2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
35 #include "vnc_keysym.h"
38 #define count_bits(c, v) { \
39 for (c = 0; v; v >>= 1) \
46 static VncDisplay *vnc_display; /* needed for info vnc */
47 static DisplayChangeListener *dcl;
49 static char *addr_to_string(const char *format,
50 struct sockaddr_storage *sa,
53 char host[NI_MAXHOST];
54 char serv[NI_MAXSERV];
58 if ((err = getnameinfo((struct sockaddr *)sa, salen,
61 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
62 VNC_DEBUG("Cannot resolve address %d: %s\n",
63 err, gai_strerror(err));
67 /* Enough for the existing format + the 2 vars we're
69 addrlen = strlen(format) + strlen(host) + strlen(serv);
70 addr = qemu_malloc(addrlen + 1);
71 snprintf(addr, addrlen, format, host, serv);
78 char *vnc_socket_local_addr(const char *format, int fd) {
79 struct sockaddr_storage sa;
83 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86 return addr_to_string(format, &sa, salen);
89 char *vnc_socket_remote_addr(const char *format, int fd) {
90 struct sockaddr_storage sa;
94 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
97 return addr_to_string(format, &sa, salen);
100 static const char *vnc_auth_name(VncDisplay *vd) {
102 case VNC_AUTH_INVALID:
118 case VNC_AUTH_VENCRYPT:
119 #ifdef CONFIG_VNC_TLS
120 switch (vd->subauth) {
121 case VNC_AUTH_VENCRYPT_PLAIN:
122 return "vencrypt+plain";
123 case VNC_AUTH_VENCRYPT_TLSNONE:
124 return "vencrypt+tls+none";
125 case VNC_AUTH_VENCRYPT_TLSVNC:
126 return "vencrypt+tls+vnc";
127 case VNC_AUTH_VENCRYPT_TLSPLAIN:
128 return "vencrypt+tls+plain";
129 case VNC_AUTH_VENCRYPT_X509NONE:
130 return "vencrypt+x509+none";
131 case VNC_AUTH_VENCRYPT_X509VNC:
132 return "vencrypt+x509+vnc";
133 case VNC_AUTH_VENCRYPT_X509PLAIN:
134 return "vencrypt+x509+plain";
135 case VNC_AUTH_VENCRYPT_TLSSASL:
136 return "vencrypt+tls+sasl";
137 case VNC_AUTH_VENCRYPT_X509SASL:
138 return "vencrypt+x509+sasl";
151 static void do_info_vnc_client(Monitor *mon, VncState *client)
154 vnc_socket_remote_addr(" address: %s:%s\n",
159 monitor_printf(mon, "Client:\n");
160 monitor_printf(mon, "%s", clientAddr);
163 #ifdef CONFIG_VNC_TLS
164 if (client->tls.session &&
166 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
168 monitor_printf(mon, " x509 dname: none\n");
170 #ifdef CONFIG_VNC_SASL
171 if (client->sasl.conn &&
172 client->sasl.username)
173 monitor_printf(mon, " username: %s\n", client->sasl.username);
175 monitor_printf(mon, " username: none\n");
179 void do_info_vnc(Monitor *mon)
181 if (vnc_display == NULL || vnc_display->display == NULL) {
182 monitor_printf(mon, "Server: disabled\n");
184 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
190 monitor_printf(mon, "Server:\n");
191 monitor_printf(mon, "%s", serverAddr);
193 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
195 if (vnc_display->clients) {
196 VncState *client = vnc_display->clients;
198 do_info_vnc_client(mon, client);
199 client = client->next;
202 monitor_printf(mon, "Client: none\n");
207 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
208 return (vs->features & (1 << feature));
212 1) Get the queue working for IO.
213 2) there is some weirdness when using the -S option (the screen is grey
214 and not totally invalidated
215 3) resolutions > 1024
218 static void vnc_update_client(VncState *vs);
219 static void vnc_disconnect_start(VncState *vs);
220 static void vnc_disconnect_finish(VncState *vs);
221 static void vnc_init_timer(VncDisplay *vd);
222 static void vnc_remove_timer(VncDisplay *vd);
224 static void vnc_colordepth(VncState *vs);
226 static inline void vnc_set_bit(uint32_t *d, int k)
228 d[k >> 5] |= 1 << (k & 0x1f);
231 static inline void vnc_clear_bit(uint32_t *d, int k)
233 d[k >> 5] &= ~(1 << (k & 0x1f));
236 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
246 d[j++] = (1 << n) - 1;
251 static inline int vnc_get_bit(const uint32_t *d, int k)
253 return (d[k >> 5] >> (k & 0x1f)) & 1;
256 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
260 for(i = 0; i < nb_words; i++) {
261 if ((d1[i] & d2[i]) != 0)
267 static void vnc_update(VncState *vs, int x, int y, int w, int h)
269 struct VncSurface *s = &vs->guest;
274 /* round x down to ensure the loop only spans one 16-pixel block per,
275 iteration. otherwise, if (x % 16) != 0, the last iteration may span
276 two 16-pixel blocks but we only mark the first as dirty
281 x = MIN(x, s->ds->width);
282 y = MIN(y, s->ds->height);
283 w = MIN(x + w, s->ds->width) - x;
284 h = MIN(h, s->ds->height);
287 for (i = 0; i < w; i += 16)
288 vnc_set_bit(s->dirty[y], (x + i) / 16);
291 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
293 VncDisplay *vd = ds->opaque;
294 VncState *vs = vd->clients;
296 vnc_update(vs, x, y, w, h);
301 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
304 vnc_write_u16(vs, x);
305 vnc_write_u16(vs, y);
306 vnc_write_u16(vs, w);
307 vnc_write_u16(vs, h);
309 vnc_write_s32(vs, encoding);
312 void buffer_reserve(Buffer *buffer, size_t len)
314 if ((buffer->capacity - buffer->offset) < len) {
315 buffer->capacity += (len + 1024);
316 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
317 if (buffer->buffer == NULL) {
318 fprintf(stderr, "vnc: out of memory\n");
324 int buffer_empty(Buffer *buffer)
326 return buffer->offset == 0;
329 uint8_t *buffer_end(Buffer *buffer)
331 return buffer->buffer + buffer->offset;
334 void buffer_reset(Buffer *buffer)
339 void buffer_append(Buffer *buffer, const void *data, size_t len)
341 memcpy(buffer->buffer + buffer->offset, data, len);
342 buffer->offset += len;
345 static void vnc_resize(VncState *vs)
347 DisplayState *ds = vs->ds;
352 vs->guest.ds = qemu_mallocz(sizeof(*vs->guest.ds));
353 if (ds_get_bytes_per_pixel(ds) != vs->guest.ds->pf.bytes_per_pixel)
354 console_color_init(ds);
356 size_changed = ds_get_width(ds) != vs->guest.ds->width ||
357 ds_get_height(ds) != vs->guest.ds->height;
358 *(vs->guest.ds) = *(ds->surface);
360 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
361 vnc_write_u8(vs, 0); /* msg id */
363 vnc_write_u16(vs, 1); /* number of rects */
364 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
365 VNC_ENCODING_DESKTOPRESIZE);
369 memset(vs->guest.dirty, 0xFF, sizeof(vs->guest.dirty));
373 vs->server.ds = qemu_mallocz(sizeof(*vs->server.ds));
374 if (vs->server.ds->data)
375 qemu_free(vs->server.ds->data);
376 *(vs->server.ds) = *(ds->surface);
377 vs->server.ds->data = qemu_mallocz(vs->server.ds->linesize *
378 vs->server.ds->height);
379 memset(vs->server.dirty, 0xFF, sizeof(vs->guest.dirty));
382 static void vnc_dpy_resize(DisplayState *ds)
384 VncDisplay *vd = ds->opaque;
385 VncState *vs = vd->clients;
393 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
395 vnc_write(vs, pixels, size);
398 /* slowest but generic code. */
399 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
403 r = ((((v & vs->server.ds->pf.rmask) >> vs->server.ds->pf.rshift) << vs->clientds.pf.rbits) >>
404 vs->server.ds->pf.rbits);
405 g = ((((v & vs->server.ds->pf.gmask) >> vs->server.ds->pf.gshift) << vs->clientds.pf.gbits) >>
406 vs->server.ds->pf.gbits);
407 b = ((((v & vs->server.ds->pf.bmask) >> vs->server.ds->pf.bshift) << vs->clientds.pf.bbits) >>
408 vs->server.ds->pf.bbits);
409 v = (r << vs->clientds.pf.rshift) |
410 (g << vs->clientds.pf.gshift) |
411 (b << vs->clientds.pf.bshift);
412 switch(vs->clientds.pf.bytes_per_pixel) {
417 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
427 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
442 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
446 if (vs->server.ds->pf.bytes_per_pixel == 4) {
447 uint32_t *pixels = pixels1;
450 for(i = 0; i < n; i++) {
451 vnc_convert_pixel(vs, buf, pixels[i]);
452 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
454 } else if (vs->server.ds->pf.bytes_per_pixel == 2) {
455 uint16_t *pixels = pixels1;
458 for(i = 0; i < n; i++) {
459 vnc_convert_pixel(vs, buf, pixels[i]);
460 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
462 } else if (vs->server.ds->pf.bytes_per_pixel == 1) {
463 uint8_t *pixels = pixels1;
466 for(i = 0; i < n; i++) {
467 vnc_convert_pixel(vs, buf, pixels[i]);
468 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
471 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
475 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
480 row = vs->server.ds->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
481 for (i = 0; i < h; i++) {
482 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
483 row += ds_get_linesize(vs->ds);
487 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
489 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
490 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
494 #include "vnchextile.h"
498 #include "vnchextile.h"
502 #include "vnchextile.h"
507 #include "vnchextile.h"
513 #include "vnchextile.h"
519 #include "vnchextile.h"
523 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
527 uint8_t *last_fg, *last_bg;
529 last_fg = (uint8_t *) qemu_malloc(vs->server.ds->pf.bytes_per_pixel);
530 last_bg = (uint8_t *) qemu_malloc(vs->server.ds->pf.bytes_per_pixel);
532 for (j = y; j < (y + h); j += 16) {
533 for (i = x; i < (x + w); i += 16) {
534 vs->send_hextile_tile(vs, i, j,
535 MIN(16, x + w - i), MIN(16, y + h - j),
536 last_bg, last_fg, &has_bg, &has_fg);
544 static void vnc_zlib_init(VncState *vs)
547 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
548 vs->zlib_stream[i].opaque = NULL;
551 static void vnc_zlib_start(VncState *vs)
553 buffer_reset(&vs->zlib);
555 // make the output buffer be the zlib buffer, so we can compress it later
556 vs->zlib_tmp = vs->output;
557 vs->output = vs->zlib;
560 static int vnc_zlib_stop(VncState *vs, int stream_id)
562 z_streamp zstream = &vs->zlib_stream[stream_id];
565 // switch back to normal output/zlib buffers
566 vs->zlib = vs->output;
567 vs->output = vs->zlib_tmp;
569 // compress the zlib buffer
571 // initialize the stream
572 // XXX need one stream per session
573 if (zstream->opaque != vs) {
576 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
577 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
578 zstream->zalloc = Z_NULL;
579 zstream->zfree = Z_NULL;
581 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
582 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
585 fprintf(stderr, "VNC: error initializing zlib\n");
589 zstream->opaque = vs;
592 // XXX what to do if tight_compression changed in between?
594 // reserve memory in output buffer
595 buffer_reserve(&vs->output, vs->zlib.offset + 64);
598 zstream->next_in = vs->zlib.buffer;
599 zstream->avail_in = vs->zlib.offset;
600 zstream->next_out = vs->output.buffer + vs->output.offset;
601 zstream->avail_out = vs->output.capacity - vs->output.offset;
602 zstream->data_type = Z_BINARY;
603 previous_out = zstream->total_out;
606 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
607 fprintf(stderr, "VNC: error during zlib compression\n");
611 vs->output.offset = vs->output.capacity - zstream->avail_out;
612 return zstream->total_out - previous_out;
615 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
617 int old_offset, new_offset, bytes_written;
619 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
621 // remember where we put in the follow-up size
622 old_offset = vs->output.offset;
623 vnc_write_s32(vs, 0);
625 // compress the stream
627 send_framebuffer_update_raw(vs, x, y, w, h);
628 bytes_written = vnc_zlib_stop(vs, 0);
630 if (bytes_written == -1)
634 new_offset = vs->output.offset;
635 vs->output.offset = old_offset;
636 vnc_write_u32(vs, bytes_written);
637 vs->output.offset = new_offset;
640 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
642 switch(vs->vnc_encoding) {
643 case VNC_ENCODING_ZLIB:
644 send_framebuffer_update_zlib(vs, x, y, w, h);
646 case VNC_ENCODING_HEXTILE:
647 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
648 send_framebuffer_update_hextile(vs, x, y, w, h);
651 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
652 send_framebuffer_update_raw(vs, x, y, w, h);
657 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
663 /* send bitblit op to the vnc client */
664 vnc_write_u8(vs, 0); /* msg id */
666 vnc_write_u16(vs, 1); /* number of rects */
667 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
668 vnc_write_u16(vs, src_x);
669 vnc_write_u16(vs, src_y);
672 /* do bitblit op on the local surface too */
673 pitch = ds_get_linesize(vs->ds);
674 depth = ds_get_bytes_per_pixel(vs->ds);
675 src_row = vs->server.ds->data + pitch * src_y + depth * src_x;
676 dst_row = vs->server.ds->data + pitch * dst_y + depth * dst_x;
679 src_row += pitch * (h-1);
680 dst_row += pitch * (h-1);
683 for (y = 0; y < h; y++) {
684 memmove(dst_row, src_row, w * depth);
690 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
692 VncDisplay *vd = ds->opaque;
695 for (vs = vd->clients; vs != NULL; vs = vn) {
697 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
698 vs->force_update = 1;
699 vnc_update_client(vs);
700 /* vs might be free()ed here */
704 for (vs = vd->clients; vs != NULL; vs = vs->next) {
705 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
706 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
708 vnc_update(vs, dst_x, dst_y, w, h);
712 static int find_and_clear_dirty_height(struct VncSurface *s,
713 int y, int last_x, int x)
717 for (h = 1; h < (s->ds->height - y); h++) {
719 if (!vnc_get_bit(s->dirty[y + h], last_x))
721 for (tmp_x = last_x; tmp_x < x; tmp_x++)
722 vnc_clear_bit(s->dirty[y + h], tmp_x);
728 static void vnc_update_client(VncState *vs)
730 if (vs->need_update && vs->csock != -1) {
735 uint32_t width_mask[VNC_DIRTY_WORDS];
740 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
741 /* kernel send buffers are full -> drop frames to throttle */
745 * Walk through the guest dirty map.
746 * Check and copy modified bits from guest to server surface.
747 * Update server dirty map.
749 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
750 cmp_bytes = 16 * ds_get_bytes_per_pixel(vs->ds);
751 guest_row = vs->guest.ds->data;
752 server_row = vs->server.ds->data;
753 for (y = 0; y < vs->guest.ds->height; y++) {
754 if (vnc_and_bits(vs->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
759 guest_ptr = guest_row;
760 server_ptr = server_row;
762 for (x = 0; x < vs->guest.ds->width;
763 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
764 if (!vnc_get_bit(vs->guest.dirty[y], (x / 16)))
766 vnc_clear_bit(vs->guest.dirty[y], (x / 16));
767 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
769 memcpy(server_ptr, guest_ptr, cmp_bytes);
770 vnc_set_bit(vs->server.dirty[y], (x / 16));
774 guest_row += ds_get_linesize(vs->ds);
775 server_row += ds_get_linesize(vs->ds);
778 if (!has_dirty && !vs->audio_cap && !vs->force_update)
782 * Send screen updates to the vnc client using the server
783 * surface and server dirty map. guest surface updates
784 * happening in parallel don't disturb us, the next pass will
785 * send them to the client.
788 vnc_write_u8(vs, 0); /* msg id */
790 saved_offset = vs->output.offset;
791 vnc_write_u16(vs, 0);
793 for (y = 0; y < vs->server.ds->height; y++) {
796 for (x = 0; x < vs->server.ds->width / 16; x++) {
797 if (vnc_get_bit(vs->server.dirty[y], x)) {
801 vnc_clear_bit(vs->server.dirty[y], x);
804 int h = find_and_clear_dirty_height(&vs->server, y, last_x, x);
805 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
812 int h = find_and_clear_dirty_height(&vs->server, y, last_x, x);
813 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
817 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
818 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
820 vs->force_update = 0;
825 vnc_disconnect_finish(vs);
829 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
831 VncState *vs = opaque;
834 case AUD_CNOTIFY_DISABLE:
835 vnc_write_u8(vs, 255);
837 vnc_write_u16(vs, 0);
841 case AUD_CNOTIFY_ENABLE:
842 vnc_write_u8(vs, 255);
844 vnc_write_u16(vs, 1);
850 static void audio_capture_destroy(void *opaque)
854 static void audio_capture(void *opaque, void *buf, int size)
856 VncState *vs = opaque;
858 vnc_write_u8(vs, 255);
860 vnc_write_u16(vs, 2);
861 vnc_write_u32(vs, size);
862 vnc_write(vs, buf, size);
866 static void audio_add(VncState *vs)
868 Monitor *mon = cur_mon;
869 struct audio_capture_ops ops;
872 monitor_printf(mon, "audio already running\n");
876 ops.notify = audio_capture_notify;
877 ops.destroy = audio_capture_destroy;
878 ops.capture = audio_capture;
880 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
881 if (!vs->audio_cap) {
882 monitor_printf(mon, "Failed to add audio capture\n");
886 static void audio_del(VncState *vs)
889 AUD_del_capture(vs->audio_cap, vs);
890 vs->audio_cap = NULL;
894 static void vnc_disconnect_start(VncState *vs)
898 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
899 closesocket(vs->csock);
903 static void vnc_disconnect_finish(VncState *vs)
905 if (vs->input.buffer) qemu_free(vs->input.buffer);
906 if (vs->output.buffer) qemu_free(vs->output.buffer);
907 #ifdef CONFIG_VNC_TLS
908 vnc_tls_client_cleanup(vs);
909 #endif /* CONFIG_VNC_TLS */
910 #ifdef CONFIG_VNC_SASL
911 vnc_sasl_client_cleanup(vs);
912 #endif /* CONFIG_VNC_SASL */
915 VncState *p, *parent = NULL;
916 for (p = vs->vd->clients; p != NULL; p = p->next) {
919 parent->next = p->next;
921 vs->vd->clients = p->next;
926 if (!vs->vd->clients)
929 qemu_free(vs->server.ds->data);
930 qemu_free(vs->server.ds);
931 qemu_free(vs->guest.ds);
933 vnc_remove_timer(vs->vd);
936 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
938 if (ret == 0 || ret == -1) {
940 switch (last_errno) {
952 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
953 ret, ret < 0 ? last_errno : 0);
954 vnc_disconnect_start(vs);
962 void vnc_client_error(VncState *vs)
964 VNC_DEBUG("Closing down client sock: protocol error\n");
965 vnc_disconnect_start(vs);
970 * Called to write a chunk of data to the client socket. The data may
971 * be the raw data, or may have already been encoded by SASL.
972 * The data will be written either straight onto the socket, or
973 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
975 * NB, it is theoretically possible to have 2 layers of encryption,
976 * both SASL, and this TLS layer. It is highly unlikely in practice
977 * though, since SASL encryption will typically be a no-op if TLS
980 * Returns the number of bytes written, which may be less than
981 * the requested 'datalen' if the socket would block. Returns
982 * -1 on error, and disconnects the client socket.
984 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
987 #ifdef CONFIG_VNC_TLS
988 if (vs->tls.session) {
989 ret = gnutls_write(vs->tls.session, data, datalen);
991 if (ret == GNUTLS_E_AGAIN)
998 #endif /* CONFIG_VNC_TLS */
999 ret = send(vs->csock, (const void *)data, datalen, 0);
1000 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1001 return vnc_client_io_error(vs, ret, socket_error());
1006 * Called to write buffered data to the client socket, when not
1007 * using any SASL SSF encryption layers. Will write as much data
1008 * as possible without blocking. If all buffered data is written,
1009 * will switch the FD poll() handler back to read monitoring.
1011 * Returns the number of bytes written, which may be less than
1012 * the buffered output data if the socket would block. Returns
1013 * -1 on error, and disconnects the client socket.
1015 static long vnc_client_write_plain(VncState *vs)
1019 #ifdef CONFIG_VNC_SASL
1020 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1021 vs->output.buffer, vs->output.capacity, vs->output.offset,
1022 vs->sasl.waitWriteSSF);
1024 if (vs->sasl.conn &&
1026 vs->sasl.waitWriteSSF) {
1027 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1029 vs->sasl.waitWriteSSF -= ret;
1031 #endif /* CONFIG_VNC_SASL */
1032 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1036 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1037 vs->output.offset -= ret;
1039 if (vs->output.offset == 0) {
1040 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1048 * First function called whenever there is data to be written to
1049 * the client socket. Will delegate actual work according to whether
1050 * SASL SSF layers are enabled (thus requiring encryption calls)
1052 void vnc_client_write(void *opaque)
1055 VncState *vs = opaque;
1057 #ifdef CONFIG_VNC_SASL
1058 if (vs->sasl.conn &&
1060 !vs->sasl.waitWriteSSF)
1061 ret = vnc_client_write_sasl(vs);
1063 #endif /* CONFIG_VNC_SASL */
1064 ret = vnc_client_write_plain(vs);
1067 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1069 vs->read_handler = func;
1070 vs->read_handler_expect = expecting;
1075 * Called to read a chunk of data from the client socket. The data may
1076 * be the raw data, or may need to be further decoded by SASL.
1077 * The data will be read either straight from to the socket, or
1078 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1080 * NB, it is theoretically possible to have 2 layers of encryption,
1081 * both SASL, and this TLS layer. It is highly unlikely in practice
1082 * though, since SASL encryption will typically be a no-op if TLS
1085 * Returns the number of bytes read, which may be less than
1086 * the requested 'datalen' if the socket would block. Returns
1087 * -1 on error, and disconnects the client socket.
1089 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1092 #ifdef CONFIG_VNC_TLS
1093 if (vs->tls.session) {
1094 ret = gnutls_read(vs->tls.session, data, datalen);
1096 if (ret == GNUTLS_E_AGAIN)
1103 #endif /* CONFIG_VNC_TLS */
1104 ret = recv(vs->csock, (void *)data, datalen, 0);
1105 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1106 return vnc_client_io_error(vs, ret, socket_error());
1111 * Called to read data from the client socket to the input buffer,
1112 * when not using any SASL SSF encryption layers. Will read as much
1113 * data as possible without blocking.
1115 * Returns the number of bytes read. Returns -1 on error, and
1116 * disconnects the client socket.
1118 static long vnc_client_read_plain(VncState *vs)
1121 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1122 vs->input.buffer, vs->input.capacity, vs->input.offset);
1123 buffer_reserve(&vs->input, 4096);
1124 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1127 vs->input.offset += ret;
1133 * First function called whenever there is more data to be read from
1134 * the client socket. Will delegate actual work according to whether
1135 * SASL SSF layers are enabled (thus requiring decryption calls)
1137 void vnc_client_read(void *opaque)
1139 VncState *vs = opaque;
1142 #ifdef CONFIG_VNC_SASL
1143 if (vs->sasl.conn && vs->sasl.runSSF)
1144 ret = vnc_client_read_sasl(vs);
1146 #endif /* CONFIG_VNC_SASL */
1147 ret = vnc_client_read_plain(vs);
1149 if (vs->csock == -1)
1150 vnc_disconnect_finish(vs);
1154 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1155 size_t len = vs->read_handler_expect;
1158 ret = vs->read_handler(vs, vs->input.buffer, len);
1159 if (vs->csock == -1) {
1160 vnc_disconnect_finish(vs);
1165 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1166 vs->input.offset -= len;
1168 vs->read_handler_expect = ret;
1173 void vnc_write(VncState *vs, const void *data, size_t len)
1175 buffer_reserve(&vs->output, len);
1177 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1178 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1181 buffer_append(&vs->output, data, len);
1184 void vnc_write_s32(VncState *vs, int32_t value)
1186 vnc_write_u32(vs, *(uint32_t *)&value);
1189 void vnc_write_u32(VncState *vs, uint32_t value)
1193 buf[0] = (value >> 24) & 0xFF;
1194 buf[1] = (value >> 16) & 0xFF;
1195 buf[2] = (value >> 8) & 0xFF;
1196 buf[3] = value & 0xFF;
1198 vnc_write(vs, buf, 4);
1201 void vnc_write_u16(VncState *vs, uint16_t value)
1205 buf[0] = (value >> 8) & 0xFF;
1206 buf[1] = value & 0xFF;
1208 vnc_write(vs, buf, 2);
1211 void vnc_write_u8(VncState *vs, uint8_t value)
1213 vnc_write(vs, (char *)&value, 1);
1216 void vnc_flush(VncState *vs)
1218 if (vs->csock != -1 && vs->output.offset)
1219 vnc_client_write(vs);
1222 uint8_t read_u8(uint8_t *data, size_t offset)
1224 return data[offset];
1227 uint16_t read_u16(uint8_t *data, size_t offset)
1229 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1232 int32_t read_s32(uint8_t *data, size_t offset)
1234 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1235 (data[offset + 2] << 8) | data[offset + 3]);
1238 uint32_t read_u32(uint8_t *data, size_t offset)
1240 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1241 (data[offset + 2] << 8) | data[offset + 3]);
1244 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1248 static void check_pointer_type_change(VncState *vs, int absolute)
1250 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1251 vnc_write_u8(vs, 0);
1252 vnc_write_u8(vs, 0);
1253 vnc_write_u16(vs, 1);
1254 vnc_framebuffer_update(vs, absolute, 0,
1255 ds_get_width(vs->ds), ds_get_height(vs->ds),
1256 VNC_ENCODING_POINTER_TYPE_CHANGE);
1259 vs->absolute = absolute;
1262 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1267 if (button_mask & 0x01)
1268 buttons |= MOUSE_EVENT_LBUTTON;
1269 if (button_mask & 0x02)
1270 buttons |= MOUSE_EVENT_MBUTTON;
1271 if (button_mask & 0x04)
1272 buttons |= MOUSE_EVENT_RBUTTON;
1273 if (button_mask & 0x08)
1275 if (button_mask & 0x10)
1279 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1280 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1282 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1286 kbd_mouse_event(x, y, dz, buttons);
1288 if (vs->last_x != -1)
1289 kbd_mouse_event(x - vs->last_x,
1296 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1299 static void reset_keys(VncState *vs)
1302 for(i = 0; i < 256; i++) {
1303 if (vs->modifiers_state[i]) {
1305 kbd_put_keycode(0xe0);
1306 kbd_put_keycode(i | 0x80);
1307 vs->modifiers_state[i] = 0;
1312 static void press_key(VncState *vs, int keysym)
1314 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1315 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1318 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1320 /* QEMU console switch */
1322 case 0x2a: /* Left Shift */
1323 case 0x36: /* Right Shift */
1324 case 0x1d: /* Left CTRL */
1325 case 0x9d: /* Right CTRL */
1326 case 0x38: /* Left ALT */
1327 case 0xb8: /* Right ALT */
1329 vs->modifiers_state[keycode] = 1;
1331 vs->modifiers_state[keycode] = 0;
1333 case 0x02 ... 0x0a: /* '1' to '9' keys */
1334 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1335 /* Reset the modifiers sent to the current console */
1337 console_select(keycode - 0x02);
1341 case 0x3a: /* CapsLock */
1342 case 0x45: /* NumLock */
1344 vs->modifiers_state[keycode] ^= 1;
1348 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1349 /* If the numlock state needs to change then simulate an additional
1350 keypress before sending this one. This will happen if the user
1351 toggles numlock away from the VNC window.
1353 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1354 if (!vs->modifiers_state[0x45]) {
1355 vs->modifiers_state[0x45] = 1;
1356 press_key(vs, 0xff7f);
1359 if (vs->modifiers_state[0x45]) {
1360 vs->modifiers_state[0x45] = 0;
1361 press_key(vs, 0xff7f);
1366 if (is_graphic_console()) {
1368 kbd_put_keycode(0xe0);
1370 kbd_put_keycode(keycode & 0x7f);
1372 kbd_put_keycode(keycode | 0x80);
1374 /* QEMU console emulation */
1376 int numlock = vs->modifiers_state[0x45];
1378 case 0x2a: /* Left Shift */
1379 case 0x36: /* Right Shift */
1380 case 0x1d: /* Left CTRL */
1381 case 0x9d: /* Right CTRL */
1382 case 0x38: /* Left ALT */
1383 case 0xb8: /* Right ALT */
1386 kbd_put_keysym(QEMU_KEY_UP);
1389 kbd_put_keysym(QEMU_KEY_DOWN);
1392 kbd_put_keysym(QEMU_KEY_LEFT);
1395 kbd_put_keysym(QEMU_KEY_RIGHT);
1398 kbd_put_keysym(QEMU_KEY_DELETE);
1401 kbd_put_keysym(QEMU_KEY_HOME);
1404 kbd_put_keysym(QEMU_KEY_END);
1407 kbd_put_keysym(QEMU_KEY_PAGEUP);
1410 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1414 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1417 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1420 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1423 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1426 kbd_put_keysym('5');
1429 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1432 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1435 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1438 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1441 kbd_put_keysym('0');
1444 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1448 kbd_put_keysym('/');
1451 kbd_put_keysym('*');
1454 kbd_put_keysym('-');
1457 kbd_put_keysym('+');
1460 kbd_put_keysym('\n');
1464 kbd_put_keysym(sym);
1471 static void key_event(VncState *vs, int down, uint32_t sym)
1475 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1476 sym = sym - 'A' + 'a';
1478 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1479 do_key_event(vs, down, keycode, sym);
1482 static void ext_key_event(VncState *vs, int down,
1483 uint32_t sym, uint16_t keycode)
1485 /* if the user specifies a keyboard layout, always use it */
1486 if (keyboard_layout)
1487 key_event(vs, down, sym);
1489 do_key_event(vs, down, keycode, sym);
1492 static void framebuffer_update_request(VncState *vs, int incremental,
1493 int x_position, int y_position,
1496 if (x_position > ds_get_width(vs->ds))
1497 x_position = ds_get_width(vs->ds);
1498 if (y_position > ds_get_height(vs->ds))
1499 y_position = ds_get_height(vs->ds);
1500 if (x_position + w >= ds_get_width(vs->ds))
1501 w = ds_get_width(vs->ds) - x_position;
1502 if (y_position + h >= ds_get_height(vs->ds))
1503 h = ds_get_height(vs->ds) - y_position;
1506 vs->need_update = 1;
1508 vs->force_update = 1;
1509 for (i = 0; i < h; i++) {
1510 vnc_set_bits(vs->guest.dirty[y_position + i],
1511 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1512 vnc_set_bits(vs->server.dirty[y_position + i],
1513 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1518 static void send_ext_key_event_ack(VncState *vs)
1520 vnc_write_u8(vs, 0);
1521 vnc_write_u8(vs, 0);
1522 vnc_write_u16(vs, 1);
1523 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1524 VNC_ENCODING_EXT_KEY_EVENT);
1528 static void send_ext_audio_ack(VncState *vs)
1530 vnc_write_u8(vs, 0);
1531 vnc_write_u8(vs, 0);
1532 vnc_write_u16(vs, 1);
1533 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1534 VNC_ENCODING_AUDIO);
1538 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1541 unsigned int enc = 0;
1545 vs->vnc_encoding = 0;
1546 vs->tight_compression = 9;
1547 vs->tight_quality = 9;
1550 for (i = n_encodings - 1; i >= 0; i--) {
1553 case VNC_ENCODING_RAW:
1554 vs->vnc_encoding = enc;
1556 case VNC_ENCODING_COPYRECT:
1557 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1559 case VNC_ENCODING_HEXTILE:
1560 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1561 vs->vnc_encoding = enc;
1563 case VNC_ENCODING_ZLIB:
1564 vs->features |= VNC_FEATURE_ZLIB_MASK;
1565 vs->vnc_encoding = enc;
1567 case VNC_ENCODING_DESKTOPRESIZE:
1568 vs->features |= VNC_FEATURE_RESIZE_MASK;
1570 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1571 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1573 case VNC_ENCODING_EXT_KEY_EVENT:
1574 send_ext_key_event_ack(vs);
1576 case VNC_ENCODING_AUDIO:
1577 send_ext_audio_ack(vs);
1579 case VNC_ENCODING_WMVi:
1580 vs->features |= VNC_FEATURE_WMVI_MASK;
1582 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1583 vs->tight_compression = (enc & 0x0F);
1585 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1586 vs->tight_quality = (enc & 0x0F);
1589 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1594 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1597 static void set_pixel_conversion(VncState *vs)
1599 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1600 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1601 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1602 vs->write_pixels = vnc_write_pixels_copy;
1603 switch (vs->ds->surface->pf.bits_per_pixel) {
1605 vs->send_hextile_tile = send_hextile_tile_8;
1608 vs->send_hextile_tile = send_hextile_tile_16;
1611 vs->send_hextile_tile = send_hextile_tile_32;
1615 vs->write_pixels = vnc_write_pixels_generic;
1616 switch (vs->ds->surface->pf.bits_per_pixel) {
1618 vs->send_hextile_tile = send_hextile_tile_generic_8;
1621 vs->send_hextile_tile = send_hextile_tile_generic_16;
1624 vs->send_hextile_tile = send_hextile_tile_generic_32;
1630 static void set_pixel_format(VncState *vs,
1631 int bits_per_pixel, int depth,
1632 int big_endian_flag, int true_color_flag,
1633 int red_max, int green_max, int blue_max,
1634 int red_shift, int green_shift, int blue_shift)
1636 if (!true_color_flag) {
1637 vnc_client_error(vs);
1641 vs->clientds = *(vs->guest.ds);
1642 vs->clientds.pf.rmax = red_max;
1643 count_bits(vs->clientds.pf.rbits, red_max);
1644 vs->clientds.pf.rshift = red_shift;
1645 vs->clientds.pf.rmask = red_max << red_shift;
1646 vs->clientds.pf.gmax = green_max;
1647 count_bits(vs->clientds.pf.gbits, green_max);
1648 vs->clientds.pf.gshift = green_shift;
1649 vs->clientds.pf.gmask = green_max << green_shift;
1650 vs->clientds.pf.bmax = blue_max;
1651 count_bits(vs->clientds.pf.bbits, blue_max);
1652 vs->clientds.pf.bshift = blue_shift;
1653 vs->clientds.pf.bmask = blue_max << blue_shift;
1654 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1655 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1656 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1657 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1659 set_pixel_conversion(vs);
1661 vga_hw_invalidate();
1665 static void pixel_format_message (VncState *vs) {
1666 char pad[3] = { 0, 0, 0 };
1668 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1669 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1671 #ifdef HOST_WORDS_BIGENDIAN
1672 vnc_write_u8(vs, 1); /* big-endian-flag */
1674 vnc_write_u8(vs, 0); /* big-endian-flag */
1676 vnc_write_u8(vs, 1); /* true-color-flag */
1677 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1678 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1679 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1680 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1681 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1682 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1683 if (vs->ds->surface->pf.bits_per_pixel == 32)
1684 vs->send_hextile_tile = send_hextile_tile_32;
1685 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1686 vs->send_hextile_tile = send_hextile_tile_16;
1687 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1688 vs->send_hextile_tile = send_hextile_tile_8;
1689 vs->clientds = *(vs->ds->surface);
1690 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1691 vs->write_pixels = vnc_write_pixels_copy;
1693 vnc_write(vs, pad, 3); /* padding */
1696 static void vnc_dpy_setdata(DisplayState *ds)
1698 /* We don't have to do anything */
1701 static void vnc_colordepth(VncState *vs)
1703 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1704 /* Sending a WMVi message to notify the client*/
1705 vnc_write_u8(vs, 0); /* msg id */
1706 vnc_write_u8(vs, 0);
1707 vnc_write_u16(vs, 1); /* number of rects */
1708 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1709 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1710 pixel_format_message(vs);
1713 set_pixel_conversion(vs);
1717 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1727 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1728 read_u8(data, 6), read_u8(data, 7),
1729 read_u16(data, 8), read_u16(data, 10),
1730 read_u16(data, 12), read_u8(data, 14),
1731 read_u8(data, 15), read_u8(data, 16));
1738 limit = read_u16(data, 2);
1740 return 4 + (limit * 4);
1742 limit = read_u16(data, 2);
1744 for (i = 0; i < limit; i++) {
1745 int32_t val = read_s32(data, 4 + (i * 4));
1746 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1749 set_encodings(vs, (int32_t *)(data + 4), limit);
1755 framebuffer_update_request(vs,
1756 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1757 read_u16(data, 6), read_u16(data, 8));
1763 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1769 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1776 uint32_t dlen = read_u32(data, 4);
1781 client_cut_text(vs, read_u32(data, 4), data + 8);
1787 switch (read_u8(data, 1)) {
1792 ext_key_event(vs, read_u16(data, 2),
1793 read_u32(data, 4), read_u32(data, 8));
1799 switch (read_u16 (data, 2)) {
1809 switch (read_u8(data, 4)) {
1810 case 0: vs->as.fmt = AUD_FMT_U8; break;
1811 case 1: vs->as.fmt = AUD_FMT_S8; break;
1812 case 2: vs->as.fmt = AUD_FMT_U16; break;
1813 case 3: vs->as.fmt = AUD_FMT_S16; break;
1814 case 4: vs->as.fmt = AUD_FMT_U32; break;
1815 case 5: vs->as.fmt = AUD_FMT_S32; break;
1817 printf("Invalid audio format %d\n", read_u8(data, 4));
1818 vnc_client_error(vs);
1821 vs->as.nchannels = read_u8(data, 5);
1822 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1823 printf("Invalid audio channel coount %d\n",
1825 vnc_client_error(vs);
1828 vs->as.freq = read_u32(data, 6);
1831 printf ("Invalid audio message %d\n", read_u8(data, 4));
1832 vnc_client_error(vs);
1838 printf("Msg: %d\n", read_u16(data, 0));
1839 vnc_client_error(vs);
1844 printf("Msg: %d\n", data[0]);
1845 vnc_client_error(vs);
1849 vnc_read_when(vs, protocol_client_msg, 1);
1853 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1858 vnc_write_u16(vs, ds_get_width(vs->ds));
1859 vnc_write_u16(vs, ds_get_height(vs->ds));
1861 pixel_format_message(vs);
1864 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1866 size = snprintf(buf, sizeof(buf), "QEMU");
1868 vnc_write_u32(vs, size);
1869 vnc_write(vs, buf, size);
1872 vnc_read_when(vs, protocol_client_msg, 1);
1877 void start_client_init(VncState *vs)
1879 vnc_read_when(vs, protocol_client_init, 1);
1882 static void make_challenge(VncState *vs)
1886 srand(time(NULL)+getpid()+getpid()*987654+rand());
1888 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1889 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1892 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1894 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1896 unsigned char key[8];
1898 if (!vs->vd->password || !vs->vd->password[0]) {
1899 VNC_DEBUG("No password configured on server");
1900 vnc_write_u32(vs, 1); /* Reject auth */
1901 if (vs->minor >= 8) {
1902 static const char err[] = "Authentication failed";
1903 vnc_write_u32(vs, sizeof(err));
1904 vnc_write(vs, err, sizeof(err));
1907 vnc_client_error(vs);
1911 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1913 /* Calculate the expected challenge response */
1914 pwlen = strlen(vs->vd->password);
1915 for (i=0; i<sizeof(key); i++)
1916 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1918 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1919 des(response+j, response+j);
1921 /* Compare expected vs actual challenge response */
1922 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1923 VNC_DEBUG("Client challenge reponse did not match\n");
1924 vnc_write_u32(vs, 1); /* Reject auth */
1925 if (vs->minor >= 8) {
1926 static const char err[] = "Authentication failed";
1927 vnc_write_u32(vs, sizeof(err));
1928 vnc_write(vs, err, sizeof(err));
1931 vnc_client_error(vs);
1933 VNC_DEBUG("Accepting VNC challenge response\n");
1934 vnc_write_u32(vs, 0); /* Accept auth */
1937 start_client_init(vs);
1942 void start_auth_vnc(VncState *vs)
1945 /* Send client a 'random' challenge */
1946 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1949 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1953 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1955 /* We only advertise 1 auth scheme at a time, so client
1956 * must pick the one we sent. Verify this */
1957 if (data[0] != vs->vd->auth) { /* Reject auth */
1958 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1959 vnc_write_u32(vs, 1);
1960 if (vs->minor >= 8) {
1961 static const char err[] = "Authentication failed";
1962 vnc_write_u32(vs, sizeof(err));
1963 vnc_write(vs, err, sizeof(err));
1965 vnc_client_error(vs);
1966 } else { /* Accept requested auth */
1967 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1968 switch (vs->vd->auth) {
1970 VNC_DEBUG("Accept auth none\n");
1971 if (vs->minor >= 8) {
1972 vnc_write_u32(vs, 0); /* Accept auth completion */
1975 start_client_init(vs);
1979 VNC_DEBUG("Start VNC auth\n");
1983 #ifdef CONFIG_VNC_TLS
1984 case VNC_AUTH_VENCRYPT:
1985 VNC_DEBUG("Accept VeNCrypt auth\n");;
1986 start_auth_vencrypt(vs);
1988 #endif /* CONFIG_VNC_TLS */
1990 #ifdef CONFIG_VNC_SASL
1992 VNC_DEBUG("Accept SASL auth\n");
1993 start_auth_sasl(vs);
1995 #endif /* CONFIG_VNC_SASL */
1997 default: /* Should not be possible, but just in case */
1998 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1999 vnc_write_u8(vs, 1);
2000 if (vs->minor >= 8) {
2001 static const char err[] = "Authentication failed";
2002 vnc_write_u32(vs, sizeof(err));
2003 vnc_write(vs, err, sizeof(err));
2005 vnc_client_error(vs);
2011 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2015 memcpy(local, version, 12);
2018 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2019 VNC_DEBUG("Malformed protocol version %s\n", local);
2020 vnc_client_error(vs);
2023 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2024 if (vs->major != 3 ||
2030 VNC_DEBUG("Unsupported client version\n");
2031 vnc_write_u32(vs, VNC_AUTH_INVALID);
2033 vnc_client_error(vs);
2036 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2037 * as equivalent to v3.3 by servers
2039 if (vs->minor == 4 || vs->minor == 5)
2042 if (vs->minor == 3) {
2043 if (vs->vd->auth == VNC_AUTH_NONE) {
2044 VNC_DEBUG("Tell client auth none\n");
2045 vnc_write_u32(vs, vs->vd->auth);
2047 start_client_init(vs);
2048 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2049 VNC_DEBUG("Tell client VNC auth\n");
2050 vnc_write_u32(vs, vs->vd->auth);
2054 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2055 vnc_write_u32(vs, VNC_AUTH_INVALID);
2057 vnc_client_error(vs);
2060 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2061 vnc_write_u8(vs, 1); /* num auth */
2062 vnc_write_u8(vs, vs->vd->auth);
2063 vnc_read_when(vs, protocol_client_auth, 1);
2070 static void vnc_refresh(void *opaque)
2072 VncDisplay *vd = opaque;
2073 VncState *vs = vd->clients;
2077 while (vs != NULL) {
2078 vnc_update_client(vs);
2082 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
2085 static void vnc_init_timer(VncDisplay *vd)
2087 if (vd->timer == NULL && vd->clients != NULL) {
2088 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2089 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
2093 static void vnc_remove_timer(VncDisplay *vd)
2095 if (vd->timer != NULL && vd->clients == NULL) {
2096 qemu_del_timer(vd->timer);
2097 qemu_free_timer(vd->timer);
2102 static void vnc_connect(VncDisplay *vd, int csock)
2104 VncState *vs = qemu_mallocz(sizeof(VncState));
2107 VNC_DEBUG("New client on socket %d\n", csock);
2109 socket_set_nonblock(vs->csock);
2110 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2117 vs->as.freq = 44100;
2118 vs->as.nchannels = 2;
2119 vs->as.fmt = AUD_FMT_S16;
2120 vs->as.endianness = 0;
2123 vnc_write(vs, "RFB 003.008\n", 12);
2125 vnc_read_when(vs, protocol_version, 12);
2128 vs->next = vd->clients;
2132 vnc_update_client(vs);
2133 /* vs might be free()ed here */
2136 static void vnc_listen_read(void *opaque)
2138 VncDisplay *vs = opaque;
2139 struct sockaddr_in addr;
2140 socklen_t addrlen = sizeof(addr);
2145 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2147 vnc_connect(vs, csock);
2151 void vnc_display_init(DisplayState *ds)
2153 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2155 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2165 if (keyboard_layout)
2166 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2168 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2170 if (!vs->kbd_layout)
2173 dcl->dpy_copy = vnc_dpy_copy;
2174 dcl->dpy_update = vnc_dpy_update;
2175 dcl->dpy_resize = vnc_dpy_resize;
2176 dcl->dpy_setdata = vnc_dpy_setdata;
2177 register_displaychangelistener(ds, dcl);
2181 void vnc_display_close(DisplayState *ds)
2183 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2188 qemu_free(vs->display);
2191 if (vs->lsock != -1) {
2192 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2196 vs->auth = VNC_AUTH_INVALID;
2197 #ifdef CONFIG_VNC_TLS
2198 vs->subauth = VNC_AUTH_INVALID;
2199 vs->tls.x509verify = 0;
2203 int vnc_display_password(DisplayState *ds, const char *password)
2205 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2208 qemu_free(vs->password);
2209 vs->password = NULL;
2211 if (password && password[0]) {
2212 if (!(vs->password = qemu_strdup(password)))
2219 char *vnc_display_local_addr(DisplayState *ds)
2221 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2223 return vnc_socket_local_addr("%s:%s", vs->lsock);
2226 int vnc_display_open(DisplayState *ds, const char *display)
2228 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2229 const char *options;
2233 #ifdef CONFIG_VNC_TLS
2234 int tls = 0, x509 = 0;
2236 #ifdef CONFIG_VNC_SASL
2244 vnc_display_close(ds);
2245 if (strcmp(display, "none") == 0)
2248 if (!(vs->display = strdup(display)))
2252 while ((options = strchr(options, ','))) {
2254 if (strncmp(options, "password", 8) == 0) {
2255 password = 1; /* Require password auth */
2256 } else if (strncmp(options, "reverse", 7) == 0) {
2258 } else if (strncmp(options, "to=", 3) == 0) {
2259 to_port = atoi(options+3) + 5900;
2260 #ifdef CONFIG_VNC_SASL
2261 } else if (strncmp(options, "sasl", 4) == 0) {
2262 sasl = 1; /* Require SASL auth */
2264 #ifdef CONFIG_VNC_TLS
2265 } else if (strncmp(options, "tls", 3) == 0) {
2266 tls = 1; /* Require TLS */
2267 } else if (strncmp(options, "x509", 4) == 0) {
2269 x509 = 1; /* Require x509 certificates */
2270 if (strncmp(options, "x509verify", 10) == 0)
2271 vs->tls.x509verify = 1; /* ...and verify client certs */
2273 /* Now check for 'x509=/some/path' postfix
2274 * and use that to setup x509 certificate/key paths */
2275 start = strchr(options, '=');
2276 end = strchr(options, ',');
2277 if (start && (!end || (start < end))) {
2278 int len = end ? end-(start+1) : strlen(start+1);
2279 char *path = qemu_strndup(start + 1, len);
2281 VNC_DEBUG("Trying certificate path '%s'\n", path);
2282 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2283 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2285 qemu_free(vs->display);
2291 fprintf(stderr, "No certificate path provided\n");
2292 qemu_free(vs->display);
2297 } else if (strncmp(options, "acl", 3) == 0) {
2302 #ifdef CONFIG_VNC_TLS
2303 if (acl && x509 && vs->tls.x509verify) {
2304 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2305 fprintf(stderr, "Failed to create x509 dname ACL\n");
2310 #ifdef CONFIG_VNC_SASL
2312 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2313 fprintf(stderr, "Failed to create username ACL\n");
2320 * Combinations we support here:
2322 * - no-auth (clear text, no auth)
2323 * - password (clear text, weak auth)
2324 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2325 * - tls (encrypt, weak anonymous creds, no auth)
2326 * - tls + password (encrypt, weak anonymous creds, weak auth)
2327 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2328 * - tls + x509 (encrypt, good x509 creds, no auth)
2329 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2330 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2332 * NB1. TLS is a stackable auth scheme.
2333 * NB2. the x509 schemes have option to validate a client cert dname
2336 #ifdef CONFIG_VNC_TLS
2338 vs->auth = VNC_AUTH_VENCRYPT;
2340 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2341 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2343 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2344 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2347 #endif /* CONFIG_VNC_TLS */
2348 VNC_DEBUG("Initializing VNC server with password auth\n");
2349 vs->auth = VNC_AUTH_VNC;
2350 #ifdef CONFIG_VNC_TLS
2351 vs->subauth = VNC_AUTH_INVALID;
2353 #endif /* CONFIG_VNC_TLS */
2354 #ifdef CONFIG_VNC_SASL
2356 #ifdef CONFIG_VNC_TLS
2358 vs->auth = VNC_AUTH_VENCRYPT;
2360 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2361 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2363 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2364 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2367 #endif /* CONFIG_VNC_TLS */
2368 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2369 vs->auth = VNC_AUTH_SASL;
2370 #ifdef CONFIG_VNC_TLS
2371 vs->subauth = VNC_AUTH_INVALID;
2373 #endif /* CONFIG_VNC_TLS */
2374 #endif /* CONFIG_VNC_SASL */
2376 #ifdef CONFIG_VNC_TLS
2378 vs->auth = VNC_AUTH_VENCRYPT;
2380 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2381 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2383 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2384 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2388 VNC_DEBUG("Initializing VNC server with no auth\n");
2389 vs->auth = VNC_AUTH_NONE;
2390 #ifdef CONFIG_VNC_TLS
2391 vs->subauth = VNC_AUTH_INVALID;
2396 #ifdef CONFIG_VNC_SASL
2397 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2398 fprintf(stderr, "Failed to initialize SASL auth %s",
2399 sasl_errstring(saslErr, NULL, NULL));
2407 /* connect to viewer */
2408 if (strncmp(display, "unix:", 5) == 0)
2409 vs->lsock = unix_connect(display+5);
2411 vs->lsock = inet_connect(display, SOCK_STREAM);
2412 if (-1 == vs->lsock) {
2417 int csock = vs->lsock;
2419 vnc_connect(vs, csock);
2424 /* listen for connects */
2426 dpy = qemu_malloc(256);
2427 if (strncmp(display, "unix:", 5) == 0) {
2428 pstrcpy(dpy, 256, "unix:");
2429 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2431 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2433 if (-1 == vs->lsock) {
2441 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
projects / qemu / blob