search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
input: keyboard: switch vnc ui to new core
[qemu.git] / ui / vnc.c
blob4658559496efbf0f00b58b8dc96f701eeebfaebb
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "vnc-jobs.h"
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
32 #include "qemu/acl.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
36 #include "ui/input.h"
37
38 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
39 #define VNC_REFRESH_INTERVAL_INC 50
40 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
41 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
42 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
43
44 #include "vnc_keysym.h"
45 #include "d3des.h"
46
47 static VncDisplay *vnc_display; /* needed for info vnc */
48
49 static int vnc_cursor_define(VncState *vs);
50 static void vnc_release_modifiers(VncState *vs);
51
52 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
53 {
54 #ifdef _VNC_DEBUG
55 static const char *mn[] = {
56 [0] = "undefined",
57 [VNC_SHARE_MODE_CONNECTING] = "connecting",
58 [VNC_SHARE_MODE_SHARED] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
61 };
62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
63 vs->csock, mn[vs->share_mode], mn[mode]);
64 #endif
65
66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
67 vs->vd->num_exclusive--;
68 }
69 vs->share_mode = mode;
70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
71 vs->vd->num_exclusive++;
72 }
73 }
74
75 static char *addr_to_string(const char *format,
76 struct sockaddr_storage *sa,
77 socklen_t salen) {
78 char *addr;
79 char host[NI_MAXHOST];
80 char serv[NI_MAXSERV];
81 int err;
82 size_t addrlen;
83
84 if ((err = getnameinfo((struct sockaddr *)sa, salen,
85 host, sizeof(host),
86 serv, sizeof(serv),
87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err, gai_strerror(err));
90 return NULL;
91 }
92
93 /* Enough for the existing format + the 2 vars we're
94 * substituting in. */
95 addrlen = strlen(format) + strlen(host) + strlen(serv);
96 addr = g_malloc(addrlen + 1);
97 snprintf(addr, addrlen, format, host, serv);
98 addr[addrlen] = '\0';
99
100 return addr;
101 }
102
103
104 char *vnc_socket_local_addr(const char *format, int fd) {
105 struct sockaddr_storage sa;
106 socklen_t salen;
107
108 salen = sizeof(sa);
109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
110 return NULL;
111
112 return addr_to_string(format, &sa, salen);
113 }
114
115 char *vnc_socket_remote_addr(const char *format, int fd) {
116 struct sockaddr_storage sa;
117 socklen_t salen;
118
119 salen = sizeof(sa);
120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
121 return NULL;
122
123 return addr_to_string(format, &sa, salen);
124 }
125
126 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
127 socklen_t salen)
128 {
129 char host[NI_MAXHOST];
130 char serv[NI_MAXSERV];
131 int err;
132
133 if ((err = getnameinfo((struct sockaddr *)sa, salen,
134 host, sizeof(host),
135 serv, sizeof(serv),
136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err, gai_strerror(err));
139 return -1;
140 }
141
142 qdict_put(qdict, "host", qstring_from_str(host));
143 qdict_put(qdict, "service", qstring_from_str(serv));
144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
145
146 return 0;
147 }
148
149 static int vnc_server_addr_put(QDict *qdict, int fd)
150 {
151 struct sockaddr_storage sa;
152 socklen_t salen;
153
154 salen = sizeof(sa);
155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
156 return -1;
157 }
158
159 return put_addr_qdict(qdict, &sa, salen);
160 }
161
162 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
163 {
164 struct sockaddr_storage sa;
165 socklen_t salen;
166
167 salen = sizeof(sa);
168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
169 return -1;
170 }
171
172 return put_addr_qdict(qdict, &sa, salen);
173 }
174
175 static const char *vnc_auth_name(VncDisplay *vd) {
176 switch (vd->auth) {
177 case VNC_AUTH_INVALID:
178 return "invalid";
179 case VNC_AUTH_NONE:
180 return "none";
181 case VNC_AUTH_VNC:
182 return "vnc";
183 case VNC_AUTH_RA2:
184 return "ra2";
185 case VNC_AUTH_RA2NE:
186 return "ra2ne";
187 case VNC_AUTH_TIGHT:
188 return "tight";
189 case VNC_AUTH_ULTRA:
190 return "ultra";
191 case VNC_AUTH_TLS:
192 return "tls";
193 case VNC_AUTH_VENCRYPT:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd->subauth) {
196 case VNC_AUTH_VENCRYPT_PLAIN:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL:
213 return "vencrypt+x509+sasl";
214 default:
215 return "vencrypt";
216 }
217 #else
218 return "vencrypt";
219 #endif
220 case VNC_AUTH_SASL:
221 return "sasl";
222 }
223 return "unknown";
224 }
225
226 static int vnc_server_info_put(QDict *qdict)
227 {
228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
229 return -1;
230 }
231
232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
233 return 0;
234 }
235
236 static void vnc_client_cache_auth(VncState *client)
237 {
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
239 QDict *qdict;
240 #endif
241
242 if (!client->info) {
243 return;
244 }
245
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict = qobject_to_qdict(client->info);
248 #endif
249
250 #ifdef CONFIG_VNC_TLS
251 if (client->tls.session &&
252 client->tls.dname) {
253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
254 }
255 #endif
256 #ifdef CONFIG_VNC_SASL
257 if (client->sasl.conn &&
258 client->sasl.username) {
259 qdict_put(qdict, "sasl_username",
260 qstring_from_str(client->sasl.username));
261 }
262 #endif
263 }
264
265 static void vnc_client_cache_addr(VncState *client)
266 {
267 QDict *qdict;
268
269 qdict = qdict_new();
270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
271 QDECREF(qdict);
272 /* XXX: how to report the error? */
273 return;
274 }
275
276 client->info = QOBJECT(qdict);
277 }
278
279 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
280 {
281 QDict *server;
282 QObject *data;
283
284 if (!vs->info) {
285 return;
286 }
287
288 server = qdict_new();
289 if (vnc_server_info_put(server) < 0) {
290 QDECREF(server);
291 return;
292 }
293
294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs->info, QOBJECT(server));
296
297 monitor_protocol_event(event, data);
298
299 qobject_incref(vs->info);
300 qobject_decref(data);
301 }
302
303 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
304 {
305 struct sockaddr_storage sa;
306 socklen_t salen = sizeof(sa);
307 char host[NI_MAXHOST];
308 char serv[NI_MAXSERV];
309 VncClientInfo *info;
310
311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
312 return NULL;
313 }
314
315 if (getnameinfo((struct sockaddr *)&sa, salen,
316 host, sizeof(host),
317 serv, sizeof(serv),
318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
319 return NULL;
320 }
321
322 info = g_malloc0(sizeof(*info));
323 info->host = g_strdup(host);
324 info->service = g_strdup(serv);
325 info->family = g_strdup(inet_strfamily(sa.ss_family));
326
327 #ifdef CONFIG_VNC_TLS
328 if (client->tls.session && client->tls.dname) {
329 info->has_x509_dname = true;
330 info->x509_dname = g_strdup(client->tls.dname);
331 }
332 #endif
333 #ifdef CONFIG_VNC_SASL
334 if (client->sasl.conn && client->sasl.username) {
335 info->has_sasl_username = true;
336 info->sasl_username = g_strdup(client->sasl.username);
337 }
338 #endif
339
340 return info;
341 }
342
343 VncInfo *qmp_query_vnc(Error **errp)
344 {
345 VncInfo *info = g_malloc0(sizeof(*info));
346
347 if (vnc_display == NULL || vnc_display->display == NULL) {
348 info->enabled = false;
349 } else {
350 VncClientInfoList *cur_item = NULL;
351 struct sockaddr_storage sa;
352 socklen_t salen = sizeof(sa);
353 char host[NI_MAXHOST];
354 char serv[NI_MAXSERV];
355 VncState *client;
356
357 info->enabled = true;
358
359 /* for compatibility with the original command */
360 info->has_clients = true;
361
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
364 cinfo->value = qmp_query_vnc_client(client);
365
366 /* XXX: waiting for the qapi to support GSList */
367 if (!cur_item) {
368 info->clients = cur_item = cinfo;
369 } else {
370 cur_item->next = cinfo;
371 cur_item = cinfo;
372 }
373 }
374
375 if (vnc_display->lsock == -1) {
376 return info;
377 }
378
379 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
380 &salen) == -1) {
381 error_set(errp, QERR_UNDEFINED_ERROR);
382 goto out_error;
383 }
384
385 if (getnameinfo((struct sockaddr *)&sa, salen,
386 host, sizeof(host),
387 serv, sizeof(serv),
388 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
389 error_set(errp, QERR_UNDEFINED_ERROR);
390 goto out_error;
391 }
392
393 info->has_host = true;
394 info->host = g_strdup(host);
395
396 info->has_service = true;
397 info->service = g_strdup(serv);
398
399 info->has_family = true;
400 info->family = g_strdup(inet_strfamily(sa.ss_family));
401
402 info->has_auth = true;
403 info->auth = g_strdup(vnc_auth_name(vnc_display));
404 }
405
406 return info;
407
408 out_error:
409 qapi_free_VncInfo(info);
410 return NULL;
411 }
412
413 /* TODO
414 1) Get the queue working for IO.
415 2) there is some weirdness when using the -S option (the screen is grey
416 and not totally invalidated
417 3) resolutions > 1024
418 */
419
420 static int vnc_update_client(VncState *vs, int has_dirty);
421 static int vnc_update_client_sync(VncState *vs, int has_dirty);
422 static void vnc_disconnect_start(VncState *vs);
423
424 static void vnc_colordepth(VncState *vs);
425 static void framebuffer_update_request(VncState *vs, int incremental,
426 int x_position, int y_position,
427 int w, int h);
428 static void vnc_refresh(DisplayChangeListener *dcl);
429 static int vnc_refresh_server_surface(VncDisplay *vd);
430
431 static void vnc_dpy_update(DisplayChangeListener *dcl,
432 int x, int y, int w, int h)
433 {
434 int i;
435 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
436 struct VncSurface *s = &vd->guest;
437 int width = surface_width(vd->ds);
438 int height = surface_height(vd->ds);
439
440 h += y;
441
442 /* round x down to ensure the loop only spans one 16-pixel block per,
443 iteration. otherwise, if (x % 16) != 0, the last iteration may span
444 two 16-pixel blocks but we only mark the first as dirty
445 */
446 w += (x % 16);
447 x -= (x % 16);
448
449 x = MIN(x, width);
450 y = MIN(y, height);
451 w = MIN(x + w, width) - x;
452 h = MIN(h, height);
453
454 for (; y < h; y++)
455 for (i = 0; i < w; i += 16)
456 set_bit((x + i) / 16, s->dirty[y]);
457 }
458
459 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
460 int32_t encoding)
461 {
462 vnc_write_u16(vs, x);
463 vnc_write_u16(vs, y);
464 vnc_write_u16(vs, w);
465 vnc_write_u16(vs, h);
466
467 vnc_write_s32(vs, encoding);
468 }
469
470 void buffer_reserve(Buffer *buffer, size_t len)
471 {
472 if ((buffer->capacity - buffer->offset) < len) {
473 buffer->capacity += (len + 1024);
474 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
475 if (buffer->buffer == NULL) {
476 fprintf(stderr, "vnc: out of memory\n");
477 exit(1);
478 }
479 }
480 }
481
482 static int buffer_empty(Buffer *buffer)
483 {
484 return buffer->offset == 0;
485 }
486
487 uint8_t *buffer_end(Buffer *buffer)
488 {
489 return buffer->buffer + buffer->offset;
490 }
491
492 void buffer_reset(Buffer *buffer)
493 {
494 buffer->offset = 0;
495 }
496
497 void buffer_free(Buffer *buffer)
498 {
499 g_free(buffer->buffer);
500 buffer->offset = 0;
501 buffer->capacity = 0;
502 buffer->buffer = NULL;
503 }
504
505 void buffer_append(Buffer *buffer, const void *data, size_t len)
506 {
507 memcpy(buffer->buffer + buffer->offset, data, len);
508 buffer->offset += len;
509 }
510
511 void buffer_advance(Buffer *buf, size_t len)
512 {
513 memmove(buf->buffer, buf->buffer + len,
514 (buf->offset - len));
515 buf->offset -= len;
516 }
517
518 static void vnc_desktop_resize(VncState *vs)
519 {
520 DisplaySurface *ds = vs->vd->ds;
521
522 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
523 return;
524 }
525 if (vs->client_width == surface_width(ds) &&
526 vs->client_height == surface_height(ds)) {
527 return;
528 }
529 vs->client_width = surface_width(ds);
530 vs->client_height = surface_height(ds);
531 vnc_lock_output(vs);
532 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
533 vnc_write_u8(vs, 0);
534 vnc_write_u16(vs, 1); /* number of rects */
535 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
536 VNC_ENCODING_DESKTOPRESIZE);
537 vnc_unlock_output(vs);
538 vnc_flush(vs);
539 }
540
541 static void vnc_abort_display_jobs(VncDisplay *vd)
542 {
543 VncState *vs;
544
545 QTAILQ_FOREACH(vs, &vd->clients, next) {
546 vnc_lock_output(vs);
547 vs->abort = true;
548 vnc_unlock_output(vs);
549 }
550 QTAILQ_FOREACH(vs, &vd->clients, next) {
551 vnc_jobs_join(vs);
552 }
553 QTAILQ_FOREACH(vs, &vd->clients, next) {
554 vnc_lock_output(vs);
555 vs->abort = false;
556 vnc_unlock_output(vs);
557 }
558 }
559
560 int vnc_server_fb_stride(VncDisplay *vd)
561 {
562 return pixman_image_get_stride(vd->server);
563 }
564
565 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
566 {
567 uint8_t *ptr;
568
569 ptr = (uint8_t *)pixman_image_get_data(vd->server);
570 ptr += y * vnc_server_fb_stride(vd);
571 ptr += x * VNC_SERVER_FB_BYTES;
572 return ptr;
573 }
574
575 static void vnc_dpy_switch(DisplayChangeListener *dcl,
576 DisplaySurface *surface)
577 {
578 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
579 VncState *vs;
580
581 vnc_abort_display_jobs(vd);
582
583 /* server surface */
584 qemu_pixman_image_unref(vd->server);
585 vd->ds = surface;
586 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
587 surface_width(vd->ds),
588 surface_height(vd->ds),
589 NULL, 0);
590
591 /* guest surface */
592 #if 0 /* FIXME */
593 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
594 console_color_init(ds);
595 #endif
596 qemu_pixman_image_unref(vd->guest.fb);
597 vd->guest.fb = pixman_image_ref(surface->image);
598 vd->guest.format = surface->format;
599 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
600
601 QTAILQ_FOREACH(vs, &vd->clients, next) {
602 vnc_colordepth(vs);
603 vnc_desktop_resize(vs);
604 if (vs->vd->cursor) {
605 vnc_cursor_define(vs);
606 }
607 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
608 }
609 }
610
611 /* fastest code */
612 static void vnc_write_pixels_copy(VncState *vs,
613 void *pixels, int size)
614 {
615 vnc_write(vs, pixels, size);
616 }
617
618 /* slowest but generic code. */
619 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
620 {
621 uint8_t r, g, b;
622
623 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
624 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
625 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
626 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
627 #else
628 # error need some bits here if you change VNC_SERVER_FB_FORMAT
629 #endif
630 v = (r << vs->client_pf.rshift) |
631 (g << vs->client_pf.gshift) |
632 (b << vs->client_pf.bshift);
633 switch (vs->client_pf.bytes_per_pixel) {
634 case 1:
635 buf[0] = v;
636 break;
637 case 2:
638 if (vs->client_be) {
639 buf[0] = v >> 8;
640 buf[1] = v;
641 } else {
642 buf[1] = v >> 8;
643 buf[0] = v;
644 }
645 break;
646 default:
647 case 4:
648 if (vs->client_be) {
649 buf[0] = v >> 24;
650 buf[1] = v >> 16;
651 buf[2] = v >> 8;
652 buf[3] = v;
653 } else {
654 buf[3] = v >> 24;
655 buf[2] = v >> 16;
656 buf[1] = v >> 8;
657 buf[0] = v;
658 }
659 break;
660 }
661 }
662
663 static void vnc_write_pixels_generic(VncState *vs,
664 void *pixels1, int size)
665 {
666 uint8_t buf[4];
667
668 if (VNC_SERVER_FB_BYTES == 4) {
669 uint32_t *pixels = pixels1;
670 int n, i;
671 n = size >> 2;
672 for (i = 0; i < n; i++) {
673 vnc_convert_pixel(vs, buf, pixels[i]);
674 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
675 }
676 }
677 }
678
679 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
680 {
681 int i;
682 uint8_t *row;
683 VncDisplay *vd = vs->vd;
684
685 row = vnc_server_fb_ptr(vd, x, y);
686 for (i = 0; i < h; i++) {
687 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
688 row += vnc_server_fb_stride(vd);
689 }
690 return 1;
691 }
692
693 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
694 {
695 int n = 0;
696
697 switch(vs->vnc_encoding) {
698 case VNC_ENCODING_ZLIB:
699 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
700 break;
701 case VNC_ENCODING_HEXTILE:
702 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
703 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
704 break;
705 case VNC_ENCODING_TIGHT:
706 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
707 break;
708 case VNC_ENCODING_TIGHT_PNG:
709 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
710 break;
711 case VNC_ENCODING_ZRLE:
712 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
713 break;
714 case VNC_ENCODING_ZYWRLE:
715 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
716 break;
717 default:
718 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
719 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
720 break;
721 }
722 return n;
723 }
724
725 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
726 {
727 /* send bitblit op to the vnc client */
728 vnc_lock_output(vs);
729 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
730 vnc_write_u8(vs, 0);
731 vnc_write_u16(vs, 1); /* number of rects */
732 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
733 vnc_write_u16(vs, src_x);
734 vnc_write_u16(vs, src_y);
735 vnc_unlock_output(vs);
736 vnc_flush(vs);
737 }
738
739 static void vnc_dpy_copy(DisplayChangeListener *dcl,
740 int src_x, int src_y,
741 int dst_x, int dst_y, int w, int h)
742 {
743 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
744 VncState *vs, *vn;
745 uint8_t *src_row;
746 uint8_t *dst_row;
747 int i, x, y, pitch, inc, w_lim, s;
748 int cmp_bytes;
749
750 vnc_refresh_server_surface(vd);
751 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
752 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
753 vs->force_update = 1;
754 vnc_update_client_sync(vs, 1);
755 /* vs might be free()ed here */
756 }
757 }
758
759 /* do bitblit op on the local surface too */
760 pitch = vnc_server_fb_stride(vd);
761 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
762 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
763 y = dst_y;
764 inc = 1;
765 if (dst_y > src_y) {
766 /* copy backwards */
767 src_row += pitch * (h-1);
768 dst_row += pitch * (h-1);
769 pitch = -pitch;
770 y = dst_y + h - 1;
771 inc = -1;
772 }
773 w_lim = w - (16 - (dst_x % 16));
774 if (w_lim < 0)
775 w_lim = w;
776 else
777 w_lim = w - (w_lim % 16);
778 for (i = 0; i < h; i++) {
779 for (x = 0; x <= w_lim;
780 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
781 if (x == w_lim) {
782 if ((s = w - w_lim) == 0)
783 break;
784 } else if (!x) {
785 s = (16 - (dst_x % 16));
786 s = MIN(s, w_lim);
787 } else {
788 s = 16;
789 }
790 cmp_bytes = s * VNC_SERVER_FB_BYTES;
791 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
792 continue;
793 memmove(dst_row, src_row, cmp_bytes);
794 QTAILQ_FOREACH(vs, &vd->clients, next) {
795 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
796 set_bit(((x + dst_x) / 16), vs->dirty[y]);
797 }
798 }
799 }
800 src_row += pitch - w * VNC_SERVER_FB_BYTES;
801 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
802 y += inc;
803 }
804
805 QTAILQ_FOREACH(vs, &vd->clients, next) {
806 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
807 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
808 }
809 }
810 }
811
812 static void vnc_mouse_set(DisplayChangeListener *dcl,
813 int x, int y, int visible)
814 {
815 /* can we ask the client(s) to move the pointer ??? */
816 }
817
818 static int vnc_cursor_define(VncState *vs)
819 {
820 QEMUCursor *c = vs->vd->cursor;
821 int isize;
822
823 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
824 vnc_lock_output(vs);
825 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
826 vnc_write_u8(vs, 0); /* padding */
827 vnc_write_u16(vs, 1); /* # of rects */
828 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
829 VNC_ENCODING_RICH_CURSOR);
830 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
831 vnc_write_pixels_generic(vs, c->data, isize);
832 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
833 vnc_unlock_output(vs);
834 return 0;
835 }
836 return -1;
837 }
838
839 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
840 QEMUCursor *c)
841 {
842 VncDisplay *vd = vnc_display;
843 VncState *vs;
844
845 cursor_put(vd->cursor);
846 g_free(vd->cursor_mask);
847
848 vd->cursor = c;
849 cursor_get(vd->cursor);
850 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
851 vd->cursor_mask = g_malloc0(vd->cursor_msize);
852 cursor_get_mono_mask(c, 0, vd->cursor_mask);
853
854 QTAILQ_FOREACH(vs, &vd->clients, next) {
855 vnc_cursor_define(vs);
856 }
857 }
858
859 static int find_and_clear_dirty_height(struct VncState *vs,
860 int y, int last_x, int x, int height)
861 {
862 int h;
863
864 for (h = 1; h < (height - y); h++) {
865 int tmp_x;
866 if (!test_bit(last_x, vs->dirty[y + h])) {
867 break;
868 }
869 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
870 clear_bit(tmp_x, vs->dirty[y + h]);
871 }
872 }
873
874 return h;
875 }
876
877 static int vnc_update_client_sync(VncState *vs, int has_dirty)
878 {
879 int ret = vnc_update_client(vs, has_dirty);
880 vnc_jobs_join(vs);
881 return ret;
882 }
883
884 static int vnc_update_client(VncState *vs, int has_dirty)
885 {
886 if (vs->need_update && vs->csock != -1) {
887 VncDisplay *vd = vs->vd;
888 VncJob *job;
889 int y;
890 int width, height;
891 int n = 0;
892
893
894 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
895 /* kernel send buffers are full -> drop frames to throttle */
896 return 0;
897
898 if (!has_dirty && !vs->audio_cap && !vs->force_update)
899 return 0;
900
901 /*
902 * Send screen updates to the vnc client using the server
903 * surface and server dirty map. guest surface updates
904 * happening in parallel don't disturb us, the next pass will
905 * send them to the client.
906 */
907 job = vnc_job_new(vs);
908
909 width = MIN(pixman_image_get_width(vd->server), vs->client_width);
910 height = MIN(pixman_image_get_height(vd->server), vs->client_height);
911
912 for (y = 0; y < height; y++) {
913 int x;
914 int last_x = -1;
915 for (x = 0; x < width / 16; x++) {
916 if (test_and_clear_bit(x, vs->dirty[y])) {
917 if (last_x == -1) {
918 last_x = x;
919 }
920 } else {
921 if (last_x != -1) {
922 int h = find_and_clear_dirty_height(vs, y, last_x, x,
923 height);
924
925 n += vnc_job_add_rect(job, last_x * 16, y,
926 (x - last_x) * 16, h);
927 }
928 last_x = -1;
929 }
930 }
931 if (last_x != -1) {
932 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
933 n += vnc_job_add_rect(job, last_x * 16, y,
934 (x - last_x) * 16, h);
935 }
936 }
937
938 vnc_job_push(job);
939 vs->force_update = 0;
940 return n;
941 }
942
943 if (vs->csock == -1)
944 vnc_disconnect_finish(vs);
945
946 return 0;
947 }
948
949 /* audio */
950 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
951 {
952 VncState *vs = opaque;
953
954 switch (cmd) {
955 case AUD_CNOTIFY_DISABLE:
956 vnc_lock_output(vs);
957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
959 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
960 vnc_unlock_output(vs);
961 vnc_flush(vs);
962 break;
963
964 case AUD_CNOTIFY_ENABLE:
965 vnc_lock_output(vs);
966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
967 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
968 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
969 vnc_unlock_output(vs);
970 vnc_flush(vs);
971 break;
972 }
973 }
974
975 static void audio_capture_destroy(void *opaque)
976 {
977 }
978
979 static void audio_capture(void *opaque, void *buf, int size)
980 {
981 VncState *vs = opaque;
982
983 vnc_lock_output(vs);
984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
985 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
986 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
987 vnc_write_u32(vs, size);
988 vnc_write(vs, buf, size);
989 vnc_unlock_output(vs);
990 vnc_flush(vs);
991 }
992
993 static void audio_add(VncState *vs)
994 {
995 struct audio_capture_ops ops;
996
997 if (vs->audio_cap) {
998 monitor_printf(default_mon, "audio already running\n");
999 return;
1000 }
1001
1002 ops.notify = audio_capture_notify;
1003 ops.destroy = audio_capture_destroy;
1004 ops.capture = audio_capture;
1005
1006 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1007 if (!vs->audio_cap) {
1008 monitor_printf(default_mon, "Failed to add audio capture\n");
1009 }
1010 }
1011
1012 static void audio_del(VncState *vs)
1013 {
1014 if (vs->audio_cap) {
1015 AUD_del_capture(vs->audio_cap, vs);
1016 vs->audio_cap = NULL;
1017 }
1018 }
1019
1020 static void vnc_disconnect_start(VncState *vs)
1021 {
1022 if (vs->csock == -1)
1023 return;
1024 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1025 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1026 closesocket(vs->csock);
1027 vs->csock = -1;
1028 }
1029
1030 void vnc_disconnect_finish(VncState *vs)
1031 {
1032 int i;
1033
1034 vnc_jobs_join(vs); /* Wait encoding jobs */
1035
1036 vnc_lock_output(vs);
1037 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1038
1039 buffer_free(&vs->input);
1040 buffer_free(&vs->output);
1041 #ifdef CONFIG_VNC_WS
1042 buffer_free(&vs->ws_input);
1043 buffer_free(&vs->ws_output);
1044 #endif /* CONFIG_VNC_WS */
1045
1046 qobject_decref(vs->info);
1047
1048 vnc_zlib_clear(vs);
1049 vnc_tight_clear(vs);
1050 vnc_zrle_clear(vs);
1051
1052 #ifdef CONFIG_VNC_TLS
1053 vnc_tls_client_cleanup(vs);
1054 #endif /* CONFIG_VNC_TLS */
1055 #ifdef CONFIG_VNC_SASL
1056 vnc_sasl_client_cleanup(vs);
1057 #endif /* CONFIG_VNC_SASL */
1058 audio_del(vs);
1059 vnc_release_modifiers(vs);
1060
1061 if (vs->initialized) {
1062 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1063 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1064 }
1065
1066 if (vs->vd->lock_key_sync)
1067 qemu_remove_led_event_handler(vs->led);
1068 vnc_unlock_output(vs);
1069
1070 qemu_mutex_destroy(&vs->output_mutex);
1071 if (vs->bh != NULL) {
1072 qemu_bh_delete(vs->bh);
1073 }
1074 buffer_free(&vs->jobs_buffer);
1075
1076 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1077 g_free(vs->lossy_rect[i]);
1078 }
1079 g_free(vs->lossy_rect);
1080 g_free(vs);
1081 }
1082
1083 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1084 {
1085 if (ret == 0 || ret == -1) {
1086 if (ret == -1) {
1087 switch (last_errno) {
1088 case EINTR:
1089 case EAGAIN:
1090 #ifdef _WIN32
1091 case WSAEWOULDBLOCK:
1092 #endif
1093 return 0;
1094 default:
1095 break;
1096 }
1097 }
1098
1099 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1100 ret, ret < 0 ? last_errno : 0);
1101 vnc_disconnect_start(vs);
1102
1103 return 0;
1104 }
1105 return ret;
1106 }
1107
1108
1109 void vnc_client_error(VncState *vs)
1110 {
1111 VNC_DEBUG("Closing down client sock: protocol error\n");
1112 vnc_disconnect_start(vs);
1113 }
1114
1115 #ifdef CONFIG_VNC_TLS
1116 static long vnc_client_write_tls(gnutls_session_t *session,
1117 const uint8_t *data,
1118 size_t datalen)
1119 {
1120 long ret = gnutls_write(*session, data, datalen);
1121 if (ret < 0) {
1122 if (ret == GNUTLS_E_AGAIN) {
1123 errno = EAGAIN;
1124 } else {
1125 errno = EIO;
1126 }
1127 ret = -1;
1128 }
1129 return ret;
1130 }
1131 #endif /* CONFIG_VNC_TLS */
1132
1133 /*
1134 * Called to write a chunk of data to the client socket. The data may
1135 * be the raw data, or may have already been encoded by SASL.
1136 * The data will be written either straight onto the socket, or
1137 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1138 *
1139 * NB, it is theoretically possible to have 2 layers of encryption,
1140 * both SASL, and this TLS layer. It is highly unlikely in practice
1141 * though, since SASL encryption will typically be a no-op if TLS
1142 * is active
1143 *
1144 * Returns the number of bytes written, which may be less than
1145 * the requested 'datalen' if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1147 */
1148 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1149 {
1150 long ret;
1151 #ifdef CONFIG_VNC_TLS
1152 if (vs->tls.session) {
1153 ret = vnc_client_write_tls(&vs->tls.session, data, datalen);
1154 } else {
1155 #ifdef CONFIG_VNC_WS
1156 if (vs->ws_tls.session) {
1157 ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen);
1158 } else
1159 #endif /* CONFIG_VNC_WS */
1160 #endif /* CONFIG_VNC_TLS */
1161 {
1162 ret = send(vs->csock, (const void *)data, datalen, 0);
1163 }
1164 #ifdef CONFIG_VNC_TLS
1165 }
1166 #endif /* CONFIG_VNC_TLS */
1167 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1168 return vnc_client_io_error(vs, ret, socket_error());
1169 }
1170
1171
1172 /*
1173 * Called to write buffered data to the client socket, when not
1174 * using any SASL SSF encryption layers. Will write as much data
1175 * as possible without blocking. If all buffered data is written,
1176 * will switch the FD poll() handler back to read monitoring.
1177 *
1178 * Returns the number of bytes written, which may be less than
1179 * the buffered output data if the socket would block. Returns
1180 * -1 on error, and disconnects the client socket.
1181 */
1182 static long vnc_client_write_plain(VncState *vs)
1183 {
1184 long ret;
1185
1186 #ifdef CONFIG_VNC_SASL
1187 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1188 vs->output.buffer, vs->output.capacity, vs->output.offset,
1189 vs->sasl.waitWriteSSF);
1190
1191 if (vs->sasl.conn &&
1192 vs->sasl.runSSF &&
1193 vs->sasl.waitWriteSSF) {
1194 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1195 if (ret)
1196 vs->sasl.waitWriteSSF -= ret;
1197 } else
1198 #endif /* CONFIG_VNC_SASL */
1199 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1200 if (!ret)
1201 return 0;
1202
1203 buffer_advance(&vs->output, ret);
1204
1205 if (vs->output.offset == 0) {
1206 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1207 }
1208
1209 return ret;
1210 }
1211
1212
1213 /*
1214 * First function called whenever there is data to be written to
1215 * the client socket. Will delegate actual work according to whether
1216 * SASL SSF layers are enabled (thus requiring encryption calls)
1217 */
1218 static void vnc_client_write_locked(void *opaque)
1219 {
1220 VncState *vs = opaque;
1221
1222 #ifdef CONFIG_VNC_SASL
1223 if (vs->sasl.conn &&
1224 vs->sasl.runSSF &&
1225 !vs->sasl.waitWriteSSF) {
1226 vnc_client_write_sasl(vs);
1227 } else
1228 #endif /* CONFIG_VNC_SASL */
1229 {
1230 #ifdef CONFIG_VNC_WS
1231 if (vs->encode_ws) {
1232 vnc_client_write_ws(vs);
1233 } else
1234 #endif /* CONFIG_VNC_WS */
1235 {
1236 vnc_client_write_plain(vs);
1237 }
1238 }
1239 }
1240
1241 void vnc_client_write(void *opaque)
1242 {
1243 VncState *vs = opaque;
1244
1245 vnc_lock_output(vs);
1246 if (vs->output.offset
1247 #ifdef CONFIG_VNC_WS
1248 || vs->ws_output.offset
1249 #endif
1250 ) {
1251 vnc_client_write_locked(opaque);
1252 } else if (vs->csock != -1) {
1253 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1254 }
1255 vnc_unlock_output(vs);
1256 }
1257
1258 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1259 {
1260 vs->read_handler = func;
1261 vs->read_handler_expect = expecting;
1262 }
1263
1264 #ifdef CONFIG_VNC_TLS
1265 static long vnc_client_read_tls(gnutls_session_t *session, uint8_t *data,
1266 size_t datalen)
1267 {
1268 long ret = gnutls_read(*session, data, datalen);
1269 if (ret < 0) {
1270 if (ret == GNUTLS_E_AGAIN) {
1271 errno = EAGAIN;
1272 } else {
1273 errno = EIO;
1274 }
1275 ret = -1;
1276 }
1277 return ret;
1278 }
1279 #endif /* CONFIG_VNC_TLS */
1280
1281 /*
1282 * Called to read a chunk of data from the client socket. The data may
1283 * be the raw data, or may need to be further decoded by SASL.
1284 * The data will be read either straight from to the socket, or
1285 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1286 *
1287 * NB, it is theoretically possible to have 2 layers of encryption,
1288 * both SASL, and this TLS layer. It is highly unlikely in practice
1289 * though, since SASL encryption will typically be a no-op if TLS
1290 * is active
1291 *
1292 * Returns the number of bytes read, which may be less than
1293 * the requested 'datalen' if the socket would block. Returns
1294 * -1 on error, and disconnects the client socket.
1295 */
1296 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1297 {
1298 long ret;
1299 #ifdef CONFIG_VNC_TLS
1300 if (vs->tls.session) {
1301 ret = vnc_client_read_tls(&vs->tls.session, data, datalen);
1302 } else {
1303 #ifdef CONFIG_VNC_WS
1304 if (vs->ws_tls.session) {
1305 ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen);
1306 } else
1307 #endif /* CONFIG_VNC_WS */
1308 #endif /* CONFIG_VNC_TLS */
1309 {
1310 ret = qemu_recv(vs->csock, data, datalen, 0);
1311 }
1312 #ifdef CONFIG_VNC_TLS
1313 }
1314 #endif /* CONFIG_VNC_TLS */
1315 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1316 return vnc_client_io_error(vs, ret, socket_error());
1317 }
1318
1319
1320 /*
1321 * Called to read data from the client socket to the input buffer,
1322 * when not using any SASL SSF encryption layers. Will read as much
1323 * data as possible without blocking.
1324 *
1325 * Returns the number of bytes read. Returns -1 on error, and
1326 * disconnects the client socket.
1327 */
1328 static long vnc_client_read_plain(VncState *vs)
1329 {
1330 int ret;
1331 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1332 vs->input.buffer, vs->input.capacity, vs->input.offset);
1333 buffer_reserve(&vs->input, 4096);
1334 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1335 if (!ret)
1336 return 0;
1337 vs->input.offset += ret;
1338 return ret;
1339 }
1340
1341 static void vnc_jobs_bh(void *opaque)
1342 {
1343 VncState *vs = opaque;
1344
1345 vnc_jobs_consume_buffer(vs);
1346 }
1347
1348 /*
1349 * First function called whenever there is more data to be read from
1350 * the client socket. Will delegate actual work according to whether
1351 * SASL SSF layers are enabled (thus requiring decryption calls)
1352 */
1353 void vnc_client_read(void *opaque)
1354 {
1355 VncState *vs = opaque;
1356 long ret;
1357
1358 #ifdef CONFIG_VNC_SASL
1359 if (vs->sasl.conn && vs->sasl.runSSF)
1360 ret = vnc_client_read_sasl(vs);
1361 else
1362 #endif /* CONFIG_VNC_SASL */
1363 #ifdef CONFIG_VNC_WS
1364 if (vs->encode_ws) {
1365 ret = vnc_client_read_ws(vs);
1366 if (ret == -1) {
1367 vnc_disconnect_start(vs);
1368 return;
1369 } else if (ret == -2) {
1370 vnc_client_error(vs);
1371 return;
1372 }
1373 } else
1374 #endif /* CONFIG_VNC_WS */
1375 {
1376 ret = vnc_client_read_plain(vs);
1377 }
1378 if (!ret) {
1379 if (vs->csock == -1)
1380 vnc_disconnect_finish(vs);
1381 return;
1382 }
1383
1384 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1385 size_t len = vs->read_handler_expect;
1386 int ret;
1387
1388 ret = vs->read_handler(vs, vs->input.buffer, len);
1389 if (vs->csock == -1) {
1390 vnc_disconnect_finish(vs);
1391 return;
1392 }
1393
1394 if (!ret) {
1395 buffer_advance(&vs->input, len);
1396 } else {
1397 vs->read_handler_expect = ret;
1398 }
1399 }
1400 }
1401
1402 void vnc_write(VncState *vs, const void *data, size_t len)
1403 {
1404 buffer_reserve(&vs->output, len);
1405
1406 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1407 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1408 }
1409
1410 buffer_append(&vs->output, data, len);
1411 }
1412
1413 void vnc_write_s32(VncState *vs, int32_t value)
1414 {
1415 vnc_write_u32(vs, *(uint32_t *)&value);
1416 }
1417
1418 void vnc_write_u32(VncState *vs, uint32_t value)
1419 {
1420 uint8_t buf[4];
1421
1422 buf[0] = (value >> 24) & 0xFF;
1423 buf[1] = (value >> 16) & 0xFF;
1424 buf[2] = (value >> 8) & 0xFF;
1425 buf[3] = value & 0xFF;
1426
1427 vnc_write(vs, buf, 4);
1428 }
1429
1430 void vnc_write_u16(VncState *vs, uint16_t value)
1431 {
1432 uint8_t buf[2];
1433
1434 buf[0] = (value >> 8) & 0xFF;
1435 buf[1] = value & 0xFF;
1436
1437 vnc_write(vs, buf, 2);
1438 }
1439
1440 void vnc_write_u8(VncState *vs, uint8_t value)
1441 {
1442 vnc_write(vs, (char *)&value, 1);
1443 }
1444
1445 void vnc_flush(VncState *vs)
1446 {
1447 vnc_lock_output(vs);
1448 if (vs->csock != -1 && (vs->output.offset
1449 #ifdef CONFIG_VNC_WS
1450 || vs->ws_output.offset
1451 #endif
1452 )) {
1453 vnc_client_write_locked(vs);
1454 }
1455 vnc_unlock_output(vs);
1456 }
1457
1458 static uint8_t read_u8(uint8_t *data, size_t offset)
1459 {
1460 return data[offset];
1461 }
1462
1463 static uint16_t read_u16(uint8_t *data, size_t offset)
1464 {
1465 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1466 }
1467
1468 static int32_t read_s32(uint8_t *data, size_t offset)
1469 {
1470 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1471 (data[offset + 2] << 8) | data[offset + 3]);
1472 }
1473
1474 uint32_t read_u32(uint8_t *data, size_t offset)
1475 {
1476 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1477 (data[offset + 2] << 8) | data[offset + 3]);
1478 }
1479
1480 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1481 {
1482 }
1483
1484 static void check_pointer_type_change(Notifier *notifier, void *data)
1485 {
1486 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1487 int absolute = kbd_mouse_is_absolute();
1488
1489 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1490 vnc_lock_output(vs);
1491 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1492 vnc_write_u8(vs, 0);
1493 vnc_write_u16(vs, 1);
1494 vnc_framebuffer_update(vs, absolute, 0,
1495 surface_width(vs->vd->ds),
1496 surface_height(vs->vd->ds),
1497 VNC_ENCODING_POINTER_TYPE_CHANGE);
1498 vnc_unlock_output(vs);
1499 vnc_flush(vs);
1500 }
1501 vs->absolute = absolute;
1502 }
1503
1504 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1505 {
1506 int buttons = 0;
1507 int dz = 0;
1508 int width = surface_width(vs->vd->ds);
1509 int height = surface_height(vs->vd->ds);
1510
1511 if (button_mask & 0x01)
1512 buttons |= MOUSE_EVENT_LBUTTON;
1513 if (button_mask & 0x02)
1514 buttons |= MOUSE_EVENT_MBUTTON;
1515 if (button_mask & 0x04)
1516 buttons |= MOUSE_EVENT_RBUTTON;
1517 if (button_mask & 0x08)
1518 dz = -1;
1519 if (button_mask & 0x10)
1520 dz = 1;
1521
1522 if (vs->absolute) {
1523 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000,
1524 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000,
1525 dz, buttons);
1526 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1527 x -= 0x7FFF;
1528 y -= 0x7FFF;
1529
1530 kbd_mouse_event(x, y, dz, buttons);
1531 } else {
1532 if (vs->last_x != -1)
1533 kbd_mouse_event(x - vs->last_x,
1534 y - vs->last_y,
1535 dz, buttons);
1536 vs->last_x = x;
1537 vs->last_y = y;
1538 }
1539 }
1540
1541 static void reset_keys(VncState *vs)
1542 {
1543 int i;
1544 for(i = 0; i < 256; i++) {
1545 if (vs->modifiers_state[i]) {
1546 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1547 vs->modifiers_state[i] = 0;
1548 }
1549 }
1550 }
1551
1552 static void press_key(VncState *vs, int keysym)
1553 {
1554 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1555 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1556 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1557 }
1558
1559 static int current_led_state(VncState *vs)
1560 {
1561 int ledstate = 0;
1562
1563 if (vs->modifiers_state[0x46]) {
1564 ledstate |= QEMU_SCROLL_LOCK_LED;
1565 }
1566 if (vs->modifiers_state[0x45]) {
1567 ledstate |= QEMU_NUM_LOCK_LED;
1568 }
1569 if (vs->modifiers_state[0x3a]) {
1570 ledstate |= QEMU_CAPS_LOCK_LED;
1571 }
1572
1573 return ledstate;
1574 }
1575
1576 static void vnc_led_state_change(VncState *vs)
1577 {
1578 int ledstate = 0;
1579
1580 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1581 return;
1582 }
1583
1584 ledstate = current_led_state(vs);
1585 vnc_lock_output(vs);
1586 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1587 vnc_write_u8(vs, 0);
1588 vnc_write_u16(vs, 1);
1589 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1590 vnc_write_u8(vs, ledstate);
1591 vnc_unlock_output(vs);
1592 vnc_flush(vs);
1593 }
1594
1595 static void kbd_leds(void *opaque, int ledstate)
1596 {
1597 VncState *vs = opaque;
1598 int caps, num, scr;
1599 bool has_changed = (ledstate != current_led_state(vs));
1600
1601 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1602 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1603 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1604
1605 if (vs->modifiers_state[0x3a] != caps) {
1606 vs->modifiers_state[0x3a] = caps;
1607 }
1608 if (vs->modifiers_state[0x45] != num) {
1609 vs->modifiers_state[0x45] = num;
1610 }
1611 if (vs->modifiers_state[0x46] != scr) {
1612 vs->modifiers_state[0x46] = scr;
1613 }
1614
1615 /* Sending the current led state message to the client */
1616 if (has_changed) {
1617 vnc_led_state_change(vs);
1618 }
1619 }
1620
1621 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1622 {
1623 /* QEMU console switch */
1624 switch(keycode) {
1625 case 0x2a: /* Left Shift */
1626 case 0x36: /* Right Shift */
1627 case 0x1d: /* Left CTRL */
1628 case 0x9d: /* Right CTRL */
1629 case 0x38: /* Left ALT */
1630 case 0xb8: /* Right ALT */
1631 if (down)
1632 vs->modifiers_state[keycode] = 1;
1633 else
1634 vs->modifiers_state[keycode] = 0;
1635 break;
1636 case 0x02 ... 0x0a: /* '1' to '9' keys */
1637 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1638 /* Reset the modifiers sent to the current console */
1639 reset_keys(vs);
1640 console_select(keycode - 0x02);
1641 return;
1642 }
1643 break;
1644 case 0x3a: /* CapsLock */
1645 case 0x45: /* NumLock */
1646 if (down)
1647 vs->modifiers_state[keycode] ^= 1;
1648 break;
1649 }
1650
1651 /* Turn off the lock state sync logic if the client support the led
1652 state extension.
1653 */
1654 if (down && vs->vd->lock_key_sync &&
1655 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1656 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1657 /* If the numlock state needs to change then simulate an additional
1658 keypress before sending this one. This will happen if the user
1659 toggles numlock away from the VNC window.
1660 */
1661 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1662 if (!vs->modifiers_state[0x45]) {
1663 vs->modifiers_state[0x45] = 1;
1664 press_key(vs, 0xff7f);
1665 }
1666 } else {
1667 if (vs->modifiers_state[0x45]) {
1668 vs->modifiers_state[0x45] = 0;
1669 press_key(vs, 0xff7f);
1670 }
1671 }
1672 }
1673
1674 if (down && vs->vd->lock_key_sync &&
1675 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1676 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1677 /* If the capslock state needs to change then simulate an additional
1678 keypress before sending this one. This will happen if the user
1679 toggles capslock away from the VNC window.
1680 */
1681 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1682 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1683 int capslock = !!(vs->modifiers_state[0x3a]);
1684 if (capslock) {
1685 if (uppercase == shift) {
1686 vs->modifiers_state[0x3a] = 0;
1687 press_key(vs, 0xffe5);
1688 }
1689 } else {
1690 if (uppercase != shift) {
1691 vs->modifiers_state[0x3a] = 1;
1692 press_key(vs, 0xffe5);
1693 }
1694 }
1695 }
1696
1697 if (qemu_console_is_graphic(NULL)) {
1698 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1699 } else {
1700 bool numlock = vs->modifiers_state[0x45];
1701 bool control = (vs->modifiers_state[0x1d] ||
1702 vs->modifiers_state[0x9d]);
1703 /* QEMU console emulation */
1704 if (down) {
1705 switch (keycode) {
1706 case 0x2a: /* Left Shift */
1707 case 0x36: /* Right Shift */
1708 case 0x1d: /* Left CTRL */
1709 case 0x9d: /* Right CTRL */
1710 case 0x38: /* Left ALT */
1711 case 0xb8: /* Right ALT */
1712 break;
1713 case 0xc8:
1714 kbd_put_keysym(QEMU_KEY_UP);
1715 break;
1716 case 0xd0:
1717 kbd_put_keysym(QEMU_KEY_DOWN);
1718 break;
1719 case 0xcb:
1720 kbd_put_keysym(QEMU_KEY_LEFT);
1721 break;
1722 case 0xcd:
1723 kbd_put_keysym(QEMU_KEY_RIGHT);
1724 break;
1725 case 0xd3:
1726 kbd_put_keysym(QEMU_KEY_DELETE);
1727 break;
1728 case 0xc7:
1729 kbd_put_keysym(QEMU_KEY_HOME);
1730 break;
1731 case 0xcf:
1732 kbd_put_keysym(QEMU_KEY_END);
1733 break;
1734 case 0xc9:
1735 kbd_put_keysym(QEMU_KEY_PAGEUP);
1736 break;
1737 case 0xd1:
1738 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1739 break;
1740
1741 case 0x47:
1742 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1743 break;
1744 case 0x48:
1745 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1746 break;
1747 case 0x49:
1748 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1749 break;
1750 case 0x4b:
1751 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1752 break;
1753 case 0x4c:
1754 kbd_put_keysym('5');
1755 break;
1756 case 0x4d:
1757 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1758 break;
1759 case 0x4f:
1760 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1761 break;
1762 case 0x50:
1763 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1764 break;
1765 case 0x51:
1766 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1767 break;
1768 case 0x52:
1769 kbd_put_keysym('0');
1770 break;
1771 case 0x53:
1772 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1773 break;
1774
1775 case 0xb5:
1776 kbd_put_keysym('/');
1777 break;
1778 case 0x37:
1779 kbd_put_keysym('*');
1780 break;
1781 case 0x4a:
1782 kbd_put_keysym('-');
1783 break;
1784 case 0x4e:
1785 kbd_put_keysym('+');
1786 break;
1787 case 0x9c:
1788 kbd_put_keysym('\n');
1789 break;
1790
1791 default:
1792 if (control) {
1793 kbd_put_keysym(sym & 0x1f);
1794 } else {
1795 kbd_put_keysym(sym);
1796 }
1797 break;
1798 }
1799 }
1800 }
1801 }
1802
1803 static void vnc_release_modifiers(VncState *vs)
1804 {
1805 static const int keycodes[] = {
1806 /* shift, control, alt keys, both left & right */
1807 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1808 };
1809 int i, keycode;
1810
1811 if (!qemu_console_is_graphic(NULL)) {
1812 return;
1813 }
1814 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1815 keycode = keycodes[i];
1816 if (!vs->modifiers_state[keycode]) {
1817 continue;
1818 }
1819 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1820 }
1821 }
1822
1823 static void key_event(VncState *vs, int down, uint32_t sym)
1824 {
1825 int keycode;
1826 int lsym = sym;
1827
1828 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1829 lsym = lsym - 'A' + 'a';
1830 }
1831
1832 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1833 do_key_event(vs, down, keycode, sym);
1834 }
1835
1836 static void ext_key_event(VncState *vs, int down,
1837 uint32_t sym, uint16_t keycode)
1838 {
1839 /* if the user specifies a keyboard layout, always use it */
1840 if (keyboard_layout)
1841 key_event(vs, down, sym);
1842 else
1843 do_key_event(vs, down, keycode, sym);
1844 }
1845
1846 static void framebuffer_update_request(VncState *vs, int incremental,
1847 int x_position, int y_position,
1848 int w, int h)
1849 {
1850 int i;
1851 const size_t width = surface_width(vs->vd->ds) / 16;
1852 const size_t height = surface_height(vs->vd->ds);
1853
1854 if (y_position > height) {
1855 y_position = height;
1856 }
1857 if (y_position + h >= height) {
1858 h = height - y_position;
1859 }
1860
1861 vs->need_update = 1;
1862 if (!incremental) {
1863 vs->force_update = 1;
1864 for (i = 0; i < h; i++) {
1865 bitmap_set(vs->dirty[y_position + i], 0, width);
1866 bitmap_clear(vs->dirty[y_position + i], width,
1867 VNC_DIRTY_BITS - width);
1868 }
1869 }
1870 }
1871
1872 static void send_ext_key_event_ack(VncState *vs)
1873 {
1874 vnc_lock_output(vs);
1875 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1876 vnc_write_u8(vs, 0);
1877 vnc_write_u16(vs, 1);
1878 vnc_framebuffer_update(vs, 0, 0,
1879 surface_width(vs->vd->ds),
1880 surface_height(vs->vd->ds),
1881 VNC_ENCODING_EXT_KEY_EVENT);
1882 vnc_unlock_output(vs);
1883 vnc_flush(vs);
1884 }
1885
1886 static void send_ext_audio_ack(VncState *vs)
1887 {
1888 vnc_lock_output(vs);
1889 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1890 vnc_write_u8(vs, 0);
1891 vnc_write_u16(vs, 1);
1892 vnc_framebuffer_update(vs, 0, 0,
1893 surface_width(vs->vd->ds),
1894 surface_height(vs->vd->ds),
1895 VNC_ENCODING_AUDIO);
1896 vnc_unlock_output(vs);
1897 vnc_flush(vs);
1898 }
1899
1900 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1901 {
1902 int i;
1903 unsigned int enc = 0;
1904
1905 vs->features = 0;
1906 vs->vnc_encoding = 0;
1907 vs->tight.compression = 9;
1908 vs->tight.quality = -1; /* Lossless by default */
1909 vs->absolute = -1;
1910
1911 /*
1912 * Start from the end because the encodings are sent in order of preference.
1913 * This way the preferred encoding (first encoding defined in the array)
1914 * will be set at the end of the loop.
1915 */
1916 for (i = n_encodings - 1; i >= 0; i--) {
1917 enc = encodings[i];
1918 switch (enc) {
1919 case VNC_ENCODING_RAW:
1920 vs->vnc_encoding = enc;
1921 break;
1922 case VNC_ENCODING_COPYRECT:
1923 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1924 break;
1925 case VNC_ENCODING_HEXTILE:
1926 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1927 vs->vnc_encoding = enc;
1928 break;
1929 case VNC_ENCODING_TIGHT:
1930 vs->features |= VNC_FEATURE_TIGHT_MASK;
1931 vs->vnc_encoding = enc;
1932 break;
1933 #ifdef CONFIG_VNC_PNG
1934 case VNC_ENCODING_TIGHT_PNG:
1935 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1936 vs->vnc_encoding = enc;
1937 break;
1938 #endif
1939 case VNC_ENCODING_ZLIB:
1940 vs->features |= VNC_FEATURE_ZLIB_MASK;
1941 vs->vnc_encoding = enc;
1942 break;
1943 case VNC_ENCODING_ZRLE:
1944 vs->features |= VNC_FEATURE_ZRLE_MASK;
1945 vs->vnc_encoding = enc;
1946 break;
1947 case VNC_ENCODING_ZYWRLE:
1948 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1949 vs->vnc_encoding = enc;
1950 break;
1951 case VNC_ENCODING_DESKTOPRESIZE:
1952 vs->features |= VNC_FEATURE_RESIZE_MASK;
1953 break;
1954 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1955 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1956 break;
1957 case VNC_ENCODING_RICH_CURSOR:
1958 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1959 break;
1960 case VNC_ENCODING_EXT_KEY_EVENT:
1961 send_ext_key_event_ack(vs);
1962 break;
1963 case VNC_ENCODING_AUDIO:
1964 send_ext_audio_ack(vs);
1965 break;
1966 case VNC_ENCODING_WMVi:
1967 vs->features |= VNC_FEATURE_WMVI_MASK;
1968 break;
1969 case VNC_ENCODING_LED_STATE:
1970 vs->features |= VNC_FEATURE_LED_STATE_MASK;
1971 break;
1972 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1973 vs->tight.compression = (enc & 0x0F);
1974 break;
1975 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1976 if (vs->vd->lossy) {
1977 vs->tight.quality = (enc & 0x0F);
1978 }
1979 break;
1980 default:
1981 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1982 break;
1983 }
1984 }
1985 vnc_desktop_resize(vs);
1986 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1987 vnc_led_state_change(vs);
1988 }
1989
1990 static void set_pixel_conversion(VncState *vs)
1991 {
1992 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
1993
1994 if (fmt == VNC_SERVER_FB_FORMAT) {
1995 vs->write_pixels = vnc_write_pixels_copy;
1996 vnc_hextile_set_pixel_conversion(vs, 0);
1997 } else {
1998 vs->write_pixels = vnc_write_pixels_generic;
1999 vnc_hextile_set_pixel_conversion(vs, 1);
2000 }
2001 }
2002
2003 static void set_pixel_format(VncState *vs,
2004 int bits_per_pixel, int depth,
2005 int big_endian_flag, int true_color_flag,
2006 int red_max, int green_max, int blue_max,
2007 int red_shift, int green_shift, int blue_shift)
2008 {
2009 if (!true_color_flag) {
2010 vnc_client_error(vs);
2011 return;
2012 }
2013
2014 vs->client_pf.rmax = red_max;
2015 vs->client_pf.rbits = hweight_long(red_max);
2016 vs->client_pf.rshift = red_shift;
2017 vs->client_pf.rmask = red_max << red_shift;
2018 vs->client_pf.gmax = green_max;
2019 vs->client_pf.gbits = hweight_long(green_max);
2020 vs->client_pf.gshift = green_shift;
2021 vs->client_pf.gmask = green_max << green_shift;
2022 vs->client_pf.bmax = blue_max;
2023 vs->client_pf.bbits = hweight_long(blue_max);
2024 vs->client_pf.bshift = blue_shift;
2025 vs->client_pf.bmask = blue_max << blue_shift;
2026 vs->client_pf.bits_per_pixel = bits_per_pixel;
2027 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2028 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2029 vs->client_be = big_endian_flag;
2030
2031 set_pixel_conversion(vs);
2032
2033 graphic_hw_invalidate(NULL);
2034 graphic_hw_update(NULL);
2035 }
2036
2037 static void pixel_format_message (VncState *vs) {
2038 char pad[3] = { 0, 0, 0 };
2039
2040 vs->client_pf = qemu_default_pixelformat(32);
2041
2042 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2043 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2044
2045 #ifdef HOST_WORDS_BIGENDIAN
2046 vnc_write_u8(vs, 1); /* big-endian-flag */
2047 #else
2048 vnc_write_u8(vs, 0); /* big-endian-flag */
2049 #endif
2050 vnc_write_u8(vs, 1); /* true-color-flag */
2051 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2052 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2053 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2054 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2055 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2056 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2057 vnc_write(vs, pad, 3); /* padding */
2058
2059 vnc_hextile_set_pixel_conversion(vs, 0);
2060 vs->write_pixels = vnc_write_pixels_copy;
2061 }
2062
2063 static void vnc_colordepth(VncState *vs)
2064 {
2065 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2066 /* Sending a WMVi message to notify the client*/
2067 vnc_lock_output(vs);
2068 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2069 vnc_write_u8(vs, 0);
2070 vnc_write_u16(vs, 1); /* number of rects */
2071 vnc_framebuffer_update(vs, 0, 0,
2072 surface_width(vs->vd->ds),
2073 surface_height(vs->vd->ds),
2074 VNC_ENCODING_WMVi);
2075 pixel_format_message(vs);
2076 vnc_unlock_output(vs);
2077 vnc_flush(vs);
2078 } else {
2079 set_pixel_conversion(vs);
2080 }
2081 }
2082
2083 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2084 {
2085 int i;
2086 uint16_t limit;
2087 VncDisplay *vd = vs->vd;
2088
2089 if (data[0] > 3) {
2090 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2091 }
2092
2093 switch (data[0]) {
2094 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2095 if (len == 1)
2096 return 20;
2097
2098 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2099 read_u8(data, 6), read_u8(data, 7),
2100 read_u16(data, 8), read_u16(data, 10),
2101 read_u16(data, 12), read_u8(data, 14),
2102 read_u8(data, 15), read_u8(data, 16));
2103 break;
2104 case VNC_MSG_CLIENT_SET_ENCODINGS:
2105 if (len == 1)
2106 return 4;
2107
2108 if (len == 4) {
2109 limit = read_u16(data, 2);
2110 if (limit > 0)
2111 return 4 + (limit * 4);
2112 } else
2113 limit = read_u16(data, 2);
2114
2115 for (i = 0; i < limit; i++) {
2116 int32_t val = read_s32(data, 4 + (i * 4));
2117 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2118 }
2119
2120 set_encodings(vs, (int32_t *)(data + 4), limit);
2121 break;
2122 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2123 if (len == 1)
2124 return 10;
2125
2126 framebuffer_update_request(vs,
2127 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2128 read_u16(data, 6), read_u16(data, 8));
2129 break;
2130 case VNC_MSG_CLIENT_KEY_EVENT:
2131 if (len == 1)
2132 return 8;
2133
2134 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2135 break;
2136 case VNC_MSG_CLIENT_POINTER_EVENT:
2137 if (len == 1)
2138 return 6;
2139
2140 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2141 break;
2142 case VNC_MSG_CLIENT_CUT_TEXT:
2143 if (len == 1)
2144 return 8;
2145
2146 if (len == 8) {
2147 uint32_t dlen = read_u32(data, 4);
2148 if (dlen > 0)
2149 return 8 + dlen;
2150 }
2151
2152 client_cut_text(vs, read_u32(data, 4), data + 8);
2153 break;
2154 case VNC_MSG_CLIENT_QEMU:
2155 if (len == 1)
2156 return 2;
2157
2158 switch (read_u8(data, 1)) {
2159 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2160 if (len == 2)
2161 return 12;
2162
2163 ext_key_event(vs, read_u16(data, 2),
2164 read_u32(data, 4), read_u32(data, 8));
2165 break;
2166 case VNC_MSG_CLIENT_QEMU_AUDIO:
2167 if (len == 2)
2168 return 4;
2169
2170 switch (read_u16 (data, 2)) {
2171 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2172 audio_add(vs);
2173 break;
2174 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2175 audio_del(vs);
2176 break;
2177 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2178 if (len == 4)
2179 return 10;
2180 switch (read_u8(data, 4)) {
2181 case 0: vs->as.fmt = AUD_FMT_U8; break;
2182 case 1: vs->as.fmt = AUD_FMT_S8; break;
2183 case 2: vs->as.fmt = AUD_FMT_U16; break;
2184 case 3: vs->as.fmt = AUD_FMT_S16; break;
2185 case 4: vs->as.fmt = AUD_FMT_U32; break;
2186 case 5: vs->as.fmt = AUD_FMT_S32; break;
2187 default:
2188 printf("Invalid audio format %d\n", read_u8(data, 4));
2189 vnc_client_error(vs);
2190 break;
2191 }
2192 vs->as.nchannels = read_u8(data, 5);
2193 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2194 printf("Invalid audio channel coount %d\n",
2195 read_u8(data, 5));
2196 vnc_client_error(vs);
2197 break;
2198 }
2199 vs->as.freq = read_u32(data, 6);
2200 break;
2201 default:
2202 printf ("Invalid audio message %d\n", read_u8(data, 4));
2203 vnc_client_error(vs);
2204 break;
2205 }
2206 break;
2207
2208 default:
2209 printf("Msg: %d\n", read_u16(data, 0));
2210 vnc_client_error(vs);
2211 break;
2212 }
2213 break;
2214 default:
2215 printf("Msg: %d\n", data[0]);
2216 vnc_client_error(vs);
2217 break;
2218 }
2219
2220 vnc_read_when(vs, protocol_client_msg, 1);
2221 return 0;
2222 }
2223
2224 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2225 {
2226 char buf[1024];
2227 VncShareMode mode;
2228 int size;
2229
2230 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2231 switch (vs->vd->share_policy) {
2232 case VNC_SHARE_POLICY_IGNORE:
2233 /*
2234 * Ignore the shared flag. Nothing to do here.
2235 *
2236 * Doesn't conform to the rfb spec but is traditional qemu
2237 * behavior, thus left here as option for compatibility
2238 * reasons.
2239 */
2240 break;
2241 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2242 /*
2243 * Policy: Allow clients ask for exclusive access.
2244 *
2245 * Implementation: When a client asks for exclusive access,
2246 * disconnect all others. Shared connects are allowed as long
2247 * as no exclusive connection exists.
2248 *
2249 * This is how the rfb spec suggests to handle the shared flag.
2250 */
2251 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2252 VncState *client;
2253 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2254 if (vs == client) {
2255 continue;
2256 }
2257 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2258 client->share_mode != VNC_SHARE_MODE_SHARED) {
2259 continue;
2260 }
2261 vnc_disconnect_start(client);
2262 }
2263 }
2264 if (mode == VNC_SHARE_MODE_SHARED) {
2265 if (vs->vd->num_exclusive > 0) {
2266 vnc_disconnect_start(vs);
2267 return 0;
2268 }
2269 }
2270 break;
2271 case VNC_SHARE_POLICY_FORCE_SHARED:
2272 /*
2273 * Policy: Shared connects only.
2274 * Implementation: Disallow clients asking for exclusive access.
2275 *
2276 * Useful for shared desktop sessions where you don't want
2277 * someone forgetting to say -shared when running the vnc
2278 * client disconnect everybody else.
2279 */
2280 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2281 vnc_disconnect_start(vs);
2282 return 0;
2283 }
2284 break;
2285 }
2286 vnc_set_share_mode(vs, mode);
2287
2288 vs->client_width = surface_width(vs->vd->ds);
2289 vs->client_height = surface_height(vs->vd->ds);
2290 vnc_write_u16(vs, vs->client_width);
2291 vnc_write_u16(vs, vs->client_height);
2292
2293 pixel_format_message(vs);
2294
2295 if (qemu_name)
2296 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2297 else
2298 size = snprintf(buf, sizeof(buf), "QEMU");
2299
2300 vnc_write_u32(vs, size);
2301 vnc_write(vs, buf, size);
2302 vnc_flush(vs);
2303
2304 vnc_client_cache_auth(vs);
2305 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2306
2307 vnc_read_when(vs, protocol_client_msg, 1);
2308
2309 return 0;
2310 }
2311
2312 void start_client_init(VncState *vs)
2313 {
2314 vnc_read_when(vs, protocol_client_init, 1);
2315 }
2316
2317 static void make_challenge(VncState *vs)
2318 {
2319 int i;
2320
2321 srand(time(NULL)+getpid()+getpid()*987654+rand());
2322
2323 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2324 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2325 }
2326
2327 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2328 {
2329 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2330 int i, j, pwlen;
2331 unsigned char key[8];
2332 time_t now = time(NULL);
2333
2334 if (!vs->vd->password) {
2335 VNC_DEBUG("No password configured on server");
2336 goto reject;
2337 }
2338 if (vs->vd->expires < now) {
2339 VNC_DEBUG("Password is expired");
2340 goto reject;
2341 }
2342
2343 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2344
2345 /* Calculate the expected challenge response */
2346 pwlen = strlen(vs->vd->password);
2347 for (i=0; i<sizeof(key); i++)
2348 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2349 deskey(key, EN0);
2350 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2351 des(response+j, response+j);
2352
2353 /* Compare expected vs actual challenge response */
2354 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2355 VNC_DEBUG("Client challenge response did not match\n");
2356 goto reject;
2357 } else {
2358 VNC_DEBUG("Accepting VNC challenge response\n");
2359 vnc_write_u32(vs, 0); /* Accept auth */
2360 vnc_flush(vs);
2361
2362 start_client_init(vs);
2363 }
2364 return 0;
2365
2366 reject:
2367 vnc_write_u32(vs, 1); /* Reject auth */
2368 if (vs->minor >= 8) {
2369 static const char err[] = "Authentication failed";
2370 vnc_write_u32(vs, sizeof(err));
2371 vnc_write(vs, err, sizeof(err));
2372 }
2373 vnc_flush(vs);
2374 vnc_client_error(vs);
2375 return 0;
2376 }
2377
2378 void start_auth_vnc(VncState *vs)
2379 {
2380 make_challenge(vs);
2381 /* Send client a 'random' challenge */
2382 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2383 vnc_flush(vs);
2384
2385 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2386 }
2387
2388
2389 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2390 {
2391 /* We only advertise 1 auth scheme at a time, so client
2392 * must pick the one we sent. Verify this */
2393 if (data[0] != vs->auth) { /* Reject auth */
2394 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2395 vnc_write_u32(vs, 1);
2396 if (vs->minor >= 8) {
2397 static const char err[] = "Authentication failed";
2398 vnc_write_u32(vs, sizeof(err));
2399 vnc_write(vs, err, sizeof(err));
2400 }
2401 vnc_client_error(vs);
2402 } else { /* Accept requested auth */
2403 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2404 switch (vs->auth) {
2405 case VNC_AUTH_NONE:
2406 VNC_DEBUG("Accept auth none\n");
2407 if (vs->minor >= 8) {
2408 vnc_write_u32(vs, 0); /* Accept auth completion */
2409 vnc_flush(vs);
2410 }
2411 start_client_init(vs);
2412 break;
2413
2414 case VNC_AUTH_VNC:
2415 VNC_DEBUG("Start VNC auth\n");
2416 start_auth_vnc(vs);
2417 break;
2418
2419 #ifdef CONFIG_VNC_TLS
2420 case VNC_AUTH_VENCRYPT:
2421 VNC_DEBUG("Accept VeNCrypt auth\n");
2422 start_auth_vencrypt(vs);
2423 break;
2424 #endif /* CONFIG_VNC_TLS */
2425
2426 #ifdef CONFIG_VNC_SASL
2427 case VNC_AUTH_SASL:
2428 VNC_DEBUG("Accept SASL auth\n");
2429 start_auth_sasl(vs);
2430 break;
2431 #endif /* CONFIG_VNC_SASL */
2432
2433 default: /* Should not be possible, but just in case */
2434 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2435 vnc_write_u8(vs, 1);
2436 if (vs->minor >= 8) {
2437 static const char err[] = "Authentication failed";
2438 vnc_write_u32(vs, sizeof(err));
2439 vnc_write(vs, err, sizeof(err));
2440 }
2441 vnc_client_error(vs);
2442 }
2443 }
2444 return 0;
2445 }
2446
2447 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2448 {
2449 char local[13];
2450
2451 memcpy(local, version, 12);
2452 local[12] = 0;
2453
2454 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2455 VNC_DEBUG("Malformed protocol version %s\n", local);
2456 vnc_client_error(vs);
2457 return 0;
2458 }
2459 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2460 if (vs->major != 3 ||
2461 (vs->minor != 3 &&
2462 vs->minor != 4 &&
2463 vs->minor != 5 &&
2464 vs->minor != 7 &&
2465 vs->minor != 8)) {
2466 VNC_DEBUG("Unsupported client version\n");
2467 vnc_write_u32(vs, VNC_AUTH_INVALID);
2468 vnc_flush(vs);
2469 vnc_client_error(vs);
2470 return 0;
2471 }
2472 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2473 * as equivalent to v3.3 by servers
2474 */
2475 if (vs->minor == 4 || vs->minor == 5)
2476 vs->minor = 3;
2477
2478 if (vs->minor == 3) {
2479 if (vs->auth == VNC_AUTH_NONE) {
2480 VNC_DEBUG("Tell client auth none\n");
2481 vnc_write_u32(vs, vs->auth);
2482 vnc_flush(vs);
2483 start_client_init(vs);
2484 } else if (vs->auth == VNC_AUTH_VNC) {
2485 VNC_DEBUG("Tell client VNC auth\n");
2486 vnc_write_u32(vs, vs->auth);
2487 vnc_flush(vs);
2488 start_auth_vnc(vs);
2489 } else {
2490 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2491 vnc_write_u32(vs, VNC_AUTH_INVALID);
2492 vnc_flush(vs);
2493 vnc_client_error(vs);
2494 }
2495 } else {
2496 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2497 vnc_write_u8(vs, 1); /* num auth */
2498 vnc_write_u8(vs, vs->auth);
2499 vnc_read_when(vs, protocol_client_auth, 1);
2500 vnc_flush(vs);
2501 }
2502
2503 return 0;
2504 }
2505
2506 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2507 {
2508 struct VncSurface *vs = &vd->guest;
2509
2510 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2511 }
2512
2513 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2514 {
2515 int i, j;
2516
2517 w = (x + w) / VNC_STAT_RECT;
2518 h = (y + h) / VNC_STAT_RECT;
2519 x /= VNC_STAT_RECT;
2520 y /= VNC_STAT_RECT;
2521
2522 for (j = y; j <= h; j++) {
2523 for (i = x; i <= w; i++) {
2524 vs->lossy_rect[j][i] = 1;
2525 }
2526 }
2527 }
2528
2529 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2530 {
2531 VncState *vs;
2532 int sty = y / VNC_STAT_RECT;
2533 int stx = x / VNC_STAT_RECT;
2534 int has_dirty = 0;
2535
2536 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2537 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2538
2539 QTAILQ_FOREACH(vs, &vd->clients, next) {
2540 int j;
2541
2542 /* kernel send buffers are full -> refresh later */
2543 if (vs->output.offset) {
2544 continue;
2545 }
2546
2547 if (!vs->lossy_rect[sty][stx]) {
2548 continue;
2549 }
2550
2551 vs->lossy_rect[sty][stx] = 0;
2552 for (j = 0; j < VNC_STAT_RECT; ++j) {
2553 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2554 }
2555 has_dirty++;
2556 }
2557
2558 return has_dirty;
2559 }
2560
2561 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2562 {
2563 int width = pixman_image_get_width(vd->guest.fb);
2564 int height = pixman_image_get_height(vd->guest.fb);
2565 int x, y;
2566 struct timeval res;
2567 int has_dirty = 0;
2568
2569 for (y = 0; y < height; y += VNC_STAT_RECT) {
2570 for (x = 0; x < width; x += VNC_STAT_RECT) {
2571 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2572
2573 rect->updated = false;
2574 }
2575 }
2576
2577 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2578
2579 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2580 return has_dirty;
2581 }
2582 vd->guest.last_freq_check = *tv;
2583
2584 for (y = 0; y < height; y += VNC_STAT_RECT) {
2585 for (x = 0; x < width; x += VNC_STAT_RECT) {
2586 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2587 int count = ARRAY_SIZE(rect->times);
2588 struct timeval min, max;
2589
2590 if (!timerisset(&rect->times[count - 1])) {
2591 continue ;
2592 }
2593
2594 max = rect->times[(rect->idx + count - 1) % count];
2595 qemu_timersub(tv, &max, &res);
2596
2597 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2598 rect->freq = 0;
2599 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2600 memset(rect->times, 0, sizeof (rect->times));
2601 continue ;
2602 }
2603
2604 min = rect->times[rect->idx];
2605 max = rect->times[(rect->idx + count - 1) % count];
2606 qemu_timersub(&max, &min, &res);
2607
2608 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2609 rect->freq /= count;
2610 rect->freq = 1. / rect->freq;
2611 }
2612 }
2613 return has_dirty;
2614 }
2615
2616 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2617 {
2618 int i, j;
2619 double total = 0;
2620 int num = 0;
2621
2622 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2623 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2624
2625 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2626 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2627 total += vnc_stat_rect(vs->vd, i, j)->freq;
2628 num++;
2629 }
2630 }
2631
2632 if (num) {
2633 return total / num;
2634 } else {
2635 return 0;
2636 }
2637 }
2638
2639 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2640 {
2641 VncRectStat *rect;
2642
2643 rect = vnc_stat_rect(vd, x, y);
2644 if (rect->updated) {
2645 return ;
2646 }
2647 rect->times[rect->idx] = *tv;
2648 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2649 rect->updated = true;
2650 }
2651
2652 static int vnc_refresh_server_surface(VncDisplay *vd)
2653 {
2654 int width = pixman_image_get_width(vd->guest.fb);
2655 int height = pixman_image_get_height(vd->guest.fb);
2656 int y;
2657 uint8_t *guest_row;
2658 uint8_t *server_row;
2659 int cmp_bytes;
2660 VncState *vs;
2661 int has_dirty = 0;
2662 pixman_image_t *tmpbuf = NULL;
2663
2664 struct timeval tv = { 0, 0 };
2665
2666 if (!vd->non_adaptive) {
2667 gettimeofday(&tv, NULL);
2668 has_dirty = vnc_update_stats(vd, &tv);
2669 }
2670
2671 /*
2672 * Walk through the guest dirty map.
2673 * Check and copy modified bits from guest to server surface.
2674 * Update server dirty map.
2675 */
2676 cmp_bytes = 64;
2677 if (cmp_bytes > vnc_server_fb_stride(vd)) {
2678 cmp_bytes = vnc_server_fb_stride(vd);
2679 }
2680 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2681 int width = pixman_image_get_width(vd->server);
2682 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2683 }
2684 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2685 server_row = (uint8_t *)pixman_image_get_data(vd->server);
2686 for (y = 0; y < height; y++) {
2687 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2688 int x;
2689 uint8_t *guest_ptr;
2690 uint8_t *server_ptr;
2691
2692 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2693 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2694 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2695 } else {
2696 guest_ptr = guest_row;
2697 }
2698 server_ptr = server_row;
2699
2700 for (x = 0; x + 15 < width;
2701 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2702 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2703 continue;
2704 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2705 continue;
2706 memcpy(server_ptr, guest_ptr, cmp_bytes);
2707 if (!vd->non_adaptive)
2708 vnc_rect_updated(vd, x, y, &tv);
2709 QTAILQ_FOREACH(vs, &vd->clients, next) {
2710 set_bit((x / 16), vs->dirty[y]);
2711 }
2712 has_dirty++;
2713 }
2714 }
2715 guest_row += pixman_image_get_stride(vd->guest.fb);
2716 server_row += pixman_image_get_stride(vd->server);
2717 }
2718 qemu_pixman_image_unref(tmpbuf);
2719 return has_dirty;
2720 }
2721
2722 static void vnc_refresh(DisplayChangeListener *dcl)
2723 {
2724 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2725 VncState *vs, *vn;
2726 int has_dirty, rects = 0;
2727
2728 graphic_hw_update(NULL);
2729
2730 if (vnc_trylock_display(vd)) {
2731 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2732 return;
2733 }
2734
2735 has_dirty = vnc_refresh_server_surface(vd);
2736 vnc_unlock_display(vd);
2737
2738 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2739 rects += vnc_update_client(vs, has_dirty);
2740 /* vs might be free()ed here */
2741 }
2742
2743 if (QTAILQ_EMPTY(&vd->clients)) {
2744 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2745 return;
2746 }
2747
2748 if (has_dirty && rects) {
2749 vd->dcl.update_interval /= 2;
2750 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2751 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2752 }
2753 } else {
2754 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2755 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2756 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2757 }
2758 }
2759 }
2760
2761 static void vnc_connect(VncDisplay *vd, int csock,
2762 bool skipauth, bool websocket)
2763 {
2764 VncState *vs = g_malloc0(sizeof(VncState));
2765 int i;
2766
2767 vs->csock = csock;
2768
2769 if (skipauth) {
2770 vs->auth = VNC_AUTH_NONE;
2771 #ifdef CONFIG_VNC_TLS
2772 vs->subauth = VNC_AUTH_INVALID;
2773 #endif
2774 } else {
2775 vs->auth = vd->auth;
2776 #ifdef CONFIG_VNC_TLS
2777 vs->subauth = vd->subauth;
2778 #endif
2779 }
2780
2781 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2782 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2783 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2784 }
2785
2786 VNC_DEBUG("New client on socket %d\n", csock);
2787 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2788 qemu_set_nonblock(vs->csock);
2789 #ifdef CONFIG_VNC_WS
2790 if (websocket) {
2791 vs->websocket = 1;
2792 #ifdef CONFIG_VNC_TLS
2793 if (vd->tls.x509cert) {
2794 qemu_set_fd_handler2(vs->csock, NULL, vncws_tls_handshake_peek,
2795 NULL, vs);
2796 } else
2797 #endif /* CONFIG_VNC_TLS */
2798 {
2799 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read,
2800 NULL, vs);
2801 }
2802 } else
2803 #endif /* CONFIG_VNC_WS */
2804 {
2805 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2806 }
2807
2808 vnc_client_cache_addr(vs);
2809 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2810 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2811
2812 vs->vd = vd;
2813
2814 #ifdef CONFIG_VNC_WS
2815 if (!vs->websocket)
2816 #endif
2817 {
2818 vnc_init_state(vs);
2819 }
2820 }
2821
2822 void vnc_init_state(VncState *vs)
2823 {
2824 vs->initialized = true;
2825 VncDisplay *vd = vs->vd;
2826
2827 vs->last_x = -1;
2828 vs->last_y = -1;
2829
2830 vs->as.freq = 44100;
2831 vs->as.nchannels = 2;
2832 vs->as.fmt = AUD_FMT_S16;
2833 vs->as.endianness = 0;
2834
2835 qemu_mutex_init(&vs->output_mutex);
2836 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2837
2838 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2839
2840 graphic_hw_update(NULL);
2841
2842 vnc_write(vs, "RFB 003.008\n", 12);
2843 vnc_flush(vs);
2844 vnc_read_when(vs, protocol_version, 12);
2845 reset_keys(vs);
2846 if (vs->vd->lock_key_sync)
2847 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2848
2849 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2850 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2851
2852 /* vs might be free()ed here */
2853 }
2854
2855 static void vnc_listen_read(void *opaque, bool websocket)
2856 {
2857 VncDisplay *vs = opaque;
2858 struct sockaddr_in addr;
2859 socklen_t addrlen = sizeof(addr);
2860 int csock;
2861
2862 /* Catch-up */
2863 graphic_hw_update(NULL);
2864 #ifdef CONFIG_VNC_WS
2865 if (websocket) {
2866 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen);
2867 } else
2868 #endif /* CONFIG_VNC_WS */
2869 {
2870 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2871 }
2872
2873 if (csock != -1) {
2874 vnc_connect(vs, csock, false, websocket);
2875 }
2876 }
2877
2878 static void vnc_listen_regular_read(void *opaque)
2879 {
2880 vnc_listen_read(opaque, false);
2881 }
2882
2883 #ifdef CONFIG_VNC_WS
2884 static void vnc_listen_websocket_read(void *opaque)
2885 {
2886 vnc_listen_read(opaque, true);
2887 }
2888 #endif /* CONFIG_VNC_WS */
2889
2890 static const DisplayChangeListenerOps dcl_ops = {
2891 .dpy_name = "vnc",
2892 .dpy_refresh = vnc_refresh,
2893 .dpy_gfx_copy = vnc_dpy_copy,
2894 .dpy_gfx_update = vnc_dpy_update,
2895 .dpy_gfx_switch = vnc_dpy_switch,
2896 .dpy_mouse_set = vnc_mouse_set,
2897 .dpy_cursor_define = vnc_dpy_cursor_define,
2898 };
2899
2900 void vnc_display_init(DisplayState *ds)
2901 {
2902 VncDisplay *vs = g_malloc0(sizeof(*vs));
2903
2904 vnc_display = vs;
2905
2906 vs->lsock = -1;
2907 #ifdef CONFIG_VNC_WS
2908 vs->lwebsock = -1;
2909 #endif
2910
2911 QTAILQ_INIT(&vs->clients);
2912 vs->expires = TIME_MAX;
2913
2914 if (keyboard_layout)
2915 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2916 else
2917 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2918
2919 if (!vs->kbd_layout)
2920 exit(1);
2921
2922 qemu_mutex_init(&vs->mutex);
2923 vnc_start_worker_thread();
2924
2925 vs->dcl.ops = &dcl_ops;
2926 register_displaychangelistener(&vs->dcl);
2927 }
2928
2929
2930 static void vnc_display_close(DisplayState *ds)
2931 {
2932 VncDisplay *vs = vnc_display;
2933
2934 if (!vs)
2935 return;
2936 if (vs->display) {
2937 g_free(vs->display);
2938 vs->display = NULL;
2939 }
2940 if (vs->lsock != -1) {
2941 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2942 close(vs->lsock);
2943 vs->lsock = -1;
2944 }
2945 #ifdef CONFIG_VNC_WS
2946 g_free(vs->ws_display);
2947 vs->ws_display = NULL;
2948 if (vs->lwebsock != -1) {
2949 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL);
2950 close(vs->lwebsock);
2951 vs->lwebsock = -1;
2952 }
2953 #endif /* CONFIG_VNC_WS */
2954 vs->auth = VNC_AUTH_INVALID;
2955 #ifdef CONFIG_VNC_TLS
2956 vs->subauth = VNC_AUTH_INVALID;
2957 vs->tls.x509verify = 0;
2958 #endif
2959 }
2960
2961 static int vnc_display_disable_login(DisplayState *ds)
2962 {
2963 VncDisplay *vs = vnc_display;
2964
2965 if (!vs) {
2966 return -1;
2967 }
2968
2969 if (vs->password) {
2970 g_free(vs->password);
2971 }
2972
2973 vs->password = NULL;
2974 if (vs->auth == VNC_AUTH_NONE) {
2975 vs->auth = VNC_AUTH_VNC;
2976 }
2977
2978 return 0;
2979 }
2980
2981 int vnc_display_password(DisplayState *ds, const char *password)
2982 {
2983 VncDisplay *vs = vnc_display;
2984
2985 if (!vs) {
2986 return -EINVAL;
2987 }
2988
2989 if (!password) {
2990 /* This is not the intention of this interface but err on the side
2991 of being safe */
2992 return vnc_display_disable_login(ds);
2993 }
2994
2995 if (vs->password) {
2996 g_free(vs->password);
2997 vs->password = NULL;
2998 }
2999 vs->password = g_strdup(password);
3000 if (vs->auth == VNC_AUTH_NONE) {
3001 vs->auth = VNC_AUTH_VNC;
3002 }
3003
3004 return 0;
3005 }
3006
3007 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
3008 {
3009 VncDisplay *vs = vnc_display;
3010
3011 if (!vs) {
3012 return -EINVAL;
3013 }
3014
3015 vs->expires = expires;
3016 return 0;
3017 }
3018
3019 char *vnc_display_local_addr(DisplayState *ds)
3020 {
3021 VncDisplay *vs = vnc_display;
3022
3023 return vnc_socket_local_addr("%s:%s", vs->lsock);
3024 }
3025
3026 void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
3027 {
3028 VncDisplay *vs = vnc_display;
3029 const char *options;
3030 int password = 0;
3031 int reverse = 0;
3032 #ifdef CONFIG_VNC_TLS
3033 int tls = 0, x509 = 0;
3034 #endif
3035 #ifdef CONFIG_VNC_SASL
3036 int sasl = 0;
3037 int saslErr;
3038 #endif
3039 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3040 int acl = 0;
3041 #endif
3042 int lock_key_sync = 1;
3043
3044 if (!vnc_display) {
3045 error_setg(errp, "VNC display not active");
3046 return;
3047 }
3048 vnc_display_close(ds);
3049 if (strcmp(display, "none") == 0)
3050 return;
3051
3052 vs->display = g_strdup(display);
3053 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3054
3055 options = display;
3056 while ((options = strchr(options, ','))) {
3057 options++;
3058 if (strncmp(options, "password", 8) == 0) {
3059 if (fips_get_state()) {
3060 error_setg(errp,
3061 "VNC password auth disabled due to FIPS mode, "
3062 "consider using the VeNCrypt or SASL authentication "
3063 "methods as an alternative");
3064 goto fail;
3065 }
3066 password = 1; /* Require password auth */
3067 } else if (strncmp(options, "reverse", 7) == 0) {
3068 reverse = 1;
3069 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
3070 lock_key_sync = 0;
3071 #ifdef CONFIG_VNC_SASL
3072 } else if (strncmp(options, "sasl", 4) == 0) {
3073 sasl = 1; /* Require SASL auth */
3074 #endif
3075 #ifdef CONFIG_VNC_WS
3076 } else if (strncmp(options, "websocket", 9) == 0) {
3077 char *start, *end;
3078 vs->websocket = 1;
3079
3080 /* Check for 'websocket=<port>' */
3081 start = strchr(options, '=');
3082 end = strchr(options, ',');
3083 if (start && (!end || (start < end))) {
3084 int len = end ? end-(start+1) : strlen(start+1);
3085 if (len < 6) {
3086 /* extract the host specification from display */
3087 char *host = NULL, *port = NULL, *host_end = NULL;
3088 port = g_strndup(start + 1, len);
3089
3090 /* ipv6 hosts have colons */
3091 end = strchr(display, ',');
3092 host_end = g_strrstr_len(display, end - display, ":");
3093
3094 if (host_end) {
3095 host = g_strndup(display, host_end - display + 1);
3096 } else {
3097 host = g_strndup(":", 1);
3098 }
3099 vs->ws_display = g_strconcat(host, port, NULL);
3100 g_free(host);
3101 g_free(port);
3102 }
3103 }
3104 #endif /* CONFIG_VNC_WS */
3105 #ifdef CONFIG_VNC_TLS
3106 } else if (strncmp(options, "tls", 3) == 0) {
3107 tls = 1; /* Require TLS */
3108 } else if (strncmp(options, "x509", 4) == 0) {
3109 char *start, *end;
3110 x509 = 1; /* Require x509 certificates */
3111 if (strncmp(options, "x509verify", 10) == 0)
3112 vs->tls.x509verify = 1; /* ...and verify client certs */
3113
3114 /* Now check for 'x509=/some/path' postfix
3115 * and use that to setup x509 certificate/key paths */
3116 start = strchr(options, '=');
3117 end = strchr(options, ',');
3118 if (start && (!end || (start < end))) {
3119 int len = end ? end-(start+1) : strlen(start+1);
3120 char *path = g_strndup(start + 1, len);
3121
3122 VNC_DEBUG("Trying certificate path '%s'\n", path);
3123 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
3124 error_setg(errp, "Failed to find x509 certificates/keys in %s", path);
3125 g_free(path);
3126 goto fail;
3127 }
3128 g_free(path);
3129 } else {
3130 error_setg(errp, "No certificate path provided");
3131 goto fail;
3132 }
3133 #endif
3134 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3135 } else if (strncmp(options, "acl", 3) == 0) {
3136 acl = 1;
3137 #endif
3138 } else if (strncmp(options, "lossy", 5) == 0) {
3139 vs->lossy = true;
3140 } else if (strncmp(options, "non-adaptive", 12) == 0) {
3141 vs->non_adaptive = true;
3142 } else if (strncmp(options, "share=", 6) == 0) {
3143 if (strncmp(options+6, "ignore", 6) == 0) {
3144 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3145 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
3146 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3147 } else if (strncmp(options+6, "force-shared", 12) == 0) {
3148 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3149 } else {
3150 error_setg(errp, "unknown vnc share= option");
3151 goto fail;
3152 }
3153 }
3154 }
3155
3156 #ifdef CONFIG_VNC_TLS
3157 if (acl && x509 && vs->tls.x509verify) {
3158 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
3159 fprintf(stderr, "Failed to create x509 dname ACL\n");
3160 exit(1);
3161 }
3162 }
3163 #endif
3164 #ifdef CONFIG_VNC_SASL
3165 if (acl && sasl) {
3166 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
3167 fprintf(stderr, "Failed to create username ACL\n");
3168 exit(1);
3169 }
3170 }
3171 #endif
3172
3173 /*
3174 * Combinations we support here:
3175 *
3176 * - no-auth (clear text, no auth)
3177 * - password (clear text, weak auth)
3178 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3179 * - tls (encrypt, weak anonymous creds, no auth)
3180 * - tls + password (encrypt, weak anonymous creds, weak auth)
3181 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3182 * - tls + x509 (encrypt, good x509 creds, no auth)
3183 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3184 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3185 *
3186 * NB1. TLS is a stackable auth scheme.
3187 * NB2. the x509 schemes have option to validate a client cert dname
3188 */
3189 if (password) {
3190 #ifdef CONFIG_VNC_TLS
3191 if (tls) {
3192 vs->auth = VNC_AUTH_VENCRYPT;
3193 if (x509) {
3194 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3195 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3196 } else {
3197 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3198 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3199 }
3200 } else {
3201 #endif /* CONFIG_VNC_TLS */
3202 VNC_DEBUG("Initializing VNC server with password auth\n");
3203 vs->auth = VNC_AUTH_VNC;
3204 #ifdef CONFIG_VNC_TLS
3205 vs->subauth = VNC_AUTH_INVALID;
3206 }
3207 #endif /* CONFIG_VNC_TLS */
3208 #ifdef CONFIG_VNC_SASL
3209 } else if (sasl) {
3210 #ifdef CONFIG_VNC_TLS
3211 if (tls) {
3212 vs->auth = VNC_AUTH_VENCRYPT;
3213 if (x509) {
3214 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3215 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3216 } else {
3217 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3218 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3219 }
3220 } else {
3221 #endif /* CONFIG_VNC_TLS */
3222 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3223 vs->auth = VNC_AUTH_SASL;
3224 #ifdef CONFIG_VNC_TLS
3225 vs->subauth = VNC_AUTH_INVALID;
3226 }
3227 #endif /* CONFIG_VNC_TLS */
3228 #endif /* CONFIG_VNC_SASL */
3229 } else {
3230 #ifdef CONFIG_VNC_TLS
3231 if (tls) {
3232 vs->auth = VNC_AUTH_VENCRYPT;
3233 if (x509) {
3234 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3235 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3236 } else {
3237 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3238 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3239 }
3240 } else {
3241 #endif
3242 VNC_DEBUG("Initializing VNC server with no auth\n");
3243 vs->auth = VNC_AUTH_NONE;
3244 #ifdef CONFIG_VNC_TLS
3245 vs->subauth = VNC_AUTH_INVALID;
3246 }
3247 #endif
3248 }
3249
3250 #ifdef CONFIG_VNC_SASL
3251 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3252 error_setg(errp, "Failed to initialize SASL auth: %s",
3253 sasl_errstring(saslErr, NULL, NULL));
3254 goto fail;
3255 }
3256 #endif
3257 vs->lock_key_sync = lock_key_sync;
3258
3259 if (reverse) {
3260 /* connect to viewer */
3261 int csock;
3262 vs->lsock = -1;
3263 #ifdef CONFIG_VNC_WS
3264 vs->lwebsock = -1;
3265 #endif
3266 if (strncmp(display, "unix:", 5) == 0) {
3267 csock = unix_connect(display+5, errp);
3268 } else {
3269 csock = inet_connect(display, errp);
3270 }
3271 if (csock < 0) {
3272 goto fail;
3273 }
3274 vnc_connect(vs, csock, false, false);
3275 } else {
3276 /* listen for connects */
3277 char *dpy;
3278 dpy = g_malloc(256);
3279 if (strncmp(display, "unix:", 5) == 0) {
3280 pstrcpy(dpy, 256, "unix:");
3281 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp);
3282 } else {
3283 vs->lsock = inet_listen(display, dpy, 256,
3284 SOCK_STREAM, 5900, errp);
3285 if (vs->lsock < 0) {
3286 g_free(dpy);
3287 goto fail;
3288 }
3289 #ifdef CONFIG_VNC_WS
3290 if (vs->websocket) {
3291 if (vs->ws_display) {
3292 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256,
3293 SOCK_STREAM, 0, errp);
3294 } else {
3295 vs->lwebsock = inet_listen(vs->display, NULL, 256,
3296 SOCK_STREAM, 5700, errp);
3297 }
3298
3299 if (vs->lwebsock < 0) {
3300 if (vs->lsock) {
3301 close(vs->lsock);
3302 vs->lsock = -1;
3303 }
3304 g_free(dpy);
3305 goto fail;
3306 }
3307 }
3308 #endif /* CONFIG_VNC_WS */
3309 }
3310 g_free(vs->display);
3311 vs->display = dpy;
3312 qemu_set_fd_handler2(vs->lsock, NULL,
3313 vnc_listen_regular_read, NULL, vs);
3314 #ifdef CONFIG_VNC_WS
3315 if (vs->websocket) {
3316 qemu_set_fd_handler2(vs->lwebsock, NULL,
3317 vnc_listen_websocket_read, NULL, vs);
3318 }
3319 #endif /* CONFIG_VNC_WS */
3320 }
3321 return;
3322
3323 fail:
3324 g_free(vs->display);
3325 vs->display = NULL;
3326 #ifdef CONFIG_VNC_WS
3327 g_free(vs->ws_display);
3328 vs->ws_display = NULL;
3329 #endif /* CONFIG_VNC_WS */
3330 }
3331
3332 void vnc_display_add_client(DisplayState *ds, int csock, bool skipauth)
3333 {
3334 VncDisplay *vs = vnc_display;
3335
3336 vnc_connect(vs, csock, skipauth, false);
3337 }
QEmu