2 * QEMU VNC display driver
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
33 #define VNC_REFRESH_INTERVAL_BASE 30
34 #define VNC_REFRESH_INTERVAL_INC 50
35 #define VNC_REFRESH_INTERVAL_MAX 2000
37 #include "vnc_keysym.h"
40 #define count_bits(c, v) { \
41 for (c = 0; v; v >>= 1) \
48 static VncDisplay *vnc_display; /* needed for info vnc */
49 static DisplayChangeListener *dcl;
51 static char *addr_to_string(const char *format,
52 struct sockaddr_storage *sa,
55 char host[NI_MAXHOST];
56 char serv[NI_MAXSERV];
60 if ((err = getnameinfo((struct sockaddr *)sa, salen,
63 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
64 VNC_DEBUG("Cannot resolve address %d: %s\n",
65 err, gai_strerror(err));
69 /* Enough for the existing format + the 2 vars we're
71 addrlen = strlen(format) + strlen(host) + strlen(serv);
72 addr = qemu_malloc(addrlen + 1);
73 snprintf(addr, addrlen, format, host, serv);
80 char *vnc_socket_local_addr(const char *format, int fd) {
81 struct sockaddr_storage sa;
85 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
88 return addr_to_string(format, &sa, salen);
91 char *vnc_socket_remote_addr(const char *format, int fd) {
92 struct sockaddr_storage sa;
96 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
99 return addr_to_string(format, &sa, salen);
102 static const char *vnc_auth_name(VncDisplay *vd) {
104 case VNC_AUTH_INVALID:
120 case VNC_AUTH_VENCRYPT:
121 #ifdef CONFIG_VNC_TLS
122 switch (vd->subauth) {
123 case VNC_AUTH_VENCRYPT_PLAIN:
124 return "vencrypt+plain";
125 case VNC_AUTH_VENCRYPT_TLSNONE:
126 return "vencrypt+tls+none";
127 case VNC_AUTH_VENCRYPT_TLSVNC:
128 return "vencrypt+tls+vnc";
129 case VNC_AUTH_VENCRYPT_TLSPLAIN:
130 return "vencrypt+tls+plain";
131 case VNC_AUTH_VENCRYPT_X509NONE:
132 return "vencrypt+x509+none";
133 case VNC_AUTH_VENCRYPT_X509VNC:
134 return "vencrypt+x509+vnc";
135 case VNC_AUTH_VENCRYPT_X509PLAIN:
136 return "vencrypt+x509+plain";
137 case VNC_AUTH_VENCRYPT_TLSSASL:
138 return "vencrypt+tls+sasl";
139 case VNC_AUTH_VENCRYPT_X509SASL:
140 return "vencrypt+x509+sasl";
153 static void do_info_vnc_client(Monitor *mon, VncState *client)
156 vnc_socket_remote_addr(" address: %s:%s\n",
161 monitor_printf(mon, "Client:\n");
162 monitor_printf(mon, "%s", clientAddr);
165 #ifdef CONFIG_VNC_TLS
166 if (client->tls.session &&
168 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
170 monitor_printf(mon, " x509 dname: none\n");
172 #ifdef CONFIG_VNC_SASL
173 if (client->sasl.conn &&
174 client->sasl.username)
175 monitor_printf(mon, " username: %s\n", client->sasl.username);
177 monitor_printf(mon, " username: none\n");
181 void do_info_vnc(Monitor *mon)
183 if (vnc_display == NULL || vnc_display->display == NULL) {
184 monitor_printf(mon, "Server: disabled\n");
186 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
192 monitor_printf(mon, "Server:\n");
193 monitor_printf(mon, "%s", serverAddr);
195 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
197 if (vnc_display->clients) {
198 VncState *client = vnc_display->clients;
200 do_info_vnc_client(mon, client);
201 client = client->next;
204 monitor_printf(mon, "Client: none\n");
209 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
210 return (vs->features & (1 << feature));
214 1) Get the queue working for IO.
215 2) there is some weirdness when using the -S option (the screen is grey
216 and not totally invalidated
217 3) resolutions > 1024
220 static int vnc_update_client(VncState *vs, int has_dirty);
221 static void vnc_disconnect_start(VncState *vs);
222 static void vnc_disconnect_finish(VncState *vs);
223 static void vnc_init_timer(VncDisplay *vd);
224 static void vnc_remove_timer(VncDisplay *vd);
226 static void vnc_colordepth(VncState *vs);
227 static void framebuffer_update_request(VncState *vs, int incremental,
228 int x_position, int y_position,
230 static void vnc_refresh(void *opaque);
231 static int vnc_refresh_server_surface(VncDisplay *vd);
233 static inline void vnc_set_bit(uint32_t *d, int k)
235 d[k >> 5] |= 1 << (k & 0x1f);
238 static inline void vnc_clear_bit(uint32_t *d, int k)
240 d[k >> 5] &= ~(1 << (k & 0x1f));
243 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
253 d[j++] = (1 << n) - 1;
258 static inline int vnc_get_bit(const uint32_t *d, int k)
260 return (d[k >> 5] >> (k & 0x1f)) & 1;
263 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
267 for(i = 0; i < nb_words; i++) {
268 if ((d1[i] & d2[i]) != 0)
274 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
277 VncDisplay *vd = ds->opaque;
278 struct VncSurface *s = &vd->guest;
282 /* round x down to ensure the loop only spans one 16-pixel block per,
283 iteration. otherwise, if (x % 16) != 0, the last iteration may span
284 two 16-pixel blocks but we only mark the first as dirty
289 x = MIN(x, s->ds->width);
290 y = MIN(y, s->ds->height);
291 w = MIN(x + w, s->ds->width) - x;
292 h = MIN(h, s->ds->height);
295 for (i = 0; i < w; i += 16)
296 vnc_set_bit(s->dirty[y], (x + i) / 16);
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
307 vnc_write_s32(vs, encoding);
310 void buffer_reserve(Buffer *buffer, size_t len)
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
322 int buffer_empty(Buffer *buffer)
324 return buffer->offset == 0;
327 uint8_t *buffer_end(Buffer *buffer)
329 return buffer->buffer + buffer->offset;
332 void buffer_reset(Buffer *buffer)
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
343 static void vnc_dpy_resize(DisplayState *ds)
346 VncDisplay *vd = ds->opaque;
347 VncState *vs = vd->clients;
351 vd->server = qemu_mallocz(sizeof(*vd->server));
352 if (vd->server->data)
353 qemu_free(vd->server->data);
354 *(vd->server) = *(ds->surface);
355 vd->server->data = qemu_mallocz(vd->server->linesize *
360 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
361 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
362 console_color_init(ds);
363 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
364 ds_get_height(ds) != vd->guest.ds->height;
365 *(vd->guest.ds) = *(ds->surface);
366 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
371 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
372 vnc_write_u8(vs, 0); /* msg id */
374 vnc_write_u16(vs, 1); /* number of rects */
375 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
376 VNC_ENCODING_DESKTOPRESIZE);
380 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
388 vnc_write(vs, pixels, size);
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
395 VncDisplay *vd = vs->vd;
397 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
398 vd->server->pf.rbits);
399 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
400 vd->server->pf.gbits);
401 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
402 vd->server->pf.bbits);
403 v = (r << vs->clientds.pf.rshift) |
404 (g << vs->clientds.pf.gshift) |
405 (b << vs->clientds.pf.bshift);
406 switch(vs->clientds.pf.bytes_per_pixel) {
411 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
421 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
436 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
439 VncDisplay *vd = vs->vd;
441 if (vd->server->pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
449 } else if (vd->server->pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
457 } else if (vd->server->pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
474 VncDisplay *vd = vs->vd;
476 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
477 for (i = 0; i < h; i++) {
478 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
479 row += ds_get_linesize(vs->ds);
483 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
485 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
486 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
490 #include "vnchextile.h"
494 #include "vnchextile.h"
498 #include "vnchextile.h"
503 #include "vnchextile.h"
509 #include "vnchextile.h"
515 #include "vnchextile.h"
519 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
523 uint8_t *last_fg, *last_bg;
524 VncDisplay *vd = vs->vd;
526 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
527 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
529 for (j = y; j < (y + h); j += 16) {
530 for (i = x; i < (x + w); i += 16) {
531 vs->send_hextile_tile(vs, i, j,
532 MIN(16, x + w - i), MIN(16, y + h - j),
533 last_bg, last_fg, &has_bg, &has_fg);
541 #define ZALLOC_ALIGNMENT 16
543 static void *zalloc(void *x, unsigned items, unsigned size)
548 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
550 p = qemu_mallocz(size);
555 static void zfree(void *x, void *addr)
560 static void vnc_zlib_init(VncState *vs)
563 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
564 vs->zlib_stream[i].opaque = NULL;
567 static void vnc_zlib_start(VncState *vs)
569 buffer_reset(&vs->zlib);
571 // make the output buffer be the zlib buffer, so we can compress it later
572 vs->zlib_tmp = vs->output;
573 vs->output = vs->zlib;
576 static int vnc_zlib_stop(VncState *vs, int stream_id)
578 z_streamp zstream = &vs->zlib_stream[stream_id];
581 // switch back to normal output/zlib buffers
582 vs->zlib = vs->output;
583 vs->output = vs->zlib_tmp;
585 // compress the zlib buffer
587 // initialize the stream
588 // XXX need one stream per session
589 if (zstream->opaque != vs) {
592 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
593 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
594 zstream->zalloc = zalloc;
595 zstream->zfree = zfree;
597 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
598 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
601 fprintf(stderr, "VNC: error initializing zlib\n");
605 zstream->opaque = vs;
608 // XXX what to do if tight_compression changed in between?
610 // reserve memory in output buffer
611 buffer_reserve(&vs->output, vs->zlib.offset + 64);
614 zstream->next_in = vs->zlib.buffer;
615 zstream->avail_in = vs->zlib.offset;
616 zstream->next_out = vs->output.buffer + vs->output.offset;
617 zstream->avail_out = vs->output.capacity - vs->output.offset;
618 zstream->data_type = Z_BINARY;
619 previous_out = zstream->total_out;
622 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
623 fprintf(stderr, "VNC: error during zlib compression\n");
627 vs->output.offset = vs->output.capacity - zstream->avail_out;
628 return zstream->total_out - previous_out;
631 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
633 int old_offset, new_offset, bytes_written;
635 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
637 // remember where we put in the follow-up size
638 old_offset = vs->output.offset;
639 vnc_write_s32(vs, 0);
641 // compress the stream
643 send_framebuffer_update_raw(vs, x, y, w, h);
644 bytes_written = vnc_zlib_stop(vs, 0);
646 if (bytes_written == -1)
650 new_offset = vs->output.offset;
651 vs->output.offset = old_offset;
652 vnc_write_u32(vs, bytes_written);
653 vs->output.offset = new_offset;
656 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
658 switch(vs->vnc_encoding) {
659 case VNC_ENCODING_ZLIB:
660 send_framebuffer_update_zlib(vs, x, y, w, h);
662 case VNC_ENCODING_HEXTILE:
663 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
664 send_framebuffer_update_hextile(vs, x, y, w, h);
667 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
668 send_framebuffer_update_raw(vs, x, y, w, h);
673 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
675 /* send bitblit op to the vnc client */
676 vnc_write_u8(vs, 0); /* msg id */
678 vnc_write_u16(vs, 1); /* number of rects */
679 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
680 vnc_write_u16(vs, src_x);
681 vnc_write_u16(vs, src_y);
685 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
687 VncDisplay *vd = ds->opaque;
691 int i,x,y,pitch,depth,inc,w_lim,s;
694 vnc_refresh_server_surface(vd);
695 for (vs = vd->clients; vs != NULL; vs = vn) {
697 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
698 vs->force_update = 1;
699 vnc_update_client(vs, 1);
700 /* vs might be free()ed here */
704 /* do bitblit op on the local surface too */
705 pitch = ds_get_linesize(vd->ds);
706 depth = ds_get_bytes_per_pixel(vd->ds);
707 src_row = vd->server->data + pitch * src_y + depth * src_x;
708 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
713 src_row += pitch * (h-1);
714 dst_row += pitch * (h-1);
719 w_lim = w - (16 - (dst_x % 16));
723 w_lim = w - (w_lim % 16);
724 for (i = 0; i < h; i++) {
725 for (x = 0; x <= w_lim;
726 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
728 if ((s = w - w_lim) == 0)
731 s = (16 - (dst_x % 16));
736 cmp_bytes = s * depth;
737 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
739 memmove(dst_row, src_row, cmp_bytes);
742 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
743 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
747 src_row += pitch - w * depth;
748 dst_row += pitch - w * depth;
752 for (vs = vd->clients; vs != NULL; vs = vs->next) {
753 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
754 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
758 static int find_and_clear_dirty_height(struct VncState *vs,
759 int y, int last_x, int x)
762 VncDisplay *vd = vs->vd;
764 for (h = 1; h < (vd->server->height - y); h++) {
766 if (!vnc_get_bit(vs->dirty[y + h], last_x))
768 for (tmp_x = last_x; tmp_x < x; tmp_x++)
769 vnc_clear_bit(vs->dirty[y + h], tmp_x);
775 static int vnc_update_client(VncState *vs, int has_dirty)
777 if (vs->need_update && vs->csock != -1) {
778 VncDisplay *vd = vs->vd;
783 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
784 /* kernel send buffers are full -> drop frames to throttle */
787 if (!has_dirty && !vs->audio_cap && !vs->force_update)
791 * Send screen updates to the vnc client using the server
792 * surface and server dirty map. guest surface updates
793 * happening in parallel don't disturb us, the next pass will
794 * send them to the client.
797 vnc_write_u8(vs, 0); /* msg id */
799 saved_offset = vs->output.offset;
800 vnc_write_u16(vs, 0);
802 for (y = 0; y < vd->server->height; y++) {
805 for (x = 0; x < vd->server->width / 16; x++) {
806 if (vnc_get_bit(vs->dirty[y], x)) {
810 vnc_clear_bit(vs->dirty[y], x);
813 int h = find_and_clear_dirty_height(vs, y, last_x, x);
814 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
821 int h = find_and_clear_dirty_height(vs, y, last_x, x);
822 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
826 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
827 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
829 vs->force_update = 0;
834 vnc_disconnect_finish(vs);
840 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
842 VncState *vs = opaque;
845 case AUD_CNOTIFY_DISABLE:
846 vnc_write_u8(vs, 255);
848 vnc_write_u16(vs, 0);
852 case AUD_CNOTIFY_ENABLE:
853 vnc_write_u8(vs, 255);
855 vnc_write_u16(vs, 1);
861 static void audio_capture_destroy(void *opaque)
865 static void audio_capture(void *opaque, void *buf, int size)
867 VncState *vs = opaque;
869 vnc_write_u8(vs, 255);
871 vnc_write_u16(vs, 2);
872 vnc_write_u32(vs, size);
873 vnc_write(vs, buf, size);
877 static void audio_add(VncState *vs)
879 Monitor *mon = cur_mon;
880 struct audio_capture_ops ops;
883 monitor_printf(mon, "audio already running\n");
887 ops.notify = audio_capture_notify;
888 ops.destroy = audio_capture_destroy;
889 ops.capture = audio_capture;
891 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
892 if (!vs->audio_cap) {
893 monitor_printf(mon, "Failed to add audio capture\n");
897 static void audio_del(VncState *vs)
900 AUD_del_capture(vs->audio_cap, vs);
901 vs->audio_cap = NULL;
905 static void vnc_disconnect_start(VncState *vs)
909 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
910 closesocket(vs->csock);
914 static void vnc_disconnect_finish(VncState *vs)
916 if (vs->input.buffer) {
917 qemu_free(vs->input.buffer);
918 vs->input.buffer = NULL;
920 if (vs->output.buffer) {
921 qemu_free(vs->output.buffer);
922 vs->output.buffer = NULL;
924 #ifdef CONFIG_VNC_TLS
925 vnc_tls_client_cleanup(vs);
926 #endif /* CONFIG_VNC_TLS */
927 #ifdef CONFIG_VNC_SASL
928 vnc_sasl_client_cleanup(vs);
929 #endif /* CONFIG_VNC_SASL */
932 VncState *p, *parent = NULL;
933 for (p = vs->vd->clients; p != NULL; p = p->next) {
936 parent->next = p->next;
938 vs->vd->clients = p->next;
943 if (!vs->vd->clients)
946 vnc_remove_timer(vs->vd);
950 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
952 if (ret == 0 || ret == -1) {
954 switch (last_errno) {
966 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
967 ret, ret < 0 ? last_errno : 0);
968 vnc_disconnect_start(vs);
976 void vnc_client_error(VncState *vs)
978 VNC_DEBUG("Closing down client sock: protocol error\n");
979 vnc_disconnect_start(vs);
984 * Called to write a chunk of data to the client socket. The data may
985 * be the raw data, or may have already been encoded by SASL.
986 * The data will be written either straight onto the socket, or
987 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
989 * NB, it is theoretically possible to have 2 layers of encryption,
990 * both SASL, and this TLS layer. It is highly unlikely in practice
991 * though, since SASL encryption will typically be a no-op if TLS
994 * Returns the number of bytes written, which may be less than
995 * the requested 'datalen' if the socket would block. Returns
996 * -1 on error, and disconnects the client socket.
998 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1001 #ifdef CONFIG_VNC_TLS
1002 if (vs->tls.session) {
1003 ret = gnutls_write(vs->tls.session, data, datalen);
1005 if (ret == GNUTLS_E_AGAIN)
1012 #endif /* CONFIG_VNC_TLS */
1013 ret = send(vs->csock, (const void *)data, datalen, 0);
1014 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1015 return vnc_client_io_error(vs, ret, socket_error());
1020 * Called to write buffered data to the client socket, when not
1021 * using any SASL SSF encryption layers. Will write as much data
1022 * as possible without blocking. If all buffered data is written,
1023 * will switch the FD poll() handler back to read monitoring.
1025 * Returns the number of bytes written, which may be less than
1026 * the buffered output data if the socket would block. Returns
1027 * -1 on error, and disconnects the client socket.
1029 static long vnc_client_write_plain(VncState *vs)
1033 #ifdef CONFIG_VNC_SASL
1034 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1035 vs->output.buffer, vs->output.capacity, vs->output.offset,
1036 vs->sasl.waitWriteSSF);
1038 if (vs->sasl.conn &&
1040 vs->sasl.waitWriteSSF) {
1041 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1043 vs->sasl.waitWriteSSF -= ret;
1045 #endif /* CONFIG_VNC_SASL */
1046 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1050 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1051 vs->output.offset -= ret;
1053 if (vs->output.offset == 0) {
1054 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1062 * First function called whenever there is data to be written to
1063 * the client socket. Will delegate actual work according to whether
1064 * SASL SSF layers are enabled (thus requiring encryption calls)
1066 void vnc_client_write(void *opaque)
1069 VncState *vs = opaque;
1071 #ifdef CONFIG_VNC_SASL
1072 if (vs->sasl.conn &&
1074 !vs->sasl.waitWriteSSF)
1075 ret = vnc_client_write_sasl(vs);
1077 #endif /* CONFIG_VNC_SASL */
1078 ret = vnc_client_write_plain(vs);
1081 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1083 vs->read_handler = func;
1084 vs->read_handler_expect = expecting;
1089 * Called to read a chunk of data from the client socket. The data may
1090 * be the raw data, or may need to be further decoded by SASL.
1091 * The data will be read either straight from to the socket, or
1092 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1094 * NB, it is theoretically possible to have 2 layers of encryption,
1095 * both SASL, and this TLS layer. It is highly unlikely in practice
1096 * though, since SASL encryption will typically be a no-op if TLS
1099 * Returns the number of bytes read, which may be less than
1100 * the requested 'datalen' if the socket would block. Returns
1101 * -1 on error, and disconnects the client socket.
1103 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1106 #ifdef CONFIG_VNC_TLS
1107 if (vs->tls.session) {
1108 ret = gnutls_read(vs->tls.session, data, datalen);
1110 if (ret == GNUTLS_E_AGAIN)
1117 #endif /* CONFIG_VNC_TLS */
1118 ret = recv(vs->csock, (void *)data, datalen, 0);
1119 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1120 return vnc_client_io_error(vs, ret, socket_error());
1125 * Called to read data from the client socket to the input buffer,
1126 * when not using any SASL SSF encryption layers. Will read as much
1127 * data as possible without blocking.
1129 * Returns the number of bytes read. Returns -1 on error, and
1130 * disconnects the client socket.
1132 static long vnc_client_read_plain(VncState *vs)
1135 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1136 vs->input.buffer, vs->input.capacity, vs->input.offset);
1137 buffer_reserve(&vs->input, 4096);
1138 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1141 vs->input.offset += ret;
1147 * First function called whenever there is more data to be read from
1148 * the client socket. Will delegate actual work according to whether
1149 * SASL SSF layers are enabled (thus requiring decryption calls)
1151 void vnc_client_read(void *opaque)
1153 VncState *vs = opaque;
1156 #ifdef CONFIG_VNC_SASL
1157 if (vs->sasl.conn && vs->sasl.runSSF)
1158 ret = vnc_client_read_sasl(vs);
1160 #endif /* CONFIG_VNC_SASL */
1161 ret = vnc_client_read_plain(vs);
1163 if (vs->csock == -1)
1164 vnc_disconnect_finish(vs);
1168 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1169 size_t len = vs->read_handler_expect;
1172 ret = vs->read_handler(vs, vs->input.buffer, len);
1173 if (vs->csock == -1) {
1174 vnc_disconnect_finish(vs);
1179 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1180 vs->input.offset -= len;
1182 vs->read_handler_expect = ret;
1187 void vnc_write(VncState *vs, const void *data, size_t len)
1189 buffer_reserve(&vs->output, len);
1191 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1192 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1195 buffer_append(&vs->output, data, len);
1198 void vnc_write_s32(VncState *vs, int32_t value)
1200 vnc_write_u32(vs, *(uint32_t *)&value);
1203 void vnc_write_u32(VncState *vs, uint32_t value)
1207 buf[0] = (value >> 24) & 0xFF;
1208 buf[1] = (value >> 16) & 0xFF;
1209 buf[2] = (value >> 8) & 0xFF;
1210 buf[3] = value & 0xFF;
1212 vnc_write(vs, buf, 4);
1215 void vnc_write_u16(VncState *vs, uint16_t value)
1219 buf[0] = (value >> 8) & 0xFF;
1220 buf[1] = value & 0xFF;
1222 vnc_write(vs, buf, 2);
1225 void vnc_write_u8(VncState *vs, uint8_t value)
1227 vnc_write(vs, (char *)&value, 1);
1230 void vnc_flush(VncState *vs)
1232 if (vs->csock != -1 && vs->output.offset)
1233 vnc_client_write(vs);
1236 uint8_t read_u8(uint8_t *data, size_t offset)
1238 return data[offset];
1241 uint16_t read_u16(uint8_t *data, size_t offset)
1243 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1246 int32_t read_s32(uint8_t *data, size_t offset)
1248 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1249 (data[offset + 2] << 8) | data[offset + 3]);
1252 uint32_t read_u32(uint8_t *data, size_t offset)
1254 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1255 (data[offset + 2] << 8) | data[offset + 3]);
1258 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1262 static void check_pointer_type_change(VncState *vs, int absolute)
1264 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1265 vnc_write_u8(vs, 0);
1266 vnc_write_u8(vs, 0);
1267 vnc_write_u16(vs, 1);
1268 vnc_framebuffer_update(vs, absolute, 0,
1269 ds_get_width(vs->ds), ds_get_height(vs->ds),
1270 VNC_ENCODING_POINTER_TYPE_CHANGE);
1273 vs->absolute = absolute;
1276 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1281 if (button_mask & 0x01)
1282 buttons |= MOUSE_EVENT_LBUTTON;
1283 if (button_mask & 0x02)
1284 buttons |= MOUSE_EVENT_MBUTTON;
1285 if (button_mask & 0x04)
1286 buttons |= MOUSE_EVENT_RBUTTON;
1287 if (button_mask & 0x08)
1289 if (button_mask & 0x10)
1293 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1294 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1296 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1300 kbd_mouse_event(x, y, dz, buttons);
1302 if (vs->last_x != -1)
1303 kbd_mouse_event(x - vs->last_x,
1310 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1313 static void reset_keys(VncState *vs)
1316 for(i = 0; i < 256; i++) {
1317 if (vs->modifiers_state[i]) {
1319 kbd_put_keycode(0xe0);
1320 kbd_put_keycode(i | 0x80);
1321 vs->modifiers_state[i] = 0;
1326 static void press_key(VncState *vs, int keysym)
1328 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1329 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1332 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1334 /* QEMU console switch */
1336 case 0x2a: /* Left Shift */
1337 case 0x36: /* Right Shift */
1338 case 0x1d: /* Left CTRL */
1339 case 0x9d: /* Right CTRL */
1340 case 0x38: /* Left ALT */
1341 case 0xb8: /* Right ALT */
1343 vs->modifiers_state[keycode] = 1;
1345 vs->modifiers_state[keycode] = 0;
1347 case 0x02 ... 0x0a: /* '1' to '9' keys */
1348 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1349 /* Reset the modifiers sent to the current console */
1351 console_select(keycode - 0x02);
1355 case 0x3a: /* CapsLock */
1356 case 0x45: /* NumLock */
1358 vs->modifiers_state[keycode] ^= 1;
1362 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1363 /* If the numlock state needs to change then simulate an additional
1364 keypress before sending this one. This will happen if the user
1365 toggles numlock away from the VNC window.
1367 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1368 if (!vs->modifiers_state[0x45]) {
1369 vs->modifiers_state[0x45] = 1;
1370 press_key(vs, 0xff7f);
1373 if (vs->modifiers_state[0x45]) {
1374 vs->modifiers_state[0x45] = 0;
1375 press_key(vs, 0xff7f);
1380 if ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z')) {
1381 /* If the capslock state needs to change then simulate an additional
1382 keypress before sending this one. This will happen if the user
1383 toggles capslock away from the VNC window.
1385 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1386 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1387 int capslock = !!(vs->modifiers_state[0x3a]);
1389 if (uppercase == shift) {
1390 vs->modifiers_state[0x3a] = 0;
1391 press_key(vs, 0xffe5);
1394 if (uppercase != shift) {
1395 vs->modifiers_state[0x3a] = 1;
1396 press_key(vs, 0xffe5);
1401 if (is_graphic_console()) {
1403 kbd_put_keycode(0xe0);
1405 kbd_put_keycode(keycode & 0x7f);
1407 kbd_put_keycode(keycode | 0x80);
1409 /* QEMU console emulation */
1411 int numlock = vs->modifiers_state[0x45];
1413 case 0x2a: /* Left Shift */
1414 case 0x36: /* Right Shift */
1415 case 0x1d: /* Left CTRL */
1416 case 0x9d: /* Right CTRL */
1417 case 0x38: /* Left ALT */
1418 case 0xb8: /* Right ALT */
1421 kbd_put_keysym(QEMU_KEY_UP);
1424 kbd_put_keysym(QEMU_KEY_DOWN);
1427 kbd_put_keysym(QEMU_KEY_LEFT);
1430 kbd_put_keysym(QEMU_KEY_RIGHT);
1433 kbd_put_keysym(QEMU_KEY_DELETE);
1436 kbd_put_keysym(QEMU_KEY_HOME);
1439 kbd_put_keysym(QEMU_KEY_END);
1442 kbd_put_keysym(QEMU_KEY_PAGEUP);
1445 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1449 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1452 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1455 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1458 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1461 kbd_put_keysym('5');
1464 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1467 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1470 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1473 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1476 kbd_put_keysym('0');
1479 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1483 kbd_put_keysym('/');
1486 kbd_put_keysym('*');
1489 kbd_put_keysym('-');
1492 kbd_put_keysym('+');
1495 kbd_put_keysym('\n');
1499 kbd_put_keysym(sym);
1506 static void key_event(VncState *vs, int down, uint32_t sym)
1510 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1511 sym = sym - 'A' + 'a';
1513 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1514 do_key_event(vs, down, keycode, sym);
1517 static void ext_key_event(VncState *vs, int down,
1518 uint32_t sym, uint16_t keycode)
1520 /* if the user specifies a keyboard layout, always use it */
1521 if (keyboard_layout)
1522 key_event(vs, down, sym);
1524 do_key_event(vs, down, keycode, sym);
1527 static void framebuffer_update_request(VncState *vs, int incremental,
1528 int x_position, int y_position,
1531 if (x_position > ds_get_width(vs->ds))
1532 x_position = ds_get_width(vs->ds);
1533 if (y_position > ds_get_height(vs->ds))
1534 y_position = ds_get_height(vs->ds);
1535 if (x_position + w >= ds_get_width(vs->ds))
1536 w = ds_get_width(vs->ds) - x_position;
1537 if (y_position + h >= ds_get_height(vs->ds))
1538 h = ds_get_height(vs->ds) - y_position;
1541 vs->need_update = 1;
1543 vs->force_update = 1;
1544 for (i = 0; i < h; i++) {
1545 vnc_set_bits(vs->dirty[y_position + i],
1546 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1551 static void send_ext_key_event_ack(VncState *vs)
1553 vnc_write_u8(vs, 0);
1554 vnc_write_u8(vs, 0);
1555 vnc_write_u16(vs, 1);
1556 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1557 VNC_ENCODING_EXT_KEY_EVENT);
1561 static void send_ext_audio_ack(VncState *vs)
1563 vnc_write_u8(vs, 0);
1564 vnc_write_u8(vs, 0);
1565 vnc_write_u16(vs, 1);
1566 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1567 VNC_ENCODING_AUDIO);
1571 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1574 unsigned int enc = 0;
1578 vs->vnc_encoding = 0;
1579 vs->tight_compression = 9;
1580 vs->tight_quality = 9;
1583 for (i = n_encodings - 1; i >= 0; i--) {
1586 case VNC_ENCODING_RAW:
1587 vs->vnc_encoding = enc;
1589 case VNC_ENCODING_COPYRECT:
1590 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1592 case VNC_ENCODING_HEXTILE:
1593 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1594 vs->vnc_encoding = enc;
1596 case VNC_ENCODING_ZLIB:
1597 vs->features |= VNC_FEATURE_ZLIB_MASK;
1598 vs->vnc_encoding = enc;
1600 case VNC_ENCODING_DESKTOPRESIZE:
1601 vs->features |= VNC_FEATURE_RESIZE_MASK;
1603 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1604 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1606 case VNC_ENCODING_EXT_KEY_EVENT:
1607 send_ext_key_event_ack(vs);
1609 case VNC_ENCODING_AUDIO:
1610 send_ext_audio_ack(vs);
1612 case VNC_ENCODING_WMVi:
1613 vs->features |= VNC_FEATURE_WMVI_MASK;
1615 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1616 vs->tight_compression = (enc & 0x0F);
1618 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1619 vs->tight_quality = (enc & 0x0F);
1622 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1627 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1630 static void set_pixel_conversion(VncState *vs)
1632 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1633 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1634 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1635 vs->write_pixels = vnc_write_pixels_copy;
1636 switch (vs->ds->surface->pf.bits_per_pixel) {
1638 vs->send_hextile_tile = send_hextile_tile_8;
1641 vs->send_hextile_tile = send_hextile_tile_16;
1644 vs->send_hextile_tile = send_hextile_tile_32;
1648 vs->write_pixels = vnc_write_pixels_generic;
1649 switch (vs->ds->surface->pf.bits_per_pixel) {
1651 vs->send_hextile_tile = send_hextile_tile_generic_8;
1654 vs->send_hextile_tile = send_hextile_tile_generic_16;
1657 vs->send_hextile_tile = send_hextile_tile_generic_32;
1663 static void set_pixel_format(VncState *vs,
1664 int bits_per_pixel, int depth,
1665 int big_endian_flag, int true_color_flag,
1666 int red_max, int green_max, int blue_max,
1667 int red_shift, int green_shift, int blue_shift)
1669 if (!true_color_flag) {
1670 vnc_client_error(vs);
1674 vs->clientds = *(vs->vd->guest.ds);
1675 vs->clientds.pf.rmax = red_max;
1676 count_bits(vs->clientds.pf.rbits, red_max);
1677 vs->clientds.pf.rshift = red_shift;
1678 vs->clientds.pf.rmask = red_max << red_shift;
1679 vs->clientds.pf.gmax = green_max;
1680 count_bits(vs->clientds.pf.gbits, green_max);
1681 vs->clientds.pf.gshift = green_shift;
1682 vs->clientds.pf.gmask = green_max << green_shift;
1683 vs->clientds.pf.bmax = blue_max;
1684 count_bits(vs->clientds.pf.bbits, blue_max);
1685 vs->clientds.pf.bshift = blue_shift;
1686 vs->clientds.pf.bmask = blue_max << blue_shift;
1687 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1688 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1689 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1690 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1692 set_pixel_conversion(vs);
1694 vga_hw_invalidate();
1698 static void pixel_format_message (VncState *vs) {
1699 char pad[3] = { 0, 0, 0 };
1701 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1702 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1704 #ifdef HOST_WORDS_BIGENDIAN
1705 vnc_write_u8(vs, 1); /* big-endian-flag */
1707 vnc_write_u8(vs, 0); /* big-endian-flag */
1709 vnc_write_u8(vs, 1); /* true-color-flag */
1710 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1711 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1712 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1713 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1714 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1715 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1716 if (vs->ds->surface->pf.bits_per_pixel == 32)
1717 vs->send_hextile_tile = send_hextile_tile_32;
1718 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1719 vs->send_hextile_tile = send_hextile_tile_16;
1720 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1721 vs->send_hextile_tile = send_hextile_tile_8;
1722 vs->clientds = *(vs->ds->surface);
1723 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1724 vs->write_pixels = vnc_write_pixels_copy;
1726 vnc_write(vs, pad, 3); /* padding */
1729 static void vnc_dpy_setdata(DisplayState *ds)
1731 /* We don't have to do anything */
1734 static void vnc_colordepth(VncState *vs)
1736 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1737 /* Sending a WMVi message to notify the client*/
1738 vnc_write_u8(vs, 0); /* msg id */
1739 vnc_write_u8(vs, 0);
1740 vnc_write_u16(vs, 1); /* number of rects */
1741 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1742 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1743 pixel_format_message(vs);
1746 set_pixel_conversion(vs);
1750 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1754 VncDisplay *vd = vs->vd;
1757 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1758 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1759 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1767 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1768 read_u8(data, 6), read_u8(data, 7),
1769 read_u16(data, 8), read_u16(data, 10),
1770 read_u16(data, 12), read_u8(data, 14),
1771 read_u8(data, 15), read_u8(data, 16));
1778 limit = read_u16(data, 2);
1780 return 4 + (limit * 4);
1782 limit = read_u16(data, 2);
1784 for (i = 0; i < limit; i++) {
1785 int32_t val = read_s32(data, 4 + (i * 4));
1786 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1789 set_encodings(vs, (int32_t *)(data + 4), limit);
1795 framebuffer_update_request(vs,
1796 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1797 read_u16(data, 6), read_u16(data, 8));
1803 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1809 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1816 uint32_t dlen = read_u32(data, 4);
1821 client_cut_text(vs, read_u32(data, 4), data + 8);
1827 switch (read_u8(data, 1)) {
1832 ext_key_event(vs, read_u16(data, 2),
1833 read_u32(data, 4), read_u32(data, 8));
1839 switch (read_u16 (data, 2)) {
1849 switch (read_u8(data, 4)) {
1850 case 0: vs->as.fmt = AUD_FMT_U8; break;
1851 case 1: vs->as.fmt = AUD_FMT_S8; break;
1852 case 2: vs->as.fmt = AUD_FMT_U16; break;
1853 case 3: vs->as.fmt = AUD_FMT_S16; break;
1854 case 4: vs->as.fmt = AUD_FMT_U32; break;
1855 case 5: vs->as.fmt = AUD_FMT_S32; break;
1857 printf("Invalid audio format %d\n", read_u8(data, 4));
1858 vnc_client_error(vs);
1861 vs->as.nchannels = read_u8(data, 5);
1862 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1863 printf("Invalid audio channel coount %d\n",
1865 vnc_client_error(vs);
1868 vs->as.freq = read_u32(data, 6);
1871 printf ("Invalid audio message %d\n", read_u8(data, 4));
1872 vnc_client_error(vs);
1878 printf("Msg: %d\n", read_u16(data, 0));
1879 vnc_client_error(vs);
1884 printf("Msg: %d\n", data[0]);
1885 vnc_client_error(vs);
1889 vnc_read_when(vs, protocol_client_msg, 1);
1893 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1898 vnc_write_u16(vs, ds_get_width(vs->ds));
1899 vnc_write_u16(vs, ds_get_height(vs->ds));
1901 pixel_format_message(vs);
1904 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1906 size = snprintf(buf, sizeof(buf), "QEMU");
1908 vnc_write_u32(vs, size);
1909 vnc_write(vs, buf, size);
1912 vnc_read_when(vs, protocol_client_msg, 1);
1917 void start_client_init(VncState *vs)
1919 vnc_read_when(vs, protocol_client_init, 1);
1922 static void make_challenge(VncState *vs)
1926 srand(time(NULL)+getpid()+getpid()*987654+rand());
1928 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1929 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1932 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1934 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1936 unsigned char key[8];
1938 if (!vs->vd->password || !vs->vd->password[0]) {
1939 VNC_DEBUG("No password configured on server");
1940 vnc_write_u32(vs, 1); /* Reject auth */
1941 if (vs->minor >= 8) {
1942 static const char err[] = "Authentication failed";
1943 vnc_write_u32(vs, sizeof(err));
1944 vnc_write(vs, err, sizeof(err));
1947 vnc_client_error(vs);
1951 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1953 /* Calculate the expected challenge response */
1954 pwlen = strlen(vs->vd->password);
1955 for (i=0; i<sizeof(key); i++)
1956 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1958 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1959 des(response+j, response+j);
1961 /* Compare expected vs actual challenge response */
1962 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1963 VNC_DEBUG("Client challenge reponse did not match\n");
1964 vnc_write_u32(vs, 1); /* Reject auth */
1965 if (vs->minor >= 8) {
1966 static const char err[] = "Authentication failed";
1967 vnc_write_u32(vs, sizeof(err));
1968 vnc_write(vs, err, sizeof(err));
1971 vnc_client_error(vs);
1973 VNC_DEBUG("Accepting VNC challenge response\n");
1974 vnc_write_u32(vs, 0); /* Accept auth */
1977 start_client_init(vs);
1982 void start_auth_vnc(VncState *vs)
1985 /* Send client a 'random' challenge */
1986 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1989 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1993 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1995 /* We only advertise 1 auth scheme at a time, so client
1996 * must pick the one we sent. Verify this */
1997 if (data[0] != vs->vd->auth) { /* Reject auth */
1998 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1999 vnc_write_u32(vs, 1);
2000 if (vs->minor >= 8) {
2001 static const char err[] = "Authentication failed";
2002 vnc_write_u32(vs, sizeof(err));
2003 vnc_write(vs, err, sizeof(err));
2005 vnc_client_error(vs);
2006 } else { /* Accept requested auth */
2007 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2008 switch (vs->vd->auth) {
2010 VNC_DEBUG("Accept auth none\n");
2011 if (vs->minor >= 8) {
2012 vnc_write_u32(vs, 0); /* Accept auth completion */
2015 start_client_init(vs);
2019 VNC_DEBUG("Start VNC auth\n");
2023 #ifdef CONFIG_VNC_TLS
2024 case VNC_AUTH_VENCRYPT:
2025 VNC_DEBUG("Accept VeNCrypt auth\n");;
2026 start_auth_vencrypt(vs);
2028 #endif /* CONFIG_VNC_TLS */
2030 #ifdef CONFIG_VNC_SASL
2032 VNC_DEBUG("Accept SASL auth\n");
2033 start_auth_sasl(vs);
2035 #endif /* CONFIG_VNC_SASL */
2037 default: /* Should not be possible, but just in case */
2038 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2039 vnc_write_u8(vs, 1);
2040 if (vs->minor >= 8) {
2041 static const char err[] = "Authentication failed";
2042 vnc_write_u32(vs, sizeof(err));
2043 vnc_write(vs, err, sizeof(err));
2045 vnc_client_error(vs);
2051 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2055 memcpy(local, version, 12);
2058 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2059 VNC_DEBUG("Malformed protocol version %s\n", local);
2060 vnc_client_error(vs);
2063 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2064 if (vs->major != 3 ||
2070 VNC_DEBUG("Unsupported client version\n");
2071 vnc_write_u32(vs, VNC_AUTH_INVALID);
2073 vnc_client_error(vs);
2076 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2077 * as equivalent to v3.3 by servers
2079 if (vs->minor == 4 || vs->minor == 5)
2082 if (vs->minor == 3) {
2083 if (vs->vd->auth == VNC_AUTH_NONE) {
2084 VNC_DEBUG("Tell client auth none\n");
2085 vnc_write_u32(vs, vs->vd->auth);
2087 start_client_init(vs);
2088 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2089 VNC_DEBUG("Tell client VNC auth\n");
2090 vnc_write_u32(vs, vs->vd->auth);
2094 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2095 vnc_write_u32(vs, VNC_AUTH_INVALID);
2097 vnc_client_error(vs);
2100 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2101 vnc_write_u8(vs, 1); /* num auth */
2102 vnc_write_u8(vs, vs->vd->auth);
2103 vnc_read_when(vs, protocol_client_auth, 1);
2110 static int vnc_refresh_server_surface(VncDisplay *vd)
2114 uint8_t *server_row;
2116 uint32_t width_mask[VNC_DIRTY_WORDS];
2117 VncState *vs = NULL;
2121 * Walk through the guest dirty map.
2122 * Check and copy modified bits from guest to server surface.
2123 * Update server dirty map.
2125 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2126 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2127 guest_row = vd->guest.ds->data;
2128 server_row = vd->server->data;
2129 for (y = 0; y < vd->guest.ds->height; y++) {
2130 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2133 uint8_t *server_ptr;
2135 guest_ptr = guest_row;
2136 server_ptr = server_row;
2138 for (x = 0; x < vd->guest.ds->width;
2139 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2140 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2142 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2143 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2145 memcpy(server_ptr, guest_ptr, cmp_bytes);
2147 while (vs != NULL) {
2148 vnc_set_bit(vs->dirty[y], (x / 16));
2154 guest_row += ds_get_linesize(vd->ds);
2155 server_row += ds_get_linesize(vd->ds);
2160 static void vnc_refresh(void *opaque)
2162 VncDisplay *vd = opaque;
2163 VncState *vs = NULL;
2164 int has_dirty = 0, rects = 0;
2168 has_dirty = vnc_refresh_server_surface(vd);
2171 while (vs != NULL) {
2172 rects += vnc_update_client(vs, has_dirty);
2176 if (has_dirty && rects) {
2177 vd->timer_interval /= 2;
2178 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2179 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2181 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2182 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2183 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2185 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2188 static void vnc_init_timer(VncDisplay *vd)
2190 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2191 if (vd->timer == NULL && vd->clients != NULL) {
2192 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2197 static void vnc_remove_timer(VncDisplay *vd)
2199 if (vd->timer != NULL && vd->clients == NULL) {
2200 qemu_del_timer(vd->timer);
2201 qemu_free_timer(vd->timer);
2206 static void vnc_connect(VncDisplay *vd, int csock)
2208 VncState *vs = qemu_mallocz(sizeof(VncState));
2211 VNC_DEBUG("New client on socket %d\n", csock);
2213 socket_set_nonblock(vs->csock);
2214 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2221 vs->as.freq = 44100;
2222 vs->as.nchannels = 2;
2223 vs->as.fmt = AUD_FMT_S16;
2224 vs->as.endianness = 0;
2226 vs->next = vd->clients;
2231 vnc_write(vs, "RFB 003.008\n", 12);
2233 vnc_read_when(vs, protocol_version, 12);
2238 /* vs might be free()ed here */
2241 static void vnc_listen_read(void *opaque)
2243 VncDisplay *vs = opaque;
2244 struct sockaddr_in addr;
2245 socklen_t addrlen = sizeof(addr);
2250 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2252 vnc_connect(vs, csock);
2256 void vnc_display_init(DisplayState *ds)
2258 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2260 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2270 if (keyboard_layout)
2271 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2273 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2275 if (!vs->kbd_layout)
2278 dcl->dpy_copy = vnc_dpy_copy;
2279 dcl->dpy_update = vnc_dpy_update;
2280 dcl->dpy_resize = vnc_dpy_resize;
2281 dcl->dpy_setdata = vnc_dpy_setdata;
2282 register_displaychangelistener(ds, dcl);
2286 void vnc_display_close(DisplayState *ds)
2288 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2293 qemu_free(vs->display);
2296 if (vs->lsock != -1) {
2297 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2301 vs->auth = VNC_AUTH_INVALID;
2302 #ifdef CONFIG_VNC_TLS
2303 vs->subauth = VNC_AUTH_INVALID;
2304 vs->tls.x509verify = 0;
2308 int vnc_display_password(DisplayState *ds, const char *password)
2310 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2317 qemu_free(vs->password);
2318 vs->password = NULL;
2320 if (password && password[0]) {
2321 if (!(vs->password = qemu_strdup(password)))
2323 if (vs->auth == VNC_AUTH_NONE) {
2324 vs->auth = VNC_AUTH_VNC;
2327 vs->auth = VNC_AUTH_NONE;
2333 char *vnc_display_local_addr(DisplayState *ds)
2335 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2337 return vnc_socket_local_addr("%s:%s", vs->lsock);
2340 int vnc_display_open(DisplayState *ds, const char *display)
2342 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2343 const char *options;
2347 #ifdef CONFIG_VNC_TLS
2348 int tls = 0, x509 = 0;
2350 #ifdef CONFIG_VNC_SASL
2358 vnc_display_close(ds);
2359 if (strcmp(display, "none") == 0)
2362 if (!(vs->display = strdup(display)))
2366 while ((options = strchr(options, ','))) {
2368 if (strncmp(options, "password", 8) == 0) {
2369 password = 1; /* Require password auth */
2370 } else if (strncmp(options, "reverse", 7) == 0) {
2372 } else if (strncmp(options, "to=", 3) == 0) {
2373 to_port = atoi(options+3) + 5900;
2374 #ifdef CONFIG_VNC_SASL
2375 } else if (strncmp(options, "sasl", 4) == 0) {
2376 sasl = 1; /* Require SASL auth */
2378 #ifdef CONFIG_VNC_TLS
2379 } else if (strncmp(options, "tls", 3) == 0) {
2380 tls = 1; /* Require TLS */
2381 } else if (strncmp(options, "x509", 4) == 0) {
2383 x509 = 1; /* Require x509 certificates */
2384 if (strncmp(options, "x509verify", 10) == 0)
2385 vs->tls.x509verify = 1; /* ...and verify client certs */
2387 /* Now check for 'x509=/some/path' postfix
2388 * and use that to setup x509 certificate/key paths */
2389 start = strchr(options, '=');
2390 end = strchr(options, ',');
2391 if (start && (!end || (start < end))) {
2392 int len = end ? end-(start+1) : strlen(start+1);
2393 char *path = qemu_strndup(start + 1, len);
2395 VNC_DEBUG("Trying certificate path '%s'\n", path);
2396 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2397 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2399 qemu_free(vs->display);
2405 fprintf(stderr, "No certificate path provided\n");
2406 qemu_free(vs->display);
2411 } else if (strncmp(options, "acl", 3) == 0) {
2416 #ifdef CONFIG_VNC_TLS
2417 if (acl && x509 && vs->tls.x509verify) {
2418 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2419 fprintf(stderr, "Failed to create x509 dname ACL\n");
2424 #ifdef CONFIG_VNC_SASL
2426 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2427 fprintf(stderr, "Failed to create username ACL\n");
2434 * Combinations we support here:
2436 * - no-auth (clear text, no auth)
2437 * - password (clear text, weak auth)
2438 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2439 * - tls (encrypt, weak anonymous creds, no auth)
2440 * - tls + password (encrypt, weak anonymous creds, weak auth)
2441 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2442 * - tls + x509 (encrypt, good x509 creds, no auth)
2443 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2444 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2446 * NB1. TLS is a stackable auth scheme.
2447 * NB2. the x509 schemes have option to validate a client cert dname
2450 #ifdef CONFIG_VNC_TLS
2452 vs->auth = VNC_AUTH_VENCRYPT;
2454 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2455 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2457 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2458 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2461 #endif /* CONFIG_VNC_TLS */
2462 VNC_DEBUG("Initializing VNC server with password auth\n");
2463 vs->auth = VNC_AUTH_VNC;
2464 #ifdef CONFIG_VNC_TLS
2465 vs->subauth = VNC_AUTH_INVALID;
2467 #endif /* CONFIG_VNC_TLS */
2468 #ifdef CONFIG_VNC_SASL
2470 #ifdef CONFIG_VNC_TLS
2472 vs->auth = VNC_AUTH_VENCRYPT;
2474 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2475 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2477 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2478 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2481 #endif /* CONFIG_VNC_TLS */
2482 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2483 vs->auth = VNC_AUTH_SASL;
2484 #ifdef CONFIG_VNC_TLS
2485 vs->subauth = VNC_AUTH_INVALID;
2487 #endif /* CONFIG_VNC_TLS */
2488 #endif /* CONFIG_VNC_SASL */
2490 #ifdef CONFIG_VNC_TLS
2492 vs->auth = VNC_AUTH_VENCRYPT;
2494 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2495 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2497 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2498 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2502 VNC_DEBUG("Initializing VNC server with no auth\n");
2503 vs->auth = VNC_AUTH_NONE;
2504 #ifdef CONFIG_VNC_TLS
2505 vs->subauth = VNC_AUTH_INVALID;
2510 #ifdef CONFIG_VNC_SASL
2511 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2512 fprintf(stderr, "Failed to initialize SASL auth %s",
2513 sasl_errstring(saslErr, NULL, NULL));
2521 /* connect to viewer */
2522 if (strncmp(display, "unix:", 5) == 0)
2523 vs->lsock = unix_connect(display+5);
2525 vs->lsock = inet_connect(display, SOCK_STREAM);
2526 if (-1 == vs->lsock) {
2531 int csock = vs->lsock;
2533 vnc_connect(vs, csock);
2538 /* listen for connects */
2540 dpy = qemu_malloc(256);
2541 if (strncmp(display, "unix:", 5) == 0) {
2542 pstrcpy(dpy, 256, "unix:");
2543 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2545 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2547 if (-1 == vs->lsock) {
2555 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
projects / qemu.git / blob