search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add dependency of JSON unit tests on config-host.h
[qemu/kraxel.git] / vnc.c
blob046bd3849ce9190160cdb29f130d069f8aee097c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
32 #include "qemu-objects.h"
33
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
37
38 #include "vnc_keysym.h"
39 #include "d3des.h"
40
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
43 { \
44 c += v & 1; \
45 } \
46 }
47
48
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
51
52 static int vnc_cursor_define(VncState *vs);
53
54 static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
56 socklen_t salen) {
57 char *addr;
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
60 int err;
61 size_t addrlen;
62
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
64 host, sizeof(host),
65 serv, sizeof(serv),
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
69 return NULL;
70 }
71
72 /* Enough for the existing format + the 2 vars we're
73 * substituting in. */
74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
77 addr[addrlen] = '\0';
78
79 return addr;
80 }
81
82
83 char *vnc_socket_local_addr(const char *format, int fd) {
84 struct sockaddr_storage sa;
85 socklen_t salen;
86
87 salen = sizeof(sa);
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
89 return NULL;
90
91 return addr_to_string(format, &sa, salen);
92 }
93
94 char *vnc_socket_remote_addr(const char *format, int fd) {
95 struct sockaddr_storage sa;
96 socklen_t salen;
97
98 salen = sizeof(sa);
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
100 return NULL;
101
102 return addr_to_string(format, &sa, salen);
103 }
104
105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
106 socklen_t salen)
107 {
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
110 int err;
111
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
113 host, sizeof(host),
114 serv, sizeof(serv),
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
118 return -1;
119 }
120
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
124
125 return 0;
126 }
127
128 static int vnc_server_addr_put(QDict *qdict, int fd)
129 {
130 struct sockaddr_storage sa;
131 socklen_t salen;
132
133 salen = sizeof(sa);
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
135 return -1;
136 }
137
138 return put_addr_qdict(qdict, &sa, salen);
139 }
140
141 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
142 {
143 struct sockaddr_storage sa;
144 socklen_t salen;
145
146 salen = sizeof(sa);
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
148 return -1;
149 }
150
151 return put_addr_qdict(qdict, &sa, salen);
152 }
153
154 static const char *vnc_auth_name(VncDisplay *vd) {
155 switch (vd->auth) {
156 case VNC_AUTH_INVALID:
157 return "invalid";
158 case VNC_AUTH_NONE:
159 return "none";
160 case VNC_AUTH_VNC:
161 return "vnc";
162 case VNC_AUTH_RA2:
163 return "ra2";
164 case VNC_AUTH_RA2NE:
165 return "ra2ne";
166 case VNC_AUTH_TIGHT:
167 return "tight";
168 case VNC_AUTH_ULTRA:
169 return "ultra";
170 case VNC_AUTH_TLS:
171 return "tls";
172 case VNC_AUTH_VENCRYPT:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
193 default:
194 return "vencrypt";
195 }
196 #else
197 return "vencrypt";
198 #endif
199 case VNC_AUTH_SASL:
200 return "sasl";
201 }
202 return "unknown";
203 }
204
205 static int vnc_server_info_put(QDict *qdict)
206 {
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
208 return -1;
209 }
210
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
212 return 0;
213 }
214
215 static void vnc_client_cache_auth(VncState *client)
216 {
217 QDict *qdict;
218
219 if (!client->info) {
220 return;
221 }
222
223 qdict = qobject_to_qdict(client->info);
224
225 #ifdef CONFIG_VNC_TLS
226 if (client->tls.session &&
227 client->tls.dname) {
228 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
229 }
230 #endif
231 #ifdef CONFIG_VNC_SASL
232 if (client->sasl.conn &&
233 client->sasl.username) {
234 qdict_put(qdict, "sasl_username",
235 qstring_from_str(client->sasl.username));
236 }
237 #endif
238 }
239
240 static void vnc_client_cache_addr(VncState *client)
241 {
242 QDict *qdict;
243
244 qdict = qdict_new();
245 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246 QDECREF(qdict);
247 /* XXX: how to report the error? */
248 return;
249 }
250
251 client->info = QOBJECT(qdict);
252 }
253
254 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
255 {
256 QDict *server;
257 QObject *data;
258
259 if (!vs->info) {
260 return;
261 }
262
263 server = qdict_new();
264 if (vnc_server_info_put(server) < 0) {
265 QDECREF(server);
266 return;
267 }
268
269 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs->info, QOBJECT(server));
271
272 monitor_protocol_event(event, data);
273
274 qobject_incref(vs->info);
275 qobject_decref(data);
276 }
277
278 static void info_vnc_iter(QObject *obj, void *opaque)
279 {
280 QDict *client;
281 Monitor *mon = opaque;
282
283 client = qobject_to_qdict(obj);
284 monitor_printf(mon, "Client:\n");
285 monitor_printf(mon, " address: %s:%s\n",
286 qdict_get_str(client, "host"),
287 qdict_get_str(client, "service"));
288
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon, " x509_dname: %s\n",
291 qdict_haskey(client, "x509_dname") ?
292 qdict_get_str(client, "x509_dname") : "none");
293 #endif
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon, " username: %s\n",
296 qdict_haskey(client, "sasl_username") ?
297 qdict_get_str(client, "sasl_username") : "none");
298 #endif
299 }
300
301 void do_info_vnc_print(Monitor *mon, const QObject *data)
302 {
303 QDict *server;
304 QList *clients;
305
306 server = qobject_to_qdict(data);
307 if (qdict_get_bool(server, "enabled") == 0) {
308 monitor_printf(mon, "Server: disabled\n");
309 return;
310 }
311
312 monitor_printf(mon, "Server:\n");
313 monitor_printf(mon, " address: %s:%s\n",
314 qdict_get_str(server, "host"),
315 qdict_get_str(server, "service"));
316 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
317
318 clients = qdict_get_qlist(server, "clients");
319 if (qlist_empty(clients)) {
320 monitor_printf(mon, "Client: none\n");
321 } else {
322 qlist_iter(clients, info_vnc_iter, mon);
323 }
324 }
325
326 /**
327 * do_info_vnc(): Show VNC server information
328 *
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
331 *
332 * The main QDict contains the following:
333 *
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
340 *
341 * Clients are described by a QDict, with the following information:
342 *
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
348 *
349 * Example:
350 *
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
352 * "family": "ipv4",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
354 */
355 void do_info_vnc(Monitor *mon, QObject **ret_data)
356 {
357 if (vnc_display == NULL || vnc_display->display == NULL) {
358 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
359 } else {
360 QList *clist;
361 VncState *client;
362
363 clist = qlist_new();
364 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
365 if (client->info) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client->info);
368 qlist_append_obj(clist, client->info);
369 }
370 }
371
372 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
373 QOBJECT(clist));
374 assert(*ret_data != NULL);
375
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
377 qobject_decref(*ret_data);
378 *ret_data = NULL;
379 }
380 }
381 }
382
383 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
384 return (vs->features & (1 << feature));
385 }
386
387 /* TODO
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
392 */
393
394 static int vnc_update_client(VncState *vs, int has_dirty);
395 static void vnc_disconnect_start(VncState *vs);
396 static void vnc_disconnect_finish(VncState *vs);
397 static void vnc_init_timer(VncDisplay *vd);
398 static void vnc_remove_timer(VncDisplay *vd);
399
400 static void vnc_colordepth(VncState *vs);
401 static void framebuffer_update_request(VncState *vs, int incremental,
402 int x_position, int y_position,
403 int w, int h);
404 static void vnc_refresh(void *opaque);
405 static int vnc_refresh_server_surface(VncDisplay *vd);
406
407 static inline void vnc_set_bit(uint32_t *d, int k)
408 {
409 d[k >> 5] |= 1 << (k & 0x1f);
410 }
411
412 static inline void vnc_clear_bit(uint32_t *d, int k)
413 {
414 d[k >> 5] &= ~(1 << (k & 0x1f));
415 }
416
417 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
418 {
419 int j;
420
421 j = 0;
422 while (n >= 32) {
423 d[j++] = -1;
424 n -= 32;
425 }
426 if (n > 0)
427 d[j++] = (1 << n) - 1;
428 while (j < nb_words)
429 d[j++] = 0;
430 }
431
432 static inline int vnc_get_bit(const uint32_t *d, int k)
433 {
434 return (d[k >> 5] >> (k & 0x1f)) & 1;
435 }
436
437 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
438 int nb_words)
439 {
440 int i;
441 for(i = 0; i < nb_words; i++) {
442 if ((d1[i] & d2[i]) != 0)
443 return 1;
444 }
445 return 0;
446 }
447
448 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
449 {
450 int i;
451 VncDisplay *vd = ds->opaque;
452 struct VncSurface *s = &vd->guest;
453
454 h += y;
455
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
459 */
460 w += (x % 16);
461 x -= (x % 16);
462
463 x = MIN(x, s->ds->width);
464 y = MIN(y, s->ds->height);
465 w = MIN(x + w, s->ds->width) - x;
466 h = MIN(h, s->ds->height);
467
468 for (; y < h; y++)
469 for (i = 0; i < w; i += 16)
470 vnc_set_bit(s->dirty[y], (x + i) / 16);
471 }
472
473 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
474 int32_t encoding)
475 {
476 vnc_write_u16(vs, x);
477 vnc_write_u16(vs, y);
478 vnc_write_u16(vs, w);
479 vnc_write_u16(vs, h);
480
481 vnc_write_s32(vs, encoding);
482 }
483
484 void buffer_reserve(Buffer *buffer, size_t len)
485 {
486 if ((buffer->capacity - buffer->offset) < len) {
487 buffer->capacity += (len + 1024);
488 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
489 if (buffer->buffer == NULL) {
490 fprintf(stderr, "vnc: out of memory\n");
491 exit(1);
492 }
493 }
494 }
495
496 int buffer_empty(Buffer *buffer)
497 {
498 return buffer->offset == 0;
499 }
500
501 uint8_t *buffer_end(Buffer *buffer)
502 {
503 return buffer->buffer + buffer->offset;
504 }
505
506 void buffer_reset(Buffer *buffer)
507 {
508 buffer->offset = 0;
509 }
510
511 void buffer_free(Buffer *buffer)
512 {
513 qemu_free(buffer->buffer);
514 buffer->offset = 0;
515 buffer->capacity = 0;
516 buffer->buffer = NULL;
517 }
518
519 void buffer_append(Buffer *buffer, const void *data, size_t len)
520 {
521 memcpy(buffer->buffer + buffer->offset, data, len);
522 buffer->offset += len;
523 }
524
525 static void vnc_dpy_resize(DisplayState *ds)
526 {
527 int size_changed;
528 VncDisplay *vd = ds->opaque;
529 VncState *vs;
530
531 /* server surface */
532 if (!vd->server)
533 vd->server = qemu_mallocz(sizeof(*vd->server));
534 if (vd->server->data)
535 qemu_free(vd->server->data);
536 *(vd->server) = *(ds->surface);
537 vd->server->data = qemu_mallocz(vd->server->linesize *
538 vd->server->height);
539
540 /* guest surface */
541 if (!vd->guest.ds)
542 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
543 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
544 console_color_init(ds);
545 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
546 ds_get_height(ds) != vd->guest.ds->height;
547 *(vd->guest.ds) = *(ds->surface);
548 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
549
550 QTAILQ_FOREACH(vs, &vd->clients, next) {
551 vnc_colordepth(vs);
552 if (size_changed) {
553 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
554 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
555 vnc_write_u8(vs, 0);
556 vnc_write_u16(vs, 1); /* number of rects */
557 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
558 VNC_ENCODING_DESKTOPRESIZE);
559 vnc_flush(vs);
560 }
561 }
562 if (vs->vd->cursor) {
563 vnc_cursor_define(vs);
564 }
565 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
566 }
567 }
568
569 /* fastest code */
570 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
571 void *pixels, int size)
572 {
573 vnc_write(vs, pixels, size);
574 }
575
576 /* slowest but generic code. */
577 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
578 {
579 uint8_t r, g, b;
580 VncDisplay *vd = vs->vd;
581
582 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
583 vd->server->pf.rbits);
584 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
585 vd->server->pf.gbits);
586 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
587 vd->server->pf.bbits);
588 v = (r << vs->clientds.pf.rshift) |
589 (g << vs->clientds.pf.gshift) |
590 (b << vs->clientds.pf.bshift);
591 switch(vs->clientds.pf.bytes_per_pixel) {
592 case 1:
593 buf[0] = v;
594 break;
595 case 2:
596 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
597 buf[0] = v >> 8;
598 buf[1] = v;
599 } else {
600 buf[1] = v >> 8;
601 buf[0] = v;
602 }
603 break;
604 default:
605 case 4:
606 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
607 buf[0] = v >> 24;
608 buf[1] = v >> 16;
609 buf[2] = v >> 8;
610 buf[3] = v;
611 } else {
612 buf[3] = v >> 24;
613 buf[2] = v >> 16;
614 buf[1] = v >> 8;
615 buf[0] = v;
616 }
617 break;
618 }
619 }
620
621 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
622 void *pixels1, int size)
623 {
624 uint8_t buf[4];
625
626 if (pf->bytes_per_pixel == 4) {
627 uint32_t *pixels = pixels1;
628 int n, i;
629 n = size >> 2;
630 for(i = 0; i < n; i++) {
631 vnc_convert_pixel(vs, buf, pixels[i]);
632 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
633 }
634 } else if (pf->bytes_per_pixel == 2) {
635 uint16_t *pixels = pixels1;
636 int n, i;
637 n = size >> 1;
638 for(i = 0; i < n; i++) {
639 vnc_convert_pixel(vs, buf, pixels[i]);
640 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
641 }
642 } else if (pf->bytes_per_pixel == 1) {
643 uint8_t *pixels = pixels1;
644 int n, i;
645 n = size;
646 for(i = 0; i < n; i++) {
647 vnc_convert_pixel(vs, buf, pixels[i]);
648 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
649 }
650 } else {
651 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
652 }
653 }
654
655 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
656 {
657 int i;
658 uint8_t *row;
659 VncDisplay *vd = vs->vd;
660
661 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
662 for (i = 0; i < h; i++) {
663 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
664 row += ds_get_linesize(vs->ds);
665 }
666 return 1;
667 }
668
669 static int send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
670 {
671 int n = 0;
672
673 switch(vs->vnc_encoding) {
674 case VNC_ENCODING_ZLIB:
675 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
676 break;
677 case VNC_ENCODING_HEXTILE:
678 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
679 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
680 break;
681 case VNC_ENCODING_TIGHT:
682 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
683 break;
684 default:
685 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
686 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
687 break;
688 }
689 return n;
690 }
691
692 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
693 {
694 /* send bitblit op to the vnc client */
695 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
696 vnc_write_u8(vs, 0);
697 vnc_write_u16(vs, 1); /* number of rects */
698 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
699 vnc_write_u16(vs, src_x);
700 vnc_write_u16(vs, src_y);
701 vnc_flush(vs);
702 }
703
704 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
705 {
706 VncDisplay *vd = ds->opaque;
707 VncState *vs, *vn;
708 uint8_t *src_row;
709 uint8_t *dst_row;
710 int i,x,y,pitch,depth,inc,w_lim,s;
711 int cmp_bytes;
712
713 vnc_refresh_server_surface(vd);
714 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
715 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
716 vs->force_update = 1;
717 vnc_update_client(vs, 1);
718 /* vs might be free()ed here */
719 }
720 }
721
722 /* do bitblit op on the local surface too */
723 pitch = ds_get_linesize(vd->ds);
724 depth = ds_get_bytes_per_pixel(vd->ds);
725 src_row = vd->server->data + pitch * src_y + depth * src_x;
726 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
727 y = dst_y;
728 inc = 1;
729 if (dst_y > src_y) {
730 /* copy backwards */
731 src_row += pitch * (h-1);
732 dst_row += pitch * (h-1);
733 pitch = -pitch;
734 y = dst_y + h - 1;
735 inc = -1;
736 }
737 w_lim = w - (16 - (dst_x % 16));
738 if (w_lim < 0)
739 w_lim = w;
740 else
741 w_lim = w - (w_lim % 16);
742 for (i = 0; i < h; i++) {
743 for (x = 0; x <= w_lim;
744 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
745 if (x == w_lim) {
746 if ((s = w - w_lim) == 0)
747 break;
748 } else if (!x) {
749 s = (16 - (dst_x % 16));
750 s = MIN(s, w_lim);
751 } else {
752 s = 16;
753 }
754 cmp_bytes = s * depth;
755 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
756 continue;
757 memmove(dst_row, src_row, cmp_bytes);
758 QTAILQ_FOREACH(vs, &vd->clients, next) {
759 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
760 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
761 }
762 }
763 }
764 src_row += pitch - w * depth;
765 dst_row += pitch - w * depth;
766 y += inc;
767 }
768
769 QTAILQ_FOREACH(vs, &vd->clients, next) {
770 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
771 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
772 }
773 }
774 }
775
776 static void vnc_mouse_set(int x, int y, int visible)
777 {
778 /* can we ask the client(s) to move the pointer ??? */
779 }
780
781 static int vnc_cursor_define(VncState *vs)
782 {
783 QEMUCursor *c = vs->vd->cursor;
784 PixelFormat pf = qemu_default_pixelformat(32);
785 int isize;
786
787 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
788 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
789 vnc_write_u8(vs, 0); /* padding */
790 vnc_write_u16(vs, 1); /* # of rects */
791 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
792 VNC_ENCODING_RICH_CURSOR);
793 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
794 vnc_write_pixels_generic(vs, &pf, c->data, isize);
795 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
796 return 0;
797 }
798 return -1;
799 }
800
801 static void vnc_dpy_cursor_define(QEMUCursor *c)
802 {
803 VncDisplay *vd = vnc_display;
804 VncState *vs;
805
806 cursor_put(vd->cursor);
807 qemu_free(vd->cursor_mask);
808
809 vd->cursor = c;
810 cursor_get(vd->cursor);
811 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
812 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
813 cursor_get_mono_mask(c, 0, vd->cursor_mask);
814
815 QTAILQ_FOREACH(vs, &vd->clients, next) {
816 vnc_cursor_define(vs);
817 }
818 }
819
820 static int find_and_clear_dirty_height(struct VncState *vs,
821 int y, int last_x, int x)
822 {
823 int h;
824 VncDisplay *vd = vs->vd;
825
826 for (h = 1; h < (vd->server->height - y); h++) {
827 int tmp_x;
828 if (!vnc_get_bit(vs->dirty[y + h], last_x))
829 break;
830 for (tmp_x = last_x; tmp_x < x; tmp_x++)
831 vnc_clear_bit(vs->dirty[y + h], tmp_x);
832 }
833
834 return h;
835 }
836
837 static int vnc_update_client(VncState *vs, int has_dirty)
838 {
839 if (vs->need_update && vs->csock != -1) {
840 VncDisplay *vd = vs->vd;
841 int y;
842 int n_rectangles;
843 int saved_offset;
844 int n;
845
846 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
847 /* kernel send buffers are full -> drop frames to throttle */
848 return 0;
849
850 if (!has_dirty && !vs->audio_cap && !vs->force_update)
851 return 0;
852
853 /*
854 * Send screen updates to the vnc client using the server
855 * surface and server dirty map. guest surface updates
856 * happening in parallel don't disturb us, the next pass will
857 * send them to the client.
858 */
859 n_rectangles = 0;
860 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
861 vnc_write_u8(vs, 0);
862 saved_offset = vs->output.offset;
863 vnc_write_u16(vs, 0);
864
865 for (y = 0; y < vd->server->height; y++) {
866 int x;
867 int last_x = -1;
868 for (x = 0; x < vd->server->width / 16; x++) {
869 if (vnc_get_bit(vs->dirty[y], x)) {
870 if (last_x == -1) {
871 last_x = x;
872 }
873 vnc_clear_bit(vs->dirty[y], x);
874 } else {
875 if (last_x != -1) {
876 int h = find_and_clear_dirty_height(vs, y, last_x, x);
877 n = send_framebuffer_update(vs, last_x * 16, y,
878 (x - last_x) * 16, h);
879 n_rectangles += n;
880 }
881 last_x = -1;
882 }
883 }
884 if (last_x != -1) {
885 int h = find_and_clear_dirty_height(vs, y, last_x, x);
886 n = send_framebuffer_update(vs, last_x * 16, y,
887 (x - last_x) * 16, h);
888 n_rectangles += n;
889 }
890 }
891 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
892 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
893 vnc_flush(vs);
894 vs->force_update = 0;
895 return n_rectangles;
896 }
897
898 if (vs->csock == -1)
899 vnc_disconnect_finish(vs);
900
901 return 0;
902 }
903
904 /* audio */
905 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
906 {
907 VncState *vs = opaque;
908
909 switch (cmd) {
910 case AUD_CNOTIFY_DISABLE:
911 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
912 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
913 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
914 vnc_flush(vs);
915 break;
916
917 case AUD_CNOTIFY_ENABLE:
918 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
919 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
920 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
921 vnc_flush(vs);
922 break;
923 }
924 }
925
926 static void audio_capture_destroy(void *opaque)
927 {
928 }
929
930 static void audio_capture(void *opaque, void *buf, int size)
931 {
932 VncState *vs = opaque;
933
934 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
935 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
936 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
937 vnc_write_u32(vs, size);
938 vnc_write(vs, buf, size);
939 vnc_flush(vs);
940 }
941
942 static void audio_add(VncState *vs)
943 {
944 struct audio_capture_ops ops;
945
946 if (vs->audio_cap) {
947 monitor_printf(default_mon, "audio already running\n");
948 return;
949 }
950
951 ops.notify = audio_capture_notify;
952 ops.destroy = audio_capture_destroy;
953 ops.capture = audio_capture;
954
955 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
956 if (!vs->audio_cap) {
957 monitor_printf(default_mon, "Failed to add audio capture\n");
958 }
959 }
960
961 static void audio_del(VncState *vs)
962 {
963 if (vs->audio_cap) {
964 AUD_del_capture(vs->audio_cap, vs);
965 vs->audio_cap = NULL;
966 }
967 }
968
969 static void vnc_disconnect_start(VncState *vs)
970 {
971 if (vs->csock == -1)
972 return;
973 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
974 closesocket(vs->csock);
975 vs->csock = -1;
976 }
977
978 static void vnc_disconnect_finish(VncState *vs)
979 {
980 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
981
982 buffer_free(&vs->input);
983 buffer_free(&vs->output);
984
985 qobject_decref(vs->info);
986
987 vnc_zlib_clear(vs);
988 vnc_tight_clear(vs);
989
990 #ifdef CONFIG_VNC_TLS
991 vnc_tls_client_cleanup(vs);
992 #endif /* CONFIG_VNC_TLS */
993 #ifdef CONFIG_VNC_SASL
994 vnc_sasl_client_cleanup(vs);
995 #endif /* CONFIG_VNC_SASL */
996 audio_del(vs);
997
998 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
999
1000 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1001 dcl->idle = 1;
1002 }
1003
1004 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1005 vnc_remove_timer(vs->vd);
1006 if (vs->vd->lock_key_sync)
1007 qemu_remove_led_event_handler(vs->led);
1008 qemu_free(vs);
1009 }
1010
1011 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1012 {
1013 if (ret == 0 || ret == -1) {
1014 if (ret == -1) {
1015 switch (last_errno) {
1016 case EINTR:
1017 case EAGAIN:
1018 #ifdef _WIN32
1019 case WSAEWOULDBLOCK:
1020 #endif
1021 return 0;
1022 default:
1023 break;
1024 }
1025 }
1026
1027 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1028 ret, ret < 0 ? last_errno : 0);
1029 vnc_disconnect_start(vs);
1030
1031 return 0;
1032 }
1033 return ret;
1034 }
1035
1036
1037 void vnc_client_error(VncState *vs)
1038 {
1039 VNC_DEBUG("Closing down client sock: protocol error\n");
1040 vnc_disconnect_start(vs);
1041 }
1042
1043
1044 /*
1045 * Called to write a chunk of data to the client socket. The data may
1046 * be the raw data, or may have already been encoded by SASL.
1047 * The data will be written either straight onto the socket, or
1048 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1049 *
1050 * NB, it is theoretically possible to have 2 layers of encryption,
1051 * both SASL, and this TLS layer. It is highly unlikely in practice
1052 * though, since SASL encryption will typically be a no-op if TLS
1053 * is active
1054 *
1055 * Returns the number of bytes written, which may be less than
1056 * the requested 'datalen' if the socket would block. Returns
1057 * -1 on error, and disconnects the client socket.
1058 */
1059 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1060 {
1061 long ret;
1062 #ifdef CONFIG_VNC_TLS
1063 if (vs->tls.session) {
1064 ret = gnutls_write(vs->tls.session, data, datalen);
1065 if (ret < 0) {
1066 if (ret == GNUTLS_E_AGAIN)
1067 errno = EAGAIN;
1068 else
1069 errno = EIO;
1070 ret = -1;
1071 }
1072 } else
1073 #endif /* CONFIG_VNC_TLS */
1074 ret = send(vs->csock, (const void *)data, datalen, 0);
1075 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1076 return vnc_client_io_error(vs, ret, socket_error());
1077 }
1078
1079
1080 /*
1081 * Called to write buffered data to the client socket, when not
1082 * using any SASL SSF encryption layers. Will write as much data
1083 * as possible without blocking. If all buffered data is written,
1084 * will switch the FD poll() handler back to read monitoring.
1085 *
1086 * Returns the number of bytes written, which may be less than
1087 * the buffered output data if the socket would block. Returns
1088 * -1 on error, and disconnects the client socket.
1089 */
1090 static long vnc_client_write_plain(VncState *vs)
1091 {
1092 long ret;
1093
1094 #ifdef CONFIG_VNC_SASL
1095 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1096 vs->output.buffer, vs->output.capacity, vs->output.offset,
1097 vs->sasl.waitWriteSSF);
1098
1099 if (vs->sasl.conn &&
1100 vs->sasl.runSSF &&
1101 vs->sasl.waitWriteSSF) {
1102 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1103 if (ret)
1104 vs->sasl.waitWriteSSF -= ret;
1105 } else
1106 #endif /* CONFIG_VNC_SASL */
1107 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1108 if (!ret)
1109 return 0;
1110
1111 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1112 vs->output.offset -= ret;
1113
1114 if (vs->output.offset == 0) {
1115 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1116 }
1117
1118 return ret;
1119 }
1120
1121
1122 /*
1123 * First function called whenever there is data to be written to
1124 * the client socket. Will delegate actual work according to whether
1125 * SASL SSF layers are enabled (thus requiring encryption calls)
1126 */
1127 void vnc_client_write(void *opaque)
1128 {
1129 VncState *vs = opaque;
1130
1131 #ifdef CONFIG_VNC_SASL
1132 if (vs->sasl.conn &&
1133 vs->sasl.runSSF &&
1134 !vs->sasl.waitWriteSSF) {
1135 vnc_client_write_sasl(vs);
1136 } else
1137 #endif /* CONFIG_VNC_SASL */
1138 vnc_client_write_plain(vs);
1139 }
1140
1141 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1142 {
1143 vs->read_handler = func;
1144 vs->read_handler_expect = expecting;
1145 }
1146
1147
1148 /*
1149 * Called to read a chunk of data from the client socket. The data may
1150 * be the raw data, or may need to be further decoded by SASL.
1151 * The data will be read either straight from to the socket, or
1152 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1153 *
1154 * NB, it is theoretically possible to have 2 layers of encryption,
1155 * both SASL, and this TLS layer. It is highly unlikely in practice
1156 * though, since SASL encryption will typically be a no-op if TLS
1157 * is active
1158 *
1159 * Returns the number of bytes read, which may be less than
1160 * the requested 'datalen' if the socket would block. Returns
1161 * -1 on error, and disconnects the client socket.
1162 */
1163 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1164 {
1165 long ret;
1166 #ifdef CONFIG_VNC_TLS
1167 if (vs->tls.session) {
1168 ret = gnutls_read(vs->tls.session, data, datalen);
1169 if (ret < 0) {
1170 if (ret == GNUTLS_E_AGAIN)
1171 errno = EAGAIN;
1172 else
1173 errno = EIO;
1174 ret = -1;
1175 }
1176 } else
1177 #endif /* CONFIG_VNC_TLS */
1178 ret = recv(vs->csock, (void *)data, datalen, 0);
1179 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1180 return vnc_client_io_error(vs, ret, socket_error());
1181 }
1182
1183
1184 /*
1185 * Called to read data from the client socket to the input buffer,
1186 * when not using any SASL SSF encryption layers. Will read as much
1187 * data as possible without blocking.
1188 *
1189 * Returns the number of bytes read. Returns -1 on error, and
1190 * disconnects the client socket.
1191 */
1192 static long vnc_client_read_plain(VncState *vs)
1193 {
1194 int ret;
1195 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1196 vs->input.buffer, vs->input.capacity, vs->input.offset);
1197 buffer_reserve(&vs->input, 4096);
1198 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1199 if (!ret)
1200 return 0;
1201 vs->input.offset += ret;
1202 return ret;
1203 }
1204
1205
1206 /*
1207 * First function called whenever there is more data to be read from
1208 * the client socket. Will delegate actual work according to whether
1209 * SASL SSF layers are enabled (thus requiring decryption calls)
1210 */
1211 void vnc_client_read(void *opaque)
1212 {
1213 VncState *vs = opaque;
1214 long ret;
1215
1216 #ifdef CONFIG_VNC_SASL
1217 if (vs->sasl.conn && vs->sasl.runSSF)
1218 ret = vnc_client_read_sasl(vs);
1219 else
1220 #endif /* CONFIG_VNC_SASL */
1221 ret = vnc_client_read_plain(vs);
1222 if (!ret) {
1223 if (vs->csock == -1)
1224 vnc_disconnect_finish(vs);
1225 return;
1226 }
1227
1228 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1229 size_t len = vs->read_handler_expect;
1230 int ret;
1231
1232 ret = vs->read_handler(vs, vs->input.buffer, len);
1233 if (vs->csock == -1) {
1234 vnc_disconnect_finish(vs);
1235 return;
1236 }
1237
1238 if (!ret) {
1239 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1240 vs->input.offset -= len;
1241 } else {
1242 vs->read_handler_expect = ret;
1243 }
1244 }
1245 }
1246
1247 void vnc_write(VncState *vs, const void *data, size_t len)
1248 {
1249 buffer_reserve(&vs->output, len);
1250
1251 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1252 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1253 }
1254
1255 buffer_append(&vs->output, data, len);
1256 }
1257
1258 void vnc_write_s32(VncState *vs, int32_t value)
1259 {
1260 vnc_write_u32(vs, *(uint32_t *)&value);
1261 }
1262
1263 void vnc_write_u32(VncState *vs, uint32_t value)
1264 {
1265 uint8_t buf[4];
1266
1267 buf[0] = (value >> 24) & 0xFF;
1268 buf[1] = (value >> 16) & 0xFF;
1269 buf[2] = (value >> 8) & 0xFF;
1270 buf[3] = value & 0xFF;
1271
1272 vnc_write(vs, buf, 4);
1273 }
1274
1275 void vnc_write_u16(VncState *vs, uint16_t value)
1276 {
1277 uint8_t buf[2];
1278
1279 buf[0] = (value >> 8) & 0xFF;
1280 buf[1] = value & 0xFF;
1281
1282 vnc_write(vs, buf, 2);
1283 }
1284
1285 void vnc_write_u8(VncState *vs, uint8_t value)
1286 {
1287 vnc_write(vs, (char *)&value, 1);
1288 }
1289
1290 void vnc_flush(VncState *vs)
1291 {
1292 if (vs->csock != -1 && vs->output.offset)
1293 vnc_client_write(vs);
1294 }
1295
1296 uint8_t read_u8(uint8_t *data, size_t offset)
1297 {
1298 return data[offset];
1299 }
1300
1301 uint16_t read_u16(uint8_t *data, size_t offset)
1302 {
1303 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1304 }
1305
1306 int32_t read_s32(uint8_t *data, size_t offset)
1307 {
1308 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1309 (data[offset + 2] << 8) | data[offset + 3]);
1310 }
1311
1312 uint32_t read_u32(uint8_t *data, size_t offset)
1313 {
1314 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1315 (data[offset + 2] << 8) | data[offset + 3]);
1316 }
1317
1318 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1319 {
1320 }
1321
1322 static void check_pointer_type_change(Notifier *notifier)
1323 {
1324 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1325 int absolute = kbd_mouse_is_absolute();
1326
1327 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1328 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1329 vnc_write_u8(vs, 0);
1330 vnc_write_u16(vs, 1);
1331 vnc_framebuffer_update(vs, absolute, 0,
1332 ds_get_width(vs->ds), ds_get_height(vs->ds),
1333 VNC_ENCODING_POINTER_TYPE_CHANGE);
1334 vnc_flush(vs);
1335 }
1336 vs->absolute = absolute;
1337 }
1338
1339 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1340 {
1341 int buttons = 0;
1342 int dz = 0;
1343
1344 if (button_mask & 0x01)
1345 buttons |= MOUSE_EVENT_LBUTTON;
1346 if (button_mask & 0x02)
1347 buttons |= MOUSE_EVENT_MBUTTON;
1348 if (button_mask & 0x04)
1349 buttons |= MOUSE_EVENT_RBUTTON;
1350 if (button_mask & 0x08)
1351 dz = -1;
1352 if (button_mask & 0x10)
1353 dz = 1;
1354
1355 if (vs->absolute) {
1356 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1357 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1358 ds_get_height(vs->ds) > 1 ?
1359 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1360 dz, buttons);
1361 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1362 x -= 0x7FFF;
1363 y -= 0x7FFF;
1364
1365 kbd_mouse_event(x, y, dz, buttons);
1366 } else {
1367 if (vs->last_x != -1)
1368 kbd_mouse_event(x - vs->last_x,
1369 y - vs->last_y,
1370 dz, buttons);
1371 vs->last_x = x;
1372 vs->last_y = y;
1373 }
1374 }
1375
1376 static void reset_keys(VncState *vs)
1377 {
1378 int i;
1379 for(i = 0; i < 256; i++) {
1380 if (vs->modifiers_state[i]) {
1381 if (i & SCANCODE_GREY)
1382 kbd_put_keycode(SCANCODE_EMUL0);
1383 kbd_put_keycode(i | SCANCODE_UP);
1384 vs->modifiers_state[i] = 0;
1385 }
1386 }
1387 }
1388
1389 static void press_key(VncState *vs, int keysym)
1390 {
1391 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1392 if (keycode & SCANCODE_GREY)
1393 kbd_put_keycode(SCANCODE_EMUL0);
1394 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1395 if (keycode & SCANCODE_GREY)
1396 kbd_put_keycode(SCANCODE_EMUL0);
1397 kbd_put_keycode(keycode | SCANCODE_UP);
1398 }
1399
1400 static void kbd_leds(void *opaque, int ledstate)
1401 {
1402 VncState *vs = opaque;
1403 int caps, num;
1404
1405 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1406 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1407
1408 if (vs->modifiers_state[0x3a] != caps) {
1409 vs->modifiers_state[0x3a] = caps;
1410 }
1411 if (vs->modifiers_state[0x45] != num) {
1412 vs->modifiers_state[0x45] = num;
1413 }
1414 }
1415
1416 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1417 {
1418 /* QEMU console switch */
1419 switch(keycode) {
1420 case 0x2a: /* Left Shift */
1421 case 0x36: /* Right Shift */
1422 case 0x1d: /* Left CTRL */
1423 case 0x9d: /* Right CTRL */
1424 case 0x38: /* Left ALT */
1425 case 0xb8: /* Right ALT */
1426 if (down)
1427 vs->modifiers_state[keycode] = 1;
1428 else
1429 vs->modifiers_state[keycode] = 0;
1430 break;
1431 case 0x02 ... 0x0a: /* '1' to '9' keys */
1432 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1433 /* Reset the modifiers sent to the current console */
1434 reset_keys(vs);
1435 console_select(keycode - 0x02);
1436 return;
1437 }
1438 break;
1439 case 0x3a: /* CapsLock */
1440 case 0x45: /* NumLock */
1441 if (down)
1442 vs->modifiers_state[keycode] ^= 1;
1443 break;
1444 }
1445
1446 if (vs->vd->lock_key_sync &&
1447 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1448 /* If the numlock state needs to change then simulate an additional
1449 keypress before sending this one. This will happen if the user
1450 toggles numlock away from the VNC window.
1451 */
1452 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1453 if (!vs->modifiers_state[0x45]) {
1454 vs->modifiers_state[0x45] = 1;
1455 press_key(vs, 0xff7f);
1456 }
1457 } else {
1458 if (vs->modifiers_state[0x45]) {
1459 vs->modifiers_state[0x45] = 0;
1460 press_key(vs, 0xff7f);
1461 }
1462 }
1463 }
1464
1465 if (vs->vd->lock_key_sync &&
1466 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1467 /* If the capslock state needs to change then simulate an additional
1468 keypress before sending this one. This will happen if the user
1469 toggles capslock away from the VNC window.
1470 */
1471 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1472 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1473 int capslock = !!(vs->modifiers_state[0x3a]);
1474 if (capslock) {
1475 if (uppercase == shift) {
1476 vs->modifiers_state[0x3a] = 0;
1477 press_key(vs, 0xffe5);
1478 }
1479 } else {
1480 if (uppercase != shift) {
1481 vs->modifiers_state[0x3a] = 1;
1482 press_key(vs, 0xffe5);
1483 }
1484 }
1485 }
1486
1487 if (is_graphic_console()) {
1488 if (keycode & SCANCODE_GREY)
1489 kbd_put_keycode(SCANCODE_EMUL0);
1490 if (down)
1491 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1492 else
1493 kbd_put_keycode(keycode | SCANCODE_UP);
1494 } else {
1495 /* QEMU console emulation */
1496 if (down) {
1497 int numlock = vs->modifiers_state[0x45];
1498 switch (keycode) {
1499 case 0x2a: /* Left Shift */
1500 case 0x36: /* Right Shift */
1501 case 0x1d: /* Left CTRL */
1502 case 0x9d: /* Right CTRL */
1503 case 0x38: /* Left ALT */
1504 case 0xb8: /* Right ALT */
1505 break;
1506 case 0xc8:
1507 kbd_put_keysym(QEMU_KEY_UP);
1508 break;
1509 case 0xd0:
1510 kbd_put_keysym(QEMU_KEY_DOWN);
1511 break;
1512 case 0xcb:
1513 kbd_put_keysym(QEMU_KEY_LEFT);
1514 break;
1515 case 0xcd:
1516 kbd_put_keysym(QEMU_KEY_RIGHT);
1517 break;
1518 case 0xd3:
1519 kbd_put_keysym(QEMU_KEY_DELETE);
1520 break;
1521 case 0xc7:
1522 kbd_put_keysym(QEMU_KEY_HOME);
1523 break;
1524 case 0xcf:
1525 kbd_put_keysym(QEMU_KEY_END);
1526 break;
1527 case 0xc9:
1528 kbd_put_keysym(QEMU_KEY_PAGEUP);
1529 break;
1530 case 0xd1:
1531 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1532 break;
1533
1534 case 0x47:
1535 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1536 break;
1537 case 0x48:
1538 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1539 break;
1540 case 0x49:
1541 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1542 break;
1543 case 0x4b:
1544 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1545 break;
1546 case 0x4c:
1547 kbd_put_keysym('5');
1548 break;
1549 case 0x4d:
1550 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1551 break;
1552 case 0x4f:
1553 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1554 break;
1555 case 0x50:
1556 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1557 break;
1558 case 0x51:
1559 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1560 break;
1561 case 0x52:
1562 kbd_put_keysym('0');
1563 break;
1564 case 0x53:
1565 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1566 break;
1567
1568 case 0xb5:
1569 kbd_put_keysym('/');
1570 break;
1571 case 0x37:
1572 kbd_put_keysym('*');
1573 break;
1574 case 0x4a:
1575 kbd_put_keysym('-');
1576 break;
1577 case 0x4e:
1578 kbd_put_keysym('+');
1579 break;
1580 case 0x9c:
1581 kbd_put_keysym('\n');
1582 break;
1583
1584 default:
1585 kbd_put_keysym(sym);
1586 break;
1587 }
1588 }
1589 }
1590 }
1591
1592 static void key_event(VncState *vs, int down, uint32_t sym)
1593 {
1594 int keycode;
1595 int lsym = sym;
1596
1597 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1598 lsym = lsym - 'A' + 'a';
1599 }
1600
1601 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1602 do_key_event(vs, down, keycode, sym);
1603 }
1604
1605 static void ext_key_event(VncState *vs, int down,
1606 uint32_t sym, uint16_t keycode)
1607 {
1608 /* if the user specifies a keyboard layout, always use it */
1609 if (keyboard_layout)
1610 key_event(vs, down, sym);
1611 else
1612 do_key_event(vs, down, keycode, sym);
1613 }
1614
1615 static void framebuffer_update_request(VncState *vs, int incremental,
1616 int x_position, int y_position,
1617 int w, int h)
1618 {
1619 if (y_position > ds_get_height(vs->ds))
1620 y_position = ds_get_height(vs->ds);
1621 if (y_position + h >= ds_get_height(vs->ds))
1622 h = ds_get_height(vs->ds) - y_position;
1623
1624 int i;
1625 vs->need_update = 1;
1626 if (!incremental) {
1627 vs->force_update = 1;
1628 for (i = 0; i < h; i++) {
1629 vnc_set_bits(vs->dirty[y_position + i],
1630 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1631 }
1632 }
1633 }
1634
1635 static void send_ext_key_event_ack(VncState *vs)
1636 {
1637 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1638 vnc_write_u8(vs, 0);
1639 vnc_write_u16(vs, 1);
1640 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1641 VNC_ENCODING_EXT_KEY_EVENT);
1642 vnc_flush(vs);
1643 }
1644
1645 static void send_ext_audio_ack(VncState *vs)
1646 {
1647 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1648 vnc_write_u8(vs, 0);
1649 vnc_write_u16(vs, 1);
1650 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1651 VNC_ENCODING_AUDIO);
1652 vnc_flush(vs);
1653 }
1654
1655 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1656 {
1657 int i;
1658 unsigned int enc = 0;
1659
1660 vs->features = 0;
1661 vs->vnc_encoding = 0;
1662 vs->tight_compression = 9;
1663 vs->tight_quality = 9;
1664 vs->absolute = -1;
1665
1666 /*
1667 * Start from the end because the encodings are sent in order of preference.
1668 * This way the prefered encoding (first encoding defined in the array)
1669 * will be set at the end of the loop.
1670 */
1671 for (i = n_encodings - 1; i >= 0; i--) {
1672 enc = encodings[i];
1673 switch (enc) {
1674 case VNC_ENCODING_RAW:
1675 vs->vnc_encoding = enc;
1676 break;
1677 case VNC_ENCODING_COPYRECT:
1678 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1679 break;
1680 case VNC_ENCODING_HEXTILE:
1681 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1682 vs->vnc_encoding = enc;
1683 break;
1684 case VNC_ENCODING_TIGHT:
1685 vs->features |= VNC_FEATURE_TIGHT_MASK;
1686 vs->vnc_encoding = enc;
1687 break;
1688 case VNC_ENCODING_ZLIB:
1689 vs->features |= VNC_FEATURE_ZLIB_MASK;
1690 vs->vnc_encoding = enc;
1691 break;
1692 case VNC_ENCODING_DESKTOPRESIZE:
1693 vs->features |= VNC_FEATURE_RESIZE_MASK;
1694 break;
1695 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1696 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1697 break;
1698 case VNC_ENCODING_RICH_CURSOR:
1699 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1700 break;
1701 case VNC_ENCODING_EXT_KEY_EVENT:
1702 send_ext_key_event_ack(vs);
1703 break;
1704 case VNC_ENCODING_AUDIO:
1705 send_ext_audio_ack(vs);
1706 break;
1707 case VNC_ENCODING_WMVi:
1708 vs->features |= VNC_FEATURE_WMVI_MASK;
1709 break;
1710 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1711 vs->tight_compression = (enc & 0x0F);
1712 break;
1713 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1714 vs->tight_quality = (enc & 0x0F);
1715 break;
1716 default:
1717 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1718 break;
1719 }
1720 }
1721 check_pointer_type_change(&vs->mouse_mode_notifier);
1722 }
1723
1724 static void set_pixel_conversion(VncState *vs)
1725 {
1726 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1727 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1728 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1729 vs->write_pixels = vnc_write_pixels_copy;
1730 vnc_hextile_set_pixel_conversion(vs, 0);
1731 } else {
1732 vs->write_pixels = vnc_write_pixels_generic;
1733 vnc_hextile_set_pixel_conversion(vs, 1);
1734 }
1735 }
1736
1737 static void set_pixel_format(VncState *vs,
1738 int bits_per_pixel, int depth,
1739 int big_endian_flag, int true_color_flag,
1740 int red_max, int green_max, int blue_max,
1741 int red_shift, int green_shift, int blue_shift)
1742 {
1743 if (!true_color_flag) {
1744 vnc_client_error(vs);
1745 return;
1746 }
1747
1748 vs->clientds = *(vs->vd->guest.ds);
1749 vs->clientds.pf.rmax = red_max;
1750 count_bits(vs->clientds.pf.rbits, red_max);
1751 vs->clientds.pf.rshift = red_shift;
1752 vs->clientds.pf.rmask = red_max << red_shift;
1753 vs->clientds.pf.gmax = green_max;
1754 count_bits(vs->clientds.pf.gbits, green_max);
1755 vs->clientds.pf.gshift = green_shift;
1756 vs->clientds.pf.gmask = green_max << green_shift;
1757 vs->clientds.pf.bmax = blue_max;
1758 count_bits(vs->clientds.pf.bbits, blue_max);
1759 vs->clientds.pf.bshift = blue_shift;
1760 vs->clientds.pf.bmask = blue_max << blue_shift;
1761 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1762 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1763 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1764 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1765
1766 set_pixel_conversion(vs);
1767
1768 vga_hw_invalidate();
1769 vga_hw_update();
1770 }
1771
1772 static void pixel_format_message (VncState *vs) {
1773 char pad[3] = { 0, 0, 0 };
1774
1775 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1776 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1777
1778 #ifdef HOST_WORDS_BIGENDIAN
1779 vnc_write_u8(vs, 1); /* big-endian-flag */
1780 #else
1781 vnc_write_u8(vs, 0); /* big-endian-flag */
1782 #endif
1783 vnc_write_u8(vs, 1); /* true-color-flag */
1784 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1785 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1786 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1787 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1788 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1789 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1790
1791 vnc_hextile_set_pixel_conversion(vs, 0);
1792
1793 vs->clientds = *(vs->ds->surface);
1794 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1795 vs->write_pixels = vnc_write_pixels_copy;
1796
1797 vnc_write(vs, pad, 3); /* padding */
1798 }
1799
1800 static void vnc_dpy_setdata(DisplayState *ds)
1801 {
1802 /* We don't have to do anything */
1803 }
1804
1805 static void vnc_colordepth(VncState *vs)
1806 {
1807 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1808 /* Sending a WMVi message to notify the client*/
1809 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1810 vnc_write_u8(vs, 0);
1811 vnc_write_u16(vs, 1); /* number of rects */
1812 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1813 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1814 pixel_format_message(vs);
1815 vnc_flush(vs);
1816 } else {
1817 set_pixel_conversion(vs);
1818 }
1819 }
1820
1821 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1822 {
1823 int i;
1824 uint16_t limit;
1825 VncDisplay *vd = vs->vd;
1826
1827 if (data[0] > 3) {
1828 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1829 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1830 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1831 }
1832
1833 switch (data[0]) {
1834 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1835 if (len == 1)
1836 return 20;
1837
1838 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1839 read_u8(data, 6), read_u8(data, 7),
1840 read_u16(data, 8), read_u16(data, 10),
1841 read_u16(data, 12), read_u8(data, 14),
1842 read_u8(data, 15), read_u8(data, 16));
1843 break;
1844 case VNC_MSG_CLIENT_SET_ENCODINGS:
1845 if (len == 1)
1846 return 4;
1847
1848 if (len == 4) {
1849 limit = read_u16(data, 2);
1850 if (limit > 0)
1851 return 4 + (limit * 4);
1852 } else
1853 limit = read_u16(data, 2);
1854
1855 for (i = 0; i < limit; i++) {
1856 int32_t val = read_s32(data, 4 + (i * 4));
1857 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1858 }
1859
1860 set_encodings(vs, (int32_t *)(data + 4), limit);
1861 break;
1862 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1863 if (len == 1)
1864 return 10;
1865
1866 framebuffer_update_request(vs,
1867 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1868 read_u16(data, 6), read_u16(data, 8));
1869 break;
1870 case VNC_MSG_CLIENT_KEY_EVENT:
1871 if (len == 1)
1872 return 8;
1873
1874 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1875 break;
1876 case VNC_MSG_CLIENT_POINTER_EVENT:
1877 if (len == 1)
1878 return 6;
1879
1880 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1881 break;
1882 case VNC_MSG_CLIENT_CUT_TEXT:
1883 if (len == 1)
1884 return 8;
1885
1886 if (len == 8) {
1887 uint32_t dlen = read_u32(data, 4);
1888 if (dlen > 0)
1889 return 8 + dlen;
1890 }
1891
1892 client_cut_text(vs, read_u32(data, 4), data + 8);
1893 break;
1894 case VNC_MSG_CLIENT_QEMU:
1895 if (len == 1)
1896 return 2;
1897
1898 switch (read_u8(data, 1)) {
1899 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1900 if (len == 2)
1901 return 12;
1902
1903 ext_key_event(vs, read_u16(data, 2),
1904 read_u32(data, 4), read_u32(data, 8));
1905 break;
1906 case VNC_MSG_CLIENT_QEMU_AUDIO:
1907 if (len == 2)
1908 return 4;
1909
1910 switch (read_u16 (data, 2)) {
1911 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1912 audio_add(vs);
1913 break;
1914 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1915 audio_del(vs);
1916 break;
1917 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1918 if (len == 4)
1919 return 10;
1920 switch (read_u8(data, 4)) {
1921 case 0: vs->as.fmt = AUD_FMT_U8; break;
1922 case 1: vs->as.fmt = AUD_FMT_S8; break;
1923 case 2: vs->as.fmt = AUD_FMT_U16; break;
1924 case 3: vs->as.fmt = AUD_FMT_S16; break;
1925 case 4: vs->as.fmt = AUD_FMT_U32; break;
1926 case 5: vs->as.fmt = AUD_FMT_S32; break;
1927 default:
1928 printf("Invalid audio format %d\n", read_u8(data, 4));
1929 vnc_client_error(vs);
1930 break;
1931 }
1932 vs->as.nchannels = read_u8(data, 5);
1933 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1934 printf("Invalid audio channel coount %d\n",
1935 read_u8(data, 5));
1936 vnc_client_error(vs);
1937 break;
1938 }
1939 vs->as.freq = read_u32(data, 6);
1940 break;
1941 default:
1942 printf ("Invalid audio message %d\n", read_u8(data, 4));
1943 vnc_client_error(vs);
1944 break;
1945 }
1946 break;
1947
1948 default:
1949 printf("Msg: %d\n", read_u16(data, 0));
1950 vnc_client_error(vs);
1951 break;
1952 }
1953 break;
1954 default:
1955 printf("Msg: %d\n", data[0]);
1956 vnc_client_error(vs);
1957 break;
1958 }
1959
1960 vnc_read_when(vs, protocol_client_msg, 1);
1961 return 0;
1962 }
1963
1964 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1965 {
1966 char buf[1024];
1967 int size;
1968
1969 vnc_write_u16(vs, ds_get_width(vs->ds));
1970 vnc_write_u16(vs, ds_get_height(vs->ds));
1971
1972 pixel_format_message(vs);
1973
1974 if (qemu_name)
1975 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1976 else
1977 size = snprintf(buf, sizeof(buf), "QEMU");
1978
1979 vnc_write_u32(vs, size);
1980 vnc_write(vs, buf, size);
1981 vnc_flush(vs);
1982
1983 vnc_client_cache_auth(vs);
1984 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
1985
1986 vnc_read_when(vs, protocol_client_msg, 1);
1987
1988 return 0;
1989 }
1990
1991 void start_client_init(VncState *vs)
1992 {
1993 vnc_read_when(vs, protocol_client_init, 1);
1994 }
1995
1996 static void make_challenge(VncState *vs)
1997 {
1998 int i;
1999
2000 srand(time(NULL)+getpid()+getpid()*987654+rand());
2001
2002 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2003 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2004 }
2005
2006 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2007 {
2008 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2009 int i, j, pwlen;
2010 unsigned char key[8];
2011
2012 if (!vs->vd->password || !vs->vd->password[0]) {
2013 VNC_DEBUG("No password configured on server");
2014 vnc_write_u32(vs, 1); /* Reject auth */
2015 if (vs->minor >= 8) {
2016 static const char err[] = "Authentication failed";
2017 vnc_write_u32(vs, sizeof(err));
2018 vnc_write(vs, err, sizeof(err));
2019 }
2020 vnc_flush(vs);
2021 vnc_client_error(vs);
2022 return 0;
2023 }
2024
2025 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2026
2027 /* Calculate the expected challenge response */
2028 pwlen = strlen(vs->vd->password);
2029 for (i=0; i<sizeof(key); i++)
2030 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2031 deskey(key, EN0);
2032 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2033 des(response+j, response+j);
2034
2035 /* Compare expected vs actual challenge response */
2036 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2037 VNC_DEBUG("Client challenge reponse did not match\n");
2038 vnc_write_u32(vs, 1); /* Reject auth */
2039 if (vs->minor >= 8) {
2040 static const char err[] = "Authentication failed";
2041 vnc_write_u32(vs, sizeof(err));
2042 vnc_write(vs, err, sizeof(err));
2043 }
2044 vnc_flush(vs);
2045 vnc_client_error(vs);
2046 } else {
2047 VNC_DEBUG("Accepting VNC challenge response\n");
2048 vnc_write_u32(vs, 0); /* Accept auth */
2049 vnc_flush(vs);
2050
2051 start_client_init(vs);
2052 }
2053 return 0;
2054 }
2055
2056 void start_auth_vnc(VncState *vs)
2057 {
2058 make_challenge(vs);
2059 /* Send client a 'random' challenge */
2060 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2061 vnc_flush(vs);
2062
2063 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2064 }
2065
2066
2067 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2068 {
2069 /* We only advertise 1 auth scheme at a time, so client
2070 * must pick the one we sent. Verify this */
2071 if (data[0] != vs->vd->auth) { /* Reject auth */
2072 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2073 vnc_write_u32(vs, 1);
2074 if (vs->minor >= 8) {
2075 static const char err[] = "Authentication failed";
2076 vnc_write_u32(vs, sizeof(err));
2077 vnc_write(vs, err, sizeof(err));
2078 }
2079 vnc_client_error(vs);
2080 } else { /* Accept requested auth */
2081 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2082 switch (vs->vd->auth) {
2083 case VNC_AUTH_NONE:
2084 VNC_DEBUG("Accept auth none\n");
2085 if (vs->minor >= 8) {
2086 vnc_write_u32(vs, 0); /* Accept auth completion */
2087 vnc_flush(vs);
2088 }
2089 start_client_init(vs);
2090 break;
2091
2092 case VNC_AUTH_VNC:
2093 VNC_DEBUG("Start VNC auth\n");
2094 start_auth_vnc(vs);
2095 break;
2096
2097 #ifdef CONFIG_VNC_TLS
2098 case VNC_AUTH_VENCRYPT:
2099 VNC_DEBUG("Accept VeNCrypt auth\n");;
2100 start_auth_vencrypt(vs);
2101 break;
2102 #endif /* CONFIG_VNC_TLS */
2103
2104 #ifdef CONFIG_VNC_SASL
2105 case VNC_AUTH_SASL:
2106 VNC_DEBUG("Accept SASL auth\n");
2107 start_auth_sasl(vs);
2108 break;
2109 #endif /* CONFIG_VNC_SASL */
2110
2111 default: /* Should not be possible, but just in case */
2112 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2113 vnc_write_u8(vs, 1);
2114 if (vs->minor >= 8) {
2115 static const char err[] = "Authentication failed";
2116 vnc_write_u32(vs, sizeof(err));
2117 vnc_write(vs, err, sizeof(err));
2118 }
2119 vnc_client_error(vs);
2120 }
2121 }
2122 return 0;
2123 }
2124
2125 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2126 {
2127 char local[13];
2128
2129 memcpy(local, version, 12);
2130 local[12] = 0;
2131
2132 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2133 VNC_DEBUG("Malformed protocol version %s\n", local);
2134 vnc_client_error(vs);
2135 return 0;
2136 }
2137 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2138 if (vs->major != 3 ||
2139 (vs->minor != 3 &&
2140 vs->minor != 4 &&
2141 vs->minor != 5 &&
2142 vs->minor != 7 &&
2143 vs->minor != 8)) {
2144 VNC_DEBUG("Unsupported client version\n");
2145 vnc_write_u32(vs, VNC_AUTH_INVALID);
2146 vnc_flush(vs);
2147 vnc_client_error(vs);
2148 return 0;
2149 }
2150 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2151 * as equivalent to v3.3 by servers
2152 */
2153 if (vs->minor == 4 || vs->minor == 5)
2154 vs->minor = 3;
2155
2156 if (vs->minor == 3) {
2157 if (vs->vd->auth == VNC_AUTH_NONE) {
2158 VNC_DEBUG("Tell client auth none\n");
2159 vnc_write_u32(vs, vs->vd->auth);
2160 vnc_flush(vs);
2161 start_client_init(vs);
2162 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2163 VNC_DEBUG("Tell client VNC auth\n");
2164 vnc_write_u32(vs, vs->vd->auth);
2165 vnc_flush(vs);
2166 start_auth_vnc(vs);
2167 } else {
2168 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2169 vnc_write_u32(vs, VNC_AUTH_INVALID);
2170 vnc_flush(vs);
2171 vnc_client_error(vs);
2172 }
2173 } else {
2174 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2175 vnc_write_u8(vs, 1); /* num auth */
2176 vnc_write_u8(vs, vs->vd->auth);
2177 vnc_read_when(vs, protocol_client_auth, 1);
2178 vnc_flush(vs);
2179 }
2180
2181 return 0;
2182 }
2183
2184 static int vnc_refresh_server_surface(VncDisplay *vd)
2185 {
2186 int y;
2187 uint8_t *guest_row;
2188 uint8_t *server_row;
2189 int cmp_bytes;
2190 uint32_t width_mask[VNC_DIRTY_WORDS];
2191 VncState *vs;
2192 int has_dirty = 0;
2193
2194 /*
2195 * Walk through the guest dirty map.
2196 * Check and copy modified bits from guest to server surface.
2197 * Update server dirty map.
2198 */
2199 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2200 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2201 guest_row = vd->guest.ds->data;
2202 server_row = vd->server->data;
2203 for (y = 0; y < vd->guest.ds->height; y++) {
2204 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2205 int x;
2206 uint8_t *guest_ptr;
2207 uint8_t *server_ptr;
2208
2209 guest_ptr = guest_row;
2210 server_ptr = server_row;
2211
2212 for (x = 0; x < vd->guest.ds->width;
2213 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2214 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2215 continue;
2216 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2217 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2218 continue;
2219 memcpy(server_ptr, guest_ptr, cmp_bytes);
2220 QTAILQ_FOREACH(vs, &vd->clients, next) {
2221 vnc_set_bit(vs->dirty[y], (x / 16));
2222 }
2223 has_dirty++;
2224 }
2225 }
2226 guest_row += ds_get_linesize(vd->ds);
2227 server_row += ds_get_linesize(vd->ds);
2228 }
2229 return has_dirty;
2230 }
2231
2232 static void vnc_refresh(void *opaque)
2233 {
2234 VncDisplay *vd = opaque;
2235 VncState *vs, *vn;
2236 int has_dirty, rects = 0;
2237
2238 vga_hw_update();
2239
2240 has_dirty = vnc_refresh_server_surface(vd);
2241
2242 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2243 rects += vnc_update_client(vs, has_dirty);
2244 /* vs might be free()ed here */
2245 }
2246 /* vd->timer could be NULL now if the last client disconnected,
2247 * in this case don't update the timer */
2248 if (vd->timer == NULL)
2249 return;
2250
2251 if (has_dirty && rects) {
2252 vd->timer_interval /= 2;
2253 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2254 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2255 } else {
2256 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2257 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2258 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2259 }
2260 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2261 }
2262
2263 static void vnc_init_timer(VncDisplay *vd)
2264 {
2265 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2266 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2267 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2268 vnc_refresh(vd);
2269 }
2270 }
2271
2272 static void vnc_remove_timer(VncDisplay *vd)
2273 {
2274 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2275 qemu_del_timer(vd->timer);
2276 qemu_free_timer(vd->timer);
2277 vd->timer = NULL;
2278 }
2279 }
2280
2281 static void vnc_connect(VncDisplay *vd, int csock)
2282 {
2283 VncState *vs = qemu_mallocz(sizeof(VncState));
2284 vs->csock = csock;
2285
2286 VNC_DEBUG("New client on socket %d\n", csock);
2287 dcl->idle = 0;
2288 socket_set_nonblock(vs->csock);
2289 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2290
2291 vnc_client_cache_addr(vs);
2292 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2293
2294 vs->vd = vd;
2295 vs->ds = vd->ds;
2296 vs->last_x = -1;
2297 vs->last_y = -1;
2298
2299 vs->as.freq = 44100;
2300 vs->as.nchannels = 2;
2301 vs->as.fmt = AUD_FMT_S16;
2302 vs->as.endianness = 0;
2303
2304 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2305
2306 vga_hw_update();
2307
2308 vnc_write(vs, "RFB 003.008\n", 12);
2309 vnc_flush(vs);
2310 vnc_read_when(vs, protocol_version, 12);
2311 reset_keys(vs);
2312 if (vs->vd->lock_key_sync)
2313 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2314
2315 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2316 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2317
2318 vnc_init_timer(vd);
2319
2320 /* vs might be free()ed here */
2321 }
2322
2323 static void vnc_listen_read(void *opaque)
2324 {
2325 VncDisplay *vs = opaque;
2326 struct sockaddr_in addr;
2327 socklen_t addrlen = sizeof(addr);
2328
2329 /* Catch-up */
2330 vga_hw_update();
2331
2332 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2333 if (csock != -1) {
2334 vnc_connect(vs, csock);
2335 }
2336 }
2337
2338 void vnc_display_init(DisplayState *ds)
2339 {
2340 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2341
2342 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2343
2344 ds->opaque = vs;
2345 dcl->idle = 1;
2346 vnc_display = vs;
2347
2348 vs->lsock = -1;
2349
2350 vs->ds = ds;
2351 QTAILQ_INIT(&vs->clients);
2352
2353 if (keyboard_layout)
2354 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2355 else
2356 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2357
2358 if (!vs->kbd_layout)
2359 exit(1);
2360
2361 dcl->dpy_copy = vnc_dpy_copy;
2362 dcl->dpy_update = vnc_dpy_update;
2363 dcl->dpy_resize = vnc_dpy_resize;
2364 dcl->dpy_setdata = vnc_dpy_setdata;
2365 register_displaychangelistener(ds, dcl);
2366 ds->mouse_set = vnc_mouse_set;
2367 ds->cursor_define = vnc_dpy_cursor_define;
2368 }
2369
2370
2371 void vnc_display_close(DisplayState *ds)
2372 {
2373 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2374
2375 if (!vs)
2376 return;
2377 if (vs->display) {
2378 qemu_free(vs->display);
2379 vs->display = NULL;
2380 }
2381 if (vs->lsock != -1) {
2382 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2383 close(vs->lsock);
2384 vs->lsock = -1;
2385 }
2386 vs->auth = VNC_AUTH_INVALID;
2387 #ifdef CONFIG_VNC_TLS
2388 vs->subauth = VNC_AUTH_INVALID;
2389 vs->tls.x509verify = 0;
2390 #endif
2391 }
2392
2393 int vnc_display_password(DisplayState *ds, const char *password)
2394 {
2395 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2396
2397 if (!vs) {
2398 return -1;
2399 }
2400
2401 if (vs->password) {
2402 qemu_free(vs->password);
2403 vs->password = NULL;
2404 }
2405 if (password && password[0]) {
2406 if (!(vs->password = qemu_strdup(password)))
2407 return -1;
2408 if (vs->auth == VNC_AUTH_NONE) {
2409 vs->auth = VNC_AUTH_VNC;
2410 }
2411 } else {
2412 vs->auth = VNC_AUTH_NONE;
2413 }
2414
2415 return 0;
2416 }
2417
2418 char *vnc_display_local_addr(DisplayState *ds)
2419 {
2420 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2421
2422 return vnc_socket_local_addr("%s:%s", vs->lsock);
2423 }
2424
2425 int vnc_display_open(DisplayState *ds, const char *display)
2426 {
2427 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2428 const char *options;
2429 int password = 0;
2430 int reverse = 0;
2431 #ifdef CONFIG_VNC_TLS
2432 int tls = 0, x509 = 0;
2433 #endif
2434 #ifdef CONFIG_VNC_SASL
2435 int sasl = 0;
2436 int saslErr;
2437 #endif
2438 int acl = 0;
2439 int lock_key_sync = 1;
2440
2441 if (!vnc_display)
2442 return -1;
2443 vnc_display_close(ds);
2444 if (strcmp(display, "none") == 0)
2445 return 0;
2446
2447 if (!(vs->display = strdup(display)))
2448 return -1;
2449
2450 options = display;
2451 while ((options = strchr(options, ','))) {
2452 options++;
2453 if (strncmp(options, "password", 8) == 0) {
2454 password = 1; /* Require password auth */
2455 } else if (strncmp(options, "reverse", 7) == 0) {
2456 reverse = 1;
2457 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2458 lock_key_sync = 0;
2459 #ifdef CONFIG_VNC_SASL
2460 } else if (strncmp(options, "sasl", 4) == 0) {
2461 sasl = 1; /* Require SASL auth */
2462 #endif
2463 #ifdef CONFIG_VNC_TLS
2464 } else if (strncmp(options, "tls", 3) == 0) {
2465 tls = 1; /* Require TLS */
2466 } else if (strncmp(options, "x509", 4) == 0) {
2467 char *start, *end;
2468 x509 = 1; /* Require x509 certificates */
2469 if (strncmp(options, "x509verify", 10) == 0)
2470 vs->tls.x509verify = 1; /* ...and verify client certs */
2471
2472 /* Now check for 'x509=/some/path' postfix
2473 * and use that to setup x509 certificate/key paths */
2474 start = strchr(options, '=');
2475 end = strchr(options, ',');
2476 if (start && (!end || (start < end))) {
2477 int len = end ? end-(start+1) : strlen(start+1);
2478 char *path = qemu_strndup(start + 1, len);
2479
2480 VNC_DEBUG("Trying certificate path '%s'\n", path);
2481 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2482 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2483 qemu_free(path);
2484 qemu_free(vs->display);
2485 vs->display = NULL;
2486 return -1;
2487 }
2488 qemu_free(path);
2489 } else {
2490 fprintf(stderr, "No certificate path provided\n");
2491 qemu_free(vs->display);
2492 vs->display = NULL;
2493 return -1;
2494 }
2495 #endif
2496 } else if (strncmp(options, "acl", 3) == 0) {
2497 acl = 1;
2498 }
2499 }
2500
2501 #ifdef CONFIG_VNC_TLS
2502 if (acl && x509 && vs->tls.x509verify) {
2503 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2504 fprintf(stderr, "Failed to create x509 dname ACL\n");
2505 exit(1);
2506 }
2507 }
2508 #endif
2509 #ifdef CONFIG_VNC_SASL
2510 if (acl && sasl) {
2511 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2512 fprintf(stderr, "Failed to create username ACL\n");
2513 exit(1);
2514 }
2515 }
2516 #endif
2517
2518 /*
2519 * Combinations we support here:
2520 *
2521 * - no-auth (clear text, no auth)
2522 * - password (clear text, weak auth)
2523 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2524 * - tls (encrypt, weak anonymous creds, no auth)
2525 * - tls + password (encrypt, weak anonymous creds, weak auth)
2526 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2527 * - tls + x509 (encrypt, good x509 creds, no auth)
2528 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2529 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2530 *
2531 * NB1. TLS is a stackable auth scheme.
2532 * NB2. the x509 schemes have option to validate a client cert dname
2533 */
2534 if (password) {
2535 #ifdef CONFIG_VNC_TLS
2536 if (tls) {
2537 vs->auth = VNC_AUTH_VENCRYPT;
2538 if (x509) {
2539 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2540 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2541 } else {
2542 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2543 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2544 }
2545 } else {
2546 #endif /* CONFIG_VNC_TLS */
2547 VNC_DEBUG("Initializing VNC server with password auth\n");
2548 vs->auth = VNC_AUTH_VNC;
2549 #ifdef CONFIG_VNC_TLS
2550 vs->subauth = VNC_AUTH_INVALID;
2551 }
2552 #endif /* CONFIG_VNC_TLS */
2553 #ifdef CONFIG_VNC_SASL
2554 } else if (sasl) {
2555 #ifdef CONFIG_VNC_TLS
2556 if (tls) {
2557 vs->auth = VNC_AUTH_VENCRYPT;
2558 if (x509) {
2559 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2560 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2561 } else {
2562 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2563 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2564 }
2565 } else {
2566 #endif /* CONFIG_VNC_TLS */
2567 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2568 vs->auth = VNC_AUTH_SASL;
2569 #ifdef CONFIG_VNC_TLS
2570 vs->subauth = VNC_AUTH_INVALID;
2571 }
2572 #endif /* CONFIG_VNC_TLS */
2573 #endif /* CONFIG_VNC_SASL */
2574 } else {
2575 #ifdef CONFIG_VNC_TLS
2576 if (tls) {
2577 vs->auth = VNC_AUTH_VENCRYPT;
2578 if (x509) {
2579 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2580 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2581 } else {
2582 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2583 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2584 }
2585 } else {
2586 #endif
2587 VNC_DEBUG("Initializing VNC server with no auth\n");
2588 vs->auth = VNC_AUTH_NONE;
2589 #ifdef CONFIG_VNC_TLS
2590 vs->subauth = VNC_AUTH_INVALID;
2591 }
2592 #endif
2593 }
2594
2595 #ifdef CONFIG_VNC_SASL
2596 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2597 fprintf(stderr, "Failed to initialize SASL auth %s",
2598 sasl_errstring(saslErr, NULL, NULL));
2599 free(vs->display);
2600 vs->display = NULL;
2601 return -1;
2602 }
2603 #endif
2604 vs->lock_key_sync = lock_key_sync;
2605
2606 if (reverse) {
2607 /* connect to viewer */
2608 if (strncmp(display, "unix:", 5) == 0)
2609 vs->lsock = unix_connect(display+5);
2610 else
2611 vs->lsock = inet_connect(display, SOCK_STREAM);
2612 if (-1 == vs->lsock) {
2613 free(vs->display);
2614 vs->display = NULL;
2615 return -1;
2616 } else {
2617 int csock = vs->lsock;
2618 vs->lsock = -1;
2619 vnc_connect(vs, csock);
2620 }
2621 return 0;
2622
2623 } else {
2624 /* listen for connects */
2625 char *dpy;
2626 dpy = qemu_malloc(256);
2627 if (strncmp(display, "unix:", 5) == 0) {
2628 pstrcpy(dpy, 256, "unix:");
2629 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2630 } else {
2631 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2632 }
2633 if (-1 == vs->lsock) {
2634 free(dpy);
2635 return -1;
2636 } else {
2637 free(vs->display);
2638 vs->display = dpy;
2639 }
2640 }
2641 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2642 }
kraxel's qemu bits