2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "sysemu/runstate.h"
34 #include "qemu/error-report.h"
35 #include "qemu/main-loop.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/sockets.h"
39 #include "qemu/timer.h"
40 #include "authz/list.h"
41 #include "qemu/config-file.h"
42 #include "qapi/qapi-emit-events.h"
43 #include "qapi/qapi-events-ui.h"
44 #include "qapi/error.h"
45 #include "qapi/qapi-commands-ui.h"
47 #include "crypto/hash.h"
48 #include "crypto/tlscredsanon.h"
49 #include "crypto/tlscredsx509.h"
50 #include "crypto/random.h"
51 #include "qom/object_interfaces.h"
52 #include "qemu/cutils.h"
53 #include "io/dns-resolver.h"
55 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
56 #define VNC_REFRESH_INTERVAL_INC 50
57 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
58 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
59 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
61 #include "vnc_keysym.h"
62 #include "crypto/cipher.h"
64 static QTAILQ_HEAD(, VncDisplay
) vnc_displays
=
65 QTAILQ_HEAD_INITIALIZER(vnc_displays
);
67 static int vnc_cursor_define(VncState
*vs
);
68 static void vnc_update_throttle_offset(VncState
*vs
);
70 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
73 static const char *mn
[] = {
75 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
76 [VNC_SHARE_MODE_SHARED
] = "shared",
77 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
78 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
80 fprintf(stderr
, "%s/%p: %s -> %s\n", __func__
,
81 vs
->ioc
, mn
[vs
->share_mode
], mn
[mode
]);
84 switch (vs
->share_mode
) {
85 case VNC_SHARE_MODE_CONNECTING
:
86 vs
->vd
->num_connecting
--;
88 case VNC_SHARE_MODE_SHARED
:
91 case VNC_SHARE_MODE_EXCLUSIVE
:
92 vs
->vd
->num_exclusive
--;
98 vs
->share_mode
= mode
;
100 switch (vs
->share_mode
) {
101 case VNC_SHARE_MODE_CONNECTING
:
102 vs
->vd
->num_connecting
++;
104 case VNC_SHARE_MODE_SHARED
:
105 vs
->vd
->num_shared
++;
107 case VNC_SHARE_MODE_EXCLUSIVE
:
108 vs
->vd
->num_exclusive
++;
116 static void vnc_init_basic_info(SocketAddress
*addr
,
120 switch (addr
->type
) {
121 case SOCKET_ADDRESS_TYPE_INET
:
122 info
->host
= g_strdup(addr
->u
.inet
.host
);
123 info
->service
= g_strdup(addr
->u
.inet
.port
);
124 if (addr
->u
.inet
.ipv6
) {
125 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
127 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
131 case SOCKET_ADDRESS_TYPE_UNIX
:
132 info
->host
= g_strdup("");
133 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
134 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
137 case SOCKET_ADDRESS_TYPE_VSOCK
:
138 case SOCKET_ADDRESS_TYPE_FD
:
139 error_setg(errp
, "Unsupported socket address type %s",
140 SocketAddressType_str(addr
->type
));
149 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket
*ioc
,
153 SocketAddress
*addr
= NULL
;
156 error_setg(errp
, "No listener socket available");
160 addr
= qio_channel_socket_get_local_address(ioc
, errp
);
165 vnc_init_basic_info(addr
, info
, errp
);
166 qapi_free_SocketAddress(addr
);
169 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket
*ioc
,
173 SocketAddress
*addr
= NULL
;
175 addr
= qio_channel_socket_get_remote_address(ioc
, errp
);
180 vnc_init_basic_info(addr
, info
, errp
);
181 qapi_free_SocketAddress(addr
);
184 static const char *vnc_auth_name(VncDisplay
*vd
) {
186 case VNC_AUTH_INVALID
:
202 case VNC_AUTH_VENCRYPT
:
203 switch (vd
->subauth
) {
204 case VNC_AUTH_VENCRYPT_PLAIN
:
205 return "vencrypt+plain";
206 case VNC_AUTH_VENCRYPT_TLSNONE
:
207 return "vencrypt+tls+none";
208 case VNC_AUTH_VENCRYPT_TLSVNC
:
209 return "vencrypt+tls+vnc";
210 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
211 return "vencrypt+tls+plain";
212 case VNC_AUTH_VENCRYPT_X509NONE
:
213 return "vencrypt+x509+none";
214 case VNC_AUTH_VENCRYPT_X509VNC
:
215 return "vencrypt+x509+vnc";
216 case VNC_AUTH_VENCRYPT_X509PLAIN
:
217 return "vencrypt+x509+plain";
218 case VNC_AUTH_VENCRYPT_TLSSASL
:
219 return "vencrypt+tls+sasl";
220 case VNC_AUTH_VENCRYPT_X509SASL
:
221 return "vencrypt+x509+sasl";
231 static VncServerInfo
*vnc_server_info_get(VncDisplay
*vd
)
236 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
240 info
= g_malloc0(sizeof(*info
));
241 vnc_init_basic_info_from_server_addr(vd
->listener
->sioc
[0],
242 qapi_VncServerInfo_base(info
), &err
);
243 info
->has_auth
= true;
244 info
->auth
= g_strdup(vnc_auth_name(vd
));
246 qapi_free_VncServerInfo(info
);
253 static void vnc_client_cache_auth(VncState
*client
)
260 client
->info
->x509_dname
=
261 qcrypto_tls_session_get_peer_name(client
->tls
);
262 client
->info
->has_x509_dname
=
263 client
->info
->x509_dname
!= NULL
;
265 #ifdef CONFIG_VNC_SASL
266 if (client
->sasl
.conn
&&
267 client
->sasl
.username
) {
268 client
->info
->has_sasl_username
= true;
269 client
->info
->sasl_username
= g_strdup(client
->sasl
.username
);
274 static void vnc_client_cache_addr(VncState
*client
)
278 client
->info
= g_malloc0(sizeof(*client
->info
));
279 vnc_init_basic_info_from_remote_addr(client
->sioc
,
280 qapi_VncClientInfo_base(client
->info
),
282 client
->info
->websocket
= client
->websocket
;
284 qapi_free_VncClientInfo(client
->info
);
290 static void vnc_qmp_event(VncState
*vs
, QAPIEvent event
)
298 si
= vnc_server_info_get(vs
->vd
);
304 case QAPI_EVENT_VNC_CONNECTED
:
305 qapi_event_send_vnc_connected(si
, qapi_VncClientInfo_base(vs
->info
));
307 case QAPI_EVENT_VNC_INITIALIZED
:
308 qapi_event_send_vnc_initialized(si
, vs
->info
);
310 case QAPI_EVENT_VNC_DISCONNECTED
:
311 qapi_event_send_vnc_disconnected(si
, vs
->info
);
317 qapi_free_VncServerInfo(si
);
320 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
325 info
= g_malloc0(sizeof(*info
));
327 vnc_init_basic_info_from_remote_addr(client
->sioc
,
328 qapi_VncClientInfo_base(info
),
332 qapi_free_VncClientInfo(info
);
336 info
->websocket
= client
->websocket
;
339 info
->x509_dname
= qcrypto_tls_session_get_peer_name(client
->tls
);
340 info
->has_x509_dname
= info
->x509_dname
!= NULL
;
342 #ifdef CONFIG_VNC_SASL
343 if (client
->sasl
.conn
&& client
->sasl
.username
) {
344 info
->has_sasl_username
= true;
345 info
->sasl_username
= g_strdup(client
->sasl
.username
);
352 static VncDisplay
*vnc_display_find(const char *id
)
357 return QTAILQ_FIRST(&vnc_displays
);
359 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
360 if (strcmp(id
, vd
->id
) == 0) {
367 static VncClientInfoList
*qmp_query_client_list(VncDisplay
*vd
)
369 VncClientInfoList
*prev
= NULL
;
372 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
373 QAPI_LIST_PREPEND(prev
, qmp_query_vnc_client(client
));
378 VncInfo
*qmp_query_vnc(Error
**errp
)
380 VncInfo
*info
= g_malloc0(sizeof(*info
));
381 VncDisplay
*vd
= vnc_display_find(NULL
);
382 SocketAddress
*addr
= NULL
;
384 if (vd
== NULL
|| !vd
->listener
|| !vd
->listener
->nsioc
) {
385 info
->enabled
= false;
387 info
->enabled
= true;
389 /* for compatibility with the original command */
390 info
->has_clients
= true;
391 info
->clients
= qmp_query_client_list(vd
);
393 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0],
399 switch (addr
->type
) {
400 case SOCKET_ADDRESS_TYPE_INET
:
401 info
->host
= g_strdup(addr
->u
.inet
.host
);
402 info
->service
= g_strdup(addr
->u
.inet
.port
);
403 if (addr
->u
.inet
.ipv6
) {
404 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
406 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
410 case SOCKET_ADDRESS_TYPE_UNIX
:
411 info
->host
= g_strdup("");
412 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
413 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
416 case SOCKET_ADDRESS_TYPE_VSOCK
:
417 case SOCKET_ADDRESS_TYPE_FD
:
418 error_setg(errp
, "Unsupported socket address type %s",
419 SocketAddressType_str(addr
->type
));
425 info
->has_host
= true;
426 info
->has_service
= true;
427 info
->has_family
= true;
429 info
->has_auth
= true;
430 info
->auth
= g_strdup(vnc_auth_name(vd
));
433 qapi_free_SocketAddress(addr
);
437 qapi_free_SocketAddress(addr
);
438 qapi_free_VncInfo(info
);
443 static void qmp_query_auth(int auth
, int subauth
,
444 VncPrimaryAuth
*qmp_auth
,
445 VncVencryptSubAuth
*qmp_vencrypt
,
446 bool *qmp_has_vencrypt
);
448 static VncServerInfo2List
*qmp_query_server_entry(QIOChannelSocket
*ioc
,
452 VncServerInfo2List
*prev
)
454 VncServerInfo2
*info
;
458 addr
= qio_channel_socket_get_local_address(ioc
, NULL
);
463 info
= g_new0(VncServerInfo2
, 1);
464 vnc_init_basic_info(addr
, qapi_VncServerInfo2_base(info
), &err
);
465 qapi_free_SocketAddress(addr
);
467 qapi_free_VncServerInfo2(info
);
471 info
->websocket
= websocket
;
473 qmp_query_auth(auth
, subauth
, &info
->auth
,
474 &info
->vencrypt
, &info
->has_vencrypt
);
476 QAPI_LIST_PREPEND(prev
, info
);
480 static void qmp_query_auth(int auth
, int subauth
,
481 VncPrimaryAuth
*qmp_auth
,
482 VncVencryptSubAuth
*qmp_vencrypt
,
483 bool *qmp_has_vencrypt
)
487 *qmp_auth
= VNC_PRIMARY_AUTH_VNC
;
490 *qmp_auth
= VNC_PRIMARY_AUTH_RA2
;
493 *qmp_auth
= VNC_PRIMARY_AUTH_RA2NE
;
496 *qmp_auth
= VNC_PRIMARY_AUTH_TIGHT
;
499 *qmp_auth
= VNC_PRIMARY_AUTH_ULTRA
;
502 *qmp_auth
= VNC_PRIMARY_AUTH_TLS
;
504 case VNC_AUTH_VENCRYPT
:
505 *qmp_auth
= VNC_PRIMARY_AUTH_VENCRYPT
;
506 *qmp_has_vencrypt
= true;
508 case VNC_AUTH_VENCRYPT_PLAIN
:
509 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_PLAIN
;
511 case VNC_AUTH_VENCRYPT_TLSNONE
:
512 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_NONE
;
514 case VNC_AUTH_VENCRYPT_TLSVNC
:
515 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_VNC
;
517 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
518 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN
;
520 case VNC_AUTH_VENCRYPT_X509NONE
:
521 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_NONE
;
523 case VNC_AUTH_VENCRYPT_X509VNC
:
524 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_VNC
;
526 case VNC_AUTH_VENCRYPT_X509PLAIN
:
527 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_PLAIN
;
529 case VNC_AUTH_VENCRYPT_TLSSASL
:
530 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_SASL
;
532 case VNC_AUTH_VENCRYPT_X509SASL
:
533 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_SASL
;
536 *qmp_has_vencrypt
= false;
541 *qmp_auth
= VNC_PRIMARY_AUTH_SASL
;
545 *qmp_auth
= VNC_PRIMARY_AUTH_NONE
;
550 VncInfo2List
*qmp_query_vnc_servers(Error
**errp
)
552 VncInfo2List
*prev
= NULL
;
558 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
559 info
= g_new0(VncInfo2
, 1);
560 info
->id
= g_strdup(vd
->id
);
561 info
->clients
= qmp_query_client_list(vd
);
562 qmp_query_auth(vd
->auth
, vd
->subauth
, &info
->auth
,
563 &info
->vencrypt
, &info
->has_vencrypt
);
565 dev
= DEVICE(object_property_get_link(OBJECT(vd
->dcl
.con
),
566 "device", &error_abort
));
567 info
->has_display
= true;
568 info
->display
= g_strdup(dev
->id
);
570 for (i
= 0; vd
->listener
!= NULL
&& i
< vd
->listener
->nsioc
; i
++) {
571 info
->server
= qmp_query_server_entry(
572 vd
->listener
->sioc
[i
], false, vd
->auth
, vd
->subauth
,
575 for (i
= 0; vd
->wslistener
!= NULL
&& i
< vd
->wslistener
->nsioc
; i
++) {
576 info
->server
= qmp_query_server_entry(
577 vd
->wslistener
->sioc
[i
], true, vd
->ws_auth
,
578 vd
->ws_subauth
, info
->server
);
581 QAPI_LIST_PREPEND(prev
, info
);
587 1) Get the queue working for IO.
588 2) there is some weirdness when using the -S option (the screen is grey
589 and not totally invalidated
590 3) resolutions > 1024
593 static int vnc_update_client(VncState
*vs
, int has_dirty
);
594 static void vnc_disconnect_start(VncState
*vs
);
596 static void vnc_colordepth(VncState
*vs
);
597 static void framebuffer_update_request(VncState
*vs
, int incremental
,
598 int x_position
, int y_position
,
600 static void vnc_refresh(DisplayChangeListener
*dcl
);
601 static int vnc_refresh_server_surface(VncDisplay
*vd
);
603 static int vnc_width(VncDisplay
*vd
)
605 return MIN(VNC_MAX_WIDTH
, ROUND_UP(surface_width(vd
->ds
),
606 VNC_DIRTY_PIXELS_PER_BIT
));
609 static int vnc_height(VncDisplay
*vd
)
611 return MIN(VNC_MAX_HEIGHT
, surface_height(vd
->ds
));
614 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty
[VNC_MAX_HEIGHT
],
615 VNC_MAX_WIDTH
/ VNC_DIRTY_PIXELS_PER_BIT
),
617 int x
, int y
, int w
, int h
)
619 int width
= vnc_width(vd
);
620 int height
= vnc_height(vd
);
622 /* this is needed this to ensure we updated all affected
623 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
624 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
625 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
629 w
= MIN(x
+ w
, width
) - x
;
630 h
= MIN(y
+ h
, height
);
633 bitmap_set(dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
634 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
638 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
639 int x
, int y
, int w
, int h
)
641 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
642 struct VncSurface
*s
= &vd
->guest
;
644 vnc_set_area_dirty(s
->dirty
, vd
, x
, y
, w
, h
);
647 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
650 vnc_write_u16(vs
, x
);
651 vnc_write_u16(vs
, y
);
652 vnc_write_u16(vs
, w
);
653 vnc_write_u16(vs
, h
);
655 vnc_write_s32(vs
, encoding
);
658 static void vnc_desktop_resize_ext(VncState
*vs
, int reject_reason
)
661 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
663 vnc_write_u16(vs
, 1); /* number of rects */
664 vnc_framebuffer_update(vs
,
665 reject_reason
? 1 : 0,
667 vs
->client_width
, vs
->client_height
,
668 VNC_ENCODING_DESKTOP_RESIZE_EXT
);
669 vnc_write_u8(vs
, 1); /* number of screens */
670 vnc_write_u8(vs
, 0); /* padding */
671 vnc_write_u8(vs
, 0); /* padding */
672 vnc_write_u8(vs
, 0); /* padding */
673 vnc_write_u32(vs
, 0); /* screen id */
674 vnc_write_u16(vs
, 0); /* screen x-pos */
675 vnc_write_u16(vs
, 0); /* screen y-pos */
676 vnc_write_u16(vs
, vs
->client_width
);
677 vnc_write_u16(vs
, vs
->client_height
);
678 vnc_write_u32(vs
, 0); /* screen flags */
679 vnc_unlock_output(vs
);
683 static void vnc_desktop_resize(VncState
*vs
)
685 if (vs
->ioc
== NULL
|| (!vnc_has_feature(vs
, VNC_FEATURE_RESIZE
) &&
686 !vnc_has_feature(vs
, VNC_FEATURE_RESIZE_EXT
))) {
690 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
691 pixman_image_get_width(vs
->vd
->server
) >= 0);
692 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
693 pixman_image_get_height(vs
->vd
->server
) >= 0);
694 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
695 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
697 if (vnc_has_feature(vs
, VNC_FEATURE_RESIZE_EXT
)) {
698 vnc_desktop_resize_ext(vs
, 0);
703 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
705 vnc_write_u16(vs
, 1); /* number of rects */
706 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
707 VNC_ENCODING_DESKTOPRESIZE
);
708 vnc_unlock_output(vs
);
712 static void vnc_abort_display_jobs(VncDisplay
*vd
)
716 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
719 vnc_unlock_output(vs
);
721 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
724 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
726 if (vs
->update
== VNC_STATE_UPDATE_NONE
&&
727 vs
->job_update
!= VNC_STATE_UPDATE_NONE
) {
728 /* job aborted before completion */
729 vs
->update
= vs
->job_update
;
730 vs
->job_update
= VNC_STATE_UPDATE_NONE
;
733 vnc_unlock_output(vs
);
737 int vnc_server_fb_stride(VncDisplay
*vd
)
739 return pixman_image_get_stride(vd
->server
);
742 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
746 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
747 ptr
+= y
* vnc_server_fb_stride(vd
);
748 ptr
+= x
* VNC_SERVER_FB_BYTES
;
752 static void vnc_update_server_surface(VncDisplay
*vd
)
756 qemu_pixman_image_unref(vd
->server
);
759 if (QTAILQ_EMPTY(&vd
->clients
)) {
763 width
= vnc_width(vd
);
764 height
= vnc_height(vd
);
765 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
769 memset(vd
->guest
.dirty
, 0x00, sizeof(vd
->guest
.dirty
));
770 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
774 static bool vnc_check_pageflip(DisplaySurface
*s1
,
777 return (s1
!= NULL
&&
779 surface_width(s1
) == surface_width(s2
) &&
780 surface_height(s1
) == surface_height(s2
) &&
781 surface_format(s1
) == surface_format(s2
));
785 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
786 DisplaySurface
*surface
)
788 static const char placeholder_msg
[] =
789 "Display output is not active.";
790 static DisplaySurface
*placeholder
;
791 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
792 bool pageflip
= vnc_check_pageflip(vd
->ds
, surface
);
795 if (surface
== NULL
) {
796 if (placeholder
== NULL
) {
797 placeholder
= qemu_create_message_surface(640, 480, placeholder_msg
);
799 surface
= placeholder
;
802 vnc_abort_display_jobs(vd
);
806 qemu_pixman_image_unref(vd
->guest
.fb
);
807 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
808 vd
->guest
.format
= surface
->format
;
811 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
812 surface_width(surface
),
813 surface_height(surface
));
818 vnc_update_server_surface(vd
);
820 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
822 vnc_desktop_resize(vs
);
823 vnc_cursor_define(vs
);
824 memset(vs
->dirty
, 0x00, sizeof(vs
->dirty
));
825 vnc_set_area_dirty(vs
->dirty
, vd
, 0, 0,
828 vnc_update_throttle_offset(vs
);
833 static void vnc_write_pixels_copy(VncState
*vs
,
834 void *pixels
, int size
)
836 vnc_write(vs
, pixels
, size
);
839 /* slowest but generic code. */
840 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
844 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
845 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
846 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
847 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
849 # error need some bits here if you change VNC_SERVER_FB_FORMAT
851 v
= (r
<< vs
->client_pf
.rshift
) |
852 (g
<< vs
->client_pf
.gshift
) |
853 (b
<< vs
->client_pf
.bshift
);
854 switch (vs
->client_pf
.bytes_per_pixel
) {
884 static void vnc_write_pixels_generic(VncState
*vs
,
885 void *pixels1
, int size
)
889 if (VNC_SERVER_FB_BYTES
== 4) {
890 uint32_t *pixels
= pixels1
;
893 for (i
= 0; i
< n
; i
++) {
894 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
895 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
900 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
904 VncDisplay
*vd
= vs
->vd
;
906 row
= vnc_server_fb_ptr(vd
, x
, y
);
907 for (i
= 0; i
< h
; i
++) {
908 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
909 row
+= vnc_server_fb_stride(vd
);
914 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
918 switch(vs
->vnc_encoding
) {
919 case VNC_ENCODING_ZLIB
:
920 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
922 case VNC_ENCODING_HEXTILE
:
923 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
924 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
926 case VNC_ENCODING_TIGHT
:
927 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
929 case VNC_ENCODING_TIGHT_PNG
:
930 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
932 case VNC_ENCODING_ZRLE
:
933 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
935 case VNC_ENCODING_ZYWRLE
:
936 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
939 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
940 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
946 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
947 int x
, int y
, int visible
)
949 /* can we ask the client(s) to move the pointer ??? */
952 static int vnc_cursor_define(VncState
*vs
)
954 QEMUCursor
*c
= vs
->vd
->cursor
;
957 if (!vs
->vd
->cursor
) {
961 if (vnc_has_feature(vs
, VNC_FEATURE_ALPHA_CURSOR
)) {
963 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
964 vnc_write_u8(vs
, 0); /* padding */
965 vnc_write_u16(vs
, 1); /* # of rects */
966 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
967 VNC_ENCODING_ALPHA_CURSOR
);
968 vnc_write_s32(vs
, VNC_ENCODING_RAW
);
969 vnc_write(vs
, c
->data
, c
->width
* c
->height
* 4);
970 vnc_unlock_output(vs
);
973 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
975 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
976 vnc_write_u8(vs
, 0); /* padding */
977 vnc_write_u16(vs
, 1); /* # of rects */
978 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
979 VNC_ENCODING_RICH_CURSOR
);
980 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
981 vnc_write_pixels_generic(vs
, c
->data
, isize
);
982 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
983 vnc_unlock_output(vs
);
989 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
992 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
995 cursor_put(vd
->cursor
);
996 g_free(vd
->cursor_mask
);
999 cursor_get(vd
->cursor
);
1000 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
1001 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
1002 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
1004 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
1005 vnc_cursor_define(vs
);
1009 static int find_and_clear_dirty_height(VncState
*vs
,
1010 int y
, int last_x
, int x
, int height
)
1014 for (h
= 1; h
< (height
- y
); h
++) {
1015 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
1018 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
1025 * Figure out how much pending data we should allow in the output
1026 * buffer before we throttle incremental display updates, and/or
1027 * drop audio samples.
1029 * We allow for equiv of 1 full display's worth of FB updates,
1030 * and 1 second of audio samples. If audio backlog was larger
1031 * than that the client would already suffering awful audio
1032 * glitches, so dropping samples is no worse really).
1034 static void vnc_update_throttle_offset(VncState
*vs
)
1037 vs
->client_width
* vs
->client_height
* vs
->client_pf
.bytes_per_pixel
;
1039 if (vs
->audio_cap
) {
1041 switch (vs
->as
.fmt
) {
1043 case AUDIO_FORMAT_U8
:
1044 case AUDIO_FORMAT_S8
:
1047 case AUDIO_FORMAT_U16
:
1048 case AUDIO_FORMAT_S16
:
1051 case AUDIO_FORMAT_U32
:
1052 case AUDIO_FORMAT_S32
:
1056 offset
+= vs
->as
.freq
* bps
* vs
->as
.nchannels
;
1059 /* Put a floor of 1MB on offset, so that if we have a large pending
1060 * buffer and the display is resized to a small size & back again
1061 * we don't suddenly apply a tiny send limit
1063 offset
= MAX(offset
, 1024 * 1024);
1065 if (vs
->throttle_output_offset
!= offset
) {
1066 trace_vnc_client_throttle_threshold(
1067 vs
, vs
->ioc
, vs
->throttle_output_offset
, offset
, vs
->client_width
,
1068 vs
->client_height
, vs
->client_pf
.bytes_per_pixel
, vs
->audio_cap
);
1071 vs
->throttle_output_offset
= offset
;
1074 static bool vnc_should_update(VncState
*vs
)
1076 switch (vs
->update
) {
1077 case VNC_STATE_UPDATE_NONE
:
1079 case VNC_STATE_UPDATE_INCREMENTAL
:
1080 /* Only allow incremental updates if the pending send queue
1081 * is less than the permitted threshold, and the job worker
1082 * is completely idle.
1084 if (vs
->output
.offset
< vs
->throttle_output_offset
&&
1085 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1088 trace_vnc_client_throttle_incremental(
1089 vs
, vs
->ioc
, vs
->job_update
, vs
->output
.offset
);
1091 case VNC_STATE_UPDATE_FORCE
:
1092 /* Only allow forced updates if the pending send queue
1093 * does not contain a previous forced update, and the
1094 * job worker is completely idle.
1096 * Note this means we'll queue a forced update, even if
1097 * the output buffer size is otherwise over the throttle
1100 if (vs
->force_update_offset
== 0 &&
1101 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1104 trace_vnc_client_throttle_forced(
1105 vs
, vs
->ioc
, vs
->job_update
, vs
->force_update_offset
);
1111 static int vnc_update_client(VncState
*vs
, int has_dirty
)
1113 VncDisplay
*vd
= vs
->vd
;
1119 if (vs
->disconnecting
) {
1120 vnc_disconnect_finish(vs
);
1124 vs
->has_dirty
+= has_dirty
;
1125 if (!vnc_should_update(vs
)) {
1129 if (!vs
->has_dirty
&& vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
1134 * Send screen updates to the vnc client using the server
1135 * surface and server dirty map. guest surface updates
1136 * happening in parallel don't disturb us, the next pass will
1137 * send them to the client.
1139 job
= vnc_job_new(vs
);
1141 height
= pixman_image_get_height(vd
->server
);
1142 width
= pixman_image_get_width(vd
->server
);
1148 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
1149 height
* VNC_DIRTY_BPL(vs
),
1150 y
* VNC_DIRTY_BPL(vs
));
1151 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
1152 /* no more dirty bits */
1155 y
= offset
/ VNC_DIRTY_BPL(vs
);
1156 x
= offset
% VNC_DIRTY_BPL(vs
);
1157 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
1158 VNC_DIRTY_BPL(vs
), x
);
1159 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
1160 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
1161 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
1163 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
1164 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
1166 if (!x
&& x2
== width
/ VNC_DIRTY_PIXELS_PER_BIT
) {
1174 vs
->job_update
= vs
->update
;
1175 vs
->update
= VNC_STATE_UPDATE_NONE
;
1182 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1184 VncState
*vs
= opaque
;
1186 assert(vs
->magic
== VNC_MAGIC
);
1188 case AUD_CNOTIFY_DISABLE
:
1189 vnc_lock_output(vs
);
1190 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1191 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1192 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
1193 vnc_unlock_output(vs
);
1197 case AUD_CNOTIFY_ENABLE
:
1198 vnc_lock_output(vs
);
1199 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1200 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1201 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
1202 vnc_unlock_output(vs
);
1208 static void audio_capture_destroy(void *opaque
)
1212 static void audio_capture(void *opaque
, const void *buf
, int size
)
1214 VncState
*vs
= opaque
;
1216 assert(vs
->magic
== VNC_MAGIC
);
1217 vnc_lock_output(vs
);
1218 if (vs
->output
.offset
< vs
->throttle_output_offset
) {
1219 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1220 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1221 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
1222 vnc_write_u32(vs
, size
);
1223 vnc_write(vs
, buf
, size
);
1225 trace_vnc_client_throttle_audio(vs
, vs
->ioc
, vs
->output
.offset
);
1227 vnc_unlock_output(vs
);
1231 static void audio_add(VncState
*vs
)
1233 struct audio_capture_ops ops
;
1235 if (vs
->audio_cap
) {
1236 error_report("audio already running");
1240 ops
.notify
= audio_capture_notify
;
1241 ops
.destroy
= audio_capture_destroy
;
1242 ops
.capture
= audio_capture
;
1244 vs
->audio_cap
= AUD_add_capture(vs
->vd
->audio_state
, &vs
->as
, &ops
, vs
);
1245 if (!vs
->audio_cap
) {
1246 error_report("Failed to add audio capture");
1250 static void audio_del(VncState
*vs
)
1252 if (vs
->audio_cap
) {
1253 AUD_del_capture(vs
->audio_cap
, vs
);
1254 vs
->audio_cap
= NULL
;
1258 static void vnc_disconnect_start(VncState
*vs
)
1260 if (vs
->disconnecting
) {
1263 trace_vnc_client_disconnect_start(vs
, vs
->ioc
);
1264 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1266 g_source_remove(vs
->ioc_tag
);
1269 qio_channel_close(vs
->ioc
, NULL
);
1270 vs
->disconnecting
= TRUE
;
1273 void vnc_disconnect_finish(VncState
*vs
)
1277 trace_vnc_client_disconnect_finish(vs
, vs
->ioc
);
1279 vnc_jobs_join(vs
); /* Wait encoding jobs */
1281 vnc_lock_output(vs
);
1282 vnc_qmp_event(vs
, QAPI_EVENT_VNC_DISCONNECTED
);
1284 buffer_free(&vs
->input
);
1285 buffer_free(&vs
->output
);
1287 qapi_free_VncClientInfo(vs
->info
);
1290 vnc_tight_clear(vs
);
1293 #ifdef CONFIG_VNC_SASL
1294 vnc_sasl_client_cleanup(vs
);
1295 #endif /* CONFIG_VNC_SASL */
1297 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1299 if (vs
->mouse_mode_notifier
.notify
!= NULL
) {
1300 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1302 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1303 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1304 /* last client gone */
1305 vnc_update_server_surface(vs
->vd
);
1308 vnc_unlock_output(vs
);
1310 qemu_mutex_destroy(&vs
->output_mutex
);
1311 if (vs
->bh
!= NULL
) {
1312 qemu_bh_delete(vs
->bh
);
1314 buffer_free(&vs
->jobs_buffer
);
1316 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1317 g_free(vs
->lossy_rect
[i
]);
1319 g_free(vs
->lossy_rect
);
1321 object_unref(OBJECT(vs
->ioc
));
1323 object_unref(OBJECT(vs
->sioc
));
1331 size_t vnc_client_io_error(VncState
*vs
, ssize_t ret
, Error
*err
)
1335 trace_vnc_client_eof(vs
, vs
->ioc
);
1336 vnc_disconnect_start(vs
);
1337 } else if (ret
!= QIO_CHANNEL_ERR_BLOCK
) {
1338 trace_vnc_client_io_error(vs
, vs
->ioc
,
1339 err
? error_get_pretty(err
) : "Unknown");
1340 vnc_disconnect_start(vs
);
1350 void vnc_client_error(VncState
*vs
)
1352 VNC_DEBUG("Closing down client sock: protocol error\n");
1353 vnc_disconnect_start(vs
);
1358 * Called to write a chunk of data to the client socket. The data may
1359 * be the raw data, or may have already been encoded by SASL.
1360 * The data will be written either straight onto the socket, or
1361 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1363 * NB, it is theoretically possible to have 2 layers of encryption,
1364 * both SASL, and this TLS layer. It is highly unlikely in practice
1365 * though, since SASL encryption will typically be a no-op if TLS
1368 * Returns the number of bytes written, which may be less than
1369 * the requested 'datalen' if the socket would block. Returns
1370 * 0 on I/O error, and disconnects the client socket.
1372 size_t vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1376 ret
= qio_channel_write(vs
->ioc
, (const char *)data
, datalen
, &err
);
1377 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1378 return vnc_client_io_error(vs
, ret
, err
);
1383 * Called to write buffered data to the client socket, when not
1384 * using any SASL SSF encryption layers. Will write as much data
1385 * as possible without blocking. If all buffered data is written,
1386 * will switch the FD poll() handler back to read monitoring.
1388 * Returns the number of bytes written, which may be less than
1389 * the buffered output data if the socket would block. Returns
1390 * 0 on I/O error, and disconnects the client socket.
1392 static size_t vnc_client_write_plain(VncState
*vs
)
1397 #ifdef CONFIG_VNC_SASL
1398 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1399 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1400 vs
->sasl
.waitWriteSSF
);
1402 if (vs
->sasl
.conn
&&
1404 vs
->sasl
.waitWriteSSF
) {
1405 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1407 vs
->sasl
.waitWriteSSF
-= ret
;
1409 #endif /* CONFIG_VNC_SASL */
1410 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1414 if (ret
>= vs
->force_update_offset
) {
1415 if (vs
->force_update_offset
!= 0) {
1416 trace_vnc_client_unthrottle_forced(vs
, vs
->ioc
);
1418 vs
->force_update_offset
= 0;
1420 vs
->force_update_offset
-= ret
;
1422 offset
= vs
->output
.offset
;
1423 buffer_advance(&vs
->output
, ret
);
1424 if (offset
>= vs
->throttle_output_offset
&&
1425 vs
->output
.offset
< vs
->throttle_output_offset
) {
1426 trace_vnc_client_unthrottle_incremental(vs
, vs
->ioc
, vs
->output
.offset
);
1429 if (vs
->output
.offset
== 0) {
1431 g_source_remove(vs
->ioc_tag
);
1433 vs
->ioc_tag
= qio_channel_add_watch(
1434 vs
->ioc
, G_IO_IN
| G_IO_HUP
| G_IO_ERR
,
1435 vnc_client_io
, vs
, NULL
);
1443 * First function called whenever there is data to be written to
1444 * the client socket. Will delegate actual work according to whether
1445 * SASL SSF layers are enabled (thus requiring encryption calls)
1447 static void vnc_client_write_locked(VncState
*vs
)
1449 #ifdef CONFIG_VNC_SASL
1450 if (vs
->sasl
.conn
&&
1452 !vs
->sasl
.waitWriteSSF
) {
1453 vnc_client_write_sasl(vs
);
1455 #endif /* CONFIG_VNC_SASL */
1457 vnc_client_write_plain(vs
);
1461 static void vnc_client_write(VncState
*vs
)
1463 assert(vs
->magic
== VNC_MAGIC
);
1464 vnc_lock_output(vs
);
1465 if (vs
->output
.offset
) {
1466 vnc_client_write_locked(vs
);
1467 } else if (vs
->ioc
!= NULL
) {
1469 g_source_remove(vs
->ioc_tag
);
1471 vs
->ioc_tag
= qio_channel_add_watch(
1472 vs
->ioc
, G_IO_IN
| G_IO_HUP
| G_IO_ERR
,
1473 vnc_client_io
, vs
, NULL
);
1475 vnc_unlock_output(vs
);
1478 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1480 vs
->read_handler
= func
;
1481 vs
->read_handler_expect
= expecting
;
1486 * Called to read a chunk of data from the client socket. The data may
1487 * be the raw data, or may need to be further decoded by SASL.
1488 * The data will be read either straight from to the socket, or
1489 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1491 * NB, it is theoretically possible to have 2 layers of encryption,
1492 * both SASL, and this TLS layer. It is highly unlikely in practice
1493 * though, since SASL encryption will typically be a no-op if TLS
1496 * Returns the number of bytes read, which may be less than
1497 * the requested 'datalen' if the socket would block. Returns
1498 * 0 on I/O error or EOF, and disconnects the client socket.
1500 size_t vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1504 ret
= qio_channel_read(vs
->ioc
, (char *)data
, datalen
, &err
);
1505 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1506 return vnc_client_io_error(vs
, ret
, err
);
1511 * Called to read data from the client socket to the input buffer,
1512 * when not using any SASL SSF encryption layers. Will read as much
1513 * data as possible without blocking.
1515 * Returns the number of bytes read, which may be less than
1516 * the requested 'datalen' if the socket would block. Returns
1517 * 0 on I/O error or EOF, and disconnects the client socket.
1519 static size_t vnc_client_read_plain(VncState
*vs
)
1522 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1523 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1524 buffer_reserve(&vs
->input
, 4096);
1525 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1528 vs
->input
.offset
+= ret
;
1532 static void vnc_jobs_bh(void *opaque
)
1534 VncState
*vs
= opaque
;
1536 assert(vs
->magic
== VNC_MAGIC
);
1537 vnc_jobs_consume_buffer(vs
);
1541 * First function called whenever there is more data to be read from
1542 * the client socket. Will delegate actual work according to whether
1543 * SASL SSF layers are enabled (thus requiring decryption calls)
1544 * Returns 0 on success, -1 if client disconnected
1546 static int vnc_client_read(VncState
*vs
)
1550 #ifdef CONFIG_VNC_SASL
1551 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1552 ret
= vnc_client_read_sasl(vs
);
1554 #endif /* CONFIG_VNC_SASL */
1555 ret
= vnc_client_read_plain(vs
);
1557 if (vs
->disconnecting
) {
1558 vnc_disconnect_finish(vs
);
1564 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1565 size_t len
= vs
->read_handler_expect
;
1568 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1569 if (vs
->disconnecting
) {
1570 vnc_disconnect_finish(vs
);
1575 buffer_advance(&vs
->input
, len
);
1577 vs
->read_handler_expect
= ret
;
1583 gboolean
vnc_client_io(QIOChannel
*ioc G_GNUC_UNUSED
,
1584 GIOCondition condition
, void *opaque
)
1586 VncState
*vs
= opaque
;
1588 assert(vs
->magic
== VNC_MAGIC
);
1590 if (condition
& (G_IO_HUP
| G_IO_ERR
)) {
1591 vnc_disconnect_start(vs
);
1595 if (condition
& G_IO_IN
) {
1596 if (vnc_client_read(vs
) < 0) {
1597 /* vs is free()ed here */
1601 if (condition
& G_IO_OUT
) {
1602 vnc_client_write(vs
);
1605 if (vs
->disconnecting
) {
1606 if (vs
->ioc_tag
!= 0) {
1607 g_source_remove(vs
->ioc_tag
);
1616 * Scale factor to apply to vs->throttle_output_offset when checking for
1617 * hard limit. Worst case normal usage could be x2, if we have a complete
1618 * incremental update and complete forced update in the output buffer.
1619 * So x3 should be good enough, but we pick x5 to be conservative and thus
1620 * (hopefully) never trigger incorrectly.
1622 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1624 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1626 assert(vs
->magic
== VNC_MAGIC
);
1627 if (vs
->disconnecting
) {
1630 /* Protection against malicious client/guest to prevent our output
1631 * buffer growing without bound if client stops reading data. This
1632 * should rarely trigger, because we have earlier throttling code
1633 * which stops issuing framebuffer updates and drops audio data
1634 * if the throttle_output_offset value is exceeded. So we only reach
1635 * this higher level if a huge number of pseudo-encodings get
1636 * triggered while data can't be sent on the socket.
1638 * NB throttle_output_offset can be zero during early protocol
1639 * handshake, or from the job thread's VncState clone
1641 if (vs
->throttle_output_offset
!= 0 &&
1642 (vs
->output
.offset
/ VNC_THROTTLE_OUTPUT_LIMIT_SCALE
) >
1643 vs
->throttle_output_offset
) {
1644 trace_vnc_client_output_limit(vs
, vs
->ioc
, vs
->output
.offset
,
1645 vs
->throttle_output_offset
);
1646 vnc_disconnect_start(vs
);
1649 buffer_reserve(&vs
->output
, len
);
1651 if (vs
->ioc
!= NULL
&& buffer_empty(&vs
->output
)) {
1653 g_source_remove(vs
->ioc_tag
);
1655 vs
->ioc_tag
= qio_channel_add_watch(
1656 vs
->ioc
, G_IO_IN
| G_IO_HUP
| G_IO_ERR
| G_IO_OUT
,
1657 vnc_client_io
, vs
, NULL
);
1660 buffer_append(&vs
->output
, data
, len
);
1663 void vnc_write_s32(VncState
*vs
, int32_t value
)
1665 vnc_write_u32(vs
, *(uint32_t *)&value
);
1668 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1672 buf
[0] = (value
>> 24) & 0xFF;
1673 buf
[1] = (value
>> 16) & 0xFF;
1674 buf
[2] = (value
>> 8) & 0xFF;
1675 buf
[3] = value
& 0xFF;
1677 vnc_write(vs
, buf
, 4);
1680 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1684 buf
[0] = (value
>> 8) & 0xFF;
1685 buf
[1] = value
& 0xFF;
1687 vnc_write(vs
, buf
, 2);
1690 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1692 vnc_write(vs
, (char *)&value
, 1);
1695 void vnc_flush(VncState
*vs
)
1697 vnc_lock_output(vs
);
1698 if (vs
->ioc
!= NULL
&& vs
->output
.offset
) {
1699 vnc_client_write_locked(vs
);
1701 if (vs
->disconnecting
) {
1702 if (vs
->ioc_tag
!= 0) {
1703 g_source_remove(vs
->ioc_tag
);
1707 vnc_unlock_output(vs
);
1710 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1712 return data
[offset
];
1715 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1717 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1720 static int32_t read_s32(uint8_t *data
, size_t offset
)
1722 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1723 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1726 uint32_t read_u32(uint8_t *data
, size_t offset
)
1728 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1729 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1732 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1736 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1738 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1739 int absolute
= qemu_input_is_absolute();
1741 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1742 vnc_lock_output(vs
);
1743 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1744 vnc_write_u8(vs
, 0);
1745 vnc_write_u16(vs
, 1);
1746 vnc_framebuffer_update(vs
, absolute
, 0,
1747 pixman_image_get_width(vs
->vd
->server
),
1748 pixman_image_get_height(vs
->vd
->server
),
1749 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1750 vnc_unlock_output(vs
);
1753 vs
->absolute
= absolute
;
1756 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1758 static uint32_t bmap
[INPUT_BUTTON__MAX
] = {
1759 [INPUT_BUTTON_LEFT
] = 0x01,
1760 [INPUT_BUTTON_MIDDLE
] = 0x02,
1761 [INPUT_BUTTON_RIGHT
] = 0x04,
1762 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1763 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1765 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1766 int width
= pixman_image_get_width(vs
->vd
->server
);
1767 int height
= pixman_image_get_height(vs
->vd
->server
);
1769 if (vs
->last_bmask
!= button_mask
) {
1770 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1771 vs
->last_bmask
= button_mask
;
1775 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, 0, width
);
1776 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, 0, height
);
1777 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1778 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1779 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1781 if (vs
->last_x
!= -1) {
1782 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1783 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1788 qemu_input_event_sync();
1791 static void press_key(VncState
*vs
, QKeyCode qcode
)
1793 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, true);
1794 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, false);
1797 static void vnc_led_state_change(VncState
*vs
)
1799 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1803 vnc_lock_output(vs
);
1804 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1805 vnc_write_u8(vs
, 0);
1806 vnc_write_u16(vs
, 1);
1807 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1808 vnc_write_u8(vs
, vs
->vd
->ledstate
);
1809 vnc_unlock_output(vs
);
1813 static void kbd_leds(void *opaque
, int ledstate
)
1815 VncDisplay
*vd
= opaque
;
1818 trace_vnc_key_guest_leds((ledstate
& QEMU_CAPS_LOCK_LED
),
1819 (ledstate
& QEMU_NUM_LOCK_LED
),
1820 (ledstate
& QEMU_SCROLL_LOCK_LED
));
1822 if (ledstate
== vd
->ledstate
) {
1826 vd
->ledstate
= ledstate
;
1828 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
1829 vnc_led_state_change(client
);
1833 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1835 QKeyCode qcode
= qemu_input_key_number_to_qcode(keycode
);
1837 /* QEMU console switch */
1839 case Q_KEY_CODE_1
... Q_KEY_CODE_9
: /* '1' to '9' keys */
1840 if (vs
->vd
->dcl
.con
== NULL
&& down
&&
1841 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
) &&
1842 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_ALT
)) {
1843 /* Reset the modifiers sent to the current console */
1844 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1845 console_select(qcode
- Q_KEY_CODE_1
);
1852 /* Turn off the lock state sync logic if the client support the led
1855 if (down
&& vs
->vd
->lock_key_sync
&&
1856 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1857 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1858 /* If the numlock state needs to change then simulate an additional
1859 keypress before sending this one. This will happen if the user
1860 toggles numlock away from the VNC window.
1862 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1863 if (!qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1864 trace_vnc_key_sync_numlock(true);
1865 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1868 if (qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1869 trace_vnc_key_sync_numlock(false);
1870 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1875 if (down
&& vs
->vd
->lock_key_sync
&&
1876 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1877 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1878 /* If the capslock state needs to change then simulate an additional
1879 keypress before sending this one. This will happen if the user
1880 toggles capslock away from the VNC window.
1882 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1883 bool shift
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_SHIFT
);
1884 bool capslock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CAPSLOCK
);
1886 if (uppercase
== shift
) {
1887 trace_vnc_key_sync_capslock(false);
1888 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1891 if (uppercase
!= shift
) {
1892 trace_vnc_key_sync_capslock(true);
1893 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1898 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, down
);
1899 if (!qemu_console_is_graphic(NULL
)) {
1900 bool numlock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
);
1901 bool control
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
);
1902 /* QEMU console emulation */
1905 case 0x2a: /* Left Shift */
1906 case 0x36: /* Right Shift */
1907 case 0x1d: /* Left CTRL */
1908 case 0x9d: /* Right CTRL */
1909 case 0x38: /* Left ALT */
1910 case 0xb8: /* Right ALT */
1913 kbd_put_keysym(QEMU_KEY_UP
);
1916 kbd_put_keysym(QEMU_KEY_DOWN
);
1919 kbd_put_keysym(QEMU_KEY_LEFT
);
1922 kbd_put_keysym(QEMU_KEY_RIGHT
);
1925 kbd_put_keysym(QEMU_KEY_DELETE
);
1928 kbd_put_keysym(QEMU_KEY_HOME
);
1931 kbd_put_keysym(QEMU_KEY_END
);
1934 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1937 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1941 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1944 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1947 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1950 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1953 kbd_put_keysym('5');
1956 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1959 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1962 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1965 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1968 kbd_put_keysym('0');
1971 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1975 kbd_put_keysym('/');
1978 kbd_put_keysym('*');
1981 kbd_put_keysym('-');
1984 kbd_put_keysym('+');
1987 kbd_put_keysym('\n');
1992 kbd_put_keysym(sym
& 0x1f);
1994 kbd_put_keysym(sym
);
2002 static const char *code2name(int keycode
)
2004 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode
));
2007 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
2012 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
2013 lsym
= lsym
- 'A' + 'a';
2016 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF,
2017 vs
->vd
->kbd
, down
) & SCANCODE_KEYMASK
;
2018 trace_vnc_key_event_map(down
, sym
, keycode
, code2name(keycode
));
2019 do_key_event(vs
, down
, keycode
, sym
);
2022 static void ext_key_event(VncState
*vs
, int down
,
2023 uint32_t sym
, uint16_t keycode
)
2025 /* if the user specifies a keyboard layout, always use it */
2026 if (keyboard_layout
) {
2027 key_event(vs
, down
, sym
);
2029 trace_vnc_key_event_ext(down
, sym
, keycode
, code2name(keycode
));
2030 do_key_event(vs
, down
, keycode
, sym
);
2034 static void framebuffer_update_request(VncState
*vs
, int incremental
,
2035 int x
, int y
, int w
, int h
)
2038 if (vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
2039 vs
->update
= VNC_STATE_UPDATE_INCREMENTAL
;
2042 vs
->update
= VNC_STATE_UPDATE_FORCE
;
2043 vnc_set_area_dirty(vs
->dirty
, vs
->vd
, x
, y
, w
, h
);
2045 vnc_desktop_resize(vs
);
2046 vnc_led_state_change(vs
);
2047 vnc_cursor_define(vs
);
2051 static void send_ext_key_event_ack(VncState
*vs
)
2053 vnc_lock_output(vs
);
2054 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2055 vnc_write_u8(vs
, 0);
2056 vnc_write_u16(vs
, 1);
2057 vnc_framebuffer_update(vs
, 0, 0,
2058 pixman_image_get_width(vs
->vd
->server
),
2059 pixman_image_get_height(vs
->vd
->server
),
2060 VNC_ENCODING_EXT_KEY_EVENT
);
2061 vnc_unlock_output(vs
);
2065 static void send_ext_audio_ack(VncState
*vs
)
2067 vnc_lock_output(vs
);
2068 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2069 vnc_write_u8(vs
, 0);
2070 vnc_write_u16(vs
, 1);
2071 vnc_framebuffer_update(vs
, 0, 0,
2072 pixman_image_get_width(vs
->vd
->server
),
2073 pixman_image_get_height(vs
->vd
->server
),
2074 VNC_ENCODING_AUDIO
);
2075 vnc_unlock_output(vs
);
2079 static void send_xvp_message(VncState
*vs
, int code
)
2081 vnc_lock_output(vs
);
2082 vnc_write_u8(vs
, VNC_MSG_SERVER_XVP
);
2083 vnc_write_u8(vs
, 0); /* pad */
2084 vnc_write_u8(vs
, 1); /* version */
2085 vnc_write_u8(vs
, code
);
2086 vnc_unlock_output(vs
);
2090 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
2093 unsigned int enc
= 0;
2096 vs
->vnc_encoding
= 0;
2097 vs
->tight
->compression
= 9;
2098 vs
->tight
->quality
= -1; /* Lossless by default */
2102 * Start from the end because the encodings are sent in order of preference.
2103 * This way the preferred encoding (first encoding defined in the array)
2104 * will be set at the end of the loop.
2106 for (i
= n_encodings
- 1; i
>= 0; i
--) {
2109 case VNC_ENCODING_RAW
:
2110 vs
->vnc_encoding
= enc
;
2112 case VNC_ENCODING_HEXTILE
:
2113 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
2114 vs
->vnc_encoding
= enc
;
2116 case VNC_ENCODING_TIGHT
:
2117 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
2118 vs
->vnc_encoding
= enc
;
2120 #ifdef CONFIG_VNC_PNG
2121 case VNC_ENCODING_TIGHT_PNG
:
2122 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
2123 vs
->vnc_encoding
= enc
;
2126 case VNC_ENCODING_ZLIB
:
2128 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2129 * So prioritize ZRLE, even if the client hints that it prefers
2132 if ((vs
->features
& VNC_FEATURE_ZRLE_MASK
) == 0) {
2133 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
2134 vs
->vnc_encoding
= enc
;
2137 case VNC_ENCODING_ZRLE
:
2138 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
2139 vs
->vnc_encoding
= enc
;
2141 case VNC_ENCODING_ZYWRLE
:
2142 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
2143 vs
->vnc_encoding
= enc
;
2145 case VNC_ENCODING_DESKTOPRESIZE
:
2146 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
2148 case VNC_ENCODING_DESKTOP_RESIZE_EXT
:
2149 vs
->features
|= VNC_FEATURE_RESIZE_EXT_MASK
;
2151 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
2152 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
2154 case VNC_ENCODING_RICH_CURSOR
:
2155 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
2157 case VNC_ENCODING_ALPHA_CURSOR
:
2158 vs
->features
|= VNC_FEATURE_ALPHA_CURSOR_MASK
;
2160 case VNC_ENCODING_EXT_KEY_EVENT
:
2161 send_ext_key_event_ack(vs
);
2163 case VNC_ENCODING_AUDIO
:
2164 send_ext_audio_ack(vs
);
2166 case VNC_ENCODING_WMVi
:
2167 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
2169 case VNC_ENCODING_LED_STATE
:
2170 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
2172 case VNC_ENCODING_XVP
:
2173 if (vs
->vd
->power_control
) {
2174 vs
->features
|= VNC_FEATURE_XVP
;
2175 send_xvp_message(vs
, VNC_XVP_CODE_INIT
);
2178 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
2179 vs
->tight
->compression
= (enc
& 0x0F);
2181 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
2182 if (vs
->vd
->lossy
) {
2183 vs
->tight
->quality
= (enc
& 0x0F);
2187 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
2191 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
2194 static void set_pixel_conversion(VncState
*vs
)
2196 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
2198 if (fmt
== VNC_SERVER_FB_FORMAT
) {
2199 vs
->write_pixels
= vnc_write_pixels_copy
;
2200 vnc_hextile_set_pixel_conversion(vs
, 0);
2202 vs
->write_pixels
= vnc_write_pixels_generic
;
2203 vnc_hextile_set_pixel_conversion(vs
, 1);
2207 static void send_color_map(VncState
*vs
)
2211 vnc_lock_output(vs
);
2212 vnc_write_u8(vs
, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES
);
2213 vnc_write_u8(vs
, 0); /* padding */
2214 vnc_write_u16(vs
, 0); /* first color */
2215 vnc_write_u16(vs
, 256); /* # of colors */
2217 for (i
= 0; i
< 256; i
++) {
2218 PixelFormat
*pf
= &vs
->client_pf
;
2220 vnc_write_u16(vs
, (((i
>> pf
->rshift
) & pf
->rmax
) << (16 - pf
->rbits
)));
2221 vnc_write_u16(vs
, (((i
>> pf
->gshift
) & pf
->gmax
) << (16 - pf
->gbits
)));
2222 vnc_write_u16(vs
, (((i
>> pf
->bshift
) & pf
->bmax
) << (16 - pf
->bbits
)));
2224 vnc_unlock_output(vs
);
2227 static void set_pixel_format(VncState
*vs
, int bits_per_pixel
,
2228 int big_endian_flag
, int true_color_flag
,
2229 int red_max
, int green_max
, int blue_max
,
2230 int red_shift
, int green_shift
, int blue_shift
)
2232 if (!true_color_flag
) {
2233 /* Expose a reasonable default 256 color map */
2243 switch (bits_per_pixel
) {
2249 vnc_client_error(vs
);
2253 vs
->client_pf
.rmax
= red_max
? red_max
: 0xFF;
2254 vs
->client_pf
.rbits
= ctpopl(red_max
);
2255 vs
->client_pf
.rshift
= red_shift
;
2256 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2257 vs
->client_pf
.gmax
= green_max
? green_max
: 0xFF;
2258 vs
->client_pf
.gbits
= ctpopl(green_max
);
2259 vs
->client_pf
.gshift
= green_shift
;
2260 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2261 vs
->client_pf
.bmax
= blue_max
? blue_max
: 0xFF;
2262 vs
->client_pf
.bbits
= ctpopl(blue_max
);
2263 vs
->client_pf
.bshift
= blue_shift
;
2264 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2265 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2266 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2267 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2268 vs
->client_be
= big_endian_flag
;
2270 if (!true_color_flag
) {
2274 set_pixel_conversion(vs
);
2276 graphic_hw_invalidate(vs
->vd
->dcl
.con
);
2277 graphic_hw_update(vs
->vd
->dcl
.con
);
2280 static void pixel_format_message (VncState
*vs
) {
2281 char pad
[3] = { 0, 0, 0 };
2283 vs
->client_pf
= qemu_default_pixelformat(32);
2285 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2286 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2288 #ifdef HOST_WORDS_BIGENDIAN
2289 vnc_write_u8(vs
, 1); /* big-endian-flag */
2291 vnc_write_u8(vs
, 0); /* big-endian-flag */
2293 vnc_write_u8(vs
, 1); /* true-color-flag */
2294 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2295 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2296 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2297 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2298 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2299 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2300 vnc_write(vs
, pad
, 3); /* padding */
2302 vnc_hextile_set_pixel_conversion(vs
, 0);
2303 vs
->write_pixels
= vnc_write_pixels_copy
;
2306 static void vnc_colordepth(VncState
*vs
)
2308 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2309 /* Sending a WMVi message to notify the client*/
2310 vnc_lock_output(vs
);
2311 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2312 vnc_write_u8(vs
, 0);
2313 vnc_write_u16(vs
, 1); /* number of rects */
2314 vnc_framebuffer_update(vs
, 0, 0,
2315 pixman_image_get_width(vs
->vd
->server
),
2316 pixman_image_get_height(vs
->vd
->server
),
2318 pixel_format_message(vs
);
2319 vnc_unlock_output(vs
);
2322 set_pixel_conversion(vs
);
2326 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2331 VncDisplay
*vd
= vs
->vd
;
2334 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2338 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2342 set_pixel_format(vs
, read_u8(data
, 4),
2343 read_u8(data
, 6), read_u8(data
, 7),
2344 read_u16(data
, 8), read_u16(data
, 10),
2345 read_u16(data
, 12), read_u8(data
, 14),
2346 read_u8(data
, 15), read_u8(data
, 16));
2348 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2353 limit
= read_u16(data
, 2);
2355 return 4 + (limit
* 4);
2357 limit
= read_u16(data
, 2);
2359 for (i
= 0; i
< limit
; i
++) {
2360 int32_t val
= read_s32(data
, 4 + (i
* 4));
2361 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2364 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2366 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2370 framebuffer_update_request(vs
,
2371 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2372 read_u16(data
, 6), read_u16(data
, 8));
2374 case VNC_MSG_CLIENT_KEY_EVENT
:
2378 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2380 case VNC_MSG_CLIENT_POINTER_EVENT
:
2384 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2386 case VNC_MSG_CLIENT_CUT_TEXT
:
2391 uint32_t dlen
= read_u32(data
, 4);
2392 if (dlen
> (1 << 20)) {
2393 error_report("vnc: client_cut_text msg payload has %u bytes"
2394 " which exceeds our limit of 1MB.", dlen
);
2395 vnc_client_error(vs
);
2403 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2405 case VNC_MSG_CLIENT_XVP
:
2406 if (!(vs
->features
& VNC_FEATURE_XVP
)) {
2407 error_report("vnc: xvp client message while disabled");
2408 vnc_client_error(vs
);
2415 uint8_t version
= read_u8(data
, 2);
2416 uint8_t action
= read_u8(data
, 3);
2419 error_report("vnc: xvp client message version %d != 1",
2421 vnc_client_error(vs
);
2426 case VNC_XVP_ACTION_SHUTDOWN
:
2427 qemu_system_powerdown_request();
2429 case VNC_XVP_ACTION_REBOOT
:
2430 send_xvp_message(vs
, VNC_XVP_CODE_FAIL
);
2432 case VNC_XVP_ACTION_RESET
:
2433 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET
);
2436 send_xvp_message(vs
, VNC_XVP_CODE_FAIL
);
2441 case VNC_MSG_CLIENT_QEMU
:
2445 switch (read_u8(data
, 1)) {
2446 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2450 ext_key_event(vs
, read_u16(data
, 2),
2451 read_u32(data
, 4), read_u32(data
, 8));
2453 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2457 switch (read_u16 (data
, 2)) {
2458 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2461 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2464 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2467 switch (read_u8(data
, 4)) {
2468 case 0: vs
->as
.fmt
= AUDIO_FORMAT_U8
; break;
2469 case 1: vs
->as
.fmt
= AUDIO_FORMAT_S8
; break;
2470 case 2: vs
->as
.fmt
= AUDIO_FORMAT_U16
; break;
2471 case 3: vs
->as
.fmt
= AUDIO_FORMAT_S16
; break;
2472 case 4: vs
->as
.fmt
= AUDIO_FORMAT_U32
; break;
2473 case 5: vs
->as
.fmt
= AUDIO_FORMAT_S32
; break;
2475 VNC_DEBUG("Invalid audio format %d\n", read_u8(data
, 4));
2476 vnc_client_error(vs
);
2479 vs
->as
.nchannels
= read_u8(data
, 5);
2480 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2481 VNC_DEBUG("Invalid audio channel count %d\n",
2483 vnc_client_error(vs
);
2486 freq
= read_u32(data
, 6);
2487 /* No official limit for protocol, but 48khz is a sensible
2488 * upper bound for trustworthy clients, and this limit
2489 * protects calculations involving 'vs->as.freq' later.
2492 VNC_DEBUG("Invalid audio frequency %u > 48000", freq
);
2493 vnc_client_error(vs
);
2499 VNC_DEBUG("Invalid audio message %d\n", read_u8(data
, 4));
2500 vnc_client_error(vs
);
2506 VNC_DEBUG("Msg: %d\n", read_u16(data
, 0));
2507 vnc_client_error(vs
);
2511 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE
:
2520 screens
= read_u8(data
, 6);
2521 size
= 8 + screens
* 16;
2526 if (dpy_ui_info_supported(vs
->vd
->dcl
.con
)) {
2528 memset(&info
, 0, sizeof(info
));
2529 info
.width
= read_u16(data
, 2);
2530 info
.height
= read_u16(data
, 4);
2531 dpy_set_ui_info(vs
->vd
->dcl
.con
, &info
);
2532 vnc_desktop_resize_ext(vs
, 4 /* Request forwarded */);
2534 vnc_desktop_resize_ext(vs
, 3 /* Invalid screen layout */);
2540 VNC_DEBUG("Msg: %d\n", data
[0]);
2541 vnc_client_error(vs
);
2545 vnc_update_throttle_offset(vs
);
2546 vnc_read_when(vs
, protocol_client_msg
, 1);
2550 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2556 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2557 switch (vs
->vd
->share_policy
) {
2558 case VNC_SHARE_POLICY_IGNORE
:
2560 * Ignore the shared flag. Nothing to do here.
2562 * Doesn't conform to the rfb spec but is traditional qemu
2563 * behavior, thus left here as option for compatibility
2567 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2569 * Policy: Allow clients ask for exclusive access.
2571 * Implementation: When a client asks for exclusive access,
2572 * disconnect all others. Shared connects are allowed as long
2573 * as no exclusive connection exists.
2575 * This is how the rfb spec suggests to handle the shared flag.
2577 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2579 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2583 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2584 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2587 vnc_disconnect_start(client
);
2590 if (mode
== VNC_SHARE_MODE_SHARED
) {
2591 if (vs
->vd
->num_exclusive
> 0) {
2592 vnc_disconnect_start(vs
);
2597 case VNC_SHARE_POLICY_FORCE_SHARED
:
2599 * Policy: Shared connects only.
2600 * Implementation: Disallow clients asking for exclusive access.
2602 * Useful for shared desktop sessions where you don't want
2603 * someone forgetting to say -shared when running the vnc
2604 * client disconnect everybody else.
2606 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2607 vnc_disconnect_start(vs
);
2612 vnc_set_share_mode(vs
, mode
);
2614 if (vs
->vd
->num_shared
> vs
->vd
->connections_limit
) {
2615 vnc_disconnect_start(vs
);
2619 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
2620 pixman_image_get_width(vs
->vd
->server
) >= 0);
2621 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
2622 pixman_image_get_height(vs
->vd
->server
) >= 0);
2623 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
2624 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
2625 vnc_write_u16(vs
, vs
->client_width
);
2626 vnc_write_u16(vs
, vs
->client_height
);
2628 pixel_format_message(vs
);
2631 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2632 if (size
> sizeof(buf
)) {
2636 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2639 vnc_write_u32(vs
, size
);
2640 vnc_write(vs
, buf
, size
);
2643 vnc_client_cache_auth(vs
);
2644 vnc_qmp_event(vs
, QAPI_EVENT_VNC_INITIALIZED
);
2646 vnc_read_when(vs
, protocol_client_msg
, 1);
2651 void start_client_init(VncState
*vs
)
2653 vnc_read_when(vs
, protocol_client_init
, 1);
2656 static void authentication_failed(VncState
*vs
)
2658 vnc_write_u32(vs
, 1); /* Reject auth */
2659 if (vs
->minor
>= 8) {
2660 static const char err
[] = "Authentication failed";
2661 vnc_write_u32(vs
, sizeof(err
));
2662 vnc_write(vs
, err
, sizeof(err
));
2665 vnc_client_error(vs
);
2668 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2670 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2672 unsigned char key
[8];
2673 time_t now
= time(NULL
);
2674 QCryptoCipher
*cipher
= NULL
;
2677 if (!vs
->vd
->password
) {
2678 trace_vnc_auth_fail(vs
, vs
->auth
, "password is not set", "");
2681 if (vs
->vd
->expires
< now
) {
2682 trace_vnc_auth_fail(vs
, vs
->auth
, "password is expired", "");
2686 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2688 /* Calculate the expected challenge response */
2689 pwlen
= strlen(vs
->vd
->password
);
2690 for (i
=0; i
<sizeof(key
); i
++)
2691 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2693 cipher
= qcrypto_cipher_new(
2694 QCRYPTO_CIPHER_ALG_DES_RFB
,
2695 QCRYPTO_CIPHER_MODE_ECB
,
2696 key
, G_N_ELEMENTS(key
),
2699 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot create cipher",
2700 error_get_pretty(err
));
2705 if (qcrypto_cipher_encrypt(cipher
,
2708 VNC_AUTH_CHALLENGE_SIZE
,
2710 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot encrypt challenge response",
2711 error_get_pretty(err
));
2716 /* Compare expected vs actual challenge response */
2717 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2718 trace_vnc_auth_fail(vs
, vs
->auth
, "mis-matched challenge response", "");
2721 trace_vnc_auth_pass(vs
, vs
->auth
);
2722 vnc_write_u32(vs
, 0); /* Accept auth */
2725 start_client_init(vs
);
2728 qcrypto_cipher_free(cipher
);
2732 authentication_failed(vs
);
2733 qcrypto_cipher_free(cipher
);
2737 void start_auth_vnc(VncState
*vs
)
2741 if (qcrypto_random_bytes(vs
->challenge
, sizeof(vs
->challenge
), &err
)) {
2742 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot get random bytes",
2743 error_get_pretty(err
));
2745 authentication_failed(vs
);
2749 /* Send client a 'random' challenge */
2750 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2753 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2757 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2759 /* We only advertise 1 auth scheme at a time, so client
2760 * must pick the one we sent. Verify this */
2761 if (data
[0] != vs
->auth
) { /* Reject auth */
2762 trace_vnc_auth_reject(vs
, vs
->auth
, (int)data
[0]);
2763 authentication_failed(vs
);
2764 } else { /* Accept requested auth */
2765 trace_vnc_auth_start(vs
, vs
->auth
);
2768 if (vs
->minor
>= 8) {
2769 vnc_write_u32(vs
, 0); /* Accept auth completion */
2772 trace_vnc_auth_pass(vs
, vs
->auth
);
2773 start_client_init(vs
);
2780 case VNC_AUTH_VENCRYPT
:
2781 start_auth_vencrypt(vs
);
2784 #ifdef CONFIG_VNC_SASL
2786 start_auth_sasl(vs
);
2788 #endif /* CONFIG_VNC_SASL */
2790 default: /* Should not be possible, but just in case */
2791 trace_vnc_auth_fail(vs
, vs
->auth
, "Unhandled auth method", "");
2792 authentication_failed(vs
);
2798 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2802 memcpy(local
, version
, 12);
2805 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2806 VNC_DEBUG("Malformed protocol version %s\n", local
);
2807 vnc_client_error(vs
);
2810 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2811 if (vs
->major
!= 3 ||
2817 VNC_DEBUG("Unsupported client version\n");
2818 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2820 vnc_client_error(vs
);
2823 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2824 * as equivalent to v3.3 by servers
2826 if (vs
->minor
== 4 || vs
->minor
== 5)
2829 if (vs
->minor
== 3) {
2830 trace_vnc_auth_start(vs
, vs
->auth
);
2831 if (vs
->auth
== VNC_AUTH_NONE
) {
2832 vnc_write_u32(vs
, vs
->auth
);
2834 trace_vnc_auth_pass(vs
, vs
->auth
);
2835 start_client_init(vs
);
2836 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2837 VNC_DEBUG("Tell client VNC auth\n");
2838 vnc_write_u32(vs
, vs
->auth
);
2842 trace_vnc_auth_fail(vs
, vs
->auth
,
2843 "Unsupported auth method for v3.3", "");
2844 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2846 vnc_client_error(vs
);
2849 vnc_write_u8(vs
, 1); /* num auth */
2850 vnc_write_u8(vs
, vs
->auth
);
2851 vnc_read_when(vs
, protocol_client_auth
, 1);
2858 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2860 struct VncSurface
*vs
= &vd
->guest
;
2862 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2865 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2869 w
= (x
+ w
) / VNC_STAT_RECT
;
2870 h
= (y
+ h
) / VNC_STAT_RECT
;
2874 for (j
= y
; j
<= h
; j
++) {
2875 for (i
= x
; i
<= w
; i
++) {
2876 vs
->lossy_rect
[j
][i
] = 1;
2881 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2884 int sty
= y
/ VNC_STAT_RECT
;
2885 int stx
= x
/ VNC_STAT_RECT
;
2888 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2889 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2891 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2894 /* kernel send buffers are full -> refresh later */
2895 if (vs
->output
.offset
) {
2899 if (!vs
->lossy_rect
[sty
][stx
]) {
2903 vs
->lossy_rect
[sty
][stx
] = 0;
2904 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2905 bitmap_set(vs
->dirty
[y
+ j
],
2906 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2907 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2915 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2917 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2918 pixman_image_get_width(vd
->server
));
2919 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2920 pixman_image_get_height(vd
->server
));
2925 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2926 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2927 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2929 rect
->updated
= false;
2933 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2935 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2938 vd
->guest
.last_freq_check
= *tv
;
2940 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2941 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2942 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2943 int count
= ARRAY_SIZE(rect
->times
);
2944 struct timeval min
, max
;
2946 if (!timerisset(&rect
->times
[count
- 1])) {
2950 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2951 qemu_timersub(tv
, &max
, &res
);
2953 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2955 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2956 memset(rect
->times
, 0, sizeof (rect
->times
));
2960 min
= rect
->times
[rect
->idx
];
2961 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2962 qemu_timersub(&max
, &min
, &res
);
2964 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2965 rect
->freq
/= count
;
2966 rect
->freq
= 1. / rect
->freq
;
2972 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2978 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2979 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2981 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2982 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2983 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2995 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2999 rect
= vnc_stat_rect(vd
, x
, y
);
3000 if (rect
->updated
) {
3003 rect
->times
[rect
->idx
] = *tv
;
3004 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
3005 rect
->updated
= true;
3008 static int vnc_refresh_server_surface(VncDisplay
*vd
)
3010 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
3011 pixman_image_get_width(vd
->server
));
3012 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
3013 pixman_image_get_height(vd
->server
));
3014 int cmp_bytes
, server_stride
, line_bytes
, guest_ll
, guest_stride
, y
= 0;
3015 uint8_t *guest_row0
= NULL
, *server_row0
;
3018 pixman_image_t
*tmpbuf
= NULL
;
3020 struct timeval tv
= { 0, 0 };
3022 if (!vd
->non_adaptive
) {
3023 gettimeofday(&tv
, NULL
);
3024 has_dirty
= vnc_update_stats(vd
, &tv
);
3028 * Walk through the guest dirty map.
3029 * Check and copy modified bits from guest to server surface.
3030 * Update server dirty map.
3032 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
3033 server_stride
= guest_stride
= guest_ll
=
3034 pixman_image_get_stride(vd
->server
);
3035 cmp_bytes
= MIN(VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
,
3037 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
3038 int width
= pixman_image_get_width(vd
->server
);
3039 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
3042 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd
->guest
.fb
));
3043 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
3044 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
3045 guest_ll
= pixman_image_get_width(vd
->guest
.fb
)
3046 * DIV_ROUND_UP(guest_bpp
, 8);
3048 line_bytes
= MIN(server_stride
, guest_ll
);
3052 uint8_t *guest_ptr
, *server_ptr
;
3053 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
3054 height
* VNC_DIRTY_BPL(&vd
->guest
),
3055 y
* VNC_DIRTY_BPL(&vd
->guest
));
3056 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
3057 /* no more dirty bits */
3060 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
3061 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
3063 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
3065 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
3066 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
3067 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
3069 guest_ptr
= guest_row0
+ y
* guest_stride
;
3071 guest_ptr
+= x
* cmp_bytes
;
3073 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
3074 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
3075 int _cmp_bytes
= cmp_bytes
;
3076 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
3079 if ((x
+ 1) * cmp_bytes
> line_bytes
) {
3080 _cmp_bytes
= line_bytes
- x
* cmp_bytes
;
3082 assert(_cmp_bytes
>= 0);
3083 if (memcmp(server_ptr
, guest_ptr
, _cmp_bytes
) == 0) {
3086 memcpy(server_ptr
, guest_ptr
, _cmp_bytes
);
3087 if (!vd
->non_adaptive
) {
3088 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
3091 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3092 set_bit(x
, vs
->dirty
[y
]);
3099 qemu_pixman_image_unref(tmpbuf
);
3103 static void vnc_refresh(DisplayChangeListener
*dcl
)
3105 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
3107 int has_dirty
, rects
= 0;
3109 if (QTAILQ_EMPTY(&vd
->clients
)) {
3110 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
3114 graphic_hw_update(vd
->dcl
.con
);
3116 if (vnc_trylock_display(vd
)) {
3117 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3121 has_dirty
= vnc_refresh_server_surface(vd
);
3122 vnc_unlock_display(vd
);
3124 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
3125 rects
+= vnc_update_client(vs
, has_dirty
);
3126 /* vs might be free()ed here */
3129 if (has_dirty
&& rects
) {
3130 vd
->dcl
.update_interval
/= 2;
3131 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
3132 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
3135 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
3136 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
3137 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
3142 static void vnc_connect(VncDisplay
*vd
, QIOChannelSocket
*sioc
,
3143 bool skipauth
, bool websocket
)
3145 VncState
*vs
= g_new0(VncState
, 1);
3146 bool first_client
= QTAILQ_EMPTY(&vd
->clients
);
3149 trace_vnc_client_connect(vs
, sioc
);
3150 vs
->zrle
= g_new0(VncZrle
, 1);
3151 vs
->tight
= g_new0(VncTight
, 1);
3152 vs
->magic
= VNC_MAGIC
;
3154 object_ref(OBJECT(vs
->sioc
));
3155 vs
->ioc
= QIO_CHANNEL(sioc
);
3156 object_ref(OBJECT(vs
->ioc
));
3159 buffer_init(&vs
->input
, "vnc-input/%p", sioc
);
3160 buffer_init(&vs
->output
, "vnc-output/%p", sioc
);
3161 buffer_init(&vs
->jobs_buffer
, "vnc-jobs_buffer/%p", sioc
);
3163 buffer_init(&vs
->tight
->tight
, "vnc-tight/%p", sioc
);
3164 buffer_init(&vs
->tight
->zlib
, "vnc-tight-zlib/%p", sioc
);
3165 buffer_init(&vs
->tight
->gradient
, "vnc-tight-gradient/%p", sioc
);
3166 #ifdef CONFIG_VNC_JPEG
3167 buffer_init(&vs
->tight
->jpeg
, "vnc-tight-jpeg/%p", sioc
);
3169 #ifdef CONFIG_VNC_PNG
3170 buffer_init(&vs
->tight
->png
, "vnc-tight-png/%p", sioc
);
3172 buffer_init(&vs
->zlib
.zlib
, "vnc-zlib/%p", sioc
);
3173 buffer_init(&vs
->zrle
->zrle
, "vnc-zrle/%p", sioc
);
3174 buffer_init(&vs
->zrle
->fb
, "vnc-zrle-fb/%p", sioc
);
3175 buffer_init(&vs
->zrle
->zlib
, "vnc-zrle-zlib/%p", sioc
);
3178 vs
->auth
= VNC_AUTH_NONE
;
3179 vs
->subauth
= VNC_AUTH_INVALID
;
3182 vs
->auth
= vd
->ws_auth
;
3183 vs
->subauth
= VNC_AUTH_INVALID
;
3185 vs
->auth
= vd
->auth
;
3186 vs
->subauth
= vd
->subauth
;
3189 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3190 sioc
, websocket
, vs
->auth
, vs
->subauth
);
3192 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
3193 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
3194 vs
->lossy_rect
[i
] = g_new0(uint8_t, VNC_STAT_COLS
);
3197 VNC_DEBUG("New client on socket %p\n", vs
->sioc
);
3198 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3199 qio_channel_set_blocking(vs
->ioc
, false, NULL
);
3201 g_source_remove(vs
->ioc_tag
);
3206 vs
->ioc_tag
= qio_channel_add_watch(
3207 vs
->ioc
, G_IO_IN
| G_IO_HUP
| G_IO_ERR
,
3208 vncws_tls_handshake_io
, vs
, NULL
);
3210 vs
->ioc_tag
= qio_channel_add_watch(
3211 vs
->ioc
, G_IO_IN
| G_IO_HUP
| G_IO_ERR
,
3212 vncws_handshake_io
, vs
, NULL
);
3215 vs
->ioc_tag
= qio_channel_add_watch(
3216 vs
->ioc
, G_IO_IN
| G_IO_HUP
| G_IO_ERR
,
3217 vnc_client_io
, vs
, NULL
);
3220 vnc_client_cache_addr(vs
);
3221 vnc_qmp_event(vs
, QAPI_EVENT_VNC_CONNECTED
);
3222 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
3227 vs
->as
.freq
= 44100;
3228 vs
->as
.nchannels
= 2;
3229 vs
->as
.fmt
= AUDIO_FORMAT_S16
;
3230 vs
->as
.endianness
= 0;
3232 qemu_mutex_init(&vs
->output_mutex
);
3233 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
3235 QTAILQ_INSERT_TAIL(&vd
->clients
, vs
, next
);
3237 vnc_update_server_surface(vd
);
3240 graphic_hw_update(vd
->dcl
.con
);
3242 if (!vs
->websocket
) {
3243 vnc_start_protocol(vs
);
3246 if (vd
->num_connecting
> vd
->connections_limit
) {
3247 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3248 if (vs
->share_mode
== VNC_SHARE_MODE_CONNECTING
) {
3249 vnc_disconnect_start(vs
);
3256 void vnc_start_protocol(VncState
*vs
)
3258 vnc_write(vs
, "RFB 003.008\n", 12);
3260 vnc_read_when(vs
, protocol_version
, 12);
3262 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
3263 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
3266 static void vnc_listen_io(QIONetListener
*listener
,
3267 QIOChannelSocket
*cioc
,
3270 VncDisplay
*vd
= opaque
;
3271 bool isWebsock
= listener
== vd
->wslistener
;
3273 qio_channel_set_name(QIO_CHANNEL(cioc
),
3274 isWebsock
? "vnc-ws-server" : "vnc-server");
3275 qio_channel_set_delay(QIO_CHANNEL(cioc
), false);
3276 vnc_connect(vd
, cioc
, false, isWebsock
);
3279 static const DisplayChangeListenerOps dcl_ops
= {
3281 .dpy_refresh
= vnc_refresh
,
3282 .dpy_gfx_update
= vnc_dpy_update
,
3283 .dpy_gfx_switch
= vnc_dpy_switch
,
3284 .dpy_gfx_check_format
= qemu_pixman_check_format
,
3285 .dpy_mouse_set
= vnc_mouse_set
,
3286 .dpy_cursor_define
= vnc_dpy_cursor_define
,
3289 void vnc_display_init(const char *id
, Error
**errp
)
3293 if (vnc_display_find(id
) != NULL
) {
3296 vd
= g_malloc0(sizeof(*vd
));
3298 vd
->id
= strdup(id
);
3299 QTAILQ_INSERT_TAIL(&vnc_displays
, vd
, next
);
3301 QTAILQ_INIT(&vd
->clients
);
3302 vd
->expires
= TIME_MAX
;
3304 if (keyboard_layout
) {
3305 trace_vnc_key_map_init(keyboard_layout
);
3306 vd
->kbd_layout
= init_keyboard_layout(name2keysym
,
3307 keyboard_layout
, errp
);
3309 vd
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us", errp
);
3312 if (!vd
->kbd_layout
) {
3316 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3317 vd
->connections_limit
= 32;
3319 qemu_mutex_init(&vd
->mutex
);
3320 vnc_start_worker_thread();
3322 vd
->dcl
.ops
= &dcl_ops
;
3323 register_displaychangelistener(&vd
->dcl
);
3324 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
3328 static void vnc_display_close(VncDisplay
*vd
)
3333 vd
->is_unix
= false;
3336 qio_net_listener_disconnect(vd
->listener
);
3337 object_unref(OBJECT(vd
->listener
));
3339 vd
->listener
= NULL
;
3341 if (vd
->wslistener
) {
3342 qio_net_listener_disconnect(vd
->wslistener
);
3343 object_unref(OBJECT(vd
->wslistener
));
3345 vd
->wslistener
= NULL
;
3347 vd
->auth
= VNC_AUTH_INVALID
;
3348 vd
->subauth
= VNC_AUTH_INVALID
;
3350 object_unref(OBJECT(vd
->tlscreds
));
3351 vd
->tlscreds
= NULL
;
3354 object_unparent(OBJECT(vd
->tlsauthz
));
3355 vd
->tlsauthz
= NULL
;
3357 g_free(vd
->tlsauthzid
);
3358 vd
->tlsauthzid
= NULL
;
3359 if (vd
->lock_key_sync
) {
3360 qemu_remove_led_event_handler(vd
->led
);
3363 #ifdef CONFIG_VNC_SASL
3364 if (vd
->sasl
.authz
) {
3365 object_unparent(OBJECT(vd
->sasl
.authz
));
3366 vd
->sasl
.authz
= NULL
;
3368 g_free(vd
->sasl
.authzid
);
3369 vd
->sasl
.authzid
= NULL
;
3373 int vnc_display_password(const char *id
, const char *password
)
3375 VncDisplay
*vd
= vnc_display_find(id
);
3380 if (vd
->auth
== VNC_AUTH_NONE
) {
3381 error_printf_unless_qmp("If you want use passwords please enable "
3382 "password auth using '-vnc ${dpy},password'.\n");
3386 g_free(vd
->password
);
3387 vd
->password
= g_strdup(password
);
3392 int vnc_display_pw_expire(const char *id
, time_t expires
)
3394 VncDisplay
*vd
= vnc_display_find(id
);
3400 vd
->expires
= expires
;
3404 static void vnc_display_print_local_addr(VncDisplay
*vd
)
3406 SocketAddress
*addr
;
3408 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
3412 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0], NULL
);
3417 if (addr
->type
!= SOCKET_ADDRESS_TYPE_INET
) {
3418 qapi_free_SocketAddress(addr
);
3421 error_printf_unless_qmp("VNC server running on %s:%s\n",
3424 qapi_free_SocketAddress(addr
);
3427 static QemuOptsList qemu_vnc_opts
= {
3429 .head
= QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts
.head
),
3430 .implied_opt_name
= "vnc",
3434 .type
= QEMU_OPT_STRING
,
3436 .name
= "websocket",
3437 .type
= QEMU_OPT_STRING
,
3439 .name
= "tls-creds",
3440 .type
= QEMU_OPT_STRING
,
3443 .type
= QEMU_OPT_STRING
,
3446 .type
= QEMU_OPT_STRING
,
3449 .type
= QEMU_OPT_NUMBER
,
3451 .name
= "connections",
3452 .type
= QEMU_OPT_NUMBER
,
3455 .type
= QEMU_OPT_NUMBER
,
3458 .type
= QEMU_OPT_BOOL
,
3461 .type
= QEMU_OPT_BOOL
,
3464 .type
= QEMU_OPT_BOOL
,
3467 .type
= QEMU_OPT_BOOL
,
3469 .name
= "lock-key-sync",
3470 .type
= QEMU_OPT_BOOL
,
3472 .name
= "key-delay-ms",
3473 .type
= QEMU_OPT_NUMBER
,
3476 .type
= QEMU_OPT_BOOL
,
3479 .type
= QEMU_OPT_BOOL
,
3481 .name
= "tls-authz",
3482 .type
= QEMU_OPT_STRING
,
3484 .name
= "sasl-authz",
3485 .type
= QEMU_OPT_STRING
,
3488 .type
= QEMU_OPT_BOOL
,
3490 .name
= "non-adaptive",
3491 .type
= QEMU_OPT_BOOL
,
3494 .type
= QEMU_OPT_STRING
,
3496 .name
= "power-control",
3497 .type
= QEMU_OPT_BOOL
,
3499 { /* end of list */ }
3505 vnc_display_setup_auth(int *auth
,
3507 QCryptoTLSCreds
*tlscreds
,
3514 * We have a choice of 3 authentication options
3520 * The channel can be run in 2 modes
3525 * And TLS can use 2 types of credentials
3530 * We thus have 9 possible logical combinations
3535 * 4. tls + anon + none
3536 * 5. tls + anon + vnc
3537 * 6. tls + anon + sasl
3538 * 7. tls + x509 + none
3539 * 8. tls + x509 + vnc
3540 * 9. tls + x509 + sasl
3542 * These need to be mapped into the VNC auth schemes
3543 * in an appropriate manner. In regular VNC, all the
3544 * TLS options get mapped into VNC_AUTH_VENCRYPT
3547 * In websockets, the https:// protocol already provides
3548 * TLS support, so there is no need to make use of the
3549 * VeNCrypt extension. Furthermore, websockets browser
3550 * clients could not use VeNCrypt even if they wanted to,
3551 * as they cannot control when the TLS handshake takes
3552 * place. Thus there is no option but to rely on https://,
3553 * meaning combinations 4->6 and 7->9 will be mapped to
3554 * VNC auth schemes in the same way as combos 1->3.
3556 * Regardless of fact that we have a different mapping to
3557 * VNC auth mechs for plain VNC vs websockets VNC, the end
3558 * result has the same security characteristics.
3560 if (websocket
|| !tlscreds
) {
3562 VNC_DEBUG("Initializing VNC server with password auth\n");
3563 *auth
= VNC_AUTH_VNC
;
3565 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3566 *auth
= VNC_AUTH_SASL
;
3568 VNC_DEBUG("Initializing VNC server with no auth\n");
3569 *auth
= VNC_AUTH_NONE
;
3571 *subauth
= VNC_AUTH_INVALID
;
3573 bool is_x509
= object_dynamic_cast(OBJECT(tlscreds
),
3574 TYPE_QCRYPTO_TLS_CREDS_X509
) != NULL
;
3575 bool is_anon
= object_dynamic_cast(OBJECT(tlscreds
),
3576 TYPE_QCRYPTO_TLS_CREDS_ANON
) != NULL
;
3578 if (!is_x509
&& !is_anon
) {
3580 "Unsupported TLS cred type %s",
3581 object_get_typename(OBJECT(tlscreds
)));
3584 *auth
= VNC_AUTH_VENCRYPT
;
3587 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3588 *subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3590 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3591 *subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3596 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3597 *subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3599 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3600 *subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3604 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3605 *subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3607 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3608 *subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3616 static int vnc_display_get_address(const char *addrstr
,
3625 SocketAddress
**retaddr
,
3629 SocketAddress
*addr
= NULL
;
3631 addr
= g_new0(SocketAddress
, 1);
3633 if (strncmp(addrstr
, "unix:", 5) == 0) {
3634 addr
->type
= SOCKET_ADDRESS_TYPE_UNIX
;
3635 addr
->u
.q_unix
.path
= g_strdup(addrstr
+ 5);
3638 error_setg(errp
, "UNIX sockets not supported with websock");
3643 error_setg(errp
, "Port range not support with UNIX socket");
3650 unsigned long long baseport
= 0;
3651 InetSocketAddress
*inet
;
3653 port
= strrchr(addrstr
, ':');
3659 error_setg(errp
, "no vnc port specified");
3663 hostlen
= port
- addrstr
;
3665 if (*port
== '\0') {
3666 error_setg(errp
, "vnc port cannot be empty");
3671 addr
->type
= SOCKET_ADDRESS_TYPE_INET
;
3672 inet
= &addr
->u
.inet
;
3673 if (addrstr
[0] == '[' && addrstr
[hostlen
- 1] == ']') {
3674 inet
->host
= g_strndup(addrstr
+ 1, hostlen
- 2);
3676 inet
->host
= g_strndup(addrstr
, hostlen
);
3678 /* plain VNC port is just an offset, for websocket
3679 * port is absolute */
3681 if (g_str_equal(addrstr
, "") ||
3682 g_str_equal(addrstr
, "on")) {
3683 if (displaynum
== -1) {
3684 error_setg(errp
, "explicit websocket port is required");
3687 inet
->port
= g_strdup_printf(
3688 "%d", displaynum
+ 5700);
3690 inet
->has_to
= true;
3691 inet
->to
= to
+ 5700;
3694 inet
->port
= g_strdup(port
);
3697 int offset
= reverse
? 0 : 5900;
3698 if (parse_uint_full(port
, &baseport
, 10) < 0) {
3699 error_setg(errp
, "can't convert to a number: %s", port
);
3702 if (baseport
> 65535 ||
3703 baseport
+ offset
> 65535) {
3704 error_setg(errp
, "port %s out of range", port
);
3707 inet
->port
= g_strdup_printf(
3708 "%d", (int)baseport
+ offset
);
3711 inet
->has_to
= true;
3712 inet
->to
= to
+ offset
;
3717 inet
->has_ipv4
= has_ipv4
;
3719 inet
->has_ipv6
= has_ipv6
;
3728 qapi_free_SocketAddress(addr
);
3733 static void vnc_free_addresses(SocketAddress
***retsaddr
,
3738 for (i
= 0; i
< *retnsaddr
; i
++) {
3739 qapi_free_SocketAddress((*retsaddr
)[i
]);
3747 static int vnc_display_get_addresses(QemuOpts
*opts
,
3749 SocketAddress
***retsaddr
,
3751 SocketAddress
***retwsaddr
,
3755 SocketAddress
*saddr
= NULL
;
3756 SocketAddress
*wsaddr
= NULL
;
3757 QemuOptsIter addriter
;
3759 int to
= qemu_opt_get_number(opts
, "to", 0);
3760 bool has_ipv4
= qemu_opt_get(opts
, "ipv4");
3761 bool has_ipv6
= qemu_opt_get(opts
, "ipv6");
3762 bool ipv4
= qemu_opt_get_bool(opts
, "ipv4", false);
3763 bool ipv6
= qemu_opt_get_bool(opts
, "ipv6", false);
3764 int displaynum
= -1;
3772 addr
= qemu_opt_get(opts
, "vnc");
3773 if (addr
== NULL
|| g_str_equal(addr
, "none")) {
3777 if (qemu_opt_get(opts
, "websocket") &&
3778 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1
)) {
3780 "SHA1 hash support is required for websockets");
3784 qemu_opt_iter_init(&addriter
, opts
, "vnc");
3785 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3787 rv
= vnc_display_get_address(addr
, false, reverse
, 0, to
,
3794 /* Historical compat - first listen address can be used
3795 * to set the default websocket port
3797 if (displaynum
== -1) {
3800 *retsaddr
= g_renew(SocketAddress
*, *retsaddr
, *retnsaddr
+ 1);
3801 (*retsaddr
)[(*retnsaddr
)++] = saddr
;
3804 /* If we had multiple primary displays, we don't do defaults
3805 * for websocket, and require explicit config instead. */
3806 if (*retnsaddr
> 1) {
3810 qemu_opt_iter_init(&addriter
, opts
, "websocket");
3811 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3812 if (vnc_display_get_address(addr
, true, reverse
, displaynum
, to
,
3815 &wsaddr
, errp
) < 0) {
3819 /* Historical compat - if only a single listen address was
3820 * provided, then this is used to set the default listen
3821 * address for websocket too
3823 if (*retnsaddr
== 1 &&
3824 (*retsaddr
)[0]->type
== SOCKET_ADDRESS_TYPE_INET
&&
3825 wsaddr
->type
== SOCKET_ADDRESS_TYPE_INET
&&
3826 g_str_equal(wsaddr
->u
.inet
.host
, "") &&
3827 !g_str_equal((*retsaddr
)[0]->u
.inet
.host
, "")) {
3828 g_free(wsaddr
->u
.inet
.host
);
3829 wsaddr
->u
.inet
.host
= g_strdup((*retsaddr
)[0]->u
.inet
.host
);
3832 *retwsaddr
= g_renew(SocketAddress
*, *retwsaddr
, *retnwsaddr
+ 1);
3833 (*retwsaddr
)[(*retnwsaddr
)++] = wsaddr
;
3839 vnc_free_addresses(retsaddr
, retnsaddr
);
3840 vnc_free_addresses(retwsaddr
, retnwsaddr
);
3845 static int vnc_display_connect(VncDisplay
*vd
,
3846 SocketAddress
**saddr
,
3848 SocketAddress
**wsaddr
,
3852 /* connect to viewer */
3853 QIOChannelSocket
*sioc
= NULL
;
3855 error_setg(errp
, "Cannot use websockets in reverse mode");
3859 error_setg(errp
, "Expected a single address in reverse mode");
3862 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3863 vd
->is_unix
= saddr
[0]->type
== SOCKET_ADDRESS_TYPE_UNIX
;
3864 sioc
= qio_channel_socket_new();
3865 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-reverse");
3866 if (qio_channel_socket_connect_sync(sioc
, saddr
[0], errp
) < 0) {
3867 object_unref(OBJECT(sioc
));
3870 vnc_connect(vd
, sioc
, false, false);
3871 object_unref(OBJECT(sioc
));
3876 static int vnc_display_listen(VncDisplay
*vd
,
3877 SocketAddress
**saddr
,
3879 SocketAddress
**wsaddr
,
3886 vd
->listener
= qio_net_listener_new();
3887 qio_net_listener_set_name(vd
->listener
, "vnc-listen");
3888 for (i
= 0; i
< nsaddr
; i
++) {
3889 if (qio_net_listener_open_sync(vd
->listener
,
3896 qio_net_listener_set_client_func(vd
->listener
,
3897 vnc_listen_io
, vd
, NULL
);
3901 vd
->wslistener
= qio_net_listener_new();
3902 qio_net_listener_set_name(vd
->wslistener
, "vnc-ws-listen");
3903 for (i
= 0; i
< nwsaddr
; i
++) {
3904 if (qio_net_listener_open_sync(vd
->wslistener
,
3911 qio_net_listener_set_client_func(vd
->wslistener
,
3912 vnc_listen_io
, vd
, NULL
);
3919 void vnc_display_open(const char *id
, Error
**errp
)
3921 VncDisplay
*vd
= vnc_display_find(id
);
3922 QemuOpts
*opts
= qemu_opts_find(&qemu_vnc_opts
, id
);
3923 SocketAddress
**saddr
= NULL
, **wsaddr
= NULL
;
3924 size_t nsaddr
, nwsaddr
;
3925 const char *share
, *device_id
;
3927 bool password
= false;
3928 bool reverse
= false;
3932 const char *tlsauthz
;
3933 const char *saslauthz
;
3934 int lock_key_sync
= 1;
3936 const char *audiodev
;
3939 error_setg(errp
, "VNC display not active");
3942 vnc_display_close(vd
);
3948 reverse
= qemu_opt_get_bool(opts
, "reverse", false);
3949 if (vnc_display_get_addresses(opts
, reverse
, &saddr
, &nsaddr
,
3950 &wsaddr
, &nwsaddr
, errp
) < 0) {
3954 password
= qemu_opt_get_bool(opts
, "password", false);
3956 if (fips_get_state()) {
3958 "VNC password auth disabled due to FIPS mode, "
3959 "consider using the VeNCrypt or SASL authentication "
3960 "methods as an alternative");
3963 if (!qcrypto_cipher_supports(
3964 QCRYPTO_CIPHER_ALG_DES_RFB
, QCRYPTO_CIPHER_MODE_ECB
)) {
3966 "Cipher backend does not support DES RFB algorithm");
3971 lock_key_sync
= qemu_opt_get_bool(opts
, "lock-key-sync", true);
3972 key_delay_ms
= qemu_opt_get_number(opts
, "key-delay-ms", 10);
3973 sasl
= qemu_opt_get_bool(opts
, "sasl", false);
3974 #ifndef CONFIG_VNC_SASL
3976 error_setg(errp
, "VNC SASL auth requires cyrus-sasl support");
3979 #endif /* CONFIG_VNC_SASL */
3980 credid
= qemu_opt_get(opts
, "tls-creds");
3983 creds
= object_resolve_path_component(
3984 object_get_objects_root(), credid
);
3986 error_setg(errp
, "No TLS credentials with id '%s'",
3990 vd
->tlscreds
= (QCryptoTLSCreds
*)
3991 object_dynamic_cast(creds
,
3992 TYPE_QCRYPTO_TLS_CREDS
);
3993 if (!vd
->tlscreds
) {
3994 error_setg(errp
, "Object with id '%s' is not TLS credentials",
3998 object_ref(OBJECT(vd
->tlscreds
));
4000 if (vd
->tlscreds
->endpoint
!= QCRYPTO_TLS_CREDS_ENDPOINT_SERVER
) {
4002 "Expecting TLS credentials with a server endpoint");
4006 if (qemu_opt_get(opts
, "acl")) {
4007 error_report("The 'acl' option to -vnc is deprecated. "
4008 "Please use the 'tls-authz' and 'sasl-authz' "
4011 acl
= qemu_opt_get_bool(opts
, "acl", false);
4012 tlsauthz
= qemu_opt_get(opts
, "tls-authz");
4013 if (acl
&& tlsauthz
) {
4014 error_setg(errp
, "'acl' option is mutually exclusive with the "
4015 "'tls-authz' option");
4018 if (tlsauthz
&& !vd
->tlscreds
) {
4019 error_setg(errp
, "'tls-authz' provided but TLS is not enabled");
4023 saslauthz
= qemu_opt_get(opts
, "sasl-authz");
4024 if (acl
&& saslauthz
) {
4025 error_setg(errp
, "'acl' option is mutually exclusive with the "
4026 "'sasl-authz' option");
4029 if (saslauthz
&& !sasl
) {
4030 error_setg(errp
, "'sasl-authz' provided but SASL auth is not enabled");
4034 share
= qemu_opt_get(opts
, "share");
4036 if (strcmp(share
, "ignore") == 0) {
4037 vd
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
4038 } else if (strcmp(share
, "allow-exclusive") == 0) {
4039 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
4040 } else if (strcmp(share
, "force-shared") == 0) {
4041 vd
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
4043 error_setg(errp
, "unknown vnc share= option");
4047 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
4049 vd
->connections_limit
= qemu_opt_get_number(opts
, "connections", 32);
4051 #ifdef CONFIG_VNC_JPEG
4052 vd
->lossy
= qemu_opt_get_bool(opts
, "lossy", false);
4054 vd
->non_adaptive
= qemu_opt_get_bool(opts
, "non-adaptive", false);
4055 /* adaptive updates are only used with tight encoding and
4056 * if lossy updates are enabled so we can disable all the
4057 * calculations otherwise */
4059 vd
->non_adaptive
= true;
4062 vd
->power_control
= qemu_opt_get_bool(opts
, "power-control", false);
4065 vd
->tlsauthzid
= g_strdup(tlsauthz
);
4067 if (strcmp(vd
->id
, "default") == 0) {
4068 vd
->tlsauthzid
= g_strdup("vnc.x509dname");
4070 vd
->tlsauthzid
= g_strdup_printf("vnc.%s.x509dname", vd
->id
);
4072 vd
->tlsauthz
= QAUTHZ(qauthz_list_new(vd
->tlsauthzid
,
4073 QAUTHZ_LIST_POLICY_DENY
,
4076 #ifdef CONFIG_VNC_SASL
4079 vd
->sasl
.authzid
= g_strdup(saslauthz
);
4081 if (strcmp(vd
->id
, "default") == 0) {
4082 vd
->sasl
.authzid
= g_strdup("vnc.username");
4084 vd
->sasl
.authzid
= g_strdup_printf("vnc.%s.username", vd
->id
);
4086 vd
->sasl
.authz
= QAUTHZ(qauthz_list_new(vd
->sasl
.authzid
,
4087 QAUTHZ_LIST_POLICY_DENY
,
4093 if (vnc_display_setup_auth(&vd
->auth
, &vd
->subauth
,
4094 vd
->tlscreds
, password
,
4095 sasl
, false, errp
) < 0) {
4098 trace_vnc_auth_init(vd
, 0, vd
->auth
, vd
->subauth
);
4100 if (vnc_display_setup_auth(&vd
->ws_auth
, &vd
->ws_subauth
,
4101 vd
->tlscreds
, password
,
4102 sasl
, true, errp
) < 0) {
4105 trace_vnc_auth_init(vd
, 1, vd
->ws_auth
, vd
->ws_subauth
);
4107 #ifdef CONFIG_VNC_SASL
4109 int saslErr
= sasl_server_init(NULL
, "qemu");
4111 if (saslErr
!= SASL_OK
) {
4112 error_setg(errp
, "Failed to initialize SASL auth: %s",
4113 sasl_errstring(saslErr
, NULL
, NULL
));
4118 vd
->lock_key_sync
= lock_key_sync
;
4119 if (lock_key_sync
) {
4120 vd
->led
= qemu_add_led_event_handler(kbd_leds
, vd
);
4124 audiodev
= qemu_opt_get(opts
, "audiodev");
4126 vd
->audio_state
= audio_state_by_name(audiodev
);
4127 if (!vd
->audio_state
) {
4128 error_setg(errp
, "Audiodev '%s' not found", audiodev
);
4133 device_id
= qemu_opt_get(opts
, "display");
4135 int head
= qemu_opt_get_number(opts
, "head", 0);
4138 con
= qemu_console_lookup_by_device_name(device_id
, head
, &err
);
4140 error_propagate(errp
, err
);
4147 if (con
!= vd
->dcl
.con
) {
4148 qkbd_state_free(vd
->kbd
);
4149 unregister_displaychangelistener(&vd
->dcl
);
4151 register_displaychangelistener(&vd
->dcl
);
4152 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
4154 qkbd_state_set_delay(vd
->kbd
, key_delay_ms
);
4156 if (saddr
== NULL
) {
4161 if (vnc_display_connect(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4165 if (vnc_display_listen(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4170 if (qemu_opt_get(opts
, "to")) {
4171 vnc_display_print_local_addr(vd
);
4175 vnc_free_addresses(&saddr
, &nsaddr
);
4176 vnc_free_addresses(&wsaddr
, &nwsaddr
);
4180 vnc_display_close(vd
);
4184 void vnc_display_add_client(const char *id
, int csock
, bool skipauth
)
4186 VncDisplay
*vd
= vnc_display_find(id
);
4187 QIOChannelSocket
*sioc
;
4193 sioc
= qio_channel_socket_new_fd(csock
, NULL
);
4195 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-server");
4196 vnc_connect(vd
, sioc
, skipauth
, false);
4197 object_unref(OBJECT(sioc
));
4201 static void vnc_auto_assign_id(QemuOptsList
*olist
, QemuOpts
*opts
)
4206 id
= g_strdup("default");
4207 while (qemu_opts_find(olist
, id
)) {
4209 id
= g_strdup_printf("vnc%d", i
++);
4211 qemu_opts_set_id(opts
, id
);
4214 QemuOpts
*vnc_parse(const char *str
, Error
**errp
)
4216 QemuOptsList
*olist
= qemu_find_opts("vnc");
4217 QemuOpts
*opts
= qemu_opts_parse(olist
, str
, true, errp
);
4224 id
= qemu_opts_id(opts
);
4226 /* auto-assign id if not present */
4227 vnc_auto_assign_id(olist
, opts
);
4232 int vnc_init_func(void *opaque
, QemuOpts
*opts
, Error
**errp
)
4234 Error
*local_err
= NULL
;
4235 char *id
= (char *)qemu_opts_id(opts
);
4238 vnc_display_init(id
, &local_err
);
4240 error_propagate(errp
, local_err
);
4243 vnc_display_open(id
, &local_err
);
4244 if (local_err
!= NULL
) {
4245 error_propagate(errp
, local_err
);
4251 static void vnc_register_config(void)
4253 qemu_add_opts(&qemu_vnc_opts
);
4255 opts_init(vnc_register_config
);