2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
35 #include "vnc_keysym.h"
38 #define count_bits(c, v) { \
39 for (c = 0; v; v >>= 1) \
46 static VncDisplay *vnc_display; /* needed for info vnc */
47 static DisplayChangeListener *dcl;
49 static char *addr_to_string(const char *format,
50 struct sockaddr_storage *sa,
53 char host[NI_MAXHOST];
54 char serv[NI_MAXSERV];
58 if ((err = getnameinfo((struct sockaddr *)sa, salen,
61 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
62 VNC_DEBUG("Cannot resolve address %d: %s\n",
63 err, gai_strerror(err));
67 /* Enough for the existing format + the 2 vars we're
69 addrlen = strlen(format) + strlen(host) + strlen(serv);
70 addr = qemu_malloc(addrlen + 1);
71 snprintf(addr, addrlen, format, host, serv);
78 char *vnc_socket_local_addr(const char *format, int fd) {
79 struct sockaddr_storage sa;
83 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86 return addr_to_string(format, &sa, salen);
90 char *vnc_socket_remote_addr(const char *format, int fd) {
91 struct sockaddr_storage sa;
95 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
98 return addr_to_string(format, &sa, salen);
101 static const char *vnc_auth_name(VncDisplay *vd) {
103 case VNC_AUTH_INVALID:
119 case VNC_AUTH_VENCRYPT:
120 #ifdef CONFIG_VNC_TLS
121 switch (vd->subauth) {
122 case VNC_AUTH_VENCRYPT_PLAIN:
123 return "vencrypt+plain";
124 case VNC_AUTH_VENCRYPT_TLSNONE:
125 return "vencrypt+tls+none";
126 case VNC_AUTH_VENCRYPT_TLSVNC:
127 return "vencrypt+tls+vnc";
128 case VNC_AUTH_VENCRYPT_TLSPLAIN:
129 return "vencrypt+tls+plain";
130 case VNC_AUTH_VENCRYPT_X509NONE:
131 return "vencrypt+x509+none";
132 case VNC_AUTH_VENCRYPT_X509VNC:
133 return "vencrypt+x509+vnc";
134 case VNC_AUTH_VENCRYPT_X509PLAIN:
135 return "vencrypt+x509+plain";
136 case VNC_AUTH_VENCRYPT_TLSSASL:
137 return "vencrypt+tls+sasl";
138 case VNC_AUTH_VENCRYPT_X509SASL:
139 return "vencrypt+x509+sasl";
152 #define VNC_SOCKET_FORMAT_PRETTY "local %s:%s"
154 static void do_info_vnc_client(Monitor *mon, VncState *client)
157 vnc_socket_remote_addr(" address: %s:%s\n",
162 monitor_printf(mon, "Client:\n");
163 monitor_printf(mon, "%s", clientAddr);
166 #ifdef CONFIG_VNC_TLS
167 if (client->tls.session &&
169 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
171 monitor_printf(mon, " x509 dname: none\n");
173 #ifdef CONFIG_VNC_SASL
174 if (client->sasl.conn &&
175 client->sasl.username)
176 monitor_printf(mon, " username: %s\n", client->sasl.username);
178 monitor_printf(mon, " username: none\n");
182 void do_info_vnc(Monitor *mon)
184 if (vnc_display == NULL || vnc_display->display == NULL) {
185 monitor_printf(mon, "Server: disabled\n");
187 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
193 monitor_printf(mon, "Server:\n");
194 monitor_printf(mon, "%s", serverAddr);
196 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
198 if (vnc_display->clients) {
199 VncState *client = vnc_display->clients;
201 do_info_vnc_client(mon, client);
202 client = client->next;
205 monitor_printf(mon, "Client: none\n");
210 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
211 return (vs->features & (1 << feature));
215 1) Get the queue working for IO.
216 2) there is some weirdness when using the -S option (the screen is grey
217 and not totally invalidated
218 3) resolutions > 1024
221 static void vnc_update_client(void *opaque);
223 static void vnc_colordepth(VncState *vs);
225 static inline void vnc_set_bit(uint32_t *d, int k)
227 d[k >> 5] |= 1 << (k & 0x1f);
230 static inline void vnc_clear_bit(uint32_t *d, int k)
232 d[k >> 5] &= ~(1 << (k & 0x1f));
235 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
245 d[j++] = (1 << n) - 1;
250 static inline int vnc_get_bit(const uint32_t *d, int k)
252 return (d[k >> 5] >> (k & 0x1f)) & 1;
255 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
259 for(i = 0; i < nb_words; i++) {
260 if ((d1[i] & d2[i]) != 0)
266 static void vnc_update(VncState *vs, int x, int y, int w, int h)
272 /* round x down to ensure the loop only spans one 16-pixel block per,
273 iteration. otherwise, if (x % 16) != 0, the last iteration may span
274 two 16-pixel blocks but we only mark the first as dirty
279 x = MIN(x, vs->serverds.width);
280 y = MIN(y, vs->serverds.height);
281 w = MIN(x + w, vs->serverds.width) - x;
282 h = MIN(h, vs->serverds.height);
285 for (i = 0; i < w; i += 16)
286 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
289 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
291 VncDisplay *vd = ds->opaque;
292 VncState *vs = vd->clients;
294 vnc_update(vs, x, y, w, h);
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
307 vnc_write_s32(vs, encoding);
310 void buffer_reserve(Buffer *buffer, size_t len)
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
322 int buffer_empty(Buffer *buffer)
324 return buffer->offset == 0;
327 uint8_t *buffer_end(Buffer *buffer)
329 return buffer->buffer + buffer->offset;
332 void buffer_reset(Buffer *buffer)
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
343 static void vnc_resize(VncState *vs)
345 DisplayState *ds = vs->ds;
349 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
351 if (vs->old_data == NULL) {
352 fprintf(stderr, "vnc: memory allocation failed\n");
356 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
357 console_color_init(ds);
359 size_changed = ds_get_width(ds) != vs->serverds.width ||
360 ds_get_height(ds) != vs->serverds.height;
361 vs->serverds = *(ds->surface);
363 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
364 vnc_write_u8(vs, 0); /* msg id */
366 vnc_write_u16(vs, 1); /* number of rects */
367 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
368 VNC_ENCODING_DESKTOPRESIZE);
373 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
374 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
377 static void vnc_dpy_resize(DisplayState *ds)
379 VncDisplay *vd = ds->opaque;
380 VncState *vs = vd->clients;
388 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
390 vnc_write(vs, pixels, size);
393 /* slowest but generic code. */
394 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
398 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
399 vs->serverds.pf.rbits);
400 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
401 vs->serverds.pf.gbits);
402 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
403 vs->serverds.pf.bbits);
404 v = (r << vs->clientds.pf.rshift) |
405 (g << vs->clientds.pf.gshift) |
406 (b << vs->clientds.pf.bshift);
407 switch(vs->clientds.pf.bytes_per_pixel) {
412 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
422 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
437 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
441 if (vs->serverds.pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
449 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
457 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
475 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
476 for (i = 0; i < h; i++) {
477 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
478 row += ds_get_linesize(vs->ds);
482 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
484 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
485 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
489 #include "vnchextile.h"
493 #include "vnchextile.h"
497 #include "vnchextile.h"
502 #include "vnchextile.h"
508 #include "vnchextile.h"
514 #include "vnchextile.h"
518 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
522 uint8_t *last_fg, *last_bg;
524 last_fg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
525 last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
527 for (j = y; j < (y + h); j += 16) {
528 for (i = x; i < (x + w); i += 16) {
529 vs->send_hextile_tile(vs, i, j,
530 MIN(16, x + w - i), MIN(16, y + h - j),
531 last_bg, last_fg, &has_bg, &has_fg);
539 static void vnc_zlib_init(VncState *vs)
542 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
543 vs->zlib_stream[i].opaque = NULL;
546 static void vnc_zlib_start(VncState *vs)
548 buffer_reset(&vs->zlib);
550 // make the output buffer be the zlib buffer, so we can compress it later
551 vs->zlib_tmp = vs->output;
552 vs->output = vs->zlib;
555 static int vnc_zlib_stop(VncState *vs, int stream_id)
557 z_streamp zstream = &vs->zlib_stream[stream_id];
560 // switch back to normal output/zlib buffers
561 vs->zlib = vs->output;
562 vs->output = vs->zlib_tmp;
564 // compress the zlib buffer
566 // initialize the stream
567 // XXX need one stream per session
568 if (zstream->opaque != vs) {
571 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
572 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
573 zstream->zalloc = Z_NULL;
574 zstream->zfree = Z_NULL;
576 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
577 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
580 fprintf(stderr, "VNC: error initializing zlib\n");
584 zstream->opaque = vs;
587 // XXX what to do if tight_compression changed in between?
589 // reserve memory in output buffer
590 buffer_reserve(&vs->output, vs->zlib.offset + 64);
593 zstream->next_in = vs->zlib.buffer;
594 zstream->avail_in = vs->zlib.offset;
595 zstream->next_out = vs->output.buffer + vs->output.offset;
596 zstream->avail_out = vs->output.capacity - vs->output.offset;
597 zstream->data_type = Z_BINARY;
598 previous_out = zstream->total_out;
601 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
602 fprintf(stderr, "VNC: error during zlib compression\n");
606 vs->output.offset = vs->output.capacity - zstream->avail_out;
607 return zstream->total_out - previous_out;
610 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
612 int old_offset, new_offset, bytes_written;
614 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
616 // remember where we put in the follow-up size
617 old_offset = vs->output.offset;
618 vnc_write_s32(vs, 0);
620 // compress the stream
622 send_framebuffer_update_raw(vs, x, y, w, h);
623 bytes_written = vnc_zlib_stop(vs, 0);
625 if (bytes_written == -1)
629 new_offset = vs->output.offset;
630 vs->output.offset = old_offset;
631 vnc_write_u32(vs, bytes_written);
632 vs->output.offset = new_offset;
635 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
637 switch(vs->vnc_encoding) {
638 case VNC_ENCODING_ZLIB:
639 send_framebuffer_update_zlib(vs, x, y, w, h);
641 case VNC_ENCODING_HEXTILE:
642 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
643 send_framebuffer_update_hextile(vs, x, y, w, h);
646 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
647 send_framebuffer_update_raw(vs, x, y, w, h);
652 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
654 vnc_update_client(vs);
656 vnc_write_u8(vs, 0); /* msg id */
658 vnc_write_u16(vs, 1); /* number of rects */
659 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
660 vnc_write_u16(vs, src_x);
661 vnc_write_u16(vs, src_y);
665 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
667 VncDisplay *vd = ds->opaque;
668 VncState *vs = vd->clients;
670 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
671 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
673 vnc_update(vs, dst_x, dst_y, w, h);
678 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
682 for (h = 1; h < (vs->serverds.height - y); h++) {
684 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
686 for (tmp_x = last_x; tmp_x < x; tmp_x++)
687 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
693 static void vnc_update_client(void *opaque)
695 VncState *vs = opaque;
696 if (vs->need_update && vs->csock != -1) {
700 uint32_t width_mask[VNC_DIRTY_WORDS];
707 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
709 /* Walk through the dirty map and eliminate tiles that
710 really aren't dirty */
711 row = ds_get_data(vs->ds);
712 old_row = vs->old_data;
714 for (y = 0; y < ds_get_height(vs->ds); y++) {
715 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
721 old_ptr = (char*)old_row;
723 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
724 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
725 vnc_clear_bit(vs->dirty_row[y], (x / 16));
728 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
731 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
732 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
736 row += ds_get_linesize(vs->ds);
737 old_row += ds_get_linesize(vs->ds);
740 if (!has_dirty && !vs->audio_cap) {
741 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
745 /* Count rectangles */
747 vnc_write_u8(vs, 0); /* msg id */
749 saved_offset = vs->output.offset;
750 vnc_write_u16(vs, 0);
752 for (y = 0; y < vs->serverds.height; y++) {
755 for (x = 0; x < vs->serverds.width / 16; x++) {
756 if (vnc_get_bit(vs->dirty_row[y], x)) {
760 vnc_clear_bit(vs->dirty_row[y], x);
763 int h = find_dirty_height(vs, y, last_x, x);
764 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
771 int h = find_dirty_height(vs, y, last_x, x);
772 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
776 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
777 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
782 if (vs->csock != -1) {
783 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
789 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
791 VncState *vs = opaque;
794 case AUD_CNOTIFY_DISABLE:
795 vnc_write_u8(vs, 255);
797 vnc_write_u16(vs, 0);
801 case AUD_CNOTIFY_ENABLE:
802 vnc_write_u8(vs, 255);
804 vnc_write_u16(vs, 1);
810 static void audio_capture_destroy(void *opaque)
814 static void audio_capture(void *opaque, void *buf, int size)
816 VncState *vs = opaque;
818 vnc_write_u8(vs, 255);
820 vnc_write_u16(vs, 2);
821 vnc_write_u32(vs, size);
822 vnc_write(vs, buf, size);
826 static void audio_add(VncState *vs)
828 Monitor *mon = cur_mon;
829 struct audio_capture_ops ops;
832 monitor_printf(mon, "audio already running\n");
836 ops.notify = audio_capture_notify;
837 ops.destroy = audio_capture_destroy;
838 ops.capture = audio_capture;
840 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
841 if (!vs->audio_cap) {
842 monitor_printf(mon, "Failed to add audio capture\n");
846 static void audio_del(VncState *vs)
849 AUD_del_capture(vs->audio_cap, vs);
850 vs->audio_cap = NULL;
855 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
857 if (ret == 0 || ret == -1) {
859 switch (last_errno) {
871 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
872 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
873 closesocket(vs->csock);
874 qemu_del_timer(vs->timer);
875 qemu_free_timer(vs->timer);
876 if (vs->input.buffer) qemu_free(vs->input.buffer);
877 if (vs->output.buffer) qemu_free(vs->output.buffer);
878 #ifdef CONFIG_VNC_TLS
879 vnc_tls_client_cleanup(vs);
880 #endif /* CONFIG_VNC_TLS */
881 #ifdef CONFIG_VNC_SASL
882 vnc_sasl_client_cleanup(vs);
883 #endif /* CONFIG_VNC_SASL */
886 VncState *p, *parent = NULL;
887 for (p = vs->vd->clients; p != NULL; p = p->next) {
890 parent->next = p->next;
892 vs->vd->clients = p->next;
897 if (!vs->vd->clients)
900 qemu_free(vs->old_data);
909 void vnc_client_error(VncState *vs)
911 vnc_client_io_error(vs, -1, EINVAL);
916 * Called to write a chunk of data to the client socket. The data may
917 * be the raw data, or may have already been encoded by SASL.
918 * The data will be written either straight onto the socket, or
919 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
921 * NB, it is theoretically possible to have 2 layers of encryption,
922 * both SASL, and this TLS layer. It is highly unlikely in practice
923 * though, since SASL encryption will typically be a no-op if TLS
926 * Returns the number of bytes written, which may be less than
927 * the requested 'datalen' if the socket would block. Returns
928 * -1 on error, and disconnects the client socket.
930 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
933 #ifdef CONFIG_VNC_TLS
934 if (vs->tls.session) {
935 ret = gnutls_write(vs->tls.session, data, datalen);
937 if (ret == GNUTLS_E_AGAIN)
944 #endif /* CONFIG_VNC_TLS */
945 ret = send(vs->csock, data, datalen, 0);
946 VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
947 return vnc_client_io_error(vs, ret, socket_error());
952 * Called to write buffered data to the client socket, when not
953 * using any SASL SSF encryption layers. Will write as much data
954 * as possible without blocking. If all buffered data is written,
955 * will switch the FD poll() handler back to read monitoring.
957 * Returns the number of bytes written, which may be less than
958 * the buffered output data if the socket would block. Returns
959 * -1 on error, and disconnects the client socket.
961 static long vnc_client_write_plain(VncState *vs)
965 #ifdef CONFIG_VNC_SASL
966 VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
967 vs->output.buffer, vs->output.capacity, vs->output.offset,
968 vs->sasl.waitWriteSSF);
972 vs->sasl.waitWriteSSF) {
973 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
975 vs->sasl.waitWriteSSF -= ret;
977 #endif /* CONFIG_VNC_SASL */
978 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
982 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
983 vs->output.offset -= ret;
985 if (vs->output.offset == 0) {
986 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
994 * First function called whenever there is data to be written to
995 * the client socket. Will delegate actual work according to whether
996 * SASL SSF layers are enabled (thus requiring encryption calls)
998 void vnc_client_write(void *opaque)
1001 VncState *vs = opaque;
1003 #ifdef CONFIG_VNC_SASL
1004 if (vs->sasl.conn &&
1006 !vs->sasl.waitWriteSSF)
1007 ret = vnc_client_write_sasl(vs);
1009 #endif /* CONFIG_VNC_SASL */
1010 ret = vnc_client_write_plain(vs);
1013 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1015 vs->read_handler = func;
1016 vs->read_handler_expect = expecting;
1021 * Called to read a chunk of data from the client socket. The data may
1022 * be the raw data, or may need to be further decoded by SASL.
1023 * The data will be read either straight from to the socket, or
1024 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1026 * NB, it is theoretically possible to have 2 layers of encryption,
1027 * both SASL, and this TLS layer. It is highly unlikely in practice
1028 * though, since SASL encryption will typically be a no-op if TLS
1031 * Returns the number of bytes read, which may be less than
1032 * the requested 'datalen' if the socket would block. Returns
1033 * -1 on error, and disconnects the client socket.
1035 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1038 #ifdef CONFIG_VNC_TLS
1039 if (vs->tls.session) {
1040 ret = gnutls_read(vs->tls.session, data, datalen);
1042 if (ret == GNUTLS_E_AGAIN)
1049 #endif /* CONFIG_VNC_TLS */
1050 ret = recv(vs->csock, data, datalen, 0);
1051 VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
1052 return vnc_client_io_error(vs, ret, socket_error());
1057 * Called to read data from the client socket to the input buffer,
1058 * when not using any SASL SSF encryption layers. Will read as much
1059 * data as possible without blocking.
1061 * Returns the number of bytes read. Returns -1 on error, and
1062 * disconnects the client socket.
1064 static long vnc_client_read_plain(VncState *vs)
1067 VNC_DEBUG("Read plain %p size %d offset %d\n",
1068 vs->input.buffer, vs->input.capacity, vs->input.offset);
1069 buffer_reserve(&vs->input, 4096);
1070 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1073 vs->input.offset += ret;
1079 * First function called whenever there is more data to be read from
1080 * the client socket. Will delegate actual work according to whether
1081 * SASL SSF layers are enabled (thus requiring decryption calls)
1083 void vnc_client_read(void *opaque)
1085 VncState *vs = opaque;
1088 #ifdef CONFIG_VNC_SASL
1089 if (vs->sasl.conn && vs->sasl.runSSF)
1090 ret = vnc_client_read_sasl(vs);
1092 #endif /* CONFIG_VNC_SASL */
1093 ret = vnc_client_read_plain(vs);
1097 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1098 size_t len = vs->read_handler_expect;
1101 ret = vs->read_handler(vs, vs->input.buffer, len);
1102 if (vs->csock == -1)
1106 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1107 vs->input.offset -= len;
1109 vs->read_handler_expect = ret;
1114 void vnc_write(VncState *vs, const void *data, size_t len)
1116 buffer_reserve(&vs->output, len);
1118 if (buffer_empty(&vs->output)) {
1119 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1122 buffer_append(&vs->output, data, len);
1125 void vnc_write_s32(VncState *vs, int32_t value)
1127 vnc_write_u32(vs, *(uint32_t *)&value);
1130 void vnc_write_u32(VncState *vs, uint32_t value)
1134 buf[0] = (value >> 24) & 0xFF;
1135 buf[1] = (value >> 16) & 0xFF;
1136 buf[2] = (value >> 8) & 0xFF;
1137 buf[3] = value & 0xFF;
1139 vnc_write(vs, buf, 4);
1142 void vnc_write_u16(VncState *vs, uint16_t value)
1146 buf[0] = (value >> 8) & 0xFF;
1147 buf[1] = value & 0xFF;
1149 vnc_write(vs, buf, 2);
1152 void vnc_write_u8(VncState *vs, uint8_t value)
1154 vnc_write(vs, (char *)&value, 1);
1157 void vnc_flush(VncState *vs)
1159 if (vs->output.offset)
1160 vnc_client_write(vs);
1163 uint8_t read_u8(uint8_t *data, size_t offset)
1165 return data[offset];
1168 uint16_t read_u16(uint8_t *data, size_t offset)
1170 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1173 int32_t read_s32(uint8_t *data, size_t offset)
1175 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1176 (data[offset + 2] << 8) | data[offset + 3]);
1179 uint32_t read_u32(uint8_t *data, size_t offset)
1181 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1182 (data[offset + 2] << 8) | data[offset + 3]);
1185 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1189 static void check_pointer_type_change(VncState *vs, int absolute)
1191 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1192 vnc_write_u8(vs, 0);
1193 vnc_write_u8(vs, 0);
1194 vnc_write_u16(vs, 1);
1195 vnc_framebuffer_update(vs, absolute, 0,
1196 ds_get_width(vs->ds), ds_get_height(vs->ds),
1197 VNC_ENCODING_POINTER_TYPE_CHANGE);
1200 vs->absolute = absolute;
1203 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1208 if (button_mask & 0x01)
1209 buttons |= MOUSE_EVENT_LBUTTON;
1210 if (button_mask & 0x02)
1211 buttons |= MOUSE_EVENT_MBUTTON;
1212 if (button_mask & 0x04)
1213 buttons |= MOUSE_EVENT_RBUTTON;
1214 if (button_mask & 0x08)
1216 if (button_mask & 0x10)
1220 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1221 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1223 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1227 kbd_mouse_event(x, y, dz, buttons);
1229 if (vs->last_x != -1)
1230 kbd_mouse_event(x - vs->last_x,
1237 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1240 static void reset_keys(VncState *vs)
1243 for(i = 0; i < 256; i++) {
1244 if (vs->modifiers_state[i]) {
1246 kbd_put_keycode(0xe0);
1247 kbd_put_keycode(i | 0x80);
1248 vs->modifiers_state[i] = 0;
1253 static void press_key(VncState *vs, int keysym)
1255 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1256 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1259 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1261 /* QEMU console switch */
1263 case 0x2a: /* Left Shift */
1264 case 0x36: /* Right Shift */
1265 case 0x1d: /* Left CTRL */
1266 case 0x9d: /* Right CTRL */
1267 case 0x38: /* Left ALT */
1268 case 0xb8: /* Right ALT */
1270 vs->modifiers_state[keycode] = 1;
1272 vs->modifiers_state[keycode] = 0;
1274 case 0x02 ... 0x0a: /* '1' to '9' keys */
1275 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1276 /* Reset the modifiers sent to the current console */
1278 console_select(keycode - 0x02);
1282 case 0x3a: /* CapsLock */
1283 case 0x45: /* NumLock */
1285 vs->modifiers_state[keycode] ^= 1;
1289 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1290 /* If the numlock state needs to change then simulate an additional
1291 keypress before sending this one. This will happen if the user
1292 toggles numlock away from the VNC window.
1294 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1295 if (!vs->modifiers_state[0x45]) {
1296 vs->modifiers_state[0x45] = 1;
1297 press_key(vs, 0xff7f);
1300 if (vs->modifiers_state[0x45]) {
1301 vs->modifiers_state[0x45] = 0;
1302 press_key(vs, 0xff7f);
1307 if (is_graphic_console()) {
1309 kbd_put_keycode(0xe0);
1311 kbd_put_keycode(keycode & 0x7f);
1313 kbd_put_keycode(keycode | 0x80);
1315 /* QEMU console emulation */
1318 case 0x2a: /* Left Shift */
1319 case 0x36: /* Right Shift */
1320 case 0x1d: /* Left CTRL */
1321 case 0x9d: /* Right CTRL */
1322 case 0x38: /* Left ALT */
1323 case 0xb8: /* Right ALT */
1326 kbd_put_keysym(QEMU_KEY_UP);
1329 kbd_put_keysym(QEMU_KEY_DOWN);
1332 kbd_put_keysym(QEMU_KEY_LEFT);
1335 kbd_put_keysym(QEMU_KEY_RIGHT);
1338 kbd_put_keysym(QEMU_KEY_DELETE);
1341 kbd_put_keysym(QEMU_KEY_HOME);
1344 kbd_put_keysym(QEMU_KEY_END);
1347 kbd_put_keysym(QEMU_KEY_PAGEUP);
1350 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1353 kbd_put_keysym(sym);
1360 static void key_event(VncState *vs, int down, uint32_t sym)
1364 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1365 sym = sym - 'A' + 'a';
1367 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1368 do_key_event(vs, down, keycode, sym);
1371 static void ext_key_event(VncState *vs, int down,
1372 uint32_t sym, uint16_t keycode)
1374 /* if the user specifies a keyboard layout, always use it */
1375 if (keyboard_layout)
1376 key_event(vs, down, sym);
1378 do_key_event(vs, down, keycode, sym);
1381 static void framebuffer_update_request(VncState *vs, int incremental,
1382 int x_position, int y_position,
1385 if (x_position > ds_get_width(vs->ds))
1386 x_position = ds_get_width(vs->ds);
1387 if (y_position > ds_get_height(vs->ds))
1388 y_position = ds_get_height(vs->ds);
1389 if (x_position + w >= ds_get_width(vs->ds))
1390 w = ds_get_width(vs->ds) - x_position;
1391 if (y_position + h >= ds_get_height(vs->ds))
1392 h = ds_get_height(vs->ds) - y_position;
1395 vs->need_update = 1;
1397 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1399 for (i = 0; i < h; i++) {
1400 vnc_set_bits(vs->dirty_row[y_position + i],
1401 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1402 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1403 old_row += ds_get_linesize(vs->ds);
1408 static void send_ext_key_event_ack(VncState *vs)
1410 vnc_write_u8(vs, 0);
1411 vnc_write_u8(vs, 0);
1412 vnc_write_u16(vs, 1);
1413 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1414 VNC_ENCODING_EXT_KEY_EVENT);
1418 static void send_ext_audio_ack(VncState *vs)
1420 vnc_write_u8(vs, 0);
1421 vnc_write_u8(vs, 0);
1422 vnc_write_u16(vs, 1);
1423 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1424 VNC_ENCODING_AUDIO);
1428 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1431 unsigned int enc = 0;
1435 vs->vnc_encoding = 0;
1436 vs->tight_compression = 9;
1437 vs->tight_quality = 9;
1440 for (i = n_encodings - 1; i >= 0; i--) {
1443 case VNC_ENCODING_RAW:
1444 vs->vnc_encoding = enc;
1446 case VNC_ENCODING_COPYRECT:
1447 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1449 case VNC_ENCODING_HEXTILE:
1450 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1451 vs->vnc_encoding = enc;
1453 case VNC_ENCODING_ZLIB:
1454 vs->features |= VNC_FEATURE_ZLIB_MASK;
1455 vs->vnc_encoding = enc;
1457 case VNC_ENCODING_DESKTOPRESIZE:
1458 vs->features |= VNC_FEATURE_RESIZE_MASK;
1460 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1461 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1463 case VNC_ENCODING_EXT_KEY_EVENT:
1464 send_ext_key_event_ack(vs);
1466 case VNC_ENCODING_AUDIO:
1467 send_ext_audio_ack(vs);
1469 case VNC_ENCODING_WMVi:
1470 vs->features |= VNC_FEATURE_WMVI_MASK;
1472 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1473 vs->tight_compression = (enc & 0x0F);
1475 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1476 vs->tight_quality = (enc & 0x0F);
1479 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1484 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1487 static void set_pixel_conversion(VncState *vs)
1489 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1490 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1491 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1492 vs->write_pixels = vnc_write_pixels_copy;
1493 switch (vs->ds->surface->pf.bits_per_pixel) {
1495 vs->send_hextile_tile = send_hextile_tile_8;
1498 vs->send_hextile_tile = send_hextile_tile_16;
1501 vs->send_hextile_tile = send_hextile_tile_32;
1505 vs->write_pixels = vnc_write_pixels_generic;
1506 switch (vs->ds->surface->pf.bits_per_pixel) {
1508 vs->send_hextile_tile = send_hextile_tile_generic_8;
1511 vs->send_hextile_tile = send_hextile_tile_generic_16;
1514 vs->send_hextile_tile = send_hextile_tile_generic_32;
1520 static void set_pixel_format(VncState *vs,
1521 int bits_per_pixel, int depth,
1522 int big_endian_flag, int true_color_flag,
1523 int red_max, int green_max, int blue_max,
1524 int red_shift, int green_shift, int blue_shift)
1526 if (!true_color_flag) {
1527 vnc_client_error(vs);
1531 vs->clientds = vs->serverds;
1532 vs->clientds.pf.rmax = red_max;
1533 count_bits(vs->clientds.pf.rbits, red_max);
1534 vs->clientds.pf.rshift = red_shift;
1535 vs->clientds.pf.rmask = red_max << red_shift;
1536 vs->clientds.pf.gmax = green_max;
1537 count_bits(vs->clientds.pf.gbits, green_max);
1538 vs->clientds.pf.gshift = green_shift;
1539 vs->clientds.pf.gmask = green_max << green_shift;
1540 vs->clientds.pf.bmax = blue_max;
1541 count_bits(vs->clientds.pf.bbits, blue_max);
1542 vs->clientds.pf.bshift = blue_shift;
1543 vs->clientds.pf.bmask = blue_max << blue_shift;
1544 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1545 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1546 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1547 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1549 set_pixel_conversion(vs);
1551 vga_hw_invalidate();
1555 static void pixel_format_message (VncState *vs) {
1556 char pad[3] = { 0, 0, 0 };
1558 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1559 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1561 #ifdef WORDS_BIGENDIAN
1562 vnc_write_u8(vs, 1); /* big-endian-flag */
1564 vnc_write_u8(vs, 0); /* big-endian-flag */
1566 vnc_write_u8(vs, 1); /* true-color-flag */
1567 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1568 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1569 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1570 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1571 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1572 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1573 if (vs->ds->surface->pf.bits_per_pixel == 32)
1574 vs->send_hextile_tile = send_hextile_tile_32;
1575 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1576 vs->send_hextile_tile = send_hextile_tile_16;
1577 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1578 vs->send_hextile_tile = send_hextile_tile_8;
1579 vs->clientds = *(vs->ds->surface);
1580 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1581 vs->write_pixels = vnc_write_pixels_copy;
1583 vnc_write(vs, pad, 3); /* padding */
1586 static void vnc_dpy_setdata(DisplayState *ds)
1588 /* We don't have to do anything */
1591 static void vnc_colordepth(VncState *vs)
1593 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1594 /* Sending a WMVi message to notify the client*/
1595 vnc_write_u8(vs, 0); /* msg id */
1596 vnc_write_u8(vs, 0);
1597 vnc_write_u16(vs, 1); /* number of rects */
1598 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1599 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1600 pixel_format_message(vs);
1603 set_pixel_conversion(vs);
1607 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1617 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1618 read_u8(data, 6), read_u8(data, 7),
1619 read_u16(data, 8), read_u16(data, 10),
1620 read_u16(data, 12), read_u8(data, 14),
1621 read_u8(data, 15), read_u8(data, 16));
1628 limit = read_u16(data, 2);
1630 return 4 + (limit * 4);
1632 limit = read_u16(data, 2);
1634 for (i = 0; i < limit; i++) {
1635 int32_t val = read_s32(data, 4 + (i * 4));
1636 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1639 set_encodings(vs, (int32_t *)(data + 4), limit);
1645 framebuffer_update_request(vs,
1646 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1647 read_u16(data, 6), read_u16(data, 8));
1653 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1659 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1666 uint32_t dlen = read_u32(data, 4);
1671 client_cut_text(vs, read_u32(data, 4), data + 8);
1677 switch (read_u8(data, 1)) {
1682 ext_key_event(vs, read_u16(data, 2),
1683 read_u32(data, 4), read_u32(data, 8));
1689 switch (read_u16 (data, 2)) {
1699 switch (read_u8(data, 4)) {
1700 case 0: vs->as.fmt = AUD_FMT_U8; break;
1701 case 1: vs->as.fmt = AUD_FMT_S8; break;
1702 case 2: vs->as.fmt = AUD_FMT_U16; break;
1703 case 3: vs->as.fmt = AUD_FMT_S16; break;
1704 case 4: vs->as.fmt = AUD_FMT_U32; break;
1705 case 5: vs->as.fmt = AUD_FMT_S32; break;
1707 printf("Invalid audio format %d\n", read_u8(data, 4));
1708 vnc_client_error(vs);
1711 vs->as.nchannels = read_u8(data, 5);
1712 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1713 printf("Invalid audio channel coount %d\n",
1715 vnc_client_error(vs);
1718 vs->as.freq = read_u32(data, 6);
1721 printf ("Invalid audio message %d\n", read_u8(data, 4));
1722 vnc_client_error(vs);
1728 printf("Msg: %d\n", read_u16(data, 0));
1729 vnc_client_error(vs);
1734 printf("Msg: %d\n", data[0]);
1735 vnc_client_error(vs);
1739 vnc_read_when(vs, protocol_client_msg, 1);
1743 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1748 vnc_write_u16(vs, ds_get_width(vs->ds));
1749 vnc_write_u16(vs, ds_get_height(vs->ds));
1751 pixel_format_message(vs);
1754 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1756 size = snprintf(buf, sizeof(buf), "QEMU");
1758 vnc_write_u32(vs, size);
1759 vnc_write(vs, buf, size);
1762 vnc_read_when(vs, protocol_client_msg, 1);
1767 void start_client_init(VncState *vs)
1769 vnc_read_when(vs, protocol_client_init, 1);
1772 static void make_challenge(VncState *vs)
1776 srand(time(NULL)+getpid()+getpid()*987654+rand());
1778 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1779 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1782 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1784 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1786 unsigned char key[8];
1788 if (!vs->vd->password || !vs->vd->password[0]) {
1789 VNC_DEBUG("No password configured on server");
1790 vnc_write_u32(vs, 1); /* Reject auth */
1791 if (vs->minor >= 8) {
1792 static const char err[] = "Authentication failed";
1793 vnc_write_u32(vs, sizeof(err));
1794 vnc_write(vs, err, sizeof(err));
1797 vnc_client_error(vs);
1801 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1803 /* Calculate the expected challenge response */
1804 pwlen = strlen(vs->vd->password);
1805 for (i=0; i<sizeof(key); i++)
1806 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1808 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1809 des(response+j, response+j);
1811 /* Compare expected vs actual challenge response */
1812 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1813 VNC_DEBUG("Client challenge reponse did not match\n");
1814 vnc_write_u32(vs, 1); /* Reject auth */
1815 if (vs->minor >= 8) {
1816 static const char err[] = "Authentication failed";
1817 vnc_write_u32(vs, sizeof(err));
1818 vnc_write(vs, err, sizeof(err));
1821 vnc_client_error(vs);
1823 VNC_DEBUG("Accepting VNC challenge response\n");
1824 vnc_write_u32(vs, 0); /* Accept auth */
1827 start_client_init(vs);
1832 void start_auth_vnc(VncState *vs)
1835 /* Send client a 'random' challenge */
1836 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1839 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1843 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1845 /* We only advertise 1 auth scheme at a time, so client
1846 * must pick the one we sent. Verify this */
1847 if (data[0] != vs->vd->auth) { /* Reject auth */
1848 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1849 vnc_write_u32(vs, 1);
1850 if (vs->minor >= 8) {
1851 static const char err[] = "Authentication failed";
1852 vnc_write_u32(vs, sizeof(err));
1853 vnc_write(vs, err, sizeof(err));
1855 vnc_client_error(vs);
1856 } else { /* Accept requested auth */
1857 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1858 switch (vs->vd->auth) {
1860 VNC_DEBUG("Accept auth none\n");
1861 if (vs->minor >= 8) {
1862 vnc_write_u32(vs, 0); /* Accept auth completion */
1865 start_client_init(vs);
1869 VNC_DEBUG("Start VNC auth\n");
1873 #ifdef CONFIG_VNC_TLS
1874 case VNC_AUTH_VENCRYPT:
1875 VNC_DEBUG("Accept VeNCrypt auth\n");;
1876 start_auth_vencrypt(vs);
1878 #endif /* CONFIG_VNC_TLS */
1880 #ifdef CONFIG_VNC_SASL
1882 VNC_DEBUG("Accept SASL auth\n");
1883 start_auth_sasl(vs);
1885 #endif /* CONFIG_VNC_SASL */
1887 default: /* Should not be possible, but just in case */
1888 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1889 vnc_write_u8(vs, 1);
1890 if (vs->minor >= 8) {
1891 static const char err[] = "Authentication failed";
1892 vnc_write_u32(vs, sizeof(err));
1893 vnc_write(vs, err, sizeof(err));
1895 vnc_client_error(vs);
1901 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1905 memcpy(local, version, 12);
1908 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1909 VNC_DEBUG("Malformed protocol version %s\n", local);
1910 vnc_client_error(vs);
1913 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1914 if (vs->major != 3 ||
1920 VNC_DEBUG("Unsupported client version\n");
1921 vnc_write_u32(vs, VNC_AUTH_INVALID);
1923 vnc_client_error(vs);
1926 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1927 * as equivalent to v3.3 by servers
1929 if (vs->minor == 4 || vs->minor == 5)
1932 if (vs->minor == 3) {
1933 if (vs->vd->auth == VNC_AUTH_NONE) {
1934 VNC_DEBUG("Tell client auth none\n");
1935 vnc_write_u32(vs, vs->vd->auth);
1937 start_client_init(vs);
1938 } else if (vs->vd->auth == VNC_AUTH_VNC) {
1939 VNC_DEBUG("Tell client VNC auth\n");
1940 vnc_write_u32(vs, vs->vd->auth);
1944 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
1945 vnc_write_u32(vs, VNC_AUTH_INVALID);
1947 vnc_client_error(vs);
1950 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
1951 vnc_write_u8(vs, 1); /* num auth */
1952 vnc_write_u8(vs, vs->vd->auth);
1953 vnc_read_when(vs, protocol_client_auth, 1);
1960 static void vnc_connect(VncDisplay *vd, int csock)
1962 VncState *vs = qemu_mallocz(sizeof(VncState));
1965 VNC_DEBUG("New client on socket %d\n", csock);
1967 socket_set_nonblock(vs->csock);
1968 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1972 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1976 vs->as.freq = 44100;
1977 vs->as.nchannels = 2;
1978 vs->as.fmt = AUD_FMT_S16;
1979 vs->as.endianness = 0;
1982 vnc_write(vs, "RFB 003.008\n", 12);
1984 vnc_read_when(vs, protocol_version, 12);
1985 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
1986 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1987 vnc_update_client(vs);
1990 vs->next = vd->clients;
1994 static void vnc_listen_read(void *opaque)
1996 VncDisplay *vs = opaque;
1997 struct sockaddr_in addr;
1998 socklen_t addrlen = sizeof(addr);
2003 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2005 vnc_connect(vs, csock);
2009 void vnc_display_init(DisplayState *ds)
2013 vs = qemu_mallocz(sizeof(VncState));
2014 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2024 if (keyboard_layout)
2025 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2027 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2029 if (!vs->kbd_layout)
2032 dcl->dpy_copy = vnc_dpy_copy;
2033 dcl->dpy_update = vnc_dpy_update;
2034 dcl->dpy_resize = vnc_dpy_resize;
2035 dcl->dpy_setdata = vnc_dpy_setdata;
2036 register_displaychangelistener(ds, dcl);
2040 void vnc_display_close(DisplayState *ds)
2042 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2047 qemu_free(vs->display);
2050 if (vs->lsock != -1) {
2051 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2055 vs->auth = VNC_AUTH_INVALID;
2056 #ifdef CONFIG_VNC_TLS
2057 vs->subauth = VNC_AUTH_INVALID;
2058 vs->tls.x509verify = 0;
2062 int vnc_display_password(DisplayState *ds, const char *password)
2064 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2067 qemu_free(vs->password);
2068 vs->password = NULL;
2070 if (password && password[0]) {
2071 if (!(vs->password = qemu_strdup(password)))
2078 int vnc_display_open(DisplayState *ds, const char *display)
2080 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2081 const char *options;
2085 #ifdef CONFIG_VNC_TLS
2086 int tls = 0, x509 = 0;
2088 #ifdef CONFIG_VNC_SASL
2096 vnc_display_close(ds);
2097 if (strcmp(display, "none") == 0)
2100 if (!(vs->display = strdup(display)))
2104 while ((options = strchr(options, ','))) {
2106 if (strncmp(options, "password", 8) == 0) {
2107 password = 1; /* Require password auth */
2108 } else if (strncmp(options, "reverse", 7) == 0) {
2110 } else if (strncmp(options, "to=", 3) == 0) {
2111 to_port = atoi(options+3) + 5900;
2112 #ifdef CONFIG_VNC_SASL
2113 } else if (strncmp(options, "sasl", 4) == 0) {
2114 sasl = 1; /* Require SASL auth */
2116 #ifdef CONFIG_VNC_TLS
2117 } else if (strncmp(options, "tls", 3) == 0) {
2118 tls = 1; /* Require TLS */
2119 } else if (strncmp(options, "x509", 4) == 0) {
2121 x509 = 1; /* Require x509 certificates */
2122 if (strncmp(options, "x509verify", 10) == 0)
2123 vs->tls.x509verify = 1; /* ...and verify client certs */
2125 /* Now check for 'x509=/some/path' postfix
2126 * and use that to setup x509 certificate/key paths */
2127 start = strchr(options, '=');
2128 end = strchr(options, ',');
2129 if (start && (!end || (start < end))) {
2130 int len = end ? end-(start+1) : strlen(start+1);
2131 char *path = qemu_strndup(start + 1, len);
2133 VNC_DEBUG("Trying certificate path '%s'\n", path);
2134 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2135 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2137 qemu_free(vs->display);
2143 fprintf(stderr, "No certificate path provided\n");
2144 qemu_free(vs->display);
2149 } else if (strncmp(options, "acl", 3) == 0) {
2154 #ifdef CONFIG_VNC_TLS
2155 if (acl && x509 && vs->tls.x509verify) {
2156 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2157 fprintf(stderr, "Failed to create x509 dname ACL\n");
2162 #ifdef CONFIG_VNC_SASL
2164 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2165 fprintf(stderr, "Failed to create username ACL\n");
2172 * Combinations we support here:
2174 * - no-auth (clear text, no auth)
2175 * - password (clear text, weak auth)
2176 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2177 * - tls (encrypt, weak anonymous creds, no auth)
2178 * - tls + password (encrypt, weak anonymous creds, weak auth)
2179 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2180 * - tls + x509 (encrypt, good x509 creds, no auth)
2181 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2182 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2184 * NB1. TLS is a stackable auth scheme.
2185 * NB2. the x509 schemes have option to validate a client cert dname
2188 #ifdef CONFIG_VNC_TLS
2190 vs->auth = VNC_AUTH_VENCRYPT;
2192 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2193 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2195 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2196 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2199 #endif /* CONFIG_VNC_TLS */
2200 VNC_DEBUG("Initializing VNC server with password auth\n");
2201 vs->auth = VNC_AUTH_VNC;
2202 #ifdef CONFIG_VNC_TLS
2203 vs->subauth = VNC_AUTH_INVALID;
2205 #endif /* CONFIG_VNC_TLS */
2206 #ifdef CONFIG_VNC_SASL
2208 #ifdef CONFIG_VNC_TLS
2210 vs->auth = VNC_AUTH_VENCRYPT;
2212 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2213 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2215 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2216 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2219 #endif /* CONFIG_VNC_TLS */
2220 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2221 vs->auth = VNC_AUTH_SASL;
2222 #ifdef CONFIG_VNC_TLS
2223 vs->subauth = VNC_AUTH_INVALID;
2225 #endif /* CONFIG_VNC_TLS */
2226 #endif /* CONFIG_VNC_SASL */
2228 #ifdef CONFIG_VNC_TLS
2230 vs->auth = VNC_AUTH_VENCRYPT;
2232 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2233 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2235 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2236 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2240 VNC_DEBUG("Initializing VNC server with no auth\n");
2241 vs->auth = VNC_AUTH_NONE;
2242 #ifdef CONFIG_VNC_TLS
2243 vs->subauth = VNC_AUTH_INVALID;
2248 #ifdef CONFIG_VNC_SASL
2249 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2250 fprintf(stderr, "Failed to initialize SASL auth %s",
2251 sasl_errstring(saslErr, NULL, NULL));
2259 /* connect to viewer */
2260 if (strncmp(display, "unix:", 5) == 0)
2261 vs->lsock = unix_connect(display+5);
2263 vs->lsock = inet_connect(display, SOCK_STREAM);
2264 if (-1 == vs->lsock) {
2269 int csock = vs->lsock;
2271 vnc_connect(vs, csock);
2276 /* listen for connects */
2278 dpy = qemu_malloc(256);
2279 if (strncmp(display, "unix:", 5) == 0) {
2280 pstrcpy(dpy, 256, "unix:");
2281 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2283 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2285 if (-1 == vs->lsock) {
2293 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
projects / qemu / blob