Merge branch 'upstream-merge'
[qemu-kvm/markmc.git] / vnc.c
blob01e8e934895a54a0a8af1acf6f2c1d2384491101
1 /*
2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
27 #include "vnc.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "acl.h"
33 #define VNC_REFRESH_INTERVAL_BASE 30
34 #define VNC_REFRESH_INTERVAL_INC 50
35 #define VNC_REFRESH_INTERVAL_MAX 2000
37 #include "vnc_keysym.h"
38 #include "d3des.h"
40 #define count_bits(c, v) { \
41 for (c = 0; v; v >>= 1) \
42 { \
43 c += v & 1; \
44 } \
48 static VncDisplay *vnc_display; /* needed for info vnc */
49 static DisplayChangeListener *dcl;
51 static char *addr_to_string(const char *format,
52 struct sockaddr_storage *sa,
53 socklen_t salen) {
54 char *addr;
55 char host[NI_MAXHOST];
56 char serv[NI_MAXSERV];
57 int err;
58 size_t addrlen;
60 if ((err = getnameinfo((struct sockaddr *)sa, salen,
61 host, sizeof(host),
62 serv, sizeof(serv),
63 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
64 VNC_DEBUG("Cannot resolve address %d: %s\n",
65 err, gai_strerror(err));
66 return NULL;
69 /* Enough for the existing format + the 2 vars we're
70 * substituting in. */
71 addrlen = strlen(format) + strlen(host) + strlen(serv);
72 addr = qemu_malloc(addrlen + 1);
73 snprintf(addr, addrlen, format, host, serv);
74 addr[addrlen] = '\0';
76 return addr;
80 char *vnc_socket_local_addr(const char *format, int fd) {
81 struct sockaddr_storage sa;
82 socklen_t salen;
84 salen = sizeof(sa);
85 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86 return NULL;
88 return addr_to_string(format, &sa, salen);
91 char *vnc_socket_remote_addr(const char *format, int fd) {
92 struct sockaddr_storage sa;
93 socklen_t salen;
95 salen = sizeof(sa);
96 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
97 return NULL;
99 return addr_to_string(format, &sa, salen);
102 static const char *vnc_auth_name(VncDisplay *vd) {
103 switch (vd->auth) {
104 case VNC_AUTH_INVALID:
105 return "invalid";
106 case VNC_AUTH_NONE:
107 return "none";
108 case VNC_AUTH_VNC:
109 return "vnc";
110 case VNC_AUTH_RA2:
111 return "ra2";
112 case VNC_AUTH_RA2NE:
113 return "ra2ne";
114 case VNC_AUTH_TIGHT:
115 return "tight";
116 case VNC_AUTH_ULTRA:
117 return "ultra";
118 case VNC_AUTH_TLS:
119 return "tls";
120 case VNC_AUTH_VENCRYPT:
121 #ifdef CONFIG_VNC_TLS
122 switch (vd->subauth) {
123 case VNC_AUTH_VENCRYPT_PLAIN:
124 return "vencrypt+plain";
125 case VNC_AUTH_VENCRYPT_TLSNONE:
126 return "vencrypt+tls+none";
127 case VNC_AUTH_VENCRYPT_TLSVNC:
128 return "vencrypt+tls+vnc";
129 case VNC_AUTH_VENCRYPT_TLSPLAIN:
130 return "vencrypt+tls+plain";
131 case VNC_AUTH_VENCRYPT_X509NONE:
132 return "vencrypt+x509+none";
133 case VNC_AUTH_VENCRYPT_X509VNC:
134 return "vencrypt+x509+vnc";
135 case VNC_AUTH_VENCRYPT_X509PLAIN:
136 return "vencrypt+x509+plain";
137 case VNC_AUTH_VENCRYPT_TLSSASL:
138 return "vencrypt+tls+sasl";
139 case VNC_AUTH_VENCRYPT_X509SASL:
140 return "vencrypt+x509+sasl";
141 default:
142 return "vencrypt";
144 #else
145 return "vencrypt";
146 #endif
147 case VNC_AUTH_SASL:
148 return "sasl";
150 return "unknown";
153 static void do_info_vnc_client(Monitor *mon, VncState *client)
155 char *clientAddr =
156 vnc_socket_remote_addr(" address: %s:%s\n",
157 client->csock);
158 if (!clientAddr)
159 return;
161 monitor_printf(mon, "Client:\n");
162 monitor_printf(mon, "%s", clientAddr);
163 free(clientAddr);
165 #ifdef CONFIG_VNC_TLS
166 if (client->tls.session &&
167 client->tls.dname)
168 monitor_printf(mon, " x509 dname: %s\n", client->tls.dname);
169 else
170 monitor_printf(mon, " x509 dname: none\n");
171 #endif
172 #ifdef CONFIG_VNC_SASL
173 if (client->sasl.conn &&
174 client->sasl.username)
175 monitor_printf(mon, " username: %s\n", client->sasl.username);
176 else
177 monitor_printf(mon, " username: none\n");
178 #endif
181 void do_info_vnc(Monitor *mon)
183 if (vnc_display == NULL || vnc_display->display == NULL) {
184 monitor_printf(mon, "Server: disabled\n");
185 } else {
186 char *serverAddr = vnc_socket_local_addr(" address: %s:%s\n",
187 vnc_display->lsock);
189 if (!serverAddr)
190 return;
192 monitor_printf(mon, "Server:\n");
193 monitor_printf(mon, "%s", serverAddr);
194 free(serverAddr);
195 monitor_printf(mon, " auth: %s\n", vnc_auth_name(vnc_display));
197 if (vnc_display->clients) {
198 VncState *client = vnc_display->clients;
199 while (client) {
200 do_info_vnc_client(mon, client);
201 client = client->next;
203 } else {
204 monitor_printf(mon, "Client: none\n");
209 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
210 return (vs->features & (1 << feature));
213 /* TODO
214 1) Get the queue working for IO.
215 2) there is some weirdness when using the -S option (the screen is grey
216 and not totally invalidated
217 3) resolutions > 1024
220 static int vnc_update_client(VncState *vs, int has_dirty);
221 static void vnc_disconnect_start(VncState *vs);
222 static void vnc_disconnect_finish(VncState *vs);
223 static void vnc_init_timer(VncDisplay *vd);
224 static void vnc_remove_timer(VncDisplay *vd);
226 static void vnc_colordepth(VncState *vs);
227 static void framebuffer_update_request(VncState *vs, int incremental,
228 int x_position, int y_position,
229 int w, int h);
230 static void vnc_refresh(void *opaque);
231 static int vnc_refresh_server_surface(VncDisplay *vd);
233 static inline void vnc_set_bit(uint32_t *d, int k)
235 d[k >> 5] |= 1 << (k & 0x1f);
238 static inline void vnc_clear_bit(uint32_t *d, int k)
240 d[k >> 5] &= ~(1 << (k & 0x1f));
243 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
245 int j;
247 j = 0;
248 while (n >= 32) {
249 d[j++] = -1;
250 n -= 32;
252 if (n > 0)
253 d[j++] = (1 << n) - 1;
254 while (j < nb_words)
255 d[j++] = 0;
258 static inline int vnc_get_bit(const uint32_t *d, int k)
260 return (d[k >> 5] >> (k & 0x1f)) & 1;
263 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
264 int nb_words)
266 int i;
267 for(i = 0; i < nb_words; i++) {
268 if ((d1[i] & d2[i]) != 0)
269 return 1;
271 return 0;
274 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
276 int i;
277 VncDisplay *vd = ds->opaque;
278 struct VncSurface *s = &vd->guest;
280 h += y;
282 /* round x down to ensure the loop only spans one 16-pixel block per,
283 iteration. otherwise, if (x % 16) != 0, the last iteration may span
284 two 16-pixel blocks but we only mark the first as dirty
286 w += (x % 16);
287 x -= (x % 16);
289 x = MIN(x, s->ds->width);
290 y = MIN(y, s->ds->height);
291 w = MIN(x + w, s->ds->width) - x;
292 h = MIN(h, s->ds->height);
294 for (; y < h; y++)
295 for (i = 0; i < w; i += 16)
296 vnc_set_bit(s->dirty[y], (x + i) / 16);
299 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
300 int32_t encoding)
302 vnc_write_u16(vs, x);
303 vnc_write_u16(vs, y);
304 vnc_write_u16(vs, w);
305 vnc_write_u16(vs, h);
307 vnc_write_s32(vs, encoding);
310 void buffer_reserve(Buffer *buffer, size_t len)
312 if ((buffer->capacity - buffer->offset) < len) {
313 buffer->capacity += (len + 1024);
314 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
315 if (buffer->buffer == NULL) {
316 fprintf(stderr, "vnc: out of memory\n");
317 exit(1);
322 int buffer_empty(Buffer *buffer)
324 return buffer->offset == 0;
327 uint8_t *buffer_end(Buffer *buffer)
329 return buffer->buffer + buffer->offset;
332 void buffer_reset(Buffer *buffer)
334 buffer->offset = 0;
337 void buffer_append(Buffer *buffer, const void *data, size_t len)
339 memcpy(buffer->buffer + buffer->offset, data, len);
340 buffer->offset += len;
343 static void vnc_dpy_resize(DisplayState *ds)
345 int size_changed;
346 VncDisplay *vd = ds->opaque;
347 VncState *vs = vd->clients;
349 /* server surface */
350 if (!vd->server)
351 vd->server = qemu_mallocz(sizeof(*vd->server));
352 if (vd->server->data)
353 qemu_free(vd->server->data);
354 *(vd->server) = *(ds->surface);
355 vd->server->data = qemu_mallocz(vd->server->linesize *
356 vd->server->height);
358 /* guest surface */
359 if (!vd->guest.ds)
360 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
361 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
362 console_color_init(ds);
363 size_changed = ds_get_width(ds) != vd->guest.ds->width ||
364 ds_get_height(ds) != vd->guest.ds->height;
365 *(vd->guest.ds) = *(ds->surface);
366 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
368 while (vs != NULL) {
369 vnc_colordepth(vs);
370 if (size_changed) {
371 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
372 vnc_write_u8(vs, 0); /* msg id */
373 vnc_write_u8(vs, 0);
374 vnc_write_u16(vs, 1); /* number of rects */
375 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
376 VNC_ENCODING_DESKTOPRESIZE);
377 vnc_flush(vs);
380 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
381 vs = vs->next;
385 /* fastest code */
386 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
388 vnc_write(vs, pixels, size);
391 /* slowest but generic code. */
392 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
394 uint8_t r, g, b;
395 VncDisplay *vd = vs->vd;
397 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
398 vd->server->pf.rbits);
399 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
400 vd->server->pf.gbits);
401 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
402 vd->server->pf.bbits);
403 v = (r << vs->clientds.pf.rshift) |
404 (g << vs->clientds.pf.gshift) |
405 (b << vs->clientds.pf.bshift);
406 switch(vs->clientds.pf.bytes_per_pixel) {
407 case 1:
408 buf[0] = v;
409 break;
410 case 2:
411 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
412 buf[0] = v >> 8;
413 buf[1] = v;
414 } else {
415 buf[1] = v >> 8;
416 buf[0] = v;
418 break;
419 default:
420 case 4:
421 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
422 buf[0] = v >> 24;
423 buf[1] = v >> 16;
424 buf[2] = v >> 8;
425 buf[3] = v;
426 } else {
427 buf[3] = v >> 24;
428 buf[2] = v >> 16;
429 buf[1] = v >> 8;
430 buf[0] = v;
432 break;
436 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
438 uint8_t buf[4];
439 VncDisplay *vd = vs->vd;
441 if (vd->server->pf.bytes_per_pixel == 4) {
442 uint32_t *pixels = pixels1;
443 int n, i;
444 n = size >> 2;
445 for(i = 0; i < n; i++) {
446 vnc_convert_pixel(vs, buf, pixels[i]);
447 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
449 } else if (vd->server->pf.bytes_per_pixel == 2) {
450 uint16_t *pixels = pixels1;
451 int n, i;
452 n = size >> 1;
453 for(i = 0; i < n; i++) {
454 vnc_convert_pixel(vs, buf, pixels[i]);
455 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
457 } else if (vd->server->pf.bytes_per_pixel == 1) {
458 uint8_t *pixels = pixels1;
459 int n, i;
460 n = size;
461 for(i = 0; i < n; i++) {
462 vnc_convert_pixel(vs, buf, pixels[i]);
463 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
465 } else {
466 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
470 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
472 int i;
473 uint8_t *row;
474 VncDisplay *vd = vs->vd;
476 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
477 for (i = 0; i < h; i++) {
478 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
479 row += ds_get_linesize(vs->ds);
483 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
485 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
486 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
489 #define BPP 8
490 #include "vnchextile.h"
491 #undef BPP
493 #define BPP 16
494 #include "vnchextile.h"
495 #undef BPP
497 #define BPP 32
498 #include "vnchextile.h"
499 #undef BPP
501 #define GENERIC
502 #define BPP 8
503 #include "vnchextile.h"
504 #undef BPP
505 #undef GENERIC
507 #define GENERIC
508 #define BPP 16
509 #include "vnchextile.h"
510 #undef BPP
511 #undef GENERIC
513 #define GENERIC
514 #define BPP 32
515 #include "vnchextile.h"
516 #undef BPP
517 #undef GENERIC
519 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
521 int i, j;
522 int has_fg, has_bg;
523 uint8_t *last_fg, *last_bg;
524 VncDisplay *vd = vs->vd;
526 last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
527 last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);
528 has_fg = has_bg = 0;
529 for (j = y; j < (y + h); j += 16) {
530 for (i = x; i < (x + w); i += 16) {
531 vs->send_hextile_tile(vs, i, j,
532 MIN(16, x + w - i), MIN(16, y + h - j),
533 last_bg, last_fg, &has_bg, &has_fg);
536 free(last_fg);
537 free(last_bg);
541 #define ZALLOC_ALIGNMENT 16
543 static void *zalloc(void *x, unsigned items, unsigned size)
545 void *p;
547 size *= items;
548 size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
550 p = qemu_mallocz(size);
552 return (p);
555 static void zfree(void *x, void *addr)
557 qemu_free(addr);
560 static void vnc_zlib_init(VncState *vs)
562 int i;
563 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
564 vs->zlib_stream[i].opaque = NULL;
567 static void vnc_zlib_start(VncState *vs)
569 buffer_reset(&vs->zlib);
571 // make the output buffer be the zlib buffer, so we can compress it later
572 vs->zlib_tmp = vs->output;
573 vs->output = vs->zlib;
576 static int vnc_zlib_stop(VncState *vs, int stream_id)
578 z_streamp zstream = &vs->zlib_stream[stream_id];
579 int previous_out;
581 // switch back to normal output/zlib buffers
582 vs->zlib = vs->output;
583 vs->output = vs->zlib_tmp;
585 // compress the zlib buffer
587 // initialize the stream
588 // XXX need one stream per session
589 if (zstream->opaque != vs) {
590 int err;
592 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
593 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
594 zstream->zalloc = zalloc;
595 zstream->zfree = zfree;
597 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
598 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
600 if (err != Z_OK) {
601 fprintf(stderr, "VNC: error initializing zlib\n");
602 return -1;
605 zstream->opaque = vs;
608 // XXX what to do if tight_compression changed in between?
610 // reserve memory in output buffer
611 buffer_reserve(&vs->output, vs->zlib.offset + 64);
613 // set pointers
614 zstream->next_in = vs->zlib.buffer;
615 zstream->avail_in = vs->zlib.offset;
616 zstream->next_out = vs->output.buffer + vs->output.offset;
617 zstream->avail_out = vs->output.capacity - vs->output.offset;
618 zstream->data_type = Z_BINARY;
619 previous_out = zstream->total_out;
621 // start encoding
622 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
623 fprintf(stderr, "VNC: error during zlib compression\n");
624 return -1;
627 vs->output.offset = vs->output.capacity - zstream->avail_out;
628 return zstream->total_out - previous_out;
631 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
633 int old_offset, new_offset, bytes_written;
635 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
637 // remember where we put in the follow-up size
638 old_offset = vs->output.offset;
639 vnc_write_s32(vs, 0);
641 // compress the stream
642 vnc_zlib_start(vs);
643 send_framebuffer_update_raw(vs, x, y, w, h);
644 bytes_written = vnc_zlib_stop(vs, 0);
646 if (bytes_written == -1)
647 return;
649 // hack in the size
650 new_offset = vs->output.offset;
651 vs->output.offset = old_offset;
652 vnc_write_u32(vs, bytes_written);
653 vs->output.offset = new_offset;
656 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
658 switch(vs->vnc_encoding) {
659 case VNC_ENCODING_ZLIB:
660 send_framebuffer_update_zlib(vs, x, y, w, h);
661 break;
662 case VNC_ENCODING_HEXTILE:
663 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
664 send_framebuffer_update_hextile(vs, x, y, w, h);
665 break;
666 default:
667 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
668 send_framebuffer_update_raw(vs, x, y, w, h);
669 break;
673 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
675 /* send bitblit op to the vnc client */
676 vnc_write_u8(vs, 0); /* msg id */
677 vnc_write_u8(vs, 0);
678 vnc_write_u16(vs, 1); /* number of rects */
679 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
680 vnc_write_u16(vs, src_x);
681 vnc_write_u16(vs, src_y);
682 vnc_flush(vs);
685 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
687 VncDisplay *vd = ds->opaque;
688 VncState *vs, *vn;
689 uint8_t *src_row;
690 uint8_t *dst_row;
691 int i,x,y,pitch,depth,inc,w_lim,s;
692 int cmp_bytes;
694 vnc_refresh_server_surface(vd);
695 for (vs = vd->clients; vs != NULL; vs = vn) {
696 vn = vs->next;
697 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
698 vs->force_update = 1;
699 vnc_update_client(vs, 1);
700 /* vs might be free()ed here */
704 /* do bitblit op on the local surface too */
705 pitch = ds_get_linesize(vd->ds);
706 depth = ds_get_bytes_per_pixel(vd->ds);
707 src_row = vd->server->data + pitch * src_y + depth * src_x;
708 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
709 y = dst_y;
710 inc = 1;
711 if (dst_y > src_y) {
712 /* copy backwards */
713 src_row += pitch * (h-1);
714 dst_row += pitch * (h-1);
715 pitch = -pitch;
716 y = dst_y + h - 1;
717 inc = -1;
719 w_lim = w - (16 - (dst_x % 16));
720 if (w_lim < 0)
721 w_lim = w;
722 else
723 w_lim = w - (w_lim % 16);
724 for (i = 0; i < h; i++) {
725 for (x = 0; x <= w_lim;
726 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
727 if (x == w_lim) {
728 if ((s = w - w_lim) == 0)
729 break;
730 } else if (!x) {
731 s = (16 - (dst_x % 16));
732 s = MIN(s, w_lim);
733 } else {
734 s = 16;
736 cmp_bytes = s * depth;
737 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
738 continue;
739 memmove(dst_row, src_row, cmp_bytes);
740 vs = vd->clients;
741 while (vs != NULL) {
742 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
743 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
744 vs = vs->next;
747 src_row += pitch - w * depth;
748 dst_row += pitch - w * depth;
749 y += inc;
752 for (vs = vd->clients; vs != NULL; vs = vs->next) {
753 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
754 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
758 static int find_and_clear_dirty_height(struct VncState *vs,
759 int y, int last_x, int x)
761 int h;
762 VncDisplay *vd = vs->vd;
764 for (h = 1; h < (vd->server->height - y); h++) {
765 int tmp_x;
766 if (!vnc_get_bit(vs->dirty[y + h], last_x))
767 break;
768 for (tmp_x = last_x; tmp_x < x; tmp_x++)
769 vnc_clear_bit(vs->dirty[y + h], tmp_x);
772 return h;
775 static int vnc_update_client(VncState *vs, int has_dirty)
777 if (vs->need_update && vs->csock != -1) {
778 VncDisplay *vd = vs->vd;
779 int y;
780 int n_rectangles;
781 int saved_offset;
783 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
784 /* kernel send buffers are full -> drop frames to throttle */
785 return 0;
787 if (!has_dirty && !vs->audio_cap && !vs->force_update)
788 return 0;
791 * Send screen updates to the vnc client using the server
792 * surface and server dirty map. guest surface updates
793 * happening in parallel don't disturb us, the next pass will
794 * send them to the client.
796 n_rectangles = 0;
797 vnc_write_u8(vs, 0); /* msg id */
798 vnc_write_u8(vs, 0);
799 saved_offset = vs->output.offset;
800 vnc_write_u16(vs, 0);
802 for (y = 0; y < vd->server->height; y++) {
803 int x;
804 int last_x = -1;
805 for (x = 0; x < vd->server->width / 16; x++) {
806 if (vnc_get_bit(vs->dirty[y], x)) {
807 if (last_x == -1) {
808 last_x = x;
810 vnc_clear_bit(vs->dirty[y], x);
811 } else {
812 if (last_x != -1) {
813 int h = find_and_clear_dirty_height(vs, y, last_x, x);
814 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
815 n_rectangles++;
817 last_x = -1;
820 if (last_x != -1) {
821 int h = find_and_clear_dirty_height(vs, y, last_x, x);
822 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
823 n_rectangles++;
826 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
827 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
828 vnc_flush(vs);
829 vs->force_update = 0;
830 return n_rectangles;
833 if (vs->csock == -1)
834 vnc_disconnect_finish(vs);
836 return 0;
839 /* audio */
840 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
842 VncState *vs = opaque;
844 switch (cmd) {
845 case AUD_CNOTIFY_DISABLE:
846 vnc_write_u8(vs, 255);
847 vnc_write_u8(vs, 1);
848 vnc_write_u16(vs, 0);
849 vnc_flush(vs);
850 break;
852 case AUD_CNOTIFY_ENABLE:
853 vnc_write_u8(vs, 255);
854 vnc_write_u8(vs, 1);
855 vnc_write_u16(vs, 1);
856 vnc_flush(vs);
857 break;
861 static void audio_capture_destroy(void *opaque)
865 static void audio_capture(void *opaque, void *buf, int size)
867 VncState *vs = opaque;
869 vnc_write_u8(vs, 255);
870 vnc_write_u8(vs, 1);
871 vnc_write_u16(vs, 2);
872 vnc_write_u32(vs, size);
873 vnc_write(vs, buf, size);
874 vnc_flush(vs);
877 static void audio_add(VncState *vs)
879 Monitor *mon = cur_mon;
880 struct audio_capture_ops ops;
882 if (vs->audio_cap) {
883 monitor_printf(mon, "audio already running\n");
884 return;
887 ops.notify = audio_capture_notify;
888 ops.destroy = audio_capture_destroy;
889 ops.capture = audio_capture;
891 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
892 if (!vs->audio_cap) {
893 monitor_printf(mon, "Failed to add audio capture\n");
897 static void audio_del(VncState *vs)
899 if (vs->audio_cap) {
900 AUD_del_capture(vs->audio_cap, vs);
901 vs->audio_cap = NULL;
905 static void vnc_disconnect_start(VncState *vs)
907 if (vs->csock == -1)
908 return;
909 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
910 closesocket(vs->csock);
911 vs->csock = -1;
914 static void vnc_disconnect_finish(VncState *vs)
916 if (vs->input.buffer) {
917 qemu_free(vs->input.buffer);
918 vs->input.buffer = NULL;
920 if (vs->output.buffer) {
921 qemu_free(vs->output.buffer);
922 vs->output.buffer = NULL;
924 #ifdef CONFIG_VNC_TLS
925 vnc_tls_client_cleanup(vs);
926 #endif /* CONFIG_VNC_TLS */
927 #ifdef CONFIG_VNC_SASL
928 vnc_sasl_client_cleanup(vs);
929 #endif /* CONFIG_VNC_SASL */
930 audio_del(vs);
932 VncState *p, *parent = NULL;
933 for (p = vs->vd->clients; p != NULL; p = p->next) {
934 if (p == vs) {
935 if (parent)
936 parent->next = p->next;
937 else
938 vs->vd->clients = p->next;
939 break;
941 parent = p;
943 if (!vs->vd->clients)
944 dcl->idle = 1;
946 vnc_remove_timer(vs->vd);
947 qemu_free(vs);
950 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
952 if (ret == 0 || ret == -1) {
953 if (ret == -1) {
954 switch (last_errno) {
955 case EINTR:
956 case EAGAIN:
957 #ifdef _WIN32
958 case WSAEWOULDBLOCK:
959 #endif
960 return 0;
961 default:
962 break;
966 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
967 ret, ret < 0 ? last_errno : 0);
968 vnc_disconnect_start(vs);
970 return 0;
972 return ret;
976 void vnc_client_error(VncState *vs)
978 VNC_DEBUG("Closing down client sock: protocol error\n");
979 vnc_disconnect_start(vs);
984 * Called to write a chunk of data to the client socket. The data may
985 * be the raw data, or may have already been encoded by SASL.
986 * The data will be written either straight onto the socket, or
987 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
989 * NB, it is theoretically possible to have 2 layers of encryption,
990 * both SASL, and this TLS layer. It is highly unlikely in practice
991 * though, since SASL encryption will typically be a no-op if TLS
992 * is active
994 * Returns the number of bytes written, which may be less than
995 * the requested 'datalen' if the socket would block. Returns
996 * -1 on error, and disconnects the client socket.
998 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1000 long ret;
1001 #ifdef CONFIG_VNC_TLS
1002 if (vs->tls.session) {
1003 ret = gnutls_write(vs->tls.session, data, datalen);
1004 if (ret < 0) {
1005 if (ret == GNUTLS_E_AGAIN)
1006 errno = EAGAIN;
1007 else
1008 errno = EIO;
1009 ret = -1;
1011 } else
1012 #endif /* CONFIG_VNC_TLS */
1013 ret = send(vs->csock, (const void *)data, datalen, 0);
1014 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1015 return vnc_client_io_error(vs, ret, socket_error());
1020 * Called to write buffered data to the client socket, when not
1021 * using any SASL SSF encryption layers. Will write as much data
1022 * as possible without blocking. If all buffered data is written,
1023 * will switch the FD poll() handler back to read monitoring.
1025 * Returns the number of bytes written, which may be less than
1026 * the buffered output data if the socket would block. Returns
1027 * -1 on error, and disconnects the client socket.
1029 static long vnc_client_write_plain(VncState *vs)
1031 long ret;
1033 #ifdef CONFIG_VNC_SASL
1034 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1035 vs->output.buffer, vs->output.capacity, vs->output.offset,
1036 vs->sasl.waitWriteSSF);
1038 if (vs->sasl.conn &&
1039 vs->sasl.runSSF &&
1040 vs->sasl.waitWriteSSF) {
1041 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1042 if (ret)
1043 vs->sasl.waitWriteSSF -= ret;
1044 } else
1045 #endif /* CONFIG_VNC_SASL */
1046 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1047 if (!ret)
1048 return 0;
1050 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1051 vs->output.offset -= ret;
1053 if (vs->output.offset == 0) {
1054 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1057 return ret;
1062 * First function called whenever there is data to be written to
1063 * the client socket. Will delegate actual work according to whether
1064 * SASL SSF layers are enabled (thus requiring encryption calls)
1066 void vnc_client_write(void *opaque)
1068 long ret;
1069 VncState *vs = opaque;
1071 #ifdef CONFIG_VNC_SASL
1072 if (vs->sasl.conn &&
1073 vs->sasl.runSSF &&
1074 !vs->sasl.waitWriteSSF)
1075 ret = vnc_client_write_sasl(vs);
1076 else
1077 #endif /* CONFIG_VNC_SASL */
1078 ret = vnc_client_write_plain(vs);
1081 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1083 vs->read_handler = func;
1084 vs->read_handler_expect = expecting;
1089 * Called to read a chunk of data from the client socket. The data may
1090 * be the raw data, or may need to be further decoded by SASL.
1091 * The data will be read either straight from to the socket, or
1092 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1094 * NB, it is theoretically possible to have 2 layers of encryption,
1095 * both SASL, and this TLS layer. It is highly unlikely in practice
1096 * though, since SASL encryption will typically be a no-op if TLS
1097 * is active
1099 * Returns the number of bytes read, which may be less than
1100 * the requested 'datalen' if the socket would block. Returns
1101 * -1 on error, and disconnects the client socket.
1103 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1105 long ret;
1106 #ifdef CONFIG_VNC_TLS
1107 if (vs->tls.session) {
1108 ret = gnutls_read(vs->tls.session, data, datalen);
1109 if (ret < 0) {
1110 if (ret == GNUTLS_E_AGAIN)
1111 errno = EAGAIN;
1112 else
1113 errno = EIO;
1114 ret = -1;
1116 } else
1117 #endif /* CONFIG_VNC_TLS */
1118 ret = recv(vs->csock, (void *)data, datalen, 0);
1119 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1120 return vnc_client_io_error(vs, ret, socket_error());
1125 * Called to read data from the client socket to the input buffer,
1126 * when not using any SASL SSF encryption layers. Will read as much
1127 * data as possible without blocking.
1129 * Returns the number of bytes read. Returns -1 on error, and
1130 * disconnects the client socket.
1132 static long vnc_client_read_plain(VncState *vs)
1134 int ret;
1135 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1136 vs->input.buffer, vs->input.capacity, vs->input.offset);
1137 buffer_reserve(&vs->input, 4096);
1138 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1139 if (!ret)
1140 return 0;
1141 vs->input.offset += ret;
1142 return ret;
1147 * First function called whenever there is more data to be read from
1148 * the client socket. Will delegate actual work according to whether
1149 * SASL SSF layers are enabled (thus requiring decryption calls)
1151 void vnc_client_read(void *opaque)
1153 VncState *vs = opaque;
1154 long ret;
1156 #ifdef CONFIG_VNC_SASL
1157 if (vs->sasl.conn && vs->sasl.runSSF)
1158 ret = vnc_client_read_sasl(vs);
1159 else
1160 #endif /* CONFIG_VNC_SASL */
1161 ret = vnc_client_read_plain(vs);
1162 if (!ret) {
1163 if (vs->csock == -1)
1164 vnc_disconnect_finish(vs);
1165 return;
1168 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1169 size_t len = vs->read_handler_expect;
1170 int ret;
1172 ret = vs->read_handler(vs, vs->input.buffer, len);
1173 if (vs->csock == -1) {
1174 vnc_disconnect_finish(vs);
1175 return;
1178 if (!ret) {
1179 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1180 vs->input.offset -= len;
1181 } else {
1182 vs->read_handler_expect = ret;
1187 void vnc_write(VncState *vs, const void *data, size_t len)
1189 buffer_reserve(&vs->output, len);
1191 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1192 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1195 buffer_append(&vs->output, data, len);
1198 void vnc_write_s32(VncState *vs, int32_t value)
1200 vnc_write_u32(vs, *(uint32_t *)&value);
1203 void vnc_write_u32(VncState *vs, uint32_t value)
1205 uint8_t buf[4];
1207 buf[0] = (value >> 24) & 0xFF;
1208 buf[1] = (value >> 16) & 0xFF;
1209 buf[2] = (value >> 8) & 0xFF;
1210 buf[3] = value & 0xFF;
1212 vnc_write(vs, buf, 4);
1215 void vnc_write_u16(VncState *vs, uint16_t value)
1217 uint8_t buf[2];
1219 buf[0] = (value >> 8) & 0xFF;
1220 buf[1] = value & 0xFF;
1222 vnc_write(vs, buf, 2);
1225 void vnc_write_u8(VncState *vs, uint8_t value)
1227 vnc_write(vs, (char *)&value, 1);
1230 void vnc_flush(VncState *vs)
1232 if (vs->csock != -1 && vs->output.offset)
1233 vnc_client_write(vs);
1236 uint8_t read_u8(uint8_t *data, size_t offset)
1238 return data[offset];
1241 uint16_t read_u16(uint8_t *data, size_t offset)
1243 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1246 int32_t read_s32(uint8_t *data, size_t offset)
1248 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1249 (data[offset + 2] << 8) | data[offset + 3]);
1252 uint32_t read_u32(uint8_t *data, size_t offset)
1254 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1255 (data[offset + 2] << 8) | data[offset + 3]);
1258 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1262 static void check_pointer_type_change(VncState *vs, int absolute)
1264 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1265 vnc_write_u8(vs, 0);
1266 vnc_write_u8(vs, 0);
1267 vnc_write_u16(vs, 1);
1268 vnc_framebuffer_update(vs, absolute, 0,
1269 ds_get_width(vs->ds), ds_get_height(vs->ds),
1270 VNC_ENCODING_POINTER_TYPE_CHANGE);
1271 vnc_flush(vs);
1273 vs->absolute = absolute;
1276 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1278 int buttons = 0;
1279 int dz = 0;
1281 if (button_mask & 0x01)
1282 buttons |= MOUSE_EVENT_LBUTTON;
1283 if (button_mask & 0x02)
1284 buttons |= MOUSE_EVENT_MBUTTON;
1285 if (button_mask & 0x04)
1286 buttons |= MOUSE_EVENT_RBUTTON;
1287 if (button_mask & 0x08)
1288 dz = -1;
1289 if (button_mask & 0x10)
1290 dz = 1;
1292 if (vs->absolute) {
1293 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1294 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1295 dz, buttons);
1296 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1297 x -= 0x7FFF;
1298 y -= 0x7FFF;
1300 kbd_mouse_event(x, y, dz, buttons);
1301 } else {
1302 if (vs->last_x != -1)
1303 kbd_mouse_event(x - vs->last_x,
1304 y - vs->last_y,
1305 dz, buttons);
1306 vs->last_x = x;
1307 vs->last_y = y;
1310 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1313 static void reset_keys(VncState *vs)
1315 int i;
1316 for(i = 0; i < 256; i++) {
1317 if (vs->modifiers_state[i]) {
1318 if (i & 0x80)
1319 kbd_put_keycode(0xe0);
1320 kbd_put_keycode(i | 0x80);
1321 vs->modifiers_state[i] = 0;
1326 static void press_key(VncState *vs, int keysym)
1328 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1329 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1332 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1334 /* QEMU console switch */
1335 switch(keycode) {
1336 case 0x2a: /* Left Shift */
1337 case 0x36: /* Right Shift */
1338 case 0x1d: /* Left CTRL */
1339 case 0x9d: /* Right CTRL */
1340 case 0x38: /* Left ALT */
1341 case 0xb8: /* Right ALT */
1342 if (down)
1343 vs->modifiers_state[keycode] = 1;
1344 else
1345 vs->modifiers_state[keycode] = 0;
1346 break;
1347 case 0x02 ... 0x0a: /* '1' to '9' keys */
1348 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1349 /* Reset the modifiers sent to the current console */
1350 reset_keys(vs);
1351 console_select(keycode - 0x02);
1352 return;
1354 break;
1355 case 0x3a: /* CapsLock */
1356 case 0x45: /* NumLock */
1357 if (!down)
1358 vs->modifiers_state[keycode] ^= 1;
1359 break;
1362 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1363 /* If the numlock state needs to change then simulate an additional
1364 keypress before sending this one. This will happen if the user
1365 toggles numlock away from the VNC window.
1367 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1368 if (!vs->modifiers_state[0x45]) {
1369 vs->modifiers_state[0x45] = 1;
1370 press_key(vs, 0xff7f);
1372 } else {
1373 if (vs->modifiers_state[0x45]) {
1374 vs->modifiers_state[0x45] = 0;
1375 press_key(vs, 0xff7f);
1380 if (is_graphic_console()) {
1381 if (keycode & 0x80)
1382 kbd_put_keycode(0xe0);
1383 if (down)
1384 kbd_put_keycode(keycode & 0x7f);
1385 else
1386 kbd_put_keycode(keycode | 0x80);
1387 } else {
1388 /* QEMU console emulation */
1389 if (down) {
1390 int numlock = vs->modifiers_state[0x45];
1391 switch (keycode) {
1392 case 0x2a: /* Left Shift */
1393 case 0x36: /* Right Shift */
1394 case 0x1d: /* Left CTRL */
1395 case 0x9d: /* Right CTRL */
1396 case 0x38: /* Left ALT */
1397 case 0xb8: /* Right ALT */
1398 break;
1399 case 0xc8:
1400 kbd_put_keysym(QEMU_KEY_UP);
1401 break;
1402 case 0xd0:
1403 kbd_put_keysym(QEMU_KEY_DOWN);
1404 break;
1405 case 0xcb:
1406 kbd_put_keysym(QEMU_KEY_LEFT);
1407 break;
1408 case 0xcd:
1409 kbd_put_keysym(QEMU_KEY_RIGHT);
1410 break;
1411 case 0xd3:
1412 kbd_put_keysym(QEMU_KEY_DELETE);
1413 break;
1414 case 0xc7:
1415 kbd_put_keysym(QEMU_KEY_HOME);
1416 break;
1417 case 0xcf:
1418 kbd_put_keysym(QEMU_KEY_END);
1419 break;
1420 case 0xc9:
1421 kbd_put_keysym(QEMU_KEY_PAGEUP);
1422 break;
1423 case 0xd1:
1424 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1425 break;
1427 case 0x47:
1428 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1429 break;
1430 case 0x48:
1431 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1432 break;
1433 case 0x49:
1434 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1435 break;
1436 case 0x4b:
1437 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1438 break;
1439 case 0x4c:
1440 kbd_put_keysym('5');
1441 break;
1442 case 0x4d:
1443 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1444 break;
1445 case 0x4f:
1446 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1447 break;
1448 case 0x50:
1449 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1450 break;
1451 case 0x51:
1452 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1453 break;
1454 case 0x52:
1455 kbd_put_keysym('0');
1456 break;
1457 case 0x53:
1458 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1459 break;
1461 case 0xb5:
1462 kbd_put_keysym('/');
1463 break;
1464 case 0x37:
1465 kbd_put_keysym('*');
1466 break;
1467 case 0x4a:
1468 kbd_put_keysym('-');
1469 break;
1470 case 0x4e:
1471 kbd_put_keysym('+');
1472 break;
1473 case 0x9c:
1474 kbd_put_keysym('\n');
1475 break;
1477 default:
1478 kbd_put_keysym(sym);
1479 break;
1485 static void key_event(VncState *vs, int down, uint32_t sym)
1487 int keycode;
1489 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1490 sym = sym - 'A' + 'a';
1492 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1493 do_key_event(vs, down, keycode, sym);
1496 static void ext_key_event(VncState *vs, int down,
1497 uint32_t sym, uint16_t keycode)
1499 /* if the user specifies a keyboard layout, always use it */
1500 if (keyboard_layout)
1501 key_event(vs, down, sym);
1502 else
1503 do_key_event(vs, down, keycode, sym);
1506 static void framebuffer_update_request(VncState *vs, int incremental,
1507 int x_position, int y_position,
1508 int w, int h)
1510 if (x_position > ds_get_width(vs->ds))
1511 x_position = ds_get_width(vs->ds);
1512 if (y_position > ds_get_height(vs->ds))
1513 y_position = ds_get_height(vs->ds);
1514 if (x_position + w >= ds_get_width(vs->ds))
1515 w = ds_get_width(vs->ds) - x_position;
1516 if (y_position + h >= ds_get_height(vs->ds))
1517 h = ds_get_height(vs->ds) - y_position;
1519 int i;
1520 vs->need_update = 1;
1521 if (!incremental) {
1522 vs->force_update = 1;
1523 for (i = 0; i < h; i++) {
1524 vnc_set_bits(vs->dirty[y_position + i],
1525 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1530 static void send_ext_key_event_ack(VncState *vs)
1532 vnc_write_u8(vs, 0);
1533 vnc_write_u8(vs, 0);
1534 vnc_write_u16(vs, 1);
1535 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1536 VNC_ENCODING_EXT_KEY_EVENT);
1537 vnc_flush(vs);
1540 static void send_ext_audio_ack(VncState *vs)
1542 vnc_write_u8(vs, 0);
1543 vnc_write_u8(vs, 0);
1544 vnc_write_u16(vs, 1);
1545 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1546 VNC_ENCODING_AUDIO);
1547 vnc_flush(vs);
1550 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1552 int i;
1553 unsigned int enc = 0;
1555 vnc_zlib_init(vs);
1556 vs->features = 0;
1557 vs->vnc_encoding = 0;
1558 vs->tight_compression = 9;
1559 vs->tight_quality = 9;
1560 vs->absolute = -1;
1562 for (i = n_encodings - 1; i >= 0; i--) {
1563 enc = encodings[i];
1564 switch (enc) {
1565 case VNC_ENCODING_RAW:
1566 vs->vnc_encoding = enc;
1567 break;
1568 case VNC_ENCODING_COPYRECT:
1569 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1570 break;
1571 case VNC_ENCODING_HEXTILE:
1572 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1573 vs->vnc_encoding = enc;
1574 break;
1575 case VNC_ENCODING_ZLIB:
1576 vs->features |= VNC_FEATURE_ZLIB_MASK;
1577 vs->vnc_encoding = enc;
1578 break;
1579 case VNC_ENCODING_DESKTOPRESIZE:
1580 vs->features |= VNC_FEATURE_RESIZE_MASK;
1581 break;
1582 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1583 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1584 break;
1585 case VNC_ENCODING_EXT_KEY_EVENT:
1586 send_ext_key_event_ack(vs);
1587 break;
1588 case VNC_ENCODING_AUDIO:
1589 send_ext_audio_ack(vs);
1590 break;
1591 case VNC_ENCODING_WMVi:
1592 vs->features |= VNC_FEATURE_WMVI_MASK;
1593 break;
1594 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1595 vs->tight_compression = (enc & 0x0F);
1596 break;
1597 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1598 vs->tight_quality = (enc & 0x0F);
1599 break;
1600 default:
1601 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1602 break;
1606 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1609 static void set_pixel_conversion(VncState *vs)
1611 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1612 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1613 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1614 vs->write_pixels = vnc_write_pixels_copy;
1615 switch (vs->ds->surface->pf.bits_per_pixel) {
1616 case 8:
1617 vs->send_hextile_tile = send_hextile_tile_8;
1618 break;
1619 case 16:
1620 vs->send_hextile_tile = send_hextile_tile_16;
1621 break;
1622 case 32:
1623 vs->send_hextile_tile = send_hextile_tile_32;
1624 break;
1626 } else {
1627 vs->write_pixels = vnc_write_pixels_generic;
1628 switch (vs->ds->surface->pf.bits_per_pixel) {
1629 case 8:
1630 vs->send_hextile_tile = send_hextile_tile_generic_8;
1631 break;
1632 case 16:
1633 vs->send_hextile_tile = send_hextile_tile_generic_16;
1634 break;
1635 case 32:
1636 vs->send_hextile_tile = send_hextile_tile_generic_32;
1637 break;
1642 static void set_pixel_format(VncState *vs,
1643 int bits_per_pixel, int depth,
1644 int big_endian_flag, int true_color_flag,
1645 int red_max, int green_max, int blue_max,
1646 int red_shift, int green_shift, int blue_shift)
1648 if (!true_color_flag) {
1649 vnc_client_error(vs);
1650 return;
1653 vs->clientds = *(vs->vd->guest.ds);
1654 vs->clientds.pf.rmax = red_max;
1655 count_bits(vs->clientds.pf.rbits, red_max);
1656 vs->clientds.pf.rshift = red_shift;
1657 vs->clientds.pf.rmask = red_max << red_shift;
1658 vs->clientds.pf.gmax = green_max;
1659 count_bits(vs->clientds.pf.gbits, green_max);
1660 vs->clientds.pf.gshift = green_shift;
1661 vs->clientds.pf.gmask = green_max << green_shift;
1662 vs->clientds.pf.bmax = blue_max;
1663 count_bits(vs->clientds.pf.bbits, blue_max);
1664 vs->clientds.pf.bshift = blue_shift;
1665 vs->clientds.pf.bmask = blue_max << blue_shift;
1666 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1667 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1668 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1669 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1671 set_pixel_conversion(vs);
1673 vga_hw_invalidate();
1674 vga_hw_update();
1677 static void pixel_format_message (VncState *vs) {
1678 char pad[3] = { 0, 0, 0 };
1680 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1681 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1683 #ifdef HOST_WORDS_BIGENDIAN
1684 vnc_write_u8(vs, 1); /* big-endian-flag */
1685 #else
1686 vnc_write_u8(vs, 0); /* big-endian-flag */
1687 #endif
1688 vnc_write_u8(vs, 1); /* true-color-flag */
1689 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1690 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1691 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1692 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1693 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1694 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1695 if (vs->ds->surface->pf.bits_per_pixel == 32)
1696 vs->send_hextile_tile = send_hextile_tile_32;
1697 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1698 vs->send_hextile_tile = send_hextile_tile_16;
1699 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1700 vs->send_hextile_tile = send_hextile_tile_8;
1701 vs->clientds = *(vs->ds->surface);
1702 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1703 vs->write_pixels = vnc_write_pixels_copy;
1705 vnc_write(vs, pad, 3); /* padding */
1708 static void vnc_dpy_setdata(DisplayState *ds)
1710 /* We don't have to do anything */
1713 static void vnc_colordepth(VncState *vs)
1715 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1716 /* Sending a WMVi message to notify the client*/
1717 vnc_write_u8(vs, 0); /* msg id */
1718 vnc_write_u8(vs, 0);
1719 vnc_write_u16(vs, 1); /* number of rects */
1720 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1721 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1722 pixel_format_message(vs);
1723 vnc_flush(vs);
1724 } else {
1725 set_pixel_conversion(vs);
1729 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1731 int i;
1732 uint16_t limit;
1733 VncDisplay *vd = vs->vd;
1735 if (data[0] > 3) {
1736 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1737 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1738 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1741 switch (data[0]) {
1742 case 0:
1743 if (len == 1)
1744 return 20;
1746 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1747 read_u8(data, 6), read_u8(data, 7),
1748 read_u16(data, 8), read_u16(data, 10),
1749 read_u16(data, 12), read_u8(data, 14),
1750 read_u8(data, 15), read_u8(data, 16));
1751 break;
1752 case 2:
1753 if (len == 1)
1754 return 4;
1756 if (len == 4) {
1757 limit = read_u16(data, 2);
1758 if (limit > 0)
1759 return 4 + (limit * 4);
1760 } else
1761 limit = read_u16(data, 2);
1763 for (i = 0; i < limit; i++) {
1764 int32_t val = read_s32(data, 4 + (i * 4));
1765 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1768 set_encodings(vs, (int32_t *)(data + 4), limit);
1769 break;
1770 case 3:
1771 if (len == 1)
1772 return 10;
1774 framebuffer_update_request(vs,
1775 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1776 read_u16(data, 6), read_u16(data, 8));
1777 break;
1778 case 4:
1779 if (len == 1)
1780 return 8;
1782 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1783 break;
1784 case 5:
1785 if (len == 1)
1786 return 6;
1788 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1789 break;
1790 case 6:
1791 if (len == 1)
1792 return 8;
1794 if (len == 8) {
1795 uint32_t dlen = read_u32(data, 4);
1796 if (dlen > 0)
1797 return 8 + dlen;
1800 client_cut_text(vs, read_u32(data, 4), data + 8);
1801 break;
1802 case 255:
1803 if (len == 1)
1804 return 2;
1806 switch (read_u8(data, 1)) {
1807 case 0:
1808 if (len == 2)
1809 return 12;
1811 ext_key_event(vs, read_u16(data, 2),
1812 read_u32(data, 4), read_u32(data, 8));
1813 break;
1814 case 1:
1815 if (len == 2)
1816 return 4;
1818 switch (read_u16 (data, 2)) {
1819 case 0:
1820 audio_add(vs);
1821 break;
1822 case 1:
1823 audio_del(vs);
1824 break;
1825 case 2:
1826 if (len == 4)
1827 return 10;
1828 switch (read_u8(data, 4)) {
1829 case 0: vs->as.fmt = AUD_FMT_U8; break;
1830 case 1: vs->as.fmt = AUD_FMT_S8; break;
1831 case 2: vs->as.fmt = AUD_FMT_U16; break;
1832 case 3: vs->as.fmt = AUD_FMT_S16; break;
1833 case 4: vs->as.fmt = AUD_FMT_U32; break;
1834 case 5: vs->as.fmt = AUD_FMT_S32; break;
1835 default:
1836 printf("Invalid audio format %d\n", read_u8(data, 4));
1837 vnc_client_error(vs);
1838 break;
1840 vs->as.nchannels = read_u8(data, 5);
1841 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1842 printf("Invalid audio channel coount %d\n",
1843 read_u8(data, 5));
1844 vnc_client_error(vs);
1845 break;
1847 vs->as.freq = read_u32(data, 6);
1848 break;
1849 default:
1850 printf ("Invalid audio message %d\n", read_u8(data, 4));
1851 vnc_client_error(vs);
1852 break;
1854 break;
1856 default:
1857 printf("Msg: %d\n", read_u16(data, 0));
1858 vnc_client_error(vs);
1859 break;
1861 break;
1862 default:
1863 printf("Msg: %d\n", data[0]);
1864 vnc_client_error(vs);
1865 break;
1868 vnc_read_when(vs, protocol_client_msg, 1);
1869 return 0;
1872 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1874 char buf[1024];
1875 int size;
1877 vnc_write_u16(vs, ds_get_width(vs->ds));
1878 vnc_write_u16(vs, ds_get_height(vs->ds));
1880 pixel_format_message(vs);
1882 if (qemu_name)
1883 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1884 else
1885 size = snprintf(buf, sizeof(buf), "QEMU");
1887 vnc_write_u32(vs, size);
1888 vnc_write(vs, buf, size);
1889 vnc_flush(vs);
1891 vnc_read_when(vs, protocol_client_msg, 1);
1893 return 0;
1896 void start_client_init(VncState *vs)
1898 vnc_read_when(vs, protocol_client_init, 1);
1901 static void make_challenge(VncState *vs)
1903 int i;
1905 srand(time(NULL)+getpid()+getpid()*987654+rand());
1907 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1908 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1911 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1913 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1914 int i, j, pwlen;
1915 unsigned char key[8];
1917 if (!vs->vd->password || !vs->vd->password[0]) {
1918 VNC_DEBUG("No password configured on server");
1919 vnc_write_u32(vs, 1); /* Reject auth */
1920 if (vs->minor >= 8) {
1921 static const char err[] = "Authentication failed";
1922 vnc_write_u32(vs, sizeof(err));
1923 vnc_write(vs, err, sizeof(err));
1925 vnc_flush(vs);
1926 vnc_client_error(vs);
1927 return 0;
1930 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1932 /* Calculate the expected challenge response */
1933 pwlen = strlen(vs->vd->password);
1934 for (i=0; i<sizeof(key); i++)
1935 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1936 deskey(key, EN0);
1937 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1938 des(response+j, response+j);
1940 /* Compare expected vs actual challenge response */
1941 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1942 VNC_DEBUG("Client challenge reponse did not match\n");
1943 vnc_write_u32(vs, 1); /* Reject auth */
1944 if (vs->minor >= 8) {
1945 static const char err[] = "Authentication failed";
1946 vnc_write_u32(vs, sizeof(err));
1947 vnc_write(vs, err, sizeof(err));
1949 vnc_flush(vs);
1950 vnc_client_error(vs);
1951 } else {
1952 VNC_DEBUG("Accepting VNC challenge response\n");
1953 vnc_write_u32(vs, 0); /* Accept auth */
1954 vnc_flush(vs);
1956 start_client_init(vs);
1958 return 0;
1961 void start_auth_vnc(VncState *vs)
1963 make_challenge(vs);
1964 /* Send client a 'random' challenge */
1965 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1966 vnc_flush(vs);
1968 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1972 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1974 /* We only advertise 1 auth scheme at a time, so client
1975 * must pick the one we sent. Verify this */
1976 if (data[0] != vs->vd->auth) { /* Reject auth */
1977 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
1978 vnc_write_u32(vs, 1);
1979 if (vs->minor >= 8) {
1980 static const char err[] = "Authentication failed";
1981 vnc_write_u32(vs, sizeof(err));
1982 vnc_write(vs, err, sizeof(err));
1984 vnc_client_error(vs);
1985 } else { /* Accept requested auth */
1986 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1987 switch (vs->vd->auth) {
1988 case VNC_AUTH_NONE:
1989 VNC_DEBUG("Accept auth none\n");
1990 if (vs->minor >= 8) {
1991 vnc_write_u32(vs, 0); /* Accept auth completion */
1992 vnc_flush(vs);
1994 start_client_init(vs);
1995 break;
1997 case VNC_AUTH_VNC:
1998 VNC_DEBUG("Start VNC auth\n");
1999 start_auth_vnc(vs);
2000 break;
2002 #ifdef CONFIG_VNC_TLS
2003 case VNC_AUTH_VENCRYPT:
2004 VNC_DEBUG("Accept VeNCrypt auth\n");;
2005 start_auth_vencrypt(vs);
2006 break;
2007 #endif /* CONFIG_VNC_TLS */
2009 #ifdef CONFIG_VNC_SASL
2010 case VNC_AUTH_SASL:
2011 VNC_DEBUG("Accept SASL auth\n");
2012 start_auth_sasl(vs);
2013 break;
2014 #endif /* CONFIG_VNC_SASL */
2016 default: /* Should not be possible, but just in case */
2017 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2018 vnc_write_u8(vs, 1);
2019 if (vs->minor >= 8) {
2020 static const char err[] = "Authentication failed";
2021 vnc_write_u32(vs, sizeof(err));
2022 vnc_write(vs, err, sizeof(err));
2024 vnc_client_error(vs);
2027 return 0;
2030 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2032 char local[13];
2034 memcpy(local, version, 12);
2035 local[12] = 0;
2037 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2038 VNC_DEBUG("Malformed protocol version %s\n", local);
2039 vnc_client_error(vs);
2040 return 0;
2042 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2043 if (vs->major != 3 ||
2044 (vs->minor != 3 &&
2045 vs->minor != 4 &&
2046 vs->minor != 5 &&
2047 vs->minor != 7 &&
2048 vs->minor != 8)) {
2049 VNC_DEBUG("Unsupported client version\n");
2050 vnc_write_u32(vs, VNC_AUTH_INVALID);
2051 vnc_flush(vs);
2052 vnc_client_error(vs);
2053 return 0;
2055 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2056 * as equivalent to v3.3 by servers
2058 if (vs->minor == 4 || vs->minor == 5)
2059 vs->minor = 3;
2061 if (vs->minor == 3) {
2062 if (vs->vd->auth == VNC_AUTH_NONE) {
2063 VNC_DEBUG("Tell client auth none\n");
2064 vnc_write_u32(vs, vs->vd->auth);
2065 vnc_flush(vs);
2066 start_client_init(vs);
2067 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2068 VNC_DEBUG("Tell client VNC auth\n");
2069 vnc_write_u32(vs, vs->vd->auth);
2070 vnc_flush(vs);
2071 start_auth_vnc(vs);
2072 } else {
2073 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2074 vnc_write_u32(vs, VNC_AUTH_INVALID);
2075 vnc_flush(vs);
2076 vnc_client_error(vs);
2078 } else {
2079 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2080 vnc_write_u8(vs, 1); /* num auth */
2081 vnc_write_u8(vs, vs->vd->auth);
2082 vnc_read_when(vs, protocol_client_auth, 1);
2083 vnc_flush(vs);
2086 return 0;
2089 static int vnc_refresh_server_surface(VncDisplay *vd)
2091 int y;
2092 uint8_t *guest_row;
2093 uint8_t *server_row;
2094 int cmp_bytes;
2095 uint32_t width_mask[VNC_DIRTY_WORDS];
2096 VncState *vs = NULL;
2097 int has_dirty = 0;
2100 * Walk through the guest dirty map.
2101 * Check and copy modified bits from guest to server surface.
2102 * Update server dirty map.
2104 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2105 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2106 guest_row = vd->guest.ds->data;
2107 server_row = vd->server->data;
2108 for (y = 0; y < vd->guest.ds->height; y++) {
2109 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2110 int x;
2111 uint8_t *guest_ptr;
2112 uint8_t *server_ptr;
2114 guest_ptr = guest_row;
2115 server_ptr = server_row;
2117 for (x = 0; x < vd->guest.ds->width;
2118 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2119 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2120 continue;
2121 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2122 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2123 continue;
2124 memcpy(server_ptr, guest_ptr, cmp_bytes);
2125 vs = vd->clients;
2126 while (vs != NULL) {
2127 vnc_set_bit(vs->dirty[y], (x / 16));
2128 vs = vs->next;
2130 has_dirty++;
2133 guest_row += ds_get_linesize(vd->ds);
2134 server_row += ds_get_linesize(vd->ds);
2136 return has_dirty;
2139 static void vnc_refresh(void *opaque)
2141 VncDisplay *vd = opaque;
2142 VncState *vs = NULL;
2143 int has_dirty = 0, rects = 0;
2145 vga_hw_update();
2147 has_dirty = vnc_refresh_server_surface(vd);
2149 vs = vd->clients;
2150 while (vs != NULL) {
2151 rects += vnc_update_client(vs, has_dirty);
2152 vs = vs->next;
2155 if (has_dirty && rects) {
2156 vd->timer_interval /= 2;
2157 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2158 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2159 } else {
2160 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2161 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2162 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2164 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2167 static void vnc_init_timer(VncDisplay *vd)
2169 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2170 if (vd->timer == NULL && vd->clients != NULL) {
2171 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2172 vnc_refresh(vd);
2176 static void vnc_remove_timer(VncDisplay *vd)
2178 if (vd->timer != NULL && vd->clients == NULL) {
2179 qemu_del_timer(vd->timer);
2180 qemu_free_timer(vd->timer);
2181 vd->timer = NULL;
2185 static void vnc_connect(VncDisplay *vd, int csock)
2187 VncState *vs = qemu_mallocz(sizeof(VncState));
2188 vs->csock = csock;
2190 VNC_DEBUG("New client on socket %d\n", csock);
2191 dcl->idle = 0;
2192 socket_set_nonblock(vs->csock);
2193 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2195 vs->vd = vd;
2196 vs->ds = vd->ds;
2197 vs->last_x = -1;
2198 vs->last_y = -1;
2200 vs->as.freq = 44100;
2201 vs->as.nchannels = 2;
2202 vs->as.fmt = AUD_FMT_S16;
2203 vs->as.endianness = 0;
2205 vs->next = vd->clients;
2206 vd->clients = vs;
2208 vga_hw_update();
2210 vnc_write(vs, "RFB 003.008\n", 12);
2211 vnc_flush(vs);
2212 vnc_read_when(vs, protocol_version, 12);
2213 reset_keys(vs);
2215 vnc_init_timer(vd);
2217 /* vs might be free()ed here */
2220 static void vnc_listen_read(void *opaque)
2222 VncDisplay *vs = opaque;
2223 struct sockaddr_in addr;
2224 socklen_t addrlen = sizeof(addr);
2226 /* Catch-up */
2227 vga_hw_update();
2229 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2230 if (csock != -1) {
2231 vnc_connect(vs, csock);
2235 void vnc_display_init(DisplayState *ds)
2237 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2239 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2241 ds->opaque = vs;
2242 dcl->idle = 1;
2243 vnc_display = vs;
2245 vs->lsock = -1;
2247 vs->ds = ds;
2249 if (keyboard_layout)
2250 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2251 else
2252 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2254 if (!vs->kbd_layout)
2255 exit(1);
2257 dcl->dpy_copy = vnc_dpy_copy;
2258 dcl->dpy_update = vnc_dpy_update;
2259 dcl->dpy_resize = vnc_dpy_resize;
2260 dcl->dpy_setdata = vnc_dpy_setdata;
2261 register_displaychangelistener(ds, dcl);
2265 void vnc_display_close(DisplayState *ds)
2267 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2269 if (!vs)
2270 return;
2271 if (vs->display) {
2272 qemu_free(vs->display);
2273 vs->display = NULL;
2275 if (vs->lsock != -1) {
2276 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2277 close(vs->lsock);
2278 vs->lsock = -1;
2280 vs->auth = VNC_AUTH_INVALID;
2281 #ifdef CONFIG_VNC_TLS
2282 vs->subauth = VNC_AUTH_INVALID;
2283 vs->tls.x509verify = 0;
2284 #endif
2287 int vnc_display_password(DisplayState *ds, const char *password)
2289 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2291 if (!vs) {
2292 return -1;
2295 if (vs->password) {
2296 qemu_free(vs->password);
2297 vs->password = NULL;
2299 if (password && password[0]) {
2300 if (!(vs->password = qemu_strdup(password)))
2301 return -1;
2302 if (vs->auth == VNC_AUTH_NONE) {
2303 vs->auth = VNC_AUTH_VNC;
2305 } else {
2306 vs->auth = VNC_AUTH_NONE;
2309 return 0;
2312 char *vnc_display_local_addr(DisplayState *ds)
2314 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2316 return vnc_socket_local_addr("%s:%s", vs->lsock);
2319 int vnc_display_open(DisplayState *ds, const char *display)
2321 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2322 const char *options;
2323 int password = 0;
2324 int reverse = 0;
2325 int to_port = 0;
2326 #ifdef CONFIG_VNC_TLS
2327 int tls = 0, x509 = 0;
2328 #endif
2329 #ifdef CONFIG_VNC_SASL
2330 int sasl = 0;
2331 int saslErr;
2332 #endif
2333 int acl = 0;
2335 if (!vnc_display)
2336 return -1;
2337 vnc_display_close(ds);
2338 if (strcmp(display, "none") == 0)
2339 return 0;
2341 if (!(vs->display = strdup(display)))
2342 return -1;
2344 options = display;
2345 while ((options = strchr(options, ','))) {
2346 options++;
2347 if (strncmp(options, "password", 8) == 0) {
2348 password = 1; /* Require password auth */
2349 } else if (strncmp(options, "reverse", 7) == 0) {
2350 reverse = 1;
2351 } else if (strncmp(options, "to=", 3) == 0) {
2352 to_port = atoi(options+3) + 5900;
2353 #ifdef CONFIG_VNC_SASL
2354 } else if (strncmp(options, "sasl", 4) == 0) {
2355 sasl = 1; /* Require SASL auth */
2356 #endif
2357 #ifdef CONFIG_VNC_TLS
2358 } else if (strncmp(options, "tls", 3) == 0) {
2359 tls = 1; /* Require TLS */
2360 } else if (strncmp(options, "x509", 4) == 0) {
2361 char *start, *end;
2362 x509 = 1; /* Require x509 certificates */
2363 if (strncmp(options, "x509verify", 10) == 0)
2364 vs->tls.x509verify = 1; /* ...and verify client certs */
2366 /* Now check for 'x509=/some/path' postfix
2367 * and use that to setup x509 certificate/key paths */
2368 start = strchr(options, '=');
2369 end = strchr(options, ',');
2370 if (start && (!end || (start < end))) {
2371 int len = end ? end-(start+1) : strlen(start+1);
2372 char *path = qemu_strndup(start + 1, len);
2374 VNC_DEBUG("Trying certificate path '%s'\n", path);
2375 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2376 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2377 qemu_free(path);
2378 qemu_free(vs->display);
2379 vs->display = NULL;
2380 return -1;
2382 qemu_free(path);
2383 } else {
2384 fprintf(stderr, "No certificate path provided\n");
2385 qemu_free(vs->display);
2386 vs->display = NULL;
2387 return -1;
2389 #endif
2390 } else if (strncmp(options, "acl", 3) == 0) {
2391 acl = 1;
2395 #ifdef CONFIG_VNC_TLS
2396 if (acl && x509 && vs->tls.x509verify) {
2397 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2398 fprintf(stderr, "Failed to create x509 dname ACL\n");
2399 exit(1);
2402 #endif
2403 #ifdef CONFIG_VNC_SASL
2404 if (acl && sasl) {
2405 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2406 fprintf(stderr, "Failed to create username ACL\n");
2407 exit(1);
2410 #endif
2413 * Combinations we support here:
2415 * - no-auth (clear text, no auth)
2416 * - password (clear text, weak auth)
2417 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2418 * - tls (encrypt, weak anonymous creds, no auth)
2419 * - tls + password (encrypt, weak anonymous creds, weak auth)
2420 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2421 * - tls + x509 (encrypt, good x509 creds, no auth)
2422 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2423 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2425 * NB1. TLS is a stackable auth scheme.
2426 * NB2. the x509 schemes have option to validate a client cert dname
2428 if (password) {
2429 #ifdef CONFIG_VNC_TLS
2430 if (tls) {
2431 vs->auth = VNC_AUTH_VENCRYPT;
2432 if (x509) {
2433 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2434 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2435 } else {
2436 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2437 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2439 } else {
2440 #endif /* CONFIG_VNC_TLS */
2441 VNC_DEBUG("Initializing VNC server with password auth\n");
2442 vs->auth = VNC_AUTH_VNC;
2443 #ifdef CONFIG_VNC_TLS
2444 vs->subauth = VNC_AUTH_INVALID;
2446 #endif /* CONFIG_VNC_TLS */
2447 #ifdef CONFIG_VNC_SASL
2448 } else if (sasl) {
2449 #ifdef CONFIG_VNC_TLS
2450 if (tls) {
2451 vs->auth = VNC_AUTH_VENCRYPT;
2452 if (x509) {
2453 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2454 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2455 } else {
2456 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2457 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2459 } else {
2460 #endif /* CONFIG_VNC_TLS */
2461 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2462 vs->auth = VNC_AUTH_SASL;
2463 #ifdef CONFIG_VNC_TLS
2464 vs->subauth = VNC_AUTH_INVALID;
2466 #endif /* CONFIG_VNC_TLS */
2467 #endif /* CONFIG_VNC_SASL */
2468 } else {
2469 #ifdef CONFIG_VNC_TLS
2470 if (tls) {
2471 vs->auth = VNC_AUTH_VENCRYPT;
2472 if (x509) {
2473 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2474 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2475 } else {
2476 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2477 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2479 } else {
2480 #endif
2481 VNC_DEBUG("Initializing VNC server with no auth\n");
2482 vs->auth = VNC_AUTH_NONE;
2483 #ifdef CONFIG_VNC_TLS
2484 vs->subauth = VNC_AUTH_INVALID;
2486 #endif
2489 #ifdef CONFIG_VNC_SASL
2490 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2491 fprintf(stderr, "Failed to initialize SASL auth %s",
2492 sasl_errstring(saslErr, NULL, NULL));
2493 free(vs->display);
2494 vs->display = NULL;
2495 return -1;
2497 #endif
2499 if (reverse) {
2500 /* connect to viewer */
2501 if (strncmp(display, "unix:", 5) == 0)
2502 vs->lsock = unix_connect(display+5);
2503 else
2504 vs->lsock = inet_connect(display, SOCK_STREAM);
2505 if (-1 == vs->lsock) {
2506 free(vs->display);
2507 vs->display = NULL;
2508 return -1;
2509 } else {
2510 int csock = vs->lsock;
2511 vs->lsock = -1;
2512 vnc_connect(vs, csock);
2514 return 0;
2516 } else {
2517 /* listen for connects */
2518 char *dpy;
2519 dpy = qemu_malloc(256);
2520 if (strncmp(display, "unix:", 5) == 0) {
2521 pstrcpy(dpy, 256, "unix:");
2522 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2523 } else {
2524 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2526 if (-1 == vs->lsock) {
2527 free(dpy);
2528 return -1;
2529 } else {
2530 free(vs->display);
2531 vs->display = dpy;
2534 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);