2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
35 #include "vnc_keysym.h"
38 #define count_bits(c, v) { \
39 for (c = 0; v; v >>= 1) \
46 static VncDisplay
*vnc_display
; /* needed for info vnc */
47 static DisplayChangeListener
*dcl
;
49 static char *addr_to_string(const char *format
,
50 struct sockaddr_storage
*sa
,
53 char host
[NI_MAXHOST
];
54 char serv
[NI_MAXSERV
];
58 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
61 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
62 VNC_DEBUG("Cannot resolve address %d: %s\n",
63 err
, gai_strerror(err
));
67 /* Enough for the existing format + the 2 vars we're
69 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
70 addr
= qemu_malloc(addrlen
+ 1);
71 snprintf(addr
, addrlen
, format
, host
, serv
);
78 char *vnc_socket_local_addr(const char *format
, int fd
) {
79 struct sockaddr_storage sa
;
83 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
86 return addr_to_string(format
, &sa
, salen
);
90 char *vnc_socket_remote_addr(const char *format
, int fd
) {
91 struct sockaddr_storage sa
;
95 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
98 return addr_to_string(format
, &sa
, salen
);
101 static const char *vnc_auth_name(VncDisplay
*vd
) {
103 case VNC_AUTH_INVALID
:
119 case VNC_AUTH_VENCRYPT
:
120 #ifdef CONFIG_VNC_TLS
121 switch (vd
->subauth
) {
122 case VNC_AUTH_VENCRYPT_PLAIN
:
123 return "vencrypt+plain";
124 case VNC_AUTH_VENCRYPT_TLSNONE
:
125 return "vencrypt+tls+none";
126 case VNC_AUTH_VENCRYPT_TLSVNC
:
127 return "vencrypt+tls+vnc";
128 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
129 return "vencrypt+tls+plain";
130 case VNC_AUTH_VENCRYPT_X509NONE
:
131 return "vencrypt+x509+none";
132 case VNC_AUTH_VENCRYPT_X509VNC
:
133 return "vencrypt+x509+vnc";
134 case VNC_AUTH_VENCRYPT_X509PLAIN
:
135 return "vencrypt+x509+plain";
136 case VNC_AUTH_VENCRYPT_TLSSASL
:
137 return "vencrypt+tls+sasl";
138 case VNC_AUTH_VENCRYPT_X509SASL
:
139 return "vencrypt+x509+sasl";
152 static void do_info_vnc_client(Monitor
*mon
, VncState
*client
)
155 vnc_socket_remote_addr(" address: %s:%s\n",
160 monitor_printf(mon
, "Client:\n");
161 monitor_printf(mon
, "%s", clientAddr
);
164 #ifdef CONFIG_VNC_TLS
165 if (client
->tls
.session
&&
167 monitor_printf(mon
, " x509 dname: %s\n", client
->tls
.dname
);
169 monitor_printf(mon
, " x509 dname: none\n");
171 #ifdef CONFIG_VNC_SASL
172 if (client
->sasl
.conn
&&
173 client
->sasl
.username
)
174 monitor_printf(mon
, " username: %s\n", client
->sasl
.username
);
176 monitor_printf(mon
, " username: none\n");
180 void do_info_vnc(Monitor
*mon
)
182 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
183 monitor_printf(mon
, "Server: disabled\n");
185 char *serverAddr
= vnc_socket_local_addr(" address: %s:%s\n",
191 monitor_printf(mon
, "Server:\n");
192 monitor_printf(mon
, "%s", serverAddr
);
194 monitor_printf(mon
, " auth: %s\n", vnc_auth_name(vnc_display
));
196 if (vnc_display
->clients
) {
197 VncState
*client
= vnc_display
->clients
;
199 do_info_vnc_client(mon
, client
);
200 client
= client
->next
;
203 monitor_printf(mon
, "Client: none\n");
208 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
209 return (vs
->features
& (1 << feature
));
213 1) Get the queue working for IO.
214 2) there is some weirdness when using the -S option (the screen is grey
215 and not totally invalidated
216 3) resolutions > 1024
219 static void vnc_update_client(void *opaque
);
221 static void vnc_colordepth(VncState
*vs
);
223 static inline void vnc_set_bit(uint32_t *d
, int k
)
225 d
[k
>> 5] |= 1 << (k
& 0x1f);
228 static inline void vnc_clear_bit(uint32_t *d
, int k
)
230 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
233 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
243 d
[j
++] = (1 << n
) - 1;
248 static inline int vnc_get_bit(const uint32_t *d
, int k
)
250 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
253 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
257 for(i
= 0; i
< nb_words
; i
++) {
258 if ((d1
[i
] & d2
[i
]) != 0)
264 static void vnc_update(VncState
*vs
, int x
, int y
, int w
, int h
)
270 /* round x down to ensure the loop only spans one 16-pixel block per,
271 iteration. otherwise, if (x % 16) != 0, the last iteration may span
272 two 16-pixel blocks but we only mark the first as dirty
277 x
= MIN(x
, vs
->serverds
.width
);
278 y
= MIN(y
, vs
->serverds
.height
);
279 w
= MIN(x
+ w
, vs
->serverds
.width
) - x
;
280 h
= MIN(h
, vs
->serverds
.height
);
283 for (i
= 0; i
< w
; i
+= 16)
284 vnc_set_bit(vs
->dirty_row
[y
], (x
+ i
) / 16);
287 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
289 VncDisplay
*vd
= ds
->opaque
;
290 VncState
*vs
= vd
->clients
;
292 vnc_update(vs
, x
, y
, w
, h
);
297 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
300 vnc_write_u16(vs
, x
);
301 vnc_write_u16(vs
, y
);
302 vnc_write_u16(vs
, w
);
303 vnc_write_u16(vs
, h
);
305 vnc_write_s32(vs
, encoding
);
308 void buffer_reserve(Buffer
*buffer
, size_t len
)
310 if ((buffer
->capacity
- buffer
->offset
) < len
) {
311 buffer
->capacity
+= (len
+ 1024);
312 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
313 if (buffer
->buffer
== NULL
) {
314 fprintf(stderr
, "vnc: out of memory\n");
320 int buffer_empty(Buffer
*buffer
)
322 return buffer
->offset
== 0;
325 uint8_t *buffer_end(Buffer
*buffer
)
327 return buffer
->buffer
+ buffer
->offset
;
330 void buffer_reset(Buffer
*buffer
)
335 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
337 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
338 buffer
->offset
+= len
;
341 static void vnc_resize(VncState
*vs
)
343 DisplayState
*ds
= vs
->ds
;
347 vs
->old_data
= qemu_realloc(vs
->old_data
, ds_get_linesize(ds
) * ds_get_height(ds
));
349 if (vs
->old_data
== NULL
) {
350 fprintf(stderr
, "vnc: memory allocation failed\n");
354 if (ds_get_bytes_per_pixel(ds
) != vs
->serverds
.pf
.bytes_per_pixel
)
355 console_color_init(ds
);
357 size_changed
= ds_get_width(ds
) != vs
->serverds
.width
||
358 ds_get_height(ds
) != vs
->serverds
.height
;
359 vs
->serverds
= *(ds
->surface
);
361 if (vs
->csock
!= -1 && vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
362 vnc_write_u8(vs
, 0); /* msg id */
364 vnc_write_u16(vs
, 1); /* number of rects */
365 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
),
366 VNC_ENCODING_DESKTOPRESIZE
);
371 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
372 memset(vs
->old_data
, 42, ds_get_linesize(vs
->ds
) * ds_get_height(vs
->ds
));
375 static void vnc_dpy_resize(DisplayState
*ds
)
377 VncDisplay
*vd
= ds
->opaque
;
378 VncState
*vs
= vd
->clients
;
386 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
388 vnc_write(vs
, pixels
, size
);
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
396 r
= ((((v
& vs
->serverds
.pf
.rmask
) >> vs
->serverds
.pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
397 vs
->serverds
.pf
.rbits
);
398 g
= ((((v
& vs
->serverds
.pf
.gmask
) >> vs
->serverds
.pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
399 vs
->serverds
.pf
.gbits
);
400 b
= ((((v
& vs
->serverds
.pf
.bmask
) >> vs
->serverds
.pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
401 vs
->serverds
.pf
.bbits
);
402 v
= (r
<< vs
->clientds
.pf
.rshift
) |
403 (g
<< vs
->clientds
.pf
.gshift
) |
404 (b
<< vs
->clientds
.pf
.bshift
);
405 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
410 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
420 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
435 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
439 if (vs
->serverds
.pf
.bytes_per_pixel
== 4) {
440 uint32_t *pixels
= pixels1
;
443 for(i
= 0; i
< n
; i
++) {
444 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
445 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
447 } else if (vs
->serverds
.pf
.bytes_per_pixel
== 2) {
448 uint16_t *pixels
= pixels1
;
451 for(i
= 0; i
< n
; i
++) {
452 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
453 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
455 } else if (vs
->serverds
.pf
.bytes_per_pixel
== 1) {
456 uint8_t *pixels
= pixels1
;
459 for(i
= 0; i
< n
; i
++) {
460 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
461 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
464 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
468 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
473 row
= ds_get_data(vs
->ds
) + y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
474 for (i
= 0; i
< h
; i
++) {
475 vs
->write_pixels(vs
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
476 row
+= ds_get_linesize(vs
->ds
);
480 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
482 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
483 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
487 #include "vnchextile.h"
491 #include "vnchextile.h"
495 #include "vnchextile.h"
500 #include "vnchextile.h"
506 #include "vnchextile.h"
512 #include "vnchextile.h"
516 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
520 uint8_t *last_fg
, *last_bg
;
522 last_fg
= (uint8_t *) qemu_malloc(vs
->serverds
.pf
.bytes_per_pixel
);
523 last_bg
= (uint8_t *) qemu_malloc(vs
->serverds
.pf
.bytes_per_pixel
);
525 for (j
= y
; j
< (y
+ h
); j
+= 16) {
526 for (i
= x
; i
< (x
+ w
); i
+= 16) {
527 vs
->send_hextile_tile(vs
, i
, j
,
528 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
529 last_bg
, last_fg
, &has_bg
, &has_fg
);
537 static void vnc_zlib_init(VncState
*vs
)
540 for (i
=0; i
<(sizeof(vs
->zlib_stream
) / sizeof(z_stream
)); i
++)
541 vs
->zlib_stream
[i
].opaque
= NULL
;
544 static void vnc_zlib_start(VncState
*vs
)
546 buffer_reset(&vs
->zlib
);
548 // make the output buffer be the zlib buffer, so we can compress it later
549 vs
->zlib_tmp
= vs
->output
;
550 vs
->output
= vs
->zlib
;
553 static int vnc_zlib_stop(VncState
*vs
, int stream_id
)
555 z_streamp zstream
= &vs
->zlib_stream
[stream_id
];
558 // switch back to normal output/zlib buffers
559 vs
->zlib
= vs
->output
;
560 vs
->output
= vs
->zlib_tmp
;
562 // compress the zlib buffer
564 // initialize the stream
565 // XXX need one stream per session
566 if (zstream
->opaque
!= vs
) {
569 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id
);
570 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream
->opaque
, vs
);
571 zstream
->zalloc
= Z_NULL
;
572 zstream
->zfree
= Z_NULL
;
574 err
= deflateInit2(zstream
, vs
->tight_compression
, Z_DEFLATED
, MAX_WBITS
,
575 MAX_MEM_LEVEL
, Z_DEFAULT_STRATEGY
);
578 fprintf(stderr
, "VNC: error initializing zlib\n");
582 zstream
->opaque
= vs
;
585 // XXX what to do if tight_compression changed in between?
587 // reserve memory in output buffer
588 buffer_reserve(&vs
->output
, vs
->zlib
.offset
+ 64);
591 zstream
->next_in
= vs
->zlib
.buffer
;
592 zstream
->avail_in
= vs
->zlib
.offset
;
593 zstream
->next_out
= vs
->output
.buffer
+ vs
->output
.offset
;
594 zstream
->avail_out
= vs
->output
.capacity
- vs
->output
.offset
;
595 zstream
->data_type
= Z_BINARY
;
596 previous_out
= zstream
->total_out
;
599 if (deflate(zstream
, Z_SYNC_FLUSH
) != Z_OK
) {
600 fprintf(stderr
, "VNC: error during zlib compression\n");
604 vs
->output
.offset
= vs
->output
.capacity
- zstream
->avail_out
;
605 return zstream
->total_out
- previous_out
;
608 static void send_framebuffer_update_zlib(VncState
*vs
, int x
, int y
, int w
, int h
)
610 int old_offset
, new_offset
, bytes_written
;
612 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_ZLIB
);
614 // remember where we put in the follow-up size
615 old_offset
= vs
->output
.offset
;
616 vnc_write_s32(vs
, 0);
618 // compress the stream
620 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
621 bytes_written
= vnc_zlib_stop(vs
, 0);
623 if (bytes_written
== -1)
627 new_offset
= vs
->output
.offset
;
628 vs
->output
.offset
= old_offset
;
629 vnc_write_u32(vs
, bytes_written
);
630 vs
->output
.offset
= new_offset
;
633 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
635 switch(vs
->vnc_encoding
) {
636 case VNC_ENCODING_ZLIB
:
637 send_framebuffer_update_zlib(vs
, x
, y
, w
, h
);
639 case VNC_ENCODING_HEXTILE
:
640 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
641 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
644 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
645 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
650 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
652 vnc_update_client(vs
);
654 vnc_write_u8(vs
, 0); /* msg id */
656 vnc_write_u16(vs
, 1); /* number of rects */
657 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
658 vnc_write_u16(vs
, src_x
);
659 vnc_write_u16(vs
, src_y
);
663 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
665 VncDisplay
*vd
= ds
->opaque
;
666 VncState
*vs
= vd
->clients
;
668 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
))
669 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
671 vnc_update(vs
, dst_x
, dst_y
, w
, h
);
676 static int find_dirty_height(VncState
*vs
, int y
, int last_x
, int x
)
680 for (h
= 1; h
< (vs
->serverds
.height
- y
); h
++) {
682 if (!vnc_get_bit(vs
->dirty_row
[y
+ h
], last_x
))
684 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
685 vnc_clear_bit(vs
->dirty_row
[y
+ h
], tmp_x
);
691 static void vnc_update_client(void *opaque
)
693 VncState
*vs
= opaque
;
694 if (vs
->need_update
&& vs
->csock
!= -1) {
698 uint32_t width_mask
[VNC_DIRTY_WORDS
];
705 vnc_set_bits(width_mask
, (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
707 /* Walk through the dirty map and eliminate tiles that
708 really aren't dirty */
709 row
= ds_get_data(vs
->ds
);
710 old_row
= vs
->old_data
;
712 for (y
= 0; y
< ds_get_height(vs
->ds
); y
++) {
713 if (vnc_and_bits(vs
->dirty_row
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
719 old_ptr
= (char*)old_row
;
721 for (x
= 0; x
< ds_get_width(vs
->ds
); x
+= 16) {
722 if (memcmp(old_ptr
, ptr
, 16 * ds_get_bytes_per_pixel(vs
->ds
)) == 0) {
723 vnc_clear_bit(vs
->dirty_row
[y
], (x
/ 16));
726 memcpy(old_ptr
, ptr
, 16 * ds_get_bytes_per_pixel(vs
->ds
));
729 ptr
+= 16 * ds_get_bytes_per_pixel(vs
->ds
);
730 old_ptr
+= 16 * ds_get_bytes_per_pixel(vs
->ds
);
734 row
+= ds_get_linesize(vs
->ds
);
735 old_row
+= ds_get_linesize(vs
->ds
);
738 if (!has_dirty
&& !vs
->audio_cap
) {
739 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
743 /* Count rectangles */
745 vnc_write_u8(vs
, 0); /* msg id */
747 saved_offset
= vs
->output
.offset
;
748 vnc_write_u16(vs
, 0);
750 for (y
= 0; y
< vs
->serverds
.height
; y
++) {
753 for (x
= 0; x
< vs
->serverds
.width
/ 16; x
++) {
754 if (vnc_get_bit(vs
->dirty_row
[y
], x
)) {
758 vnc_clear_bit(vs
->dirty_row
[y
], x
);
761 int h
= find_dirty_height(vs
, y
, last_x
, x
);
762 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
769 int h
= find_dirty_height(vs
, y
, last_x
, x
);
770 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
774 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
775 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
780 if (vs
->csock
!= -1) {
781 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
787 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
789 VncState
*vs
= opaque
;
792 case AUD_CNOTIFY_DISABLE
:
793 vnc_write_u8(vs
, 255);
795 vnc_write_u16(vs
, 0);
799 case AUD_CNOTIFY_ENABLE
:
800 vnc_write_u8(vs
, 255);
802 vnc_write_u16(vs
, 1);
808 static void audio_capture_destroy(void *opaque
)
812 static void audio_capture(void *opaque
, void *buf
, int size
)
814 VncState
*vs
= opaque
;
816 vnc_write_u8(vs
, 255);
818 vnc_write_u16(vs
, 2);
819 vnc_write_u32(vs
, size
);
820 vnc_write(vs
, buf
, size
);
824 static void audio_add(VncState
*vs
)
826 Monitor
*mon
= cur_mon
;
827 struct audio_capture_ops ops
;
830 monitor_printf(mon
, "audio already running\n");
834 ops
.notify
= audio_capture_notify
;
835 ops
.destroy
= audio_capture_destroy
;
836 ops
.capture
= audio_capture
;
838 vs
->audio_cap
= AUD_add_capture(NULL
, &vs
->as
, &ops
, vs
);
839 if (!vs
->audio_cap
) {
840 monitor_printf(mon
, "Failed to add audio capture\n");
844 static void audio_del(VncState
*vs
)
847 AUD_del_capture(vs
->audio_cap
, vs
);
848 vs
->audio_cap
= NULL
;
853 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
855 if (ret
== 0 || ret
== -1) {
857 switch (last_errno
) {
869 VNC_DEBUG("Closing down client sock %d %d\n", ret
, ret
< 0 ? last_errno
: 0);
870 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
871 closesocket(vs
->csock
);
872 qemu_del_timer(vs
->timer
);
873 qemu_free_timer(vs
->timer
);
874 if (vs
->input
.buffer
) qemu_free(vs
->input
.buffer
);
875 if (vs
->output
.buffer
) qemu_free(vs
->output
.buffer
);
876 #ifdef CONFIG_VNC_TLS
877 vnc_tls_client_cleanup(vs
);
878 #endif /* CONFIG_VNC_TLS */
879 #ifdef CONFIG_VNC_SASL
880 vnc_sasl_client_cleanup(vs
);
881 #endif /* CONFIG_VNC_SASL */
884 VncState
*p
, *parent
= NULL
;
885 for (p
= vs
->vd
->clients
; p
!= NULL
; p
= p
->next
) {
888 parent
->next
= p
->next
;
890 vs
->vd
->clients
= p
->next
;
895 if (!vs
->vd
->clients
)
898 qemu_free(vs
->old_data
);
907 void vnc_client_error(VncState
*vs
)
909 vnc_client_io_error(vs
, -1, EINVAL
);
914 * Called to write a chunk of data to the client socket. The data may
915 * be the raw data, or may have already been encoded by SASL.
916 * The data will be written either straight onto the socket, or
917 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
919 * NB, it is theoretically possible to have 2 layers of encryption,
920 * both SASL, and this TLS layer. It is highly unlikely in practice
921 * though, since SASL encryption will typically be a no-op if TLS
924 * Returns the number of bytes written, which may be less than
925 * the requested 'datalen' if the socket would block. Returns
926 * -1 on error, and disconnects the client socket.
928 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
931 #ifdef CONFIG_VNC_TLS
932 if (vs
->tls
.session
) {
933 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
935 if (ret
== GNUTLS_E_AGAIN
)
942 #endif /* CONFIG_VNC_TLS */
943 ret
= send(vs
->csock
, data
, datalen
, 0);
944 VNC_DEBUG("Wrote wire %p %d -> %ld\n", data
, datalen
, ret
);
945 return vnc_client_io_error(vs
, ret
, socket_error());
950 * Called to write buffered data to the client socket, when not
951 * using any SASL SSF encryption layers. Will write as much data
952 * as possible without blocking. If all buffered data is written,
953 * will switch the FD poll() handler back to read monitoring.
955 * Returns the number of bytes written, which may be less than
956 * the buffered output data if the socket would block. Returns
957 * -1 on error, and disconnects the client socket.
959 static long vnc_client_write_plain(VncState
*vs
)
963 #ifdef CONFIG_VNC_SASL
964 VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
965 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
966 vs
->sasl
.waitWriteSSF
);
970 vs
->sasl
.waitWriteSSF
) {
971 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
973 vs
->sasl
.waitWriteSSF
-= ret
;
975 #endif /* CONFIG_VNC_SASL */
976 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
980 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
981 vs
->output
.offset
-= ret
;
983 if (vs
->output
.offset
== 0) {
984 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
992 * First function called whenever there is data to be written to
993 * the client socket. Will delegate actual work according to whether
994 * SASL SSF layers are enabled (thus requiring encryption calls)
996 void vnc_client_write(void *opaque
)
999 VncState
*vs
= opaque
;
1001 #ifdef CONFIG_VNC_SASL
1002 if (vs
->sasl
.conn
&&
1004 !vs
->sasl
.waitWriteSSF
)
1005 ret
= vnc_client_write_sasl(vs
);
1007 #endif /* CONFIG_VNC_SASL */
1008 ret
= vnc_client_write_plain(vs
);
1011 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1013 vs
->read_handler
= func
;
1014 vs
->read_handler_expect
= expecting
;
1019 * Called to read a chunk of data from the client socket. The data may
1020 * be the raw data, or may need to be further decoded by SASL.
1021 * The data will be read either straight from to the socket, or
1022 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1024 * NB, it is theoretically possible to have 2 layers of encryption,
1025 * both SASL, and this TLS layer. It is highly unlikely in practice
1026 * though, since SASL encryption will typically be a no-op if TLS
1029 * Returns the number of bytes read, which may be less than
1030 * the requested 'datalen' if the socket would block. Returns
1031 * -1 on error, and disconnects the client socket.
1033 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1036 #ifdef CONFIG_VNC_TLS
1037 if (vs
->tls
.session
) {
1038 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1040 if (ret
== GNUTLS_E_AGAIN
)
1047 #endif /* CONFIG_VNC_TLS */
1048 ret
= recv(vs
->csock
, data
, datalen
, 0);
1049 VNC_DEBUG("Read wire %p %d -> %ld\n", data
, datalen
, ret
);
1050 return vnc_client_io_error(vs
, ret
, socket_error());
1055 * Called to read data from the client socket to the input buffer,
1056 * when not using any SASL SSF encryption layers. Will read as much
1057 * data as possible without blocking.
1059 * Returns the number of bytes read. Returns -1 on error, and
1060 * disconnects the client socket.
1062 static long vnc_client_read_plain(VncState
*vs
)
1065 VNC_DEBUG("Read plain %p size %d offset %d\n",
1066 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1067 buffer_reserve(&vs
->input
, 4096);
1068 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1071 vs
->input
.offset
+= ret
;
1077 * First function called whenever there is more data to be read from
1078 * the client socket. Will delegate actual work according to whether
1079 * SASL SSF layers are enabled (thus requiring decryption calls)
1081 void vnc_client_read(void *opaque
)
1083 VncState
*vs
= opaque
;
1086 #ifdef CONFIG_VNC_SASL
1087 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1088 ret
= vnc_client_read_sasl(vs
);
1090 #endif /* CONFIG_VNC_SASL */
1091 ret
= vnc_client_read_plain(vs
);
1095 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1096 size_t len
= vs
->read_handler_expect
;
1099 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1100 if (vs
->csock
== -1)
1104 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1105 vs
->input
.offset
-= len
;
1107 vs
->read_handler_expect
= ret
;
1112 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1114 buffer_reserve(&vs
->output
, len
);
1116 if (buffer_empty(&vs
->output
)) {
1117 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1120 buffer_append(&vs
->output
, data
, len
);
1123 void vnc_write_s32(VncState
*vs
, int32_t value
)
1125 vnc_write_u32(vs
, *(uint32_t *)&value
);
1128 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1132 buf
[0] = (value
>> 24) & 0xFF;
1133 buf
[1] = (value
>> 16) & 0xFF;
1134 buf
[2] = (value
>> 8) & 0xFF;
1135 buf
[3] = value
& 0xFF;
1137 vnc_write(vs
, buf
, 4);
1140 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1144 buf
[0] = (value
>> 8) & 0xFF;
1145 buf
[1] = value
& 0xFF;
1147 vnc_write(vs
, buf
, 2);
1150 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1152 vnc_write(vs
, (char *)&value
, 1);
1155 void vnc_flush(VncState
*vs
)
1157 if (vs
->output
.offset
)
1158 vnc_client_write(vs
);
1161 uint8_t read_u8(uint8_t *data
, size_t offset
)
1163 return data
[offset
];
1166 uint16_t read_u16(uint8_t *data
, size_t offset
)
1168 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1171 int32_t read_s32(uint8_t *data
, size_t offset
)
1173 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1174 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1177 uint32_t read_u32(uint8_t *data
, size_t offset
)
1179 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1180 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1183 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1187 static void check_pointer_type_change(VncState
*vs
, int absolute
)
1189 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1190 vnc_write_u8(vs
, 0);
1191 vnc_write_u8(vs
, 0);
1192 vnc_write_u16(vs
, 1);
1193 vnc_framebuffer_update(vs
, absolute
, 0,
1194 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1195 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1198 vs
->absolute
= absolute
;
1201 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1206 if (button_mask
& 0x01)
1207 buttons
|= MOUSE_EVENT_LBUTTON
;
1208 if (button_mask
& 0x02)
1209 buttons
|= MOUSE_EVENT_MBUTTON
;
1210 if (button_mask
& 0x04)
1211 buttons
|= MOUSE_EVENT_RBUTTON
;
1212 if (button_mask
& 0x08)
1214 if (button_mask
& 0x10)
1218 kbd_mouse_event(x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1),
1219 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1),
1221 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1225 kbd_mouse_event(x
, y
, dz
, buttons
);
1227 if (vs
->last_x
!= -1)
1228 kbd_mouse_event(x
- vs
->last_x
,
1235 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1238 static void reset_keys(VncState
*vs
)
1241 for(i
= 0; i
< 256; i
++) {
1242 if (vs
->modifiers_state
[i
]) {
1244 kbd_put_keycode(0xe0);
1245 kbd_put_keycode(i
| 0x80);
1246 vs
->modifiers_state
[i
] = 0;
1251 static void press_key(VncState
*vs
, int keysym
)
1253 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & 0x7f);
1254 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) | 0x80);
1257 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1259 /* QEMU console switch */
1261 case 0x2a: /* Left Shift */
1262 case 0x36: /* Right Shift */
1263 case 0x1d: /* Left CTRL */
1264 case 0x9d: /* Right CTRL */
1265 case 0x38: /* Left ALT */
1266 case 0xb8: /* Right ALT */
1268 vs
->modifiers_state
[keycode
] = 1;
1270 vs
->modifiers_state
[keycode
] = 0;
1272 case 0x02 ... 0x0a: /* '1' to '9' keys */
1273 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1274 /* Reset the modifiers sent to the current console */
1276 console_select(keycode
- 0x02);
1280 case 0x3a: /* CapsLock */
1281 case 0x45: /* NumLock */
1283 vs
->modifiers_state
[keycode
] ^= 1;
1287 if (keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1288 /* If the numlock state needs to change then simulate an additional
1289 keypress before sending this one. This will happen if the user
1290 toggles numlock away from the VNC window.
1292 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1293 if (!vs
->modifiers_state
[0x45]) {
1294 vs
->modifiers_state
[0x45] = 1;
1295 press_key(vs
, 0xff7f);
1298 if (vs
->modifiers_state
[0x45]) {
1299 vs
->modifiers_state
[0x45] = 0;
1300 press_key(vs
, 0xff7f);
1305 if (is_graphic_console()) {
1307 kbd_put_keycode(0xe0);
1309 kbd_put_keycode(keycode
& 0x7f);
1311 kbd_put_keycode(keycode
| 0x80);
1313 /* QEMU console emulation */
1316 case 0x2a: /* Left Shift */
1317 case 0x36: /* Right Shift */
1318 case 0x1d: /* Left CTRL */
1319 case 0x9d: /* Right CTRL */
1320 case 0x38: /* Left ALT */
1321 case 0xb8: /* Right ALT */
1324 kbd_put_keysym(QEMU_KEY_UP
);
1327 kbd_put_keysym(QEMU_KEY_DOWN
);
1330 kbd_put_keysym(QEMU_KEY_LEFT
);
1333 kbd_put_keysym(QEMU_KEY_RIGHT
);
1336 kbd_put_keysym(QEMU_KEY_DELETE
);
1339 kbd_put_keysym(QEMU_KEY_HOME
);
1342 kbd_put_keysym(QEMU_KEY_END
);
1345 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1348 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1351 kbd_put_keysym(sym
);
1358 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1362 if (sym
>= 'A' && sym
<= 'Z' && is_graphic_console())
1363 sym
= sym
- 'A' + 'a';
1365 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, sym
& 0xFFFF);
1366 do_key_event(vs
, down
, keycode
, sym
);
1369 static void ext_key_event(VncState
*vs
, int down
,
1370 uint32_t sym
, uint16_t keycode
)
1372 /* if the user specifies a keyboard layout, always use it */
1373 if (keyboard_layout
)
1374 key_event(vs
, down
, sym
);
1376 do_key_event(vs
, down
, keycode
, sym
);
1379 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1380 int x_position
, int y_position
,
1383 if (x_position
> ds_get_width(vs
->ds
))
1384 x_position
= ds_get_width(vs
->ds
);
1385 if (y_position
> ds_get_height(vs
->ds
))
1386 y_position
= ds_get_height(vs
->ds
);
1387 if (x_position
+ w
>= ds_get_width(vs
->ds
))
1388 w
= ds_get_width(vs
->ds
) - x_position
;
1389 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1390 h
= ds_get_height(vs
->ds
) - y_position
;
1393 vs
->need_update
= 1;
1395 char *old_row
= vs
->old_data
+ y_position
* ds_get_linesize(vs
->ds
);
1397 for (i
= 0; i
< h
; i
++) {
1398 vnc_set_bits(vs
->dirty_row
[y_position
+ i
],
1399 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1400 memset(old_row
, 42, ds_get_width(vs
->ds
) * ds_get_bytes_per_pixel(vs
->ds
));
1401 old_row
+= ds_get_linesize(vs
->ds
);
1406 static void send_ext_key_event_ack(VncState
*vs
)
1408 vnc_write_u8(vs
, 0);
1409 vnc_write_u8(vs
, 0);
1410 vnc_write_u16(vs
, 1);
1411 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1412 VNC_ENCODING_EXT_KEY_EVENT
);
1416 static void send_ext_audio_ack(VncState
*vs
)
1418 vnc_write_u8(vs
, 0);
1419 vnc_write_u8(vs
, 0);
1420 vnc_write_u16(vs
, 1);
1421 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1422 VNC_ENCODING_AUDIO
);
1426 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1429 unsigned int enc
= 0;
1433 vs
->vnc_encoding
= 0;
1434 vs
->tight_compression
= 9;
1435 vs
->tight_quality
= 9;
1438 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1441 case VNC_ENCODING_RAW
:
1442 vs
->vnc_encoding
= enc
;
1444 case VNC_ENCODING_COPYRECT
:
1445 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1447 case VNC_ENCODING_HEXTILE
:
1448 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1449 vs
->vnc_encoding
= enc
;
1451 case VNC_ENCODING_ZLIB
:
1452 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1453 vs
->vnc_encoding
= enc
;
1455 case VNC_ENCODING_DESKTOPRESIZE
:
1456 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1458 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1459 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1461 case VNC_ENCODING_EXT_KEY_EVENT
:
1462 send_ext_key_event_ack(vs
);
1464 case VNC_ENCODING_AUDIO
:
1465 send_ext_audio_ack(vs
);
1467 case VNC_ENCODING_WMVi
:
1468 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1470 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1471 vs
->tight_compression
= (enc
& 0x0F);
1473 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1474 vs
->tight_quality
= (enc
& 0x0F);
1477 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1482 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1485 static void set_pixel_conversion(VncState
*vs
)
1487 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1488 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1489 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1490 vs
->write_pixels
= vnc_write_pixels_copy
;
1491 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1493 vs
->send_hextile_tile
= send_hextile_tile_8
;
1496 vs
->send_hextile_tile
= send_hextile_tile_16
;
1499 vs
->send_hextile_tile
= send_hextile_tile_32
;
1503 vs
->write_pixels
= vnc_write_pixels_generic
;
1504 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1506 vs
->send_hextile_tile
= send_hextile_tile_generic_8
;
1509 vs
->send_hextile_tile
= send_hextile_tile_generic_16
;
1512 vs
->send_hextile_tile
= send_hextile_tile_generic_32
;
1518 static void set_pixel_format(VncState
*vs
,
1519 int bits_per_pixel
, int depth
,
1520 int big_endian_flag
, int true_color_flag
,
1521 int red_max
, int green_max
, int blue_max
,
1522 int red_shift
, int green_shift
, int blue_shift
)
1524 if (!true_color_flag
) {
1525 vnc_client_error(vs
);
1529 vs
->clientds
= vs
->serverds
;
1530 vs
->clientds
.pf
.rmax
= red_max
;
1531 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1532 vs
->clientds
.pf
.rshift
= red_shift
;
1533 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1534 vs
->clientds
.pf
.gmax
= green_max
;
1535 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1536 vs
->clientds
.pf
.gshift
= green_shift
;
1537 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1538 vs
->clientds
.pf
.bmax
= blue_max
;
1539 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1540 vs
->clientds
.pf
.bshift
= blue_shift
;
1541 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1542 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1543 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1544 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1545 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1547 set_pixel_conversion(vs
);
1549 vga_hw_invalidate();
1553 static void pixel_format_message (VncState
*vs
) {
1554 char pad
[3] = { 0, 0, 0 };
1556 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1557 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1559 #ifdef WORDS_BIGENDIAN
1560 vnc_write_u8(vs
, 1); /* big-endian-flag */
1562 vnc_write_u8(vs
, 0); /* big-endian-flag */
1564 vnc_write_u8(vs
, 1); /* true-color-flag */
1565 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1566 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1567 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1568 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1569 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1570 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1571 if (vs
->ds
->surface
->pf
.bits_per_pixel
== 32)
1572 vs
->send_hextile_tile
= send_hextile_tile_32
;
1573 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 16)
1574 vs
->send_hextile_tile
= send_hextile_tile_16
;
1575 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 8)
1576 vs
->send_hextile_tile
= send_hextile_tile_8
;
1577 vs
->clientds
= *(vs
->ds
->surface
);
1578 vs
->clientds
.flags
|= ~QEMU_ALLOCATED_FLAG
;
1579 vs
->write_pixels
= vnc_write_pixels_copy
;
1581 vnc_write(vs
, pad
, 3); /* padding */
1584 static void vnc_dpy_setdata(DisplayState
*ds
)
1586 /* We don't have to do anything */
1589 static void vnc_colordepth(VncState
*vs
)
1591 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1592 /* Sending a WMVi message to notify the client*/
1593 vnc_write_u8(vs
, 0); /* msg id */
1594 vnc_write_u8(vs
, 0);
1595 vnc_write_u16(vs
, 1); /* number of rects */
1596 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1597 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1598 pixel_format_message(vs
);
1601 set_pixel_conversion(vs
);
1605 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1615 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1616 read_u8(data
, 6), read_u8(data
, 7),
1617 read_u16(data
, 8), read_u16(data
, 10),
1618 read_u16(data
, 12), read_u8(data
, 14),
1619 read_u8(data
, 15), read_u8(data
, 16));
1626 limit
= read_u16(data
, 2);
1628 return 4 + (limit
* 4);
1630 limit
= read_u16(data
, 2);
1632 for (i
= 0; i
< limit
; i
++) {
1633 int32_t val
= read_s32(data
, 4 + (i
* 4));
1634 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1637 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1643 framebuffer_update_request(vs
,
1644 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1645 read_u16(data
, 6), read_u16(data
, 8));
1651 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1657 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1664 uint32_t dlen
= read_u32(data
, 4);
1669 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1675 switch (read_u8(data
, 1)) {
1680 ext_key_event(vs
, read_u16(data
, 2),
1681 read_u32(data
, 4), read_u32(data
, 8));
1687 switch (read_u16 (data
, 2)) {
1697 switch (read_u8(data
, 4)) {
1698 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1699 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1700 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1701 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1702 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1703 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1705 printf("Invalid audio format %d\n", read_u8(data
, 4));
1706 vnc_client_error(vs
);
1709 vs
->as
.nchannels
= read_u8(data
, 5);
1710 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1711 printf("Invalid audio channel coount %d\n",
1713 vnc_client_error(vs
);
1716 vs
->as
.freq
= read_u32(data
, 6);
1719 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1720 vnc_client_error(vs
);
1726 printf("Msg: %d\n", read_u16(data
, 0));
1727 vnc_client_error(vs
);
1732 printf("Msg: %d\n", data
[0]);
1733 vnc_client_error(vs
);
1737 vnc_read_when(vs
, protocol_client_msg
, 1);
1741 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1746 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
1747 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
1749 pixel_format_message(vs
);
1752 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1754 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1756 vnc_write_u32(vs
, size
);
1757 vnc_write(vs
, buf
, size
);
1760 vnc_read_when(vs
, protocol_client_msg
, 1);
1765 void start_client_init(VncState
*vs
)
1767 vnc_read_when(vs
, protocol_client_init
, 1);
1770 static void make_challenge(VncState
*vs
)
1774 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1776 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1777 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1780 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1782 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1784 unsigned char key
[8];
1786 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
1787 VNC_DEBUG("No password configured on server");
1788 vnc_write_u32(vs
, 1); /* Reject auth */
1789 if (vs
->minor
>= 8) {
1790 static const char err
[] = "Authentication failed";
1791 vnc_write_u32(vs
, sizeof(err
));
1792 vnc_write(vs
, err
, sizeof(err
));
1795 vnc_client_error(vs
);
1799 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
1801 /* Calculate the expected challenge response */
1802 pwlen
= strlen(vs
->vd
->password
);
1803 for (i
=0; i
<sizeof(key
); i
++)
1804 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
1806 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
1807 des(response
+j
, response
+j
);
1809 /* Compare expected vs actual challenge response */
1810 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
1811 VNC_DEBUG("Client challenge reponse did not match\n");
1812 vnc_write_u32(vs
, 1); /* Reject auth */
1813 if (vs
->minor
>= 8) {
1814 static const char err
[] = "Authentication failed";
1815 vnc_write_u32(vs
, sizeof(err
));
1816 vnc_write(vs
, err
, sizeof(err
));
1819 vnc_client_error(vs
);
1821 VNC_DEBUG("Accepting VNC challenge response\n");
1822 vnc_write_u32(vs
, 0); /* Accept auth */
1825 start_client_init(vs
);
1830 void start_auth_vnc(VncState
*vs
)
1833 /* Send client a 'random' challenge */
1834 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
1837 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
1841 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1843 /* We only advertise 1 auth scheme at a time, so client
1844 * must pick the one we sent. Verify this */
1845 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
1846 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
1847 vnc_write_u32(vs
, 1);
1848 if (vs
->minor
>= 8) {
1849 static const char err
[] = "Authentication failed";
1850 vnc_write_u32(vs
, sizeof(err
));
1851 vnc_write(vs
, err
, sizeof(err
));
1853 vnc_client_error(vs
);
1854 } else { /* Accept requested auth */
1855 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
1856 switch (vs
->vd
->auth
) {
1858 VNC_DEBUG("Accept auth none\n");
1859 if (vs
->minor
>= 8) {
1860 vnc_write_u32(vs
, 0); /* Accept auth completion */
1863 start_client_init(vs
);
1867 VNC_DEBUG("Start VNC auth\n");
1871 #ifdef CONFIG_VNC_TLS
1872 case VNC_AUTH_VENCRYPT
:
1873 VNC_DEBUG("Accept VeNCrypt auth\n");;
1874 start_auth_vencrypt(vs
);
1876 #endif /* CONFIG_VNC_TLS */
1878 #ifdef CONFIG_VNC_SASL
1880 VNC_DEBUG("Accept SASL auth\n");
1881 start_auth_sasl(vs
);
1883 #endif /* CONFIG_VNC_SASL */
1885 default: /* Should not be possible, but just in case */
1886 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
1887 vnc_write_u8(vs
, 1);
1888 if (vs
->minor
>= 8) {
1889 static const char err
[] = "Authentication failed";
1890 vnc_write_u32(vs
, sizeof(err
));
1891 vnc_write(vs
, err
, sizeof(err
));
1893 vnc_client_error(vs
);
1899 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
1903 memcpy(local
, version
, 12);
1906 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
1907 VNC_DEBUG("Malformed protocol version %s\n", local
);
1908 vnc_client_error(vs
);
1911 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
1912 if (vs
->major
!= 3 ||
1918 VNC_DEBUG("Unsupported client version\n");
1919 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1921 vnc_client_error(vs
);
1924 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1925 * as equivalent to v3.3 by servers
1927 if (vs
->minor
== 4 || vs
->minor
== 5)
1930 if (vs
->minor
== 3) {
1931 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
1932 VNC_DEBUG("Tell client auth none\n");
1933 vnc_write_u32(vs
, vs
->vd
->auth
);
1935 start_client_init(vs
);
1936 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
1937 VNC_DEBUG("Tell client VNC auth\n");
1938 vnc_write_u32(vs
, vs
->vd
->auth
);
1942 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
1943 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1945 vnc_client_error(vs
);
1948 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
1949 vnc_write_u8(vs
, 1); /* num auth */
1950 vnc_write_u8(vs
, vs
->vd
->auth
);
1951 vnc_read_when(vs
, protocol_client_auth
, 1);
1958 static void vnc_connect(VncDisplay
*vd
, int csock
)
1960 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
1963 VNC_DEBUG("New client on socket %d\n", csock
);
1965 socket_set_nonblock(vs
->csock
);
1966 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1970 vs
->timer
= qemu_new_timer(rt_clock
, vnc_update_client
, vs
);
1974 vs
->as
.freq
= 44100;
1975 vs
->as
.nchannels
= 2;
1976 vs
->as
.fmt
= AUD_FMT_S16
;
1977 vs
->as
.endianness
= 0;
1980 vnc_write(vs
, "RFB 003.008\n", 12);
1982 vnc_read_when(vs
, protocol_version
, 12);
1983 memset(vs
->old_data
, 0, ds_get_linesize(vs
->ds
) * ds_get_height(vs
->ds
));
1984 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
1985 vnc_update_client(vs
);
1988 vs
->next
= vd
->clients
;
1992 static void vnc_listen_read(void *opaque
)
1994 VncDisplay
*vs
= opaque
;
1995 struct sockaddr_in addr
;
1996 socklen_t addrlen
= sizeof(addr
);
2001 int csock
= accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2003 vnc_connect(vs
, csock
);
2007 void vnc_display_init(DisplayState
*ds
)
2011 vs
= qemu_mallocz(sizeof(VncState
));
2012 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2022 if (keyboard_layout
)
2023 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2025 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2027 if (!vs
->kbd_layout
)
2030 dcl
->dpy_copy
= vnc_dpy_copy
;
2031 dcl
->dpy_update
= vnc_dpy_update
;
2032 dcl
->dpy_resize
= vnc_dpy_resize
;
2033 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2034 register_displaychangelistener(ds
, dcl
);
2038 void vnc_display_close(DisplayState
*ds
)
2040 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2045 qemu_free(vs
->display
);
2048 if (vs
->lsock
!= -1) {
2049 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2053 vs
->auth
= VNC_AUTH_INVALID
;
2054 #ifdef CONFIG_VNC_TLS
2055 vs
->subauth
= VNC_AUTH_INVALID
;
2056 vs
->tls
.x509verify
= 0;
2060 int vnc_display_password(DisplayState
*ds
, const char *password
)
2062 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2065 qemu_free(vs
->password
);
2066 vs
->password
= NULL
;
2068 if (password
&& password
[0]) {
2069 if (!(vs
->password
= qemu_strdup(password
)))
2076 int vnc_display_open(DisplayState
*ds
, const char *display
)
2078 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2079 const char *options
;
2083 #ifdef CONFIG_VNC_TLS
2084 int tls
= 0, x509
= 0;
2086 #ifdef CONFIG_VNC_SASL
2094 vnc_display_close(ds
);
2095 if (strcmp(display
, "none") == 0)
2098 if (!(vs
->display
= strdup(display
)))
2102 while ((options
= strchr(options
, ','))) {
2104 if (strncmp(options
, "password", 8) == 0) {
2105 password
= 1; /* Require password auth */
2106 } else if (strncmp(options
, "reverse", 7) == 0) {
2108 } else if (strncmp(options
, "to=", 3) == 0) {
2109 to_port
= atoi(options
+3) + 5900;
2110 #ifdef CONFIG_VNC_SASL
2111 } else if (strncmp(options
, "sasl", 4) == 0) {
2112 sasl
= 1; /* Require SASL auth */
2114 #ifdef CONFIG_VNC_TLS
2115 } else if (strncmp(options
, "tls", 3) == 0) {
2116 tls
= 1; /* Require TLS */
2117 } else if (strncmp(options
, "x509", 4) == 0) {
2119 x509
= 1; /* Require x509 certificates */
2120 if (strncmp(options
, "x509verify", 10) == 0)
2121 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2123 /* Now check for 'x509=/some/path' postfix
2124 * and use that to setup x509 certificate/key paths */
2125 start
= strchr(options
, '=');
2126 end
= strchr(options
, ',');
2127 if (start
&& (!end
|| (start
< end
))) {
2128 int len
= end
? end
-(start
+1) : strlen(start
+1);
2129 char *path
= qemu_strndup(start
+ 1, len
);
2131 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2132 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2133 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2135 qemu_free(vs
->display
);
2141 fprintf(stderr
, "No certificate path provided\n");
2142 qemu_free(vs
->display
);
2147 } else if (strncmp(options
, "acl", 3) == 0) {
2152 #ifdef CONFIG_VNC_TLS
2153 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2154 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2155 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2160 #ifdef CONFIG_VNC_SASL
2162 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2163 fprintf(stderr
, "Failed to create username ACL\n");
2170 * Combinations we support here:
2172 * - no-auth (clear text, no auth)
2173 * - password (clear text, weak auth)
2174 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2175 * - tls (encrypt, weak anonymous creds, no auth)
2176 * - tls + password (encrypt, weak anonymous creds, weak auth)
2177 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2178 * - tls + x509 (encrypt, good x509 creds, no auth)
2179 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2180 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2182 * NB1. TLS is a stackable auth scheme.
2183 * NB2. the x509 schemes have option to validate a client cert dname
2186 #ifdef CONFIG_VNC_TLS
2188 vs
->auth
= VNC_AUTH_VENCRYPT
;
2190 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2191 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2193 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2194 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2197 #endif /* CONFIG_VNC_TLS */
2198 VNC_DEBUG("Initializing VNC server with password auth\n");
2199 vs
->auth
= VNC_AUTH_VNC
;
2200 #ifdef CONFIG_VNC_TLS
2201 vs
->subauth
= VNC_AUTH_INVALID
;
2203 #endif /* CONFIG_VNC_TLS */
2204 #ifdef CONFIG_VNC_SASL
2206 #ifdef CONFIG_VNC_TLS
2208 vs
->auth
= VNC_AUTH_VENCRYPT
;
2210 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2211 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2213 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2214 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2217 #endif /* CONFIG_VNC_TLS */
2218 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2219 vs
->auth
= VNC_AUTH_SASL
;
2220 #ifdef CONFIG_VNC_TLS
2221 vs
->subauth
= VNC_AUTH_INVALID
;
2223 #endif /* CONFIG_VNC_TLS */
2224 #endif /* CONFIG_VNC_SASL */
2226 #ifdef CONFIG_VNC_TLS
2228 vs
->auth
= VNC_AUTH_VENCRYPT
;
2230 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2231 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2233 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2234 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2238 VNC_DEBUG("Initializing VNC server with no auth\n");
2239 vs
->auth
= VNC_AUTH_NONE
;
2240 #ifdef CONFIG_VNC_TLS
2241 vs
->subauth
= VNC_AUTH_INVALID
;
2246 #ifdef CONFIG_VNC_SASL
2247 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2248 fprintf(stderr
, "Failed to initialize SASL auth %s",
2249 sasl_errstring(saslErr
, NULL
, NULL
));
2257 /* connect to viewer */
2258 if (strncmp(display
, "unix:", 5) == 0)
2259 vs
->lsock
= unix_connect(display
+5);
2261 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2262 if (-1 == vs
->lsock
) {
2267 int csock
= vs
->lsock
;
2269 vnc_connect(vs
, csock
);
2274 /* listen for connects */
2276 dpy
= qemu_malloc(256);
2277 if (strncmp(display
, "unix:", 5) == 0) {
2278 pstrcpy(dpy
, 256, "unix:");
2279 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2281 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2283 if (-1 == vs
->lsock
) {
2291 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);