2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
35 #include "vnc_keysym.h"
38 #define count_bits(c, v) { \
39 for (c = 0; v; v >>= 1) \
46 static VncDisplay
*vnc_display
; /* needed for info vnc */
47 static DisplayChangeListener
*dcl
;
49 static char *addr_to_string(const char *format
,
50 struct sockaddr_storage
*sa
,
53 char host
[NI_MAXHOST
];
54 char serv
[NI_MAXSERV
];
58 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
61 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
62 VNC_DEBUG("Cannot resolve address %d: %s\n",
63 err
, gai_strerror(err
));
67 /* Enough for the existing format + the 2 vars we're
69 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
70 addr
= qemu_malloc(addrlen
+ 1);
71 snprintf(addr
, addrlen
, format
, host
, serv
);
78 char *vnc_socket_local_addr(const char *format
, int fd
) {
79 struct sockaddr_storage sa
;
83 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
86 return addr_to_string(format
, &sa
, salen
);
89 char *vnc_socket_remote_addr(const char *format
, int fd
) {
90 struct sockaddr_storage sa
;
94 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
97 return addr_to_string(format
, &sa
, salen
);
100 static const char *vnc_auth_name(VncDisplay
*vd
) {
102 case VNC_AUTH_INVALID
:
118 case VNC_AUTH_VENCRYPT
:
119 #ifdef CONFIG_VNC_TLS
120 switch (vd
->subauth
) {
121 case VNC_AUTH_VENCRYPT_PLAIN
:
122 return "vencrypt+plain";
123 case VNC_AUTH_VENCRYPT_TLSNONE
:
124 return "vencrypt+tls+none";
125 case VNC_AUTH_VENCRYPT_TLSVNC
:
126 return "vencrypt+tls+vnc";
127 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
128 return "vencrypt+tls+plain";
129 case VNC_AUTH_VENCRYPT_X509NONE
:
130 return "vencrypt+x509+none";
131 case VNC_AUTH_VENCRYPT_X509VNC
:
132 return "vencrypt+x509+vnc";
133 case VNC_AUTH_VENCRYPT_X509PLAIN
:
134 return "vencrypt+x509+plain";
135 case VNC_AUTH_VENCRYPT_TLSSASL
:
136 return "vencrypt+tls+sasl";
137 case VNC_AUTH_VENCRYPT_X509SASL
:
138 return "vencrypt+x509+sasl";
151 static void do_info_vnc_client(Monitor
*mon
, VncState
*client
)
154 vnc_socket_remote_addr(" address: %s:%s\n",
159 monitor_printf(mon
, "Client:\n");
160 monitor_printf(mon
, "%s", clientAddr
);
163 #ifdef CONFIG_VNC_TLS
164 if (client
->tls
.session
&&
166 monitor_printf(mon
, " x509 dname: %s\n", client
->tls
.dname
);
168 monitor_printf(mon
, " x509 dname: none\n");
170 #ifdef CONFIG_VNC_SASL
171 if (client
->sasl
.conn
&&
172 client
->sasl
.username
)
173 monitor_printf(mon
, " username: %s\n", client
->sasl
.username
);
175 monitor_printf(mon
, " username: none\n");
179 void do_info_vnc(Monitor
*mon
)
181 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
182 monitor_printf(mon
, "Server: disabled\n");
184 char *serverAddr
= vnc_socket_local_addr(" address: %s:%s\n",
190 monitor_printf(mon
, "Server:\n");
191 monitor_printf(mon
, "%s", serverAddr
);
193 monitor_printf(mon
, " auth: %s\n", vnc_auth_name(vnc_display
));
195 if (vnc_display
->clients
) {
196 VncState
*client
= vnc_display
->clients
;
198 do_info_vnc_client(mon
, client
);
199 client
= client
->next
;
202 monitor_printf(mon
, "Client: none\n");
207 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
208 return (vs
->features
& (1 << feature
));
212 1) Get the queue working for IO.
213 2) there is some weirdness when using the -S option (the screen is grey
214 and not totally invalidated
215 3) resolutions > 1024
218 static void vnc_update_client(void *opaque
);
219 static void vnc_disconnect_start(VncState
*vs
);
220 static void vnc_disconnect_finish(VncState
*vs
);
222 static void vnc_colordepth(VncState
*vs
);
224 static inline void vnc_set_bit(uint32_t *d
, int k
)
226 d
[k
>> 5] |= 1 << (k
& 0x1f);
229 static inline void vnc_clear_bit(uint32_t *d
, int k
)
231 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
234 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
244 d
[j
++] = (1 << n
) - 1;
249 static inline int vnc_get_bit(const uint32_t *d
, int k
)
251 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
254 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
258 for(i
= 0; i
< nb_words
; i
++) {
259 if ((d1
[i
] & d2
[i
]) != 0)
265 static void vnc_update(VncState
*vs
, int x
, int y
, int w
, int h
)
267 struct VncSurface
*s
= &vs
->guest
;
272 /* round x down to ensure the loop only spans one 16-pixel block per,
273 iteration. otherwise, if (x % 16) != 0, the last iteration may span
274 two 16-pixel blocks but we only mark the first as dirty
279 x
= MIN(x
, s
->ds
->width
);
280 y
= MIN(y
, s
->ds
->height
);
281 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
282 h
= MIN(h
, s
->ds
->height
);
285 for (i
= 0; i
< w
; i
+= 16)
286 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
289 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
291 VncDisplay
*vd
= ds
->opaque
;
292 VncState
*vs
= vd
->clients
;
294 vnc_update(vs
, x
, y
, w
, h
);
299 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
302 vnc_write_u16(vs
, x
);
303 vnc_write_u16(vs
, y
);
304 vnc_write_u16(vs
, w
);
305 vnc_write_u16(vs
, h
);
307 vnc_write_s32(vs
, encoding
);
310 void buffer_reserve(Buffer
*buffer
, size_t len
)
312 if ((buffer
->capacity
- buffer
->offset
) < len
) {
313 buffer
->capacity
+= (len
+ 1024);
314 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
315 if (buffer
->buffer
== NULL
) {
316 fprintf(stderr
, "vnc: out of memory\n");
322 int buffer_empty(Buffer
*buffer
)
324 return buffer
->offset
== 0;
327 uint8_t *buffer_end(Buffer
*buffer
)
329 return buffer
->buffer
+ buffer
->offset
;
332 void buffer_reset(Buffer
*buffer
)
337 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
339 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
340 buffer
->offset
+= len
;
343 static void vnc_resize(VncState
*vs
)
345 DisplayState
*ds
= vs
->ds
;
350 vs
->guest
.ds
= qemu_mallocz(sizeof(*vs
->guest
.ds
));
351 if (ds_get_bytes_per_pixel(ds
) != vs
->guest
.ds
->pf
.bytes_per_pixel
)
352 console_color_init(ds
);
354 size_changed
= ds_get_width(ds
) != vs
->guest
.ds
->width
||
355 ds_get_height(ds
) != vs
->guest
.ds
->height
;
356 *(vs
->guest
.ds
) = *(ds
->surface
);
358 if (vs
->csock
!= -1 && vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
359 vnc_write_u8(vs
, 0); /* msg id */
361 vnc_write_u16(vs
, 1); /* number of rects */
362 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
),
363 VNC_ENCODING_DESKTOPRESIZE
);
367 memset(vs
->guest
.dirty
, 0xFF, sizeof(vs
->guest
.dirty
));
371 vs
->server
.ds
= qemu_mallocz(sizeof(*vs
->server
.ds
));
372 if (vs
->server
.ds
->data
)
373 qemu_free(vs
->server
.ds
->data
);
374 *(vs
->server
.ds
) = *(ds
->surface
);
375 vs
->server
.ds
->data
= qemu_mallocz(vs
->server
.ds
->linesize
*
376 vs
->server
.ds
->height
);
377 memset(vs
->server
.dirty
, 0xFF, sizeof(vs
->guest
.dirty
));
380 static void vnc_dpy_resize(DisplayState
*ds
)
382 VncDisplay
*vd
= ds
->opaque
;
383 VncState
*vs
= vd
->clients
;
391 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
393 vnc_write(vs
, pixels
, size
);
396 /* slowest but generic code. */
397 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
401 r
= ((((v
& vs
->server
.ds
->pf
.rmask
) >> vs
->server
.ds
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
402 vs
->server
.ds
->pf
.rbits
);
403 g
= ((((v
& vs
->server
.ds
->pf
.gmask
) >> vs
->server
.ds
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
404 vs
->server
.ds
->pf
.gbits
);
405 b
= ((((v
& vs
->server
.ds
->pf
.bmask
) >> vs
->server
.ds
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
406 vs
->server
.ds
->pf
.bbits
);
407 v
= (r
<< vs
->clientds
.pf
.rshift
) |
408 (g
<< vs
->clientds
.pf
.gshift
) |
409 (b
<< vs
->clientds
.pf
.bshift
);
410 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
415 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
425 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
440 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
444 if (vs
->server
.ds
->pf
.bytes_per_pixel
== 4) {
445 uint32_t *pixels
= pixels1
;
448 for(i
= 0; i
< n
; i
++) {
449 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
450 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
452 } else if (vs
->server
.ds
->pf
.bytes_per_pixel
== 2) {
453 uint16_t *pixels
= pixels1
;
456 for(i
= 0; i
< n
; i
++) {
457 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
458 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
460 } else if (vs
->server
.ds
->pf
.bytes_per_pixel
== 1) {
461 uint8_t *pixels
= pixels1
;
464 for(i
= 0; i
< n
; i
++) {
465 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
466 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
469 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
473 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
478 row
= vs
->server
.ds
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
479 for (i
= 0; i
< h
; i
++) {
480 vs
->write_pixels(vs
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
481 row
+= ds_get_linesize(vs
->ds
);
485 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
487 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
488 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
492 #include "vnchextile.h"
496 #include "vnchextile.h"
500 #include "vnchextile.h"
505 #include "vnchextile.h"
511 #include "vnchextile.h"
517 #include "vnchextile.h"
521 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
525 uint8_t *last_fg
, *last_bg
;
527 last_fg
= (uint8_t *) qemu_malloc(vs
->server
.ds
->pf
.bytes_per_pixel
);
528 last_bg
= (uint8_t *) qemu_malloc(vs
->server
.ds
->pf
.bytes_per_pixel
);
530 for (j
= y
; j
< (y
+ h
); j
+= 16) {
531 for (i
= x
; i
< (x
+ w
); i
+= 16) {
532 vs
->send_hextile_tile(vs
, i
, j
,
533 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
534 last_bg
, last_fg
, &has_bg
, &has_fg
);
542 static void vnc_zlib_init(VncState
*vs
)
545 for (i
=0; i
<(sizeof(vs
->zlib_stream
) / sizeof(z_stream
)); i
++)
546 vs
->zlib_stream
[i
].opaque
= NULL
;
549 static void vnc_zlib_start(VncState
*vs
)
551 buffer_reset(&vs
->zlib
);
553 // make the output buffer be the zlib buffer, so we can compress it later
554 vs
->zlib_tmp
= vs
->output
;
555 vs
->output
= vs
->zlib
;
558 static int vnc_zlib_stop(VncState
*vs
, int stream_id
)
560 z_streamp zstream
= &vs
->zlib_stream
[stream_id
];
563 // switch back to normal output/zlib buffers
564 vs
->zlib
= vs
->output
;
565 vs
->output
= vs
->zlib_tmp
;
567 // compress the zlib buffer
569 // initialize the stream
570 // XXX need one stream per session
571 if (zstream
->opaque
!= vs
) {
574 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id
);
575 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream
->opaque
, vs
);
576 zstream
->zalloc
= Z_NULL
;
577 zstream
->zfree
= Z_NULL
;
579 err
= deflateInit2(zstream
, vs
->tight_compression
, Z_DEFLATED
, MAX_WBITS
,
580 MAX_MEM_LEVEL
, Z_DEFAULT_STRATEGY
);
583 fprintf(stderr
, "VNC: error initializing zlib\n");
587 zstream
->opaque
= vs
;
590 // XXX what to do if tight_compression changed in between?
592 // reserve memory in output buffer
593 buffer_reserve(&vs
->output
, vs
->zlib
.offset
+ 64);
596 zstream
->next_in
= vs
->zlib
.buffer
;
597 zstream
->avail_in
= vs
->zlib
.offset
;
598 zstream
->next_out
= vs
->output
.buffer
+ vs
->output
.offset
;
599 zstream
->avail_out
= vs
->output
.capacity
- vs
->output
.offset
;
600 zstream
->data_type
= Z_BINARY
;
601 previous_out
= zstream
->total_out
;
604 if (deflate(zstream
, Z_SYNC_FLUSH
) != Z_OK
) {
605 fprintf(stderr
, "VNC: error during zlib compression\n");
609 vs
->output
.offset
= vs
->output
.capacity
- zstream
->avail_out
;
610 return zstream
->total_out
- previous_out
;
613 static void send_framebuffer_update_zlib(VncState
*vs
, int x
, int y
, int w
, int h
)
615 int old_offset
, new_offset
, bytes_written
;
617 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_ZLIB
);
619 // remember where we put in the follow-up size
620 old_offset
= vs
->output
.offset
;
621 vnc_write_s32(vs
, 0);
623 // compress the stream
625 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
626 bytes_written
= vnc_zlib_stop(vs
, 0);
628 if (bytes_written
== -1)
632 new_offset
= vs
->output
.offset
;
633 vs
->output
.offset
= old_offset
;
634 vnc_write_u32(vs
, bytes_written
);
635 vs
->output
.offset
= new_offset
;
638 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
640 switch(vs
->vnc_encoding
) {
641 case VNC_ENCODING_ZLIB
:
642 send_framebuffer_update_zlib(vs
, x
, y
, w
, h
);
644 case VNC_ENCODING_HEXTILE
:
645 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
646 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
649 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
650 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
655 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
657 vnc_write_u8(vs
, 0); /* msg id */
659 vnc_write_u16(vs
, 1); /* number of rects */
660 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
661 vnc_write_u16(vs
, src_x
);
662 vnc_write_u16(vs
, src_y
);
666 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
668 VncDisplay
*vd
= ds
->opaque
;
671 for (vs
= vd
->clients
; vs
!= NULL
; vs
= vn
) {
673 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
674 vs
->force_update
= 1;
675 vnc_update_client(vs
);
676 /* vs might be free()ed here */
680 for (vs
= vd
->clients
; vs
!= NULL
; vs
= vs
->next
) {
681 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
))
682 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
684 vnc_update(vs
, dst_x
, dst_y
, w
, h
);
688 static int find_and_clear_dirty_height(struct VncSurface
*s
,
689 int y
, int last_x
, int x
)
693 for (h
= 1; h
< (s
->ds
->height
- y
); h
++) {
695 if (!vnc_get_bit(s
->dirty
[y
+ h
], last_x
))
697 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
698 vnc_clear_bit(s
->dirty
[y
+ h
], tmp_x
);
704 static void vnc_update_client(void *opaque
)
706 VncState
*vs
= opaque
;
707 if (vs
->need_update
&& vs
->csock
!= -1) {
712 uint32_t width_mask
[VNC_DIRTY_WORDS
];
717 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
) {
718 /* kernel send buffers are full -> drop frames to throttle */
719 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
726 * Walk through the guest dirty map.
727 * Check and copy modified bits from guest to server surface.
728 * Update server dirty map.
730 vnc_set_bits(width_mask
, (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
731 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vs
->ds
);
732 guest_row
= vs
->guest
.ds
->data
;
733 server_row
= vs
->server
.ds
->data
;
734 for (y
= 0; y
< vs
->guest
.ds
->height
; y
++) {
735 if (vnc_and_bits(vs
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
740 guest_ptr
= guest_row
;
741 server_ptr
= server_row
;
743 for (x
= 0; x
< vs
->guest
.ds
->width
;
744 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
745 if (!vnc_get_bit(vs
->guest
.dirty
[y
], (x
/ 16)))
747 vnc_clear_bit(vs
->guest
.dirty
[y
], (x
/ 16));
748 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
750 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
751 vnc_set_bit(vs
->server
.dirty
[y
], (x
/ 16));
755 guest_row
+= ds_get_linesize(vs
->ds
);
756 server_row
+= ds_get_linesize(vs
->ds
);
759 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
) {
760 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
765 * Send screen updates to the vnc client using the server
766 * surface and server dirty map. guest surface updates
767 * happening in parallel don't disturb us, the next pass will
768 * send them to the client.
771 vnc_write_u8(vs
, 0); /* msg id */
773 saved_offset
= vs
->output
.offset
;
774 vnc_write_u16(vs
, 0);
776 for (y
= 0; y
< vs
->server
.ds
->height
; y
++) {
779 for (x
= 0; x
< vs
->server
.ds
->width
/ 16; x
++) {
780 if (vnc_get_bit(vs
->server
.dirty
[y
], x
)) {
784 vnc_clear_bit(vs
->server
.dirty
[y
], x
);
787 int h
= find_and_clear_dirty_height(&vs
->server
, y
, last_x
, x
);
788 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
795 int h
= find_and_clear_dirty_height(&vs
->server
, y
, last_x
, x
);
796 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
800 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
801 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
803 vs
->force_update
= 0;
807 if (vs
->csock
!= -1) {
808 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
810 vnc_disconnect_finish(vs
);
816 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
818 VncState
*vs
= opaque
;
821 case AUD_CNOTIFY_DISABLE
:
822 vnc_write_u8(vs
, 255);
824 vnc_write_u16(vs
, 0);
828 case AUD_CNOTIFY_ENABLE
:
829 vnc_write_u8(vs
, 255);
831 vnc_write_u16(vs
, 1);
837 static void audio_capture_destroy(void *opaque
)
841 static void audio_capture(void *opaque
, void *buf
, int size
)
843 VncState
*vs
= opaque
;
845 vnc_write_u8(vs
, 255);
847 vnc_write_u16(vs
, 2);
848 vnc_write_u32(vs
, size
);
849 vnc_write(vs
, buf
, size
);
853 static void audio_add(VncState
*vs
)
855 Monitor
*mon
= cur_mon
;
856 struct audio_capture_ops ops
;
859 monitor_printf(mon
, "audio already running\n");
863 ops
.notify
= audio_capture_notify
;
864 ops
.destroy
= audio_capture_destroy
;
865 ops
.capture
= audio_capture
;
867 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
868 if (!vs
->audio_cap
) {
869 monitor_printf(mon
, "Failed to add audio capture\n");
873 static void audio_del(VncState
*vs
)
876 AUD_del_capture(vs
->audio_cap
, vs
);
877 vs
->audio_cap
= NULL
;
881 static void vnc_disconnect_start(VncState
*vs
)
885 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
886 closesocket(vs
->csock
);
890 static void vnc_disconnect_finish(VncState
*vs
)
892 qemu_del_timer(vs
->timer
);
893 qemu_free_timer(vs
->timer
);
894 if (vs
->input
.buffer
) qemu_free(vs
->input
.buffer
);
895 if (vs
->output
.buffer
) qemu_free(vs
->output
.buffer
);
896 #ifdef CONFIG_VNC_TLS
897 vnc_tls_client_cleanup(vs
);
898 #endif /* CONFIG_VNC_TLS */
899 #ifdef CONFIG_VNC_SASL
900 vnc_sasl_client_cleanup(vs
);
901 #endif /* CONFIG_VNC_SASL */
904 VncState
*p
, *parent
= NULL
;
905 for (p
= vs
->vd
->clients
; p
!= NULL
; p
= p
->next
) {
908 parent
->next
= p
->next
;
910 vs
->vd
->clients
= p
->next
;
915 if (!vs
->vd
->clients
)
918 qemu_free(vs
->server
.ds
->data
);
919 qemu_free(vs
->server
.ds
);
920 qemu_free(vs
->guest
.ds
);
924 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
926 if (ret
== 0 || ret
== -1) {
928 switch (last_errno
) {
940 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
941 ret
, ret
< 0 ? last_errno
: 0);
942 vnc_disconnect_start(vs
);
950 void vnc_client_error(VncState
*vs
)
952 VNC_DEBUG("Closing down client sock: protocol error\n");
953 vnc_disconnect_start(vs
);
958 * Called to write a chunk of data to the client socket. The data may
959 * be the raw data, or may have already been encoded by SASL.
960 * The data will be written either straight onto the socket, or
961 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
963 * NB, it is theoretically possible to have 2 layers of encryption,
964 * both SASL, and this TLS layer. It is highly unlikely in practice
965 * though, since SASL encryption will typically be a no-op if TLS
968 * Returns the number of bytes written, which may be less than
969 * the requested 'datalen' if the socket would block. Returns
970 * -1 on error, and disconnects the client socket.
972 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
975 #ifdef CONFIG_VNC_TLS
976 if (vs
->tls
.session
) {
977 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
979 if (ret
== GNUTLS_E_AGAIN
)
986 #endif /* CONFIG_VNC_TLS */
987 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
988 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
989 return vnc_client_io_error(vs
, ret
, socket_error());
994 * Called to write buffered data to the client socket, when not
995 * using any SASL SSF encryption layers. Will write as much data
996 * as possible without blocking. If all buffered data is written,
997 * will switch the FD poll() handler back to read monitoring.
999 * Returns the number of bytes written, which may be less than
1000 * the buffered output data if the socket would block. Returns
1001 * -1 on error, and disconnects the client socket.
1003 static long vnc_client_write_plain(VncState
*vs
)
1007 #ifdef CONFIG_VNC_SASL
1008 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1009 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1010 vs
->sasl
.waitWriteSSF
);
1012 if (vs
->sasl
.conn
&&
1014 vs
->sasl
.waitWriteSSF
) {
1015 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1017 vs
->sasl
.waitWriteSSF
-= ret
;
1019 #endif /* CONFIG_VNC_SASL */
1020 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1024 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1025 vs
->output
.offset
-= ret
;
1027 if (vs
->output
.offset
== 0) {
1028 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1036 * First function called whenever there is data to be written to
1037 * the client socket. Will delegate actual work according to whether
1038 * SASL SSF layers are enabled (thus requiring encryption calls)
1040 void vnc_client_write(void *opaque
)
1043 VncState
*vs
= opaque
;
1045 #ifdef CONFIG_VNC_SASL
1046 if (vs
->sasl
.conn
&&
1048 !vs
->sasl
.waitWriteSSF
)
1049 ret
= vnc_client_write_sasl(vs
);
1051 #endif /* CONFIG_VNC_SASL */
1052 ret
= vnc_client_write_plain(vs
);
1055 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1057 vs
->read_handler
= func
;
1058 vs
->read_handler_expect
= expecting
;
1063 * Called to read a chunk of data from the client socket. The data may
1064 * be the raw data, or may need to be further decoded by SASL.
1065 * The data will be read either straight from to the socket, or
1066 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1068 * NB, it is theoretically possible to have 2 layers of encryption,
1069 * both SASL, and this TLS layer. It is highly unlikely in practice
1070 * though, since SASL encryption will typically be a no-op if TLS
1073 * Returns the number of bytes read, which may be less than
1074 * the requested 'datalen' if the socket would block. Returns
1075 * -1 on error, and disconnects the client socket.
1077 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1080 #ifdef CONFIG_VNC_TLS
1081 if (vs
->tls
.session
) {
1082 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1084 if (ret
== GNUTLS_E_AGAIN
)
1091 #endif /* CONFIG_VNC_TLS */
1092 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1093 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1094 return vnc_client_io_error(vs
, ret
, socket_error());
1099 * Called to read data from the client socket to the input buffer,
1100 * when not using any SASL SSF encryption layers. Will read as much
1101 * data as possible without blocking.
1103 * Returns the number of bytes read. Returns -1 on error, and
1104 * disconnects the client socket.
1106 static long vnc_client_read_plain(VncState
*vs
)
1109 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1110 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1111 buffer_reserve(&vs
->input
, 4096);
1112 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1115 vs
->input
.offset
+= ret
;
1121 * First function called whenever there is more data to be read from
1122 * the client socket. Will delegate actual work according to whether
1123 * SASL SSF layers are enabled (thus requiring decryption calls)
1125 void vnc_client_read(void *opaque
)
1127 VncState
*vs
= opaque
;
1130 #ifdef CONFIG_VNC_SASL
1131 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1132 ret
= vnc_client_read_sasl(vs
);
1134 #endif /* CONFIG_VNC_SASL */
1135 ret
= vnc_client_read_plain(vs
);
1137 if (vs
->csock
== -1)
1138 vnc_disconnect_finish(vs
);
1142 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1143 size_t len
= vs
->read_handler_expect
;
1146 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1147 if (vs
->csock
== -1) {
1148 vnc_disconnect_finish(vs
);
1153 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1154 vs
->input
.offset
-= len
;
1156 vs
->read_handler_expect
= ret
;
1161 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1163 buffer_reserve(&vs
->output
, len
);
1165 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1166 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1169 buffer_append(&vs
->output
, data
, len
);
1172 void vnc_write_s32(VncState
*vs
, int32_t value
)
1174 vnc_write_u32(vs
, *(uint32_t *)&value
);
1177 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1181 buf
[0] = (value
>> 24) & 0xFF;
1182 buf
[1] = (value
>> 16) & 0xFF;
1183 buf
[2] = (value
>> 8) & 0xFF;
1184 buf
[3] = value
& 0xFF;
1186 vnc_write(vs
, buf
, 4);
1189 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1193 buf
[0] = (value
>> 8) & 0xFF;
1194 buf
[1] = value
& 0xFF;
1196 vnc_write(vs
, buf
, 2);
1199 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1201 vnc_write(vs
, (char *)&value
, 1);
1204 void vnc_flush(VncState
*vs
)
1206 if (vs
->csock
!= -1 && vs
->output
.offset
)
1207 vnc_client_write(vs
);
1210 uint8_t read_u8(uint8_t *data
, size_t offset
)
1212 return data
[offset
];
1215 uint16_t read_u16(uint8_t *data
, size_t offset
)
1217 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1220 int32_t read_s32(uint8_t *data
, size_t offset
)
1222 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1223 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1226 uint32_t read_u32(uint8_t *data
, size_t offset
)
1228 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1229 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1232 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1236 static void check_pointer_type_change(VncState
*vs
, int absolute
)
1238 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1239 vnc_write_u8(vs
, 0);
1240 vnc_write_u8(vs
, 0);
1241 vnc_write_u16(vs
, 1);
1242 vnc_framebuffer_update(vs
, absolute
, 0,
1243 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1244 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1247 vs
->absolute
= absolute
;
1250 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1255 if (button_mask
& 0x01)
1256 buttons
|= MOUSE_EVENT_LBUTTON
;
1257 if (button_mask
& 0x02)
1258 buttons
|= MOUSE_EVENT_MBUTTON
;
1259 if (button_mask
& 0x04)
1260 buttons
|= MOUSE_EVENT_RBUTTON
;
1261 if (button_mask
& 0x08)
1263 if (button_mask
& 0x10)
1267 kbd_mouse_event(x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1),
1268 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1),
1270 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1274 kbd_mouse_event(x
, y
, dz
, buttons
);
1276 if (vs
->last_x
!= -1)
1277 kbd_mouse_event(x
- vs
->last_x
,
1284 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1287 static void reset_keys(VncState
*vs
)
1290 for(i
= 0; i
< 256; i
++) {
1291 if (vs
->modifiers_state
[i
]) {
1293 kbd_put_keycode(0xe0);
1294 kbd_put_keycode(i
| 0x80);
1295 vs
->modifiers_state
[i
] = 0;
1300 static void press_key(VncState
*vs
, int keysym
)
1302 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & 0x7f);
1303 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) | 0x80);
1306 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1308 /* QEMU console switch */
1310 case 0x2a: /* Left Shift */
1311 case 0x36: /* Right Shift */
1312 case 0x1d: /* Left CTRL */
1313 case 0x9d: /* Right CTRL */
1314 case 0x38: /* Left ALT */
1315 case 0xb8: /* Right ALT */
1317 vs
->modifiers_state
[keycode
] = 1;
1319 vs
->modifiers_state
[keycode
] = 0;
1321 case 0x02 ... 0x0a: /* '1' to '9' keys */
1322 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1323 /* Reset the modifiers sent to the current console */
1325 console_select(keycode
- 0x02);
1329 case 0x3a: /* CapsLock */
1330 case 0x45: /* NumLock */
1332 vs
->modifiers_state
[keycode
] ^= 1;
1336 if (keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1337 /* If the numlock state needs to change then simulate an additional
1338 keypress before sending this one. This will happen if the user
1339 toggles numlock away from the VNC window.
1341 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1342 if (!vs
->modifiers_state
[0x45]) {
1343 vs
->modifiers_state
[0x45] = 1;
1344 press_key(vs
, 0xff7f);
1347 if (vs
->modifiers_state
[0x45]) {
1348 vs
->modifiers_state
[0x45] = 0;
1349 press_key(vs
, 0xff7f);
1354 if (is_graphic_console()) {
1356 kbd_put_keycode(0xe0);
1358 kbd_put_keycode(keycode
& 0x7f);
1360 kbd_put_keycode(keycode
| 0x80);
1362 /* QEMU console emulation */
1365 case 0x2a: /* Left Shift */
1366 case 0x36: /* Right Shift */
1367 case 0x1d: /* Left CTRL */
1368 case 0x9d: /* Right CTRL */
1369 case 0x38: /* Left ALT */
1370 case 0xb8: /* Right ALT */
1374 kbd_put_keysym(QEMU_KEY_UP
);
1378 kbd_put_keysym(QEMU_KEY_DOWN
);
1382 kbd_put_keysym(QEMU_KEY_LEFT
);
1386 kbd_put_keysym(QEMU_KEY_RIGHT
);
1390 kbd_put_keysym(QEMU_KEY_DELETE
);
1394 kbd_put_keysym(QEMU_KEY_HOME
);
1398 kbd_put_keysym(QEMU_KEY_END
);
1402 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1406 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1409 kbd_put_keysym(sym
);
1416 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1420 if (sym
>= 'A' && sym
<= 'Z' && is_graphic_console())
1421 sym
= sym
- 'A' + 'a';
1423 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, sym
& 0xFFFF);
1424 do_key_event(vs
, down
, keycode
, sym
);
1427 static void ext_key_event(VncState
*vs
, int down
,
1428 uint32_t sym
, uint16_t keycode
)
1430 /* if the user specifies a keyboard layout, always use it */
1431 if (keyboard_layout
)
1432 key_event(vs
, down
, sym
);
1434 do_key_event(vs
, down
, keycode
, sym
);
1437 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1438 int x_position
, int y_position
,
1441 if (x_position
> ds_get_width(vs
->ds
))
1442 x_position
= ds_get_width(vs
->ds
);
1443 if (y_position
> ds_get_height(vs
->ds
))
1444 y_position
= ds_get_height(vs
->ds
);
1445 if (x_position
+ w
>= ds_get_width(vs
->ds
))
1446 w
= ds_get_width(vs
->ds
) - x_position
;
1447 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1448 h
= ds_get_height(vs
->ds
) - y_position
;
1451 vs
->need_update
= 1;
1453 vs
->force_update
= 1;
1454 for (i
= 0; i
< h
; i
++) {
1455 vnc_set_bits(vs
->guest
.dirty
[y_position
+ i
],
1456 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1457 vnc_set_bits(vs
->server
.dirty
[y_position
+ i
],
1458 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1463 static void send_ext_key_event_ack(VncState
*vs
)
1465 vnc_write_u8(vs
, 0);
1466 vnc_write_u8(vs
, 0);
1467 vnc_write_u16(vs
, 1);
1468 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1469 VNC_ENCODING_EXT_KEY_EVENT
);
1473 static void send_ext_audio_ack(VncState
*vs
)
1475 vnc_write_u8(vs
, 0);
1476 vnc_write_u8(vs
, 0);
1477 vnc_write_u16(vs
, 1);
1478 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1479 VNC_ENCODING_AUDIO
);
1483 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1486 unsigned int enc
= 0;
1490 vs
->vnc_encoding
= 0;
1491 vs
->tight_compression
= 9;
1492 vs
->tight_quality
= 9;
1495 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1498 case VNC_ENCODING_RAW
:
1499 vs
->vnc_encoding
= enc
;
1501 case VNC_ENCODING_COPYRECT
:
1502 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1504 case VNC_ENCODING_HEXTILE
:
1505 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1506 vs
->vnc_encoding
= enc
;
1508 case VNC_ENCODING_ZLIB
:
1509 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1510 vs
->vnc_encoding
= enc
;
1512 case VNC_ENCODING_DESKTOPRESIZE
:
1513 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1515 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1516 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1518 case VNC_ENCODING_EXT_KEY_EVENT
:
1519 send_ext_key_event_ack(vs
);
1521 case VNC_ENCODING_AUDIO
:
1522 send_ext_audio_ack(vs
);
1524 case VNC_ENCODING_WMVi
:
1525 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1527 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1528 vs
->tight_compression
= (enc
& 0x0F);
1530 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1531 vs
->tight_quality
= (enc
& 0x0F);
1534 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1539 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1542 static void set_pixel_conversion(VncState
*vs
)
1544 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1545 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1546 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1547 vs
->write_pixels
= vnc_write_pixels_copy
;
1548 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1550 vs
->send_hextile_tile
= send_hextile_tile_8
;
1553 vs
->send_hextile_tile
= send_hextile_tile_16
;
1556 vs
->send_hextile_tile
= send_hextile_tile_32
;
1560 vs
->write_pixels
= vnc_write_pixels_generic
;
1561 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1563 vs
->send_hextile_tile
= send_hextile_tile_generic_8
;
1566 vs
->send_hextile_tile
= send_hextile_tile_generic_16
;
1569 vs
->send_hextile_tile
= send_hextile_tile_generic_32
;
1575 static void set_pixel_format(VncState
*vs
,
1576 int bits_per_pixel
, int depth
,
1577 int big_endian_flag
, int true_color_flag
,
1578 int red_max
, int green_max
, int blue_max
,
1579 int red_shift
, int green_shift
, int blue_shift
)
1581 if (!true_color_flag
) {
1582 vnc_client_error(vs
);
1586 vs
->clientds
= *(vs
->guest
.ds
);
1587 vs
->clientds
.pf
.rmax
= red_max
;
1588 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1589 vs
->clientds
.pf
.rshift
= red_shift
;
1590 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1591 vs
->clientds
.pf
.gmax
= green_max
;
1592 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1593 vs
->clientds
.pf
.gshift
= green_shift
;
1594 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1595 vs
->clientds
.pf
.bmax
= blue_max
;
1596 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1597 vs
->clientds
.pf
.bshift
= blue_shift
;
1598 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1599 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1600 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1601 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1602 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1604 set_pixel_conversion(vs
);
1606 vga_hw_invalidate();
1610 static void pixel_format_message (VncState
*vs
) {
1611 char pad
[3] = { 0, 0, 0 };
1613 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1614 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1616 #ifdef WORDS_BIGENDIAN
1617 vnc_write_u8(vs
, 1); /* big-endian-flag */
1619 vnc_write_u8(vs
, 0); /* big-endian-flag */
1621 vnc_write_u8(vs
, 1); /* true-color-flag */
1622 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1623 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1624 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1625 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1626 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1627 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1628 if (vs
->ds
->surface
->pf
.bits_per_pixel
== 32)
1629 vs
->send_hextile_tile
= send_hextile_tile_32
;
1630 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 16)
1631 vs
->send_hextile_tile
= send_hextile_tile_16
;
1632 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 8)
1633 vs
->send_hextile_tile
= send_hextile_tile_8
;
1634 vs
->clientds
= *(vs
->ds
->surface
);
1635 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1636 vs
->write_pixels
= vnc_write_pixels_copy
;
1638 vnc_write(vs
, pad
, 3); /* padding */
1641 static void vnc_dpy_setdata(DisplayState
*ds
)
1643 /* We don't have to do anything */
1646 static void vnc_colordepth(VncState
*vs
)
1648 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1649 /* Sending a WMVi message to notify the client*/
1650 vnc_write_u8(vs
, 0); /* msg id */
1651 vnc_write_u8(vs
, 0);
1652 vnc_write_u16(vs
, 1); /* number of rects */
1653 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1654 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1655 pixel_format_message(vs
);
1658 set_pixel_conversion(vs
);
1662 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1672 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1673 read_u8(data
, 6), read_u8(data
, 7),
1674 read_u16(data
, 8), read_u16(data
, 10),
1675 read_u16(data
, 12), read_u8(data
, 14),
1676 read_u8(data
, 15), read_u8(data
, 16));
1683 limit
= read_u16(data
, 2);
1685 return 4 + (limit
* 4);
1687 limit
= read_u16(data
, 2);
1689 for (i
= 0; i
< limit
; i
++) {
1690 int32_t val
= read_s32(data
, 4 + (i
* 4));
1691 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1694 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1700 framebuffer_update_request(vs
,
1701 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1702 read_u16(data
, 6), read_u16(data
, 8));
1708 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1714 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1721 uint32_t dlen
= read_u32(data
, 4);
1726 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1732 switch (read_u8(data
, 1)) {
1737 ext_key_event(vs
, read_u16(data
, 2),
1738 read_u32(data
, 4), read_u32(data
, 8));
1744 switch (read_u16 (data
, 2)) {
1754 switch (read_u8(data
, 4)) {
1755 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1756 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1757 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1758 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1759 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1760 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1762 printf("Invalid audio format %d\n", read_u8(data
, 4));
1763 vnc_client_error(vs
);
1766 vs
->as
.nchannels
= read_u8(data
, 5);
1767 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1768 printf("Invalid audio channel coount %d\n",
1770 vnc_client_error(vs
);
1773 vs
->as
.freq
= read_u32(data
, 6);
1776 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1777 vnc_client_error(vs
);
1783 printf("Msg: %d\n", read_u16(data
, 0));
1784 vnc_client_error(vs
);
1789 printf("Msg: %d\n", data
[0]);
1790 vnc_client_error(vs
);
1794 vnc_read_when(vs
, protocol_client_msg
, 1);
1798 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1803 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
1804 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
1806 pixel_format_message(vs
);
1809 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1811 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1813 vnc_write_u32(vs
, size
);
1814 vnc_write(vs
, buf
, size
);
1817 vnc_read_when(vs
, protocol_client_msg
, 1);
1822 void start_client_init(VncState
*vs
)
1824 vnc_read_when(vs
, protocol_client_init
, 1);
1827 static void make_challenge(VncState
*vs
)
1831 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1833 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1834 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1837 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1839 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1841 unsigned char key
[8];
1843 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
1844 VNC_DEBUG("No password configured on server");
1845 vnc_write_u32(vs
, 1); /* Reject auth */
1846 if (vs
->minor
>= 8) {
1847 static const char err
[] = "Authentication failed";
1848 vnc_write_u32(vs
, sizeof(err
));
1849 vnc_write(vs
, err
, sizeof(err
));
1852 vnc_client_error(vs
);
1856 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
1858 /* Calculate the expected challenge response */
1859 pwlen
= strlen(vs
->vd
->password
);
1860 for (i
=0; i
<sizeof(key
); i
++)
1861 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
1863 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
1864 des(response
+j
, response
+j
);
1866 /* Compare expected vs actual challenge response */
1867 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
1868 VNC_DEBUG("Client challenge reponse did not match\n");
1869 vnc_write_u32(vs
, 1); /* Reject auth */
1870 if (vs
->minor
>= 8) {
1871 static const char err
[] = "Authentication failed";
1872 vnc_write_u32(vs
, sizeof(err
));
1873 vnc_write(vs
, err
, sizeof(err
));
1876 vnc_client_error(vs
);
1878 VNC_DEBUG("Accepting VNC challenge response\n");
1879 vnc_write_u32(vs
, 0); /* Accept auth */
1882 start_client_init(vs
);
1887 void start_auth_vnc(VncState
*vs
)
1890 /* Send client a 'random' challenge */
1891 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
1894 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
1898 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1900 /* We only advertise 1 auth scheme at a time, so client
1901 * must pick the one we sent. Verify this */
1902 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
1903 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
1904 vnc_write_u32(vs
, 1);
1905 if (vs
->minor
>= 8) {
1906 static const char err
[] = "Authentication failed";
1907 vnc_write_u32(vs
, sizeof(err
));
1908 vnc_write(vs
, err
, sizeof(err
));
1910 vnc_client_error(vs
);
1911 } else { /* Accept requested auth */
1912 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
1913 switch (vs
->vd
->auth
) {
1915 VNC_DEBUG("Accept auth none\n");
1916 if (vs
->minor
>= 8) {
1917 vnc_write_u32(vs
, 0); /* Accept auth completion */
1920 start_client_init(vs
);
1924 VNC_DEBUG("Start VNC auth\n");
1928 #ifdef CONFIG_VNC_TLS
1929 case VNC_AUTH_VENCRYPT
:
1930 VNC_DEBUG("Accept VeNCrypt auth\n");;
1931 start_auth_vencrypt(vs
);
1933 #endif /* CONFIG_VNC_TLS */
1935 #ifdef CONFIG_VNC_SASL
1937 VNC_DEBUG("Accept SASL auth\n");
1938 start_auth_sasl(vs
);
1940 #endif /* CONFIG_VNC_SASL */
1942 default: /* Should not be possible, but just in case */
1943 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
1944 vnc_write_u8(vs
, 1);
1945 if (vs
->minor
>= 8) {
1946 static const char err
[] = "Authentication failed";
1947 vnc_write_u32(vs
, sizeof(err
));
1948 vnc_write(vs
, err
, sizeof(err
));
1950 vnc_client_error(vs
);
1956 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
1960 memcpy(local
, version
, 12);
1963 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
1964 VNC_DEBUG("Malformed protocol version %s\n", local
);
1965 vnc_client_error(vs
);
1968 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
1969 if (vs
->major
!= 3 ||
1975 VNC_DEBUG("Unsupported client version\n");
1976 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1978 vnc_client_error(vs
);
1981 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1982 * as equivalent to v3.3 by servers
1984 if (vs
->minor
== 4 || vs
->minor
== 5)
1987 if (vs
->minor
== 3) {
1988 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
1989 VNC_DEBUG("Tell client auth none\n");
1990 vnc_write_u32(vs
, vs
->vd
->auth
);
1992 start_client_init(vs
);
1993 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
1994 VNC_DEBUG("Tell client VNC auth\n");
1995 vnc_write_u32(vs
, vs
->vd
->auth
);
1999 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2000 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2002 vnc_client_error(vs
);
2005 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2006 vnc_write_u8(vs
, 1); /* num auth */
2007 vnc_write_u8(vs
, vs
->vd
->auth
);
2008 vnc_read_when(vs
, protocol_client_auth
, 1);
2015 static void vnc_connect(VncDisplay
*vd
, int csock
)
2017 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2020 VNC_DEBUG("New client on socket %d\n", csock
);
2022 socket_set_nonblock(vs
->csock
);
2023 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2027 vs
->timer
= qemu_new_timer(rt_clock
, vnc_update_client
, vs
);
2031 vs
->as
.freq
= 44100;
2032 vs
->as
.nchannels
= 2;
2033 vs
->as
.fmt
= AUD_FMT_S16
;
2034 vs
->as
.endianness
= 0;
2037 vnc_write(vs
, "RFB 003.008\n", 12);
2039 vnc_read_when(vs
, protocol_version
, 12);
2042 vs
->next
= vd
->clients
;
2045 vnc_update_client(vs
);
2046 /* vs might be free()ed here */
2049 static void vnc_listen_read(void *opaque
)
2051 VncDisplay
*vs
= opaque
;
2052 struct sockaddr_in addr
;
2053 socklen_t addrlen
= sizeof(addr
);
2058 int csock
= accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2060 vnc_connect(vs
, csock
);
2064 void vnc_display_init(DisplayState
*ds
)
2066 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2068 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2078 if (keyboard_layout
)
2079 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2081 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2083 if (!vs
->kbd_layout
)
2086 dcl
->dpy_copy
= vnc_dpy_copy
;
2087 dcl
->dpy_update
= vnc_dpy_update
;
2088 dcl
->dpy_resize
= vnc_dpy_resize
;
2089 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2090 register_displaychangelistener(ds
, dcl
);
2094 void vnc_display_close(DisplayState
*ds
)
2096 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2101 qemu_free(vs
->display
);
2104 if (vs
->lsock
!= -1) {
2105 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2109 vs
->auth
= VNC_AUTH_INVALID
;
2110 #ifdef CONFIG_VNC_TLS
2111 vs
->subauth
= VNC_AUTH_INVALID
;
2112 vs
->tls
.x509verify
= 0;
2116 int vnc_display_password(DisplayState
*ds
, const char *password
)
2118 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2121 qemu_free(vs
->password
);
2122 vs
->password
= NULL
;
2124 if (password
&& password
[0]) {
2125 if (!(vs
->password
= qemu_strdup(password
)))
2132 char *vnc_display_local_addr(DisplayState
*ds
)
2134 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2136 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2139 int vnc_display_open(DisplayState
*ds
, const char *display
)
2141 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2142 const char *options
;
2146 #ifdef CONFIG_VNC_TLS
2147 int tls
= 0, x509
= 0;
2149 #ifdef CONFIG_VNC_SASL
2157 vnc_display_close(ds
);
2158 if (strcmp(display
, "none") == 0)
2161 if (!(vs
->display
= strdup(display
)))
2165 while ((options
= strchr(options
, ','))) {
2167 if (strncmp(options
, "password", 8) == 0) {
2168 password
= 1; /* Require password auth */
2169 } else if (strncmp(options
, "reverse", 7) == 0) {
2171 } else if (strncmp(options
, "to=", 3) == 0) {
2172 to_port
= atoi(options
+3) + 5900;
2173 #ifdef CONFIG_VNC_SASL
2174 } else if (strncmp(options
, "sasl", 4) == 0) {
2175 sasl
= 1; /* Require SASL auth */
2177 #ifdef CONFIG_VNC_TLS
2178 } else if (strncmp(options
, "tls", 3) == 0) {
2179 tls
= 1; /* Require TLS */
2180 } else if (strncmp(options
, "x509", 4) == 0) {
2182 x509
= 1; /* Require x509 certificates */
2183 if (strncmp(options
, "x509verify", 10) == 0)
2184 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2186 /* Now check for 'x509=/some/path' postfix
2187 * and use that to setup x509 certificate/key paths */
2188 start
= strchr(options
, '=');
2189 end
= strchr(options
, ',');
2190 if (start
&& (!end
|| (start
< end
))) {
2191 int len
= end
? end
-(start
+1) : strlen(start
+1);
2192 char *path
= qemu_strndup(start
+ 1, len
);
2194 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2195 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2196 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2198 qemu_free(vs
->display
);
2204 fprintf(stderr
, "No certificate path provided\n");
2205 qemu_free(vs
->display
);
2210 } else if (strncmp(options
, "acl", 3) == 0) {
2215 #ifdef CONFIG_VNC_TLS
2216 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2217 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2218 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2223 #ifdef CONFIG_VNC_SASL
2225 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2226 fprintf(stderr
, "Failed to create username ACL\n");
2233 * Combinations we support here:
2235 * - no-auth (clear text, no auth)
2236 * - password (clear text, weak auth)
2237 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2238 * - tls (encrypt, weak anonymous creds, no auth)
2239 * - tls + password (encrypt, weak anonymous creds, weak auth)
2240 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2241 * - tls + x509 (encrypt, good x509 creds, no auth)
2242 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2243 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2245 * NB1. TLS is a stackable auth scheme.
2246 * NB2. the x509 schemes have option to validate a client cert dname
2249 #ifdef CONFIG_VNC_TLS
2251 vs
->auth
= VNC_AUTH_VENCRYPT
;
2253 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2254 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2256 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2257 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2260 #endif /* CONFIG_VNC_TLS */
2261 VNC_DEBUG("Initializing VNC server with password auth\n");
2262 vs
->auth
= VNC_AUTH_VNC
;
2263 #ifdef CONFIG_VNC_TLS
2264 vs
->subauth
= VNC_AUTH_INVALID
;
2266 #endif /* CONFIG_VNC_TLS */
2267 #ifdef CONFIG_VNC_SASL
2269 #ifdef CONFIG_VNC_TLS
2271 vs
->auth
= VNC_AUTH_VENCRYPT
;
2273 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2274 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2276 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2277 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2280 #endif /* CONFIG_VNC_TLS */
2281 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2282 vs
->auth
= VNC_AUTH_SASL
;
2283 #ifdef CONFIG_VNC_TLS
2284 vs
->subauth
= VNC_AUTH_INVALID
;
2286 #endif /* CONFIG_VNC_TLS */
2287 #endif /* CONFIG_VNC_SASL */
2289 #ifdef CONFIG_VNC_TLS
2291 vs
->auth
= VNC_AUTH_VENCRYPT
;
2293 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2294 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2296 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2297 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2301 VNC_DEBUG("Initializing VNC server with no auth\n");
2302 vs
->auth
= VNC_AUTH_NONE
;
2303 #ifdef CONFIG_VNC_TLS
2304 vs
->subauth
= VNC_AUTH_INVALID
;
2309 #ifdef CONFIG_VNC_SASL
2310 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2311 fprintf(stderr
, "Failed to initialize SASL auth %s",
2312 sasl_errstring(saslErr
, NULL
, NULL
));
2320 /* connect to viewer */
2321 if (strncmp(display
, "unix:", 5) == 0)
2322 vs
->lsock
= unix_connect(display
+5);
2324 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2325 if (-1 == vs
->lsock
) {
2330 int csock
= vs
->lsock
;
2332 vnc_connect(vs
, csock
);
2337 /* listen for connects */
2339 dpy
= qemu_malloc(256);
2340 if (strncmp(display
, "unix:", 5) == 0) {
2341 pstrcpy(dpy
, 256, "unix:");
2342 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2344 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2346 if (-1 == vs
->lsock
) {
2354 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);