2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
37 #define count_bits(c, v) { \
38 for (c = 0; v; v >>= 1) \
45 static VncDisplay
*vnc_display
; /* needed for info vnc */
46 static DisplayChangeListener
*dcl
;
48 static char *addr_to_string(const char *format
,
49 struct sockaddr_storage
*sa
,
52 char host
[NI_MAXHOST
];
53 char serv
[NI_MAXSERV
];
56 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
59 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
60 VNC_DEBUG("Cannot resolve address %d: %s\n",
61 err
, gai_strerror(err
));
65 if (asprintf(&addr
, format
, host
, serv
) < 0)
72 char *vnc_socket_local_addr(const char *format
, int fd
) {
73 struct sockaddr_storage sa
;
77 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
80 return addr_to_string(format
, &sa
, salen
);
84 char *vnc_socket_remote_addr(const char *format
, int fd
) {
85 struct sockaddr_storage sa
;
89 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
92 return addr_to_string(format
, &sa
, salen
);
95 static const char *vnc_auth_name(VncDisplay
*vd
) {
97 case VNC_AUTH_INVALID
:
113 case VNC_AUTH_VENCRYPT
:
114 #ifdef CONFIG_VNC_TLS
115 switch (vd
->subauth
) {
116 case VNC_AUTH_VENCRYPT_PLAIN
:
117 return "vencrypt+plain";
118 case VNC_AUTH_VENCRYPT_TLSNONE
:
119 return "vencrypt+tls+none";
120 case VNC_AUTH_VENCRYPT_TLSVNC
:
121 return "vencrypt+tls+vnc";
122 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
123 return "vencrypt+tls+plain";
124 case VNC_AUTH_VENCRYPT_X509NONE
:
125 return "vencrypt+x509+none";
126 case VNC_AUTH_VENCRYPT_X509VNC
:
127 return "vencrypt+x509+vnc";
128 case VNC_AUTH_VENCRYPT_X509PLAIN
:
129 return "vencrypt+x509+plain";
130 case VNC_AUTH_VENCRYPT_TLSSASL
:
131 return "vencrypt+tls+sasl";
132 case VNC_AUTH_VENCRYPT_X509SASL
:
133 return "vencrypt+x509+sasl";
146 #define VNC_SOCKET_FORMAT_PRETTY "local %s:%s"
148 static void do_info_vnc_client(VncState
*client
)
151 vnc_socket_remote_addr(" address: %s:%s\n",
156 term_puts("Client:\n");
157 term_puts(clientAddr
);
160 #ifdef CONFIG_VNC_TLS
161 if (client
->tls
.session
&&
163 term_printf(" x509 dname: %s\n", client
->tls
.dname
);
165 term_puts(" x509 dname: none\n");
167 #ifdef CONFIG_VNC_SASL
168 if (client
->sasl
.conn
&&
169 client
->sasl
.username
)
170 term_printf(" username: %s\n", client
->sasl
.username
);
172 term_puts(" username: none\n");
176 void do_info_vnc(void)
178 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
179 term_printf("Server: disabled\n");
181 char *serverAddr
= vnc_socket_local_addr(" address: %s:%s\n",
187 term_puts("Server:\n");
188 term_puts(serverAddr
);
190 term_printf(" auth: %s\n", vnc_auth_name(vnc_display
));
192 if (vnc_display
->clients
) {
193 VncState
*client
= vnc_display
->clients
;
195 do_info_vnc_client(client
);
196 client
= client
->next
;
199 term_printf("Client: none\n");
204 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
205 return (vs
->features
& (1 << feature
));
209 1) Get the queue working for IO.
210 2) there is some weirdness when using the -S option (the screen is grey
211 and not totally invalidated
212 3) resolutions > 1024
215 static void vnc_update_client(void *opaque
);
217 static void vnc_colordepth(VncState
*vs
);
219 static inline void vnc_set_bit(uint32_t *d
, int k
)
221 d
[k
>> 5] |= 1 << (k
& 0x1f);
224 static inline void vnc_clear_bit(uint32_t *d
, int k
)
226 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
229 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
239 d
[j
++] = (1 << n
) - 1;
244 static inline int vnc_get_bit(const uint32_t *d
, int k
)
246 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
249 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
253 for(i
= 0; i
< nb_words
; i
++) {
254 if ((d1
[i
] & d2
[i
]) != 0)
260 static void vnc_update(VncState
*vs
, int x
, int y
, int w
, int h
)
266 /* round x down to ensure the loop only spans one 16-pixel block per,
267 iteration. otherwise, if (x % 16) != 0, the last iteration may span
268 two 16-pixel blocks but we only mark the first as dirty
273 x
= MIN(x
, vs
->serverds
.width
);
274 y
= MIN(y
, vs
->serverds
.height
);
275 w
= MIN(x
+ w
, vs
->serverds
.width
) - x
;
276 h
= MIN(h
, vs
->serverds
.height
);
279 for (i
= 0; i
< w
; i
+= 16)
280 vnc_set_bit(vs
->dirty_row
[y
], (x
+ i
) / 16);
283 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
285 VncDisplay
*vd
= ds
->opaque
;
286 VncState
*vs
= vd
->clients
;
288 vnc_update(vs
, x
, y
, w
, h
);
293 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
296 vnc_write_u16(vs
, x
);
297 vnc_write_u16(vs
, y
);
298 vnc_write_u16(vs
, w
);
299 vnc_write_u16(vs
, h
);
301 vnc_write_s32(vs
, encoding
);
304 void buffer_reserve(Buffer
*buffer
, size_t len
)
306 if ((buffer
->capacity
- buffer
->offset
) < len
) {
307 buffer
->capacity
+= (len
+ 1024);
308 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
309 if (buffer
->buffer
== NULL
) {
310 fprintf(stderr
, "vnc: out of memory\n");
316 int buffer_empty(Buffer
*buffer
)
318 return buffer
->offset
== 0;
321 uint8_t *buffer_end(Buffer
*buffer
)
323 return buffer
->buffer
+ buffer
->offset
;
326 void buffer_reset(Buffer
*buffer
)
331 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
333 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
334 buffer
->offset
+= len
;
337 static void vnc_resize(VncState
*vs
)
339 DisplayState
*ds
= vs
->ds
;
343 vs
->old_data
= qemu_realloc(vs
->old_data
, ds_get_linesize(ds
) * ds_get_height(ds
));
345 if (vs
->old_data
== NULL
) {
346 fprintf(stderr
, "vnc: memory allocation failed\n");
350 if (ds_get_bytes_per_pixel(ds
) != vs
->serverds
.pf
.bytes_per_pixel
)
351 console_color_init(ds
);
353 size_changed
= ds_get_width(ds
) != vs
->serverds
.width
||
354 ds_get_height(ds
) != vs
->serverds
.height
;
355 vs
->serverds
= *(ds
->surface
);
357 if (vs
->csock
!= -1 && vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
358 vnc_write_u8(vs
, 0); /* msg id */
360 vnc_write_u16(vs
, 1); /* number of rects */
361 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
),
362 VNC_ENCODING_DESKTOPRESIZE
);
367 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
368 memset(vs
->old_data
, 42, ds_get_linesize(vs
->ds
) * ds_get_height(vs
->ds
));
371 static void vnc_dpy_resize(DisplayState
*ds
)
373 VncDisplay
*vd
= ds
->opaque
;
374 VncState
*vs
= vd
->clients
;
382 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
384 vnc_write(vs
, pixels
, size
);
387 /* slowest but generic code. */
388 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
392 r
= ((((v
& vs
->serverds
.pf
.rmask
) >> vs
->serverds
.pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
393 vs
->serverds
.pf
.rbits
);
394 g
= ((((v
& vs
->serverds
.pf
.gmask
) >> vs
->serverds
.pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
395 vs
->serverds
.pf
.gbits
);
396 b
= ((((v
& vs
->serverds
.pf
.bmask
) >> vs
->serverds
.pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
397 vs
->serverds
.pf
.bbits
);
398 v
= (r
<< vs
->clientds
.pf
.rshift
) |
399 (g
<< vs
->clientds
.pf
.gshift
) |
400 (b
<< vs
->clientds
.pf
.bshift
);
401 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
406 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
416 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
431 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
435 if (vs
->serverds
.pf
.bytes_per_pixel
== 4) {
436 uint32_t *pixels
= pixels1
;
439 for(i
= 0; i
< n
; i
++) {
440 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
441 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
443 } else if (vs
->serverds
.pf
.bytes_per_pixel
== 2) {
444 uint16_t *pixels
= pixels1
;
447 for(i
= 0; i
< n
; i
++) {
448 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
449 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
451 } else if (vs
->serverds
.pf
.bytes_per_pixel
== 1) {
452 uint8_t *pixels
= pixels1
;
455 for(i
= 0; i
< n
; i
++) {
456 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
457 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
460 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
464 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
469 row
= ds_get_data(vs
->ds
) + y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
470 for (i
= 0; i
< h
; i
++) {
471 vs
->write_pixels(vs
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
472 row
+= ds_get_linesize(vs
->ds
);
476 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
478 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
479 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
483 #include "vnchextile.h"
487 #include "vnchextile.h"
491 #include "vnchextile.h"
496 #include "vnchextile.h"
502 #include "vnchextile.h"
508 #include "vnchextile.h"
512 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
516 uint8_t *last_fg
, *last_bg
;
518 last_fg
= (uint8_t *) qemu_malloc(vs
->serverds
.pf
.bytes_per_pixel
);
519 last_bg
= (uint8_t *) qemu_malloc(vs
->serverds
.pf
.bytes_per_pixel
);
521 for (j
= y
; j
< (y
+ h
); j
+= 16) {
522 for (i
= x
; i
< (x
+ w
); i
+= 16) {
523 vs
->send_hextile_tile(vs
, i
, j
,
524 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
525 last_bg
, last_fg
, &has_bg
, &has_fg
);
533 static void vnc_zlib_init(VncState
*vs
)
536 for (i
=0; i
<(sizeof(vs
->zlib_stream
) / sizeof(z_stream
)); i
++)
537 vs
->zlib_stream
[i
].opaque
= NULL
;
540 static void vnc_zlib_start(VncState
*vs
)
542 buffer_reset(&vs
->zlib
);
544 // make the output buffer be the zlib buffer, so we can compress it later
545 vs
->zlib_tmp
= vs
->output
;
546 vs
->output
= vs
->zlib
;
549 static int vnc_zlib_stop(VncState
*vs
, int stream_id
)
551 z_streamp zstream
= &vs
->zlib_stream
[stream_id
];
554 // switch back to normal output/zlib buffers
555 vs
->zlib
= vs
->output
;
556 vs
->output
= vs
->zlib_tmp
;
558 // compress the zlib buffer
560 // initialize the stream
561 // XXX need one stream per session
562 if (zstream
->opaque
!= vs
) {
565 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id
);
566 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream
->opaque
, vs
);
567 zstream
->zalloc
= Z_NULL
;
568 zstream
->zfree
= Z_NULL
;
570 err
= deflateInit2(zstream
, vs
->tight_compression
, Z_DEFLATED
, MAX_WBITS
,
571 MAX_MEM_LEVEL
, Z_DEFAULT_STRATEGY
);
574 fprintf(stderr
, "VNC: error initializing zlib\n");
578 zstream
->opaque
= vs
;
581 // XXX what to do if tight_compression changed in between?
583 // reserve memory in output buffer
584 buffer_reserve(&vs
->output
, vs
->zlib
.offset
+ 64);
587 zstream
->next_in
= vs
->zlib
.buffer
;
588 zstream
->avail_in
= vs
->zlib
.offset
;
589 zstream
->next_out
= vs
->output
.buffer
+ vs
->output
.offset
;
590 zstream
->avail_out
= vs
->output
.capacity
- vs
->output
.offset
;
591 zstream
->data_type
= Z_BINARY
;
592 previous_out
= zstream
->total_out
;
595 if (deflate(zstream
, Z_SYNC_FLUSH
) != Z_OK
) {
596 fprintf(stderr
, "VNC: error during zlib compression\n");
600 vs
->output
.offset
= vs
->output
.capacity
- zstream
->avail_out
;
601 return zstream
->total_out
- previous_out
;
604 static void send_framebuffer_update_zlib(VncState
*vs
, int x
, int y
, int w
, int h
)
606 int old_offset
, new_offset
, bytes_written
;
608 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_ZLIB
);
610 // remember where we put in the follow-up size
611 old_offset
= vs
->output
.offset
;
612 vnc_write_s32(vs
, 0);
614 // compress the stream
616 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
617 bytes_written
= vnc_zlib_stop(vs
, 0);
619 if (bytes_written
== -1)
623 new_offset
= vs
->output
.offset
;
624 vs
->output
.offset
= old_offset
;
625 vnc_write_u32(vs
, bytes_written
);
626 vs
->output
.offset
= new_offset
;
629 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
631 switch(vs
->vnc_encoding
) {
632 case VNC_ENCODING_ZLIB
:
633 send_framebuffer_update_zlib(vs
, x
, y
, w
, h
);
635 case VNC_ENCODING_HEXTILE
:
636 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
637 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
640 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
641 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
646 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
648 vnc_update_client(vs
);
650 vnc_write_u8(vs
, 0); /* msg id */
652 vnc_write_u16(vs
, 1); /* number of rects */
653 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
654 vnc_write_u16(vs
, src_x
);
655 vnc_write_u16(vs
, src_y
);
659 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
661 VncDisplay
*vd
= ds
->opaque
;
662 VncState
*vs
= vd
->clients
;
664 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
))
665 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
667 vnc_update(vs
, dst_x
, dst_y
, w
, h
);
672 static int find_dirty_height(VncState
*vs
, int y
, int last_x
, int x
)
676 for (h
= 1; h
< (vs
->serverds
.height
- y
); h
++) {
678 if (!vnc_get_bit(vs
->dirty_row
[y
+ h
], last_x
))
680 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
681 vnc_clear_bit(vs
->dirty_row
[y
+ h
], tmp_x
);
687 static void vnc_update_client(void *opaque
)
689 VncState
*vs
= opaque
;
690 if (vs
->need_update
&& vs
->csock
!= -1) {
694 uint32_t width_mask
[VNC_DIRTY_WORDS
];
701 vnc_set_bits(width_mask
, (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
703 /* Walk through the dirty map and eliminate tiles that
704 really aren't dirty */
705 row
= ds_get_data(vs
->ds
);
706 old_row
= vs
->old_data
;
708 for (y
= 0; y
< ds_get_height(vs
->ds
); y
++) {
709 if (vnc_and_bits(vs
->dirty_row
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
715 old_ptr
= (char*)old_row
;
717 for (x
= 0; x
< ds_get_width(vs
->ds
); x
+= 16) {
718 if (memcmp(old_ptr
, ptr
, 16 * ds_get_bytes_per_pixel(vs
->ds
)) == 0) {
719 vnc_clear_bit(vs
->dirty_row
[y
], (x
/ 16));
722 memcpy(old_ptr
, ptr
, 16 * ds_get_bytes_per_pixel(vs
->ds
));
725 ptr
+= 16 * ds_get_bytes_per_pixel(vs
->ds
);
726 old_ptr
+= 16 * ds_get_bytes_per_pixel(vs
->ds
);
730 row
+= ds_get_linesize(vs
->ds
);
731 old_row
+= ds_get_linesize(vs
->ds
);
734 if (!has_dirty
&& !vs
->audio_cap
) {
735 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
739 /* Count rectangles */
741 vnc_write_u8(vs
, 0); /* msg id */
743 saved_offset
= vs
->output
.offset
;
744 vnc_write_u16(vs
, 0);
746 for (y
= 0; y
< vs
->serverds
.height
; y
++) {
749 for (x
= 0; x
< vs
->serverds
.width
/ 16; x
++) {
750 if (vnc_get_bit(vs
->dirty_row
[y
], x
)) {
754 vnc_clear_bit(vs
->dirty_row
[y
], x
);
757 int h
= find_dirty_height(vs
, y
, last_x
, x
);
758 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
765 int h
= find_dirty_height(vs
, y
, last_x
, x
);
766 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
770 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
771 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
776 if (vs
->csock
!= -1) {
777 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
783 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
785 VncState
*vs
= opaque
;
788 case AUD_CNOTIFY_DISABLE
:
789 vnc_write_u8(vs
, 255);
791 vnc_write_u16(vs
, 0);
795 case AUD_CNOTIFY_ENABLE
:
796 vnc_write_u8(vs
, 255);
798 vnc_write_u16(vs
, 1);
804 static void audio_capture_destroy(void *opaque
)
808 static void audio_capture(void *opaque
, void *buf
, int size
)
810 VncState
*vs
= opaque
;
812 vnc_write_u8(vs
, 255);
814 vnc_write_u16(vs
, 2);
815 vnc_write_u32(vs
, size
);
816 vnc_write(vs
, buf
, size
);
820 static void audio_add(VncState
*vs
)
822 struct audio_capture_ops ops
;
825 term_printf ("audio already running\n");
829 ops
.notify
= audio_capture_notify
;
830 ops
.destroy
= audio_capture_destroy
;
831 ops
.capture
= audio_capture
;
833 vs
->audio_cap
= AUD_add_capture(NULL
, &vs
->as
, &ops
, vs
);
834 if (!vs
->audio_cap
) {
835 term_printf ("Failed to add audio capture\n");
839 static void audio_del(VncState
*vs
)
842 AUD_del_capture(vs
->audio_cap
, vs
);
843 vs
->audio_cap
= NULL
;
848 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
850 if (ret
== 0 || ret
== -1) {
852 switch (last_errno
) {
864 VNC_DEBUG("Closing down client sock %d %d\n", ret
, ret
< 0 ? last_errno
: 0);
865 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
866 closesocket(vs
->csock
);
867 qemu_del_timer(vs
->timer
);
868 qemu_free_timer(vs
->timer
);
869 if (vs
->input
.buffer
) qemu_free(vs
->input
.buffer
);
870 if (vs
->output
.buffer
) qemu_free(vs
->output
.buffer
);
871 #ifdef CONFIG_VNC_TLS
872 vnc_tls_client_cleanup(vs
);
873 #endif /* CONFIG_VNC_TLS */
874 #ifdef CONFIG_VNC_SASL
875 vnc_sasl_client_cleanup(vs
);
876 #endif /* CONFIG_VNC_SASL */
879 VncState
*p
, *parent
= NULL
;
880 for (p
= vs
->vd
->clients
; p
!= NULL
; p
= p
->next
) {
883 parent
->next
= p
->next
;
885 vs
->vd
->clients
= p
->next
;
890 if (!vs
->vd
->clients
)
893 qemu_free(vs
->old_data
);
902 void vnc_client_error(VncState
*vs
)
904 vnc_client_io_error(vs
, -1, EINVAL
);
909 * Called to write a chunk of data to the client socket. The data may
910 * be the raw data, or may have already been encoded by SASL.
911 * The data will be written either straight onto the socket, or
912 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
914 * NB, it is theoretically possible to have 2 layers of encryption,
915 * both SASL, and this TLS layer. It is highly unlikely in practice
916 * though, since SASL encryption will typically be a no-op if TLS
919 * Returns the number of bytes written, which may be less than
920 * the requested 'datalen' if the socket would block. Returns
921 * -1 on error, and disconnects the client socket.
923 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
926 #ifdef CONFIG_VNC_TLS
927 if (vs
->tls
.session
) {
928 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
930 if (ret
== GNUTLS_E_AGAIN
)
937 #endif /* CONFIG_VNC_TLS */
938 ret
= send(vs
->csock
, data
, datalen
, 0);
939 VNC_DEBUG("Wrote wire %p %d -> %ld\n", data
, datalen
, ret
);
940 return vnc_client_io_error(vs
, ret
, socket_error());
945 * Called to write buffered data to the client socket, when not
946 * using any SASL SSF encryption layers. Will write as much data
947 * as possible without blocking. If all buffered data is written,
948 * will switch the FD poll() handler back to read monitoring.
950 * Returns the number of bytes written, which may be less than
951 * the buffered output data if the socket would block. Returns
952 * -1 on error, and disconnects the client socket.
954 static long vnc_client_write_plain(VncState
*vs
)
958 #ifdef CONFIG_VNC_SASL
959 VNC_DEBUG("Write Plain: Pending output %p size %d offset %d. Wait SSF %d\n",
960 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
961 vs
->sasl
.waitWriteSSF
);
965 vs
->sasl
.waitWriteSSF
) {
966 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
968 vs
->sasl
.waitWriteSSF
-= ret
;
970 #endif /* CONFIG_VNC_SASL */
971 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
975 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
976 vs
->output
.offset
-= ret
;
978 if (vs
->output
.offset
== 0) {
979 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
987 * First function called whenever there is data to be written to
988 * the client socket. Will delegate actual work according to whether
989 * SASL SSF layers are enabled (thus requiring encryption calls)
991 void vnc_client_write(void *opaque
)
994 VncState
*vs
= opaque
;
996 #ifdef CONFIG_VNC_SASL
999 !vs
->sasl
.waitWriteSSF
)
1000 ret
= vnc_client_write_sasl(vs
);
1002 #endif /* CONFIG_VNC_SASL */
1003 ret
= vnc_client_write_plain(vs
);
1006 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1008 vs
->read_handler
= func
;
1009 vs
->read_handler_expect
= expecting
;
1014 * Called to read a chunk of data from the client socket. The data may
1015 * be the raw data, or may need to be further decoded by SASL.
1016 * The data will be read either straight from to the socket, or
1017 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1019 * NB, it is theoretically possible to have 2 layers of encryption,
1020 * both SASL, and this TLS layer. It is highly unlikely in practice
1021 * though, since SASL encryption will typically be a no-op if TLS
1024 * Returns the number of bytes read, which may be less than
1025 * the requested 'datalen' if the socket would block. Returns
1026 * -1 on error, and disconnects the client socket.
1028 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1031 #ifdef CONFIG_VNC_TLS
1032 if (vs
->tls
.session
) {
1033 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1035 if (ret
== GNUTLS_E_AGAIN
)
1042 #endif /* CONFIG_VNC_TLS */
1043 ret
= recv(vs
->csock
, data
, datalen
, 0);
1044 VNC_DEBUG("Read wire %p %d -> %ld\n", data
, datalen
, ret
);
1045 return vnc_client_io_error(vs
, ret
, socket_error());
1050 * Called to read data from the client socket to the input buffer,
1051 * when not using any SASL SSF encryption layers. Will read as much
1052 * data as possible without blocking.
1054 * Returns the number of bytes read. Returns -1 on error, and
1055 * disconnects the client socket.
1057 static long vnc_client_read_plain(VncState
*vs
)
1060 VNC_DEBUG("Read plain %p size %d offset %d\n",
1061 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1062 buffer_reserve(&vs
->input
, 4096);
1063 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1066 vs
->input
.offset
+= ret
;
1072 * First function called whenever there is more data to be read from
1073 * the client socket. Will delegate actual work according to whether
1074 * SASL SSF layers are enabled (thus requiring decryption calls)
1076 void vnc_client_read(void *opaque
)
1078 VncState
*vs
= opaque
;
1081 #ifdef CONFIG_VNC_SASL
1082 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1083 ret
= vnc_client_read_sasl(vs
);
1085 #endif /* CONFIG_VNC_SASL */
1086 ret
= vnc_client_read_plain(vs
);
1090 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1091 size_t len
= vs
->read_handler_expect
;
1094 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1095 if (vs
->csock
== -1)
1099 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1100 vs
->input
.offset
-= len
;
1102 vs
->read_handler_expect
= ret
;
1107 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1109 buffer_reserve(&vs
->output
, len
);
1111 if (buffer_empty(&vs
->output
)) {
1112 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1115 buffer_append(&vs
->output
, data
, len
);
1118 void vnc_write_s32(VncState
*vs
, int32_t value
)
1120 vnc_write_u32(vs
, *(uint32_t *)&value
);
1123 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1127 buf
[0] = (value
>> 24) & 0xFF;
1128 buf
[1] = (value
>> 16) & 0xFF;
1129 buf
[2] = (value
>> 8) & 0xFF;
1130 buf
[3] = value
& 0xFF;
1132 vnc_write(vs
, buf
, 4);
1135 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1139 buf
[0] = (value
>> 8) & 0xFF;
1140 buf
[1] = value
& 0xFF;
1142 vnc_write(vs
, buf
, 2);
1145 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1147 vnc_write(vs
, (char *)&value
, 1);
1150 void vnc_flush(VncState
*vs
)
1152 if (vs
->output
.offset
)
1153 vnc_client_write(vs
);
1156 uint8_t read_u8(uint8_t *data
, size_t offset
)
1158 return data
[offset
];
1161 uint16_t read_u16(uint8_t *data
, size_t offset
)
1163 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1166 int32_t read_s32(uint8_t *data
, size_t offset
)
1168 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1169 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1172 uint32_t read_u32(uint8_t *data
, size_t offset
)
1174 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1175 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1178 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1182 static void check_pointer_type_change(VncState
*vs
, int absolute
)
1184 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1185 vnc_write_u8(vs
, 0);
1186 vnc_write_u8(vs
, 0);
1187 vnc_write_u16(vs
, 1);
1188 vnc_framebuffer_update(vs
, absolute
, 0,
1189 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1190 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1193 vs
->absolute
= absolute
;
1196 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1201 if (button_mask
& 0x01)
1202 buttons
|= MOUSE_EVENT_LBUTTON
;
1203 if (button_mask
& 0x02)
1204 buttons
|= MOUSE_EVENT_MBUTTON
;
1205 if (button_mask
& 0x04)
1206 buttons
|= MOUSE_EVENT_RBUTTON
;
1207 if (button_mask
& 0x08)
1209 if (button_mask
& 0x10)
1213 kbd_mouse_event(x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1),
1214 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1),
1216 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1220 kbd_mouse_event(x
, y
, dz
, buttons
);
1222 if (vs
->last_x
!= -1)
1223 kbd_mouse_event(x
- vs
->last_x
,
1230 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1233 static void reset_keys(VncState
*vs
)
1236 for(i
= 0; i
< 256; i
++) {
1237 if (vs
->modifiers_state
[i
]) {
1239 kbd_put_keycode(0xe0);
1240 kbd_put_keycode(i
| 0x80);
1241 vs
->modifiers_state
[i
] = 0;
1246 static void press_key(VncState
*vs
, int keysym
)
1248 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & 0x7f);
1249 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) | 0x80);
1252 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1254 /* QEMU console switch */
1256 case 0x2a: /* Left Shift */
1257 case 0x36: /* Right Shift */
1258 case 0x1d: /* Left CTRL */
1259 case 0x9d: /* Right CTRL */
1260 case 0x38: /* Left ALT */
1261 case 0xb8: /* Right ALT */
1263 vs
->modifiers_state
[keycode
] = 1;
1265 vs
->modifiers_state
[keycode
] = 0;
1267 case 0x02 ... 0x0a: /* '1' to '9' keys */
1268 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1269 /* Reset the modifiers sent to the current console */
1271 console_select(keycode
- 0x02);
1275 case 0x3a: /* CapsLock */
1276 case 0x45: /* NumLock */
1278 vs
->modifiers_state
[keycode
] ^= 1;
1282 if (keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1283 /* If the numlock state needs to change then simulate an additional
1284 keypress before sending this one. This will happen if the user
1285 toggles numlock away from the VNC window.
1287 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1288 if (!vs
->modifiers_state
[0x45]) {
1289 vs
->modifiers_state
[0x45] = 1;
1290 press_key(vs
, 0xff7f);
1293 if (vs
->modifiers_state
[0x45]) {
1294 vs
->modifiers_state
[0x45] = 0;
1295 press_key(vs
, 0xff7f);
1300 if (is_graphic_console()) {
1302 kbd_put_keycode(0xe0);
1304 kbd_put_keycode(keycode
& 0x7f);
1306 kbd_put_keycode(keycode
| 0x80);
1308 /* QEMU console emulation */
1311 case 0x2a: /* Left Shift */
1312 case 0x36: /* Right Shift */
1313 case 0x1d: /* Left CTRL */
1314 case 0x9d: /* Right CTRL */
1315 case 0x38: /* Left ALT */
1316 case 0xb8: /* Right ALT */
1320 kbd_put_keysym(QEMU_KEY_UP
);
1324 kbd_put_keysym(QEMU_KEY_DOWN
);
1328 kbd_put_keysym(QEMU_KEY_LEFT
);
1332 kbd_put_keysym(QEMU_KEY_RIGHT
);
1336 kbd_put_keysym(QEMU_KEY_DELETE
);
1340 kbd_put_keysym(QEMU_KEY_HOME
);
1344 kbd_put_keysym(QEMU_KEY_END
);
1348 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1352 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1355 kbd_put_keysym(sym
);
1362 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1366 if (sym
>= 'A' && sym
<= 'Z' && is_graphic_console())
1367 sym
= sym
- 'A' + 'a';
1369 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, sym
& 0xFFFF);
1370 do_key_event(vs
, down
, keycode
, sym
);
1373 static void ext_key_event(VncState
*vs
, int down
,
1374 uint32_t sym
, uint16_t keycode
)
1376 /* if the user specifies a keyboard layout, always use it */
1377 if (keyboard_layout
)
1378 key_event(vs
, down
, sym
);
1380 do_key_event(vs
, down
, keycode
, sym
);
1383 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1384 int x_position
, int y_position
,
1387 if (x_position
> ds_get_width(vs
->ds
))
1388 x_position
= ds_get_width(vs
->ds
);
1389 if (y_position
> ds_get_height(vs
->ds
))
1390 y_position
= ds_get_height(vs
->ds
);
1391 if (x_position
+ w
>= ds_get_width(vs
->ds
))
1392 w
= ds_get_width(vs
->ds
) - x_position
;
1393 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1394 h
= ds_get_height(vs
->ds
) - y_position
;
1397 vs
->need_update
= 1;
1399 char *old_row
= vs
->old_data
+ y_position
* ds_get_linesize(vs
->ds
);
1401 for (i
= 0; i
< h
; i
++) {
1402 vnc_set_bits(vs
->dirty_row
[y_position
+ i
],
1403 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1404 memset(old_row
, 42, ds_get_width(vs
->ds
) * ds_get_bytes_per_pixel(vs
->ds
));
1405 old_row
+= ds_get_linesize(vs
->ds
);
1410 static void send_ext_key_event_ack(VncState
*vs
)
1412 vnc_write_u8(vs
, 0);
1413 vnc_write_u8(vs
, 0);
1414 vnc_write_u16(vs
, 1);
1415 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1416 VNC_ENCODING_EXT_KEY_EVENT
);
1420 static void send_ext_audio_ack(VncState
*vs
)
1422 vnc_write_u8(vs
, 0);
1423 vnc_write_u8(vs
, 0);
1424 vnc_write_u16(vs
, 1);
1425 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1426 VNC_ENCODING_AUDIO
);
1430 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1433 unsigned int enc
= 0;
1437 vs
->vnc_encoding
= 0;
1438 vs
->tight_compression
= 9;
1439 vs
->tight_quality
= 9;
1442 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1445 case VNC_ENCODING_RAW
:
1446 vs
->vnc_encoding
= enc
;
1448 case VNC_ENCODING_COPYRECT
:
1449 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1451 case VNC_ENCODING_HEXTILE
:
1452 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1453 vs
->vnc_encoding
= enc
;
1455 case VNC_ENCODING_ZLIB
:
1456 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1457 vs
->vnc_encoding
= enc
;
1459 case VNC_ENCODING_DESKTOPRESIZE
:
1460 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1462 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1463 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1465 case VNC_ENCODING_EXT_KEY_EVENT
:
1466 send_ext_key_event_ack(vs
);
1468 case VNC_ENCODING_AUDIO
:
1469 send_ext_audio_ack(vs
);
1471 case VNC_ENCODING_WMVi
:
1472 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1474 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1475 vs
->tight_compression
= (enc
& 0x0F);
1477 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1478 vs
->tight_quality
= (enc
& 0x0F);
1481 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1486 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1489 static void set_pixel_conversion(VncState
*vs
)
1491 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1492 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1493 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1494 vs
->write_pixels
= vnc_write_pixels_copy
;
1495 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1497 vs
->send_hextile_tile
= send_hextile_tile_8
;
1500 vs
->send_hextile_tile
= send_hextile_tile_16
;
1503 vs
->send_hextile_tile
= send_hextile_tile_32
;
1507 vs
->write_pixels
= vnc_write_pixels_generic
;
1508 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1510 vs
->send_hextile_tile
= send_hextile_tile_generic_8
;
1513 vs
->send_hextile_tile
= send_hextile_tile_generic_16
;
1516 vs
->send_hextile_tile
= send_hextile_tile_generic_32
;
1522 static void set_pixel_format(VncState
*vs
,
1523 int bits_per_pixel
, int depth
,
1524 int big_endian_flag
, int true_color_flag
,
1525 int red_max
, int green_max
, int blue_max
,
1526 int red_shift
, int green_shift
, int blue_shift
)
1528 if (!true_color_flag
) {
1529 vnc_client_error(vs
);
1533 vs
->clientds
= vs
->serverds
;
1534 vs
->clientds
.pf
.rmax
= red_max
;
1535 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1536 vs
->clientds
.pf
.rshift
= red_shift
;
1537 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1538 vs
->clientds
.pf
.gmax
= green_max
;
1539 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1540 vs
->clientds
.pf
.gshift
= green_shift
;
1541 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1542 vs
->clientds
.pf
.bmax
= blue_max
;
1543 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1544 vs
->clientds
.pf
.bshift
= blue_shift
;
1545 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1546 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1547 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1548 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1549 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1551 set_pixel_conversion(vs
);
1553 vga_hw_invalidate();
1557 static void pixel_format_message (VncState
*vs
) {
1558 char pad
[3] = { 0, 0, 0 };
1560 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1561 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1563 #ifdef WORDS_BIGENDIAN
1564 vnc_write_u8(vs
, 1); /* big-endian-flag */
1566 vnc_write_u8(vs
, 0); /* big-endian-flag */
1568 vnc_write_u8(vs
, 1); /* true-color-flag */
1569 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1570 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1571 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1572 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1573 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1574 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1575 if (vs
->ds
->surface
->pf
.bits_per_pixel
== 32)
1576 vs
->send_hextile_tile
= send_hextile_tile_32
;
1577 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 16)
1578 vs
->send_hextile_tile
= send_hextile_tile_16
;
1579 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 8)
1580 vs
->send_hextile_tile
= send_hextile_tile_8
;
1581 vs
->clientds
= *(vs
->ds
->surface
);
1582 vs
->clientds
.flags
|= ~QEMU_ALLOCATED_FLAG
;
1583 vs
->write_pixels
= vnc_write_pixels_copy
;
1585 vnc_write(vs
, pad
, 3); /* padding */
1588 static void vnc_dpy_setdata(DisplayState
*ds
)
1590 /* We don't have to do anything */
1593 static void vnc_colordepth(VncState
*vs
)
1595 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1596 /* Sending a WMVi message to notify the client*/
1597 vnc_write_u8(vs
, 0); /* msg id */
1598 vnc_write_u8(vs
, 0);
1599 vnc_write_u16(vs
, 1); /* number of rects */
1600 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1601 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1602 pixel_format_message(vs
);
1605 set_pixel_conversion(vs
);
1609 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1619 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1620 read_u8(data
, 6), read_u8(data
, 7),
1621 read_u16(data
, 8), read_u16(data
, 10),
1622 read_u16(data
, 12), read_u8(data
, 14),
1623 read_u8(data
, 15), read_u8(data
, 16));
1630 limit
= read_u16(data
, 2);
1632 return 4 + (limit
* 4);
1634 limit
= read_u16(data
, 2);
1636 for (i
= 0; i
< limit
; i
++) {
1637 int32_t val
= read_s32(data
, 4 + (i
* 4));
1638 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1641 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1647 framebuffer_update_request(vs
,
1648 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1649 read_u16(data
, 6), read_u16(data
, 8));
1655 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1661 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1668 uint32_t dlen
= read_u32(data
, 4);
1673 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1679 switch (read_u8(data
, 1)) {
1684 ext_key_event(vs
, read_u16(data
, 2),
1685 read_u32(data
, 4), read_u32(data
, 8));
1691 switch (read_u16 (data
, 2)) {
1701 switch (read_u8(data
, 4)) {
1702 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1703 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1704 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1705 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1706 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1707 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1709 printf("Invalid audio format %d\n", read_u8(data
, 4));
1710 vnc_client_error(vs
);
1713 vs
->as
.nchannels
= read_u8(data
, 5);
1714 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1715 printf("Invalid audio channel coount %d\n",
1717 vnc_client_error(vs
);
1720 vs
->as
.freq
= read_u32(data
, 6);
1723 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1724 vnc_client_error(vs
);
1730 printf("Msg: %d\n", read_u16(data
, 0));
1731 vnc_client_error(vs
);
1736 printf("Msg: %d\n", data
[0]);
1737 vnc_client_error(vs
);
1741 vnc_read_when(vs
, protocol_client_msg
, 1);
1745 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1750 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
1751 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
1753 pixel_format_message(vs
);
1756 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1758 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1760 vnc_write_u32(vs
, size
);
1761 vnc_write(vs
, buf
, size
);
1764 vnc_read_when(vs
, protocol_client_msg
, 1);
1769 void start_client_init(VncState
*vs
)
1771 vnc_read_when(vs
, protocol_client_init
, 1);
1774 static void make_challenge(VncState
*vs
)
1778 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1780 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1781 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1784 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1786 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1788 unsigned char key
[8];
1790 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
1791 VNC_DEBUG("No password configured on server");
1792 vnc_write_u32(vs
, 1); /* Reject auth */
1793 if (vs
->minor
>= 8) {
1794 static const char err
[] = "Authentication failed";
1795 vnc_write_u32(vs
, sizeof(err
));
1796 vnc_write(vs
, err
, sizeof(err
));
1799 vnc_client_error(vs
);
1803 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
1805 /* Calculate the expected challenge response */
1806 pwlen
= strlen(vs
->vd
->password
);
1807 for (i
=0; i
<sizeof(key
); i
++)
1808 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
1810 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
1811 des(response
+j
, response
+j
);
1813 /* Compare expected vs actual challenge response */
1814 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
1815 VNC_DEBUG("Client challenge reponse did not match\n");
1816 vnc_write_u32(vs
, 1); /* Reject auth */
1817 if (vs
->minor
>= 8) {
1818 static const char err
[] = "Authentication failed";
1819 vnc_write_u32(vs
, sizeof(err
));
1820 vnc_write(vs
, err
, sizeof(err
));
1823 vnc_client_error(vs
);
1825 VNC_DEBUG("Accepting VNC challenge response\n");
1826 vnc_write_u32(vs
, 0); /* Accept auth */
1829 start_client_init(vs
);
1834 void start_auth_vnc(VncState
*vs
)
1837 /* Send client a 'random' challenge */
1838 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
1841 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
1845 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1847 /* We only advertise 1 auth scheme at a time, so client
1848 * must pick the one we sent. Verify this */
1849 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
1850 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
1851 vnc_write_u32(vs
, 1);
1852 if (vs
->minor
>= 8) {
1853 static const char err
[] = "Authentication failed";
1854 vnc_write_u32(vs
, sizeof(err
));
1855 vnc_write(vs
, err
, sizeof(err
));
1857 vnc_client_error(vs
);
1858 } else { /* Accept requested auth */
1859 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
1860 switch (vs
->vd
->auth
) {
1862 VNC_DEBUG("Accept auth none\n");
1863 if (vs
->minor
>= 8) {
1864 vnc_write_u32(vs
, 0); /* Accept auth completion */
1867 start_client_init(vs
);
1871 VNC_DEBUG("Start VNC auth\n");
1875 #ifdef CONFIG_VNC_TLS
1876 case VNC_AUTH_VENCRYPT
:
1877 VNC_DEBUG("Accept VeNCrypt auth\n");;
1878 start_auth_vencrypt(vs
);
1880 #endif /* CONFIG_VNC_TLS */
1882 #ifdef CONFIG_VNC_SASL
1884 VNC_DEBUG("Accept SASL auth\n");
1885 start_auth_sasl(vs
);
1887 #endif /* CONFIG_VNC_SASL */
1889 default: /* Should not be possible, but just in case */
1890 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
1891 vnc_write_u8(vs
, 1);
1892 if (vs
->minor
>= 8) {
1893 static const char err
[] = "Authentication failed";
1894 vnc_write_u32(vs
, sizeof(err
));
1895 vnc_write(vs
, err
, sizeof(err
));
1897 vnc_client_error(vs
);
1903 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
1907 memcpy(local
, version
, 12);
1910 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
1911 VNC_DEBUG("Malformed protocol version %s\n", local
);
1912 vnc_client_error(vs
);
1915 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
1916 if (vs
->major
!= 3 ||
1922 VNC_DEBUG("Unsupported client version\n");
1923 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1925 vnc_client_error(vs
);
1928 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1929 * as equivalent to v3.3 by servers
1931 if (vs
->minor
== 4 || vs
->minor
== 5)
1934 if (vs
->minor
== 3) {
1935 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
1936 VNC_DEBUG("Tell client auth none\n");
1937 vnc_write_u32(vs
, vs
->vd
->auth
);
1939 start_client_init(vs
);
1940 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
1941 VNC_DEBUG("Tell client VNC auth\n");
1942 vnc_write_u32(vs
, vs
->vd
->auth
);
1946 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
1947 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1949 vnc_client_error(vs
);
1952 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
1953 vnc_write_u8(vs
, 1); /* num auth */
1954 vnc_write_u8(vs
, vs
->vd
->auth
);
1955 vnc_read_when(vs
, protocol_client_auth
, 1);
1962 static void vnc_connect(VncDisplay
*vd
, int csock
)
1964 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
1967 VNC_DEBUG("New client on socket %d\n", csock
);
1969 socket_set_nonblock(vs
->csock
);
1970 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1974 vs
->timer
= qemu_new_timer(rt_clock
, vnc_update_client
, vs
);
1978 vs
->as
.freq
= 44100;
1979 vs
->as
.nchannels
= 2;
1980 vs
->as
.fmt
= AUD_FMT_S16
;
1981 vs
->as
.endianness
= 0;
1984 vnc_write(vs
, "RFB 003.008\n", 12);
1986 vnc_read_when(vs
, protocol_version
, 12);
1987 memset(vs
->old_data
, 0, ds_get_linesize(vs
->ds
) * ds_get_height(vs
->ds
));
1988 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
1989 vnc_update_client(vs
);
1992 vs
->next
= vd
->clients
;
1996 static void vnc_listen_read(void *opaque
)
1998 VncDisplay
*vs
= opaque
;
1999 struct sockaddr_in addr
;
2000 socklen_t addrlen
= sizeof(addr
);
2005 int csock
= accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2007 vnc_connect(vs
, csock
);
2011 void vnc_display_init(DisplayState
*ds
)
2015 vs
= qemu_mallocz(sizeof(VncState
));
2016 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2026 if (keyboard_layout
)
2027 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2029 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2031 if (!vs
->kbd_layout
)
2034 dcl
->dpy_copy
= vnc_dpy_copy
;
2035 dcl
->dpy_update
= vnc_dpy_update
;
2036 dcl
->dpy_resize
= vnc_dpy_resize
;
2037 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2038 register_displaychangelistener(ds
, dcl
);
2042 void vnc_display_close(DisplayState
*ds
)
2044 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2049 qemu_free(vs
->display
);
2052 if (vs
->lsock
!= -1) {
2053 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2057 vs
->auth
= VNC_AUTH_INVALID
;
2058 #ifdef CONFIG_VNC_TLS
2059 vs
->subauth
= VNC_AUTH_INVALID
;
2060 vs
->tls
.x509verify
= 0;
2064 int vnc_display_password(DisplayState
*ds
, const char *password
)
2066 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2069 qemu_free(vs
->password
);
2070 vs
->password
= NULL
;
2072 if (password
&& password
[0]) {
2073 if (!(vs
->password
= qemu_strdup(password
)))
2080 int vnc_display_open(DisplayState
*ds
, const char *display
)
2082 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2083 const char *options
;
2087 #ifdef CONFIG_VNC_TLS
2088 int tls
= 0, x509
= 0;
2090 #ifdef CONFIG_VNC_SASL
2097 vnc_display_close(ds
);
2098 if (strcmp(display
, "none") == 0)
2101 if (!(vs
->display
= strdup(display
)))
2105 while ((options
= strchr(options
, ','))) {
2107 if (strncmp(options
, "password", 8) == 0) {
2108 password
= 1; /* Require password auth */
2109 } else if (strncmp(options
, "reverse", 7) == 0) {
2111 } else if (strncmp(options
, "to=", 3) == 0) {
2112 to_port
= atoi(options
+3) + 5900;
2113 #ifdef CONFIG_VNC_SASL
2114 } else if (strncmp(options
, "sasl", 4) == 0) {
2115 sasl
= 1; /* Require SASL auth */
2117 #ifdef CONFIG_VNC_TLS
2118 } else if (strncmp(options
, "tls", 3) == 0) {
2119 tls
= 1; /* Require TLS */
2120 } else if (strncmp(options
, "x509", 4) == 0) {
2122 x509
= 1; /* Require x509 certificates */
2123 if (strncmp(options
, "x509verify", 10) == 0)
2124 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2126 /* Now check for 'x509=/some/path' postfix
2127 * and use that to setup x509 certificate/key paths */
2128 start
= strchr(options
, '=');
2129 end
= strchr(options
, ',');
2130 if (start
&& (!end
|| (start
< end
))) {
2131 int len
= end
? end
-(start
+1) : strlen(start
+1);
2132 char *path
= qemu_strndup(start
+ 1, len
);
2134 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2135 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2136 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2138 qemu_free(vs
->display
);
2144 fprintf(stderr
, "No certificate path provided\n");
2145 qemu_free(vs
->display
);
2154 * Combinations we support here:
2156 * - no-auth (clear text, no auth)
2157 * - password (clear text, weak auth)
2158 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2159 * - tls (encrypt, weak anonymous creds, no auth)
2160 * - tls + password (encrypt, weak anonymous creds, weak auth)
2161 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2162 * - tls + x509 (encrypt, good x509 creds, no auth)
2163 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2164 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2166 * NB1. TLS is a stackable auth scheme.
2167 * NB2. the x509 schemes have option to validate a client cert dname
2170 #ifdef CONFIG_VNC_TLS
2172 vs
->auth
= VNC_AUTH_VENCRYPT
;
2174 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2175 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2177 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2178 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2181 #endif /* CONFIG_VNC_TLS */
2182 VNC_DEBUG("Initializing VNC server with password auth\n");
2183 vs
->auth
= VNC_AUTH_VNC
;
2184 #ifdef CONFIG_VNC_TLS
2185 vs
->subauth
= VNC_AUTH_INVALID
;
2187 #endif /* CONFIG_VNC_TLS */
2188 #ifdef CONFIG_VNC_SASL
2190 #ifdef CONFIG_VNC_TLS
2192 vs
->auth
= VNC_AUTH_VENCRYPT
;
2194 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2195 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2197 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2198 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2201 #endif /* CONFIG_VNC_TLS */
2202 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2203 vs
->auth
= VNC_AUTH_SASL
;
2204 #ifdef CONFIG_VNC_TLS
2205 vs
->subauth
= VNC_AUTH_INVALID
;
2207 #endif /* CONFIG_VNC_TLS */
2208 #endif /* CONFIG_VNC_SASL */
2210 #ifdef CONFIG_VNC_TLS
2212 vs
->auth
= VNC_AUTH_VENCRYPT
;
2214 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2215 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2217 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2218 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2222 VNC_DEBUG("Initializing VNC server with no auth\n");
2223 vs
->auth
= VNC_AUTH_NONE
;
2224 #ifdef CONFIG_VNC_TLS
2225 vs
->subauth
= VNC_AUTH_INVALID
;
2230 #ifdef CONFIG_VNC_SASL
2231 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2232 fprintf(stderr
, "Failed to initialize SASL auth %s",
2233 sasl_errstring(saslErr
, NULL
, NULL
));
2241 /* connect to viewer */
2242 if (strncmp(display
, "unix:", 5) == 0)
2243 vs
->lsock
= unix_connect(display
+5);
2245 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2246 if (-1 == vs
->lsock
) {
2251 int csock
= vs
->lsock
;
2253 vnc_connect(vs
, csock
);
2258 /* listen for connects */
2260 dpy
= qemu_malloc(256);
2261 if (strncmp(display
, "unix:", 5) == 0) {
2262 pstrcpy(dpy
, 256, "unix:");
2263 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2265 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2267 if (-1 == vs
->lsock
) {
2275 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);