2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
37 #define count_bits(c, v) { \
38 for (c = 0; v; v >>= 1) \
45 static VncDisplay *vnc_display; /* needed for info vnc */
46 static DisplayChangeListener *dcl;
48 static char *addr_to_string(const char *format,
49 struct sockaddr_storage *sa,
52 char host[NI_MAXHOST];
53 char serv[NI_MAXSERV];
56 if ((err = getnameinfo((struct sockaddr *)sa, salen,
59 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
60 VNC_DEBUG("Cannot resolve address %d: %s\n",
61 err, gai_strerror(err));
65 if (asprintf(&addr, format, host, serv) < 0)
72 char *vnc_socket_local_addr(const char *format, int fd) {
73 struct sockaddr_storage sa;
77 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
80 return addr_to_string(format, &sa, salen);
84 char *vnc_socket_remote_addr(const char *format, int fd) {
85 struct sockaddr_storage sa;
89 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
92 return addr_to_string(format, &sa, salen);
95 static const char *vnc_auth_name(VncDisplay *vd) {
97 case VNC_AUTH_INVALID:
113 case VNC_AUTH_VENCRYPT:
114 #ifdef CONFIG_VNC_TLS
115 switch (vd->subauth) {
116 case VNC_AUTH_VENCRYPT_PLAIN:
117 return "vencrypt+plain";
118 case VNC_AUTH_VENCRYPT_TLSNONE:
119 return "vencrypt+tls+none";
120 case VNC_AUTH_VENCRYPT_TLSVNC:
121 return "vencrypt+tls+vnc";
122 case VNC_AUTH_VENCRYPT_TLSPLAIN:
123 return "vencrypt+tls+plain";
124 case VNC_AUTH_VENCRYPT_X509NONE:
125 return "vencrypt+x509+none";
126 case VNC_AUTH_VENCRYPT_X509VNC:
127 return "vencrypt+x509+vnc";
128 case VNC_AUTH_VENCRYPT_X509PLAIN:
129 return "vencrypt+x509+plain";
130 case VNC_AUTH_VENCRYPT_TLSSASL:
131 return "vencrypt+tls+sasl";
132 case VNC_AUTH_VENCRYPT_X509SASL:
133 return "vencrypt+x509+sasl";
146 #define VNC_SOCKET_FORMAT_PRETTY "local %s:%s"
148 static void do_info_vnc_client(Monitor *mon, VncState *client)
151 vnc_socket_remote_addr(" address: %s:%s\n",
156 monitor_printf(mon, "Client:\n");
157 monitor_printf(mon, "%s", clientAddr);
160 #ifdef CONFIG_VNC_TLS
161 if (client->tls.session &&
163 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
165 monitor_printf(mon, " x509 dname: none\n");
167 #ifdef CONFIG_VNC_SASL
168 if (client->sasl.conn &&
169 client->sasl.username)
170 monitor_printf(mon, " username: %s\n", client->sasl.username);
172 monitor_printf(mon, " username: none\n");
176 void do_info_vnc(Monitor *mon)
178 if (vnc_display == NULL || vnc_display->display == NULL) {
179 monitor_printf(mon, "Server: disabled\n");
181 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
187 monitor_printf(mon, "Server:\n");
188 monitor_printf(mon, "%s", serverAddr);
190 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
192 if (vnc_display->clients) {
193 VncState *client = vnc_display->clients;
195 do_info_vnc_client(mon, client);
196 client = client->next;
199 monitor_printf(mon, "Client: none\n");
204 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
205 return (vs->features & (1 << feature));
209 1) Get the queue working for IO.
210 2) there is some weirdness when using the -S option (the screen is grey
211 and not totally invalidated
212 3) resolutions > 1024
215 static void vnc_update_client(void *opaque);
217 static void vnc_colordepth(VncState *vs);
219 static inline void vnc_set_bit(uint32_t *d, int k)
221 d[k >> 5] |= 1 << (k & 0x1f);
224 static inline void vnc_clear_bit(uint32_t *d, int k)
226 d[k >> 5] &= ~(1 << (k & 0x1f));
229 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
239 d[j++] = (1 << n) - 1;
244 static inline int vnc_get_bit(const uint32_t *d, int k)
246 return (d[k >> 5] >> (k & 0x1f)) & 1;
249 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
253 for(i = 0; i < nb_words; i++) {
254 if ((d1[i] & d2[i]) != 0)
260 static void vnc_update(VncState *vs, int x, int y, int w, int h)
266 /* round x down to ensure the loop only spans one 16-pixel block per,
267 iteration. otherwise, if (x % 16) != 0, the last iteration may span
268 two 16-pixel blocks but we only mark the first as dirty
273 x = MIN(x, vs->serverds.width);
274 y = MIN(y, vs->serverds.height);
275 w = MIN(x + w, vs->serverds.width) - x;
276 h = MIN(h, vs->serverds.height);
279 for (i = 0; i < w; i += 16)
280 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
283 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
285 VncDisplay *vd = ds->opaque;
286 VncState *vs = vd->clients;
288 vnc_update(vs, x, y, w, h);
293 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
296 vnc_write_u16(vs, x);
297 vnc_write_u16(vs, y);
298 vnc_write_u16(vs, w);
299 vnc_write_u16(vs, h);
301 vnc_write_s32(vs, encoding);
304 void buffer_reserve(Buffer *buffer, size_t len)
306 if ((buffer->capacity - buffer->offset) < len) {
307 buffer->capacity += (len + 1024);
308 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
309 if (buffer->buffer == NULL) {
310 fprintf(stderr, "vnc: out of memory\n");
316 int buffer_empty(Buffer *buffer)
318 return buffer->offset == 0;
321 uint8_t *buffer_end(Buffer *buffer)
323 return buffer->buffer + buffer->offset;
326 void buffer_reset(Buffer *buffer)
331 void buffer_append(Buffer *buffer, const void *data, size_t len)
333 memcpy(buffer->buffer + buffer->offset, data, len);
334 buffer->offset += len;
337 static void vnc_resize(VncState *vs)
339 DisplayState *ds = vs->ds;
343 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
345 if (vs->old_data == NULL) {
346 fprintf(stderr, "vnc: memory allocation failed\n");
350 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
351 console_color_init(ds);
353 size_changed = ds_get_width(ds) != vs->serverds.width ||
354 ds_get_height(ds) != vs->serverds.height;
355 vs->serverds = *(ds->surface);
357 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
358 vnc_write_u8(vs, 0); /* msg id */
360 vnc_write_u16(vs, 1); /* number of rects */
361 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
362 VNC_ENCODING_DESKTOPRESIZE);
367 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
368 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
371 static void vnc_dpy_resize(DisplayState *ds)
373 VncDisplay *vd = ds->opaque;
374 VncState *vs = vd->clients;
382 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
384 vnc_write(vs, pixels, size);
387 /* slowest but generic code. */
388 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
392 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
393 vs->serverds.pf.rbits);
394 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
395 vs->serverds.pf.gbits);
396 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
397 vs->serverds.pf.bbits);
398 v = (r << vs->clientds.pf.rshift) |
399 (g << vs->clientds.pf.gshift) |
400 (b << vs->clientds.pf.bshift);
401 switch(vs->clientds.pf.bytes_per_pixel) {
406 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
416 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
431 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
435 if (vs->serverds.pf.bytes_per_pixel == 4) {
436 uint32_t *pixels = pixels1;
439 for(i = 0; i < n; i++) {
440 vnc_convert_pixel(vs, buf, pixels[i]);
441 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
443 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
444 uint16_t *pixels = pixels1;
447 for(i = 0; i < n; i++) {
448 vnc_convert_pixel(vs, buf, pixels[i]);
449 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
451 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
452 uint8_t *pixels = pixels1;
455 for(i = 0; i < n; i++) {
456 vnc_convert_pixel(vs, buf, pixels[i]);
457 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
460 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
464 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
469 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
470 for (i = 0; i < h; i++) {
471 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
472 row += ds_get_linesize(vs->ds);
476 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
478 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
479 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
483 #include "vnchextile.h"
487 #include "vnchextile.h"
491 #include "vnchextile.h"
496 #include "vnchextile.h"
502 #include "vnchextile.h"
508 #include "vnchextile.h"
512 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
516 uint8_t *last_fg, *last_bg;
518 last_fg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
519 last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
521 for (j = y; j < (y + h); j += 16) {
522 for (i = x; i < (x + w); i += 16) {
523 vs->send_hextile_tile(vs, i, j,
524 MIN(16, x + w - i), MIN(16, y + h - j),
525 last_bg, last_fg, &has_bg, &has_fg);
533 static void vnc_zlib_init(VncState *vs)
536 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
537 vs->zlib_stream[i].opaque = NULL;
540 static void vnc_zlib_start(VncState *vs)
542 buffer_reset(&vs->zlib);
544 // make the output buffer be the zlib buffer, so we can compress it later
545 vs->zlib_tmp = vs->output;
546 vs->output = vs->zlib;
549 static int vnc_zlib_stop(VncState *vs, int stream_id)
551 z_streamp zstream = &vs->zlib_stream[stream_id];
554 // switch back to normal output/zlib buffers
555 vs->zlib = vs->output;
556 vs->output = vs->zlib_tmp;
558 // compress the zlib buffer
560 // initialize the stream
561 // XXX need one stream per session
562 if (zstream->opaque != vs) {
565 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
566 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
567 zstream->zalloc = Z_NULL;
568 zstream->zfree = Z_NULL;
570 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
571 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
574 fprintf(stderr, "VNC: error initializing zlib\n");
578 zstream->opaque = vs;
581 // XXX what to do if tight_compression changed in between?
583 // reserve memory in output buffer
584 buffer_reserve(&vs->output, vs->zlib.offset + 64);
587 zstream->next_in = vs->zlib.buffer;
588 zstream->avail_in = vs->zlib.offset;
589 zstream->next_out = vs->output.buffer + vs->output.offset;
590 zstream->avail_out = vs->output.capacity - vs->output.offset;
591 zstream->data_type = Z_BINARY;
592 previous_out = zstream->total_out;
595 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
596 fprintf(stderr, "VNC: error during zlib compression\n");
600 vs->output.offset = vs->output.capacity - zstream->avail_out;
601 return zstream->total_out - previous_out;
604 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
606 int old_offset, new_offset, bytes_written;
608 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
610 // remember where we put in the follow-up size
611 old_offset = vs->output.offset;
612 vnc_write_s32(vs, 0);
614 // compress the stream
616 send_framebuffer_update_raw(vs, x, y, w, h);
617 bytes_written = vnc_zlib_stop(vs, 0);
619 if (bytes_written == -1)
623 new_offset = vs->output.offset;
624 vs->output.offset = old_offset;
625 vnc_write_u32(vs, bytes_written);
626 vs->output.offset = new_offset;
629 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
631 switch(vs->vnc_encoding) {
632 case VNC_ENCODING_ZLIB:
633 send_framebuffer_update_zlib(vs, x, y, w, h);
635 case VNC_ENCODING_HEXTILE:
636 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
637 send_framebuffer_update_hextile(vs, x, y, w, h);
640 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
641 send_framebuffer_update_raw(vs, x, y, w, h);
646 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
648 vnc_update_client(vs);
650 vnc_write_u8(vs, 0); /* msg id */
652 vnc_write_u16(vs, 1); /* number of rects */
653 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
654 vnc_write_u16(vs, src_x);
655 vnc_write_u16(vs, src_y);
659 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
661 VncDisplay *vd = ds->opaque;
662 VncState *vs = vd->clients;
664 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
665 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
667 vnc_update(vs, dst_x, dst_y, w, h);
672 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
676 for (h = 1; h < (vs->serverds.height - y); h++) {
678 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
680 for (tmp_x = last_x; tmp_x < x; tmp_x++)
681 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
687 static void vnc_update_client(void *opaque)
689 VncState *vs = opaque;
690 if (vs->need_update && vs->csock != -1) {
694 uint32_t width_mask[VNC_DIRTY_WORDS];
701 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
703 /* Walk through the dirty map and eliminate tiles that
704 really aren't dirty */
705 row = ds_get_data(vs->ds);
706 old_row = vs->old_data;
708 for (y = 0; y < ds_get_height(vs->ds); y++) {
709 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
715 old_ptr = (char*)old_row;
717 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
718 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
719 vnc_clear_bit(vs->dirty_row[y], (x / 16));
722 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
725 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
726 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
730 row += ds_get_linesize(vs->ds);
731 old_row += ds_get_linesize(vs->ds);
734 if (!has_dirty && !vs->audio_cap) {
735 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
739 /* Count rectangles */
741 vnc_write_u8(vs, 0); /* msg id */
743 saved_offset = vs->output.offset;
744 vnc_write_u16(vs, 0);
746 for (y = 0; y < vs->serverds.height; y++) {
749 for (x = 0; x < vs->serverds.width / 16; x++) {
750 if (vnc_get_bit(vs->dirty_row[y], x)) {
754 vnc_clear_bit(vs->dirty_row[y], x);
757 int h = find_dirty_height(vs, y, last_x, x);
758 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
765 int h = find_dirty_height(vs, y, last_x, x);
766 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
770 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
771 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
776 if (vs->csock != -1) {
777 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
783 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
785 VncState *vs = opaque;
788 case AUD_CNOTIFY_DISABLE:
789 vnc_write_u8(vs, 255);
791 vnc_write_u16(vs, 0);
795 case AUD_CNOTIFY_ENABLE:
796 vnc_write_u8(vs, 255);
798 vnc_write_u16(vs, 1);
804 static void audio_capture_destroy(void *opaque)
808 static void audio_capture(void *opaque, void *buf, int size)
810 VncState *vs = opaque;
812 vnc_write_u8(vs, 255);
814 vnc_write_u16(vs, 2);
815 vnc_write_u32(vs, size);
816 vnc_write(vs, buf, size);
820 static void audio_add(VncState *vs)
822 Monitor *mon = cur_mon;
823 struct audio_capture_ops ops;
826 monitor_printf(mon, "audio already running\n");
830 ops.notify = audio_capture_notify;
831 ops.destroy = audio_capture_destroy;
832 ops.capture = audio_capture;
834 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
835 if (!vs->audio_cap) {
836 monitor_printf(mon, "Failed to add audio capture\n");
840 static void audio_del(VncState *vs)
843 AUD_del_capture(vs->audio_cap, vs);
844 vs->audio_cap = NULL;
849 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
851 if (ret == 0 || ret == -1) {
853 switch (last_errno) {
865 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
866 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
867 closesocket(vs->csock);
868 qemu_del_timer(vs->timer);
869 qemu_free_timer(vs->timer);
870 if (vs->input.buffer) qemu_free(vs->input.buffer);
871 if (vs->output.buffer) qemu_free(vs->output.buffer);
872 #ifdef CONFIG_VNC_TLS
873 vnc_tls_client_cleanup(vs);
874 #endif /* CONFIG_VNC_TLS */
875 #ifdef CONFIG_VNC_SASL
876 vnc_sasl_client_cleanup(vs);
877 #endif /* CONFIG_VNC_SASL */
880 VncState *p, *parent = NULL;
881 for (p = vs->vd->clients; p != NULL; p = p->next) {
884 parent->next = p->next;
886 vs->vd->clients = p->next;
891 if (!vs->vd->clients)
894 qemu_free(vs->old_data);
903 void vnc_client_error(VncState *vs)
905 vnc_client_io_error(vs, -1, EINVAL);
910 * Called to write a chunk of data to the client socket. The data may
911 * be the raw data, or may have already been encoded by SASL.
912 * The data will be written either straight onto the socket, or
913 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
915 * NB, it is theoretically possible to have 2 layers of encryption,
916 * both SASL, and this TLS layer. It is highly unlikely in practice
917 * though, since SASL encryption will typically be a no-op if TLS
920 * Returns the number of bytes written, which may be less than
921 * the requested 'datalen' if the socket would block. Returns
922 * -1 on error, and disconnects the client socket.
924 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
927 #ifdef CONFIG_VNC_TLS
928 if (vs->tls.session) {
929 ret = gnutls_write(vs->tls.session, data, datalen);
931 if (ret == GNUTLS_E_AGAIN)
938 #endif /* CONFIG_VNC_TLS */
939 ret = send(vs->csock, data, datalen, 0);
940 VNC_DEBUG("Wrote wire %p %d -> %ld\n", data, datalen, ret);
941 return vnc_client_io_error(vs, ret, socket_error());
946 * Called to write buffered data to the client socket, when not
947 * using any SASL SSF encryption layers. Will write as much data
948 * as possible without blocking. If all buffered data is written,
949 * will switch the FD poll() handler back to read monitoring.
951 * Returns the number of bytes written, which may be less than
952 * the buffered output data if the socket would block. Returns
953 * -1 on error, and disconnects the client socket.
955 static long vnc_client_write_plain(VncState *vs)
959 #ifdef CONFIG_VNC_SASL
960 VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
961 vs->output.buffer, vs->output.capacity, vs->output.offset,
962 vs->sasl.waitWriteSSF);
966 vs->sasl.waitWriteSSF) {
967 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
969 vs->sasl.waitWriteSSF -= ret;
971 #endif /* CONFIG_VNC_SASL */
972 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
976 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
977 vs->output.offset -= ret;
979 if (vs->output.offset == 0) {
980 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
988 * First function called whenever there is data to be written to
989 * the client socket. Will delegate actual work according to whether
990 * SASL SSF layers are enabled (thus requiring encryption calls)
992 void vnc_client_write(void *opaque)
995 VncState *vs = opaque;
997 #ifdef CONFIG_VNC_SASL
1000 !vs->sasl.waitWriteSSF)
1001 ret = vnc_client_write_sasl(vs);
1003 #endif /* CONFIG_VNC_SASL */
1004 ret = vnc_client_write_plain(vs);
1007 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1009 vs->read_handler = func;
1010 vs->read_handler_expect = expecting;
1015 * Called to read a chunk of data from the client socket. The data may
1016 * be the raw data, or may need to be further decoded by SASL.
1017 * The data will be read either straight from to the socket, or
1018 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1020 * NB, it is theoretically possible to have 2 layers of encryption,
1021 * both SASL, and this TLS layer. It is highly unlikely in practice
1022 * though, since SASL encryption will typically be a no-op if TLS
1025 * Returns the number of bytes read, which may be less than
1026 * the requested 'datalen' if the socket would block. Returns
1027 * -1 on error, and disconnects the client socket.
1029 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1032 #ifdef CONFIG_VNC_TLS
1033 if (vs->tls.session) {
1034 ret = gnutls_read(vs->tls.session, data, datalen);
1036 if (ret == GNUTLS_E_AGAIN)
1043 #endif /* CONFIG_VNC_TLS */
1044 ret = recv(vs->csock, data, datalen, 0);
1045 VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
1046 return vnc_client_io_error(vs, ret, socket_error());
1051 * Called to read data from the client socket to the input buffer,
1052 * when not using any SASL SSF encryption layers. Will read as much
1053 * data as possible without blocking.
1055 * Returns the number of bytes read. Returns -1 on error, and
1056 * disconnects the client socket.
1058 static long vnc_client_read_plain(VncState *vs)
1061 VNC_DEBUG("Read plain %p size %d offset %d\n",
1062 vs->input.buffer, vs->input.capacity, vs->input.offset);
1063 buffer_reserve(&vs->input, 4096);
1064 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1067 vs->input.offset += ret;
1073 * First function called whenever there is more data to be read from
1074 * the client socket. Will delegate actual work according to whether
1075 * SASL SSF layers are enabled (thus requiring decryption calls)
1077 void vnc_client_read(void *opaque)
1079 VncState *vs = opaque;
1082 #ifdef CONFIG_VNC_SASL
1083 if (vs->sasl.conn && vs->sasl.runSSF)
1084 ret = vnc_client_read_sasl(vs);
1086 #endif /* CONFIG_VNC_SASL */
1087 ret = vnc_client_read_plain(vs);
1091 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1092 size_t len = vs->read_handler_expect;
1095 ret = vs->read_handler(vs, vs->input.buffer, len);
1096 if (vs->csock == -1)
1100 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1101 vs->input.offset -= len;
1103 vs->read_handler_expect = ret;
1108 void vnc_write(VncState *vs, const void *data, size_t len)
1110 buffer_reserve(&vs->output, len);
1112 if (buffer_empty(&vs->output)) {
1113 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1116 buffer_append(&vs->output, data, len);
1119 void vnc_write_s32(VncState *vs, int32_t value)
1121 vnc_write_u32(vs, *(uint32_t *)&value);
1124 void vnc_write_u32(VncState *vs, uint32_t value)
1128 buf[0] = (value >> 24) & 0xFF;
1129 buf[1] = (value >> 16) & 0xFF;
1130 buf[2] = (value >> 8) & 0xFF;
1131 buf[3] = value & 0xFF;
1133 vnc_write(vs, buf, 4);
1136 void vnc_write_u16(VncState *vs, uint16_t value)
1140 buf[0] = (value >> 8) & 0xFF;
1141 buf[1] = value & 0xFF;
1143 vnc_write(vs, buf, 2);
1146 void vnc_write_u8(VncState *vs, uint8_t value)
1148 vnc_write(vs, (char *)&value, 1);
1151 void vnc_flush(VncState *vs)
1153 if (vs->output.offset)
1154 vnc_client_write(vs);
1157 uint8_t read_u8(uint8_t *data, size_t offset)
1159 return data[offset];
1162 uint16_t read_u16(uint8_t *data, size_t offset)
1164 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1167 int32_t read_s32(uint8_t *data, size_t offset)
1169 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1170 (data[offset + 2] << 8) | data[offset + 3]);
1173 uint32_t read_u32(uint8_t *data, size_t offset)
1175 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1176 (data[offset + 2] << 8) | data[offset + 3]);
1179 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1183 static void check_pointer_type_change(VncState *vs, int absolute)
1185 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1186 vnc_write_u8(vs, 0);
1187 vnc_write_u8(vs, 0);
1188 vnc_write_u16(vs, 1);
1189 vnc_framebuffer_update(vs, absolute, 0,
1190 ds_get_width(vs->ds), ds_get_height(vs->ds),
1191 VNC_ENCODING_POINTER_TYPE_CHANGE);
1194 vs->absolute = absolute;
1197 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1202 if (button_mask & 0x01)
1203 buttons |= MOUSE_EVENT_LBUTTON;
1204 if (button_mask & 0x02)
1205 buttons |= MOUSE_EVENT_MBUTTON;
1206 if (button_mask & 0x04)
1207 buttons |= MOUSE_EVENT_RBUTTON;
1208 if (button_mask & 0x08)
1210 if (button_mask & 0x10)
1214 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1215 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1217 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1221 kbd_mouse_event(x, y, dz, buttons);
1223 if (vs->last_x != -1)
1224 kbd_mouse_event(x - vs->last_x,
1231 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1234 static void reset_keys(VncState *vs)
1237 for(i = 0; i < 256; i++) {
1238 if (vs->modifiers_state[i]) {
1240 kbd_put_keycode(0xe0);
1241 kbd_put_keycode(i | 0x80);
1242 vs->modifiers_state[i] = 0;
1247 static void press_key(VncState *vs, int keysym)
1249 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1250 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1253 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1255 /* QEMU console switch */
1257 case 0x2a: /* Left Shift */
1258 case 0x36: /* Right Shift */
1259 case 0x1d: /* Left CTRL */
1260 case 0x9d: /* Right CTRL */
1261 case 0x38: /* Left ALT */
1262 case 0xb8: /* Right ALT */
1264 vs->modifiers_state[keycode] = 1;
1266 vs->modifiers_state[keycode] = 0;
1268 case 0x02 ... 0x0a: /* '1' to '9' keys */
1269 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1270 /* Reset the modifiers sent to the current console */
1272 console_select(keycode - 0x02);
1276 case 0x3a: /* CapsLock */
1277 case 0x45: /* NumLock */
1279 vs->modifiers_state[keycode] ^= 1;
1283 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1284 /* If the numlock state needs to change then simulate an additional
1285 keypress before sending this one. This will happen if the user
1286 toggles numlock away from the VNC window.
1288 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1289 if (!vs->modifiers_state[0x45]) {
1290 vs->modifiers_state[0x45] = 1;
1291 press_key(vs, 0xff7f);
1294 if (vs->modifiers_state[0x45]) {
1295 vs->modifiers_state[0x45] = 0;
1296 press_key(vs, 0xff7f);
1301 if (is_graphic_console()) {
1303 kbd_put_keycode(0xe0);
1305 kbd_put_keycode(keycode & 0x7f);
1307 kbd_put_keycode(keycode | 0x80);
1309 /* QEMU console emulation */
1312 case 0x2a: /* Left Shift */
1313 case 0x36: /* Right Shift */
1314 case 0x1d: /* Left CTRL */
1315 case 0x9d: /* Right CTRL */
1316 case 0x38: /* Left ALT */
1317 case 0xb8: /* Right ALT */
1320 kbd_put_keysym(QEMU_KEY_UP);
1323 kbd_put_keysym(QEMU_KEY_DOWN);
1326 kbd_put_keysym(QEMU_KEY_LEFT);
1329 kbd_put_keysym(QEMU_KEY_RIGHT);
1332 kbd_put_keysym(QEMU_KEY_DELETE);
1335 kbd_put_keysym(QEMU_KEY_HOME);
1338 kbd_put_keysym(QEMU_KEY_END);
1341 kbd_put_keysym(QEMU_KEY_PAGEUP);
1344 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1347 kbd_put_keysym(sym);
1354 static void key_event(VncState *vs, int down, uint32_t sym)
1358 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1359 sym = sym - 'A' + 'a';
1361 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1362 do_key_event(vs, down, keycode, sym);
1365 static void ext_key_event(VncState *vs, int down,
1366 uint32_t sym, uint16_t keycode)
1368 /* if the user specifies a keyboard layout, always use it */
1369 if (keyboard_layout)
1370 key_event(vs, down, sym);
1372 do_key_event(vs, down, keycode, sym);
1375 static void framebuffer_update_request(VncState *vs, int incremental,
1376 int x_position, int y_position,
1379 if (x_position > ds_get_width(vs->ds))
1380 x_position = ds_get_width(vs->ds);
1381 if (y_position > ds_get_height(vs->ds))
1382 y_position = ds_get_height(vs->ds);
1383 if (x_position + w >= ds_get_width(vs->ds))
1384 w = ds_get_width(vs->ds) - x_position;
1385 if (y_position + h >= ds_get_height(vs->ds))
1386 h = ds_get_height(vs->ds) - y_position;
1389 vs->need_update = 1;
1391 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1393 for (i = 0; i < h; i++) {
1394 vnc_set_bits(vs->dirty_row[y_position + i],
1395 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1396 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1397 old_row += ds_get_linesize(vs->ds);
1402 static void send_ext_key_event_ack(VncState *vs)
1404 vnc_write_u8(vs, 0);
1405 vnc_write_u8(vs, 0);
1406 vnc_write_u16(vs, 1);
1407 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1408 VNC_ENCODING_EXT_KEY_EVENT);
1412 static void send_ext_audio_ack(VncState *vs)
1414 vnc_write_u8(vs, 0);
1415 vnc_write_u8(vs, 0);
1416 vnc_write_u16(vs, 1);
1417 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1418 VNC_ENCODING_AUDIO);
1422 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1425 unsigned int enc = 0;
1429 vs->vnc_encoding = 0;
1430 vs->tight_compression = 9;
1431 vs->tight_quality = 9;
1434 for (i = n_encodings - 1; i >= 0; i--) {
1437 case VNC_ENCODING_RAW:
1438 vs->vnc_encoding = enc;
1440 case VNC_ENCODING_COPYRECT:
1441 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1443 case VNC_ENCODING_HEXTILE:
1444 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1445 vs->vnc_encoding = enc;
1447 case VNC_ENCODING_ZLIB:
1448 vs->features |= VNC_FEATURE_ZLIB_MASK;
1449 vs->vnc_encoding = enc;
1451 case VNC_ENCODING_DESKTOPRESIZE:
1452 vs->features |= VNC_FEATURE_RESIZE_MASK;
1454 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1455 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1457 case VNC_ENCODING_EXT_KEY_EVENT:
1458 send_ext_key_event_ack(vs);
1460 case VNC_ENCODING_AUDIO:
1461 send_ext_audio_ack(vs);
1463 case VNC_ENCODING_WMVi:
1464 vs->features |= VNC_FEATURE_WMVI_MASK;
1466 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1467 vs->tight_compression = (enc & 0x0F);
1469 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1470 vs->tight_quality = (enc & 0x0F);
1473 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1478 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1481 static void set_pixel_conversion(VncState *vs)
1483 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1484 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1485 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1486 vs->write_pixels = vnc_write_pixels_copy;
1487 switch (vs->ds->surface->pf.bits_per_pixel) {
1489 vs->send_hextile_tile = send_hextile_tile_8;
1492 vs->send_hextile_tile = send_hextile_tile_16;
1495 vs->send_hextile_tile = send_hextile_tile_32;
1499 vs->write_pixels = vnc_write_pixels_generic;
1500 switch (vs->ds->surface->pf.bits_per_pixel) {
1502 vs->send_hextile_tile = send_hextile_tile_generic_8;
1505 vs->send_hextile_tile = send_hextile_tile_generic_16;
1508 vs->send_hextile_tile = send_hextile_tile_generic_32;
1514 static void set_pixel_format(VncState *vs,
1515 int bits_per_pixel, int depth,
1516 int big_endian_flag, int true_color_flag,
1517 int red_max, int green_max, int blue_max,
1518 int red_shift, int green_shift, int blue_shift)
1520 if (!true_color_flag) {
1521 vnc_client_error(vs);
1525 vs->clientds = vs->serverds;
1526 vs->clientds.pf.rmax = red_max;
1527 count_bits(vs->clientds.pf.rbits, red_max);
1528 vs->clientds.pf.rshift = red_shift;
1529 vs->clientds.pf.rmask = red_max << red_shift;
1530 vs->clientds.pf.gmax = green_max;
1531 count_bits(vs->clientds.pf.gbits, green_max);
1532 vs->clientds.pf.gshift = green_shift;
1533 vs->clientds.pf.gmask = green_max << green_shift;
1534 vs->clientds.pf.bmax = blue_max;
1535 count_bits(vs->clientds.pf.bbits, blue_max);
1536 vs->clientds.pf.bshift = blue_shift;
1537 vs->clientds.pf.bmask = blue_max << blue_shift;
1538 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1539 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1540 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1541 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1543 set_pixel_conversion(vs);
1545 vga_hw_invalidate();
1549 static void pixel_format_message (VncState *vs) {
1550 char pad[3] = { 0, 0, 0 };
1552 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1553 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1555 #ifdef WORDS_BIGENDIAN
1556 vnc_write_u8(vs, 1); /* big-endian-flag */
1558 vnc_write_u8(vs, 0); /* big-endian-flag */
1560 vnc_write_u8(vs, 1); /* true-color-flag */
1561 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1562 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1563 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1564 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1565 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1566 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1567 if (vs->ds->surface->pf.bits_per_pixel == 32)
1568 vs->send_hextile_tile = send_hextile_tile_32;
1569 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1570 vs->send_hextile_tile = send_hextile_tile_16;
1571 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1572 vs->send_hextile_tile = send_hextile_tile_8;
1573 vs->clientds = *(vs->ds->surface);
1574 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1575 vs->write_pixels = vnc_write_pixels_copy;
1577 vnc_write(vs, pad, 3); /* padding */
1580 static void vnc_dpy_setdata(DisplayState *ds)
1582 /* We don't have to do anything */
1585 static void vnc_colordepth(VncState *vs)
1587 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1588 /* Sending a WMVi message to notify the client*/
1589 vnc_write_u8(vs, 0); /* msg id */
1590 vnc_write_u8(vs, 0);
1591 vnc_write_u16(vs, 1); /* number of rects */
1592 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1593 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1594 pixel_format_message(vs);
1597 set_pixel_conversion(vs);
1601 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1611 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1612 read_u8(data, 6), read_u8(data, 7),
1613 read_u16(data, 8), read_u16(data, 10),
1614 read_u16(data, 12), read_u8(data, 14),
1615 read_u8(data, 15), read_u8(data, 16));
1622 limit = read_u16(data, 2);
1624 return 4 + (limit * 4);
1626 limit = read_u16(data, 2);
1628 for (i = 0; i < limit; i++) {
1629 int32_t val = read_s32(data, 4 + (i * 4));
1630 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1633 set_encodings(vs, (int32_t *)(data + 4), limit);
1639 framebuffer_update_request(vs,
1640 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1641 read_u16(data, 6), read_u16(data, 8));
1647 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1653 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1660 uint32_t dlen = read_u32(data, 4);
1665 client_cut_text(vs, read_u32(data, 4), data + 8);
1671 switch (read_u8(data, 1)) {
1676 ext_key_event(vs, read_u16(data, 2),
1677 read_u32(data, 4), read_u32(data, 8));
1683 switch (read_u16 (data, 2)) {
1693 switch (read_u8(data, 4)) {
1694 case 0: vs->as.fmt = AUD_FMT_U8; break;
1695 case 1: vs->as.fmt = AUD_FMT_S8; break;
1696 case 2: vs->as.fmt = AUD_FMT_U16; break;
1697 case 3: vs->as.fmt = AUD_FMT_S16; break;
1698 case 4: vs->as.fmt = AUD_FMT_U32; break;
1699 case 5: vs->as.fmt = AUD_FMT_S32; break;
1701 printf("Invalid audio format %d\n", read_u8(data, 4));
1702 vnc_client_error(vs);
1705 vs->as.nchannels = read_u8(data, 5);
1706 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1707 printf("Invalid audio channel coount %d\n",
1709 vnc_client_error(vs);
1712 vs->as.freq = read_u32(data, 6);
1715 printf ("Invalid audio message %d\n", read_u8(data, 4));
1716 vnc_client_error(vs);
1722 printf("Msg: %d\n", read_u16(data, 0));
1723 vnc_client_error(vs);
1728 printf("Msg: %d\n", data[0]);
1729 vnc_client_error(vs);
1733 vnc_read_when(vs, protocol_client_msg, 1);
1737 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1742 vnc_write_u16(vs, ds_get_width(vs->ds));
1743 vnc_write_u16(vs, ds_get_height(vs->ds));
1745 pixel_format_message(vs);
1748 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1750 size = snprintf(buf, sizeof(buf), "QEMU");
1752 vnc_write_u32(vs, size);
1753 vnc_write(vs, buf, size);
1756 vnc_read_when(vs, protocol_client_msg, 1);
1761 void start_client_init(VncState *vs)
1763 vnc_read_when(vs, protocol_client_init, 1);
1766 static void make_challenge(VncState *vs)
1770 srand(time(NULL)+getpid()+getpid()*987654+rand());
1772 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1773 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1776 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1778 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1780 unsigned char key[8];
1782 if (!vs->vd->password || !vs->vd->password[0]) {
1783 VNC_DEBUG("No password configured on server");
1784 vnc_write_u32(vs, 1); /* Reject auth */
1785 if (vs->minor >= 8) {
1786 static const char err[] = "Authentication failed";
1787 vnc_write_u32(vs, sizeof(err));
1788 vnc_write(vs, err, sizeof(err));
1791 vnc_client_error(vs);
1795 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1797 /* Calculate the expected challenge response */
1798 pwlen = strlen(vs->vd->password);
1799 for (i=0; i<sizeof(key); i++)
1800 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1802 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1803 des(response+j, response+j);
1805 /* Compare expected vs actual challenge response */
1806 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1807 VNC_DEBUG("Client challenge reponse did not match\n");
1808 vnc_write_u32(vs, 1); /* Reject auth */
1809 if (vs->minor >= 8) {
1810 static const char err[] = "Authentication failed";
1811 vnc_write_u32(vs, sizeof(err));
1812 vnc_write(vs, err, sizeof(err));
1815 vnc_client_error(vs);
1817 VNC_DEBUG("Accepting VNC challenge response\n");
1818 vnc_write_u32(vs, 0); /* Accept auth */
1821 start_client_init(vs);
1826 void start_auth_vnc(VncState *vs)
1829 /* Send client a 'random' challenge */
1830 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1833 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1837 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1839 /* We only advertise 1 auth scheme at a time, so client
1840 * must pick the one we sent. Verify this */
1841 if (data[0] != vs->vd->auth) { /* Reject auth */
1842 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1843 vnc_write_u32(vs, 1);
1844 if (vs->minor >= 8) {
1845 static const char err[] = "Authentication failed";
1846 vnc_write_u32(vs, sizeof(err));
1847 vnc_write(vs, err, sizeof(err));
1849 vnc_client_error(vs);
1850 } else { /* Accept requested auth */
1851 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1852 switch (vs->vd->auth) {
1854 VNC_DEBUG("Accept auth none\n");
1855 if (vs->minor >= 8) {
1856 vnc_write_u32(vs, 0); /* Accept auth completion */
1859 start_client_init(vs);
1863 VNC_DEBUG("Start VNC auth\n");
1867 #ifdef CONFIG_VNC_TLS
1868 case VNC_AUTH_VENCRYPT:
1869 VNC_DEBUG("Accept VeNCrypt auth\n");;
1870 start_auth_vencrypt(vs);
1872 #endif /* CONFIG_VNC_TLS */
1874 #ifdef CONFIG_VNC_SASL
1876 VNC_DEBUG("Accept SASL auth\n");
1877 start_auth_sasl(vs);
1879 #endif /* CONFIG_VNC_SASL */
1881 default: /* Should not be possible, but just in case */
1882 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1883 vnc_write_u8(vs, 1);
1884 if (vs->minor >= 8) {
1885 static const char err[] = "Authentication failed";
1886 vnc_write_u32(vs, sizeof(err));
1887 vnc_write(vs, err, sizeof(err));
1889 vnc_client_error(vs);
1895 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1899 memcpy(local, version, 12);
1902 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1903 VNC_DEBUG("Malformed protocol version %s\n", local);
1904 vnc_client_error(vs);
1907 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1908 if (vs->major != 3 ||
1914 VNC_DEBUG("Unsupported client version\n");
1915 vnc_write_u32(vs, VNC_AUTH_INVALID);
1917 vnc_client_error(vs);
1920 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1921 * as equivalent to v3.3 by servers
1923 if (vs->minor == 4 || vs->minor == 5)
1926 if (vs->minor == 3) {
1927 if (vs->vd->auth == VNC_AUTH_NONE) {
1928 VNC_DEBUG("Tell client auth none\n");
1929 vnc_write_u32(vs, vs->vd->auth);
1931 start_client_init(vs);
1932 } else if (vs->vd->auth == VNC_AUTH_VNC) {
1933 VNC_DEBUG("Tell client VNC auth\n");
1934 vnc_write_u32(vs, vs->vd->auth);
1938 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
1939 vnc_write_u32(vs, VNC_AUTH_INVALID);
1941 vnc_client_error(vs);
1944 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
1945 vnc_write_u8(vs, 1); /* num auth */
1946 vnc_write_u8(vs, vs->vd->auth);
1947 vnc_read_when(vs, protocol_client_auth, 1);
1954 static void vnc_connect(VncDisplay *vd, int csock)
1956 VncState *vs = qemu_mallocz(sizeof(VncState));
1959 VNC_DEBUG("New client on socket %d\n", csock);
1961 socket_set_nonblock(vs->csock);
1962 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1966 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1970 vs->as.freq = 44100;
1971 vs->as.nchannels = 2;
1972 vs->as.fmt = AUD_FMT_S16;
1973 vs->as.endianness = 0;
1976 vnc_write(vs, "RFB 003.008\n", 12);
1978 vnc_read_when(vs, protocol_version, 12);
1979 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
1980 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1981 vnc_update_client(vs);
1984 vs->next = vd->clients;
1988 static void vnc_listen_read(void *opaque)
1990 VncDisplay *vs = opaque;
1991 struct sockaddr_in addr;
1992 socklen_t addrlen = sizeof(addr);
1997 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1999 vnc_connect(vs, csock);
2003 void vnc_display_init(DisplayState *ds)
2007 vs = qemu_mallocz(sizeof(VncState));
2008 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2018 if (keyboard_layout)
2019 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2021 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2023 if (!vs->kbd_layout)
2026 dcl->dpy_copy = vnc_dpy_copy;
2027 dcl->dpy_update = vnc_dpy_update;
2028 dcl->dpy_resize = vnc_dpy_resize;
2029 dcl->dpy_setdata = vnc_dpy_setdata;
2030 register_displaychangelistener(ds, dcl);
2034 void vnc_display_close(DisplayState *ds)
2036 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2041 qemu_free(vs->display);
2044 if (vs->lsock != -1) {
2045 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2049 vs->auth = VNC_AUTH_INVALID;
2050 #ifdef CONFIG_VNC_TLS
2051 vs->subauth = VNC_AUTH_INVALID;
2052 vs->tls.x509verify = 0;
2056 int vnc_display_password(DisplayState *ds, const char *password)
2058 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2061 qemu_free(vs->password);
2062 vs->password = NULL;
2064 if (password && password[0]) {
2065 if (!(vs->password = qemu_strdup(password)))
2072 int vnc_display_open(DisplayState *ds, const char *display)
2074 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2075 const char *options;
2079 #ifdef CONFIG_VNC_TLS
2080 int tls = 0, x509 = 0;
2082 #ifdef CONFIG_VNC_SASL
2089 vnc_display_close(ds);
2090 if (strcmp(display, "none") == 0)
2093 if (!(vs->display = strdup(display)))
2097 while ((options = strchr(options, ','))) {
2099 if (strncmp(options, "password", 8) == 0) {
2100 password = 1; /* Require password auth */
2101 } else if (strncmp(options, "reverse", 7) == 0) {
2103 } else if (strncmp(options, "to=", 3) == 0) {
2104 to_port = atoi(options+3) + 5900;
2105 #ifdef CONFIG_VNC_SASL
2106 } else if (strncmp(options, "sasl", 4) == 0) {
2107 sasl = 1; /* Require SASL auth */
2109 #ifdef CONFIG_VNC_TLS
2110 } else if (strncmp(options, "tls", 3) == 0) {
2111 tls = 1; /* Require TLS */
2112 } else if (strncmp(options, "x509", 4) == 0) {
2114 x509 = 1; /* Require x509 certificates */
2115 if (strncmp(options, "x509verify", 10) == 0)
2116 vs->tls.x509verify = 1; /* ...and verify client certs */
2118 /* Now check for 'x509=/some/path' postfix
2119 * and use that to setup x509 certificate/key paths */
2120 start = strchr(options, '=');
2121 end = strchr(options, ',');
2122 if (start && (!end || (start < end))) {
2123 int len = end ? end-(start+1) : strlen(start+1);
2124 char *path = qemu_strndup(start + 1, len);
2126 VNC_DEBUG("Trying certificate path '%s'\n", path);
2127 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2128 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2130 qemu_free(vs->display);
2136 fprintf(stderr, "No certificate path provided\n");
2137 qemu_free(vs->display);
2146 * Combinations we support here:
2148 * - no-auth (clear text, no auth)
2149 * - password (clear text, weak auth)
2150 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2151 * - tls (encrypt, weak anonymous creds, no auth)
2152 * - tls + password (encrypt, weak anonymous creds, weak auth)
2153 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2154 * - tls + x509 (encrypt, good x509 creds, no auth)
2155 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2156 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2158 * NB1. TLS is a stackable auth scheme.
2159 * NB2. the x509 schemes have option to validate a client cert dname
2162 #ifdef CONFIG_VNC_TLS
2164 vs->auth = VNC_AUTH_VENCRYPT;
2166 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2167 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2169 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2170 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2173 #endif /* CONFIG_VNC_TLS */
2174 VNC_DEBUG("Initializing VNC server with password auth\n");
2175 vs->auth = VNC_AUTH_VNC;
2176 #ifdef CONFIG_VNC_TLS
2177 vs->subauth = VNC_AUTH_INVALID;
2179 #endif /* CONFIG_VNC_TLS */
2180 #ifdef CONFIG_VNC_SASL
2182 #ifdef CONFIG_VNC_TLS
2184 vs->auth = VNC_AUTH_VENCRYPT;
2186 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2187 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2189 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2190 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2193 #endif /* CONFIG_VNC_TLS */
2194 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2195 vs->auth = VNC_AUTH_SASL;
2196 #ifdef CONFIG_VNC_TLS
2197 vs->subauth = VNC_AUTH_INVALID;
2199 #endif /* CONFIG_VNC_TLS */
2200 #endif /* CONFIG_VNC_SASL */
2202 #ifdef CONFIG_VNC_TLS
2204 vs->auth = VNC_AUTH_VENCRYPT;
2206 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2207 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2209 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2210 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2214 VNC_DEBUG("Initializing VNC server with no auth\n");
2215 vs->auth = VNC_AUTH_NONE;
2216 #ifdef CONFIG_VNC_TLS
2217 vs->subauth = VNC_AUTH_INVALID;
2222 #ifdef CONFIG_VNC_SASL
2223 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2224 fprintf(stderr, "Failed to initialize SASL auth %s",
2225 sasl_errstring(saslErr, NULL, NULL));
2233 /* connect to viewer */
2234 if (strncmp(display, "unix:", 5) == 0)
2235 vs->lsock = unix_connect(display+5);
2237 vs->lsock = inet_connect(display, SOCK_STREAM);
2238 if (-1 == vs->lsock) {
2243 int csock = vs->lsock;
2245 vnc_connect(vs, csock);
2250 /* listen for connects */
2252 dpy = qemu_malloc(256);
2253 if (strncmp(display, "unix:", 5) == 0) {
2254 pstrcpy(dpy, 256, "unix:");
2255 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2257 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2259 if (-1 == vs->lsock) {
2267 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
projects / qemu / blob