2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #include "qemu-objects.h"
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
38 #include "vnc_keysym.h"
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
49 static VncDisplay
*vnc_display
; /* needed for info vnc */
50 static DisplayChangeListener
*dcl
;
52 static char *addr_to_string(const char *format
,
53 struct sockaddr_storage
*sa
,
56 char host
[NI_MAXHOST
];
57 char serv
[NI_MAXSERV
];
61 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
64 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
65 VNC_DEBUG("Cannot resolve address %d: %s\n",
66 err
, gai_strerror(err
));
70 /* Enough for the existing format + the 2 vars we're
72 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
73 addr
= qemu_malloc(addrlen
+ 1);
74 snprintf(addr
, addrlen
, format
, host
, serv
);
81 char *vnc_socket_local_addr(const char *format
, int fd
) {
82 struct sockaddr_storage sa
;
86 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
89 return addr_to_string(format
, &sa
, salen
);
92 char *vnc_socket_remote_addr(const char *format
, int fd
) {
93 struct sockaddr_storage sa
;
97 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
100 return addr_to_string(format
, &sa
, salen
);
103 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
106 char host
[NI_MAXHOST
];
107 char serv
[NI_MAXSERV
];
110 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
113 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
114 VNC_DEBUG("Cannot resolve address %d: %s\n",
115 err
, gai_strerror(err
));
119 qdict_put(qdict
, "host", qstring_from_str(host
));
120 qdict_put(qdict
, "service", qstring_from_str(serv
));
125 static int vnc_qdict_local_addr(QDict
*qdict
, int fd
)
127 struct sockaddr_storage sa
;
131 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
135 return put_addr_qdict(qdict
, &sa
, salen
);
138 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
140 struct sockaddr_storage sa
;
144 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
148 return put_addr_qdict(qdict
, &sa
, salen
);
151 static const char *vnc_auth_name(VncDisplay
*vd
) {
153 case VNC_AUTH_INVALID
:
169 case VNC_AUTH_VENCRYPT
:
170 #ifdef CONFIG_VNC_TLS
171 switch (vd
->subauth
) {
172 case VNC_AUTH_VENCRYPT_PLAIN
:
173 return "vencrypt+plain";
174 case VNC_AUTH_VENCRYPT_TLSNONE
:
175 return "vencrypt+tls+none";
176 case VNC_AUTH_VENCRYPT_TLSVNC
:
177 return "vencrypt+tls+vnc";
178 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
179 return "vencrypt+tls+plain";
180 case VNC_AUTH_VENCRYPT_X509NONE
:
181 return "vencrypt+x509+none";
182 case VNC_AUTH_VENCRYPT_X509VNC
:
183 return "vencrypt+x509+vnc";
184 case VNC_AUTH_VENCRYPT_X509PLAIN
:
185 return "vencrypt+x509+plain";
186 case VNC_AUTH_VENCRYPT_TLSSASL
:
187 return "vencrypt+tls+sasl";
188 case VNC_AUTH_VENCRYPT_X509SASL
:
189 return "vencrypt+x509+sasl";
202 static QDict
*do_info_vnc_client(Monitor
*mon
, VncState
*client
)
207 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
212 #ifdef CONFIG_VNC_TLS
213 if (client
->tls
.session
&&
215 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
218 #ifdef CONFIG_VNC_SASL
219 if (client
->sasl
.conn
&&
220 client
->sasl
.username
) {
221 qdict_put(qdict
, "username", qstring_from_str(client
->sasl
.username
));
228 static void info_vnc_iter(QObject
*obj
, void *opaque
)
231 Monitor
*mon
= opaque
;
233 client
= qobject_to_qdict(obj
);
234 monitor_printf(mon
, "Client:\n");
235 monitor_printf(mon
, " address: %s:%s\n",
236 qdict_get_str(client
, "host"),
237 qdict_get_str(client
, "service"));
239 #ifdef CONFIG_VNC_TLS
240 monitor_printf(mon
, " x509_dname: %s\n",
241 qdict_haskey(client
, "x509_dname") ?
242 qdict_get_str(client
, "x509_dname") : "none");
244 #ifdef CONFIG_VNC_SASL
245 monitor_printf(mon
, " username: %s\n",
246 qdict_haskey(client
, "username") ?
247 qdict_get_str(client
, "username") : "none");
251 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
256 server
= qobject_to_qdict(data
);
257 if (strcmp(qdict_get_str(server
, "status"), "disabled") == 0) {
258 monitor_printf(mon
, "Server: disabled\n");
262 monitor_printf(mon
, "Server:\n");
263 monitor_printf(mon
, " address: %s:%s\n",
264 qdict_get_str(server
, "host"),
265 qdict_get_str(server
, "service"));
266 monitor_printf(mon
, " auth: %s\n",
267 qdict_haskey(server
, "auth") ? qdict_get_str(server
, "auth") : "none");
269 clients
= qdict_get_qlist(server
, "clients");
270 if (qlist_empty(clients
)) {
271 monitor_printf(mon
, "Client: none\n");
273 qlist_iter(clients
, info_vnc_iter
, mon
);
278 * do_info_vnc(): Show VNC server information
280 * Return a QDict with server information. Connected clients are returned
281 * as a QList of QDicts.
283 * The main QDict contains the following:
285 * - "status": "disabled" or "enabled"
286 * - "host": server's IP address
287 * - "service": server's port number
288 * - "auth": authentication method (optional)
289 * - "clients": a QList of all connected clients
291 * Clients are described by a QDict, with the following information:
293 * - "host": client's IP address
294 * - "service": client's port number
295 * - "x509_dname": TLS dname (optional)
296 * - "username": SASL username (optional)
300 * { "status": "enabled", "host": "0.0.0.0", "service": "50402", "auth": "vnc",
301 * "clients": [ { "host": "127.0.0.1", "service": "50401" } ] }
303 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
305 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
306 *ret_data
= qobject_from_jsonf("{ 'status': 'disabled' }");
312 if (vnc_display
->clients
) {
313 VncState
*client
= vnc_display
->clients
;
315 qdict
= do_info_vnc_client(mon
, client
);
317 qlist_append(clist
, qdict
);
318 client
= client
->next
;
322 *ret_data
= qobject_from_jsonf("{ 'status': 'enabled', 'clients': %p }",
324 assert(*ret_data
!= NULL
);
326 qdict
= qobject_to_qdict(*ret_data
);
328 if (vnc_display
->auth
!= VNC_AUTH_NONE
) {
329 qdict_put(qdict
, "auth",
330 qstring_from_str(vnc_auth_name(vnc_display
)));
333 if (vnc_qdict_local_addr(qdict
, vnc_display
->lsock
) < 0) {
334 qobject_decref(*ret_data
);
340 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
341 return (vs
->features
& (1 << feature
));
345 1) Get the queue working for IO.
346 2) there is some weirdness when using the -S option (the screen is grey
347 and not totally invalidated
348 3) resolutions > 1024
351 static int vnc_update_client(VncState
*vs
, int has_dirty
);
352 static void vnc_disconnect_start(VncState
*vs
);
353 static void vnc_disconnect_finish(VncState
*vs
);
354 static void vnc_init_timer(VncDisplay
*vd
);
355 static void vnc_remove_timer(VncDisplay
*vd
);
357 static void vnc_colordepth(VncState
*vs
);
358 static void framebuffer_update_request(VncState
*vs
, int incremental
,
359 int x_position
, int y_position
,
361 static void vnc_refresh(void *opaque
);
362 static int vnc_refresh_server_surface(VncDisplay
*vd
);
364 static inline void vnc_set_bit(uint32_t *d
, int k
)
366 d
[k
>> 5] |= 1 << (k
& 0x1f);
369 static inline void vnc_clear_bit(uint32_t *d
, int k
)
371 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
374 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
384 d
[j
++] = (1 << n
) - 1;
389 static inline int vnc_get_bit(const uint32_t *d
, int k
)
391 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
394 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
398 for(i
= 0; i
< nb_words
; i
++) {
399 if ((d1
[i
] & d2
[i
]) != 0)
405 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
408 VncDisplay
*vd
= ds
->opaque
;
409 struct VncSurface
*s
= &vd
->guest
;
413 /* round x down to ensure the loop only spans one 16-pixel block per,
414 iteration. otherwise, if (x % 16) != 0, the last iteration may span
415 two 16-pixel blocks but we only mark the first as dirty
420 x
= MIN(x
, s
->ds
->width
);
421 y
= MIN(y
, s
->ds
->height
);
422 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
423 h
= MIN(h
, s
->ds
->height
);
426 for (i
= 0; i
< w
; i
+= 16)
427 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
430 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
433 vnc_write_u16(vs
, x
);
434 vnc_write_u16(vs
, y
);
435 vnc_write_u16(vs
, w
);
436 vnc_write_u16(vs
, h
);
438 vnc_write_s32(vs
, encoding
);
441 void buffer_reserve(Buffer
*buffer
, size_t len
)
443 if ((buffer
->capacity
- buffer
->offset
) < len
) {
444 buffer
->capacity
+= (len
+ 1024);
445 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
446 if (buffer
->buffer
== NULL
) {
447 fprintf(stderr
, "vnc: out of memory\n");
453 int buffer_empty(Buffer
*buffer
)
455 return buffer
->offset
== 0;
458 uint8_t *buffer_end(Buffer
*buffer
)
460 return buffer
->buffer
+ buffer
->offset
;
463 void buffer_reset(Buffer
*buffer
)
468 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
470 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
471 buffer
->offset
+= len
;
474 static void vnc_dpy_resize(DisplayState
*ds
)
477 VncDisplay
*vd
= ds
->opaque
;
478 VncState
*vs
= vd
->clients
;
482 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
483 if (vd
->server
->data
)
484 qemu_free(vd
->server
->data
);
485 *(vd
->server
) = *(ds
->surface
);
486 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
491 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
492 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
493 console_color_init(ds
);
494 size_changed
= ds_get_width(ds
) != vd
->guest
.ds
->width
||
495 ds_get_height(ds
) != vd
->guest
.ds
->height
;
496 *(vd
->guest
.ds
) = *(ds
->surface
);
497 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
502 if (vs
->csock
!= -1 && vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
503 vnc_write_u8(vs
, 0); /* msg id */
505 vnc_write_u16(vs
, 1); /* number of rects */
506 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
),
507 VNC_ENCODING_DESKTOPRESIZE
);
511 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
517 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
519 vnc_write(vs
, pixels
, size
);
522 /* slowest but generic code. */
523 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
526 VncDisplay
*vd
= vs
->vd
;
528 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
529 vd
->server
->pf
.rbits
);
530 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
531 vd
->server
->pf
.gbits
);
532 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
533 vd
->server
->pf
.bbits
);
534 v
= (r
<< vs
->clientds
.pf
.rshift
) |
535 (g
<< vs
->clientds
.pf
.gshift
) |
536 (b
<< vs
->clientds
.pf
.bshift
);
537 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
542 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
552 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
567 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
570 VncDisplay
*vd
= vs
->vd
;
572 if (vd
->server
->pf
.bytes_per_pixel
== 4) {
573 uint32_t *pixels
= pixels1
;
576 for(i
= 0; i
< n
; i
++) {
577 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
578 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
580 } else if (vd
->server
->pf
.bytes_per_pixel
== 2) {
581 uint16_t *pixels
= pixels1
;
584 for(i
= 0; i
< n
; i
++) {
585 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
586 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
588 } else if (vd
->server
->pf
.bytes_per_pixel
== 1) {
589 uint8_t *pixels
= pixels1
;
592 for(i
= 0; i
< n
; i
++) {
593 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
594 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
597 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
601 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
605 VncDisplay
*vd
= vs
->vd
;
607 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
608 for (i
= 0; i
< h
; i
++) {
609 vs
->write_pixels(vs
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
610 row
+= ds_get_linesize(vs
->ds
);
614 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
616 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
617 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
621 #include "vnchextile.h"
625 #include "vnchextile.h"
629 #include "vnchextile.h"
634 #include "vnchextile.h"
640 #include "vnchextile.h"
646 #include "vnchextile.h"
650 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
654 uint8_t *last_fg
, *last_bg
;
655 VncDisplay
*vd
= vs
->vd
;
657 last_fg
= (uint8_t *) qemu_malloc(vd
->server
->pf
.bytes_per_pixel
);
658 last_bg
= (uint8_t *) qemu_malloc(vd
->server
->pf
.bytes_per_pixel
);
660 for (j
= y
; j
< (y
+ h
); j
+= 16) {
661 for (i
= x
; i
< (x
+ w
); i
+= 16) {
662 vs
->send_hextile_tile(vs
, i
, j
,
663 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
664 last_bg
, last_fg
, &has_bg
, &has_fg
);
672 #define ZALLOC_ALIGNMENT 16
674 static void *zalloc(void *x
, unsigned items
, unsigned size
)
679 size
= (size
+ ZALLOC_ALIGNMENT
- 1) & ~(ZALLOC_ALIGNMENT
- 1);
681 p
= qemu_mallocz(size
);
686 static void zfree(void *x
, void *addr
)
691 static void vnc_zlib_init(VncState
*vs
)
694 for (i
=0; i
<(sizeof(vs
->zlib_stream
) / sizeof(z_stream
)); i
++)
695 vs
->zlib_stream
[i
].opaque
= NULL
;
698 static void vnc_zlib_start(VncState
*vs
)
700 buffer_reset(&vs
->zlib
);
702 // make the output buffer be the zlib buffer, so we can compress it later
703 vs
->zlib_tmp
= vs
->output
;
704 vs
->output
= vs
->zlib
;
707 static int vnc_zlib_stop(VncState
*vs
, int stream_id
)
709 z_streamp zstream
= &vs
->zlib_stream
[stream_id
];
712 // switch back to normal output/zlib buffers
713 vs
->zlib
= vs
->output
;
714 vs
->output
= vs
->zlib_tmp
;
716 // compress the zlib buffer
718 // initialize the stream
719 // XXX need one stream per session
720 if (zstream
->opaque
!= vs
) {
723 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id
);
724 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream
->opaque
, vs
);
725 zstream
->zalloc
= zalloc
;
726 zstream
->zfree
= zfree
;
728 err
= deflateInit2(zstream
, vs
->tight_compression
, Z_DEFLATED
, MAX_WBITS
,
729 MAX_MEM_LEVEL
, Z_DEFAULT_STRATEGY
);
732 fprintf(stderr
, "VNC: error initializing zlib\n");
736 zstream
->opaque
= vs
;
739 // XXX what to do if tight_compression changed in between?
741 // reserve memory in output buffer
742 buffer_reserve(&vs
->output
, vs
->zlib
.offset
+ 64);
745 zstream
->next_in
= vs
->zlib
.buffer
;
746 zstream
->avail_in
= vs
->zlib
.offset
;
747 zstream
->next_out
= vs
->output
.buffer
+ vs
->output
.offset
;
748 zstream
->avail_out
= vs
->output
.capacity
- vs
->output
.offset
;
749 zstream
->data_type
= Z_BINARY
;
750 previous_out
= zstream
->total_out
;
753 if (deflate(zstream
, Z_SYNC_FLUSH
) != Z_OK
) {
754 fprintf(stderr
, "VNC: error during zlib compression\n");
758 vs
->output
.offset
= vs
->output
.capacity
- zstream
->avail_out
;
759 return zstream
->total_out
- previous_out
;
762 static void send_framebuffer_update_zlib(VncState
*vs
, int x
, int y
, int w
, int h
)
764 int old_offset
, new_offset
, bytes_written
;
766 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_ZLIB
);
768 // remember where we put in the follow-up size
769 old_offset
= vs
->output
.offset
;
770 vnc_write_s32(vs
, 0);
772 // compress the stream
774 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
775 bytes_written
= vnc_zlib_stop(vs
, 0);
777 if (bytes_written
== -1)
781 new_offset
= vs
->output
.offset
;
782 vs
->output
.offset
= old_offset
;
783 vnc_write_u32(vs
, bytes_written
);
784 vs
->output
.offset
= new_offset
;
787 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
789 switch(vs
->vnc_encoding
) {
790 case VNC_ENCODING_ZLIB
:
791 send_framebuffer_update_zlib(vs
, x
, y
, w
, h
);
793 case VNC_ENCODING_HEXTILE
:
794 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
795 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
798 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
799 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
804 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
806 /* send bitblit op to the vnc client */
807 vnc_write_u8(vs
, 0); /* msg id */
809 vnc_write_u16(vs
, 1); /* number of rects */
810 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
811 vnc_write_u16(vs
, src_x
);
812 vnc_write_u16(vs
, src_y
);
816 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
818 VncDisplay
*vd
= ds
->opaque
;
822 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
825 vnc_refresh_server_surface(vd
);
826 for (vs
= vd
->clients
; vs
!= NULL
; vs
= vn
) {
828 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
829 vs
->force_update
= 1;
830 vnc_update_client(vs
, 1);
831 /* vs might be free()ed here */
835 /* do bitblit op on the local surface too */
836 pitch
= ds_get_linesize(vd
->ds
);
837 depth
= ds_get_bytes_per_pixel(vd
->ds
);
838 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
839 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
844 src_row
+= pitch
* (h
-1);
845 dst_row
+= pitch
* (h
-1);
850 w_lim
= w
- (16 - (dst_x
% 16));
854 w_lim
= w
- (w_lim
% 16);
855 for (i
= 0; i
< h
; i
++) {
856 for (x
= 0; x
<= w_lim
;
857 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
859 if ((s
= w
- w_lim
) == 0)
862 s
= (16 - (dst_x
% 16));
867 cmp_bytes
= s
* depth
;
868 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
870 memmove(dst_row
, src_row
, cmp_bytes
);
873 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
))
874 vnc_set_bit(vs
->dirty
[y
], ((x
+ dst_x
) / 16));
878 src_row
+= pitch
- w
* depth
;
879 dst_row
+= pitch
- w
* depth
;
883 for (vs
= vd
->clients
; vs
!= NULL
; vs
= vs
->next
) {
884 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
))
885 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
889 static int find_and_clear_dirty_height(struct VncState
*vs
,
890 int y
, int last_x
, int x
)
893 VncDisplay
*vd
= vs
->vd
;
895 for (h
= 1; h
< (vd
->server
->height
- y
); h
++) {
897 if (!vnc_get_bit(vs
->dirty
[y
+ h
], last_x
))
899 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
900 vnc_clear_bit(vs
->dirty
[y
+ h
], tmp_x
);
906 static int vnc_update_client(VncState
*vs
, int has_dirty
)
908 if (vs
->need_update
&& vs
->csock
!= -1) {
909 VncDisplay
*vd
= vs
->vd
;
914 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
915 /* kernel send buffers are full -> drop frames to throttle */
918 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
922 * Send screen updates to the vnc client using the server
923 * surface and server dirty map. guest surface updates
924 * happening in parallel don't disturb us, the next pass will
925 * send them to the client.
928 vnc_write_u8(vs
, 0); /* msg id */
930 saved_offset
= vs
->output
.offset
;
931 vnc_write_u16(vs
, 0);
933 for (y
= 0; y
< vd
->server
->height
; y
++) {
936 for (x
= 0; x
< vd
->server
->width
/ 16; x
++) {
937 if (vnc_get_bit(vs
->dirty
[y
], x
)) {
941 vnc_clear_bit(vs
->dirty
[y
], x
);
944 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
945 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
952 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
953 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
957 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
958 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
960 vs
->force_update
= 0;
965 vnc_disconnect_finish(vs
);
971 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
973 VncState
*vs
= opaque
;
976 case AUD_CNOTIFY_DISABLE
:
977 vnc_write_u8(vs
, 255);
979 vnc_write_u16(vs
, 0);
983 case AUD_CNOTIFY_ENABLE
:
984 vnc_write_u8(vs
, 255);
986 vnc_write_u16(vs
, 1);
992 static void audio_capture_destroy(void *opaque
)
996 static void audio_capture(void *opaque
, void *buf
, int size
)
998 VncState
*vs
= opaque
;
1000 vnc_write_u8(vs
, 255);
1001 vnc_write_u8(vs
, 1);
1002 vnc_write_u16(vs
, 2);
1003 vnc_write_u32(vs
, size
);
1004 vnc_write(vs
, buf
, size
);
1008 static void audio_add(VncState
*vs
)
1010 Monitor
*mon
= cur_mon
;
1011 struct audio_capture_ops ops
;
1013 if (vs
->audio_cap
) {
1014 monitor_printf(mon
, "audio already running\n");
1018 ops
.notify
= audio_capture_notify
;
1019 ops
.destroy
= audio_capture_destroy
;
1020 ops
.capture
= audio_capture
;
1022 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1023 if (!vs
->audio_cap
) {
1024 monitor_printf(mon
, "Failed to add audio capture\n");
1028 static void audio_del(VncState
*vs
)
1030 if (vs
->audio_cap
) {
1031 AUD_del_capture(vs
->audio_cap
, vs
);
1032 vs
->audio_cap
= NULL
;
1036 static void vnc_disconnect_start(VncState
*vs
)
1038 if (vs
->csock
== -1)
1040 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1041 closesocket(vs
->csock
);
1045 static void vnc_disconnect_finish(VncState
*vs
)
1047 if (vs
->input
.buffer
) {
1048 qemu_free(vs
->input
.buffer
);
1049 vs
->input
.buffer
= NULL
;
1051 if (vs
->output
.buffer
) {
1052 qemu_free(vs
->output
.buffer
);
1053 vs
->output
.buffer
= NULL
;
1055 #ifdef CONFIG_VNC_TLS
1056 vnc_tls_client_cleanup(vs
);
1057 #endif /* CONFIG_VNC_TLS */
1058 #ifdef CONFIG_VNC_SASL
1059 vnc_sasl_client_cleanup(vs
);
1060 #endif /* CONFIG_VNC_SASL */
1063 VncState
*p
, *parent
= NULL
;
1064 for (p
= vs
->vd
->clients
; p
!= NULL
; p
= p
->next
) {
1067 parent
->next
= p
->next
;
1069 vs
->vd
->clients
= p
->next
;
1074 if (!vs
->vd
->clients
)
1077 vnc_remove_timer(vs
->vd
);
1081 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1083 if (ret
== 0 || ret
== -1) {
1085 switch (last_errno
) {
1089 case WSAEWOULDBLOCK
:
1097 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1098 ret
, ret
< 0 ? last_errno
: 0);
1099 vnc_disconnect_start(vs
);
1107 void vnc_client_error(VncState
*vs
)
1109 VNC_DEBUG("Closing down client sock: protocol error\n");
1110 vnc_disconnect_start(vs
);
1115 * Called to write a chunk of data to the client socket. The data may
1116 * be the raw data, or may have already been encoded by SASL.
1117 * The data will be written either straight onto the socket, or
1118 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1120 * NB, it is theoretically possible to have 2 layers of encryption,
1121 * both SASL, and this TLS layer. It is highly unlikely in practice
1122 * though, since SASL encryption will typically be a no-op if TLS
1125 * Returns the number of bytes written, which may be less than
1126 * the requested 'datalen' if the socket would block. Returns
1127 * -1 on error, and disconnects the client socket.
1129 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1132 #ifdef CONFIG_VNC_TLS
1133 if (vs
->tls
.session
) {
1134 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1136 if (ret
== GNUTLS_E_AGAIN
)
1143 #endif /* CONFIG_VNC_TLS */
1144 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1145 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1146 return vnc_client_io_error(vs
, ret
, socket_error());
1151 * Called to write buffered data to the client socket, when not
1152 * using any SASL SSF encryption layers. Will write as much data
1153 * as possible without blocking. If all buffered data is written,
1154 * will switch the FD poll() handler back to read monitoring.
1156 * Returns the number of bytes written, which may be less than
1157 * the buffered output data if the socket would block. Returns
1158 * -1 on error, and disconnects the client socket.
1160 static long vnc_client_write_plain(VncState
*vs
)
1164 #ifdef CONFIG_VNC_SASL
1165 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1166 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1167 vs
->sasl
.waitWriteSSF
);
1169 if (vs
->sasl
.conn
&&
1171 vs
->sasl
.waitWriteSSF
) {
1172 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1174 vs
->sasl
.waitWriteSSF
-= ret
;
1176 #endif /* CONFIG_VNC_SASL */
1177 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1181 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1182 vs
->output
.offset
-= ret
;
1184 if (vs
->output
.offset
== 0) {
1185 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1193 * First function called whenever there is data to be written to
1194 * the client socket. Will delegate actual work according to whether
1195 * SASL SSF layers are enabled (thus requiring encryption calls)
1197 void vnc_client_write(void *opaque
)
1200 VncState
*vs
= opaque
;
1202 #ifdef CONFIG_VNC_SASL
1203 if (vs
->sasl
.conn
&&
1205 !vs
->sasl
.waitWriteSSF
)
1206 ret
= vnc_client_write_sasl(vs
);
1208 #endif /* CONFIG_VNC_SASL */
1209 ret
= vnc_client_write_plain(vs
);
1212 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1214 vs
->read_handler
= func
;
1215 vs
->read_handler_expect
= expecting
;
1220 * Called to read a chunk of data from the client socket. The data may
1221 * be the raw data, or may need to be further decoded by SASL.
1222 * The data will be read either straight from to the socket, or
1223 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1225 * NB, it is theoretically possible to have 2 layers of encryption,
1226 * both SASL, and this TLS layer. It is highly unlikely in practice
1227 * though, since SASL encryption will typically be a no-op if TLS
1230 * Returns the number of bytes read, which may be less than
1231 * the requested 'datalen' if the socket would block. Returns
1232 * -1 on error, and disconnects the client socket.
1234 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1237 #ifdef CONFIG_VNC_TLS
1238 if (vs
->tls
.session
) {
1239 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1241 if (ret
== GNUTLS_E_AGAIN
)
1248 #endif /* CONFIG_VNC_TLS */
1249 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1250 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1251 return vnc_client_io_error(vs
, ret
, socket_error());
1256 * Called to read data from the client socket to the input buffer,
1257 * when not using any SASL SSF encryption layers. Will read as much
1258 * data as possible without blocking.
1260 * Returns the number of bytes read. Returns -1 on error, and
1261 * disconnects the client socket.
1263 static long vnc_client_read_plain(VncState
*vs
)
1266 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1267 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1268 buffer_reserve(&vs
->input
, 4096);
1269 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1272 vs
->input
.offset
+= ret
;
1278 * First function called whenever there is more data to be read from
1279 * the client socket. Will delegate actual work according to whether
1280 * SASL SSF layers are enabled (thus requiring decryption calls)
1282 void vnc_client_read(void *opaque
)
1284 VncState
*vs
= opaque
;
1287 #ifdef CONFIG_VNC_SASL
1288 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1289 ret
= vnc_client_read_sasl(vs
);
1291 #endif /* CONFIG_VNC_SASL */
1292 ret
= vnc_client_read_plain(vs
);
1294 if (vs
->csock
== -1)
1295 vnc_disconnect_finish(vs
);
1299 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1300 size_t len
= vs
->read_handler_expect
;
1303 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1304 if (vs
->csock
== -1) {
1305 vnc_disconnect_finish(vs
);
1310 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1311 vs
->input
.offset
-= len
;
1313 vs
->read_handler_expect
= ret
;
1318 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1320 buffer_reserve(&vs
->output
, len
);
1322 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1323 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1326 buffer_append(&vs
->output
, data
, len
);
1329 void vnc_write_s32(VncState
*vs
, int32_t value
)
1331 vnc_write_u32(vs
, *(uint32_t *)&value
);
1334 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1338 buf
[0] = (value
>> 24) & 0xFF;
1339 buf
[1] = (value
>> 16) & 0xFF;
1340 buf
[2] = (value
>> 8) & 0xFF;
1341 buf
[3] = value
& 0xFF;
1343 vnc_write(vs
, buf
, 4);
1346 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1350 buf
[0] = (value
>> 8) & 0xFF;
1351 buf
[1] = value
& 0xFF;
1353 vnc_write(vs
, buf
, 2);
1356 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1358 vnc_write(vs
, (char *)&value
, 1);
1361 void vnc_flush(VncState
*vs
)
1363 if (vs
->csock
!= -1 && vs
->output
.offset
)
1364 vnc_client_write(vs
);
1367 uint8_t read_u8(uint8_t *data
, size_t offset
)
1369 return data
[offset
];
1372 uint16_t read_u16(uint8_t *data
, size_t offset
)
1374 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1377 int32_t read_s32(uint8_t *data
, size_t offset
)
1379 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1380 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1383 uint32_t read_u32(uint8_t *data
, size_t offset
)
1385 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1386 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1389 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1393 static void check_pointer_type_change(VncState
*vs
, int absolute
)
1395 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1396 vnc_write_u8(vs
, 0);
1397 vnc_write_u8(vs
, 0);
1398 vnc_write_u16(vs
, 1);
1399 vnc_framebuffer_update(vs
, absolute
, 0,
1400 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1401 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1404 vs
->absolute
= absolute
;
1407 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1412 if (button_mask
& 0x01)
1413 buttons
|= MOUSE_EVENT_LBUTTON
;
1414 if (button_mask
& 0x02)
1415 buttons
|= MOUSE_EVENT_MBUTTON
;
1416 if (button_mask
& 0x04)
1417 buttons
|= MOUSE_EVENT_RBUTTON
;
1418 if (button_mask
& 0x08)
1420 if (button_mask
& 0x10)
1424 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1425 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1426 ds_get_height(vs
->ds
) > 1 ?
1427 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1429 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1433 kbd_mouse_event(x
, y
, dz
, buttons
);
1435 if (vs
->last_x
!= -1)
1436 kbd_mouse_event(x
- vs
->last_x
,
1443 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1446 static void reset_keys(VncState
*vs
)
1449 for(i
= 0; i
< 256; i
++) {
1450 if (vs
->modifiers_state
[i
]) {
1452 kbd_put_keycode(0xe0);
1453 kbd_put_keycode(i
| 0x80);
1454 vs
->modifiers_state
[i
] = 0;
1459 static void press_key(VncState
*vs
, int keysym
)
1461 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & 0x7f);
1462 kbd_put_keycode(keysym2scancode(vs
->vd
->kbd_layout
, keysym
) | 0x80);
1465 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1467 /* QEMU console switch */
1469 case 0x2a: /* Left Shift */
1470 case 0x36: /* Right Shift */
1471 case 0x1d: /* Left CTRL */
1472 case 0x9d: /* Right CTRL */
1473 case 0x38: /* Left ALT */
1474 case 0xb8: /* Right ALT */
1476 vs
->modifiers_state
[keycode
] = 1;
1478 vs
->modifiers_state
[keycode
] = 0;
1480 case 0x02 ... 0x0a: /* '1' to '9' keys */
1481 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1482 /* Reset the modifiers sent to the current console */
1484 console_select(keycode
- 0x02);
1488 case 0x3a: /* CapsLock */
1489 case 0x45: /* NumLock */
1491 vs
->modifiers_state
[keycode
] ^= 1;
1495 if (keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1496 /* If the numlock state needs to change then simulate an additional
1497 keypress before sending this one. This will happen if the user
1498 toggles numlock away from the VNC window.
1500 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1501 if (!vs
->modifiers_state
[0x45]) {
1502 vs
->modifiers_state
[0x45] = 1;
1503 press_key(vs
, 0xff7f);
1506 if (vs
->modifiers_state
[0x45]) {
1507 vs
->modifiers_state
[0x45] = 0;
1508 press_key(vs
, 0xff7f);
1513 if ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z')) {
1514 /* If the capslock state needs to change then simulate an additional
1515 keypress before sending this one. This will happen if the user
1516 toggles capslock away from the VNC window.
1518 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1519 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1520 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1522 if (uppercase
== shift
) {
1523 vs
->modifiers_state
[0x3a] = 0;
1524 press_key(vs
, 0xffe5);
1527 if (uppercase
!= shift
) {
1528 vs
->modifiers_state
[0x3a] = 1;
1529 press_key(vs
, 0xffe5);
1534 if (is_graphic_console()) {
1536 kbd_put_keycode(0xe0);
1538 kbd_put_keycode(keycode
& 0x7f);
1540 kbd_put_keycode(keycode
| 0x80);
1542 /* QEMU console emulation */
1544 int numlock
= vs
->modifiers_state
[0x45];
1546 case 0x2a: /* Left Shift */
1547 case 0x36: /* Right Shift */
1548 case 0x1d: /* Left CTRL */
1549 case 0x9d: /* Right CTRL */
1550 case 0x38: /* Left ALT */
1551 case 0xb8: /* Right ALT */
1554 kbd_put_keysym(QEMU_KEY_UP
);
1557 kbd_put_keysym(QEMU_KEY_DOWN
);
1560 kbd_put_keysym(QEMU_KEY_LEFT
);
1563 kbd_put_keysym(QEMU_KEY_RIGHT
);
1566 kbd_put_keysym(QEMU_KEY_DELETE
);
1569 kbd_put_keysym(QEMU_KEY_HOME
);
1572 kbd_put_keysym(QEMU_KEY_END
);
1575 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1578 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1582 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1585 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1588 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1591 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1594 kbd_put_keysym('5');
1597 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1600 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1603 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1606 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1609 kbd_put_keysym('0');
1612 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1616 kbd_put_keysym('/');
1619 kbd_put_keysym('*');
1622 kbd_put_keysym('-');
1625 kbd_put_keysym('+');
1628 kbd_put_keysym('\n');
1632 kbd_put_keysym(sym
);
1639 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1644 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1645 lsym
= lsym
- 'A' + 'a';
1648 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF);
1649 do_key_event(vs
, down
, keycode
, sym
);
1652 static void ext_key_event(VncState
*vs
, int down
,
1653 uint32_t sym
, uint16_t keycode
)
1655 /* if the user specifies a keyboard layout, always use it */
1656 if (keyboard_layout
)
1657 key_event(vs
, down
, sym
);
1659 do_key_event(vs
, down
, keycode
, sym
);
1662 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1663 int x_position
, int y_position
,
1666 if (x_position
> ds_get_width(vs
->ds
))
1667 x_position
= ds_get_width(vs
->ds
);
1668 if (y_position
> ds_get_height(vs
->ds
))
1669 y_position
= ds_get_height(vs
->ds
);
1670 if (x_position
+ w
>= ds_get_width(vs
->ds
))
1671 w
= ds_get_width(vs
->ds
) - x_position
;
1672 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1673 h
= ds_get_height(vs
->ds
) - y_position
;
1676 vs
->need_update
= 1;
1678 vs
->force_update
= 1;
1679 for (i
= 0; i
< h
; i
++) {
1680 vnc_set_bits(vs
->dirty
[y_position
+ i
],
1681 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1686 static void send_ext_key_event_ack(VncState
*vs
)
1688 vnc_write_u8(vs
, 0);
1689 vnc_write_u8(vs
, 0);
1690 vnc_write_u16(vs
, 1);
1691 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1692 VNC_ENCODING_EXT_KEY_EVENT
);
1696 static void send_ext_audio_ack(VncState
*vs
)
1698 vnc_write_u8(vs
, 0);
1699 vnc_write_u8(vs
, 0);
1700 vnc_write_u16(vs
, 1);
1701 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1702 VNC_ENCODING_AUDIO
);
1706 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1709 unsigned int enc
= 0;
1713 vs
->vnc_encoding
= 0;
1714 vs
->tight_compression
= 9;
1715 vs
->tight_quality
= 9;
1718 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1721 case VNC_ENCODING_RAW
:
1722 vs
->vnc_encoding
= enc
;
1724 case VNC_ENCODING_COPYRECT
:
1725 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1727 case VNC_ENCODING_HEXTILE
:
1728 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1729 vs
->vnc_encoding
= enc
;
1731 case VNC_ENCODING_ZLIB
:
1732 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1733 vs
->vnc_encoding
= enc
;
1735 case VNC_ENCODING_DESKTOPRESIZE
:
1736 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1738 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1739 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1741 case VNC_ENCODING_EXT_KEY_EVENT
:
1742 send_ext_key_event_ack(vs
);
1744 case VNC_ENCODING_AUDIO
:
1745 send_ext_audio_ack(vs
);
1747 case VNC_ENCODING_WMVi
:
1748 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1750 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1751 vs
->tight_compression
= (enc
& 0x0F);
1753 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1754 vs
->tight_quality
= (enc
& 0x0F);
1757 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1762 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1765 static void set_pixel_conversion(VncState
*vs
)
1767 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1768 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1769 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1770 vs
->write_pixels
= vnc_write_pixels_copy
;
1771 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1773 vs
->send_hextile_tile
= send_hextile_tile_8
;
1776 vs
->send_hextile_tile
= send_hextile_tile_16
;
1779 vs
->send_hextile_tile
= send_hextile_tile_32
;
1783 vs
->write_pixels
= vnc_write_pixels_generic
;
1784 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1786 vs
->send_hextile_tile
= send_hextile_tile_generic_8
;
1789 vs
->send_hextile_tile
= send_hextile_tile_generic_16
;
1792 vs
->send_hextile_tile
= send_hextile_tile_generic_32
;
1798 static void set_pixel_format(VncState
*vs
,
1799 int bits_per_pixel
, int depth
,
1800 int big_endian_flag
, int true_color_flag
,
1801 int red_max
, int green_max
, int blue_max
,
1802 int red_shift
, int green_shift
, int blue_shift
)
1804 if (!true_color_flag
) {
1805 vnc_client_error(vs
);
1809 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1810 vs
->clientds
.pf
.rmax
= red_max
;
1811 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1812 vs
->clientds
.pf
.rshift
= red_shift
;
1813 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1814 vs
->clientds
.pf
.gmax
= green_max
;
1815 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1816 vs
->clientds
.pf
.gshift
= green_shift
;
1817 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1818 vs
->clientds
.pf
.bmax
= blue_max
;
1819 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1820 vs
->clientds
.pf
.bshift
= blue_shift
;
1821 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1822 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1823 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1824 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1825 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1827 set_pixel_conversion(vs
);
1829 vga_hw_invalidate();
1833 static void pixel_format_message (VncState
*vs
) {
1834 char pad
[3] = { 0, 0, 0 };
1836 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1837 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1839 #ifdef HOST_WORDS_BIGENDIAN
1840 vnc_write_u8(vs
, 1); /* big-endian-flag */
1842 vnc_write_u8(vs
, 0); /* big-endian-flag */
1844 vnc_write_u8(vs
, 1); /* true-color-flag */
1845 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1846 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1847 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1848 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1849 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1850 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1851 if (vs
->ds
->surface
->pf
.bits_per_pixel
== 32)
1852 vs
->send_hextile_tile
= send_hextile_tile_32
;
1853 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 16)
1854 vs
->send_hextile_tile
= send_hextile_tile_16
;
1855 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 8)
1856 vs
->send_hextile_tile
= send_hextile_tile_8
;
1857 vs
->clientds
= *(vs
->ds
->surface
);
1858 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1859 vs
->write_pixels
= vnc_write_pixels_copy
;
1861 vnc_write(vs
, pad
, 3); /* padding */
1864 static void vnc_dpy_setdata(DisplayState
*ds
)
1866 /* We don't have to do anything */
1869 static void vnc_colordepth(VncState
*vs
)
1871 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1872 /* Sending a WMVi message to notify the client*/
1873 vnc_write_u8(vs
, 0); /* msg id */
1874 vnc_write_u8(vs
, 0);
1875 vnc_write_u16(vs
, 1); /* number of rects */
1876 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1877 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1878 pixel_format_message(vs
);
1881 set_pixel_conversion(vs
);
1885 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1889 VncDisplay
*vd
= vs
->vd
;
1892 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1893 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
))
1894 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
1902 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1903 read_u8(data
, 6), read_u8(data
, 7),
1904 read_u16(data
, 8), read_u16(data
, 10),
1905 read_u16(data
, 12), read_u8(data
, 14),
1906 read_u8(data
, 15), read_u8(data
, 16));
1913 limit
= read_u16(data
, 2);
1915 return 4 + (limit
* 4);
1917 limit
= read_u16(data
, 2);
1919 for (i
= 0; i
< limit
; i
++) {
1920 int32_t val
= read_s32(data
, 4 + (i
* 4));
1921 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1924 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1930 framebuffer_update_request(vs
,
1931 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1932 read_u16(data
, 6), read_u16(data
, 8));
1938 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1944 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1951 uint32_t dlen
= read_u32(data
, 4);
1956 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1962 switch (read_u8(data
, 1)) {
1967 ext_key_event(vs
, read_u16(data
, 2),
1968 read_u32(data
, 4), read_u32(data
, 8));
1974 switch (read_u16 (data
, 2)) {
1984 switch (read_u8(data
, 4)) {
1985 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1986 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1987 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1988 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1989 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1990 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1992 printf("Invalid audio format %d\n", read_u8(data
, 4));
1993 vnc_client_error(vs
);
1996 vs
->as
.nchannels
= read_u8(data
, 5);
1997 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1998 printf("Invalid audio channel coount %d\n",
2000 vnc_client_error(vs
);
2003 vs
->as
.freq
= read_u32(data
, 6);
2006 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2007 vnc_client_error(vs
);
2013 printf("Msg: %d\n", read_u16(data
, 0));
2014 vnc_client_error(vs
);
2019 printf("Msg: %d\n", data
[0]);
2020 vnc_client_error(vs
);
2024 vnc_read_when(vs
, protocol_client_msg
, 1);
2028 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2033 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
2034 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
2036 pixel_format_message(vs
);
2039 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2041 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2043 vnc_write_u32(vs
, size
);
2044 vnc_write(vs
, buf
, size
);
2047 vnc_read_when(vs
, protocol_client_msg
, 1);
2052 void start_client_init(VncState
*vs
)
2054 vnc_read_when(vs
, protocol_client_init
, 1);
2057 static void make_challenge(VncState
*vs
)
2061 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2063 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2064 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2067 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2069 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2071 unsigned char key
[8];
2073 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
2074 VNC_DEBUG("No password configured on server");
2075 vnc_write_u32(vs
, 1); /* Reject auth */
2076 if (vs
->minor
>= 8) {
2077 static const char err
[] = "Authentication failed";
2078 vnc_write_u32(vs
, sizeof(err
));
2079 vnc_write(vs
, err
, sizeof(err
));
2082 vnc_client_error(vs
);
2086 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2088 /* Calculate the expected challenge response */
2089 pwlen
= strlen(vs
->vd
->password
);
2090 for (i
=0; i
<sizeof(key
); i
++)
2091 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2093 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2094 des(response
+j
, response
+j
);
2096 /* Compare expected vs actual challenge response */
2097 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2098 VNC_DEBUG("Client challenge reponse did not match\n");
2099 vnc_write_u32(vs
, 1); /* Reject auth */
2100 if (vs
->minor
>= 8) {
2101 static const char err
[] = "Authentication failed";
2102 vnc_write_u32(vs
, sizeof(err
));
2103 vnc_write(vs
, err
, sizeof(err
));
2106 vnc_client_error(vs
);
2108 VNC_DEBUG("Accepting VNC challenge response\n");
2109 vnc_write_u32(vs
, 0); /* Accept auth */
2112 start_client_init(vs
);
2117 void start_auth_vnc(VncState
*vs
)
2120 /* Send client a 'random' challenge */
2121 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2124 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2128 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2130 /* We only advertise 1 auth scheme at a time, so client
2131 * must pick the one we sent. Verify this */
2132 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
2133 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2134 vnc_write_u32(vs
, 1);
2135 if (vs
->minor
>= 8) {
2136 static const char err
[] = "Authentication failed";
2137 vnc_write_u32(vs
, sizeof(err
));
2138 vnc_write(vs
, err
, sizeof(err
));
2140 vnc_client_error(vs
);
2141 } else { /* Accept requested auth */
2142 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2143 switch (vs
->vd
->auth
) {
2145 VNC_DEBUG("Accept auth none\n");
2146 if (vs
->minor
>= 8) {
2147 vnc_write_u32(vs
, 0); /* Accept auth completion */
2150 start_client_init(vs
);
2154 VNC_DEBUG("Start VNC auth\n");
2158 #ifdef CONFIG_VNC_TLS
2159 case VNC_AUTH_VENCRYPT
:
2160 VNC_DEBUG("Accept VeNCrypt auth\n");;
2161 start_auth_vencrypt(vs
);
2163 #endif /* CONFIG_VNC_TLS */
2165 #ifdef CONFIG_VNC_SASL
2167 VNC_DEBUG("Accept SASL auth\n");
2168 start_auth_sasl(vs
);
2170 #endif /* CONFIG_VNC_SASL */
2172 default: /* Should not be possible, but just in case */
2173 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
2174 vnc_write_u8(vs
, 1);
2175 if (vs
->minor
>= 8) {
2176 static const char err
[] = "Authentication failed";
2177 vnc_write_u32(vs
, sizeof(err
));
2178 vnc_write(vs
, err
, sizeof(err
));
2180 vnc_client_error(vs
);
2186 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2190 memcpy(local
, version
, 12);
2193 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2194 VNC_DEBUG("Malformed protocol version %s\n", local
);
2195 vnc_client_error(vs
);
2198 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2199 if (vs
->major
!= 3 ||
2205 VNC_DEBUG("Unsupported client version\n");
2206 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2208 vnc_client_error(vs
);
2211 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2212 * as equivalent to v3.3 by servers
2214 if (vs
->minor
== 4 || vs
->minor
== 5)
2217 if (vs
->minor
== 3) {
2218 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
2219 VNC_DEBUG("Tell client auth none\n");
2220 vnc_write_u32(vs
, vs
->vd
->auth
);
2222 start_client_init(vs
);
2223 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
2224 VNC_DEBUG("Tell client VNC auth\n");
2225 vnc_write_u32(vs
, vs
->vd
->auth
);
2229 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2230 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2232 vnc_client_error(vs
);
2235 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2236 vnc_write_u8(vs
, 1); /* num auth */
2237 vnc_write_u8(vs
, vs
->vd
->auth
);
2238 vnc_read_when(vs
, protocol_client_auth
, 1);
2245 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2249 uint8_t *server_row
;
2251 uint32_t width_mask
[VNC_DIRTY_WORDS
];
2252 VncState
*vs
= NULL
;
2256 * Walk through the guest dirty map.
2257 * Check and copy modified bits from guest to server surface.
2258 * Update server dirty map.
2260 vnc_set_bits(width_mask
, (ds_get_width(vd
->ds
) / 16), VNC_DIRTY_WORDS
);
2261 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2262 guest_row
= vd
->guest
.ds
->data
;
2263 server_row
= vd
->server
->data
;
2264 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2265 if (vnc_and_bits(vd
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
2268 uint8_t *server_ptr
;
2270 guest_ptr
= guest_row
;
2271 server_ptr
= server_row
;
2273 for (x
= 0; x
< vd
->guest
.ds
->width
;
2274 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2275 if (!vnc_get_bit(vd
->guest
.dirty
[y
], (x
/ 16)))
2277 vnc_clear_bit(vd
->guest
.dirty
[y
], (x
/ 16));
2278 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2280 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2282 while (vs
!= NULL
) {
2283 vnc_set_bit(vs
->dirty
[y
], (x
/ 16));
2289 guest_row
+= ds_get_linesize(vd
->ds
);
2290 server_row
+= ds_get_linesize(vd
->ds
);
2295 static void vnc_refresh(void *opaque
)
2297 VncDisplay
*vd
= opaque
;
2298 VncState
*vs
= NULL
, *vn
= NULL
;
2299 int has_dirty
= 0, rects
= 0;
2303 has_dirty
= vnc_refresh_server_surface(vd
);
2306 while (vs
!= NULL
) {
2308 rects
+= vnc_update_client(vs
, has_dirty
);
2309 /* vs might be free()ed here */
2312 /* vd->timer could be NULL now if the last client disconnected,
2313 * in this case don't update the timer */
2314 if (vd
->timer
== NULL
)
2317 if (has_dirty
&& rects
) {
2318 vd
->timer_interval
/= 2;
2319 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2320 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2322 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2323 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2324 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2326 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
2329 static void vnc_init_timer(VncDisplay
*vd
)
2331 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2332 if (vd
->timer
== NULL
&& vd
->clients
!= NULL
) {
2333 vd
->timer
= qemu_new_timer(rt_clock
, vnc_refresh
, vd
);
2338 static void vnc_remove_timer(VncDisplay
*vd
)
2340 if (vd
->timer
!= NULL
&& vd
->clients
== NULL
) {
2341 qemu_del_timer(vd
->timer
);
2342 qemu_free_timer(vd
->timer
);
2347 static void vnc_connect(VncDisplay
*vd
, int csock
)
2349 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2352 VNC_DEBUG("New client on socket %d\n", csock
);
2354 socket_set_nonblock(vs
->csock
);
2355 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2362 vs
->as
.freq
= 44100;
2363 vs
->as
.nchannels
= 2;
2364 vs
->as
.fmt
= AUD_FMT_S16
;
2365 vs
->as
.endianness
= 0;
2367 vs
->next
= vd
->clients
;
2372 vnc_write(vs
, "RFB 003.008\n", 12);
2374 vnc_read_when(vs
, protocol_version
, 12);
2379 /* vs might be free()ed here */
2382 static void vnc_listen_read(void *opaque
)
2384 VncDisplay
*vs
= opaque
;
2385 struct sockaddr_in addr
;
2386 socklen_t addrlen
= sizeof(addr
);
2391 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2393 vnc_connect(vs
, csock
);
2397 void vnc_display_init(DisplayState
*ds
)
2399 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2401 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2411 if (keyboard_layout
)
2412 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2414 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2416 if (!vs
->kbd_layout
)
2419 dcl
->dpy_copy
= vnc_dpy_copy
;
2420 dcl
->dpy_update
= vnc_dpy_update
;
2421 dcl
->dpy_resize
= vnc_dpy_resize
;
2422 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2423 register_displaychangelistener(ds
, dcl
);
2427 void vnc_display_close(DisplayState
*ds
)
2429 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2434 qemu_free(vs
->display
);
2437 if (vs
->lsock
!= -1) {
2438 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2442 vs
->auth
= VNC_AUTH_INVALID
;
2443 #ifdef CONFIG_VNC_TLS
2444 vs
->subauth
= VNC_AUTH_INVALID
;
2445 vs
->tls
.x509verify
= 0;
2449 int vnc_display_password(DisplayState
*ds
, const char *password
)
2451 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2458 qemu_free(vs
->password
);
2459 vs
->password
= NULL
;
2461 if (password
&& password
[0]) {
2462 if (!(vs
->password
= qemu_strdup(password
)))
2464 if (vs
->auth
== VNC_AUTH_NONE
) {
2465 vs
->auth
= VNC_AUTH_VNC
;
2468 vs
->auth
= VNC_AUTH_NONE
;
2474 char *vnc_display_local_addr(DisplayState
*ds
)
2476 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2478 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2481 int vnc_display_open(DisplayState
*ds
, const char *display
)
2483 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2484 const char *options
;
2488 #ifdef CONFIG_VNC_TLS
2489 int tls
= 0, x509
= 0;
2491 #ifdef CONFIG_VNC_SASL
2499 vnc_display_close(ds
);
2500 if (strcmp(display
, "none") == 0)
2503 if (!(vs
->display
= strdup(display
)))
2507 while ((options
= strchr(options
, ','))) {
2509 if (strncmp(options
, "password", 8) == 0) {
2510 password
= 1; /* Require password auth */
2511 } else if (strncmp(options
, "reverse", 7) == 0) {
2513 } else if (strncmp(options
, "to=", 3) == 0) {
2514 to_port
= atoi(options
+3) + 5900;
2515 #ifdef CONFIG_VNC_SASL
2516 } else if (strncmp(options
, "sasl", 4) == 0) {
2517 sasl
= 1; /* Require SASL auth */
2519 #ifdef CONFIG_VNC_TLS
2520 } else if (strncmp(options
, "tls", 3) == 0) {
2521 tls
= 1; /* Require TLS */
2522 } else if (strncmp(options
, "x509", 4) == 0) {
2524 x509
= 1; /* Require x509 certificates */
2525 if (strncmp(options
, "x509verify", 10) == 0)
2526 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2528 /* Now check for 'x509=/some/path' postfix
2529 * and use that to setup x509 certificate/key paths */
2530 start
= strchr(options
, '=');
2531 end
= strchr(options
, ',');
2532 if (start
&& (!end
|| (start
< end
))) {
2533 int len
= end
? end
-(start
+1) : strlen(start
+1);
2534 char *path
= qemu_strndup(start
+ 1, len
);
2536 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2537 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2538 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2540 qemu_free(vs
->display
);
2546 fprintf(stderr
, "No certificate path provided\n");
2547 qemu_free(vs
->display
);
2552 } else if (strncmp(options
, "acl", 3) == 0) {
2557 #ifdef CONFIG_VNC_TLS
2558 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2559 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2560 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2565 #ifdef CONFIG_VNC_SASL
2567 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2568 fprintf(stderr
, "Failed to create username ACL\n");
2575 * Combinations we support here:
2577 * - no-auth (clear text, no auth)
2578 * - password (clear text, weak auth)
2579 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2580 * - tls (encrypt, weak anonymous creds, no auth)
2581 * - tls + password (encrypt, weak anonymous creds, weak auth)
2582 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2583 * - tls + x509 (encrypt, good x509 creds, no auth)
2584 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2585 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2587 * NB1. TLS is a stackable auth scheme.
2588 * NB2. the x509 schemes have option to validate a client cert dname
2591 #ifdef CONFIG_VNC_TLS
2593 vs
->auth
= VNC_AUTH_VENCRYPT
;
2595 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2596 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2598 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2599 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2602 #endif /* CONFIG_VNC_TLS */
2603 VNC_DEBUG("Initializing VNC server with password auth\n");
2604 vs
->auth
= VNC_AUTH_VNC
;
2605 #ifdef CONFIG_VNC_TLS
2606 vs
->subauth
= VNC_AUTH_INVALID
;
2608 #endif /* CONFIG_VNC_TLS */
2609 #ifdef CONFIG_VNC_SASL
2611 #ifdef CONFIG_VNC_TLS
2613 vs
->auth
= VNC_AUTH_VENCRYPT
;
2615 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2616 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2618 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2619 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2622 #endif /* CONFIG_VNC_TLS */
2623 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2624 vs
->auth
= VNC_AUTH_SASL
;
2625 #ifdef CONFIG_VNC_TLS
2626 vs
->subauth
= VNC_AUTH_INVALID
;
2628 #endif /* CONFIG_VNC_TLS */
2629 #endif /* CONFIG_VNC_SASL */
2631 #ifdef CONFIG_VNC_TLS
2633 vs
->auth
= VNC_AUTH_VENCRYPT
;
2635 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2636 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2638 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2639 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2643 VNC_DEBUG("Initializing VNC server with no auth\n");
2644 vs
->auth
= VNC_AUTH_NONE
;
2645 #ifdef CONFIG_VNC_TLS
2646 vs
->subauth
= VNC_AUTH_INVALID
;
2651 #ifdef CONFIG_VNC_SASL
2652 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2653 fprintf(stderr
, "Failed to initialize SASL auth %s",
2654 sasl_errstring(saslErr
, NULL
, NULL
));
2662 /* connect to viewer */
2663 if (strncmp(display
, "unix:", 5) == 0)
2664 vs
->lsock
= unix_connect(display
+5);
2666 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2667 if (-1 == vs
->lsock
) {
2672 int csock
= vs
->lsock
;
2674 vnc_connect(vs
, csock
);
2679 /* listen for connects */
2681 dpy
= qemu_malloc(256);
2682 if (strncmp(display
, "unix:", 5) == 0) {
2683 pstrcpy(dpy
, 256, "unix:");
2684 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2686 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2688 if (-1 == vs
->lsock
) {
2696 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);