search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vnc: really call zlib if we want zlib
[qemu.git] / vnc.c
blob8db15577deb2dcd919d7f68fb9ba15d92de23c3c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static int vnc_cursor_define(VncState *vs);
53
54 static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
56 socklen_t salen) {
57 char *addr;
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
60 int err;
61 size_t addrlen;
62
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
64 host, sizeof(host),
65 serv, sizeof(serv),
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
69 return NULL;
70 }
71
72 /* Enough for the existing format + the 2 vars we're
73 * substituting in. */
74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
77 addr[addrlen] = '\0';
78
79 return addr;
80 }
81
82
83 char *vnc_socket_local_addr(const char *format, int fd) {
84 struct sockaddr_storage sa;
85 socklen_t salen;
86
87 salen = sizeof(sa);
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89 return NULL;
90
91 return addr_to_string(format, &sa, salen);
92 }
93
94 char *vnc_socket_remote_addr(const char *format, int fd) {
95 struct sockaddr_storage sa;
96 socklen_t salen;
97
98 salen = sizeof(sa);
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100 return NULL;
101
102 return addr_to_string(format, &sa, salen);
103 }
104
105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106 socklen_t salen)
107 {
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
110 int err;
111
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
113 host, sizeof(host),
114 serv, sizeof(serv),
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
118 return -1;
119 }
120
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
124
125 return 0;
126 }
127
128 static int vnc_server_addr_put(QDict *qdict, int fd)
129 {
130 struct sockaddr_storage sa;
131 socklen_t salen;
132
133 salen = sizeof(sa);
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135 return -1;
136 }
137
138 return put_addr_qdict(qdict, &sa, salen);
139 }
140
141 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142 {
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148 return -1;
149 }
150
151 return put_addr_qdict(qdict, &sa, salen);
152 }
153
154 static const char *vnc_auth_name(VncDisplay *vd) {
155 switch (vd->auth) {
156 case VNC_AUTH_INVALID:
157 return "invalid";
158 case VNC_AUTH_NONE:
159 return "none";
160 case VNC_AUTH_VNC:
161 return "vnc";
162 case VNC_AUTH_RA2:
163 return "ra2";
164 case VNC_AUTH_RA2NE:
165 return "ra2ne";
166 case VNC_AUTH_TIGHT:
167 return "tight";
168 case VNC_AUTH_ULTRA:
169 return "ultra";
170 case VNC_AUTH_TLS:
171 return "tls";
172 case VNC_AUTH_VENCRYPT:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
193 default:
194 return "vencrypt";
195 }
196 #else
197 return "vencrypt";
198 #endif
199 case VNC_AUTH_SASL:
200 return "sasl";
201 }
202 return "unknown";
203 }
204
205 static int vnc_server_info_put(QDict *qdict)
206 {
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208 return -1;
209 }
210
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212 return 0;
213 }
214
215 static void vnc_client_cache_auth(VncState *client)
216 {
217 QDict *qdict;
218
219 if (!client->info) {
220 return;
221 }
222
223 qdict = qobject_to_qdict(client->info);
224
225 #ifdef CONFIG_VNC_TLS
226 if (client->tls.session &&
227 client->tls.dname) {
228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229 }
230 #endif
231 #ifdef CONFIG_VNC_SASL
232 if (client->sasl.conn &&
233 client->sasl.username) {
234 qdict_put(qdict, "sasl_username",
235 qstring_from_str(client->sasl.username));
236 }
237 #endif
238 }
239
240 static void vnc_client_cache_addr(VncState *client)
241 {
242 QDict *qdict;
243
244 qdict = qdict_new();
245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246 QDECREF(qdict);
247 /* XXX: how to report the error? */
248 return;
249 }
250
251 client->info = QOBJECT(qdict);
252 }
253
254 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255 {
256 QDict *server;
257 QObject *data;
258
259 if (!vs->info) {
260 return;
261 }
262
263 server = qdict_new();
264 if (vnc_server_info_put(server) < 0) {
265 QDECREF(server);
266 return;
267 }
268
269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs->info, QOBJECT(server));
271
272 monitor_protocol_event(event, data);
273
274 qobject_incref(vs->info);
275 qobject_decref(data);
276 }
277
278 static void info_vnc_iter(QObject *obj, void *opaque)
279 {
280 QDict *client;
281 Monitor *mon = opaque;
282
283 client = qobject_to_qdict(obj);
284 monitor_printf(mon, "Client:\n");
285 monitor_printf(mon, " address: %s:%s\n",
286 qdict_get_str(client, "host"),
287 qdict_get_str(client, "service"));
288
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon, " x509_dname: %s\n",
291 qdict_haskey(client, "x509_dname") ?
292 qdict_get_str(client, "x509_dname") : "none");
293 #endif
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon, " username: %s\n",
296 qdict_haskey(client, "sasl_username") ?
297 qdict_get_str(client, "sasl_username") : "none");
298 #endif
299 }
300
301 void do_info_vnc_print(Monitor *mon, const QObject *data)
302 {
303 QDict *server;
304 QList *clients;
305
306 server = qobject_to_qdict(data);
307 if (qdict_get_bool(server, "enabled") == 0) {
308 monitor_printf(mon, "Server: disabled\n");
309 return;
310 }
311
312 monitor_printf(mon, "Server:\n");
313 monitor_printf(mon, " address: %s:%s\n",
314 qdict_get_str(server, "host"),
315 qdict_get_str(server, "service"));
316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
317
318 clients = qdict_get_qlist(server, "clients");
319 if (qlist_empty(clients)) {
320 monitor_printf(mon, "Client: none\n");
321 } else {
322 qlist_iter(clients, info_vnc_iter, mon);
323 }
324 }
325
326 /**
327 * do_info_vnc(): Show VNC server information
328 *
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
331 *
332 * The main QDict contains the following:
333 *
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
340 *
341 * Clients are described by a QDict, with the following information:
342 *
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
348 *
349 * Example:
350 *
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
352 * "family": "ipv4",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
354 */
355 void do_info_vnc(Monitor *mon, QObject **ret_data)
356 {
357 if (vnc_display == NULL || vnc_display->display == NULL) {
358 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
359 } else {
360 QList *clist;
361 VncState *client;
362
363 clist = qlist_new();
364 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
365 if (client->info) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client->info);
368 qlist_append_obj(clist, client->info);
369 }
370 }
371
372 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
373 QOBJECT(clist));
374 assert(*ret_data != NULL);
375
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
377 qobject_decref(*ret_data);
378 *ret_data = NULL;
379 }
380 }
381 }
382
383 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
384 return (vs->features & (1 << feature));
385 }
386
387 /* TODO
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
392 */
393
394 static int vnc_update_client(VncState *vs, int has_dirty);
395 static void vnc_disconnect_start(VncState *vs);
396 static void vnc_disconnect_finish(VncState *vs);
397 static void vnc_init_timer(VncDisplay *vd);
398 static void vnc_remove_timer(VncDisplay *vd);
399
400 static void vnc_colordepth(VncState *vs);
401 static void framebuffer_update_request(VncState *vs, int incremental,
402 int x_position, int y_position,
403 int w, int h);
404 static void vnc_refresh(void *opaque);
405 static int vnc_refresh_server_surface(VncDisplay *vd);
406
407 static inline void vnc_set_bit(uint32_t *d, int k)
408 {
409 d[k >> 5] |= 1 << (k & 0x1f);
410 }
411
412 static inline void vnc_clear_bit(uint32_t *d, int k)
413 {
414 d[k >> 5] &= ~(1 << (k & 0x1f));
415 }
416
417 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
418 {
419 int j;
420
421 j = 0;
422 while (n >= 32) {
423 d[j++] = -1;
424 n -= 32;
425 }
426 if (n > 0)
427 d[j++] = (1 << n) - 1;
428 while (j < nb_words)
429 d[j++] = 0;
430 }
431
432 static inline int vnc_get_bit(const uint32_t *d, int k)
433 {
434 return (d[k >> 5] >> (k & 0x1f)) & 1;
435 }
436
437 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
438 int nb_words)
439 {
440 int i;
441 for(i = 0; i < nb_words; i++) {
442 if ((d1[i] & d2[i]) != 0)
443 return 1;
444 }
445 return 0;
446 }
447
448 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
449 {
450 int i;
451 VncDisplay *vd = ds->opaque;
452 struct VncSurface *s = &vd->guest;
453
454 h += y;
455
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
459 */
460 w += (x % 16);
461 x -= (x % 16);
462
463 x = MIN(x, s->ds->width);
464 y = MIN(y, s->ds->height);
465 w = MIN(x + w, s->ds->width) - x;
466 h = MIN(h, s->ds->height);
467
468 for (; y < h; y++)
469 for (i = 0; i < w; i += 16)
470 vnc_set_bit(s->dirty[y], (x + i) / 16);
471 }
472
473 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
474 int32_t encoding)
475 {
476 vnc_write_u16(vs, x);
477 vnc_write_u16(vs, y);
478 vnc_write_u16(vs, w);
479 vnc_write_u16(vs, h);
480
481 vnc_write_s32(vs, encoding);
482 }
483
484 void buffer_reserve(Buffer *buffer, size_t len)
485 {
486 if ((buffer->capacity - buffer->offset) < len) {
487 buffer->capacity += (len + 1024);
488 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
489 if (buffer->buffer == NULL) {
490 fprintf(stderr, "vnc: out of memory\n");
491 exit(1);
492 }
493 }
494 }
495
496 int buffer_empty(Buffer *buffer)
497 {
498 return buffer->offset == 0;
499 }
500
501 uint8_t *buffer_end(Buffer *buffer)
502 {
503 return buffer->buffer + buffer->offset;
504 }
505
506 void buffer_reset(Buffer *buffer)
507 {
508 buffer->offset = 0;
509 }
510
511 void buffer_append(Buffer *buffer, const void *data, size_t len)
512 {
513 memcpy(buffer->buffer + buffer->offset, data, len);
514 buffer->offset += len;
515 }
516
517 static void vnc_dpy_resize(DisplayState *ds)
518 {
519 int size_changed;
520 VncDisplay *vd = ds->opaque;
521 VncState *vs;
522
523 /* server surface */
524 if (!vd->server)
525 vd->server = qemu_mallocz(sizeof(*vd->server));
526 if (vd->server->data)
527 qemu_free(vd->server->data);
528 *(vd->server) = *(ds->surface);
529 vd->server->data = qemu_mallocz(vd->server->linesize *
530 vd->server->height);
531
532 /* guest surface */
533 if (!vd->guest.ds)
534 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
535 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
536 console_color_init(ds);
537 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
538 ds_get_height(ds) != vd->guest.ds->height;
539 *(vd->guest.ds) = *(ds->surface);
540 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
541
542 QTAILQ_FOREACH(vs, &vd->clients, next) {
543 vnc_colordepth(vs);
544 if (size_changed) {
545 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
546 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
547 vnc_write_u8(vs, 0);
548 vnc_write_u16(vs, 1); /* number of rects */
549 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
550 VNC_ENCODING_DESKTOPRESIZE);
551 vnc_flush(vs);
552 }
553 }
554 if (vs->vd->cursor) {
555 vnc_cursor_define(vs);
556 }
557 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
558 }
559 }
560
561 /* fastest code */
562 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
563 void *pixels, int size)
564 {
565 vnc_write(vs, pixels, size);
566 }
567
568 /* slowest but generic code. */
569 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
570 {
571 uint8_t r, g, b;
572 VncDisplay *vd = vs->vd;
573
574 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
575 vd->server->pf.rbits);
576 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
577 vd->server->pf.gbits);
578 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
579 vd->server->pf.bbits);
580 v = (r << vs->clientds.pf.rshift) |
581 (g << vs->clientds.pf.gshift) |
582 (b << vs->clientds.pf.bshift);
583 switch(vs->clientds.pf.bytes_per_pixel) {
584 case 1:
585 buf[0] = v;
586 break;
587 case 2:
588 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
589 buf[0] = v >> 8;
590 buf[1] = v;
591 } else {
592 buf[1] = v >> 8;
593 buf[0] = v;
594 }
595 break;
596 default:
597 case 4:
598 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
599 buf[0] = v >> 24;
600 buf[1] = v >> 16;
601 buf[2] = v >> 8;
602 buf[3] = v;
603 } else {
604 buf[3] = v >> 24;
605 buf[2] = v >> 16;
606 buf[1] = v >> 8;
607 buf[0] = v;
608 }
609 break;
610 }
611 }
612
613 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
614 void *pixels1, int size)
615 {
616 uint8_t buf[4];
617
618 if (pf->bytes_per_pixel == 4) {
619 uint32_t *pixels = pixels1;
620 int n, i;
621 n = size >> 2;
622 for(i = 0; i < n; i++) {
623 vnc_convert_pixel(vs, buf, pixels[i]);
624 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
625 }
626 } else if (pf->bytes_per_pixel == 2) {
627 uint16_t *pixels = pixels1;
628 int n, i;
629 n = size >> 1;
630 for(i = 0; i < n; i++) {
631 vnc_convert_pixel(vs, buf, pixels[i]);
632 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
633 }
634 } else if (pf->bytes_per_pixel == 1) {
635 uint8_t *pixels = pixels1;
636 int n, i;
637 n = size;
638 for(i = 0; i < n; i++) {
639 vnc_convert_pixel(vs, buf, pixels[i]);
640 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
641 }
642 } else {
643 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
644 }
645 }
646
647 void vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
648 {
649 int i;
650 uint8_t *row;
651 VncDisplay *vd = vs->vd;
652
653 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
654 for (i = 0; i < h; i++) {
655 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
656 row += ds_get_linesize(vs->ds);
657 }
658 }
659
660 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
661 {
662 switch(vs->vnc_encoding) {
663 case VNC_ENCODING_ZLIB:
664 vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
665 break;
666 case VNC_ENCODING_HEXTILE:
667 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
668 vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
669 break;
670 default:
671 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
672 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
673 break;
674 }
675 }
676
677 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
678 {
679 /* send bitblit op to the vnc client */
680 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
681 vnc_write_u8(vs, 0);
682 vnc_write_u16(vs, 1); /* number of rects */
683 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
684 vnc_write_u16(vs, src_x);
685 vnc_write_u16(vs, src_y);
686 vnc_flush(vs);
687 }
688
689 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
690 {
691 VncDisplay *vd = ds->opaque;
692 VncState *vs, *vn;
693 uint8_t *src_row;
694 uint8_t *dst_row;
695 int i,x,y,pitch,depth,inc,w_lim,s;
696 int cmp_bytes;
697
698 vnc_refresh_server_surface(vd);
699 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
700 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
701 vs->force_update = 1;
702 vnc_update_client(vs, 1);
703 /* vs might be free()ed here */
704 }
705 }
706
707 /* do bitblit op on the local surface too */
708 pitch = ds_get_linesize(vd->ds);
709 depth = ds_get_bytes_per_pixel(vd->ds);
710 src_row = vd->server->data + pitch * src_y + depth * src_x;
711 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
712 y = dst_y;
713 inc = 1;
714 if (dst_y > src_y) {
715 /* copy backwards */
716 src_row += pitch * (h-1);
717 dst_row += pitch * (h-1);
718 pitch = -pitch;
719 y = dst_y + h - 1;
720 inc = -1;
721 }
722 w_lim = w - (16 - (dst_x % 16));
723 if (w_lim < 0)
724 w_lim = w;
725 else
726 w_lim = w - (w_lim % 16);
727 for (i = 0; i < h; i++) {
728 for (x = 0; x <= w_lim;
729 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
730 if (x == w_lim) {
731 if ((s = w - w_lim) == 0)
732 break;
733 } else if (!x) {
734 s = (16 - (dst_x % 16));
735 s = MIN(s, w_lim);
736 } else {
737 s = 16;
738 }
739 cmp_bytes = s * depth;
740 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
741 continue;
742 memmove(dst_row, src_row, cmp_bytes);
743 QTAILQ_FOREACH(vs, &vd->clients, next) {
744 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
745 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
746 }
747 }
748 }
749 src_row += pitch - w * depth;
750 dst_row += pitch - w * depth;
751 y += inc;
752 }
753
754 QTAILQ_FOREACH(vs, &vd->clients, next) {
755 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
756 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
757 }
758 }
759 }
760
761 static void vnc_mouse_set(int x, int y, int visible)
762 {
763 /* can we ask the client(s) to move the pointer ??? */
764 }
765
766 static int vnc_cursor_define(VncState *vs)
767 {
768 QEMUCursor *c = vs->vd->cursor;
769 PixelFormat pf = qemu_default_pixelformat(32);
770 int isize;
771
772 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
773 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
774 vnc_write_u8(vs, 0); /* padding */
775 vnc_write_u16(vs, 1); /* # of rects */
776 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
777 VNC_ENCODING_RICH_CURSOR);
778 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
779 vnc_write_pixels_generic(vs, &pf, c->data, isize);
780 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
781 return 0;
782 }
783 return -1;
784 }
785
786 static void vnc_dpy_cursor_define(QEMUCursor *c)
787 {
788 VncDisplay *vd = vnc_display;
789 VncState *vs;
790
791 cursor_put(vd->cursor);
792 qemu_free(vd->cursor_mask);
793
794 vd->cursor = c;
795 cursor_get(vd->cursor);
796 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
797 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
798 cursor_get_mono_mask(c, 0, vd->cursor_mask);
799
800 QTAILQ_FOREACH(vs, &vd->clients, next) {
801 vnc_cursor_define(vs);
802 }
803 }
804
805 static int find_and_clear_dirty_height(struct VncState *vs,
806 int y, int last_x, int x)
807 {
808 int h;
809 VncDisplay *vd = vs->vd;
810
811 for (h = 1; h < (vd->server->height - y); h++) {
812 int tmp_x;
813 if (!vnc_get_bit(vs->dirty[y + h], last_x))
814 break;
815 for (tmp_x = last_x; tmp_x < x; tmp_x++)
816 vnc_clear_bit(vs->dirty[y + h], tmp_x);
817 }
818
819 return h;
820 }
821
822 static int vnc_update_client(VncState *vs, int has_dirty)
823 {
824 if (vs->need_update && vs->csock != -1) {
825 VncDisplay *vd = vs->vd;
826 int y;
827 int n_rectangles;
828 int saved_offset;
829
830 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
831 /* kernel send buffers are full -> drop frames to throttle */
832 return 0;
833
834 if (!has_dirty && !vs->audio_cap && !vs->force_update)
835 return 0;
836
837 /*
838 * Send screen updates to the vnc client using the server
839 * surface and server dirty map. guest surface updates
840 * happening in parallel don't disturb us, the next pass will
841 * send them to the client.
842 */
843 n_rectangles = 0;
844 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
845 vnc_write_u8(vs, 0);
846 saved_offset = vs->output.offset;
847 vnc_write_u16(vs, 0);
848
849 for (y = 0; y < vd->server->height; y++) {
850 int x;
851 int last_x = -1;
852 for (x = 0; x < vd->server->width / 16; x++) {
853 if (vnc_get_bit(vs->dirty[y], x)) {
854 if (last_x == -1) {
855 last_x = x;
856 }
857 vnc_clear_bit(vs->dirty[y], x);
858 } else {
859 if (last_x != -1) {
860 int h = find_and_clear_dirty_height(vs, y, last_x, x);
861 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
862 n_rectangles++;
863 }
864 last_x = -1;
865 }
866 }
867 if (last_x != -1) {
868 int h = find_and_clear_dirty_height(vs, y, last_x, x);
869 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
870 n_rectangles++;
871 }
872 }
873 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
874 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
875 vnc_flush(vs);
876 vs->force_update = 0;
877 return n_rectangles;
878 }
879
880 if (vs->csock == -1)
881 vnc_disconnect_finish(vs);
882
883 return 0;
884 }
885
886 /* audio */
887 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
888 {
889 VncState *vs = opaque;
890
891 switch (cmd) {
892 case AUD_CNOTIFY_DISABLE:
893 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
894 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
895 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
896 vnc_flush(vs);
897 break;
898
899 case AUD_CNOTIFY_ENABLE:
900 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
901 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
902 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
903 vnc_flush(vs);
904 break;
905 }
906 }
907
908 static void audio_capture_destroy(void *opaque)
909 {
910 }
911
912 static void audio_capture(void *opaque, void *buf, int size)
913 {
914 VncState *vs = opaque;
915
916 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
917 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
918 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
919 vnc_write_u32(vs, size);
920 vnc_write(vs, buf, size);
921 vnc_flush(vs);
922 }
923
924 static void audio_add(VncState *vs)
925 {
926 struct audio_capture_ops ops;
927
928 if (vs->audio_cap) {
929 monitor_printf(default_mon, "audio already running\n");
930 return;
931 }
932
933 ops.notify = audio_capture_notify;
934 ops.destroy = audio_capture_destroy;
935 ops.capture = audio_capture;
936
937 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
938 if (!vs->audio_cap) {
939 monitor_printf(default_mon, "Failed to add audio capture\n");
940 }
941 }
942
943 static void audio_del(VncState *vs)
944 {
945 if (vs->audio_cap) {
946 AUD_del_capture(vs->audio_cap, vs);
947 vs->audio_cap = NULL;
948 }
949 }
950
951 static void vnc_disconnect_start(VncState *vs)
952 {
953 if (vs->csock == -1)
954 return;
955 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
956 closesocket(vs->csock);
957 vs->csock = -1;
958 }
959
960 static void vnc_disconnect_finish(VncState *vs)
961 {
962 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
963
964 if (vs->input.buffer) {
965 qemu_free(vs->input.buffer);
966 vs->input.buffer = NULL;
967 }
968 if (vs->output.buffer) {
969 qemu_free(vs->output.buffer);
970 vs->output.buffer = NULL;
971 }
972
973 qobject_decref(vs->info);
974
975 #ifdef CONFIG_VNC_TLS
976 vnc_tls_client_cleanup(vs);
977 #endif /* CONFIG_VNC_TLS */
978 #ifdef CONFIG_VNC_SASL
979 vnc_sasl_client_cleanup(vs);
980 #endif /* CONFIG_VNC_SASL */
981 audio_del(vs);
982
983 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
984
985 if (QTAILQ_EMPTY(&vs->vd->clients)) {
986 dcl->idle = 1;
987 }
988
989 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
990 vnc_remove_timer(vs->vd);
991 if (vs->vd->lock_key_sync)
992 qemu_remove_led_event_handler(vs->led);
993 qemu_free(vs);
994 }
995
996 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
997 {
998 if (ret == 0 || ret == -1) {
999 if (ret == -1) {
1000 switch (last_errno) {
1001 case EINTR:
1002 case EAGAIN:
1003 #ifdef _WIN32
1004 case WSAEWOULDBLOCK:
1005 #endif
1006 return 0;
1007 default:
1008 break;
1009 }
1010 }
1011
1012 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1013 ret, ret < 0 ? last_errno : 0);
1014 vnc_disconnect_start(vs);
1015
1016 return 0;
1017 }
1018 return ret;
1019 }
1020
1021
1022 void vnc_client_error(VncState *vs)
1023 {
1024 VNC_DEBUG("Closing down client sock: protocol error\n");
1025 vnc_disconnect_start(vs);
1026 }
1027
1028
1029 /*
1030 * Called to write a chunk of data to the client socket. The data may
1031 * be the raw data, or may have already been encoded by SASL.
1032 * The data will be written either straight onto the socket, or
1033 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1034 *
1035 * NB, it is theoretically possible to have 2 layers of encryption,
1036 * both SASL, and this TLS layer. It is highly unlikely in practice
1037 * though, since SASL encryption will typically be a no-op if TLS
1038 * is active
1039 *
1040 * Returns the number of bytes written, which may be less than
1041 * the requested 'datalen' if the socket would block. Returns
1042 * -1 on error, and disconnects the client socket.
1043 */
1044 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1045 {
1046 long ret;
1047 #ifdef CONFIG_VNC_TLS
1048 if (vs->tls.session) {
1049 ret = gnutls_write(vs->tls.session, data, datalen);
1050 if (ret < 0) {
1051 if (ret == GNUTLS_E_AGAIN)
1052 errno = EAGAIN;
1053 else
1054 errno = EIO;
1055 ret = -1;
1056 }
1057 } else
1058 #endif /* CONFIG_VNC_TLS */
1059 ret = send(vs->csock, (const void *)data, datalen, 0);
1060 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1061 return vnc_client_io_error(vs, ret, socket_error());
1062 }
1063
1064
1065 /*
1066 * Called to write buffered data to the client socket, when not
1067 * using any SASL SSF encryption layers. Will write as much data
1068 * as possible without blocking. If all buffered data is written,
1069 * will switch the FD poll() handler back to read monitoring.
1070 *
1071 * Returns the number of bytes written, which may be less than
1072 * the buffered output data if the socket would block. Returns
1073 * -1 on error, and disconnects the client socket.
1074 */
1075 static long vnc_client_write_plain(VncState *vs)
1076 {
1077 long ret;
1078
1079 #ifdef CONFIG_VNC_SASL
1080 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1081 vs->output.buffer, vs->output.capacity, vs->output.offset,
1082 vs->sasl.waitWriteSSF);
1083
1084 if (vs->sasl.conn &&
1085 vs->sasl.runSSF &&
1086 vs->sasl.waitWriteSSF) {
1087 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1088 if (ret)
1089 vs->sasl.waitWriteSSF -= ret;
1090 } else
1091 #endif /* CONFIG_VNC_SASL */
1092 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1093 if (!ret)
1094 return 0;
1095
1096 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1097 vs->output.offset -= ret;
1098
1099 if (vs->output.offset == 0) {
1100 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1101 }
1102
1103 return ret;
1104 }
1105
1106
1107 /*
1108 * First function called whenever there is data to be written to
1109 * the client socket. Will delegate actual work according to whether
1110 * SASL SSF layers are enabled (thus requiring encryption calls)
1111 */
1112 void vnc_client_write(void *opaque)
1113 {
1114 VncState *vs = opaque;
1115
1116 #ifdef CONFIG_VNC_SASL
1117 if (vs->sasl.conn &&
1118 vs->sasl.runSSF &&
1119 !vs->sasl.waitWriteSSF) {
1120 vnc_client_write_sasl(vs);
1121 } else
1122 #endif /* CONFIG_VNC_SASL */
1123 vnc_client_write_plain(vs);
1124 }
1125
1126 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1127 {
1128 vs->read_handler = func;
1129 vs->read_handler_expect = expecting;
1130 }
1131
1132
1133 /*
1134 * Called to read a chunk of data from the client socket. The data may
1135 * be the raw data, or may need to be further decoded by SASL.
1136 * The data will be read either straight from to the socket, or
1137 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1138 *
1139 * NB, it is theoretically possible to have 2 layers of encryption,
1140 * both SASL, and this TLS layer. It is highly unlikely in practice
1141 * though, since SASL encryption will typically be a no-op if TLS
1142 * is active
1143 *
1144 * Returns the number of bytes read, which may be less than
1145 * the requested 'datalen' if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1147 */
1148 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1149 {
1150 long ret;
1151 #ifdef CONFIG_VNC_TLS
1152 if (vs->tls.session) {
1153 ret = gnutls_read(vs->tls.session, data, datalen);
1154 if (ret < 0) {
1155 if (ret == GNUTLS_E_AGAIN)
1156 errno = EAGAIN;
1157 else
1158 errno = EIO;
1159 ret = -1;
1160 }
1161 } else
1162 #endif /* CONFIG_VNC_TLS */
1163 ret = recv(vs->csock, (void *)data, datalen, 0);
1164 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1165 return vnc_client_io_error(vs, ret, socket_error());
1166 }
1167
1168
1169 /*
1170 * Called to read data from the client socket to the input buffer,
1171 * when not using any SASL SSF encryption layers. Will read as much
1172 * data as possible without blocking.
1173 *
1174 * Returns the number of bytes read. Returns -1 on error, and
1175 * disconnects the client socket.
1176 */
1177 static long vnc_client_read_plain(VncState *vs)
1178 {
1179 int ret;
1180 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1181 vs->input.buffer, vs->input.capacity, vs->input.offset);
1182 buffer_reserve(&vs->input, 4096);
1183 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1184 if (!ret)
1185 return 0;
1186 vs->input.offset += ret;
1187 return ret;
1188 }
1189
1190
1191 /*
1192 * First function called whenever there is more data to be read from
1193 * the client socket. Will delegate actual work according to whether
1194 * SASL SSF layers are enabled (thus requiring decryption calls)
1195 */
1196 void vnc_client_read(void *opaque)
1197 {
1198 VncState *vs = opaque;
1199 long ret;
1200
1201 #ifdef CONFIG_VNC_SASL
1202 if (vs->sasl.conn && vs->sasl.runSSF)
1203 ret = vnc_client_read_sasl(vs);
1204 else
1205 #endif /* CONFIG_VNC_SASL */
1206 ret = vnc_client_read_plain(vs);
1207 if (!ret) {
1208 if (vs->csock == -1)
1209 vnc_disconnect_finish(vs);
1210 return;
1211 }
1212
1213 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1214 size_t len = vs->read_handler_expect;
1215 int ret;
1216
1217 ret = vs->read_handler(vs, vs->input.buffer, len);
1218 if (vs->csock == -1) {
1219 vnc_disconnect_finish(vs);
1220 return;
1221 }
1222
1223 if (!ret) {
1224 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1225 vs->input.offset -= len;
1226 } else {
1227 vs->read_handler_expect = ret;
1228 }
1229 }
1230 }
1231
1232 void vnc_write(VncState *vs, const void *data, size_t len)
1233 {
1234 buffer_reserve(&vs->output, len);
1235
1236 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1237 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1238 }
1239
1240 buffer_append(&vs->output, data, len);
1241 }
1242
1243 void vnc_write_s32(VncState *vs, int32_t value)
1244 {
1245 vnc_write_u32(vs, *(uint32_t *)&value);
1246 }
1247
1248 void vnc_write_u32(VncState *vs, uint32_t value)
1249 {
1250 uint8_t buf[4];
1251
1252 buf[0] = (value >> 24) & 0xFF;
1253 buf[1] = (value >> 16) & 0xFF;
1254 buf[2] = (value >> 8) & 0xFF;
1255 buf[3] = value & 0xFF;
1256
1257 vnc_write(vs, buf, 4);
1258 }
1259
1260 void vnc_write_u16(VncState *vs, uint16_t value)
1261 {
1262 uint8_t buf[2];
1263
1264 buf[0] = (value >> 8) & 0xFF;
1265 buf[1] = value & 0xFF;
1266
1267 vnc_write(vs, buf, 2);
1268 }
1269
1270 void vnc_write_u8(VncState *vs, uint8_t value)
1271 {
1272 vnc_write(vs, (char *)&value, 1);
1273 }
1274
1275 void vnc_flush(VncState *vs)
1276 {
1277 if (vs->csock != -1 && vs->output.offset)
1278 vnc_client_write(vs);
1279 }
1280
1281 uint8_t read_u8(uint8_t *data, size_t offset)
1282 {
1283 return data[offset];
1284 }
1285
1286 uint16_t read_u16(uint8_t *data, size_t offset)
1287 {
1288 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1289 }
1290
1291 int32_t read_s32(uint8_t *data, size_t offset)
1292 {
1293 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1294 (data[offset + 2] << 8) | data[offset + 3]);
1295 }
1296
1297 uint32_t read_u32(uint8_t *data, size_t offset)
1298 {
1299 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1300 (data[offset + 2] << 8) | data[offset + 3]);
1301 }
1302
1303 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1304 {
1305 }
1306
1307 static void check_pointer_type_change(Notifier *notifier)
1308 {
1309 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1310 int absolute = kbd_mouse_is_absolute();
1311
1312 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1313 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1314 vnc_write_u8(vs, 0);
1315 vnc_write_u16(vs, 1);
1316 vnc_framebuffer_update(vs, absolute, 0,
1317 ds_get_width(vs->ds), ds_get_height(vs->ds),
1318 VNC_ENCODING_POINTER_TYPE_CHANGE);
1319 vnc_flush(vs);
1320 }
1321 vs->absolute = absolute;
1322 }
1323
1324 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1325 {
1326 int buttons = 0;
1327 int dz = 0;
1328
1329 if (button_mask & 0x01)
1330 buttons |= MOUSE_EVENT_LBUTTON;
1331 if (button_mask & 0x02)
1332 buttons |= MOUSE_EVENT_MBUTTON;
1333 if (button_mask & 0x04)
1334 buttons |= MOUSE_EVENT_RBUTTON;
1335 if (button_mask & 0x08)
1336 dz = -1;
1337 if (button_mask & 0x10)
1338 dz = 1;
1339
1340 if (vs->absolute) {
1341 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1342 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1343 ds_get_height(vs->ds) > 1 ?
1344 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1345 dz, buttons);
1346 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1347 x -= 0x7FFF;
1348 y -= 0x7FFF;
1349
1350 kbd_mouse_event(x, y, dz, buttons);
1351 } else {
1352 if (vs->last_x != -1)
1353 kbd_mouse_event(x - vs->last_x,
1354 y - vs->last_y,
1355 dz, buttons);
1356 vs->last_x = x;
1357 vs->last_y = y;
1358 }
1359 }
1360
1361 static void reset_keys(VncState *vs)
1362 {
1363 int i;
1364 for(i = 0; i < 256; i++) {
1365 if (vs->modifiers_state[i]) {
1366 if (i & SCANCODE_GREY)
1367 kbd_put_keycode(SCANCODE_EMUL0);
1368 kbd_put_keycode(i | SCANCODE_UP);
1369 vs->modifiers_state[i] = 0;
1370 }
1371 }
1372 }
1373
1374 static void press_key(VncState *vs, int keysym)
1375 {
1376 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1377 if (keycode & SCANCODE_GREY)
1378 kbd_put_keycode(SCANCODE_EMUL0);
1379 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1380 if (keycode & SCANCODE_GREY)
1381 kbd_put_keycode(SCANCODE_EMUL0);
1382 kbd_put_keycode(keycode | SCANCODE_UP);
1383 }
1384
1385 static void kbd_leds(void *opaque, int ledstate)
1386 {
1387 VncState *vs = opaque;
1388 int caps, num;
1389
1390 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1391 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1392
1393 if (vs->modifiers_state[0x3a] != caps) {
1394 vs->modifiers_state[0x3a] = caps;
1395 }
1396 if (vs->modifiers_state[0x45] != num) {
1397 vs->modifiers_state[0x45] = num;
1398 }
1399 }
1400
1401 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1402 {
1403 /* QEMU console switch */
1404 switch(keycode) {
1405 case 0x2a: /* Left Shift */
1406 case 0x36: /* Right Shift */
1407 case 0x1d: /* Left CTRL */
1408 case 0x9d: /* Right CTRL */
1409 case 0x38: /* Left ALT */
1410 case 0xb8: /* Right ALT */
1411 if (down)
1412 vs->modifiers_state[keycode] = 1;
1413 else
1414 vs->modifiers_state[keycode] = 0;
1415 break;
1416 case 0x02 ... 0x0a: /* '1' to '9' keys */
1417 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1418 /* Reset the modifiers sent to the current console */
1419 reset_keys(vs);
1420 console_select(keycode - 0x02);
1421 return;
1422 }
1423 break;
1424 case 0x3a: /* CapsLock */
1425 case 0x45: /* NumLock */
1426 if (down)
1427 vs->modifiers_state[keycode] ^= 1;
1428 break;
1429 }
1430
1431 if (vs->vd->lock_key_sync &&
1432 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1433 /* If the numlock state needs to change then simulate an additional
1434 keypress before sending this one. This will happen if the user
1435 toggles numlock away from the VNC window.
1436 */
1437 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1438 if (!vs->modifiers_state[0x45]) {
1439 vs->modifiers_state[0x45] = 1;
1440 press_key(vs, 0xff7f);
1441 }
1442 } else {
1443 if (vs->modifiers_state[0x45]) {
1444 vs->modifiers_state[0x45] = 0;
1445 press_key(vs, 0xff7f);
1446 }
1447 }
1448 }
1449
1450 if (vs->vd->lock_key_sync &&
1451 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1452 /* If the capslock state needs to change then simulate an additional
1453 keypress before sending this one. This will happen if the user
1454 toggles capslock away from the VNC window.
1455 */
1456 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1457 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1458 int capslock = !!(vs->modifiers_state[0x3a]);
1459 if (capslock) {
1460 if (uppercase == shift) {
1461 vs->modifiers_state[0x3a] = 0;
1462 press_key(vs, 0xffe5);
1463 }
1464 } else {
1465 if (uppercase != shift) {
1466 vs->modifiers_state[0x3a] = 1;
1467 press_key(vs, 0xffe5);
1468 }
1469 }
1470 }
1471
1472 if (is_graphic_console()) {
1473 if (keycode & SCANCODE_GREY)
1474 kbd_put_keycode(SCANCODE_EMUL0);
1475 if (down)
1476 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1477 else
1478 kbd_put_keycode(keycode | SCANCODE_UP);
1479 } else {
1480 /* QEMU console emulation */
1481 if (down) {
1482 int numlock = vs->modifiers_state[0x45];
1483 switch (keycode) {
1484 case 0x2a: /* Left Shift */
1485 case 0x36: /* Right Shift */
1486 case 0x1d: /* Left CTRL */
1487 case 0x9d: /* Right CTRL */
1488 case 0x38: /* Left ALT */
1489 case 0xb8: /* Right ALT */
1490 break;
1491 case 0xc8:
1492 kbd_put_keysym(QEMU_KEY_UP);
1493 break;
1494 case 0xd0:
1495 kbd_put_keysym(QEMU_KEY_DOWN);
1496 break;
1497 case 0xcb:
1498 kbd_put_keysym(QEMU_KEY_LEFT);
1499 break;
1500 case 0xcd:
1501 kbd_put_keysym(QEMU_KEY_RIGHT);
1502 break;
1503 case 0xd3:
1504 kbd_put_keysym(QEMU_KEY_DELETE);
1505 break;
1506 case 0xc7:
1507 kbd_put_keysym(QEMU_KEY_HOME);
1508 break;
1509 case 0xcf:
1510 kbd_put_keysym(QEMU_KEY_END);
1511 break;
1512 case 0xc9:
1513 kbd_put_keysym(QEMU_KEY_PAGEUP);
1514 break;
1515 case 0xd1:
1516 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1517 break;
1518
1519 case 0x47:
1520 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1521 break;
1522 case 0x48:
1523 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1524 break;
1525 case 0x49:
1526 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1527 break;
1528 case 0x4b:
1529 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1530 break;
1531 case 0x4c:
1532 kbd_put_keysym('5');
1533 break;
1534 case 0x4d:
1535 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1536 break;
1537 case 0x4f:
1538 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1539 break;
1540 case 0x50:
1541 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1542 break;
1543 case 0x51:
1544 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1545 break;
1546 case 0x52:
1547 kbd_put_keysym('0');
1548 break;
1549 case 0x53:
1550 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1551 break;
1552
1553 case 0xb5:
1554 kbd_put_keysym('/');
1555 break;
1556 case 0x37:
1557 kbd_put_keysym('*');
1558 break;
1559 case 0x4a:
1560 kbd_put_keysym('-');
1561 break;
1562 case 0x4e:
1563 kbd_put_keysym('+');
1564 break;
1565 case 0x9c:
1566 kbd_put_keysym('\n');
1567 break;
1568
1569 default:
1570 kbd_put_keysym(sym);
1571 break;
1572 }
1573 }
1574 }
1575 }
1576
1577 static void key_event(VncState *vs, int down, uint32_t sym)
1578 {
1579 int keycode;
1580 int lsym = sym;
1581
1582 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1583 lsym = lsym - 'A' + 'a';
1584 }
1585
1586 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1587 do_key_event(vs, down, keycode, sym);
1588 }
1589
1590 static void ext_key_event(VncState *vs, int down,
1591 uint32_t sym, uint16_t keycode)
1592 {
1593 /* if the user specifies a keyboard layout, always use it */
1594 if (keyboard_layout)
1595 key_event(vs, down, sym);
1596 else
1597 do_key_event(vs, down, keycode, sym);
1598 }
1599
1600 static void framebuffer_update_request(VncState *vs, int incremental,
1601 int x_position, int y_position,
1602 int w, int h)
1603 {
1604 if (y_position > ds_get_height(vs->ds))
1605 y_position = ds_get_height(vs->ds);
1606 if (y_position + h >= ds_get_height(vs->ds))
1607 h = ds_get_height(vs->ds) - y_position;
1608
1609 int i;
1610 vs->need_update = 1;
1611 if (!incremental) {
1612 vs->force_update = 1;
1613 for (i = 0; i < h; i++) {
1614 vnc_set_bits(vs->dirty[y_position + i],
1615 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1616 }
1617 }
1618 }
1619
1620 static void send_ext_key_event_ack(VncState *vs)
1621 {
1622 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1623 vnc_write_u8(vs, 0);
1624 vnc_write_u16(vs, 1);
1625 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1626 VNC_ENCODING_EXT_KEY_EVENT);
1627 vnc_flush(vs);
1628 }
1629
1630 static void send_ext_audio_ack(VncState *vs)
1631 {
1632 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1633 vnc_write_u8(vs, 0);
1634 vnc_write_u16(vs, 1);
1635 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1636 VNC_ENCODING_AUDIO);
1637 vnc_flush(vs);
1638 }
1639
1640 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1641 {
1642 int i;
1643 unsigned int enc = 0;
1644
1645 vnc_zlib_init(vs);
1646 vs->features = 0;
1647 vs->vnc_encoding = 0;
1648 vs->tight_compression = 9;
1649 vs->tight_quality = 9;
1650 vs->absolute = -1;
1651
1652 /*
1653 * Start from the end because the encodings are sent in order of preference.
1654 * This way the prefered encoding (first encoding defined in the array)
1655 * will be set at the end of the loop.
1656 */
1657 for (i = n_encodings - 1; i >= 0; i--) {
1658 enc = encodings[i];
1659 switch (enc) {
1660 case VNC_ENCODING_RAW:
1661 vs->vnc_encoding = enc;
1662 break;
1663 case VNC_ENCODING_COPYRECT:
1664 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1665 break;
1666 case VNC_ENCODING_HEXTILE:
1667 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1668 vs->vnc_encoding = enc;
1669 break;
1670 case VNC_ENCODING_ZLIB:
1671 vs->features |= VNC_FEATURE_ZLIB_MASK;
1672 vs->vnc_encoding = enc;
1673 break;
1674 case VNC_ENCODING_DESKTOPRESIZE:
1675 vs->features |= VNC_FEATURE_RESIZE_MASK;
1676 break;
1677 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1678 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1679 break;
1680 case VNC_ENCODING_RICH_CURSOR:
1681 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1682 break;
1683 case VNC_ENCODING_EXT_KEY_EVENT:
1684 send_ext_key_event_ack(vs);
1685 break;
1686 case VNC_ENCODING_AUDIO:
1687 send_ext_audio_ack(vs);
1688 break;
1689 case VNC_ENCODING_WMVi:
1690 vs->features |= VNC_FEATURE_WMVI_MASK;
1691 break;
1692 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1693 vs->tight_compression = (enc & 0x0F);
1694 break;
1695 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1696 vs->tight_quality = (enc & 0x0F);
1697 break;
1698 default:
1699 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1700 break;
1701 }
1702 }
1703 check_pointer_type_change(&vs->mouse_mode_notifier);
1704 }
1705
1706 static void set_pixel_conversion(VncState *vs)
1707 {
1708 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1709 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1710 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1711 vs->write_pixels = vnc_write_pixels_copy;
1712 vnc_hextile_set_pixel_conversion(vs, 0);
1713 } else {
1714 vs->write_pixels = vnc_write_pixels_generic;
1715 vnc_hextile_set_pixel_conversion(vs, 1);
1716 }
1717 }
1718
1719 static void set_pixel_format(VncState *vs,
1720 int bits_per_pixel, int depth,
1721 int big_endian_flag, int true_color_flag,
1722 int red_max, int green_max, int blue_max,
1723 int red_shift, int green_shift, int blue_shift)
1724 {
1725 if (!true_color_flag) {
1726 vnc_client_error(vs);
1727 return;
1728 }
1729
1730 vs->clientds = *(vs->vd->guest.ds);
1731 vs->clientds.pf.rmax = red_max;
1732 count_bits(vs->clientds.pf.rbits, red_max);
1733 vs->clientds.pf.rshift = red_shift;
1734 vs->clientds.pf.rmask = red_max << red_shift;
1735 vs->clientds.pf.gmax = green_max;
1736 count_bits(vs->clientds.pf.gbits, green_max);
1737 vs->clientds.pf.gshift = green_shift;
1738 vs->clientds.pf.gmask = green_max << green_shift;
1739 vs->clientds.pf.bmax = blue_max;
1740 count_bits(vs->clientds.pf.bbits, blue_max);
1741 vs->clientds.pf.bshift = blue_shift;
1742 vs->clientds.pf.bmask = blue_max << blue_shift;
1743 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1744 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1745 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1746 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1747
1748 set_pixel_conversion(vs);
1749
1750 vga_hw_invalidate();
1751 vga_hw_update();
1752 }
1753
1754 static void pixel_format_message (VncState *vs) {
1755 char pad[3] = { 0, 0, 0 };
1756
1757 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1758 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1759
1760 #ifdef HOST_WORDS_BIGENDIAN
1761 vnc_write_u8(vs, 1); /* big-endian-flag */
1762 #else
1763 vnc_write_u8(vs, 0); /* big-endian-flag */
1764 #endif
1765 vnc_write_u8(vs, 1); /* true-color-flag */
1766 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1767 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1768 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1769 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1770 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1771 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1772
1773 vnc_hextile_set_pixel_conversion(vs, 0);
1774
1775 vs->clientds = *(vs->ds->surface);
1776 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1777 vs->write_pixels = vnc_write_pixels_copy;
1778
1779 vnc_write(vs, pad, 3); /* padding */
1780 }
1781
1782 static void vnc_dpy_setdata(DisplayState *ds)
1783 {
1784 /* We don't have to do anything */
1785 }
1786
1787 static void vnc_colordepth(VncState *vs)
1788 {
1789 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1790 /* Sending a WMVi message to notify the client*/
1791 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1792 vnc_write_u8(vs, 0);
1793 vnc_write_u16(vs, 1); /* number of rects */
1794 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1795 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1796 pixel_format_message(vs);
1797 vnc_flush(vs);
1798 } else {
1799 set_pixel_conversion(vs);
1800 }
1801 }
1802
1803 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1804 {
1805 int i;
1806 uint16_t limit;
1807 VncDisplay *vd = vs->vd;
1808
1809 if (data[0] > 3) {
1810 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1811 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1812 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1813 }
1814
1815 switch (data[0]) {
1816 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1817 if (len == 1)
1818 return 20;
1819
1820 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1821 read_u8(data, 6), read_u8(data, 7),
1822 read_u16(data, 8), read_u16(data, 10),
1823 read_u16(data, 12), read_u8(data, 14),
1824 read_u8(data, 15), read_u8(data, 16));
1825 break;
1826 case VNC_MSG_CLIENT_SET_ENCODINGS:
1827 if (len == 1)
1828 return 4;
1829
1830 if (len == 4) {
1831 limit = read_u16(data, 2);
1832 if (limit > 0)
1833 return 4 + (limit * 4);
1834 } else
1835 limit = read_u16(data, 2);
1836
1837 for (i = 0; i < limit; i++) {
1838 int32_t val = read_s32(data, 4 + (i * 4));
1839 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1840 }
1841
1842 set_encodings(vs, (int32_t *)(data + 4), limit);
1843 break;
1844 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1845 if (len == 1)
1846 return 10;
1847
1848 framebuffer_update_request(vs,
1849 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1850 read_u16(data, 6), read_u16(data, 8));
1851 break;
1852 case VNC_MSG_CLIENT_KEY_EVENT:
1853 if (len == 1)
1854 return 8;
1855
1856 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1857 break;
1858 case VNC_MSG_CLIENT_POINTER_EVENT:
1859 if (len == 1)
1860 return 6;
1861
1862 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1863 break;
1864 case VNC_MSG_CLIENT_CUT_TEXT:
1865 if (len == 1)
1866 return 8;
1867
1868 if (len == 8) {
1869 uint32_t dlen = read_u32(data, 4);
1870 if (dlen > 0)
1871 return 8 + dlen;
1872 }
1873
1874 client_cut_text(vs, read_u32(data, 4), data + 8);
1875 break;
1876 case VNC_MSG_CLIENT_QEMU:
1877 if (len == 1)
1878 return 2;
1879
1880 switch (read_u8(data, 1)) {
1881 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1882 if (len == 2)
1883 return 12;
1884
1885 ext_key_event(vs, read_u16(data, 2),
1886 read_u32(data, 4), read_u32(data, 8));
1887 break;
1888 case VNC_MSG_CLIENT_QEMU_AUDIO:
1889 if (len == 2)
1890 return 4;
1891
1892 switch (read_u16 (data, 2)) {
1893 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1894 audio_add(vs);
1895 break;
1896 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1897 audio_del(vs);
1898 break;
1899 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1900 if (len == 4)
1901 return 10;
1902 switch (read_u8(data, 4)) {
1903 case 0: vs->as.fmt = AUD_FMT_U8; break;
1904 case 1: vs->as.fmt = AUD_FMT_S8; break;
1905 case 2: vs->as.fmt = AUD_FMT_U16; break;
1906 case 3: vs->as.fmt = AUD_FMT_S16; break;
1907 case 4: vs->as.fmt = AUD_FMT_U32; break;
1908 case 5: vs->as.fmt = AUD_FMT_S32; break;
1909 default:
1910 printf("Invalid audio format %d\n", read_u8(data, 4));
1911 vnc_client_error(vs);
1912 break;
1913 }
1914 vs->as.nchannels = read_u8(data, 5);
1915 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1916 printf("Invalid audio channel coount %d\n",
1917 read_u8(data, 5));
1918 vnc_client_error(vs);
1919 break;
1920 }
1921 vs->as.freq = read_u32(data, 6);
1922 break;
1923 default:
1924 printf ("Invalid audio message %d\n", read_u8(data, 4));
1925 vnc_client_error(vs);
1926 break;
1927 }
1928 break;
1929
1930 default:
1931 printf("Msg: %d\n", read_u16(data, 0));
1932 vnc_client_error(vs);
1933 break;
1934 }
1935 break;
1936 default:
1937 printf("Msg: %d\n", data[0]);
1938 vnc_client_error(vs);
1939 break;
1940 }
1941
1942 vnc_read_when(vs, protocol_client_msg, 1);
1943 return 0;
1944 }
1945
1946 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1947 {
1948 char buf[1024];
1949 int size;
1950
1951 vnc_write_u16(vs, ds_get_width(vs->ds));
1952 vnc_write_u16(vs, ds_get_height(vs->ds));
1953
1954 pixel_format_message(vs);
1955
1956 if (qemu_name)
1957 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1958 else
1959 size = snprintf(buf, sizeof(buf), "QEMU");
1960
1961 vnc_write_u32(vs, size);
1962 vnc_write(vs, buf, size);
1963 vnc_flush(vs);
1964
1965 vnc_client_cache_auth(vs);
1966 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
1967
1968 vnc_read_when(vs, protocol_client_msg, 1);
1969
1970 return 0;
1971 }
1972
1973 void start_client_init(VncState *vs)
1974 {
1975 vnc_read_when(vs, protocol_client_init, 1);
1976 }
1977
1978 static void make_challenge(VncState *vs)
1979 {
1980 int i;
1981
1982 srand(time(NULL)+getpid()+getpid()*987654+rand());
1983
1984 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1985 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1986 }
1987
1988 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1989 {
1990 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1991 int i, j, pwlen;
1992 unsigned char key[8];
1993
1994 if (!vs->vd->password || !vs->vd->password[0]) {
1995 VNC_DEBUG("No password configured on server");
1996 vnc_write_u32(vs, 1); /* Reject auth */
1997 if (vs->minor >= 8) {
1998 static const char err[] = "Authentication failed";
1999 vnc_write_u32(vs, sizeof(err));
2000 vnc_write(vs, err, sizeof(err));
2001 }
2002 vnc_flush(vs);
2003 vnc_client_error(vs);
2004 return 0;
2005 }
2006
2007 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2008
2009 /* Calculate the expected challenge response */
2010 pwlen = strlen(vs->vd->password);
2011 for (i=0; i<sizeof(key); i++)
2012 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2013 deskey(key, EN0);
2014 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2015 des(response+j, response+j);
2016
2017 /* Compare expected vs actual challenge response */
2018 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2019 VNC_DEBUG("Client challenge reponse did not match\n");
2020 vnc_write_u32(vs, 1); /* Reject auth */
2021 if (vs->minor >= 8) {
2022 static const char err[] = "Authentication failed";
2023 vnc_write_u32(vs, sizeof(err));
2024 vnc_write(vs, err, sizeof(err));
2025 }
2026 vnc_flush(vs);
2027 vnc_client_error(vs);
2028 } else {
2029 VNC_DEBUG("Accepting VNC challenge response\n");
2030 vnc_write_u32(vs, 0); /* Accept auth */
2031 vnc_flush(vs);
2032
2033 start_client_init(vs);
2034 }
2035 return 0;
2036 }
2037
2038 void start_auth_vnc(VncState *vs)
2039 {
2040 make_challenge(vs);
2041 /* Send client a 'random' challenge */
2042 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2043 vnc_flush(vs);
2044
2045 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2046 }
2047
2048
2049 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2050 {
2051 /* We only advertise 1 auth scheme at a time, so client
2052 * must pick the one we sent. Verify this */
2053 if (data[0] != vs->vd->auth) { /* Reject auth */
2054 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2055 vnc_write_u32(vs, 1);
2056 if (vs->minor >= 8) {
2057 static const char err[] = "Authentication failed";
2058 vnc_write_u32(vs, sizeof(err));
2059 vnc_write(vs, err, sizeof(err));
2060 }
2061 vnc_client_error(vs);
2062 } else { /* Accept requested auth */
2063 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2064 switch (vs->vd->auth) {
2065 case VNC_AUTH_NONE:
2066 VNC_DEBUG("Accept auth none\n");
2067 if (vs->minor >= 8) {
2068 vnc_write_u32(vs, 0); /* Accept auth completion */
2069 vnc_flush(vs);
2070 }
2071 start_client_init(vs);
2072 break;
2073
2074 case VNC_AUTH_VNC:
2075 VNC_DEBUG("Start VNC auth\n");
2076 start_auth_vnc(vs);
2077 break;
2078
2079 #ifdef CONFIG_VNC_TLS
2080 case VNC_AUTH_VENCRYPT:
2081 VNC_DEBUG("Accept VeNCrypt auth\n");;
2082 start_auth_vencrypt(vs);
2083 break;
2084 #endif /* CONFIG_VNC_TLS */
2085
2086 #ifdef CONFIG_VNC_SASL
2087 case VNC_AUTH_SASL:
2088 VNC_DEBUG("Accept SASL auth\n");
2089 start_auth_sasl(vs);
2090 break;
2091 #endif /* CONFIG_VNC_SASL */
2092
2093 default: /* Should not be possible, but just in case */
2094 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2095 vnc_write_u8(vs, 1);
2096 if (vs->minor >= 8) {
2097 static const char err[] = "Authentication failed";
2098 vnc_write_u32(vs, sizeof(err));
2099 vnc_write(vs, err, sizeof(err));
2100 }
2101 vnc_client_error(vs);
2102 }
2103 }
2104 return 0;
2105 }
2106
2107 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2108 {
2109 char local[13];
2110
2111 memcpy(local, version, 12);
2112 local[12] = 0;
2113
2114 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2115 VNC_DEBUG("Malformed protocol version %s\n", local);
2116 vnc_client_error(vs);
2117 return 0;
2118 }
2119 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2120 if (vs->major != 3 ||
2121 (vs->minor != 3 &&
2122 vs->minor != 4 &&
2123 vs->minor != 5 &&
2124 vs->minor != 7 &&
2125 vs->minor != 8)) {
2126 VNC_DEBUG("Unsupported client version\n");
2127 vnc_write_u32(vs, VNC_AUTH_INVALID);
2128 vnc_flush(vs);
2129 vnc_client_error(vs);
2130 return 0;
2131 }
2132 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2133 * as equivalent to v3.3 by servers
2134 */
2135 if (vs->minor == 4 || vs->minor == 5)
2136 vs->minor = 3;
2137
2138 if (vs->minor == 3) {
2139 if (vs->vd->auth == VNC_AUTH_NONE) {
2140 VNC_DEBUG("Tell client auth none\n");
2141 vnc_write_u32(vs, vs->vd->auth);
2142 vnc_flush(vs);
2143 start_client_init(vs);
2144 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2145 VNC_DEBUG("Tell client VNC auth\n");
2146 vnc_write_u32(vs, vs->vd->auth);
2147 vnc_flush(vs);
2148 start_auth_vnc(vs);
2149 } else {
2150 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2151 vnc_write_u32(vs, VNC_AUTH_INVALID);
2152 vnc_flush(vs);
2153 vnc_client_error(vs);
2154 }
2155 } else {
2156 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2157 vnc_write_u8(vs, 1); /* num auth */
2158 vnc_write_u8(vs, vs->vd->auth);
2159 vnc_read_when(vs, protocol_client_auth, 1);
2160 vnc_flush(vs);
2161 }
2162
2163 return 0;
2164 }
2165
2166 static int vnc_refresh_server_surface(VncDisplay *vd)
2167 {
2168 int y;
2169 uint8_t *guest_row;
2170 uint8_t *server_row;
2171 int cmp_bytes;
2172 uint32_t width_mask[VNC_DIRTY_WORDS];
2173 VncState *vs;
2174 int has_dirty = 0;
2175
2176 /*
2177 * Walk through the guest dirty map.
2178 * Check and copy modified bits from guest to server surface.
2179 * Update server dirty map.
2180 */
2181 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2182 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2183 guest_row = vd->guest.ds->data;
2184 server_row = vd->server->data;
2185 for (y = 0; y < vd->guest.ds->height; y++) {
2186 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2187 int x;
2188 uint8_t *guest_ptr;
2189 uint8_t *server_ptr;
2190
2191 guest_ptr = guest_row;
2192 server_ptr = server_row;
2193
2194 for (x = 0; x < vd->guest.ds->width;
2195 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2196 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2197 continue;
2198 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2199 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2200 continue;
2201 memcpy(server_ptr, guest_ptr, cmp_bytes);
2202 QTAILQ_FOREACH(vs, &vd->clients, next) {
2203 vnc_set_bit(vs->dirty[y], (x / 16));
2204 }
2205 has_dirty++;
2206 }
2207 }
2208 guest_row += ds_get_linesize(vd->ds);
2209 server_row += ds_get_linesize(vd->ds);
2210 }
2211 return has_dirty;
2212 }
2213
2214 static void vnc_refresh(void *opaque)
2215 {
2216 VncDisplay *vd = opaque;
2217 VncState *vs, *vn;
2218 int has_dirty, rects = 0;
2219
2220 vga_hw_update();
2221
2222 has_dirty = vnc_refresh_server_surface(vd);
2223
2224 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2225 rects += vnc_update_client(vs, has_dirty);
2226 /* vs might be free()ed here */
2227 }
2228 /* vd->timer could be NULL now if the last client disconnected,
2229 * in this case don't update the timer */
2230 if (vd->timer == NULL)
2231 return;
2232
2233 if (has_dirty && rects) {
2234 vd->timer_interval /= 2;
2235 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2236 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2237 } else {
2238 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2239 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2240 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2241 }
2242 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2243 }
2244
2245 static void vnc_init_timer(VncDisplay *vd)
2246 {
2247 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2248 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2249 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2250 vnc_refresh(vd);
2251 }
2252 }
2253
2254 static void vnc_remove_timer(VncDisplay *vd)
2255 {
2256 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2257 qemu_del_timer(vd->timer);
2258 qemu_free_timer(vd->timer);
2259 vd->timer = NULL;
2260 }
2261 }
2262
2263 static void vnc_connect(VncDisplay *vd, int csock)
2264 {
2265 VncState *vs = qemu_mallocz(sizeof(VncState));
2266 vs->csock = csock;
2267
2268 VNC_DEBUG("New client on socket %d\n", csock);
2269 dcl->idle = 0;
2270 socket_set_nonblock(vs->csock);
2271 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2272
2273 vnc_client_cache_addr(vs);
2274 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2275
2276 vs->vd = vd;
2277 vs->ds = vd->ds;
2278 vs->last_x = -1;
2279 vs->last_y = -1;
2280
2281 vs->as.freq = 44100;
2282 vs->as.nchannels = 2;
2283 vs->as.fmt = AUD_FMT_S16;
2284 vs->as.endianness = 0;
2285
2286 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2287
2288 vga_hw_update();
2289
2290 vnc_write(vs, "RFB 003.008\n", 12);
2291 vnc_flush(vs);
2292 vnc_read_when(vs, protocol_version, 12);
2293 reset_keys(vs);
2294 if (vs->vd->lock_key_sync)
2295 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2296
2297 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2298 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2299
2300 vnc_init_timer(vd);
2301
2302 /* vs might be free()ed here */
2303 }
2304
2305 static void vnc_listen_read(void *opaque)
2306 {
2307 VncDisplay *vs = opaque;
2308 struct sockaddr_in addr;
2309 socklen_t addrlen = sizeof(addr);
2310
2311 /* Catch-up */
2312 vga_hw_update();
2313
2314 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2315 if (csock != -1) {
2316 vnc_connect(vs, csock);
2317 }
2318 }
2319
2320 void vnc_display_init(DisplayState *ds)
2321 {
2322 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2323
2324 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2325
2326 ds->opaque = vs;
2327 dcl->idle = 1;
2328 vnc_display = vs;
2329
2330 vs->lsock = -1;
2331
2332 vs->ds = ds;
2333 QTAILQ_INIT(&vs->clients);
2334
2335 if (keyboard_layout)
2336 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2337 else
2338 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2339
2340 if (!vs->kbd_layout)
2341 exit(1);
2342
2343 dcl->dpy_copy = vnc_dpy_copy;
2344 dcl->dpy_update = vnc_dpy_update;
2345 dcl->dpy_resize = vnc_dpy_resize;
2346 dcl->dpy_setdata = vnc_dpy_setdata;
2347 register_displaychangelistener(ds, dcl);
2348 ds->mouse_set = vnc_mouse_set;
2349 ds->cursor_define = vnc_dpy_cursor_define;
2350 }
2351
2352
2353 void vnc_display_close(DisplayState *ds)
2354 {
2355 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2356
2357 if (!vs)
2358 return;
2359 if (vs->display) {
2360 qemu_free(vs->display);
2361 vs->display = NULL;
2362 }
2363 if (vs->lsock != -1) {
2364 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2365 close(vs->lsock);
2366 vs->lsock = -1;
2367 }
2368 vs->auth = VNC_AUTH_INVALID;
2369 #ifdef CONFIG_VNC_TLS
2370 vs->subauth = VNC_AUTH_INVALID;
2371 vs->tls.x509verify = 0;
2372 #endif
2373 }
2374
2375 int vnc_display_password(DisplayState *ds, const char *password)
2376 {
2377 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2378
2379 if (!vs) {
2380 return -1;
2381 }
2382
2383 if (vs->password) {
2384 qemu_free(vs->password);
2385 vs->password = NULL;
2386 }
2387 if (password && password[0]) {
2388 if (!(vs->password = qemu_strdup(password)))
2389 return -1;
2390 if (vs->auth == VNC_AUTH_NONE) {
2391 vs->auth = VNC_AUTH_VNC;
2392 }
2393 } else {
2394 vs->auth = VNC_AUTH_NONE;
2395 }
2396
2397 return 0;
2398 }
2399
2400 char *vnc_display_local_addr(DisplayState *ds)
2401 {
2402 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2403
2404 return vnc_socket_local_addr("%s:%s", vs->lsock);
2405 }
2406
2407 int vnc_display_open(DisplayState *ds, const char *display)
2408 {
2409 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2410 const char *options;
2411 int password = 0;
2412 int reverse = 0;
2413 #ifdef CONFIG_VNC_TLS
2414 int tls = 0, x509 = 0;
2415 #endif
2416 #ifdef CONFIG_VNC_SASL
2417 int sasl = 0;
2418 int saslErr;
2419 #endif
2420 int acl = 0;
2421 int lock_key_sync = 1;
2422
2423 if (!vnc_display)
2424 return -1;
2425 vnc_display_close(ds);
2426 if (strcmp(display, "none") == 0)
2427 return 0;
2428
2429 if (!(vs->display = strdup(display)))
2430 return -1;
2431
2432 options = display;
2433 while ((options = strchr(options, ','))) {
2434 options++;
2435 if (strncmp(options, "password", 8) == 0) {
2436 password = 1; /* Require password auth */
2437 } else if (strncmp(options, "reverse", 7) == 0) {
2438 reverse = 1;
2439 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2440 lock_key_sync = 0;
2441 #ifdef CONFIG_VNC_SASL
2442 } else if (strncmp(options, "sasl", 4) == 0) {
2443 sasl = 1; /* Require SASL auth */
2444 #endif
2445 #ifdef CONFIG_VNC_TLS
2446 } else if (strncmp(options, "tls", 3) == 0) {
2447 tls = 1; /* Require TLS */
2448 } else if (strncmp(options, "x509", 4) == 0) {
2449 char *start, *end;
2450 x509 = 1; /* Require x509 certificates */
2451 if (strncmp(options, "x509verify", 10) == 0)
2452 vs->tls.x509verify = 1; /* ...and verify client certs */
2453
2454 /* Now check for 'x509=/some/path' postfix
2455 * and use that to setup x509 certificate/key paths */
2456 start = strchr(options, '=');
2457 end = strchr(options, ',');
2458 if (start && (!end || (start < end))) {
2459 int len = end ? end-(start+1) : strlen(start+1);
2460 char *path = qemu_strndup(start + 1, len);
2461
2462 VNC_DEBUG("Trying certificate path '%s'\n", path);
2463 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2464 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2465 qemu_free(path);
2466 qemu_free(vs->display);
2467 vs->display = NULL;
2468 return -1;
2469 }
2470 qemu_free(path);
2471 } else {
2472 fprintf(stderr, "No certificate path provided\n");
2473 qemu_free(vs->display);
2474 vs->display = NULL;
2475 return -1;
2476 }
2477 #endif
2478 } else if (strncmp(options, "acl", 3) == 0) {
2479 acl = 1;
2480 }
2481 }
2482
2483 #ifdef CONFIG_VNC_TLS
2484 if (acl && x509 && vs->tls.x509verify) {
2485 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2486 fprintf(stderr, "Failed to create x509 dname ACL\n");
2487 exit(1);
2488 }
2489 }
2490 #endif
2491 #ifdef CONFIG_VNC_SASL
2492 if (acl && sasl) {
2493 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2494 fprintf(stderr, "Failed to create username ACL\n");
2495 exit(1);
2496 }
2497 }
2498 #endif
2499
2500 /*
2501 * Combinations we support here:
2502 *
2503 * - no-auth (clear text, no auth)
2504 * - password (clear text, weak auth)
2505 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2506 * - tls (encrypt, weak anonymous creds, no auth)
2507 * - tls + password (encrypt, weak anonymous creds, weak auth)
2508 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2509 * - tls + x509 (encrypt, good x509 creds, no auth)
2510 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2511 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2512 *
2513 * NB1. TLS is a stackable auth scheme.
2514 * NB2. the x509 schemes have option to validate a client cert dname
2515 */
2516 if (password) {
2517 #ifdef CONFIG_VNC_TLS
2518 if (tls) {
2519 vs->auth = VNC_AUTH_VENCRYPT;
2520 if (x509) {
2521 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2522 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2523 } else {
2524 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2525 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2526 }
2527 } else {
2528 #endif /* CONFIG_VNC_TLS */
2529 VNC_DEBUG("Initializing VNC server with password auth\n");
2530 vs->auth = VNC_AUTH_VNC;
2531 #ifdef CONFIG_VNC_TLS
2532 vs->subauth = VNC_AUTH_INVALID;
2533 }
2534 #endif /* CONFIG_VNC_TLS */
2535 #ifdef CONFIG_VNC_SASL
2536 } else if (sasl) {
2537 #ifdef CONFIG_VNC_TLS
2538 if (tls) {
2539 vs->auth = VNC_AUTH_VENCRYPT;
2540 if (x509) {
2541 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2542 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2543 } else {
2544 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2545 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2546 }
2547 } else {
2548 #endif /* CONFIG_VNC_TLS */
2549 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2550 vs->auth = VNC_AUTH_SASL;
2551 #ifdef CONFIG_VNC_TLS
2552 vs->subauth = VNC_AUTH_INVALID;
2553 }
2554 #endif /* CONFIG_VNC_TLS */
2555 #endif /* CONFIG_VNC_SASL */
2556 } else {
2557 #ifdef CONFIG_VNC_TLS
2558 if (tls) {
2559 vs->auth = VNC_AUTH_VENCRYPT;
2560 if (x509) {
2561 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2562 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2563 } else {
2564 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2565 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2566 }
2567 } else {
2568 #endif
2569 VNC_DEBUG("Initializing VNC server with no auth\n");
2570 vs->auth = VNC_AUTH_NONE;
2571 #ifdef CONFIG_VNC_TLS
2572 vs->subauth = VNC_AUTH_INVALID;
2573 }
2574 #endif
2575 }
2576
2577 #ifdef CONFIG_VNC_SASL
2578 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2579 fprintf(stderr, "Failed to initialize SASL auth %s",
2580 sasl_errstring(saslErr, NULL, NULL));
2581 free(vs->display);
2582 vs->display = NULL;
2583 return -1;
2584 }
2585 #endif
2586 vs->lock_key_sync = lock_key_sync;
2587
2588 if (reverse) {
2589 /* connect to viewer */
2590 if (strncmp(display, "unix:", 5) == 0)
2591 vs->lsock = unix_connect(display+5);
2592 else
2593 vs->lsock = inet_connect(display, SOCK_STREAM);
2594 if (-1 == vs->lsock) {
2595 free(vs->display);
2596 vs->display = NULL;
2597 return -1;
2598 } else {
2599 int csock = vs->lsock;
2600 vs->lsock = -1;
2601 vnc_connect(vs, csock);
2602 }
2603 return 0;
2604
2605 } else {
2606 /* listen for connects */
2607 char *dpy;
2608 dpy = qemu_malloc(256);
2609 if (strncmp(display, "unix:", 5) == 0) {
2610 pstrcpy(dpy, 256, "unix:");
2611 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2612 } else {
2613 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2614 }
2615 if (-1 == vs->lsock) {
2616 free(dpy);
2617 return -1;
2618 } else {
2619 free(vs->display);
2620 vs->display = dpy;
2621 }
2622 }
2623 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2624 }
QEmu