ESP: implement Transfer Pad
[qemu.git] / vnc.c
blob4fde9aae5de5bdc2817121e35745a6c59ef27919
1 /*
2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
33 #define VNC_REFRESH_INTERVAL_BASE 30
34 #define VNC_REFRESH_INTERVAL_INC 50
35 #define VNC_REFRESH_INTERVAL_MAX 2000
37 #include "vnc_keysym.h"
38 #include "d3des.h"
40 #define count_bits(c, v) { \
41 for (c = 0; v; v >>= 1) \
42 { \
43 c += v & 1; \
44 } \
48 static VncDisplay *vnc_display; /* needed for info vnc */
49 static DisplayChangeListener *dcl;
51 static char *addr_to_string(const char *format,
52 struct sockaddr_storage *sa,
53 socklen_t salen) {
54 char *addr;
55 char host[NI_MAXHOST];
56 char serv[NI_MAXSERV];
57 int err;
58 size_t addrlen;
60 if ((err = getnameinfo((struct sockaddr *)sa, salen,
61 host, sizeof(host),
62 serv, sizeof(serv),
63 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
64 VNC_DEBUG("Cannot resolve address %d: %s\n",
65 err, gai_strerror(err));
66 return NULL;
69 /* Enough for the existing format + the 2 vars we're
70 * substituting in. */
71 addrlen = strlen(format) + strlen(host) + strlen(serv);
72 addr = qemu_malloc(addrlen + 1);
73 snprintf(addr, addrlen, format, host, serv);
74 addr[addrlen] = '\0';
76 return addr;
80 char *vnc_socket_local_addr(const char *format, int fd) {
81 struct sockaddr_storage sa;
82 socklen_t salen;
84 salen = sizeof(sa);
85 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86 return NULL;
88 return addr_to_string(format, &sa, salen);
91 char *vnc_socket_remote_addr(const char *format, int fd) {
92 struct sockaddr_storage sa;
93 socklen_t salen;
95 salen = sizeof(sa);
96 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
97 return NULL;
99 return addr_to_string(format, &sa, salen);
102 static const char *vnc_auth_name(VncDisplay *vd) {
103 switch (vd->auth) {
104 case VNC_AUTH_INVALID:
105 return "invalid";
106 case VNC_AUTH_NONE:
107 return "none";
108 case VNC_AUTH_VNC:
109 return "vnc";
110 case VNC_AUTH_RA2:
111 return "ra2";
112 case VNC_AUTH_RA2NE:
113 return "ra2ne";
114 case VNC_AUTH_TIGHT:
115 return "tight";
116 case VNC_AUTH_ULTRA:
117 return "ultra";
118 case VNC_AUTH_TLS:
119 return "tls";
120 case VNC_AUTH_VENCRYPT:
121 #ifdef CONFIG_VNC_TLS
122 switch (vd->subauth) {
123 case VNC_AUTH_VENCRYPT_PLAIN:
124 return "vencrypt+plain";
125 case VNC_AUTH_VENCRYPT_TLSNONE:
126 return "vencrypt+tls+none";
127 case VNC_AUTH_VENCRYPT_TLSVNC:
128 return "vencrypt+tls+vnc";
129 case VNC_AUTH_VENCRYPT_TLSPLAIN:
130 return "vencrypt+tls+plain";
131 case VNC_AUTH_VENCRYPT_X509NONE:
132 return "vencrypt+x509+none";
133 case VNC_AUTH_VENCRYPT_X509VNC:
134 return "vencrypt+x509+vnc";
135 case VNC_AUTH_VENCRYPT_X509PLAIN:
136 return "vencrypt+x509+plain";
137 case VNC_AUTH_VENCRYPT_TLSSASL:
138 return "vencrypt+tls+sasl";
139 case VNC_AUTH_VENCRYPT_X509SASL:
140 return "vencrypt+x509+sasl";
141 default:
142 return "vencrypt";
144 #else
145 return "vencrypt";
146 #endif
147 case VNC_AUTH_SASL:
148 return "sasl";
150 return "unknown";
153 static void do_info_vnc_client(Monitor *mon, VncState *client)
155 char *clientAddr =
156 vnc_socket_remote_addr(" address: %s:%s\n",
157 client->csock);
158 if (!clientAddr)
159 return;
161 monitor_printf(mon, "Client:\n");
162 monitor_printf(mon, "%s", clientAddr);
163 free(clientAddr);
165 #ifdef CONFIG_VNC_TLS
166 if (client->tls.session &&
167 client->tls.dname)
168 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
169 else
170 monitor_printf(mon, " x509 dname: none\n");
171 #endif
172 #ifdef CONFIG_VNC_SASL
173 if (client->sasl.conn &&
174 client->sasl.username)
175 monitor_printf(mon, " username: %s\n", client->sasl.username);
176 else
177 monitor_printf(mon, " username: none\n");
178 #endif
181 void do_info_vnc(Monitor *mon)
183 if (vnc_display == NULL || vnc_display->display == NULL) {
184 monitor_printf(mon, "Server: disabled\n");
185 } else {
186 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
187 vnc_display->lsock);
189 if (!serverAddr)
190 return;
192 monitor_printf(mon, "Server:\n");
193 monitor_printf(mon, "%s", serverAddr);
194 free(serverAddr);
195 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
197 if (vnc_display->clients) {
198 VncState *client = vnc_display->clients;
199 while (client) {
200 do_info_vnc_client(mon, client);
201 client = client->next;
203 } else {
204 monitor_printf(mon, "Client: none\n");
209 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
210 return (vs->features & (1 << feature));
213 /* TODO
214 1) Get the queue working for IO.
215 2) there is some weirdness when using the -S option (the screen is grey
216 and not totally invalidated
217 3) resolutions > 1024
220 static int vnc_update_client(VncState *vs, int has_dirty);
221 static void vnc_disconnect_start(VncState *vs);
222 static void vnc_disconnect_finish(VncState *vs);
223 static void vnc_init_timer(VncDisplay *vd);
224 static void vnc_remove_timer(VncDisplay *vd);
226 static void vnc_colordepth(VncState *vs);
227 static void framebuffer_update_request(VncState *vs, int incremental,
228 int x_position, int y_position,
229 int w, int h);
230 static void vnc_refresh(void *opaque);
231 static int vnc_refresh_server_surface(VncDisplay *vd);
233 static inline void vnc_set_bit(uint32_t *d, int k)
235 d[k >> 5] |= 1 << (k & 0x1f);
238 static inline void vnc_clear_bit(uint32_t *d, int k)
240 d[k >> 5] &= ~(1 << (k & 0x1f));
243 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
245 int j;
247 j = 0;
248 while (n >= 32) {
249 d[j++] = -1;
250 n -= 32;
252 if (n > 0)
253 d[j++] = (1 << n) - 1;
254 while (j < nb_words)
255 d[j++] = 0;
258 static inline int vnc_get_bit(const uint32_t *d, int k)
260 return (d[k >> 5] >> (k & 0x1f)) & 1;
263 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
264 int nb_words)
266 int i;
267 for(i = 0; i < nb_words; i++) {
268 if ((d1[i] & d2[i]) != 0)
269 return 1;
271 return 0;
274 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
276 int i;
277 VncDisplay *vd = ds->opaque;
278 struct VncSurface *s = &vd->guest;
280 h += y;
282 /* round x down to ensure the loop only spans one 16-pixel block per,
283 iteration. otherwise, if (x % 16) != 0, the last iteration may span
284 two 16-pixel blocks but we only mark the first as dirty
286 w += (x % 16);
287 x -= (x % 16);
289 x = MIN(x, s->ds->width);
290 y = MIN(y, s->ds->height);
291 w = MIN(x + w, s->ds->width) - x;
292 h = MIN(h, s->ds->height);
294 for (; y < h; y++)
295 for (i = 0; i < w; i += 16)
296 vnc_set_bit(s->dirty[y], (x + i) / 16);
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
300 int32_t encoding)
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
307 vnc_write_s32(vs, encoding);
310 void buffer_reserve(Buffer *buffer, size_t len)
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
317 exit(1);
322 int buffer_empty(Buffer *buffer)
324 return buffer->offset == 0;
327 uint8_t *buffer_end(Buffer *buffer)
329 return buffer->buffer + buffer->offset;
332 void buffer_reset(Buffer *buffer)
334 buffer->offset = 0;
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
343 static void vnc_dpy_resize(DisplayState *ds)
345 int size_changed;
346 VncDisplay *vd = ds->opaque;
347 VncState *vs = vd->clients;
349 /* server surface */
350 if (!vd->server)
351 vd->server = qemu_mallocz(sizeof(*vd->server));
352 if (vd->server->data)
353 qemu_free(vd->server->data);
354 *(vd->server) = *(ds->surface);
355 vd->server->data = qemu_mallocz(vd->server->linesize *
356 vd->server->height);
358 /* guest surface */
359 if (!vd->guest.ds)
360 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
361 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
362 console_color_init(ds);
363 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
364 ds_get_height(ds) != vd->guest.ds->height;
365 *(vd->guest.ds) = *(ds->surface);
366 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
368 while (vs != NULL) {
369 vnc_colordepth(vs);
370 if (size_changed) {
371 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
372 vnc_write_u8(vs, 0); /* msg id */
373 vnc_write_u8(vs, 0);
374 vnc_write_u16(vs, 1); /* number of rects */
375 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
376 VNC_ENCODING_DESKTOPRESIZE);
377 vnc_flush(vs);
380 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
381 vs = vs->next;
385 /* fastest code */
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
388 vnc_write(vs, pixels, size);
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
394 uint8_t r, g, b;
395 VncDisplay *vd = vs->vd;
397 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
398 vd->server->pf.rbits);
399 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
400 vd->server->pf.gbits);
401 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
402 vd->server->pf.bbits);
403 v = (r << vs->clientds.pf.rshift) |
404 (g << vs->clientds.pf.gshift) |
405 (b << vs->clientds.pf.bshift);
406 switch(vs->clientds.pf.bytes_per_pixel) {
407 case 1:
408 buf[0] = v;
409 break;
410 case 2:
411 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
412 buf[0] = v >> 8;
413 buf[1] = v;
414 } else {
415 buf[1] = v >> 8;
416 buf[0] = v;
418 break;
419 default:
420 case 4:
421 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
422 buf[0] = v >> 24;
423 buf[1] = v >> 16;
424 buf[2] = v >> 8;
425 buf[3] = v;
426 } else {
427 buf[3] = v >> 24;
428 buf[2] = v >> 16;
429 buf[1] = v >> 8;
430 buf[0] = v;
432 break;
436 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
438 uint8_t buf[4];
439 VncDisplay *vd = vs->vd;
441 if (vd->server->pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
443 int n, i;
444 n = size >> 2;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
449 } else if (vd->server->pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
451 int n, i;
452 n = size >> 1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
457 } else if (vd->server->pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
459 int n, i;
460 n = size;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
465 } else {
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
472 int i;
473 uint8_t *row;
474 VncDisplay *vd = vs->vd;
476 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
477 for (i = 0; i < h; i++) {
478 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
479 row += ds_get_linesize(vs->ds);
483 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
485 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
486 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
489 #define BPP 8
490 #include "vnchextile.h"
491 #undef BPP
493 #define BPP 16
494 #include "vnchextile.h"
495 #undef BPP
497 #define BPP 32
498 #include "vnchextile.h"
499 #undef BPP
501 #define GENERIC
502 #define BPP 8
503 #include "vnchextile.h"
504 #undef BPP
505 #undef GENERIC
507 #define GENERIC
508 #define BPP 16
509 #include "vnchextile.h"
510 #undef BPP
511 #undef GENERIC
513 #define GENERIC
514 #define BPP 32
515 #include "vnchextile.h"
516 #undef BPP
517 #undef GENERIC
519 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
521 int i, j;
522 int has_fg, has_bg;
523 uint8_t *last_fg, *last_bg;
524 VncDisplay *vd = vs->vd;
526 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
527 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
528 has_fg = has_bg = 0;
529 for (j = y; j < (y + h); j += 16) {
530 for (i = x; i < (x + w); i += 16) {
531 vs->send_hextile_tile(vs, i, j,
532 MIN(16, x + w - i), MIN(16, y + h - j),
533 last_bg, last_fg, &has_bg, &has_fg);
536 free(last_fg);
537 free(last_bg);
541 static void vnc_zlib_init(VncState *vs)
543 int i;
544 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
545 vs->zlib_stream[i].opaque = NULL;
548 static void vnc_zlib_start(VncState *vs)
550 buffer_reset(&vs->zlib);
552 // make the output buffer be the zlib buffer, so we can compress it later
553 vs->zlib_tmp = vs->output;
554 vs->output = vs->zlib;
557 static int vnc_zlib_stop(VncState *vs, int stream_id)
559 z_streamp zstream = &vs->zlib_stream[stream_id];
560 int previous_out;
562 // switch back to normal output/zlib buffers
563 vs->zlib = vs->output;
564 vs->output = vs->zlib_tmp;
566 // compress the zlib buffer
568 // initialize the stream
569 // XXX need one stream per session
570 if (zstream->opaque != vs) {
571 int err;
573 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
574 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
575 zstream->zalloc = Z_NULL;
576 zstream->zfree = Z_NULL;
578 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
579 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
581 if (err != Z_OK) {
582 fprintf(stderr, "VNC: error initializing zlib\n");
583 return -1;
586 zstream->opaque = vs;
589 // XXX what to do if tight_compression changed in between?
591 // reserve memory in output buffer
592 buffer_reserve(&vs->output, vs->zlib.offset + 64);
594 // set pointers
595 zstream->next_in = vs->zlib.buffer;
596 zstream->avail_in = vs->zlib.offset;
597 zstream->next_out = vs->output.buffer + vs->output.offset;
598 zstream->avail_out = vs->output.capacity - vs->output.offset;
599 zstream->data_type = Z_BINARY;
600 previous_out = zstream->total_out;
602 // start encoding
603 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
604 fprintf(stderr, "VNC: error during zlib compression\n");
605 return -1;
608 vs->output.offset = vs->output.capacity - zstream->avail_out;
609 return zstream->total_out - previous_out;
612 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
614 int old_offset, new_offset, bytes_written;
616 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
618 // remember where we put in the follow-up size
619 old_offset = vs->output.offset;
620 vnc_write_s32(vs, 0);
622 // compress the stream
623 vnc_zlib_start(vs);
624 send_framebuffer_update_raw(vs, x, y, w, h);
625 bytes_written = vnc_zlib_stop(vs, 0);
627 if (bytes_written == -1)
628 return;
630 // hack in the size
631 new_offset = vs->output.offset;
632 vs->output.offset = old_offset;
633 vnc_write_u32(vs, bytes_written);
634 vs->output.offset = new_offset;
637 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
639 switch(vs->vnc_encoding) {
640 case VNC_ENCODING_ZLIB:
641 send_framebuffer_update_zlib(vs, x, y, w, h);
642 break;
643 case VNC_ENCODING_HEXTILE:
644 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
645 send_framebuffer_update_hextile(vs, x, y, w, h);
646 break;
647 default:
648 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
649 send_framebuffer_update_raw(vs, x, y, w, h);
650 break;
654 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
656 /* send bitblit op to the vnc client */
657 vnc_write_u8(vs, 0); /* msg id */
658 vnc_write_u8(vs, 0);
659 vnc_write_u16(vs, 1); /* number of rects */
660 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
661 vnc_write_u16(vs, src_x);
662 vnc_write_u16(vs, src_y);
663 vnc_flush(vs);
666 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
668 VncDisplay *vd = ds->opaque;
669 VncState *vs, *vn;
670 uint8_t *src_row;
671 uint8_t *dst_row;
672 int i,x,y,pitch,depth,inc,w_lim,s;
673 int cmp_bytes;
675 vnc_refresh_server_surface(vd);
676 for (vs = vd->clients; vs != NULL; vs = vn) {
677 vn = vs->next;
678 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
679 vs->force_update = 1;
680 vnc_update_client(vs, 1);
681 /* vs might be free()ed here */
685 /* do bitblit op on the local surface too */
686 pitch = ds_get_linesize(vd->ds);
687 depth = ds_get_bytes_per_pixel(vd->ds);
688 src_row = vd->server->data + pitch * src_y + depth * src_x;
689 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
690 y = dst_y;
691 inc = 1;
692 if (dst_y > src_y) {
693 /* copy backwards */
694 src_row += pitch * (h-1);
695 dst_row += pitch * (h-1);
696 pitch = -pitch;
697 y = dst_y + h - 1;
698 inc = -1;
700 w_lim = w - (16 - (dst_x % 16));
701 if (w_lim < 0)
702 w_lim = w;
703 else
704 w_lim = w - (w_lim % 16);
705 for (i = 0; i < h; i++) {
706 for (x = 0; x <= w_lim;
707 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
708 if (x == w_lim) {
709 if ((s = w - w_lim) == 0)
710 break;
711 } else if (!x) {
712 s = (16 - (dst_x % 16));
713 s = MIN(s, w_lim);
714 } else {
715 s = 16;
717 cmp_bytes = s * depth;
718 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
719 continue;
720 memmove(dst_row, src_row, cmp_bytes);
721 vs = vd->clients;
722 while (vs != NULL) {
723 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
724 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
725 vs = vs->next;
728 src_row += pitch - w * depth;
729 dst_row += pitch - w * depth;
730 y += inc;
733 for (vs = vd->clients; vs != NULL; vs = vs->next) {
734 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
735 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
739 static int find_and_clear_dirty_height(struct VncState *vs,
740 int y, int last_x, int x)
742 int h;
743 VncDisplay *vd = vs->vd;
745 for (h = 1; h < (vd->server->height - y); h++) {
746 int tmp_x;
747 if (!vnc_get_bit(vs->dirty[y + h], last_x))
748 break;
749 for (tmp_x = last_x; tmp_x < x; tmp_x++)
750 vnc_clear_bit(vs->dirty[y + h], tmp_x);
753 return h;
756 static int vnc_update_client(VncState *vs, int has_dirty)
758 if (vs->need_update && vs->csock != -1) {
759 VncDisplay *vd = vs->vd;
760 int y;
761 int n_rectangles;
762 int saved_offset;
764 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
765 /* kernel send buffers are full -> drop frames to throttle */
766 return 0;
768 if (!has_dirty && !vs->audio_cap && !vs->force_update)
769 return 0;
772 * Send screen updates to the vnc client using the server
773 * surface and server dirty map. guest surface updates
774 * happening in parallel don't disturb us, the next pass will
775 * send them to the client.
777 n_rectangles = 0;
778 vnc_write_u8(vs, 0); /* msg id */
779 vnc_write_u8(vs, 0);
780 saved_offset = vs->output.offset;
781 vnc_write_u16(vs, 0);
783 for (y = 0; y < vd->server->height; y++) {
784 int x;
785 int last_x = -1;
786 for (x = 0; x < vd->server->width / 16; x++) {
787 if (vnc_get_bit(vs->dirty[y], x)) {
788 if (last_x == -1) {
789 last_x = x;
791 vnc_clear_bit(vs->dirty[y], x);
792 } else {
793 if (last_x != -1) {
794 int h = find_and_clear_dirty_height(vs, y, last_x, x);
795 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
796 n_rectangles++;
798 last_x = -1;
801 if (last_x != -1) {
802 int h = find_and_clear_dirty_height(vs, y, last_x, x);
803 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
804 n_rectangles++;
807 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
808 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
809 vnc_flush(vs);
810 vs->force_update = 0;
811 return n_rectangles;
814 if (vs->csock == -1)
815 vnc_disconnect_finish(vs);
817 return 0;
820 /* audio */
821 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
823 VncState *vs = opaque;
825 switch (cmd) {
826 case AUD_CNOTIFY_DISABLE:
827 vnc_write_u8(vs, 255);
828 vnc_write_u8(vs, 1);
829 vnc_write_u16(vs, 0);
830 vnc_flush(vs);
831 break;
833 case AUD_CNOTIFY_ENABLE:
834 vnc_write_u8(vs, 255);
835 vnc_write_u8(vs, 1);
836 vnc_write_u16(vs, 1);
837 vnc_flush(vs);
838 break;
842 static void audio_capture_destroy(void *opaque)
846 static void audio_capture(void *opaque, void *buf, int size)
848 VncState *vs = opaque;
850 vnc_write_u8(vs, 255);
851 vnc_write_u8(vs, 1);
852 vnc_write_u16(vs, 2);
853 vnc_write_u32(vs, size);
854 vnc_write(vs, buf, size);
855 vnc_flush(vs);
858 static void audio_add(VncState *vs)
860 Monitor *mon = cur_mon;
861 struct audio_capture_ops ops;
863 if (vs->audio_cap) {
864 monitor_printf(mon, "audio already running\n");
865 return;
868 ops.notify = audio_capture_notify;
869 ops.destroy = audio_capture_destroy;
870 ops.capture = audio_capture;
872 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
873 if (!vs->audio_cap) {
874 monitor_printf(mon, "Failed to add audio capture\n");
878 static void audio_del(VncState *vs)
880 if (vs->audio_cap) {
881 AUD_del_capture(vs->audio_cap, vs);
882 vs->audio_cap = NULL;
886 static void vnc_disconnect_start(VncState *vs)
888 if (vs->csock == -1)
889 return;
890 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
891 closesocket(vs->csock);
892 vs->csock = -1;
895 static void vnc_disconnect_finish(VncState *vs)
897 if (vs->input.buffer) qemu_free(vs->input.buffer);
898 if (vs->output.buffer) qemu_free(vs->output.buffer);
899 #ifdef CONFIG_VNC_TLS
900 vnc_tls_client_cleanup(vs);
901 #endif /* CONFIG_VNC_TLS */
902 #ifdef CONFIG_VNC_SASL
903 vnc_sasl_client_cleanup(vs);
904 #endif /* CONFIG_VNC_SASL */
905 audio_del(vs);
907 VncState *p, *parent = NULL;
908 for (p = vs->vd->clients; p != NULL; p = p->next) {
909 if (p == vs) {
910 if (parent)
911 parent->next = p->next;
912 else
913 vs->vd->clients = p->next;
914 break;
916 parent = p;
918 if (!vs->vd->clients)
919 dcl->idle = 1;
921 qemu_free(vs);
922 vnc_remove_timer(vs->vd);
925 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
927 if (ret == 0 || ret == -1) {
928 if (ret == -1) {
929 switch (last_errno) {
930 case EINTR:
931 case EAGAIN:
932 #ifdef _WIN32
933 case WSAEWOULDBLOCK:
934 #endif
935 return 0;
936 default:
937 break;
941 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
942 ret, ret < 0 ? last_errno : 0);
943 vnc_disconnect_start(vs);
945 return 0;
947 return ret;
951 void vnc_client_error(VncState *vs)
953 VNC_DEBUG("Closing down client sock: protocol error\n");
954 vnc_disconnect_start(vs);
959 * Called to write a chunk of data to the client socket. The data may
960 * be the raw data, or may have already been encoded by SASL.
961 * The data will be written either straight onto the socket, or
962 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
964 * NB, it is theoretically possible to have 2 layers of encryption,
965 * both SASL, and this TLS layer. It is highly unlikely in practice
966 * though, since SASL encryption will typically be a no-op if TLS
967 * is active
969 * Returns the number of bytes written, which may be less than
970 * the requested 'datalen' if the socket would block. Returns
971 * -1 on error, and disconnects the client socket.
973 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
975 long ret;
976 #ifdef CONFIG_VNC_TLS
977 if (vs->tls.session) {
978 ret = gnutls_write(vs->tls.session, data, datalen);
979 if (ret < 0) {
980 if (ret == GNUTLS_E_AGAIN)
981 errno = EAGAIN;
982 else
983 errno = EIO;
984 ret = -1;
986 } else
987 #endif /* CONFIG_VNC_TLS */
988 ret = send(vs->csock, (const void *)data, datalen, 0);
989 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
990 return vnc_client_io_error(vs, ret, socket_error());
995 * Called to write buffered data to the client socket, when not
996 * using any SASL SSF encryption layers. Will write as much data
997 * as possible without blocking. If all buffered data is written,
998 * will switch the FD poll() handler back to read monitoring.
1000 * Returns the number of bytes written, which may be less than
1001 * the buffered output data if the socket would block. Returns
1002 * -1 on error, and disconnects the client socket.
1004 static long vnc_client_write_plain(VncState *vs)
1006 long ret;
1008 #ifdef CONFIG_VNC_SASL
1009 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1010 vs->output.buffer, vs->output.capacity, vs->output.offset,
1011 vs->sasl.waitWriteSSF);
1013 if (vs->sasl.conn &&
1014 vs->sasl.runSSF &&
1015 vs->sasl.waitWriteSSF) {
1016 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1017 if (ret)
1018 vs->sasl.waitWriteSSF -= ret;
1019 } else
1020 #endif /* CONFIG_VNC_SASL */
1021 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1022 if (!ret)
1023 return 0;
1025 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1026 vs->output.offset -= ret;
1028 if (vs->output.offset == 0) {
1029 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1032 return ret;
1037 * First function called whenever there is data to be written to
1038 * the client socket. Will delegate actual work according to whether
1039 * SASL SSF layers are enabled (thus requiring encryption calls)
1041 void vnc_client_write(void *opaque)
1043 long ret;
1044 VncState *vs = opaque;
1046 #ifdef CONFIG_VNC_SASL
1047 if (vs->sasl.conn &&
1048 vs->sasl.runSSF &&
1049 !vs->sasl.waitWriteSSF)
1050 ret = vnc_client_write_sasl(vs);
1051 else
1052 #endif /* CONFIG_VNC_SASL */
1053 ret = vnc_client_write_plain(vs);
1056 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1058 vs->read_handler = func;
1059 vs->read_handler_expect = expecting;
1064 * Called to read a chunk of data from the client socket. The data may
1065 * be the raw data, or may need to be further decoded by SASL.
1066 * The data will be read either straight from to the socket, or
1067 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1069 * NB, it is theoretically possible to have 2 layers of encryption,
1070 * both SASL, and this TLS layer. It is highly unlikely in practice
1071 * though, since SASL encryption will typically be a no-op if TLS
1072 * is active
1074 * Returns the number of bytes read, which may be less than
1075 * the requested 'datalen' if the socket would block. Returns
1076 * -1 on error, and disconnects the client socket.
1078 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1080 long ret;
1081 #ifdef CONFIG_VNC_TLS
1082 if (vs->tls.session) {
1083 ret = gnutls_read(vs->tls.session, data, datalen);
1084 if (ret < 0) {
1085 if (ret == GNUTLS_E_AGAIN)
1086 errno = EAGAIN;
1087 else
1088 errno = EIO;
1089 ret = -1;
1091 } else
1092 #endif /* CONFIG_VNC_TLS */
1093 ret = recv(vs->csock, (void *)data, datalen, 0);
1094 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1095 return vnc_client_io_error(vs, ret, socket_error());
1100 * Called to read data from the client socket to the input buffer,
1101 * when not using any SASL SSF encryption layers. Will read as much
1102 * data as possible without blocking.
1104 * Returns the number of bytes read. Returns -1 on error, and
1105 * disconnects the client socket.
1107 static long vnc_client_read_plain(VncState *vs)
1109 int ret;
1110 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1111 vs->input.buffer, vs->input.capacity, vs->input.offset);
1112 buffer_reserve(&vs->input, 4096);
1113 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1114 if (!ret)
1115 return 0;
1116 vs->input.offset += ret;
1117 return ret;
1122 * First function called whenever there is more data to be read from
1123 * the client socket. Will delegate actual work according to whether
1124 * SASL SSF layers are enabled (thus requiring decryption calls)
1126 void vnc_client_read(void *opaque)
1128 VncState *vs = opaque;
1129 long ret;
1131 #ifdef CONFIG_VNC_SASL
1132 if (vs->sasl.conn && vs->sasl.runSSF)
1133 ret = vnc_client_read_sasl(vs);
1134 else
1135 #endif /* CONFIG_VNC_SASL */
1136 ret = vnc_client_read_plain(vs);
1137 if (!ret) {
1138 if (vs->csock == -1)
1139 vnc_disconnect_finish(vs);
1140 return;
1143 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1144 size_t len = vs->read_handler_expect;
1145 int ret;
1147 ret = vs->read_handler(vs, vs->input.buffer, len);
1148 if (vs->csock == -1) {
1149 vnc_disconnect_finish(vs);
1150 return;
1153 if (!ret) {
1154 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1155 vs->input.offset -= len;
1156 } else {
1157 vs->read_handler_expect = ret;
1162 void vnc_write(VncState *vs, const void *data, size_t len)
1164 buffer_reserve(&vs->output, len);
1166 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1167 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1170 buffer_append(&vs->output, data, len);
1173 void vnc_write_s32(VncState *vs, int32_t value)
1175 vnc_write_u32(vs, *(uint32_t *)&value);
1178 void vnc_write_u32(VncState *vs, uint32_t value)
1180 uint8_t buf[4];
1182 buf[0] = (value >> 24) & 0xFF;
1183 buf[1] = (value >> 16) & 0xFF;
1184 buf[2] = (value >> 8) & 0xFF;
1185 buf[3] = value & 0xFF;
1187 vnc_write(vs, buf, 4);
1190 void vnc_write_u16(VncState *vs, uint16_t value)
1192 uint8_t buf[2];
1194 buf[0] = (value >> 8) & 0xFF;
1195 buf[1] = value & 0xFF;
1197 vnc_write(vs, buf, 2);
1200 void vnc_write_u8(VncState *vs, uint8_t value)
1202 vnc_write(vs, (char *)&value, 1);
1205 void vnc_flush(VncState *vs)
1207 if (vs->csock != -1 && vs->output.offset)
1208 vnc_client_write(vs);
1211 uint8_t read_u8(uint8_t *data, size_t offset)
1213 return data[offset];
1216 uint16_t read_u16(uint8_t *data, size_t offset)
1218 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1221 int32_t read_s32(uint8_t *data, size_t offset)
1223 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1224 (data[offset + 2] << 8) | data[offset + 3]);
1227 uint32_t read_u32(uint8_t *data, size_t offset)
1229 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1230 (data[offset + 2] << 8) | data[offset + 3]);
1233 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1237 static void check_pointer_type_change(VncState *vs, int absolute)
1239 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1240 vnc_write_u8(vs, 0);
1241 vnc_write_u8(vs, 0);
1242 vnc_write_u16(vs, 1);
1243 vnc_framebuffer_update(vs, absolute, 0,
1244 ds_get_width(vs->ds), ds_get_height(vs->ds),
1245 VNC_ENCODING_POINTER_TYPE_CHANGE);
1246 vnc_flush(vs);
1248 vs->absolute = absolute;
1251 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1253 int buttons = 0;
1254 int dz = 0;
1256 if (button_mask & 0x01)
1257 buttons |= MOUSE_EVENT_LBUTTON;
1258 if (button_mask & 0x02)
1259 buttons |= MOUSE_EVENT_MBUTTON;
1260 if (button_mask & 0x04)
1261 buttons |= MOUSE_EVENT_RBUTTON;
1262 if (button_mask & 0x08)
1263 dz = -1;
1264 if (button_mask & 0x10)
1265 dz = 1;
1267 if (vs->absolute) {
1268 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1269 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1270 dz, buttons);
1271 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1272 x -= 0x7FFF;
1273 y -= 0x7FFF;
1275 kbd_mouse_event(x, y, dz, buttons);
1276 } else {
1277 if (vs->last_x != -1)
1278 kbd_mouse_event(x - vs->last_x,
1279 y - vs->last_y,
1280 dz, buttons);
1281 vs->last_x = x;
1282 vs->last_y = y;
1285 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1288 static void reset_keys(VncState *vs)
1290 int i;
1291 for(i = 0; i < 256; i++) {
1292 if (vs->modifiers_state[i]) {
1293 if (i & 0x80)
1294 kbd_put_keycode(0xe0);
1295 kbd_put_keycode(i | 0x80);
1296 vs->modifiers_state[i] = 0;
1301 static void press_key(VncState *vs, int keysym)
1303 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1304 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1307 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1309 /* QEMU console switch */
1310 switch(keycode) {
1311 case 0x2a: /* Left Shift */
1312 case 0x36: /* Right Shift */
1313 case 0x1d: /* Left CTRL */
1314 case 0x9d: /* Right CTRL */
1315 case 0x38: /* Left ALT */
1316 case 0xb8: /* Right ALT */
1317 if (down)
1318 vs->modifiers_state[keycode] = 1;
1319 else
1320 vs->modifiers_state[keycode] = 0;
1321 break;
1322 case 0x02 ... 0x0a: /* '1' to '9' keys */
1323 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1324 /* Reset the modifiers sent to the current console */
1325 reset_keys(vs);
1326 console_select(keycode - 0x02);
1327 return;
1329 break;
1330 case 0x3a: /* CapsLock */
1331 case 0x45: /* NumLock */
1332 if (!down)
1333 vs->modifiers_state[keycode] ^= 1;
1334 break;
1337 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1338 /* If the numlock state needs to change then simulate an additional
1339 keypress before sending this one. This will happen if the user
1340 toggles numlock away from the VNC window.
1342 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1343 if (!vs->modifiers_state[0x45]) {
1344 vs->modifiers_state[0x45] = 1;
1345 press_key(vs, 0xff7f);
1347 } else {
1348 if (vs->modifiers_state[0x45]) {
1349 vs->modifiers_state[0x45] = 0;
1350 press_key(vs, 0xff7f);
1355 if (is_graphic_console()) {
1356 if (keycode & 0x80)
1357 kbd_put_keycode(0xe0);
1358 if (down)
1359 kbd_put_keycode(keycode & 0x7f);
1360 else
1361 kbd_put_keycode(keycode | 0x80);
1362 } else {
1363 /* QEMU console emulation */
1364 if (down) {
1365 int numlock = vs->modifiers_state[0x45];
1366 switch (keycode) {
1367 case 0x2a: /* Left Shift */
1368 case 0x36: /* Right Shift */
1369 case 0x1d: /* Left CTRL */
1370 case 0x9d: /* Right CTRL */
1371 case 0x38: /* Left ALT */
1372 case 0xb8: /* Right ALT */
1373 break;
1374 case 0xc8:
1375 kbd_put_keysym(QEMU_KEY_UP);
1376 break;
1377 case 0xd0:
1378 kbd_put_keysym(QEMU_KEY_DOWN);
1379 break;
1380 case 0xcb:
1381 kbd_put_keysym(QEMU_KEY_LEFT);
1382 break;
1383 case 0xcd:
1384 kbd_put_keysym(QEMU_KEY_RIGHT);
1385 break;
1386 case 0xd3:
1387 kbd_put_keysym(QEMU_KEY_DELETE);
1388 break;
1389 case 0xc7:
1390 kbd_put_keysym(QEMU_KEY_HOME);
1391 break;
1392 case 0xcf:
1393 kbd_put_keysym(QEMU_KEY_END);
1394 break;
1395 case 0xc9:
1396 kbd_put_keysym(QEMU_KEY_PAGEUP);
1397 break;
1398 case 0xd1:
1399 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1400 break;
1402 case 0x47:
1403 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1404 break;
1405 case 0x48:
1406 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1407 break;
1408 case 0x49:
1409 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1410 break;
1411 case 0x4b:
1412 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1413 break;
1414 case 0x4c:
1415 kbd_put_keysym('5');
1416 break;
1417 case 0x4d:
1418 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1419 break;
1420 case 0x4f:
1421 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1422 break;
1423 case 0x50:
1424 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1425 break;
1426 case 0x51:
1427 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1428 break;
1429 case 0x52:
1430 kbd_put_keysym('0');
1431 break;
1432 case 0x53:
1433 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1434 break;
1436 case 0xb5:
1437 kbd_put_keysym('/');
1438 break;
1439 case 0x37:
1440 kbd_put_keysym('*');
1441 break;
1442 case 0x4a:
1443 kbd_put_keysym('-');
1444 break;
1445 case 0x4e:
1446 kbd_put_keysym('+');
1447 break;
1448 case 0x9c:
1449 kbd_put_keysym('\n');
1450 break;
1452 default:
1453 kbd_put_keysym(sym);
1454 break;
1460 static void key_event(VncState *vs, int down, uint32_t sym)
1462 int keycode;
1464 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1465 sym = sym - 'A' + 'a';
1467 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1468 do_key_event(vs, down, keycode, sym);
1471 static void ext_key_event(VncState *vs, int down,
1472 uint32_t sym, uint16_t keycode)
1474 /* if the user specifies a keyboard layout, always use it */
1475 if (keyboard_layout)
1476 key_event(vs, down, sym);
1477 else
1478 do_key_event(vs, down, keycode, sym);
1481 static void framebuffer_update_request(VncState *vs, int incremental,
1482 int x_position, int y_position,
1483 int w, int h)
1485 if (x_position > ds_get_width(vs->ds))
1486 x_position = ds_get_width(vs->ds);
1487 if (y_position > ds_get_height(vs->ds))
1488 y_position = ds_get_height(vs->ds);
1489 if (x_position + w >= ds_get_width(vs->ds))
1490 w = ds_get_width(vs->ds) - x_position;
1491 if (y_position + h >= ds_get_height(vs->ds))
1492 h = ds_get_height(vs->ds) - y_position;
1494 int i;
1495 vs->need_update = 1;
1496 if (!incremental) {
1497 vs->force_update = 1;
1498 for (i = 0; i < h; i++) {
1499 vnc_set_bits(vs->dirty[y_position + i],
1500 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1505 static void send_ext_key_event_ack(VncState *vs)
1507 vnc_write_u8(vs, 0);
1508 vnc_write_u8(vs, 0);
1509 vnc_write_u16(vs, 1);
1510 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1511 VNC_ENCODING_EXT_KEY_EVENT);
1512 vnc_flush(vs);
1515 static void send_ext_audio_ack(VncState *vs)
1517 vnc_write_u8(vs, 0);
1518 vnc_write_u8(vs, 0);
1519 vnc_write_u16(vs, 1);
1520 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1521 VNC_ENCODING_AUDIO);
1522 vnc_flush(vs);
1525 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1527 int i;
1528 unsigned int enc = 0;
1530 vnc_zlib_init(vs);
1531 vs->features = 0;
1532 vs->vnc_encoding = 0;
1533 vs->tight_compression = 9;
1534 vs->tight_quality = 9;
1535 vs->absolute = -1;
1537 for (i = n_encodings - 1; i >= 0; i--) {
1538 enc = encodings[i];
1539 switch (enc) {
1540 case VNC_ENCODING_RAW:
1541 vs->vnc_encoding = enc;
1542 break;
1543 case VNC_ENCODING_COPYRECT:
1544 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1545 break;
1546 case VNC_ENCODING_HEXTILE:
1547 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1548 vs->vnc_encoding = enc;
1549 break;
1550 case VNC_ENCODING_ZLIB:
1551 vs->features |= VNC_FEATURE_ZLIB_MASK;
1552 vs->vnc_encoding = enc;
1553 break;
1554 case VNC_ENCODING_DESKTOPRESIZE:
1555 vs->features |= VNC_FEATURE_RESIZE_MASK;
1556 break;
1557 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1558 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1559 break;
1560 case VNC_ENCODING_EXT_KEY_EVENT:
1561 send_ext_key_event_ack(vs);
1562 break;
1563 case VNC_ENCODING_AUDIO:
1564 send_ext_audio_ack(vs);
1565 break;
1566 case VNC_ENCODING_WMVi:
1567 vs->features |= VNC_FEATURE_WMVI_MASK;
1568 break;
1569 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1570 vs->tight_compression = (enc & 0x0F);
1571 break;
1572 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1573 vs->tight_quality = (enc & 0x0F);
1574 break;
1575 default:
1576 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1577 break;
1581 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1584 static void set_pixel_conversion(VncState *vs)
1586 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1587 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1588 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1589 vs->write_pixels = vnc_write_pixels_copy;
1590 switch (vs->ds->surface->pf.bits_per_pixel) {
1591 case 8:
1592 vs->send_hextile_tile = send_hextile_tile_8;
1593 break;
1594 case 16:
1595 vs->send_hextile_tile = send_hextile_tile_16;
1596 break;
1597 case 32:
1598 vs->send_hextile_tile = send_hextile_tile_32;
1599 break;
1601 } else {
1602 vs->write_pixels = vnc_write_pixels_generic;
1603 switch (vs->ds->surface->pf.bits_per_pixel) {
1604 case 8:
1605 vs->send_hextile_tile = send_hextile_tile_generic_8;
1606 break;
1607 case 16:
1608 vs->send_hextile_tile = send_hextile_tile_generic_16;
1609 break;
1610 case 32:
1611 vs->send_hextile_tile = send_hextile_tile_generic_32;
1612 break;
1617 static void set_pixel_format(VncState *vs,
1618 int bits_per_pixel, int depth,
1619 int big_endian_flag, int true_color_flag,
1620 int red_max, int green_max, int blue_max,
1621 int red_shift, int green_shift, int blue_shift)
1623 if (!true_color_flag) {
1624 vnc_client_error(vs);
1625 return;
1628 vs->clientds = *(vs->vd->guest.ds);
1629 vs->clientds.pf.rmax = red_max;
1630 count_bits(vs->clientds.pf.rbits, red_max);
1631 vs->clientds.pf.rshift = red_shift;
1632 vs->clientds.pf.rmask = red_max << red_shift;
1633 vs->clientds.pf.gmax = green_max;
1634 count_bits(vs->clientds.pf.gbits, green_max);
1635 vs->clientds.pf.gshift = green_shift;
1636 vs->clientds.pf.gmask = green_max << green_shift;
1637 vs->clientds.pf.bmax = blue_max;
1638 count_bits(vs->clientds.pf.bbits, blue_max);
1639 vs->clientds.pf.bshift = blue_shift;
1640 vs->clientds.pf.bmask = blue_max << blue_shift;
1641 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1642 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1643 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1644 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1646 set_pixel_conversion(vs);
1648 vga_hw_invalidate();
1649 vga_hw_update();
1652 static void pixel_format_message (VncState *vs) {
1653 char pad[3] = { 0, 0, 0 };
1655 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1656 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1658 #ifdef HOST_WORDS_BIGENDIAN
1659 vnc_write_u8(vs, 1); /* big-endian-flag */
1660 #else
1661 vnc_write_u8(vs, 0); /* big-endian-flag */
1662 #endif
1663 vnc_write_u8(vs, 1); /* true-color-flag */
1664 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1665 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1666 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1667 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1668 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1669 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1670 if (vs->ds->surface->pf.bits_per_pixel == 32)
1671 vs->send_hextile_tile = send_hextile_tile_32;
1672 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1673 vs->send_hextile_tile = send_hextile_tile_16;
1674 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1675 vs->send_hextile_tile = send_hextile_tile_8;
1676 vs->clientds = *(vs->ds->surface);
1677 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1678 vs->write_pixels = vnc_write_pixels_copy;
1680 vnc_write(vs, pad, 3); /* padding */
1683 static void vnc_dpy_setdata(DisplayState *ds)
1685 /* We don't have to do anything */
1688 static void vnc_colordepth(VncState *vs)
1690 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1691 /* Sending a WMVi message to notify the client*/
1692 vnc_write_u8(vs, 0); /* msg id */
1693 vnc_write_u8(vs, 0);
1694 vnc_write_u16(vs, 1); /* number of rects */
1695 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1696 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1697 pixel_format_message(vs);
1698 vnc_flush(vs);
1699 } else {
1700 set_pixel_conversion(vs);
1704 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1706 int i;
1707 uint16_t limit;
1708 VncDisplay *vd = vs->vd;
1710 if (data[0] > 3) {
1711 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1712 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1713 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1716 switch (data[0]) {
1717 case 0:
1718 if (len == 1)
1719 return 20;
1721 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1722 read_u8(data, 6), read_u8(data, 7),
1723 read_u16(data, 8), read_u16(data, 10),
1724 read_u16(data, 12), read_u8(data, 14),
1725 read_u8(data, 15), read_u8(data, 16));
1726 break;
1727 case 2:
1728 if (len == 1)
1729 return 4;
1731 if (len == 4) {
1732 limit = read_u16(data, 2);
1733 if (limit > 0)
1734 return 4 + (limit * 4);
1735 } else
1736 limit = read_u16(data, 2);
1738 for (i = 0; i < limit; i++) {
1739 int32_t val = read_s32(data, 4 + (i * 4));
1740 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1743 set_encodings(vs, (int32_t *)(data + 4), limit);
1744 break;
1745 case 3:
1746 if (len == 1)
1747 return 10;
1749 framebuffer_update_request(vs,
1750 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1751 read_u16(data, 6), read_u16(data, 8));
1752 break;
1753 case 4:
1754 if (len == 1)
1755 return 8;
1757 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1758 break;
1759 case 5:
1760 if (len == 1)
1761 return 6;
1763 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1764 break;
1765 case 6:
1766 if (len == 1)
1767 return 8;
1769 if (len == 8) {
1770 uint32_t dlen = read_u32(data, 4);
1771 if (dlen > 0)
1772 return 8 + dlen;
1775 client_cut_text(vs, read_u32(data, 4), data + 8);
1776 break;
1777 case 255:
1778 if (len == 1)
1779 return 2;
1781 switch (read_u8(data, 1)) {
1782 case 0:
1783 if (len == 2)
1784 return 12;
1786 ext_key_event(vs, read_u16(data, 2),
1787 read_u32(data, 4), read_u32(data, 8));
1788 break;
1789 case 1:
1790 if (len == 2)
1791 return 4;
1793 switch (read_u16 (data, 2)) {
1794 case 0:
1795 audio_add(vs);
1796 break;
1797 case 1:
1798 audio_del(vs);
1799 break;
1800 case 2:
1801 if (len == 4)
1802 return 10;
1803 switch (read_u8(data, 4)) {
1804 case 0: vs->as.fmt = AUD_FMT_U8; break;
1805 case 1: vs->as.fmt = AUD_FMT_S8; break;
1806 case 2: vs->as.fmt = AUD_FMT_U16; break;
1807 case 3: vs->as.fmt = AUD_FMT_S16; break;
1808 case 4: vs->as.fmt = AUD_FMT_U32; break;
1809 case 5: vs->as.fmt = AUD_FMT_S32; break;
1810 default:
1811 printf("Invalid audio format %d\n", read_u8(data, 4));
1812 vnc_client_error(vs);
1813 break;
1815 vs->as.nchannels = read_u8(data, 5);
1816 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1817 printf("Invalid audio channel coount %d\n",
1818 read_u8(data, 5));
1819 vnc_client_error(vs);
1820 break;
1822 vs->as.freq = read_u32(data, 6);
1823 break;
1824 default:
1825 printf ("Invalid audio message %d\n", read_u8(data, 4));
1826 vnc_client_error(vs);
1827 break;
1829 break;
1831 default:
1832 printf("Msg: %d\n", read_u16(data, 0));
1833 vnc_client_error(vs);
1834 break;
1836 break;
1837 default:
1838 printf("Msg: %d\n", data[0]);
1839 vnc_client_error(vs);
1840 break;
1843 vnc_read_when(vs, protocol_client_msg, 1);
1844 return 0;
1847 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1849 char buf[1024];
1850 int size;
1852 vnc_write_u16(vs, ds_get_width(vs->ds));
1853 vnc_write_u16(vs, ds_get_height(vs->ds));
1855 pixel_format_message(vs);
1857 if (qemu_name)
1858 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1859 else
1860 size = snprintf(buf, sizeof(buf), "QEMU");
1862 vnc_write_u32(vs, size);
1863 vnc_write(vs, buf, size);
1864 vnc_flush(vs);
1866 vnc_read_when(vs, protocol_client_msg, 1);
1868 return 0;
1871 void start_client_init(VncState *vs)
1873 vnc_read_when(vs, protocol_client_init, 1);
1876 static void make_challenge(VncState *vs)
1878 int i;
1880 srand(time(NULL)+getpid()+getpid()*987654+rand());
1882 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1883 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1886 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1888 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1889 int i, j, pwlen;
1890 unsigned char key[8];
1892 if (!vs->vd->password || !vs->vd->password[0]) {
1893 VNC_DEBUG("No password configured on server");
1894 vnc_write_u32(vs, 1); /* Reject auth */
1895 if (vs->minor >= 8) {
1896 static const char err[] = "Authentication failed";
1897 vnc_write_u32(vs, sizeof(err));
1898 vnc_write(vs, err, sizeof(err));
1900 vnc_flush(vs);
1901 vnc_client_error(vs);
1902 return 0;
1905 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1907 /* Calculate the expected challenge response */
1908 pwlen = strlen(vs->vd->password);
1909 for (i=0; i<sizeof(key); i++)
1910 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1911 deskey(key, EN0);
1912 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1913 des(response+j, response+j);
1915 /* Compare expected vs actual challenge response */
1916 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1917 VNC_DEBUG("Client challenge reponse did not match\n");
1918 vnc_write_u32(vs, 1); /* Reject auth */
1919 if (vs->minor >= 8) {
1920 static const char err[] = "Authentication failed";
1921 vnc_write_u32(vs, sizeof(err));
1922 vnc_write(vs, err, sizeof(err));
1924 vnc_flush(vs);
1925 vnc_client_error(vs);
1926 } else {
1927 VNC_DEBUG("Accepting VNC challenge response\n");
1928 vnc_write_u32(vs, 0); /* Accept auth */
1929 vnc_flush(vs);
1931 start_client_init(vs);
1933 return 0;
1936 void start_auth_vnc(VncState *vs)
1938 make_challenge(vs);
1939 /* Send client a 'random' challenge */
1940 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1941 vnc_flush(vs);
1943 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1947 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1949 /* We only advertise 1 auth scheme at a time, so client
1950 * must pick the one we sent. Verify this */
1951 if (data[0] != vs->vd->auth) { /* Reject auth */
1952 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1953 vnc_write_u32(vs, 1);
1954 if (vs->minor >= 8) {
1955 static const char err[] = "Authentication failed";
1956 vnc_write_u32(vs, sizeof(err));
1957 vnc_write(vs, err, sizeof(err));
1959 vnc_client_error(vs);
1960 } else { /* Accept requested auth */
1961 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1962 switch (vs->vd->auth) {
1963 case VNC_AUTH_NONE:
1964 VNC_DEBUG("Accept auth none\n");
1965 if (vs->minor >= 8) {
1966 vnc_write_u32(vs, 0); /* Accept auth completion */
1967 vnc_flush(vs);
1969 start_client_init(vs);
1970 break;
1972 case VNC_AUTH_VNC:
1973 VNC_DEBUG("Start VNC auth\n");
1974 start_auth_vnc(vs);
1975 break;
1977 #ifdef CONFIG_VNC_TLS
1978 case VNC_AUTH_VENCRYPT:
1979 VNC_DEBUG("Accept VeNCrypt auth\n");;
1980 start_auth_vencrypt(vs);
1981 break;
1982 #endif /* CONFIG_VNC_TLS */
1984 #ifdef CONFIG_VNC_SASL
1985 case VNC_AUTH_SASL:
1986 VNC_DEBUG("Accept SASL auth\n");
1987 start_auth_sasl(vs);
1988 break;
1989 #endif /* CONFIG_VNC_SASL */
1991 default: /* Should not be possible, but just in case */
1992 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
1993 vnc_write_u8(vs, 1);
1994 if (vs->minor >= 8) {
1995 static const char err[] = "Authentication failed";
1996 vnc_write_u32(vs, sizeof(err));
1997 vnc_write(vs, err, sizeof(err));
1999 vnc_client_error(vs);
2002 return 0;
2005 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2007 char local[13];
2009 memcpy(local, version, 12);
2010 local[12] = 0;
2012 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2013 VNC_DEBUG("Malformed protocol version %s\n", local);
2014 vnc_client_error(vs);
2015 return 0;
2017 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2018 if (vs->major != 3 ||
2019 (vs->minor != 3 &&
2020 vs->minor != 4 &&
2021 vs->minor != 5 &&
2022 vs->minor != 7 &&
2023 vs->minor != 8)) {
2024 VNC_DEBUG("Unsupported client version\n");
2025 vnc_write_u32(vs, VNC_AUTH_INVALID);
2026 vnc_flush(vs);
2027 vnc_client_error(vs);
2028 return 0;
2030 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2031 * as equivalent to v3.3 by servers
2033 if (vs->minor == 4 || vs->minor == 5)
2034 vs->minor = 3;
2036 if (vs->minor == 3) {
2037 if (vs->vd->auth == VNC_AUTH_NONE) {
2038 VNC_DEBUG("Tell client auth none\n");
2039 vnc_write_u32(vs, vs->vd->auth);
2040 vnc_flush(vs);
2041 start_client_init(vs);
2042 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2043 VNC_DEBUG("Tell client VNC auth\n");
2044 vnc_write_u32(vs, vs->vd->auth);
2045 vnc_flush(vs);
2046 start_auth_vnc(vs);
2047 } else {
2048 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2049 vnc_write_u32(vs, VNC_AUTH_INVALID);
2050 vnc_flush(vs);
2051 vnc_client_error(vs);
2053 } else {
2054 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2055 vnc_write_u8(vs, 1); /* num auth */
2056 vnc_write_u8(vs, vs->vd->auth);
2057 vnc_read_when(vs, protocol_client_auth, 1);
2058 vnc_flush(vs);
2061 return 0;
2064 static int vnc_refresh_server_surface(VncDisplay *vd)
2066 int y;
2067 uint8_t *guest_row;
2068 uint8_t *server_row;
2069 int cmp_bytes;
2070 uint32_t width_mask[VNC_DIRTY_WORDS];
2071 VncState *vs = NULL;
2072 int has_dirty = 0;
2075 * Walk through the guest dirty map.
2076 * Check and copy modified bits from guest to server surface.
2077 * Update server dirty map.
2079 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2080 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2081 guest_row = vd->guest.ds->data;
2082 server_row = vd->server->data;
2083 for (y = 0; y < vd->guest.ds->height; y++) {
2084 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2085 int x;
2086 uint8_t *guest_ptr;
2087 uint8_t *server_ptr;
2089 guest_ptr = guest_row;
2090 server_ptr = server_row;
2092 for (x = 0; x < vd->guest.ds->width;
2093 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2094 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2095 continue;
2096 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2097 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2098 continue;
2099 memcpy(server_ptr, guest_ptr, cmp_bytes);
2100 vs = vd->clients;
2101 while (vs != NULL) {
2102 vnc_set_bit(vs->dirty[y], (x / 16));
2103 vs = vs->next;
2105 has_dirty++;
2108 guest_row += ds_get_linesize(vd->ds);
2109 server_row += ds_get_linesize(vd->ds);
2111 return has_dirty;
2114 static void vnc_refresh(void *opaque)
2116 VncDisplay *vd = opaque;
2117 VncState *vs = NULL;
2118 int has_dirty = 0, rects = 0;
2120 vga_hw_update();
2122 has_dirty = vnc_refresh_server_surface(vd);
2124 vs = vd->clients;
2125 while (vs != NULL) {
2126 rects += vnc_update_client(vs, has_dirty);
2127 vs = vs->next;
2130 if (has_dirty && rects) {
2131 vd->timer_interval /= 2;
2132 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2133 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2134 } else {
2135 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2136 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2137 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2139 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2142 static void vnc_init_timer(VncDisplay *vd)
2144 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2145 if (vd->timer == NULL && vd->clients != NULL) {
2146 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2147 vnc_refresh(vd);
2151 static void vnc_remove_timer(VncDisplay *vd)
2153 if (vd->timer != NULL && vd->clients == NULL) {
2154 qemu_del_timer(vd->timer);
2155 qemu_free_timer(vd->timer);
2156 vd->timer = NULL;
2160 static void vnc_connect(VncDisplay *vd, int csock)
2162 VncState *vs = qemu_mallocz(sizeof(VncState));
2163 vs->csock = csock;
2165 VNC_DEBUG("New client on socket %d\n", csock);
2166 dcl->idle = 0;
2167 socket_set_nonblock(vs->csock);
2168 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2170 vs->vd = vd;
2171 vs->ds = vd->ds;
2172 vs->last_x = -1;
2173 vs->last_y = -1;
2175 vs->as.freq = 44100;
2176 vs->as.nchannels = 2;
2177 vs->as.fmt = AUD_FMT_S16;
2178 vs->as.endianness = 0;
2180 vs->next = vd->clients;
2181 vd->clients = vs;
2183 vga_hw_update();
2185 vnc_write(vs, "RFB 003.008\n", 12);
2186 vnc_flush(vs);
2187 vnc_read_when(vs, protocol_version, 12);
2188 reset_keys(vs);
2190 vnc_init_timer(vd);
2192 /* vs might be free()ed here */
2195 static void vnc_listen_read(void *opaque)
2197 VncDisplay *vs = opaque;
2198 struct sockaddr_in addr;
2199 socklen_t addrlen = sizeof(addr);
2201 /* Catch-up */
2202 vga_hw_update();
2204 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2205 if (csock != -1) {
2206 vnc_connect(vs, csock);
2210 void vnc_display_init(DisplayState *ds)
2212 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2214 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2216 ds->opaque = vs;
2217 dcl->idle = 1;
2218 vnc_display = vs;
2220 vs->lsock = -1;
2222 vs->ds = ds;
2224 if (keyboard_layout)
2225 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2226 else
2227 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2229 if (!vs->kbd_layout)
2230 exit(1);
2232 dcl->dpy_copy = vnc_dpy_copy;
2233 dcl->dpy_update = vnc_dpy_update;
2234 dcl->dpy_resize = vnc_dpy_resize;
2235 dcl->dpy_setdata = vnc_dpy_setdata;
2236 register_displaychangelistener(ds, dcl);
2240 void vnc_display_close(DisplayState *ds)
2242 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2244 if (!vs)
2245 return;
2246 if (vs->display) {
2247 qemu_free(vs->display);
2248 vs->display = NULL;
2250 if (vs->lsock != -1) {
2251 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2252 close(vs->lsock);
2253 vs->lsock = -1;
2255 vs->auth = VNC_AUTH_INVALID;
2256 #ifdef CONFIG_VNC_TLS
2257 vs->subauth = VNC_AUTH_INVALID;
2258 vs->tls.x509verify = 0;
2259 #endif
2262 int vnc_display_password(DisplayState *ds, const char *password)
2264 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2266 if (vs->password) {
2267 qemu_free(vs->password);
2268 vs->password = NULL;
2270 if (password && password[0]) {
2271 if (!(vs->password = qemu_strdup(password)))
2272 return -1;
2275 return 0;
2278 char *vnc_display_local_addr(DisplayState *ds)
2280 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2282 return vnc_socket_local_addr("%s:%s", vs->lsock);
2285 int vnc_display_open(DisplayState *ds, const char *display)
2287 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2288 const char *options;
2289 int password = 0;
2290 int reverse = 0;
2291 int to_port = 0;
2292 #ifdef CONFIG_VNC_TLS
2293 int tls = 0, x509 = 0;
2294 #endif
2295 #ifdef CONFIG_VNC_SASL
2296 int sasl = 0;
2297 int saslErr;
2298 #endif
2299 int acl = 0;
2301 if (!vnc_display)
2302 return -1;
2303 vnc_display_close(ds);
2304 if (strcmp(display, "none") == 0)
2305 return 0;
2307 if (!(vs->display = strdup(display)))
2308 return -1;
2310 options = display;
2311 while ((options = strchr(options, ','))) {
2312 options++;
2313 if (strncmp(options, "password", 8) == 0) {
2314 password = 1; /* Require password auth */
2315 } else if (strncmp(options, "reverse", 7) == 0) {
2316 reverse = 1;
2317 } else if (strncmp(options, "to=", 3) == 0) {
2318 to_port = atoi(options+3) + 5900;
2319 #ifdef CONFIG_VNC_SASL
2320 } else if (strncmp(options, "sasl", 4) == 0) {
2321 sasl = 1; /* Require SASL auth */
2322 #endif
2323 #ifdef CONFIG_VNC_TLS
2324 } else if (strncmp(options, "tls", 3) == 0) {
2325 tls = 1; /* Require TLS */
2326 } else if (strncmp(options, "x509", 4) == 0) {
2327 char *start, *end;
2328 x509 = 1; /* Require x509 certificates */
2329 if (strncmp(options, "x509verify", 10) == 0)
2330 vs->tls.x509verify = 1; /* ...and verify client certs */
2332 /* Now check for 'x509=/some/path' postfix
2333 * and use that to setup x509 certificate/key paths */
2334 start = strchr(options, '=');
2335 end = strchr(options, ',');
2336 if (start && (!end || (start < end))) {
2337 int len = end ? end-(start+1) : strlen(start+1);
2338 char *path = qemu_strndup(start + 1, len);
2340 VNC_DEBUG("Trying certificate path '%s'\n", path);
2341 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2342 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2343 qemu_free(path);
2344 qemu_free(vs->display);
2345 vs->display = NULL;
2346 return -1;
2348 qemu_free(path);
2349 } else {
2350 fprintf(stderr, "No certificate path provided\n");
2351 qemu_free(vs->display);
2352 vs->display = NULL;
2353 return -1;
2355 #endif
2356 } else if (strncmp(options, "acl", 3) == 0) {
2357 acl = 1;
2361 #ifdef CONFIG_VNC_TLS
2362 if (acl && x509 && vs->tls.x509verify) {
2363 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2364 fprintf(stderr, "Failed to create x509 dname ACL\n");
2365 exit(1);
2368 #endif
2369 #ifdef CONFIG_VNC_SASL
2370 if (acl && sasl) {
2371 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2372 fprintf(stderr, "Failed to create username ACL\n");
2373 exit(1);
2376 #endif
2379 * Combinations we support here:
2381 * - no-auth (clear text, no auth)
2382 * - password (clear text, weak auth)
2383 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2384 * - tls (encrypt, weak anonymous creds, no auth)
2385 * - tls + password (encrypt, weak anonymous creds, weak auth)
2386 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2387 * - tls + x509 (encrypt, good x509 creds, no auth)
2388 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2389 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2391 * NB1. TLS is a stackable auth scheme.
2392 * NB2. the x509 schemes have option to validate a client cert dname
2394 if (password) {
2395 #ifdef CONFIG_VNC_TLS
2396 if (tls) {
2397 vs->auth = VNC_AUTH_VENCRYPT;
2398 if (x509) {
2399 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2400 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2401 } else {
2402 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2403 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2405 } else {
2406 #endif /* CONFIG_VNC_TLS */
2407 VNC_DEBUG("Initializing VNC server with password auth\n");
2408 vs->auth = VNC_AUTH_VNC;
2409 #ifdef CONFIG_VNC_TLS
2410 vs->subauth = VNC_AUTH_INVALID;
2412 #endif /* CONFIG_VNC_TLS */
2413 #ifdef CONFIG_VNC_SASL
2414 } else if (sasl) {
2415 #ifdef CONFIG_VNC_TLS
2416 if (tls) {
2417 vs->auth = VNC_AUTH_VENCRYPT;
2418 if (x509) {
2419 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2420 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2421 } else {
2422 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2423 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2425 } else {
2426 #endif /* CONFIG_VNC_TLS */
2427 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2428 vs->auth = VNC_AUTH_SASL;
2429 #ifdef CONFIG_VNC_TLS
2430 vs->subauth = VNC_AUTH_INVALID;
2432 #endif /* CONFIG_VNC_TLS */
2433 #endif /* CONFIG_VNC_SASL */
2434 } else {
2435 #ifdef CONFIG_VNC_TLS
2436 if (tls) {
2437 vs->auth = VNC_AUTH_VENCRYPT;
2438 if (x509) {
2439 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2440 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2441 } else {
2442 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2443 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2445 } else {
2446 #endif
2447 VNC_DEBUG("Initializing VNC server with no auth\n");
2448 vs->auth = VNC_AUTH_NONE;
2449 #ifdef CONFIG_VNC_TLS
2450 vs->subauth = VNC_AUTH_INVALID;
2452 #endif
2455 #ifdef CONFIG_VNC_SASL
2456 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2457 fprintf(stderr, "Failed to initialize SASL auth %s",
2458 sasl_errstring(saslErr, NULL, NULL));
2459 free(vs->display);
2460 vs->display = NULL;
2461 return -1;
2463 #endif
2465 if (reverse) {
2466 /* connect to viewer */
2467 if (strncmp(display, "unix:", 5) == 0)
2468 vs->lsock = unix_connect(display+5);
2469 else
2470 vs->lsock = inet_connect(display, SOCK_STREAM);
2471 if (-1 == vs->lsock) {
2472 free(vs->display);
2473 vs->display = NULL;
2474 return -1;
2475 } else {
2476 int csock = vs->lsock;
2477 vs->lsock = -1;
2478 vnc_connect(vs, csock);
2480 return 0;
2482 } else {
2483 /* listen for connects */
2484 char *dpy;
2485 dpy = qemu_malloc(256);
2486 if (strncmp(display, "unix:", 5) == 0) {
2487 pstrcpy(dpy, 256, "unix:");
2488 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2489 } else {
2490 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2492 if (-1 == vs->lsock) {
2493 free(dpy);
2494 return -1;
2495 } else {
2496 free(vs->display);
2497 vs->display = dpy;
2500 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);