2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu_socket.h"
29 #define VNC_REFRESH_INTERVAL (1000 / 30)
31 #include "vnc_keysym.h"
38 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
40 #define VNC_DEBUG(fmt, ...) do { } while (0)
50 typedef struct VncState VncState;
52 typedef int VncReadEvent(VncState *vs, char *data, size_t len);
54 typedef void VncWritePixels(VncState *vs, void *data, int size);
56 typedef void VncSendHextileTile(VncState *vs,
57 int x, int y, int w, int h,
60 int *has_bg, int *has_fg);
62 #define VNC_MAX_WIDTH 2048
63 #define VNC_MAX_HEIGHT 2048
64 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
66 #define VNC_AUTH_CHALLENGE_SIZE 16
77 VNC_AUTH_VENCRYPT = 19
89 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
91 int depth; /* internal VNC frame buffer byte per pixel */
94 int has_pointer_type_change;
105 char challenge[VNC_AUTH_CHALLENGE_SIZE];
109 kbd_layout_t *kbd_layout;
110 /* current output mode information */
111 VncWritePixels *write_pixels;
112 VncSendHextileTile *send_hextile_tile;
113 int pix_bpp, pix_big_endian;
114 int red_shift, red_max, red_shift1;
115 int green_shift, green_max, green_shift1;
116 int blue_shift, blue_max, blue_shift1;
118 VncReadEvent *read_handler;
119 size_t read_handler_expect;
121 uint8_t modifiers_state[256];
124 static VncState *vnc_state; /* needed for info vnc */
126 void do_info_vnc(void)
128 if (vnc_state == NULL)
129 term_printf("VNC server disabled\n");
131 term_printf("VNC server active on: ");
132 term_print_filename(vnc_state->display);
135 if (vnc_state->csock == -1)
136 term_printf("No client connected\n");
138 term_printf("Client connected\n");
143 1) Get the queue working for IO.
144 2) there is some weirdness when using the -S option (the screen is grey
145 and not totally invalidated
146 3) resolutions > 1024
149 static void vnc_write(VncState *vs, const void *data, size_t len);
150 static void vnc_write_u32(VncState *vs, uint32_t value);
151 static void vnc_write_s32(VncState *vs, int32_t value);
152 static void vnc_write_u16(VncState *vs, uint16_t value);
153 static void vnc_write_u8(VncState *vs, uint8_t value);
154 static void vnc_flush(VncState *vs);
155 static void vnc_update_client(void *opaque);
156 static void vnc_client_read(void *opaque);
158 static inline void vnc_set_bit(uint32_t *d, int k)
160 d[k >> 5] |= 1 << (k & 0x1f);
163 static inline void vnc_clear_bit(uint32_t *d, int k)
165 d[k >> 5] &= ~(1 << (k & 0x1f));
168 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
178 d[j++] = (1 << n) - 1;
183 static inline int vnc_get_bit(const uint32_t *d, int k)
185 return (d[k >> 5] >> (k & 0x1f)) & 1;
188 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
192 for(i = 0; i < nb_words; i++) {
193 if ((d1[i] & d2[i]) != 0)
199 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
201 VncState *vs = ds->opaque;
207 for (i = 0; i < w; i += 16)
208 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
211 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
214 vnc_write_u16(vs, x);
215 vnc_write_u16(vs, y);
216 vnc_write_u16(vs, w);
217 vnc_write_u16(vs, h);
219 vnc_write_s32(vs, encoding);
222 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
225 VncState *vs = ds->opaque;
227 ds->data = realloc(ds->data, w * h * vs->depth);
228 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
230 if (ds->data == NULL || vs->old_data == NULL) {
231 fprintf(stderr, "vnc: memory allocation failed\n");
235 ds->depth = vs->depth * 8;
236 size_changed = ds->width != w || ds->height != h;
239 ds->linesize = w * vs->depth;
240 if (vs->csock != -1 && vs->has_resize && size_changed) {
241 vnc_write_u8(vs, 0); /* msg id */
243 vnc_write_u16(vs, 1); /* number of rects */
244 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
246 vs->width = ds->width;
247 vs->height = ds->height;
252 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
254 vnc_write(vs, pixels, size);
257 /* slowest but generic code. */
258 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
260 unsigned int r, g, b;
262 r = (v >> vs->red_shift1) & vs->red_max;
263 g = (v >> vs->green_shift1) & vs->green_max;
264 b = (v >> vs->blue_shift1) & vs->blue_max;
265 v = (r << vs->red_shift) |
266 (g << vs->green_shift) |
267 (b << vs->blue_shift);
268 switch(vs->pix_bpp) {
273 if (vs->pix_big_endian) {
283 if (vs->pix_big_endian) {
298 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
300 uint32_t *pixels = pixels1;
305 for(i = 0; i < n; i++) {
306 vnc_convert_pixel(vs, buf, pixels[i]);
307 vnc_write(vs, buf, vs->pix_bpp);
311 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
316 vnc_framebuffer_update(vs, x, y, w, h, 0);
318 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
319 for (i = 0; i < h; i++) {
320 vs->write_pixels(vs, row, w * vs->depth);
321 row += vs->ds->linesize;
325 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
327 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
328 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
332 #include "vnchextile.h"
336 #include "vnchextile.h"
340 #include "vnchextile.h"
345 #include "vnchextile.h"
349 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
353 uint32_t last_fg32, last_bg32;
355 vnc_framebuffer_update(vs, x, y, w, h, 5);
358 for (j = y; j < (y + h); j += 16) {
359 for (i = x; i < (x + w); i += 16) {
360 vs->send_hextile_tile(vs, i, j,
361 MIN(16, x + w - i), MIN(16, y + h - j),
362 &last_bg32, &last_fg32, &has_bg, &has_fg);
367 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
370 send_framebuffer_update_hextile(vs, x, y, w, h);
372 send_framebuffer_update_raw(vs, x, y, w, h);
375 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
382 int pitch = ds->linesize;
383 VncState *vs = ds->opaque;
385 vnc_update_client(vs);
392 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
393 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
395 src_row = ds->data + src;
396 dst_row = ds->data + dst;
397 old_row = vs->old_data + dst;
399 for (y = 0; y < h; y++) {
400 memmove(old_row, src_row, w * vs->depth);
401 memmove(dst_row, src_row, w * vs->depth);
407 vnc_write_u8(vs, 0); /* msg id */
409 vnc_write_u16(vs, 1); /* number of rects */
410 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
411 vnc_write_u16(vs, src_x);
412 vnc_write_u16(vs, src_y);
416 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
420 for (h = 1; h < (vs->height - y); h++) {
422 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
424 for (tmp_x = last_x; tmp_x < x; tmp_x++)
425 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
431 static void vnc_update_client(void *opaque)
433 VncState *vs = opaque;
435 if (vs->need_update && vs->csock != -1) {
439 uint32_t width_mask[VNC_DIRTY_WORDS];
444 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
446 /* Walk through the dirty map and eliminate tiles that
447 really aren't dirty */
449 old_row = vs->old_data;
451 for (y = 0; y < vs->height; y++) {
452 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
459 for (x = 0; x < vs->ds->width; x += 16) {
460 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
461 vnc_clear_bit(vs->dirty_row[y], (x / 16));
464 memcpy(old_ptr, ptr, 16 * vs->depth);
467 ptr += 16 * vs->depth;
468 old_ptr += 16 * vs->depth;
472 row += vs->ds->linesize;
473 old_row += vs->ds->linesize;
477 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
481 /* Count rectangles */
483 vnc_write_u8(vs, 0); /* msg id */
485 saved_offset = vs->output.offset;
486 vnc_write_u16(vs, 0);
488 for (y = 0; y < vs->height; y++) {
491 for (x = 0; x < vs->width / 16; x++) {
492 if (vnc_get_bit(vs->dirty_row[y], x)) {
496 vnc_clear_bit(vs->dirty_row[y], x);
499 int h = find_dirty_height(vs, y, last_x, x);
500 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
507 int h = find_dirty_height(vs, y, last_x, x);
508 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
512 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
513 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
517 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
520 static void vnc_timer_init(VncState *vs)
522 if (vs->timer == NULL) {
523 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
524 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock));
528 static void vnc_dpy_refresh(DisplayState *ds)
530 VncState *vs = ds->opaque;
535 static int vnc_listen_poll(void *opaque)
537 VncState *vs = opaque;
543 static void buffer_reserve(Buffer *buffer, size_t len)
545 if ((buffer->capacity - buffer->offset) < len) {
546 buffer->capacity += (len + 1024);
547 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
548 if (buffer->buffer == NULL) {
549 fprintf(stderr, "vnc: out of memory\n");
555 static int buffer_empty(Buffer *buffer)
557 return buffer->offset == 0;
560 static char *buffer_end(Buffer *buffer)
562 return buffer->buffer + buffer->offset;
565 static void buffer_reset(Buffer *buffer)
570 static void buffer_append(Buffer *buffer, const void *data, size_t len)
572 memcpy(buffer->buffer + buffer->offset, data, len);
573 buffer->offset += len;
576 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
578 if (ret == 0 || ret == -1) {
579 if (ret == -1 && (last_errno == EINTR || last_errno == EAGAIN))
582 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
583 closesocket(vs->csock);
585 buffer_reset(&vs->input);
586 buffer_reset(&vs->output);
593 static void vnc_client_error(VncState *vs)
595 vnc_client_io_error(vs, -1, EINVAL);
598 static void vnc_client_write(void *opaque)
601 VncState *vs = opaque;
603 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
604 ret = vnc_client_io_error(vs, ret, socket_error());
608 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
609 vs->output.offset -= ret;
611 if (vs->output.offset == 0) {
612 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
616 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
618 vs->read_handler = func;
619 vs->read_handler_expect = expecting;
622 static void vnc_client_read(void *opaque)
624 VncState *vs = opaque;
627 buffer_reserve(&vs->input, 4096);
629 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
630 ret = vnc_client_io_error(vs, ret, socket_error());
634 vs->input.offset += ret;
636 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
637 size_t len = vs->read_handler_expect;
640 ret = vs->read_handler(vs, vs->input.buffer, len);
645 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
646 vs->input.offset -= len;
648 vs->read_handler_expect = ret;
653 static void vnc_write(VncState *vs, const void *data, size_t len)
655 buffer_reserve(&vs->output, len);
657 if (buffer_empty(&vs->output)) {
658 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
661 buffer_append(&vs->output, data, len);
664 static void vnc_write_s32(VncState *vs, int32_t value)
666 vnc_write_u32(vs, *(uint32_t *)&value);
669 static void vnc_write_u32(VncState *vs, uint32_t value)
673 buf[0] = (value >> 24) & 0xFF;
674 buf[1] = (value >> 16) & 0xFF;
675 buf[2] = (value >> 8) & 0xFF;
676 buf[3] = value & 0xFF;
678 vnc_write(vs, buf, 4);
681 static void vnc_write_u16(VncState *vs, uint16_t value)
685 buf[0] = (value >> 8) & 0xFF;
686 buf[1] = value & 0xFF;
688 vnc_write(vs, buf, 2);
691 static void vnc_write_u8(VncState *vs, uint8_t value)
693 vnc_write(vs, (char *)&value, 1);
696 static void vnc_flush(VncState *vs)
698 if (vs->output.offset)
699 vnc_client_write(vs);
702 static uint8_t read_u8(uint8_t *data, size_t offset)
707 static uint16_t read_u16(uint8_t *data, size_t offset)
709 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
712 static int32_t read_s32(uint8_t *data, size_t offset)
714 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
715 (data[offset + 2] << 8) | data[offset + 3]);
718 static uint32_t read_u32(uint8_t *data, size_t offset)
720 return ((data[offset] << 24) | (data[offset + 1] << 16) |
721 (data[offset + 2] << 8) | data[offset + 3]);
724 static void client_cut_text(VncState *vs, size_t len, char *text)
728 static void check_pointer_type_change(VncState *vs, int absolute)
730 if (vs->has_pointer_type_change && vs->absolute != absolute) {
733 vnc_write_u16(vs, 1);
734 vnc_framebuffer_update(vs, absolute, 0,
735 vs->ds->width, vs->ds->height, -257);
738 vs->absolute = absolute;
741 static void pointer_event(VncState *vs, int button_mask, int x, int y)
746 if (button_mask & 0x01)
747 buttons |= MOUSE_EVENT_LBUTTON;
748 if (button_mask & 0x02)
749 buttons |= MOUSE_EVENT_MBUTTON;
750 if (button_mask & 0x04)
751 buttons |= MOUSE_EVENT_RBUTTON;
752 if (button_mask & 0x08)
754 if (button_mask & 0x10)
758 kbd_mouse_event(x * 0x7FFF / vs->ds->width,
759 y * 0x7FFF / vs->ds->height,
761 } else if (vs->has_pointer_type_change) {
765 kbd_mouse_event(x, y, dz, buttons);
767 if (vs->last_x != -1)
768 kbd_mouse_event(x - vs->last_x,
775 check_pointer_type_change(vs, kbd_mouse_is_absolute());
778 static void reset_keys(VncState *vs)
781 for(i = 0; i < 256; i++) {
782 if (vs->modifiers_state[i]) {
784 kbd_put_keycode(0xe0);
785 kbd_put_keycode(i | 0x80);
786 vs->modifiers_state[i] = 0;
791 static void do_key_event(VncState *vs, int down, uint32_t sym)
795 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
797 /* QEMU console switch */
799 case 0x2a: /* Left Shift */
800 case 0x36: /* Right Shift */
801 case 0x1d: /* Left CTRL */
802 case 0x9d: /* Right CTRL */
803 case 0x38: /* Left ALT */
804 case 0xb8: /* Right ALT */
806 vs->modifiers_state[keycode] = 1;
808 vs->modifiers_state[keycode] = 0;
810 case 0x02 ... 0x0a: /* '1' to '9' keys */
811 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
812 /* Reset the modifiers sent to the current console */
814 console_select(keycode - 0x02);
820 if (is_graphic_console()) {
822 kbd_put_keycode(0xe0);
824 kbd_put_keycode(keycode & 0x7f);
826 kbd_put_keycode(keycode | 0x80);
828 /* QEMU console emulation */
831 case 0x2a: /* Left Shift */
832 case 0x36: /* Right Shift */
833 case 0x1d: /* Left CTRL */
834 case 0x9d: /* Right CTRL */
835 case 0x38: /* Left ALT */
836 case 0xb8: /* Right ALT */
839 kbd_put_keysym(QEMU_KEY_UP);
842 kbd_put_keysym(QEMU_KEY_DOWN);
845 kbd_put_keysym(QEMU_KEY_LEFT);
848 kbd_put_keysym(QEMU_KEY_RIGHT);
851 kbd_put_keysym(QEMU_KEY_DELETE);
854 kbd_put_keysym(QEMU_KEY_HOME);
857 kbd_put_keysym(QEMU_KEY_END);
860 kbd_put_keysym(QEMU_KEY_PAGEUP);
863 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
873 static void key_event(VncState *vs, int down, uint32_t sym)
875 if (sym >= 'A' && sym <= 'Z')
876 sym = sym - 'A' + 'a';
877 do_key_event(vs, down, sym);
880 static void framebuffer_update_request(VncState *vs, int incremental,
881 int x_position, int y_position,
884 if (x_position > vs->ds->width)
885 x_position = vs->ds->width;
886 if (y_position > vs->ds->height)
887 y_position = vs->ds->height;
888 if (x_position + w >= vs->ds->width)
889 w = vs->ds->width - x_position;
890 if (y_position + h >= vs->ds->height)
891 h = vs->ds->height - y_position;
896 char *old_row = vs->old_data + y_position * vs->ds->linesize;
898 for (i = 0; i < h; i++) {
899 vnc_set_bits(vs->dirty_row[y_position + i],
900 (vs->ds->width / 16), VNC_DIRTY_WORDS);
901 memset(old_row, 42, vs->ds->width * vs->depth);
902 old_row += vs->ds->linesize;
907 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
913 vs->has_pointer_type_change = 0;
915 vs->ds->dpy_copy = NULL;
917 for (i = n_encodings - 1; i >= 0; i--) {
918 switch (encodings[i]) {
922 case 1: /* CopyRect */
923 vs->ds->dpy_copy = vnc_copy;
925 case 5: /* Hextile */
928 case -223: /* DesktopResize */
932 vs->has_pointer_type_change = 1;
939 check_pointer_type_change(vs, kbd_mouse_is_absolute());
942 static int compute_nbits(unsigned int val)
953 static void set_pixel_format(VncState *vs,
954 int bits_per_pixel, int depth,
955 int big_endian_flag, int true_color_flag,
956 int red_max, int green_max, int blue_max,
957 int red_shift, int green_shift, int blue_shift)
959 int host_big_endian_flag;
961 #ifdef WORDS_BIGENDIAN
962 host_big_endian_flag = 1;
964 host_big_endian_flag = 0;
966 if (!true_color_flag) {
968 vnc_client_error(vs);
971 if (bits_per_pixel == 32 &&
972 host_big_endian_flag == big_endian_flag &&
973 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
974 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
976 vs->write_pixels = vnc_write_pixels_copy;
977 vs->send_hextile_tile = send_hextile_tile_32;
979 if (bits_per_pixel == 16 &&
980 host_big_endian_flag == big_endian_flag &&
981 red_max == 31 && green_max == 63 && blue_max == 31 &&
982 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
984 vs->write_pixels = vnc_write_pixels_copy;
985 vs->send_hextile_tile = send_hextile_tile_16;
987 if (bits_per_pixel == 8 &&
988 red_max == 7 && green_max == 7 && blue_max == 3 &&
989 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
991 vs->write_pixels = vnc_write_pixels_copy;
992 vs->send_hextile_tile = send_hextile_tile_8;
995 /* generic and slower case */
996 if (bits_per_pixel != 8 &&
997 bits_per_pixel != 16 &&
998 bits_per_pixel != 32)
1001 vs->red_shift = red_shift;
1002 vs->red_max = red_max;
1003 vs->red_shift1 = 24 - compute_nbits(red_max);
1004 vs->green_shift = green_shift;
1005 vs->green_max = green_max;
1006 vs->green_shift1 = 16 - compute_nbits(green_max);
1007 vs->blue_shift = blue_shift;
1008 vs->blue_max = blue_max;
1009 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1010 vs->pix_bpp = bits_per_pixel / 8;
1011 vs->pix_big_endian = big_endian_flag;
1012 vs->write_pixels = vnc_write_pixels_generic;
1013 vs->send_hextile_tile = send_hextile_tile_generic;
1016 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1017 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1018 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
1020 vga_hw_invalidate();
1024 static int protocol_client_msg(VncState *vs, char *data, size_t len)
1034 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1035 read_u8(data, 6), read_u8(data, 7),
1036 read_u16(data, 8), read_u16(data, 10),
1037 read_u16(data, 12), read_u8(data, 14),
1038 read_u8(data, 15), read_u8(data, 16));
1045 return 4 + (read_u16(data, 2) * 4);
1047 limit = read_u16(data, 2);
1048 for (i = 0; i < limit; i++) {
1049 int32_t val = read_s32(data, 4 + (i * 4));
1050 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1053 set_encodings(vs, (int32_t *)(data + 4), limit);
1059 framebuffer_update_request(vs,
1060 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1061 read_u16(data, 6), read_u16(data, 8));
1067 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1073 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1080 return 8 + read_u32(data, 4);
1082 client_cut_text(vs, read_u32(data, 4), data + 8);
1085 printf("Msg: %d\n", data[0]);
1086 vnc_client_error(vs);
1090 vnc_read_when(vs, protocol_client_msg, 1);
1094 static int protocol_client_init(VncState *vs, char *data, size_t len)
1096 char pad[3] = { 0, 0, 0 };
1100 vs->width = vs->ds->width;
1101 vs->height = vs->ds->height;
1102 vnc_write_u16(vs, vs->ds->width);
1103 vnc_write_u16(vs, vs->ds->height);
1105 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1106 vnc_write_u8(vs, vs->depth * 8); /* depth */
1107 #ifdef WORDS_BIGENDIAN
1108 vnc_write_u8(vs, 1); /* big-endian-flag */
1110 vnc_write_u8(vs, 0); /* big-endian-flag */
1112 vnc_write_u8(vs, 1); /* true-color-flag */
1113 if (vs->depth == 4) {
1114 vnc_write_u16(vs, 0xFF); /* red-max */
1115 vnc_write_u16(vs, 0xFF); /* green-max */
1116 vnc_write_u16(vs, 0xFF); /* blue-max */
1117 vnc_write_u8(vs, 16); /* red-shift */
1118 vnc_write_u8(vs, 8); /* green-shift */
1119 vnc_write_u8(vs, 0); /* blue-shift */
1120 vs->send_hextile_tile = send_hextile_tile_32;
1121 } else if (vs->depth == 2) {
1122 vnc_write_u16(vs, 31); /* red-max */
1123 vnc_write_u16(vs, 63); /* green-max */
1124 vnc_write_u16(vs, 31); /* blue-max */
1125 vnc_write_u8(vs, 11); /* red-shift */
1126 vnc_write_u8(vs, 5); /* green-shift */
1127 vnc_write_u8(vs, 0); /* blue-shift */
1128 vs->send_hextile_tile = send_hextile_tile_16;
1129 } else if (vs->depth == 1) {
1130 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1131 vnc_write_u16(vs, 7); /* red-max */
1132 vnc_write_u16(vs, 7); /* green-max */
1133 vnc_write_u16(vs, 3); /* blue-max */
1134 vnc_write_u8(vs, 5); /* red-shift */
1135 vnc_write_u8(vs, 2); /* green-shift */
1136 vnc_write_u8(vs, 0); /* blue-shift */
1137 vs->send_hextile_tile = send_hextile_tile_8;
1139 vs->write_pixels = vnc_write_pixels_copy;
1141 vnc_write(vs, pad, 3); /* padding */
1144 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1146 size = snprintf(buf, sizeof(buf), "QEMU");
1148 vnc_write_u32(vs, size);
1149 vnc_write(vs, buf, size);
1152 vnc_read_when(vs, protocol_client_msg, 1);
1157 static void make_challenge(VncState *vs)
1161 srand(time(NULL)+getpid()+getpid()*987654+rand());
1163 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1164 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1167 static int protocol_client_auth_vnc(VncState *vs, char *data, size_t len)
1169 char response[VNC_AUTH_CHALLENGE_SIZE];
1173 if (!vs->password || !vs->password[0]) {
1174 VNC_DEBUG("No password configured on server");
1175 vnc_write_u32(vs, 1); /* Reject auth */
1176 if (vs->minor >= 8) {
1177 static const char err[] = "Authentication failed";
1178 vnc_write_u32(vs, sizeof(err));
1179 vnc_write(vs, err, sizeof(err));
1182 vnc_client_error(vs);
1186 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1188 /* Calculate the expected challenge response */
1189 pwlen = strlen(vs->password);
1190 for (i=0; i<sizeof(key); i++)
1191 key[i] = i<pwlen ? vs->password[i] : 0;
1193 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1194 des(response+j, response+j);
1196 /* Compare expected vs actual challenge response */
1197 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1198 VNC_DEBUG("Client challenge reponse did not match\n");
1199 vnc_write_u32(vs, 1); /* Reject auth */
1200 if (vs->minor >= 8) {
1201 static const char err[] = "Authentication failed";
1202 vnc_write_u32(vs, sizeof(err));
1203 vnc_write(vs, err, sizeof(err));
1206 vnc_client_error(vs);
1208 VNC_DEBUG("Accepting VNC challenge response\n");
1209 vnc_write_u32(vs, 0); /* Accept auth */
1212 vnc_read_when(vs, protocol_client_init, 1);
1217 static int start_auth_vnc(VncState *vs)
1220 /* Send client a 'random' challenge */
1221 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1224 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1228 static int protocol_client_auth(VncState *vs, char *data, size_t len)
1230 /* We only advertise 1 auth scheme at a time, so client
1231 * must pick the one we sent. Verify this */
1232 if (data[0] != vs->auth) { /* Reject auth */
1233 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1234 vnc_write_u32(vs, 1);
1235 if (vs->minor >= 8) {
1236 static const char err[] = "Authentication failed";
1237 vnc_write_u32(vs, sizeof(err));
1238 vnc_write(vs, err, sizeof(err));
1240 vnc_client_error(vs);
1241 } else { /* Accept requested auth */
1242 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1245 VNC_DEBUG("Accept auth none\n");
1246 vnc_write_u32(vs, 0); /* Accept auth completion */
1247 vnc_read_when(vs, protocol_client_init, 1);
1251 VNC_DEBUG("Start VNC auth\n");
1252 return start_auth_vnc(vs);
1254 default: /* Should not be possible, but just in case */
1255 VNC_DEBUG("Reject auth %d\n", vs->auth);
1256 vnc_write_u8(vs, 1);
1257 if (vs->minor >= 8) {
1258 static const char err[] = "Authentication failed";
1259 vnc_write_u32(vs, sizeof(err));
1260 vnc_write(vs, err, sizeof(err));
1262 vnc_client_error(vs);
1268 static int protocol_version(VncState *vs, char *version, size_t len)
1272 memcpy(local, version, 12);
1275 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1276 VNC_DEBUG("Malformed protocol version %s\n", local);
1277 vnc_client_error(vs);
1280 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1281 if (vs->major != 3 ||
1286 VNC_DEBUG("Unsupported client version\n");
1287 vnc_write_u32(vs, VNC_AUTH_INVALID);
1289 vnc_client_error(vs);
1292 /* Some broken client report v3.5 which spec requires to be treated
1293 * as equivalent to v3.3 by servers
1298 if (vs->minor == 3) {
1299 if (vs->auth == VNC_AUTH_NONE) {
1300 VNC_DEBUG("Tell client auth none\n");
1301 vnc_write_u32(vs, vs->auth);
1303 vnc_read_when(vs, protocol_client_init, 1);
1304 } else if (vs->auth == VNC_AUTH_VNC) {
1305 VNC_DEBUG("Tell client VNC auth\n");
1306 vnc_write_u32(vs, vs->auth);
1310 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1311 vnc_write_u32(vs, VNC_AUTH_INVALID);
1313 vnc_client_error(vs);
1316 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1317 vnc_write_u8(vs, 1); /* num auth */
1318 vnc_write_u8(vs, vs->auth);
1319 vnc_read_when(vs, protocol_client_auth, 1);
1326 static void vnc_listen_read(void *opaque)
1328 VncState *vs = opaque;
1329 struct sockaddr_in addr;
1330 socklen_t addrlen = sizeof(addr);
1332 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1333 if (vs->csock != -1) {
1334 socket_set_nonblock(vs->csock);
1335 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, opaque);
1336 vnc_write(vs, "RFB 003.008\n", 12);
1338 vnc_read_when(vs, protocol_version, 12);
1339 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1340 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1342 vs->has_hextile = 0;
1343 vs->ds->dpy_copy = NULL;
1347 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1349 void vnc_display_init(DisplayState *ds)
1353 vs = qemu_mallocz(sizeof(VncState));
1360 vs->password = NULL;
1370 if (!keyboard_layout)
1371 keyboard_layout = "en-us";
1373 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1374 if (!vs->kbd_layout)
1377 vs->ds->data = NULL;
1378 vs->ds->dpy_update = vnc_dpy_update;
1379 vs->ds->dpy_resize = vnc_dpy_resize;
1380 vs->ds->dpy_refresh = vnc_dpy_refresh;
1382 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1384 vnc_dpy_resize(vs->ds, 640, 400);
1387 void vnc_display_close(DisplayState *ds)
1389 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
1392 qemu_free(vs->display);
1395 if (vs->lsock != -1) {
1396 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
1400 if (vs->csock != -1) {
1401 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1402 closesocket(vs->csock);
1404 buffer_reset(&vs->input);
1405 buffer_reset(&vs->output);
1406 vs->need_update = 0;
1408 vs->auth = VNC_AUTH_INVALID;
1411 int vnc_display_password(DisplayState *ds, const char *password)
1413 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
1416 qemu_free(vs->password);
1417 vs->password = NULL;
1419 if (password && password[0]) {
1420 if (!(vs->password = qemu_strdup(password)))
1427 int vnc_display_open(DisplayState *ds, const char *display)
1429 struct sockaddr *addr;
1430 struct sockaddr_in iaddr;
1432 struct sockaddr_un uaddr;
1434 int reuse_addr, ret;
1437 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
1438 const char *options;
1441 vnc_display_close(ds);
1442 if (strcmp(display, "none") == 0)
1445 if (!(vs->display = strdup(display)))
1449 while ((options = strchr(options, ','))) {
1451 if (strncmp(options, "password", 8) == 0)
1452 password = 1; /* Require password auth */
1456 VNC_DEBUG("Initializing VNC server with password auth\n");
1457 vs->auth = VNC_AUTH_VNC;
1459 VNC_DEBUG("Initializing VNC server with no auth\n");
1460 vs->auth = VNC_AUTH_NONE;
1463 if (strstart(display, "unix:", &p)) {
1464 addr = (struct sockaddr *)&uaddr;
1465 addrlen = sizeof(uaddr);
1467 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
1468 if (vs->lsock == -1) {
1469 fprintf(stderr, "Could not create socket\n");
1475 uaddr.sun_family = AF_UNIX;
1476 memset(uaddr.sun_path, 0, 108);
1477 snprintf(uaddr.sun_path, 108, "%s", p);
1479 unlink(uaddr.sun_path);
1483 addr = (struct sockaddr *)&iaddr;
1484 addrlen = sizeof(iaddr);
1486 if (parse_host_port(&iaddr, display) < 0) {
1487 fprintf(stderr, "Could not parse VNC address\n");
1493 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + 5900);
1495 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
1496 if (vs->lsock == -1) {
1497 fprintf(stderr, "Could not create socket\n");
1504 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
1505 (const char *)&reuse_addr, sizeof(reuse_addr));
1507 fprintf(stderr, "setsockopt() failed\n");
1516 if (bind(vs->lsock, addr, addrlen) == -1) {
1517 fprintf(stderr, "bind() failed\n");
1525 if (listen(vs->lsock, 1) == -1) {
1526 fprintf(stderr, "listen() failed\n");
1534 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);