2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #include "qemu-objects.h"
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
38 #include "vnc_keysym.h"
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
49 static VncDisplay
*vnc_display
; /* needed for info vnc */
50 static DisplayChangeListener
*dcl
;
52 static int vnc_cursor_define(VncState
*vs
);
54 static char *addr_to_string(const char *format
,
55 struct sockaddr_storage
*sa
,
58 char host
[NI_MAXHOST
];
59 char serv
[NI_MAXSERV
];
63 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
66 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err
, gai_strerror(err
));
72 /* Enough for the existing format + the 2 vars we're
74 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
75 addr
= qemu_malloc(addrlen
+ 1);
76 snprintf(addr
, addrlen
, format
, host
, serv
);
83 char *vnc_socket_local_addr(const char *format
, int fd
) {
84 struct sockaddr_storage sa
;
88 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
91 return addr_to_string(format
, &sa
, salen
);
94 char *vnc_socket_remote_addr(const char *format
, int fd
) {
95 struct sockaddr_storage sa
;
99 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
102 return addr_to_string(format
, &sa
, salen
);
105 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
108 char host
[NI_MAXHOST
];
109 char serv
[NI_MAXSERV
];
112 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
115 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err
, gai_strerror(err
));
121 qdict_put(qdict
, "host", qstring_from_str(host
));
122 qdict_put(qdict
, "service", qstring_from_str(serv
));
123 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
128 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
130 struct sockaddr_storage sa
;
134 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
138 return put_addr_qdict(qdict
, &sa
, salen
);
141 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
143 struct sockaddr_storage sa
;
147 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
151 return put_addr_qdict(qdict
, &sa
, salen
);
154 static const char *vnc_auth_name(VncDisplay
*vd
) {
156 case VNC_AUTH_INVALID
:
172 case VNC_AUTH_VENCRYPT
:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd
->subauth
) {
175 case VNC_AUTH_VENCRYPT_PLAIN
:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE
:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC
:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE
:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC
:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN
:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL
:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL
:
192 return "vencrypt+x509+sasl";
205 static int vnc_server_info_put(QDict
*qdict
)
207 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
211 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
215 static void vnc_client_cache_auth(VncState
*client
)
223 qdict
= qobject_to_qdict(client
->info
);
225 #ifdef CONFIG_VNC_TLS
226 if (client
->tls
.session
&&
228 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
231 #ifdef CONFIG_VNC_SASL
232 if (client
->sasl
.conn
&&
233 client
->sasl
.username
) {
234 qdict_put(qdict
, "sasl_username",
235 qstring_from_str(client
->sasl
.username
));
240 static void vnc_client_cache_addr(VncState
*client
)
245 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
247 /* XXX: how to report the error? */
251 client
->info
= QOBJECT(qdict
);
254 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
263 server
= qdict_new();
264 if (vnc_server_info_put(server
) < 0) {
269 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs
->info
, QOBJECT(server
));
272 monitor_protocol_event(event
, data
);
274 qobject_incref(vs
->info
);
275 qobject_decref(data
);
278 static void info_vnc_iter(QObject
*obj
, void *opaque
)
281 Monitor
*mon
= opaque
;
283 client
= qobject_to_qdict(obj
);
284 monitor_printf(mon
, "Client:\n");
285 monitor_printf(mon
, " address: %s:%s\n",
286 qdict_get_str(client
, "host"),
287 qdict_get_str(client
, "service"));
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon
, " x509_dname: %s\n",
291 qdict_haskey(client
, "x509_dname") ?
292 qdict_get_str(client
, "x509_dname") : "none");
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon
, " username: %s\n",
296 qdict_haskey(client
, "sasl_username") ?
297 qdict_get_str(client
, "sasl_username") : "none");
301 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
306 server
= qobject_to_qdict(data
);
307 if (qdict_get_bool(server
, "enabled") == 0) {
308 monitor_printf(mon
, "Server: disabled\n");
312 monitor_printf(mon
, "Server:\n");
313 monitor_printf(mon
, " address: %s:%s\n",
314 qdict_get_str(server
, "host"),
315 qdict_get_str(server
, "service"));
316 monitor_printf(mon
, " auth: %s\n", qdict_get_str(server
, "auth"));
318 clients
= qdict_get_qlist(server
, "clients");
319 if (qlist_empty(clients
)) {
320 monitor_printf(mon
, "Client: none\n");
322 qlist_iter(clients
, info_vnc_iter
, mon
);
327 * do_info_vnc(): Show VNC server information
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
332 * The main QDict contains the following:
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
341 * Clients are described by a QDict, with the following information:
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
355 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
357 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
358 *ret_data
= qobject_from_jsonf("{ 'enabled': false }");
364 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client
->info
);
368 qlist_append_obj(clist
, client
->info
);
372 *ret_data
= qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
374 assert(*ret_data
!= NULL
);
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data
)) < 0) {
377 qobject_decref(*ret_data
);
383 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
384 return (vs
->features
& (1 << feature
));
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
394 static int vnc_update_client(VncState
*vs
, int has_dirty
);
395 static void vnc_disconnect_start(VncState
*vs
);
396 static void vnc_disconnect_finish(VncState
*vs
);
397 static void vnc_init_timer(VncDisplay
*vd
);
398 static void vnc_remove_timer(VncDisplay
*vd
);
400 static void vnc_colordepth(VncState
*vs
);
401 static void framebuffer_update_request(VncState
*vs
, int incremental
,
402 int x_position
, int y_position
,
404 static void vnc_refresh(void *opaque
);
405 static int vnc_refresh_server_surface(VncDisplay
*vd
);
407 static inline void vnc_set_bit(uint32_t *d
, int k
)
409 d
[k
>> 5] |= 1 << (k
& 0x1f);
412 static inline void vnc_clear_bit(uint32_t *d
, int k
)
414 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
417 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
427 d
[j
++] = (1 << n
) - 1;
432 static inline int vnc_get_bit(const uint32_t *d
, int k
)
434 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
437 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
441 for(i
= 0; i
< nb_words
; i
++) {
442 if ((d1
[i
] & d2
[i
]) != 0)
448 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
451 VncDisplay
*vd
= ds
->opaque
;
452 struct VncSurface
*s
= &vd
->guest
;
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
463 x
= MIN(x
, s
->ds
->width
);
464 y
= MIN(y
, s
->ds
->height
);
465 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
466 h
= MIN(h
, s
->ds
->height
);
469 for (i
= 0; i
< w
; i
+= 16)
470 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
473 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
476 vnc_write_u16(vs
, x
);
477 vnc_write_u16(vs
, y
);
478 vnc_write_u16(vs
, w
);
479 vnc_write_u16(vs
, h
);
481 vnc_write_s32(vs
, encoding
);
484 void buffer_reserve(Buffer
*buffer
, size_t len
)
486 if ((buffer
->capacity
- buffer
->offset
) < len
) {
487 buffer
->capacity
+= (len
+ 1024);
488 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
489 if (buffer
->buffer
== NULL
) {
490 fprintf(stderr
, "vnc: out of memory\n");
496 int buffer_empty(Buffer
*buffer
)
498 return buffer
->offset
== 0;
501 uint8_t *buffer_end(Buffer
*buffer
)
503 return buffer
->buffer
+ buffer
->offset
;
506 void buffer_reset(Buffer
*buffer
)
511 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
513 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
514 buffer
->offset
+= len
;
517 static void vnc_dpy_resize(DisplayState
*ds
)
520 VncDisplay
*vd
= ds
->opaque
;
525 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
526 if (vd
->server
->data
)
527 qemu_free(vd
->server
->data
);
528 *(vd
->server
) = *(ds
->surface
);
529 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
534 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
535 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
536 console_color_init(ds
);
537 size_changed
= ds_get_width(ds
) != vd
->guest
.ds
->width
||
538 ds_get_height(ds
) != vd
->guest
.ds
->height
;
539 *(vd
->guest
.ds
) = *(ds
->surface
);
540 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
542 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
545 if (vs
->csock
!= -1 && vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
546 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
548 vnc_write_u16(vs
, 1); /* number of rects */
549 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
),
550 VNC_ENCODING_DESKTOPRESIZE
);
554 if (vs
->vd
->cursor
) {
555 vnc_cursor_define(vs
);
557 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
562 static void vnc_write_pixels_copy(VncState
*vs
, struct PixelFormat
*pf
,
563 void *pixels
, int size
)
565 vnc_write(vs
, pixels
, size
);
568 /* slowest but generic code. */
569 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
572 VncDisplay
*vd
= vs
->vd
;
574 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
575 vd
->server
->pf
.rbits
);
576 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
577 vd
->server
->pf
.gbits
);
578 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
579 vd
->server
->pf
.bbits
);
580 v
= (r
<< vs
->clientds
.pf
.rshift
) |
581 (g
<< vs
->clientds
.pf
.gshift
) |
582 (b
<< vs
->clientds
.pf
.bshift
);
583 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
588 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
598 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
613 static void vnc_write_pixels_generic(VncState
*vs
, struct PixelFormat
*pf
,
614 void *pixels1
, int size
)
618 if (pf
->bytes_per_pixel
== 4) {
619 uint32_t *pixels
= pixels1
;
622 for(i
= 0; i
< n
; i
++) {
623 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
624 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
626 } else if (pf
->bytes_per_pixel
== 2) {
627 uint16_t *pixels
= pixels1
;
630 for(i
= 0; i
< n
; i
++) {
631 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
632 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
634 } else if (pf
->bytes_per_pixel
== 1) {
635 uint8_t *pixels
= pixels1
;
638 for(i
= 0; i
< n
; i
++) {
639 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
640 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
643 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
647 void vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
651 VncDisplay
*vd
= vs
->vd
;
653 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
654 for (i
= 0; i
< h
; i
++) {
655 vs
->write_pixels(vs
, &vd
->server
->pf
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
656 row
+= ds_get_linesize(vs
->ds
);
660 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
662 switch(vs
->vnc_encoding
) {
663 case VNC_ENCODING_ZLIB
:
664 vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
666 case VNC_ENCODING_HEXTILE
:
667 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
668 vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
671 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
672 vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
677 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
679 /* send bitblit op to the vnc client */
680 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
682 vnc_write_u16(vs
, 1); /* number of rects */
683 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
684 vnc_write_u16(vs
, src_x
);
685 vnc_write_u16(vs
, src_y
);
689 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
691 VncDisplay
*vd
= ds
->opaque
;
695 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
698 vnc_refresh_server_surface(vd
);
699 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
700 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
701 vs
->force_update
= 1;
702 vnc_update_client(vs
, 1);
703 /* vs might be free()ed here */
707 /* do bitblit op on the local surface too */
708 pitch
= ds_get_linesize(vd
->ds
);
709 depth
= ds_get_bytes_per_pixel(vd
->ds
);
710 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
711 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
716 src_row
+= pitch
* (h
-1);
717 dst_row
+= pitch
* (h
-1);
722 w_lim
= w
- (16 - (dst_x
% 16));
726 w_lim
= w
- (w_lim
% 16);
727 for (i
= 0; i
< h
; i
++) {
728 for (x
= 0; x
<= w_lim
;
729 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
731 if ((s
= w
- w_lim
) == 0)
734 s
= (16 - (dst_x
% 16));
739 cmp_bytes
= s
* depth
;
740 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
742 memmove(dst_row
, src_row
, cmp_bytes
);
743 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
744 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
745 vnc_set_bit(vs
->dirty
[y
], ((x
+ dst_x
) / 16));
749 src_row
+= pitch
- w
* depth
;
750 dst_row
+= pitch
- w
* depth
;
754 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
755 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
756 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
761 static void vnc_mouse_set(int x
, int y
, int visible
)
763 /* can we ask the client(s) to move the pointer ??? */
766 static int vnc_cursor_define(VncState
*vs
)
768 QEMUCursor
*c
= vs
->vd
->cursor
;
769 PixelFormat pf
= qemu_default_pixelformat(32);
772 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
773 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
774 vnc_write_u8(vs
, 0); /* padding */
775 vnc_write_u16(vs
, 1); /* # of rects */
776 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
777 VNC_ENCODING_RICH_CURSOR
);
778 isize
= c
->width
* c
->height
* vs
->clientds
.pf
.bytes_per_pixel
;
779 vnc_write_pixels_generic(vs
, &pf
, c
->data
, isize
);
780 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
786 static void vnc_dpy_cursor_define(QEMUCursor
*c
)
788 VncDisplay
*vd
= vnc_display
;
791 cursor_put(vd
->cursor
);
792 qemu_free(vd
->cursor_mask
);
795 cursor_get(vd
->cursor
);
796 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
797 vd
->cursor_mask
= qemu_mallocz(vd
->cursor_msize
);
798 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
800 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
801 vnc_cursor_define(vs
);
805 static int find_and_clear_dirty_height(struct VncState
*vs
,
806 int y
, int last_x
, int x
)
809 VncDisplay
*vd
= vs
->vd
;
811 for (h
= 1; h
< (vd
->server
->height
- y
); h
++) {
813 if (!vnc_get_bit(vs
->dirty
[y
+ h
], last_x
))
815 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
816 vnc_clear_bit(vs
->dirty
[y
+ h
], tmp_x
);
822 static int vnc_update_client(VncState
*vs
, int has_dirty
)
824 if (vs
->need_update
&& vs
->csock
!= -1) {
825 VncDisplay
*vd
= vs
->vd
;
830 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
831 /* kernel send buffers are full -> drop frames to throttle */
834 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
838 * Send screen updates to the vnc client using the server
839 * surface and server dirty map. guest surface updates
840 * happening in parallel don't disturb us, the next pass will
841 * send them to the client.
844 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
846 saved_offset
= vs
->output
.offset
;
847 vnc_write_u16(vs
, 0);
849 for (y
= 0; y
< vd
->server
->height
; y
++) {
852 for (x
= 0; x
< vd
->server
->width
/ 16; x
++) {
853 if (vnc_get_bit(vs
->dirty
[y
], x
)) {
857 vnc_clear_bit(vs
->dirty
[y
], x
);
860 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
861 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
868 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
869 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
873 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
874 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
876 vs
->force_update
= 0;
881 vnc_disconnect_finish(vs
);
887 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
889 VncState
*vs
= opaque
;
892 case AUD_CNOTIFY_DISABLE
:
893 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
894 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
895 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
899 case AUD_CNOTIFY_ENABLE
:
900 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
901 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
902 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
908 static void audio_capture_destroy(void *opaque
)
912 static void audio_capture(void *opaque
, void *buf
, int size
)
914 VncState
*vs
= opaque
;
916 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
917 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
918 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
919 vnc_write_u32(vs
, size
);
920 vnc_write(vs
, buf
, size
);
924 static void audio_add(VncState
*vs
)
926 struct audio_capture_ops ops
;
929 monitor_printf(default_mon
, "audio already running\n");
933 ops
.notify
= audio_capture_notify
;
934 ops
.destroy
= audio_capture_destroy
;
935 ops
.capture
= audio_capture
;
937 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
938 if (!vs
->audio_cap
) {
939 monitor_printf(default_mon
, "Failed to add audio capture\n");
943 static void audio_del(VncState
*vs
)
946 AUD_del_capture(vs
->audio_cap
, vs
);
947 vs
->audio_cap
= NULL
;
951 static void vnc_disconnect_start(VncState
*vs
)
955 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
956 closesocket(vs
->csock
);
960 static void vnc_disconnect_finish(VncState
*vs
)
962 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
964 if (vs
->input
.buffer
) {
965 qemu_free(vs
->input
.buffer
);
966 vs
->input
.buffer
= NULL
;
968 if (vs
->output
.buffer
) {
969 qemu_free(vs
->output
.buffer
);
970 vs
->output
.buffer
= NULL
;
973 qobject_decref(vs
->info
);
975 #ifdef CONFIG_VNC_TLS
976 vnc_tls_client_cleanup(vs
);
977 #endif /* CONFIG_VNC_TLS */
978 #ifdef CONFIG_VNC_SASL
979 vnc_sasl_client_cleanup(vs
);
980 #endif /* CONFIG_VNC_SASL */
983 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
985 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
989 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
990 vnc_remove_timer(vs
->vd
);
991 if (vs
->vd
->lock_key_sync
)
992 qemu_remove_led_event_handler(vs
->led
);
996 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
998 if (ret
== 0 || ret
== -1) {
1000 switch (last_errno
) {
1004 case WSAEWOULDBLOCK
:
1012 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1013 ret
, ret
< 0 ? last_errno
: 0);
1014 vnc_disconnect_start(vs
);
1022 void vnc_client_error(VncState
*vs
)
1024 VNC_DEBUG("Closing down client sock: protocol error\n");
1025 vnc_disconnect_start(vs
);
1030 * Called to write a chunk of data to the client socket. The data may
1031 * be the raw data, or may have already been encoded by SASL.
1032 * The data will be written either straight onto the socket, or
1033 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1035 * NB, it is theoretically possible to have 2 layers of encryption,
1036 * both SASL, and this TLS layer. It is highly unlikely in practice
1037 * though, since SASL encryption will typically be a no-op if TLS
1040 * Returns the number of bytes written, which may be less than
1041 * the requested 'datalen' if the socket would block. Returns
1042 * -1 on error, and disconnects the client socket.
1044 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1047 #ifdef CONFIG_VNC_TLS
1048 if (vs
->tls
.session
) {
1049 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1051 if (ret
== GNUTLS_E_AGAIN
)
1058 #endif /* CONFIG_VNC_TLS */
1059 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1060 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1061 return vnc_client_io_error(vs
, ret
, socket_error());
1066 * Called to write buffered data to the client socket, when not
1067 * using any SASL SSF encryption layers. Will write as much data
1068 * as possible without blocking. If all buffered data is written,
1069 * will switch the FD poll() handler back to read monitoring.
1071 * Returns the number of bytes written, which may be less than
1072 * the buffered output data if the socket would block. Returns
1073 * -1 on error, and disconnects the client socket.
1075 static long vnc_client_write_plain(VncState
*vs
)
1079 #ifdef CONFIG_VNC_SASL
1080 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1081 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1082 vs
->sasl
.waitWriteSSF
);
1084 if (vs
->sasl
.conn
&&
1086 vs
->sasl
.waitWriteSSF
) {
1087 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1089 vs
->sasl
.waitWriteSSF
-= ret
;
1091 #endif /* CONFIG_VNC_SASL */
1092 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1096 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1097 vs
->output
.offset
-= ret
;
1099 if (vs
->output
.offset
== 0) {
1100 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1108 * First function called whenever there is data to be written to
1109 * the client socket. Will delegate actual work according to whether
1110 * SASL SSF layers are enabled (thus requiring encryption calls)
1112 void vnc_client_write(void *opaque
)
1114 VncState
*vs
= opaque
;
1116 #ifdef CONFIG_VNC_SASL
1117 if (vs
->sasl
.conn
&&
1119 !vs
->sasl
.waitWriteSSF
) {
1120 vnc_client_write_sasl(vs
);
1122 #endif /* CONFIG_VNC_SASL */
1123 vnc_client_write_plain(vs
);
1126 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1128 vs
->read_handler
= func
;
1129 vs
->read_handler_expect
= expecting
;
1134 * Called to read a chunk of data from the client socket. The data may
1135 * be the raw data, or may need to be further decoded by SASL.
1136 * The data will be read either straight from to the socket, or
1137 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1139 * NB, it is theoretically possible to have 2 layers of encryption,
1140 * both SASL, and this TLS layer. It is highly unlikely in practice
1141 * though, since SASL encryption will typically be a no-op if TLS
1144 * Returns the number of bytes read, which may be less than
1145 * the requested 'datalen' if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1148 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1151 #ifdef CONFIG_VNC_TLS
1152 if (vs
->tls
.session
) {
1153 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1155 if (ret
== GNUTLS_E_AGAIN
)
1162 #endif /* CONFIG_VNC_TLS */
1163 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1164 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1165 return vnc_client_io_error(vs
, ret
, socket_error());
1170 * Called to read data from the client socket to the input buffer,
1171 * when not using any SASL SSF encryption layers. Will read as much
1172 * data as possible without blocking.
1174 * Returns the number of bytes read. Returns -1 on error, and
1175 * disconnects the client socket.
1177 static long vnc_client_read_plain(VncState
*vs
)
1180 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1181 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1182 buffer_reserve(&vs
->input
, 4096);
1183 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1186 vs
->input
.offset
+= ret
;
1192 * First function called whenever there is more data to be read from
1193 * the client socket. Will delegate actual work according to whether
1194 * SASL SSF layers are enabled (thus requiring decryption calls)
1196 void vnc_client_read(void *opaque
)
1198 VncState
*vs
= opaque
;
1201 #ifdef CONFIG_VNC_SASL
1202 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1203 ret
= vnc_client_read_sasl(vs
);
1205 #endif /* CONFIG_VNC_SASL */
1206 ret
= vnc_client_read_plain(vs
);
1208 if (vs
->csock
== -1)
1209 vnc_disconnect_finish(vs
);
1213 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1214 size_t len
= vs
->read_handler_expect
;
1217 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1218 if (vs
->csock
== -1) {
1219 vnc_disconnect_finish(vs
);
1224 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1225 vs
->input
.offset
-= len
;
1227 vs
->read_handler_expect
= ret
;
1232 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1234 buffer_reserve(&vs
->output
, len
);
1236 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1237 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1240 buffer_append(&vs
->output
, data
, len
);
1243 void vnc_write_s32(VncState
*vs
, int32_t value
)
1245 vnc_write_u32(vs
, *(uint32_t *)&value
);
1248 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1252 buf
[0] = (value
>> 24) & 0xFF;
1253 buf
[1] = (value
>> 16) & 0xFF;
1254 buf
[2] = (value
>> 8) & 0xFF;
1255 buf
[3] = value
& 0xFF;
1257 vnc_write(vs
, buf
, 4);
1260 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1264 buf
[0] = (value
>> 8) & 0xFF;
1265 buf
[1] = value
& 0xFF;
1267 vnc_write(vs
, buf
, 2);
1270 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1272 vnc_write(vs
, (char *)&value
, 1);
1275 void vnc_flush(VncState
*vs
)
1277 if (vs
->csock
!= -1 && vs
->output
.offset
)
1278 vnc_client_write(vs
);
1281 uint8_t read_u8(uint8_t *data
, size_t offset
)
1283 return data
[offset
];
1286 uint16_t read_u16(uint8_t *data
, size_t offset
)
1288 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1291 int32_t read_s32(uint8_t *data
, size_t offset
)
1293 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1294 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1297 uint32_t read_u32(uint8_t *data
, size_t offset
)
1299 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1300 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1303 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1307 static void check_pointer_type_change(Notifier
*notifier
)
1309 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1310 int absolute
= kbd_mouse_is_absolute();
1312 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1313 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1314 vnc_write_u8(vs
, 0);
1315 vnc_write_u16(vs
, 1);
1316 vnc_framebuffer_update(vs
, absolute
, 0,
1317 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1318 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1321 vs
->absolute
= absolute
;
1324 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1329 if (button_mask
& 0x01)
1330 buttons
|= MOUSE_EVENT_LBUTTON
;
1331 if (button_mask
& 0x02)
1332 buttons
|= MOUSE_EVENT_MBUTTON
;
1333 if (button_mask
& 0x04)
1334 buttons
|= MOUSE_EVENT_RBUTTON
;
1335 if (button_mask
& 0x08)
1337 if (button_mask
& 0x10)
1341 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1342 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1343 ds_get_height(vs
->ds
) > 1 ?
1344 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1346 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1350 kbd_mouse_event(x
, y
, dz
, buttons
);
1352 if (vs
->last_x
!= -1)
1353 kbd_mouse_event(x
- vs
->last_x
,
1361 static void reset_keys(VncState
*vs
)
1364 for(i
= 0; i
< 256; i
++) {
1365 if (vs
->modifiers_state
[i
]) {
1366 if (i
& SCANCODE_GREY
)
1367 kbd_put_keycode(SCANCODE_EMUL0
);
1368 kbd_put_keycode(i
| SCANCODE_UP
);
1369 vs
->modifiers_state
[i
] = 0;
1374 static void press_key(VncState
*vs
, int keysym
)
1376 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1377 if (keycode
& SCANCODE_GREY
)
1378 kbd_put_keycode(SCANCODE_EMUL0
);
1379 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1380 if (keycode
& SCANCODE_GREY
)
1381 kbd_put_keycode(SCANCODE_EMUL0
);
1382 kbd_put_keycode(keycode
| SCANCODE_UP
);
1385 static void kbd_leds(void *opaque
, int ledstate
)
1387 VncState
*vs
= opaque
;
1390 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1391 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1393 if (vs
->modifiers_state
[0x3a] != caps
) {
1394 vs
->modifiers_state
[0x3a] = caps
;
1396 if (vs
->modifiers_state
[0x45] != num
) {
1397 vs
->modifiers_state
[0x45] = num
;
1401 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1403 /* QEMU console switch */
1405 case 0x2a: /* Left Shift */
1406 case 0x36: /* Right Shift */
1407 case 0x1d: /* Left CTRL */
1408 case 0x9d: /* Right CTRL */
1409 case 0x38: /* Left ALT */
1410 case 0xb8: /* Right ALT */
1412 vs
->modifiers_state
[keycode
] = 1;
1414 vs
->modifiers_state
[keycode
] = 0;
1416 case 0x02 ... 0x0a: /* '1' to '9' keys */
1417 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1418 /* Reset the modifiers sent to the current console */
1420 console_select(keycode
- 0x02);
1424 case 0x3a: /* CapsLock */
1425 case 0x45: /* NumLock */
1427 vs
->modifiers_state
[keycode
] ^= 1;
1431 if (vs
->vd
->lock_key_sync
&&
1432 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1433 /* If the numlock state needs to change then simulate an additional
1434 keypress before sending this one. This will happen if the user
1435 toggles numlock away from the VNC window.
1437 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1438 if (!vs
->modifiers_state
[0x45]) {
1439 vs
->modifiers_state
[0x45] = 1;
1440 press_key(vs
, 0xff7f);
1443 if (vs
->modifiers_state
[0x45]) {
1444 vs
->modifiers_state
[0x45] = 0;
1445 press_key(vs
, 0xff7f);
1450 if (vs
->vd
->lock_key_sync
&&
1451 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1452 /* If the capslock state needs to change then simulate an additional
1453 keypress before sending this one. This will happen if the user
1454 toggles capslock away from the VNC window.
1456 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1457 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1458 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1460 if (uppercase
== shift
) {
1461 vs
->modifiers_state
[0x3a] = 0;
1462 press_key(vs
, 0xffe5);
1465 if (uppercase
!= shift
) {
1466 vs
->modifiers_state
[0x3a] = 1;
1467 press_key(vs
, 0xffe5);
1472 if (is_graphic_console()) {
1473 if (keycode
& SCANCODE_GREY
)
1474 kbd_put_keycode(SCANCODE_EMUL0
);
1476 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1478 kbd_put_keycode(keycode
| SCANCODE_UP
);
1480 /* QEMU console emulation */
1482 int numlock
= vs
->modifiers_state
[0x45];
1484 case 0x2a: /* Left Shift */
1485 case 0x36: /* Right Shift */
1486 case 0x1d: /* Left CTRL */
1487 case 0x9d: /* Right CTRL */
1488 case 0x38: /* Left ALT */
1489 case 0xb8: /* Right ALT */
1492 kbd_put_keysym(QEMU_KEY_UP
);
1495 kbd_put_keysym(QEMU_KEY_DOWN
);
1498 kbd_put_keysym(QEMU_KEY_LEFT
);
1501 kbd_put_keysym(QEMU_KEY_RIGHT
);
1504 kbd_put_keysym(QEMU_KEY_DELETE
);
1507 kbd_put_keysym(QEMU_KEY_HOME
);
1510 kbd_put_keysym(QEMU_KEY_END
);
1513 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1516 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1520 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1523 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1526 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1529 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1532 kbd_put_keysym('5');
1535 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1538 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1541 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1544 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1547 kbd_put_keysym('0');
1550 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1554 kbd_put_keysym('/');
1557 kbd_put_keysym('*');
1560 kbd_put_keysym('-');
1563 kbd_put_keysym('+');
1566 kbd_put_keysym('\n');
1570 kbd_put_keysym(sym
);
1577 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1582 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1583 lsym
= lsym
- 'A' + 'a';
1586 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1587 do_key_event(vs
, down
, keycode
, sym
);
1590 static void ext_key_event(VncState
*vs
, int down
,
1591 uint32_t sym
, uint16_t keycode
)
1593 /* if the user specifies a keyboard layout, always use it */
1594 if (keyboard_layout
)
1595 key_event(vs
, down
, sym
);
1597 do_key_event(vs
, down
, keycode
, sym
);
1600 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1601 int x_position
, int y_position
,
1604 if (y_position
> ds_get_height(vs
->ds
))
1605 y_position
= ds_get_height(vs
->ds
);
1606 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1607 h
= ds_get_height(vs
->ds
) - y_position
;
1610 vs
->need_update
= 1;
1612 vs
->force_update
= 1;
1613 for (i
= 0; i
< h
; i
++) {
1614 vnc_set_bits(vs
->dirty
[y_position
+ i
],
1615 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1620 static void send_ext_key_event_ack(VncState
*vs
)
1622 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1623 vnc_write_u8(vs
, 0);
1624 vnc_write_u16(vs
, 1);
1625 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1626 VNC_ENCODING_EXT_KEY_EVENT
);
1630 static void send_ext_audio_ack(VncState
*vs
)
1632 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1633 vnc_write_u8(vs
, 0);
1634 vnc_write_u16(vs
, 1);
1635 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1636 VNC_ENCODING_AUDIO
);
1640 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1643 unsigned int enc
= 0;
1647 vs
->vnc_encoding
= 0;
1648 vs
->tight_compression
= 9;
1649 vs
->tight_quality
= 9;
1652 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1655 case VNC_ENCODING_RAW
:
1656 vs
->vnc_encoding
= enc
;
1658 case VNC_ENCODING_COPYRECT
:
1659 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1661 case VNC_ENCODING_HEXTILE
:
1662 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1663 vs
->vnc_encoding
= enc
;
1665 case VNC_ENCODING_ZLIB
:
1666 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1667 vs
->vnc_encoding
= enc
;
1669 case VNC_ENCODING_DESKTOPRESIZE
:
1670 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1672 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1673 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1675 case VNC_ENCODING_RICH_CURSOR
:
1676 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1678 case VNC_ENCODING_EXT_KEY_EVENT
:
1679 send_ext_key_event_ack(vs
);
1681 case VNC_ENCODING_AUDIO
:
1682 send_ext_audio_ack(vs
);
1684 case VNC_ENCODING_WMVi
:
1685 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1687 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1688 vs
->tight_compression
= (enc
& 0x0F);
1690 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1691 vs
->tight_quality
= (enc
& 0x0F);
1694 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1698 check_pointer_type_change(&vs
->mouse_mode_notifier
);
1701 static void set_pixel_conversion(VncState
*vs
)
1703 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1704 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1705 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1706 vs
->write_pixels
= vnc_write_pixels_copy
;
1707 vnc_hextile_set_pixel_conversion(vs
, 0);
1709 vs
->write_pixels
= vnc_write_pixels_generic
;
1710 vnc_hextile_set_pixel_conversion(vs
, 1);
1714 static void set_pixel_format(VncState
*vs
,
1715 int bits_per_pixel
, int depth
,
1716 int big_endian_flag
, int true_color_flag
,
1717 int red_max
, int green_max
, int blue_max
,
1718 int red_shift
, int green_shift
, int blue_shift
)
1720 if (!true_color_flag
) {
1721 vnc_client_error(vs
);
1725 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1726 vs
->clientds
.pf
.rmax
= red_max
;
1727 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1728 vs
->clientds
.pf
.rshift
= red_shift
;
1729 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1730 vs
->clientds
.pf
.gmax
= green_max
;
1731 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1732 vs
->clientds
.pf
.gshift
= green_shift
;
1733 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1734 vs
->clientds
.pf
.bmax
= blue_max
;
1735 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1736 vs
->clientds
.pf
.bshift
= blue_shift
;
1737 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1738 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1739 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1740 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1741 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1743 set_pixel_conversion(vs
);
1745 vga_hw_invalidate();
1749 static void pixel_format_message (VncState
*vs
) {
1750 char pad
[3] = { 0, 0, 0 };
1752 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1753 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1755 #ifdef HOST_WORDS_BIGENDIAN
1756 vnc_write_u8(vs
, 1); /* big-endian-flag */
1758 vnc_write_u8(vs
, 0); /* big-endian-flag */
1760 vnc_write_u8(vs
, 1); /* true-color-flag */
1761 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1762 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1763 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1764 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1765 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1766 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1768 vnc_hextile_set_pixel_conversion(vs
, 0);
1770 vs
->clientds
= *(vs
->ds
->surface
);
1771 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1772 vs
->write_pixels
= vnc_write_pixels_copy
;
1774 vnc_write(vs
, pad
, 3); /* padding */
1777 static void vnc_dpy_setdata(DisplayState
*ds
)
1779 /* We don't have to do anything */
1782 static void vnc_colordepth(VncState
*vs
)
1784 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1785 /* Sending a WMVi message to notify the client*/
1786 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1787 vnc_write_u8(vs
, 0);
1788 vnc_write_u16(vs
, 1); /* number of rects */
1789 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1790 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1791 pixel_format_message(vs
);
1794 set_pixel_conversion(vs
);
1798 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1802 VncDisplay
*vd
= vs
->vd
;
1805 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1806 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
))
1807 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
1811 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
1815 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1816 read_u8(data
, 6), read_u8(data
, 7),
1817 read_u16(data
, 8), read_u16(data
, 10),
1818 read_u16(data
, 12), read_u8(data
, 14),
1819 read_u8(data
, 15), read_u8(data
, 16));
1821 case VNC_MSG_CLIENT_SET_ENCODINGS
:
1826 limit
= read_u16(data
, 2);
1828 return 4 + (limit
* 4);
1830 limit
= read_u16(data
, 2);
1832 for (i
= 0; i
< limit
; i
++) {
1833 int32_t val
= read_s32(data
, 4 + (i
* 4));
1834 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1837 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1839 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
1843 framebuffer_update_request(vs
,
1844 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1845 read_u16(data
, 6), read_u16(data
, 8));
1847 case VNC_MSG_CLIENT_KEY_EVENT
:
1851 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1853 case VNC_MSG_CLIENT_POINTER_EVENT
:
1857 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1859 case VNC_MSG_CLIENT_CUT_TEXT
:
1864 uint32_t dlen
= read_u32(data
, 4);
1869 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1871 case VNC_MSG_CLIENT_QEMU
:
1875 switch (read_u8(data
, 1)) {
1876 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
1880 ext_key_event(vs
, read_u16(data
, 2),
1881 read_u32(data
, 4), read_u32(data
, 8));
1883 case VNC_MSG_CLIENT_QEMU_AUDIO
:
1887 switch (read_u16 (data
, 2)) {
1888 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
1891 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
1894 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
1897 switch (read_u8(data
, 4)) {
1898 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1899 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1900 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1901 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1902 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1903 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1905 printf("Invalid audio format %d\n", read_u8(data
, 4));
1906 vnc_client_error(vs
);
1909 vs
->as
.nchannels
= read_u8(data
, 5);
1910 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1911 printf("Invalid audio channel coount %d\n",
1913 vnc_client_error(vs
);
1916 vs
->as
.freq
= read_u32(data
, 6);
1919 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1920 vnc_client_error(vs
);
1926 printf("Msg: %d\n", read_u16(data
, 0));
1927 vnc_client_error(vs
);
1932 printf("Msg: %d\n", data
[0]);
1933 vnc_client_error(vs
);
1937 vnc_read_when(vs
, protocol_client_msg
, 1);
1941 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1946 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
1947 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
1949 pixel_format_message(vs
);
1952 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1954 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1956 vnc_write_u32(vs
, size
);
1957 vnc_write(vs
, buf
, size
);
1960 vnc_client_cache_auth(vs
);
1961 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
1963 vnc_read_when(vs
, protocol_client_msg
, 1);
1968 void start_client_init(VncState
*vs
)
1970 vnc_read_when(vs
, protocol_client_init
, 1);
1973 static void make_challenge(VncState
*vs
)
1977 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1979 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1980 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1983 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1985 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1987 unsigned char key
[8];
1989 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
1990 VNC_DEBUG("No password configured on server");
1991 vnc_write_u32(vs
, 1); /* Reject auth */
1992 if (vs
->minor
>= 8) {
1993 static const char err
[] = "Authentication failed";
1994 vnc_write_u32(vs
, sizeof(err
));
1995 vnc_write(vs
, err
, sizeof(err
));
1998 vnc_client_error(vs
);
2002 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2004 /* Calculate the expected challenge response */
2005 pwlen
= strlen(vs
->vd
->password
);
2006 for (i
=0; i
<sizeof(key
); i
++)
2007 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2009 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2010 des(response
+j
, response
+j
);
2012 /* Compare expected vs actual challenge response */
2013 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2014 VNC_DEBUG("Client challenge reponse did not match\n");
2015 vnc_write_u32(vs
, 1); /* Reject auth */
2016 if (vs
->minor
>= 8) {
2017 static const char err
[] = "Authentication failed";
2018 vnc_write_u32(vs
, sizeof(err
));
2019 vnc_write(vs
, err
, sizeof(err
));
2022 vnc_client_error(vs
);
2024 VNC_DEBUG("Accepting VNC challenge response\n");
2025 vnc_write_u32(vs
, 0); /* Accept auth */
2028 start_client_init(vs
);
2033 void start_auth_vnc(VncState
*vs
)
2036 /* Send client a 'random' challenge */
2037 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2040 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2044 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2046 /* We only advertise 1 auth scheme at a time, so client
2047 * must pick the one we sent. Verify this */
2048 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
2049 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2050 vnc_write_u32(vs
, 1);
2051 if (vs
->minor
>= 8) {
2052 static const char err
[] = "Authentication failed";
2053 vnc_write_u32(vs
, sizeof(err
));
2054 vnc_write(vs
, err
, sizeof(err
));
2056 vnc_client_error(vs
);
2057 } else { /* Accept requested auth */
2058 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2059 switch (vs
->vd
->auth
) {
2061 VNC_DEBUG("Accept auth none\n");
2062 if (vs
->minor
>= 8) {
2063 vnc_write_u32(vs
, 0); /* Accept auth completion */
2066 start_client_init(vs
);
2070 VNC_DEBUG("Start VNC auth\n");
2074 #ifdef CONFIG_VNC_TLS
2075 case VNC_AUTH_VENCRYPT
:
2076 VNC_DEBUG("Accept VeNCrypt auth\n");;
2077 start_auth_vencrypt(vs
);
2079 #endif /* CONFIG_VNC_TLS */
2081 #ifdef CONFIG_VNC_SASL
2083 VNC_DEBUG("Accept SASL auth\n");
2084 start_auth_sasl(vs
);
2086 #endif /* CONFIG_VNC_SASL */
2088 default: /* Should not be possible, but just in case */
2089 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
2090 vnc_write_u8(vs
, 1);
2091 if (vs
->minor
>= 8) {
2092 static const char err
[] = "Authentication failed";
2093 vnc_write_u32(vs
, sizeof(err
));
2094 vnc_write(vs
, err
, sizeof(err
));
2096 vnc_client_error(vs
);
2102 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2106 memcpy(local
, version
, 12);
2109 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2110 VNC_DEBUG("Malformed protocol version %s\n", local
);
2111 vnc_client_error(vs
);
2114 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2115 if (vs
->major
!= 3 ||
2121 VNC_DEBUG("Unsupported client version\n");
2122 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2124 vnc_client_error(vs
);
2127 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2128 * as equivalent to v3.3 by servers
2130 if (vs
->minor
== 4 || vs
->minor
== 5)
2133 if (vs
->minor
== 3) {
2134 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
2135 VNC_DEBUG("Tell client auth none\n");
2136 vnc_write_u32(vs
, vs
->vd
->auth
);
2138 start_client_init(vs
);
2139 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
2140 VNC_DEBUG("Tell client VNC auth\n");
2141 vnc_write_u32(vs
, vs
->vd
->auth
);
2145 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2146 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2148 vnc_client_error(vs
);
2151 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2152 vnc_write_u8(vs
, 1); /* num auth */
2153 vnc_write_u8(vs
, vs
->vd
->auth
);
2154 vnc_read_when(vs
, protocol_client_auth
, 1);
2161 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2165 uint8_t *server_row
;
2167 uint32_t width_mask
[VNC_DIRTY_WORDS
];
2172 * Walk through the guest dirty map.
2173 * Check and copy modified bits from guest to server surface.
2174 * Update server dirty map.
2176 vnc_set_bits(width_mask
, (ds_get_width(vd
->ds
) / 16), VNC_DIRTY_WORDS
);
2177 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2178 guest_row
= vd
->guest
.ds
->data
;
2179 server_row
= vd
->server
->data
;
2180 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2181 if (vnc_and_bits(vd
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
2184 uint8_t *server_ptr
;
2186 guest_ptr
= guest_row
;
2187 server_ptr
= server_row
;
2189 for (x
= 0; x
< vd
->guest
.ds
->width
;
2190 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2191 if (!vnc_get_bit(vd
->guest
.dirty
[y
], (x
/ 16)))
2193 vnc_clear_bit(vd
->guest
.dirty
[y
], (x
/ 16));
2194 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2196 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2197 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2198 vnc_set_bit(vs
->dirty
[y
], (x
/ 16));
2203 guest_row
+= ds_get_linesize(vd
->ds
);
2204 server_row
+= ds_get_linesize(vd
->ds
);
2209 static void vnc_refresh(void *opaque
)
2211 VncDisplay
*vd
= opaque
;
2213 int has_dirty
, rects
= 0;
2217 has_dirty
= vnc_refresh_server_surface(vd
);
2219 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2220 rects
+= vnc_update_client(vs
, has_dirty
);
2221 /* vs might be free()ed here */
2223 /* vd->timer could be NULL now if the last client disconnected,
2224 * in this case don't update the timer */
2225 if (vd
->timer
== NULL
)
2228 if (has_dirty
&& rects
) {
2229 vd
->timer_interval
/= 2;
2230 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2231 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2233 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2234 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2235 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2237 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
2240 static void vnc_init_timer(VncDisplay
*vd
)
2242 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2243 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2244 vd
->timer
= qemu_new_timer(rt_clock
, vnc_refresh
, vd
);
2249 static void vnc_remove_timer(VncDisplay
*vd
)
2251 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2252 qemu_del_timer(vd
->timer
);
2253 qemu_free_timer(vd
->timer
);
2258 static void vnc_connect(VncDisplay
*vd
, int csock
)
2260 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2263 VNC_DEBUG("New client on socket %d\n", csock
);
2265 socket_set_nonblock(vs
->csock
);
2266 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2268 vnc_client_cache_addr(vs
);
2269 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2276 vs
->as
.freq
= 44100;
2277 vs
->as
.nchannels
= 2;
2278 vs
->as
.fmt
= AUD_FMT_S16
;
2279 vs
->as
.endianness
= 0;
2281 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2285 vnc_write(vs
, "RFB 003.008\n", 12);
2287 vnc_read_when(vs
, protocol_version
, 12);
2289 if (vs
->vd
->lock_key_sync
)
2290 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2292 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2293 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2297 /* vs might be free()ed here */
2300 static void vnc_listen_read(void *opaque
)
2302 VncDisplay
*vs
= opaque
;
2303 struct sockaddr_in addr
;
2304 socklen_t addrlen
= sizeof(addr
);
2309 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2311 vnc_connect(vs
, csock
);
2315 void vnc_display_init(DisplayState
*ds
)
2317 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2319 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2328 QTAILQ_INIT(&vs
->clients
);
2330 if (keyboard_layout
)
2331 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2333 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2335 if (!vs
->kbd_layout
)
2338 dcl
->dpy_copy
= vnc_dpy_copy
;
2339 dcl
->dpy_update
= vnc_dpy_update
;
2340 dcl
->dpy_resize
= vnc_dpy_resize
;
2341 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2342 register_displaychangelistener(ds
, dcl
);
2343 ds
->mouse_set
= vnc_mouse_set
;
2344 ds
->cursor_define
= vnc_dpy_cursor_define
;
2348 void vnc_display_close(DisplayState
*ds
)
2350 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2355 qemu_free(vs
->display
);
2358 if (vs
->lsock
!= -1) {
2359 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2363 vs
->auth
= VNC_AUTH_INVALID
;
2364 #ifdef CONFIG_VNC_TLS
2365 vs
->subauth
= VNC_AUTH_INVALID
;
2366 vs
->tls
.x509verify
= 0;
2370 int vnc_display_password(DisplayState
*ds
, const char *password
)
2372 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2379 qemu_free(vs
->password
);
2380 vs
->password
= NULL
;
2382 if (password
&& password
[0]) {
2383 if (!(vs
->password
= qemu_strdup(password
)))
2385 if (vs
->auth
== VNC_AUTH_NONE
) {
2386 vs
->auth
= VNC_AUTH_VNC
;
2389 vs
->auth
= VNC_AUTH_NONE
;
2395 char *vnc_display_local_addr(DisplayState
*ds
)
2397 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2399 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2402 int vnc_display_open(DisplayState
*ds
, const char *display
)
2404 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2405 const char *options
;
2408 #ifdef CONFIG_VNC_TLS
2409 int tls
= 0, x509
= 0;
2411 #ifdef CONFIG_VNC_SASL
2416 int lock_key_sync
= 1;
2420 vnc_display_close(ds
);
2421 if (strcmp(display
, "none") == 0)
2424 if (!(vs
->display
= strdup(display
)))
2428 while ((options
= strchr(options
, ','))) {
2430 if (strncmp(options
, "password", 8) == 0) {
2431 password
= 1; /* Require password auth */
2432 } else if (strncmp(options
, "reverse", 7) == 0) {
2434 } else if (strncmp(options
, "no-lock-key-sync", 9) == 0) {
2436 #ifdef CONFIG_VNC_SASL
2437 } else if (strncmp(options
, "sasl", 4) == 0) {
2438 sasl
= 1; /* Require SASL auth */
2440 #ifdef CONFIG_VNC_TLS
2441 } else if (strncmp(options
, "tls", 3) == 0) {
2442 tls
= 1; /* Require TLS */
2443 } else if (strncmp(options
, "x509", 4) == 0) {
2445 x509
= 1; /* Require x509 certificates */
2446 if (strncmp(options
, "x509verify", 10) == 0)
2447 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2449 /* Now check for 'x509=/some/path' postfix
2450 * and use that to setup x509 certificate/key paths */
2451 start
= strchr(options
, '=');
2452 end
= strchr(options
, ',');
2453 if (start
&& (!end
|| (start
< end
))) {
2454 int len
= end
? end
-(start
+1) : strlen(start
+1);
2455 char *path
= qemu_strndup(start
+ 1, len
);
2457 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2458 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2459 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2461 qemu_free(vs
->display
);
2467 fprintf(stderr
, "No certificate path provided\n");
2468 qemu_free(vs
->display
);
2473 } else if (strncmp(options
, "acl", 3) == 0) {
2478 #ifdef CONFIG_VNC_TLS
2479 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2480 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2481 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2486 #ifdef CONFIG_VNC_SASL
2488 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2489 fprintf(stderr
, "Failed to create username ACL\n");
2496 * Combinations we support here:
2498 * - no-auth (clear text, no auth)
2499 * - password (clear text, weak auth)
2500 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2501 * - tls (encrypt, weak anonymous creds, no auth)
2502 * - tls + password (encrypt, weak anonymous creds, weak auth)
2503 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2504 * - tls + x509 (encrypt, good x509 creds, no auth)
2505 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2506 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2508 * NB1. TLS is a stackable auth scheme.
2509 * NB2. the x509 schemes have option to validate a client cert dname
2512 #ifdef CONFIG_VNC_TLS
2514 vs
->auth
= VNC_AUTH_VENCRYPT
;
2516 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2517 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2519 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2520 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2523 #endif /* CONFIG_VNC_TLS */
2524 VNC_DEBUG("Initializing VNC server with password auth\n");
2525 vs
->auth
= VNC_AUTH_VNC
;
2526 #ifdef CONFIG_VNC_TLS
2527 vs
->subauth
= VNC_AUTH_INVALID
;
2529 #endif /* CONFIG_VNC_TLS */
2530 #ifdef CONFIG_VNC_SASL
2532 #ifdef CONFIG_VNC_TLS
2534 vs
->auth
= VNC_AUTH_VENCRYPT
;
2536 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2537 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2539 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2540 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2543 #endif /* CONFIG_VNC_TLS */
2544 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2545 vs
->auth
= VNC_AUTH_SASL
;
2546 #ifdef CONFIG_VNC_TLS
2547 vs
->subauth
= VNC_AUTH_INVALID
;
2549 #endif /* CONFIG_VNC_TLS */
2550 #endif /* CONFIG_VNC_SASL */
2552 #ifdef CONFIG_VNC_TLS
2554 vs
->auth
= VNC_AUTH_VENCRYPT
;
2556 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2557 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2559 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2560 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2564 VNC_DEBUG("Initializing VNC server with no auth\n");
2565 vs
->auth
= VNC_AUTH_NONE
;
2566 #ifdef CONFIG_VNC_TLS
2567 vs
->subauth
= VNC_AUTH_INVALID
;
2572 #ifdef CONFIG_VNC_SASL
2573 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2574 fprintf(stderr
, "Failed to initialize SASL auth %s",
2575 sasl_errstring(saslErr
, NULL
, NULL
));
2581 vs
->lock_key_sync
= lock_key_sync
;
2584 /* connect to viewer */
2585 if (strncmp(display
, "unix:", 5) == 0)
2586 vs
->lsock
= unix_connect(display
+5);
2588 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2589 if (-1 == vs
->lsock
) {
2594 int csock
= vs
->lsock
;
2596 vnc_connect(vs
, csock
);
2601 /* listen for connects */
2603 dpy
= qemu_malloc(256);
2604 if (strncmp(display
, "unix:", 5) == 0) {
2605 pstrcpy(dpy
, 256, "unix:");
2606 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2608 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2610 if (-1 == vs
->lsock
) {
2618 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);