2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/option.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "authz/list.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qapi-emit-events.h"
39 #include "qapi/qapi-events-ui.h"
40 #include "qapi/error.h"
41 #include "qapi/qapi-commands-ui.h"
43 #include "crypto/hash.h"
44 #include "crypto/tlscredsanon.h"
45 #include "crypto/tlscredsx509.h"
46 #include "crypto/random.h"
47 #include "qom/object_interfaces.h"
48 #include "qemu/cutils.h"
49 #include "io/dns-resolver.h"
51 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
52 #define VNC_REFRESH_INTERVAL_INC 50
53 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
54 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
55 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
57 #include "vnc_keysym.h"
58 #include "crypto/cipher.h"
60 static QTAILQ_HEAD(, VncDisplay
) vnc_displays
=
61 QTAILQ_HEAD_INITIALIZER(vnc_displays
);
63 static int vnc_cursor_define(VncState
*vs
);
64 static void vnc_update_throttle_offset(VncState
*vs
);
66 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
69 static const char *mn
[] = {
71 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
72 [VNC_SHARE_MODE_SHARED
] = "shared",
73 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
74 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
76 fprintf(stderr
, "%s/%p: %s -> %s\n", __func__
,
77 vs
->ioc
, mn
[vs
->share_mode
], mn
[mode
]);
80 switch (vs
->share_mode
) {
81 case VNC_SHARE_MODE_CONNECTING
:
82 vs
->vd
->num_connecting
--;
84 case VNC_SHARE_MODE_SHARED
:
87 case VNC_SHARE_MODE_EXCLUSIVE
:
88 vs
->vd
->num_exclusive
--;
94 vs
->share_mode
= mode
;
96 switch (vs
->share_mode
) {
97 case VNC_SHARE_MODE_CONNECTING
:
98 vs
->vd
->num_connecting
++;
100 case VNC_SHARE_MODE_SHARED
:
101 vs
->vd
->num_shared
++;
103 case VNC_SHARE_MODE_EXCLUSIVE
:
104 vs
->vd
->num_exclusive
++;
112 static void vnc_init_basic_info(SocketAddress
*addr
,
116 switch (addr
->type
) {
117 case SOCKET_ADDRESS_TYPE_INET
:
118 info
->host
= g_strdup(addr
->u
.inet
.host
);
119 info
->service
= g_strdup(addr
->u
.inet
.port
);
120 if (addr
->u
.inet
.ipv6
) {
121 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
123 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
127 case SOCKET_ADDRESS_TYPE_UNIX
:
128 info
->host
= g_strdup("");
129 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
130 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
133 case SOCKET_ADDRESS_TYPE_VSOCK
:
134 case SOCKET_ADDRESS_TYPE_FD
:
135 error_setg(errp
, "Unsupported socket address type %s",
136 SocketAddressType_str(addr
->type
));
145 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket
*ioc
,
149 SocketAddress
*addr
= NULL
;
152 error_setg(errp
, "No listener socket available");
156 addr
= qio_channel_socket_get_local_address(ioc
, errp
);
161 vnc_init_basic_info(addr
, info
, errp
);
162 qapi_free_SocketAddress(addr
);
165 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket
*ioc
,
169 SocketAddress
*addr
= NULL
;
171 addr
= qio_channel_socket_get_remote_address(ioc
, errp
);
176 vnc_init_basic_info(addr
, info
, errp
);
177 qapi_free_SocketAddress(addr
);
180 static const char *vnc_auth_name(VncDisplay
*vd
) {
182 case VNC_AUTH_INVALID
:
198 case VNC_AUTH_VENCRYPT
:
199 switch (vd
->subauth
) {
200 case VNC_AUTH_VENCRYPT_PLAIN
:
201 return "vencrypt+plain";
202 case VNC_AUTH_VENCRYPT_TLSNONE
:
203 return "vencrypt+tls+none";
204 case VNC_AUTH_VENCRYPT_TLSVNC
:
205 return "vencrypt+tls+vnc";
206 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
207 return "vencrypt+tls+plain";
208 case VNC_AUTH_VENCRYPT_X509NONE
:
209 return "vencrypt+x509+none";
210 case VNC_AUTH_VENCRYPT_X509VNC
:
211 return "vencrypt+x509+vnc";
212 case VNC_AUTH_VENCRYPT_X509PLAIN
:
213 return "vencrypt+x509+plain";
214 case VNC_AUTH_VENCRYPT_TLSSASL
:
215 return "vencrypt+tls+sasl";
216 case VNC_AUTH_VENCRYPT_X509SASL
:
217 return "vencrypt+x509+sasl";
227 static VncServerInfo
*vnc_server_info_get(VncDisplay
*vd
)
232 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
236 info
= g_malloc0(sizeof(*info
));
237 vnc_init_basic_info_from_server_addr(vd
->listener
->sioc
[0],
238 qapi_VncServerInfo_base(info
), &err
);
239 info
->has_auth
= true;
240 info
->auth
= g_strdup(vnc_auth_name(vd
));
242 qapi_free_VncServerInfo(info
);
249 static void vnc_client_cache_auth(VncState
*client
)
256 client
->info
->x509_dname
=
257 qcrypto_tls_session_get_peer_name(client
->tls
);
258 client
->info
->has_x509_dname
=
259 client
->info
->x509_dname
!= NULL
;
261 #ifdef CONFIG_VNC_SASL
262 if (client
->sasl
.conn
&&
263 client
->sasl
.username
) {
264 client
->info
->has_sasl_username
= true;
265 client
->info
->sasl_username
= g_strdup(client
->sasl
.username
);
270 static void vnc_client_cache_addr(VncState
*client
)
274 client
->info
= g_malloc0(sizeof(*client
->info
));
275 vnc_init_basic_info_from_remote_addr(client
->sioc
,
276 qapi_VncClientInfo_base(client
->info
),
279 qapi_free_VncClientInfo(client
->info
);
285 static void vnc_qmp_event(VncState
*vs
, QAPIEvent event
)
293 si
= vnc_server_info_get(vs
->vd
);
299 case QAPI_EVENT_VNC_CONNECTED
:
300 qapi_event_send_vnc_connected(si
, qapi_VncClientInfo_base(vs
->info
));
302 case QAPI_EVENT_VNC_INITIALIZED
:
303 qapi_event_send_vnc_initialized(si
, vs
->info
);
305 case QAPI_EVENT_VNC_DISCONNECTED
:
306 qapi_event_send_vnc_disconnected(si
, vs
->info
);
312 qapi_free_VncServerInfo(si
);
315 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
320 info
= g_malloc0(sizeof(*info
));
322 vnc_init_basic_info_from_remote_addr(client
->sioc
,
323 qapi_VncClientInfo_base(info
),
327 qapi_free_VncClientInfo(info
);
331 info
->websocket
= client
->websocket
;
334 info
->x509_dname
= qcrypto_tls_session_get_peer_name(client
->tls
);
335 info
->has_x509_dname
= info
->x509_dname
!= NULL
;
337 #ifdef CONFIG_VNC_SASL
338 if (client
->sasl
.conn
&& client
->sasl
.username
) {
339 info
->has_sasl_username
= true;
340 info
->sasl_username
= g_strdup(client
->sasl
.username
);
347 static VncDisplay
*vnc_display_find(const char *id
)
352 return QTAILQ_FIRST(&vnc_displays
);
354 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
355 if (strcmp(id
, vd
->id
) == 0) {
362 static VncClientInfoList
*qmp_query_client_list(VncDisplay
*vd
)
364 VncClientInfoList
*cinfo
, *prev
= NULL
;
367 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
368 cinfo
= g_new0(VncClientInfoList
, 1);
369 cinfo
->value
= qmp_query_vnc_client(client
);
376 VncInfo
*qmp_query_vnc(Error
**errp
)
378 VncInfo
*info
= g_malloc0(sizeof(*info
));
379 VncDisplay
*vd
= vnc_display_find(NULL
);
380 SocketAddress
*addr
= NULL
;
382 if (vd
== NULL
|| !vd
->listener
|| !vd
->listener
->nsioc
) {
383 info
->enabled
= false;
385 info
->enabled
= true;
387 /* for compatibility with the original command */
388 info
->has_clients
= true;
389 info
->clients
= qmp_query_client_list(vd
);
391 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0],
397 switch (addr
->type
) {
398 case SOCKET_ADDRESS_TYPE_INET
:
399 info
->host
= g_strdup(addr
->u
.inet
.host
);
400 info
->service
= g_strdup(addr
->u
.inet
.port
);
401 if (addr
->u
.inet
.ipv6
) {
402 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
404 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
408 case SOCKET_ADDRESS_TYPE_UNIX
:
409 info
->host
= g_strdup("");
410 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
411 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
414 case SOCKET_ADDRESS_TYPE_VSOCK
:
415 case SOCKET_ADDRESS_TYPE_FD
:
416 error_setg(errp
, "Unsupported socket address type %s",
417 SocketAddressType_str(addr
->type
));
423 info
->has_host
= true;
424 info
->has_service
= true;
425 info
->has_family
= true;
427 info
->has_auth
= true;
428 info
->auth
= g_strdup(vnc_auth_name(vd
));
431 qapi_free_SocketAddress(addr
);
435 qapi_free_SocketAddress(addr
);
436 qapi_free_VncInfo(info
);
441 static void qmp_query_auth(int auth
, int subauth
,
442 VncPrimaryAuth
*qmp_auth
,
443 VncVencryptSubAuth
*qmp_vencrypt
,
444 bool *qmp_has_vencrypt
);
446 static VncServerInfo2List
*qmp_query_server_entry(QIOChannelSocket
*ioc
,
450 VncServerInfo2List
*prev
)
452 VncServerInfo2List
*list
;
453 VncServerInfo2
*info
;
457 addr
= qio_channel_socket_get_local_address(ioc
, &err
);
463 info
= g_new0(VncServerInfo2
, 1);
464 vnc_init_basic_info(addr
, qapi_VncServerInfo2_base(info
), &err
);
465 qapi_free_SocketAddress(addr
);
467 qapi_free_VncServerInfo2(info
);
471 info
->websocket
= websocket
;
473 qmp_query_auth(auth
, subauth
, &info
->auth
,
474 &info
->vencrypt
, &info
->has_vencrypt
);
476 list
= g_new0(VncServerInfo2List
, 1);
482 static void qmp_query_auth(int auth
, int subauth
,
483 VncPrimaryAuth
*qmp_auth
,
484 VncVencryptSubAuth
*qmp_vencrypt
,
485 bool *qmp_has_vencrypt
)
489 *qmp_auth
= VNC_PRIMARY_AUTH_VNC
;
492 *qmp_auth
= VNC_PRIMARY_AUTH_RA2
;
495 *qmp_auth
= VNC_PRIMARY_AUTH_RA2NE
;
498 *qmp_auth
= VNC_PRIMARY_AUTH_TIGHT
;
501 *qmp_auth
= VNC_PRIMARY_AUTH_ULTRA
;
504 *qmp_auth
= VNC_PRIMARY_AUTH_TLS
;
506 case VNC_AUTH_VENCRYPT
:
507 *qmp_auth
= VNC_PRIMARY_AUTH_VENCRYPT
;
508 *qmp_has_vencrypt
= true;
510 case VNC_AUTH_VENCRYPT_PLAIN
:
511 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_PLAIN
;
513 case VNC_AUTH_VENCRYPT_TLSNONE
:
514 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_NONE
;
516 case VNC_AUTH_VENCRYPT_TLSVNC
:
517 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_VNC
;
519 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
520 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN
;
522 case VNC_AUTH_VENCRYPT_X509NONE
:
523 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_NONE
;
525 case VNC_AUTH_VENCRYPT_X509VNC
:
526 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_VNC
;
528 case VNC_AUTH_VENCRYPT_X509PLAIN
:
529 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_PLAIN
;
531 case VNC_AUTH_VENCRYPT_TLSSASL
:
532 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_SASL
;
534 case VNC_AUTH_VENCRYPT_X509SASL
:
535 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_SASL
;
538 *qmp_has_vencrypt
= false;
543 *qmp_auth
= VNC_PRIMARY_AUTH_SASL
;
547 *qmp_auth
= VNC_PRIMARY_AUTH_NONE
;
552 VncInfo2List
*qmp_query_vnc_servers(Error
**errp
)
554 VncInfo2List
*item
, *prev
= NULL
;
560 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
561 info
= g_new0(VncInfo2
, 1);
562 info
->id
= g_strdup(vd
->id
);
563 info
->clients
= qmp_query_client_list(vd
);
564 qmp_query_auth(vd
->auth
, vd
->subauth
, &info
->auth
,
565 &info
->vencrypt
, &info
->has_vencrypt
);
567 dev
= DEVICE(object_property_get_link(OBJECT(vd
->dcl
.con
),
569 info
->has_display
= true;
570 info
->display
= g_strdup(dev
->id
);
572 for (i
= 0; vd
->listener
!= NULL
&& i
< vd
->listener
->nsioc
; i
++) {
573 info
->server
= qmp_query_server_entry(
574 vd
->listener
->sioc
[i
], false, vd
->auth
, vd
->subauth
,
577 for (i
= 0; vd
->wslistener
!= NULL
&& i
< vd
->wslistener
->nsioc
; i
++) {
578 info
->server
= qmp_query_server_entry(
579 vd
->wslistener
->sioc
[i
], true, vd
->ws_auth
,
580 vd
->ws_subauth
, info
->server
);
583 item
= g_new0(VncInfo2List
, 1);
592 1) Get the queue working for IO.
593 2) there is some weirdness when using the -S option (the screen is grey
594 and not totally invalidated
595 3) resolutions > 1024
598 static int vnc_update_client(VncState
*vs
, int has_dirty
);
599 static void vnc_disconnect_start(VncState
*vs
);
601 static void vnc_colordepth(VncState
*vs
);
602 static void framebuffer_update_request(VncState
*vs
, int incremental
,
603 int x_position
, int y_position
,
605 static void vnc_refresh(DisplayChangeListener
*dcl
);
606 static int vnc_refresh_server_surface(VncDisplay
*vd
);
608 static int vnc_width(VncDisplay
*vd
)
610 return MIN(VNC_MAX_WIDTH
, ROUND_UP(surface_width(vd
->ds
),
611 VNC_DIRTY_PIXELS_PER_BIT
));
614 static int vnc_height(VncDisplay
*vd
)
616 return MIN(VNC_MAX_HEIGHT
, surface_height(vd
->ds
));
619 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty
[VNC_MAX_HEIGHT
],
620 VNC_MAX_WIDTH
/ VNC_DIRTY_PIXELS_PER_BIT
),
622 int x
, int y
, int w
, int h
)
624 int width
= vnc_width(vd
);
625 int height
= vnc_height(vd
);
627 /* this is needed this to ensure we updated all affected
628 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
629 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
630 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
634 w
= MIN(x
+ w
, width
) - x
;
635 h
= MIN(y
+ h
, height
);
638 bitmap_set(dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
639 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
643 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
644 int x
, int y
, int w
, int h
)
646 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
647 struct VncSurface
*s
= &vd
->guest
;
649 vnc_set_area_dirty(s
->dirty
, vd
, x
, y
, w
, h
);
652 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
655 vnc_write_u16(vs
, x
);
656 vnc_write_u16(vs
, y
);
657 vnc_write_u16(vs
, w
);
658 vnc_write_u16(vs
, h
);
660 vnc_write_s32(vs
, encoding
);
664 static void vnc_desktop_resize(VncState
*vs
)
666 if (vs
->ioc
== NULL
|| !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
669 if (vs
->client_width
== pixman_image_get_width(vs
->vd
->server
) &&
670 vs
->client_height
== pixman_image_get_height(vs
->vd
->server
)) {
674 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
675 pixman_image_get_width(vs
->vd
->server
) >= 0);
676 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
677 pixman_image_get_height(vs
->vd
->server
) >= 0);
678 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
679 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
681 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
683 vnc_write_u16(vs
, 1); /* number of rects */
684 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
685 VNC_ENCODING_DESKTOPRESIZE
);
686 vnc_unlock_output(vs
);
690 static void vnc_abort_display_jobs(VncDisplay
*vd
)
694 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
697 vnc_unlock_output(vs
);
699 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
702 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
704 if (vs
->update
== VNC_STATE_UPDATE_NONE
&&
705 vs
->job_update
!= VNC_STATE_UPDATE_NONE
) {
706 /* job aborted before completion */
707 vs
->update
= vs
->job_update
;
708 vs
->job_update
= VNC_STATE_UPDATE_NONE
;
711 vnc_unlock_output(vs
);
715 int vnc_server_fb_stride(VncDisplay
*vd
)
717 return pixman_image_get_stride(vd
->server
);
720 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
724 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
725 ptr
+= y
* vnc_server_fb_stride(vd
);
726 ptr
+= x
* VNC_SERVER_FB_BYTES
;
730 static void vnc_update_server_surface(VncDisplay
*vd
)
734 qemu_pixman_image_unref(vd
->server
);
737 if (QTAILQ_EMPTY(&vd
->clients
)) {
741 width
= vnc_width(vd
);
742 height
= vnc_height(vd
);
743 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
747 memset(vd
->guest
.dirty
, 0x00, sizeof(vd
->guest
.dirty
));
748 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
752 static bool vnc_check_pageflip(DisplaySurface
*s1
,
755 return (s1
!= NULL
&&
757 surface_width(s1
) == surface_width(s2
) &&
758 surface_height(s1
) == surface_height(s2
) &&
759 surface_format(s1
) == surface_format(s2
));
763 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
764 DisplaySurface
*surface
)
766 static const char placeholder_msg
[] =
767 "Display output is not active.";
768 static DisplaySurface
*placeholder
;
769 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
770 bool pageflip
= vnc_check_pageflip(vd
->ds
, surface
);
773 if (surface
== NULL
) {
774 if (placeholder
== NULL
) {
775 placeholder
= qemu_create_message_surface(640, 480, placeholder_msg
);
777 surface
= placeholder
;
780 vnc_abort_display_jobs(vd
);
784 qemu_pixman_image_unref(vd
->guest
.fb
);
785 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
786 vd
->guest
.format
= surface
->format
;
789 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
790 surface_width(surface
),
791 surface_height(surface
));
796 vnc_update_server_surface(vd
);
798 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
800 vnc_desktop_resize(vs
);
801 if (vs
->vd
->cursor
) {
802 vnc_cursor_define(vs
);
804 memset(vs
->dirty
, 0x00, sizeof(vs
->dirty
));
805 vnc_set_area_dirty(vs
->dirty
, vd
, 0, 0,
808 vnc_update_throttle_offset(vs
);
813 static void vnc_write_pixels_copy(VncState
*vs
,
814 void *pixels
, int size
)
816 vnc_write(vs
, pixels
, size
);
819 /* slowest but generic code. */
820 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
824 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
825 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
826 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
827 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
829 # error need some bits here if you change VNC_SERVER_FB_FORMAT
831 v
= (r
<< vs
->client_pf
.rshift
) |
832 (g
<< vs
->client_pf
.gshift
) |
833 (b
<< vs
->client_pf
.bshift
);
834 switch (vs
->client_pf
.bytes_per_pixel
) {
864 static void vnc_write_pixels_generic(VncState
*vs
,
865 void *pixels1
, int size
)
869 if (VNC_SERVER_FB_BYTES
== 4) {
870 uint32_t *pixels
= pixels1
;
873 for (i
= 0; i
< n
; i
++) {
874 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
875 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
880 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
884 VncDisplay
*vd
= vs
->vd
;
886 row
= vnc_server_fb_ptr(vd
, x
, y
);
887 for (i
= 0; i
< h
; i
++) {
888 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
889 row
+= vnc_server_fb_stride(vd
);
894 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
897 bool encode_raw
= false;
898 size_t saved_offs
= vs
->output
.offset
;
900 switch(vs
->vnc_encoding
) {
901 case VNC_ENCODING_ZLIB
:
902 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
904 case VNC_ENCODING_HEXTILE
:
905 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
906 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
908 case VNC_ENCODING_TIGHT
:
909 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
911 case VNC_ENCODING_TIGHT_PNG
:
912 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
914 case VNC_ENCODING_ZRLE
:
915 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
917 case VNC_ENCODING_ZYWRLE
:
918 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
925 /* If the client has the same pixel format as our internal buffer and
926 * a RAW encoding would need less space fall back to RAW encoding to
927 * save bandwidth and processing power in the client. */
928 if (!encode_raw
&& vs
->write_pixels
== vnc_write_pixels_copy
&&
929 12 + h
* w
* VNC_SERVER_FB_BYTES
<= (vs
->output
.offset
- saved_offs
)) {
930 vs
->output
.offset
= saved_offs
;
935 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
936 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
942 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
943 int x
, int y
, int visible
)
945 /* can we ask the client(s) to move the pointer ??? */
948 static int vnc_cursor_define(VncState
*vs
)
950 QEMUCursor
*c
= vs
->vd
->cursor
;
953 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
955 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
956 vnc_write_u8(vs
, 0); /* padding */
957 vnc_write_u16(vs
, 1); /* # of rects */
958 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
959 VNC_ENCODING_RICH_CURSOR
);
960 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
961 vnc_write_pixels_generic(vs
, c
->data
, isize
);
962 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
963 vnc_unlock_output(vs
);
969 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
972 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
975 cursor_put(vd
->cursor
);
976 g_free(vd
->cursor_mask
);
979 cursor_get(vd
->cursor
);
980 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
981 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
982 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
984 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
985 vnc_cursor_define(vs
);
989 static int find_and_clear_dirty_height(VncState
*vs
,
990 int y
, int last_x
, int x
, int height
)
994 for (h
= 1; h
< (height
- y
); h
++) {
995 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
998 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
1005 * Figure out how much pending data we should allow in the output
1006 * buffer before we throttle incremental display updates, and/or
1007 * drop audio samples.
1009 * We allow for equiv of 1 full display's worth of FB updates,
1010 * and 1 second of audio samples. If audio backlog was larger
1011 * than that the client would already suffering awful audio
1012 * glitches, so dropping samples is no worse really).
1014 static void vnc_update_throttle_offset(VncState
*vs
)
1017 vs
->client_width
* vs
->client_height
* vs
->client_pf
.bytes_per_pixel
;
1019 if (vs
->audio_cap
) {
1021 switch (vs
->as
.fmt
) {
1023 case AUDIO_FORMAT_U8
:
1024 case AUDIO_FORMAT_S8
:
1027 case AUDIO_FORMAT_U16
:
1028 case AUDIO_FORMAT_S16
:
1031 case AUDIO_FORMAT_U32
:
1032 case AUDIO_FORMAT_S32
:
1036 offset
+= vs
->as
.freq
* bps
* vs
->as
.nchannels
;
1039 /* Put a floor of 1MB on offset, so that if we have a large pending
1040 * buffer and the display is resized to a small size & back again
1041 * we don't suddenly apply a tiny send limit
1043 offset
= MAX(offset
, 1024 * 1024);
1045 if (vs
->throttle_output_offset
!= offset
) {
1046 trace_vnc_client_throttle_threshold(
1047 vs
, vs
->ioc
, vs
->throttle_output_offset
, offset
, vs
->client_width
,
1048 vs
->client_height
, vs
->client_pf
.bytes_per_pixel
, vs
->audio_cap
);
1051 vs
->throttle_output_offset
= offset
;
1054 static bool vnc_should_update(VncState
*vs
)
1056 switch (vs
->update
) {
1057 case VNC_STATE_UPDATE_NONE
:
1059 case VNC_STATE_UPDATE_INCREMENTAL
:
1060 /* Only allow incremental updates if the pending send queue
1061 * is less than the permitted threshold, and the job worker
1062 * is completely idle.
1064 if (vs
->output
.offset
< vs
->throttle_output_offset
&&
1065 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1068 trace_vnc_client_throttle_incremental(
1069 vs
, vs
->ioc
, vs
->job_update
, vs
->output
.offset
);
1071 case VNC_STATE_UPDATE_FORCE
:
1072 /* Only allow forced updates if the pending send queue
1073 * does not contain a previous forced update, and the
1074 * job worker is completely idle.
1076 * Note this means we'll queue a forced update, even if
1077 * the output buffer size is otherwise over the throttle
1080 if (vs
->force_update_offset
== 0 &&
1081 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1084 trace_vnc_client_throttle_forced(
1085 vs
, vs
->ioc
, vs
->job_update
, vs
->force_update_offset
);
1091 static int vnc_update_client(VncState
*vs
, int has_dirty
)
1093 VncDisplay
*vd
= vs
->vd
;
1099 if (vs
->disconnecting
) {
1100 vnc_disconnect_finish(vs
);
1104 vs
->has_dirty
+= has_dirty
;
1105 if (!vnc_should_update(vs
)) {
1109 if (!vs
->has_dirty
&& vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
1114 * Send screen updates to the vnc client using the server
1115 * surface and server dirty map. guest surface updates
1116 * happening in parallel don't disturb us, the next pass will
1117 * send them to the client.
1119 job
= vnc_job_new(vs
);
1121 height
= pixman_image_get_height(vd
->server
);
1122 width
= pixman_image_get_width(vd
->server
);
1128 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
1129 height
* VNC_DIRTY_BPL(vs
),
1130 y
* VNC_DIRTY_BPL(vs
));
1131 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
1132 /* no more dirty bits */
1135 y
= offset
/ VNC_DIRTY_BPL(vs
);
1136 x
= offset
% VNC_DIRTY_BPL(vs
);
1137 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
1138 VNC_DIRTY_BPL(vs
), x
);
1139 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
1140 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
1141 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
1143 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
1144 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
1146 if (!x
&& x2
== width
/ VNC_DIRTY_PIXELS_PER_BIT
) {
1154 vs
->job_update
= vs
->update
;
1155 vs
->update
= VNC_STATE_UPDATE_NONE
;
1162 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1164 VncState
*vs
= opaque
;
1166 assert(vs
->magic
== VNC_MAGIC
);
1168 case AUD_CNOTIFY_DISABLE
:
1169 vnc_lock_output(vs
);
1170 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1171 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1172 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
1173 vnc_unlock_output(vs
);
1177 case AUD_CNOTIFY_ENABLE
:
1178 vnc_lock_output(vs
);
1179 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1180 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1181 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
1182 vnc_unlock_output(vs
);
1188 static void audio_capture_destroy(void *opaque
)
1192 static void audio_capture(void *opaque
, void *buf
, int size
)
1194 VncState
*vs
= opaque
;
1196 assert(vs
->magic
== VNC_MAGIC
);
1197 vnc_lock_output(vs
);
1198 if (vs
->output
.offset
< vs
->throttle_output_offset
) {
1199 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1200 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1201 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
1202 vnc_write_u32(vs
, size
);
1203 vnc_write(vs
, buf
, size
);
1205 trace_vnc_client_throttle_audio(vs
, vs
->ioc
, vs
->output
.offset
);
1207 vnc_unlock_output(vs
);
1211 static void audio_add(VncState
*vs
)
1213 struct audio_capture_ops ops
;
1215 if (vs
->audio_cap
) {
1216 error_report("audio already running");
1220 ops
.notify
= audio_capture_notify
;
1221 ops
.destroy
= audio_capture_destroy
;
1222 ops
.capture
= audio_capture
;
1224 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1225 if (!vs
->audio_cap
) {
1226 error_report("Failed to add audio capture");
1230 static void audio_del(VncState
*vs
)
1232 if (vs
->audio_cap
) {
1233 AUD_del_capture(vs
->audio_cap
, vs
);
1234 vs
->audio_cap
= NULL
;
1238 static void vnc_disconnect_start(VncState
*vs
)
1240 if (vs
->disconnecting
) {
1243 trace_vnc_client_disconnect_start(vs
, vs
->ioc
);
1244 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1246 g_source_remove(vs
->ioc_tag
);
1249 qio_channel_close(vs
->ioc
, NULL
);
1250 vs
->disconnecting
= TRUE
;
1253 void vnc_disconnect_finish(VncState
*vs
)
1257 trace_vnc_client_disconnect_finish(vs
, vs
->ioc
);
1259 vnc_jobs_join(vs
); /* Wait encoding jobs */
1261 vnc_lock_output(vs
);
1262 vnc_qmp_event(vs
, QAPI_EVENT_VNC_DISCONNECTED
);
1264 buffer_free(&vs
->input
);
1265 buffer_free(&vs
->output
);
1267 qapi_free_VncClientInfo(vs
->info
);
1270 vnc_tight_clear(vs
);
1273 #ifdef CONFIG_VNC_SASL
1274 vnc_sasl_client_cleanup(vs
);
1275 #endif /* CONFIG_VNC_SASL */
1277 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1279 if (vs
->mouse_mode_notifier
.notify
!= NULL
) {
1280 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1282 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1283 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1284 /* last client gone */
1285 vnc_update_server_surface(vs
->vd
);
1288 vnc_unlock_output(vs
);
1290 qemu_mutex_destroy(&vs
->output_mutex
);
1291 if (vs
->bh
!= NULL
) {
1292 qemu_bh_delete(vs
->bh
);
1294 buffer_free(&vs
->jobs_buffer
);
1296 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1297 g_free(vs
->lossy_rect
[i
]);
1299 g_free(vs
->lossy_rect
);
1301 object_unref(OBJECT(vs
->ioc
));
1303 object_unref(OBJECT(vs
->sioc
));
1309 size_t vnc_client_io_error(VncState
*vs
, ssize_t ret
, Error
**errp
)
1313 trace_vnc_client_eof(vs
, vs
->ioc
);
1314 vnc_disconnect_start(vs
);
1315 } else if (ret
!= QIO_CHANNEL_ERR_BLOCK
) {
1316 trace_vnc_client_io_error(vs
, vs
->ioc
,
1317 errp
? error_get_pretty(*errp
) :
1319 vnc_disconnect_start(vs
);
1332 void vnc_client_error(VncState
*vs
)
1334 VNC_DEBUG("Closing down client sock: protocol error\n");
1335 vnc_disconnect_start(vs
);
1340 * Called to write a chunk of data to the client socket. The data may
1341 * be the raw data, or may have already been encoded by SASL.
1342 * The data will be written either straight onto the socket, or
1343 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1345 * NB, it is theoretically possible to have 2 layers of encryption,
1346 * both SASL, and this TLS layer. It is highly unlikely in practice
1347 * though, since SASL encryption will typically be a no-op if TLS
1350 * Returns the number of bytes written, which may be less than
1351 * the requested 'datalen' if the socket would block. Returns
1352 * 0 on I/O error, and disconnects the client socket.
1354 size_t vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1358 ret
= qio_channel_write(
1359 vs
->ioc
, (const char *)data
, datalen
, &err
);
1360 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1361 return vnc_client_io_error(vs
, ret
, &err
);
1366 * Called to write buffered data to the client socket, when not
1367 * using any SASL SSF encryption layers. Will write as much data
1368 * as possible without blocking. If all buffered data is written,
1369 * will switch the FD poll() handler back to read monitoring.
1371 * Returns the number of bytes written, which may be less than
1372 * the buffered output data if the socket would block. Returns
1373 * 0 on I/O error, and disconnects the client socket.
1375 static size_t vnc_client_write_plain(VncState
*vs
)
1380 #ifdef CONFIG_VNC_SASL
1381 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1382 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1383 vs
->sasl
.waitWriteSSF
);
1385 if (vs
->sasl
.conn
&&
1387 vs
->sasl
.waitWriteSSF
) {
1388 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1390 vs
->sasl
.waitWriteSSF
-= ret
;
1392 #endif /* CONFIG_VNC_SASL */
1393 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1397 if (ret
>= vs
->force_update_offset
) {
1398 if (vs
->force_update_offset
!= 0) {
1399 trace_vnc_client_unthrottle_forced(vs
, vs
->ioc
);
1401 vs
->force_update_offset
= 0;
1403 vs
->force_update_offset
-= ret
;
1405 offset
= vs
->output
.offset
;
1406 buffer_advance(&vs
->output
, ret
);
1407 if (offset
>= vs
->throttle_output_offset
&&
1408 vs
->output
.offset
< vs
->throttle_output_offset
) {
1409 trace_vnc_client_unthrottle_incremental(vs
, vs
->ioc
, vs
->output
.offset
);
1412 if (vs
->output
.offset
== 0) {
1414 g_source_remove(vs
->ioc_tag
);
1416 vs
->ioc_tag
= qio_channel_add_watch(
1417 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1425 * First function called whenever there is data to be written to
1426 * the client socket. Will delegate actual work according to whether
1427 * SASL SSF layers are enabled (thus requiring encryption calls)
1429 static void vnc_client_write_locked(VncState
*vs
)
1431 #ifdef CONFIG_VNC_SASL
1432 if (vs
->sasl
.conn
&&
1434 !vs
->sasl
.waitWriteSSF
) {
1435 vnc_client_write_sasl(vs
);
1437 #endif /* CONFIG_VNC_SASL */
1439 vnc_client_write_plain(vs
);
1443 static void vnc_client_write(VncState
*vs
)
1445 assert(vs
->magic
== VNC_MAGIC
);
1446 vnc_lock_output(vs
);
1447 if (vs
->output
.offset
) {
1448 vnc_client_write_locked(vs
);
1449 } else if (vs
->ioc
!= NULL
) {
1451 g_source_remove(vs
->ioc_tag
);
1453 vs
->ioc_tag
= qio_channel_add_watch(
1454 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1456 vnc_unlock_output(vs
);
1459 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1461 vs
->read_handler
= func
;
1462 vs
->read_handler_expect
= expecting
;
1467 * Called to read a chunk of data from the client socket. The data may
1468 * be the raw data, or may need to be further decoded by SASL.
1469 * The data will be read either straight from to the socket, or
1470 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1472 * NB, it is theoretically possible to have 2 layers of encryption,
1473 * both SASL, and this TLS layer. It is highly unlikely in practice
1474 * though, since SASL encryption will typically be a no-op if TLS
1477 * Returns the number of bytes read, which may be less than
1478 * the requested 'datalen' if the socket would block. Returns
1479 * 0 on I/O error or EOF, and disconnects the client socket.
1481 size_t vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1485 ret
= qio_channel_read(
1486 vs
->ioc
, (char *)data
, datalen
, &err
);
1487 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1488 return vnc_client_io_error(vs
, ret
, &err
);
1493 * Called to read data from the client socket to the input buffer,
1494 * when not using any SASL SSF encryption layers. Will read as much
1495 * data as possible without blocking.
1497 * Returns the number of bytes read, which may be less than
1498 * the requested 'datalen' if the socket would block. Returns
1499 * 0 on I/O error or EOF, and disconnects the client socket.
1501 static size_t vnc_client_read_plain(VncState
*vs
)
1504 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1505 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1506 buffer_reserve(&vs
->input
, 4096);
1507 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1510 vs
->input
.offset
+= ret
;
1514 static void vnc_jobs_bh(void *opaque
)
1516 VncState
*vs
= opaque
;
1518 assert(vs
->magic
== VNC_MAGIC
);
1519 vnc_jobs_consume_buffer(vs
);
1523 * First function called whenever there is more data to be read from
1524 * the client socket. Will delegate actual work according to whether
1525 * SASL SSF layers are enabled (thus requiring decryption calls)
1526 * Returns 0 on success, -1 if client disconnected
1528 static int vnc_client_read(VncState
*vs
)
1532 #ifdef CONFIG_VNC_SASL
1533 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1534 ret
= vnc_client_read_sasl(vs
);
1536 #endif /* CONFIG_VNC_SASL */
1537 ret
= vnc_client_read_plain(vs
);
1539 if (vs
->disconnecting
) {
1540 vnc_disconnect_finish(vs
);
1546 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1547 size_t len
= vs
->read_handler_expect
;
1550 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1551 if (vs
->disconnecting
) {
1552 vnc_disconnect_finish(vs
);
1557 buffer_advance(&vs
->input
, len
);
1559 vs
->read_handler_expect
= ret
;
1565 gboolean
vnc_client_io(QIOChannel
*ioc G_GNUC_UNUSED
,
1566 GIOCondition condition
, void *opaque
)
1568 VncState
*vs
= opaque
;
1570 assert(vs
->magic
== VNC_MAGIC
);
1571 if (condition
& G_IO_IN
) {
1572 if (vnc_client_read(vs
) < 0) {
1573 /* vs is free()ed here */
1577 if (condition
& G_IO_OUT
) {
1578 vnc_client_write(vs
);
1581 if (vs
->disconnecting
) {
1582 if (vs
->ioc_tag
!= 0) {
1583 g_source_remove(vs
->ioc_tag
);
1592 * Scale factor to apply to vs->throttle_output_offset when checking for
1593 * hard limit. Worst case normal usage could be x2, if we have a complete
1594 * incremental update and complete forced update in the output buffer.
1595 * So x3 should be good enough, but we pick x5 to be conservative and thus
1596 * (hopefully) never trigger incorrectly.
1598 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1600 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1602 assert(vs
->magic
== VNC_MAGIC
);
1603 if (vs
->disconnecting
) {
1606 /* Protection against malicious client/guest to prevent our output
1607 * buffer growing without bound if client stops reading data. This
1608 * should rarely trigger, because we have earlier throttling code
1609 * which stops issuing framebuffer updates and drops audio data
1610 * if the throttle_output_offset value is exceeded. So we only reach
1611 * this higher level if a huge number of pseudo-encodings get
1612 * triggered while data can't be sent on the socket.
1614 * NB throttle_output_offset can be zero during early protocol
1615 * handshake, or from the job thread's VncState clone
1617 if (vs
->throttle_output_offset
!= 0 &&
1618 (vs
->output
.offset
/ VNC_THROTTLE_OUTPUT_LIMIT_SCALE
) >
1619 vs
->throttle_output_offset
) {
1620 trace_vnc_client_output_limit(vs
, vs
->ioc
, vs
->output
.offset
,
1621 vs
->throttle_output_offset
);
1622 vnc_disconnect_start(vs
);
1625 buffer_reserve(&vs
->output
, len
);
1627 if (vs
->ioc
!= NULL
&& buffer_empty(&vs
->output
)) {
1629 g_source_remove(vs
->ioc_tag
);
1631 vs
->ioc_tag
= qio_channel_add_watch(
1632 vs
->ioc
, G_IO_IN
| G_IO_OUT
, vnc_client_io
, vs
, NULL
);
1635 buffer_append(&vs
->output
, data
, len
);
1638 void vnc_write_s32(VncState
*vs
, int32_t value
)
1640 vnc_write_u32(vs
, *(uint32_t *)&value
);
1643 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1647 buf
[0] = (value
>> 24) & 0xFF;
1648 buf
[1] = (value
>> 16) & 0xFF;
1649 buf
[2] = (value
>> 8) & 0xFF;
1650 buf
[3] = value
& 0xFF;
1652 vnc_write(vs
, buf
, 4);
1655 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1659 buf
[0] = (value
>> 8) & 0xFF;
1660 buf
[1] = value
& 0xFF;
1662 vnc_write(vs
, buf
, 2);
1665 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1667 vnc_write(vs
, (char *)&value
, 1);
1670 void vnc_flush(VncState
*vs
)
1672 vnc_lock_output(vs
);
1673 if (vs
->ioc
!= NULL
&& vs
->output
.offset
) {
1674 vnc_client_write_locked(vs
);
1676 if (vs
->disconnecting
) {
1677 if (vs
->ioc_tag
!= 0) {
1678 g_source_remove(vs
->ioc_tag
);
1682 vnc_unlock_output(vs
);
1685 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1687 return data
[offset
];
1690 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1692 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1695 static int32_t read_s32(uint8_t *data
, size_t offset
)
1697 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1698 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1701 uint32_t read_u32(uint8_t *data
, size_t offset
)
1703 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1704 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1707 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1711 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1713 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1714 int absolute
= qemu_input_is_absolute();
1716 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1717 vnc_lock_output(vs
);
1718 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1719 vnc_write_u8(vs
, 0);
1720 vnc_write_u16(vs
, 1);
1721 vnc_framebuffer_update(vs
, absolute
, 0,
1722 pixman_image_get_width(vs
->vd
->server
),
1723 pixman_image_get_height(vs
->vd
->server
),
1724 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1725 vnc_unlock_output(vs
);
1728 vs
->absolute
= absolute
;
1731 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1733 static uint32_t bmap
[INPUT_BUTTON__MAX
] = {
1734 [INPUT_BUTTON_LEFT
] = 0x01,
1735 [INPUT_BUTTON_MIDDLE
] = 0x02,
1736 [INPUT_BUTTON_RIGHT
] = 0x04,
1737 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1738 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1740 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1741 int width
= pixman_image_get_width(vs
->vd
->server
);
1742 int height
= pixman_image_get_height(vs
->vd
->server
);
1744 if (vs
->last_bmask
!= button_mask
) {
1745 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1746 vs
->last_bmask
= button_mask
;
1750 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, 0, width
);
1751 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, 0, height
);
1752 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1753 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1754 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1756 if (vs
->last_x
!= -1) {
1757 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1758 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1763 qemu_input_event_sync();
1766 static void press_key(VncState
*vs
, QKeyCode qcode
)
1768 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, true);
1769 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, false);
1772 static void vnc_led_state_change(VncState
*vs
)
1774 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1778 vnc_lock_output(vs
);
1779 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1780 vnc_write_u8(vs
, 0);
1781 vnc_write_u16(vs
, 1);
1782 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1783 vnc_write_u8(vs
, vs
->vd
->ledstate
);
1784 vnc_unlock_output(vs
);
1788 static void kbd_leds(void *opaque
, int ledstate
)
1790 VncDisplay
*vd
= opaque
;
1793 trace_vnc_key_guest_leds((ledstate
& QEMU_CAPS_LOCK_LED
),
1794 (ledstate
& QEMU_NUM_LOCK_LED
),
1795 (ledstate
& QEMU_SCROLL_LOCK_LED
));
1797 if (ledstate
== vd
->ledstate
) {
1801 vd
->ledstate
= ledstate
;
1803 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
1804 vnc_led_state_change(client
);
1808 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1810 QKeyCode qcode
= qemu_input_key_number_to_qcode(keycode
);
1812 /* QEMU console switch */
1814 case Q_KEY_CODE_1
... Q_KEY_CODE_9
: /* '1' to '9' keys */
1815 if (vs
->vd
->dcl
.con
== NULL
&& down
&&
1816 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
) &&
1817 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_ALT
)) {
1818 /* Reset the modifiers sent to the current console */
1819 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1820 console_select(qcode
- Q_KEY_CODE_1
);
1827 /* Turn off the lock state sync logic if the client support the led
1830 if (down
&& vs
->vd
->lock_key_sync
&&
1831 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1832 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1833 /* If the numlock state needs to change then simulate an additional
1834 keypress before sending this one. This will happen if the user
1835 toggles numlock away from the VNC window.
1837 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1838 if (!qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1839 trace_vnc_key_sync_numlock(true);
1840 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1843 if (qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1844 trace_vnc_key_sync_numlock(false);
1845 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1850 if (down
&& vs
->vd
->lock_key_sync
&&
1851 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1852 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1853 /* If the capslock state needs to change then simulate an additional
1854 keypress before sending this one. This will happen if the user
1855 toggles capslock away from the VNC window.
1857 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1858 bool shift
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_SHIFT
);
1859 bool capslock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CAPSLOCK
);
1861 if (uppercase
== shift
) {
1862 trace_vnc_key_sync_capslock(false);
1863 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1866 if (uppercase
!= shift
) {
1867 trace_vnc_key_sync_capslock(true);
1868 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1873 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, down
);
1874 if (!qemu_console_is_graphic(NULL
)) {
1875 bool numlock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
);
1876 bool control
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
);
1877 /* QEMU console emulation */
1880 case 0x2a: /* Left Shift */
1881 case 0x36: /* Right Shift */
1882 case 0x1d: /* Left CTRL */
1883 case 0x9d: /* Right CTRL */
1884 case 0x38: /* Left ALT */
1885 case 0xb8: /* Right ALT */
1888 kbd_put_keysym(QEMU_KEY_UP
);
1891 kbd_put_keysym(QEMU_KEY_DOWN
);
1894 kbd_put_keysym(QEMU_KEY_LEFT
);
1897 kbd_put_keysym(QEMU_KEY_RIGHT
);
1900 kbd_put_keysym(QEMU_KEY_DELETE
);
1903 kbd_put_keysym(QEMU_KEY_HOME
);
1906 kbd_put_keysym(QEMU_KEY_END
);
1909 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1912 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1916 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1919 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1922 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1925 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1928 kbd_put_keysym('5');
1931 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1934 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1937 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1940 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1943 kbd_put_keysym('0');
1946 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1950 kbd_put_keysym('/');
1953 kbd_put_keysym('*');
1956 kbd_put_keysym('-');
1959 kbd_put_keysym('+');
1962 kbd_put_keysym('\n');
1967 kbd_put_keysym(sym
& 0x1f);
1969 kbd_put_keysym(sym
);
1977 static const char *code2name(int keycode
)
1979 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode
));
1982 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1987 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1988 lsym
= lsym
- 'A' + 'a';
1991 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF,
1992 vs
->vd
->kbd
, down
) & SCANCODE_KEYMASK
;
1993 trace_vnc_key_event_map(down
, sym
, keycode
, code2name(keycode
));
1994 do_key_event(vs
, down
, keycode
, sym
);
1997 static void ext_key_event(VncState
*vs
, int down
,
1998 uint32_t sym
, uint16_t keycode
)
2000 /* if the user specifies a keyboard layout, always use it */
2001 if (keyboard_layout
) {
2002 key_event(vs
, down
, sym
);
2004 trace_vnc_key_event_ext(down
, sym
, keycode
, code2name(keycode
));
2005 do_key_event(vs
, down
, keycode
, sym
);
2009 static void framebuffer_update_request(VncState
*vs
, int incremental
,
2010 int x
, int y
, int w
, int h
)
2013 if (vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
2014 vs
->update
= VNC_STATE_UPDATE_INCREMENTAL
;
2017 vs
->update
= VNC_STATE_UPDATE_FORCE
;
2018 vnc_set_area_dirty(vs
->dirty
, vs
->vd
, x
, y
, w
, h
);
2022 static void send_ext_key_event_ack(VncState
*vs
)
2024 vnc_lock_output(vs
);
2025 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2026 vnc_write_u8(vs
, 0);
2027 vnc_write_u16(vs
, 1);
2028 vnc_framebuffer_update(vs
, 0, 0,
2029 pixman_image_get_width(vs
->vd
->server
),
2030 pixman_image_get_height(vs
->vd
->server
),
2031 VNC_ENCODING_EXT_KEY_EVENT
);
2032 vnc_unlock_output(vs
);
2036 static void send_ext_audio_ack(VncState
*vs
)
2038 vnc_lock_output(vs
);
2039 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2040 vnc_write_u8(vs
, 0);
2041 vnc_write_u16(vs
, 1);
2042 vnc_framebuffer_update(vs
, 0, 0,
2043 pixman_image_get_width(vs
->vd
->server
),
2044 pixman_image_get_height(vs
->vd
->server
),
2045 VNC_ENCODING_AUDIO
);
2046 vnc_unlock_output(vs
);
2050 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
2053 unsigned int enc
= 0;
2056 vs
->vnc_encoding
= 0;
2057 vs
->tight
.compression
= 9;
2058 vs
->tight
.quality
= -1; /* Lossless by default */
2062 * Start from the end because the encodings are sent in order of preference.
2063 * This way the preferred encoding (first encoding defined in the array)
2064 * will be set at the end of the loop.
2066 for (i
= n_encodings
- 1; i
>= 0; i
--) {
2069 case VNC_ENCODING_RAW
:
2070 vs
->vnc_encoding
= enc
;
2072 case VNC_ENCODING_COPYRECT
:
2073 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
2075 case VNC_ENCODING_HEXTILE
:
2076 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
2077 vs
->vnc_encoding
= enc
;
2079 case VNC_ENCODING_TIGHT
:
2080 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
2081 vs
->vnc_encoding
= enc
;
2083 #ifdef CONFIG_VNC_PNG
2084 case VNC_ENCODING_TIGHT_PNG
:
2085 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
2086 vs
->vnc_encoding
= enc
;
2089 case VNC_ENCODING_ZLIB
:
2090 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
2091 vs
->vnc_encoding
= enc
;
2093 case VNC_ENCODING_ZRLE
:
2094 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
2095 vs
->vnc_encoding
= enc
;
2097 case VNC_ENCODING_ZYWRLE
:
2098 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
2099 vs
->vnc_encoding
= enc
;
2101 case VNC_ENCODING_DESKTOPRESIZE
:
2102 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
2104 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
2105 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
2107 case VNC_ENCODING_RICH_CURSOR
:
2108 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
2109 if (vs
->vd
->cursor
) {
2110 vnc_cursor_define(vs
);
2113 case VNC_ENCODING_EXT_KEY_EVENT
:
2114 send_ext_key_event_ack(vs
);
2116 case VNC_ENCODING_AUDIO
:
2117 send_ext_audio_ack(vs
);
2119 case VNC_ENCODING_WMVi
:
2120 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
2122 case VNC_ENCODING_LED_STATE
:
2123 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
2125 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
2126 vs
->tight
.compression
= (enc
& 0x0F);
2128 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
2129 if (vs
->vd
->lossy
) {
2130 vs
->tight
.quality
= (enc
& 0x0F);
2134 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
2138 vnc_desktop_resize(vs
);
2139 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
2140 vnc_led_state_change(vs
);
2143 static void set_pixel_conversion(VncState
*vs
)
2145 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
2147 if (fmt
== VNC_SERVER_FB_FORMAT
) {
2148 vs
->write_pixels
= vnc_write_pixels_copy
;
2149 vnc_hextile_set_pixel_conversion(vs
, 0);
2151 vs
->write_pixels
= vnc_write_pixels_generic
;
2152 vnc_hextile_set_pixel_conversion(vs
, 1);
2156 static void send_color_map(VncState
*vs
)
2160 vnc_write_u8(vs
, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES
);
2161 vnc_write_u8(vs
, 0); /* padding */
2162 vnc_write_u16(vs
, 0); /* first color */
2163 vnc_write_u16(vs
, 256); /* # of colors */
2165 for (i
= 0; i
< 256; i
++) {
2166 PixelFormat
*pf
= &vs
->client_pf
;
2168 vnc_write_u16(vs
, (((i
>> pf
->rshift
) & pf
->rmax
) << (16 - pf
->rbits
)));
2169 vnc_write_u16(vs
, (((i
>> pf
->gshift
) & pf
->gmax
) << (16 - pf
->gbits
)));
2170 vnc_write_u16(vs
, (((i
>> pf
->bshift
) & pf
->bmax
) << (16 - pf
->bbits
)));
2174 static void set_pixel_format(VncState
*vs
, int bits_per_pixel
,
2175 int big_endian_flag
, int true_color_flag
,
2176 int red_max
, int green_max
, int blue_max
,
2177 int red_shift
, int green_shift
, int blue_shift
)
2179 if (!true_color_flag
) {
2180 /* Expose a reasonable default 256 color map */
2190 switch (bits_per_pixel
) {
2196 vnc_client_error(vs
);
2200 vs
->client_pf
.rmax
= red_max
? red_max
: 0xFF;
2201 vs
->client_pf
.rbits
= ctpopl(red_max
);
2202 vs
->client_pf
.rshift
= red_shift
;
2203 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2204 vs
->client_pf
.gmax
= green_max
? green_max
: 0xFF;
2205 vs
->client_pf
.gbits
= ctpopl(green_max
);
2206 vs
->client_pf
.gshift
= green_shift
;
2207 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2208 vs
->client_pf
.bmax
= blue_max
? blue_max
: 0xFF;
2209 vs
->client_pf
.bbits
= ctpopl(blue_max
);
2210 vs
->client_pf
.bshift
= blue_shift
;
2211 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2212 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2213 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2214 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2215 vs
->client_be
= big_endian_flag
;
2217 if (!true_color_flag
) {
2221 set_pixel_conversion(vs
);
2223 graphic_hw_invalidate(vs
->vd
->dcl
.con
);
2224 graphic_hw_update(vs
->vd
->dcl
.con
);
2227 static void pixel_format_message (VncState
*vs
) {
2228 char pad
[3] = { 0, 0, 0 };
2230 vs
->client_pf
= qemu_default_pixelformat(32);
2232 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2233 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2235 #ifdef HOST_WORDS_BIGENDIAN
2236 vnc_write_u8(vs
, 1); /* big-endian-flag */
2238 vnc_write_u8(vs
, 0); /* big-endian-flag */
2240 vnc_write_u8(vs
, 1); /* true-color-flag */
2241 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2242 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2243 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2244 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2245 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2246 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2247 vnc_write(vs
, pad
, 3); /* padding */
2249 vnc_hextile_set_pixel_conversion(vs
, 0);
2250 vs
->write_pixels
= vnc_write_pixels_copy
;
2253 static void vnc_colordepth(VncState
*vs
)
2255 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2256 /* Sending a WMVi message to notify the client*/
2257 vnc_lock_output(vs
);
2258 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2259 vnc_write_u8(vs
, 0);
2260 vnc_write_u16(vs
, 1); /* number of rects */
2261 vnc_framebuffer_update(vs
, 0, 0,
2262 pixman_image_get_width(vs
->vd
->server
),
2263 pixman_image_get_height(vs
->vd
->server
),
2265 pixel_format_message(vs
);
2266 vnc_unlock_output(vs
);
2269 set_pixel_conversion(vs
);
2273 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2278 VncDisplay
*vd
= vs
->vd
;
2281 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2285 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2289 set_pixel_format(vs
, read_u8(data
, 4),
2290 read_u8(data
, 6), read_u8(data
, 7),
2291 read_u16(data
, 8), read_u16(data
, 10),
2292 read_u16(data
, 12), read_u8(data
, 14),
2293 read_u8(data
, 15), read_u8(data
, 16));
2295 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2300 limit
= read_u16(data
, 2);
2302 return 4 + (limit
* 4);
2304 limit
= read_u16(data
, 2);
2306 for (i
= 0; i
< limit
; i
++) {
2307 int32_t val
= read_s32(data
, 4 + (i
* 4));
2308 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2311 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2313 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2317 framebuffer_update_request(vs
,
2318 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2319 read_u16(data
, 6), read_u16(data
, 8));
2321 case VNC_MSG_CLIENT_KEY_EVENT
:
2325 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2327 case VNC_MSG_CLIENT_POINTER_EVENT
:
2331 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2333 case VNC_MSG_CLIENT_CUT_TEXT
:
2338 uint32_t dlen
= read_u32(data
, 4);
2339 if (dlen
> (1 << 20)) {
2340 error_report("vnc: client_cut_text msg payload has %u bytes"
2341 " which exceeds our limit of 1MB.", dlen
);
2342 vnc_client_error(vs
);
2350 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2352 case VNC_MSG_CLIENT_QEMU
:
2356 switch (read_u8(data
, 1)) {
2357 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2361 ext_key_event(vs
, read_u16(data
, 2),
2362 read_u32(data
, 4), read_u32(data
, 8));
2364 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2368 switch (read_u16 (data
, 2)) {
2369 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2372 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2375 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2378 switch (read_u8(data
, 4)) {
2379 case 0: vs
->as
.fmt
= AUDIO_FORMAT_U8
; break;
2380 case 1: vs
->as
.fmt
= AUDIO_FORMAT_S8
; break;
2381 case 2: vs
->as
.fmt
= AUDIO_FORMAT_U16
; break;
2382 case 3: vs
->as
.fmt
= AUDIO_FORMAT_S16
; break;
2383 case 4: vs
->as
.fmt
= AUDIO_FORMAT_U32
; break;
2384 case 5: vs
->as
.fmt
= AUDIO_FORMAT_S32
; break;
2386 VNC_DEBUG("Invalid audio format %d\n", read_u8(data
, 4));
2387 vnc_client_error(vs
);
2390 vs
->as
.nchannels
= read_u8(data
, 5);
2391 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2392 VNC_DEBUG("Invalid audio channel count %d\n",
2394 vnc_client_error(vs
);
2397 freq
= read_u32(data
, 6);
2398 /* No official limit for protocol, but 48khz is a sensible
2399 * upper bound for trustworthy clients, and this limit
2400 * protects calculations involving 'vs->as.freq' later.
2403 VNC_DEBUG("Invalid audio frequency %u > 48000", freq
);
2404 vnc_client_error(vs
);
2410 VNC_DEBUG("Invalid audio message %d\n", read_u8(data
, 4));
2411 vnc_client_error(vs
);
2417 VNC_DEBUG("Msg: %d\n", read_u16(data
, 0));
2418 vnc_client_error(vs
);
2423 VNC_DEBUG("Msg: %d\n", data
[0]);
2424 vnc_client_error(vs
);
2428 vnc_update_throttle_offset(vs
);
2429 vnc_read_when(vs
, protocol_client_msg
, 1);
2433 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2439 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2440 switch (vs
->vd
->share_policy
) {
2441 case VNC_SHARE_POLICY_IGNORE
:
2443 * Ignore the shared flag. Nothing to do here.
2445 * Doesn't conform to the rfb spec but is traditional qemu
2446 * behavior, thus left here as option for compatibility
2450 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2452 * Policy: Allow clients ask for exclusive access.
2454 * Implementation: When a client asks for exclusive access,
2455 * disconnect all others. Shared connects are allowed as long
2456 * as no exclusive connection exists.
2458 * This is how the rfb spec suggests to handle the shared flag.
2460 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2462 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2466 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2467 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2470 vnc_disconnect_start(client
);
2473 if (mode
== VNC_SHARE_MODE_SHARED
) {
2474 if (vs
->vd
->num_exclusive
> 0) {
2475 vnc_disconnect_start(vs
);
2480 case VNC_SHARE_POLICY_FORCE_SHARED
:
2482 * Policy: Shared connects only.
2483 * Implementation: Disallow clients asking for exclusive access.
2485 * Useful for shared desktop sessions where you don't want
2486 * someone forgetting to say -shared when running the vnc
2487 * client disconnect everybody else.
2489 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2490 vnc_disconnect_start(vs
);
2495 vnc_set_share_mode(vs
, mode
);
2497 if (vs
->vd
->num_shared
> vs
->vd
->connections_limit
) {
2498 vnc_disconnect_start(vs
);
2502 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
2503 pixman_image_get_width(vs
->vd
->server
) >= 0);
2504 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
2505 pixman_image_get_height(vs
->vd
->server
) >= 0);
2506 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
2507 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
2508 vnc_write_u16(vs
, vs
->client_width
);
2509 vnc_write_u16(vs
, vs
->client_height
);
2511 pixel_format_message(vs
);
2514 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2515 if (size
> sizeof(buf
)) {
2519 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2522 vnc_write_u32(vs
, size
);
2523 vnc_write(vs
, buf
, size
);
2526 vnc_client_cache_auth(vs
);
2527 vnc_qmp_event(vs
, QAPI_EVENT_VNC_INITIALIZED
);
2529 vnc_read_when(vs
, protocol_client_msg
, 1);
2534 void start_client_init(VncState
*vs
)
2536 vnc_read_when(vs
, protocol_client_init
, 1);
2539 static void authentication_failed(VncState
*vs
)
2541 vnc_write_u32(vs
, 1); /* Reject auth */
2542 if (vs
->minor
>= 8) {
2543 static const char err
[] = "Authentication failed";
2544 vnc_write_u32(vs
, sizeof(err
));
2545 vnc_write(vs
, err
, sizeof(err
));
2548 vnc_client_error(vs
);
2551 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2553 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2555 unsigned char key
[8];
2556 time_t now
= time(NULL
);
2557 QCryptoCipher
*cipher
= NULL
;
2560 if (!vs
->vd
->password
) {
2561 trace_vnc_auth_fail(vs
, vs
->auth
, "password is not set", "");
2564 if (vs
->vd
->expires
< now
) {
2565 trace_vnc_auth_fail(vs
, vs
->auth
, "password is expired", "");
2569 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2571 /* Calculate the expected challenge response */
2572 pwlen
= strlen(vs
->vd
->password
);
2573 for (i
=0; i
<sizeof(key
); i
++)
2574 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2576 cipher
= qcrypto_cipher_new(
2577 QCRYPTO_CIPHER_ALG_DES_RFB
,
2578 QCRYPTO_CIPHER_MODE_ECB
,
2579 key
, G_N_ELEMENTS(key
),
2582 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot create cipher",
2583 error_get_pretty(err
));
2588 if (qcrypto_cipher_encrypt(cipher
,
2591 VNC_AUTH_CHALLENGE_SIZE
,
2593 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot encrypt challenge response",
2594 error_get_pretty(err
));
2599 /* Compare expected vs actual challenge response */
2600 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2601 trace_vnc_auth_fail(vs
, vs
->auth
, "mis-matched challenge response", "");
2604 trace_vnc_auth_pass(vs
, vs
->auth
);
2605 vnc_write_u32(vs
, 0); /* Accept auth */
2608 start_client_init(vs
);
2611 qcrypto_cipher_free(cipher
);
2615 authentication_failed(vs
);
2616 qcrypto_cipher_free(cipher
);
2620 void start_auth_vnc(VncState
*vs
)
2624 if (qcrypto_random_bytes(vs
->challenge
, sizeof(vs
->challenge
), &err
)) {
2625 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot get random bytes",
2626 error_get_pretty(err
));
2628 authentication_failed(vs
);
2632 /* Send client a 'random' challenge */
2633 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2636 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2640 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2642 /* We only advertise 1 auth scheme at a time, so client
2643 * must pick the one we sent. Verify this */
2644 if (data
[0] != vs
->auth
) { /* Reject auth */
2645 trace_vnc_auth_reject(vs
, vs
->auth
, (int)data
[0]);
2646 authentication_failed(vs
);
2647 } else { /* Accept requested auth */
2648 trace_vnc_auth_start(vs
, vs
->auth
);
2651 if (vs
->minor
>= 8) {
2652 vnc_write_u32(vs
, 0); /* Accept auth completion */
2655 trace_vnc_auth_pass(vs
, vs
->auth
);
2656 start_client_init(vs
);
2663 case VNC_AUTH_VENCRYPT
:
2664 start_auth_vencrypt(vs
);
2667 #ifdef CONFIG_VNC_SASL
2669 start_auth_sasl(vs
);
2671 #endif /* CONFIG_VNC_SASL */
2673 default: /* Should not be possible, but just in case */
2674 trace_vnc_auth_fail(vs
, vs
->auth
, "Unhandled auth method", "");
2675 authentication_failed(vs
);
2681 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2685 memcpy(local
, version
, 12);
2688 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2689 VNC_DEBUG("Malformed protocol version %s\n", local
);
2690 vnc_client_error(vs
);
2693 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2694 if (vs
->major
!= 3 ||
2700 VNC_DEBUG("Unsupported client version\n");
2701 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2703 vnc_client_error(vs
);
2706 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2707 * as equivalent to v3.3 by servers
2709 if (vs
->minor
== 4 || vs
->minor
== 5)
2712 if (vs
->minor
== 3) {
2713 trace_vnc_auth_start(vs
, vs
->auth
);
2714 if (vs
->auth
== VNC_AUTH_NONE
) {
2715 vnc_write_u32(vs
, vs
->auth
);
2717 trace_vnc_auth_pass(vs
, vs
->auth
);
2718 start_client_init(vs
);
2719 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2720 VNC_DEBUG("Tell client VNC auth\n");
2721 vnc_write_u32(vs
, vs
->auth
);
2725 trace_vnc_auth_fail(vs
, vs
->auth
,
2726 "Unsupported auth method for v3.3", "");
2727 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2729 vnc_client_error(vs
);
2732 vnc_write_u8(vs
, 1); /* num auth */
2733 vnc_write_u8(vs
, vs
->auth
);
2734 vnc_read_when(vs
, protocol_client_auth
, 1);
2741 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2743 struct VncSurface
*vs
= &vd
->guest
;
2745 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2748 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2752 w
= (x
+ w
) / VNC_STAT_RECT
;
2753 h
= (y
+ h
) / VNC_STAT_RECT
;
2757 for (j
= y
; j
<= h
; j
++) {
2758 for (i
= x
; i
<= w
; i
++) {
2759 vs
->lossy_rect
[j
][i
] = 1;
2764 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2767 int sty
= y
/ VNC_STAT_RECT
;
2768 int stx
= x
/ VNC_STAT_RECT
;
2771 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2772 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2774 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2777 /* kernel send buffers are full -> refresh later */
2778 if (vs
->output
.offset
) {
2782 if (!vs
->lossy_rect
[sty
][stx
]) {
2786 vs
->lossy_rect
[sty
][stx
] = 0;
2787 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2788 bitmap_set(vs
->dirty
[y
+ j
],
2789 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2790 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2798 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2800 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2801 pixman_image_get_width(vd
->server
));
2802 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2803 pixman_image_get_height(vd
->server
));
2808 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2809 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2810 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2812 rect
->updated
= false;
2816 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2818 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2821 vd
->guest
.last_freq_check
= *tv
;
2823 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2824 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2825 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2826 int count
= ARRAY_SIZE(rect
->times
);
2827 struct timeval min
, max
;
2829 if (!timerisset(&rect
->times
[count
- 1])) {
2833 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2834 qemu_timersub(tv
, &max
, &res
);
2836 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2838 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2839 memset(rect
->times
, 0, sizeof (rect
->times
));
2843 min
= rect
->times
[rect
->idx
];
2844 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2845 qemu_timersub(&max
, &min
, &res
);
2847 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2848 rect
->freq
/= count
;
2849 rect
->freq
= 1. / rect
->freq
;
2855 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2861 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2862 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2864 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2865 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2866 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2878 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2882 rect
= vnc_stat_rect(vd
, x
, y
);
2883 if (rect
->updated
) {
2886 rect
->times
[rect
->idx
] = *tv
;
2887 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2888 rect
->updated
= true;
2891 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2893 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2894 pixman_image_get_width(vd
->server
));
2895 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2896 pixman_image_get_height(vd
->server
));
2897 int cmp_bytes
, server_stride
, line_bytes
, guest_ll
, guest_stride
, y
= 0;
2898 uint8_t *guest_row0
= NULL
, *server_row0
;
2901 pixman_image_t
*tmpbuf
= NULL
;
2903 struct timeval tv
= { 0, 0 };
2905 if (!vd
->non_adaptive
) {
2906 gettimeofday(&tv
, NULL
);
2907 has_dirty
= vnc_update_stats(vd
, &tv
);
2911 * Walk through the guest dirty map.
2912 * Check and copy modified bits from guest to server surface.
2913 * Update server dirty map.
2915 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
2916 server_stride
= guest_stride
= guest_ll
=
2917 pixman_image_get_stride(vd
->server
);
2918 cmp_bytes
= MIN(VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
,
2920 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2921 int width
= pixman_image_get_width(vd
->server
);
2922 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2925 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd
->guest
.fb
));
2926 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2927 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
2928 guest_ll
= pixman_image_get_width(vd
->guest
.fb
)
2929 * DIV_ROUND_UP(guest_bpp
, 8);
2931 line_bytes
= MIN(server_stride
, guest_ll
);
2935 uint8_t *guest_ptr
, *server_ptr
;
2936 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
2937 height
* VNC_DIRTY_BPL(&vd
->guest
),
2938 y
* VNC_DIRTY_BPL(&vd
->guest
));
2939 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
2940 /* no more dirty bits */
2943 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
2944 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
2946 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
2948 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2949 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2950 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2952 guest_ptr
= guest_row0
+ y
* guest_stride
;
2954 guest_ptr
+= x
* cmp_bytes
;
2956 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
2957 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2958 int _cmp_bytes
= cmp_bytes
;
2959 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
2962 if ((x
+ 1) * cmp_bytes
> line_bytes
) {
2963 _cmp_bytes
= line_bytes
- x
* cmp_bytes
;
2965 assert(_cmp_bytes
>= 0);
2966 if (memcmp(server_ptr
, guest_ptr
, _cmp_bytes
) == 0) {
2969 memcpy(server_ptr
, guest_ptr
, _cmp_bytes
);
2970 if (!vd
->non_adaptive
) {
2971 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
2974 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2975 set_bit(x
, vs
->dirty
[y
]);
2982 qemu_pixman_image_unref(tmpbuf
);
2986 static void vnc_refresh(DisplayChangeListener
*dcl
)
2988 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2990 int has_dirty
, rects
= 0;
2992 if (QTAILQ_EMPTY(&vd
->clients
)) {
2993 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
2997 graphic_hw_update(vd
->dcl
.con
);
2999 if (vnc_trylock_display(vd
)) {
3000 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3004 has_dirty
= vnc_refresh_server_surface(vd
);
3005 vnc_unlock_display(vd
);
3007 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
3008 rects
+= vnc_update_client(vs
, has_dirty
);
3009 /* vs might be free()ed here */
3012 if (has_dirty
&& rects
) {
3013 vd
->dcl
.update_interval
/= 2;
3014 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
3015 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
3018 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
3019 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
3020 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
3025 static void vnc_connect(VncDisplay
*vd
, QIOChannelSocket
*sioc
,
3026 bool skipauth
, bool websocket
)
3028 VncState
*vs
= g_new0(VncState
, 1);
3029 bool first_client
= QTAILQ_EMPTY(&vd
->clients
);
3032 trace_vnc_client_connect(vs
, sioc
);
3033 vs
->magic
= VNC_MAGIC
;
3035 object_ref(OBJECT(vs
->sioc
));
3036 vs
->ioc
= QIO_CHANNEL(sioc
);
3037 object_ref(OBJECT(vs
->ioc
));
3040 buffer_init(&vs
->input
, "vnc-input/%p", sioc
);
3041 buffer_init(&vs
->output
, "vnc-output/%p", sioc
);
3042 buffer_init(&vs
->jobs_buffer
, "vnc-jobs_buffer/%p", sioc
);
3044 buffer_init(&vs
->tight
.tight
, "vnc-tight/%p", sioc
);
3045 buffer_init(&vs
->tight
.zlib
, "vnc-tight-zlib/%p", sioc
);
3046 buffer_init(&vs
->tight
.gradient
, "vnc-tight-gradient/%p", sioc
);
3047 #ifdef CONFIG_VNC_JPEG
3048 buffer_init(&vs
->tight
.jpeg
, "vnc-tight-jpeg/%p", sioc
);
3050 #ifdef CONFIG_VNC_PNG
3051 buffer_init(&vs
->tight
.png
, "vnc-tight-png/%p", sioc
);
3053 buffer_init(&vs
->zlib
.zlib
, "vnc-zlib/%p", sioc
);
3054 buffer_init(&vs
->zrle
.zrle
, "vnc-zrle/%p", sioc
);
3055 buffer_init(&vs
->zrle
.fb
, "vnc-zrle-fb/%p", sioc
);
3056 buffer_init(&vs
->zrle
.zlib
, "vnc-zrle-zlib/%p", sioc
);
3059 vs
->auth
= VNC_AUTH_NONE
;
3060 vs
->subauth
= VNC_AUTH_INVALID
;
3063 vs
->auth
= vd
->ws_auth
;
3064 vs
->subauth
= VNC_AUTH_INVALID
;
3066 vs
->auth
= vd
->auth
;
3067 vs
->subauth
= vd
->subauth
;
3070 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3071 sioc
, websocket
, vs
->auth
, vs
->subauth
);
3073 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
3074 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
3075 vs
->lossy_rect
[i
] = g_new0(uint8_t, VNC_STAT_COLS
);
3078 VNC_DEBUG("New client on socket %p\n", vs
->sioc
);
3079 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3080 qio_channel_set_blocking(vs
->ioc
, false, NULL
);
3082 g_source_remove(vs
->ioc_tag
);
3087 vs
->ioc_tag
= qio_channel_add_watch(
3088 vs
->ioc
, G_IO_IN
, vncws_tls_handshake_io
, vs
, NULL
);
3090 vs
->ioc_tag
= qio_channel_add_watch(
3091 vs
->ioc
, G_IO_IN
, vncws_handshake_io
, vs
, NULL
);
3094 vs
->ioc_tag
= qio_channel_add_watch(
3095 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
3098 vnc_client_cache_addr(vs
);
3099 vnc_qmp_event(vs
, QAPI_EVENT_VNC_CONNECTED
);
3100 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
3105 vs
->as
.freq
= 44100;
3106 vs
->as
.nchannels
= 2;
3107 vs
->as
.fmt
= AUDIO_FORMAT_S16
;
3108 vs
->as
.endianness
= 0;
3110 qemu_mutex_init(&vs
->output_mutex
);
3111 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
3113 QTAILQ_INSERT_TAIL(&vd
->clients
, vs
, next
);
3115 vnc_update_server_surface(vd
);
3118 graphic_hw_update(vd
->dcl
.con
);
3120 if (!vs
->websocket
) {
3121 vnc_start_protocol(vs
);
3124 if (vd
->num_connecting
> vd
->connections_limit
) {
3125 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3126 if (vs
->share_mode
== VNC_SHARE_MODE_CONNECTING
) {
3127 vnc_disconnect_start(vs
);
3134 void vnc_start_protocol(VncState
*vs
)
3136 vnc_write(vs
, "RFB 003.008\n", 12);
3138 vnc_read_when(vs
, protocol_version
, 12);
3140 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
3141 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
3144 static void vnc_listen_io(QIONetListener
*listener
,
3145 QIOChannelSocket
*cioc
,
3148 VncDisplay
*vd
= opaque
;
3149 bool isWebsock
= listener
== vd
->wslistener
;
3151 qio_channel_set_name(QIO_CHANNEL(cioc
),
3152 isWebsock
? "vnc-ws-server" : "vnc-server");
3153 qio_channel_set_delay(QIO_CHANNEL(cioc
), false);
3154 vnc_connect(vd
, cioc
, false, isWebsock
);
3157 static const DisplayChangeListenerOps dcl_ops
= {
3159 .dpy_refresh
= vnc_refresh
,
3160 .dpy_gfx_update
= vnc_dpy_update
,
3161 .dpy_gfx_switch
= vnc_dpy_switch
,
3162 .dpy_gfx_check_format
= qemu_pixman_check_format
,
3163 .dpy_mouse_set
= vnc_mouse_set
,
3164 .dpy_cursor_define
= vnc_dpy_cursor_define
,
3167 void vnc_display_init(const char *id
, Error
**errp
)
3171 if (vnc_display_find(id
) != NULL
) {
3174 vd
= g_malloc0(sizeof(*vd
));
3176 vd
->id
= strdup(id
);
3177 QTAILQ_INSERT_TAIL(&vnc_displays
, vd
, next
);
3179 QTAILQ_INIT(&vd
->clients
);
3180 vd
->expires
= TIME_MAX
;
3182 if (keyboard_layout
) {
3183 trace_vnc_key_map_init(keyboard_layout
);
3184 vd
->kbd_layout
= init_keyboard_layout(name2keysym
,
3185 keyboard_layout
, errp
);
3187 vd
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us", errp
);
3190 if (!vd
->kbd_layout
) {
3194 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3195 vd
->connections_limit
= 32;
3197 qemu_mutex_init(&vd
->mutex
);
3198 vnc_start_worker_thread();
3200 vd
->dcl
.ops
= &dcl_ops
;
3201 register_displaychangelistener(&vd
->dcl
);
3202 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
3206 static void vnc_display_close(VncDisplay
*vd
)
3211 vd
->is_unix
= false;
3214 qio_net_listener_disconnect(vd
->listener
);
3215 object_unref(OBJECT(vd
->listener
));
3217 vd
->listener
= NULL
;
3219 if (vd
->wslistener
) {
3220 qio_net_listener_disconnect(vd
->wslistener
);
3221 object_unref(OBJECT(vd
->wslistener
));
3223 vd
->wslistener
= NULL
;
3225 vd
->auth
= VNC_AUTH_INVALID
;
3226 vd
->subauth
= VNC_AUTH_INVALID
;
3228 object_unparent(OBJECT(vd
->tlscreds
));
3229 vd
->tlscreds
= NULL
;
3232 object_unparent(OBJECT(vd
->tlsauthz
));
3233 vd
->tlsauthz
= NULL
;
3235 g_free(vd
->tlsauthzid
);
3236 vd
->tlsauthzid
= NULL
;
3237 if (vd
->lock_key_sync
) {
3238 qemu_remove_led_event_handler(vd
->led
);
3241 #ifdef CONFIG_VNC_SASL
3242 if (vd
->sasl
.authz
) {
3243 object_unparent(OBJECT(vd
->sasl
.authz
));
3244 vd
->sasl
.authz
= NULL
;
3246 g_free(vd
->sasl
.authzid
);
3247 vd
->sasl
.authzid
= NULL
;
3251 int vnc_display_password(const char *id
, const char *password
)
3253 VncDisplay
*vd
= vnc_display_find(id
);
3258 if (vd
->auth
== VNC_AUTH_NONE
) {
3259 error_printf_unless_qmp("If you want use passwords please enable "
3260 "password auth using '-vnc ${dpy},password'.\n");
3264 g_free(vd
->password
);
3265 vd
->password
= g_strdup(password
);
3270 int vnc_display_pw_expire(const char *id
, time_t expires
)
3272 VncDisplay
*vd
= vnc_display_find(id
);
3278 vd
->expires
= expires
;
3282 static void vnc_display_print_local_addr(VncDisplay
*vd
)
3284 SocketAddress
*addr
;
3287 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
3291 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0], &err
);
3296 if (addr
->type
!= SOCKET_ADDRESS_TYPE_INET
) {
3297 qapi_free_SocketAddress(addr
);
3300 error_printf_unless_qmp("VNC server running on %s:%s\n",
3303 qapi_free_SocketAddress(addr
);
3306 static QemuOptsList qemu_vnc_opts
= {
3308 .head
= QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts
.head
),
3309 .implied_opt_name
= "vnc",
3313 .type
= QEMU_OPT_STRING
,
3315 .name
= "websocket",
3316 .type
= QEMU_OPT_STRING
,
3318 .name
= "tls-creds",
3319 .type
= QEMU_OPT_STRING
,
3322 .type
= QEMU_OPT_STRING
,
3325 .type
= QEMU_OPT_STRING
,
3328 .type
= QEMU_OPT_NUMBER
,
3330 .name
= "connections",
3331 .type
= QEMU_OPT_NUMBER
,
3334 .type
= QEMU_OPT_NUMBER
,
3337 .type
= QEMU_OPT_BOOL
,
3340 .type
= QEMU_OPT_BOOL
,
3343 .type
= QEMU_OPT_BOOL
,
3346 .type
= QEMU_OPT_BOOL
,
3348 .name
= "lock-key-sync",
3349 .type
= QEMU_OPT_BOOL
,
3351 .name
= "key-delay-ms",
3352 .type
= QEMU_OPT_NUMBER
,
3355 .type
= QEMU_OPT_BOOL
,
3358 .type
= QEMU_OPT_BOOL
,
3360 .name
= "tls-authz",
3361 .type
= QEMU_OPT_STRING
,
3363 .name
= "sasl-authz",
3364 .type
= QEMU_OPT_STRING
,
3367 .type
= QEMU_OPT_BOOL
,
3369 .name
= "non-adaptive",
3370 .type
= QEMU_OPT_BOOL
,
3372 { /* end of list */ }
3378 vnc_display_setup_auth(int *auth
,
3380 QCryptoTLSCreds
*tlscreds
,
3387 * We have a choice of 3 authentication options
3393 * The channel can be run in 2 modes
3398 * And TLS can use 2 types of credentials
3403 * We thus have 9 possible logical combinations
3408 * 4. tls + anon + none
3409 * 5. tls + anon + vnc
3410 * 6. tls + anon + sasl
3411 * 7. tls + x509 + none
3412 * 8. tls + x509 + vnc
3413 * 9. tls + x509 + sasl
3415 * These need to be mapped into the VNC auth schemes
3416 * in an appropriate manner. In regular VNC, all the
3417 * TLS options get mapped into VNC_AUTH_VENCRYPT
3420 * In websockets, the https:// protocol already provides
3421 * TLS support, so there is no need to make use of the
3422 * VeNCrypt extension. Furthermore, websockets browser
3423 * clients could not use VeNCrypt even if they wanted to,
3424 * as they cannot control when the TLS handshake takes
3425 * place. Thus there is no option but to rely on https://,
3426 * meaning combinations 4->6 and 7->9 will be mapped to
3427 * VNC auth schemes in the same way as combos 1->3.
3429 * Regardless of fact that we have a different mapping to
3430 * VNC auth mechs for plain VNC vs websockets VNC, the end
3431 * result has the same security characteristics.
3433 if (websocket
|| !tlscreds
) {
3435 VNC_DEBUG("Initializing VNC server with password auth\n");
3436 *auth
= VNC_AUTH_VNC
;
3438 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3439 *auth
= VNC_AUTH_SASL
;
3441 VNC_DEBUG("Initializing VNC server with no auth\n");
3442 *auth
= VNC_AUTH_NONE
;
3444 *subauth
= VNC_AUTH_INVALID
;
3446 bool is_x509
= object_dynamic_cast(OBJECT(tlscreds
),
3447 TYPE_QCRYPTO_TLS_CREDS_X509
) != NULL
;
3448 bool is_anon
= object_dynamic_cast(OBJECT(tlscreds
),
3449 TYPE_QCRYPTO_TLS_CREDS_ANON
) != NULL
;
3451 if (!is_x509
&& !is_anon
) {
3453 "Unsupported TLS cred type %s",
3454 object_get_typename(OBJECT(tlscreds
)));
3457 *auth
= VNC_AUTH_VENCRYPT
;
3460 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3461 *subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3463 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3464 *subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3469 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3470 *subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3472 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3473 *subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3477 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3478 *subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3480 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3481 *subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3489 static int vnc_display_get_address(const char *addrstr
,
3498 SocketAddress
**retaddr
,
3502 SocketAddress
*addr
= NULL
;
3504 addr
= g_new0(SocketAddress
, 1);
3506 if (strncmp(addrstr
, "unix:", 5) == 0) {
3507 addr
->type
= SOCKET_ADDRESS_TYPE_UNIX
;
3508 addr
->u
.q_unix
.path
= g_strdup(addrstr
+ 5);
3511 error_setg(errp
, "UNIX sockets not supported with websock");
3516 error_setg(errp
, "Port range not support with UNIX socket");
3523 unsigned long long baseport
= 0;
3524 InetSocketAddress
*inet
;
3526 port
= strrchr(addrstr
, ':');
3532 error_setg(errp
, "no vnc port specified");
3536 hostlen
= port
- addrstr
;
3538 if (*port
== '\0') {
3539 error_setg(errp
, "vnc port cannot be empty");
3544 addr
->type
= SOCKET_ADDRESS_TYPE_INET
;
3545 inet
= &addr
->u
.inet
;
3546 if (addrstr
[0] == '[' && addrstr
[hostlen
- 1] == ']') {
3547 inet
->host
= g_strndup(addrstr
+ 1, hostlen
- 2);
3549 inet
->host
= g_strndup(addrstr
, hostlen
);
3551 /* plain VNC port is just an offset, for websocket
3552 * port is absolute */
3554 if (g_str_equal(addrstr
, "") ||
3555 g_str_equal(addrstr
, "on")) {
3556 if (displaynum
== -1) {
3557 error_setg(errp
, "explicit websocket port is required");
3560 inet
->port
= g_strdup_printf(
3561 "%d", displaynum
+ 5700);
3563 inet
->has_to
= true;
3564 inet
->to
= to
+ 5700;
3567 inet
->port
= g_strdup(port
);
3570 int offset
= reverse
? 0 : 5900;
3571 if (parse_uint_full(port
, &baseport
, 10) < 0) {
3572 error_setg(errp
, "can't convert to a number: %s", port
);
3575 if (baseport
> 65535 ||
3576 baseport
+ offset
> 65535) {
3577 error_setg(errp
, "port %s out of range", port
);
3580 inet
->port
= g_strdup_printf(
3581 "%d", (int)baseport
+ offset
);
3584 inet
->has_to
= true;
3585 inet
->to
= to
+ offset
;
3590 inet
->has_ipv4
= has_ipv4
;
3592 inet
->has_ipv6
= has_ipv6
;
3601 qapi_free_SocketAddress(addr
);
3606 static void vnc_free_addresses(SocketAddress
***retsaddr
,
3611 for (i
= 0; i
< *retnsaddr
; i
++) {
3612 qapi_free_SocketAddress((*retsaddr
)[i
]);
3620 static int vnc_display_get_addresses(QemuOpts
*opts
,
3622 SocketAddress
***retsaddr
,
3624 SocketAddress
***retwsaddr
,
3628 SocketAddress
*saddr
= NULL
;
3629 SocketAddress
*wsaddr
= NULL
;
3630 QemuOptsIter addriter
;
3632 int to
= qemu_opt_get_number(opts
, "to", 0);
3633 bool has_ipv4
= qemu_opt_get(opts
, "ipv4");
3634 bool has_ipv6
= qemu_opt_get(opts
, "ipv6");
3635 bool ipv4
= qemu_opt_get_bool(opts
, "ipv4", false);
3636 bool ipv6
= qemu_opt_get_bool(opts
, "ipv6", false);
3637 int displaynum
= -1;
3645 addr
= qemu_opt_get(opts
, "vnc");
3646 if (addr
== NULL
|| g_str_equal(addr
, "none")) {
3650 if (qemu_opt_get(opts
, "websocket") &&
3651 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1
)) {
3653 "SHA1 hash support is required for websockets");
3657 qemu_opt_iter_init(&addriter
, opts
, "vnc");
3658 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3660 rv
= vnc_display_get_address(addr
, false, reverse
, 0, to
,
3667 /* Historical compat - first listen address can be used
3668 * to set the default websocket port
3670 if (displaynum
== -1) {
3673 *retsaddr
= g_renew(SocketAddress
*, *retsaddr
, *retnsaddr
+ 1);
3674 (*retsaddr
)[(*retnsaddr
)++] = saddr
;
3677 /* If we had multiple primary displays, we don't do defaults
3678 * for websocket, and require explicit config instead. */
3679 if (*retnsaddr
> 1) {
3683 qemu_opt_iter_init(&addriter
, opts
, "websocket");
3684 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3685 if (vnc_display_get_address(addr
, true, reverse
, displaynum
, to
,
3688 &wsaddr
, errp
) < 0) {
3692 /* Historical compat - if only a single listen address was
3693 * provided, then this is used to set the default listen
3694 * address for websocket too
3696 if (*retnsaddr
== 1 &&
3697 (*retsaddr
)[0]->type
== SOCKET_ADDRESS_TYPE_INET
&&
3698 wsaddr
->type
== SOCKET_ADDRESS_TYPE_INET
&&
3699 g_str_equal(wsaddr
->u
.inet
.host
, "") &&
3700 !g_str_equal((*retsaddr
)[0]->u
.inet
.host
, "")) {
3701 g_free(wsaddr
->u
.inet
.host
);
3702 wsaddr
->u
.inet
.host
= g_strdup((*retsaddr
)[0]->u
.inet
.host
);
3705 *retwsaddr
= g_renew(SocketAddress
*, *retwsaddr
, *retnwsaddr
+ 1);
3706 (*retwsaddr
)[(*retnwsaddr
)++] = wsaddr
;
3712 vnc_free_addresses(retsaddr
, retnsaddr
);
3713 vnc_free_addresses(retwsaddr
, retnwsaddr
);
3718 static int vnc_display_connect(VncDisplay
*vd
,
3719 SocketAddress
**saddr
,
3721 SocketAddress
**wsaddr
,
3725 /* connect to viewer */
3726 QIOChannelSocket
*sioc
= NULL
;
3728 error_setg(errp
, "Cannot use websockets in reverse mode");
3732 error_setg(errp
, "Expected a single address in reverse mode");
3735 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3736 vd
->is_unix
= saddr
[0]->type
== SOCKET_ADDRESS_TYPE_UNIX
;
3737 sioc
= qio_channel_socket_new();
3738 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-reverse");
3739 if (qio_channel_socket_connect_sync(sioc
, saddr
[0], errp
) < 0) {
3742 vnc_connect(vd
, sioc
, false, false);
3743 object_unref(OBJECT(sioc
));
3748 static int vnc_display_listen(VncDisplay
*vd
,
3749 SocketAddress
**saddr
,
3751 SocketAddress
**wsaddr
,
3758 vd
->listener
= qio_net_listener_new();
3759 qio_net_listener_set_name(vd
->listener
, "vnc-listen");
3760 for (i
= 0; i
< nsaddr
; i
++) {
3761 if (qio_net_listener_open_sync(vd
->listener
,
3768 qio_net_listener_set_client_func(vd
->listener
,
3769 vnc_listen_io
, vd
, NULL
);
3773 vd
->wslistener
= qio_net_listener_new();
3774 qio_net_listener_set_name(vd
->wslistener
, "vnc-ws-listen");
3775 for (i
= 0; i
< nwsaddr
; i
++) {
3776 if (qio_net_listener_open_sync(vd
->wslistener
,
3783 qio_net_listener_set_client_func(vd
->wslistener
,
3784 vnc_listen_io
, vd
, NULL
);
3791 void vnc_display_open(const char *id
, Error
**errp
)
3793 VncDisplay
*vd
= vnc_display_find(id
);
3794 QemuOpts
*opts
= qemu_opts_find(&qemu_vnc_opts
, id
);
3795 SocketAddress
**saddr
= NULL
, **wsaddr
= NULL
;
3796 size_t nsaddr
, nwsaddr
;
3797 const char *share
, *device_id
;
3799 bool password
= false;
3800 bool reverse
= false;
3804 const char *tlsauthz
;
3805 const char *saslauthz
;
3806 int lock_key_sync
= 1;
3810 error_setg(errp
, "VNC display not active");
3813 vnc_display_close(vd
);
3819 reverse
= qemu_opt_get_bool(opts
, "reverse", false);
3820 if (vnc_display_get_addresses(opts
, reverse
, &saddr
, &nsaddr
,
3821 &wsaddr
, &nwsaddr
, errp
) < 0) {
3825 password
= qemu_opt_get_bool(opts
, "password", false);
3827 if (fips_get_state()) {
3829 "VNC password auth disabled due to FIPS mode, "
3830 "consider using the VeNCrypt or SASL authentication "
3831 "methods as an alternative");
3834 if (!qcrypto_cipher_supports(
3835 QCRYPTO_CIPHER_ALG_DES_RFB
, QCRYPTO_CIPHER_MODE_ECB
)) {
3837 "Cipher backend does not support DES RFB algorithm");
3842 lock_key_sync
= qemu_opt_get_bool(opts
, "lock-key-sync", true);
3843 key_delay_ms
= qemu_opt_get_number(opts
, "key-delay-ms", 10);
3844 sasl
= qemu_opt_get_bool(opts
, "sasl", false);
3845 #ifndef CONFIG_VNC_SASL
3847 error_setg(errp
, "VNC SASL auth requires cyrus-sasl support");
3850 #endif /* CONFIG_VNC_SASL */
3851 credid
= qemu_opt_get(opts
, "tls-creds");
3854 creds
= object_resolve_path_component(
3855 object_get_objects_root(), credid
);
3857 error_setg(errp
, "No TLS credentials with id '%s'",
3861 vd
->tlscreds
= (QCryptoTLSCreds
*)
3862 object_dynamic_cast(creds
,
3863 TYPE_QCRYPTO_TLS_CREDS
);
3864 if (!vd
->tlscreds
) {
3865 error_setg(errp
, "Object with id '%s' is not TLS credentials",
3869 object_ref(OBJECT(vd
->tlscreds
));
3871 if (vd
->tlscreds
->endpoint
!= QCRYPTO_TLS_CREDS_ENDPOINT_SERVER
) {
3873 "Expecting TLS credentials with a server endpoint");
3877 if (qemu_opt_get(opts
, "acl")) {
3878 error_report("The 'acl' option to -vnc is deprecated. "
3879 "Please use the 'tls-authz' and 'sasl-authz' "
3882 acl
= qemu_opt_get_bool(opts
, "acl", false);
3883 tlsauthz
= qemu_opt_get(opts
, "tls-authz");
3884 if (acl
&& tlsauthz
) {
3885 error_setg(errp
, "'acl' option is mutually exclusive with the "
3886 "'tls-authz' option");
3889 if (tlsauthz
&& !vd
->tlscreds
) {
3890 error_setg(errp
, "'tls-authz' provided but TLS is not enabled");
3894 saslauthz
= qemu_opt_get(opts
, "sasl-authz");
3895 if (acl
&& saslauthz
) {
3896 error_setg(errp
, "'acl' option is mutually exclusive with the "
3897 "'sasl-authz' option");
3900 if (saslauthz
&& !sasl
) {
3901 error_setg(errp
, "'sasl-authz' provided but SASL auth is not enabled");
3905 share
= qemu_opt_get(opts
, "share");
3907 if (strcmp(share
, "ignore") == 0) {
3908 vd
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3909 } else if (strcmp(share
, "allow-exclusive") == 0) {
3910 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3911 } else if (strcmp(share
, "force-shared") == 0) {
3912 vd
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3914 error_setg(errp
, "unknown vnc share= option");
3918 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3920 vd
->connections_limit
= qemu_opt_get_number(opts
, "connections", 32);
3922 #ifdef CONFIG_VNC_JPEG
3923 vd
->lossy
= qemu_opt_get_bool(opts
, "lossy", false);
3925 vd
->non_adaptive
= qemu_opt_get_bool(opts
, "non-adaptive", false);
3926 /* adaptive updates are only used with tight encoding and
3927 * if lossy updates are enabled so we can disable all the
3928 * calculations otherwise */
3930 vd
->non_adaptive
= true;
3934 vd
->tlsauthzid
= g_strdup(tlsauthz
);
3936 if (strcmp(vd
->id
, "default") == 0) {
3937 vd
->tlsauthzid
= g_strdup("vnc.x509dname");
3939 vd
->tlsauthzid
= g_strdup_printf("vnc.%s.x509dname", vd
->id
);
3941 vd
->tlsauthz
= QAUTHZ(qauthz_list_new(vd
->tlsauthzid
,
3942 QAUTHZ_LIST_POLICY_DENY
,
3945 #ifdef CONFIG_VNC_SASL
3948 vd
->sasl
.authzid
= g_strdup(saslauthz
);
3950 if (strcmp(vd
->id
, "default") == 0) {
3951 vd
->sasl
.authzid
= g_strdup("vnc.username");
3953 vd
->sasl
.authzid
= g_strdup_printf("vnc.%s.username", vd
->id
);
3955 vd
->sasl
.authz
= QAUTHZ(qauthz_list_new(vd
->sasl
.authzid
,
3956 QAUTHZ_LIST_POLICY_DENY
,
3962 if (vnc_display_setup_auth(&vd
->auth
, &vd
->subauth
,
3963 vd
->tlscreds
, password
,
3964 sasl
, false, errp
) < 0) {
3967 trace_vnc_auth_init(vd
, 0, vd
->auth
, vd
->subauth
);
3969 if (vnc_display_setup_auth(&vd
->ws_auth
, &vd
->ws_subauth
,
3970 vd
->tlscreds
, password
,
3971 sasl
, true, errp
) < 0) {
3974 trace_vnc_auth_init(vd
, 1, vd
->ws_auth
, vd
->ws_subauth
);
3976 #ifdef CONFIG_VNC_SASL
3978 int saslErr
= sasl_server_init(NULL
, "qemu");
3980 if (saslErr
!= SASL_OK
) {
3981 error_setg(errp
, "Failed to initialize SASL auth: %s",
3982 sasl_errstring(saslErr
, NULL
, NULL
));
3987 vd
->lock_key_sync
= lock_key_sync
;
3988 if (lock_key_sync
) {
3989 vd
->led
= qemu_add_led_event_handler(kbd_leds
, vd
);
3993 device_id
= qemu_opt_get(opts
, "display");
3995 int head
= qemu_opt_get_number(opts
, "head", 0);
3998 con
= qemu_console_lookup_by_device_name(device_id
, head
, &err
);
4000 error_propagate(errp
, err
);
4007 if (con
!= vd
->dcl
.con
) {
4008 qkbd_state_free(vd
->kbd
);
4009 unregister_displaychangelistener(&vd
->dcl
);
4011 register_displaychangelistener(&vd
->dcl
);
4012 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
4014 qkbd_state_set_delay(vd
->kbd
, key_delay_ms
);
4016 if (saddr
== NULL
) {
4021 if (vnc_display_connect(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4025 if (vnc_display_listen(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4030 if (qemu_opt_get(opts
, "to")) {
4031 vnc_display_print_local_addr(vd
);
4035 vnc_free_addresses(&saddr
, &nsaddr
);
4036 vnc_free_addresses(&wsaddr
, &nwsaddr
);
4040 vnc_display_close(vd
);
4044 void vnc_display_add_client(const char *id
, int csock
, bool skipauth
)
4046 VncDisplay
*vd
= vnc_display_find(id
);
4047 QIOChannelSocket
*sioc
;
4053 sioc
= qio_channel_socket_new_fd(csock
, NULL
);
4055 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-server");
4056 vnc_connect(vd
, sioc
, skipauth
, false);
4057 object_unref(OBJECT(sioc
));
4061 static void vnc_auto_assign_id(QemuOptsList
*olist
, QemuOpts
*opts
)
4066 id
= g_strdup("default");
4067 while (qemu_opts_find(olist
, id
)) {
4069 id
= g_strdup_printf("vnc%d", i
++);
4071 qemu_opts_set_id(opts
, id
);
4074 QemuOpts
*vnc_parse(const char *str
, Error
**errp
)
4076 QemuOptsList
*olist
= qemu_find_opts("vnc");
4077 QemuOpts
*opts
= qemu_opts_parse(olist
, str
, true, errp
);
4084 id
= qemu_opts_id(opts
);
4086 /* auto-assign id if not present */
4087 vnc_auto_assign_id(olist
, opts
);
4092 int vnc_init_func(void *opaque
, QemuOpts
*opts
, Error
**errp
)
4094 Error
*local_err
= NULL
;
4095 char *id
= (char *)qemu_opts_id(opts
);
4098 vnc_display_init(id
, &local_err
);
4100 error_propagate(errp
, local_err
);
4103 vnc_display_open(id
, &local_err
);
4104 if (local_err
!= NULL
) {
4105 error_propagate(errp
, local_err
);
4111 static void vnc_register_config(void)
4113 qemu_add_opts(&qemu_vnc_opts
);
4115 opts_init(vnc_register_config
);