2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
33 #include "qemu-objects.h"
35 #define VNC_REFRESH_INTERVAL_BASE 30
36 #define VNC_REFRESH_INTERVAL_INC 50
37 #define VNC_REFRESH_INTERVAL_MAX 2000
39 #include "vnc_keysym.h"
42 #define count_bits(c, v) { \
43 for (c = 0; v; v >>= 1) \
49 static VncDisplay
*vnc_display
; /* needed for info vnc */
50 static DisplayChangeListener
*dcl
;
52 static int vnc_cursor_define(VncState
*vs
);
54 static char *addr_to_string(const char *format
,
55 struct sockaddr_storage
*sa
,
58 char host
[NI_MAXHOST
];
59 char serv
[NI_MAXSERV
];
63 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
66 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err
, gai_strerror(err
));
72 /* Enough for the existing format + the 2 vars we're
74 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
75 addr
= qemu_malloc(addrlen
+ 1);
76 snprintf(addr
, addrlen
, format
, host
, serv
);
83 char *vnc_socket_local_addr(const char *format
, int fd
) {
84 struct sockaddr_storage sa
;
88 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
91 return addr_to_string(format
, &sa
, salen
);
94 char *vnc_socket_remote_addr(const char *format
, int fd
) {
95 struct sockaddr_storage sa
;
99 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
102 return addr_to_string(format
, &sa
, salen
);
105 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
108 char host
[NI_MAXHOST
];
109 char serv
[NI_MAXSERV
];
112 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
115 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err
, gai_strerror(err
));
121 qdict_put(qdict
, "host", qstring_from_str(host
));
122 qdict_put(qdict
, "service", qstring_from_str(serv
));
123 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
128 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
130 struct sockaddr_storage sa
;
134 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
138 return put_addr_qdict(qdict
, &sa
, salen
);
141 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
143 struct sockaddr_storage sa
;
147 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
151 return put_addr_qdict(qdict
, &sa
, salen
);
154 static const char *vnc_auth_name(VncDisplay
*vd
) {
156 case VNC_AUTH_INVALID
:
172 case VNC_AUTH_VENCRYPT
:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd
->subauth
) {
175 case VNC_AUTH_VENCRYPT_PLAIN
:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE
:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC
:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE
:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC
:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN
:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL
:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL
:
192 return "vencrypt+x509+sasl";
205 static int vnc_server_info_put(QDict
*qdict
)
207 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
211 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
215 static void vnc_client_cache_auth(VncState
*client
)
223 qdict
= qobject_to_qdict(client
->info
);
225 #ifdef CONFIG_VNC_TLS
226 if (client
->tls
.session
&&
228 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
231 #ifdef CONFIG_VNC_SASL
232 if (client
->sasl
.conn
&&
233 client
->sasl
.username
) {
234 qdict_put(qdict
, "sasl_username",
235 qstring_from_str(client
->sasl
.username
));
240 static void vnc_client_cache_addr(VncState
*client
)
245 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
247 /* XXX: how to report the error? */
251 client
->info
= QOBJECT(qdict
);
254 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
263 server
= qdict_new();
264 if (vnc_server_info_put(server
) < 0) {
269 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs
->info
, QOBJECT(server
));
272 monitor_protocol_event(event
, data
);
274 qobject_incref(vs
->info
);
275 qobject_decref(data
);
278 static void info_vnc_iter(QObject
*obj
, void *opaque
)
281 Monitor
*mon
= opaque
;
283 client
= qobject_to_qdict(obj
);
284 monitor_printf(mon
, "Client:\n");
285 monitor_printf(mon
, " address: %s:%s\n",
286 qdict_get_str(client
, "host"),
287 qdict_get_str(client
, "service"));
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon
, " x509_dname: %s\n",
291 qdict_haskey(client
, "x509_dname") ?
292 qdict_get_str(client
, "x509_dname") : "none");
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon
, " username: %s\n",
296 qdict_haskey(client
, "sasl_username") ?
297 qdict_get_str(client
, "sasl_username") : "none");
301 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
306 server
= qobject_to_qdict(data
);
307 if (qdict_get_bool(server
, "enabled") == 0) {
308 monitor_printf(mon
, "Server: disabled\n");
312 monitor_printf(mon
, "Server:\n");
313 monitor_printf(mon
, " address: %s:%s\n",
314 qdict_get_str(server
, "host"),
315 qdict_get_str(server
, "service"));
316 monitor_printf(mon
, " auth: %s\n", qdict_get_str(server
, "auth"));
318 clients
= qdict_get_qlist(server
, "clients");
319 if (qlist_empty(clients
)) {
320 monitor_printf(mon
, "Client: none\n");
322 qlist_iter(clients
, info_vnc_iter
, mon
);
326 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
328 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
329 *ret_data
= qobject_from_jsonf("{ 'enabled': false }");
335 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
337 /* incref so that it's not freed by upper layers */
338 qobject_incref(client
->info
);
339 qlist_append_obj(clist
, client
->info
);
343 *ret_data
= qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
345 assert(*ret_data
!= NULL
);
347 if (vnc_server_info_put(qobject_to_qdict(*ret_data
)) < 0) {
348 qobject_decref(*ret_data
);
355 1) Get the queue working for IO.
356 2) there is some weirdness when using the -S option (the screen is grey
357 and not totally invalidated
358 3) resolutions > 1024
361 static int vnc_update_client(VncState
*vs
, int has_dirty
);
362 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
);
363 static void vnc_disconnect_start(VncState
*vs
);
364 static void vnc_disconnect_finish(VncState
*vs
);
365 static void vnc_init_timer(VncDisplay
*vd
);
366 static void vnc_remove_timer(VncDisplay
*vd
);
368 static void vnc_colordepth(VncState
*vs
);
369 static void framebuffer_update_request(VncState
*vs
, int incremental
,
370 int x_position
, int y_position
,
372 static void vnc_refresh(void *opaque
);
373 static int vnc_refresh_server_surface(VncDisplay
*vd
);
375 static inline void vnc_set_bit(uint32_t *d
, int k
)
377 d
[k
>> 5] |= 1 << (k
& 0x1f);
380 static inline void vnc_clear_bit(uint32_t *d
, int k
)
382 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
385 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
395 d
[j
++] = (1 << n
) - 1;
400 static inline int vnc_get_bit(const uint32_t *d
, int k
)
402 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
405 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
409 for(i
= 0; i
< nb_words
; i
++) {
410 if ((d1
[i
] & d2
[i
]) != 0)
416 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
419 VncDisplay
*vd
= ds
->opaque
;
420 struct VncSurface
*s
= &vd
->guest
;
424 /* round x down to ensure the loop only spans one 16-pixel block per,
425 iteration. otherwise, if (x % 16) != 0, the last iteration may span
426 two 16-pixel blocks but we only mark the first as dirty
431 x
= MIN(x
, s
->ds
->width
);
432 y
= MIN(y
, s
->ds
->height
);
433 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
434 h
= MIN(h
, s
->ds
->height
);
437 for (i
= 0; i
< w
; i
+= 16)
438 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
441 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
444 vnc_write_u16(vs
, x
);
445 vnc_write_u16(vs
, y
);
446 vnc_write_u16(vs
, w
);
447 vnc_write_u16(vs
, h
);
449 vnc_write_s32(vs
, encoding
);
452 void buffer_reserve(Buffer
*buffer
, size_t len
)
454 if ((buffer
->capacity
- buffer
->offset
) < len
) {
455 buffer
->capacity
+= (len
+ 1024);
456 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
457 if (buffer
->buffer
== NULL
) {
458 fprintf(stderr
, "vnc: out of memory\n");
464 int buffer_empty(Buffer
*buffer
)
466 return buffer
->offset
== 0;
469 uint8_t *buffer_end(Buffer
*buffer
)
471 return buffer
->buffer
+ buffer
->offset
;
474 void buffer_reset(Buffer
*buffer
)
479 void buffer_free(Buffer
*buffer
)
481 qemu_free(buffer
->buffer
);
483 buffer
->capacity
= 0;
484 buffer
->buffer
= NULL
;
487 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
489 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
490 buffer
->offset
+= len
;
493 static void vnc_desktop_resize(VncState
*vs
)
495 DisplayState
*ds
= vs
->ds
;
497 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
500 if (vs
->client_width
== ds_get_width(ds
) &&
501 vs
->client_height
== ds_get_height(ds
)) {
504 vs
->client_width
= ds_get_width(ds
);
505 vs
->client_height
= ds_get_height(ds
);
507 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
509 vnc_write_u16(vs
, 1); /* number of rects */
510 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
511 VNC_ENCODING_DESKTOPRESIZE
);
512 vnc_unlock_output(vs
);
516 #ifdef CONFIG_VNC_THREAD
517 static void vnc_abort_display_jobs(VncDisplay
*vd
)
521 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
524 vnc_unlock_output(vs
);
526 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
529 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
532 vnc_unlock_output(vs
);
536 static void vnc_abort_display_jobs(VncDisplay
*vd
)
541 static void vnc_dpy_resize(DisplayState
*ds
)
543 VncDisplay
*vd
= ds
->opaque
;
546 vnc_abort_display_jobs(vd
);
550 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
551 if (vd
->server
->data
)
552 qemu_free(vd
->server
->data
);
553 *(vd
->server
) = *(ds
->surface
);
554 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
559 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
560 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
561 console_color_init(ds
);
562 *(vd
->guest
.ds
) = *(ds
->surface
);
563 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
565 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
567 vnc_desktop_resize(vs
);
568 if (vs
->vd
->cursor
) {
569 vnc_cursor_define(vs
);
571 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
576 static void vnc_write_pixels_copy(VncState
*vs
, struct PixelFormat
*pf
,
577 void *pixels
, int size
)
579 vnc_write(vs
, pixels
, size
);
582 /* slowest but generic code. */
583 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
586 VncDisplay
*vd
= vs
->vd
;
588 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
589 vd
->server
->pf
.rbits
);
590 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
591 vd
->server
->pf
.gbits
);
592 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
593 vd
->server
->pf
.bbits
);
594 v
= (r
<< vs
->clientds
.pf
.rshift
) |
595 (g
<< vs
->clientds
.pf
.gshift
) |
596 (b
<< vs
->clientds
.pf
.bshift
);
597 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
602 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
612 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
627 static void vnc_write_pixels_generic(VncState
*vs
, struct PixelFormat
*pf
,
628 void *pixels1
, int size
)
632 if (pf
->bytes_per_pixel
== 4) {
633 uint32_t *pixels
= pixels1
;
636 for(i
= 0; i
< n
; i
++) {
637 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
638 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
640 } else if (pf
->bytes_per_pixel
== 2) {
641 uint16_t *pixels
= pixels1
;
644 for(i
= 0; i
< n
; i
++) {
645 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
646 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
648 } else if (pf
->bytes_per_pixel
== 1) {
649 uint8_t *pixels
= pixels1
;
652 for(i
= 0; i
< n
; i
++) {
653 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
654 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
657 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
661 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
665 VncDisplay
*vd
= vs
->vd
;
667 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
668 for (i
= 0; i
< h
; i
++) {
669 vs
->write_pixels(vs
, &vd
->server
->pf
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
670 row
+= ds_get_linesize(vs
->ds
);
675 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
679 switch(vs
->vnc_encoding
) {
680 case VNC_ENCODING_ZLIB
:
681 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
683 case VNC_ENCODING_HEXTILE
:
684 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
685 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
687 case VNC_ENCODING_TIGHT
:
688 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
690 case VNC_ENCODING_TIGHT_PNG
:
691 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
694 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
695 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
701 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
703 /* send bitblit op to the vnc client */
705 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
707 vnc_write_u16(vs
, 1); /* number of rects */
708 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
709 vnc_write_u16(vs
, src_x
);
710 vnc_write_u16(vs
, src_y
);
711 vnc_unlock_output(vs
);
715 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
717 VncDisplay
*vd
= ds
->opaque
;
721 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
724 vnc_refresh_server_surface(vd
);
725 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
726 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
727 vs
->force_update
= 1;
728 vnc_update_client_sync(vs
, 1);
729 /* vs might be free()ed here */
733 /* do bitblit op on the local surface too */
734 pitch
= ds_get_linesize(vd
->ds
);
735 depth
= ds_get_bytes_per_pixel(vd
->ds
);
736 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
737 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
742 src_row
+= pitch
* (h
-1);
743 dst_row
+= pitch
* (h
-1);
748 w_lim
= w
- (16 - (dst_x
% 16));
752 w_lim
= w
- (w_lim
% 16);
753 for (i
= 0; i
< h
; i
++) {
754 for (x
= 0; x
<= w_lim
;
755 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
757 if ((s
= w
- w_lim
) == 0)
760 s
= (16 - (dst_x
% 16));
765 cmp_bytes
= s
* depth
;
766 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
768 memmove(dst_row
, src_row
, cmp_bytes
);
769 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
770 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
771 vnc_set_bit(vs
->dirty
[y
], ((x
+ dst_x
) / 16));
775 src_row
+= pitch
- w
* depth
;
776 dst_row
+= pitch
- w
* depth
;
780 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
781 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
782 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
787 static void vnc_mouse_set(int x
, int y
, int visible
)
789 /* can we ask the client(s) to move the pointer ??? */
792 static int vnc_cursor_define(VncState
*vs
)
794 QEMUCursor
*c
= vs
->vd
->cursor
;
795 PixelFormat pf
= qemu_default_pixelformat(32);
798 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
799 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
800 vnc_write_u8(vs
, 0); /* padding */
801 vnc_write_u16(vs
, 1); /* # of rects */
802 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
803 VNC_ENCODING_RICH_CURSOR
);
804 isize
= c
->width
* c
->height
* vs
->clientds
.pf
.bytes_per_pixel
;
805 vnc_write_pixels_generic(vs
, &pf
, c
->data
, isize
);
806 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
812 static void vnc_dpy_cursor_define(QEMUCursor
*c
)
814 VncDisplay
*vd
= vnc_display
;
817 cursor_put(vd
->cursor
);
818 qemu_free(vd
->cursor_mask
);
821 cursor_get(vd
->cursor
);
822 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
823 vd
->cursor_mask
= qemu_mallocz(vd
->cursor_msize
);
824 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
826 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
827 vnc_cursor_define(vs
);
831 static int find_and_clear_dirty_height(struct VncState
*vs
,
832 int y
, int last_x
, int x
)
835 VncDisplay
*vd
= vs
->vd
;
837 for (h
= 1; h
< (vd
->server
->height
- y
); h
++) {
839 if (!vnc_get_bit(vs
->dirty
[y
+ h
], last_x
))
841 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
842 vnc_clear_bit(vs
->dirty
[y
+ h
], tmp_x
);
848 #ifdef CONFIG_VNC_THREAD
849 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
851 int ret
= vnc_update_client(vs
, has_dirty
);
856 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
858 return vnc_update_client(vs
, has_dirty
);
862 static int vnc_update_client(VncState
*vs
, int has_dirty
)
864 if (vs
->need_update
&& vs
->csock
!= -1) {
865 VncDisplay
*vd
= vs
->vd
;
872 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
873 /* kernel send buffers are full -> drop frames to throttle */
876 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
880 * Send screen updates to the vnc client using the server
881 * surface and server dirty map. guest surface updates
882 * happening in parallel don't disturb us, the next pass will
883 * send them to the client.
885 job
= vnc_job_new(vs
);
887 width
= MIN(vd
->server
->width
, vs
->client_width
);
888 height
= MIN(vd
->server
->height
, vs
->client_height
);
890 for (y
= 0; y
< height
; y
++) {
893 for (x
= 0; x
< width
/ 16; x
++) {
894 if (vnc_get_bit(vs
->dirty
[y
], x
)) {
898 vnc_clear_bit(vs
->dirty
[y
], x
);
901 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
903 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
904 (x
- last_x
) * 16, h
);
910 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
911 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
912 (x
- last_x
) * 16, h
);
917 vs
->force_update
= 0;
922 vnc_disconnect_finish(vs
);
928 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
930 VncState
*vs
= opaque
;
933 case AUD_CNOTIFY_DISABLE
:
935 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
936 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
937 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
938 vnc_unlock_output(vs
);
942 case AUD_CNOTIFY_ENABLE
:
944 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
945 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
946 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
947 vnc_unlock_output(vs
);
953 static void audio_capture_destroy(void *opaque
)
957 static void audio_capture(void *opaque
, void *buf
, int size
)
959 VncState
*vs
= opaque
;
962 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
963 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
964 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
965 vnc_write_u32(vs
, size
);
966 vnc_write(vs
, buf
, size
);
967 vnc_unlock_output(vs
);
971 static void audio_add(VncState
*vs
)
973 struct audio_capture_ops ops
;
976 monitor_printf(default_mon
, "audio already running\n");
980 ops
.notify
= audio_capture_notify
;
981 ops
.destroy
= audio_capture_destroy
;
982 ops
.capture
= audio_capture
;
984 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
985 if (!vs
->audio_cap
) {
986 monitor_printf(default_mon
, "Failed to add audio capture\n");
990 static void audio_del(VncState
*vs
)
993 AUD_del_capture(vs
->audio_cap
, vs
);
994 vs
->audio_cap
= NULL
;
998 static void vnc_disconnect_start(VncState
*vs
)
1000 if (vs
->csock
== -1)
1002 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1003 closesocket(vs
->csock
);
1007 static void vnc_disconnect_finish(VncState
*vs
)
1009 vnc_jobs_join(vs
); /* Wait encoding jobs */
1011 vnc_lock_output(vs
);
1012 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1014 buffer_free(&vs
->input
);
1015 buffer_free(&vs
->output
);
1017 qobject_decref(vs
->info
);
1020 vnc_tight_clear(vs
);
1022 #ifdef CONFIG_VNC_TLS
1023 vnc_tls_client_cleanup(vs
);
1024 #endif /* CONFIG_VNC_TLS */
1025 #ifdef CONFIG_VNC_SASL
1026 vnc_sasl_client_cleanup(vs
);
1027 #endif /* CONFIG_VNC_SASL */
1030 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1032 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1036 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1037 vnc_remove_timer(vs
->vd
);
1038 if (vs
->vd
->lock_key_sync
)
1039 qemu_remove_led_event_handler(vs
->led
);
1040 vnc_unlock_output(vs
);
1042 #ifdef CONFIG_VNC_THREAD
1043 qemu_mutex_destroy(&vs
->output_mutex
);
1048 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1050 if (ret
== 0 || ret
== -1) {
1052 switch (last_errno
) {
1056 case WSAEWOULDBLOCK
:
1064 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1065 ret
, ret
< 0 ? last_errno
: 0);
1066 vnc_disconnect_start(vs
);
1074 void vnc_client_error(VncState
*vs
)
1076 VNC_DEBUG("Closing down client sock: protocol error\n");
1077 vnc_disconnect_start(vs
);
1082 * Called to write a chunk of data to the client socket. The data may
1083 * be the raw data, or may have already been encoded by SASL.
1084 * The data will be written either straight onto the socket, or
1085 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1087 * NB, it is theoretically possible to have 2 layers of encryption,
1088 * both SASL, and this TLS layer. It is highly unlikely in practice
1089 * though, since SASL encryption will typically be a no-op if TLS
1092 * Returns the number of bytes written, which may be less than
1093 * the requested 'datalen' if the socket would block. Returns
1094 * -1 on error, and disconnects the client socket.
1096 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1099 #ifdef CONFIG_VNC_TLS
1100 if (vs
->tls
.session
) {
1101 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1103 if (ret
== GNUTLS_E_AGAIN
)
1110 #endif /* CONFIG_VNC_TLS */
1111 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1112 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1113 return vnc_client_io_error(vs
, ret
, socket_error());
1118 * Called to write buffered data to the client socket, when not
1119 * using any SASL SSF encryption layers. Will write as much data
1120 * as possible without blocking. If all buffered data is written,
1121 * will switch the FD poll() handler back to read monitoring.
1123 * Returns the number of bytes written, which may be less than
1124 * the buffered output data if the socket would block. Returns
1125 * -1 on error, and disconnects the client socket.
1127 static long vnc_client_write_plain(VncState
*vs
)
1131 #ifdef CONFIG_VNC_SASL
1132 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1133 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1134 vs
->sasl
.waitWriteSSF
);
1136 if (vs
->sasl
.conn
&&
1138 vs
->sasl
.waitWriteSSF
) {
1139 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1141 vs
->sasl
.waitWriteSSF
-= ret
;
1143 #endif /* CONFIG_VNC_SASL */
1144 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1148 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1149 vs
->output
.offset
-= ret
;
1151 if (vs
->output
.offset
== 0) {
1152 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1160 * First function called whenever there is data to be written to
1161 * the client socket. Will delegate actual work according to whether
1162 * SASL SSF layers are enabled (thus requiring encryption calls)
1164 static void vnc_client_write_locked(void *opaque
)
1166 VncState
*vs
= opaque
;
1168 #ifdef CONFIG_VNC_SASL
1169 if (vs
->sasl
.conn
&&
1171 !vs
->sasl
.waitWriteSSF
) {
1172 vnc_client_write_sasl(vs
);
1174 #endif /* CONFIG_VNC_SASL */
1175 vnc_client_write_plain(vs
);
1178 void vnc_client_write(void *opaque
)
1180 VncState
*vs
= opaque
;
1182 vnc_lock_output(vs
);
1183 if (vs
->output
.offset
) {
1184 vnc_client_write_locked(opaque
);
1186 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1188 vnc_unlock_output(vs
);
1191 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1193 vs
->read_handler
= func
;
1194 vs
->read_handler_expect
= expecting
;
1199 * Called to read a chunk of data from the client socket. The data may
1200 * be the raw data, or may need to be further decoded by SASL.
1201 * The data will be read either straight from to the socket, or
1202 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1204 * NB, it is theoretically possible to have 2 layers of encryption,
1205 * both SASL, and this TLS layer. It is highly unlikely in practice
1206 * though, since SASL encryption will typically be a no-op if TLS
1209 * Returns the number of bytes read, which may be less than
1210 * the requested 'datalen' if the socket would block. Returns
1211 * -1 on error, and disconnects the client socket.
1213 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1216 #ifdef CONFIG_VNC_TLS
1217 if (vs
->tls
.session
) {
1218 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1220 if (ret
== GNUTLS_E_AGAIN
)
1227 #endif /* CONFIG_VNC_TLS */
1228 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1229 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1230 return vnc_client_io_error(vs
, ret
, socket_error());
1235 * Called to read data from the client socket to the input buffer,
1236 * when not using any SASL SSF encryption layers. Will read as much
1237 * data as possible without blocking.
1239 * Returns the number of bytes read. Returns -1 on error, and
1240 * disconnects the client socket.
1242 static long vnc_client_read_plain(VncState
*vs
)
1245 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1246 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1247 buffer_reserve(&vs
->input
, 4096);
1248 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1251 vs
->input
.offset
+= ret
;
1257 * First function called whenever there is more data to be read from
1258 * the client socket. Will delegate actual work according to whether
1259 * SASL SSF layers are enabled (thus requiring decryption calls)
1261 void vnc_client_read(void *opaque
)
1263 VncState
*vs
= opaque
;
1266 #ifdef CONFIG_VNC_SASL
1267 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1268 ret
= vnc_client_read_sasl(vs
);
1270 #endif /* CONFIG_VNC_SASL */
1271 ret
= vnc_client_read_plain(vs
);
1273 if (vs
->csock
== -1)
1274 vnc_disconnect_finish(vs
);
1278 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1279 size_t len
= vs
->read_handler_expect
;
1282 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1283 if (vs
->csock
== -1) {
1284 vnc_disconnect_finish(vs
);
1289 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1290 vs
->input
.offset
-= len
;
1292 vs
->read_handler_expect
= ret
;
1297 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1299 buffer_reserve(&vs
->output
, len
);
1301 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1302 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1305 buffer_append(&vs
->output
, data
, len
);
1308 void vnc_write_s32(VncState
*vs
, int32_t value
)
1310 vnc_write_u32(vs
, *(uint32_t *)&value
);
1313 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1317 buf
[0] = (value
>> 24) & 0xFF;
1318 buf
[1] = (value
>> 16) & 0xFF;
1319 buf
[2] = (value
>> 8) & 0xFF;
1320 buf
[3] = value
& 0xFF;
1322 vnc_write(vs
, buf
, 4);
1325 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1329 buf
[0] = (value
>> 8) & 0xFF;
1330 buf
[1] = value
& 0xFF;
1332 vnc_write(vs
, buf
, 2);
1335 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1337 vnc_write(vs
, (char *)&value
, 1);
1340 void vnc_flush(VncState
*vs
)
1342 vnc_lock_output(vs
);
1343 if (vs
->csock
!= -1 && vs
->output
.offset
) {
1344 vnc_client_write_locked(vs
);
1346 vnc_unlock_output(vs
);
1349 uint8_t read_u8(uint8_t *data
, size_t offset
)
1351 return data
[offset
];
1354 uint16_t read_u16(uint8_t *data
, size_t offset
)
1356 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1359 int32_t read_s32(uint8_t *data
, size_t offset
)
1361 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1362 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1365 uint32_t read_u32(uint8_t *data
, size_t offset
)
1367 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1368 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1371 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1375 static void check_pointer_type_change(Notifier
*notifier
)
1377 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1378 int absolute
= kbd_mouse_is_absolute();
1380 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1381 vnc_lock_output(vs
);
1382 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1383 vnc_write_u8(vs
, 0);
1384 vnc_write_u16(vs
, 1);
1385 vnc_framebuffer_update(vs
, absolute
, 0,
1386 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1387 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1388 vnc_unlock_output(vs
);
1391 vs
->absolute
= absolute
;
1394 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1399 if (button_mask
& 0x01)
1400 buttons
|= MOUSE_EVENT_LBUTTON
;
1401 if (button_mask
& 0x02)
1402 buttons
|= MOUSE_EVENT_MBUTTON
;
1403 if (button_mask
& 0x04)
1404 buttons
|= MOUSE_EVENT_RBUTTON
;
1405 if (button_mask
& 0x08)
1407 if (button_mask
& 0x10)
1411 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1412 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1413 ds_get_height(vs
->ds
) > 1 ?
1414 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1416 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1420 kbd_mouse_event(x
, y
, dz
, buttons
);
1422 if (vs
->last_x
!= -1)
1423 kbd_mouse_event(x
- vs
->last_x
,
1431 static void reset_keys(VncState
*vs
)
1434 for(i
= 0; i
< 256; i
++) {
1435 if (vs
->modifiers_state
[i
]) {
1436 if (i
& SCANCODE_GREY
)
1437 kbd_put_keycode(SCANCODE_EMUL0
);
1438 kbd_put_keycode(i
| SCANCODE_UP
);
1439 vs
->modifiers_state
[i
] = 0;
1444 static void press_key(VncState
*vs
, int keysym
)
1446 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1447 if (keycode
& SCANCODE_GREY
)
1448 kbd_put_keycode(SCANCODE_EMUL0
);
1449 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1450 if (keycode
& SCANCODE_GREY
)
1451 kbd_put_keycode(SCANCODE_EMUL0
);
1452 kbd_put_keycode(keycode
| SCANCODE_UP
);
1455 static void kbd_leds(void *opaque
, int ledstate
)
1457 VncState
*vs
= opaque
;
1460 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1461 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1463 if (vs
->modifiers_state
[0x3a] != caps
) {
1464 vs
->modifiers_state
[0x3a] = caps
;
1466 if (vs
->modifiers_state
[0x45] != num
) {
1467 vs
->modifiers_state
[0x45] = num
;
1471 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1473 /* QEMU console switch */
1475 case 0x2a: /* Left Shift */
1476 case 0x36: /* Right Shift */
1477 case 0x1d: /* Left CTRL */
1478 case 0x9d: /* Right CTRL */
1479 case 0x38: /* Left ALT */
1480 case 0xb8: /* Right ALT */
1482 vs
->modifiers_state
[keycode
] = 1;
1484 vs
->modifiers_state
[keycode
] = 0;
1486 case 0x02 ... 0x0a: /* '1' to '9' keys */
1487 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1488 /* Reset the modifiers sent to the current console */
1490 console_select(keycode
- 0x02);
1494 case 0x3a: /* CapsLock */
1495 case 0x45: /* NumLock */
1497 vs
->modifiers_state
[keycode
] ^= 1;
1501 if (vs
->vd
->lock_key_sync
&&
1502 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1503 /* If the numlock state needs to change then simulate an additional
1504 keypress before sending this one. This will happen if the user
1505 toggles numlock away from the VNC window.
1507 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1508 if (!vs
->modifiers_state
[0x45]) {
1509 vs
->modifiers_state
[0x45] = 1;
1510 press_key(vs
, 0xff7f);
1513 if (vs
->modifiers_state
[0x45]) {
1514 vs
->modifiers_state
[0x45] = 0;
1515 press_key(vs
, 0xff7f);
1520 if (vs
->vd
->lock_key_sync
&&
1521 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1522 /* If the capslock state needs to change then simulate an additional
1523 keypress before sending this one. This will happen if the user
1524 toggles capslock away from the VNC window.
1526 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1527 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1528 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1530 if (uppercase
== shift
) {
1531 vs
->modifiers_state
[0x3a] = 0;
1532 press_key(vs
, 0xffe5);
1535 if (uppercase
!= shift
) {
1536 vs
->modifiers_state
[0x3a] = 1;
1537 press_key(vs
, 0xffe5);
1542 if (is_graphic_console()) {
1543 if (keycode
& SCANCODE_GREY
)
1544 kbd_put_keycode(SCANCODE_EMUL0
);
1546 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1548 kbd_put_keycode(keycode
| SCANCODE_UP
);
1550 /* QEMU console emulation */
1552 int numlock
= vs
->modifiers_state
[0x45];
1554 case 0x2a: /* Left Shift */
1555 case 0x36: /* Right Shift */
1556 case 0x1d: /* Left CTRL */
1557 case 0x9d: /* Right CTRL */
1558 case 0x38: /* Left ALT */
1559 case 0xb8: /* Right ALT */
1562 kbd_put_keysym(QEMU_KEY_UP
);
1565 kbd_put_keysym(QEMU_KEY_DOWN
);
1568 kbd_put_keysym(QEMU_KEY_LEFT
);
1571 kbd_put_keysym(QEMU_KEY_RIGHT
);
1574 kbd_put_keysym(QEMU_KEY_DELETE
);
1577 kbd_put_keysym(QEMU_KEY_HOME
);
1580 kbd_put_keysym(QEMU_KEY_END
);
1583 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1586 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1590 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1593 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1596 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1599 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1602 kbd_put_keysym('5');
1605 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1608 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1611 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1614 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1617 kbd_put_keysym('0');
1620 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1624 kbd_put_keysym('/');
1627 kbd_put_keysym('*');
1630 kbd_put_keysym('-');
1633 kbd_put_keysym('+');
1636 kbd_put_keysym('\n');
1640 kbd_put_keysym(sym
);
1647 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1652 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1653 lsym
= lsym
- 'A' + 'a';
1656 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1657 do_key_event(vs
, down
, keycode
, sym
);
1660 static void ext_key_event(VncState
*vs
, int down
,
1661 uint32_t sym
, uint16_t keycode
)
1663 /* if the user specifies a keyboard layout, always use it */
1664 if (keyboard_layout
)
1665 key_event(vs
, down
, sym
);
1667 do_key_event(vs
, down
, keycode
, sym
);
1670 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1671 int x_position
, int y_position
,
1674 if (y_position
> ds_get_height(vs
->ds
))
1675 y_position
= ds_get_height(vs
->ds
);
1676 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1677 h
= ds_get_height(vs
->ds
) - y_position
;
1680 vs
->need_update
= 1;
1682 vs
->force_update
= 1;
1683 for (i
= 0; i
< h
; i
++) {
1684 vnc_set_bits(vs
->dirty
[y_position
+ i
],
1685 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1690 static void send_ext_key_event_ack(VncState
*vs
)
1692 vnc_lock_output(vs
);
1693 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1694 vnc_write_u8(vs
, 0);
1695 vnc_write_u16(vs
, 1);
1696 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1697 VNC_ENCODING_EXT_KEY_EVENT
);
1698 vnc_unlock_output(vs
);
1702 static void send_ext_audio_ack(VncState
*vs
)
1704 vnc_lock_output(vs
);
1705 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1706 vnc_write_u8(vs
, 0);
1707 vnc_write_u16(vs
, 1);
1708 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1709 VNC_ENCODING_AUDIO
);
1710 vnc_unlock_output(vs
);
1714 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1717 unsigned int enc
= 0;
1720 vs
->vnc_encoding
= 0;
1721 vs
->tight
.compression
= 9;
1722 vs
->tight
.quality
= -1; /* Lossless by default */
1726 * Start from the end because the encodings are sent in order of preference.
1727 * This way the prefered encoding (first encoding defined in the array)
1728 * will be set at the end of the loop.
1730 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1733 case VNC_ENCODING_RAW
:
1734 vs
->vnc_encoding
= enc
;
1736 case VNC_ENCODING_COPYRECT
:
1737 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1739 case VNC_ENCODING_HEXTILE
:
1740 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1741 vs
->vnc_encoding
= enc
;
1743 case VNC_ENCODING_TIGHT
:
1744 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1745 vs
->vnc_encoding
= enc
;
1747 case VNC_ENCODING_TIGHT_PNG
:
1748 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1749 vs
->vnc_encoding
= enc
;
1751 case VNC_ENCODING_ZLIB
:
1752 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1753 vs
->vnc_encoding
= enc
;
1755 case VNC_ENCODING_DESKTOPRESIZE
:
1756 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1758 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1759 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1761 case VNC_ENCODING_RICH_CURSOR
:
1762 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1764 case VNC_ENCODING_EXT_KEY_EVENT
:
1765 send_ext_key_event_ack(vs
);
1767 case VNC_ENCODING_AUDIO
:
1768 send_ext_audio_ack(vs
);
1770 case VNC_ENCODING_WMVi
:
1771 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1773 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1774 vs
->tight
.compression
= (enc
& 0x0F);
1776 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1777 vs
->tight
.quality
= (enc
& 0x0F);
1780 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1784 vnc_desktop_resize(vs
);
1785 check_pointer_type_change(&vs
->mouse_mode_notifier
);
1788 static void set_pixel_conversion(VncState
*vs
)
1790 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1791 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1792 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1793 vs
->write_pixels
= vnc_write_pixels_copy
;
1794 vnc_hextile_set_pixel_conversion(vs
, 0);
1796 vs
->write_pixels
= vnc_write_pixels_generic
;
1797 vnc_hextile_set_pixel_conversion(vs
, 1);
1801 static void set_pixel_format(VncState
*vs
,
1802 int bits_per_pixel
, int depth
,
1803 int big_endian_flag
, int true_color_flag
,
1804 int red_max
, int green_max
, int blue_max
,
1805 int red_shift
, int green_shift
, int blue_shift
)
1807 if (!true_color_flag
) {
1808 vnc_client_error(vs
);
1812 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1813 vs
->clientds
.pf
.rmax
= red_max
;
1814 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1815 vs
->clientds
.pf
.rshift
= red_shift
;
1816 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1817 vs
->clientds
.pf
.gmax
= green_max
;
1818 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1819 vs
->clientds
.pf
.gshift
= green_shift
;
1820 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1821 vs
->clientds
.pf
.bmax
= blue_max
;
1822 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1823 vs
->clientds
.pf
.bshift
= blue_shift
;
1824 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1825 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1826 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1827 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1828 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1830 set_pixel_conversion(vs
);
1832 vga_hw_invalidate();
1836 static void pixel_format_message (VncState
*vs
) {
1837 char pad
[3] = { 0, 0, 0 };
1839 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1840 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1842 #ifdef HOST_WORDS_BIGENDIAN
1843 vnc_write_u8(vs
, 1); /* big-endian-flag */
1845 vnc_write_u8(vs
, 0); /* big-endian-flag */
1847 vnc_write_u8(vs
, 1); /* true-color-flag */
1848 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1849 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1850 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1851 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1852 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1853 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1855 vnc_hextile_set_pixel_conversion(vs
, 0);
1857 vs
->clientds
= *(vs
->ds
->surface
);
1858 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1859 vs
->write_pixels
= vnc_write_pixels_copy
;
1861 vnc_write(vs
, pad
, 3); /* padding */
1864 static void vnc_dpy_setdata(DisplayState
*ds
)
1866 /* We don't have to do anything */
1869 static void vnc_colordepth(VncState
*vs
)
1871 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1872 /* Sending a WMVi message to notify the client*/
1873 vnc_lock_output(vs
);
1874 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1875 vnc_write_u8(vs
, 0);
1876 vnc_write_u16(vs
, 1); /* number of rects */
1877 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1878 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1879 pixel_format_message(vs
);
1880 vnc_unlock_output(vs
);
1883 set_pixel_conversion(vs
);
1887 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1891 VncDisplay
*vd
= vs
->vd
;
1894 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1895 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
))
1896 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
1900 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
1904 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1905 read_u8(data
, 6), read_u8(data
, 7),
1906 read_u16(data
, 8), read_u16(data
, 10),
1907 read_u16(data
, 12), read_u8(data
, 14),
1908 read_u8(data
, 15), read_u8(data
, 16));
1910 case VNC_MSG_CLIENT_SET_ENCODINGS
:
1915 limit
= read_u16(data
, 2);
1917 return 4 + (limit
* 4);
1919 limit
= read_u16(data
, 2);
1921 for (i
= 0; i
< limit
; i
++) {
1922 int32_t val
= read_s32(data
, 4 + (i
* 4));
1923 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1926 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1928 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
1932 framebuffer_update_request(vs
,
1933 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1934 read_u16(data
, 6), read_u16(data
, 8));
1936 case VNC_MSG_CLIENT_KEY_EVENT
:
1940 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1942 case VNC_MSG_CLIENT_POINTER_EVENT
:
1946 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1948 case VNC_MSG_CLIENT_CUT_TEXT
:
1953 uint32_t dlen
= read_u32(data
, 4);
1958 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1960 case VNC_MSG_CLIENT_QEMU
:
1964 switch (read_u8(data
, 1)) {
1965 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
1969 ext_key_event(vs
, read_u16(data
, 2),
1970 read_u32(data
, 4), read_u32(data
, 8));
1972 case VNC_MSG_CLIENT_QEMU_AUDIO
:
1976 switch (read_u16 (data
, 2)) {
1977 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
1980 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
1983 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
1986 switch (read_u8(data
, 4)) {
1987 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1988 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1989 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1990 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1991 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1992 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1994 printf("Invalid audio format %d\n", read_u8(data
, 4));
1995 vnc_client_error(vs
);
1998 vs
->as
.nchannels
= read_u8(data
, 5);
1999 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2000 printf("Invalid audio channel coount %d\n",
2002 vnc_client_error(vs
);
2005 vs
->as
.freq
= read_u32(data
, 6);
2008 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2009 vnc_client_error(vs
);
2015 printf("Msg: %d\n", read_u16(data
, 0));
2016 vnc_client_error(vs
);
2021 printf("Msg: %d\n", data
[0]);
2022 vnc_client_error(vs
);
2026 vnc_read_when(vs
, protocol_client_msg
, 1);
2030 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2035 vs
->client_width
= ds_get_width(vs
->ds
);
2036 vs
->client_height
= ds_get_height(vs
->ds
);
2037 vnc_write_u16(vs
, vs
->client_width
);
2038 vnc_write_u16(vs
, vs
->client_height
);
2040 pixel_format_message(vs
);
2043 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2045 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2047 vnc_write_u32(vs
, size
);
2048 vnc_write(vs
, buf
, size
);
2051 vnc_client_cache_auth(vs
);
2052 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2054 vnc_read_when(vs
, protocol_client_msg
, 1);
2059 void start_client_init(VncState
*vs
)
2061 vnc_read_when(vs
, protocol_client_init
, 1);
2064 static void make_challenge(VncState
*vs
)
2068 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2070 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2071 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2074 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2076 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2078 unsigned char key
[8];
2080 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
2081 VNC_DEBUG("No password configured on server");
2082 vnc_write_u32(vs
, 1); /* Reject auth */
2083 if (vs
->minor
>= 8) {
2084 static const char err
[] = "Authentication failed";
2085 vnc_write_u32(vs
, sizeof(err
));
2086 vnc_write(vs
, err
, sizeof(err
));
2089 vnc_client_error(vs
);
2093 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2095 /* Calculate the expected challenge response */
2096 pwlen
= strlen(vs
->vd
->password
);
2097 for (i
=0; i
<sizeof(key
); i
++)
2098 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2100 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2101 des(response
+j
, response
+j
);
2103 /* Compare expected vs actual challenge response */
2104 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2105 VNC_DEBUG("Client challenge reponse did not match\n");
2106 vnc_write_u32(vs
, 1); /* Reject auth */
2107 if (vs
->minor
>= 8) {
2108 static const char err
[] = "Authentication failed";
2109 vnc_write_u32(vs
, sizeof(err
));
2110 vnc_write(vs
, err
, sizeof(err
));
2113 vnc_client_error(vs
);
2115 VNC_DEBUG("Accepting VNC challenge response\n");
2116 vnc_write_u32(vs
, 0); /* Accept auth */
2119 start_client_init(vs
);
2124 void start_auth_vnc(VncState
*vs
)
2127 /* Send client a 'random' challenge */
2128 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2131 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2135 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2137 /* We only advertise 1 auth scheme at a time, so client
2138 * must pick the one we sent. Verify this */
2139 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
2140 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2141 vnc_write_u32(vs
, 1);
2142 if (vs
->minor
>= 8) {
2143 static const char err
[] = "Authentication failed";
2144 vnc_write_u32(vs
, sizeof(err
));
2145 vnc_write(vs
, err
, sizeof(err
));
2147 vnc_client_error(vs
);
2148 } else { /* Accept requested auth */
2149 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2150 switch (vs
->vd
->auth
) {
2152 VNC_DEBUG("Accept auth none\n");
2153 if (vs
->minor
>= 8) {
2154 vnc_write_u32(vs
, 0); /* Accept auth completion */
2157 start_client_init(vs
);
2161 VNC_DEBUG("Start VNC auth\n");
2165 #ifdef CONFIG_VNC_TLS
2166 case VNC_AUTH_VENCRYPT
:
2167 VNC_DEBUG("Accept VeNCrypt auth\n");;
2168 start_auth_vencrypt(vs
);
2170 #endif /* CONFIG_VNC_TLS */
2172 #ifdef CONFIG_VNC_SASL
2174 VNC_DEBUG("Accept SASL auth\n");
2175 start_auth_sasl(vs
);
2177 #endif /* CONFIG_VNC_SASL */
2179 default: /* Should not be possible, but just in case */
2180 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
2181 vnc_write_u8(vs
, 1);
2182 if (vs
->minor
>= 8) {
2183 static const char err
[] = "Authentication failed";
2184 vnc_write_u32(vs
, sizeof(err
));
2185 vnc_write(vs
, err
, sizeof(err
));
2187 vnc_client_error(vs
);
2193 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2197 memcpy(local
, version
, 12);
2200 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2201 VNC_DEBUG("Malformed protocol version %s\n", local
);
2202 vnc_client_error(vs
);
2205 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2206 if (vs
->major
!= 3 ||
2212 VNC_DEBUG("Unsupported client version\n");
2213 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2215 vnc_client_error(vs
);
2218 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2219 * as equivalent to v3.3 by servers
2221 if (vs
->minor
== 4 || vs
->minor
== 5)
2224 if (vs
->minor
== 3) {
2225 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
2226 VNC_DEBUG("Tell client auth none\n");
2227 vnc_write_u32(vs
, vs
->vd
->auth
);
2229 start_client_init(vs
);
2230 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
2231 VNC_DEBUG("Tell client VNC auth\n");
2232 vnc_write_u32(vs
, vs
->vd
->auth
);
2236 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2237 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2239 vnc_client_error(vs
);
2242 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2243 vnc_write_u8(vs
, 1); /* num auth */
2244 vnc_write_u8(vs
, vs
->vd
->auth
);
2245 vnc_read_when(vs
, protocol_client_auth
, 1);
2252 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2256 uint8_t *server_row
;
2258 uint32_t width_mask
[VNC_DIRTY_WORDS
];
2263 * Walk through the guest dirty map.
2264 * Check and copy modified bits from guest to server surface.
2265 * Update server dirty map.
2267 vnc_set_bits(width_mask
, (ds_get_width(vd
->ds
) / 16), VNC_DIRTY_WORDS
);
2268 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2269 guest_row
= vd
->guest
.ds
->data
;
2270 server_row
= vd
->server
->data
;
2271 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2272 if (vnc_and_bits(vd
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
2275 uint8_t *server_ptr
;
2277 guest_ptr
= guest_row
;
2278 server_ptr
= server_row
;
2280 for (x
= 0; x
< vd
->guest
.ds
->width
;
2281 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2282 if (!vnc_get_bit(vd
->guest
.dirty
[y
], (x
/ 16)))
2284 vnc_clear_bit(vd
->guest
.dirty
[y
], (x
/ 16));
2285 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2287 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2288 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2289 vnc_set_bit(vs
->dirty
[y
], (x
/ 16));
2294 guest_row
+= ds_get_linesize(vd
->ds
);
2295 server_row
+= ds_get_linesize(vd
->ds
);
2300 static void vnc_refresh(void *opaque
)
2302 VncDisplay
*vd
= opaque
;
2304 int has_dirty
, rects
= 0;
2308 if (vnc_trylock_display(vd
)) {
2309 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2310 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) +
2311 vd
->timer_interval
);
2315 has_dirty
= vnc_refresh_server_surface(vd
);
2316 vnc_unlock_display(vd
);
2318 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2319 rects
+= vnc_update_client(vs
, has_dirty
);
2320 /* vs might be free()ed here */
2323 /* vd->timer could be NULL now if the last client disconnected,
2324 * in this case don't update the timer */
2325 if (vd
->timer
== NULL
)
2328 if (has_dirty
&& rects
) {
2329 vd
->timer_interval
/= 2;
2330 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2331 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2333 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2334 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2335 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2337 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
2340 static void vnc_init_timer(VncDisplay
*vd
)
2342 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2343 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2344 vd
->timer
= qemu_new_timer(rt_clock
, vnc_refresh
, vd
);
2349 static void vnc_remove_timer(VncDisplay
*vd
)
2351 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2352 qemu_del_timer(vd
->timer
);
2353 qemu_free_timer(vd
->timer
);
2358 static void vnc_connect(VncDisplay
*vd
, int csock
)
2360 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2363 VNC_DEBUG("New client on socket %d\n", csock
);
2365 socket_set_nonblock(vs
->csock
);
2366 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2368 vnc_client_cache_addr(vs
);
2369 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2376 vs
->as
.freq
= 44100;
2377 vs
->as
.nchannels
= 2;
2378 vs
->as
.fmt
= AUD_FMT_S16
;
2379 vs
->as
.endianness
= 0;
2381 #ifdef CONFIG_VNC_THREAD
2382 qemu_mutex_init(&vs
->output_mutex
);
2385 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2389 vnc_write(vs
, "RFB 003.008\n", 12);
2391 vnc_read_when(vs
, protocol_version
, 12);
2393 if (vs
->vd
->lock_key_sync
)
2394 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2396 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2397 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2401 /* vs might be free()ed here */
2404 static void vnc_listen_read(void *opaque
)
2406 VncDisplay
*vs
= opaque
;
2407 struct sockaddr_in addr
;
2408 socklen_t addrlen
= sizeof(addr
);
2413 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2415 vnc_connect(vs
, csock
);
2419 void vnc_display_init(DisplayState
*ds
)
2421 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2423 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2432 QTAILQ_INIT(&vs
->clients
);
2434 if (keyboard_layout
)
2435 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2437 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2439 if (!vs
->kbd_layout
)
2442 #ifdef CONFIG_VNC_THREAD
2443 qemu_mutex_init(&vs
->mutex
);
2444 vnc_start_worker_thread();
2447 dcl
->dpy_copy
= vnc_dpy_copy
;
2448 dcl
->dpy_update
= vnc_dpy_update
;
2449 dcl
->dpy_resize
= vnc_dpy_resize
;
2450 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2451 register_displaychangelistener(ds
, dcl
);
2452 ds
->mouse_set
= vnc_mouse_set
;
2453 ds
->cursor_define
= vnc_dpy_cursor_define
;
2457 void vnc_display_close(DisplayState
*ds
)
2459 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2464 qemu_free(vs
->display
);
2467 if (vs
->lsock
!= -1) {
2468 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2472 vs
->auth
= VNC_AUTH_INVALID
;
2473 #ifdef CONFIG_VNC_TLS
2474 vs
->subauth
= VNC_AUTH_INVALID
;
2475 vs
->tls
.x509verify
= 0;
2479 int vnc_display_password(DisplayState
*ds
, const char *password
)
2481 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2488 qemu_free(vs
->password
);
2489 vs
->password
= NULL
;
2491 if (password
&& password
[0]) {
2492 if (!(vs
->password
= qemu_strdup(password
)))
2494 if (vs
->auth
== VNC_AUTH_NONE
) {
2495 vs
->auth
= VNC_AUTH_VNC
;
2498 vs
->auth
= VNC_AUTH_NONE
;
2504 char *vnc_display_local_addr(DisplayState
*ds
)
2506 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2508 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2511 int vnc_display_open(DisplayState
*ds
, const char *display
)
2513 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2514 const char *options
;
2517 #ifdef CONFIG_VNC_TLS
2518 int tls
= 0, x509
= 0;
2520 #ifdef CONFIG_VNC_SASL
2525 int lock_key_sync
= 1;
2529 vnc_display_close(ds
);
2530 if (strcmp(display
, "none") == 0)
2533 if (!(vs
->display
= strdup(display
)))
2537 while ((options
= strchr(options
, ','))) {
2539 if (strncmp(options
, "password", 8) == 0) {
2540 password
= 1; /* Require password auth */
2541 } else if (strncmp(options
, "reverse", 7) == 0) {
2543 } else if (strncmp(options
, "no-lock-key-sync", 9) == 0) {
2545 #ifdef CONFIG_VNC_SASL
2546 } else if (strncmp(options
, "sasl", 4) == 0) {
2547 sasl
= 1; /* Require SASL auth */
2549 #ifdef CONFIG_VNC_TLS
2550 } else if (strncmp(options
, "tls", 3) == 0) {
2551 tls
= 1; /* Require TLS */
2552 } else if (strncmp(options
, "x509", 4) == 0) {
2554 x509
= 1; /* Require x509 certificates */
2555 if (strncmp(options
, "x509verify", 10) == 0)
2556 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2558 /* Now check for 'x509=/some/path' postfix
2559 * and use that to setup x509 certificate/key paths */
2560 start
= strchr(options
, '=');
2561 end
= strchr(options
, ',');
2562 if (start
&& (!end
|| (start
< end
))) {
2563 int len
= end
? end
-(start
+1) : strlen(start
+1);
2564 char *path
= qemu_strndup(start
+ 1, len
);
2566 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2567 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2568 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2570 qemu_free(vs
->display
);
2576 fprintf(stderr
, "No certificate path provided\n");
2577 qemu_free(vs
->display
);
2582 } else if (strncmp(options
, "acl", 3) == 0) {
2584 } else if (strncmp(options
, "lossy", 5) == 0) {
2589 #ifdef CONFIG_VNC_TLS
2590 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2591 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2592 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2597 #ifdef CONFIG_VNC_SASL
2599 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2600 fprintf(stderr
, "Failed to create username ACL\n");
2607 * Combinations we support here:
2609 * - no-auth (clear text, no auth)
2610 * - password (clear text, weak auth)
2611 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2612 * - tls (encrypt, weak anonymous creds, no auth)
2613 * - tls + password (encrypt, weak anonymous creds, weak auth)
2614 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2615 * - tls + x509 (encrypt, good x509 creds, no auth)
2616 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2617 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2619 * NB1. TLS is a stackable auth scheme.
2620 * NB2. the x509 schemes have option to validate a client cert dname
2623 #ifdef CONFIG_VNC_TLS
2625 vs
->auth
= VNC_AUTH_VENCRYPT
;
2627 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2628 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2630 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2631 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2634 #endif /* CONFIG_VNC_TLS */
2635 VNC_DEBUG("Initializing VNC server with password auth\n");
2636 vs
->auth
= VNC_AUTH_VNC
;
2637 #ifdef CONFIG_VNC_TLS
2638 vs
->subauth
= VNC_AUTH_INVALID
;
2640 #endif /* CONFIG_VNC_TLS */
2641 #ifdef CONFIG_VNC_SASL
2643 #ifdef CONFIG_VNC_TLS
2645 vs
->auth
= VNC_AUTH_VENCRYPT
;
2647 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2648 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2650 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2651 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2654 #endif /* CONFIG_VNC_TLS */
2655 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2656 vs
->auth
= VNC_AUTH_SASL
;
2657 #ifdef CONFIG_VNC_TLS
2658 vs
->subauth
= VNC_AUTH_INVALID
;
2660 #endif /* CONFIG_VNC_TLS */
2661 #endif /* CONFIG_VNC_SASL */
2663 #ifdef CONFIG_VNC_TLS
2665 vs
->auth
= VNC_AUTH_VENCRYPT
;
2667 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2668 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2670 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2671 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2675 VNC_DEBUG("Initializing VNC server with no auth\n");
2676 vs
->auth
= VNC_AUTH_NONE
;
2677 #ifdef CONFIG_VNC_TLS
2678 vs
->subauth
= VNC_AUTH_INVALID
;
2683 #ifdef CONFIG_VNC_SASL
2684 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2685 fprintf(stderr
, "Failed to initialize SASL auth %s",
2686 sasl_errstring(saslErr
, NULL
, NULL
));
2692 vs
->lock_key_sync
= lock_key_sync
;
2695 /* connect to viewer */
2696 if (strncmp(display
, "unix:", 5) == 0)
2697 vs
->lsock
= unix_connect(display
+5);
2699 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2700 if (-1 == vs
->lsock
) {
2705 int csock
= vs
->lsock
;
2707 vnc_connect(vs
, csock
);
2712 /* listen for connects */
2714 dpy
= qemu_malloc(256);
2715 if (strncmp(display
, "unix:", 5) == 0) {
2716 pstrcpy(dpy
, 256, "unix:");
2717 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2719 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2721 if (-1 == vs
->lsock
) {
2729 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);