2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #include "qemu-objects.h"
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
38 #include "vnc_keysym.h"
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
49 static VncDisplay
*vnc_display
; /* needed for info vnc */
50 static DisplayChangeListener
*dcl
;
52 static char *addr_to_string(const char *format
,
53 struct sockaddr_storage
*sa
,
56 char host
[NI_MAXHOST
];
57 char serv
[NI_MAXSERV
];
61 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
64 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err
, gai_strerror(err
));
70 /* Enough for the existing format + the 2 vars we're
72 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
73 addr
= qemu_malloc(addrlen
+ 1);
74 snprintf(addr
, addrlen
, format
, host
, serv
);
81 char *vnc_socket_local_addr(const char *format
, int fd
) {
82 struct sockaddr_storage sa
;
86 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
89 return addr_to_string(format
, &sa
, salen
);
92 char *vnc_socket_remote_addr(const char *format
, int fd
) {
93 struct sockaddr_storage sa
;
97 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
100 return addr_to_string(format
, &sa
, salen
);
103 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
106 char host
[NI_MAXHOST
];
107 char serv
[NI_MAXSERV
];
110 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
113 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err
, gai_strerror(err
));
119 qdict_put(qdict
, "host", qstring_from_str(host
));
120 qdict_put(qdict
, "service", qstring_from_str(serv
));
121 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
126 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
128 struct sockaddr_storage sa
;
132 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
136 return put_addr_qdict(qdict
, &sa
, salen
);
139 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
141 struct sockaddr_storage sa
;
145 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
149 return put_addr_qdict(qdict
, &sa
, salen
);
152 static const char *vnc_auth_name(VncDisplay
*vd
) {
154 case VNC_AUTH_INVALID
:
170 case VNC_AUTH_VENCRYPT
:
171 #ifdef CONFIG_VNC_TLS
172 switch (vd
->subauth
) {
173 case VNC_AUTH_VENCRYPT_PLAIN
:
174 return "vencrypt+plain";
175 case VNC_AUTH_VENCRYPT_TLSNONE
:
176 return "vencrypt+tls+none";
177 case VNC_AUTH_VENCRYPT_TLSVNC
:
178 return "vencrypt+tls+vnc";
179 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
180 return "vencrypt+tls+plain";
181 case VNC_AUTH_VENCRYPT_X509NONE
:
182 return "vencrypt+x509+none";
183 case VNC_AUTH_VENCRYPT_X509VNC
:
184 return "vencrypt+x509+vnc";
185 case VNC_AUTH_VENCRYPT_X509PLAIN
:
186 return "vencrypt+x509+plain";
187 case VNC_AUTH_VENCRYPT_TLSSASL
:
188 return "vencrypt+tls+sasl";
189 case VNC_AUTH_VENCRYPT_X509SASL
:
190 return "vencrypt+x509+sasl";
203 static int vnc_server_info_put(QDict
*qdict
)
205 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
209 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
213 static void vnc_client_cache_auth(VncState
*client
)
221 qdict
= qobject_to_qdict(client
->info
);
223 #ifdef CONFIG_VNC_TLS
224 if (client
->tls
.session
&&
226 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
229 #ifdef CONFIG_VNC_SASL
230 if (client
->sasl
.conn
&&
231 client
->sasl
.username
) {
232 qdict_put(qdict
, "sasl_username",
233 qstring_from_str(client
->sasl
.username
));
238 static void vnc_client_cache_addr(VncState
*client
)
243 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
245 /* XXX: how to report the error? */
249 client
->info
= QOBJECT(qdict
);
252 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
261 server
= qdict_new();
262 if (vnc_server_info_put(server
) < 0) {
267 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
268 vs
->info
, QOBJECT(server
));
270 monitor_protocol_event(event
, data
);
272 qobject_incref(vs
->info
);
273 qobject_decref(data
);
276 static void info_vnc_iter(QObject
*obj
, void *opaque
)
279 Monitor
*mon
= opaque
;
281 client
= qobject_to_qdict(obj
);
282 monitor_printf(mon
, "Client:\n");
283 monitor_printf(mon
, " address: %s:%s\n",
284 qdict_get_str(client
, "host"),
285 qdict_get_str(client
, "service"));
287 #ifdef CONFIG_VNC_TLS
288 monitor_printf(mon
, " x509_dname: %s\n",
289 qdict_haskey(client
, "x509_dname") ?
290 qdict_get_str(client
, "x509_dname") : "none");
292 #ifdef CONFIG_VNC_SASL
293 monitor_printf(mon
, " username: %s\n",
294 qdict_haskey(client
, "sasl_username") ?
295 qdict_get_str(client
, "sasl_username") : "none");
299 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
304 server
= qobject_to_qdict(data
);
305 if (qdict_get_bool(server
, "enabled") == 0) {
306 monitor_printf(mon
, "Server: disabled\n");
310 monitor_printf(mon
, "Server:\n");
311 monitor_printf(mon
, " address: %s:%s\n",
312 qdict_get_str(server
, "host"),
313 qdict_get_str(server
, "service"));
314 monitor_printf(mon
, " auth: %s\n", qdict_get_str(server
, "auth"));
316 clients
= qdict_get_qlist(server
, "clients");
317 if (qlist_empty(clients
)) {
318 monitor_printf(mon
, "Client: none\n");
320 qlist_iter(clients
, info_vnc_iter
, mon
);
325 * do_info_vnc(): Show VNC server information
327 * Return a QDict with server information. Connected clients are returned
328 * as a QList of QDicts.
330 * The main QDict contains the following:
332 * - "enabled": true or false
333 * - "host": server's IP address
334 * - "family": address family ("ipv4" or "ipv6")
335 * - "service": server's port number
336 * - "auth": authentication method
337 * - "clients": a QList of all connected clients
339 * Clients are described by a QDict, with the following information:
341 * - "host": client's IP address
342 * - "family": address family ("ipv4" or "ipv6")
343 * - "service": client's port number
344 * - "x509_dname": TLS dname (optional)
345 * - "sasl_username": SASL username (optional)
349 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
351 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
353 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
355 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
356 *ret_data
= qobject_from_jsonf("{ 'enabled': false }");
362 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
364 /* incref so that it's not freed by upper layers */
365 qobject_incref(client
->info
);
366 qlist_append_obj(clist
, client
->info
);
370 *ret_data
= qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
372 assert(*ret_data
!= NULL
);
374 if (vnc_server_info_put(qobject_to_qdict(*ret_data
)) < 0) {
375 qobject_decref(*ret_data
);
381 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
382 return (vs
->features
& (1 << feature
));
386 1) Get the queue working for IO.
387 2) there is some weirdness when using the -S option (the screen is grey
388 and not totally invalidated
389 3) resolutions > 1024
392 static int vnc_update_client(VncState
*vs
, int has_dirty
);
393 static void vnc_disconnect_start(VncState
*vs
);
394 static void vnc_disconnect_finish(VncState
*vs
);
395 static void vnc_init_timer(VncDisplay
*vd
);
396 static void vnc_remove_timer(VncDisplay
*vd
);
398 static void vnc_colordepth(VncState
*vs
);
399 static void framebuffer_update_request(VncState
*vs
, int incremental
,
400 int x_position
, int y_position
,
402 static void vnc_refresh(void *opaque
);
403 static int vnc_refresh_server_surface(VncDisplay
*vd
);
405 static inline void vnc_set_bit(uint32_t *d
, int k
)
407 d
[k
>> 5] |= 1 << (k
& 0x1f);
410 static inline void vnc_clear_bit(uint32_t *d
, int k
)
412 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
415 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
425 d
[j
++] = (1 << n
) - 1;
430 static inline int vnc_get_bit(const uint32_t *d
, int k
)
432 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
435 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
439 for(i
= 0; i
< nb_words
; i
++) {
440 if ((d1
[i
] & d2
[i
]) != 0)
446 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
449 VncDisplay
*vd
= ds
->opaque
;
450 struct VncSurface
*s
= &vd
->guest
;
454 /* round x down to ensure the loop only spans one 16-pixel block per,
455 iteration. otherwise, if (x % 16) != 0, the last iteration may span
456 two 16-pixel blocks but we only mark the first as dirty
461 x
= MIN(x
, s
->ds
->width
);
462 y
= MIN(y
, s
->ds
->height
);
463 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
464 h
= MIN(h
, s
->ds
->height
);
467 for (i
= 0; i
< w
; i
+= 16)
468 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
471 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
474 vnc_write_u16(vs
, x
);
475 vnc_write_u16(vs
, y
);
476 vnc_write_u16(vs
, w
);
477 vnc_write_u16(vs
, h
);
479 vnc_write_s32(vs
, encoding
);
482 void buffer_reserve(Buffer
*buffer
, size_t len
)
484 if ((buffer
->capacity
- buffer
->offset
) < len
) {
485 buffer
->capacity
+= (len
+ 1024);
486 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
487 if (buffer
->buffer
== NULL
) {
488 fprintf(stderr
, "vnc: out of memory\n");
494 int buffer_empty(Buffer
*buffer
)
496 return buffer
->offset
== 0;
499 uint8_t *buffer_end(Buffer
*buffer
)
501 return buffer
->buffer
+ buffer
->offset
;
504 void buffer_reset(Buffer
*buffer
)
509 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
511 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
512 buffer
->offset
+= len
;
515 static void vnc_dpy_resize(DisplayState
*ds
)
518 VncDisplay
*vd
= ds
->opaque
;
523 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
524 if (vd
->server
->data
)
525 qemu_free(vd
->server
->data
);
526 *(vd
->server
) = *(ds
->surface
);
527 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
532 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
533 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
534 console_color_init(ds
);
535 size_changed
= ds_get_width(ds
) != vd
->guest
.ds
->width
||
536 ds_get_height(ds
) != vd
->guest
.ds
->height
;
537 *(vd
->guest
.ds
) = *(ds
->surface
);
538 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
540 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
543 if (vs
->csock
!= -1 && vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
544 vnc_write_u8(vs
, 0); /* msg id */
546 vnc_write_u16(vs
, 1); /* number of rects */
547 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
),
548 VNC_ENCODING_DESKTOPRESIZE
);
552 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
557 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
559 vnc_write(vs
, pixels
, size
);
562 /* slowest but generic code. */
563 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
566 VncDisplay
*vd
= vs
->vd
;
568 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
569 vd
->server
->pf
.rbits
);
570 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
571 vd
->server
->pf
.gbits
);
572 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
573 vd
->server
->pf
.bbits
);
574 v
= (r
<< vs
->clientds
.pf
.rshift
) |
575 (g
<< vs
->clientds
.pf
.gshift
) |
576 (b
<< vs
->clientds
.pf
.bshift
);
577 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
582 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
592 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
607 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
610 VncDisplay
*vd
= vs
->vd
;
612 if (vd
->server
->pf
.bytes_per_pixel
== 4) {
613 uint32_t *pixels
= pixels1
;
616 for(i
= 0; i
< n
; i
++) {
617 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
618 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
620 } else if (vd
->server
->pf
.bytes_per_pixel
== 2) {
621 uint16_t *pixels
= pixels1
;
624 for(i
= 0; i
< n
; i
++) {
625 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
626 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
628 } else if (vd
->server
->pf
.bytes_per_pixel
== 1) {
629 uint8_t *pixels
= pixels1
;
632 for(i
= 0; i
< n
; i
++) {
633 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
634 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
637 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
641 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
645 VncDisplay
*vd
= vs
->vd
;
647 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
648 for (i
= 0; i
< h
; i
++) {
649 vs
->write_pixels(vs
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
650 row
+= ds_get_linesize(vs
->ds
);
654 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
656 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
657 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
661 #include "vnchextile.h"
665 #include "vnchextile.h"
669 #include "vnchextile.h"
674 #include "vnchextile.h"
680 #include "vnchextile.h"
686 #include "vnchextile.h"
690 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
694 uint8_t *last_fg
, *last_bg
;
695 VncDisplay
*vd
= vs
->vd
;
697 last_fg
= (uint8_t *) qemu_malloc(vd
->server
->pf
.bytes_per_pixel
);
698 last_bg
= (uint8_t *) qemu_malloc(vd
->server
->pf
.bytes_per_pixel
);
700 for (j
= y
; j
< (y
+ h
); j
+= 16) {
701 for (i
= x
; i
< (x
+ w
); i
+= 16) {
702 vs
->send_hextile_tile(vs
, i
, j
,
703 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
704 last_bg
, last_fg
, &has_bg
, &has_fg
);
712 #define ZALLOC_ALIGNMENT 16
714 static void *zalloc(void *x
, unsigned items
, unsigned size
)
719 size
= (size
+ ZALLOC_ALIGNMENT
- 1) & ~(ZALLOC_ALIGNMENT
- 1);
721 p
= qemu_mallocz(size
);
726 static void zfree(void *x
, void *addr
)
731 static void vnc_zlib_init(VncState
*vs
)
734 for (i
=0; i
<(sizeof(vs
->zlib_stream
) / sizeof(z_stream
)); i
++)
735 vs
->zlib_stream
[i
].opaque
= NULL
;
738 static void vnc_zlib_start(VncState
*vs
)
740 buffer_reset(&vs
->zlib
);
742 // make the output buffer be the zlib buffer, so we can compress it later
743 vs
->zlib_tmp
= vs
->output
;
744 vs
->output
= vs
->zlib
;
747 static int vnc_zlib_stop(VncState
*vs
, int stream_id
)
749 z_streamp zstream
= &vs
->zlib_stream
[stream_id
];
752 // switch back to normal output/zlib buffers
753 vs
->zlib
= vs
->output
;
754 vs
->output
= vs
->zlib_tmp
;
756 // compress the zlib buffer
758 // initialize the stream
759 // XXX need one stream per session
760 if (zstream
->opaque
!= vs
) {
763 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id
);
764 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream
->opaque
, vs
);
765 zstream
->zalloc
= zalloc
;
766 zstream
->zfree
= zfree
;
768 err
= deflateInit2(zstream
, vs
->tight_compression
, Z_DEFLATED
, MAX_WBITS
,
769 MAX_MEM_LEVEL
, Z_DEFAULT_STRATEGY
);
772 fprintf(stderr
, "VNC: error initializing zlib\n");
776 zstream
->opaque
= vs
;
779 // XXX what to do if tight_compression changed in between?
781 // reserve memory in output buffer
782 buffer_reserve(&vs
->output
, vs
->zlib
.offset
+ 64);
785 zstream
->next_in
= vs
->zlib
.buffer
;
786 zstream
->avail_in
= vs
->zlib
.offset
;
787 zstream
->next_out
= vs
->output
.buffer
+ vs
->output
.offset
;
788 zstream
->avail_out
= vs
->output
.capacity
- vs
->output
.offset
;
789 zstream
->data_type
= Z_BINARY
;
790 previous_out
= zstream
->total_out
;
793 if (deflate(zstream
, Z_SYNC_FLUSH
) != Z_OK
) {
794 fprintf(stderr
, "VNC: error during zlib compression\n");
798 vs
->output
.offset
= vs
->output
.capacity
- zstream
->avail_out
;
799 return zstream
->total_out
- previous_out
;
802 static void send_framebuffer_update_zlib(VncState
*vs
, int x
, int y
, int w
, int h
)
804 int old_offset
, new_offset
, bytes_written
;
806 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_ZLIB
);
808 // remember where we put in the follow-up size
809 old_offset
= vs
->output
.offset
;
810 vnc_write_s32(vs
, 0);
812 // compress the stream
814 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
815 bytes_written
= vnc_zlib_stop(vs
, 0);
817 if (bytes_written
== -1)
821 new_offset
= vs
->output
.offset
;
822 vs
->output
.offset
= old_offset
;
823 vnc_write_u32(vs
, bytes_written
);
824 vs
->output
.offset
= new_offset
;
827 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
829 switch(vs
->vnc_encoding
) {
830 case VNC_ENCODING_ZLIB
:
831 send_framebuffer_update_zlib(vs
, x
, y
, w
, h
);
833 case VNC_ENCODING_HEXTILE
:
834 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
835 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
838 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
839 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
844 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
846 /* send bitblit op to the vnc client */
847 vnc_write_u8(vs
, 0); /* msg id */
849 vnc_write_u16(vs
, 1); /* number of rects */
850 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
851 vnc_write_u16(vs
, src_x
);
852 vnc_write_u16(vs
, src_y
);
856 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
858 VncDisplay
*vd
= ds
->opaque
;
862 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
865 vnc_refresh_server_surface(vd
);
866 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
867 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
868 vs
->force_update
= 1;
869 vnc_update_client(vs
, 1);
870 /* vs might be free()ed here */
874 /* do bitblit op on the local surface too */
875 pitch
= ds_get_linesize(vd
->ds
);
876 depth
= ds_get_bytes_per_pixel(vd
->ds
);
877 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
878 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
883 src_row
+= pitch
* (h
-1);
884 dst_row
+= pitch
* (h
-1);
889 w_lim
= w
- (16 - (dst_x
% 16));
893 w_lim
= w
- (w_lim
% 16);
894 for (i
= 0; i
< h
; i
++) {
895 for (x
= 0; x
<= w_lim
;
896 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
898 if ((s
= w
- w_lim
) == 0)
901 s
= (16 - (dst_x
% 16));
906 cmp_bytes
= s
* depth
;
907 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
909 memmove(dst_row
, src_row
, cmp_bytes
);
910 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
911 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
912 vnc_set_bit(vs
->dirty
[y
], ((x
+ dst_x
) / 16));
916 src_row
+= pitch
- w
* depth
;
917 dst_row
+= pitch
- w
* depth
;
921 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
922 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
923 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
928 static int find_and_clear_dirty_height(struct VncState
*vs
,
929 int y
, int last_x
, int x
)
932 VncDisplay
*vd
= vs
->vd
;
934 for (h
= 1; h
< (vd
->server
->height
- y
); h
++) {
936 if (!vnc_get_bit(vs
->dirty
[y
+ h
], last_x
))
938 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
939 vnc_clear_bit(vs
->dirty
[y
+ h
], tmp_x
);
945 static int vnc_update_client(VncState
*vs
, int has_dirty
)
947 if (vs
->need_update
&& vs
->csock
!= -1) {
948 VncDisplay
*vd
= vs
->vd
;
953 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
954 /* kernel send buffers are full -> drop frames to throttle */
957 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
961 * Send screen updates to the vnc client using the server
962 * surface and server dirty map. guest surface updates
963 * happening in parallel don't disturb us, the next pass will
964 * send them to the client.
967 vnc_write_u8(vs
, 0); /* msg id */
969 saved_offset
= vs
->output
.offset
;
970 vnc_write_u16(vs
, 0);
972 for (y
= 0; y
< vd
->server
->height
; y
++) {
975 for (x
= 0; x
< vd
->server
->width
/ 16; x
++) {
976 if (vnc_get_bit(vs
->dirty
[y
], x
)) {
980 vnc_clear_bit(vs
->dirty
[y
], x
);
983 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
984 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
991 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
992 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
996 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
997 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
999 vs
->force_update
= 0;
1000 return n_rectangles
;
1003 if (vs
->csock
== -1)
1004 vnc_disconnect_finish(vs
);
1010 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1012 VncState
*vs
= opaque
;
1015 case AUD_CNOTIFY_DISABLE
:
1016 vnc_write_u8(vs
, 255);
1017 vnc_write_u8(vs
, 1);
1018 vnc_write_u16(vs
, 0);
1022 case AUD_CNOTIFY_ENABLE
:
1023 vnc_write_u8(vs
, 255);
1024 vnc_write_u8(vs
, 1);
1025 vnc_write_u16(vs
, 1);
1031 static void audio_capture_destroy(void *opaque
)
1035 static void audio_capture(void *opaque
, void *buf
, int size
)
1037 VncState
*vs
= opaque
;
1039 vnc_write_u8(vs
, 255);
1040 vnc_write_u8(vs
, 1);
1041 vnc_write_u16(vs
, 2);
1042 vnc_write_u32(vs
, size
);
1043 vnc_write(vs
, buf
, size
);
1047 static void audio_add(VncState
*vs
)
1049 Monitor
*mon
= cur_mon
;
1050 struct audio_capture_ops ops
;
1052 if (vs
->audio_cap
) {
1053 monitor_printf(mon
, "audio already running\n");
1057 ops
.notify
= audio_capture_notify
;
1058 ops
.destroy
= audio_capture_destroy
;
1059 ops
.capture
= audio_capture
;
1061 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1062 if (!vs
->audio_cap
) {
1063 monitor_printf(mon
, "Failed to add audio capture\n");
1067 static void audio_del(VncState
*vs
)
1069 if (vs
->audio_cap
) {
1070 AUD_del_capture(vs
->audio_cap
, vs
);
1071 vs
->audio_cap
= NULL
;
1075 static void vnc_disconnect_start(VncState
*vs
)
1077 if (vs
->csock
== -1)
1079 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1080 closesocket(vs
->csock
);
1084 static void vnc_disconnect_finish(VncState
*vs
)
1086 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1088 if (vs
->input
.buffer
) {
1089 qemu_free(vs
->input
.buffer
);
1090 vs
->input
.buffer
= NULL
;
1092 if (vs
->output
.buffer
) {
1093 qemu_free(vs
->output
.buffer
);
1094 vs
->output
.buffer
= NULL
;
1097 qobject_decref(vs
->info
);
1099 #ifdef CONFIG_VNC_TLS
1100 vnc_tls_client_cleanup(vs
);
1101 #endif /* CONFIG_VNC_TLS */
1102 #ifdef CONFIG_VNC_SASL
1103 vnc_sasl_client_cleanup(vs
);
1104 #endif /* CONFIG_VNC_SASL */
1107 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1109 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1113 vnc_remove_timer(vs
->vd
);
1117 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1119 if (ret
== 0 || ret
== -1) {
1121 switch (last_errno
) {
1125 case WSAEWOULDBLOCK
:
1133 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1134 ret
, ret
< 0 ? last_errno
: 0);
1135 vnc_disconnect_start(vs
);
1143 void vnc_client_error(VncState
*vs
)
1145 VNC_DEBUG("Closing down client sock: protocol error\n");
1146 vnc_disconnect_start(vs
);
1151 * Called to write a chunk of data to the client socket. The data may
1152 * be the raw data, or may have already been encoded by SASL.
1153 * The data will be written either straight onto the socket, or
1154 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1156 * NB, it is theoretically possible to have 2 layers of encryption,
1157 * both SASL, and this TLS layer. It is highly unlikely in practice
1158 * though, since SASL encryption will typically be a no-op if TLS
1161 * Returns the number of bytes written, which may be less than
1162 * the requested 'datalen' if the socket would block. Returns
1163 * -1 on error, and disconnects the client socket.
1165 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1168 #ifdef CONFIG_VNC_TLS
1169 if (vs
->tls
.session
) {
1170 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1172 if (ret
== GNUTLS_E_AGAIN
)
1179 #endif /* CONFIG_VNC_TLS */
1180 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1181 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1182 return vnc_client_io_error(vs
, ret
, socket_error());
1187 * Called to write buffered data to the client socket, when not
1188 * using any SASL SSF encryption layers. Will write as much data
1189 * as possible without blocking. If all buffered data is written,
1190 * will switch the FD poll() handler back to read monitoring.
1192 * Returns the number of bytes written, which may be less than
1193 * the buffered output data if the socket would block. Returns
1194 * -1 on error, and disconnects the client socket.
1196 static long vnc_client_write_plain(VncState
*vs
)
1200 #ifdef CONFIG_VNC_SASL
1201 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1202 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1203 vs
->sasl
.waitWriteSSF
);
1205 if (vs
->sasl
.conn
&&
1207 vs
->sasl
.waitWriteSSF
) {
1208 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1210 vs
->sasl
.waitWriteSSF
-= ret
;
1212 #endif /* CONFIG_VNC_SASL */
1213 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1217 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1218 vs
->output
.offset
-= ret
;
1220 if (vs
->output
.offset
== 0) {
1221 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1229 * First function called whenever there is data to be written to
1230 * the client socket. Will delegate actual work according to whether
1231 * SASL SSF layers are enabled (thus requiring encryption calls)
1233 void vnc_client_write(void *opaque
)
1236 VncState
*vs
= opaque
;
1238 #ifdef CONFIG_VNC_SASL
1239 if (vs
->sasl
.conn
&&
1241 !vs
->sasl
.waitWriteSSF
)
1242 ret
= vnc_client_write_sasl(vs
);
1244 #endif /* CONFIG_VNC_SASL */
1245 ret
= vnc_client_write_plain(vs
);
1248 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1250 vs
->read_handler
= func
;
1251 vs
->read_handler_expect
= expecting
;
1256 * Called to read a chunk of data from the client socket. The data may
1257 * be the raw data, or may need to be further decoded by SASL.
1258 * The data will be read either straight from to the socket, or
1259 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1261 * NB, it is theoretically possible to have 2 layers of encryption,
1262 * both SASL, and this TLS layer. It is highly unlikely in practice
1263 * though, since SASL encryption will typically be a no-op if TLS
1266 * Returns the number of bytes read, which may be less than
1267 * the requested 'datalen' if the socket would block. Returns
1268 * -1 on error, and disconnects the client socket.
1270 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1273 #ifdef CONFIG_VNC_TLS
1274 if (vs
->tls
.session
) {
1275 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1277 if (ret
== GNUTLS_E_AGAIN
)
1284 #endif /* CONFIG_VNC_TLS */
1285 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1286 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1287 return vnc_client_io_error(vs
, ret
, socket_error());
1292 * Called to read data from the client socket to the input buffer,
1293 * when not using any SASL SSF encryption layers. Will read as much
1294 * data as possible without blocking.
1296 * Returns the number of bytes read. Returns -1 on error, and
1297 * disconnects the client socket.
1299 static long vnc_client_read_plain(VncState
*vs
)
1302 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1303 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1304 buffer_reserve(&vs
->input
, 4096);
1305 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1308 vs
->input
.offset
+= ret
;
1314 * First function called whenever there is more data to be read from
1315 * the client socket. Will delegate actual work according to whether
1316 * SASL SSF layers are enabled (thus requiring decryption calls)
1318 void vnc_client_read(void *opaque
)
1320 VncState
*vs
= opaque
;
1323 #ifdef CONFIG_VNC_SASL
1324 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1325 ret
= vnc_client_read_sasl(vs
);
1327 #endif /* CONFIG_VNC_SASL */
1328 ret
= vnc_client_read_plain(vs
);
1330 if (vs
->csock
== -1)
1331 vnc_disconnect_finish(vs
);
1335 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1336 size_t len
= vs
->read_handler_expect
;
1339 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1340 if (vs
->csock
== -1) {
1341 vnc_disconnect_finish(vs
);
1346 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1347 vs
->input
.offset
-= len
;
1349 vs
->read_handler_expect
= ret
;
1354 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1356 buffer_reserve(&vs
->output
, len
);
1358 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1359 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1362 buffer_append(&vs
->output
, data
, len
);
1365 void vnc_write_s32(VncState
*vs
, int32_t value
)
1367 vnc_write_u32(vs
, *(uint32_t *)&value
);
1370 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1374 buf
[0] = (value
>> 24) & 0xFF;
1375 buf
[1] = (value
>> 16) & 0xFF;
1376 buf
[2] = (value
>> 8) & 0xFF;
1377 buf
[3] = value
& 0xFF;
1379 vnc_write(vs
, buf
, 4);
1382 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1386 buf
[0] = (value
>> 8) & 0xFF;
1387 buf
[1] = value
& 0xFF;
1389 vnc_write(vs
, buf
, 2);
1392 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1394 vnc_write(vs
, (char *)&value
, 1);
1397 void vnc_flush(VncState
*vs
)
1399 if (vs
->csock
!= -1 && vs
->output
.offset
)
1400 vnc_client_write(vs
);
1403 uint8_t read_u8(uint8_t *data
, size_t offset
)
1405 return data
[offset
];
1408 uint16_t read_u16(uint8_t *data
, size_t offset
)
1410 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1413 int32_t read_s32(uint8_t *data
, size_t offset
)
1415 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1416 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1419 uint32_t read_u32(uint8_t *data
, size_t offset
)
1421 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1422 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1425 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1429 static void check_pointer_type_change(VncState
*vs
, int absolute
)
1431 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1432 vnc_write_u8(vs
, 0);
1433 vnc_write_u8(vs
, 0);
1434 vnc_write_u16(vs
, 1);
1435 vnc_framebuffer_update(vs
, absolute
, 0,
1436 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1437 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1440 vs
->absolute
= absolute
;
1443 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1448 if (button_mask
& 0x01)
1449 buttons
|= MOUSE_EVENT_LBUTTON
;
1450 if (button_mask
& 0x02)
1451 buttons
|= MOUSE_EVENT_MBUTTON
;
1452 if (button_mask
& 0x04)
1453 buttons
|= MOUSE_EVENT_RBUTTON
;
1454 if (button_mask
& 0x08)
1456 if (button_mask
& 0x10)
1460 kbd_mouse_event(x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1),
1461 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1),
1463 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1467 kbd_mouse_event(x
, y
, dz
, buttons
);
1469 if (vs
->last_x
!= -1)
1470 kbd_mouse_event(x
- vs
->last_x
,
1477 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1480 static void reset_keys(VncState
*vs
)
1483 for(i
= 0; i
< 256; i
++) {
1484 if (vs
->modifiers_state
[i
]) {
1486 kbd_put_keycode(0xe0);
1487 kbd_put_keycode(i
| 0x80);
1488 vs
->modifiers_state
[i
] = 0;
1493 static void press_key(VncState
*vs
, int keysym
)
1495 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & 0x7f);
1496 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) | 0x80);
1499 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1501 /* QEMU console switch */
1503 case 0x2a: /* Left Shift */
1504 case 0x36: /* Right Shift */
1505 case 0x1d: /* Left CTRL */
1506 case 0x9d: /* Right CTRL */
1507 case 0x38: /* Left ALT */
1508 case 0xb8: /* Right ALT */
1510 vs
->modifiers_state
[keycode
] = 1;
1512 vs
->modifiers_state
[keycode
] = 0;
1514 case 0x02 ... 0x0a: /* '1' to '9' keys */
1515 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1516 /* Reset the modifiers sent to the current console */
1518 console_select(keycode
- 0x02);
1522 case 0x3a: /* CapsLock */
1523 case 0x45: /* NumLock */
1525 vs
->modifiers_state
[keycode
] ^= 1;
1529 if (keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1530 /* If the numlock state needs to change then simulate an additional
1531 keypress before sending this one. This will happen if the user
1532 toggles numlock away from the VNC window.
1534 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1535 if (!vs
->modifiers_state
[0x45]) {
1536 vs
->modifiers_state
[0x45] = 1;
1537 press_key(vs
, 0xff7f);
1540 if (vs
->modifiers_state
[0x45]) {
1541 vs
->modifiers_state
[0x45] = 0;
1542 press_key(vs
, 0xff7f);
1547 if ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z')) {
1548 /* If the capslock state needs to change then simulate an additional
1549 keypress before sending this one. This will happen if the user
1550 toggles capslock away from the VNC window.
1552 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1553 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1554 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1556 if (uppercase
== shift
) {
1557 vs
->modifiers_state
[0x3a] = 0;
1558 press_key(vs
, 0xffe5);
1561 if (uppercase
!= shift
) {
1562 vs
->modifiers_state
[0x3a] = 1;
1563 press_key(vs
, 0xffe5);
1568 if (is_graphic_console()) {
1570 kbd_put_keycode(0xe0);
1572 kbd_put_keycode(keycode
& 0x7f);
1574 kbd_put_keycode(keycode
| 0x80);
1576 /* QEMU console emulation */
1578 int numlock
= vs
->modifiers_state
[0x45];
1580 case 0x2a: /* Left Shift */
1581 case 0x36: /* Right Shift */
1582 case 0x1d: /* Left CTRL */
1583 case 0x9d: /* Right CTRL */
1584 case 0x38: /* Left ALT */
1585 case 0xb8: /* Right ALT */
1588 kbd_put_keysym(QEMU_KEY_UP
);
1591 kbd_put_keysym(QEMU_KEY_DOWN
);
1594 kbd_put_keysym(QEMU_KEY_LEFT
);
1597 kbd_put_keysym(QEMU_KEY_RIGHT
);
1600 kbd_put_keysym(QEMU_KEY_DELETE
);
1603 kbd_put_keysym(QEMU_KEY_HOME
);
1606 kbd_put_keysym(QEMU_KEY_END
);
1609 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1612 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1616 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1619 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1622 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1625 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1628 kbd_put_keysym('5');
1631 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1634 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1637 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1640 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1643 kbd_put_keysym('0');
1646 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1650 kbd_put_keysym('/');
1653 kbd_put_keysym('*');
1656 kbd_put_keysym('-');
1659 kbd_put_keysym('+');
1662 kbd_put_keysym('\n');
1666 kbd_put_keysym(sym
);
1673 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1678 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1679 lsym
= lsym
- 'A' + 'a';
1682 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF);
1683 do_key_event(vs
, down
, keycode
, sym
);
1686 static void ext_key_event(VncState
*vs
, int down
,
1687 uint32_t sym
, uint16_t keycode
)
1689 /* if the user specifies a keyboard layout, always use it */
1690 if (keyboard_layout
)
1691 key_event(vs
, down
, sym
);
1693 do_key_event(vs
, down
, keycode
, sym
);
1696 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1697 int x_position
, int y_position
,
1700 if (x_position
> ds_get_width(vs
->ds
))
1701 x_position
= ds_get_width(vs
->ds
);
1702 if (y_position
> ds_get_height(vs
->ds
))
1703 y_position
= ds_get_height(vs
->ds
);
1704 if (x_position
+ w
>= ds_get_width(vs
->ds
))
1705 w
= ds_get_width(vs
->ds
) - x_position
;
1706 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1707 h
= ds_get_height(vs
->ds
) - y_position
;
1710 vs
->need_update
= 1;
1712 vs
->force_update
= 1;
1713 for (i
= 0; i
< h
; i
++) {
1714 vnc_set_bits(vs
->dirty
[y_position
+ i
],
1715 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1720 static void send_ext_key_event_ack(VncState
*vs
)
1722 vnc_write_u8(vs
, 0);
1723 vnc_write_u8(vs
, 0);
1724 vnc_write_u16(vs
, 1);
1725 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1726 VNC_ENCODING_EXT_KEY_EVENT
);
1730 static void send_ext_audio_ack(VncState
*vs
)
1732 vnc_write_u8(vs
, 0);
1733 vnc_write_u8(vs
, 0);
1734 vnc_write_u16(vs
, 1);
1735 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1736 VNC_ENCODING_AUDIO
);
1740 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1743 unsigned int enc
= 0;
1747 vs
->vnc_encoding
= 0;
1748 vs
->tight_compression
= 9;
1749 vs
->tight_quality
= 9;
1752 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1755 case VNC_ENCODING_RAW
:
1756 vs
->vnc_encoding
= enc
;
1758 case VNC_ENCODING_COPYRECT
:
1759 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1761 case VNC_ENCODING_HEXTILE
:
1762 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1763 vs
->vnc_encoding
= enc
;
1765 case VNC_ENCODING_ZLIB
:
1766 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1767 vs
->vnc_encoding
= enc
;
1769 case VNC_ENCODING_DESKTOPRESIZE
:
1770 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1772 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1773 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1775 case VNC_ENCODING_EXT_KEY_EVENT
:
1776 send_ext_key_event_ack(vs
);
1778 case VNC_ENCODING_AUDIO
:
1779 send_ext_audio_ack(vs
);
1781 case VNC_ENCODING_WMVi
:
1782 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1784 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1785 vs
->tight_compression
= (enc
& 0x0F);
1787 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1788 vs
->tight_quality
= (enc
& 0x0F);
1791 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1796 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1799 static void set_pixel_conversion(VncState
*vs
)
1801 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1802 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1803 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1804 vs
->write_pixels
= vnc_write_pixels_copy
;
1805 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1807 vs
->send_hextile_tile
= send_hextile_tile_8
;
1810 vs
->send_hextile_tile
= send_hextile_tile_16
;
1813 vs
->send_hextile_tile
= send_hextile_tile_32
;
1817 vs
->write_pixels
= vnc_write_pixels_generic
;
1818 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1820 vs
->send_hextile_tile
= send_hextile_tile_generic_8
;
1823 vs
->send_hextile_tile
= send_hextile_tile_generic_16
;
1826 vs
->send_hextile_tile
= send_hextile_tile_generic_32
;
1832 static void set_pixel_format(VncState
*vs
,
1833 int bits_per_pixel
, int depth
,
1834 int big_endian_flag
, int true_color_flag
,
1835 int red_max
, int green_max
, int blue_max
,
1836 int red_shift
, int green_shift
, int blue_shift
)
1838 if (!true_color_flag
) {
1839 vnc_client_error(vs
);
1843 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1844 vs
->clientds
.pf
.rmax
= red_max
;
1845 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1846 vs
->clientds
.pf
.rshift
= red_shift
;
1847 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1848 vs
->clientds
.pf
.gmax
= green_max
;
1849 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1850 vs
->clientds
.pf
.gshift
= green_shift
;
1851 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1852 vs
->clientds
.pf
.bmax
= blue_max
;
1853 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1854 vs
->clientds
.pf
.bshift
= blue_shift
;
1855 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1856 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1857 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1858 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1859 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1861 set_pixel_conversion(vs
);
1863 vga_hw_invalidate();
1867 static void pixel_format_message (VncState
*vs
) {
1868 char pad
[3] = { 0, 0, 0 };
1870 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1871 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1873 #ifdef HOST_WORDS_BIGENDIAN
1874 vnc_write_u8(vs
, 1); /* big-endian-flag */
1876 vnc_write_u8(vs
, 0); /* big-endian-flag */
1878 vnc_write_u8(vs
, 1); /* true-color-flag */
1879 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1880 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1881 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1882 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1883 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1884 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1885 if (vs
->ds
->surface
->pf
.bits_per_pixel
== 32)
1886 vs
->send_hextile_tile
= send_hextile_tile_32
;
1887 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 16)
1888 vs
->send_hextile_tile
= send_hextile_tile_16
;
1889 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 8)
1890 vs
->send_hextile_tile
= send_hextile_tile_8
;
1891 vs
->clientds
= *(vs
->ds
->surface
);
1892 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1893 vs
->write_pixels
= vnc_write_pixels_copy
;
1895 vnc_write(vs
, pad
, 3); /* padding */
1898 static void vnc_dpy_setdata(DisplayState
*ds
)
1900 /* We don't have to do anything */
1903 static void vnc_colordepth(VncState
*vs
)
1905 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1906 /* Sending a WMVi message to notify the client*/
1907 vnc_write_u8(vs
, 0); /* msg id */
1908 vnc_write_u8(vs
, 0);
1909 vnc_write_u16(vs
, 1); /* number of rects */
1910 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1911 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1912 pixel_format_message(vs
);
1915 set_pixel_conversion(vs
);
1919 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1923 VncDisplay
*vd
= vs
->vd
;
1926 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1927 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
))
1928 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
1936 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1937 read_u8(data
, 6), read_u8(data
, 7),
1938 read_u16(data
, 8), read_u16(data
, 10),
1939 read_u16(data
, 12), read_u8(data
, 14),
1940 read_u8(data
, 15), read_u8(data
, 16));
1947 limit
= read_u16(data
, 2);
1949 return 4 + (limit
* 4);
1951 limit
= read_u16(data
, 2);
1953 for (i
= 0; i
< limit
; i
++) {
1954 int32_t val
= read_s32(data
, 4 + (i
* 4));
1955 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1958 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1964 framebuffer_update_request(vs
,
1965 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1966 read_u16(data
, 6), read_u16(data
, 8));
1972 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1978 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1985 uint32_t dlen
= read_u32(data
, 4);
1990 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1996 switch (read_u8(data
, 1)) {
2001 ext_key_event(vs
, read_u16(data
, 2),
2002 read_u32(data
, 4), read_u32(data
, 8));
2008 switch (read_u16 (data
, 2)) {
2018 switch (read_u8(data
, 4)) {
2019 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2020 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2021 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2022 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2023 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2024 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2026 printf("Invalid audio format %d\n", read_u8(data
, 4));
2027 vnc_client_error(vs
);
2030 vs
->as
.nchannels
= read_u8(data
, 5);
2031 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2032 printf("Invalid audio channel coount %d\n",
2034 vnc_client_error(vs
);
2037 vs
->as
.freq
= read_u32(data
, 6);
2040 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2041 vnc_client_error(vs
);
2047 printf("Msg: %d\n", read_u16(data
, 0));
2048 vnc_client_error(vs
);
2053 printf("Msg: %d\n", data
[0]);
2054 vnc_client_error(vs
);
2058 vnc_read_when(vs
, protocol_client_msg
, 1);
2062 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2067 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
2068 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
2070 pixel_format_message(vs
);
2073 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2075 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2077 vnc_write_u32(vs
, size
);
2078 vnc_write(vs
, buf
, size
);
2081 vnc_client_cache_auth(vs
);
2082 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2084 vnc_read_when(vs
, protocol_client_msg
, 1);
2089 void start_client_init(VncState
*vs
)
2091 vnc_read_when(vs
, protocol_client_init
, 1);
2094 static void make_challenge(VncState
*vs
)
2098 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2100 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2101 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2104 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2106 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2108 unsigned char key
[8];
2110 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
2111 VNC_DEBUG("No password configured on server");
2112 vnc_write_u32(vs
, 1); /* Reject auth */
2113 if (vs
->minor
>= 8) {
2114 static const char err
[] = "Authentication failed";
2115 vnc_write_u32(vs
, sizeof(err
));
2116 vnc_write(vs
, err
, sizeof(err
));
2119 vnc_client_error(vs
);
2123 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2125 /* Calculate the expected challenge response */
2126 pwlen
= strlen(vs
->vd
->password
);
2127 for (i
=0; i
<sizeof(key
); i
++)
2128 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2130 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2131 des(response
+j
, response
+j
);
2133 /* Compare expected vs actual challenge response */
2134 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2135 VNC_DEBUG("Client challenge reponse did not match\n");
2136 vnc_write_u32(vs
, 1); /* Reject auth */
2137 if (vs
->minor
>= 8) {
2138 static const char err
[] = "Authentication failed";
2139 vnc_write_u32(vs
, sizeof(err
));
2140 vnc_write(vs
, err
, sizeof(err
));
2143 vnc_client_error(vs
);
2145 VNC_DEBUG("Accepting VNC challenge response\n");
2146 vnc_write_u32(vs
, 0); /* Accept auth */
2149 start_client_init(vs
);
2154 void start_auth_vnc(VncState
*vs
)
2157 /* Send client a 'random' challenge */
2158 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2161 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2165 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2167 /* We only advertise 1 auth scheme at a time, so client
2168 * must pick the one we sent. Verify this */
2169 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
2170 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2171 vnc_write_u32(vs
, 1);
2172 if (vs
->minor
>= 8) {
2173 static const char err
[] = "Authentication failed";
2174 vnc_write_u32(vs
, sizeof(err
));
2175 vnc_write(vs
, err
, sizeof(err
));
2177 vnc_client_error(vs
);
2178 } else { /* Accept requested auth */
2179 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2180 switch (vs
->vd
->auth
) {
2182 VNC_DEBUG("Accept auth none\n");
2183 if (vs
->minor
>= 8) {
2184 vnc_write_u32(vs
, 0); /* Accept auth completion */
2187 start_client_init(vs
);
2191 VNC_DEBUG("Start VNC auth\n");
2195 #ifdef CONFIG_VNC_TLS
2196 case VNC_AUTH_VENCRYPT
:
2197 VNC_DEBUG("Accept VeNCrypt auth\n");;
2198 start_auth_vencrypt(vs
);
2200 #endif /* CONFIG_VNC_TLS */
2202 #ifdef CONFIG_VNC_SASL
2204 VNC_DEBUG("Accept SASL auth\n");
2205 start_auth_sasl(vs
);
2207 #endif /* CONFIG_VNC_SASL */
2209 default: /* Should not be possible, but just in case */
2210 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
2211 vnc_write_u8(vs
, 1);
2212 if (vs
->minor
>= 8) {
2213 static const char err
[] = "Authentication failed";
2214 vnc_write_u32(vs
, sizeof(err
));
2215 vnc_write(vs
, err
, sizeof(err
));
2217 vnc_client_error(vs
);
2223 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2227 memcpy(local
, version
, 12);
2230 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2231 VNC_DEBUG("Malformed protocol version %s\n", local
);
2232 vnc_client_error(vs
);
2235 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2236 if (vs
->major
!= 3 ||
2242 VNC_DEBUG("Unsupported client version\n");
2243 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2245 vnc_client_error(vs
);
2248 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2249 * as equivalent to v3.3 by servers
2251 if (vs
->minor
== 4 || vs
->minor
== 5)
2254 if (vs
->minor
== 3) {
2255 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
2256 VNC_DEBUG("Tell client auth none\n");
2257 vnc_write_u32(vs
, vs
->vd
->auth
);
2259 start_client_init(vs
);
2260 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
2261 VNC_DEBUG("Tell client VNC auth\n");
2262 vnc_write_u32(vs
, vs
->vd
->auth
);
2266 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2267 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2269 vnc_client_error(vs
);
2272 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2273 vnc_write_u8(vs
, 1); /* num auth */
2274 vnc_write_u8(vs
, vs
->vd
->auth
);
2275 vnc_read_when(vs
, protocol_client_auth
, 1);
2282 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2286 uint8_t *server_row
;
2288 uint32_t width_mask
[VNC_DIRTY_WORDS
];
2293 * Walk through the guest dirty map.
2294 * Check and copy modified bits from guest to server surface.
2295 * Update server dirty map.
2297 vnc_set_bits(width_mask
, (ds_get_width(vd
->ds
) / 16), VNC_DIRTY_WORDS
);
2298 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2299 guest_row
= vd
->guest
.ds
->data
;
2300 server_row
= vd
->server
->data
;
2301 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2302 if (vnc_and_bits(vd
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
2305 uint8_t *server_ptr
;
2307 guest_ptr
= guest_row
;
2308 server_ptr
= server_row
;
2310 for (x
= 0; x
< vd
->guest
.ds
->width
;
2311 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2312 if (!vnc_get_bit(vd
->guest
.dirty
[y
], (x
/ 16)))
2314 vnc_clear_bit(vd
->guest
.dirty
[y
], (x
/ 16));
2315 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2317 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2318 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2319 vnc_set_bit(vs
->dirty
[y
], (x
/ 16));
2324 guest_row
+= ds_get_linesize(vd
->ds
);
2325 server_row
+= ds_get_linesize(vd
->ds
);
2330 static void vnc_refresh(void *opaque
)
2332 VncDisplay
*vd
= opaque
;
2334 int has_dirty
, rects
= 0;
2338 has_dirty
= vnc_refresh_server_surface(vd
);
2340 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2341 rects
+= vnc_update_client(vs
, has_dirty
);
2342 /* vs might be free()ed here */
2344 /* vd->timer could be NULL now if the last client disconnected,
2345 * in this case don't update the timer */
2346 if (vd
->timer
== NULL
)
2349 if (has_dirty
&& rects
) {
2350 vd
->timer_interval
/= 2;
2351 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2352 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2354 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2355 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2356 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2358 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
2361 static void vnc_init_timer(VncDisplay
*vd
)
2363 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2364 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2365 vd
->timer
= qemu_new_timer(rt_clock
, vnc_refresh
, vd
);
2370 static void vnc_remove_timer(VncDisplay
*vd
)
2372 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2373 qemu_del_timer(vd
->timer
);
2374 qemu_free_timer(vd
->timer
);
2379 static void vnc_connect(VncDisplay
*vd
, int csock
)
2381 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2384 VNC_DEBUG("New client on socket %d\n", csock
);
2386 socket_set_nonblock(vs
->csock
);
2387 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2389 vnc_client_cache_addr(vs
);
2390 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2397 vs
->as
.freq
= 44100;
2398 vs
->as
.nchannels
= 2;
2399 vs
->as
.fmt
= AUD_FMT_S16
;
2400 vs
->as
.endianness
= 0;
2402 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2406 vnc_write(vs
, "RFB 003.008\n", 12);
2408 vnc_read_when(vs
, protocol_version
, 12);
2413 /* vs might be free()ed here */
2416 static void vnc_listen_read(void *opaque
)
2418 VncDisplay
*vs
= opaque
;
2419 struct sockaddr_in addr
;
2420 socklen_t addrlen
= sizeof(addr
);
2425 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2427 vnc_connect(vs
, csock
);
2431 void vnc_display_init(DisplayState
*ds
)
2433 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2435 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2444 QTAILQ_INIT(&vs
->clients
);
2446 if (keyboard_layout
)
2447 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2449 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2451 if (!vs
->kbd_layout
)
2454 dcl
->dpy_copy
= vnc_dpy_copy
;
2455 dcl
->dpy_update
= vnc_dpy_update
;
2456 dcl
->dpy_resize
= vnc_dpy_resize
;
2457 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2458 register_displaychangelistener(ds
, dcl
);
2462 void vnc_display_close(DisplayState
*ds
)
2464 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2469 qemu_free(vs
->display
);
2472 if (vs
->lsock
!= -1) {
2473 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2477 vs
->auth
= VNC_AUTH_INVALID
;
2478 #ifdef CONFIG_VNC_TLS
2479 vs
->subauth
= VNC_AUTH_INVALID
;
2480 vs
->tls
.x509verify
= 0;
2484 int vnc_display_password(DisplayState
*ds
, const char *password
)
2486 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2493 qemu_free(vs
->password
);
2494 vs
->password
= NULL
;
2496 if (password
&& password
[0]) {
2497 if (!(vs
->password
= qemu_strdup(password
)))
2499 if (vs
->auth
== VNC_AUTH_NONE
) {
2500 vs
->auth
= VNC_AUTH_VNC
;
2503 vs
->auth
= VNC_AUTH_NONE
;
2509 char *vnc_display_local_addr(DisplayState
*ds
)
2511 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2513 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2516 int vnc_display_open(DisplayState
*ds
, const char *display
)
2518 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2519 const char *options
;
2522 #ifdef CONFIG_VNC_TLS
2523 int tls
= 0, x509
= 0;
2525 #ifdef CONFIG_VNC_SASL
2533 vnc_display_close(ds
);
2534 if (strcmp(display
, "none") == 0)
2537 if (!(vs
->display
= strdup(display
)))
2541 while ((options
= strchr(options
, ','))) {
2543 if (strncmp(options
, "password", 8) == 0) {
2544 password
= 1; /* Require password auth */
2545 } else if (strncmp(options
, "reverse", 7) == 0) {
2547 #ifdef CONFIG_VNC_SASL
2548 } else if (strncmp(options
, "sasl", 4) == 0) {
2549 sasl
= 1; /* Require SASL auth */
2551 #ifdef CONFIG_VNC_TLS
2552 } else if (strncmp(options
, "tls", 3) == 0) {
2553 tls
= 1; /* Require TLS */
2554 } else if (strncmp(options
, "x509", 4) == 0) {
2556 x509
= 1; /* Require x509 certificates */
2557 if (strncmp(options
, "x509verify", 10) == 0)
2558 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2560 /* Now check for 'x509=/some/path' postfix
2561 * and use that to setup x509 certificate/key paths */
2562 start
= strchr(options
, '=');
2563 end
= strchr(options
, ',');
2564 if (start
&& (!end
|| (start
< end
))) {
2565 int len
= end
? end
-(start
+1) : strlen(start
+1);
2566 char *path
= qemu_strndup(start
+ 1, len
);
2568 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2569 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2570 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2572 qemu_free(vs
->display
);
2578 fprintf(stderr
, "No certificate path provided\n");
2579 qemu_free(vs
->display
);
2584 } else if (strncmp(options
, "acl", 3) == 0) {
2589 #ifdef CONFIG_VNC_TLS
2590 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2591 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2592 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2597 #ifdef CONFIG_VNC_SASL
2599 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2600 fprintf(stderr
, "Failed to create username ACL\n");
2607 * Combinations we support here:
2609 * - no-auth (clear text, no auth)
2610 * - password (clear text, weak auth)
2611 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2612 * - tls (encrypt, weak anonymous creds, no auth)
2613 * - tls + password (encrypt, weak anonymous creds, weak auth)
2614 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2615 * - tls + x509 (encrypt, good x509 creds, no auth)
2616 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2617 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2619 * NB1. TLS is a stackable auth scheme.
2620 * NB2. the x509 schemes have option to validate a client cert dname
2623 #ifdef CONFIG_VNC_TLS
2625 vs
->auth
= VNC_AUTH_VENCRYPT
;
2627 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2628 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2630 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2631 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2634 #endif /* CONFIG_VNC_TLS */
2635 VNC_DEBUG("Initializing VNC server with password auth\n");
2636 vs
->auth
= VNC_AUTH_VNC
;
2637 #ifdef CONFIG_VNC_TLS
2638 vs
->subauth
= VNC_AUTH_INVALID
;
2640 #endif /* CONFIG_VNC_TLS */
2641 #ifdef CONFIG_VNC_SASL
2643 #ifdef CONFIG_VNC_TLS
2645 vs
->auth
= VNC_AUTH_VENCRYPT
;
2647 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2648 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2650 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2651 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2654 #endif /* CONFIG_VNC_TLS */
2655 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2656 vs
->auth
= VNC_AUTH_SASL
;
2657 #ifdef CONFIG_VNC_TLS
2658 vs
->subauth
= VNC_AUTH_INVALID
;
2660 #endif /* CONFIG_VNC_TLS */
2661 #endif /* CONFIG_VNC_SASL */
2663 #ifdef CONFIG_VNC_TLS
2665 vs
->auth
= VNC_AUTH_VENCRYPT
;
2667 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2668 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2670 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2671 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2675 VNC_DEBUG("Initializing VNC server with no auth\n");
2676 vs
->auth
= VNC_AUTH_NONE
;
2677 #ifdef CONFIG_VNC_TLS
2678 vs
->subauth
= VNC_AUTH_INVALID
;
2683 #ifdef CONFIG_VNC_SASL
2684 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2685 fprintf(stderr
, "Failed to initialize SASL auth %s",
2686 sasl_errstring(saslErr
, NULL
, NULL
));
2694 /* connect to viewer */
2695 if (strncmp(display
, "unix:", 5) == 0)
2696 vs
->lsock
= unix_connect(display
+5);
2698 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2699 if (-1 == vs
->lsock
) {
2704 int csock
= vs
->lsock
;
2706 vnc_connect(vs
, csock
);
2711 /* listen for connects */
2713 dpy
= qemu_malloc(256);
2714 if (strncmp(display
, "unix:", 5) == 0) {
2715 pstrcpy(dpy
, 256, "unix:");
2716 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2718 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2720 if (-1 == vs
->lsock
) {
2728 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);