2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
38 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
39 #define VNC_REFRESH_INTERVAL_INC 50
40 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
41 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
42 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
44 #include "vnc_keysym.h"
47 static VncDisplay
*vnc_display
; /* needed for info vnc */
49 static int vnc_cursor_define(VncState
*vs
);
50 static void vnc_release_modifiers(VncState
*vs
);
52 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
55 static const char *mn
[] = {
57 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
58 [VNC_SHARE_MODE_SHARED
] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
62 fprintf(stderr
, "%s/%d: %s -> %s\n", __func__
,
63 vs
->csock
, mn
[vs
->share_mode
], mn
[mode
]);
66 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
67 vs
->vd
->num_exclusive
--;
69 vs
->share_mode
= mode
;
70 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
71 vs
->vd
->num_exclusive
++;
75 static char *addr_to_string(const char *format
,
76 struct sockaddr_storage
*sa
,
79 char host
[NI_MAXHOST
];
80 char serv
[NI_MAXSERV
];
84 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
87 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err
, gai_strerror(err
));
93 /* Enough for the existing format + the 2 vars we're
95 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
96 addr
= g_malloc(addrlen
+ 1);
97 snprintf(addr
, addrlen
, format
, host
, serv
);
104 char *vnc_socket_local_addr(const char *format
, int fd
) {
105 struct sockaddr_storage sa
;
109 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
112 return addr_to_string(format
, &sa
, salen
);
115 char *vnc_socket_remote_addr(const char *format
, int fd
) {
116 struct sockaddr_storage sa
;
120 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
123 return addr_to_string(format
, &sa
, salen
);
126 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
129 char host
[NI_MAXHOST
];
130 char serv
[NI_MAXSERV
];
133 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
136 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err
, gai_strerror(err
));
142 qdict_put(qdict
, "host", qstring_from_str(host
));
143 qdict_put(qdict
, "service", qstring_from_str(serv
));
144 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
149 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
151 struct sockaddr_storage sa
;
155 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
159 return put_addr_qdict(qdict
, &sa
, salen
);
162 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
164 struct sockaddr_storage sa
;
168 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
172 return put_addr_qdict(qdict
, &sa
, salen
);
175 static const char *vnc_auth_name(VncDisplay
*vd
) {
177 case VNC_AUTH_INVALID
:
193 case VNC_AUTH_VENCRYPT
:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd
->subauth
) {
196 case VNC_AUTH_VENCRYPT_PLAIN
:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE
:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC
:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE
:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC
:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN
:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL
:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL
:
213 return "vencrypt+x509+sasl";
226 static int vnc_server_info_put(QDict
*qdict
)
228 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
232 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
236 static void vnc_client_cache_auth(VncState
*client
)
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict
= qobject_to_qdict(client
->info
);
250 #ifdef CONFIG_VNC_TLS
251 if (client
->tls
.session
&&
253 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
256 #ifdef CONFIG_VNC_SASL
257 if (client
->sasl
.conn
&&
258 client
->sasl
.username
) {
259 qdict_put(qdict
, "sasl_username",
260 qstring_from_str(client
->sasl
.username
));
265 static void vnc_client_cache_addr(VncState
*client
)
270 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
272 /* XXX: how to report the error? */
276 client
->info
= QOBJECT(qdict
);
279 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
288 server
= qdict_new();
289 if (vnc_server_info_put(server
) < 0) {
294 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs
->info
, QOBJECT(server
));
297 monitor_protocol_event(event
, data
);
299 qobject_incref(vs
->info
);
300 qobject_decref(data
);
303 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
305 struct sockaddr_storage sa
;
306 socklen_t salen
= sizeof(sa
);
307 char host
[NI_MAXHOST
];
308 char serv
[NI_MAXSERV
];
311 if (getpeername(client
->csock
, (struct sockaddr
*)&sa
, &salen
) < 0) {
315 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
318 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
322 info
= g_malloc0(sizeof(*info
));
323 info
->host
= g_strdup(host
);
324 info
->service
= g_strdup(serv
);
325 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
327 #ifdef CONFIG_VNC_TLS
328 if (client
->tls
.session
&& client
->tls
.dname
) {
329 info
->has_x509_dname
= true;
330 info
->x509_dname
= g_strdup(client
->tls
.dname
);
333 #ifdef CONFIG_VNC_SASL
334 if (client
->sasl
.conn
&& client
->sasl
.username
) {
335 info
->has_sasl_username
= true;
336 info
->sasl_username
= g_strdup(client
->sasl
.username
);
343 VncInfo
*qmp_query_vnc(Error
**errp
)
345 VncInfo
*info
= g_malloc0(sizeof(*info
));
347 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
348 info
->enabled
= false;
350 VncClientInfoList
*cur_item
= NULL
;
351 struct sockaddr_storage sa
;
352 socklen_t salen
= sizeof(sa
);
353 char host
[NI_MAXHOST
];
354 char serv
[NI_MAXSERV
];
357 info
->enabled
= true;
359 /* for compatibility with the original command */
360 info
->has_clients
= true;
362 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
363 VncClientInfoList
*cinfo
= g_malloc0(sizeof(*info
));
364 cinfo
->value
= qmp_query_vnc_client(client
);
366 /* XXX: waiting for the qapi to support GSList */
368 info
->clients
= cur_item
= cinfo
;
370 cur_item
->next
= cinfo
;
375 if (vnc_display
->lsock
== -1) {
379 if (getsockname(vnc_display
->lsock
, (struct sockaddr
*)&sa
,
381 error_set(errp
, QERR_UNDEFINED_ERROR
);
385 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
388 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
389 error_set(errp
, QERR_UNDEFINED_ERROR
);
393 info
->has_host
= true;
394 info
->host
= g_strdup(host
);
396 info
->has_service
= true;
397 info
->service
= g_strdup(serv
);
399 info
->has_family
= true;
400 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
402 info
->has_auth
= true;
403 info
->auth
= g_strdup(vnc_auth_name(vnc_display
));
409 qapi_free_VncInfo(info
);
414 1) Get the queue working for IO.
415 2) there is some weirdness when using the -S option (the screen is grey
416 and not totally invalidated
417 3) resolutions > 1024
420 static int vnc_update_client(VncState
*vs
, int has_dirty
);
421 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
);
422 static void vnc_disconnect_start(VncState
*vs
);
424 static void vnc_colordepth(VncState
*vs
);
425 static void framebuffer_update_request(VncState
*vs
, int incremental
,
426 int x_position
, int y_position
,
428 static void vnc_refresh(DisplayChangeListener
*dcl
);
429 static int vnc_refresh_server_surface(VncDisplay
*vd
);
431 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
432 int x
, int y
, int w
, int h
)
435 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
436 struct VncSurface
*s
= &vd
->guest
;
437 int width
= surface_width(vd
->ds
);
438 int height
= surface_height(vd
->ds
);
442 /* round x down to ensure the loop only spans one 16-pixel block per,
443 iteration. otherwise, if (x % 16) != 0, the last iteration may span
444 two 16-pixel blocks but we only mark the first as dirty
451 w
= MIN(x
+ w
, width
) - x
;
455 for (i
= 0; i
< w
; i
+= 16)
456 set_bit((x
+ i
) / 16, s
->dirty
[y
]);
459 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
462 vnc_write_u16(vs
, x
);
463 vnc_write_u16(vs
, y
);
464 vnc_write_u16(vs
, w
);
465 vnc_write_u16(vs
, h
);
467 vnc_write_s32(vs
, encoding
);
470 void buffer_reserve(Buffer
*buffer
, size_t len
)
472 if ((buffer
->capacity
- buffer
->offset
) < len
) {
473 buffer
->capacity
+= (len
+ 1024);
474 buffer
->buffer
= g_realloc(buffer
->buffer
, buffer
->capacity
);
475 if (buffer
->buffer
== NULL
) {
476 fprintf(stderr
, "vnc: out of memory\n");
482 static int buffer_empty(Buffer
*buffer
)
484 return buffer
->offset
== 0;
487 uint8_t *buffer_end(Buffer
*buffer
)
489 return buffer
->buffer
+ buffer
->offset
;
492 void buffer_reset(Buffer
*buffer
)
497 void buffer_free(Buffer
*buffer
)
499 g_free(buffer
->buffer
);
501 buffer
->capacity
= 0;
502 buffer
->buffer
= NULL
;
505 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
507 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
508 buffer
->offset
+= len
;
511 void buffer_advance(Buffer
*buf
, size_t len
)
513 memmove(buf
->buffer
, buf
->buffer
+ len
,
514 (buf
->offset
- len
));
518 static void vnc_desktop_resize(VncState
*vs
)
520 DisplaySurface
*ds
= vs
->vd
->ds
;
522 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
525 if (vs
->client_width
== surface_width(ds
) &&
526 vs
->client_height
== surface_height(ds
)) {
529 vs
->client_width
= surface_width(ds
);
530 vs
->client_height
= surface_height(ds
);
532 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
534 vnc_write_u16(vs
, 1); /* number of rects */
535 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
536 VNC_ENCODING_DESKTOPRESIZE
);
537 vnc_unlock_output(vs
);
541 static void vnc_abort_display_jobs(VncDisplay
*vd
)
545 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
548 vnc_unlock_output(vs
);
550 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
553 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
556 vnc_unlock_output(vs
);
560 int vnc_server_fb_stride(VncDisplay
*vd
)
562 return pixman_image_get_stride(vd
->server
);
565 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
569 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
570 ptr
+= y
* vnc_server_fb_stride(vd
);
571 ptr
+= x
* VNC_SERVER_FB_BYTES
;
575 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
576 DisplaySurface
*surface
)
578 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
581 vnc_abort_display_jobs(vd
);
584 qemu_pixman_image_unref(vd
->server
);
586 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
587 surface_width(vd
->ds
),
588 surface_height(vd
->ds
),
593 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
594 console_color_init(ds
);
596 qemu_pixman_image_unref(vd
->guest
.fb
);
597 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
598 vd
->guest
.format
= surface
->format
;
599 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
601 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
603 vnc_desktop_resize(vs
);
604 if (vs
->vd
->cursor
) {
605 vnc_cursor_define(vs
);
607 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
612 static void vnc_write_pixels_copy(VncState
*vs
,
613 void *pixels
, int size
)
615 vnc_write(vs
, pixels
, size
);
618 /* slowest but generic code. */
619 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
623 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
624 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
625 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
626 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
628 # error need some bits here if you change VNC_SERVER_FB_FORMAT
630 v
= (r
<< vs
->client_pf
.rshift
) |
631 (g
<< vs
->client_pf
.gshift
) |
632 (b
<< vs
->client_pf
.bshift
);
633 switch (vs
->client_pf
.bytes_per_pixel
) {
663 static void vnc_write_pixels_generic(VncState
*vs
,
664 void *pixels1
, int size
)
668 if (VNC_SERVER_FB_BYTES
== 4) {
669 uint32_t *pixels
= pixels1
;
672 for (i
= 0; i
< n
; i
++) {
673 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
674 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
679 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
683 VncDisplay
*vd
= vs
->vd
;
685 row
= vnc_server_fb_ptr(vd
, x
, y
);
686 for (i
= 0; i
< h
; i
++) {
687 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
688 row
+= vnc_server_fb_stride(vd
);
693 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
697 switch(vs
->vnc_encoding
) {
698 case VNC_ENCODING_ZLIB
:
699 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
701 case VNC_ENCODING_HEXTILE
:
702 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
703 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
705 case VNC_ENCODING_TIGHT
:
706 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
708 case VNC_ENCODING_TIGHT_PNG
:
709 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
711 case VNC_ENCODING_ZRLE
:
712 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
714 case VNC_ENCODING_ZYWRLE
:
715 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
718 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
719 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
725 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
727 /* send bitblit op to the vnc client */
729 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
731 vnc_write_u16(vs
, 1); /* number of rects */
732 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
733 vnc_write_u16(vs
, src_x
);
734 vnc_write_u16(vs
, src_y
);
735 vnc_unlock_output(vs
);
739 static void vnc_dpy_copy(DisplayChangeListener
*dcl
,
740 int src_x
, int src_y
,
741 int dst_x
, int dst_y
, int w
, int h
)
743 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
747 int i
, x
, y
, pitch
, inc
, w_lim
, s
;
750 vnc_refresh_server_surface(vd
);
751 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
752 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
753 vs
->force_update
= 1;
754 vnc_update_client_sync(vs
, 1);
755 /* vs might be free()ed here */
759 /* do bitblit op on the local surface too */
760 pitch
= vnc_server_fb_stride(vd
);
761 src_row
= vnc_server_fb_ptr(vd
, src_x
, src_y
);
762 dst_row
= vnc_server_fb_ptr(vd
, dst_x
, dst_y
);
767 src_row
+= pitch
* (h
-1);
768 dst_row
+= pitch
* (h
-1);
773 w_lim
= w
- (16 - (dst_x
% 16));
777 w_lim
= w
- (w_lim
% 16);
778 for (i
= 0; i
< h
; i
++) {
779 for (x
= 0; x
<= w_lim
;
780 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
782 if ((s
= w
- w_lim
) == 0)
785 s
= (16 - (dst_x
% 16));
790 cmp_bytes
= s
* VNC_SERVER_FB_BYTES
;
791 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
793 memmove(dst_row
, src_row
, cmp_bytes
);
794 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
795 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
796 set_bit(((x
+ dst_x
) / 16), vs
->dirty
[y
]);
800 src_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
801 dst_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
805 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
806 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
807 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
812 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
813 int x
, int y
, int visible
)
815 /* can we ask the client(s) to move the pointer ??? */
818 static int vnc_cursor_define(VncState
*vs
)
820 QEMUCursor
*c
= vs
->vd
->cursor
;
823 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
825 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
826 vnc_write_u8(vs
, 0); /* padding */
827 vnc_write_u16(vs
, 1); /* # of rects */
828 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
829 VNC_ENCODING_RICH_CURSOR
);
830 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
831 vnc_write_pixels_generic(vs
, c
->data
, isize
);
832 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
833 vnc_unlock_output(vs
);
839 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
842 VncDisplay
*vd
= vnc_display
;
845 cursor_put(vd
->cursor
);
846 g_free(vd
->cursor_mask
);
849 cursor_get(vd
->cursor
);
850 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
851 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
852 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
854 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
855 vnc_cursor_define(vs
);
859 static int find_and_clear_dirty_height(struct VncState
*vs
,
860 int y
, int last_x
, int x
, int height
)
864 for (h
= 1; h
< (height
- y
); h
++) {
866 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
869 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++) {
870 clear_bit(tmp_x
, vs
->dirty
[y
+ h
]);
877 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
879 int ret
= vnc_update_client(vs
, has_dirty
);
884 static int vnc_update_client(VncState
*vs
, int has_dirty
)
886 if (vs
->need_update
&& vs
->csock
!= -1) {
887 VncDisplay
*vd
= vs
->vd
;
894 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
895 /* kernel send buffers are full -> drop frames to throttle */
898 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
902 * Send screen updates to the vnc client using the server
903 * surface and server dirty map. guest surface updates
904 * happening in parallel don't disturb us, the next pass will
905 * send them to the client.
907 job
= vnc_job_new(vs
);
909 width
= MIN(pixman_image_get_width(vd
->server
), vs
->client_width
);
910 height
= MIN(pixman_image_get_height(vd
->server
), vs
->client_height
);
912 for (y
= 0; y
< height
; y
++) {
915 for (x
= 0; x
< width
/ 16; x
++) {
916 if (test_and_clear_bit(x
, vs
->dirty
[y
])) {
922 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
,
925 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
926 (x
- last_x
) * 16, h
);
932 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
, height
);
933 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
934 (x
- last_x
) * 16, h
);
939 vs
->force_update
= 0;
944 vnc_disconnect_finish(vs
);
950 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
952 VncState
*vs
= opaque
;
955 case AUD_CNOTIFY_DISABLE
:
957 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
958 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
959 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
960 vnc_unlock_output(vs
);
964 case AUD_CNOTIFY_ENABLE
:
966 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
967 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
968 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
969 vnc_unlock_output(vs
);
975 static void audio_capture_destroy(void *opaque
)
979 static void audio_capture(void *opaque
, void *buf
, int size
)
981 VncState
*vs
= opaque
;
984 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
985 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
986 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
987 vnc_write_u32(vs
, size
);
988 vnc_write(vs
, buf
, size
);
989 vnc_unlock_output(vs
);
993 static void audio_add(VncState
*vs
)
995 struct audio_capture_ops ops
;
998 monitor_printf(default_mon
, "audio already running\n");
1002 ops
.notify
= audio_capture_notify
;
1003 ops
.destroy
= audio_capture_destroy
;
1004 ops
.capture
= audio_capture
;
1006 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1007 if (!vs
->audio_cap
) {
1008 monitor_printf(default_mon
, "Failed to add audio capture\n");
1012 static void audio_del(VncState
*vs
)
1014 if (vs
->audio_cap
) {
1015 AUD_del_capture(vs
->audio_cap
, vs
);
1016 vs
->audio_cap
= NULL
;
1020 static void vnc_disconnect_start(VncState
*vs
)
1022 if (vs
->csock
== -1)
1024 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1025 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1026 closesocket(vs
->csock
);
1030 void vnc_disconnect_finish(VncState
*vs
)
1034 vnc_jobs_join(vs
); /* Wait encoding jobs */
1036 vnc_lock_output(vs
);
1037 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1039 buffer_free(&vs
->input
);
1040 buffer_free(&vs
->output
);
1041 #ifdef CONFIG_VNC_WS
1042 buffer_free(&vs
->ws_input
);
1043 buffer_free(&vs
->ws_output
);
1044 #endif /* CONFIG_VNC_WS */
1046 qobject_decref(vs
->info
);
1049 vnc_tight_clear(vs
);
1052 #ifdef CONFIG_VNC_TLS
1053 vnc_tls_client_cleanup(vs
);
1054 #endif /* CONFIG_VNC_TLS */
1055 #ifdef CONFIG_VNC_SASL
1056 vnc_sasl_client_cleanup(vs
);
1057 #endif /* CONFIG_VNC_SASL */
1059 vnc_release_modifiers(vs
);
1061 if (vs
->initialized
) {
1062 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1063 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1066 if (vs
->vd
->lock_key_sync
)
1067 qemu_remove_led_event_handler(vs
->led
);
1068 vnc_unlock_output(vs
);
1070 qemu_mutex_destroy(&vs
->output_mutex
);
1071 if (vs
->bh
!= NULL
) {
1072 qemu_bh_delete(vs
->bh
);
1074 buffer_free(&vs
->jobs_buffer
);
1076 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1077 g_free(vs
->lossy_rect
[i
]);
1079 g_free(vs
->lossy_rect
);
1083 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1085 if (ret
== 0 || ret
== -1) {
1087 switch (last_errno
) {
1091 case WSAEWOULDBLOCK
:
1099 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1100 ret
, ret
< 0 ? last_errno
: 0);
1101 vnc_disconnect_start(vs
);
1109 void vnc_client_error(VncState
*vs
)
1111 VNC_DEBUG("Closing down client sock: protocol error\n");
1112 vnc_disconnect_start(vs
);
1115 #ifdef CONFIG_VNC_TLS
1116 static long vnc_client_write_tls(gnutls_session_t
*session
,
1117 const uint8_t *data
,
1120 long ret
= gnutls_write(*session
, data
, datalen
);
1122 if (ret
== GNUTLS_E_AGAIN
) {
1131 #endif /* CONFIG_VNC_TLS */
1134 * Called to write a chunk of data to the client socket. The data may
1135 * be the raw data, or may have already been encoded by SASL.
1136 * The data will be written either straight onto the socket, or
1137 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1139 * NB, it is theoretically possible to have 2 layers of encryption,
1140 * both SASL, and this TLS layer. It is highly unlikely in practice
1141 * though, since SASL encryption will typically be a no-op if TLS
1144 * Returns the number of bytes written, which may be less than
1145 * the requested 'datalen' if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1148 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1151 #ifdef CONFIG_VNC_TLS
1152 if (vs
->tls
.session
) {
1153 ret
= vnc_client_write_tls(&vs
->tls
.session
, data
, datalen
);
1155 #ifdef CONFIG_VNC_WS
1156 if (vs
->ws_tls
.session
) {
1157 ret
= vnc_client_write_tls(&vs
->ws_tls
.session
, data
, datalen
);
1159 #endif /* CONFIG_VNC_WS */
1160 #endif /* CONFIG_VNC_TLS */
1162 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1164 #ifdef CONFIG_VNC_TLS
1166 #endif /* CONFIG_VNC_TLS */
1167 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1168 return vnc_client_io_error(vs
, ret
, socket_error());
1173 * Called to write buffered data to the client socket, when not
1174 * using any SASL SSF encryption layers. Will write as much data
1175 * as possible without blocking. If all buffered data is written,
1176 * will switch the FD poll() handler back to read monitoring.
1178 * Returns the number of bytes written, which may be less than
1179 * the buffered output data if the socket would block. Returns
1180 * -1 on error, and disconnects the client socket.
1182 static long vnc_client_write_plain(VncState
*vs
)
1186 #ifdef CONFIG_VNC_SASL
1187 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1188 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1189 vs
->sasl
.waitWriteSSF
);
1191 if (vs
->sasl
.conn
&&
1193 vs
->sasl
.waitWriteSSF
) {
1194 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1196 vs
->sasl
.waitWriteSSF
-= ret
;
1198 #endif /* CONFIG_VNC_SASL */
1199 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1203 buffer_advance(&vs
->output
, ret
);
1205 if (vs
->output
.offset
== 0) {
1206 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1214 * First function called whenever there is data to be written to
1215 * the client socket. Will delegate actual work according to whether
1216 * SASL SSF layers are enabled (thus requiring encryption calls)
1218 static void vnc_client_write_locked(void *opaque
)
1220 VncState
*vs
= opaque
;
1222 #ifdef CONFIG_VNC_SASL
1223 if (vs
->sasl
.conn
&&
1225 !vs
->sasl
.waitWriteSSF
) {
1226 vnc_client_write_sasl(vs
);
1228 #endif /* CONFIG_VNC_SASL */
1230 #ifdef CONFIG_VNC_WS
1231 if (vs
->encode_ws
) {
1232 vnc_client_write_ws(vs
);
1234 #endif /* CONFIG_VNC_WS */
1236 vnc_client_write_plain(vs
);
1241 void vnc_client_write(void *opaque
)
1243 VncState
*vs
= opaque
;
1245 vnc_lock_output(vs
);
1246 if (vs
->output
.offset
1247 #ifdef CONFIG_VNC_WS
1248 || vs
->ws_output
.offset
1251 vnc_client_write_locked(opaque
);
1252 } else if (vs
->csock
!= -1) {
1253 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1255 vnc_unlock_output(vs
);
1258 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1260 vs
->read_handler
= func
;
1261 vs
->read_handler_expect
= expecting
;
1264 #ifdef CONFIG_VNC_TLS
1265 static long vnc_client_read_tls(gnutls_session_t
*session
, uint8_t *data
,
1268 long ret
= gnutls_read(*session
, data
, datalen
);
1270 if (ret
== GNUTLS_E_AGAIN
) {
1279 #endif /* CONFIG_VNC_TLS */
1282 * Called to read a chunk of data from the client socket. The data may
1283 * be the raw data, or may need to be further decoded by SASL.
1284 * The data will be read either straight from to the socket, or
1285 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1287 * NB, it is theoretically possible to have 2 layers of encryption,
1288 * both SASL, and this TLS layer. It is highly unlikely in practice
1289 * though, since SASL encryption will typically be a no-op if TLS
1292 * Returns the number of bytes read, which may be less than
1293 * the requested 'datalen' if the socket would block. Returns
1294 * -1 on error, and disconnects the client socket.
1296 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1299 #ifdef CONFIG_VNC_TLS
1300 if (vs
->tls
.session
) {
1301 ret
= vnc_client_read_tls(&vs
->tls
.session
, data
, datalen
);
1303 #ifdef CONFIG_VNC_WS
1304 if (vs
->ws_tls
.session
) {
1305 ret
= vnc_client_read_tls(&vs
->ws_tls
.session
, data
, datalen
);
1307 #endif /* CONFIG_VNC_WS */
1308 #endif /* CONFIG_VNC_TLS */
1310 ret
= qemu_recv(vs
->csock
, data
, datalen
, 0);
1312 #ifdef CONFIG_VNC_TLS
1314 #endif /* CONFIG_VNC_TLS */
1315 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1316 return vnc_client_io_error(vs
, ret
, socket_error());
1321 * Called to read data from the client socket to the input buffer,
1322 * when not using any SASL SSF encryption layers. Will read as much
1323 * data as possible without blocking.
1325 * Returns the number of bytes read. Returns -1 on error, and
1326 * disconnects the client socket.
1328 static long vnc_client_read_plain(VncState
*vs
)
1331 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1332 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1333 buffer_reserve(&vs
->input
, 4096);
1334 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1337 vs
->input
.offset
+= ret
;
1341 static void vnc_jobs_bh(void *opaque
)
1343 VncState
*vs
= opaque
;
1345 vnc_jobs_consume_buffer(vs
);
1349 * First function called whenever there is more data to be read from
1350 * the client socket. Will delegate actual work according to whether
1351 * SASL SSF layers are enabled (thus requiring decryption calls)
1353 void vnc_client_read(void *opaque
)
1355 VncState
*vs
= opaque
;
1358 #ifdef CONFIG_VNC_SASL
1359 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1360 ret
= vnc_client_read_sasl(vs
);
1362 #endif /* CONFIG_VNC_SASL */
1363 #ifdef CONFIG_VNC_WS
1364 if (vs
->encode_ws
) {
1365 ret
= vnc_client_read_ws(vs
);
1367 vnc_disconnect_start(vs
);
1369 } else if (ret
== -2) {
1370 vnc_client_error(vs
);
1374 #endif /* CONFIG_VNC_WS */
1376 ret
= vnc_client_read_plain(vs
);
1379 if (vs
->csock
== -1)
1380 vnc_disconnect_finish(vs
);
1384 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1385 size_t len
= vs
->read_handler_expect
;
1388 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1389 if (vs
->csock
== -1) {
1390 vnc_disconnect_finish(vs
);
1395 buffer_advance(&vs
->input
, len
);
1397 vs
->read_handler_expect
= ret
;
1402 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1404 buffer_reserve(&vs
->output
, len
);
1406 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1407 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1410 buffer_append(&vs
->output
, data
, len
);
1413 void vnc_write_s32(VncState
*vs
, int32_t value
)
1415 vnc_write_u32(vs
, *(uint32_t *)&value
);
1418 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1422 buf
[0] = (value
>> 24) & 0xFF;
1423 buf
[1] = (value
>> 16) & 0xFF;
1424 buf
[2] = (value
>> 8) & 0xFF;
1425 buf
[3] = value
& 0xFF;
1427 vnc_write(vs
, buf
, 4);
1430 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1434 buf
[0] = (value
>> 8) & 0xFF;
1435 buf
[1] = value
& 0xFF;
1437 vnc_write(vs
, buf
, 2);
1440 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1442 vnc_write(vs
, (char *)&value
, 1);
1445 void vnc_flush(VncState
*vs
)
1447 vnc_lock_output(vs
);
1448 if (vs
->csock
!= -1 && (vs
->output
.offset
1449 #ifdef CONFIG_VNC_WS
1450 || vs
->ws_output
.offset
1453 vnc_client_write_locked(vs
);
1455 vnc_unlock_output(vs
);
1458 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1460 return data
[offset
];
1463 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1465 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1468 static int32_t read_s32(uint8_t *data
, size_t offset
)
1470 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1471 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1474 uint32_t read_u32(uint8_t *data
, size_t offset
)
1476 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1477 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1480 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1484 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1486 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1487 int absolute
= kbd_mouse_is_absolute();
1489 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1490 vnc_lock_output(vs
);
1491 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1492 vnc_write_u8(vs
, 0);
1493 vnc_write_u16(vs
, 1);
1494 vnc_framebuffer_update(vs
, absolute
, 0,
1495 surface_width(vs
->vd
->ds
),
1496 surface_height(vs
->vd
->ds
),
1497 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1498 vnc_unlock_output(vs
);
1501 vs
->absolute
= absolute
;
1504 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1508 int width
= surface_width(vs
->vd
->ds
);
1509 int height
= surface_height(vs
->vd
->ds
);
1511 if (button_mask
& 0x01)
1512 buttons
|= MOUSE_EVENT_LBUTTON
;
1513 if (button_mask
& 0x02)
1514 buttons
|= MOUSE_EVENT_MBUTTON
;
1515 if (button_mask
& 0x04)
1516 buttons
|= MOUSE_EVENT_RBUTTON
;
1517 if (button_mask
& 0x08)
1519 if (button_mask
& 0x10)
1523 kbd_mouse_event(width
> 1 ? x
* 0x7FFF / (width
- 1) : 0x4000,
1524 height
> 1 ? y
* 0x7FFF / (height
- 1) : 0x4000,
1526 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1530 kbd_mouse_event(x
, y
, dz
, buttons
);
1532 if (vs
->last_x
!= -1)
1533 kbd_mouse_event(x
- vs
->last_x
,
1541 static void reset_keys(VncState
*vs
)
1544 for(i
= 0; i
< 256; i
++) {
1545 if (vs
->modifiers_state
[i
]) {
1546 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, i
, false);
1547 vs
->modifiers_state
[i
] = 0;
1552 static void press_key(VncState
*vs
, int keysym
)
1554 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1555 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, true);
1556 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1559 static int current_led_state(VncState
*vs
)
1563 if (vs
->modifiers_state
[0x46]) {
1564 ledstate
|= QEMU_SCROLL_LOCK_LED
;
1566 if (vs
->modifiers_state
[0x45]) {
1567 ledstate
|= QEMU_NUM_LOCK_LED
;
1569 if (vs
->modifiers_state
[0x3a]) {
1570 ledstate
|= QEMU_CAPS_LOCK_LED
;
1576 static void vnc_led_state_change(VncState
*vs
)
1580 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1584 ledstate
= current_led_state(vs
);
1585 vnc_lock_output(vs
);
1586 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1587 vnc_write_u8(vs
, 0);
1588 vnc_write_u16(vs
, 1);
1589 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1590 vnc_write_u8(vs
, ledstate
);
1591 vnc_unlock_output(vs
);
1595 static void kbd_leds(void *opaque
, int ledstate
)
1597 VncState
*vs
= opaque
;
1599 bool has_changed
= (ledstate
!= current_led_state(vs
));
1601 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1602 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1603 scr
= ledstate
& QEMU_SCROLL_LOCK_LED
? 1 : 0;
1605 if (vs
->modifiers_state
[0x3a] != caps
) {
1606 vs
->modifiers_state
[0x3a] = caps
;
1608 if (vs
->modifiers_state
[0x45] != num
) {
1609 vs
->modifiers_state
[0x45] = num
;
1611 if (vs
->modifiers_state
[0x46] != scr
) {
1612 vs
->modifiers_state
[0x46] = scr
;
1615 /* Sending the current led state message to the client */
1617 vnc_led_state_change(vs
);
1621 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1623 /* QEMU console switch */
1625 case 0x2a: /* Left Shift */
1626 case 0x36: /* Right Shift */
1627 case 0x1d: /* Left CTRL */
1628 case 0x9d: /* Right CTRL */
1629 case 0x38: /* Left ALT */
1630 case 0xb8: /* Right ALT */
1632 vs
->modifiers_state
[keycode
] = 1;
1634 vs
->modifiers_state
[keycode
] = 0;
1636 case 0x02 ... 0x0a: /* '1' to '9' keys */
1637 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1638 /* Reset the modifiers sent to the current console */
1640 console_select(keycode
- 0x02);
1644 case 0x3a: /* CapsLock */
1645 case 0x45: /* NumLock */
1647 vs
->modifiers_state
[keycode
] ^= 1;
1651 /* Turn off the lock state sync logic if the client support the led
1654 if (down
&& vs
->vd
->lock_key_sync
&&
1655 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1656 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1657 /* If the numlock state needs to change then simulate an additional
1658 keypress before sending this one. This will happen if the user
1659 toggles numlock away from the VNC window.
1661 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1662 if (!vs
->modifiers_state
[0x45]) {
1663 vs
->modifiers_state
[0x45] = 1;
1664 press_key(vs
, 0xff7f);
1667 if (vs
->modifiers_state
[0x45]) {
1668 vs
->modifiers_state
[0x45] = 0;
1669 press_key(vs
, 0xff7f);
1674 if (down
&& vs
->vd
->lock_key_sync
&&
1675 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1676 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1677 /* If the capslock state needs to change then simulate an additional
1678 keypress before sending this one. This will happen if the user
1679 toggles capslock away from the VNC window.
1681 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1682 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1683 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1685 if (uppercase
== shift
) {
1686 vs
->modifiers_state
[0x3a] = 0;
1687 press_key(vs
, 0xffe5);
1690 if (uppercase
!= shift
) {
1691 vs
->modifiers_state
[0x3a] = 1;
1692 press_key(vs
, 0xffe5);
1697 if (qemu_console_is_graphic(NULL
)) {
1698 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, down
);
1700 bool numlock
= vs
->modifiers_state
[0x45];
1701 bool control
= (vs
->modifiers_state
[0x1d] ||
1702 vs
->modifiers_state
[0x9d]);
1703 /* QEMU console emulation */
1706 case 0x2a: /* Left Shift */
1707 case 0x36: /* Right Shift */
1708 case 0x1d: /* Left CTRL */
1709 case 0x9d: /* Right CTRL */
1710 case 0x38: /* Left ALT */
1711 case 0xb8: /* Right ALT */
1714 kbd_put_keysym(QEMU_KEY_UP
);
1717 kbd_put_keysym(QEMU_KEY_DOWN
);
1720 kbd_put_keysym(QEMU_KEY_LEFT
);
1723 kbd_put_keysym(QEMU_KEY_RIGHT
);
1726 kbd_put_keysym(QEMU_KEY_DELETE
);
1729 kbd_put_keysym(QEMU_KEY_HOME
);
1732 kbd_put_keysym(QEMU_KEY_END
);
1735 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1738 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1742 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1745 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1748 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1751 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1754 kbd_put_keysym('5');
1757 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1760 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1763 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1766 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1769 kbd_put_keysym('0');
1772 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1776 kbd_put_keysym('/');
1779 kbd_put_keysym('*');
1782 kbd_put_keysym('-');
1785 kbd_put_keysym('+');
1788 kbd_put_keysym('\n');
1793 kbd_put_keysym(sym
& 0x1f);
1795 kbd_put_keysym(sym
);
1803 static void vnc_release_modifiers(VncState
*vs
)
1805 static const int keycodes
[] = {
1806 /* shift, control, alt keys, both left & right */
1807 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1811 if (!qemu_console_is_graphic(NULL
)) {
1814 for (i
= 0; i
< ARRAY_SIZE(keycodes
); i
++) {
1815 keycode
= keycodes
[i
];
1816 if (!vs
->modifiers_state
[keycode
]) {
1819 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1823 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1828 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1829 lsym
= lsym
- 'A' + 'a';
1832 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1833 do_key_event(vs
, down
, keycode
, sym
);
1836 static void ext_key_event(VncState
*vs
, int down
,
1837 uint32_t sym
, uint16_t keycode
)
1839 /* if the user specifies a keyboard layout, always use it */
1840 if (keyboard_layout
)
1841 key_event(vs
, down
, sym
);
1843 do_key_event(vs
, down
, keycode
, sym
);
1846 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1847 int x_position
, int y_position
,
1851 const size_t width
= surface_width(vs
->vd
->ds
) / 16;
1852 const size_t height
= surface_height(vs
->vd
->ds
);
1854 if (y_position
> height
) {
1855 y_position
= height
;
1857 if (y_position
+ h
>= height
) {
1858 h
= height
- y_position
;
1861 vs
->need_update
= 1;
1863 vs
->force_update
= 1;
1864 for (i
= 0; i
< h
; i
++) {
1865 bitmap_set(vs
->dirty
[y_position
+ i
], 0, width
);
1866 bitmap_clear(vs
->dirty
[y_position
+ i
], width
,
1867 VNC_DIRTY_BITS
- width
);
1872 static void send_ext_key_event_ack(VncState
*vs
)
1874 vnc_lock_output(vs
);
1875 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1876 vnc_write_u8(vs
, 0);
1877 vnc_write_u16(vs
, 1);
1878 vnc_framebuffer_update(vs
, 0, 0,
1879 surface_width(vs
->vd
->ds
),
1880 surface_height(vs
->vd
->ds
),
1881 VNC_ENCODING_EXT_KEY_EVENT
);
1882 vnc_unlock_output(vs
);
1886 static void send_ext_audio_ack(VncState
*vs
)
1888 vnc_lock_output(vs
);
1889 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1890 vnc_write_u8(vs
, 0);
1891 vnc_write_u16(vs
, 1);
1892 vnc_framebuffer_update(vs
, 0, 0,
1893 surface_width(vs
->vd
->ds
),
1894 surface_height(vs
->vd
->ds
),
1895 VNC_ENCODING_AUDIO
);
1896 vnc_unlock_output(vs
);
1900 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1903 unsigned int enc
= 0;
1906 vs
->vnc_encoding
= 0;
1907 vs
->tight
.compression
= 9;
1908 vs
->tight
.quality
= -1; /* Lossless by default */
1912 * Start from the end because the encodings are sent in order of preference.
1913 * This way the preferred encoding (first encoding defined in the array)
1914 * will be set at the end of the loop.
1916 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1919 case VNC_ENCODING_RAW
:
1920 vs
->vnc_encoding
= enc
;
1922 case VNC_ENCODING_COPYRECT
:
1923 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1925 case VNC_ENCODING_HEXTILE
:
1926 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1927 vs
->vnc_encoding
= enc
;
1929 case VNC_ENCODING_TIGHT
:
1930 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1931 vs
->vnc_encoding
= enc
;
1933 #ifdef CONFIG_VNC_PNG
1934 case VNC_ENCODING_TIGHT_PNG
:
1935 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1936 vs
->vnc_encoding
= enc
;
1939 case VNC_ENCODING_ZLIB
:
1940 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1941 vs
->vnc_encoding
= enc
;
1943 case VNC_ENCODING_ZRLE
:
1944 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
1945 vs
->vnc_encoding
= enc
;
1947 case VNC_ENCODING_ZYWRLE
:
1948 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
1949 vs
->vnc_encoding
= enc
;
1951 case VNC_ENCODING_DESKTOPRESIZE
:
1952 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1954 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1955 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1957 case VNC_ENCODING_RICH_CURSOR
:
1958 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1960 case VNC_ENCODING_EXT_KEY_EVENT
:
1961 send_ext_key_event_ack(vs
);
1963 case VNC_ENCODING_AUDIO
:
1964 send_ext_audio_ack(vs
);
1966 case VNC_ENCODING_WMVi
:
1967 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1969 case VNC_ENCODING_LED_STATE
:
1970 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
1972 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1973 vs
->tight
.compression
= (enc
& 0x0F);
1975 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1976 if (vs
->vd
->lossy
) {
1977 vs
->tight
.quality
= (enc
& 0x0F);
1981 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1985 vnc_desktop_resize(vs
);
1986 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
1987 vnc_led_state_change(vs
);
1990 static void set_pixel_conversion(VncState
*vs
)
1992 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
1994 if (fmt
== VNC_SERVER_FB_FORMAT
) {
1995 vs
->write_pixels
= vnc_write_pixels_copy
;
1996 vnc_hextile_set_pixel_conversion(vs
, 0);
1998 vs
->write_pixels
= vnc_write_pixels_generic
;
1999 vnc_hextile_set_pixel_conversion(vs
, 1);
2003 static void set_pixel_format(VncState
*vs
,
2004 int bits_per_pixel
, int depth
,
2005 int big_endian_flag
, int true_color_flag
,
2006 int red_max
, int green_max
, int blue_max
,
2007 int red_shift
, int green_shift
, int blue_shift
)
2009 if (!true_color_flag
) {
2010 vnc_client_error(vs
);
2014 vs
->client_pf
.rmax
= red_max
;
2015 vs
->client_pf
.rbits
= hweight_long(red_max
);
2016 vs
->client_pf
.rshift
= red_shift
;
2017 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2018 vs
->client_pf
.gmax
= green_max
;
2019 vs
->client_pf
.gbits
= hweight_long(green_max
);
2020 vs
->client_pf
.gshift
= green_shift
;
2021 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2022 vs
->client_pf
.bmax
= blue_max
;
2023 vs
->client_pf
.bbits
= hweight_long(blue_max
);
2024 vs
->client_pf
.bshift
= blue_shift
;
2025 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2026 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2027 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2028 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2029 vs
->client_be
= big_endian_flag
;
2031 set_pixel_conversion(vs
);
2033 graphic_hw_invalidate(NULL
);
2034 graphic_hw_update(NULL
);
2037 static void pixel_format_message (VncState
*vs
) {
2038 char pad
[3] = { 0, 0, 0 };
2040 vs
->client_pf
= qemu_default_pixelformat(32);
2042 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2043 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2045 #ifdef HOST_WORDS_BIGENDIAN
2046 vnc_write_u8(vs
, 1); /* big-endian-flag */
2048 vnc_write_u8(vs
, 0); /* big-endian-flag */
2050 vnc_write_u8(vs
, 1); /* true-color-flag */
2051 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2052 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2053 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2054 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2055 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2056 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2057 vnc_write(vs
, pad
, 3); /* padding */
2059 vnc_hextile_set_pixel_conversion(vs
, 0);
2060 vs
->write_pixels
= vnc_write_pixels_copy
;
2063 static void vnc_colordepth(VncState
*vs
)
2065 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2066 /* Sending a WMVi message to notify the client*/
2067 vnc_lock_output(vs
);
2068 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2069 vnc_write_u8(vs
, 0);
2070 vnc_write_u16(vs
, 1); /* number of rects */
2071 vnc_framebuffer_update(vs
, 0, 0,
2072 surface_width(vs
->vd
->ds
),
2073 surface_height(vs
->vd
->ds
),
2075 pixel_format_message(vs
);
2076 vnc_unlock_output(vs
);
2079 set_pixel_conversion(vs
);
2083 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2087 VncDisplay
*vd
= vs
->vd
;
2090 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2094 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2098 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
2099 read_u8(data
, 6), read_u8(data
, 7),
2100 read_u16(data
, 8), read_u16(data
, 10),
2101 read_u16(data
, 12), read_u8(data
, 14),
2102 read_u8(data
, 15), read_u8(data
, 16));
2104 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2109 limit
= read_u16(data
, 2);
2111 return 4 + (limit
* 4);
2113 limit
= read_u16(data
, 2);
2115 for (i
= 0; i
< limit
; i
++) {
2116 int32_t val
= read_s32(data
, 4 + (i
* 4));
2117 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2120 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2122 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2126 framebuffer_update_request(vs
,
2127 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2128 read_u16(data
, 6), read_u16(data
, 8));
2130 case VNC_MSG_CLIENT_KEY_EVENT
:
2134 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2136 case VNC_MSG_CLIENT_POINTER_EVENT
:
2140 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2142 case VNC_MSG_CLIENT_CUT_TEXT
:
2147 uint32_t dlen
= read_u32(data
, 4);
2152 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2154 case VNC_MSG_CLIENT_QEMU
:
2158 switch (read_u8(data
, 1)) {
2159 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2163 ext_key_event(vs
, read_u16(data
, 2),
2164 read_u32(data
, 4), read_u32(data
, 8));
2166 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2170 switch (read_u16 (data
, 2)) {
2171 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2174 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2177 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2180 switch (read_u8(data
, 4)) {
2181 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2182 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2183 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2184 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2185 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2186 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2188 printf("Invalid audio format %d\n", read_u8(data
, 4));
2189 vnc_client_error(vs
);
2192 vs
->as
.nchannels
= read_u8(data
, 5);
2193 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2194 printf("Invalid audio channel coount %d\n",
2196 vnc_client_error(vs
);
2199 vs
->as
.freq
= read_u32(data
, 6);
2202 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2203 vnc_client_error(vs
);
2209 printf("Msg: %d\n", read_u16(data
, 0));
2210 vnc_client_error(vs
);
2215 printf("Msg: %d\n", data
[0]);
2216 vnc_client_error(vs
);
2220 vnc_read_when(vs
, protocol_client_msg
, 1);
2224 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2230 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2231 switch (vs
->vd
->share_policy
) {
2232 case VNC_SHARE_POLICY_IGNORE
:
2234 * Ignore the shared flag. Nothing to do here.
2236 * Doesn't conform to the rfb spec but is traditional qemu
2237 * behavior, thus left here as option for compatibility
2241 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2243 * Policy: Allow clients ask for exclusive access.
2245 * Implementation: When a client asks for exclusive access,
2246 * disconnect all others. Shared connects are allowed as long
2247 * as no exclusive connection exists.
2249 * This is how the rfb spec suggests to handle the shared flag.
2251 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2253 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2257 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2258 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2261 vnc_disconnect_start(client
);
2264 if (mode
== VNC_SHARE_MODE_SHARED
) {
2265 if (vs
->vd
->num_exclusive
> 0) {
2266 vnc_disconnect_start(vs
);
2271 case VNC_SHARE_POLICY_FORCE_SHARED
:
2273 * Policy: Shared connects only.
2274 * Implementation: Disallow clients asking for exclusive access.
2276 * Useful for shared desktop sessions where you don't want
2277 * someone forgetting to say -shared when running the vnc
2278 * client disconnect everybody else.
2280 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2281 vnc_disconnect_start(vs
);
2286 vnc_set_share_mode(vs
, mode
);
2288 vs
->client_width
= surface_width(vs
->vd
->ds
);
2289 vs
->client_height
= surface_height(vs
->vd
->ds
);
2290 vnc_write_u16(vs
, vs
->client_width
);
2291 vnc_write_u16(vs
, vs
->client_height
);
2293 pixel_format_message(vs
);
2296 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2298 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2300 vnc_write_u32(vs
, size
);
2301 vnc_write(vs
, buf
, size
);
2304 vnc_client_cache_auth(vs
);
2305 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2307 vnc_read_when(vs
, protocol_client_msg
, 1);
2312 void start_client_init(VncState
*vs
)
2314 vnc_read_when(vs
, protocol_client_init
, 1);
2317 static void make_challenge(VncState
*vs
)
2321 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2323 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2324 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2327 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2329 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2331 unsigned char key
[8];
2332 time_t now
= time(NULL
);
2334 if (!vs
->vd
->password
) {
2335 VNC_DEBUG("No password configured on server");
2338 if (vs
->vd
->expires
< now
) {
2339 VNC_DEBUG("Password is expired");
2343 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2345 /* Calculate the expected challenge response */
2346 pwlen
= strlen(vs
->vd
->password
);
2347 for (i
=0; i
<sizeof(key
); i
++)
2348 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2350 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2351 des(response
+j
, response
+j
);
2353 /* Compare expected vs actual challenge response */
2354 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2355 VNC_DEBUG("Client challenge response did not match\n");
2358 VNC_DEBUG("Accepting VNC challenge response\n");
2359 vnc_write_u32(vs
, 0); /* Accept auth */
2362 start_client_init(vs
);
2367 vnc_write_u32(vs
, 1); /* Reject auth */
2368 if (vs
->minor
>= 8) {
2369 static const char err
[] = "Authentication failed";
2370 vnc_write_u32(vs
, sizeof(err
));
2371 vnc_write(vs
, err
, sizeof(err
));
2374 vnc_client_error(vs
);
2378 void start_auth_vnc(VncState
*vs
)
2381 /* Send client a 'random' challenge */
2382 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2385 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2389 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2391 /* We only advertise 1 auth scheme at a time, so client
2392 * must pick the one we sent. Verify this */
2393 if (data
[0] != vs
->auth
) { /* Reject auth */
2394 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2395 vnc_write_u32(vs
, 1);
2396 if (vs
->minor
>= 8) {
2397 static const char err
[] = "Authentication failed";
2398 vnc_write_u32(vs
, sizeof(err
));
2399 vnc_write(vs
, err
, sizeof(err
));
2401 vnc_client_error(vs
);
2402 } else { /* Accept requested auth */
2403 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2406 VNC_DEBUG("Accept auth none\n");
2407 if (vs
->minor
>= 8) {
2408 vnc_write_u32(vs
, 0); /* Accept auth completion */
2411 start_client_init(vs
);
2415 VNC_DEBUG("Start VNC auth\n");
2419 #ifdef CONFIG_VNC_TLS
2420 case VNC_AUTH_VENCRYPT
:
2421 VNC_DEBUG("Accept VeNCrypt auth\n");
2422 start_auth_vencrypt(vs
);
2424 #endif /* CONFIG_VNC_TLS */
2426 #ifdef CONFIG_VNC_SASL
2428 VNC_DEBUG("Accept SASL auth\n");
2429 start_auth_sasl(vs
);
2431 #endif /* CONFIG_VNC_SASL */
2433 default: /* Should not be possible, but just in case */
2434 VNC_DEBUG("Reject auth %d server code bug\n", vs
->auth
);
2435 vnc_write_u8(vs
, 1);
2436 if (vs
->minor
>= 8) {
2437 static const char err
[] = "Authentication failed";
2438 vnc_write_u32(vs
, sizeof(err
));
2439 vnc_write(vs
, err
, sizeof(err
));
2441 vnc_client_error(vs
);
2447 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2451 memcpy(local
, version
, 12);
2454 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2455 VNC_DEBUG("Malformed protocol version %s\n", local
);
2456 vnc_client_error(vs
);
2459 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2460 if (vs
->major
!= 3 ||
2466 VNC_DEBUG("Unsupported client version\n");
2467 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2469 vnc_client_error(vs
);
2472 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2473 * as equivalent to v3.3 by servers
2475 if (vs
->minor
== 4 || vs
->minor
== 5)
2478 if (vs
->minor
== 3) {
2479 if (vs
->auth
== VNC_AUTH_NONE
) {
2480 VNC_DEBUG("Tell client auth none\n");
2481 vnc_write_u32(vs
, vs
->auth
);
2483 start_client_init(vs
);
2484 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2485 VNC_DEBUG("Tell client VNC auth\n");
2486 vnc_write_u32(vs
, vs
->auth
);
2490 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2491 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2493 vnc_client_error(vs
);
2496 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2497 vnc_write_u8(vs
, 1); /* num auth */
2498 vnc_write_u8(vs
, vs
->auth
);
2499 vnc_read_when(vs
, protocol_client_auth
, 1);
2506 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2508 struct VncSurface
*vs
= &vd
->guest
;
2510 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2513 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2517 w
= (x
+ w
) / VNC_STAT_RECT
;
2518 h
= (y
+ h
) / VNC_STAT_RECT
;
2522 for (j
= y
; j
<= h
; j
++) {
2523 for (i
= x
; i
<= w
; i
++) {
2524 vs
->lossy_rect
[j
][i
] = 1;
2529 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2532 int sty
= y
/ VNC_STAT_RECT
;
2533 int stx
= x
/ VNC_STAT_RECT
;
2536 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2537 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2539 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2542 /* kernel send buffers are full -> refresh later */
2543 if (vs
->output
.offset
) {
2547 if (!vs
->lossy_rect
[sty
][stx
]) {
2551 vs
->lossy_rect
[sty
][stx
] = 0;
2552 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2553 bitmap_set(vs
->dirty
[y
+ j
], x
/ 16, VNC_STAT_RECT
/ 16);
2561 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2563 int width
= pixman_image_get_width(vd
->guest
.fb
);
2564 int height
= pixman_image_get_height(vd
->guest
.fb
);
2569 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2570 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2571 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2573 rect
->updated
= false;
2577 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2579 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2582 vd
->guest
.last_freq_check
= *tv
;
2584 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2585 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2586 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2587 int count
= ARRAY_SIZE(rect
->times
);
2588 struct timeval min
, max
;
2590 if (!timerisset(&rect
->times
[count
- 1])) {
2594 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2595 qemu_timersub(tv
, &max
, &res
);
2597 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2599 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2600 memset(rect
->times
, 0, sizeof (rect
->times
));
2604 min
= rect
->times
[rect
->idx
];
2605 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2606 qemu_timersub(&max
, &min
, &res
);
2608 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2609 rect
->freq
/= count
;
2610 rect
->freq
= 1. / rect
->freq
;
2616 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2622 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2623 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2625 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2626 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2627 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2639 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2643 rect
= vnc_stat_rect(vd
, x
, y
);
2644 if (rect
->updated
) {
2647 rect
->times
[rect
->idx
] = *tv
;
2648 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2649 rect
->updated
= true;
2652 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2654 int width
= pixman_image_get_width(vd
->guest
.fb
);
2655 int height
= pixman_image_get_height(vd
->guest
.fb
);
2658 uint8_t *server_row
;
2662 pixman_image_t
*tmpbuf
= NULL
;
2664 struct timeval tv
= { 0, 0 };
2666 if (!vd
->non_adaptive
) {
2667 gettimeofday(&tv
, NULL
);
2668 has_dirty
= vnc_update_stats(vd
, &tv
);
2672 * Walk through the guest dirty map.
2673 * Check and copy modified bits from guest to server surface.
2674 * Update server dirty map.
2677 if (cmp_bytes
> vnc_server_fb_stride(vd
)) {
2678 cmp_bytes
= vnc_server_fb_stride(vd
);
2680 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2681 int width
= pixman_image_get_width(vd
->server
);
2682 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2684 guest_row
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2685 server_row
= (uint8_t *)pixman_image_get_data(vd
->server
);
2686 for (y
= 0; y
< height
; y
++) {
2687 if (!bitmap_empty(vd
->guest
.dirty
[y
], VNC_DIRTY_BITS
)) {
2690 uint8_t *server_ptr
;
2692 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2693 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2694 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2696 guest_ptr
= guest_row
;
2698 server_ptr
= server_row
;
2700 for (x
= 0; x
+ 15 < width
;
2701 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2702 if (!test_and_clear_bit((x
/ 16), vd
->guest
.dirty
[y
]))
2704 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2706 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2707 if (!vd
->non_adaptive
)
2708 vnc_rect_updated(vd
, x
, y
, &tv
);
2709 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2710 set_bit((x
/ 16), vs
->dirty
[y
]);
2715 guest_row
+= pixman_image_get_stride(vd
->guest
.fb
);
2716 server_row
+= pixman_image_get_stride(vd
->server
);
2718 qemu_pixman_image_unref(tmpbuf
);
2722 static void vnc_refresh(DisplayChangeListener
*dcl
)
2724 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2726 int has_dirty
, rects
= 0;
2728 graphic_hw_update(NULL
);
2730 if (vnc_trylock_display(vd
)) {
2731 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2735 has_dirty
= vnc_refresh_server_surface(vd
);
2736 vnc_unlock_display(vd
);
2738 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2739 rects
+= vnc_update_client(vs
, has_dirty
);
2740 /* vs might be free()ed here */
2743 if (QTAILQ_EMPTY(&vd
->clients
)) {
2744 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
2748 if (has_dirty
&& rects
) {
2749 vd
->dcl
.update_interval
/= 2;
2750 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
2751 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
2754 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
2755 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
2756 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
2761 static void vnc_connect(VncDisplay
*vd
, int csock
,
2762 bool skipauth
, bool websocket
)
2764 VncState
*vs
= g_malloc0(sizeof(VncState
));
2770 vs
->auth
= VNC_AUTH_NONE
;
2771 #ifdef CONFIG_VNC_TLS
2772 vs
->subauth
= VNC_AUTH_INVALID
;
2775 vs
->auth
= vd
->auth
;
2776 #ifdef CONFIG_VNC_TLS
2777 vs
->subauth
= vd
->subauth
;
2781 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
2782 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
2783 vs
->lossy_rect
[i
] = g_malloc0(VNC_STAT_COLS
* sizeof (uint8_t));
2786 VNC_DEBUG("New client on socket %d\n", csock
);
2787 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2788 qemu_set_nonblock(vs
->csock
);
2789 #ifdef CONFIG_VNC_WS
2792 #ifdef CONFIG_VNC_TLS
2793 if (vd
->tls
.x509cert
) {
2794 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_tls_handshake_peek
,
2797 #endif /* CONFIG_VNC_TLS */
2799 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
,
2803 #endif /* CONFIG_VNC_WS */
2805 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2808 vnc_client_cache_addr(vs
);
2809 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2810 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
2814 #ifdef CONFIG_VNC_WS
2822 void vnc_init_state(VncState
*vs
)
2824 vs
->initialized
= true;
2825 VncDisplay
*vd
= vs
->vd
;
2830 vs
->as
.freq
= 44100;
2831 vs
->as
.nchannels
= 2;
2832 vs
->as
.fmt
= AUD_FMT_S16
;
2833 vs
->as
.endianness
= 0;
2835 qemu_mutex_init(&vs
->output_mutex
);
2836 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
2838 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2840 graphic_hw_update(NULL
);
2842 vnc_write(vs
, "RFB 003.008\n", 12);
2844 vnc_read_when(vs
, protocol_version
, 12);
2846 if (vs
->vd
->lock_key_sync
)
2847 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2849 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2850 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2852 /* vs might be free()ed here */
2855 static void vnc_listen_read(void *opaque
, bool websocket
)
2857 VncDisplay
*vs
= opaque
;
2858 struct sockaddr_in addr
;
2859 socklen_t addrlen
= sizeof(addr
);
2863 graphic_hw_update(NULL
);
2864 #ifdef CONFIG_VNC_WS
2866 csock
= qemu_accept(vs
->lwebsock
, (struct sockaddr
*)&addr
, &addrlen
);
2868 #endif /* CONFIG_VNC_WS */
2870 csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2874 vnc_connect(vs
, csock
, false, websocket
);
2878 static void vnc_listen_regular_read(void *opaque
)
2880 vnc_listen_read(opaque
, false);
2883 #ifdef CONFIG_VNC_WS
2884 static void vnc_listen_websocket_read(void *opaque
)
2886 vnc_listen_read(opaque
, true);
2888 #endif /* CONFIG_VNC_WS */
2890 static const DisplayChangeListenerOps dcl_ops
= {
2892 .dpy_refresh
= vnc_refresh
,
2893 .dpy_gfx_copy
= vnc_dpy_copy
,
2894 .dpy_gfx_update
= vnc_dpy_update
,
2895 .dpy_gfx_switch
= vnc_dpy_switch
,
2896 .dpy_mouse_set
= vnc_mouse_set
,
2897 .dpy_cursor_define
= vnc_dpy_cursor_define
,
2900 void vnc_display_init(DisplayState
*ds
)
2902 VncDisplay
*vs
= g_malloc0(sizeof(*vs
));
2907 #ifdef CONFIG_VNC_WS
2911 QTAILQ_INIT(&vs
->clients
);
2912 vs
->expires
= TIME_MAX
;
2914 if (keyboard_layout
)
2915 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2917 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2919 if (!vs
->kbd_layout
)
2922 qemu_mutex_init(&vs
->mutex
);
2923 vnc_start_worker_thread();
2925 vs
->dcl
.ops
= &dcl_ops
;
2926 register_displaychangelistener(&vs
->dcl
);
2930 static void vnc_display_close(DisplayState
*ds
)
2932 VncDisplay
*vs
= vnc_display
;
2937 g_free(vs
->display
);
2940 if (vs
->lsock
!= -1) {
2941 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2945 #ifdef CONFIG_VNC_WS
2946 g_free(vs
->ws_display
);
2947 vs
->ws_display
= NULL
;
2948 if (vs
->lwebsock
!= -1) {
2949 qemu_set_fd_handler2(vs
->lwebsock
, NULL
, NULL
, NULL
, NULL
);
2950 close(vs
->lwebsock
);
2953 #endif /* CONFIG_VNC_WS */
2954 vs
->auth
= VNC_AUTH_INVALID
;
2955 #ifdef CONFIG_VNC_TLS
2956 vs
->subauth
= VNC_AUTH_INVALID
;
2957 vs
->tls
.x509verify
= 0;
2961 static int vnc_display_disable_login(DisplayState
*ds
)
2963 VncDisplay
*vs
= vnc_display
;
2970 g_free(vs
->password
);
2973 vs
->password
= NULL
;
2974 if (vs
->auth
== VNC_AUTH_NONE
) {
2975 vs
->auth
= VNC_AUTH_VNC
;
2981 int vnc_display_password(DisplayState
*ds
, const char *password
)
2983 VncDisplay
*vs
= vnc_display
;
2990 /* This is not the intention of this interface but err on the side
2992 return vnc_display_disable_login(ds
);
2996 g_free(vs
->password
);
2997 vs
->password
= NULL
;
2999 vs
->password
= g_strdup(password
);
3000 if (vs
->auth
== VNC_AUTH_NONE
) {
3001 vs
->auth
= VNC_AUTH_VNC
;
3007 int vnc_display_pw_expire(DisplayState
*ds
, time_t expires
)
3009 VncDisplay
*vs
= vnc_display
;
3015 vs
->expires
= expires
;
3019 char *vnc_display_local_addr(DisplayState
*ds
)
3021 VncDisplay
*vs
= vnc_display
;
3023 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
3026 void vnc_display_open(DisplayState
*ds
, const char *display
, Error
**errp
)
3028 VncDisplay
*vs
= vnc_display
;
3029 const char *options
;
3032 #ifdef CONFIG_VNC_TLS
3033 int tls
= 0, x509
= 0;
3035 #ifdef CONFIG_VNC_SASL
3039 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3042 int lock_key_sync
= 1;
3045 error_setg(errp
, "VNC display not active");
3048 vnc_display_close(ds
);
3049 if (strcmp(display
, "none") == 0)
3052 vs
->display
= g_strdup(display
);
3053 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3056 while ((options
= strchr(options
, ','))) {
3058 if (strncmp(options
, "password", 8) == 0) {
3059 if (fips_get_state()) {
3061 "VNC password auth disabled due to FIPS mode, "
3062 "consider using the VeNCrypt or SASL authentication "
3063 "methods as an alternative");
3066 password
= 1; /* Require password auth */
3067 } else if (strncmp(options
, "reverse", 7) == 0) {
3069 } else if (strncmp(options
, "no-lock-key-sync", 16) == 0) {
3071 #ifdef CONFIG_VNC_SASL
3072 } else if (strncmp(options
, "sasl", 4) == 0) {
3073 sasl
= 1; /* Require SASL auth */
3075 #ifdef CONFIG_VNC_WS
3076 } else if (strncmp(options
, "websocket", 9) == 0) {
3080 /* Check for 'websocket=<port>' */
3081 start
= strchr(options
, '=');
3082 end
= strchr(options
, ',');
3083 if (start
&& (!end
|| (start
< end
))) {
3084 int len
= end
? end
-(start
+1) : strlen(start
+1);
3086 /* extract the host specification from display */
3087 char *host
= NULL
, *port
= NULL
, *host_end
= NULL
;
3088 port
= g_strndup(start
+ 1, len
);
3090 /* ipv6 hosts have colons */
3091 end
= strchr(display
, ',');
3092 host_end
= g_strrstr_len(display
, end
- display
, ":");
3095 host
= g_strndup(display
, host_end
- display
+ 1);
3097 host
= g_strndup(":", 1);
3099 vs
->ws_display
= g_strconcat(host
, port
, NULL
);
3104 #endif /* CONFIG_VNC_WS */
3105 #ifdef CONFIG_VNC_TLS
3106 } else if (strncmp(options
, "tls", 3) == 0) {
3107 tls
= 1; /* Require TLS */
3108 } else if (strncmp(options
, "x509", 4) == 0) {
3110 x509
= 1; /* Require x509 certificates */
3111 if (strncmp(options
, "x509verify", 10) == 0)
3112 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
3114 /* Now check for 'x509=/some/path' postfix
3115 * and use that to setup x509 certificate/key paths */
3116 start
= strchr(options
, '=');
3117 end
= strchr(options
, ',');
3118 if (start
&& (!end
|| (start
< end
))) {
3119 int len
= end
? end
-(start
+1) : strlen(start
+1);
3120 char *path
= g_strndup(start
+ 1, len
);
3122 VNC_DEBUG("Trying certificate path '%s'\n", path
);
3123 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
3124 error_setg(errp
, "Failed to find x509 certificates/keys in %s", path
);
3130 error_setg(errp
, "No certificate path provided");
3134 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3135 } else if (strncmp(options
, "acl", 3) == 0) {
3138 } else if (strncmp(options
, "lossy", 5) == 0) {
3140 } else if (strncmp(options
, "non-adaptive", 12) == 0) {
3141 vs
->non_adaptive
= true;
3142 } else if (strncmp(options
, "share=", 6) == 0) {
3143 if (strncmp(options
+6, "ignore", 6) == 0) {
3144 vs
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3145 } else if (strncmp(options
+6, "allow-exclusive", 15) == 0) {
3146 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3147 } else if (strncmp(options
+6, "force-shared", 12) == 0) {
3148 vs
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3150 error_setg(errp
, "unknown vnc share= option");
3156 #ifdef CONFIG_VNC_TLS
3157 if (acl
&& x509
&& vs
->tls
.x509verify
) {
3158 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
3159 fprintf(stderr
, "Failed to create x509 dname ACL\n");
3164 #ifdef CONFIG_VNC_SASL
3166 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
3167 fprintf(stderr
, "Failed to create username ACL\n");
3174 * Combinations we support here:
3176 * - no-auth (clear text, no auth)
3177 * - password (clear text, weak auth)
3178 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3179 * - tls (encrypt, weak anonymous creds, no auth)
3180 * - tls + password (encrypt, weak anonymous creds, weak auth)
3181 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3182 * - tls + x509 (encrypt, good x509 creds, no auth)
3183 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3184 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3186 * NB1. TLS is a stackable auth scheme.
3187 * NB2. the x509 schemes have option to validate a client cert dname
3190 #ifdef CONFIG_VNC_TLS
3192 vs
->auth
= VNC_AUTH_VENCRYPT
;
3194 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3195 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3197 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3198 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3201 #endif /* CONFIG_VNC_TLS */
3202 VNC_DEBUG("Initializing VNC server with password auth\n");
3203 vs
->auth
= VNC_AUTH_VNC
;
3204 #ifdef CONFIG_VNC_TLS
3205 vs
->subauth
= VNC_AUTH_INVALID
;
3207 #endif /* CONFIG_VNC_TLS */
3208 #ifdef CONFIG_VNC_SASL
3210 #ifdef CONFIG_VNC_TLS
3212 vs
->auth
= VNC_AUTH_VENCRYPT
;
3214 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3215 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3217 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3218 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3221 #endif /* CONFIG_VNC_TLS */
3222 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3223 vs
->auth
= VNC_AUTH_SASL
;
3224 #ifdef CONFIG_VNC_TLS
3225 vs
->subauth
= VNC_AUTH_INVALID
;
3227 #endif /* CONFIG_VNC_TLS */
3228 #endif /* CONFIG_VNC_SASL */
3230 #ifdef CONFIG_VNC_TLS
3232 vs
->auth
= VNC_AUTH_VENCRYPT
;
3234 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3235 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3237 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3238 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3242 VNC_DEBUG("Initializing VNC server with no auth\n");
3243 vs
->auth
= VNC_AUTH_NONE
;
3244 #ifdef CONFIG_VNC_TLS
3245 vs
->subauth
= VNC_AUTH_INVALID
;
3250 #ifdef CONFIG_VNC_SASL
3251 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
3252 error_setg(errp
, "Failed to initialize SASL auth: %s",
3253 sasl_errstring(saslErr
, NULL
, NULL
));
3257 vs
->lock_key_sync
= lock_key_sync
;
3260 /* connect to viewer */
3263 #ifdef CONFIG_VNC_WS
3266 if (strncmp(display
, "unix:", 5) == 0) {
3267 csock
= unix_connect(display
+5, errp
);
3269 csock
= inet_connect(display
, errp
);
3274 vnc_connect(vs
, csock
, false, false);
3276 /* listen for connects */
3278 dpy
= g_malloc(256);
3279 if (strncmp(display
, "unix:", 5) == 0) {
3280 pstrcpy(dpy
, 256, "unix:");
3281 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5, errp
);
3283 vs
->lsock
= inet_listen(display
, dpy
, 256,
3284 SOCK_STREAM
, 5900, errp
);
3285 if (vs
->lsock
< 0) {
3289 #ifdef CONFIG_VNC_WS
3290 if (vs
->websocket
) {
3291 if (vs
->ws_display
) {
3292 vs
->lwebsock
= inet_listen(vs
->ws_display
, NULL
, 256,
3293 SOCK_STREAM
, 0, errp
);
3295 vs
->lwebsock
= inet_listen(vs
->display
, NULL
, 256,
3296 SOCK_STREAM
, 5700, errp
);
3299 if (vs
->lwebsock
< 0) {
3308 #endif /* CONFIG_VNC_WS */
3310 g_free(vs
->display
);
3312 qemu_set_fd_handler2(vs
->lsock
, NULL
,
3313 vnc_listen_regular_read
, NULL
, vs
);
3314 #ifdef CONFIG_VNC_WS
3315 if (vs
->websocket
) {
3316 qemu_set_fd_handler2(vs
->lwebsock
, NULL
,
3317 vnc_listen_websocket_read
, NULL
, vs
);
3319 #endif /* CONFIG_VNC_WS */
3324 g_free(vs
->display
);
3326 #ifdef CONFIG_VNC_WS
3327 g_free(vs
->ws_display
);
3328 vs
->ws_display
= NULL
;
3329 #endif /* CONFIG_VNC_WS */
3332 void vnc_display_add_client(DisplayState
*ds
, int csock
, bool skipauth
)
3334 VncDisplay
*vs
= vnc_display
;
3336 vnc_connect(vs
, csock
, skipauth
, false);