2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
33 #include "qemu-objects.h"
35 #define VNC_REFRESH_INTERVAL_BASE 30
36 #define VNC_REFRESH_INTERVAL_INC 50
37 #define VNC_REFRESH_INTERVAL_MAX 2000
38 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
39 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
41 #include "vnc_keysym.h"
44 static VncDisplay
*vnc_display
; /* needed for info vnc */
45 static DisplayChangeListener
*dcl
;
47 static int vnc_cursor_define(VncState
*vs
);
49 static char *addr_to_string(const char *format
,
50 struct sockaddr_storage
*sa
,
53 char host
[NI_MAXHOST
];
54 char serv
[NI_MAXSERV
];
58 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
61 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
62 VNC_DEBUG("Cannot resolve address %d: %s\n",
63 err
, gai_strerror(err
));
67 /* Enough for the existing format + the 2 vars we're
69 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
70 addr
= qemu_malloc(addrlen
+ 1);
71 snprintf(addr
, addrlen
, format
, host
, serv
);
78 char *vnc_socket_local_addr(const char *format
, int fd
) {
79 struct sockaddr_storage sa
;
83 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
86 return addr_to_string(format
, &sa
, salen
);
89 char *vnc_socket_remote_addr(const char *format
, int fd
) {
90 struct sockaddr_storage sa
;
94 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
97 return addr_to_string(format
, &sa
, salen
);
100 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
103 char host
[NI_MAXHOST
];
104 char serv
[NI_MAXSERV
];
107 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
110 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
111 VNC_DEBUG("Cannot resolve address %d: %s\n",
112 err
, gai_strerror(err
));
116 qdict_put(qdict
, "host", qstring_from_str(host
));
117 qdict_put(qdict
, "service", qstring_from_str(serv
));
118 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
123 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
125 struct sockaddr_storage sa
;
129 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
133 return put_addr_qdict(qdict
, &sa
, salen
);
136 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
138 struct sockaddr_storage sa
;
142 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
146 return put_addr_qdict(qdict
, &sa
, salen
);
149 static const char *vnc_auth_name(VncDisplay
*vd
) {
151 case VNC_AUTH_INVALID
:
167 case VNC_AUTH_VENCRYPT
:
168 #ifdef CONFIG_VNC_TLS
169 switch (vd
->subauth
) {
170 case VNC_AUTH_VENCRYPT_PLAIN
:
171 return "vencrypt+plain";
172 case VNC_AUTH_VENCRYPT_TLSNONE
:
173 return "vencrypt+tls+none";
174 case VNC_AUTH_VENCRYPT_TLSVNC
:
175 return "vencrypt+tls+vnc";
176 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
177 return "vencrypt+tls+plain";
178 case VNC_AUTH_VENCRYPT_X509NONE
:
179 return "vencrypt+x509+none";
180 case VNC_AUTH_VENCRYPT_X509VNC
:
181 return "vencrypt+x509+vnc";
182 case VNC_AUTH_VENCRYPT_X509PLAIN
:
183 return "vencrypt+x509+plain";
184 case VNC_AUTH_VENCRYPT_TLSSASL
:
185 return "vencrypt+tls+sasl";
186 case VNC_AUTH_VENCRYPT_X509SASL
:
187 return "vencrypt+x509+sasl";
200 static int vnc_server_info_put(QDict
*qdict
)
202 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
206 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
210 static void vnc_client_cache_auth(VncState
*client
)
212 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
220 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
221 qdict
= qobject_to_qdict(client
->info
);
224 #ifdef CONFIG_VNC_TLS
225 if (client
->tls
.session
&&
227 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
230 #ifdef CONFIG_VNC_SASL
231 if (client
->sasl
.conn
&&
232 client
->sasl
.username
) {
233 qdict_put(qdict
, "sasl_username",
234 qstring_from_str(client
->sasl
.username
));
239 static void vnc_client_cache_addr(VncState
*client
)
244 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
246 /* XXX: how to report the error? */
250 client
->info
= QOBJECT(qdict
);
253 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
262 server
= qdict_new();
263 if (vnc_server_info_put(server
) < 0) {
268 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
269 vs
->info
, QOBJECT(server
));
271 monitor_protocol_event(event
, data
);
273 qobject_incref(vs
->info
);
274 qobject_decref(data
);
277 static void info_vnc_iter(QObject
*obj
, void *opaque
)
280 Monitor
*mon
= opaque
;
282 client
= qobject_to_qdict(obj
);
283 monitor_printf(mon
, "Client:\n");
284 monitor_printf(mon
, " address: %s:%s\n",
285 qdict_get_str(client
, "host"),
286 qdict_get_str(client
, "service"));
288 #ifdef CONFIG_VNC_TLS
289 monitor_printf(mon
, " x509_dname: %s\n",
290 qdict_haskey(client
, "x509_dname") ?
291 qdict_get_str(client
, "x509_dname") : "none");
293 #ifdef CONFIG_VNC_SASL
294 monitor_printf(mon
, " username: %s\n",
295 qdict_haskey(client
, "sasl_username") ?
296 qdict_get_str(client
, "sasl_username") : "none");
300 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
305 server
= qobject_to_qdict(data
);
306 if (qdict_get_bool(server
, "enabled") == 0) {
307 monitor_printf(mon
, "Server: disabled\n");
311 monitor_printf(mon
, "Server:\n");
312 monitor_printf(mon
, " address: %s:%s\n",
313 qdict_get_str(server
, "host"),
314 qdict_get_str(server
, "service"));
315 monitor_printf(mon
, " auth: %s\n", qdict_get_str(server
, "auth"));
317 clients
= qdict_get_qlist(server
, "clients");
318 if (qlist_empty(clients
)) {
319 monitor_printf(mon
, "Client: none\n");
321 qlist_iter(clients
, info_vnc_iter
, mon
);
325 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
327 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
328 *ret_data
= qobject_from_jsonf("{ 'enabled': false }");
334 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
336 /* incref so that it's not freed by upper layers */
337 qobject_incref(client
->info
);
338 qlist_append_obj(clist
, client
->info
);
342 *ret_data
= qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
344 assert(*ret_data
!= NULL
);
346 if (vnc_server_info_put(qobject_to_qdict(*ret_data
)) < 0) {
347 qobject_decref(*ret_data
);
354 1) Get the queue working for IO.
355 2) there is some weirdness when using the -S option (the screen is grey
356 and not totally invalidated
357 3) resolutions > 1024
360 static int vnc_update_client(VncState
*vs
, int has_dirty
);
361 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
);
362 static void vnc_disconnect_start(VncState
*vs
);
363 static void vnc_disconnect_finish(VncState
*vs
);
364 static void vnc_init_timer(VncDisplay
*vd
);
365 static void vnc_remove_timer(VncDisplay
*vd
);
367 static void vnc_colordepth(VncState
*vs
);
368 static void framebuffer_update_request(VncState
*vs
, int incremental
,
369 int x_position
, int y_position
,
371 static void vnc_refresh(void *opaque
);
372 static int vnc_refresh_server_surface(VncDisplay
*vd
);
374 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
377 VncDisplay
*vd
= ds
->opaque
;
378 struct VncSurface
*s
= &vd
->guest
;
382 /* round x down to ensure the loop only spans one 16-pixel block per,
383 iteration. otherwise, if (x % 16) != 0, the last iteration may span
384 two 16-pixel blocks but we only mark the first as dirty
389 x
= MIN(x
, s
->ds
->width
);
390 y
= MIN(y
, s
->ds
->height
);
391 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
392 h
= MIN(h
, s
->ds
->height
);
395 for (i
= 0; i
< w
; i
+= 16)
396 set_bit((x
+ i
) / 16, s
->dirty
[y
]);
399 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
402 vnc_write_u16(vs
, x
);
403 vnc_write_u16(vs
, y
);
404 vnc_write_u16(vs
, w
);
405 vnc_write_u16(vs
, h
);
407 vnc_write_s32(vs
, encoding
);
410 void buffer_reserve(Buffer
*buffer
, size_t len
)
412 if ((buffer
->capacity
- buffer
->offset
) < len
) {
413 buffer
->capacity
+= (len
+ 1024);
414 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
415 if (buffer
->buffer
== NULL
) {
416 fprintf(stderr
, "vnc: out of memory\n");
422 int buffer_empty(Buffer
*buffer
)
424 return buffer
->offset
== 0;
427 uint8_t *buffer_end(Buffer
*buffer
)
429 return buffer
->buffer
+ buffer
->offset
;
432 void buffer_reset(Buffer
*buffer
)
437 void buffer_free(Buffer
*buffer
)
439 qemu_free(buffer
->buffer
);
441 buffer
->capacity
= 0;
442 buffer
->buffer
= NULL
;
445 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
447 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
448 buffer
->offset
+= len
;
451 static void vnc_desktop_resize(VncState
*vs
)
453 DisplayState
*ds
= vs
->ds
;
455 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
458 if (vs
->client_width
== ds_get_width(ds
) &&
459 vs
->client_height
== ds_get_height(ds
)) {
462 vs
->client_width
= ds_get_width(ds
);
463 vs
->client_height
= ds_get_height(ds
);
465 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
467 vnc_write_u16(vs
, 1); /* number of rects */
468 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
469 VNC_ENCODING_DESKTOPRESIZE
);
470 vnc_unlock_output(vs
);
474 #ifdef CONFIG_VNC_THREAD
475 static void vnc_abort_display_jobs(VncDisplay
*vd
)
479 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
482 vnc_unlock_output(vs
);
484 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
487 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
490 vnc_unlock_output(vs
);
494 static void vnc_abort_display_jobs(VncDisplay
*vd
)
499 static void vnc_dpy_resize(DisplayState
*ds
)
501 VncDisplay
*vd
= ds
->opaque
;
504 vnc_abort_display_jobs(vd
);
508 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
509 if (vd
->server
->data
)
510 qemu_free(vd
->server
->data
);
511 *(vd
->server
) = *(ds
->surface
);
512 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
517 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
518 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
519 console_color_init(ds
);
520 *(vd
->guest
.ds
) = *(ds
->surface
);
521 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
523 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
525 vnc_desktop_resize(vs
);
526 if (vs
->vd
->cursor
) {
527 vnc_cursor_define(vs
);
529 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
534 static void vnc_write_pixels_copy(VncState
*vs
, struct PixelFormat
*pf
,
535 void *pixels
, int size
)
537 vnc_write(vs
, pixels
, size
);
540 /* slowest but generic code. */
541 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
544 VncDisplay
*vd
= vs
->vd
;
546 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
547 vd
->server
->pf
.rbits
);
548 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
549 vd
->server
->pf
.gbits
);
550 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
551 vd
->server
->pf
.bbits
);
552 v
= (r
<< vs
->clientds
.pf
.rshift
) |
553 (g
<< vs
->clientds
.pf
.gshift
) |
554 (b
<< vs
->clientds
.pf
.bshift
);
555 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
560 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
570 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
585 static void vnc_write_pixels_generic(VncState
*vs
, struct PixelFormat
*pf
,
586 void *pixels1
, int size
)
590 if (pf
->bytes_per_pixel
== 4) {
591 uint32_t *pixels
= pixels1
;
594 for(i
= 0; i
< n
; i
++) {
595 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
596 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
598 } else if (pf
->bytes_per_pixel
== 2) {
599 uint16_t *pixels
= pixels1
;
602 for(i
= 0; i
< n
; i
++) {
603 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
604 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
606 } else if (pf
->bytes_per_pixel
== 1) {
607 uint8_t *pixels
= pixels1
;
610 for(i
= 0; i
< n
; i
++) {
611 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
612 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
615 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
619 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
623 VncDisplay
*vd
= vs
->vd
;
625 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
626 for (i
= 0; i
< h
; i
++) {
627 vs
->write_pixels(vs
, &vd
->server
->pf
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
628 row
+= ds_get_linesize(vs
->ds
);
633 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
637 switch(vs
->vnc_encoding
) {
638 case VNC_ENCODING_ZLIB
:
639 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
641 case VNC_ENCODING_HEXTILE
:
642 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
643 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
645 case VNC_ENCODING_TIGHT
:
646 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
648 case VNC_ENCODING_TIGHT_PNG
:
649 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
651 case VNC_ENCODING_ZRLE
:
652 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
654 case VNC_ENCODING_ZYWRLE
:
655 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
658 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
659 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
665 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
667 /* send bitblit op to the vnc client */
669 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
671 vnc_write_u16(vs
, 1); /* number of rects */
672 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
673 vnc_write_u16(vs
, src_x
);
674 vnc_write_u16(vs
, src_y
);
675 vnc_unlock_output(vs
);
679 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
681 VncDisplay
*vd
= ds
->opaque
;
685 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
688 vnc_refresh_server_surface(vd
);
689 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
690 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
691 vs
->force_update
= 1;
692 vnc_update_client_sync(vs
, 1);
693 /* vs might be free()ed here */
697 /* do bitblit op on the local surface too */
698 pitch
= ds_get_linesize(vd
->ds
);
699 depth
= ds_get_bytes_per_pixel(vd
->ds
);
700 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
701 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
706 src_row
+= pitch
* (h
-1);
707 dst_row
+= pitch
* (h
-1);
712 w_lim
= w
- (16 - (dst_x
% 16));
716 w_lim
= w
- (w_lim
% 16);
717 for (i
= 0; i
< h
; i
++) {
718 for (x
= 0; x
<= w_lim
;
719 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
721 if ((s
= w
- w_lim
) == 0)
724 s
= (16 - (dst_x
% 16));
729 cmp_bytes
= s
* depth
;
730 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
732 memmove(dst_row
, src_row
, cmp_bytes
);
733 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
734 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
735 set_bit(((x
+ dst_x
) / 16), vs
->dirty
[y
]);
739 src_row
+= pitch
- w
* depth
;
740 dst_row
+= pitch
- w
* depth
;
744 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
745 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
746 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
751 static void vnc_mouse_set(int x
, int y
, int visible
)
753 /* can we ask the client(s) to move the pointer ??? */
756 static int vnc_cursor_define(VncState
*vs
)
758 QEMUCursor
*c
= vs
->vd
->cursor
;
759 PixelFormat pf
= qemu_default_pixelformat(32);
762 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
764 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
765 vnc_write_u8(vs
, 0); /* padding */
766 vnc_write_u16(vs
, 1); /* # of rects */
767 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
768 VNC_ENCODING_RICH_CURSOR
);
769 isize
= c
->width
* c
->height
* vs
->clientds
.pf
.bytes_per_pixel
;
770 vnc_write_pixels_generic(vs
, &pf
, c
->data
, isize
);
771 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
772 vnc_unlock_output(vs
);
778 static void vnc_dpy_cursor_define(QEMUCursor
*c
)
780 VncDisplay
*vd
= vnc_display
;
783 cursor_put(vd
->cursor
);
784 qemu_free(vd
->cursor_mask
);
787 cursor_get(vd
->cursor
);
788 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
789 vd
->cursor_mask
= qemu_mallocz(vd
->cursor_msize
);
790 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
792 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
793 vnc_cursor_define(vs
);
797 static int find_and_clear_dirty_height(struct VncState
*vs
,
798 int y
, int last_x
, int x
, int height
)
802 for (h
= 1; h
< (height
- y
); h
++) {
804 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
807 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++) {
808 clear_bit(tmp_x
, vs
->dirty
[y
+ h
]);
815 #ifdef CONFIG_VNC_THREAD
816 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
818 int ret
= vnc_update_client(vs
, has_dirty
);
823 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
825 return vnc_update_client(vs
, has_dirty
);
829 static int vnc_update_client(VncState
*vs
, int has_dirty
)
831 if (vs
->need_update
&& vs
->csock
!= -1) {
832 VncDisplay
*vd
= vs
->vd
;
839 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
840 /* kernel send buffers are full -> drop frames to throttle */
843 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
847 * Send screen updates to the vnc client using the server
848 * surface and server dirty map. guest surface updates
849 * happening in parallel don't disturb us, the next pass will
850 * send them to the client.
852 job
= vnc_job_new(vs
);
854 width
= MIN(vd
->server
->width
, vs
->client_width
);
855 height
= MIN(vd
->server
->height
, vs
->client_height
);
857 for (y
= 0; y
< height
; y
++) {
860 for (x
= 0; x
< width
/ 16; x
++) {
861 if (test_and_clear_bit(x
, vs
->dirty
[y
])) {
867 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
,
870 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
871 (x
- last_x
) * 16, h
);
877 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
, height
);
878 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
879 (x
- last_x
) * 16, h
);
884 vs
->force_update
= 0;
889 vnc_disconnect_finish(vs
);
895 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
897 VncState
*vs
= opaque
;
900 case AUD_CNOTIFY_DISABLE
:
902 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
903 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
904 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
905 vnc_unlock_output(vs
);
909 case AUD_CNOTIFY_ENABLE
:
911 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
912 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
913 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
914 vnc_unlock_output(vs
);
920 static void audio_capture_destroy(void *opaque
)
924 static void audio_capture(void *opaque
, void *buf
, int size
)
926 VncState
*vs
= opaque
;
929 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
930 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
931 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
932 vnc_write_u32(vs
, size
);
933 vnc_write(vs
, buf
, size
);
934 vnc_unlock_output(vs
);
938 static void audio_add(VncState
*vs
)
940 struct audio_capture_ops ops
;
943 monitor_printf(default_mon
, "audio already running\n");
947 ops
.notify
= audio_capture_notify
;
948 ops
.destroy
= audio_capture_destroy
;
949 ops
.capture
= audio_capture
;
951 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
952 if (!vs
->audio_cap
) {
953 monitor_printf(default_mon
, "Failed to add audio capture\n");
957 static void audio_del(VncState
*vs
)
960 AUD_del_capture(vs
->audio_cap
, vs
);
961 vs
->audio_cap
= NULL
;
965 static void vnc_disconnect_start(VncState
*vs
)
969 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
970 closesocket(vs
->csock
);
974 static void vnc_disconnect_finish(VncState
*vs
)
978 vnc_jobs_join(vs
); /* Wait encoding jobs */
981 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
983 buffer_free(&vs
->input
);
984 buffer_free(&vs
->output
);
986 qobject_decref(vs
->info
);
992 #ifdef CONFIG_VNC_TLS
993 vnc_tls_client_cleanup(vs
);
994 #endif /* CONFIG_VNC_TLS */
995 #ifdef CONFIG_VNC_SASL
996 vnc_sasl_client_cleanup(vs
);
997 #endif /* CONFIG_VNC_SASL */
1000 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1002 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1006 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1007 vnc_remove_timer(vs
->vd
);
1008 if (vs
->vd
->lock_key_sync
)
1009 qemu_remove_led_event_handler(vs
->led
);
1010 vnc_unlock_output(vs
);
1012 #ifdef CONFIG_VNC_THREAD
1013 qemu_mutex_destroy(&vs
->output_mutex
);
1015 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1016 qemu_free(vs
->lossy_rect
[i
]);
1018 qemu_free(vs
->lossy_rect
);
1022 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1024 if (ret
== 0 || ret
== -1) {
1026 switch (last_errno
) {
1030 case WSAEWOULDBLOCK
:
1038 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1039 ret
, ret
< 0 ? last_errno
: 0);
1040 vnc_disconnect_start(vs
);
1048 void vnc_client_error(VncState
*vs
)
1050 VNC_DEBUG("Closing down client sock: protocol error\n");
1051 vnc_disconnect_start(vs
);
1056 * Called to write a chunk of data to the client socket. The data may
1057 * be the raw data, or may have already been encoded by SASL.
1058 * The data will be written either straight onto the socket, or
1059 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1061 * NB, it is theoretically possible to have 2 layers of encryption,
1062 * both SASL, and this TLS layer. It is highly unlikely in practice
1063 * though, since SASL encryption will typically be a no-op if TLS
1066 * Returns the number of bytes written, which may be less than
1067 * the requested 'datalen' if the socket would block. Returns
1068 * -1 on error, and disconnects the client socket.
1070 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1073 #ifdef CONFIG_VNC_TLS
1074 if (vs
->tls
.session
) {
1075 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1077 if (ret
== GNUTLS_E_AGAIN
)
1084 #endif /* CONFIG_VNC_TLS */
1085 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1086 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1087 return vnc_client_io_error(vs
, ret
, socket_error());
1092 * Called to write buffered data to the client socket, when not
1093 * using any SASL SSF encryption layers. Will write as much data
1094 * as possible without blocking. If all buffered data is written,
1095 * will switch the FD poll() handler back to read monitoring.
1097 * Returns the number of bytes written, which may be less than
1098 * the buffered output data if the socket would block. Returns
1099 * -1 on error, and disconnects the client socket.
1101 static long vnc_client_write_plain(VncState
*vs
)
1105 #ifdef CONFIG_VNC_SASL
1106 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1107 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1108 vs
->sasl
.waitWriteSSF
);
1110 if (vs
->sasl
.conn
&&
1112 vs
->sasl
.waitWriteSSF
) {
1113 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1115 vs
->sasl
.waitWriteSSF
-= ret
;
1117 #endif /* CONFIG_VNC_SASL */
1118 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1122 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1123 vs
->output
.offset
-= ret
;
1125 if (vs
->output
.offset
== 0) {
1126 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1134 * First function called whenever there is data to be written to
1135 * the client socket. Will delegate actual work according to whether
1136 * SASL SSF layers are enabled (thus requiring encryption calls)
1138 static void vnc_client_write_locked(void *opaque
)
1140 VncState
*vs
= opaque
;
1142 #ifdef CONFIG_VNC_SASL
1143 if (vs
->sasl
.conn
&&
1145 !vs
->sasl
.waitWriteSSF
) {
1146 vnc_client_write_sasl(vs
);
1148 #endif /* CONFIG_VNC_SASL */
1149 vnc_client_write_plain(vs
);
1152 void vnc_client_write(void *opaque
)
1154 VncState
*vs
= opaque
;
1156 vnc_lock_output(vs
);
1157 if (vs
->output
.offset
) {
1158 vnc_client_write_locked(opaque
);
1159 } else if (vs
->csock
!= -1) {
1160 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1162 vnc_unlock_output(vs
);
1165 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1167 vs
->read_handler
= func
;
1168 vs
->read_handler_expect
= expecting
;
1173 * Called to read a chunk of data from the client socket. The data may
1174 * be the raw data, or may need to be further decoded by SASL.
1175 * The data will be read either straight from to the socket, or
1176 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1178 * NB, it is theoretically possible to have 2 layers of encryption,
1179 * both SASL, and this TLS layer. It is highly unlikely in practice
1180 * though, since SASL encryption will typically be a no-op if TLS
1183 * Returns the number of bytes read, which may be less than
1184 * the requested 'datalen' if the socket would block. Returns
1185 * -1 on error, and disconnects the client socket.
1187 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1190 #ifdef CONFIG_VNC_TLS
1191 if (vs
->tls
.session
) {
1192 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1194 if (ret
== GNUTLS_E_AGAIN
)
1201 #endif /* CONFIG_VNC_TLS */
1202 ret
= qemu_recv(vs
->csock
, data
, datalen
, 0);
1203 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1204 return vnc_client_io_error(vs
, ret
, socket_error());
1209 * Called to read data from the client socket to the input buffer,
1210 * when not using any SASL SSF encryption layers. Will read as much
1211 * data as possible without blocking.
1213 * Returns the number of bytes read. Returns -1 on error, and
1214 * disconnects the client socket.
1216 static long vnc_client_read_plain(VncState
*vs
)
1219 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1220 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1221 buffer_reserve(&vs
->input
, 4096);
1222 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1225 vs
->input
.offset
+= ret
;
1231 * First function called whenever there is more data to be read from
1232 * the client socket. Will delegate actual work according to whether
1233 * SASL SSF layers are enabled (thus requiring decryption calls)
1235 void vnc_client_read(void *opaque
)
1237 VncState
*vs
= opaque
;
1240 #ifdef CONFIG_VNC_SASL
1241 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1242 ret
= vnc_client_read_sasl(vs
);
1244 #endif /* CONFIG_VNC_SASL */
1245 ret
= vnc_client_read_plain(vs
);
1247 if (vs
->csock
== -1)
1248 vnc_disconnect_finish(vs
);
1252 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1253 size_t len
= vs
->read_handler_expect
;
1256 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1257 if (vs
->csock
== -1) {
1258 vnc_disconnect_finish(vs
);
1263 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1264 vs
->input
.offset
-= len
;
1266 vs
->read_handler_expect
= ret
;
1271 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1273 buffer_reserve(&vs
->output
, len
);
1275 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1276 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1279 buffer_append(&vs
->output
, data
, len
);
1282 void vnc_write_s32(VncState
*vs
, int32_t value
)
1284 vnc_write_u32(vs
, *(uint32_t *)&value
);
1287 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1291 buf
[0] = (value
>> 24) & 0xFF;
1292 buf
[1] = (value
>> 16) & 0xFF;
1293 buf
[2] = (value
>> 8) & 0xFF;
1294 buf
[3] = value
& 0xFF;
1296 vnc_write(vs
, buf
, 4);
1299 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1303 buf
[0] = (value
>> 8) & 0xFF;
1304 buf
[1] = value
& 0xFF;
1306 vnc_write(vs
, buf
, 2);
1309 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1311 vnc_write(vs
, (char *)&value
, 1);
1314 void vnc_flush(VncState
*vs
)
1316 vnc_lock_output(vs
);
1317 if (vs
->csock
!= -1 && vs
->output
.offset
) {
1318 vnc_client_write_locked(vs
);
1320 vnc_unlock_output(vs
);
1323 uint8_t read_u8(uint8_t *data
, size_t offset
)
1325 return data
[offset
];
1328 uint16_t read_u16(uint8_t *data
, size_t offset
)
1330 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1333 int32_t read_s32(uint8_t *data
, size_t offset
)
1335 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1336 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1339 uint32_t read_u32(uint8_t *data
, size_t offset
)
1341 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1342 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1345 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1349 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1351 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1352 int absolute
= kbd_mouse_is_absolute();
1354 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1355 vnc_lock_output(vs
);
1356 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1357 vnc_write_u8(vs
, 0);
1358 vnc_write_u16(vs
, 1);
1359 vnc_framebuffer_update(vs
, absolute
, 0,
1360 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1361 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1362 vnc_unlock_output(vs
);
1365 vs
->absolute
= absolute
;
1368 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1373 if (button_mask
& 0x01)
1374 buttons
|= MOUSE_EVENT_LBUTTON
;
1375 if (button_mask
& 0x02)
1376 buttons
|= MOUSE_EVENT_MBUTTON
;
1377 if (button_mask
& 0x04)
1378 buttons
|= MOUSE_EVENT_RBUTTON
;
1379 if (button_mask
& 0x08)
1381 if (button_mask
& 0x10)
1385 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1386 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1387 ds_get_height(vs
->ds
) > 1 ?
1388 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1390 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1394 kbd_mouse_event(x
, y
, dz
, buttons
);
1396 if (vs
->last_x
!= -1)
1397 kbd_mouse_event(x
- vs
->last_x
,
1405 static void reset_keys(VncState
*vs
)
1408 for(i
= 0; i
< 256; i
++) {
1409 if (vs
->modifiers_state
[i
]) {
1410 if (i
& SCANCODE_GREY
)
1411 kbd_put_keycode(SCANCODE_EMUL0
);
1412 kbd_put_keycode(i
| SCANCODE_UP
);
1413 vs
->modifiers_state
[i
] = 0;
1418 static void press_key(VncState
*vs
, int keysym
)
1420 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1421 if (keycode
& SCANCODE_GREY
)
1422 kbd_put_keycode(SCANCODE_EMUL0
);
1423 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1424 if (keycode
& SCANCODE_GREY
)
1425 kbd_put_keycode(SCANCODE_EMUL0
);
1426 kbd_put_keycode(keycode
| SCANCODE_UP
);
1429 static void kbd_leds(void *opaque
, int ledstate
)
1431 VncState
*vs
= opaque
;
1434 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1435 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1437 if (vs
->modifiers_state
[0x3a] != caps
) {
1438 vs
->modifiers_state
[0x3a] = caps
;
1440 if (vs
->modifiers_state
[0x45] != num
) {
1441 vs
->modifiers_state
[0x45] = num
;
1445 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1447 /* QEMU console switch */
1449 case 0x2a: /* Left Shift */
1450 case 0x36: /* Right Shift */
1451 case 0x1d: /* Left CTRL */
1452 case 0x9d: /* Right CTRL */
1453 case 0x38: /* Left ALT */
1454 case 0xb8: /* Right ALT */
1456 vs
->modifiers_state
[keycode
] = 1;
1458 vs
->modifiers_state
[keycode
] = 0;
1460 case 0x02 ... 0x0a: /* '1' to '9' keys */
1461 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1462 /* Reset the modifiers sent to the current console */
1464 console_select(keycode
- 0x02);
1468 case 0x3a: /* CapsLock */
1469 case 0x45: /* NumLock */
1471 vs
->modifiers_state
[keycode
] ^= 1;
1475 if (down
&& vs
->vd
->lock_key_sync
&&
1476 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1477 /* If the numlock state needs to change then simulate an additional
1478 keypress before sending this one. This will happen if the user
1479 toggles numlock away from the VNC window.
1481 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1482 if (!vs
->modifiers_state
[0x45]) {
1483 vs
->modifiers_state
[0x45] = 1;
1484 press_key(vs
, 0xff7f);
1487 if (vs
->modifiers_state
[0x45]) {
1488 vs
->modifiers_state
[0x45] = 0;
1489 press_key(vs
, 0xff7f);
1494 if (down
&& vs
->vd
->lock_key_sync
&&
1495 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1496 /* If the capslock state needs to change then simulate an additional
1497 keypress before sending this one. This will happen if the user
1498 toggles capslock away from the VNC window.
1500 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1501 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1502 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1504 if (uppercase
== shift
) {
1505 vs
->modifiers_state
[0x3a] = 0;
1506 press_key(vs
, 0xffe5);
1509 if (uppercase
!= shift
) {
1510 vs
->modifiers_state
[0x3a] = 1;
1511 press_key(vs
, 0xffe5);
1516 if (is_graphic_console()) {
1517 if (keycode
& SCANCODE_GREY
)
1518 kbd_put_keycode(SCANCODE_EMUL0
);
1520 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1522 kbd_put_keycode(keycode
| SCANCODE_UP
);
1524 /* QEMU console emulation */
1526 int numlock
= vs
->modifiers_state
[0x45];
1528 case 0x2a: /* Left Shift */
1529 case 0x36: /* Right Shift */
1530 case 0x1d: /* Left CTRL */
1531 case 0x9d: /* Right CTRL */
1532 case 0x38: /* Left ALT */
1533 case 0xb8: /* Right ALT */
1536 kbd_put_keysym(QEMU_KEY_UP
);
1539 kbd_put_keysym(QEMU_KEY_DOWN
);
1542 kbd_put_keysym(QEMU_KEY_LEFT
);
1545 kbd_put_keysym(QEMU_KEY_RIGHT
);
1548 kbd_put_keysym(QEMU_KEY_DELETE
);
1551 kbd_put_keysym(QEMU_KEY_HOME
);
1554 kbd_put_keysym(QEMU_KEY_END
);
1557 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1560 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1564 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1567 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1570 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1573 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1576 kbd_put_keysym('5');
1579 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1582 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1585 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1588 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1591 kbd_put_keysym('0');
1594 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1598 kbd_put_keysym('/');
1601 kbd_put_keysym('*');
1604 kbd_put_keysym('-');
1607 kbd_put_keysym('+');
1610 kbd_put_keysym('\n');
1614 kbd_put_keysym(sym
);
1621 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1626 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1627 lsym
= lsym
- 'A' + 'a';
1630 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1631 do_key_event(vs
, down
, keycode
, sym
);
1634 static void ext_key_event(VncState
*vs
, int down
,
1635 uint32_t sym
, uint16_t keycode
)
1637 /* if the user specifies a keyboard layout, always use it */
1638 if (keyboard_layout
)
1639 key_event(vs
, down
, sym
);
1641 do_key_event(vs
, down
, keycode
, sym
);
1644 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1645 int x_position
, int y_position
,
1649 const size_t width
= ds_get_width(vs
->ds
) / 16;
1651 if (y_position
> ds_get_height(vs
->ds
))
1652 y_position
= ds_get_height(vs
->ds
);
1653 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1654 h
= ds_get_height(vs
->ds
) - y_position
;
1656 vs
->need_update
= 1;
1658 vs
->force_update
= 1;
1659 for (i
= 0; i
< h
; i
++) {
1660 bitmap_set(vs
->dirty
[y_position
+ i
], 0, width
);
1661 bitmap_clear(vs
->dirty
[y_position
+ i
], width
,
1662 VNC_DIRTY_BITS
- width
);
1667 static void send_ext_key_event_ack(VncState
*vs
)
1669 vnc_lock_output(vs
);
1670 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1671 vnc_write_u8(vs
, 0);
1672 vnc_write_u16(vs
, 1);
1673 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1674 VNC_ENCODING_EXT_KEY_EVENT
);
1675 vnc_unlock_output(vs
);
1679 static void send_ext_audio_ack(VncState
*vs
)
1681 vnc_lock_output(vs
);
1682 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1683 vnc_write_u8(vs
, 0);
1684 vnc_write_u16(vs
, 1);
1685 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1686 VNC_ENCODING_AUDIO
);
1687 vnc_unlock_output(vs
);
1691 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1694 unsigned int enc
= 0;
1697 vs
->vnc_encoding
= 0;
1698 vs
->tight
.compression
= 9;
1699 vs
->tight
.quality
= -1; /* Lossless by default */
1703 * Start from the end because the encodings are sent in order of preference.
1704 * This way the prefered encoding (first encoding defined in the array)
1705 * will be set at the end of the loop.
1707 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1710 case VNC_ENCODING_RAW
:
1711 vs
->vnc_encoding
= enc
;
1713 case VNC_ENCODING_COPYRECT
:
1714 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1716 case VNC_ENCODING_HEXTILE
:
1717 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1718 vs
->vnc_encoding
= enc
;
1720 case VNC_ENCODING_TIGHT
:
1721 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1722 vs
->vnc_encoding
= enc
;
1724 case VNC_ENCODING_TIGHT_PNG
:
1725 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1726 vs
->vnc_encoding
= enc
;
1728 case VNC_ENCODING_ZLIB
:
1729 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1730 vs
->vnc_encoding
= enc
;
1732 case VNC_ENCODING_ZRLE
:
1733 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
1734 vs
->vnc_encoding
= enc
;
1736 case VNC_ENCODING_ZYWRLE
:
1737 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
1738 vs
->vnc_encoding
= enc
;
1740 case VNC_ENCODING_DESKTOPRESIZE
:
1741 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1743 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1744 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1746 case VNC_ENCODING_RICH_CURSOR
:
1747 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1749 case VNC_ENCODING_EXT_KEY_EVENT
:
1750 send_ext_key_event_ack(vs
);
1752 case VNC_ENCODING_AUDIO
:
1753 send_ext_audio_ack(vs
);
1755 case VNC_ENCODING_WMVi
:
1756 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1758 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1759 vs
->tight
.compression
= (enc
& 0x0F);
1761 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1762 if (vs
->vd
->lossy
) {
1763 vs
->tight
.quality
= (enc
& 0x0F);
1767 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1771 vnc_desktop_resize(vs
);
1772 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
1775 static void set_pixel_conversion(VncState
*vs
)
1777 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1778 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1779 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1780 vs
->write_pixels
= vnc_write_pixels_copy
;
1781 vnc_hextile_set_pixel_conversion(vs
, 0);
1783 vs
->write_pixels
= vnc_write_pixels_generic
;
1784 vnc_hextile_set_pixel_conversion(vs
, 1);
1788 static void set_pixel_format(VncState
*vs
,
1789 int bits_per_pixel
, int depth
,
1790 int big_endian_flag
, int true_color_flag
,
1791 int red_max
, int green_max
, int blue_max
,
1792 int red_shift
, int green_shift
, int blue_shift
)
1794 if (!true_color_flag
) {
1795 vnc_client_error(vs
);
1799 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1800 vs
->clientds
.pf
.rmax
= red_max
;
1801 vs
->clientds
.pf
.rbits
= hweight_long(red_max
);
1802 vs
->clientds
.pf
.rshift
= red_shift
;
1803 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1804 vs
->clientds
.pf
.gmax
= green_max
;
1805 vs
->clientds
.pf
.gbits
= hweight_long(green_max
);
1806 vs
->clientds
.pf
.gshift
= green_shift
;
1807 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1808 vs
->clientds
.pf
.bmax
= blue_max
;
1809 vs
->clientds
.pf
.bbits
= hweight_long(blue_max
);
1810 vs
->clientds
.pf
.bshift
= blue_shift
;
1811 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1812 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1813 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1814 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1815 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1817 set_pixel_conversion(vs
);
1819 vga_hw_invalidate();
1823 static void pixel_format_message (VncState
*vs
) {
1824 char pad
[3] = { 0, 0, 0 };
1826 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1827 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1829 #ifdef HOST_WORDS_BIGENDIAN
1830 vnc_write_u8(vs
, 1); /* big-endian-flag */
1832 vnc_write_u8(vs
, 0); /* big-endian-flag */
1834 vnc_write_u8(vs
, 1); /* true-color-flag */
1835 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1836 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1837 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1838 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1839 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1840 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1842 vnc_hextile_set_pixel_conversion(vs
, 0);
1844 vs
->clientds
= *(vs
->ds
->surface
);
1845 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1846 vs
->write_pixels
= vnc_write_pixels_copy
;
1848 vnc_write(vs
, pad
, 3); /* padding */
1851 static void vnc_dpy_setdata(DisplayState
*ds
)
1853 /* We don't have to do anything */
1856 static void vnc_colordepth(VncState
*vs
)
1858 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1859 /* Sending a WMVi message to notify the client*/
1860 vnc_lock_output(vs
);
1861 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1862 vnc_write_u8(vs
, 0);
1863 vnc_write_u16(vs
, 1); /* number of rects */
1864 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1865 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1866 pixel_format_message(vs
);
1867 vnc_unlock_output(vs
);
1870 set_pixel_conversion(vs
);
1874 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1878 VncDisplay
*vd
= vs
->vd
;
1881 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1882 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock_ms(rt_clock
) + vd
->timer_interval
))
1883 qemu_mod_timer(vd
->timer
, qemu_get_clock_ms(rt_clock
) + vd
->timer_interval
);
1887 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
1891 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1892 read_u8(data
, 6), read_u8(data
, 7),
1893 read_u16(data
, 8), read_u16(data
, 10),
1894 read_u16(data
, 12), read_u8(data
, 14),
1895 read_u8(data
, 15), read_u8(data
, 16));
1897 case VNC_MSG_CLIENT_SET_ENCODINGS
:
1902 limit
= read_u16(data
, 2);
1904 return 4 + (limit
* 4);
1906 limit
= read_u16(data
, 2);
1908 for (i
= 0; i
< limit
; i
++) {
1909 int32_t val
= read_s32(data
, 4 + (i
* 4));
1910 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1913 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1915 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
1919 framebuffer_update_request(vs
,
1920 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1921 read_u16(data
, 6), read_u16(data
, 8));
1923 case VNC_MSG_CLIENT_KEY_EVENT
:
1927 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1929 case VNC_MSG_CLIENT_POINTER_EVENT
:
1933 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1935 case VNC_MSG_CLIENT_CUT_TEXT
:
1940 uint32_t dlen
= read_u32(data
, 4);
1945 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1947 case VNC_MSG_CLIENT_QEMU
:
1951 switch (read_u8(data
, 1)) {
1952 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
1956 ext_key_event(vs
, read_u16(data
, 2),
1957 read_u32(data
, 4), read_u32(data
, 8));
1959 case VNC_MSG_CLIENT_QEMU_AUDIO
:
1963 switch (read_u16 (data
, 2)) {
1964 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
1967 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
1970 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
1973 switch (read_u8(data
, 4)) {
1974 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1975 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1976 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1977 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1978 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1979 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1981 printf("Invalid audio format %d\n", read_u8(data
, 4));
1982 vnc_client_error(vs
);
1985 vs
->as
.nchannels
= read_u8(data
, 5);
1986 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1987 printf("Invalid audio channel coount %d\n",
1989 vnc_client_error(vs
);
1992 vs
->as
.freq
= read_u32(data
, 6);
1995 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1996 vnc_client_error(vs
);
2002 printf("Msg: %d\n", read_u16(data
, 0));
2003 vnc_client_error(vs
);
2008 printf("Msg: %d\n", data
[0]);
2009 vnc_client_error(vs
);
2013 vnc_read_when(vs
, protocol_client_msg
, 1);
2017 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2022 vs
->client_width
= ds_get_width(vs
->ds
);
2023 vs
->client_height
= ds_get_height(vs
->ds
);
2024 vnc_write_u16(vs
, vs
->client_width
);
2025 vnc_write_u16(vs
, vs
->client_height
);
2027 pixel_format_message(vs
);
2030 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2032 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2034 vnc_write_u32(vs
, size
);
2035 vnc_write(vs
, buf
, size
);
2038 vnc_client_cache_auth(vs
);
2039 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2041 vnc_read_when(vs
, protocol_client_msg
, 1);
2046 void start_client_init(VncState
*vs
)
2048 vnc_read_when(vs
, protocol_client_init
, 1);
2051 static void make_challenge(VncState
*vs
)
2055 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2057 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2058 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2061 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2063 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2065 unsigned char key
[8];
2066 time_t now
= time(NULL
);
2068 if (!vs
->vd
->password
) {
2069 VNC_DEBUG("No password configured on server");
2072 if (vs
->vd
->expires
< now
) {
2073 VNC_DEBUG("Password is expired");
2077 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2079 /* Calculate the expected challenge response */
2080 pwlen
= strlen(vs
->vd
->password
);
2081 for (i
=0; i
<sizeof(key
); i
++)
2082 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2084 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2085 des(response
+j
, response
+j
);
2087 /* Compare expected vs actual challenge response */
2088 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2089 VNC_DEBUG("Client challenge reponse did not match\n");
2092 VNC_DEBUG("Accepting VNC challenge response\n");
2093 vnc_write_u32(vs
, 0); /* Accept auth */
2096 start_client_init(vs
);
2101 vnc_write_u32(vs
, 1); /* Reject auth */
2102 if (vs
->minor
>= 8) {
2103 static const char err
[] = "Authentication failed";
2104 vnc_write_u32(vs
, sizeof(err
));
2105 vnc_write(vs
, err
, sizeof(err
));
2108 vnc_client_error(vs
);
2112 void start_auth_vnc(VncState
*vs
)
2115 /* Send client a 'random' challenge */
2116 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2119 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2123 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2125 /* We only advertise 1 auth scheme at a time, so client
2126 * must pick the one we sent. Verify this */
2127 if (data
[0] != vs
->auth
) { /* Reject auth */
2128 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2129 vnc_write_u32(vs
, 1);
2130 if (vs
->minor
>= 8) {
2131 static const char err
[] = "Authentication failed";
2132 vnc_write_u32(vs
, sizeof(err
));
2133 vnc_write(vs
, err
, sizeof(err
));
2135 vnc_client_error(vs
);
2136 } else { /* Accept requested auth */
2137 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2140 VNC_DEBUG("Accept auth none\n");
2141 if (vs
->minor
>= 8) {
2142 vnc_write_u32(vs
, 0); /* Accept auth completion */
2145 start_client_init(vs
);
2149 VNC_DEBUG("Start VNC auth\n");
2153 #ifdef CONFIG_VNC_TLS
2154 case VNC_AUTH_VENCRYPT
:
2155 VNC_DEBUG("Accept VeNCrypt auth\n");;
2156 start_auth_vencrypt(vs
);
2158 #endif /* CONFIG_VNC_TLS */
2160 #ifdef CONFIG_VNC_SASL
2162 VNC_DEBUG("Accept SASL auth\n");
2163 start_auth_sasl(vs
);
2165 #endif /* CONFIG_VNC_SASL */
2167 default: /* Should not be possible, but just in case */
2168 VNC_DEBUG("Reject auth %d server code bug\n", vs
->auth
);
2169 vnc_write_u8(vs
, 1);
2170 if (vs
->minor
>= 8) {
2171 static const char err
[] = "Authentication failed";
2172 vnc_write_u32(vs
, sizeof(err
));
2173 vnc_write(vs
, err
, sizeof(err
));
2175 vnc_client_error(vs
);
2181 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2185 memcpy(local
, version
, 12);
2188 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2189 VNC_DEBUG("Malformed protocol version %s\n", local
);
2190 vnc_client_error(vs
);
2193 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2194 if (vs
->major
!= 3 ||
2200 VNC_DEBUG("Unsupported client version\n");
2201 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2203 vnc_client_error(vs
);
2206 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2207 * as equivalent to v3.3 by servers
2209 if (vs
->minor
== 4 || vs
->minor
== 5)
2212 if (vs
->minor
== 3) {
2213 if (vs
->auth
== VNC_AUTH_NONE
) {
2214 VNC_DEBUG("Tell client auth none\n");
2215 vnc_write_u32(vs
, vs
->auth
);
2217 start_client_init(vs
);
2218 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2219 VNC_DEBUG("Tell client VNC auth\n");
2220 vnc_write_u32(vs
, vs
->auth
);
2224 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2225 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2227 vnc_client_error(vs
);
2230 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2231 vnc_write_u8(vs
, 1); /* num auth */
2232 vnc_write_u8(vs
, vs
->auth
);
2233 vnc_read_when(vs
, protocol_client_auth
, 1);
2240 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2242 struct VncSurface
*vs
= &vd
->guest
;
2244 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2247 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2251 w
= (x
+ w
) / VNC_STAT_RECT
;
2252 h
= (y
+ h
) / VNC_STAT_RECT
;
2256 for (j
= y
; j
<= h
; j
++) {
2257 for (i
= x
; i
<= w
; i
++) {
2258 vs
->lossy_rect
[j
][i
] = 1;
2263 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2266 int sty
= y
/ VNC_STAT_RECT
;
2267 int stx
= x
/ VNC_STAT_RECT
;
2270 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2271 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2273 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2276 /* kernel send buffers are full -> refresh later */
2277 if (vs
->output
.offset
) {
2281 if (!vs
->lossy_rect
[sty
][stx
]) {
2285 vs
->lossy_rect
[sty
][stx
] = 0;
2286 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2287 bitmap_set(vs
->dirty
[y
+ j
], x
/ 16, VNC_STAT_RECT
/ 16);
2295 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2301 for (y
= 0; y
< vd
->guest
.ds
->height
; y
+= VNC_STAT_RECT
) {
2302 for (x
= 0; x
< vd
->guest
.ds
->width
; x
+= VNC_STAT_RECT
) {
2303 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2305 rect
->updated
= false;
2309 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2311 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2314 vd
->guest
.last_freq_check
= *tv
;
2316 for (y
= 0; y
< vd
->guest
.ds
->height
; y
+= VNC_STAT_RECT
) {
2317 for (x
= 0; x
< vd
->guest
.ds
->width
; x
+= VNC_STAT_RECT
) {
2318 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2319 int count
= ARRAY_SIZE(rect
->times
);
2320 struct timeval min
, max
;
2322 if (!timerisset(&rect
->times
[count
- 1])) {
2326 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2327 qemu_timersub(tv
, &max
, &res
);
2329 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2331 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2332 memset(rect
->times
, 0, sizeof (rect
->times
));
2336 min
= rect
->times
[rect
->idx
];
2337 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2338 qemu_timersub(&max
, &min
, &res
);
2340 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2341 rect
->freq
/= count
;
2342 rect
->freq
= 1. / rect
->freq
;
2348 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2354 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2355 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2357 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2358 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2359 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2371 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2375 rect
= vnc_stat_rect(vd
, x
, y
);
2376 if (rect
->updated
) {
2379 rect
->times
[rect
->idx
] = *tv
;
2380 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2381 rect
->updated
= true;
2384 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2388 uint8_t *server_row
;
2393 struct timeval tv
= { 0, 0 };
2395 if (!vd
->non_adaptive
) {
2396 gettimeofday(&tv
, NULL
);
2397 has_dirty
= vnc_update_stats(vd
, &tv
);
2401 * Walk through the guest dirty map.
2402 * Check and copy modified bits from guest to server surface.
2403 * Update server dirty map.
2405 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2406 guest_row
= vd
->guest
.ds
->data
;
2407 server_row
= vd
->server
->data
;
2408 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2409 if (!bitmap_empty(vd
->guest
.dirty
[y
], VNC_DIRTY_BITS
)) {
2412 uint8_t *server_ptr
;
2414 guest_ptr
= guest_row
;
2415 server_ptr
= server_row
;
2417 for (x
= 0; x
< vd
->guest
.ds
->width
;
2418 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2419 if (!test_and_clear_bit((x
/ 16), vd
->guest
.dirty
[y
]))
2421 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2423 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2424 if (!vd
->non_adaptive
)
2425 vnc_rect_updated(vd
, x
, y
, &tv
);
2426 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2427 set_bit((x
/ 16), vs
->dirty
[y
]);
2432 guest_row
+= ds_get_linesize(vd
->ds
);
2433 server_row
+= ds_get_linesize(vd
->ds
);
2438 static void vnc_refresh(void *opaque
)
2440 VncDisplay
*vd
= opaque
;
2442 int has_dirty
, rects
= 0;
2446 if (vnc_trylock_display(vd
)) {
2447 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2448 qemu_mod_timer(vd
->timer
, qemu_get_clock_ms(rt_clock
) +
2449 vd
->timer_interval
);
2453 has_dirty
= vnc_refresh_server_surface(vd
);
2454 vnc_unlock_display(vd
);
2456 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2457 rects
+= vnc_update_client(vs
, has_dirty
);
2458 /* vs might be free()ed here */
2461 /* vd->timer could be NULL now if the last client disconnected,
2462 * in this case don't update the timer */
2463 if (vd
->timer
== NULL
)
2466 if (has_dirty
&& rects
) {
2467 vd
->timer_interval
/= 2;
2468 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2469 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2471 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2472 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2473 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2475 qemu_mod_timer(vd
->timer
, qemu_get_clock_ms(rt_clock
) + vd
->timer_interval
);
2478 static void vnc_init_timer(VncDisplay
*vd
)
2480 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2481 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2482 vd
->timer
= qemu_new_timer_ms(rt_clock
, vnc_refresh
, vd
);
2483 vnc_dpy_resize(vd
->ds
);
2488 static void vnc_remove_timer(VncDisplay
*vd
)
2490 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2491 qemu_del_timer(vd
->timer
);
2492 qemu_free_timer(vd
->timer
);
2497 static void vnc_connect(VncDisplay
*vd
, int csock
, int skipauth
)
2499 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2505 vs
->auth
= VNC_AUTH_NONE
;
2506 #ifdef CONFIG_VNC_TLS
2507 vs
->subauth
= VNC_AUTH_INVALID
;
2510 vs
->auth
= vd
->auth
;
2511 #ifdef CONFIG_VNC_TLS
2512 vs
->subauth
= vd
->subauth
;
2516 vs
->lossy_rect
= qemu_mallocz(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
2517 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
2518 vs
->lossy_rect
[i
] = qemu_mallocz(VNC_STAT_COLS
* sizeof (uint8_t));
2521 VNC_DEBUG("New client on socket %d\n", csock
);
2523 socket_set_nonblock(vs
->csock
);
2524 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2526 vnc_client_cache_addr(vs
);
2527 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2534 vs
->as
.freq
= 44100;
2535 vs
->as
.nchannels
= 2;
2536 vs
->as
.fmt
= AUD_FMT_S16
;
2537 vs
->as
.endianness
= 0;
2539 #ifdef CONFIG_VNC_THREAD
2540 qemu_mutex_init(&vs
->output_mutex
);
2543 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2547 vnc_write(vs
, "RFB 003.008\n", 12);
2549 vnc_read_when(vs
, protocol_version
, 12);
2551 if (vs
->vd
->lock_key_sync
)
2552 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2554 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2555 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2559 /* vs might be free()ed here */
2562 static void vnc_listen_read(void *opaque
)
2564 VncDisplay
*vs
= opaque
;
2565 struct sockaddr_in addr
;
2566 socklen_t addrlen
= sizeof(addr
);
2571 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2573 vnc_connect(vs
, csock
, 0);
2577 void vnc_display_init(DisplayState
*ds
)
2579 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2581 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2590 QTAILQ_INIT(&vs
->clients
);
2591 vs
->expires
= TIME_MAX
;
2593 if (keyboard_layout
)
2594 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2596 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2598 if (!vs
->kbd_layout
)
2601 #ifdef CONFIG_VNC_THREAD
2602 qemu_mutex_init(&vs
->mutex
);
2603 vnc_start_worker_thread();
2606 dcl
->dpy_copy
= vnc_dpy_copy
;
2607 dcl
->dpy_update
= vnc_dpy_update
;
2608 dcl
->dpy_resize
= vnc_dpy_resize
;
2609 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2610 register_displaychangelistener(ds
, dcl
);
2611 ds
->mouse_set
= vnc_mouse_set
;
2612 ds
->cursor_define
= vnc_dpy_cursor_define
;
2616 void vnc_display_close(DisplayState
*ds
)
2618 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2623 qemu_free(vs
->display
);
2626 if (vs
->lsock
!= -1) {
2627 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2631 vs
->auth
= VNC_AUTH_INVALID
;
2632 #ifdef CONFIG_VNC_TLS
2633 vs
->subauth
= VNC_AUTH_INVALID
;
2634 vs
->tls
.x509verify
= 0;
2638 int vnc_display_disable_login(DisplayState
*ds
)
2640 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2647 qemu_free(vs
->password
);
2650 vs
->password
= NULL
;
2651 vs
->auth
= VNC_AUTH_VNC
;
2656 int vnc_display_password(DisplayState
*ds
, const char *password
)
2659 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2667 /* This is not the intention of this interface but err on the side
2669 ret
= vnc_display_disable_login(ds
);
2674 qemu_free(vs
->password
);
2675 vs
->password
= NULL
;
2677 vs
->password
= qemu_strdup(password
);
2678 vs
->auth
= VNC_AUTH_VNC
;
2681 qerror_report(QERR_SET_PASSWD_FAILED
);
2686 int vnc_display_pw_expire(DisplayState
*ds
, time_t expires
)
2688 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2690 vs
->expires
= expires
;
2694 char *vnc_display_local_addr(DisplayState
*ds
)
2696 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2698 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2701 int vnc_display_open(DisplayState
*ds
, const char *display
)
2703 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2704 const char *options
;
2707 #ifdef CONFIG_VNC_TLS
2708 int tls
= 0, x509
= 0;
2710 #ifdef CONFIG_VNC_SASL
2714 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2717 int lock_key_sync
= 1;
2721 vnc_display_close(ds
);
2722 if (strcmp(display
, "none") == 0)
2725 if (!(vs
->display
= strdup(display
)))
2729 while ((options
= strchr(options
, ','))) {
2731 if (strncmp(options
, "password", 8) == 0) {
2732 password
= 1; /* Require password auth */
2733 } else if (strncmp(options
, "reverse", 7) == 0) {
2735 } else if (strncmp(options
, "no-lock-key-sync", 9) == 0) {
2737 #ifdef CONFIG_VNC_SASL
2738 } else if (strncmp(options
, "sasl", 4) == 0) {
2739 sasl
= 1; /* Require SASL auth */
2741 #ifdef CONFIG_VNC_TLS
2742 } else if (strncmp(options
, "tls", 3) == 0) {
2743 tls
= 1; /* Require TLS */
2744 } else if (strncmp(options
, "x509", 4) == 0) {
2746 x509
= 1; /* Require x509 certificates */
2747 if (strncmp(options
, "x509verify", 10) == 0)
2748 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2750 /* Now check for 'x509=/some/path' postfix
2751 * and use that to setup x509 certificate/key paths */
2752 start
= strchr(options
, '=');
2753 end
= strchr(options
, ',');
2754 if (start
&& (!end
|| (start
< end
))) {
2755 int len
= end
? end
-(start
+1) : strlen(start
+1);
2756 char *path
= qemu_strndup(start
+ 1, len
);
2758 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2759 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2760 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2762 qemu_free(vs
->display
);
2768 fprintf(stderr
, "No certificate path provided\n");
2769 qemu_free(vs
->display
);
2774 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2775 } else if (strncmp(options
, "acl", 3) == 0) {
2778 } else if (strncmp(options
, "lossy", 5) == 0) {
2780 } else if (strncmp(options
, "non-adapative", 13) == 0) {
2781 vs
->non_adaptive
= true;
2785 #ifdef CONFIG_VNC_TLS
2786 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2787 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2788 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2793 #ifdef CONFIG_VNC_SASL
2795 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2796 fprintf(stderr
, "Failed to create username ACL\n");
2803 * Combinations we support here:
2805 * - no-auth (clear text, no auth)
2806 * - password (clear text, weak auth)
2807 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2808 * - tls (encrypt, weak anonymous creds, no auth)
2809 * - tls + password (encrypt, weak anonymous creds, weak auth)
2810 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2811 * - tls + x509 (encrypt, good x509 creds, no auth)
2812 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2813 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2815 * NB1. TLS is a stackable auth scheme.
2816 * NB2. the x509 schemes have option to validate a client cert dname
2819 #ifdef CONFIG_VNC_TLS
2821 vs
->auth
= VNC_AUTH_VENCRYPT
;
2823 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2824 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2826 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2827 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2830 #endif /* CONFIG_VNC_TLS */
2831 VNC_DEBUG("Initializing VNC server with password auth\n");
2832 vs
->auth
= VNC_AUTH_VNC
;
2833 #ifdef CONFIG_VNC_TLS
2834 vs
->subauth
= VNC_AUTH_INVALID
;
2836 #endif /* CONFIG_VNC_TLS */
2837 #ifdef CONFIG_VNC_SASL
2839 #ifdef CONFIG_VNC_TLS
2841 vs
->auth
= VNC_AUTH_VENCRYPT
;
2843 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2844 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2846 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2847 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2850 #endif /* CONFIG_VNC_TLS */
2851 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2852 vs
->auth
= VNC_AUTH_SASL
;
2853 #ifdef CONFIG_VNC_TLS
2854 vs
->subauth
= VNC_AUTH_INVALID
;
2856 #endif /* CONFIG_VNC_TLS */
2857 #endif /* CONFIG_VNC_SASL */
2859 #ifdef CONFIG_VNC_TLS
2861 vs
->auth
= VNC_AUTH_VENCRYPT
;
2863 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2864 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2866 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2867 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2871 VNC_DEBUG("Initializing VNC server with no auth\n");
2872 vs
->auth
= VNC_AUTH_NONE
;
2873 #ifdef CONFIG_VNC_TLS
2874 vs
->subauth
= VNC_AUTH_INVALID
;
2879 #ifdef CONFIG_VNC_SASL
2880 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2881 fprintf(stderr
, "Failed to initialize SASL auth %s",
2882 sasl_errstring(saslErr
, NULL
, NULL
));
2888 vs
->lock_key_sync
= lock_key_sync
;
2891 /* connect to viewer */
2892 if (strncmp(display
, "unix:", 5) == 0)
2893 vs
->lsock
= unix_connect(display
+5);
2895 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2896 if (-1 == vs
->lsock
) {
2901 int csock
= vs
->lsock
;
2903 vnc_connect(vs
, csock
, 0);
2908 /* listen for connects */
2910 dpy
= qemu_malloc(256);
2911 if (strncmp(display
, "unix:", 5) == 0) {
2912 pstrcpy(dpy
, 256, "unix:");
2913 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2915 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2917 if (-1 == vs
->lsock
) {
2925 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);
2928 void vnc_display_add_client(DisplayState
*ds
, int csock
, int skipauth
)
2930 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2932 return vnc_connect(vs
, csock
, skipauth
);