search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move TLS auth into separate file ("Daniel P. Berrange")
[qemu-kvm/fedora.git] / vnc.c
blobf4d8fe60ee9f5bde4b16622f86d69e67a838ff6e
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
33
34 #include "vnc_keysym.h"
35 #include "d3des.h"
36
37 #define count_bits(c, v) { \
38 for (c = 0; v; v >>= 1) \
39 { \
40 c += v & 1; \
41 } \
42 }
43
44
45 static VncDisplay *vnc_display; /* needed for info vnc */
46 static DisplayChangeListener *dcl;
47
48 static char *addr_to_string(const char *format,
49 struct sockaddr_storage *sa,
50 socklen_t salen) {
51 char *addr;
52 char host[NI_MAXHOST];
53 char serv[NI_MAXSERV];
54 int err;
55
56 if ((err = getnameinfo((struct sockaddr *)sa, salen,
57 host, sizeof(host),
58 serv, sizeof(serv),
59 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
60 VNC_DEBUG("Cannot resolve address %d: %s\n",
61 err, gai_strerror(err));
62 return NULL;
63 }
64
65 if (asprintf(&addr, format, host, serv) < 0)
66 return NULL;
67
68 return addr;
69 }
70
71 static char *vnc_socket_local_addr(const char *format, int fd) {
72 struct sockaddr_storage sa;
73 socklen_t salen;
74
75 salen = sizeof(sa);
76 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
77 return NULL;
78
79 return addr_to_string(format, &sa, salen);
80 }
81
82 static char *vnc_socket_remote_addr(const char *format, int fd) {
83 struct sockaddr_storage sa;
84 socklen_t salen;
85
86 salen = sizeof(sa);
87 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
88 return NULL;
89
90 return addr_to_string(format, &sa, salen);
91 }
92
93 static const char *vnc_auth_name(VncDisplay *vd) {
94 switch (vd->auth) {
95 case VNC_AUTH_INVALID:
96 return "invalid";
97 case VNC_AUTH_NONE:
98 return "none";
99 case VNC_AUTH_VNC:
100 return "vnc";
101 case VNC_AUTH_RA2:
102 return "ra2";
103 case VNC_AUTH_RA2NE:
104 return "ra2ne";
105 case VNC_AUTH_TIGHT:
106 return "tight";
107 case VNC_AUTH_ULTRA:
108 return "ultra";
109 case VNC_AUTH_TLS:
110 return "tls";
111 case VNC_AUTH_VENCRYPT:
112 #ifdef CONFIG_VNC_TLS
113 switch (vd->subauth) {
114 case VNC_AUTH_VENCRYPT_PLAIN:
115 return "vencrypt+plain";
116 case VNC_AUTH_VENCRYPT_TLSNONE:
117 return "vencrypt+tls+none";
118 case VNC_AUTH_VENCRYPT_TLSVNC:
119 return "vencrypt+tls+vnc";
120 case VNC_AUTH_VENCRYPT_TLSPLAIN:
121 return "vencrypt+tls+plain";
122 case VNC_AUTH_VENCRYPT_X509NONE:
123 return "vencrypt+x509+none";
124 case VNC_AUTH_VENCRYPT_X509VNC:
125 return "vencrypt+x509+vnc";
126 case VNC_AUTH_VENCRYPT_X509PLAIN:
127 return "vencrypt+x509+plain";
128 default:
129 return "vencrypt";
130 }
131 #else
132 return "vencrypt";
133 #endif
134 }
135 return "unknown";
136 }
137
138 #define VNC_SOCKET_FORMAT_PRETTY "local %s:%s"
139
140 static void do_info_vnc_client(Monitor *mon, VncState *client)
141 {
142 char *clientAddr =
143 vnc_socket_remote_addr(" address: %s:%s\n",
144 client->csock);
145 if (!clientAddr)
146 return;
147
148 monitor_printf(mon, "Client:\n");
149 monitor_printf(mon, "%s", clientAddr);
150 free(clientAddr);
151 }
152
153 void do_info_vnc(Monitor *mon)
154 {
155 if (vnc_display == NULL || vnc_display->display == NULL) {
156 monitor_printf(mon, "Server: disabled\n");
157 } else {
158 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
159 vnc_display->lsock);
160
161 if (!serverAddr)
162 return;
163
164 monitor_printf(mon, "Server:\n");
165 monitor_printf(mon, "%s", serverAddr);
166 free(serverAddr);
167 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
168
169 if (vnc_display->clients) {
170 VncState *client = vnc_display->clients;
171 while (client) {
172 do_info_vnc_client(mon, client);
173 client = client->next;
174 }
175 } else {
176 monitor_printf(mon, "Client: none\n");
177 }
178 }
179 }
180
181 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
182 return (vs->features & (1 << feature));
183 }
184
185 /* TODO
186 1) Get the queue working for IO.
187 2) there is some weirdness when using the -S option (the screen is grey
188 and not totally invalidated
189 3) resolutions > 1024
190 */
191
192 static void vnc_update_client(void *opaque);
193
194 static void vnc_colordepth(VncState *vs);
195
196 static inline void vnc_set_bit(uint32_t *d, int k)
197 {
198 d[k >> 5] |= 1 << (k & 0x1f);
199 }
200
201 static inline void vnc_clear_bit(uint32_t *d, int k)
202 {
203 d[k >> 5] &= ~(1 << (k & 0x1f));
204 }
205
206 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
207 {
208 int j;
209
210 j = 0;
211 while (n >= 32) {
212 d[j++] = -1;
213 n -= 32;
214 }
215 if (n > 0)
216 d[j++] = (1 << n) - 1;
217 while (j < nb_words)
218 d[j++] = 0;
219 }
220
221 static inline int vnc_get_bit(const uint32_t *d, int k)
222 {
223 return (d[k >> 5] >> (k & 0x1f)) & 1;
224 }
225
226 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
227 int nb_words)
228 {
229 int i;
230 for(i = 0; i < nb_words; i++) {
231 if ((d1[i] & d2[i]) != 0)
232 return 1;
233 }
234 return 0;
235 }
236
237 static void vnc_update(VncState *vs, int x, int y, int w, int h)
238 {
239 int i;
240
241 h += y;
242
243 /* round x down to ensure the loop only spans one 16-pixel block per,
244 iteration. otherwise, if (x % 16) != 0, the last iteration may span
245 two 16-pixel blocks but we only mark the first as dirty
246 */
247 w += (x % 16);
248 x -= (x % 16);
249
250 x = MIN(x, vs->serverds.width);
251 y = MIN(y, vs->serverds.height);
252 w = MIN(x + w, vs->serverds.width) - x;
253 h = MIN(h, vs->serverds.height);
254
255 for (; y < h; y++)
256 for (i = 0; i < w; i += 16)
257 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
258 }
259
260 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
261 {
262 VncDisplay *vd = ds->opaque;
263 VncState *vs = vd->clients;
264 while (vs != NULL) {
265 vnc_update(vs, x, y, w, h);
266 vs = vs->next;
267 }
268 }
269
270 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
271 int32_t encoding)
272 {
273 vnc_write_u16(vs, x);
274 vnc_write_u16(vs, y);
275 vnc_write_u16(vs, w);
276 vnc_write_u16(vs, h);
277
278 vnc_write_s32(vs, encoding);
279 }
280
281 static void buffer_reserve(Buffer *buffer, size_t len)
282 {
283 if ((buffer->capacity - buffer->offset) < len) {
284 buffer->capacity += (len + 1024);
285 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
286 if (buffer->buffer == NULL) {
287 fprintf(stderr, "vnc: out of memory\n");
288 exit(1);
289 }
290 }
291 }
292
293 static int buffer_empty(Buffer *buffer)
294 {
295 return buffer->offset == 0;
296 }
297
298 static uint8_t *buffer_end(Buffer *buffer)
299 {
300 return buffer->buffer + buffer->offset;
301 }
302
303 static void buffer_reset(Buffer *buffer)
304 {
305 buffer->offset = 0;
306 }
307
308 static void buffer_append(Buffer *buffer, const void *data, size_t len)
309 {
310 memcpy(buffer->buffer + buffer->offset, data, len);
311 buffer->offset += len;
312 }
313
314 static void vnc_resize(VncState *vs)
315 {
316 DisplayState *ds = vs->ds;
317
318 int size_changed;
319
320 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
321
322 if (vs->old_data == NULL) {
323 fprintf(stderr, "vnc: memory allocation failed\n");
324 exit(1);
325 }
326
327 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
328 console_color_init(ds);
329 vnc_colordepth(vs);
330 size_changed = ds_get_width(ds) != vs->serverds.width ||
331 ds_get_height(ds) != vs->serverds.height;
332 vs->serverds = *(ds->surface);
333 if (size_changed) {
334 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
335 vnc_write_u8(vs, 0); /* msg id */
336 vnc_write_u8(vs, 0);
337 vnc_write_u16(vs, 1); /* number of rects */
338 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
339 VNC_ENCODING_DESKTOPRESIZE);
340 vnc_flush(vs);
341 }
342 }
343
344 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
345 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
346 }
347
348 static void vnc_dpy_resize(DisplayState *ds)
349 {
350 VncDisplay *vd = ds->opaque;
351 VncState *vs = vd->clients;
352 while (vs != NULL) {
353 vnc_resize(vs);
354 vs = vs->next;
355 }
356 }
357
358 /* fastest code */
359 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
360 {
361 vnc_write(vs, pixels, size);
362 }
363
364 /* slowest but generic code. */
365 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
366 {
367 uint8_t r, g, b;
368
369 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
370 vs->serverds.pf.rbits);
371 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
372 vs->serverds.pf.gbits);
373 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
374 vs->serverds.pf.bbits);
375 v = (r << vs->clientds.pf.rshift) |
376 (g << vs->clientds.pf.gshift) |
377 (b << vs->clientds.pf.bshift);
378 switch(vs->clientds.pf.bytes_per_pixel) {
379 case 1:
380 buf[0] = v;
381 break;
382 case 2:
383 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
384 buf[0] = v >> 8;
385 buf[1] = v;
386 } else {
387 buf[1] = v >> 8;
388 buf[0] = v;
389 }
390 break;
391 default:
392 case 4:
393 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
394 buf[0] = v >> 24;
395 buf[1] = v >> 16;
396 buf[2] = v >> 8;
397 buf[3] = v;
398 } else {
399 buf[3] = v >> 24;
400 buf[2] = v >> 16;
401 buf[1] = v >> 8;
402 buf[0] = v;
403 }
404 break;
405 }
406 }
407
408 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
409 {
410 uint8_t buf[4];
411
412 if (vs->serverds.pf.bytes_per_pixel == 4) {
413 uint32_t *pixels = pixels1;
414 int n, i;
415 n = size >> 2;
416 for(i = 0; i < n; i++) {
417 vnc_convert_pixel(vs, buf, pixels[i]);
418 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
419 }
420 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
421 uint16_t *pixels = pixels1;
422 int n, i;
423 n = size >> 1;
424 for(i = 0; i < n; i++) {
425 vnc_convert_pixel(vs, buf, pixels[i]);
426 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
427 }
428 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
429 uint8_t *pixels = pixels1;
430 int n, i;
431 n = size;
432 for(i = 0; i < n; i++) {
433 vnc_convert_pixel(vs, buf, pixels[i]);
434 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
435 }
436 } else {
437 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
438 }
439 }
440
441 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
442 {
443 int i;
444 uint8_t *row;
445
446 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
447 for (i = 0; i < h; i++) {
448 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
449 row += ds_get_linesize(vs->ds);
450 }
451 }
452
453 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
454 {
455 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
456 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
457 }
458
459 #define BPP 8
460 #include "vnchextile.h"
461 #undef BPP
462
463 #define BPP 16
464 #include "vnchextile.h"
465 #undef BPP
466
467 #define BPP 32
468 #include "vnchextile.h"
469 #undef BPP
470
471 #define GENERIC
472 #define BPP 8
473 #include "vnchextile.h"
474 #undef BPP
475 #undef GENERIC
476
477 #define GENERIC
478 #define BPP 16
479 #include "vnchextile.h"
480 #undef BPP
481 #undef GENERIC
482
483 #define GENERIC
484 #define BPP 32
485 #include "vnchextile.h"
486 #undef BPP
487 #undef GENERIC
488
489 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
490 {
491 int i, j;
492 int has_fg, has_bg;
493 uint8_t *last_fg, *last_bg;
494
495 last_fg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
496 last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
497 has_fg = has_bg = 0;
498 for (j = y; j < (y + h); j += 16) {
499 for (i = x; i < (x + w); i += 16) {
500 vs->send_hextile_tile(vs, i, j,
501 MIN(16, x + w - i), MIN(16, y + h - j),
502 last_bg, last_fg, &has_bg, &has_fg);
503 }
504 }
505 free(last_fg);
506 free(last_bg);
507
508 }
509
510 static void vnc_zlib_init(VncState *vs)
511 {
512 int i;
513 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
514 vs->zlib_stream[i].opaque = NULL;
515 }
516
517 static void vnc_zlib_start(VncState *vs)
518 {
519 buffer_reset(&vs->zlib);
520
521 // make the output buffer be the zlib buffer, so we can compress it later
522 vs->zlib_tmp = vs->output;
523 vs->output = vs->zlib;
524 }
525
526 static int vnc_zlib_stop(VncState *vs, int stream_id)
527 {
528 z_streamp zstream = &vs->zlib_stream[stream_id];
529 int previous_out;
530
531 // switch back to normal output/zlib buffers
532 vs->zlib = vs->output;
533 vs->output = vs->zlib_tmp;
534
535 // compress the zlib buffer
536
537 // initialize the stream
538 // XXX need one stream per session
539 if (zstream->opaque != vs) {
540 int err;
541
542 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
543 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
544 zstream->zalloc = Z_NULL;
545 zstream->zfree = Z_NULL;
546
547 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
548 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
549
550 if (err != Z_OK) {
551 fprintf(stderr, "VNC: error initializing zlib\n");
552 return -1;
553 }
554
555 zstream->opaque = vs;
556 }
557
558 // XXX what to do if tight_compression changed in between?
559
560 // reserve memory in output buffer
561 buffer_reserve(&vs->output, vs->zlib.offset + 64);
562
563 // set pointers
564 zstream->next_in = vs->zlib.buffer;
565 zstream->avail_in = vs->zlib.offset;
566 zstream->next_out = vs->output.buffer + vs->output.offset;
567 zstream->avail_out = vs->output.capacity - vs->output.offset;
568 zstream->data_type = Z_BINARY;
569 previous_out = zstream->total_out;
570
571 // start encoding
572 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
573 fprintf(stderr, "VNC: error during zlib compression\n");
574 return -1;
575 }
576
577 vs->output.offset = vs->output.capacity - zstream->avail_out;
578 return zstream->total_out - previous_out;
579 }
580
581 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
582 {
583 int old_offset, new_offset, bytes_written;
584
585 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
586
587 // remember where we put in the follow-up size
588 old_offset = vs->output.offset;
589 vnc_write_s32(vs, 0);
590
591 // compress the stream
592 vnc_zlib_start(vs);
593 send_framebuffer_update_raw(vs, x, y, w, h);
594 bytes_written = vnc_zlib_stop(vs, 0);
595
596 if (bytes_written == -1)
597 return;
598
599 // hack in the size
600 new_offset = vs->output.offset;
601 vs->output.offset = old_offset;
602 vnc_write_u32(vs, bytes_written);
603 vs->output.offset = new_offset;
604 }
605
606 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
607 {
608 switch(vs->vnc_encoding) {
609 case VNC_ENCODING_ZLIB:
610 send_framebuffer_update_zlib(vs, x, y, w, h);
611 break;
612 case VNC_ENCODING_HEXTILE:
613 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
614 send_framebuffer_update_hextile(vs, x, y, w, h);
615 break;
616 default:
617 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
618 send_framebuffer_update_raw(vs, x, y, w, h);
619 break;
620 }
621 }
622
623 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
624 {
625 vnc_update_client(vs);
626
627 vnc_write_u8(vs, 0); /* msg id */
628 vnc_write_u8(vs, 0);
629 vnc_write_u16(vs, 1); /* number of rects */
630 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
631 vnc_write_u16(vs, src_x);
632 vnc_write_u16(vs, src_y);
633 vnc_flush(vs);
634 }
635
636 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
637 {
638 VncDisplay *vd = ds->opaque;
639 VncState *vs = vd->clients;
640 while (vs != NULL) {
641 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
642 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
643 else /* TODO */
644 vnc_update(vs, dst_x, dst_y, w, h);
645 vs = vs->next;
646 }
647 }
648
649 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
650 {
651 int h;
652
653 for (h = 1; h < (vs->serverds.height - y); h++) {
654 int tmp_x;
655 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
656 break;
657 for (tmp_x = last_x; tmp_x < x; tmp_x++)
658 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
659 }
660
661 return h;
662 }
663
664 static void vnc_update_client(void *opaque)
665 {
666 VncState *vs = opaque;
667 if (vs->need_update && vs->csock != -1) {
668 int y;
669 uint8_t *row;
670 char *old_row;
671 uint32_t width_mask[VNC_DIRTY_WORDS];
672 int n_rectangles;
673 int saved_offset;
674 int has_dirty = 0;
675
676 vga_hw_update();
677
678 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
679
680 /* Walk through the dirty map and eliminate tiles that
681 really aren't dirty */
682 row = ds_get_data(vs->ds);
683 old_row = vs->old_data;
684
685 for (y = 0; y < ds_get_height(vs->ds); y++) {
686 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
687 int x;
688 uint8_t *ptr;
689 char *old_ptr;
690
691 ptr = row;
692 old_ptr = (char*)old_row;
693
694 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
695 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
696 vnc_clear_bit(vs->dirty_row[y], (x / 16));
697 } else {
698 has_dirty = 1;
699 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
700 }
701
702 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
703 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
704 }
705 }
706
707 row += ds_get_linesize(vs->ds);
708 old_row += ds_get_linesize(vs->ds);
709 }
710
711 if (!has_dirty && !vs->audio_cap) {
712 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
713 return;
714 }
715
716 /* Count rectangles */
717 n_rectangles = 0;
718 vnc_write_u8(vs, 0); /* msg id */
719 vnc_write_u8(vs, 0);
720 saved_offset = vs->output.offset;
721 vnc_write_u16(vs, 0);
722
723 for (y = 0; y < vs->serverds.height; y++) {
724 int x;
725 int last_x = -1;
726 for (x = 0; x < vs->serverds.width / 16; x++) {
727 if (vnc_get_bit(vs->dirty_row[y], x)) {
728 if (last_x == -1) {
729 last_x = x;
730 }
731 vnc_clear_bit(vs->dirty_row[y], x);
732 } else {
733 if (last_x != -1) {
734 int h = find_dirty_height(vs, y, last_x, x);
735 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
736 n_rectangles++;
737 }
738 last_x = -1;
739 }
740 }
741 if (last_x != -1) {
742 int h = find_dirty_height(vs, y, last_x, x);
743 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
744 n_rectangles++;
745 }
746 }
747 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
748 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
749 vnc_flush(vs);
750
751 }
752
753 if (vs->csock != -1) {
754 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
755 }
756
757 }
758
759 /* audio */
760 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
761 {
762 VncState *vs = opaque;
763
764 switch (cmd) {
765 case AUD_CNOTIFY_DISABLE:
766 vnc_write_u8(vs, 255);
767 vnc_write_u8(vs, 1);
768 vnc_write_u16(vs, 0);
769 vnc_flush(vs);
770 break;
771
772 case AUD_CNOTIFY_ENABLE:
773 vnc_write_u8(vs, 255);
774 vnc_write_u8(vs, 1);
775 vnc_write_u16(vs, 1);
776 vnc_flush(vs);
777 break;
778 }
779 }
780
781 static void audio_capture_destroy(void *opaque)
782 {
783 }
784
785 static void audio_capture(void *opaque, void *buf, int size)
786 {
787 VncState *vs = opaque;
788
789 vnc_write_u8(vs, 255);
790 vnc_write_u8(vs, 1);
791 vnc_write_u16(vs, 2);
792 vnc_write_u32(vs, size);
793 vnc_write(vs, buf, size);
794 vnc_flush(vs);
795 }
796
797 static void audio_add(VncState *vs)
798 {
799 Monitor *mon = cur_mon;
800 struct audio_capture_ops ops;
801
802 if (vs->audio_cap) {
803 monitor_printf(mon, "audio already running\n");
804 return;
805 }
806
807 ops.notify = audio_capture_notify;
808 ops.destroy = audio_capture_destroy;
809 ops.capture = audio_capture;
810
811 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
812 if (!vs->audio_cap) {
813 monitor_printf(mon, "Failed to add audio capture\n");
814 }
815 }
816
817 static void audio_del(VncState *vs)
818 {
819 if (vs->audio_cap) {
820 AUD_del_capture(vs->audio_cap, vs);
821 vs->audio_cap = NULL;
822 }
823 }
824
825 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
826 {
827 if (ret == 0 || ret == -1) {
828 if (ret == -1) {
829 switch (last_errno) {
830 case EINTR:
831 case EAGAIN:
832 #ifdef _WIN32
833 case WSAEWOULDBLOCK:
834 #endif
835 return 0;
836 default:
837 break;
838 }
839 }
840
841 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
842 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
843 closesocket(vs->csock);
844 qemu_del_timer(vs->timer);
845 qemu_free_timer(vs->timer);
846 if (vs->input.buffer) qemu_free(vs->input.buffer);
847 if (vs->output.buffer) qemu_free(vs->output.buffer);
848 #ifdef CONFIG_VNC_TLS
849 vnc_tls_client_cleanup(vs);
850 #endif /* CONFIG_VNC_TLS */
851 audio_del(vs);
852
853 VncState *p, *parent = NULL;
854 for (p = vs->vd->clients; p != NULL; p = p->next) {
855 if (p == vs) {
856 if (parent)
857 parent->next = p->next;
858 else
859 vs->vd->clients = p->next;
860 break;
861 }
862 parent = p;
863 }
864 if (!vs->vd->clients)
865 dcl->idle = 1;
866
867 qemu_free(vs->old_data);
868 qemu_free(vs);
869
870 return 0;
871 }
872 return ret;
873 }
874
875
876 void vnc_client_error(VncState *vs)
877 {
878 vnc_client_io_error(vs, -1, EINVAL);
879 }
880
881 void vnc_client_write(void *opaque)
882 {
883 long ret;
884 VncState *vs = opaque;
885
886 #ifdef CONFIG_VNC_TLS
887 if (vs->tls.session) {
888 ret = gnutls_write(vs->tls.session, vs->output.buffer, vs->output.offset);
889 if (ret < 0) {
890 if (ret == GNUTLS_E_AGAIN)
891 errno = EAGAIN;
892 else
893 errno = EIO;
894 ret = -1;
895 }
896 } else
897 #endif /* CONFIG_VNC_TLS */
898 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
899 ret = vnc_client_io_error(vs, ret, socket_error());
900 if (!ret)
901 return;
902
903 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
904 vs->output.offset -= ret;
905
906 if (vs->output.offset == 0) {
907 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
908 }
909 }
910
911 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
912 {
913 vs->read_handler = func;
914 vs->read_handler_expect = expecting;
915 }
916
917 void vnc_client_read(void *opaque)
918 {
919 VncState *vs = opaque;
920 long ret;
921
922 buffer_reserve(&vs->input, 4096);
923
924 #ifdef CONFIG_VNC_TLS
925 if (vs->tls.session) {
926 ret = gnutls_read(vs->tls.session, buffer_end(&vs->input), 4096);
927 if (ret < 0) {
928 if (ret == GNUTLS_E_AGAIN)
929 errno = EAGAIN;
930 else
931 errno = EIO;
932 ret = -1;
933 }
934 } else
935 #endif /* CONFIG_VNC_TLS */
936 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
937 ret = vnc_client_io_error(vs, ret, socket_error());
938 if (!ret)
939 return;
940
941 vs->input.offset += ret;
942
943 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
944 size_t len = vs->read_handler_expect;
945 int ret;
946
947 ret = vs->read_handler(vs, vs->input.buffer, len);
948 if (vs->csock == -1)
949 return;
950
951 if (!ret) {
952 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
953 vs->input.offset -= len;
954 } else {
955 vs->read_handler_expect = ret;
956 }
957 }
958 }
959
960 void vnc_write(VncState *vs, const void *data, size_t len)
961 {
962 buffer_reserve(&vs->output, len);
963
964 if (buffer_empty(&vs->output)) {
965 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
966 }
967
968 buffer_append(&vs->output, data, len);
969 }
970
971 void vnc_write_s32(VncState *vs, int32_t value)
972 {
973 vnc_write_u32(vs, *(uint32_t *)&value);
974 }
975
976 void vnc_write_u32(VncState *vs, uint32_t value)
977 {
978 uint8_t buf[4];
979
980 buf[0] = (value >> 24) & 0xFF;
981 buf[1] = (value >> 16) & 0xFF;
982 buf[2] = (value >> 8) & 0xFF;
983 buf[3] = value & 0xFF;
984
985 vnc_write(vs, buf, 4);
986 }
987
988 void vnc_write_u16(VncState *vs, uint16_t value)
989 {
990 uint8_t buf[2];
991
992 buf[0] = (value >> 8) & 0xFF;
993 buf[1] = value & 0xFF;
994
995 vnc_write(vs, buf, 2);
996 }
997
998 void vnc_write_u8(VncState *vs, uint8_t value)
999 {
1000 vnc_write(vs, (char *)&value, 1);
1001 }
1002
1003 void vnc_flush(VncState *vs)
1004 {
1005 if (vs->output.offset)
1006 vnc_client_write(vs);
1007 }
1008
1009 uint8_t read_u8(uint8_t *data, size_t offset)
1010 {
1011 return data[offset];
1012 }
1013
1014 uint16_t read_u16(uint8_t *data, size_t offset)
1015 {
1016 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1017 }
1018
1019 int32_t read_s32(uint8_t *data, size_t offset)
1020 {
1021 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1022 (data[offset + 2] << 8) | data[offset + 3]);
1023 }
1024
1025 uint32_t read_u32(uint8_t *data, size_t offset)
1026 {
1027 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1028 (data[offset + 2] << 8) | data[offset + 3]);
1029 }
1030
1031 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1032 {
1033 }
1034
1035 static void check_pointer_type_change(VncState *vs, int absolute)
1036 {
1037 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1038 vnc_write_u8(vs, 0);
1039 vnc_write_u8(vs, 0);
1040 vnc_write_u16(vs, 1);
1041 vnc_framebuffer_update(vs, absolute, 0,
1042 ds_get_width(vs->ds), ds_get_height(vs->ds),
1043 VNC_ENCODING_POINTER_TYPE_CHANGE);
1044 vnc_flush(vs);
1045 }
1046 vs->absolute = absolute;
1047 }
1048
1049 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1050 {
1051 int buttons = 0;
1052 int dz = 0;
1053
1054 if (button_mask & 0x01)
1055 buttons |= MOUSE_EVENT_LBUTTON;
1056 if (button_mask & 0x02)
1057 buttons |= MOUSE_EVENT_MBUTTON;
1058 if (button_mask & 0x04)
1059 buttons |= MOUSE_EVENT_RBUTTON;
1060 if (button_mask & 0x08)
1061 dz = -1;
1062 if (button_mask & 0x10)
1063 dz = 1;
1064
1065 if (vs->absolute) {
1066 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1067 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1068 dz, buttons);
1069 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1070 x -= 0x7FFF;
1071 y -= 0x7FFF;
1072
1073 kbd_mouse_event(x, y, dz, buttons);
1074 } else {
1075 if (vs->last_x != -1)
1076 kbd_mouse_event(x - vs->last_x,
1077 y - vs->last_y,
1078 dz, buttons);
1079 vs->last_x = x;
1080 vs->last_y = y;
1081 }
1082
1083 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1084 }
1085
1086 static void reset_keys(VncState *vs)
1087 {
1088 int i;
1089 for(i = 0; i < 256; i++) {
1090 if (vs->modifiers_state[i]) {
1091 if (i & 0x80)
1092 kbd_put_keycode(0xe0);
1093 kbd_put_keycode(i | 0x80);
1094 vs->modifiers_state[i] = 0;
1095 }
1096 }
1097 }
1098
1099 static void press_key(VncState *vs, int keysym)
1100 {
1101 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1102 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1103 }
1104
1105 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1106 {
1107 /* QEMU console switch */
1108 switch(keycode) {
1109 case 0x2a: /* Left Shift */
1110 case 0x36: /* Right Shift */
1111 case 0x1d: /* Left CTRL */
1112 case 0x9d: /* Right CTRL */
1113 case 0x38: /* Left ALT */
1114 case 0xb8: /* Right ALT */
1115 if (down)
1116 vs->modifiers_state[keycode] = 1;
1117 else
1118 vs->modifiers_state[keycode] = 0;
1119 break;
1120 case 0x02 ... 0x0a: /* '1' to '9' keys */
1121 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1122 /* Reset the modifiers sent to the current console */
1123 reset_keys(vs);
1124 console_select(keycode - 0x02);
1125 return;
1126 }
1127 break;
1128 case 0x3a: /* CapsLock */
1129 case 0x45: /* NumLock */
1130 if (!down)
1131 vs->modifiers_state[keycode] ^= 1;
1132 break;
1133 }
1134
1135 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1136 /* If the numlock state needs to change then simulate an additional
1137 keypress before sending this one. This will happen if the user
1138 toggles numlock away from the VNC window.
1139 */
1140 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1141 if (!vs->modifiers_state[0x45]) {
1142 vs->modifiers_state[0x45] = 1;
1143 press_key(vs, 0xff7f);
1144 }
1145 } else {
1146 if (vs->modifiers_state[0x45]) {
1147 vs->modifiers_state[0x45] = 0;
1148 press_key(vs, 0xff7f);
1149 }
1150 }
1151 }
1152
1153 if (is_graphic_console()) {
1154 if (keycode & 0x80)
1155 kbd_put_keycode(0xe0);
1156 if (down)
1157 kbd_put_keycode(keycode & 0x7f);
1158 else
1159 kbd_put_keycode(keycode | 0x80);
1160 } else {
1161 /* QEMU console emulation */
1162 if (down) {
1163 switch (keycode) {
1164 case 0x2a: /* Left Shift */
1165 case 0x36: /* Right Shift */
1166 case 0x1d: /* Left CTRL */
1167 case 0x9d: /* Right CTRL */
1168 case 0x38: /* Left ALT */
1169 case 0xb8: /* Right ALT */
1170 break;
1171 case 0xc8:
1172 kbd_put_keysym(QEMU_KEY_UP);
1173 break;
1174 case 0xd0:
1175 kbd_put_keysym(QEMU_KEY_DOWN);
1176 break;
1177 case 0xcb:
1178 kbd_put_keysym(QEMU_KEY_LEFT);
1179 break;
1180 case 0xcd:
1181 kbd_put_keysym(QEMU_KEY_RIGHT);
1182 break;
1183 case 0xd3:
1184 kbd_put_keysym(QEMU_KEY_DELETE);
1185 break;
1186 case 0xc7:
1187 kbd_put_keysym(QEMU_KEY_HOME);
1188 break;
1189 case 0xcf:
1190 kbd_put_keysym(QEMU_KEY_END);
1191 break;
1192 case 0xc9:
1193 kbd_put_keysym(QEMU_KEY_PAGEUP);
1194 break;
1195 case 0xd1:
1196 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1197 break;
1198 default:
1199 kbd_put_keysym(sym);
1200 break;
1201 }
1202 }
1203 }
1204 }
1205
1206 static void key_event(VncState *vs, int down, uint32_t sym)
1207 {
1208 int keycode;
1209
1210 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1211 sym = sym - 'A' + 'a';
1212
1213 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1214 do_key_event(vs, down, keycode, sym);
1215 }
1216
1217 static void ext_key_event(VncState *vs, int down,
1218 uint32_t sym, uint16_t keycode)
1219 {
1220 /* if the user specifies a keyboard layout, always use it */
1221 if (keyboard_layout)
1222 key_event(vs, down, sym);
1223 else
1224 do_key_event(vs, down, keycode, sym);
1225 }
1226
1227 static void framebuffer_update_request(VncState *vs, int incremental,
1228 int x_position, int y_position,
1229 int w, int h)
1230 {
1231 if (x_position > ds_get_width(vs->ds))
1232 x_position = ds_get_width(vs->ds);
1233 if (y_position > ds_get_height(vs->ds))
1234 y_position = ds_get_height(vs->ds);
1235 if (x_position + w >= ds_get_width(vs->ds))
1236 w = ds_get_width(vs->ds) - x_position;
1237 if (y_position + h >= ds_get_height(vs->ds))
1238 h = ds_get_height(vs->ds) - y_position;
1239
1240 int i;
1241 vs->need_update = 1;
1242 if (!incremental) {
1243 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1244
1245 for (i = 0; i < h; i++) {
1246 vnc_set_bits(vs->dirty_row[y_position + i],
1247 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1248 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1249 old_row += ds_get_linesize(vs->ds);
1250 }
1251 }
1252 }
1253
1254 static void send_ext_key_event_ack(VncState *vs)
1255 {
1256 vnc_write_u8(vs, 0);
1257 vnc_write_u8(vs, 0);
1258 vnc_write_u16(vs, 1);
1259 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1260 VNC_ENCODING_EXT_KEY_EVENT);
1261 vnc_flush(vs);
1262 }
1263
1264 static void send_ext_audio_ack(VncState *vs)
1265 {
1266 vnc_write_u8(vs, 0);
1267 vnc_write_u8(vs, 0);
1268 vnc_write_u16(vs, 1);
1269 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1270 VNC_ENCODING_AUDIO);
1271 vnc_flush(vs);
1272 }
1273
1274 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1275 {
1276 int i;
1277 unsigned int enc = 0;
1278
1279 vnc_zlib_init(vs);
1280 vs->features = 0;
1281 vs->vnc_encoding = 0;
1282 vs->tight_compression = 9;
1283 vs->tight_quality = 9;
1284 vs->absolute = -1;
1285
1286 for (i = n_encodings - 1; i >= 0; i--) {
1287 enc = encodings[i];
1288 switch (enc) {
1289 case VNC_ENCODING_RAW:
1290 vs->vnc_encoding = enc;
1291 break;
1292 case VNC_ENCODING_COPYRECT:
1293 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1294 break;
1295 case VNC_ENCODING_HEXTILE:
1296 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1297 vs->vnc_encoding = enc;
1298 break;
1299 case VNC_ENCODING_ZLIB:
1300 vs->features |= VNC_FEATURE_ZLIB_MASK;
1301 vs->vnc_encoding = enc;
1302 break;
1303 case VNC_ENCODING_DESKTOPRESIZE:
1304 vs->features |= VNC_FEATURE_RESIZE_MASK;
1305 break;
1306 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1307 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1308 break;
1309 case VNC_ENCODING_EXT_KEY_EVENT:
1310 send_ext_key_event_ack(vs);
1311 break;
1312 case VNC_ENCODING_AUDIO:
1313 send_ext_audio_ack(vs);
1314 break;
1315 case VNC_ENCODING_WMVi:
1316 vs->features |= VNC_FEATURE_WMVI_MASK;
1317 break;
1318 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1319 vs->tight_compression = (enc & 0x0F);
1320 break;
1321 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1322 vs->tight_quality = (enc & 0x0F);
1323 break;
1324 default:
1325 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1326 break;
1327 }
1328 }
1329
1330 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1331 }
1332
1333 static void set_pixel_conversion(VncState *vs)
1334 {
1335 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1336 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1337 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1338 vs->write_pixels = vnc_write_pixels_copy;
1339 switch (vs->ds->surface->pf.bits_per_pixel) {
1340 case 8:
1341 vs->send_hextile_tile = send_hextile_tile_8;
1342 break;
1343 case 16:
1344 vs->send_hextile_tile = send_hextile_tile_16;
1345 break;
1346 case 32:
1347 vs->send_hextile_tile = send_hextile_tile_32;
1348 break;
1349 }
1350 } else {
1351 vs->write_pixels = vnc_write_pixels_generic;
1352 switch (vs->ds->surface->pf.bits_per_pixel) {
1353 case 8:
1354 vs->send_hextile_tile = send_hextile_tile_generic_8;
1355 break;
1356 case 16:
1357 vs->send_hextile_tile = send_hextile_tile_generic_16;
1358 break;
1359 case 32:
1360 vs->send_hextile_tile = send_hextile_tile_generic_32;
1361 break;
1362 }
1363 }
1364 }
1365
1366 static void set_pixel_format(VncState *vs,
1367 int bits_per_pixel, int depth,
1368 int big_endian_flag, int true_color_flag,
1369 int red_max, int green_max, int blue_max,
1370 int red_shift, int green_shift, int blue_shift)
1371 {
1372 if (!true_color_flag) {
1373 vnc_client_error(vs);
1374 return;
1375 }
1376
1377 vs->clientds = vs->serverds;
1378 vs->clientds.pf.rmax = red_max;
1379 count_bits(vs->clientds.pf.rbits, red_max);
1380 vs->clientds.pf.rshift = red_shift;
1381 vs->clientds.pf.rmask = red_max << red_shift;
1382 vs->clientds.pf.gmax = green_max;
1383 count_bits(vs->clientds.pf.gbits, green_max);
1384 vs->clientds.pf.gshift = green_shift;
1385 vs->clientds.pf.gmask = green_max << green_shift;
1386 vs->clientds.pf.bmax = blue_max;
1387 count_bits(vs->clientds.pf.bbits, blue_max);
1388 vs->clientds.pf.bshift = blue_shift;
1389 vs->clientds.pf.bmask = blue_max << blue_shift;
1390 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1391 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1392 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1393 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1394
1395 set_pixel_conversion(vs);
1396
1397 vga_hw_invalidate();
1398 vga_hw_update();
1399 }
1400
1401 static void pixel_format_message (VncState *vs) {
1402 char pad[3] = { 0, 0, 0 };
1403
1404 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1405 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1406
1407 #ifdef WORDS_BIGENDIAN
1408 vnc_write_u8(vs, 1); /* big-endian-flag */
1409 #else
1410 vnc_write_u8(vs, 0); /* big-endian-flag */
1411 #endif
1412 vnc_write_u8(vs, 1); /* true-color-flag */
1413 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1414 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1415 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1416 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1417 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1418 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1419 if (vs->ds->surface->pf.bits_per_pixel == 32)
1420 vs->send_hextile_tile = send_hextile_tile_32;
1421 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1422 vs->send_hextile_tile = send_hextile_tile_16;
1423 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1424 vs->send_hextile_tile = send_hextile_tile_8;
1425 vs->clientds = *(vs->ds->surface);
1426 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1427 vs->write_pixels = vnc_write_pixels_copy;
1428
1429 vnc_write(vs, pad, 3); /* padding */
1430 }
1431
1432 static void vnc_dpy_setdata(DisplayState *ds)
1433 {
1434 /* We don't have to do anything */
1435 }
1436
1437 static void vnc_colordepth(VncState *vs)
1438 {
1439 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1440 /* Sending a WMVi message to notify the client*/
1441 vnc_write_u8(vs, 0); /* msg id */
1442 vnc_write_u8(vs, 0);
1443 vnc_write_u16(vs, 1); /* number of rects */
1444 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1445 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1446 pixel_format_message(vs);
1447 vnc_flush(vs);
1448 } else {
1449 set_pixel_conversion(vs);
1450 }
1451 }
1452
1453 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1454 {
1455 int i;
1456 uint16_t limit;
1457
1458 switch (data[0]) {
1459 case 0:
1460 if (len == 1)
1461 return 20;
1462
1463 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1464 read_u8(data, 6), read_u8(data, 7),
1465 read_u16(data, 8), read_u16(data, 10),
1466 read_u16(data, 12), read_u8(data, 14),
1467 read_u8(data, 15), read_u8(data, 16));
1468 break;
1469 case 2:
1470 if (len == 1)
1471 return 4;
1472
1473 if (len == 4) {
1474 limit = read_u16(data, 2);
1475 if (limit > 0)
1476 return 4 + (limit * 4);
1477 } else
1478 limit = read_u16(data, 2);
1479
1480 for (i = 0; i < limit; i++) {
1481 int32_t val = read_s32(data, 4 + (i * 4));
1482 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1483 }
1484
1485 set_encodings(vs, (int32_t *)(data + 4), limit);
1486 break;
1487 case 3:
1488 if (len == 1)
1489 return 10;
1490
1491 framebuffer_update_request(vs,
1492 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1493 read_u16(data, 6), read_u16(data, 8));
1494 break;
1495 case 4:
1496 if (len == 1)
1497 return 8;
1498
1499 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1500 break;
1501 case 5:
1502 if (len == 1)
1503 return 6;
1504
1505 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1506 break;
1507 case 6:
1508 if (len == 1)
1509 return 8;
1510
1511 if (len == 8) {
1512 uint32_t dlen = read_u32(data, 4);
1513 if (dlen > 0)
1514 return 8 + dlen;
1515 }
1516
1517 client_cut_text(vs, read_u32(data, 4), data + 8);
1518 break;
1519 case 255:
1520 if (len == 1)
1521 return 2;
1522
1523 switch (read_u8(data, 1)) {
1524 case 0:
1525 if (len == 2)
1526 return 12;
1527
1528 ext_key_event(vs, read_u16(data, 2),
1529 read_u32(data, 4), read_u32(data, 8));
1530 break;
1531 case 1:
1532 if (len == 2)
1533 return 4;
1534
1535 switch (read_u16 (data, 2)) {
1536 case 0:
1537 audio_add(vs);
1538 break;
1539 case 1:
1540 audio_del(vs);
1541 break;
1542 case 2:
1543 if (len == 4)
1544 return 10;
1545 switch (read_u8(data, 4)) {
1546 case 0: vs->as.fmt = AUD_FMT_U8; break;
1547 case 1: vs->as.fmt = AUD_FMT_S8; break;
1548 case 2: vs->as.fmt = AUD_FMT_U16; break;
1549 case 3: vs->as.fmt = AUD_FMT_S16; break;
1550 case 4: vs->as.fmt = AUD_FMT_U32; break;
1551 case 5: vs->as.fmt = AUD_FMT_S32; break;
1552 default:
1553 printf("Invalid audio format %d\n", read_u8(data, 4));
1554 vnc_client_error(vs);
1555 break;
1556 }
1557 vs->as.nchannels = read_u8(data, 5);
1558 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1559 printf("Invalid audio channel coount %d\n",
1560 read_u8(data, 5));
1561 vnc_client_error(vs);
1562 break;
1563 }
1564 vs->as.freq = read_u32(data, 6);
1565 break;
1566 default:
1567 printf ("Invalid audio message %d\n", read_u8(data, 4));
1568 vnc_client_error(vs);
1569 break;
1570 }
1571 break;
1572
1573 default:
1574 printf("Msg: %d\n", read_u16(data, 0));
1575 vnc_client_error(vs);
1576 break;
1577 }
1578 break;
1579 default:
1580 printf("Msg: %d\n", data[0]);
1581 vnc_client_error(vs);
1582 break;
1583 }
1584
1585 vnc_read_when(vs, protocol_client_msg, 1);
1586 return 0;
1587 }
1588
1589 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1590 {
1591 char buf[1024];
1592 int size;
1593
1594 vnc_write_u16(vs, ds_get_width(vs->ds));
1595 vnc_write_u16(vs, ds_get_height(vs->ds));
1596
1597 pixel_format_message(vs);
1598
1599 if (qemu_name)
1600 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1601 else
1602 size = snprintf(buf, sizeof(buf), "QEMU");
1603
1604 vnc_write_u32(vs, size);
1605 vnc_write(vs, buf, size);
1606 vnc_flush(vs);
1607
1608 vnc_read_when(vs, protocol_client_msg, 1);
1609
1610 return 0;
1611 }
1612
1613 void start_client_init(VncState *vs)
1614 {
1615 vnc_read_when(vs, protocol_client_init, 1);
1616 }
1617
1618 static void make_challenge(VncState *vs)
1619 {
1620 int i;
1621
1622 srand(time(NULL)+getpid()+getpid()*987654+rand());
1623
1624 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1625 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1626 }
1627
1628 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1629 {
1630 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1631 int i, j, pwlen;
1632 unsigned char key[8];
1633
1634 if (!vs->vd->password || !vs->vd->password[0]) {
1635 VNC_DEBUG("No password configured on server");
1636 vnc_write_u32(vs, 1); /* Reject auth */
1637 if (vs->minor >= 8) {
1638 static const char err[] = "Authentication failed";
1639 vnc_write_u32(vs, sizeof(err));
1640 vnc_write(vs, err, sizeof(err));
1641 }
1642 vnc_flush(vs);
1643 vnc_client_error(vs);
1644 return 0;
1645 }
1646
1647 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1648
1649 /* Calculate the expected challenge response */
1650 pwlen = strlen(vs->vd->password);
1651 for (i=0; i<sizeof(key); i++)
1652 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1653 deskey(key, EN0);
1654 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1655 des(response+j, response+j);
1656
1657 /* Compare expected vs actual challenge response */
1658 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1659 VNC_DEBUG("Client challenge reponse did not match\n");
1660 vnc_write_u32(vs, 1); /* Reject auth */
1661 if (vs->minor >= 8) {
1662 static const char err[] = "Authentication failed";
1663 vnc_write_u32(vs, sizeof(err));
1664 vnc_write(vs, err, sizeof(err));
1665 }
1666 vnc_flush(vs);
1667 vnc_client_error(vs);
1668 } else {
1669 VNC_DEBUG("Accepting VNC challenge response\n");
1670 vnc_write_u32(vs, 0); /* Accept auth */
1671 vnc_flush(vs);
1672
1673 start_client_init(vs);
1674 }
1675 return 0;
1676 }
1677
1678 void start_auth_vnc(VncState *vs)
1679 {
1680 make_challenge(vs);
1681 /* Send client a 'random' challenge */
1682 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1683 vnc_flush(vs);
1684
1685 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1686 }
1687
1688
1689 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1690 {
1691 /* We only advertise 1 auth scheme at a time, so client
1692 * must pick the one we sent. Verify this */
1693 if (data[0] != vs->vd->auth) { /* Reject auth */
1694 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1695 vnc_write_u32(vs, 1);
1696 if (vs->minor >= 8) {
1697 static const char err[] = "Authentication failed";
1698 vnc_write_u32(vs, sizeof(err));
1699 vnc_write(vs, err, sizeof(err));
1700 }
1701 vnc_client_error(vs);
1702 } else { /* Accept requested auth */
1703 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1704 switch (vs->vd->auth) {
1705 case VNC_AUTH_NONE:
1706 VNC_DEBUG("Accept auth none\n");
1707 if (vs->minor >= 8) {
1708 vnc_write_u32(vs, 0); /* Accept auth completion */
1709 vnc_flush(vs);
1710 }
1711 start_client_init(vs);
1712 break;
1713
1714 case VNC_AUTH_VNC:
1715 VNC_DEBUG("Start VNC auth\n");
1716 start_auth_vnc(vs);
1717 break;
1718
1719 #ifdef CONFIG_VNC_TLS
1720 case VNC_AUTH_VENCRYPT:
1721 VNC_DEBUG("Accept VeNCrypt auth\n");;
1722 start_auth_vencrypt(vs);
1723 break;
1724 #endif /* CONFIG_VNC_TLS */
1725
1726 default: /* Should not be possible, but just in case */
1727 VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
1728 vnc_write_u8(vs, 1);
1729 if (vs->minor >= 8) {
1730 static const char err[] = "Authentication failed";
1731 vnc_write_u32(vs, sizeof(err));
1732 vnc_write(vs, err, sizeof(err));
1733 }
1734 vnc_client_error(vs);
1735 }
1736 }
1737 return 0;
1738 }
1739
1740 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1741 {
1742 char local[13];
1743
1744 memcpy(local, version, 12);
1745 local[12] = 0;
1746
1747 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1748 VNC_DEBUG("Malformed protocol version %s\n", local);
1749 vnc_client_error(vs);
1750 return 0;
1751 }
1752 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1753 if (vs->major != 3 ||
1754 (vs->minor != 3 &&
1755 vs->minor != 4 &&
1756 vs->minor != 5 &&
1757 vs->minor != 7 &&
1758 vs->minor != 8)) {
1759 VNC_DEBUG("Unsupported client version\n");
1760 vnc_write_u32(vs, VNC_AUTH_INVALID);
1761 vnc_flush(vs);
1762 vnc_client_error(vs);
1763 return 0;
1764 }
1765 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1766 * as equivalent to v3.3 by servers
1767 */
1768 if (vs->minor == 4 || vs->minor == 5)
1769 vs->minor = 3;
1770
1771 if (vs->minor == 3) {
1772 if (vs->vd->auth == VNC_AUTH_NONE) {
1773 VNC_DEBUG("Tell client auth none\n");
1774 vnc_write_u32(vs, vs->vd->auth);
1775 vnc_flush(vs);
1776 start_client_init(vs);
1777 } else if (vs->vd->auth == VNC_AUTH_VNC) {
1778 VNC_DEBUG("Tell client VNC auth\n");
1779 vnc_write_u32(vs, vs->vd->auth);
1780 vnc_flush(vs);
1781 start_auth_vnc(vs);
1782 } else {
1783 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
1784 vnc_write_u32(vs, VNC_AUTH_INVALID);
1785 vnc_flush(vs);
1786 vnc_client_error(vs);
1787 }
1788 } else {
1789 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
1790 vnc_write_u8(vs, 1); /* num auth */
1791 vnc_write_u8(vs, vs->vd->auth);
1792 vnc_read_when(vs, protocol_client_auth, 1);
1793 vnc_flush(vs);
1794 }
1795
1796 return 0;
1797 }
1798
1799 static void vnc_connect(VncDisplay *vd, int csock)
1800 {
1801 VncState *vs = qemu_mallocz(sizeof(VncState));
1802 vs->csock = csock;
1803
1804 VNC_DEBUG("New client on socket %d\n", csock);
1805 dcl->idle = 0;
1806 socket_set_nonblock(vs->csock);
1807 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1808
1809 vs->vd = vd;
1810 vs->ds = vd->ds;
1811 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1812 vs->last_x = -1;
1813 vs->last_y = -1;
1814
1815 vs->as.freq = 44100;
1816 vs->as.nchannels = 2;
1817 vs->as.fmt = AUD_FMT_S16;
1818 vs->as.endianness = 0;
1819
1820 vnc_resize(vs);
1821 vnc_write(vs, "RFB 003.008\n", 12);
1822 vnc_flush(vs);
1823 vnc_read_when(vs, protocol_version, 12);
1824 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
1825 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1826 vnc_update_client(vs);
1827 reset_keys(vs);
1828
1829 vs->next = vd->clients;
1830 vd->clients = vs;
1831 }
1832
1833 static void vnc_listen_read(void *opaque)
1834 {
1835 VncDisplay *vs = opaque;
1836 struct sockaddr_in addr;
1837 socklen_t addrlen = sizeof(addr);
1838
1839 /* Catch-up */
1840 vga_hw_update();
1841
1842 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1843 if (csock != -1) {
1844 vnc_connect(vs, csock);
1845 }
1846 }
1847
1848 void vnc_display_init(DisplayState *ds)
1849 {
1850 VncDisplay *vs;
1851
1852 vs = qemu_mallocz(sizeof(VncState));
1853 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
1854
1855 ds->opaque = vs;
1856 dcl->idle = 1;
1857 vnc_display = vs;
1858
1859 vs->lsock = -1;
1860
1861 vs->ds = ds;
1862
1863 if (keyboard_layout)
1864 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
1865 else
1866 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
1867
1868 if (!vs->kbd_layout)
1869 exit(1);
1870
1871 dcl->dpy_copy = vnc_dpy_copy;
1872 dcl->dpy_update = vnc_dpy_update;
1873 dcl->dpy_resize = vnc_dpy_resize;
1874 dcl->dpy_setdata = vnc_dpy_setdata;
1875 register_displaychangelistener(ds, dcl);
1876 }
1877
1878
1879 void vnc_display_close(DisplayState *ds)
1880 {
1881 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
1882
1883 if (!vs)
1884 return;
1885 if (vs->display) {
1886 qemu_free(vs->display);
1887 vs->display = NULL;
1888 }
1889 if (vs->lsock != -1) {
1890 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
1891 close(vs->lsock);
1892 vs->lsock = -1;
1893 }
1894 vs->auth = VNC_AUTH_INVALID;
1895 #ifdef CONFIG_VNC_TLS
1896 vs->subauth = VNC_AUTH_INVALID;
1897 vs->tls.x509verify = 0;
1898 #endif
1899 }
1900
1901 int vnc_display_password(DisplayState *ds, const char *password)
1902 {
1903 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
1904
1905 if (vs->password) {
1906 qemu_free(vs->password);
1907 vs->password = NULL;
1908 }
1909 if (password && password[0]) {
1910 if (!(vs->password = qemu_strdup(password)))
1911 return -1;
1912 }
1913
1914 return 0;
1915 }
1916
1917 int vnc_display_open(DisplayState *ds, const char *display)
1918 {
1919 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
1920 const char *options;
1921 int password = 0;
1922 int reverse = 0;
1923 int to_port = 0;
1924 #ifdef CONFIG_VNC_TLS
1925 int tls = 0, x509 = 0;
1926 #endif
1927
1928 if (!vnc_display)
1929 return -1;
1930 vnc_display_close(ds);
1931 if (strcmp(display, "none") == 0)
1932 return 0;
1933
1934 if (!(vs->display = strdup(display)))
1935 return -1;
1936
1937 options = display;
1938 while ((options = strchr(options, ','))) {
1939 options++;
1940 if (strncmp(options, "password", 8) == 0) {
1941 password = 1; /* Require password auth */
1942 } else if (strncmp(options, "reverse", 7) == 0) {
1943 reverse = 1;
1944 } else if (strncmp(options, "to=", 3) == 0) {
1945 to_port = atoi(options+3) + 5900;
1946 #ifdef CONFIG_VNC_TLS
1947 } else if (strncmp(options, "tls", 3) == 0) {
1948 tls = 1; /* Require TLS */
1949 } else if (strncmp(options, "x509", 4) == 0) {
1950 char *start, *end;
1951 x509 = 1; /* Require x509 certificates */
1952 if (strncmp(options, "x509verify", 10) == 0)
1953 vs->tls.x509verify = 1; /* ...and verify client certs */
1954
1955 /* Now check for 'x509=/some/path' postfix
1956 * and use that to setup x509 certificate/key paths */
1957 start = strchr(options, '=');
1958 end = strchr(options, ',');
1959 if (start && (!end || (start < end))) {
1960 int len = end ? end-(start+1) : strlen(start+1);
1961 char *path = qemu_strndup(start + 1, len);
1962
1963 VNC_DEBUG("Trying certificate path '%s'\n", path);
1964 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
1965 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
1966 qemu_free(path);
1967 qemu_free(vs->display);
1968 vs->display = NULL;
1969 return -1;
1970 }
1971 qemu_free(path);
1972 } else {
1973 fprintf(stderr, "No certificate path provided\n");
1974 qemu_free(vs->display);
1975 vs->display = NULL;
1976 return -1;
1977 }
1978 #endif
1979 }
1980 }
1981
1982 if (password) {
1983 #ifdef CONFIG_VNC_TLS
1984 if (tls) {
1985 vs->auth = VNC_AUTH_VENCRYPT;
1986 if (x509) {
1987 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
1988 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
1989 } else {
1990 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
1991 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
1992 }
1993 } else {
1994 #endif
1995 VNC_DEBUG("Initializing VNC server with password auth\n");
1996 vs->auth = VNC_AUTH_VNC;
1997 #ifdef CONFIG_VNC_TLS
1998 vs->subauth = VNC_AUTH_INVALID;
1999 }
2000 #endif
2001 } else {
2002 #ifdef CONFIG_VNC_TLS
2003 if (tls) {
2004 vs->auth = VNC_AUTH_VENCRYPT;
2005 if (x509) {
2006 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2007 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2008 } else {
2009 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2010 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2011 }
2012 } else {
2013 #endif
2014 VNC_DEBUG("Initializing VNC server with no auth\n");
2015 vs->auth = VNC_AUTH_NONE;
2016 #ifdef CONFIG_VNC_TLS
2017 vs->subauth = VNC_AUTH_INVALID;
2018 }
2019 #endif
2020 }
2021
2022 if (reverse) {
2023 /* connect to viewer */
2024 if (strncmp(display, "unix:", 5) == 0)
2025 vs->lsock = unix_connect(display+5);
2026 else
2027 vs->lsock = inet_connect(display, SOCK_STREAM);
2028 if (-1 == vs->lsock) {
2029 free(vs->display);
2030 vs->display = NULL;
2031 return -1;
2032 } else {
2033 int csock = vs->lsock;
2034 vs->lsock = -1;
2035 vnc_connect(vs, csock);
2036 }
2037 return 0;
2038
2039 } else {
2040 /* listen for connects */
2041 char *dpy;
2042 dpy = qemu_malloc(256);
2043 if (strncmp(display, "unix:", 5) == 0) {
2044 pstrcpy(dpy, 256, "unix:");
2045 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2046 } else {
2047 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2048 }
2049 if (-1 == vs->lsock) {
2050 free(dpy);
2051 return -1;
2052 } else {
2053 free(vs->display);
2054 vs->display = dpy;
2055 }
2056 }
2057 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2058 }
Patches shipped by Fedora