs);
396 static void vnc_disconnect_finish(VncState *vs);
397 static void vnc_init_timer(VncDisplay *vd);
398 static void vnc_remove_timer(VncDisplay *vd);
399
400 static void vnc_colordepth(VncState *vs);
401 static void framebuffer_update_request(VncState *vs, int incremental,
402 int x_position, int y_position,
403 int w, int h);
404 static void vnc_refresh(void *opaque);
405 static int vnc_refresh_server_surface(VncDisplay *vd);
406
407 static inline void vnc_set_bit(uint32_t *d, int k)
408 {
409 d[k >> 5] |= 1 << (k & 0x1f);
410 }
411
412 static inline void vnc_clear_bit(uint32_t *d, int k)
413 {
414 d[k >> 5] &= ~(1 << (k & 0x1f));
415 }
416
417 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
418 {
419 int j;
420
421 j = 0;
422 while (n >= 32) {
423 d[j++] = -1;
424 n -= 32;
425 }
426 if (n > 0)
427 d[j++] = (1 << n) - 1;
428 while (j < nb_words)
429 d[j++] = 0;
430 }
431
432 static inline int vnc_get_bit(const uint32_t *d, int k)
433 {
434 return (d[k >> 5] >> (k & 0x1f)) & 1;
435 }
436
437 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
438 int nb_words)
439 {
440 int i;
441 for(i = 0; i < nb_words; i++) {
442 if ((d1[i] & d2[i]) != 0)
443 return 1;
444 }
445 return 0;
446 }
447
448 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
449 {
450 int i;
451 VncDisplay *vd = ds->opaque;
452 struct VncSurface *s = &vd->guest;
453
454 h += y;
455
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
459 */
460 w += (x % 16);
461 x -= (x % 16);
462
463 x = MIN(x, s->ds->width);
464 y = MIN(y, s->ds->height);
465 w = MIN(x + w, s->ds->width) - x;
466 h = MIN(h, s->ds->height);
467
468 for (; y < h; y++)
469 for (i = 0; i < w; i += 16)
470 vnc_set_bit(s->dirty[y], (x + i) / 16);
471 }
472
473 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
474 int32_t encoding)
475 {
476 vnc_write_u16(vs, x);
477 vnc_write_u16(vs, y);
478 vnc_write_u16(vs, w);
479 vnc_write_u16(vs, h);
480
481 vnc_write_s32(vs, encoding);
482 }
483
484 void buffer_reserve(Buffer *buffer, size_t len)
485 {
486 if ((buffer->capacity - buffer->offset) < len) {
487 buffer->capacity += (len + 1024);
488 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
489 if (buffer->buffer == NULL) {
490 fprintf(stderr, "vnc: out of memory\n");
491 exit(1);
492 }
493 }
494 }
495
496 int buffer_empty(Buffer *buffer)
497 {
498 return buffer->offset == 0;
499 }
500
501 uint8_t *buffer_end(Buffer *buffer)
502 {
503 return buffer->buffer + buffer->offset;
504 }
505
506 void buffer_reset(Buffer *buffer)
507 {
508 buffer->offset = 0;
509 }
510
511 void buffer_free(Buffer *buffer)
512 {
513 qemu_free(buffer->buffer);
514 buffer->offset = 0;
515 buffer->capacity = 0;
516 buffer->buffer = NULL;
517 }
518
519 void buffer_append(Buffer *buffer, const void *data, size_t len)
520 {
521 memcpy(buffer->buffer + buffer->offset, data, len);
522 buffer->offset += len;
523 }
524
525 static void vnc_dpy_resize(DisplayState *ds)
526 {
527 int size_changed;
528 VncDisplay *vd = ds->opaque;
529 VncState *vs;
530
531 /* server surface */
532 if (!vd->server)
533 vd->server = qemu_mallocz(sizeof(*vd->server));
534 if (vd->server->data)
535 qemu_free(vd->server->data);
536 *(vd->server) = *(ds->surface);
537 vd->server->data = qemu_mallocz(vd->server->linesize *
538 vd->server->height);
539
540 /* guest surface */
541 if (!vd->guest.ds)
542 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
543 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
544 console_color_init(ds);
545 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
546 ds_get_height(ds) != vd->guest.ds->height;
547 *(vd->guest.ds) = *(ds->surface);
548 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
549
550 QTAILQ_FOREACH(vs, &vd->clients, next) {
551 vnc_colordepth(vs);
552 if (size_changed) {
553 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
554 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
555 vnc_write_u8(vs, 0);
556 vnc_write_u16(vs, 1); /* number of rects */
557 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
558 VNC_ENCODING_DESKTOPRESIZE);
559 vnc_flush(vs);
560 }
561 }
562 if (vs->vd->cursor) {
563 vnc_cursor_define(vs);
564 }
565 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
566 }
567 }
568
569 /* fastest code */
570 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
571 void *pixels, int size)
572 {
573 vnc_write(vs, pixels, size);
574 }
575
576 /* slowest but generic code. */
577 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
578 {
579 uint8_t r, g, b;
580 VncDisplay *vd = vs->vd;
581
582 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
583 vd->server->pf.rbits);
584 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
585 vd->server->pf.gbits);
586 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
587 vd->server->pf.bbits);
588 v = (r << vs->clientds.pf.rshift) |
589 (g << vs->clientds.pf.gshift) |
590 (b << vs->clientds.pf.bshift);
591 switch(vs->clientds.pf.bytes_per_pixel) {
592 case 1:
593 buf[0] = v;
594 break;
595 case 2:
596 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
597 buf[0] = v >> 8;
598 buf[1] = v;
599 } else {
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 default:
605 case 4:
606 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
607 buf[0] = v >> 24;
608 buf[1] = v >> 16;
609 buf[2] = v >> 8;
610 buf[3] = v;
611 } else {
612 buf[3] = v >> 24;
613 buf[2] = v >> 16;
614 buf[1] = v >> 8;
615 buf[0] = v;
616 }
617 break;
618 }
619 }
620
621 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
622 void *pixels1, int size)
623 {
624 uint8_t buf[4];
625
626 if (pf->bytes_per_pixel == 4) {
627 uint32_t *pixels = pixels1;
628 int n, i;
629 n = size >> 2;
630 for(i = 0; i < n; i++) {
631 vnc_convert_pixel(vs, buf, pixels[i]);
632 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
633 }
634 } else if (pf->bytes_per_pixel == 2) {
635 uint16_t *pixels = pixels1;
636 int n, i;
637 n = size >> 1;
638 for(i = 0; i < n; i++) {
639 vnc_convert_pixel(vs, buf, pixels[i]);
640 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
641 }
642 } else if (pf->bytes_per_pixel == 1) {
643 uint8_t *pixels = pixels1;
644 int n, i;
645 n = size;
646 for(i = 0; i < n; i++) {
647 vnc_convert_pixel(vs, buf, pixels[i]);
648 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
649 }
650 } else {
651 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
652 }
653 }
654
655 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
656 {
657 int i;
658 uint8_t *row;
659 VncDisplay *vd = vs->vd;
660
661 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
662 for (i = 0; i < h; i++) {
663 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
664 row += ds_get_linesize(vs->ds);
665 }
666 return 1;
667 }
668
669 static int send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
670 {
671 int n = 0;
672
673 switch(vs->vnc_encoding) {
674 case VNC_ENCODING_ZLIB:
675 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
676 break;
677 case VNC_ENCODING_HEXTILE:
678 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
679 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
680 break;
681 default:
682 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
683 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
684 break;
685 }
686 return n;
687 }
688
689 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
690 {
691 /* send bitblit op to the vnc client */
692 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
693 vnc_write_u8(vs, 0);
694 vnc_write_u16(vs, 1); /* number of rects */
695 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
696 vnc_write_u16(vs, src_x);
697 vnc_write_u16(vs, src_y);
698 vnc_flush(vs);
699 }
700
701 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
702 {
703 VncDisplay *vd = ds->opaque;
704 VncState *vs, *vn;
705 uint8_t *src_row;
706 uint8_t *dst_row;
707 int i,x,y,pitch,depth,inc,w_lim,s;
708 int cmp_bytes;
709
710 vnc_refresh_server_surface(vd);
711 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
712 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
713 vs->force_update = 1;
714 vnc_update_client(vs, 1);
715 /* vs might be free()ed here */
716 }
717 }
718
719 /* do bitblit op on the local surface too */
720 pitch = ds_get_linesize(vd->ds);
721 depth = ds_get_bytes_per_pixel(vd->ds);
722 src_row = vd->server->data + pitch * src_y + depth * src_x;
723 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
724 y = dst_y;
725 inc = 1;
726 if (dst_y > src_y) {
727 /* copy backwards */
728 src_row += pitch * (h-1);
729 dst_row += pitch * (h-1);
730 pitch = -pitch;
731 y = dst_y + h - 1;
732 inc = -1;
733 }
734 w_lim = w - (16 - (dst_x % 16));
735 if (w_lim < 0)
736 w_lim = w;
737 else
738 w_lim = w - (w_lim % 16);
739 for (i = 0; i < h; i++) {
740 for (x = 0; x <= w_lim;
741 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
742 if (x == w_lim) {
743 if ((s = w - w_lim) == 0)
744 break;
745 } else if (!x) {
746 s = (16 - (dst_x % 16));
747 s = MIN(s, w_lim);
748 } else {
749 s = 16;
750 }
751 cmp_bytes = s * depth;
752 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
753 continue;
754 memmove(dst_row, src_row, cmp_bytes);
755 QTAILQ_FOREACH(vs, &vd->clients, next) {
756 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
757 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
758 }
759 }
760 }
761 src_row += pitch - w * depth;
762 dst_row += pitch - w * depth;
763 y += inc;
764 }
765
766 QTAILQ_FOREACH(vs, &vd->clients, next) {
767 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
768 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
769 }
770 }
771 }
772
773 static void vnc_mouse_set(int x, int y, int visible)
774 {
775 /* can we ask the client(s) to move the pointer ??? */
776 }
777
778 static int vnc_cursor_define(VncState *vs)
779 {
780 QEMUCursor *c = vs->vd->cursor;
781 PixelFormat pf = qemu_default_pixelformat(32);
782 int isize;
783
784 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
785 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
786 vnc_write_u8(vs, 0); /* padding */
787 vnc_write_u16(vs, 1); /* # of rects */
788 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
789 VNC_ENCODING_RICH_CURSOR);
790 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
791 vnc_write_pixels_generic(vs, &pf, c->data, isize);
792 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
793 return 0;
794 }
795 return -1;
796 }
797
798 static void vnc_dpy_cursor_define(QEMUCursor *c)
799 {
800 VncDisplay *vd = vnc_display;
801 VncState *vs;
802
803 cursor_put(vd->cursor);
804 qemu_free(vd->cursor_mask);
805
806 vd->cursor = c;
807 cursor_get(vd->cursor);
808 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
809 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
810 cursor_get_mono_mask(c, 0, vd->cursor_mask);
811
812 QTAILQ_FOREACH(vs, &vd->clients, next) {
813 vnc_cursor_define(vs);
814 }
815 }
816
817 static int find_and_clear_dirty_height(struct VncState *vs,
818 int y, int last_x, int x)
819 {
820 int h;
821 VncDisplay *vd = vs->vd;
822
823 for (h = 1; h < (vd->server->height - y); h++) {
824 int tmp_x;
825 if (!vnc_get_bit(vs->dirty[y + h], last_x))
826 break;
827 for (tmp_x = last_x; tmp_x < x; tmp_x++)
828 vnc_clear_bit(vs->dirty[y + h], tmp_x);
829 }
830
831 return h;
832 }
833
834 static int vnc_update_client(VncState *vs, int has_dirty)
835 {
836 if (vs->need_update && vs->csock != -1) {
837 VncDisplay *vd = vs->vd;
838 int y;
839 int n_rectangles;
840 int saved_offset;
841 int n;
842
843 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
844 /* kernel send buffers are full -> drop frames to throttle */
845 return 0;
846
847 if (!has_dirty && !vs->audio_cap && !vs->force_update)
848 return 0;
849
850 /*
851 * Send screen updates to the vnc client using the server
852 * surface and server dirty map. guest surface updates
853 * happening in parallel don't disturb us, the next pass will
854 * send them to the client.
855 */
856 n_rectangles = 0;
857 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
858 vnc_write_u8(vs, 0);
859 saved_offset = vs->output.offset;
860 vnc_write_u16(vs, 0);
861
862 for (y = 0; y < vd->server->height; y++) {
863 int x;
864 int last_x = -1;
865 for (x = 0; x < vd->server->width / 16; x++) {
866 if (vnc_get_bit(vs->dirty[y], x)) {
867 if (last_x == -1) {
868 last_x = x;
869 }
870 vnc_clear_bit(vs->dirty[y], x);
871 } else {
872 if (last_x != -1) {
873 int h = find_and_clear_dirty_height(vs, y, last_x, x);
874 n = send_framebuffer_update(vs, last_x * 16, y,
875 (x - last_x) * 16, h);
876 n_rectangles += n;
877 }
878 last_x = -1;
879 }
880 }
881 if (last_x != -1) {
882 int h = find_and_clear_dirty_height(vs, y, last_x, x);
883 n = send_framebuffer_update(vs, last_x * 16, y,
884 (x - last_x) * 16, h);
885 n_rectangles += n;
886 }
887 }
888 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
889 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
890 vnc_flush(vs);
891 vs->force_update = 0;
892 return n_rectangles;
893 }
894
895 if (vs->csock == -1)
896 vnc_disconnect_finish(vs);
897
898 return 0;
899 }
900
901 /* audio */
902 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
903 {
904 VncState *vs = opaque;
905
906 switch (cmd) {
907 case AUD_CNOTIFY_DISABLE:
908 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
909 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
910 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
911 vnc_flush(vs);
912 break;
913
914 case AUD_CNOTIFY_ENABLE:
915 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
916 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
917 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
918 vnc_flush(vs);
919 break;
920 }
921 }
922
923 static void audio_capture_destroy(void *opaque)
924 {
925 }
926
927 static void audio_capture(void *opaque, void *buf, int size)
928 {
929 VncState *vs = opaque;
930
931 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
932 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
933 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
934 vnc_write_u32(vs, size);
935 vnc_write(vs, buf, size);
936 vnc_flush(vs);
937 }
938
939 static void audio_add(VncState *vs)
940 {
941 struct audio_capture_ops ops;
942
943 if (vs->audio_cap) {
944 monitor_printf(default_mon, "audio already running\n");
945 return;
946 }
947
948 ops.notify = audio_capture_notify;
949 ops.destroy = audio_capture_destroy;
950 ops.capture = audio_capture;
951
952 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
953 if (!vs->audio_cap) {
954 monitor_printf(default_mon, "Failed to add audio capture\n");
955 }
956 }
957
958 static void audio_del(VncState *vs)
959 {
960 if (vs->audio_cap) {
961 AUD_del_capture(vs->audio_cap, vs);
962 vs->audio_cap = NULL;
963 }
964 }
965
966 static void vnc_disconnect_start(VncState *vs)
967 {
968 if (vs->csock == -1)
969 return;
970 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
971 closesocket(vs->csock);
972 vs->csock = -1;
973 }
974
975 static void vnc_disconnect_finish(VncState *vs)
976 {
977 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
978
979 buffer_free(&vs->input);
980 buffer_free(&vs->output);
981
982 qobject_decref(vs->info);
983
984 vnc_zlib_clear(vs);
985
986 #ifdef CONFIG_VNC_TLS
987 vnc_tls_client_cleanup(vs);
988 #endif /* CONFIG_VNC_TLS */
989 #ifdef CONFIG_VNC_SASL
990 vnc_sasl_client_cleanup(vs);
991 #endif /* CONFIG_VNC_SASL */
992 audio_del(vs);
993
994 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
995
996 if (QTAILQ_EMPTY(&vs->vd->clients)) {
997 dcl->idle = 1;
998 }
999
1000 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1001 vnc_remove_timer(vs->vd);
1002 if (vs->vd->lock_key_sync)
1003 qemu_remove_led_event_handler(vs->led);
1004 qemu_free(vs);
1005 }
1006
1007 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1008 {
1009 if (ret == 0 || ret == -1) {
1010 if (ret == -1) {
1011 switch (last_errno) {
1012 case EINTR:
1013 case EAGAIN:
1014 #ifdef _WIN32
1015 case WSAEWOULDBLOCK:
1016 #endif
1017 return 0;
1018 default:
1019 break;
1020 }
1021 }
1022
1023 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1024 ret, ret < 0 ? last_errno : 0);
1025 vnc_disconnect_start(vs);
1026
1027 return 0;
1028 }
1029 return ret;
1030 }
1031
1032
1033 void vnc_client_error(VncState *vs)
1034 {
1035 VNC_DEBUG("Closing down client sock: protocol error\n");
1036 vnc_disconnect_start(vs);
1037 }
1038
1039
1040 /*
1041 * Called to write a chunk of data to the client socket. The data may
1042 * be the raw data, or may have already been encoded by SASL.
1043 * The data will be written either straight onto the socket, or
1044 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1045 *
1046 * NB, it is theoretically possible to have 2 layers of encryption,
1047 * both SASL, and this TLS layer. It is highly unlikely in practice
1048 * though, since SASL encryption will typically be a no-op if TLS
1049 * is active
1050 *
1051 * Returns the number of bytes written, which may be less than
1052 * the requested 'datalen' if the socket would block. Returns
1053 * -1 on error, and disconnects the client socket.
1054 */
1055 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1056 {
1057 long ret;
1058 #ifdef CONFIG_VNC_TLS
1059 if (vs->tls.session) {
1060 ret = gnutls_write(vs->tls.session, data, datalen);
1061 if (ret < 0) {
1062 if (ret == GNUTLS_E_AGAIN)
1063 errno = EAGAIN;
1064 else
1065 errno = EIO;
1066 ret = -1;
1067 }
1068 } else
1069 #endif /* CONFIG_VNC_TLS */
1070 ret = send(vs->csock, (const void *)data, datalen, 0);
1071 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1072 return vnc_client_io_error(vs, ret, socket_error());
1073 }
1074
1075
1076 /*
1077 * Called to write buffered data to the client socket, when not
1078 * using any SASL SSF encryption layers. Will write as much data
1079 * as possible without blocking. If all buffered data is written,
1080 * will switch the FD poll() handler back to read monitoring.
1081 *
1082 * Returns the number of bytes written, which may be less than
1083 * the buffered output data if the socket would block. Returns
1084 * -1 on error, and disconnects the client socket.
1085 */
1086 static long vnc_client_write_plain(VncState *vs)
1087 {
1088 long ret;
1089
1090 #ifdef CONFIG_VNC_SASL
1091 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1092 vs->output.buffer, vs->output.capacity, vs->output.offset,
1093 vs->sasl.waitWriteSSF);
1094
1095 if (vs->sasl.conn &&
1096 vs->sasl.runSSF &&
1097 vs->sasl.waitWriteSSF) {
1098 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1099 if (ret)
1100 vs->sasl.waitWriteSSF -= ret;
1101 } else
1102 #endif /* CONFIG_VNC_SASL */
1103 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1104 if (!ret)
1105 return 0;
1106
1107 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1108 vs->output.offset -= ret;
1109
1110 if (vs->output.offset == 0) {
1111 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1112 }
1113
1114 return ret;
1115 }
1116
1117
1118 /*
1119 * First function called whenever there is data to be written to
1120 * the client socket. Will delegate actual work according to whether
1121 * SASL SSF layers are enabled (thus requiring encryption calls)
1122 */
1123 void vnc_client_write(void *opaque)
1124 {
1125 VncState *vs = opaque;
1126
1127 #ifdef CONFIG_VNC_SASL
1128 if (vs->sasl.conn &&
1129 vs->sasl.runSSF &&
1130 !vs->sasl.waitWriteSSF) {
1131 vnc_client_write_sasl(vs);
1132 } else
1133 #endif /* CONFIG_VNC_SASL */
1134 vnc_client_write_plain(vs);
1135 }
1136
1137 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1138 {
1139 vs->read_handler = func;
1140 vs->read_handler_expect = expecting;
1141 }
1142
1143
1144 /*
1145 * Called to read a chunk of data from the client socket. The data may
1146 * be the raw data, or may need to be further decoded by SASL.
1147 * The data will be read either straight from to the socket, or
1148 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1149 *
1150 * NB, it is theoretically possible to have 2 layers of encryption,
1151 * both SASL, and this TLS layer. It is highly unlikely in practice
1152 * though, since SASL encryption will typically be a no-op if TLS
1153 * is active
1154 *
1155 * Returns the number of bytes read, which may be less than
1156 * the requested 'datalen' if the socket would block. Returns
1157 * -1 on error, and disconnects the client socket.
1158 */
1159 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1160 {
1161 long ret;
1162 #ifdef CONFIG_VNC_TLS
1163 if (vs->tls.session) {
1164 ret = gnutls_read(vs->tls.session, data, datalen);
1165 if (ret < 0) {
1166 if (ret == GNUTLS_E_AGAIN)
1167 errno = EAGAIN;
1168 else
1169 errno = EIO;
1170 ret = -1;
1171 }
1172 } else
1173 #endif /* CONFIG_VNC_TLS */
1174 ret = recv(vs->csock, (void *)data, datalen, 0);
1175 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1176 return vnc_client_io_error(vs, ret, socket_error());
1177 }
1178
1179
1180 /*
1181 * Called to read data from the client socket to the input buffer,
1182 * when not using any SASL SSF encryption layers. Will read as much
1183 * data as possible without blocking.
1184 *
1185 * Returns the number of bytes read. Returns -1 on error, and
1186 * disconnects the client socket.
1187 */
1188 static long vnc_client_read_plain(VncState *vs)
1189 {
1190 int ret;
1191 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1192 vs->input.buffer, vs->input.capacity, vs->input.offset);
1193 buffer_reserve(&vs->input, 4096);
1194 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1195 if (!ret)
1196 return 0;
1197 vs->input.offset += ret;
1198 return ret;
1199 }
1200
1201
1202 /*
1203 * First function called whenever there is more data to be read from
1204 * the client socket. Will delegate actual work according to whether
1205 * SASL SSF layers are enabled (thus requiring decryption calls)
1206 */
1207 void vnc_client_read(void *opaque)
1208 {
1209 VncState *vs = opaque;
1210 long ret;
1211
1212 #ifdef CONFIG_VNC_SASL
1213 if (vs->sasl.conn && vs->sasl.runSSF)
1214 ret = vnc_client_read_sasl(vs);
1215 else
1216 #endif /* CONFIG_VNC_SASL */
1217 ret = vnc_client_read_plain(vs);
1218 if (!ret) {
1219 if (vs->csock == -1)
1220 vnc_disconnect_finish(vs);
1221 return;
1222 }
1223
1224 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1225 size_t len = vs->read_handler_expect;
1226 int ret;
1227
1228 ret = vs->read_handler(vs, vs->input.buffer, len);
1229 if (vs->csock == -1) {
1230 vnc_disconnect_finish(vs);
1231 return;
1232 }
1233
1234 if (!ret) {
1235 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1236 vs->input.offset -= len;
1237 } else {
1238 vs->read_handler_expect = ret;
1239 }
1240 }
1241 }
1242
1243 void vnc_write(VncState *vs, const void *data, size_t len)
1244 {
1245 buffer_reserve(&vs->output, len);
1246
1247 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1248 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1249 }
1250
1251 buffer_append(&vs->output, data, len);
1252 }
1253
1254 void vnc_write_s32(VncState *vs, int32_t value)
1255 {
1256 vnc_write_u32(vs, *(uint32_t *)&value);
1257 }
1258
1259 void vnc_write_u32(VncState *vs, uint32_t value)
1260 {
1261 uint8_t buf[4];
1262
1263 buf[0] = (value >> 24) & 0xFF;
1264 buf[1] = (value >> 16) & 0xFF;
1265 buf[2] = (value >> 8) & 0xFF;
1266 buf[3] = value & 0xFF;
1267
1268 vnc_write(vs, buf, 4);
1269 }
1270
1271 void vnc_write_u16(VncState *vs, uint16_t value)
1272 {
1273 uint8_t buf[2];
1274
1275 buf[0] = (value >> 8) & 0xFF;
1276 buf[1] = value & 0xFF;
1277
1278 vnc_write(vs, buf, 2);
1279 }
1280
1281 void vnc_write_u8(VncState *vs, uint8_t value)
1282 {
1283 vnc_write(vs, (char *)&value, 1);
1284 }
1285
1286 void vnc_flush(VncState *vs)
1287 {
1288 if (vs->csock != -1 && vs->output.offset)
1289 vnc_client_write(vs);
1290 }
1291
1292 uint8_t read_u8(uint8_t *data, size_t offset)
1293 {
1294 return data[offset];
1295 }
1296
1297 uint16_t read_u16(uint8_t *data, size_t offset)
1298 {
1299 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1300 }
1301
1302 int32_t read_s32(uint8_t *data, size_t offset)
1303 {
1304 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1305 (data[offset + 2] << 8) | data[offset + 3]);
1306 }
1307
1308 uint32_t read_u32(uint8_t *data, size_t offset)
1309 {
1310 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1311 (data[offset + 2] << 8) | data[offset + 3]);
1312 }
1313
1314 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1315 {
1316 }
1317
1318 static void check_pointer_type_change(Notifier *notifier)
1319 {
1320 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1321 int absolute = kbd_mouse_is_absolute();
1322
1323 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1324 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1325 vnc_write_u8(vs, 0);
1326 vnc_write_u16(vs, 1);
1327 vnc_framebuffer_update(vs, absolute, 0,
1328 ds_get_width(vs->ds), ds_get_height(vs->ds),
1329 VNC_ENCODING_POINTER_TYPE_CHANGE);
1330 vnc_flush(vs);
1331 }
1332 vs->absolute = absolute;
1333 }
1334
1335 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1336 {
1337 int buttons = 0;
1338 int dz = 0;
1339
1340 if (button_mask & 0x01)
1341 buttons |= MOUSE_EVENT_LBUTTON;
1342 if (button_mask & 0x02)
1343 buttons |= MOUSE_EVENT_MBUTTON;
1344 if (button_mask & 0x04)
1345 buttons |= MOUSE_EVENT_RBUTTON;
1346 if (button_mask & 0x08)
1347 dz = -1;
1348 if (button_mask & 0x10)
1349 dz = 1;
1350
1351 if (vs->absolute) {
1352 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1353 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1354 ds_get_height(vs->ds) > 1 ?
1355 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1356 dz, buttons);
1357 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1358 x -= 0x7FFF;
1359 y -= 0x7FFF;
1360
1361 kbd_mouse_event(x, y, dz, buttons);
1362 } else {
1363 if (vs->last_x != -1)
1364 kbd_mouse_event(x - vs->last_x,
1365 y - vs->last_y,
1366 dz, buttons);
1367 vs->last_x = x;
1368 vs->last_y = y;
1369 }
1370 }
1371
1372 static void reset_keys(VncState *vs)
1373 {
1374 int i;
1375 for(i = 0; i < 256; i++) {
1376 if (vs->modifiers_state[i]) {
1377 if (i & SCANCODE_GREY)
1378 kbd_put_keycode(SCANCODE_EMUL0);
1379 kbd_put_keycode(i | SCANCODE_UP);
1380 vs->modifiers_state[i] = 0;
1381 }
1382 }
1383 }
1384
1385 static void press_key(VncState *vs, int keysym)
1386 {
1387 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1388 if (keycode & SCANCODE_GREY)
1389 kbd_put_keycode(SCANCODE_EMUL0);
1390 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1391 if (keycode & SCANCODE_GREY)
1392 kbd_put_keycode(SCANCODE_EMUL0);
1393 kbd_put_keycode(keycode | SCANCODE_UP);
1394 }
1395
1396 static void kbd_leds(void *opaque, int ledstate)
1397 {
1398 VncState *vs = opaque;
1399 int caps, num;
1400
1401 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1402 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1403
1404 if (vs->modifiers_state[0x3a] != caps) {
1405 vs->modifiers_state[0x3a] = caps;
1406 }
1407 if (vs->modifiers_state[0x45] != num) {
1408 vs->modifiers_state[0x45] = num;
1409 }
1410 }
1411
1412 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1413 {
1414 /* QEMU console switch */
1415 switch(keycode) {
1416 case 0x2a: /* Left Shift */
1417 case 0x36: /* Right Shift */
1418 case 0x1d: /* Left CTRL */
1419 case 0x9d: /* Right CTRL */
1420 case 0x38: /* Left ALT */
1421 case 0xb8: /* Right ALT */
1422 if (down)
1423 vs->modifiers_state[keycode] = 1;
1424 else
1425 vs->modifiers_state[keycode] = 0;
1426 break;
1427 case 0x02 ... 0x0a: /* '1' to '9' keys */
1428 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1429 /* Reset the modifiers sent to the current console */
1430 reset_keys(vs);
1431 console_select(keycode - 0x02);
1432 return;
1433 }
1434 break;
1435 case 0x3a: /* CapsLock */
1436 case 0x45: /* NumLock */
1437 if (down)
1438 vs->modifiers_state[keycode] ^= 1;
1439 break;
1440 }
1441
1442 if (vs->vd->lock_key_sync &&
1443 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1444 /* If the numlock state needs to change then simulate an additional
1445 keypress before sending this one. This will happen if the user
1446 toggles numlock away from the VNC window.
1447 */
1448 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1449 if (!vs->modifiers_state[0x45]) {
1450 vs->modifiers_state[0x45] = 1;
1451 press_key(vs, 0xff7f);
1452 }
1453 } else {
1454 if (vs->modifiers_state[0x45]) {
1455 vs->modifiers_state[0x45] = 0;
1456 press_key(vs, 0xff7f);
1457 }
1458 }
1459 }
1460
1461 if (vs->vd->lock_key_sync &&
1462 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1463 /* If the capslock state needs to change then simulate an additional
1464 keypress before sending this one. This will happen if the user
1465 toggles capslock away from the VNC window.
1466 */
1467 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1468 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1469 int capslock = !!(vs->modifiers_state[0x3a]);
1470 if (capslock) {
1471 if (uppercase == shift) {
1472 vs->modifiers_state[0x3a] = 0;
1473 press_key(vs, 0xffe5);
1474 }
1475 } else {
1476 if (uppercase != shift) {
1477 vs->modifiers_state[0x3a] = 1;
1478 press_key(vs, 0xffe5);
1479 }
1480 }
1481 }
1482
1483 if (is_graphic_console()) {
1484 if (keycode & SCANCODE_GREY)
1485 kbd_put_keycode(SCANCODE_EMUL0);
1486 if (down)
1487 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1488 else
1489 kbd_put_keycode(keycode | SCANCODE_UP);
1490 } else {
1491 /* QEMU console emulation */
1492 if (down) {
1493 int numlock = vs->modifiers_state[0x45];
1494 switch (keycode) {
1495 case 0x2a: /* Left Shift */
1496 case 0x36: /* Right Shift */
1497 case 0x1d: /* Left CTRL */
1498 case 0x9d: /* Right CTRL */
1499 case 0x38: /* Left ALT */
1500 case 0xb8: /* Right ALT */
1501 break;
1502 case 0xc8:
1503 kbd_put_keysym(QEMU_KEY_UP);
1504 break;
1505 case 0xd0:
1506 kbd_put_keysym(QEMU_KEY_DOWN);
1507 break;
1508 case 0xcb:
1509 kbd_put_keysym(QEMU_KEY_LEFT);
1510 break;
1511 case 0xcd:
1512 kbd_put_keysym(QEMU_KEY_RIGHT);
1513 break;
1514 case 0xd3:
1515 kbd_put_keysym(QEMU_KEY_DELETE);
1516 break;
1517 case 0xc7:
1518 kbd_put_keysym(QEMU_KEY_HOME);
1519 break;
1520 case 0xcf:
1521 kbd_put_keysym(QEMU_KEY_END);
1522 break;
1523 case 0xc9:
1524 kbd_put_keysym(QEMU_KEY_PAGEUP);
1525 break;
1526 case 0xd1:
1527 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1528 break;
1529
1530 case 0x47:
1531 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1532 break;
1533 case 0x48:
1534 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1535 break;
1536 case 0x49:
1537 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1538 break;
1539 case 0x4b:
1540 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1541 break;
1542 case 0x4c:
1543 kbd_put_keysym('5');
1544 break;
1545 case 0x4d:
1546 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1547 break;
1548 case 0x4f:
1549 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1550 break;
1551 case 0x50:
1552 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1553 break;
1554 case 0x51:
1555 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1556 break;
1557 case 0x52:
1558 kbd_put_keysym('0');
1559 break;
1560 case 0x53:
1561 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1562 break;
1563
1564 case 0xb5:
1565 kbd_put_keysym('/');
1566 break;
1567 case 0x37:
1568 kbd_put_keysym('*');
1569 break;
1570 case 0x4a:
1571 kbd_put_keysym('-');
1572 break;
1573 case 0x4e:
1574 kbd_put_keysym('+');
1575 break;
1576 case 0x9c:
1577 kbd_put_keysym('\n');
1578 break;
1579
1580 default:
1581 kbd_put_keysym(sym);
1582 break;
1583 }
1584 }
1585 }
1586 }
1587
1588 static void key_event(VncState *vs, int down, uint32_t sym)
1589 {
1590 int keycode;
1591 int lsym = sym;
1592
1593 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1594 lsym = lsym - 'A' + 'a';
1595 }
1596
1597 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1598 do_key_event(vs, down, keycode, sym);
1599 }
1600
1601 static void ext_key_event(VncState *vs, int down,
1602 uint32_t sym, uint16_t keycode)
1603 {
1604 /* if the user specifies a keyboard layout, always use it */
1605 if (keyboard_layout)
1606 key_event(vs, down, sym);
1607 else
1608 do_key_event(vs, down, keycode, sym);
1609 }
1610
1611 static void framebuffer_update_request(VncState *vs, int incremental,
1612 int x_position, int y_position,
1613 int w, int h)
1614 {
1615 if (y_position > ds_get_height(vs->ds))
1616 y_position = ds_get_height(vs->ds);
1617 if (y_position + h >= ds_get_height(vs->ds))
1618 h = ds_get_height(vs->ds) - y_position;
1619
1620 int i;
1621 vs->need_update = 1;
1622 if (!incremental) {
1623 vs->force_update = 1;
1624 for (i = 0; i < h; i++) {
1625 vnc_set_bits(vs->dirty[y_position + i],
1626 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1627 }
1628 }
1629 }
1630
1631 static void send_ext_key_event_ack(VncState *vs)
1632 {
1633 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1634 vnc_write_u8(vs, 0);
1635 vnc_write_u16(vs, 1);
1636 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1637 VNC_ENCODING_EXT_KEY_EVENT);
1638 vnc_flush(vs);
1639 }
1640
1641 static void send_ext_audio_ack(VncState *vs)
1642 {
1643 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1644 vnc_write_u8(vs, 0);
1645 vnc_write_u16(vs, 1);
1646 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1647 VNC_ENCODING_AUDIO);
1648 vnc_flush(vs);
1649 }
1650
1651 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1652 {
1653 int i;
1654 unsigned int enc = 0;
1655
1656 vs->features = 0;
1657 vs->vnc_encoding = 0;
1658 vs->tight_compression = 9;
1659 vs->tight_quality = 9;
1660 vs->absolute = -1;
1661
1662 /*
1663 * Start from the end because the encodings are sent in order of preference.
1664 * This way the prefered encoding (first encoding defined in the array)
1665 * will be set at the end of the loop.
1666 */
1667 for (i = n_encodings - 1; i >= 0; i--) {
1668 enc = encodings[i];
1669 switch (enc) {
1670 case VNC_ENCODING_RAW:
1671 vs->vnc_encoding = enc;
1672 break;
1673 case VNC_ENCODING_COPYRECT:
1674 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1675 break;
1676 case VNC_ENCODING_HEXTILE:
1677 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1678 vs->vnc_encoding = enc;
1679 break;
1680 case VNC_ENCODING_ZLIB:
1681 vs->features |= VNC_FEATURE_ZLIB_MASK;
1682 vs->vnc_encoding = enc;
1683 break;
1684 case VNC_ENCODING_DESKTOPRESIZE:
1685 vs->features |= VNC_FEATURE_RESIZE_MASK;
1686 break;
1687 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1688 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1689 break;
1690 case VNC_ENCODING_RICH_CURSOR:
1691 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1692 break;
1693 case VNC_ENCODING_EXT_KEY_EVENT:
1694 send_ext_key_event_ack(vs);
1695 break;
1696 case VNC_ENCODING_AUDIO:
1697 send_ext_audio_ack(vs);
1698 break;
1699 case VNC_ENCODING_WMVi:
1700 vs->features |= VNC_FEATURE_WMVI_MASK;
1701 break;
1702 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1703 vs->tight_compression = (enc & 0x0F);
1704 break;
1705 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1706 vs->tight_quality = (enc & 0x0F);
1707 break;
1708 default:
1709 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1710 break;
1711 }
1712 }
1713 check_pointer_type_change(&vs->mouse_mode_notifier);
1714 }
1715
1716 static void set_pixel_conversion(VncState *vs)
1717 {
1718 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1719 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1720 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1721 vs->write_pixels = vnc_write_pixels_copy;
1722 vnc_hextile_set_pixel_conversion(vs, 0);
1723 } else {
1724 vs->write_pixels = vnc_write_pixels_generic;
1725 vnc_hextile_set_pixel_conversion(vs, 1);
1726 }
1727 }
1728
1729 static void set_pixel_format(VncState *vs,
1730 int bits_per_pixel, int depth,
1731 int big_endian_flag, int true_color_flag,
1732 int red_max, int green_max, int blue_max,
1733 int red_shift, int green_shift, int blue_shift)
1734 {
1735 if (!true_color_flag) {
1736 vnc_client_error(vs);
1737 return;
1738 }
1739
1740 vs->clientds = *(vs->vd->guest.ds);
1741 vs->clientds.pf.rmax = red_max;
1742 count_bits(vs->clientds.pf.rbits, red_max);
1743 vs->clientds.pf.rshift = red_shift;
1744 vs->clientds.pf.rmask = red_max << red_shift;
1745 vs->clientds.pf.gmax = green_max;
1746 count_bits(vs->clientds.pf.gbits, green_max);
1747 vs->clientds.pf.gshift = green_shift;
1748 vs->clientds.pf.gmask = green_max << green_shift;
1749 vs->clientds.pf.bmax = blue_max;
1750 count_bits(vs->clientds.pf.bbits, blue_max);
1751 vs->clientds.pf.bshift = blue_shift;
1752 vs->clientds.pf.bmask = blue_max << blue_shift;
1753 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1754 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1755 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1756 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1757
1758 set_pixel_conversion(vs);
1759
1760 vga_hw_invalidate();
1761 vga_hw_update();
1762 }
1763
1764 static void pixel_format_message (VncState *vs) {
1765 char pad[3] = { 0, 0, 0 };
1766
1767 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1768 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1769
1770 #ifdef HOST_WORDS_BIGENDIAN
1771 vnc_write_u8(vs, 1); /* big-endian-flag */
1772 #else
1773 vnc_write_u8(vs, 0); /* big-endian-flag */
1774 #endif
1775 vnc_write_u8(vs, 1); /* true-color-flag */
1776 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1777 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1778 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1779 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1780 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1781 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1782
1783 vnc_hextile_set_pixel_conversion(vs, 0);
1784
1785 vs->clientds = *(vs->ds->surface);
1786 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1787 vs->write_pixels = vnc_write_pixels_copy;
1788
1789 vnc_write(vs, pad, 3); /* padding */
1790 }
1791
1792 static void vnc_dpy_setdata(DisplayState *ds)
1793 {
1794 /* We don't have to do anything */
1795 }
1796
1797 static void vnc_colordepth(VncState *vs)
1798 {
1799 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1800 /* Sending a WMVi message to notify the client*/
1801 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1802 vnc_write_u8(vs, 0);
1803 vnc_write_u16(vs, 1); /* number of rects */
1804 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1805 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1806 pixel_format_message(vs);
1807 vnc_flush(vs);
1808 } else {
1809 set_pixel_conversion(vs);
1810 }
1811 }
1812
1813 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1814 {
1815 int i;
1816 uint16_t limit;
1817 VncDisplay *vd = vs->vd;
1818
1819 if (data[0] > 3) {
1820 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1821 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1822 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1823 }
1824
1825 switch (data[0]) {
1826 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1827 if (len == 1)
1828 return 20;
1829
1830 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1831 read_u8(data, 6), read_u8(data, 7),
1832 read_u16(data, 8), read_u16(data, 10),
1833 read_u16(data, 12), read_u8(data, 14),
1834 read_u8(data, 15), read_u8(data, 16));
1835 break;
1836 case VNC_MSG_CLIENT_SET_ENCODINGS:
1837 if (len == 1)
1838 return 4;
1839
1840 if (len == 4) {
1841 limit = read_u16(data, 2);
1842 if (limit > 0)
1843 return 4 + (limit * 4);
1844 } else
1845 limit = read_u16(data, 2);
1846
1847 for (i = 0; i < limit; i++) {
1848 int32_t val = read_s32(data, 4 + (i * 4));
1849 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1850 }
1851
1852 set_encodings(vs, (int32_t *)(data + 4), limit);
1853 break;
1854 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1855 if (len == 1)
1856 return 10;
1857
1858 framebuffer_update_request(vs,
1859 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1860 read_u16(data, 6), read_u16(data, 8));
1861 break;
1862 case VNC_MSG_CLIENT_KEY_EVENT:
1863 if (len == 1)
1864 return 8;
1865
1866 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1867 break;
1868 case VNC_MSG_CLIENT_POINTER_EVENT:
1869 if (len == 1)
1870 return 6;
1871
1872 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1873 break;
1874 case VNC_MSG_CLIENT_CUT_TEXT:
1875 if (len == 1)
1876 return 8;
1877
1878 if (len == 8) {
1879 uint32_t dlen = read_u32(data, 4);
1880 if (dlen > 0)
1881 return 8 + dlen;
1882 }
1883
1884 client_cut_text(vs, read_u32(data, 4), data + 8);
1885 break;
1886 case VNC_MSG_CLIENT_QEMU:
1887 if (len == 1)
1888 return 2;
1889
1890 switch (read_u8(data, 1)) {
1891 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1892 if (len == 2)
1893 return 12;
1894
1895 ext_key_event(vs, read_u16(data, 2),
1896 read_u32(data, 4), read_u32(data, 8));
1897 break;
1898 case VNC_MSG_CLIENT_QEMU_AUDIO:
1899 if (len == 2)
1900 return 4;
1901
1902 switch (read_u16 (data, 2)) {
1903 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1904 audio_add(vs);
1905 break;
1906 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1907 audio_del(vs);
1908 break;
1909 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1910 if (len == 4)
1911 return 10;
1912 switch (read_u8(data, 4)) {
1913 case 0: vs->as.fmt = AUD_FMT_U8; break;
1914 case 1: vs->as.fmt = AUD_FMT_S8; break;
1915 case 2: vs->as.fmt = AUD_FMT_U16; break;
1916 case 3: vs->as.fmt = AUD_FMT_S16; break;
1917 case 4: vs->as.fmt = AUD_FMT_U32; break;
1918 case 5: vs->as.fmt = AUD_FMT_S32; break;
1919 default:
1920 printf("Invalid audio format %d\n", read_u8(data, 4));
1921 vnc_client_error(vs);
1922 break;
1923 }
1924 vs->as.nchannels = read_u8(data, 5);
1925 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1926 printf("Invalid audio channel coount %d\n",
1927 read_u8(data, 5));
1928 vnc_client_error(vs);
1929 break;
1930 }
1931 vs->as.freq = read_u32(data, 6);
1932 break;
1933 default:
1934 printf ("Invalid audio message %d\n", read_u8(data, 4));
1935 vnc_client_error(vs);
1936 break;
1937 }
1938 break;
1939
1940 default:
1941 printf("Msg: %d\n", read_u16(data, 0));
1942 vnc_client_error(vs);
1943 break;
1944 }
1945 break;
1946 default:
1947 printf("Msg: %d\n", data[0]);
1948 vnc_client_error(vs);
1949 break;
1950 }
1951
1952 vnc_read_when(vs, protocol_client_msg, 1);
1953 return 0;
1954 }
1955
1956 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1957 {
1958 char buf[1024];
1959 int size;
1960
1961 vnc_write_u16(vs, ds_get_width(vs->ds));
1962 vnc_write_u16(vs, ds_get_height(vs->ds));
1963
1964 pixel_format_message(vs);
1965
1966 if (qemu_name)
1967 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1968 else
1969 size = snprintf(buf, sizeof(buf), "QEMU");
1970
1971 vnc_write_u32(vs, size);
1972 vnc_write(vs, buf, size);
1973 vnc_flush(vs);
1974
1975 vnc_client_cache_auth(vs);
1976 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
1977
1978 vnc_read_when(vs, protocol_client_msg, 1);
1979
1980 return 0;
1981 }
1982
1983 void start_client_init(VncState *vs)
1984 {
1985 vnc_read_when(vs, protocol_client_init, 1);
1986 }
1987
1988 static void make_challenge(VncState *vs)
1989 {
1990 int i;
1991
1992 srand(time(NULL)+getpid()+getpid()*987654+rand());
1993
1994 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1995 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1996 }
1997
1998 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1999 {
2000 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2001 int i, j, pwlen;
2002 unsigned char key[8];
2003
2004 if (!vs->vd->password || !vs->vd->password[0]) {
2005 VNC_DEBUG("No password configured on server");
2006 vnc_write_u32(vs, 1); /* Reject auth */
2007 if (vs->minor >= 8) {
2008 static const char err[] = "Authentication failed";
2009 vnc_write_u32(vs, sizeof(err));
2010 vnc_write(vs, err, sizeof(err));
2011 }
2012 vnc_flush(vs);
2013 vnc_client_error(vs);
2014 return 0;
2015 }
2016
2017 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2018
2019 /* Calculate the expected challenge response */
2020 pwlen = strlen(vs->vd->password);
2021 for (i=0; i<sizeof(key); i++)
2022 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2023 deskey(key, EN0);
2024 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2025 des(response+j, response+j);
2026
2027 /* Compare expected vs actual challenge response */
2028 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2029 VNC_DEBUG("Client challenge reponse did not match\n");
2030 vnc_write_u32(vs, 1); /* Reject auth */
2031 if (vs->minor >= 8) {
2032 static const char err[] = "Authentication failed";
2033 vnc_write_u32(vs, sizeof(err));
2034 vnc_write(vs, err, sizeof(err));
2035 }
2036 vnc_flush(vs);
2037 vnc_client_error(vs);
2038 } else {
2039 VNC_DEBUG("Accepting VNC challenge response\n");
2040 vnc_write_u32(vs, 0); /* Accept auth */
2041 vnc_flush(vs);
2042
2043 start_client_init(vs);
2044 }
2045 return 0;
2046 }
2047
2048 void start_auth_vnc(VncState *vs)
2049 {
2050 make_challenge(vs);
2051 /* Send client a 'random' challenge */
2052 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2053 vnc_flush(vs);
2054
2055 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2056 }
2057
2058
2059 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2060 {
2061 /* We only advertise 1 auth scheme at a time, so client
2062 * must pick the one we sent. Verify this */
2063 if (data[0] != vs->vd->auth) { /* Reject auth */
2064 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2065 vnc_write_u32(vs, 1);
2066 if (vs->minor >= 8) {
2067 static const char err[] = "Authentication failed";
2068 vnc_write_u32(vs, sizeof(err));
2069 vnc_write(vs, err, sizeof(err));
2070 }
2071 vnc_client_error(vs);
2072 } else { /* Accept requested auth */
2073 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2074 switch (vs->vd->auth) {
2075 case VNC_AUTH_NONE:
2076 VNC_DEBUG("Accept auth none\n");
2077 if (vs->minor >= 8) {
2078 vnc_write_u32(vs, 0); /* Accept auth completion */
2079 vnc_flush(vs);
2080 }
2081 start_client_init(vs);
2082 break;
2083
2084 case VNC_AUTH_VNC:
2085 VNC_DEBUG("Start VNC auth\n");
2086 start_auth_vnc(vs);
2087 break;
2088
2089 #ifdef CONFIG_VNC_TLS
2090 case VNC_AUTH_VENCRYPT:
2091 VNC_DEBUG("Accept VeNCrypt auth\n");;
2092 start_auth_vencrypt(vs);
2093 break;
2094 #endif /* CONFIG_VNC_TLS */
2095
2096 #ifdef CONFIG_VNC_SASL
2097 case VNC_AUTH_SASL:
2098 VNC_DEBUG("Accept SASL auth\n");
2099 start_auth_sasl(vs);
2100 break;
2101 #endif /* CONFIG_VNC_SASL */
2102
2103 default: /* Should not be possible, but just in case */
2104 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2105 vnc_write_u8(vs, 1);
2106 if (vs->minor >= 8) {
2107 static const char err[] = "Authentication failed";
2108 vnc_write_u32(vs, sizeof(err));
2109 vnc_write(vs, err, sizeof(err));
2110 }
2111 vnc_client_error(vs);
2112 }
2113 }
2114 return 0;
2115 }
2116
2117 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2118 {
2119 char local[13];
2120
2121 memcpy(local, version, 12);
2122 local[12] = 0;
2123
2124 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2125 VNC_DEBUG("Malformed protocol version %s\n", local);
2126 vnc_client_error(vs);
2127 return 0;
2128 }
2129 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2130 if (vs->major != 3 ||
2131 (vs->minor != 3 &&
2132 vs->minor != 4 &&
2133 vs->minor != 5 &&
2134 vs->minor != 7 &&
2135 vs->minor != 8)) {
2136 VNC_DEBUG("Unsupported client version\n");
2137 vnc_write_u32(vs, VNC_AUTH_INVALID);
2138 vnc_flush(vs);
2139 vnc_client_error(vs);
2140 return 0;
2141 }
2142 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2143 * as equivalent to v3.3 by servers
2144 */
2145 if (vs->minor == 4 || vs->minor == 5)
2146 vs->minor = 3;
2147
2148 if (vs->minor == 3) {
2149 if (vs->vd->auth == VNC_AUTH_NONE) {
2150 VNC_DEBUG("Tell client auth none\n");
2151 vnc_write_u32(vs, vs->vd->auth);
2152 vnc_flush(vs);
2153 start_client_init(vs);
2154 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2155 VNC_DEBUG("Tell client VNC auth\n");
2156 vnc_write_u32(vs, vs->vd->auth);
2157 vnc_flush(vs);
2158 start_auth_vnc(vs);
2159 } else {
2160 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2161 vnc_write_u32(vs, VNC_AUTH_INVALID);
2162 vnc_flush(vs);
2163 vnc_client_error(vs);
2164 }
2165 } else {
2166 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2167 vnc_write_u8(vs, 1); /* num auth */
2168 vnc_write_u8(vs, vs->vd->auth);
2169 vnc_read_when(vs, protocol_client_auth, 1);
2170 vnc_flush(vs);
2171 }
2172
2173 return 0;
2174 }
2175
2176 static int vnc_refresh_server_surface(VncDisplay *vd)
2177 {
2178 int y;
2179 uint8_t *guest_row;
2180 uint8_t *server_row;
2181 int cmp_bytes;
2182 uint32_t width_mask[VNC_DIRTY_WORDS];
2183 VncState *vs;
2184 int has_dirty = 0;
2185
2186 /*
2187 * Walk through the guest dirty map.
2188 * Check and copy modified bits from guest to server surface.
2189 * Update server dirty map.
2190 */
2191 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2192 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2193 guest_row = vd->guest.ds->data;
2194 server_row = vd->server->data;
2195 for (y = 0; y < vd->guest.ds->height; y++) {
2196 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2197 int x;
2198 uint8_t *guest_ptr;
2199 uint8_t *server_ptr;
2200
2201 guest_ptr = guest_row;
2202 server_ptr = server_row;
2203
2204 for (x = 0; x < vd->guest.ds->width;
2205 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2206 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2207 continue;
2208 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2209 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2210 continue;
2211 memcpy(server_ptr, guest_ptr, cmp_bytes);
2212 QTAILQ_FOREACH(vs, &vd->clients, next) {
2213 vnc_set_bit(vs->dirty[y], (x / 16));
2214 }
2215 has_dirty++;
2216 }
2217 }
2218 guest_row += ds_get_linesize(vd->ds);
2219 server_row += ds_get_linesize(vd->ds);
2220 }
2221 return has_dirty;
2222 }
2223
2224 static void vnc_refresh(void *opaque)
2225 {
2226 VncDisplay *vd = opaque;
2227 VncState *vs, *vn;
2228 int has_dirty, rects = 0;
2229
2230 vga_hw_update();
2231
2232 has_dirty = vnc_refresh_server_surface(vd);
2233
2234 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2235 rects += vnc_update_client(vs, has_dirty);
2236 /* vs might be free()ed here */
2237 }
2238 /* vd->timer could be NULL now if the last client disconnected,
2239 * in this case don't update the timer */
2240 if (vd->timer == NULL)
2241 return;
2242
2243 if (has_dirty && rects) {
2244 vd->timer_interval /= 2;
2245 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2246 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2247 } else {
2248 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2249 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2250 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2251 }
2252 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2253 }
2254
2255 static void vnc_init_timer(VncDisplay *vd)
2256 {
2257 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2258 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2259 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2260 vnc_refresh(vd);
2261 }
2262 }
2263
2264 static void vnc_remove_timer(VncDisplay *vd)
2265 {
2266 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2267 qemu_del_timer(vd->timer);
2268 qemu_free_timer(vd->timer);
2269 vd->timer = NULL;
2270 }
2271 }
2272
2273 static void vnc_connect(VncDisplay *vd, int csock)
2274 {
2275 VncState *vs = qemu_mallocz(sizeof(VncState));
2276 vs->csock = csock;
2277
2278 VNC_DEBUG("New client on socket %d\n", csock);
2279 dcl->idle = 0;
2280 socket_set_nonblock(vs->csock);
2281 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2282
2283 vnc_client_cache_addr(vs);
2284 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2285
2286 vs->vd = vd;
2287 vs->ds = vd->ds;
2288 vs->last_x = -1;
2289 vs->last_y = -1;
2290
2291 vs->as.freq = 44100;
2292 vs->as.nchannels = 2;
2293 vs->as.fmt = AUD_FMT_S16;
2294 vs->as.endianness = 0;
2295
2296 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2297
2298 vga_hw_update();
2299
2300 vnc_write(vs, "RFB 003.008\n", 12);
2301 vnc_flush(vs);
2302 vnc_read_when(vs, protocol_version, 12);
2303 reset_keys(vs);
2304 if (vs->vd->lock_key_sync)
2305 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2306
2307 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2308 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2309
2310 vnc_init_timer(vd);
2311
2312 /* vs might be free()ed here */
2313 }
2314
2315 static void vnc_listen_read(void *opaque)
2316 {
2317 VncDisplay *vs = opaque;
2318 struct sockaddr_in addr;
2319 socklen_t addrlen = sizeof(addr);
2320
2321 /* Catch-up */
2322 vga_hw_update();
2323
2324 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2325 if (csock != -1) {
2326 vnc_connect(vs, csock);
2327 }
2328 }
2329
2330 void vnc_display_init(DisplayState *ds)
2331 {
2332 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2333
2334 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2335
2336 ds->opaque = vs;
2337 dcl->idle = 1;
2338 vnc_display = vs;
2339
2340 vs->lsock = -1;
2341
2342 vs->ds = ds;
2343 QTAILQ_INIT(&vs->clients);
2344
2345 if (keyboard_layout)
2346 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2347 else
2348 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2349
2350 if (!vs->kbd_layout)
2351 exit(1);
2352
2353 dcl->dpy_copy = vnc_dpy_copy;
2354 dcl->dpy_update = vnc_dpy_update;
2355 dcl->dpy_resize = vnc_dpy_resize;
2356 dcl->dpy_setdata = vnc_dpy_setdata;
2357 register_displaychangelistener(ds, dcl);
2358 ds->mouse_set = vnc_mouse_set;
2359 ds->cursor_define = vnc_dpy_cursor_define;
2360 }
2361
2362
2363 void vnc_display_close(DisplayState *ds)
2364 {
2365 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2366
2367 if (!vs)
2368 return;
2369 if (vs->display) {
2370 qemu_free(vs->display);
2371 vs->display = NULL;
2372 }
2373 if (vs->lsock != -1) {
2374 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2375 close(vs->lsock);
2376 vs->lsock = -1;
2377 }
2378 vs->auth = VNC_AUTH_INVALID;
2379 #ifdef CONFIG_VNC_TLS
2380 vs->subauth = VNC_AUTH_INVALID;
2381 vs->tls.x509verify = 0;
2382 #endif
2383 }
2384
2385 int vnc_display_password(DisplayState *ds, const char *password)
2386 {
2387 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2388
2389 if (!vs) {
2390 return -1;
2391 }
2392
2393 if (vs->password) {
2394 qemu_free(vs->password);
2395 vs->password = NULL;
2396 }
2397 if (password && password[0]) {
2398 if (!(vs->password = qemu_strdup(password)))
2399 return -1;
2400 if (vs->auth == VNC_AUTH_NONE) {
2401 vs->auth = VNC_AUTH_VNC;
2402 }
2403 } else {
2404 vs->auth = VNC_AUTH_NONE;
2405 }
2406
2407 return 0;
2408 }
2409
2410 char *vnc_display_local_addr(DisplayState *ds)
2411 {
2412 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2413
2414 return vnc_socket_local_addr("%s:%s", vs->lsock);
2415 }
2416
2417 int vnc_display_open(DisplayState *ds, const char *display)
2418 {
2419 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2420 const char *options;
2421 int password = 0;
2422 int reverse = 0;
2423 #ifdef CONFIG_VNC_TLS
2424 int tls = 0, x509 = 0;
2425 #endif
2426 #ifdef CONFIG_VNC_SASL
2427 int sasl = 0;
2428 int saslErr;
2429 #endif
2430 int acl = 0;
2431 int lock_key_sync = 1;
2432
2433 if (!vnc_display)
2434 return -1;
2435 vnc_display_close(ds);
2436 if (strcmp(display, "none") == 0)
2437 return 0;
2438
2439 if (!(vs->display = strdup(display)))
2440 return -1;
2441
2442 options = display;
2443 while ((options = strchr(options, ','))) {
2444 options++;
2445 if (strncmp(options, "password", 8) == 0) {
2446 password = 1; /* Require password auth */
2447 } else if (strncmp(options, "reverse", 7) == 0) {
2448 reverse = 1;
2449 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2450 lock_key_sync = 0;
2451 #ifdef CONFIG_VNC_SASL
2452 } else if (strncmp(options, "sasl", 4) == 0) {
2453 sasl = 1; /* Require SASL auth */
2454 #endif
2455 #ifdef CONFIG_VNC_TLS
2456 } else if (strncmp(options, "tls", 3) == 0) {
2457 tls = 1; /* Require TLS */
2458 } else if (strncmp(options, "x509", 4) == 0) {
2459 char *start, *end;
2460 x509 = 1; /* Require x509 certificates */
2461 if (strncmp(options, "x509verify", 10) == 0)
2462 vs->tls.x509verify = 1; /* ...and verify client certs */
2463
2464 /* Now check for 'x509=/some/path' postfix
2465 * and use that to setup x509 certificate/key paths */
2466 start = strchr(options, '=');
2467 end = strchr(options, ',');
2468 if (start && (!end || (start < end))) {
2469 int len = end ? end-(start+1) : strlen(start+1);
2470 char *path = qemu_strndup(start + 1, len);
2471
2472 VNC_DEBUG("Trying certificate path '%s'\n", path);
2473 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2474 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2475 qemu_free(path);
2476 qemu_free(vs->display);
2477 vs->display = NULL;
2478 return -1;
2479 }
2480 qemu_free(path);
2481 } else {
2482 fprintf(stderr, "No certificate path provided\n");
2483 qemu_free(vs->display);
2484 vs->display = NULL;
2485 return -1;
2486 }
2487 #endif
2488 } else if (strncmp(options, "acl", 3) == 0) {
2489 acl = 1;
2490 }
2491 }
2492
2493 #ifdef CONFIG_VNC_TLS
2494 if (acl && x509 && vs->tls.x509verify) {
2495 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2496 fprintf(stderr, "Failed to create x509 dname ACL\n");
2497 exit(1);
2498 }
2499 }
2500 #endif
2501 #ifdef CONFIG_VNC_SASL
2502 if (acl && sasl) {
2503 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2504 fprintf(stderr, "Failed to create username ACL\n");
2505 exit(1);
2506 }
2507 }
2508 #endif
2509
2510 /*
2511 * Combinations we support here:
2512 *
2513 * - no-auth (clear text, no auth)
2514 * - password (clear text, weak auth)
2515 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2516 * - tls (encrypt, weak anonymous creds, no auth)
2517 * - tls + password (encrypt, weak anonymous creds, weak auth)
2518 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2519 * - tls + x509 (encrypt, good x509 creds, no auth)
2520 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2521 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2522 *
2523 * NB1. TLS is a stackable auth scheme.
2524 * NB2. the x509 schemes have option to validate a client cert dname
2525 */
2526 if (password) {
2527 #ifdef CONFIG_VNC_TLS
2528 if (tls) {
2529 vs->auth = VNC_AUTH_VENCRYPT;
2530 if (x509) {
2531 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2532 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2533 } else {
2534 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2535 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2536 }
2537 } else {
2538 #endif /* CONFIG_VNC_TLS */
2539 VNC_DEBUG("Initializing VNC server with password auth\n");
2540 vs->auth = VNC_AUTH_VNC;
2541 #ifdef CONFIG_VNC_TLS
2542 vs->subauth = VNC_AUTH_INVALID;
2543 }
2544 #endif /* CONFIG_VNC_TLS */
2545 #ifdef CONFIG_VNC_SASL
2546 } else if (sasl) {
2547 #ifdef CONFIG_VNC_TLS
2548 if (tls) {
2549 vs->auth = VNC_AUTH_VENCRYPT;
2550 if (x509) {
2551 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2552 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2553 } else {
2554 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2555 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2556 }
2557 } else {
2558 #endif /* CONFIG_VNC_TLS */
2559 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2560 vs->auth = VNC_AUTH_SASL;
2561 #ifdef CONFIG_VNC_TLS
2562 vs->subauth = VNC_AUTH_INVALID;
2563 }
2564 #endif /* CONFIG_VNC_TLS */
2565 #endif /* CONFIG_VNC_SASL */
2566 } else {
2567 #ifdef CONFIG_VNC_TLS
2568 if (tls) {
2569 vs->auth = VNC_AUTH_VENCRYPT;
2570 if (x509) {
2571 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2572 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2573 } else {
2574 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2575 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2576 }
2577 } else {
2578 #endif
2579 VNC_DEBUG("Initializing VNC server with no auth\n");
2580 vs->auth = VNC_AUTH_NONE;
2581 #ifdef CONFIG_VNC_TLS
2582 vs->subauth = VNC_AUTH_INVALID;
2583 }
2584 #endif
2585 }
2586
2587 #ifdef CONFIG_VNC_SASL
2588 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2589 fprintf(stderr, "Failed to initialize SASL auth %s",
2590 sasl_errstring(saslErr, NULL, NULL));
2591 free(vs->display);
2592 vs->display = NULL;
2593 return -1;
2594 }
2595 #endif
2596 vs->lock_key_sync = lock_key_sync;
2597
2598 if (reverse) {
2599 /* connect to viewer */
2600 if (strncmp(display, "unix:", 5) == 0)
2601 vs->lsock = unix_connect(display+5);
2602 else
2603 vs->lsock = inet_connect(display, SOCK_STREAM);
2604 if (-1 == vs->lsock) {
2605 free(vs->display);
2606 vs->display = NULL;
2607 return -1;
2608 } else {
2609 int csock = vs->lsock;
2610 vs->lsock = -1;
2611 vnc_connect(vs, csock);
2612 }
2613 return 0;
2614
2615 } else {
2616 /* listen for connects */
2617 char *dpy;
2618 dpy = qemu_malloc(256);
2619 if (strncmp(display, "unix:", 5) == 0) {
2620 pstrcpy(dpy, 256, "unix:");
2621 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2622 } else {
2623 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2624 }
2625 if (-1 == vs->lsock) {
2626 free(dpy);
2627 return -1;
2628 } else {
2629 free(vs->display);
2630 vs->display = dpy;
2631 }
2632 }
2633 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2634 }
QEMU mirror