2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
33 #define VNC_REFRESH_INTERVAL_BASE 30
34 #define VNC_REFRESH_INTERVAL_INC 50
35 #define VNC_REFRESH_INTERVAL_MAX 2000
37 #include "vnc_keysym.h"
40 #define count_bits(c, v) { \
41 for (c = 0; v; v >>= 1) \
48 static VncDisplay *vnc_display; /* needed for info vnc */
49 static DisplayChangeListener *dcl;
51 static char *addr_to_string(const char *format,
52 struct sockaddr_storage *sa,
55 char host[NI_MAXHOST];
56 char serv[NI_MAXSERV];
60 if ((err = getnameinfo((struct sockaddr *)sa, salen,
63 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
64 VNC_DEBUG("Cannot resolve address %d: %s\n",
65 err, gai_strerror(err));
69 /* Enough for the existing format + the 2 vars we're
71 addrlen = strlen(format) + strlen(host) + strlen(serv);
72 addr = qemu_malloc(addrlen + 1);
73 snprintf(addr, addrlen, format, host, serv);
80 char *vnc_socket_local_addr(const char *format, int fd) {
81 struct sockaddr_storage sa;
85 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
88 return addr_to_string(format, &sa, salen);
91 char *vnc_socket_remote_addr(const char *format, int fd) {
92 struct sockaddr_storage sa;
96 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
99 return addr_to_string(format, &sa, salen);
102 static const char *vnc_auth_name(VncDisplay *vd) {
104 case VNC_AUTH_INVALID:
120 case VNC_AUTH_VENCRYPT:
121 #ifdef CONFIG_VNC_TLS
122 switch (vd->subauth) {
123 case VNC_AUTH_VENCRYPT_PLAIN:
124 return "vencrypt+plain";
125 case VNC_AUTH_VENCRYPT_TLSNONE:
126 return "vencrypt+tls+none";
127 case VNC_AUTH_VENCRYPT_TLSVNC:
128 return "vencrypt+tls+vnc";
129 case VNC_AUTH_VENCRYPT_TLSPLAIN:
130 return "vencrypt+tls+plain";
131 case VNC_AUTH_VENCRYPT_X509NONE:
132 return "vencrypt+x509+none";
133 case VNC_AUTH_VENCRYPT_X509VNC:
134 return "vencrypt+x509+vnc";
135 case VNC_AUTH_VENCRYPT_X509PLAIN:
136 return "vencrypt+x509+plain";
137 case VNC_AUTH_VENCRYPT_TLSSASL:
138 return "vencrypt+tls+sasl";
139 case VNC_AUTH_VENCRYPT_X509SASL:
140 return "vencrypt+x509+sasl";
153 static void do_info_vnc_client(Monitor *mon, VncState *client)
156 vnc_socket_remote_addr(" address: %s:%s\n",
161 monitor_printf(mon, "Client:\n");
162 monitor_printf(mon, "%s", clientAddr);
165 #ifdef CONFIG_VNC_TLS
166 if (client->tls.session &&
168 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
170 monitor_printf(mon, " x509 dname: none\n");
172 #ifdef CONFIG_VNC_SASL
173 if (client->sasl.conn &&
174 client->sasl.username)
175 monitor_printf(mon, " username: %s\n", client->sasl.username);
177 monitor_printf(mon, " username: none\n");
181 void do_info_vnc(Monitor *mon)
183 if (vnc_display == NULL || vnc_display->display == NULL) {
184 monitor_printf(mon, "Server: disabled\n");
186 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
192 monitor_printf(mon, "Server:\n");
193 monitor_printf(mon, "%s", serverAddr);
195 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
197 if (vnc_display->clients) {
198 VncState *client = vnc_display->clients;
200 do_info_vnc_client(mon, client);
201 client = client->next;
204 monitor_printf(mon, "Client: none\n");
209 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
210 return (vs->features & (1 << feature));
214 1) Get the queue working for IO.
215 2) there is some weirdness when using the -S option (the screen is grey
216 and not totally invalidated
217 3) resolutions > 1024
220 static int vnc_update_client(VncState *vs, int has_dirty);
221 static void vnc_disconnect_start(VncState *vs);
222 static void vnc_disconnect_finish(VncState *vs);
223 static void vnc_init_timer(VncDisplay *vd);
224 static void vnc_remove_timer(VncDisplay *vd);
226 static void vnc_colordepth(VncState *vs);
227 static void framebuffer_update_request(VncState *vs, int incremental,
228 int x_position, int y_position,
230 static void vnc_refresh(void *opaque);
231 static int vnc_refresh_server_surface(VncDisplay *vd);
233 static inline void vnc_set_bit(uint32_t *d, int k)
235 d[k >> 5] |= 1 << (k & 0x1f);
238 static inline void vnc_clear_bit(uint32_t *d, int k)
240 d[k >> 5] &= ~(1 << (k & 0x1f));
243 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
253 d[j++] = (1 << n) - 1;
258 static inline int vnc_get_bit(const uint32_t *d, int k)
260 return (d[k >> 5] >> (k & 0x1f)) & 1;
263 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
267 for(i = 0; i < nb_words; i++) {
268 if ((d1[i] & d2[i]) != 0)
274 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
277 VncDisplay *vd = ds->opaque;
278 struct VncSurface *s = &vd->guest;
282 /* round x down to ensure the loop only spans one 16-pixel block per,
283 iteration. otherwise, if (x % 16) != 0, the last iteration may span
284 two 16-pixel blocks but we only mark the first as dirty
289 x = MIN(x, s->ds->width);
290 y = MIN(y, s->ds->height);
291 w = MIN(x + w, s->ds->width) - x;
292 h = MIN(h, s->ds->height);
295 for (i = 0; i < w; i += 16)
296 vnc_set_bit(s->dirty[y], (x + i) / 16);
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
307 vnc_write_s32(vs, encoding);
310 void buffer_reserve(Buffer *buffer, size_t len)
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
322 int buffer_empty(Buffer *buffer)
324 return buffer->offset == 0;
327 uint8_t *buffer_end(Buffer *buffer)
329 return buffer->buffer + buffer->offset;
332 void buffer_reset(Buffer *buffer)
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
343 static void vnc_dpy_resize(DisplayState *ds)
346 VncDisplay *vd = ds->opaque;
347 VncState *vs = vd->clients;
351 vd->server = qemu_mallocz(sizeof(*vd->server));
352 if (vd->server->data)
353 qemu_free(vd->server->data);
354 *(vd->server) = *(ds->surface);
355 vd->server->data = qemu_mallocz(vd->server->linesize *
360 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
361 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
362 console_color_init(ds);
363 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
364 ds_get_height(ds) != vd->guest.ds->height;
365 *(vd->guest.ds) = *(ds->surface);
366 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
371 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
372 vnc_write_u8(vs, 0); /* msg id */
374 vnc_write_u16(vs, 1); /* number of rects */
375 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
376 VNC_ENCODING_DESKTOPRESIZE);
380 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
388 vnc_write(vs, pixels, size);
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
395 VncDisplay *vd = vs->vd;
397 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
398 vd->server->pf.rbits);
399 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
400 vd->server->pf.gbits);
401 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
402 vd->server->pf.bbits);
403 v = (r << vs->clientds.pf.rshift) |
404 (g << vs->clientds.pf.gshift) |
405 (b << vs->clientds.pf.bshift);
406 switch(vs->clientds.pf.bytes_per_pixel) {
411 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
421 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
436 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
439 VncDisplay *vd = vs->vd;
441 if (vd->server->pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
449 } else if (vd->server->pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
457 } else if (vd->server->pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
474 VncDisplay *vd = vs->vd;
476 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
477 for (i = 0; i < h; i++) {
478 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
479 row += ds_get_linesize(vs->ds);
483 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
485 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
486 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
490 #include "vnchextile.h"
494 #include "vnchextile.h"
498 #include "vnchextile.h"
503 #include "vnchextile.h"
509 #include "vnchextile.h"
515 #include "vnchextile.h"
519 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
523 uint8_t *last_fg, *last_bg;
524 VncDisplay *vd = vs->vd;
526 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
527 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
529 for (j = y; j < (y + h); j += 16) {
530 for (i = x; i < (x + w); i += 16) {
531 vs->send_hextile_tile(vs, i, j,
532 MIN(16, x + w - i), MIN(16, y + h - j),
533 last_bg, last_fg, &has_bg, &has_fg);
541 static void vnc_zlib_init(VncState *vs)
544 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
545 vs->zlib_stream[i].opaque = NULL;
548 static void vnc_zlib_start(VncState *vs)
550 buffer_reset(&vs->zlib);
552 // make the output buffer be the zlib buffer, so we can compress it later
553 vs->zlib_tmp = vs->output;
554 vs->output = vs->zlib;
557 static int vnc_zlib_stop(VncState *vs, int stream_id)
559 z_streamp zstream = &vs->zlib_stream[stream_id];
562 // switch back to normal output/zlib buffers
563 vs->zlib = vs->output;
564 vs->output = vs->zlib_tmp;
566 // compress the zlib buffer
568 // initialize the stream
569 // XXX need one stream per session
570 if (zstream->opaque != vs) {
573 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
574 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
575 zstream->zalloc = Z_NULL;
576 zstream->zfree = Z_NULL;
578 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
579 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
582 fprintf(stderr, "VNC: error initializing zlib\n");
586 zstream->opaque = vs;
589 // XXX what to do if tight_compression changed in between?
591 // reserve memory in output buffer
592 buffer_reserve(&vs->output, vs->zlib.offset + 64);
595 zstream->next_in = vs->zlib.buffer;
596 zstream->avail_in = vs->zlib.offset;
597 zstream->next_out = vs->output.buffer + vs->output.offset;
598 zstream->avail_out = vs->output.capacity - vs->output.offset;
599 zstream->data_type = Z_BINARY;
600 previous_out = zstream->total_out;
603 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
604 fprintf(stderr, "VNC: error during zlib compression\n");
608 vs->output.offset = vs->output.capacity - zstream->avail_out;
609 return zstream->total_out - previous_out;
612 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
614 int old_offset, new_offset, bytes_written;
616 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
618 // remember where we put in the follow-up size
619 old_offset = vs->output.offset;
620 vnc_write_s32(vs, 0);
622 // compress the stream
624 send_framebuffer_update_raw(vs, x, y, w, h);
625 bytes_written = vnc_zlib_stop(vs, 0);
627 if (bytes_written == -1)
631 new_offset = vs->output.offset;
632 vs->output.offset = old_offset;
633 vnc_write_u32(vs, bytes_written);
634 vs->output.offset = new_offset;
637 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
639 switch(vs->vnc_encoding) {
640 case VNC_ENCODING_ZLIB:
641 send_framebuffer_update_zlib(vs, x, y, w, h);
643 case VNC_ENCODING_HEXTILE:
644 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
645 send_framebuffer_update_hextile(vs, x, y, w, h);
648 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
649 send_framebuffer_update_raw(vs, x, y, w, h);
654 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
656 /* send bitblit op to the vnc client */
657 vnc_write_u8(vs, 0); /* msg id */
659 vnc_write_u16(vs, 1); /* number of rects */
660 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
661 vnc_write_u16(vs, src_x);
662 vnc_write_u16(vs, src_y);
666 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
668 VncDisplay *vd = ds->opaque;
672 int i,x,y,pitch,depth,inc,w_lim,s;
675 vnc_refresh_server_surface(vd);
676 for (vs = vd->clients; vs != NULL; vs = vn) {
678 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
679 vs->force_update = 1;
680 vnc_update_client(vs, 1);
681 /* vs might be free()ed here */
685 /* do bitblit op on the local surface too */
686 pitch = ds_get_linesize(vd->ds);
687 depth = ds_get_bytes_per_pixel(vd->ds);
688 src_row = vd->server->data + pitch * src_y + depth * src_x;
689 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
694 src_row += pitch * (h-1);
695 dst_row += pitch * (h-1);
700 w_lim = w - (16 - (dst_x % 16));
704 w_lim = w - (w_lim % 16);
705 for (i = 0; i < h; i++) {
706 for (x = 0; x <= w_lim;
707 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
709 if ((s = w - w_lim) == 0)
712 s = (16 - (dst_x % 16));
717 cmp_bytes = s * depth;
718 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
720 memmove(dst_row, src_row, cmp_bytes);
723 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
724 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
728 src_row += pitch - w * depth;
729 dst_row += pitch - w * depth;
733 for (vs = vd->clients; vs != NULL; vs = vs->next) {
734 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
735 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
739 static int find_and_clear_dirty_height(struct VncState *vs,
740 int y, int last_x, int x)
743 VncDisplay *vd = vs->vd;
745 for (h = 1; h < (vd->server->height - y); h++) {
747 if (!vnc_get_bit(vs->dirty[y + h], last_x))
749 for (tmp_x = last_x; tmp_x < x; tmp_x++)
750 vnc_clear_bit(vs->dirty[y + h], tmp_x);
756 static int vnc_update_client(VncState *vs, int has_dirty)
758 if (vs->need_update && vs->csock != -1) {
759 VncDisplay *vd = vs->vd;
764 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
765 /* kernel send buffers are full -> drop frames to throttle */
768 if (!has_dirty && !vs->audio_cap && !vs->force_update)
772 * Send screen updates to the vnc client using the server
773 * surface and server dirty map. guest surface updates
774 * happening in parallel don't disturb us, the next pass will
775 * send them to the client.
778 vnc_write_u8(vs, 0); /* msg id */
780 saved_offset = vs->output.offset;
781 vnc_write_u16(vs, 0);
783 for (y = 0; y < vd->server->height; y++) {
786 for (x = 0; x < vd->server->width / 16; x++) {
787 if (vnc_get_bit(vs->dirty[y], x)) {
791 vnc_clear_bit(vs->dirty[y], x);
794 int h = find_and_clear_dirty_height(vs, y, last_x, x);
795 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
802 int h = find_and_clear_dirty_height(vs, y, last_x, x);
803 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
807 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
808 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
810 vs->force_update = 0;
815 vnc_disconnect_finish(vs);
821 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
823 VncState *vs = opaque;
826 case AUD_CNOTIFY_DISABLE:
827 vnc_write_u8(vs, 255);
829 vnc_write_u16(vs, 0);
833 case AUD_CNOTIFY_ENABLE:
834 vnc_write_u8(vs, 255);
836 vnc_write_u16(vs, 1);
842 static void audio_capture_destroy(void *opaque)
846 static void audio_capture(void *opaque, void *buf, int size)
848 VncState *vs = opaque;
850 vnc_write_u8(vs, 255);
852 vnc_write_u16(vs, 2);
853 vnc_write_u32(vs, size);
854 vnc_write(vs, buf, size);
858 static void audio_add(VncState *vs)
860 Monitor *mon = cur_mon;
861 struct audio_capture_ops ops;
864 monitor_printf(mon, "audio already running\n");
868 ops.notify = audio_capture_notify;
869 ops.destroy = audio_capture_destroy;
870 ops.capture = audio_capture;
872 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
873 if (!vs->audio_cap) {
874 monitor_printf(mon, "Failed to add audio capture\n");
878 static void audio_del(VncState *vs)
881 AUD_del_capture(vs->audio_cap, vs);
882 vs->audio_cap = NULL;
886 static void vnc_disconnect_start(VncState *vs)
890 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
891 closesocket(vs->csock);
895 static void vnc_disconnect_finish(VncState *vs)
897 if (vs->input.buffer) qemu_free(vs->input.buffer);
898 if (vs->output.buffer) qemu_free(vs->output.buffer);
899 #ifdef CONFIG_VNC_TLS
900 vnc_tls_client_cleanup(vs);
901 #endif /* CONFIG_VNC_TLS */
902 #ifdef CONFIG_VNC_SASL
903 vnc_sasl_client_cleanup(vs);
904 #endif /* CONFIG_VNC_SASL */
907 VncState *p, *parent = NULL;
908 for (p = vs->vd->clients; p != NULL; p = p->next) {
911 parent->next = p->next;
913 vs->vd->clients = p->next;
918 if (!vs->vd->clients)
922 vnc_remove_timer(vs->vd);
925 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
927 if (ret == 0 || ret == -1) {
929 switch (last_errno) {
941 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
942 ret, ret < 0 ? last_errno : 0);
943 vnc_disconnect_start(vs);
951 void vnc_client_error(VncState *vs)
953 VNC_DEBUG("Closing down client sock: protocol error\n");
954 vnc_disconnect_start(vs);
959 * Called to write a chunk of data to the client socket. The data may
960 * be the raw data, or may have already been encoded by SASL.
961 * The data will be written either straight onto the socket, or
962 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
964 * NB, it is theoretically possible to have 2 layers of encryption,
965 * both SASL, and this TLS layer. It is highly unlikely in practice
966 * though, since SASL encryption will typically be a no-op if TLS
969 * Returns the number of bytes written, which may be less than
970 * the requested 'datalen' if the socket would block. Returns
971 * -1 on error, and disconnects the client socket.
973 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
976 #ifdef CONFIG_VNC_TLS
977 if (vs->tls.session) {
978 ret = gnutls_write(vs->tls.session, data, datalen);
980 if (ret == GNUTLS_E_AGAIN)
987 #endif /* CONFIG_VNC_TLS */
988 ret = send(vs->csock, (const void *)data, datalen, 0);
989 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
990 return vnc_client_io_error(vs, ret, socket_error());
995 * Called to write buffered data to the client socket, when not
996 * using any SASL SSF encryption layers. Will write as much data
997 * as possible without blocking. If all buffered data is written,
998 * will switch the FD poll() handler back to read monitoring.
1000 * Returns the number of bytes written, which may be less than
1001 * the buffered output data if the socket would block. Returns
1002 * -1 on error, and disconnects the client socket.
1004 static long vnc_client_write_plain(VncState *vs)
1008 #ifdef CONFIG_VNC_SASL
1009 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1010 vs->output.buffer, vs->output.capacity, vs->output.offset,
1011 vs->sasl.waitWriteSSF);
1013 if (vs->sasl.conn &&
1015 vs->sasl.waitWriteSSF) {
1016 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1018 vs->sasl.waitWriteSSF -= ret;
1020 #endif /* CONFIG_VNC_SASL */
1021 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1025 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1026 vs->output.offset -= ret;
1028 if (vs->output.offset == 0) {
1029 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1037 * First function called whenever there is data to be written to
1038 * the client socket. Will delegate actual work according to whether
1039 * SASL SSF layers are enabled (thus requiring encryption calls)
1041 void vnc_client_write(void *opaque)
1044 VncState *vs = opaque;
1046 #ifdef CONFIG_VNC_SASL
1047 if (vs->sasl.conn &&
1049 !vs->sasl.waitWriteSSF)
1050 ret = vnc_client_write_sasl(vs);
1052 #endif /* CONFIG_VNC_SASL */
1053 ret = vnc_client_write_plain(vs);
1056 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1058 vs->read_handler = func;
1059 vs->read_handler_expect = expecting;
1064 * Called to read a chunk of data from the client socket. The data may
1065 * be the raw data, or may need to be further decoded by SASL.
1066 * The data will be read either straight from to the socket, or
1067 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1069 * NB, it is theoretically possible to have 2 layers of encryption,
1070 * both SASL, and this TLS layer. It is highly unlikely in practice
1071 * though, since SASL encryption will typically be a no-op if TLS
1074 * Returns the number of bytes read, which may be less than
1075 * the requested 'datalen' if the socket would block. Returns
1076 * -1 on error, and disconnects the client socket.
1078 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1081 #ifdef CONFIG_VNC_TLS
1082 if (vs->tls.session) {
1083 ret = gnutls_read(vs->tls.session, data, datalen);
1085 if (ret == GNUTLS_E_AGAIN)
1092 #endif /* CONFIG_VNC_TLS */
1093 ret = recv(vs->csock, (void *)data, datalen, 0);
1094 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1095 return vnc_client_io_error(vs, ret, socket_error());
1100 * Called to read data from the client socket to the input buffer,
1101 * when not using any SASL SSF encryption layers. Will read as much
1102 * data as possible without blocking.
1104 * Returns the number of bytes read. Returns -1 on error, and
1105 * disconnects the client socket.
1107 static long vnc_client_read_plain(VncState *vs)
1110 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1111 vs->input.buffer, vs->input.capacity, vs->input.offset);
1112 buffer_reserve(&vs->input, 4096);
1113 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1116 vs->input.offset += ret;
1122 * First function called whenever there is more data to be read from
1123 * the client socket. Will delegate actual work according to whether
1124 * SASL SSF layers are enabled (thus requiring decryption calls)
1126 void vnc_client_read(void *opaque)
1128 VncState *vs = opaque;
1131 #ifdef CONFIG_VNC_SASL
1132 if (vs->sasl.conn && vs->sasl.runSSF)
1133 ret = vnc_client_read_sasl(vs);
1135 #endif /* CONFIG_VNC_SASL */
1136 ret = vnc_client_read_plain(vs);
1138 if (vs->csock == -1)
1139 vnc_disconnect_finish(vs);
1143 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1144 size_t len = vs->read_handler_expect;
1147 ret = vs->read_handler(vs, vs->input.buffer, len);
1148 if (vs->csock == -1) {
1149 vnc_disconnect_finish(vs);
1154 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1155 vs->input.offset -= len;
1157 vs->read_handler_expect = ret;
1162 void vnc_write(VncState *vs, const void *data, size_t len)
1164 buffer_reserve(&vs->output, len);
1166 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1167 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1170 buffer_append(&vs->output, data, len);
1173 void vnc_write_s32(VncState *vs, int32_t value)
1175 vnc_write_u32(vs, *(uint32_t *)&value);
1178 void vnc_write_u32(VncState *vs, uint32_t value)
1182 buf[0] = (value >> 24) & 0xFF;
1183 buf[1] = (value >> 16) & 0xFF;
1184 buf[2] = (value >> 8) & 0xFF;
1185 buf[3] = value & 0xFF;
1187 vnc_write(vs, buf, 4);
1190 void vnc_write_u16(VncState *vs, uint16_t value)
1194 buf[0] = (value >> 8) & 0xFF;
1195 buf[1] = value & 0xFF;
1197 vnc_write(vs, buf, 2);
1200 void vnc_write_u8(VncState *vs, uint8_t value)
1202 vnc_write(vs, (char *)&value, 1);
1205 void vnc_flush(VncState *vs)
1207 if (vs->csock != -1 && vs->output.offset)
1208 vnc_client_write(vs);
1211 uint8_t read_u8(uint8_t *data, size_t offset)
1213 return data[offset];
1216 uint16_t read_u16(uint8_t *data, size_t offset)
1218 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1221 int32_t read_s32(uint8_t *data, size_t offset)
1223 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1224 (data[offset + 2] << 8) | data[offset + 3]);
1227 uint32_t read_u32(uint8_t *data, size_t offset)
1229 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1230 (data[offset + 2] << 8) | data[offset + 3]);
1233 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1237 static void check_pointer_type_change(VncState *vs, int absolute)
1239 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1240 vnc_write_u8(vs, 0);
1241 vnc_write_u8(vs, 0);
1242 vnc_write_u16(vs, 1);
1243 vnc_framebuffer_update(vs, absolute, 0,
1244 ds_get_width(vs->ds), ds_get_height(vs->ds),
1245 VNC_ENCODING_POINTER_TYPE_CHANGE);
1248 vs->absolute = absolute;
1251 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1256 if (button_mask & 0x01)
1257 buttons |= MOUSE_EVENT_LBUTTON;
1258 if (button_mask & 0x02)
1259 buttons |= MOUSE_EVENT_MBUTTON;
1260 if (button_mask & 0x04)
1261 buttons |= MOUSE_EVENT_RBUTTON;
1262 if (button_mask & 0x08)
1264 if (button_mask & 0x10)
1268 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1269 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1271 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1275 kbd_mouse_event(x, y, dz, buttons);
1277 if (vs->last_x != -1)
1278 kbd_mouse_event(x - vs->last_x,
1285 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1288 static void reset_keys(VncState *vs)
1291 for(i = 0; i < 256; i++) {
1292 if (vs->modifiers_state[i]) {
1294 kbd_put_keycode(0xe0);
1295 kbd_put_keycode(i | 0x80);
1296 vs->modifiers_state[i] = 0;
1301 static void press_key(VncState *vs, int keysym)
1303 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1304 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1307 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1309 /* QEMU console switch */
1311 case 0x2a: /* Left Shift */
1312 case 0x36: /* Right Shift */
1313 case 0x1d: /* Left CTRL */
1314 case 0x9d: /* Right CTRL */
1315 case 0x38: /* Left ALT */
1316 case 0xb8: /* Right ALT */
1318 vs->modifiers_state[keycode] = 1;
1320 vs->modifiers_state[keycode] = 0;
1322 case 0x02 ... 0x0a: /* '1' to '9' keys */
1323 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1324 /* Reset the modifiers sent to the current console */
1326 console_select(keycode - 0x02);
1330 case 0x3a: /* CapsLock */
1331 case 0x45: /* NumLock */
1333 vs->modifiers_state[keycode] ^= 1;
1337 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1338 /* If the numlock state needs to change then simulate an additional
1339 keypress before sending this one. This will happen if the user
1340 toggles numlock away from the VNC window.
1342 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1343 if (!vs->modifiers_state[0x45]) {
1344 vs->modifiers_state[0x45] = 1;
1345 press_key(vs, 0xff7f);
1348 if (vs->modifiers_state[0x45]) {
1349 vs->modifiers_state[0x45] = 0;
1350 press_key(vs, 0xff7f);
1355 if (is_graphic_console()) {
1357 kbd_put_keycode(0xe0);
1359 kbd_put_keycode(keycode & 0x7f);
1361 kbd_put_keycode(keycode | 0x80);
1363 /* QEMU console emulation */
1365 int numlock = vs->modifiers_state[0x45];
1367 case 0x2a: /* Left Shift */
1368 case 0x36: /* Right Shift */
1369 case 0x1d: /* Left CTRL */
1370 case 0x9d: /* Right CTRL */
1371 case 0x38: /* Left ALT */
1372 case 0xb8: /* Right ALT */
1375 kbd_put_keysym(QEMU_KEY_UP);
1378 kbd_put_keysym(QEMU_KEY_DOWN);
1381 kbd_put_keysym(QEMU_KEY_LEFT);
1384 kbd_put_keysym(QEMU_KEY_RIGHT);
1387 kbd_put_keysym(QEMU_KEY_DELETE);
1390 kbd_put_keysym(QEMU_KEY_HOME);
1393 kbd_put_keysym(QEMU_KEY_END);
1396 kbd_put_keysym(QEMU_KEY_PAGEUP);
1399 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1403 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1406 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1409 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1412 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1415 kbd_put_keysym('5');
1418 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1421 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1424 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1427 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1430 kbd_put_keysym('0');
1433 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1437 kbd_put_keysym('/');
1440 kbd_put_keysym('*');
1443 kbd_put_keysym('-');
1446 kbd_put_keysym('+');
1449 kbd_put_keysym('\n');
1453 kbd_put_keysym(sym);
1460 static void key_event(VncState *vs, int down, uint32_t sym)
1464 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1465 sym = sym - 'A' + 'a';
1467 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1468 do_key_event(vs, down, keycode, sym);
1471 static void ext_key_event(VncState *vs, int down,
1472 uint32_t sym, uint16_t keycode)
1474 /* if the user specifies a keyboard layout, always use it */
1475 if (keyboard_layout)
1476 key_event(vs, down, sym);
1478 do_key_event(vs, down, keycode, sym);
1481 static void framebuffer_update_request(VncState *vs, int incremental,
1482 int x_position, int y_position,
1485 if (x_position > ds_get_width(vs->ds))
1486 x_position = ds_get_width(vs->ds);
1487 if (y_position > ds_get_height(vs->ds))
1488 y_position = ds_get_height(vs->ds);
1489 if (x_position + w >= ds_get_width(vs->ds))
1490 w = ds_get_width(vs->ds) - x_position;
1491 if (y_position + h >= ds_get_height(vs->ds))
1492 h = ds_get_height(vs->ds) - y_position;
1495 vs->need_update = 1;
1497 vs->force_update = 1;
1498 for (i = 0; i < h; i++) {
1499 vnc_set_bits(vs->dirty[y_position + i],
1500 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1505 static void send_ext_key_event_ack(VncState *vs)
1507 vnc_write_u8(vs, 0);
1508 vnc_write_u8(vs, 0);
1509 vnc_write_u16(vs, 1);
1510 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1511 VNC_ENCODING_EXT_KEY_EVENT);
1515 static void send_ext_audio_ack(VncState *vs)
1517 vnc_write_u8(vs, 0);
1518 vnc_write_u8(vs, 0);
1519 vnc_write_u16(vs, 1);
1520 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1521 VNC_ENCODING_AUDIO);
1525 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1528 unsigned int enc = 0;
1532 vs->vnc_encoding = 0;
1533 vs->tight_compression = 9;
1534 vs->tight_quality = 9;
1537 for (i = n_encodings - 1; i >= 0; i--) {
1540 case VNC_ENCODING_RAW:
1541 vs->vnc_encoding = enc;
1543 case VNC_ENCODING_COPYRECT:
1544 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1546 case VNC_ENCODING_HEXTILE:
1547 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1548 vs->vnc_encoding = enc;
1550 case VNC_ENCODING_ZLIB:
1551 vs->features |= VNC_FEATURE_ZLIB_MASK;
1552 vs->vnc_encoding = enc;
1554 case VNC_ENCODING_DESKTOPRESIZE:
1555 vs->features |= VNC_FEATURE_RESIZE_MASK;
1557 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1558 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1560 case VNC_ENCODING_EXT_KEY_EVENT:
1561 send_ext_key_event_ack(vs);
1563 case VNC_ENCODING_AUDIO:
1564 send_ext_audio_ack(vs);
1566 case VNC_ENCODING_WMVi:
1567 vs->features |= VNC_FEATURE_WMVI_MASK;
1569 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1570 vs->tight_compression = (enc & 0x0F);
1572 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1573 vs->tight_quality = (enc & 0x0F);
1576 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1581 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1584 static void set_pixel_conversion(VncState *vs)
1586 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1587 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1588 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1589 vs->write_pixels = vnc_write_pixels_copy;
1590 switch (vs->ds->surface->pf.bits_per_pixel) {
1592 vs->send_hextile_tile = send_hextile_tile_8;
1595 vs->send_hextile_tile = send_hextile_tile_16;
1598 vs->send_hextile_tile = send_hextile_tile_32;
1602 vs->write_pixels = vnc_write_pixels_generic;
1603 switch (vs->ds->surface->pf.bits_per_pixel) {
1605 vs->send_hextile_tile = send_hextile_tile_generic_8;
1608 vs->send_hextile_tile = send_hextile_tile_generic_16;
1611 vs->send_hextile_tile = send_hextile_tile_generic_32;
1617 static void set_pixel_format(VncState *vs,
1618 int bits_per_pixel, int depth,
1619 int big_endian_flag, int true_color_flag,
1620 int red_max, int green_max, int blue_max,
1621 int red_shift, int green_shift, int blue_shift)
1623 if (!true_color_flag) {
1624 vnc_client_error(vs);
1628 vs->clientds = *(vs->vd->guest.ds);
1629 vs->clientds.pf.rmax = red_max;
1630 count_bits(vs->clientds.pf.rbits, red_max);
1631 vs->clientds.pf.rshift = red_shift;
1632 vs->clientds.pf.rmask = red_max << red_shift;
1633 vs->clientds.pf.gmax = green_max;
1634 count_bits(vs->clientds.pf.gbits, green_max);
1635 vs->clientds.pf.gshift = green_shift;
1636 vs->clientds.pf.gmask = green_max << green_shift;
1637 vs->clientds.pf.bmax = blue_max;
1638 count_bits(vs->clientds.pf.bbits, blue_max);
1639 vs->clientds.pf.bshift = blue_shift;
1640 vs->clientds.pf.bmask = blue_max << blue_shift;
1641 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1642 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1643 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1644 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1646 set_pixel_conversion(vs);
1648 vga_hw_invalidate();
1652 static void pixel_format_message (VncState *vs) {
1653 char pad[3] = { 0, 0, 0 };
1655 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1656 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1658 #ifdef HOST_WORDS_BIGENDIAN
1659 vnc_write_u8(vs, 1); /* big-endian-flag */
1661 vnc_write_u8(vs, 0); /* big-endian-flag */
1663 vnc_write_u8(vs, 1); /* true-color-flag */
1664 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1665 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1666 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1667 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1668 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1669 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1670 if (vs->ds->surface->pf.bits_per_pixel == 32)
1671 vs->send_hextile_tile = send_hextile_tile_32;
1672 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1673 vs->send_hextile_tile = send_hextile_tile_16;
1674 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1675 vs->send_hextile_tile = send_hextile_tile_8;
1676 vs->clientds = *(vs->ds->surface);
1677 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1678 vs->write_pixels = vnc_write_pixels_copy;
1680 vnc_write(vs, pad, 3); /* padding */
1683 static void vnc_dpy_setdata(DisplayState *ds)
1685 /* We don't have to do anything */
1688 static void vnc_colordepth(VncState *vs)
1690 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1691 /* Sending a WMVi message to notify the client*/
1692 vnc_write_u8(vs, 0); /* msg id */
1693 vnc_write_u8(vs, 0);
1694 vnc_write_u16(vs, 1); /* number of rects */
1695 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1696 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1697 pixel_format_message(vs);
1700 set_pixel_conversion(vs);
1704 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1708 VncDisplay *vd = vs->vd;
1711 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1712 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1713 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1721 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1722 read_u8(data, 6), read_u8(data, 7),
1723 read_u16(data, 8), read_u16(data, 10),
1724 read_u16(data, 12), read_u8(data, 14),
1725 read_u8(data, 15), read_u8(data, 16));
1732 limit = read_u16(data, 2);
1734 return 4 + (limit * 4);
1736 limit = read_u16(data, 2);
1738 for (i = 0; i < limit; i++) {
1739 int32_t val = read_s32(data, 4 + (i * 4));
1740 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1743 set_encodings(vs, (int32_t *)(data + 4), limit);
1749 framebuffer_update_request(vs,
1750 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1751 read_u16(data, 6), read_u16(data, 8));
1757 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1763 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1770 uint32_t dlen = read_u32(data, 4);
1775 client_cut_text(vs, read_u32(data, 4), data + 8);
1781 switch (read_u8(data, 1)) {
1786 ext_key_event(vs, read_u16(data, 2),
1787 read_u32(data, 4), read_u32(data, 8));
1793 switch (read_u16 (data, 2)) {
1803 switch (read_u8(data, 4)) {
1804 case 0: vs->as.fmt = AUD_FMT_U8; break;
1805 case 1: vs->as.fmt = AUD_FMT_S8; break;
1806 case 2: vs->as.fmt = AUD_FMT_U16; break;
1807 case 3: vs->as.fmt = AUD_FMT_S16; break;
1808 case 4: vs->as.fmt = AUD_FMT_U32; break;
1809 case 5: vs->as.fmt = AUD_FMT_S32; break;
1811 printf("Invalid audio format %d\n", read_u8(data, 4));
1812 vnc_client_error(vs);
1815 vs->as.nchannels = read_u8(data, 5);
1816 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1817 printf("Invalid audio channel coount %d\n",
1819 vnc_client_error(vs);
1822 vs->as.freq = read_u32(data, 6);
1825 printf ("Invalid audio message %d\n", read_u8(data, 4));
1826 vnc_client_error(vs);
1832 printf("Msg: %d\n", read_u16(data, 0));
1833 vnc_client_error(vs);
1838 printf("Msg: %d\n", data[0]);
1839 vnc_client_error(vs);
1843 vnc_read_when(vs, protocol_client_msg, 1);
1847 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1852 vnc_write_u16(vs, ds_get_width(vs->ds));
1853 vnc_write_u16(vs, ds_get_height(vs->ds));
1855 pixel_format_message(vs);
1858 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1860 size = snprintf(buf, sizeof(buf), "QEMU");
1862 vnc_write_u32(vs, size);
1863 vnc_write(vs, buf, size);
1866 vnc_read_when(vs, protocol_client_msg, 1);
1871 void start_client_init(VncState *vs)
1873 vnc_read_when(vs, protocol_client_init, 1);
1876 static void make_challenge(VncState *vs)
1880 srand(time(NULL)+getpid()+getpid()*987654+rand());
1882 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1883 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1886 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1888 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1890 unsigned char key[8];
1892 if (!vs->vd->password || !vs->vd->password[0]) {
1893 VNC_DEBUG("No password configured on server");
1894 vnc_write_u32(vs, 1); /* Reject auth */
1895 if (vs->minor >= 8) {
1896 static const char err[] = "Authentication failed";
1897 vnc_write_u32(vs, sizeof(err));
1898 vnc_write(vs, err, sizeof(err));
1901 vnc_client_error(vs);
1905 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1907 /* Calculate the expected challenge response */
1908 pwlen = strlen(vs->vd->password);
1909 for (i=0; i<sizeof(key); i++)
1910 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1912 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1913 des(response+j, response+j);
1915 /* Compare expected vs actual challenge response */
1916 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1917 VNC_DEBUG("Client challenge reponse did not match\n");
1918 vnc_write_u32(vs, 1); /* Reject auth */
1919 if (vs->minor >= 8) {
1920 static const char err[] = "Authentication failed";
1921 vnc_write_u32(vs, sizeof(err));
1922 vnc_write(vs, err, sizeof(err));
1925 vnc_client_error(vs);
1927 VNC_DEBUG("Accepting VNC challenge response\n");
1928 vnc_write_u32(vs, 0); /* Accept auth */
1931 start_client_init(vs);
1936 void start_auth_vnc(VncState *vs)
1939 /* Send client a 'random' challenge */
1940 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1943 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1947 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1949 /* We only advertise 1 auth scheme at a time, so client
1950 * must pick the one we sent. Verify this */
1951 if (data[0] != vs->vd->auth) { /* Reject auth */
1952 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1953 vnc_write_u32(vs, 1);
1954 if (vs->minor >= 8) {
1955 static const char err[] = "Authentication failed";
1956 vnc_write_u32(vs, sizeof(err));
1957 vnc_write(vs, err, sizeof(err));
1959 vnc_client_error(vs);
1960 } else { /* Accept requested auth */
1961 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1962 switch (vs->vd->auth) {
1964 VNC_DEBUG("Accept auth none\n");
1965 if (vs->minor >= 8) {
1966 vnc_write_u32(vs, 0); /* Accept auth completion */
1969 start_client_init(vs);
1973 VNC_DEBUG("Start VNC auth\n");
1977 #ifdef CONFIG_VNC_TLS
1978 case VNC_AUTH_VENCRYPT:
1979 VNC_DEBUG("Accept VeNCrypt auth\n");;
1980 start_auth_vencrypt(vs);
1982 #endif /* CONFIG_VNC_TLS */
1984 #ifdef CONFIG_VNC_SASL
1986 VNC_DEBUG("Accept SASL auth\n");
1987 start_auth_sasl(vs);
1989 #endif /* CONFIG_VNC_SASL */
1991 default: /* Should not be possible, but just in case */
1992 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1993 vnc_write_u8(vs, 1);
1994 if (vs->minor >= 8) {
1995 static const char err[] = "Authentication failed";
1996 vnc_write_u32(vs, sizeof(err));
1997 vnc_write(vs, err, sizeof(err));
1999 vnc_client_error(vs);
2005 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2009 memcpy(local, version, 12);
2012 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2013 VNC_DEBUG("Malformed protocol version %s\n", local);
2014 vnc_client_error(vs);
2017 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2018 if (vs->major != 3 ||
2024 VNC_DEBUG("Unsupported client version\n");
2025 vnc_write_u32(vs, VNC_AUTH_INVALID);
2027 vnc_client_error(vs);
2030 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2031 * as equivalent to v3.3 by servers
2033 if (vs->minor == 4 || vs->minor == 5)
2036 if (vs->minor == 3) {
2037 if (vs->vd->auth == VNC_AUTH_NONE) {
2038 VNC_DEBUG("Tell client auth none\n");
2039 vnc_write_u32(vs, vs->vd->auth);
2041 start_client_init(vs);
2042 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2043 VNC_DEBUG("Tell client VNC auth\n");
2044 vnc_write_u32(vs, vs->vd->auth);
2048 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2049 vnc_write_u32(vs, VNC_AUTH_INVALID);
2051 vnc_client_error(vs);
2054 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2055 vnc_write_u8(vs, 1); /* num auth */
2056 vnc_write_u8(vs, vs->vd->auth);
2057 vnc_read_when(vs, protocol_client_auth, 1);
2064 static int vnc_refresh_server_surface(VncDisplay *vd)
2068 uint8_t *server_row;
2070 uint32_t width_mask[VNC_DIRTY_WORDS];
2071 VncState *vs = NULL;
2075 * Walk through the guest dirty map.
2076 * Check and copy modified bits from guest to server surface.
2077 * Update server dirty map.
2079 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2080 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2081 guest_row = vd->guest.ds->data;
2082 server_row = vd->server->data;
2083 for (y = 0; y < vd->guest.ds->height; y++) {
2084 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2087 uint8_t *server_ptr;
2089 guest_ptr = guest_row;
2090 server_ptr = server_row;
2092 for (x = 0; x < vd->guest.ds->width;
2093 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2094 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2096 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2097 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2099 memcpy(server_ptr, guest_ptr, cmp_bytes);
2101 while (vs != NULL) {
2102 vnc_set_bit(vs->dirty[y], (x / 16));
2108 guest_row += ds_get_linesize(vd->ds);
2109 server_row += ds_get_linesize(vd->ds);
2114 static void vnc_refresh(void *opaque)
2116 VncDisplay *vd = opaque;
2117 VncState *vs = NULL;
2118 int has_dirty = 0, rects = 0;
2122 has_dirty = vnc_refresh_server_surface(vd);
2125 while (vs != NULL) {
2126 rects += vnc_update_client(vs, has_dirty);
2130 if (has_dirty && rects) {
2131 vd->timer_interval /= 2;
2132 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2133 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2135 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2136 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2137 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2139 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2142 static void vnc_init_timer(VncDisplay *vd)
2144 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2145 if (vd->timer == NULL && vd->clients != NULL) {
2146 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2151 static void vnc_remove_timer(VncDisplay *vd)
2153 if (vd->timer != NULL && vd->clients == NULL) {
2154 qemu_del_timer(vd->timer);
2155 qemu_free_timer(vd->timer);
2160 static void vnc_connect(VncDisplay *vd, int csock)
2162 VncState *vs = qemu_mallocz(sizeof(VncState));
2165 VNC_DEBUG("New client on socket %d\n", csock);
2167 socket_set_nonblock(vs->csock);
2168 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2175 vs->as.freq = 44100;
2176 vs->as.nchannels = 2;
2177 vs->as.fmt = AUD_FMT_S16;
2178 vs->as.endianness = 0;
2180 vs->next = vd->clients;
2185 vnc_write(vs, "RFB 003.008\n", 12);
2187 vnc_read_when(vs, protocol_version, 12);
2192 /* vs might be free()ed here */
2195 static void vnc_listen_read(void *opaque)
2197 VncDisplay *vs = opaque;
2198 struct sockaddr_in addr;
2199 socklen_t addrlen = sizeof(addr);
2204 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2206 vnc_connect(vs, csock);
2210 void vnc_display_init(DisplayState *ds)
2212 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2214 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2224 if (keyboard_layout)
2225 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2227 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2229 if (!vs->kbd_layout)
2232 dcl->dpy_copy = vnc_dpy_copy;
2233 dcl->dpy_update = vnc_dpy_update;
2234 dcl->dpy_resize = vnc_dpy_resize;
2235 dcl->dpy_setdata = vnc_dpy_setdata;
2236 register_displaychangelistener(ds, dcl);
2240 void vnc_display_close(DisplayState *ds)
2242 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2247 qemu_free(vs->display);
2250 if (vs->lsock != -1) {
2251 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2255 vs->auth = VNC_AUTH_INVALID;
2256 #ifdef CONFIG_VNC_TLS
2257 vs->subauth = VNC_AUTH_INVALID;
2258 vs->tls.x509verify = 0;
2262 int vnc_display_password(DisplayState *ds, const char *password)
2264 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2271 qemu_free(vs->password);
2272 vs->password = NULL;
2274 if (password && password[0]) {
2275 if (!(vs->password = qemu_strdup(password)))
2277 if (vs->auth == VNC_AUTH_NONE) {
2278 vs->auth = VNC_AUTH_VNC;
2281 vs->auth = VNC_AUTH_NONE;
2287 char *vnc_display_local_addr(DisplayState *ds)
2289 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2291 return vnc_socket_local_addr("%s:%s", vs->lsock);
2294 int vnc_display_open(DisplayState *ds, const char *display)
2296 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2297 const char *options;
2301 #ifdef CONFIG_VNC_TLS
2302 int tls = 0, x509 = 0;
2304 #ifdef CONFIG_VNC_SASL
2312 vnc_display_close(ds);
2313 if (strcmp(display, "none") == 0)
2316 if (!(vs->display = strdup(display)))
2320 while ((options = strchr(options, ','))) {
2322 if (strncmp(options, "password", 8) == 0) {
2323 password = 1; /* Require password auth */
2324 } else if (strncmp(options, "reverse", 7) == 0) {
2326 } else if (strncmp(options, "to=", 3) == 0) {
2327 to_port = atoi(options+3) + 5900;
2328 #ifdef CONFIG_VNC_SASL
2329 } else if (strncmp(options, "sasl", 4) == 0) {
2330 sasl = 1; /* Require SASL auth */
2332 #ifdef CONFIG_VNC_TLS
2333 } else if (strncmp(options, "tls", 3) == 0) {
2334 tls = 1; /* Require TLS */
2335 } else if (strncmp(options, "x509", 4) == 0) {
2337 x509 = 1; /* Require x509 certificates */
2338 if (strncmp(options, "x509verify", 10) == 0)
2339 vs->tls.x509verify = 1; /* ...and verify client certs */
2341 /* Now check for 'x509=/some/path' postfix
2342 * and use that to setup x509 certificate/key paths */
2343 start = strchr(options, '=');
2344 end = strchr(options, ',');
2345 if (start && (!end || (start < end))) {
2346 int len = end ? end-(start+1) : strlen(start+1);
2347 char *path = qemu_strndup(start + 1, len);
2349 VNC_DEBUG("Trying certificate path '%s'\n", path);
2350 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2351 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2353 qemu_free(vs->display);
2359 fprintf(stderr, "No certificate path provided\n");
2360 qemu_free(vs->display);
2365 } else if (strncmp(options, "acl", 3) == 0) {
2370 #ifdef CONFIG_VNC_TLS
2371 if (acl && x509 && vs->tls.x509verify) {
2372 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2373 fprintf(stderr, "Failed to create x509 dname ACL\n");
2378 #ifdef CONFIG_VNC_SASL
2380 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2381 fprintf(stderr, "Failed to create username ACL\n");
2388 * Combinations we support here:
2390 * - no-auth (clear text, no auth)
2391 * - password (clear text, weak auth)
2392 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2393 * - tls (encrypt, weak anonymous creds, no auth)
2394 * - tls + password (encrypt, weak anonymous creds, weak auth)
2395 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2396 * - tls + x509 (encrypt, good x509 creds, no auth)
2397 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2398 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2400 * NB1. TLS is a stackable auth scheme.
2401 * NB2. the x509 schemes have option to validate a client cert dname
2404 #ifdef CONFIG_VNC_TLS
2406 vs->auth = VNC_AUTH_VENCRYPT;
2408 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2409 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2411 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2412 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2415 #endif /* CONFIG_VNC_TLS */
2416 VNC_DEBUG("Initializing VNC server with password auth\n");
2417 vs->auth = VNC_AUTH_VNC;
2418 #ifdef CONFIG_VNC_TLS
2419 vs->subauth = VNC_AUTH_INVALID;
2421 #endif /* CONFIG_VNC_TLS */
2422 #ifdef CONFIG_VNC_SASL
2424 #ifdef CONFIG_VNC_TLS
2426 vs->auth = VNC_AUTH_VENCRYPT;
2428 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2429 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2431 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2432 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2435 #endif /* CONFIG_VNC_TLS */
2436 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2437 vs->auth = VNC_AUTH_SASL;
2438 #ifdef CONFIG_VNC_TLS
2439 vs->subauth = VNC_AUTH_INVALID;
2441 #endif /* CONFIG_VNC_TLS */
2442 #endif /* CONFIG_VNC_SASL */
2444 #ifdef CONFIG_VNC_TLS
2446 vs->auth = VNC_AUTH_VENCRYPT;
2448 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2449 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2451 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2452 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2456 VNC_DEBUG("Initializing VNC server with no auth\n");
2457 vs->auth = VNC_AUTH_NONE;
2458 #ifdef CONFIG_VNC_TLS
2459 vs->subauth = VNC_AUTH_INVALID;
2464 #ifdef CONFIG_VNC_SASL
2465 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2466 fprintf(stderr, "Failed to initialize SASL auth %s",
2467 sasl_errstring(saslErr, NULL, NULL));
2475 /* connect to viewer */
2476 if (strncmp(display, "unix:", 5) == 0)
2477 vs->lsock = unix_connect(display+5);
2479 vs->lsock = inet_connect(display, SOCK_STREAM);
2480 if (-1 == vs->lsock) {
2485 int csock = vs->lsock;
2487 vnc_connect(vs, csock);
2492 /* listen for connects */
2494 dpy = qemu_malloc(256);
2495 if (strncmp(display, "unix:", 5) == 0) {
2496 pstrcpy(dpy, 256, "unix:");
2497 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2499 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2501 if (-1 == vs->lsock) {
2509 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
projects / qemu / blob