search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pc: Allocate all ram in a single qemu_ram_alloc()
[qemu/cris-port.git] / vnc.c
blobed0e09600087c696bac98d276ff90e4d3008dc48
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static int vnc_cursor_define(VncState *vs);
53
54 static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
56 socklen_t salen) {
57 char *addr;
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
60 int err;
61 size_t addrlen;
62
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
64 host, sizeof(host),
65 serv, sizeof(serv),
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
69 return NULL;
70 }
71
72 /* Enough for the existing format + the 2 vars we're
73 * substituting in. */
74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
77 addr[addrlen] = '\0';
78
79 return addr;
80 }
81
82
83 char *vnc_socket_local_addr(const char *format, int fd) {
84 struct sockaddr_storage sa;
85 socklen_t salen;
86
87 salen = sizeof(sa);
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89 return NULL;
90
91 return addr_to_string(format, &sa, salen);
92 }
93
94 char *vnc_socket_remote_addr(const char *format, int fd) {
95 struct sockaddr_storage sa;
96 socklen_t salen;
97
98 salen = sizeof(sa);
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100 return NULL;
101
102 return addr_to_string(format, &sa, salen);
103 }
104
105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106 socklen_t salen)
107 {
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
110 int err;
111
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
113 host, sizeof(host),
114 serv, sizeof(serv),
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
118 return -1;
119 }
120
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
124
125 return 0;
126 }
127
128 static int vnc_server_addr_put(QDict *qdict, int fd)
129 {
130 struct sockaddr_storage sa;
131 socklen_t salen;
132
133 salen = sizeof(sa);
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135 return -1;
136 }
137
138 return put_addr_qdict(qdict, &sa, salen);
139 }
140
141 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142 {
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148 return -1;
149 }
150
151 return put_addr_qdict(qdict, &sa, salen);
152 }
153
154 static const char *vnc_auth_name(VncDisplay *vd) {
155 switch (vd->auth) {
156 case VNC_AUTH_INVALID:
157 return "invalid";
158 case VNC_AUTH_NONE:
159 return "none";
160 case VNC_AUTH_VNC:
161 return "vnc";
162 case VNC_AUTH_RA2:
163 return "ra2";
164 case VNC_AUTH_RA2NE:
165 return "ra2ne";
166 case VNC_AUTH_TIGHT:
167 return "tight";
168 case VNC_AUTH_ULTRA:
169 return "ultra";
170 case VNC_AUTH_TLS:
171 return "tls";
172 case VNC_AUTH_VENCRYPT:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
193 default:
194 return "vencrypt";
195 }
196 #else
197 return "vencrypt";
198 #endif
199 case VNC_AUTH_SASL:
200 return "sasl";
201 }
202 return "unknown";
203 }
204
205 static int vnc_server_info_put(QDict *qdict)
206 {
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208 return -1;
209 }
210
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212 return 0;
213 }
214
215 static void vnc_client_cache_auth(VncState *client)
216 {
217 QDict *qdict;
218
219 if (!client->info) {
220 return;
221 }
222
223 qdict = qobject_to_qdict(client->info);
224
225 #ifdef CONFIG_VNC_TLS
226 if (client->tls.session &&
227 client->tls.dname) {
228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229 }
230 #endif
231 #ifdef CONFIG_VNC_SASL
232 if (client->sasl.conn &&
233 client->sasl.username) {
234 qdict_put(qdict, "sasl_username",
235 qstring_from_str(client->sasl.username));
236 }
237 #endif
238 }
239
240 static void vnc_client_cache_addr(VncState *client)
241 {
242 QDict *qdict;
243
244 qdict = qdict_new();
245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246 QDECREF(qdict);
247 /* XXX: how to report the error? */
248 return;
249 }
250
251 client->info = QOBJECT(qdict);
252 }
253
254 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255 {
256 QDict *server;
257 QObject *data;
258
259 if (!vs->info) {
260 return;
261 }
262
263 server = qdict_new();
264 if (vnc_server_info_put(server) < 0) {
265 QDECREF(server);
266 return;
267 }
268
269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs->info, QOBJECT(server));
271
272 monitor_protocol_event(event, data);
273
274 qobject_incref(vs->info);
275 qobject_decref(data);
276 }
277
278 static void info_vnc_iter(QObject *obj, void *opaque)
279 {
280 QDict *client;
281 Monitor *mon = opaque;
282
283 client = qobject_to_qdict(obj);
284 monitor_printf(mon, "Client:\n");
285 monitor_printf(mon, " address: %s:%s\n",
286 qdict_get_str(client, "host"),
287 qdict_get_str(client, "service"));
288
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon, " x509_dname: %s\n",
291 qdict_haskey(client, "x509_dname") ?
292 qdict_get_str(client, "x509_dname") : "none");
293 #endif
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon, " username: %s\n",
296 qdict_haskey(client, "sasl_username") ?
297 qdict_get_str(client, "sasl_username") : "none");
298 #endif
299 }
300
301 void do_info_vnc_print(Monitor *mon, const QObject *data)
302 {
303 QDict *server;
304 QList *clients;
305
306 server = qobject_to_qdict(data);
307 if (qdict_get_bool(server, "enabled") == 0) {
308 monitor_printf(mon, "Server: disabled\n");
309 return;
310 }
311
312 monitor_printf(mon, "Server:\n");
313 monitor_printf(mon, " address: %s:%s\n",
314 qdict_get_str(server, "host"),
315 qdict_get_str(server, "service"));
316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
317
318 clients = qdict_get_qlist(server, "clients");
319 if (qlist_empty(clients)) {
320 monitor_printf(mon, "Client: none\n");
321 } else {
322 qlist_iter(clients, info_vnc_iter, mon);
323 }
324 }
325
326 void do_info_vnc(Monitor *mon, QObject **ret_data)
327 {
328 if (vnc_display == NULL || vnc_display->display == NULL) {
329 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
330 } else {
331 QList *clist;
332 VncState *client;
333
334 clist = qlist_new();
335 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
336 if (client->info) {
337 /* incref so that it's not freed by upper layers */
338 qobject_incref(client->info);
339 qlist_append_obj(clist, client->info);
340 }
341 }
342
343 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
344 QOBJECT(clist));
345 assert(*ret_data != NULL);
346
347 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
348 qobject_decref(*ret_data);
349 *ret_data = NULL;
350 }
351 }
352 }
353
354 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
355 return (vs->features & (1 << feature));
356 }
357
358 /* TODO
359 1) Get the queue working for IO.
360 2) there is some weirdness when using the -S option (the screen is grey
361 and not totally invalidated
362 3) resolutions > 1024
363 */
364
365 static int vnc_update_client(VncState *vs, int has_dirty);
366 static void vnc_disconnect_start(VncState *vs);
367 static void vnc_disconnect_finish(VncState *vs);
368 static void vnc_init_timer(VncDisplay *vd);
369 static void vnc_remove_timer(VncDisplay *vd);
370
371 static void vnc_colordepth(VncState *vs);
372 static void framebuffer_update_request(VncState *vs, int incremental,
373 int x_position, int y_position,
374 int w, int h);
375 static void vnc_refresh(void *opaque);
376 static int vnc_refresh_server_surface(VncDisplay *vd);
377
378 static inline void vnc_set_bit(uint32_t *d, int k)
379 {
380 d[k >> 5] |= 1 << (k & 0x1f);
381 }
382
383 static inline void vnc_clear_bit(uint32_t *d, int k)
384 {
385 d[k >> 5] &= ~(1 << (k & 0x1f));
386 }
387
388 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
389 {
390 int j;
391
392 j = 0;
393 while (n >= 32) {
394 d[j++] = -1;
395 n -= 32;
396 }
397 if (n > 0)
398 d[j++] = (1 << n) - 1;
399 while (j < nb_words)
400 d[j++] = 0;
401 }
402
403 static inline int vnc_get_bit(const uint32_t *d, int k)
404 {
405 return (d[k >> 5] >> (k & 0x1f)) & 1;
406 }
407
408 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
409 int nb_words)
410 {
411 int i;
412 for(i = 0; i < nb_words; i++) {
413 if ((d1[i] & d2[i]) != 0)
414 return 1;
415 }
416 return 0;
417 }
418
419 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
420 {
421 int i;
422 VncDisplay *vd = ds->opaque;
423 struct VncSurface *s = &vd->guest;
424
425 h += y;
426
427 /* round x down to ensure the loop only spans one 16-pixel block per,
428 iteration. otherwise, if (x % 16) != 0, the last iteration may span
429 two 16-pixel blocks but we only mark the first as dirty
430 */
431 w += (x % 16);
432 x -= (x % 16);
433
434 x = MIN(x, s->ds->width);
435 y = MIN(y, s->ds->height);
436 w = MIN(x + w, s->ds->width) - x;
437 h = MIN(h, s->ds->height);
438
439 for (; y < h; y++)
440 for (i = 0; i < w; i += 16)
441 vnc_set_bit(s->dirty[y], (x + i) / 16);
442 }
443
444 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
445 int32_t encoding)
446 {
447 vnc_write_u16(vs, x);
448 vnc_write_u16(vs, y);
449 vnc_write_u16(vs, w);
450 vnc_write_u16(vs, h);
451
452 vnc_write_s32(vs, encoding);
453 }
454
455 void buffer_reserve(Buffer *buffer, size_t len)
456 {
457 if ((buffer->capacity - buffer->offset) < len) {
458 buffer->capacity += (len + 1024);
459 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
460 if (buffer->buffer == NULL) {
461 fprintf(stderr, "vnc: out of memory\n");
462 exit(1);
463 }
464 }
465 }
466
467 int buffer_empty(Buffer *buffer)
468 {
469 return buffer->offset == 0;
470 }
471
472 uint8_t *buffer_end(Buffer *buffer)
473 {
474 return buffer->buffer + buffer->offset;
475 }
476
477 void buffer_reset(Buffer *buffer)
478 {
479 buffer->offset = 0;
480 }
481
482 void buffer_free(Buffer *buffer)
483 {
484 qemu_free(buffer->buffer);
485 buffer->offset = 0;
486 buffer->capacity = 0;
487 buffer->buffer = NULL;
488 }
489
490 void buffer_append(Buffer *buffer, const void *data, size_t len)
491 {
492 memcpy(buffer->buffer + buffer->offset, data, len);
493 buffer->offset += len;
494 }
495
496 static void vnc_desktop_resize(VncState *vs)
497 {
498 DisplayState *ds = vs->ds;
499
500 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
501 return;
502 }
503 if (vs->client_width == ds_get_width(ds) &&
504 vs->client_height == ds_get_height(ds)) {
505 return;
506 }
507 vs->client_width = ds_get_width(ds);
508 vs->client_height = ds_get_height(ds);
509 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
510 vnc_write_u8(vs, 0);
511 vnc_write_u16(vs, 1); /* number of rects */
512 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
513 VNC_ENCODING_DESKTOPRESIZE);
514 vnc_flush(vs);
515 }
516
517 static void vnc_dpy_resize(DisplayState *ds)
518 {
519 VncDisplay *vd = ds->opaque;
520 VncState *vs;
521
522 /* server surface */
523 if (!vd->server)
524 vd->server = qemu_mallocz(sizeof(*vd->server));
525 if (vd->server->data)
526 qemu_free(vd->server->data);
527 *(vd->server) = *(ds->surface);
528 vd->server->data = qemu_mallocz(vd->server->linesize *
529 vd->server->height);
530
531 /* guest surface */
532 if (!vd->guest.ds)
533 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
534 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
535 console_color_init(ds);
536 *(vd->guest.ds) = *(ds->surface);
537 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
538
539 QTAILQ_FOREACH(vs, &vd->clients, next) {
540 vnc_colordepth(vs);
541 vnc_desktop_resize(vs);
542 if (vs->vd->cursor) {
543 vnc_cursor_define(vs);
544 }
545 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
546 }
547 }
548
549 /* fastest code */
550 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
551 void *pixels, int size)
552 {
553 vnc_write(vs, pixels, size);
554 }
555
556 /* slowest but generic code. */
557 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
558 {
559 uint8_t r, g, b;
560 VncDisplay *vd = vs->vd;
561
562 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
563 vd->server->pf.rbits);
564 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
565 vd->server->pf.gbits);
566 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
567 vd->server->pf.bbits);
568 v = (r << vs->clientds.pf.rshift) |
569 (g << vs->clientds.pf.gshift) |
570 (b << vs->clientds.pf.bshift);
571 switch(vs->clientds.pf.bytes_per_pixel) {
572 case 1:
573 buf[0] = v;
574 break;
575 case 2:
576 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
577 buf[0] = v >> 8;
578 buf[1] = v;
579 } else {
580 buf[1] = v >> 8;
581 buf[0] = v;
582 }
583 break;
584 default:
585 case 4:
586 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
587 buf[0] = v >> 24;
588 buf[1] = v >> 16;
589 buf[2] = v >> 8;
590 buf[3] = v;
591 } else {
592 buf[3] = v >> 24;
593 buf[2] = v >> 16;
594 buf[1] = v >> 8;
595 buf[0] = v;
596 }
597 break;
598 }
599 }
600
601 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
602 void *pixels1, int size)
603 {
604 uint8_t buf[4];
605
606 if (pf->bytes_per_pixel == 4) {
607 uint32_t *pixels = pixels1;
608 int n, i;
609 n = size >> 2;
610 for(i = 0; i < n; i++) {
611 vnc_convert_pixel(vs, buf, pixels[i]);
612 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
613 }
614 } else if (pf->bytes_per_pixel == 2) {
615 uint16_t *pixels = pixels1;
616 int n, i;
617 n = size >> 1;
618 for(i = 0; i < n; i++) {
619 vnc_convert_pixel(vs, buf, pixels[i]);
620 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
621 }
622 } else if (pf->bytes_per_pixel == 1) {
623 uint8_t *pixels = pixels1;
624 int n, i;
625 n = size;
626 for(i = 0; i < n; i++) {
627 vnc_convert_pixel(vs, buf, pixels[i]);
628 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
629 }
630 } else {
631 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
632 }
633 }
634
635 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
636 {
637 int i;
638 uint8_t *row;
639 VncDisplay *vd = vs->vd;
640
641 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
642 for (i = 0; i < h; i++) {
643 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
644 row += ds_get_linesize(vs->ds);
645 }
646 return 1;
647 }
648
649 static int send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
650 {
651 int n = 0;
652
653 switch(vs->vnc_encoding) {
654 case VNC_ENCODING_ZLIB:
655 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
656 break;
657 case VNC_ENCODING_HEXTILE:
658 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
659 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
660 break;
661 case VNC_ENCODING_TIGHT:
662 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
663 break;
664 default:
665 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
666 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
667 break;
668 }
669 return n;
670 }
671
672 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
673 {
674 /* send bitblit op to the vnc client */
675 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
676 vnc_write_u8(vs, 0);
677 vnc_write_u16(vs, 1); /* number of rects */
678 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
679 vnc_write_u16(vs, src_x);
680 vnc_write_u16(vs, src_y);
681 vnc_flush(vs);
682 }
683
684 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
685 {
686 VncDisplay *vd = ds->opaque;
687 VncState *vs, *vn;
688 uint8_t *src_row;
689 uint8_t *dst_row;
690 int i,x,y,pitch,depth,inc,w_lim,s;
691 int cmp_bytes;
692
693 vnc_refresh_server_surface(vd);
694 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
695 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
696 vs->force_update = 1;
697 vnc_update_client(vs, 1);
698 /* vs might be free()ed here */
699 }
700 }
701
702 /* do bitblit op on the local surface too */
703 pitch = ds_get_linesize(vd->ds);
704 depth = ds_get_bytes_per_pixel(vd->ds);
705 src_row = vd->server->data + pitch * src_y + depth * src_x;
706 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
707 y = dst_y;
708 inc = 1;
709 if (dst_y > src_y) {
710 /* copy backwards */
711 src_row += pitch * (h-1);
712 dst_row += pitch * (h-1);
713 pitch = -pitch;
714 y = dst_y + h - 1;
715 inc = -1;
716 }
717 w_lim = w - (16 - (dst_x % 16));
718 if (w_lim < 0)
719 w_lim = w;
720 else
721 w_lim = w - (w_lim % 16);
722 for (i = 0; i < h; i++) {
723 for (x = 0; x <= w_lim;
724 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
725 if (x == w_lim) {
726 if ((s = w - w_lim) == 0)
727 break;
728 } else if (!x) {
729 s = (16 - (dst_x % 16));
730 s = MIN(s, w_lim);
731 } else {
732 s = 16;
733 }
734 cmp_bytes = s * depth;
735 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
736 continue;
737 memmove(dst_row, src_row, cmp_bytes);
738 QTAILQ_FOREACH(vs, &vd->clients, next) {
739 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
740 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
741 }
742 }
743 }
744 src_row += pitch - w * depth;
745 dst_row += pitch - w * depth;
746 y += inc;
747 }
748
749 QTAILQ_FOREACH(vs, &vd->clients, next) {
750 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
751 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
752 }
753 }
754 }
755
756 static void vnc_mouse_set(int x, int y, int visible)
757 {
758 /* can we ask the client(s) to move the pointer ??? */
759 }
760
761 static int vnc_cursor_define(VncState *vs)
762 {
763 QEMUCursor *c = vs->vd->cursor;
764 PixelFormat pf = qemu_default_pixelformat(32);
765 int isize;
766
767 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
768 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
769 vnc_write_u8(vs, 0); /* padding */
770 vnc_write_u16(vs, 1); /* # of rects */
771 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
772 VNC_ENCODING_RICH_CURSOR);
773 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
774 vnc_write_pixels_generic(vs, &pf, c->data, isize);
775 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
776 return 0;
777 }
778 return -1;
779 }
780
781 static void vnc_dpy_cursor_define(QEMUCursor *c)
782 {
783 VncDisplay *vd = vnc_display;
784 VncState *vs;
785
786 cursor_put(vd->cursor);
787 qemu_free(vd->cursor_mask);
788
789 vd->cursor = c;
790 cursor_get(vd->cursor);
791 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
792 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
793 cursor_get_mono_mask(c, 0, vd->cursor_mask);
794
795 QTAILQ_FOREACH(vs, &vd->clients, next) {
796 vnc_cursor_define(vs);
797 }
798 }
799
800 static int find_and_clear_dirty_height(struct VncState *vs,
801 int y, int last_x, int x)
802 {
803 int h;
804 VncDisplay *vd = vs->vd;
805
806 for (h = 1; h < (vd->server->height - y); h++) {
807 int tmp_x;
808 if (!vnc_get_bit(vs->dirty[y + h], last_x))
809 break;
810 for (tmp_x = last_x; tmp_x < x; tmp_x++)
811 vnc_clear_bit(vs->dirty[y + h], tmp_x);
812 }
813
814 return h;
815 }
816
817 static int vnc_update_client(VncState *vs, int has_dirty)
818 {
819 if (vs->need_update && vs->csock != -1) {
820 VncDisplay *vd = vs->vd;
821 int y;
822 int n_rectangles;
823 int saved_offset;
824 int width, height;
825 int n;
826
827 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
828 /* kernel send buffers are full -> drop frames to throttle */
829 return 0;
830
831 if (!has_dirty && !vs->audio_cap && !vs->force_update)
832 return 0;
833
834 /*
835 * Send screen updates to the vnc client using the server
836 * surface and server dirty map. guest surface updates
837 * happening in parallel don't disturb us, the next pass will
838 * send them to the client.
839 */
840 n_rectangles = 0;
841 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
842 vnc_write_u8(vs, 0);
843 saved_offset = vs->output.offset;
844 vnc_write_u16(vs, 0);
845
846 width = MIN(vd->server->width, vs->client_width);
847 height = MIN(vd->server->height, vs->client_height);
848
849 for (y = 0; y < height; y++) {
850 int x;
851 int last_x = -1;
852 for (x = 0; x < width / 16; x++) {
853 if (vnc_get_bit(vs->dirty[y], x)) {
854 if (last_x == -1) {
855 last_x = x;
856 }
857 vnc_clear_bit(vs->dirty[y], x);
858 } else {
859 if (last_x != -1) {
860 int h = find_and_clear_dirty_height(vs, y, last_x, x);
861 n = send_framebuffer_update(vs, last_x * 16, y,
862 (x - last_x) * 16, h);
863 n_rectangles += n;
864 }
865 last_x = -1;
866 }
867 }
868 if (last_x != -1) {
869 int h = find_and_clear_dirty_height(vs, y, last_x, x);
870 n = send_framebuffer_update(vs, last_x * 16, y,
871 (x - last_x) * 16, h);
872 n_rectangles += n;
873 }
874 }
875 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
876 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
877 vnc_flush(vs);
878 vs->force_update = 0;
879 return n_rectangles;
880 }
881
882 if (vs->csock == -1)
883 vnc_disconnect_finish(vs);
884
885 return 0;
886 }
887
888 /* audio */
889 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
890 {
891 VncState *vs = opaque;
892
893 switch (cmd) {
894 case AUD_CNOTIFY_DISABLE:
895 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
896 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
897 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
898 vnc_flush(vs);
899 break;
900
901 case AUD_CNOTIFY_ENABLE:
902 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
903 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
904 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
905 vnc_flush(vs);
906 break;
907 }
908 }
909
910 static void audio_capture_destroy(void *opaque)
911 {
912 }
913
914 static void audio_capture(void *opaque, void *buf, int size)
915 {
916 VncState *vs = opaque;
917
918 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
919 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
920 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
921 vnc_write_u32(vs, size);
922 vnc_write(vs, buf, size);
923 vnc_flush(vs);
924 }
925
926 static void audio_add(VncState *vs)
927 {
928 struct audio_capture_ops ops;
929
930 if (vs->audio_cap) {
931 monitor_printf(default_mon, "audio already running\n");
932 return;
933 }
934
935 ops.notify = audio_capture_notify;
936 ops.destroy = audio_capture_destroy;
937 ops.capture = audio_capture;
938
939 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
940 if (!vs->audio_cap) {
941 monitor_printf(default_mon, "Failed to add audio capture\n");
942 }
943 }
944
945 static void audio_del(VncState *vs)
946 {
947 if (vs->audio_cap) {
948 AUD_del_capture(vs->audio_cap, vs);
949 vs->audio_cap = NULL;
950 }
951 }
952
953 static void vnc_disconnect_start(VncState *vs)
954 {
955 if (vs->csock == -1)
956 return;
957 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
958 closesocket(vs->csock);
959 vs->csock = -1;
960 }
961
962 static void vnc_disconnect_finish(VncState *vs)
963 {
964 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
965
966 buffer_free(&vs->input);
967 buffer_free(&vs->output);
968
969 qobject_decref(vs->info);
970
971 vnc_zlib_clear(vs);
972 vnc_tight_clear(vs);
973
974 #ifdef CONFIG_VNC_TLS
975 vnc_tls_client_cleanup(vs);
976 #endif /* CONFIG_VNC_TLS */
977 #ifdef CONFIG_VNC_SASL
978 vnc_sasl_client_cleanup(vs);
979 #endif /* CONFIG_VNC_SASL */
980 audio_del(vs);
981
982 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
983
984 if (QTAILQ_EMPTY(&vs->vd->clients)) {
985 dcl->idle = 1;
986 }
987
988 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
989 vnc_remove_timer(vs->vd);
990 if (vs->vd->lock_key_sync)
991 qemu_remove_led_event_handler(vs->led);
992 qemu_free(vs);
993 }
994
995 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
996 {
997 if (ret == 0 || ret == -1) {
998 if (ret == -1) {
999 switch (last_errno) {
1000 case EINTR:
1001 case EAGAIN:
1002 #ifdef _WIN32
1003 case WSAEWOULDBLOCK:
1004 #endif
1005 return 0;
1006 default:
1007 break;
1008 }
1009 }
1010
1011 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1012 ret, ret < 0 ? last_errno : 0);
1013 vnc_disconnect_start(vs);
1014
1015 return 0;
1016 }
1017 return ret;
1018 }
1019
1020
1021 void vnc_client_error(VncState *vs)
1022 {
1023 VNC_DEBUG("Closing down client sock: protocol error\n");
1024 vnc_disconnect_start(vs);
1025 }
1026
1027
1028 /*
1029 * Called to write a chunk of data to the client socket. The data may
1030 * be the raw data, or may have already been encoded by SASL.
1031 * The data will be written either straight onto the socket, or
1032 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1033 *
1034 * NB, it is theoretically possible to have 2 layers of encryption,
1035 * both SASL, and this TLS layer. It is highly unlikely in practice
1036 * though, since SASL encryption will typically be a no-op if TLS
1037 * is active
1038 *
1039 * Returns the number of bytes written, which may be less than
1040 * the requested 'datalen' if the socket would block. Returns
1041 * -1 on error, and disconnects the client socket.
1042 */
1043 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1044 {
1045 long ret;
1046 #ifdef CONFIG_VNC_TLS
1047 if (vs->tls.session) {
1048 ret = gnutls_write(vs->tls.session, data, datalen);
1049 if (ret < 0) {
1050 if (ret == GNUTLS_E_AGAIN)
1051 errno = EAGAIN;
1052 else
1053 errno = EIO;
1054 ret = -1;
1055 }
1056 } else
1057 #endif /* CONFIG_VNC_TLS */
1058 ret = send(vs->csock, (const void *)data, datalen, 0);
1059 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1060 return vnc_client_io_error(vs, ret, socket_error());
1061 }
1062
1063
1064 /*
1065 * Called to write buffered data to the client socket, when not
1066 * using any SASL SSF encryption layers. Will write as much data
1067 * as possible without blocking. If all buffered data is written,
1068 * will switch the FD poll() handler back to read monitoring.
1069 *
1070 * Returns the number of bytes written, which may be less than
1071 * the buffered output data if the socket would block. Returns
1072 * -1 on error, and disconnects the client socket.
1073 */
1074 static long vnc_client_write_plain(VncState *vs)
1075 {
1076 long ret;
1077
1078 #ifdef CONFIG_VNC_SASL
1079 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1080 vs->output.buffer, vs->output.capacity, vs->output.offset,
1081 vs->sasl.waitWriteSSF);
1082
1083 if (vs->sasl.conn &&
1084 vs->sasl.runSSF &&
1085 vs->sasl.waitWriteSSF) {
1086 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1087 if (ret)
1088 vs->sasl.waitWriteSSF -= ret;
1089 } else
1090 #endif /* CONFIG_VNC_SASL */
1091 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1092 if (!ret)
1093 return 0;
1094
1095 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1096 vs->output.offset -= ret;
1097
1098 if (vs->output.offset == 0) {
1099 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1100 }
1101
1102 return ret;
1103 }
1104
1105
1106 /*
1107 * First function called whenever there is data to be written to
1108 * the client socket. Will delegate actual work according to whether
1109 * SASL SSF layers are enabled (thus requiring encryption calls)
1110 */
1111 void vnc_client_write(void *opaque)
1112 {
1113 VncState *vs = opaque;
1114
1115 #ifdef CONFIG_VNC_SASL
1116 if (vs->sasl.conn &&
1117 vs->sasl.runSSF &&
1118 !vs->sasl.waitWriteSSF) {
1119 vnc_client_write_sasl(vs);
1120 } else
1121 #endif /* CONFIG_VNC_SASL */
1122 vnc_client_write_plain(vs);
1123 }
1124
1125 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1126 {
1127 vs->read_handler = func;
1128 vs->read_handler_expect = expecting;
1129 }
1130
1131
1132 /*
1133 * Called to read a chunk of data from the client socket. The data may
1134 * be the raw data, or may need to be further decoded by SASL.
1135 * The data will be read either straight from to the socket, or
1136 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1137 *
1138 * NB, it is theoretically possible to have 2 layers of encryption,
1139 * both SASL, and this TLS layer. It is highly unlikely in practice
1140 * though, since SASL encryption will typically be a no-op if TLS
1141 * is active
1142 *
1143 * Returns the number of bytes read, which may be less than
1144 * the requested 'datalen' if the socket would block. Returns
1145 * -1 on error, and disconnects the client socket.
1146 */
1147 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1148 {
1149 long ret;
1150 #ifdef CONFIG_VNC_TLS
1151 if (vs->tls.session) {
1152 ret = gnutls_read(vs->tls.session, data, datalen);
1153 if (ret < 0) {
1154 if (ret == GNUTLS_E_AGAIN)
1155 errno = EAGAIN;
1156 else
1157 errno = EIO;
1158 ret = -1;
1159 }
1160 } else
1161 #endif /* CONFIG_VNC_TLS */
1162 ret = recv(vs->csock, (void *)data, datalen, 0);
1163 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1164 return vnc_client_io_error(vs, ret, socket_error());
1165 }
1166
1167
1168 /*
1169 * Called to read data from the client socket to the input buffer,
1170 * when not using any SASL SSF encryption layers. Will read as much
1171 * data as possible without blocking.
1172 *
1173 * Returns the number of bytes read. Returns -1 on error, and
1174 * disconnects the client socket.
1175 */
1176 static long vnc_client_read_plain(VncState *vs)
1177 {
1178 int ret;
1179 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1180 vs->input.buffer, vs->input.capacity, vs->input.offset);
1181 buffer_reserve(&vs->input, 4096);
1182 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1183 if (!ret)
1184 return 0;
1185 vs->input.offset += ret;
1186 return ret;
1187 }
1188
1189
1190 /*
1191 * First function called whenever there is more data to be read from
1192 * the client socket. Will delegate actual work according to whether
1193 * SASL SSF layers are enabled (thus requiring decryption calls)
1194 */
1195 void vnc_client_read(void *opaque)
1196 {
1197 VncState *vs = opaque;
1198 long ret;
1199
1200 #ifdef CONFIG_VNC_SASL
1201 if (vs->sasl.conn && vs->sasl.runSSF)
1202 ret = vnc_client_read_sasl(vs);
1203 else
1204 #endif /* CONFIG_VNC_SASL */
1205 ret = vnc_client_read_plain(vs);
1206 if (!ret) {
1207 if (vs->csock == -1)
1208 vnc_disconnect_finish(vs);
1209 return;
1210 }
1211
1212 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1213 size_t len = vs->read_handler_expect;
1214 int ret;
1215
1216 ret = vs->read_handler(vs, vs->input.buffer, len);
1217 if (vs->csock == -1) {
1218 vnc_disconnect_finish(vs);
1219 return;
1220 }
1221
1222 if (!ret) {
1223 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1224 vs->input.offset -= len;
1225 } else {
1226 vs->read_handler_expect = ret;
1227 }
1228 }
1229 }
1230
1231 void vnc_write(VncState *vs, const void *data, size_t len)
1232 {
1233 buffer_reserve(&vs->output, len);
1234
1235 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1236 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1237 }
1238
1239 buffer_append(&vs->output, data, len);
1240 }
1241
1242 void vnc_write_s32(VncState *vs, int32_t value)
1243 {
1244 vnc_write_u32(vs, *(uint32_t *)&value);
1245 }
1246
1247 void vnc_write_u32(VncState *vs, uint32_t value)
1248 {
1249 uint8_t buf[4];
1250
1251 buf[0] = (value >> 24) & 0xFF;
1252 buf[1] = (value >> 16) & 0xFF;
1253 buf[2] = (value >> 8) & 0xFF;
1254 buf[3] = value & 0xFF;
1255
1256 vnc_write(vs, buf, 4);
1257 }
1258
1259 void vnc_write_u16(VncState *vs, uint16_t value)
1260 {
1261 uint8_t buf[2];
1262
1263 buf[0] = (value >> 8) & 0xFF;
1264 buf[1] = value & 0xFF;
1265
1266 vnc_write(vs, buf, 2);
1267 }
1268
1269 void vnc_write_u8(VncState *vs, uint8_t value)
1270 {
1271 vnc_write(vs, (char *)&value, 1);
1272 }
1273
1274 void vnc_flush(VncState *vs)
1275 {
1276 if (vs->csock != -1 && vs->output.offset)
1277 vnc_client_write(vs);
1278 }
1279
1280 uint8_t read_u8(uint8_t *data, size_t offset)
1281 {
1282 return data[offset];
1283 }
1284
1285 uint16_t read_u16(uint8_t *data, size_t offset)
1286 {
1287 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1288 }
1289
1290 int32_t read_s32(uint8_t *data, size_t offset)
1291 {
1292 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1293 (data[offset + 2] << 8) | data[offset + 3]);
1294 }
1295
1296 uint32_t read_u32(uint8_t *data, size_t offset)
1297 {
1298 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1299 (data[offset + 2] << 8) | data[offset + 3]);
1300 }
1301
1302 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1303 {
1304 }
1305
1306 static void check_pointer_type_change(Notifier *notifier)
1307 {
1308 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1309 int absolute = kbd_mouse_is_absolute();
1310
1311 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1312 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1313 vnc_write_u8(vs, 0);
1314 vnc_write_u16(vs, 1);
1315 vnc_framebuffer_update(vs, absolute, 0,
1316 ds_get_width(vs->ds), ds_get_height(vs->ds),
1317 VNC_ENCODING_POINTER_TYPE_CHANGE);
1318 vnc_flush(vs);
1319 }
1320 vs->absolute = absolute;
1321 }
1322
1323 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1324 {
1325 int buttons = 0;
1326 int dz = 0;
1327
1328 if (button_mask & 0x01)
1329 buttons |= MOUSE_EVENT_LBUTTON;
1330 if (button_mask & 0x02)
1331 buttons |= MOUSE_EVENT_MBUTTON;
1332 if (button_mask & 0x04)
1333 buttons |= MOUSE_EVENT_RBUTTON;
1334 if (button_mask & 0x08)
1335 dz = -1;
1336 if (button_mask & 0x10)
1337 dz = 1;
1338
1339 if (vs->absolute) {
1340 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1341 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1342 ds_get_height(vs->ds) > 1 ?
1343 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1344 dz, buttons);
1345 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1346 x -= 0x7FFF;
1347 y -= 0x7FFF;
1348
1349 kbd_mouse_event(x, y, dz, buttons);
1350 } else {
1351 if (vs->last_x != -1)
1352 kbd_mouse_event(x - vs->last_x,
1353 y - vs->last_y,
1354 dz, buttons);
1355 vs->last_x = x;
1356 vs->last_y = y;
1357 }
1358 }
1359
1360 static void reset_keys(VncState *vs)
1361 {
1362 int i;
1363 for(i = 0; i < 256; i++) {
1364 if (vs->modifiers_state[i]) {
1365 if (i & SCANCODE_GREY)
1366 kbd_put_keycode(SCANCODE_EMUL0);
1367 kbd_put_keycode(i | SCANCODE_UP);
1368 vs->modifiers_state[i] = 0;
1369 }
1370 }
1371 }
1372
1373 static void press_key(VncState *vs, int keysym)
1374 {
1375 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1376 if (keycode & SCANCODE_GREY)
1377 kbd_put_keycode(SCANCODE_EMUL0);
1378 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1379 if (keycode & SCANCODE_GREY)
1380 kbd_put_keycode(SCANCODE_EMUL0);
1381 kbd_put_keycode(keycode | SCANCODE_UP);
1382 }
1383
1384 static void kbd_leds(void *opaque, int ledstate)
1385 {
1386 VncState *vs = opaque;
1387 int caps, num;
1388
1389 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1390 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1391
1392 if (vs->modifiers_state[0x3a] != caps) {
1393 vs->modifiers_state[0x3a] = caps;
1394 }
1395 if (vs->modifiers_state[0x45] != num) {
1396 vs->modifiers_state[0x45] = num;
1397 }
1398 }
1399
1400 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1401 {
1402 /* QEMU console switch */
1403 switch(keycode) {
1404 case 0x2a: /* Left Shift */
1405 case 0x36: /* Right Shift */
1406 case 0x1d: /* Left CTRL */
1407 case 0x9d: /* Right CTRL */
1408 case 0x38: /* Left ALT */
1409 case 0xb8: /* Right ALT */
1410 if (down)
1411 vs->modifiers_state[keycode] = 1;
1412 else
1413 vs->modifiers_state[keycode] = 0;
1414 break;
1415 case 0x02 ... 0x0a: /* '1' to '9' keys */
1416 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1417 /* Reset the modifiers sent to the current console */
1418 reset_keys(vs);
1419 console_select(keycode - 0x02);
1420 return;
1421 }
1422 break;
1423 case 0x3a: /* CapsLock */
1424 case 0x45: /* NumLock */
1425 if (down)
1426 vs->modifiers_state[keycode] ^= 1;
1427 break;
1428 }
1429
1430 if (vs->vd->lock_key_sync &&
1431 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1432 /* If the numlock state needs to change then simulate an additional
1433 keypress before sending this one. This will happen if the user
1434 toggles numlock away from the VNC window.
1435 */
1436 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1437 if (!vs->modifiers_state[0x45]) {
1438 vs->modifiers_state[0x45] = 1;
1439 press_key(vs, 0xff7f);
1440 }
1441 } else {
1442 if (vs->modifiers_state[0x45]) {
1443 vs->modifiers_state[0x45] = 0;
1444 press_key(vs, 0xff7f);
1445 }
1446 }
1447 }
1448
1449 if (vs->vd->lock_key_sync &&
1450 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1451 /* If the capslock state needs to change then simulate an additional
1452 keypress before sending this one. This will happen if the user
1453 toggles capslock away from the VNC window.
1454 */
1455 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1456 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1457 int capslock = !!(vs->modifiers_state[0x3a]);
1458 if (capslock) {
1459 if (uppercase == shift) {
1460 vs->modifiers_state[0x3a] = 0;
1461 press_key(vs, 0xffe5);
1462 }
1463 } else {
1464 if (uppercase != shift) {
1465 vs->modifiers_state[0x3a] = 1;
1466 press_key(vs, 0xffe5);
1467 }
1468 }
1469 }
1470
1471 if (is_graphic_console()) {
1472 if (keycode & SCANCODE_GREY)
1473 kbd_put_keycode(SCANCODE_EMUL0);
1474 if (down)
1475 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1476 else
1477 kbd_put_keycode(keycode | SCANCODE_UP);
1478 } else {
1479 /* QEMU console emulation */
1480 if (down) {
1481 int numlock = vs->modifiers_state[0x45];
1482 switch (keycode) {
1483 case 0x2a: /* Left Shift */
1484 case 0x36: /* Right Shift */
1485 case 0x1d: /* Left CTRL */
1486 case 0x9d: /* Right CTRL */
1487 case 0x38: /* Left ALT */
1488 case 0xb8: /* Right ALT */
1489 break;
1490 case 0xc8:
1491 kbd_put_keysym(QEMU_KEY_UP);
1492 break;
1493 case 0xd0:
1494 kbd_put_keysym(QEMU_KEY_DOWN);
1495 break;
1496 case 0xcb:
1497 kbd_put_keysym(QEMU_KEY_LEFT);
1498 break;
1499 case 0xcd:
1500 kbd_put_keysym(QEMU_KEY_RIGHT);
1501 break;
1502 case 0xd3:
1503 kbd_put_keysym(QEMU_KEY_DELETE);
1504 break;
1505 case 0xc7:
1506 kbd_put_keysym(QEMU_KEY_HOME);
1507 break;
1508 case 0xcf:
1509 kbd_put_keysym(QEMU_KEY_END);
1510 break;
1511 case 0xc9:
1512 kbd_put_keysym(QEMU_KEY_PAGEUP);
1513 break;
1514 case 0xd1:
1515 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1516 break;
1517
1518 case 0x47:
1519 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1520 break;
1521 case 0x48:
1522 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1523 break;
1524 case 0x49:
1525 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1526 break;
1527 case 0x4b:
1528 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1529 break;
1530 case 0x4c:
1531 kbd_put_keysym('5');
1532 break;
1533 case 0x4d:
1534 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1535 break;
1536 case 0x4f:
1537 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1538 break;
1539 case 0x50:
1540 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1541 break;
1542 case 0x51:
1543 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1544 break;
1545 case 0x52:
1546 kbd_put_keysym('0');
1547 break;
1548 case 0x53:
1549 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1550 break;
1551
1552 case 0xb5:
1553 kbd_put_keysym('/');
1554 break;
1555 case 0x37:
1556 kbd_put_keysym('*');
1557 break;
1558 case 0x4a:
1559 kbd_put_keysym('-');
1560 break;
1561 case 0x4e:
1562 kbd_put_keysym('+');
1563 break;
1564 case 0x9c:
1565 kbd_put_keysym('\n');
1566 break;
1567
1568 default:
1569 kbd_put_keysym(sym);
1570 break;
1571 }
1572 }
1573 }
1574 }
1575
1576 static void key_event(VncState *vs, int down, uint32_t sym)
1577 {
1578 int keycode;
1579 int lsym = sym;
1580
1581 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1582 lsym = lsym - 'A' + 'a';
1583 }
1584
1585 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1586 do_key_event(vs, down, keycode, sym);
1587 }
1588
1589 static void ext_key_event(VncState *vs, int down,
1590 uint32_t sym, uint16_t keycode)
1591 {
1592 /* if the user specifies a keyboard layout, always use it */
1593 if (keyboard_layout)
1594 key_event(vs, down, sym);
1595 else
1596 do_key_event(vs, down, keycode, sym);
1597 }
1598
1599 static void framebuffer_update_request(VncState *vs, int incremental,
1600 int x_position, int y_position,
1601 int w, int h)
1602 {
1603 if (y_position > ds_get_height(vs->ds))
1604 y_position = ds_get_height(vs->ds);
1605 if (y_position + h >= ds_get_height(vs->ds))
1606 h = ds_get_height(vs->ds) - y_position;
1607
1608 int i;
1609 vs->need_update = 1;
1610 if (!incremental) {
1611 vs->force_update = 1;
1612 for (i = 0; i < h; i++) {
1613 vnc_set_bits(vs->dirty[y_position + i],
1614 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1615 }
1616 }
1617 }
1618
1619 static void send_ext_key_event_ack(VncState *vs)
1620 {
1621 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1622 vnc_write_u8(vs, 0);
1623 vnc_write_u16(vs, 1);
1624 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1625 VNC_ENCODING_EXT_KEY_EVENT);
1626 vnc_flush(vs);
1627 }
1628
1629 static void send_ext_audio_ack(VncState *vs)
1630 {
1631 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1632 vnc_write_u8(vs, 0);
1633 vnc_write_u16(vs, 1);
1634 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1635 VNC_ENCODING_AUDIO);
1636 vnc_flush(vs);
1637 }
1638
1639 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1640 {
1641 int i;
1642 unsigned int enc = 0;
1643
1644 vs->features = 0;
1645 vs->vnc_encoding = 0;
1646 vs->tight_compression = 9;
1647 vs->tight_quality = 9;
1648 vs->absolute = -1;
1649
1650 /*
1651 * Start from the end because the encodings are sent in order of preference.
1652 * This way the prefered encoding (first encoding defined in the array)
1653 * will be set at the end of the loop.
1654 */
1655 for (i = n_encodings - 1; i >= 0; i--) {
1656 enc = encodings[i];
1657 switch (enc) {
1658 case VNC_ENCODING_RAW:
1659 vs->vnc_encoding = enc;
1660 break;
1661 case VNC_ENCODING_COPYRECT:
1662 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1663 break;
1664 case VNC_ENCODING_HEXTILE:
1665 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1666 vs->vnc_encoding = enc;
1667 break;
1668 case VNC_ENCODING_TIGHT:
1669 vs->features |= VNC_FEATURE_TIGHT_MASK;
1670 vs->vnc_encoding = enc;
1671 break;
1672 case VNC_ENCODING_ZLIB:
1673 vs->features |= VNC_FEATURE_ZLIB_MASK;
1674 vs->vnc_encoding = enc;
1675 break;
1676 case VNC_ENCODING_DESKTOPRESIZE:
1677 vs->features |= VNC_FEATURE_RESIZE_MASK;
1678 break;
1679 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1680 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1681 break;
1682 case VNC_ENCODING_RICH_CURSOR:
1683 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1684 break;
1685 case VNC_ENCODING_EXT_KEY_EVENT:
1686 send_ext_key_event_ack(vs);
1687 break;
1688 case VNC_ENCODING_AUDIO:
1689 send_ext_audio_ack(vs);
1690 break;
1691 case VNC_ENCODING_WMVi:
1692 vs->features |= VNC_FEATURE_WMVI_MASK;
1693 break;
1694 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1695 vs->tight_compression = (enc & 0x0F);
1696 break;
1697 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1698 vs->tight_quality = (enc & 0x0F);
1699 break;
1700 default:
1701 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1702 break;
1703 }
1704 }
1705 vnc_desktop_resize(vs);
1706 check_pointer_type_change(&vs->mouse_mode_notifier);
1707 }
1708
1709 static void set_pixel_conversion(VncState *vs)
1710 {
1711 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1712 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1713 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1714 vs->write_pixels = vnc_write_pixels_copy;
1715 vnc_hextile_set_pixel_conversion(vs, 0);
1716 } else {
1717 vs->write_pixels = vnc_write_pixels_generic;
1718 vnc_hextile_set_pixel_conversion(vs, 1);
1719 }
1720 }
1721
1722 static void set_pixel_format(VncState *vs,
1723 int bits_per_pixel, int depth,
1724 int big_endian_flag, int true_color_flag,
1725 int red_max, int green_max, int blue_max,
1726 int red_shift, int green_shift, int blue_shift)
1727 {
1728 if (!true_color_flag) {
1729 vnc_client_error(vs);
1730 return;
1731 }
1732
1733 vs->clientds = *(vs->vd->guest.ds);
1734 vs->clientds.pf.rmax = red_max;
1735 count_bits(vs->clientds.pf.rbits, red_max);
1736 vs->clientds.pf.rshift = red_shift;
1737 vs->clientds.pf.rmask = red_max << red_shift;
1738 vs->clientds.pf.gmax = green_max;
1739 count_bits(vs->clientds.pf.gbits, green_max);
1740 vs->clientds.pf.gshift = green_shift;
1741 vs->clientds.pf.gmask = green_max << green_shift;
1742 vs->clientds.pf.bmax = blue_max;
1743 count_bits(vs->clientds.pf.bbits, blue_max);
1744 vs->clientds.pf.bshift = blue_shift;
1745 vs->clientds.pf.bmask = blue_max << blue_shift;
1746 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1747 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1748 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1749 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1750
1751 set_pixel_conversion(vs);
1752
1753 vga_hw_invalidate();
1754 vga_hw_update();
1755 }
1756
1757 static void pixel_format_message (VncState *vs) {
1758 char pad[3] = { 0, 0, 0 };
1759
1760 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1761 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1762
1763 #ifdef HOST_WORDS_BIGENDIAN
1764 vnc_write_u8(vs, 1); /* big-endian-flag */
1765 #else
1766 vnc_write_u8(vs, 0); /* big-endian-flag */
1767 #endif
1768 vnc_write_u8(vs, 1); /* true-color-flag */
1769 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1770 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1771 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1772 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1773 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1774 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1775
1776 vnc_hextile_set_pixel_conversion(vs, 0);
1777
1778 vs->clientds = *(vs->ds->surface);
1779 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1780 vs->write_pixels = vnc_write_pixels_copy;
1781
1782 vnc_write(vs, pad, 3); /* padding */
1783 }
1784
1785 static void vnc_dpy_setdata(DisplayState *ds)
1786 {
1787 /* We don't have to do anything */
1788 }
1789
1790 static void vnc_colordepth(VncState *vs)
1791 {
1792 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1793 /* Sending a WMVi message to notify the client*/
1794 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1795 vnc_write_u8(vs, 0);
1796 vnc_write_u16(vs, 1); /* number of rects */
1797 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1798 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1799 pixel_format_message(vs);
1800 vnc_flush(vs);
1801 } else {
1802 set_pixel_conversion(vs);
1803 }
1804 }
1805
1806 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1807 {
1808 int i;
1809 uint16_t limit;
1810 VncDisplay *vd = vs->vd;
1811
1812 if (data[0] > 3) {
1813 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1814 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1815 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1816 }
1817
1818 switch (data[0]) {
1819 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1820 if (len == 1)
1821 return 20;
1822
1823 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1824 read_u8(data, 6), read_u8(data, 7),
1825 read_u16(data, 8), read_u16(data, 10),
1826 read_u16(data, 12), read_u8(data, 14),
1827 read_u8(data, 15), read_u8(data, 16));
1828 break;
1829 case VNC_MSG_CLIENT_SET_ENCODINGS:
1830 if (len == 1)
1831 return 4;
1832
1833 if (len == 4) {
1834 limit = read_u16(data, 2);
1835 if (limit > 0)
1836 return 4 + (limit * 4);
1837 } else
1838 limit = read_u16(data, 2);
1839
1840 for (i = 0; i < limit; i++) {
1841 int32_t val = read_s32(data, 4 + (i * 4));
1842 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1843 }
1844
1845 set_encodings(vs, (int32_t *)(data + 4), limit);
1846 break;
1847 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1848 if (len == 1)
1849 return 10;
1850
1851 framebuffer_update_request(vs,
1852 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1853 read_u16(data, 6), read_u16(data, 8));
1854 break;
1855 case VNC_MSG_CLIENT_KEY_EVENT:
1856 if (len == 1)
1857 return 8;
1858
1859 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1860 break;
1861 case VNC_MSG_CLIENT_POINTER_EVENT:
1862 if (len == 1)
1863 return 6;
1864
1865 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1866 break;
1867 case VNC_MSG_CLIENT_CUT_TEXT:
1868 if (len == 1)
1869 return 8;
1870
1871 if (len == 8) {
1872 uint32_t dlen = read_u32(data, 4);
1873 if (dlen > 0)
1874 return 8 + dlen;
1875 }
1876
1877 client_cut_text(vs, read_u32(data, 4), data + 8);
1878 break;
1879 case VNC_MSG_CLIENT_QEMU:
1880 if (len == 1)
1881 return 2;
1882
1883 switch (read_u8(data, 1)) {
1884 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1885 if (len == 2)
1886 return 12;
1887
1888 ext_key_event(vs, read_u16(data, 2),
1889 read_u32(data, 4), read_u32(data, 8));
1890 break;
1891 case VNC_MSG_CLIENT_QEMU_AUDIO:
1892 if (len == 2)
1893 return 4;
1894
1895 switch (read_u16 (data, 2)) {
1896 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1897 audio_add(vs);
1898 break;
1899 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1900 audio_del(vs);
1901 break;
1902 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1903 if (len == 4)
1904 return 10;
1905 switch (read_u8(data, 4)) {
1906 case 0: vs->as.fmt = AUD_FMT_U8; break;
1907 case 1: vs->as.fmt = AUD_FMT_S8; break;
1908 case 2: vs->as.fmt = AUD_FMT_U16; break;
1909 case 3: vs->as.fmt = AUD_FMT_S16; break;
1910 case 4: vs->as.fmt = AUD_FMT_U32; break;
1911 case 5: vs->as.fmt = AUD_FMT_S32; break;
1912 default:
1913 printf("Invalid audio format %d\n", read_u8(data, 4));
1914 vnc_client_error(vs);
1915 break;
1916 }
1917 vs->as.nchannels = read_u8(data, 5);
1918 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1919 printf("Invalid audio channel coount %d\n",
1920 read_u8(data, 5));
1921 vnc_client_error(vs);
1922 break;
1923 }
1924 vs->as.freq = read_u32(data, 6);
1925 break;
1926 default:
1927 printf ("Invalid audio message %d\n", read_u8(data, 4));
1928 vnc_client_error(vs);
1929 break;
1930 }
1931 break;
1932
1933 default:
1934 printf("Msg: %d\n", read_u16(data, 0));
1935 vnc_client_error(vs);
1936 break;
1937 }
1938 break;
1939 default:
1940 printf("Msg: %d\n", data[0]);
1941 vnc_client_error(vs);
1942 break;
1943 }
1944
1945 vnc_read_when(vs, protocol_client_msg, 1);
1946 return 0;
1947 }
1948
1949 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1950 {
1951 char buf[1024];
1952 int size;
1953
1954 vs->client_width = ds_get_width(vs->ds);
1955 vs->client_height = ds_get_height(vs->ds);
1956 vnc_write_u16(vs, vs->client_width);
1957 vnc_write_u16(vs, vs->client_height);
1958
1959 pixel_format_message(vs);
1960
1961 if (qemu_name)
1962 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1963 else
1964 size = snprintf(buf, sizeof(buf), "QEMU");
1965
1966 vnc_write_u32(vs, size);
1967 vnc_write(vs, buf, size);
1968 vnc_flush(vs);
1969
1970 vnc_client_cache_auth(vs);
1971 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
1972
1973 vnc_read_when(vs, protocol_client_msg, 1);
1974
1975 return 0;
1976 }
1977
1978 void start_client_init(VncState *vs)
1979 {
1980 vnc_read_when(vs, protocol_client_init, 1);
1981 }
1982
1983 static void make_challenge(VncState *vs)
1984 {
1985 int i;
1986
1987 srand(time(NULL)+getpid()+getpid()*987654+rand());
1988
1989 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1990 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1991 }
1992
1993 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1994 {
1995 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1996 int i, j, pwlen;
1997 unsigned char key[8];
1998
1999 if (!vs->vd->password || !vs->vd->password[0]) {
2000 VNC_DEBUG("No password configured on server");
2001 vnc_write_u32(vs, 1); /* Reject auth */
2002 if (vs->minor >= 8) {
2003 static const char err[] = "Authentication failed";
2004 vnc_write_u32(vs, sizeof(err));
2005 vnc_write(vs, err, sizeof(err));
2006 }
2007 vnc_flush(vs);
2008 vnc_client_error(vs);
2009 return 0;
2010 }
2011
2012 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2013
2014 /* Calculate the expected challenge response */
2015 pwlen = strlen(vs->vd->password);
2016 for (i=0; i<sizeof(key); i++)
2017 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2018 deskey(key, EN0);
2019 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2020 des(response+j, response+j);
2021
2022 /* Compare expected vs actual challenge response */
2023 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2024 VNC_DEBUG("Client challenge reponse did not match\n");
2025 vnc_write_u32(vs, 1); /* Reject auth */
2026 if (vs->minor >= 8) {
2027 static const char err[] = "Authentication failed";
2028 vnc_write_u32(vs, sizeof(err));
2029 vnc_write(vs, err, sizeof(err));
2030 }
2031 vnc_flush(vs);
2032 vnc_client_error(vs);
2033 } else {
2034 VNC_DEBUG("Accepting VNC challenge response\n");
2035 vnc_write_u32(vs, 0); /* Accept auth */
2036 vnc_flush(vs);
2037
2038 start_client_init(vs);
2039 }
2040 return 0;
2041 }
2042
2043 void start_auth_vnc(VncState *vs)
2044 {
2045 make_challenge(vs);
2046 /* Send client a 'random' challenge */
2047 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2048 vnc_flush(vs);
2049
2050 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2051 }
2052
2053
2054 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2055 {
2056 /* We only advertise 1 auth scheme at a time, so client
2057 * must pick the one we sent. Verify this */
2058 if (data[0] != vs->vd->auth) { /* Reject auth */
2059 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2060 vnc_write_u32(vs, 1);
2061 if (vs->minor >= 8) {
2062 static const char err[] = "Authentication failed";
2063 vnc_write_u32(vs, sizeof(err));
2064 vnc_write(vs, err, sizeof(err));
2065 }
2066 vnc_client_error(vs);
2067 } else { /* Accept requested auth */
2068 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2069 switch (vs->vd->auth) {
2070 case VNC_AUTH_NONE:
2071 VNC_DEBUG("Accept auth none\n");
2072 if (vs->minor >= 8) {
2073 vnc_write_u32(vs, 0); /* Accept auth completion */
2074 vnc_flush(vs);
2075 }
2076 start_client_init(vs);
2077 break;
2078
2079 case VNC_AUTH_VNC:
2080 VNC_DEBUG("Start VNC auth\n");
2081 start_auth_vnc(vs);
2082 break;
2083
2084 #ifdef CONFIG_VNC_TLS
2085 case VNC_AUTH_VENCRYPT:
2086 VNC_DEBUG("Accept VeNCrypt auth\n");;
2087 start_auth_vencrypt(vs);
2088 break;
2089 #endif /* CONFIG_VNC_TLS */
2090
2091 #ifdef CONFIG_VNC_SASL
2092 case VNC_AUTH_SASL:
2093 VNC_DEBUG("Accept SASL auth\n");
2094 start_auth_sasl(vs);
2095 break;
2096 #endif /* CONFIG_VNC_SASL */
2097
2098 default: /* Should not be possible, but just in case */
2099 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2100 vnc_write_u8(vs, 1);
2101 if (vs->minor >= 8) {
2102 static const char err[] = "Authentication failed";
2103 vnc_write_u32(vs, sizeof(err));
2104 vnc_write(vs, err, sizeof(err));
2105 }
2106 vnc_client_error(vs);
2107 }
2108 }
2109 return 0;
2110 }
2111
2112 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2113 {
2114 char local[13];
2115
2116 memcpy(local, version, 12);
2117 local[12] = 0;
2118
2119 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2120 VNC_DEBUG("Malformed protocol version %s\n", local);
2121 vnc_client_error(vs);
2122 return 0;
2123 }
2124 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2125 if (vs->major != 3 ||
2126 (vs->minor != 3 &&
2127 vs->minor != 4 &&
2128 vs->minor != 5 &&
2129 vs->minor != 7 &&
2130 vs->minor != 8)) {
2131 VNC_DEBUG("Unsupported client version\n");
2132 vnc_write_u32(vs, VNC_AUTH_INVALID);
2133 vnc_flush(vs);
2134 vnc_client_error(vs);
2135 return 0;
2136 }
2137 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2138 * as equivalent to v3.3 by servers
2139 */
2140 if (vs->minor == 4 || vs->minor == 5)
2141 vs->minor = 3;
2142
2143 if (vs->minor == 3) {
2144 if (vs->vd->auth == VNC_AUTH_NONE) {
2145 VNC_DEBUG("Tell client auth none\n");
2146 vnc_write_u32(vs, vs->vd->auth);
2147 vnc_flush(vs);
2148 start_client_init(vs);
2149 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2150 VNC_DEBUG("Tell client VNC auth\n");
2151 vnc_write_u32(vs, vs->vd->auth);
2152 vnc_flush(vs);
2153 start_auth_vnc(vs);
2154 } else {
2155 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2156 vnc_write_u32(vs, VNC_AUTH_INVALID);
2157 vnc_flush(vs);
2158 vnc_client_error(vs);
2159 }
2160 } else {
2161 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2162 vnc_write_u8(vs, 1); /* num auth */
2163 vnc_write_u8(vs, vs->vd->auth);
2164 vnc_read_when(vs, protocol_client_auth, 1);
2165 vnc_flush(vs);
2166 }
2167
2168 return 0;
2169 }
2170
2171 static int vnc_refresh_server_surface(VncDisplay *vd)
2172 {
2173 int y;
2174 uint8_t *guest_row;
2175 uint8_t *server_row;
2176 int cmp_bytes;
2177 uint32_t width_mask[VNC_DIRTY_WORDS];
2178 VncState *vs;
2179 int has_dirty = 0;
2180
2181 /*
2182 * Walk through the guest dirty map.
2183 * Check and copy modified bits from guest to server surface.
2184 * Update server dirty map.
2185 */
2186 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2187 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2188 guest_row = vd->guest.ds->data;
2189 server_row = vd->server->data;
2190 for (y = 0; y < vd->guest.ds->height; y++) {
2191 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2192 int x;
2193 uint8_t *guest_ptr;
2194 uint8_t *server_ptr;
2195
2196 guest_ptr = guest_row;
2197 server_ptr = server_row;
2198
2199 for (x = 0; x < vd->guest.ds->width;
2200 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2201 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2202 continue;
2203 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2204 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2205 continue;
2206 memcpy(server_ptr, guest_ptr, cmp_bytes);
2207 QTAILQ_FOREACH(vs, &vd->clients, next) {
2208 vnc_set_bit(vs->dirty[y], (x / 16));
2209 }
2210 has_dirty++;
2211 }
2212 }
2213 guest_row += ds_get_linesize(vd->ds);
2214 server_row += ds_get_linesize(vd->ds);
2215 }
2216 return has_dirty;
2217 }
2218
2219 static void vnc_refresh(void *opaque)
2220 {
2221 VncDisplay *vd = opaque;
2222 VncState *vs, *vn;
2223 int has_dirty, rects = 0;
2224
2225 vga_hw_update();
2226
2227 has_dirty = vnc_refresh_server_surface(vd);
2228
2229 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2230 rects += vnc_update_client(vs, has_dirty);
2231 /* vs might be free()ed here */
2232 }
2233 /* vd->timer could be NULL now if the last client disconnected,
2234 * in this case don't update the timer */
2235 if (vd->timer == NULL)
2236 return;
2237
2238 if (has_dirty && rects) {
2239 vd->timer_interval /= 2;
2240 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2241 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2242 } else {
2243 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2244 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2245 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2246 }
2247 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2248 }
2249
2250 static void vnc_init_timer(VncDisplay *vd)
2251 {
2252 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2253 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2254 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2255 vnc_refresh(vd);
2256 }
2257 }
2258
2259 static void vnc_remove_timer(VncDisplay *vd)
2260 {
2261 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2262 qemu_del_timer(vd->timer);
2263 qemu_free_timer(vd->timer);
2264 vd->timer = NULL;
2265 }
2266 }
2267
2268 static void vnc_connect(VncDisplay *vd, int csock)
2269 {
2270 VncState *vs = qemu_mallocz(sizeof(VncState));
2271 vs->csock = csock;
2272
2273 VNC_DEBUG("New client on socket %d\n", csock);
2274 dcl->idle = 0;
2275 socket_set_nonblock(vs->csock);
2276 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2277
2278 vnc_client_cache_addr(vs);
2279 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2280
2281 vs->vd = vd;
2282 vs->ds = vd->ds;
2283 vs->last_x = -1;
2284 vs->last_y = -1;
2285
2286 vs->as.freq = 44100;
2287 vs->as.nchannels = 2;
2288 vs->as.fmt = AUD_FMT_S16;
2289 vs->as.endianness = 0;
2290
2291 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2292
2293 vga_hw_update();
2294
2295 vnc_write(vs, "RFB 003.008\n", 12);
2296 vnc_flush(vs);
2297 vnc_read_when(vs, protocol_version, 12);
2298 reset_keys(vs);
2299 if (vs->vd->lock_key_sync)
2300 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2301
2302 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2303 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2304
2305 vnc_init_timer(vd);
2306
2307 /* vs might be free()ed here */
2308 }
2309
2310 static void vnc_listen_read(void *opaque)
2311 {
2312 VncDisplay *vs = opaque;
2313 struct sockaddr_in addr;
2314 socklen_t addrlen = sizeof(addr);
2315
2316 /* Catch-up */
2317 vga_hw_update();
2318
2319 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2320 if (csock != -1) {
2321 vnc_connect(vs, csock);
2322 }
2323 }
2324
2325 void vnc_display_init(DisplayState *ds)
2326 {
2327 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2328
2329 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2330
2331 ds->opaque = vs;
2332 dcl->idle = 1;
2333 vnc_display = vs;
2334
2335 vs->lsock = -1;
2336
2337 vs->ds = ds;
2338 QTAILQ_INIT(&vs->clients);
2339
2340 if (keyboard_layout)
2341 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2342 else
2343 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2344
2345 if (!vs->kbd_layout)
2346 exit(1);
2347
2348 dcl->dpy_copy = vnc_dpy_copy;
2349 dcl->dpy_update = vnc_dpy_update;
2350 dcl->dpy_resize = vnc_dpy_resize;
2351 dcl->dpy_setdata = vnc_dpy_setdata;
2352 register_displaychangelistener(ds, dcl);
2353 ds->mouse_set = vnc_mouse_set;
2354 ds->cursor_define = vnc_dpy_cursor_define;
2355 }
2356
2357
2358 void vnc_display_close(DisplayState *ds)
2359 {
2360 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2361
2362 if (!vs)
2363 return;
2364 if (vs->display) {
2365 qemu_free(vs->display);
2366 vs->display = NULL;
2367 }
2368 if (vs->lsock != -1) {
2369 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2370 close(vs->lsock);
2371 vs->lsock = -1;
2372 }
2373 vs->auth = VNC_AUTH_INVALID;
2374 #ifdef CONFIG_VNC_TLS
2375 vs->subauth = VNC_AUTH_INVALID;
2376 vs->tls.x509verify = 0;
2377 #endif
2378 }
2379
2380 int vnc_display_password(DisplayState *ds, const char *password)
2381 {
2382 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2383
2384 if (!vs) {
2385 return -1;
2386 }
2387
2388 if (vs->password) {
2389 qemu_free(vs->password);
2390 vs->password = NULL;
2391 }
2392 if (password && password[0]) {
2393 if (!(vs->password = qemu_strdup(password)))
2394 return -1;
2395 if (vs->auth == VNC_AUTH_NONE) {
2396 vs->auth = VNC_AUTH_VNC;
2397 }
2398 } else {
2399 vs->auth = VNC_AUTH_NONE;
2400 }
2401
2402 return 0;
2403 }
2404
2405 char *vnc_display_local_addr(DisplayState *ds)
2406 {
2407 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2408
2409 return vnc_socket_local_addr("%s:%s", vs->lsock);
2410 }
2411
2412 int vnc_display_open(DisplayState *ds, const char *display)
2413 {
2414 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2415 const char *options;
2416 int password = 0;
2417 int reverse = 0;
2418 #ifdef CONFIG_VNC_TLS
2419 int tls = 0, x509 = 0;
2420 #endif
2421 #ifdef CONFIG_VNC_SASL
2422 int sasl = 0;
2423 int saslErr;
2424 #endif
2425 int acl = 0;
2426 int lock_key_sync = 1;
2427
2428 if (!vnc_display)
2429 return -1;
2430 vnc_display_close(ds);
2431 if (strcmp(display, "none") == 0)
2432 return 0;
2433
2434 if (!(vs->display = strdup(display)))
2435 return -1;
2436
2437 options = display;
2438 while ((options = strchr(options, ','))) {
2439 options++;
2440 if (strncmp(options, "password", 8) == 0) {
2441 password = 1; /* Require password auth */
2442 } else if (strncmp(options, "reverse", 7) == 0) {
2443 reverse = 1;
2444 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2445 lock_key_sync = 0;
2446 #ifdef CONFIG_VNC_SASL
2447 } else if (strncmp(options, "sasl", 4) == 0) {
2448 sasl = 1; /* Require SASL auth */
2449 #endif
2450 #ifdef CONFIG_VNC_TLS
2451 } else if (strncmp(options, "tls", 3) == 0) {
2452 tls = 1; /* Require TLS */
2453 } else if (strncmp(options, "x509", 4) == 0) {
2454 char *start, *end;
2455 x509 = 1; /* Require x509 certificates */
2456 if (strncmp(options, "x509verify", 10) == 0)
2457 vs->tls.x509verify = 1; /* ...and verify client certs */
2458
2459 /* Now check for 'x509=/some/path' postfix
2460 * and use that to setup x509 certificate/key paths */
2461 start = strchr(options, '=');
2462 end = strchr(options, ',');
2463 if (start && (!end || (start < end))) {
2464 int len = end ? end-(start+1) : strlen(start+1);
2465 char *path = qemu_strndup(start + 1, len);
2466
2467 VNC_DEBUG("Trying certificate path '%s'\n", path);
2468 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2469 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2470 qemu_free(path);
2471 qemu_free(vs->display);
2472 vs->display = NULL;
2473 return -1;
2474 }
2475 qemu_free(path);
2476 } else {
2477 fprintf(stderr, "No certificate path provided\n");
2478 qemu_free(vs->display);
2479 vs->display = NULL;
2480 return -1;
2481 }
2482 #endif
2483 } else if (strncmp(options, "acl", 3) == 0) {
2484 acl = 1;
2485 }
2486 }
2487
2488 #ifdef CONFIG_VNC_TLS
2489 if (acl && x509 && vs->tls.x509verify) {
2490 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2491 fprintf(stderr, "Failed to create x509 dname ACL\n");
2492 exit(1);
2493 }
2494 }
2495 #endif
2496 #ifdef CONFIG_VNC_SASL
2497 if (acl && sasl) {
2498 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2499 fprintf(stderr, "Failed to create username ACL\n");
2500 exit(1);
2501 }
2502 }
2503 #endif
2504
2505 /*
2506 * Combinations we support here:
2507 *
2508 * - no-auth (clear text, no auth)
2509 * - password (clear text, weak auth)
2510 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2511 * - tls (encrypt, weak anonymous creds, no auth)
2512 * - tls + password (encrypt, weak anonymous creds, weak auth)
2513 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2514 * - tls + x509 (encrypt, good x509 creds, no auth)
2515 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2516 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2517 *
2518 * NB1. TLS is a stackable auth scheme.
2519 * NB2. the x509 schemes have option to validate a client cert dname
2520 */
2521 if (password) {
2522 #ifdef CONFIG_VNC_TLS
2523 if (tls) {
2524 vs->auth = VNC_AUTH_VENCRYPT;
2525 if (x509) {
2526 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2527 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2528 } else {
2529 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2530 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2531 }
2532 } else {
2533 #endif /* CONFIG_VNC_TLS */
2534 VNC_DEBUG("Initializing VNC server with password auth\n");
2535 vs->auth = VNC_AUTH_VNC;
2536 #ifdef CONFIG_VNC_TLS
2537 vs->subauth = VNC_AUTH_INVALID;
2538 }
2539 #endif /* CONFIG_VNC_TLS */
2540 #ifdef CONFIG_VNC_SASL
2541 } else if (sasl) {
2542 #ifdef CONFIG_VNC_TLS
2543 if (tls) {
2544 vs->auth = VNC_AUTH_VENCRYPT;
2545 if (x509) {
2546 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2547 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2548 } else {
2549 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2550 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2551 }
2552 } else {
2553 #endif /* CONFIG_VNC_TLS */
2554 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2555 vs->auth = VNC_AUTH_SASL;
2556 #ifdef CONFIG_VNC_TLS
2557 vs->subauth = VNC_AUTH_INVALID;
2558 }
2559 #endif /* CONFIG_VNC_TLS */
2560 #endif /* CONFIG_VNC_SASL */
2561 } else {
2562 #ifdef CONFIG_VNC_TLS
2563 if (tls) {
2564 vs->auth = VNC_AUTH_VENCRYPT;
2565 if (x509) {
2566 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2567 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2568 } else {
2569 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2570 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2571 }
2572 } else {
2573 #endif
2574 VNC_DEBUG("Initializing VNC server with no auth\n");
2575 vs->auth = VNC_AUTH_NONE;
2576 #ifdef CONFIG_VNC_TLS
2577 vs->subauth = VNC_AUTH_INVALID;
2578 }
2579 #endif
2580 }
2581
2582 #ifdef CONFIG_VNC_SASL
2583 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2584 fprintf(stderr, "Failed to initialize SASL auth %s",
2585 sasl_errstring(saslErr, NULL, NULL));
2586 free(vs->display);
2587 vs->display = NULL;
2588 return -1;
2589 }
2590 #endif
2591 vs->lock_key_sync = lock_key_sync;
2592
2593 if (reverse) {
2594 /* connect to viewer */
2595 if (strncmp(display, "unix:", 5) == 0)
2596 vs->lsock = unix_connect(display+5);
2597 else
2598 vs->lsock = inet_connect(display, SOCK_STREAM);
2599 if (-1 == vs->lsock) {
2600 free(vs->display);
2601 vs->display = NULL;
2602 return -1;
2603 } else {
2604 int csock = vs->lsock;
2605 vs->lsock = -1;
2606 vnc_connect(vs, csock);
2607 }
2608 return 0;
2609
2610 } else {
2611 /* listen for connects */
2612 char *dpy;
2613 dpy = qemu_malloc(256);
2614 if (strncmp(display, "unix:", 5) == 0) {
2615 pstrcpy(dpy, 256, "unix:");
2616 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2617 } else {
2618 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2619 }
2620 if (-1 == vs->lsock) {
2621 free(dpy);
2622 return -1;
2623 } else {
2624 free(vs->display);
2625 vs->display = dpy;
2626 }
2627 }
2628 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2629 }
CRIS target port of Qemu