]> git.proxmox.com Git - mirror_qemu.git/blame - vnc.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix invalid #if in vnc.c when debugging is enabled (Alexander Graf)
[mirror_qemu.git] / vnc.c
CommitLineData
7d510b8c
FB		 1/*
2 * QEMU VNC display driver
5fafdf24 3 *
7d510b8c
FB		 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
5fafdf24 6 *
7d510b8c
FB		 7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
87ecb68b
PB		 26#include "qemu-common.h"
27#include "console.h"
28#include "sysemu.h"
6ca957f0 29#include "qemu_socket.h"
87ecb68b 30#include "qemu-timer.h"
429a8ed3 31#include "audio/audio.h"
24236869
FB		 32
33#define VNC_REFRESH_INTERVAL (1000 / 30)
34
e06679fb 35#include "vnc.h"
24236869
FB		 36#include "vnc_keysym.h"
37#include "keymaps.c"
70848515
TS		 38#include "d3des.h"
39
eb38c52c 40#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 41#include <gnutls/gnutls.h>
42#include <gnutls/x509.h>
43#endif /* CONFIG_VNC_TLS */
70848515 44
8d5d2d4c
TS		 45// #define _VNC_DEBUG 1
46
eb38c52c 47#ifdef _VNC_DEBUG
70848515 48#define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
8d5d2d4c 49
26f8b9cc 50#if defined(CONFIG_VNC_TLS) && _VNC_DEBUG >= 2
8d5d2d4c
TS		 51/* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
52static void vnc_debug_gnutls_log(int level, const char* str) {
53 VNC_DEBUG("%d %s", level, str);
54}
55#endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
70848515
TS		 56#else
57#define VNC_DEBUG(fmt, ...) do { } while (0)
58#endif
24236869 59
90a1e3c0
AL		 60#define count_bits(c, v) { \
61 for (c = 0; v; v >>= 1) \
62 { \
63 c += v & 1; \
64 } \
65}
8d5d2d4c 66
24236869
FB		 67typedef struct Buffer
68{
69 size_t capacity;
70 size_t offset;
60fe76f3 71 uint8_t *buffer;
24236869
FB		 72} Buffer;
73
74typedef struct VncState VncState;
75
60fe76f3 76typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
24236869 77
3512779a
FB		 78typedef void VncWritePixels(VncState *vs, void *data, int size);
79
80typedef void VncSendHextileTile(VncState *vs,
81 int x, int y, int w, int h,
7eac3a87
AL		 82 void *last_bg,
83 void *last_fg,
3512779a
FB		 84 int *has_bg, int *has_fg);
85
99589bdc
FB		 86#define VNC_MAX_WIDTH 2048
87#define VNC_MAX_HEIGHT 2048
88#define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
89
70848515
TS		 90#define VNC_AUTH_CHALLENGE_SIZE 16
91
24236869
FB		 92struct VncState
93{
94 QEMUTimer *timer;
95 int lsock;
96 int csock;
97 DisplayState *ds;
98 int need_update;
99589bdc 99 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
24236869 100 char *old_data;
29fa4ed9 101 uint32_t features;
564c337e
FB		 102 int absolute;
103 int last_x;
104 int last_y;
105
70848515
TS		 106 int major;
107 int minor;
108
71cab5ca 109 char *display;
70848515
TS		 110 char *password;
111 int auth;
eb38c52c 112#ifdef CONFIG_VNC_TLS
8d5d2d4c 113 int subauth;
469b15c6 114 int x509verify;
6f43024c
TS		 115
116 char *x509cacert;
117 char *x509cacrl;
118 char *x509cert;
119 char *x509key;
8d5d2d4c 120#endif
70848515 121 char challenge[VNC_AUTH_CHALLENGE_SIZE];
a9ce8590 122
eb38c52c 123#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 124 int wiremode;
125 gnutls_session_t tls_session;
126#endif
127
24236869
FB		 128 Buffer output;
129 Buffer input;
130 kbd_layout_t *kbd_layout;
3512779a
FB		 131 /* current output mode information */
132 VncWritePixels *write_pixels;
133 VncSendHextileTile *send_hextile_tile;
6cec5487 134 DisplaySurface clientds, serverds;
24236869 135
429a8ed3 136 CaptureVoiceOut *audio_cap;
1ea879e5 137 struct audsettings as;
429a8ed3 138
24236869
FB		 139 VncReadEvent *read_handler;
140 size_t read_handler_expect;
64f5a135
FB		 141 /* input */
142 uint8_t modifiers_state[256];
24236869
FB		 143};
144
a9ce8590 145static VncState *vnc_state; /* needed for info vnc */
7d957bd8 146static DisplayChangeListener *dcl;
a9ce8590
FB		 147
148void do_info_vnc(void)
149{
13412c9d 150 if (vnc_state == NULL || vnc_state->display == NULL)
a9ce8590
FB		 151 term_printf("VNC server disabled\n");
152 else {
153 term_printf("VNC server active on: ");
154 term_print_filename(vnc_state->display);
155 term_printf("\n");
156
157 if (vnc_state->csock == -1)
158 term_printf("No client connected\n");
159 else
160 term_printf("Client connected\n");
161 }
162}
163
29fa4ed9
AL		 164static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
165 return (vs->features & (1 << feature));
166}
167
24236869
FB		 168/* TODO
169 1) Get the queue working for IO.
170 2) there is some weirdness when using the -S option (the screen is grey
171 and not totally invalidated
172 3) resolutions > 1024
173*/
174
175static void vnc_write(VncState *vs, const void *data, size_t len);
176static void vnc_write_u32(VncState *vs, uint32_t value);
177static void vnc_write_s32(VncState *vs, int32_t value);
178static void vnc_write_u16(VncState *vs, uint16_t value);
179static void vnc_write_u8(VncState *vs, uint8_t value);
180static void vnc_flush(VncState *vs);
181static void vnc_update_client(void *opaque);
182static void vnc_client_read(void *opaque);
183
7d957bd8 184static void vnc_colordepth(DisplayState *ds);
7eac3a87 185
99589bdc
FB		 186static inline void vnc_set_bit(uint32_t *d, int k)
187{
188 d[k >> 5] |= 1 << (k & 0x1f);
189}
190
191static inline void vnc_clear_bit(uint32_t *d, int k)
192{
193 d[k >> 5] &= ~(1 << (k & 0x1f));
194}
195
196static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
197{
198 int j;
199
200 j = 0;
201 while (n >= 32) {
202 d[j++] = -1;
203 n -= 32;
204 }
5fafdf24 205 if (n > 0)
99589bdc
FB		 206 d[j++] = (1 << n) - 1;
207 while (j < nb_words)
208 d[j++] = 0;
209}
210
211static inline int vnc_get_bit(const uint32_t *d, int k)
212{
213 return (d[k >> 5] >> (k & 0x1f)) & 1;
214}
215
5fafdf24 216static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
99589bdc
FB		 217 int nb_words)
218{
219 int i;
220 for(i = 0; i < nb_words; i++) {
221 if ((d1[i] & d2[i]) != 0)
222 return 1;
223 }
224 return 0;
225}
226
24236869
FB		 227static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
228{
229 VncState *vs = ds->opaque;
230 int i;
231
232 h += y;
233
0486e8a7
AZ		 234 /* round x down to ensure the loop only spans one 16-pixel block per,
235 iteration. otherwise, if (x % 16) != 0, the last iteration may span
236 two 16-pixel blocks but we only mark the first as dirty
237 */
238 w += (x % 16);
239 x -= (x % 16);
240
6cec5487
AL		 241 x = MIN(x, vs->serverds.width);
242 y = MIN(y, vs->serverds.height);
243 w = MIN(x + w, vs->serverds.width) - x;
244 h = MIN(h, vs->serverds.height);
788abf8e 245
24236869
FB		 246 for (; y < h; y++)
247 for (i = 0; i < w; i += 16)
99589bdc 248 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
24236869
FB		 249}
250
251static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
252 int32_t encoding)
253{
254 vnc_write_u16(vs, x);
255 vnc_write_u16(vs, y);
256 vnc_write_u16(vs, w);
257 vnc_write_u16(vs, h);
258
259 vnc_write_s32(vs, encoding);
260}
261
7d957bd8 262static void vnc_dpy_resize(DisplayState *ds)
24236869 263{
73e14b62 264 int size_changed;
24236869
FB		 265 VncState *vs = ds->opaque;
266
7d957bd8 267 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
24236869 268
7d957bd8 269 if (vs->old_data == NULL) {
24236869
FB		 270 fprintf(stderr, "vnc: memory allocation failed\n");
271 exit(1);
272 }
273
6cec5487 274 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
a528b80c 275 console_color_init(ds);
7d957bd8 276 vnc_colordepth(ds);
6cec5487
AL		 277 size_changed = ds_get_width(ds) != vs->serverds.width ||
278 ds_get_height(ds) != vs->serverds.height;
279 vs->serverds = *(ds->surface);
b94eb43f 280 if (size_changed) {
29fa4ed9 281 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
b94eb43f
AZ		 282 vnc_write_u8(vs, 0); /* msg id */
283 vnc_write_u8(vs, 0);
284 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9
AL		 285 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
286 VNC_ENCODING_DESKTOPRESIZE);
b94eb43f
AZ		 287 vnc_flush(vs);
288 }
24236869 289 }
8bba5c81
AZ		 290
291 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
0e1f5a0c 292 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
24236869
FB		 293}
294
3512779a
FB		 295/* fastest code */
296static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
297{
298 vnc_write(vs, pixels, size);
299}
300
301/* slowest but generic code. */
302static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
303{
7eac3a87
AL		 304 uint8_t r, g, b;
305
90a1e3c0
AL		 306 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
307 vs->serverds.pf.rbits);
308 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
309 vs->serverds.pf.gbits);
310 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
311 vs->serverds.pf.bbits);
6cec5487
AL		 312 v = (r << vs->clientds.pf.rshift) |
313 (g << vs->clientds.pf.gshift) |
314 (b << vs->clientds.pf.bshift);
315 switch(vs->clientds.pf.bytes_per_pixel) {
3512779a
FB		 316 case 1:
317 buf[0] = v;
318 break;
319 case 2:
6cec5487 320 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 321 buf[0] = v >> 8;
322 buf[1] = v;
323 } else {
324 buf[1] = v >> 8;
325 buf[0] = v;
326 }
327 break;
328 default:
329 case 4:
6cec5487 330 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
3512779a
FB		 331 buf[0] = v >> 24;
332 buf[1] = v >> 16;
333 buf[2] = v >> 8;
334 buf[3] = v;
335 } else {
336 buf[3] = v >> 24;
337 buf[2] = v >> 16;
338 buf[1] = v >> 8;
339 buf[0] = v;
340 }
341 break;
342 }
343}
344
345static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
346{
3512779a 347 uint8_t buf[4];
3512779a 348
6cec5487 349 if (vs->serverds.pf.bytes_per_pixel == 4) {
7eac3a87
AL		 350 uint32_t *pixels = pixels1;
351 int n, i;
352 n = size >> 2;
353 for(i = 0; i < n; i++) {
354 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 355 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 356 }
6cec5487 357 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
7eac3a87
AL		 358 uint16_t *pixels = pixels1;
359 int n, i;
360 n = size >> 1;
361 for(i = 0; i < n; i++) {
362 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 363 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87 364 }
6cec5487 365 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
7eac3a87
AL		 366 uint8_t *pixels = pixels1;
367 int n, i;
368 n = size;
369 for(i = 0; i < n; i++) {
370 vnc_convert_pixel(vs, buf, pixels[i]);
6cec5487 371 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
7eac3a87
AL		 372 }
373 } else {
374 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
3512779a
FB		 375 }
376}
377
24236869
FB		 378static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
379{
380 int i;
60fe76f3 381 uint8_t *row;
24236869 382
29fa4ed9 383 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
24236869 384
6cec5487 385 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
24236869 386 for (i = 0; i < h; i++) {
6cec5487 387 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
0e1f5a0c 388 row += ds_get_linesize(vs->ds);
24236869
FB		 389 }
390}
391
392static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
393{
394 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
395 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
396}
397
398#define BPP 8
399#include "vnchextile.h"
400#undef BPP
401
402#define BPP 16
403#include "vnchextile.h"
404#undef BPP
405
406#define BPP 32
407#include "vnchextile.h"
408#undef BPP
409
7eac3a87
AL		 410#define GENERIC
411#define BPP 8
412#include "vnchextile.h"
413#undef BPP
414#undef GENERIC
415
416#define GENERIC
417#define BPP 16
418#include "vnchextile.h"
419#undef BPP
420#undef GENERIC
421
3512779a
FB		 422#define GENERIC
423#define BPP 32
424#include "vnchextile.h"
425#undef BPP
426#undef GENERIC
427
24236869
FB		 428static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
429{
430 int i, j;
431 int has_fg, has_bg;
7eac3a87 432 uint8_t *last_fg, *last_bg;
24236869 433
29fa4ed9 434 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
24236869 435
6cec5487
AL		 436 last_fg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
437 last_bg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
24236869
FB		 438 has_fg = has_bg = 0;
439 for (j = y; j < (y + h); j += 16) {
440 for (i = x; i < (x + w); i += 16) {
5fafdf24 441 vs->send_hextile_tile(vs, i, j,
3512779a 442 MIN(16, x + w - i), MIN(16, y + h - j),
7eac3a87 443 last_bg, last_fg, &has_bg, &has_fg);
24236869
FB		 444 }
445 }
7eac3a87
AL		 446 free(last_fg);
447 free(last_bg);
448
24236869
FB		 449}
450
451static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
452{
29fa4ed9 453 if (vnc_has_feature(vs, VNC_FEATURE_HEXTILE))
24236869
FB		 454 send_framebuffer_update_hextile(vs, x, y, w, h);
455 else
456 send_framebuffer_update_raw(vs, x, y, w, h);
457}
458
459static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
460{
24236869
FB		 461 VncState *vs = ds->opaque;
462
463 vnc_update_client(vs);
464
24236869
FB		 465 vnc_write_u8(vs, 0); /* msg id */
466 vnc_write_u8(vs, 0);
467 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9 468 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
24236869
FB		 469 vnc_write_u16(vs, src_x);
470 vnc_write_u16(vs, src_y);
471 vnc_flush(vs);
472}
473
474static int find_dirty_height(VncState *vs, int y, int last_x, int x)
475{
476 int h;
477
6cec5487 478 for (h = 1; h < (vs->serverds.height - y); h++) {
24236869 479 int tmp_x;
99589bdc 480 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
24236869
FB		 481 break;
482 for (tmp_x = last_x; tmp_x < x; tmp_x++)
99589bdc 483 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
24236869
FB		 484 }
485
486 return h;
487}
488
489static void vnc_update_client(void *opaque)
490{
491 VncState *vs = opaque;
492
493 if (vs->need_update && vs->csock != -1) {
494 int y;
60fe76f3 495 uint8_t *row;
24236869 496 char *old_row;
99589bdc 497 uint32_t width_mask[VNC_DIRTY_WORDS];
24236869
FB		 498 int n_rectangles;
499 int saved_offset;
500 int has_dirty = 0;
501
a0ecfb73
AZ		 502 vga_hw_update();
503
6cec5487 504 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
24236869
FB		 505
506 /* Walk through the dirty map and eliminate tiles that
507 really aren't dirty */
0e1f5a0c 508 row = ds_get_data(vs->ds);
24236869
FB		 509 old_row = vs->old_data;
510
6cec5487 511 for (y = 0; y < ds_get_height(vs->ds); y++) {
99589bdc 512 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
24236869 513 int x;
60fe76f3
TS		 514 uint8_t *ptr;
515 char *old_ptr;
24236869
FB		 516
517 ptr = row;
60fe76f3 518 old_ptr = (char*)old_row;
24236869 519
0e1f5a0c 520 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
6cec5487 521 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
99589bdc 522 vnc_clear_bit(vs->dirty_row[y], (x / 16));
24236869
FB		 523 } else {
524 has_dirty = 1;
6cec5487 525 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
24236869
FB		 526 }
527
6cec5487
AL		 528 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
529 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
24236869
FB		 530 }
531 }
532
0e1f5a0c
AL		 533 row += ds_get_linesize(vs->ds);
534 old_row += ds_get_linesize(vs->ds);
24236869
FB		 535 }
536
429a8ed3 537 if (!has_dirty && !vs->audio_cap) {
24236869
FB		 538 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
539 return;
540 }
541
542 /* Count rectangles */
543 n_rectangles = 0;
544 vnc_write_u8(vs, 0); /* msg id */
545 vnc_write_u8(vs, 0);
546 saved_offset = vs->output.offset;
547 vnc_write_u16(vs, 0);
548
6cec5487 549 for (y = 0; y < vs->serverds.height; y++) {
24236869
FB		 550 int x;
551 int last_x = -1;
6cec5487 552 for (x = 0; x < vs->serverds.width / 16; x++) {
99589bdc 553 if (vnc_get_bit(vs->dirty_row[y], x)) {
24236869
FB		 554 if (last_x == -1) {
555 last_x = x;
556 }
99589bdc 557 vnc_clear_bit(vs->dirty_row[y], x);
24236869
FB		 558 } else {
559 if (last_x != -1) {
560 int h = find_dirty_height(vs, y, last_x, x);
561 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
562 n_rectangles++;
563 }
564 last_x = -1;
565 }
566 }
567 if (last_x != -1) {
568 int h = find_dirty_height(vs, y, last_x, x);
569 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
570 n_rectangles++;
571 }
572 }
573 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
574 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
575 vnc_flush(vs);
576
577 }
24236869 578
a0ecfb73
AZ		 579 if (vs->csock != -1) {
580 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
24236869 581 }
24236869 582
24236869
FB		 583}
584
585static int vnc_listen_poll(void *opaque)
586{
587 VncState *vs = opaque;
588 if (vs->csock == -1)
589 return 1;
590 return 0;
591}
592
593static void buffer_reserve(Buffer *buffer, size_t len)
594{
595 if ((buffer->capacity - buffer->offset) < len) {
596 buffer->capacity += (len + 1024);
2137b4cc 597 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
24236869
FB		 598 if (buffer->buffer == NULL) {
599 fprintf(stderr, "vnc: out of memory\n");
600 exit(1);
601 }
602 }
603}
604
605static int buffer_empty(Buffer *buffer)
606{
607 return buffer->offset == 0;
608}
609
60fe76f3 610static uint8_t *buffer_end(Buffer *buffer)
24236869
FB		 611{
612 return buffer->buffer + buffer->offset;
613}
614
615static void buffer_reset(Buffer *buffer)
616{
617 buffer->offset = 0;
618}
619
620static void buffer_append(Buffer *buffer, const void *data, size_t len)
621{
622 memcpy(buffer->buffer + buffer->offset, data, len);
623 buffer->offset += len;
624}
625
429a8ed3 626/* audio */
627static void audio_capture_notify(void *opaque, audcnotification_e cmd)
628{
629 VncState *vs = opaque;
630
631 switch (cmd) {
632 case AUD_CNOTIFY_DISABLE:
633 vnc_write_u8(vs, 255);
634 vnc_write_u8(vs, 1);
635 vnc_write_u16(vs, 0);
636 vnc_flush(vs);
637 break;
638
639 case AUD_CNOTIFY_ENABLE:
640 vnc_write_u8(vs, 255);
641 vnc_write_u8(vs, 1);
642 vnc_write_u16(vs, 1);
643 vnc_flush(vs);
644 break;
645 }
646}
647
648static void audio_capture_destroy(void *opaque)
649{
650}
651
652static void audio_capture(void *opaque, void *buf, int size)
653{
654 VncState *vs = opaque;
655
656 vnc_write_u8(vs, 255);
657 vnc_write_u8(vs, 1);
658 vnc_write_u16(vs, 2);
659 vnc_write_u32(vs, size);
660 vnc_write(vs, buf, size);
661 vnc_flush(vs);
662}
663
664static void audio_add(VncState *vs)
665{
666 struct audio_capture_ops ops;
667
668 if (vs->audio_cap) {
669 term_printf ("audio already running\n");
670 return;
671 }
672
673 ops.notify = audio_capture_notify;
674 ops.destroy = audio_capture_destroy;
675 ops.capture = audio_capture;
676
677 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
678 if (!vs->audio_cap) {
679 term_printf ("Failed to add audio capture\n");
680 }
681}
682
683static void audio_del(VncState *vs)
684{
685 if (vs->audio_cap) {
686 AUD_del_capture(vs->audio_cap, vs);
687 vs->audio_cap = NULL;
688 }
689}
690
6ca957f0 691static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
24236869
FB		 692{
693 if (ret == 0 || ret == -1) {
ea01e5fd
AZ		 694 if (ret == -1) {
695 switch (last_errno) {
696 case EINTR:
697 case EAGAIN:
698#ifdef _WIN32
699 case WSAEWOULDBLOCK:
700#endif
701 return 0;
702 default:
703 break;
704 }
705 }
24236869 706
8d5d2d4c 707 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
24236869 708 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
6ca957f0 709 closesocket(vs->csock);
24236869 710 vs->csock = -1;
7d957bd8 711 dcl->idle = 1;
24236869
FB		 712 buffer_reset(&vs->input);
713 buffer_reset(&vs->output);
714 vs->need_update = 0;
eb38c52c 715#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 716 if (vs->tls_session) {
717 gnutls_deinit(vs->tls_session);
718 vs->tls_session = NULL;
719 }
720 vs->wiremode = VNC_WIREMODE_CLEAR;
721#endif /* CONFIG_VNC_TLS */
429a8ed3 722 audio_del(vs);
24236869
FB		 723 return 0;
724 }
725 return ret;
726}
727
728static void vnc_client_error(VncState *vs)
729{
6ca957f0 730 vnc_client_io_error(vs, -1, EINVAL);
24236869
FB		 731}
732
733static void vnc_client_write(void *opaque)
734{
ceb5caaf 735 long ret;
24236869
FB		 736 VncState *vs = opaque;
737
eb38c52c 738#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 739 if (vs->tls_session) {
740 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
741 if (ret < 0) {
742 if (ret == GNUTLS_E_AGAIN)
743 errno = EAGAIN;
744 else
745 errno = EIO;
746 ret = -1;
747 }
748 } else
749#endif /* CONFIG_VNC_TLS */
750 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
6ca957f0 751 ret = vnc_client_io_error(vs, ret, socket_error());
24236869
FB		 752 if (!ret)
753 return;
754
755 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
756 vs->output.offset -= ret;
757
758 if (vs->output.offset == 0) {
759 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
760 }
761}
762
763static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
764{
765 vs->read_handler = func;
766 vs->read_handler_expect = expecting;
767}
768
769static void vnc_client_read(void *opaque)
770{
771 VncState *vs = opaque;
ceb5caaf 772 long ret;
24236869
FB		 773
774 buffer_reserve(&vs->input, 4096);
775
eb38c52c 776#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 777 if (vs->tls_session) {
778 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
779 if (ret < 0) {
780 if (ret == GNUTLS_E_AGAIN)
781 errno = EAGAIN;
782 else
783 errno = EIO;
784 ret = -1;
785 }
786 } else
787#endif /* CONFIG_VNC_TLS */
788 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
6ca957f0 789 ret = vnc_client_io_error(vs, ret, socket_error());
24236869
FB		 790 if (!ret)
791 return;
792
793 vs->input.offset += ret;
794
795 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
796 size_t len = vs->read_handler_expect;
797 int ret;
798
799 ret = vs->read_handler(vs, vs->input.buffer, len);
800 if (vs->csock == -1)
801 return;
802
803 if (!ret) {
804 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
805 vs->input.offset -= len;
806 } else {
807 vs->read_handler_expect = ret;
808 }
809 }
810}
811
812static void vnc_write(VncState *vs, const void *data, size_t len)
813{
814 buffer_reserve(&vs->output, len);
815
816 if (buffer_empty(&vs->output)) {
817 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
818 }
819
820 buffer_append(&vs->output, data, len);
821}
822
823static void vnc_write_s32(VncState *vs, int32_t value)
824{
825 vnc_write_u32(vs, *(uint32_t *)&value);
826}
827
828static void vnc_write_u32(VncState *vs, uint32_t value)
829{
830 uint8_t buf[4];
831
832 buf[0] = (value >> 24) & 0xFF;
833 buf[1] = (value >> 16) & 0xFF;
834 buf[2] = (value >> 8) & 0xFF;
835 buf[3] = value & 0xFF;
836
837 vnc_write(vs, buf, 4);
838}
839
840static void vnc_write_u16(VncState *vs, uint16_t value)
841{
64f5a135 842 uint8_t buf[2];
24236869
FB		 843
844 buf[0] = (value >> 8) & 0xFF;
845 buf[1] = value & 0xFF;
846
847 vnc_write(vs, buf, 2);
848}
849
850static void vnc_write_u8(VncState *vs, uint8_t value)
851{
852 vnc_write(vs, (char *)&value, 1);
853}
854
855static void vnc_flush(VncState *vs)
856{
857 if (vs->output.offset)
858 vnc_client_write(vs);
859}
860
64f5a135 861static uint8_t read_u8(uint8_t *data, size_t offset)
24236869
FB		 862{
863 return data[offset];
864}
865
64f5a135 866static uint16_t read_u16(uint8_t *data, size_t offset)
24236869
FB		 867{
868 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
869}
870
64f5a135 871static int32_t read_s32(uint8_t *data, size_t offset)
24236869
FB		 872{
873 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
874 (data[offset + 2] << 8) | data[offset + 3]);
875}
876
64f5a135 877static uint32_t read_u32(uint8_t *data, size_t offset)
24236869
FB		 878{
879 return ((data[offset] << 24) | (data[offset + 1] << 16) |
880 (data[offset + 2] << 8) | data[offset + 3]);
881}
882
eb38c52c 883#ifdef CONFIG_VNC_TLS
9596ebb7
PB		 884static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
885 const void *data,
886 size_t len) {
8d5d2d4c
TS		 887 struct VncState *vs = (struct VncState *)transport;
888 int ret;
889
890 retry:
891 ret = send(vs->csock, data, len, 0);
892 if (ret < 0) {
893 if (errno == EINTR)
894 goto retry;
895 return -1;
896 }
897 return ret;
898}
899
900
9596ebb7
PB		 901static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
902 void *data,
903 size_t len) {
8d5d2d4c
TS		 904 struct VncState *vs = (struct VncState *)transport;
905 int ret;
906
907 retry:
908 ret = recv(vs->csock, data, len, 0);
909 if (ret < 0) {
910 if (errno == EINTR)
911 goto retry;
912 return -1;
913 }
914 return ret;
915}
916#endif /* CONFIG_VNC_TLS */
917
60fe76f3 918static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
24236869
FB		 919{
920}
921
564c337e
FB		 922static void check_pointer_type_change(VncState *vs, int absolute)
923{
29fa4ed9 924 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
564c337e
FB		 925 vnc_write_u8(vs, 0);
926 vnc_write_u8(vs, 0);
927 vnc_write_u16(vs, 1);
928 vnc_framebuffer_update(vs, absolute, 0,
29fa4ed9
AL		 929 ds_get_width(vs->ds), ds_get_height(vs->ds),
930 VNC_ENCODING_POINTER_TYPE_CHANGE);
564c337e
FB		 931 vnc_flush(vs);
932 }
933 vs->absolute = absolute;
934}
935
24236869
FB		 936static void pointer_event(VncState *vs, int button_mask, int x, int y)
937{
938 int buttons = 0;
939 int dz = 0;
940
941 if (button_mask & 0x01)
942 buttons |= MOUSE_EVENT_LBUTTON;
943 if (button_mask & 0x02)
944 buttons |= MOUSE_EVENT_MBUTTON;
945 if (button_mask & 0x04)
946 buttons |= MOUSE_EVENT_RBUTTON;
947 if (button_mask & 0x08)
948 dz = -1;
949 if (button_mask & 0x10)
950 dz = 1;
564c337e
FB		 951
952 if (vs->absolute) {
0e1f5a0c
AL		 953 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
954 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
24236869 955 dz, buttons);
29fa4ed9 956 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
564c337e
FB		 957 x -= 0x7FFF;
958 y -= 0x7FFF;
24236869 959
564c337e
FB		 960 kbd_mouse_event(x, y, dz, buttons);
961 } else {
962 if (vs->last_x != -1)
963 kbd_mouse_event(x - vs->last_x,
964 y - vs->last_y,
965 dz, buttons);
966 vs->last_x = x;
967 vs->last_y = y;
24236869 968 }
564c337e
FB		 969
970 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 971}
972
64f5a135
FB		 973static void reset_keys(VncState *vs)
974{
975 int i;
976 for(i = 0; i < 256; i++) {
977 if (vs->modifiers_state[i]) {
978 if (i & 0x80)
979 kbd_put_keycode(0xe0);
980 kbd_put_keycode(i | 0x80);
981 vs->modifiers_state[i] = 0;
982 }
983 }
984}
985
a528b80c
AZ		 986static void press_key(VncState *vs, int keysym)
987{
988 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
989 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
990}
991
9ca313aa 992static void do_key_event(VncState *vs, int down, int keycode, int sym)
24236869 993{
64f5a135
FB		 994 /* QEMU console switch */
995 switch(keycode) {
996 case 0x2a: /* Left Shift */
997 case 0x36: /* Right Shift */
998 case 0x1d: /* Left CTRL */
999 case 0x9d: /* Right CTRL */
1000 case 0x38: /* Left ALT */
1001 case 0xb8: /* Right ALT */
1002 if (down)
1003 vs->modifiers_state[keycode] = 1;
1004 else
1005 vs->modifiers_state[keycode] = 0;
1006 break;
5fafdf24 1007 case 0x02 ... 0x0a: /* '1' to '9' keys */
64f5a135
FB		 1008 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1009 /* Reset the modifiers sent to the current console */
1010 reset_keys(vs);
1011 console_select(keycode - 0x02);
1012 return;
1013 }
1014 break;
4d3b6f6e 1015 case 0x3a: /* CapsLock */
a528b80c
AZ		 1016 case 0x45: /* NumLock */
1017 if (!down)
1018 vs->modifiers_state[keycode] ^= 1;
1019 break;
1020 }
1021
1022 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1023 /* If the numlock state needs to change then simulate an additional
1024 keypress before sending this one. This will happen if the user
1025 toggles numlock away from the VNC window.
1026 */
1027 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1028 if (!vs->modifiers_state[0x45]) {
1029 vs->modifiers_state[0x45] = 1;
1030 press_key(vs, 0xff7f);
1031 }
1032 } else {
1033 if (vs->modifiers_state[0x45]) {
1034 vs->modifiers_state[0x45] = 0;
1035 press_key(vs, 0xff7f);
1036 }
1037 }
64f5a135 1038 }
24236869 1039
64f5a135
FB		 1040 if (is_graphic_console()) {
1041 if (keycode & 0x80)
1042 kbd_put_keycode(0xe0);
1043 if (down)
1044 kbd_put_keycode(keycode & 0x7f);
1045 else
1046 kbd_put_keycode(keycode | 0x80);
1047 } else {
1048 /* QEMU console emulation */
1049 if (down) {
1050 switch (keycode) {
1051 case 0x2a: /* Left Shift */
1052 case 0x36: /* Right Shift */
1053 case 0x1d: /* Left CTRL */
1054 case 0x9d: /* Right CTRL */
1055 case 0x38: /* Left ALT */
1056 case 0xb8: /* Right ALT */
1057 break;
1058 case 0xc8:
1059 kbd_put_keysym(QEMU_KEY_UP);
1060 break;
1061 case 0xd0:
1062 kbd_put_keysym(QEMU_KEY_DOWN);
1063 break;
1064 case 0xcb:
1065 kbd_put_keysym(QEMU_KEY_LEFT);
1066 break;
1067 case 0xcd:
1068 kbd_put_keysym(QEMU_KEY_RIGHT);
1069 break;
1070 case 0xd3:
1071 kbd_put_keysym(QEMU_KEY_DELETE);
1072 break;
1073 case 0xc7:
1074 kbd_put_keysym(QEMU_KEY_HOME);
1075 break;
1076 case 0xcf:
1077 kbd_put_keysym(QEMU_KEY_END);
1078 break;
1079 case 0xc9:
1080 kbd_put_keysym(QEMU_KEY_PAGEUP);
1081 break;
1082 case 0xd1:
1083 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1084 break;
1085 default:
1086 kbd_put_keysym(sym);
1087 break;
1088 }
1089 }
1090 }
24236869
FB		 1091}
1092
bdbd7676
FB		 1093static void key_event(VncState *vs, int down, uint32_t sym)
1094{
9ca313aa
AL		 1095 int keycode;
1096
a528b80c 1097 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
bdbd7676 1098 sym = sym - 'A' + 'a';
9ca313aa
AL		 1099
1100 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1101 do_key_event(vs, down, keycode, sym);
1102}
1103
1104static void ext_key_event(VncState *vs, int down,
1105 uint32_t sym, uint16_t keycode)
1106{
1107 /* if the user specifies a keyboard layout, always use it */
1108 if (keyboard_layout)
1109 key_event(vs, down, sym);
1110 else
1111 do_key_event(vs, down, keycode, sym);
bdbd7676
FB		 1112}
1113
24236869
FB		 1114static void framebuffer_update_request(VncState *vs, int incremental,
1115 int x_position, int y_position,
1116 int w, int h)
1117{
0e1f5a0c
AL		 1118 if (x_position > ds_get_width(vs->ds))
1119 x_position = ds_get_width(vs->ds);
1120 if (y_position > ds_get_height(vs->ds))
1121 y_position = ds_get_height(vs->ds);
1122 if (x_position + w >= ds_get_width(vs->ds))
1123 w = ds_get_width(vs->ds) - x_position;
1124 if (y_position + h >= ds_get_height(vs->ds))
1125 h = ds_get_height(vs->ds) - y_position;
cf2d385c 1126
24236869
FB		 1127 int i;
1128 vs->need_update = 1;
1129 if (!incremental) {
0e1f5a0c 1130 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
24236869
FB		 1131
1132 for (i = 0; i < h; i++) {
5fafdf24 1133 vnc_set_bits(vs->dirty_row[y_position + i],
0e1f5a0c 1134 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
6cec5487 1135 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
0e1f5a0c 1136 old_row += ds_get_linesize(vs->ds);
24236869
FB		 1137 }
1138 }
1139}
1140
9ca313aa
AL		 1141static void send_ext_key_event_ack(VncState *vs)
1142{
1143 vnc_write_u8(vs, 0);
1144 vnc_write_u8(vs, 0);
1145 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1146 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1147 VNC_ENCODING_EXT_KEY_EVENT);
9ca313aa
AL		 1148 vnc_flush(vs);
1149}
1150
429a8ed3 1151static void send_ext_audio_ack(VncState *vs)
1152{
1153 vnc_write_u8(vs, 0);
1154 vnc_write_u8(vs, 0);
1155 vnc_write_u16(vs, 1);
29fa4ed9
AL		 1156 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1157 VNC_ENCODING_AUDIO);
429a8ed3 1158 vnc_flush(vs);
1159}
1160
24236869
FB		 1161static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1162{
1163 int i;
29fa4ed9 1164 unsigned int enc = 0;
24236869 1165
29fa4ed9 1166 vs->features = 0;
564c337e 1167 vs->absolute = -1;
7d957bd8 1168 dcl->dpy_copy = NULL;
24236869
FB		 1169
1170 for (i = n_encodings - 1; i >= 0; i--) {
29fa4ed9
AL		 1171 enc = encodings[i];
1172 switch (enc) {
1173 case VNC_ENCODING_RAW:
1174 break;
1175 case VNC_ENCODING_COPYRECT:
1176 dcl->dpy_copy = vnc_copy;
1177 break;
1178 case VNC_ENCODING_HEXTILE:
1179 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1180 break;
1181 case VNC_ENCODING_DESKTOPRESIZE:
1182 vs->features |= VNC_FEATURE_RESIZE_MASK;
1183 break;
1184 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1185 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1186 break;
1187 case VNC_ENCODING_EXT_KEY_EVENT:
9ca313aa
AL		 1188 send_ext_key_event_ack(vs);
1189 break;
29fa4ed9 1190 case VNC_ENCODING_AUDIO:
429a8ed3 1191 send_ext_audio_ack(vs);
1192 break;
29fa4ed9
AL		 1193 case VNC_ENCODING_WMVi:
1194 vs->features |= VNC_FEATURE_WMVI_MASK;
ca4cca4d 1195 break;
29fa4ed9
AL		 1196 default:
1197 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1198 break;
1199 }
24236869 1200 }
564c337e
FB		 1201
1202 check_pointer_type_change(vs, kbd_mouse_is_absolute());
24236869
FB		 1203}
1204
6cec5487
AL		 1205static void set_pixel_conversion(VncState *vs)
1206{
1207 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1208 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1209 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1210 vs->write_pixels = vnc_write_pixels_copy;
1211 switch (vs->ds->surface->pf.bits_per_pixel) {
1212 case 8:
1213 vs->send_hextile_tile = send_hextile_tile_8;
1214 break;
1215 case 16:
1216 vs->send_hextile_tile = send_hextile_tile_16;
1217 break;
1218 case 32:
1219 vs->send_hextile_tile = send_hextile_tile_32;
1220 break;
1221 }
1222 } else {
1223 vs->write_pixels = vnc_write_pixels_generic;
1224 switch (vs->ds->surface->pf.bits_per_pixel) {
1225 case 8:
1226 vs->send_hextile_tile = send_hextile_tile_generic_8;
1227 break;
1228 case 16:
1229 vs->send_hextile_tile = send_hextile_tile_generic_16;
1230 break;
1231 case 32:
1232 vs->send_hextile_tile = send_hextile_tile_generic_32;
1233 break;
1234 }
1235 }
1236}
1237
24236869
FB		 1238static void set_pixel_format(VncState *vs,
1239 int bits_per_pixel, int depth,
1240 int big_endian_flag, int true_color_flag,
1241 int red_max, int green_max, int blue_max,
1242 int red_shift, int green_shift, int blue_shift)
1243{
3512779a 1244 if (!true_color_flag) {
24236869 1245 vnc_client_error(vs);
3512779a
FB		 1246 return;
1247 }
24236869 1248
6cec5487
AL		 1249 vs->clientds = vs->serverds;
1250 vs->clientds.pf.rmax = red_max;
90a1e3c0 1251 count_bits(vs->clientds.pf.rbits, red_max);
6cec5487
AL		 1252 vs->clientds.pf.rshift = red_shift;
1253 vs->clientds.pf.rmask = red_max << red_shift;
1254 vs->clientds.pf.gmax = green_max;
90a1e3c0 1255 count_bits(vs->clientds.pf.gbits, green_max);
6cec5487
AL		 1256 vs->clientds.pf.gshift = green_shift;
1257 vs->clientds.pf.gmask = green_max << green_shift;
1258 vs->clientds.pf.bmax = blue_max;
90a1e3c0 1259 count_bits(vs->clientds.pf.bbits, blue_max);
6cec5487
AL		 1260 vs->clientds.pf.bshift = blue_shift;
1261 vs->clientds.pf.bmask = blue_max << blue_shift;
1262 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1263 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1264 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1265 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1266
1267 set_pixel_conversion(vs);
24236869
FB		 1268
1269 vga_hw_invalidate();
1270 vga_hw_update();
1271}
1272
ca4cca4d
AL		 1273static void pixel_format_message (VncState *vs) {
1274 char pad[3] = { 0, 0, 0 };
1275
6cec5487
AL		 1276 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1277 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
ca4cca4d
AL		 1278
1279#ifdef WORDS_BIGENDIAN
1280 vnc_write_u8(vs, 1); /* big-endian-flag */
1281#else
1282 vnc_write_u8(vs, 0); /* big-endian-flag */
1283#endif
1284 vnc_write_u8(vs, 1); /* true-color-flag */
6cec5487
AL		 1285 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1286 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1287 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1288 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1289 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1290 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1291 if (vs->ds->surface->pf.bits_per_pixel == 32)
ca4cca4d 1292 vs->send_hextile_tile = send_hextile_tile_32;
6cec5487 1293 else if (vs->ds->surface->pf.bits_per_pixel == 16)
ca4cca4d 1294 vs->send_hextile_tile = send_hextile_tile_16;
6cec5487 1295 else if (vs->ds->surface->pf.bits_per_pixel == 8)
ca4cca4d 1296 vs->send_hextile_tile = send_hextile_tile_8;
6cec5487
AL		 1297 vs->clientds = *(vs->ds->surface);
1298 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
ca4cca4d
AL		 1299 vs->write_pixels = vnc_write_pixels_copy;
1300
1301 vnc_write(vs, pad, 3); /* padding */
1302}
1303
7d957bd8
AL		 1304static void vnc_dpy_setdata(DisplayState *ds)
1305{
1306 /* We don't have to do anything */
1307}
1308
1309static void vnc_colordepth(DisplayState *ds)
7eac3a87 1310{
7eac3a87
AL		 1311 struct VncState *vs = ds->opaque;
1312
29fa4ed9 1313 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
ca4cca4d
AL		 1314 /* Sending a WMVi message to notify the client*/
1315 vnc_write_u8(vs, 0); /* msg id */
1316 vnc_write_u8(vs, 0);
1317 vnc_write_u16(vs, 1); /* number of rects */
29fa4ed9
AL		 1318 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
1319 VNC_ENCODING_WMVi);
ca4cca4d
AL		 1320 pixel_format_message(vs);
1321 vnc_flush(vs);
7eac3a87 1322 } else {
6cec5487 1323 set_pixel_conversion(vs);
7eac3a87
AL		 1324 }
1325}
1326
60fe76f3 1327static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
24236869
FB		 1328{
1329 int i;
1330 uint16_t limit;
1331
1332 switch (data[0]) {
1333 case 0:
1334 if (len == 1)
1335 return 20;
1336
1337 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1338 read_u8(data, 6), read_u8(data, 7),
1339 read_u16(data, 8), read_u16(data, 10),
1340 read_u16(data, 12), read_u8(data, 14),
1341 read_u8(data, 15), read_u8(data, 16));
1342 break;
1343 case 2:
1344 if (len == 1)
1345 return 4;
1346
69dd5c9f
AL		 1347 if (len == 4) {
1348 limit = read_u16(data, 2);
1349 if (limit > 0)
1350 return 4 + (limit * 4);
1351 } else
1352 limit = read_u16(data, 2);
24236869 1353
24236869
FB		 1354 for (i = 0; i < limit; i++) {
1355 int32_t val = read_s32(data, 4 + (i * 4));
1356 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1357 }
1358
1359 set_encodings(vs, (int32_t *)(data + 4), limit);
1360 break;
1361 case 3:
1362 if (len == 1)
1363 return 10;
1364
1365 framebuffer_update_request(vs,
1366 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1367 read_u16(data, 6), read_u16(data, 8));
1368 break;
1369 case 4:
1370 if (len == 1)
1371 return 8;
1372
1373 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1374 break;
1375 case 5:
1376 if (len == 1)
1377 return 6;
1378
1379 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1380 break;
1381 case 6:
1382 if (len == 1)
1383 return 8;
1384
baa7666c
TS		 1385 if (len == 8) {
1386 uint32_t dlen = read_u32(data, 4);
1387 if (dlen > 0)
1388 return 8 + dlen;
1389 }
24236869
FB		 1390
1391 client_cut_text(vs, read_u32(data, 4), data + 8);
1392 break;
9ca313aa
AL		 1393 case 255:
1394 if (len == 1)
1395 return 2;
1396
1397 switch (read_u8(data, 1)) {
1398 case 0:
1399 if (len == 2)
1400 return 12;
1401
1402 ext_key_event(vs, read_u16(data, 2),
1403 read_u32(data, 4), read_u32(data, 8));
1404 break;
429a8ed3 1405 case 1:
1406 if (len == 2)
1407 return 4;
1408
1409 switch (read_u16 (data, 2)) {
1410 case 0:
1411 audio_add(vs);
1412 break;
1413 case 1:
1414 audio_del(vs);
1415 break;
1416 case 2:
1417 if (len == 4)
1418 return 10;
1419 switch (read_u8(data, 4)) {
1420 case 0: vs->as.fmt = AUD_FMT_U8; break;
1421 case 1: vs->as.fmt = AUD_FMT_S8; break;
1422 case 2: vs->as.fmt = AUD_FMT_U16; break;
1423 case 3: vs->as.fmt = AUD_FMT_S16; break;
1424 case 4: vs->as.fmt = AUD_FMT_U32; break;
1425 case 5: vs->as.fmt = AUD_FMT_S32; break;
1426 default:
1427 printf("Invalid audio format %d\n", read_u8(data, 4));
1428 vnc_client_error(vs);
1429 break;
1430 }
1431 vs->as.nchannels = read_u8(data, 5);
1432 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1433 printf("Invalid audio channel coount %d\n",
1434 read_u8(data, 5));
1435 vnc_client_error(vs);
1436 break;
1437 }
1438 vs->as.freq = read_u32(data, 6);
1439 break;
1440 default:
1441 printf ("Invalid audio message %d\n", read_u8(data, 4));
1442 vnc_client_error(vs);
1443 break;
1444 }
1445 break;
1446
9ca313aa
AL		 1447 default:
1448 printf("Msg: %d\n", read_u16(data, 0));
1449 vnc_client_error(vs);
1450 break;
1451 }
1452 break;
24236869
FB		 1453 default:
1454 printf("Msg: %d\n", data[0]);
1455 vnc_client_error(vs);
1456 break;
1457 }
5fafdf24 1458
24236869
FB		 1459 vnc_read_when(vs, protocol_client_msg, 1);
1460 return 0;
1461}
1462
60fe76f3 1463static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
24236869 1464{
c35734b2
TS		 1465 char buf[1024];
1466 int size;
24236869 1467
0e1f5a0c
AL		 1468 vnc_write_u16(vs, ds_get_width(vs->ds));
1469 vnc_write_u16(vs, ds_get_height(vs->ds));
24236869 1470
ca4cca4d 1471 pixel_format_message(vs);
24236869 1472
c35734b2
TS		 1473 if (qemu_name)
1474 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1475 else
1476 size = snprintf(buf, sizeof(buf), "QEMU");
1477
1478 vnc_write_u32(vs, size);
1479 vnc_write(vs, buf, size);
24236869
FB		 1480 vnc_flush(vs);
1481
1482 vnc_read_when(vs, protocol_client_msg, 1);
1483
1484 return 0;
1485}
1486
70848515
TS		 1487static void make_challenge(VncState *vs)
1488{
1489 int i;
1490
1491 srand(time(NULL)+getpid()+getpid()*987654+rand());
1492
1493 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1494 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1495}
1496
60fe76f3 1497static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
70848515 1498{
60fe76f3 1499 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
70848515 1500 int i, j, pwlen;
60fe76f3 1501 unsigned char key[8];
70848515
TS		 1502
1503 if (!vs->password || !vs->password[0]) {
1504 VNC_DEBUG("No password configured on server");
1505 vnc_write_u32(vs, 1); /* Reject auth */
1506 if (vs->minor >= 8) {
1507 static const char err[] = "Authentication failed";
1508 vnc_write_u32(vs, sizeof(err));
1509 vnc_write(vs, err, sizeof(err));
1510 }
1511 vnc_flush(vs);
1512 vnc_client_error(vs);
1513 return 0;
1514 }
1515
1516 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1517
1518 /* Calculate the expected challenge response */
1519 pwlen = strlen(vs->password);
1520 for (i=0; i<sizeof(key); i++)
1521 key[i] = i<pwlen ? vs->password[i] : 0;
1522 deskey(key, EN0);
1523 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1524 des(response+j, response+j);
1525
1526 /* Compare expected vs actual challenge response */
1527 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1528 VNC_DEBUG("Client challenge reponse did not match\n");
1529 vnc_write_u32(vs, 1); /* Reject auth */
1530 if (vs->minor >= 8) {
1531 static const char err[] = "Authentication failed";
1532 vnc_write_u32(vs, sizeof(err));
1533 vnc_write(vs, err, sizeof(err));
1534 }
1535 vnc_flush(vs);
1536 vnc_client_error(vs);
1537 } else {
1538 VNC_DEBUG("Accepting VNC challenge response\n");
1539 vnc_write_u32(vs, 0); /* Accept auth */
1540 vnc_flush(vs);
1541
1542 vnc_read_when(vs, protocol_client_init, 1);
1543 }
1544 return 0;
1545}
1546
1547static int start_auth_vnc(VncState *vs)
1548{
1549 make_challenge(vs);
1550 /* Send client a 'random' challenge */
1551 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1552 vnc_flush(vs);
1553
1554 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1555 return 0;
1556}
1557
8d5d2d4c 1558
eb38c52c 1559#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 1560#define DH_BITS 1024
1561static gnutls_dh_params_t dh_params;
1562
1563static int vnc_tls_initialize(void)
1564{
1565 static int tlsinitialized = 0;
1566
1567 if (tlsinitialized)
1568 return 1;
1569
1570 if (gnutls_global_init () < 0)
1571 return 0;
1572
1573 /* XXX ought to re-generate diffie-hellmen params periodically */
1574 if (gnutls_dh_params_init (&dh_params) < 0)
1575 return 0;
1576 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1577 return 0;
1578
234c9bcd 1579#if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
8d5d2d4c
TS		 1580 gnutls_global_set_log_level(10);
1581 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1582#endif
1583
1584 tlsinitialized = 1;
1585
1586 return 1;
1587}
1588
1589static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1590{
1591 gnutls_anon_server_credentials anon_cred;
1592 int ret;
1593
1594 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1595 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1596 return NULL;
1597 }
1598
1599 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1600
1601 return anon_cred;
1602}
1603
1604
6f43024c 1605static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
3a702699
TS		 1606{
1607 gnutls_certificate_credentials_t x509_cred;
1608 int ret;
6f43024c
TS		 1609
1610 if (!vs->x509cacert) {
1611 VNC_DEBUG("No CA x509 certificate specified\n");
1612 return NULL;
1613 }
1614 if (!vs->x509cert) {
1615 VNC_DEBUG("No server x509 certificate specified\n");
1616 return NULL;
1617 }
1618 if (!vs->x509key) {
1619 VNC_DEBUG("No server private key specified\n");
1620 return NULL;
1621 }
3a702699
TS		 1622
1623 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1624 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1625 return NULL;
1626 }
6f43024c
TS		 1627 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1628 vs->x509cacert,
1629 GNUTLS_X509_FMT_PEM)) < 0) {
3a702699
TS		 1630 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1631 gnutls_certificate_free_credentials(x509_cred);
1632 return NULL;
1633 }
1634
6f43024c
TS		 1635 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1636 vs->x509cert,
1637 vs->x509key,
3a702699
TS		 1638 GNUTLS_X509_FMT_PEM)) < 0) {
1639 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1640 gnutls_certificate_free_credentials(x509_cred);
1641 return NULL;
1642 }
1643
6f43024c
TS		 1644 if (vs->x509cacrl) {
1645 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1646 vs->x509cacrl,
1647 GNUTLS_X509_FMT_PEM)) < 0) {
3a702699
TS		 1648 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1649 gnutls_certificate_free_credentials(x509_cred);
1650 return NULL;
1651 }
1652 }
1653
1654 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1655
1656 return x509_cred;
1657}
1658
469b15c6
TS		 1659static int vnc_validate_certificate(struct VncState *vs)
1660{
1661 int ret;
1662 unsigned int status;
1663 const gnutls_datum_t *certs;
1664 unsigned int nCerts, i;
1665 time_t now;
1666
1667 VNC_DEBUG("Validating client certificate\n");
1668 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1669 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1670 return -1;
1671 }
1672
1673 if ((now = time(NULL)) == ((time_t)-1)) {
1674 return -1;
1675 }
1676
1677 if (status != 0) {
1678 if (status & GNUTLS_CERT_INVALID)
1679 VNC_DEBUG("The certificate is not trusted.\n");
1680
1681 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1682 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1683
1684 if (status & GNUTLS_CERT_REVOKED)
1685 VNC_DEBUG("The certificate has been revoked.\n");
1686
1687 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1688 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1689
1690 return -1;
1691 } else {
1692 VNC_DEBUG("Certificate is valid!\n");
1693 }
1694
1695 /* Only support x509 for now */
1696 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1697 return -1;
1698
1699 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1700 return -1;
1701
1702 for (i = 0 ; i < nCerts ; i++) {
1703 gnutls_x509_crt_t cert;
1704 VNC_DEBUG ("Checking certificate chain %d\n", i);
1705 if (gnutls_x509_crt_init (&cert) < 0)
1706 return -1;
1707
1708 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1709 gnutls_x509_crt_deinit (cert);
1710 return -1;
1711 }
1712
1713 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1714 VNC_DEBUG("The certificate has expired\n");
1715 gnutls_x509_crt_deinit (cert);
1716 return -1;
1717 }
1718
1719 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1720 VNC_DEBUG("The certificate is not yet activated\n");
1721 gnutls_x509_crt_deinit (cert);
1722 return -1;
1723 }
1724
1725 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1726 VNC_DEBUG("The certificate is not yet activated\n");
1727 gnutls_x509_crt_deinit (cert);
1728 return -1;
1729 }
1730
1731 gnutls_x509_crt_deinit (cert);
1732 }
1733
1734 return 0;
1735}
1736
1737
8d5d2d4c
TS		 1738static int start_auth_vencrypt_subauth(VncState *vs)
1739{
1740 switch (vs->subauth) {
1741 case VNC_AUTH_VENCRYPT_TLSNONE:
3a702699 1742 case VNC_AUTH_VENCRYPT_X509NONE:
8d5d2d4c
TS		 1743 VNC_DEBUG("Accept TLS auth none\n");
1744 vnc_write_u32(vs, 0); /* Accept auth completion */
1745 vnc_read_when(vs, protocol_client_init, 1);
1746 break;
1747
1748 case VNC_AUTH_VENCRYPT_TLSVNC:
3a702699 1749 case VNC_AUTH_VENCRYPT_X509VNC:
8d5d2d4c
TS		 1750 VNC_DEBUG("Start TLS auth VNC\n");
1751 return start_auth_vnc(vs);
1752
1753 default: /* Should not be possible, but just in case */
1754 VNC_DEBUG("Reject auth %d\n", vs->auth);
1755 vnc_write_u8(vs, 1);
1756 if (vs->minor >= 8) {
1757 static const char err[] = "Unsupported authentication type";
1758 vnc_write_u32(vs, sizeof(err));
1759 vnc_write(vs, err, sizeof(err));
1760 }
1761 vnc_client_error(vs);
1762 }
1763
1764 return 0;
1765}
1766
1767static void vnc_handshake_io(void *opaque);
1768
1769static int vnc_continue_handshake(struct VncState *vs) {
1770 int ret;
1771
1772 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1773 if (!gnutls_error_is_fatal(ret)) {
1774 VNC_DEBUG("Handshake interrupted (blocking)\n");
1775 if (!gnutls_record_get_direction(vs->tls_session))
1776 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1777 else
1778 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1779 return 0;
1780 }
1781 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1782 vnc_client_error(vs);
1783 return -1;
1784 }
1785
469b15c6
TS		 1786 if (vs->x509verify) {
1787 if (vnc_validate_certificate(vs) < 0) {
1788 VNC_DEBUG("Client verification failed\n");
1789 vnc_client_error(vs);
1790 return -1;
1791 } else {
1792 VNC_DEBUG("Client verification passed\n");
1793 }
1794 }
1795
8d5d2d4c
TS		 1796 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1797 vs->wiremode = VNC_WIREMODE_TLS;
1798 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1799
1800 return start_auth_vencrypt_subauth(vs);
1801}
1802
1803static void vnc_handshake_io(void *opaque) {
1804 struct VncState *vs = (struct VncState *)opaque;
1805
1806 VNC_DEBUG("Handshake IO continue\n");
1807 vnc_continue_handshake(vs);
1808}
1809
3a702699
TS		 1810#define NEED_X509_AUTH(vs) \
1811 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1812 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1813 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1814
1815
8d5d2d4c
TS		 1816static int vnc_start_tls(struct VncState *vs) {
1817 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1818 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1819 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
3a702699 1820 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
8d5d2d4c
TS		 1821
1822 VNC_DEBUG("Do TLS setup\n");
1823 if (vnc_tls_initialize() < 0) {
1824 VNC_DEBUG("Failed to init TLS\n");
1825 vnc_client_error(vs);
1826 return -1;
1827 }
1828 if (vs->tls_session == NULL) {
1829 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1830 vnc_client_error(vs);
1831 return -1;
1832 }
1833
1834 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1835 gnutls_deinit(vs->tls_session);
1836 vs->tls_session = NULL;
1837 vnc_client_error(vs);
1838 return -1;
1839 }
1840
3a702699 1841 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
8d5d2d4c
TS		 1842 gnutls_deinit(vs->tls_session);
1843 vs->tls_session = NULL;
1844 vnc_client_error(vs);
1845 return -1;
1846 }
1847
1848 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1849 gnutls_deinit(vs->tls_session);
1850 vs->tls_session = NULL;
1851 vnc_client_error(vs);
1852 return -1;
1853 }
1854
1855 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1856 gnutls_deinit(vs->tls_session);
1857 vs->tls_session = NULL;
1858 vnc_client_error(vs);
1859 return -1;
1860 }
1861
3a702699 1862 if (NEED_X509_AUTH(vs)) {
6f43024c 1863 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
3a702699
TS		 1864 if (!x509_cred) {
1865 gnutls_deinit(vs->tls_session);
1866 vs->tls_session = NULL;
1867 vnc_client_error(vs);
1868 return -1;
1869 }
1870 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1871 gnutls_deinit(vs->tls_session);
1872 vs->tls_session = NULL;
1873 gnutls_certificate_free_credentials(x509_cred);
1874 vnc_client_error(vs);
1875 return -1;
1876 }
469b15c6
TS		 1877 if (vs->x509verify) {
1878 VNC_DEBUG("Requesting a client certificate\n");
1879 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1880 }
1881
3a702699
TS		 1882 } else {
1883 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1884 if (!anon_cred) {
1885 gnutls_deinit(vs->tls_session);
1886 vs->tls_session = NULL;
1887 vnc_client_error(vs);
1888 return -1;
1889 }
1890 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1891 gnutls_deinit(vs->tls_session);
1892 vs->tls_session = NULL;
1893 gnutls_anon_free_server_credentials(anon_cred);
1894 vnc_client_error(vs);
1895 return -1;
1896 }
8d5d2d4c
TS		 1897 }
1898
1899 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1900 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1901 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1902 }
1903
1904 VNC_DEBUG("Start TLS handshake process\n");
1905 return vnc_continue_handshake(vs);
1906}
1907
60fe76f3 1908static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
8d5d2d4c
TS		 1909{
1910 int auth = read_u32(data, 0);
1911
1912 if (auth != vs->subauth) {
1913 VNC_DEBUG("Rejecting auth %d\n", auth);
1914 vnc_write_u8(vs, 0); /* Reject auth */
1915 vnc_flush(vs);
1916 vnc_client_error(vs);
1917 } else {
1918 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1919 vnc_write_u8(vs, 1); /* Accept auth */
1920 vnc_flush(vs);
1921
1922 if (vnc_start_tls(vs) < 0) {
1923 VNC_DEBUG("Failed to complete TLS\n");
1924 return 0;
1925 }
1926
1927 if (vs->wiremode == VNC_WIREMODE_TLS) {
1928 VNC_DEBUG("Starting VeNCrypt subauth\n");
1929 return start_auth_vencrypt_subauth(vs);
1930 } else {
1931 VNC_DEBUG("TLS handshake blocked\n");
1932 return 0;
1933 }
1934 }
1935 return 0;
1936}
1937
60fe76f3 1938static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
8d5d2d4c
TS		 1939{
1940 if (data[0] != 0 ||
1941 data[1] != 2) {
1942 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1943 vnc_write_u8(vs, 1); /* Reject version */
1944 vnc_flush(vs);
1945 vnc_client_error(vs);
1946 } else {
1947 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1948 vnc_write_u8(vs, 0); /* Accept version */
1949 vnc_write_u8(vs, 1); /* Number of sub-auths */
1950 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1951 vnc_flush(vs);
1952 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1953 }
1954 return 0;
1955}
1956
1957static int start_auth_vencrypt(VncState *vs)
1958{
1959 /* Send VeNCrypt version 0.2 */
1960 vnc_write_u8(vs, 0);
1961 vnc_write_u8(vs, 2);
1962
1963 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1964 return 0;
1965}
1966#endif /* CONFIG_VNC_TLS */
1967
60fe76f3 1968static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
70848515
TS		 1969{
1970 /* We only advertise 1 auth scheme at a time, so client
1971 * must pick the one we sent. Verify this */
1972 if (data[0] != vs->auth) { /* Reject auth */
1973 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1974 vnc_write_u32(vs, 1);
1975 if (vs->minor >= 8) {
1976 static const char err[] = "Authentication failed";
1977 vnc_write_u32(vs, sizeof(err));
1978 vnc_write(vs, err, sizeof(err));
1979 }
1980 vnc_client_error(vs);
1981 } else { /* Accept requested auth */
1982 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1983 switch (vs->auth) {
1984 case VNC_AUTH_NONE:
1985 VNC_DEBUG("Accept auth none\n");
a26c97ad
AZ		 1986 if (vs->minor >= 8) {
1987 vnc_write_u32(vs, 0); /* Accept auth completion */
1988 vnc_flush(vs);
1989 }
70848515
TS		 1990 vnc_read_when(vs, protocol_client_init, 1);
1991 break;
1992
1993 case VNC_AUTH_VNC:
1994 VNC_DEBUG("Start VNC auth\n");
1995 return start_auth_vnc(vs);
1996
eb38c52c 1997#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 1998 case VNC_AUTH_VENCRYPT:
1999 VNC_DEBUG("Accept VeNCrypt auth\n");;
2000 return start_auth_vencrypt(vs);
2001#endif /* CONFIG_VNC_TLS */
2002
70848515
TS		 2003 default: /* Should not be possible, but just in case */
2004 VNC_DEBUG("Reject auth %d\n", vs->auth);
2005 vnc_write_u8(vs, 1);
2006 if (vs->minor >= 8) {
2007 static const char err[] = "Authentication failed";
2008 vnc_write_u32(vs, sizeof(err));
2009 vnc_write(vs, err, sizeof(err));
2010 }
2011 vnc_client_error(vs);
2012 }
2013 }
2014 return 0;
2015}
2016
60fe76f3 2017static int protocol_version(VncState *vs, uint8_t *version, size_t len)
24236869
FB		 2018{
2019 char local[13];
24236869
FB		 2020
2021 memcpy(local, version, 12);
2022 local[12] = 0;
2023
70848515
TS		 2024 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2025 VNC_DEBUG("Malformed protocol version %s\n", local);
24236869
FB		 2026 vnc_client_error(vs);
2027 return 0;
2028 }
70848515
TS		 2029 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2030 if (vs->major != 3 ||
2031 (vs->minor != 3 &&
b0566f4f 2032 vs->minor != 4 &&
70848515
TS		 2033 vs->minor != 5 &&
2034 vs->minor != 7 &&
2035 vs->minor != 8)) {
2036 VNC_DEBUG("Unsupported client version\n");
2037 vnc_write_u32(vs, VNC_AUTH_INVALID);
2038 vnc_flush(vs);
2039 vnc_client_error(vs);
2040 return 0;
2041 }
b0566f4f 2042 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
70848515
TS		 2043 * as equivalent to v3.3 by servers
2044 */
b0566f4f 2045 if (vs->minor == 4 || vs->minor == 5)
70848515
TS		 2046 vs->minor = 3;
2047
2048 if (vs->minor == 3) {
2049 if (vs->auth == VNC_AUTH_NONE) {
2050 VNC_DEBUG("Tell client auth none\n");
2051 vnc_write_u32(vs, vs->auth);
2052 vnc_flush(vs);
2053 vnc_read_when(vs, protocol_client_init, 1);
2054 } else if (vs->auth == VNC_AUTH_VNC) {
2055 VNC_DEBUG("Tell client VNC auth\n");
2056 vnc_write_u32(vs, vs->auth);
2057 vnc_flush(vs);
2058 start_auth_vnc(vs);
2059 } else {
2060 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2061 vnc_write_u32(vs, VNC_AUTH_INVALID);
2062 vnc_flush(vs);
2063 vnc_client_error(vs);
2064 }
2065 } else {
2066 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2067 vnc_write_u8(vs, 1); /* num auth */
2068 vnc_write_u8(vs, vs->auth);
2069 vnc_read_when(vs, protocol_client_auth, 1);
2070 vnc_flush(vs);
2071 }
24236869
FB		 2072
2073 return 0;
2074}
2075
3aa3eea3
AZ		 2076static void vnc_connect(VncState *vs)
2077{
2078 VNC_DEBUG("New client on socket %d\n", vs->csock);
7d957bd8 2079 dcl->idle = 0;
3aa3eea3
AZ		 2080 socket_set_nonblock(vs->csock);
2081 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2082 vnc_write(vs, "RFB 003.008\n", 12);
2083 vnc_flush(vs);
2084 vnc_read_when(vs, protocol_version, 12);
0e1f5a0c 2085 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
3aa3eea3 2086 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
29fa4ed9 2087 vs->features = 0;
7d957bd8 2088 dcl->dpy_copy = NULL;
3aa3eea3 2089 vnc_update_client(vs);
53762ddb 2090 reset_keys(vs);
3aa3eea3
AZ		 2091}
2092
24236869
FB		 2093static void vnc_listen_read(void *opaque)
2094{
2095 VncState *vs = opaque;
2096 struct sockaddr_in addr;
2097 socklen_t addrlen = sizeof(addr);
2098
9f60ad50
AZ		 2099 /* Catch-up */
2100 vga_hw_update();
2101
24236869
FB		 2102 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2103 if (vs->csock != -1) {
3aa3eea3 2104 vnc_connect(vs);
24236869
FB		 2105 }
2106}
2107
71cab5ca 2108void vnc_display_init(DisplayState *ds)
24236869 2109{
24236869
FB		 2110 VncState *vs;
2111
2112 vs = qemu_mallocz(sizeof(VncState));
7d957bd8
AL		 2113 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2114 if (!vs || !dcl)
24236869
FB		 2115 exit(1);
2116
2117 ds->opaque = vs;
7d957bd8 2118 dcl->idle = 1;
a9ce8590 2119 vnc_state = vs;
71cab5ca 2120 vs->display = NULL;
70848515 2121 vs->password = NULL;
24236869
FB		 2122
2123 vs->lsock = -1;
2124 vs->csock = -1;
564c337e
FB		 2125 vs->last_x = -1;
2126 vs->last_y = -1;
24236869
FB		 2127
2128 vs->ds = ds;
2129
9ca313aa
AL		 2130 if (keyboard_layout)
2131 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2132 else
2133 vs->kbd_layout = init_keyboard_layout("en-us");
24236869 2134
24236869
FB		 2135 if (!vs->kbd_layout)
2136 exit(1);
2137
a0ecfb73
AZ		 2138 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2139
7d957bd8
AL		 2140 dcl->dpy_update = vnc_dpy_update;
2141 dcl->dpy_resize = vnc_dpy_resize;
2142 dcl->dpy_setdata = vnc_dpy_setdata;
2143 dcl->dpy_refresh = NULL;
2144 register_displaychangelistener(ds, dcl);
429a8ed3 2145
2146 vs->as.freq = 44100;
2147 vs->as.nchannels = 2;
2148 vs->as.fmt = AUD_FMT_S16;
2149 vs->as.endianness = 0;
71cab5ca
TS		 2150}
2151
eb38c52c 2152#ifdef CONFIG_VNC_TLS
6f43024c
TS		 2153static int vnc_set_x509_credential(VncState *vs,
2154 const char *certdir,
2155 const char *filename,
2156 char **cred,
2157 int ignoreMissing)
2158{
2159 struct stat sb;
2160
2161 if (*cred) {
2162 qemu_free(*cred);
2163 *cred = NULL;
2164 }
2165
2166 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2167 return -1;
2168
2169 strcpy(*cred, certdir);
2170 strcat(*cred, "/");
2171 strcat(*cred, filename);
2172
2173 VNC_DEBUG("Check %s\n", *cred);
2174 if (stat(*cred, &sb) < 0) {
2175 qemu_free(*cred);
2176 *cred = NULL;
2177 if (ignoreMissing && errno == ENOENT)
2178 return 0;
2179 return -1;
2180 }
2181
2182 return 0;
2183}
2184
2185static int vnc_set_x509_credential_dir(VncState *vs,
2186 const char *certdir)
2187{
2188 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2189 goto cleanup;
2190 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2191 goto cleanup;
2192 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2193 goto cleanup;
2194 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2195 goto cleanup;
2196
2197 return 0;
2198
2199 cleanup:
2200 qemu_free(vs->x509cacert);
2201 qemu_free(vs->x509cacrl);
2202 qemu_free(vs->x509cert);
2203 qemu_free(vs->x509key);
2204 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2205 return -1;
2206}
2207#endif /* CONFIG_VNC_TLS */
2208
71cab5ca
TS		 2209void vnc_display_close(DisplayState *ds)
2210{
e25a5822 2211 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
71cab5ca
TS		 2212
2213 if (vs->display) {
2214 qemu_free(vs->display);
2215 vs->display = NULL;
2216 }
2217 if (vs->lsock != -1) {
2218 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2219 close(vs->lsock);
2220 vs->lsock = -1;
2221 }
2222 if (vs->csock != -1) {
2223 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2224 closesocket(vs->csock);
2225 vs->csock = -1;
2226 buffer_reset(&vs->input);
2227 buffer_reset(&vs->output);
2228 vs->need_update = 0;
eb38c52c 2229#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2230 if (vs->tls_session) {
2231 gnutls_deinit(vs->tls_session);
2232 vs->tls_session = NULL;
2233 }
2234 vs->wiremode = VNC_WIREMODE_CLEAR;
2235#endif /* CONFIG_VNC_TLS */
71cab5ca 2236 }
70848515 2237 vs->auth = VNC_AUTH_INVALID;
eb38c52c 2238#ifdef CONFIG_VNC_TLS
8d5d2d4c 2239 vs->subauth = VNC_AUTH_INVALID;
469b15c6 2240 vs->x509verify = 0;
8d5d2d4c 2241#endif
429a8ed3 2242 audio_del(vs);
70848515
TS		 2243}
2244
2245int vnc_display_password(DisplayState *ds, const char *password)
2246{
2247 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2248
2249 if (vs->password) {
2250 qemu_free(vs->password);
2251 vs->password = NULL;
2252 }
2253 if (password && password[0]) {
2254 if (!(vs->password = qemu_strdup(password)))
2255 return -1;
2256 }
2257
2258 return 0;
71cab5ca
TS		 2259}
2260
70848515 2261int vnc_display_open(DisplayState *ds, const char *display)
71cab5ca 2262{
e25a5822 2263 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
70848515
TS		 2264 const char *options;
2265 int password = 0;
3aa3eea3 2266 int reverse = 0;
9712ecaf 2267 int to_port = 0;
eb38c52c 2268#ifdef CONFIG_VNC_TLS
3a702699 2269 int tls = 0, x509 = 0;
8d5d2d4c 2270#endif
71cab5ca
TS		 2271
2272 vnc_display_close(ds);
70848515 2273 if (strcmp(display, "none") == 0)
71cab5ca 2274 return 0;
24236869 2275
70848515 2276 if (!(vs->display = strdup(display)))
71cab5ca 2277 return -1;
70848515
TS		 2278
2279 options = display;
2280 while ((options = strchr(options, ','))) {
2281 options++;
469b15c6 2282 if (strncmp(options, "password", 8) == 0) {
70848515 2283 password = 1; /* Require password auth */
3aa3eea3
AZ		 2284 } else if (strncmp(options, "reverse", 7) == 0) {
2285 reverse = 1;
9712ecaf
AL		 2286 } else if (strncmp(options, "to=", 3) == 0) {
2287 to_port = atoi(options+3) + 5900;
eb38c52c 2288#ifdef CONFIG_VNC_TLS
469b15c6 2289 } else if (strncmp(options, "tls", 3) == 0) {
8d5d2d4c 2290 tls = 1; /* Require TLS */
469b15c6 2291 } else if (strncmp(options, "x509", 4) == 0) {
6f43024c 2292 char *start, *end;
3a702699 2293 x509 = 1; /* Require x509 certificates */
6f43024c
TS		 2294 if (strncmp(options, "x509verify", 10) == 0)
2295 vs->x509verify = 1; /* ...and verify client certs */
2296
2297 /* Now check for 'x509=/some/path' postfix
2298 * and use that to setup x509 certificate/key paths */
2299 start = strchr(options, '=');
2300 end = strchr(options, ',');
2301 if (start && (!end || (start < end))) {
2302 int len = end ? end-(start+1) : strlen(start+1);
be351261 2303 char *path = qemu_strndup(start + 1, len);
be15b141 2304
6f43024c
TS		 2305 VNC_DEBUG("Trying certificate path '%s'\n", path);
2306 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2307 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2308 qemu_free(path);
2309 qemu_free(vs->display);
2310 vs->display = NULL;
2311 return -1;
2312 }
2313 qemu_free(path);
2314 } else {
2315 fprintf(stderr, "No certificate path provided\n");
2316 qemu_free(vs->display);
2317 vs->display = NULL;
2318 return -1;
2319 }
8d5d2d4c 2320#endif
469b15c6 2321 }
70848515
TS		 2322 }
2323
2324 if (password) {
eb38c52c 2325#ifdef CONFIG_VNC_TLS
8d5d2d4c 2326 if (tls) {
8d5d2d4c 2327 vs->auth = VNC_AUTH_VENCRYPT;
3a702699
TS		 2328 if (x509) {
2329 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2330 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2331 } else {
2332 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2333 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2334 }
8d5d2d4c
TS		 2335 } else {
2336#endif
2337 VNC_DEBUG("Initializing VNC server with password auth\n");
2338 vs->auth = VNC_AUTH_VNC;
eb38c52c 2339#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2340 vs->subauth = VNC_AUTH_INVALID;
2341 }
2342#endif
70848515 2343 } else {
eb38c52c 2344#ifdef CONFIG_VNC_TLS
8d5d2d4c 2345 if (tls) {
8d5d2d4c 2346 vs->auth = VNC_AUTH_VENCRYPT;
3a702699
TS		 2347 if (x509) {
2348 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2349 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2350 } else {
2351 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2352 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2353 }
8d5d2d4c
TS		 2354 } else {
2355#endif
2356 VNC_DEBUG("Initializing VNC server with no auth\n");
2357 vs->auth = VNC_AUTH_NONE;
eb38c52c 2358#ifdef CONFIG_VNC_TLS
8d5d2d4c
TS		 2359 vs->subauth = VNC_AUTH_INVALID;
2360 }
2361#endif
70848515 2362 }
24236869 2363
3aa3eea3 2364 if (reverse) {
9712ecaf
AL		 2365 /* connect to viewer */
2366 if (strncmp(display, "unix:", 5) == 0)
2367 vs->lsock = unix_connect(display+5);
2368 else
2369 vs->lsock = inet_connect(display, SOCK_STREAM);
2370 if (-1 == vs->lsock) {
3aa3eea3
AZ		 2371 free(vs->display);
2372 vs->display = NULL;
2373 return -1;
2374 } else {
2375 vs->csock = vs->lsock;
2376 vs->lsock = -1;
2377 vnc_connect(vs);
3aa3eea3 2378 }
9712ecaf 2379 return 0;
24236869 2380
9712ecaf
AL		 2381 } else {
2382 /* listen for connects */
2383 char *dpy;
2384 dpy = qemu_malloc(256);
2385 if (strncmp(display, "unix:", 5) == 0) {
bc575e95 2386 pstrcpy(dpy, 256, "unix:");
4a55bfdf 2387 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
9712ecaf
AL		 2388 } else {
2389 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2390 }
2391 if (-1 == vs->lsock) {
2392 free(dpy);
d0513623 2393 return -1;
9712ecaf
AL		 2394 } else {
2395 free(vs->display);
2396 vs->display = dpy;
2397 }
24236869
FB		 2398 }
2399
71cab5ca 2400 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
24236869 2401}
QEMU mirror