2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
38 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
39 #define VNC_REFRESH_INTERVAL_INC 50
40 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
41 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
42 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
44 #include "vnc_keysym.h"
47 static VncDisplay
*vnc_display
; /* needed for info vnc */
49 static int vnc_cursor_define(VncState
*vs
);
50 static void vnc_release_modifiers(VncState
*vs
);
52 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
55 static const char *mn
[] = {
57 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
58 [VNC_SHARE_MODE_SHARED
] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
62 fprintf(stderr
, "%s/%d: %s -> %s\n", __func__
,
63 vs
->csock
, mn
[vs
->share_mode
], mn
[mode
]);
66 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
67 vs
->vd
->num_exclusive
--;
69 vs
->share_mode
= mode
;
70 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
71 vs
->vd
->num_exclusive
++;
75 static char *addr_to_string(const char *format
,
76 struct sockaddr_storage
*sa
,
79 char host
[NI_MAXHOST
];
80 char serv
[NI_MAXSERV
];
84 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
87 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err
, gai_strerror(err
));
93 /* Enough for the existing format + the 2 vars we're
95 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
96 addr
= g_malloc(addrlen
+ 1);
97 snprintf(addr
, addrlen
, format
, host
, serv
);
104 char *vnc_socket_local_addr(const char *format
, int fd
) {
105 struct sockaddr_storage sa
;
109 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
112 return addr_to_string(format
, &sa
, salen
);
115 char *vnc_socket_remote_addr(const char *format
, int fd
) {
116 struct sockaddr_storage sa
;
120 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
123 return addr_to_string(format
, &sa
, salen
);
126 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
129 char host
[NI_MAXHOST
];
130 char serv
[NI_MAXSERV
];
133 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
136 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err
, gai_strerror(err
));
142 qdict_put(qdict
, "host", qstring_from_str(host
));
143 qdict_put(qdict
, "service", qstring_from_str(serv
));
144 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
149 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
151 struct sockaddr_storage sa
;
155 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
159 return put_addr_qdict(qdict
, &sa
, salen
);
162 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
164 struct sockaddr_storage sa
;
168 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
172 return put_addr_qdict(qdict
, &sa
, salen
);
175 static const char *vnc_auth_name(VncDisplay
*vd
) {
177 case VNC_AUTH_INVALID
:
193 case VNC_AUTH_VENCRYPT
:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd
->subauth
) {
196 case VNC_AUTH_VENCRYPT_PLAIN
:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE
:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC
:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE
:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC
:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN
:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL
:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL
:
213 return "vencrypt+x509+sasl";
226 static int vnc_server_info_put(QDict
*qdict
)
228 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
232 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
236 static void vnc_client_cache_auth(VncState
*client
)
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict
= qobject_to_qdict(client
->info
);
250 #ifdef CONFIG_VNC_TLS
251 if (client
->tls
.session
&&
253 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
256 #ifdef CONFIG_VNC_SASL
257 if (client
->sasl
.conn
&&
258 client
->sasl
.username
) {
259 qdict_put(qdict
, "sasl_username",
260 qstring_from_str(client
->sasl
.username
));
265 static void vnc_client_cache_addr(VncState
*client
)
270 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
272 /* XXX: how to report the error? */
276 client
->info
= QOBJECT(qdict
);
279 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
288 server
= qdict_new();
289 if (vnc_server_info_put(server
) < 0) {
294 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs
->info
, QOBJECT(server
));
297 monitor_protocol_event(event
, data
);
299 qobject_incref(vs
->info
);
300 qobject_decref(data
);
303 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
305 struct sockaddr_storage sa
;
306 socklen_t salen
= sizeof(sa
);
307 char host
[NI_MAXHOST
];
308 char serv
[NI_MAXSERV
];
311 if (getpeername(client
->csock
, (struct sockaddr
*)&sa
, &salen
) < 0) {
315 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
318 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
322 info
= g_malloc0(sizeof(*info
));
323 info
->host
= g_strdup(host
);
324 info
->service
= g_strdup(serv
);
325 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
327 #ifdef CONFIG_VNC_TLS
328 if (client
->tls
.session
&& client
->tls
.dname
) {
329 info
->has_x509_dname
= true;
330 info
->x509_dname
= g_strdup(client
->tls
.dname
);
333 #ifdef CONFIG_VNC_SASL
334 if (client
->sasl
.conn
&& client
->sasl
.username
) {
335 info
->has_sasl_username
= true;
336 info
->sasl_username
= g_strdup(client
->sasl
.username
);
343 VncInfo
*qmp_query_vnc(Error
**errp
)
345 VncInfo
*info
= g_malloc0(sizeof(*info
));
347 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
348 info
->enabled
= false;
350 VncClientInfoList
*cur_item
= NULL
;
351 struct sockaddr_storage sa
;
352 socklen_t salen
= sizeof(sa
);
353 char host
[NI_MAXHOST
];
354 char serv
[NI_MAXSERV
];
357 info
->enabled
= true;
359 /* for compatibility with the original command */
360 info
->has_clients
= true;
362 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
363 VncClientInfoList
*cinfo
= g_malloc0(sizeof(*info
));
364 cinfo
->value
= qmp_query_vnc_client(client
);
366 /* XXX: waiting for the qapi to support GSList */
368 info
->clients
= cur_item
= cinfo
;
370 cur_item
->next
= cinfo
;
375 if (vnc_display
->lsock
== -1) {
379 if (getsockname(vnc_display
->lsock
, (struct sockaddr
*)&sa
,
381 error_set(errp
, QERR_UNDEFINED_ERROR
);
385 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
388 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
389 error_set(errp
, QERR_UNDEFINED_ERROR
);
393 info
->has_host
= true;
394 info
->host
= g_strdup(host
);
396 info
->has_service
= true;
397 info
->service
= g_strdup(serv
);
399 info
->has_family
= true;
400 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
402 info
->has_auth
= true;
403 info
->auth
= g_strdup(vnc_auth_name(vnc_display
));
409 qapi_free_VncInfo(info
);
414 1) Get the queue working for IO.
415 2) there is some weirdness when using the -S option (the screen is grey
416 and not totally invalidated
417 3) resolutions > 1024
420 static int vnc_update_client(VncState
*vs
, int has_dirty
, bool sync
);
421 static void vnc_disconnect_start(VncState
*vs
);
423 static void vnc_colordepth(VncState
*vs
);
424 static void framebuffer_update_request(VncState
*vs
, int incremental
,
425 int x_position
, int y_position
,
427 static void vnc_refresh(DisplayChangeListener
*dcl
);
428 static int vnc_refresh_server_surface(VncDisplay
*vd
);
430 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
431 int x
, int y
, int w
, int h
)
433 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
434 struct VncSurface
*s
= &vd
->guest
;
435 int width
= surface_width(vd
->ds
);
436 int height
= surface_height(vd
->ds
);
438 /* this is needed this to ensure we updated all affected
439 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
440 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
441 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
445 w
= MIN(x
+ w
, width
) - x
;
446 h
= MIN(y
+ h
, height
);
449 bitmap_set(s
->dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
450 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
454 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
457 vnc_write_u16(vs
, x
);
458 vnc_write_u16(vs
, y
);
459 vnc_write_u16(vs
, w
);
460 vnc_write_u16(vs
, h
);
462 vnc_write_s32(vs
, encoding
);
465 void buffer_reserve(Buffer
*buffer
, size_t len
)
467 if ((buffer
->capacity
- buffer
->offset
) < len
) {
468 buffer
->capacity
+= (len
+ 1024);
469 buffer
->buffer
= g_realloc(buffer
->buffer
, buffer
->capacity
);
470 if (buffer
->buffer
== NULL
) {
471 fprintf(stderr
, "vnc: out of memory\n");
477 static int buffer_empty(Buffer
*buffer
)
479 return buffer
->offset
== 0;
482 uint8_t *buffer_end(Buffer
*buffer
)
484 return buffer
->buffer
+ buffer
->offset
;
487 void buffer_reset(Buffer
*buffer
)
492 void buffer_free(Buffer
*buffer
)
494 g_free(buffer
->buffer
);
496 buffer
->capacity
= 0;
497 buffer
->buffer
= NULL
;
500 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
502 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
503 buffer
->offset
+= len
;
506 void buffer_advance(Buffer
*buf
, size_t len
)
508 memmove(buf
->buffer
, buf
->buffer
+ len
,
509 (buf
->offset
- len
));
513 static void vnc_desktop_resize(VncState
*vs
)
515 DisplaySurface
*ds
= vs
->vd
->ds
;
517 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
520 if (vs
->client_width
== surface_width(ds
) &&
521 vs
->client_height
== surface_height(ds
)) {
524 vs
->client_width
= surface_width(ds
);
525 vs
->client_height
= surface_height(ds
);
527 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
529 vnc_write_u16(vs
, 1); /* number of rects */
530 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
531 VNC_ENCODING_DESKTOPRESIZE
);
532 vnc_unlock_output(vs
);
536 static void vnc_abort_display_jobs(VncDisplay
*vd
)
540 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
543 vnc_unlock_output(vs
);
545 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
548 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
551 vnc_unlock_output(vs
);
555 int vnc_server_fb_stride(VncDisplay
*vd
)
557 return pixman_image_get_stride(vd
->server
);
560 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
564 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
565 ptr
+= y
* vnc_server_fb_stride(vd
);
566 ptr
+= x
* VNC_SERVER_FB_BYTES
;
569 /* this sets only the visible pixels of a dirty bitmap */
570 #define VNC_SET_VISIBLE_PIXELS_DIRTY(bitmap, w, h) {\
572 memset(bitmap, 0x00, sizeof(bitmap));\
573 for (y = 0; y < h; y++) {\
574 bitmap_set(bitmap[y], 0,\
575 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));\
579 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
580 DisplaySurface
*surface
)
582 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
585 vnc_abort_display_jobs(vd
);
588 qemu_pixman_image_unref(vd
->server
);
590 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
591 surface_width(vd
->ds
),
592 surface_height(vd
->ds
),
597 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
598 console_color_init(ds
);
600 qemu_pixman_image_unref(vd
->guest
.fb
);
601 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
602 vd
->guest
.format
= surface
->format
;
603 VNC_SET_VISIBLE_PIXELS_DIRTY(vd
->guest
.dirty
,
604 surface_width(vd
->ds
),
605 surface_height(vd
->ds
));
607 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
609 vnc_desktop_resize(vs
);
610 if (vs
->vd
->cursor
) {
611 vnc_cursor_define(vs
);
613 VNC_SET_VISIBLE_PIXELS_DIRTY(vs
->dirty
,
614 surface_width(vd
->ds
),
615 surface_height(vd
->ds
));
620 static void vnc_write_pixels_copy(VncState
*vs
,
621 void *pixels
, int size
)
623 vnc_write(vs
, pixels
, size
);
626 /* slowest but generic code. */
627 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
631 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
632 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
633 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
634 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
636 # error need some bits here if you change VNC_SERVER_FB_FORMAT
638 v
= (r
<< vs
->client_pf
.rshift
) |
639 (g
<< vs
->client_pf
.gshift
) |
640 (b
<< vs
->client_pf
.bshift
);
641 switch (vs
->client_pf
.bytes_per_pixel
) {
671 static void vnc_write_pixels_generic(VncState
*vs
,
672 void *pixels1
, int size
)
676 if (VNC_SERVER_FB_BYTES
== 4) {
677 uint32_t *pixels
= pixels1
;
680 for (i
= 0; i
< n
; i
++) {
681 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
682 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
687 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
691 VncDisplay
*vd
= vs
->vd
;
693 row
= vnc_server_fb_ptr(vd
, x
, y
);
694 for (i
= 0; i
< h
; i
++) {
695 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
696 row
+= vnc_server_fb_stride(vd
);
701 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
705 switch(vs
->vnc_encoding
) {
706 case VNC_ENCODING_ZLIB
:
707 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
709 case VNC_ENCODING_HEXTILE
:
710 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
711 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
713 case VNC_ENCODING_TIGHT
:
714 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
716 case VNC_ENCODING_TIGHT_PNG
:
717 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
719 case VNC_ENCODING_ZRLE
:
720 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
722 case VNC_ENCODING_ZYWRLE
:
723 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
726 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
727 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
733 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
735 /* send bitblit op to the vnc client */
737 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
739 vnc_write_u16(vs
, 1); /* number of rects */
740 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
741 vnc_write_u16(vs
, src_x
);
742 vnc_write_u16(vs
, src_y
);
743 vnc_unlock_output(vs
);
747 static void vnc_dpy_copy(DisplayChangeListener
*dcl
,
748 int src_x
, int src_y
,
749 int dst_x
, int dst_y
, int w
, int h
)
751 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
755 int i
, x
, y
, pitch
, inc
, w_lim
, s
;
758 vnc_refresh_server_surface(vd
);
759 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
760 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
761 vs
->force_update
= 1;
762 vnc_update_client(vs
, 1, true);
763 /* vs might be free()ed here */
767 /* do bitblit op on the local surface too */
768 pitch
= vnc_server_fb_stride(vd
);
769 src_row
= vnc_server_fb_ptr(vd
, src_x
, src_y
);
770 dst_row
= vnc_server_fb_ptr(vd
, dst_x
, dst_y
);
775 src_row
+= pitch
* (h
-1);
776 dst_row
+= pitch
* (h
-1);
781 w_lim
= w
- (VNC_DIRTY_PIXELS_PER_BIT
- (dst_x
% VNC_DIRTY_PIXELS_PER_BIT
));
785 w_lim
= w
- (w_lim
% VNC_DIRTY_PIXELS_PER_BIT
);
787 for (i
= 0; i
< h
; i
++) {
788 for (x
= 0; x
<= w_lim
;
789 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
791 if ((s
= w
- w_lim
) == 0)
794 s
= (VNC_DIRTY_PIXELS_PER_BIT
-
795 (dst_x
% VNC_DIRTY_PIXELS_PER_BIT
));
798 s
= VNC_DIRTY_PIXELS_PER_BIT
;
800 cmp_bytes
= s
* VNC_SERVER_FB_BYTES
;
801 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
803 memmove(dst_row
, src_row
, cmp_bytes
);
804 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
805 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
806 set_bit(((x
+ dst_x
) / VNC_DIRTY_PIXELS_PER_BIT
),
811 src_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
812 dst_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
816 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
817 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
818 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
823 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
824 int x
, int y
, int visible
)
826 /* can we ask the client(s) to move the pointer ??? */
829 static int vnc_cursor_define(VncState
*vs
)
831 QEMUCursor
*c
= vs
->vd
->cursor
;
834 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
836 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
837 vnc_write_u8(vs
, 0); /* padding */
838 vnc_write_u16(vs
, 1); /* # of rects */
839 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
840 VNC_ENCODING_RICH_CURSOR
);
841 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
842 vnc_write_pixels_generic(vs
, c
->data
, isize
);
843 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
844 vnc_unlock_output(vs
);
850 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
853 VncDisplay
*vd
= vnc_display
;
856 cursor_put(vd
->cursor
);
857 g_free(vd
->cursor_mask
);
860 cursor_get(vd
->cursor
);
861 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
862 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
863 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
865 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
866 vnc_cursor_define(vs
);
870 static int find_and_clear_dirty_height(struct VncState
*vs
,
871 int y
, int last_x
, int x
, int height
)
875 for (h
= 1; h
< (height
- y
); h
++) {
876 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
879 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
885 static int vnc_update_client(VncState
*vs
, int has_dirty
, bool sync
)
887 if (vs
->need_update
&& vs
->csock
!= -1) {
888 VncDisplay
*vd
= vs
->vd
;
894 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
895 /* kernel send buffers are full -> drop frames to throttle */
898 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
902 * Send screen updates to the vnc client using the server
903 * surface and server dirty map. guest surface updates
904 * happening in parallel don't disturb us, the next pass will
905 * send them to the client.
907 job
= vnc_job_new(vs
);
909 height
= MIN(pixman_image_get_height(vd
->server
), vs
->client_height
);
910 width
= MIN(pixman_image_get_width(vd
->server
), vs
->client_width
);
916 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
917 height
* VNC_DIRTY_BPL(vs
),
918 y
* VNC_DIRTY_BPL(vs
));
919 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
920 /* no more dirty bits */
923 y
= offset
/ VNC_DIRTY_BPL(vs
);
924 x
= offset
% VNC_DIRTY_BPL(vs
);
925 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
926 VNC_DIRTY_BPL(vs
), x
);
927 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
928 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
929 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
931 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
932 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
937 vs
->force_update
= 0;
941 if (vs
->csock
== -1) {
942 vnc_disconnect_finish(vs
);
951 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
953 VncState
*vs
= opaque
;
956 case AUD_CNOTIFY_DISABLE
:
958 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
959 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
960 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
961 vnc_unlock_output(vs
);
965 case AUD_CNOTIFY_ENABLE
:
967 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
968 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
969 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
970 vnc_unlock_output(vs
);
976 static void audio_capture_destroy(void *opaque
)
980 static void audio_capture(void *opaque
, void *buf
, int size
)
982 VncState
*vs
= opaque
;
985 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
986 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
987 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
988 vnc_write_u32(vs
, size
);
989 vnc_write(vs
, buf
, size
);
990 vnc_unlock_output(vs
);
994 static void audio_add(VncState
*vs
)
996 struct audio_capture_ops ops
;
999 error_report("audio already running");
1003 ops
.notify
= audio_capture_notify
;
1004 ops
.destroy
= audio_capture_destroy
;
1005 ops
.capture
= audio_capture
;
1007 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1008 if (!vs
->audio_cap
) {
1009 error_report("Failed to add audio capture");
1013 static void audio_del(VncState
*vs
)
1015 if (vs
->audio_cap
) {
1016 AUD_del_capture(vs
->audio_cap
, vs
);
1017 vs
->audio_cap
= NULL
;
1021 static void vnc_disconnect_start(VncState
*vs
)
1023 if (vs
->csock
== -1)
1025 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1026 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1027 closesocket(vs
->csock
);
1031 void vnc_disconnect_finish(VncState
*vs
)
1035 vnc_jobs_join(vs
); /* Wait encoding jobs */
1037 vnc_lock_output(vs
);
1038 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1040 buffer_free(&vs
->input
);
1041 buffer_free(&vs
->output
);
1042 #ifdef CONFIG_VNC_WS
1043 buffer_free(&vs
->ws_input
);
1044 buffer_free(&vs
->ws_output
);
1045 #endif /* CONFIG_VNC_WS */
1047 qobject_decref(vs
->info
);
1050 vnc_tight_clear(vs
);
1053 #ifdef CONFIG_VNC_TLS
1054 vnc_tls_client_cleanup(vs
);
1055 #endif /* CONFIG_VNC_TLS */
1056 #ifdef CONFIG_VNC_SASL
1057 vnc_sasl_client_cleanup(vs
);
1058 #endif /* CONFIG_VNC_SASL */
1060 vnc_release_modifiers(vs
);
1062 if (vs
->initialized
) {
1063 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1064 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1067 if (vs
->vd
->lock_key_sync
)
1068 qemu_remove_led_event_handler(vs
->led
);
1069 vnc_unlock_output(vs
);
1071 qemu_mutex_destroy(&vs
->output_mutex
);
1072 if (vs
->bh
!= NULL
) {
1073 qemu_bh_delete(vs
->bh
);
1075 buffer_free(&vs
->jobs_buffer
);
1077 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1078 g_free(vs
->lossy_rect
[i
]);
1080 g_free(vs
->lossy_rect
);
1084 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1086 if (ret
== 0 || ret
== -1) {
1088 switch (last_errno
) {
1092 case WSAEWOULDBLOCK
:
1100 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1101 ret
, ret
< 0 ? last_errno
: 0);
1102 vnc_disconnect_start(vs
);
1110 void vnc_client_error(VncState
*vs
)
1112 VNC_DEBUG("Closing down client sock: protocol error\n");
1113 vnc_disconnect_start(vs
);
1116 #ifdef CONFIG_VNC_TLS
1117 static long vnc_client_write_tls(gnutls_session_t
*session
,
1118 const uint8_t *data
,
1121 long ret
= gnutls_write(*session
, data
, datalen
);
1123 if (ret
== GNUTLS_E_AGAIN
) {
1132 #endif /* CONFIG_VNC_TLS */
1135 * Called to write a chunk of data to the client socket. The data may
1136 * be the raw data, or may have already been encoded by SASL.
1137 * The data will be written either straight onto the socket, or
1138 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1140 * NB, it is theoretically possible to have 2 layers of encryption,
1141 * both SASL, and this TLS layer. It is highly unlikely in practice
1142 * though, since SASL encryption will typically be a no-op if TLS
1145 * Returns the number of bytes written, which may be less than
1146 * the requested 'datalen' if the socket would block. Returns
1147 * -1 on error, and disconnects the client socket.
1149 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1152 #ifdef CONFIG_VNC_TLS
1153 if (vs
->tls
.session
) {
1154 ret
= vnc_client_write_tls(&vs
->tls
.session
, data
, datalen
);
1156 #ifdef CONFIG_VNC_WS
1157 if (vs
->ws_tls
.session
) {
1158 ret
= vnc_client_write_tls(&vs
->ws_tls
.session
, data
, datalen
);
1160 #endif /* CONFIG_VNC_WS */
1161 #endif /* CONFIG_VNC_TLS */
1163 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1165 #ifdef CONFIG_VNC_TLS
1167 #endif /* CONFIG_VNC_TLS */
1168 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1169 return vnc_client_io_error(vs
, ret
, socket_error());
1174 * Called to write buffered data to the client socket, when not
1175 * using any SASL SSF encryption layers. Will write as much data
1176 * as possible without blocking. If all buffered data is written,
1177 * will switch the FD poll() handler back to read monitoring.
1179 * Returns the number of bytes written, which may be less than
1180 * the buffered output data if the socket would block. Returns
1181 * -1 on error, and disconnects the client socket.
1183 static long vnc_client_write_plain(VncState
*vs
)
1187 #ifdef CONFIG_VNC_SASL
1188 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1189 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1190 vs
->sasl
.waitWriteSSF
);
1192 if (vs
->sasl
.conn
&&
1194 vs
->sasl
.waitWriteSSF
) {
1195 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1197 vs
->sasl
.waitWriteSSF
-= ret
;
1199 #endif /* CONFIG_VNC_SASL */
1200 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1204 buffer_advance(&vs
->output
, ret
);
1206 if (vs
->output
.offset
== 0) {
1207 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1215 * First function called whenever there is data to be written to
1216 * the client socket. Will delegate actual work according to whether
1217 * SASL SSF layers are enabled (thus requiring encryption calls)
1219 static void vnc_client_write_locked(void *opaque
)
1221 VncState
*vs
= opaque
;
1223 #ifdef CONFIG_VNC_SASL
1224 if (vs
->sasl
.conn
&&
1226 !vs
->sasl
.waitWriteSSF
) {
1227 vnc_client_write_sasl(vs
);
1229 #endif /* CONFIG_VNC_SASL */
1231 #ifdef CONFIG_VNC_WS
1232 if (vs
->encode_ws
) {
1233 vnc_client_write_ws(vs
);
1235 #endif /* CONFIG_VNC_WS */
1237 vnc_client_write_plain(vs
);
1242 void vnc_client_write(void *opaque
)
1244 VncState
*vs
= opaque
;
1246 vnc_lock_output(vs
);
1247 if (vs
->output
.offset
1248 #ifdef CONFIG_VNC_WS
1249 || vs
->ws_output
.offset
1252 vnc_client_write_locked(opaque
);
1253 } else if (vs
->csock
!= -1) {
1254 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1256 vnc_unlock_output(vs
);
1259 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1261 vs
->read_handler
= func
;
1262 vs
->read_handler_expect
= expecting
;
1265 #ifdef CONFIG_VNC_TLS
1266 static long vnc_client_read_tls(gnutls_session_t
*session
, uint8_t *data
,
1269 long ret
= gnutls_read(*session
, data
, datalen
);
1271 if (ret
== GNUTLS_E_AGAIN
) {
1280 #endif /* CONFIG_VNC_TLS */
1283 * Called to read a chunk of data from the client socket. The data may
1284 * be the raw data, or may need to be further decoded by SASL.
1285 * The data will be read either straight from to the socket, or
1286 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1288 * NB, it is theoretically possible to have 2 layers of encryption,
1289 * both SASL, and this TLS layer. It is highly unlikely in practice
1290 * though, since SASL encryption will typically be a no-op if TLS
1293 * Returns the number of bytes read, which may be less than
1294 * the requested 'datalen' if the socket would block. Returns
1295 * -1 on error, and disconnects the client socket.
1297 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1300 #ifdef CONFIG_VNC_TLS
1301 if (vs
->tls
.session
) {
1302 ret
= vnc_client_read_tls(&vs
->tls
.session
, data
, datalen
);
1304 #ifdef CONFIG_VNC_WS
1305 if (vs
->ws_tls
.session
) {
1306 ret
= vnc_client_read_tls(&vs
->ws_tls
.session
, data
, datalen
);
1308 #endif /* CONFIG_VNC_WS */
1309 #endif /* CONFIG_VNC_TLS */
1311 ret
= qemu_recv(vs
->csock
, data
, datalen
, 0);
1313 #ifdef CONFIG_VNC_TLS
1315 #endif /* CONFIG_VNC_TLS */
1316 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1317 return vnc_client_io_error(vs
, ret
, socket_error());
1322 * Called to read data from the client socket to the input buffer,
1323 * when not using any SASL SSF encryption layers. Will read as much
1324 * data as possible without blocking.
1326 * Returns the number of bytes read. Returns -1 on error, and
1327 * disconnects the client socket.
1329 static long vnc_client_read_plain(VncState
*vs
)
1332 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1333 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1334 buffer_reserve(&vs
->input
, 4096);
1335 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1338 vs
->input
.offset
+= ret
;
1342 static void vnc_jobs_bh(void *opaque
)
1344 VncState
*vs
= opaque
;
1346 vnc_jobs_consume_buffer(vs
);
1350 * First function called whenever there is more data to be read from
1351 * the client socket. Will delegate actual work according to whether
1352 * SASL SSF layers are enabled (thus requiring decryption calls)
1354 void vnc_client_read(void *opaque
)
1356 VncState
*vs
= opaque
;
1359 #ifdef CONFIG_VNC_SASL
1360 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1361 ret
= vnc_client_read_sasl(vs
);
1363 #endif /* CONFIG_VNC_SASL */
1364 #ifdef CONFIG_VNC_WS
1365 if (vs
->encode_ws
) {
1366 ret
= vnc_client_read_ws(vs
);
1368 vnc_disconnect_start(vs
);
1370 } else if (ret
== -2) {
1371 vnc_client_error(vs
);
1375 #endif /* CONFIG_VNC_WS */
1377 ret
= vnc_client_read_plain(vs
);
1380 if (vs
->csock
== -1)
1381 vnc_disconnect_finish(vs
);
1385 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1386 size_t len
= vs
->read_handler_expect
;
1389 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1390 if (vs
->csock
== -1) {
1391 vnc_disconnect_finish(vs
);
1396 buffer_advance(&vs
->input
, len
);
1398 vs
->read_handler_expect
= ret
;
1403 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1405 buffer_reserve(&vs
->output
, len
);
1407 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1408 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1411 buffer_append(&vs
->output
, data
, len
);
1414 void vnc_write_s32(VncState
*vs
, int32_t value
)
1416 vnc_write_u32(vs
, *(uint32_t *)&value
);
1419 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1423 buf
[0] = (value
>> 24) & 0xFF;
1424 buf
[1] = (value
>> 16) & 0xFF;
1425 buf
[2] = (value
>> 8) & 0xFF;
1426 buf
[3] = value
& 0xFF;
1428 vnc_write(vs
, buf
, 4);
1431 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1435 buf
[0] = (value
>> 8) & 0xFF;
1436 buf
[1] = value
& 0xFF;
1438 vnc_write(vs
, buf
, 2);
1441 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1443 vnc_write(vs
, (char *)&value
, 1);
1446 void vnc_flush(VncState
*vs
)
1448 vnc_lock_output(vs
);
1449 if (vs
->csock
!= -1 && (vs
->output
.offset
1450 #ifdef CONFIG_VNC_WS
1451 || vs
->ws_output
.offset
1454 vnc_client_write_locked(vs
);
1456 vnc_unlock_output(vs
);
1459 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1461 return data
[offset
];
1464 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1466 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1469 static int32_t read_s32(uint8_t *data
, size_t offset
)
1471 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1472 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1475 uint32_t read_u32(uint8_t *data
, size_t offset
)
1477 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1478 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1481 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1485 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1487 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1488 int absolute
= qemu_input_is_absolute();
1490 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1491 vnc_lock_output(vs
);
1492 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1493 vnc_write_u8(vs
, 0);
1494 vnc_write_u16(vs
, 1);
1495 vnc_framebuffer_update(vs
, absolute
, 0,
1496 surface_width(vs
->vd
->ds
),
1497 surface_height(vs
->vd
->ds
),
1498 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1499 vnc_unlock_output(vs
);
1502 vs
->absolute
= absolute
;
1505 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1507 static uint32_t bmap
[INPUT_BUTTON_MAX
] = {
1508 [INPUT_BUTTON_LEFT
] = 0x01,
1509 [INPUT_BUTTON_MIDDLE
] = 0x02,
1510 [INPUT_BUTTON_RIGHT
] = 0x04,
1511 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1512 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1514 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1515 int width
= surface_width(vs
->vd
->ds
);
1516 int height
= surface_height(vs
->vd
->ds
);
1518 if (vs
->last_bmask
!= button_mask
) {
1519 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1520 vs
->last_bmask
= button_mask
;
1524 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, width
);
1525 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, height
);
1526 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1527 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1528 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1530 if (vs
->last_x
!= -1) {
1531 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1532 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1537 qemu_input_event_sync();
1540 static void reset_keys(VncState
*vs
)
1543 for(i
= 0; i
< 256; i
++) {
1544 if (vs
->modifiers_state
[i
]) {
1545 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, i
, false);
1546 vs
->modifiers_state
[i
] = 0;
1551 static void press_key(VncState
*vs
, int keysym
)
1553 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1554 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, true);
1555 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1558 static int current_led_state(VncState
*vs
)
1562 if (vs
->modifiers_state
[0x46]) {
1563 ledstate
|= QEMU_SCROLL_LOCK_LED
;
1565 if (vs
->modifiers_state
[0x45]) {
1566 ledstate
|= QEMU_NUM_LOCK_LED
;
1568 if (vs
->modifiers_state
[0x3a]) {
1569 ledstate
|= QEMU_CAPS_LOCK_LED
;
1575 static void vnc_led_state_change(VncState
*vs
)
1579 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1583 ledstate
= current_led_state(vs
);
1584 vnc_lock_output(vs
);
1585 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1586 vnc_write_u8(vs
, 0);
1587 vnc_write_u16(vs
, 1);
1588 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1589 vnc_write_u8(vs
, ledstate
);
1590 vnc_unlock_output(vs
);
1594 static void kbd_leds(void *opaque
, int ledstate
)
1596 VncState
*vs
= opaque
;
1598 bool has_changed
= (ledstate
!= current_led_state(vs
));
1600 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1601 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1602 scr
= ledstate
& QEMU_SCROLL_LOCK_LED
? 1 : 0;
1604 if (vs
->modifiers_state
[0x3a] != caps
) {
1605 vs
->modifiers_state
[0x3a] = caps
;
1607 if (vs
->modifiers_state
[0x45] != num
) {
1608 vs
->modifiers_state
[0x45] = num
;
1610 if (vs
->modifiers_state
[0x46] != scr
) {
1611 vs
->modifiers_state
[0x46] = scr
;
1614 /* Sending the current led state message to the client */
1616 vnc_led_state_change(vs
);
1620 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1622 /* QEMU console switch */
1624 case 0x2a: /* Left Shift */
1625 case 0x36: /* Right Shift */
1626 case 0x1d: /* Left CTRL */
1627 case 0x9d: /* Right CTRL */
1628 case 0x38: /* Left ALT */
1629 case 0xb8: /* Right ALT */
1631 vs
->modifiers_state
[keycode
] = 1;
1633 vs
->modifiers_state
[keycode
] = 0;
1635 case 0x02 ... 0x0a: /* '1' to '9' keys */
1636 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1637 /* Reset the modifiers sent to the current console */
1639 console_select(keycode
- 0x02);
1643 case 0x3a: /* CapsLock */
1644 case 0x45: /* NumLock */
1646 vs
->modifiers_state
[keycode
] ^= 1;
1650 /* Turn off the lock state sync logic if the client support the led
1653 if (down
&& vs
->vd
->lock_key_sync
&&
1654 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1655 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1656 /* If the numlock state needs to change then simulate an additional
1657 keypress before sending this one. This will happen if the user
1658 toggles numlock away from the VNC window.
1660 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1661 if (!vs
->modifiers_state
[0x45]) {
1662 vs
->modifiers_state
[0x45] = 1;
1663 press_key(vs
, 0xff7f);
1666 if (vs
->modifiers_state
[0x45]) {
1667 vs
->modifiers_state
[0x45] = 0;
1668 press_key(vs
, 0xff7f);
1673 if (down
&& vs
->vd
->lock_key_sync
&&
1674 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1675 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1676 /* If the capslock state needs to change then simulate an additional
1677 keypress before sending this one. This will happen if the user
1678 toggles capslock away from the VNC window.
1680 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1681 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1682 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1684 if (uppercase
== shift
) {
1685 vs
->modifiers_state
[0x3a] = 0;
1686 press_key(vs
, 0xffe5);
1689 if (uppercase
!= shift
) {
1690 vs
->modifiers_state
[0x3a] = 1;
1691 press_key(vs
, 0xffe5);
1696 if (qemu_console_is_graphic(NULL
)) {
1697 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, down
);
1699 bool numlock
= vs
->modifiers_state
[0x45];
1700 bool control
= (vs
->modifiers_state
[0x1d] ||
1701 vs
->modifiers_state
[0x9d]);
1702 /* QEMU console emulation */
1705 case 0x2a: /* Left Shift */
1706 case 0x36: /* Right Shift */
1707 case 0x1d: /* Left CTRL */
1708 case 0x9d: /* Right CTRL */
1709 case 0x38: /* Left ALT */
1710 case 0xb8: /* Right ALT */
1713 kbd_put_keysym(QEMU_KEY_UP
);
1716 kbd_put_keysym(QEMU_KEY_DOWN
);
1719 kbd_put_keysym(QEMU_KEY_LEFT
);
1722 kbd_put_keysym(QEMU_KEY_RIGHT
);
1725 kbd_put_keysym(QEMU_KEY_DELETE
);
1728 kbd_put_keysym(QEMU_KEY_HOME
);
1731 kbd_put_keysym(QEMU_KEY_END
);
1734 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1737 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1741 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1744 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1747 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1750 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1753 kbd_put_keysym('5');
1756 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1759 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1762 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1765 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1768 kbd_put_keysym('0');
1771 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1775 kbd_put_keysym('/');
1778 kbd_put_keysym('*');
1781 kbd_put_keysym('-');
1784 kbd_put_keysym('+');
1787 kbd_put_keysym('\n');
1792 kbd_put_keysym(sym
& 0x1f);
1794 kbd_put_keysym(sym
);
1802 static void vnc_release_modifiers(VncState
*vs
)
1804 static const int keycodes
[] = {
1805 /* shift, control, alt keys, both left & right */
1806 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1810 if (!qemu_console_is_graphic(NULL
)) {
1813 for (i
= 0; i
< ARRAY_SIZE(keycodes
); i
++) {
1814 keycode
= keycodes
[i
];
1815 if (!vs
->modifiers_state
[keycode
]) {
1818 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1822 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1827 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1828 lsym
= lsym
- 'A' + 'a';
1831 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1832 do_key_event(vs
, down
, keycode
, sym
);
1835 static void ext_key_event(VncState
*vs
, int down
,
1836 uint32_t sym
, uint16_t keycode
)
1838 /* if the user specifies a keyboard layout, always use it */
1839 if (keyboard_layout
)
1840 key_event(vs
, down
, sym
);
1842 do_key_event(vs
, down
, keycode
, sym
);
1845 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1846 int x_position
, int y_position
,
1850 const size_t width
= surface_width(vs
->vd
->ds
) / VNC_DIRTY_PIXELS_PER_BIT
;
1851 const size_t height
= surface_height(vs
->vd
->ds
);
1853 if (y_position
> height
) {
1854 y_position
= height
;
1856 if (y_position
+ h
>= height
) {
1857 h
= height
- y_position
;
1860 vs
->need_update
= 1;
1862 vs
->force_update
= 1;
1863 for (i
= 0; i
< h
; i
++) {
1864 bitmap_set(vs
->dirty
[y_position
+ i
], 0, width
);
1865 bitmap_clear(vs
->dirty
[y_position
+ i
], width
,
1866 VNC_DIRTY_BITS
- width
);
1871 static void send_ext_key_event_ack(VncState
*vs
)
1873 vnc_lock_output(vs
);
1874 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1875 vnc_write_u8(vs
, 0);
1876 vnc_write_u16(vs
, 1);
1877 vnc_framebuffer_update(vs
, 0, 0,
1878 surface_width(vs
->vd
->ds
),
1879 surface_height(vs
->vd
->ds
),
1880 VNC_ENCODING_EXT_KEY_EVENT
);
1881 vnc_unlock_output(vs
);
1885 static void send_ext_audio_ack(VncState
*vs
)
1887 vnc_lock_output(vs
);
1888 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1889 vnc_write_u8(vs
, 0);
1890 vnc_write_u16(vs
, 1);
1891 vnc_framebuffer_update(vs
, 0, 0,
1892 surface_width(vs
->vd
->ds
),
1893 surface_height(vs
->vd
->ds
),
1894 VNC_ENCODING_AUDIO
);
1895 vnc_unlock_output(vs
);
1899 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1902 unsigned int enc
= 0;
1905 vs
->vnc_encoding
= 0;
1906 vs
->tight
.compression
= 9;
1907 vs
->tight
.quality
= -1; /* Lossless by default */
1911 * Start from the end because the encodings are sent in order of preference.
1912 * This way the preferred encoding (first encoding defined in the array)
1913 * will be set at the end of the loop.
1915 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1918 case VNC_ENCODING_RAW
:
1919 vs
->vnc_encoding
= enc
;
1921 case VNC_ENCODING_COPYRECT
:
1922 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1924 case VNC_ENCODING_HEXTILE
:
1925 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1926 vs
->vnc_encoding
= enc
;
1928 case VNC_ENCODING_TIGHT
:
1929 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1930 vs
->vnc_encoding
= enc
;
1932 #ifdef CONFIG_VNC_PNG
1933 case VNC_ENCODING_TIGHT_PNG
:
1934 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1935 vs
->vnc_encoding
= enc
;
1938 case VNC_ENCODING_ZLIB
:
1939 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1940 vs
->vnc_encoding
= enc
;
1942 case VNC_ENCODING_ZRLE
:
1943 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
1944 vs
->vnc_encoding
= enc
;
1946 case VNC_ENCODING_ZYWRLE
:
1947 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
1948 vs
->vnc_encoding
= enc
;
1950 case VNC_ENCODING_DESKTOPRESIZE
:
1951 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1953 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1954 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1956 case VNC_ENCODING_RICH_CURSOR
:
1957 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1959 case VNC_ENCODING_EXT_KEY_EVENT
:
1960 send_ext_key_event_ack(vs
);
1962 case VNC_ENCODING_AUDIO
:
1963 send_ext_audio_ack(vs
);
1965 case VNC_ENCODING_WMVi
:
1966 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1968 case VNC_ENCODING_LED_STATE
:
1969 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
1971 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1972 vs
->tight
.compression
= (enc
& 0x0F);
1974 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1975 if (vs
->vd
->lossy
) {
1976 vs
->tight
.quality
= (enc
& 0x0F);
1980 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1984 vnc_desktop_resize(vs
);
1985 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
1986 vnc_led_state_change(vs
);
1989 static void set_pixel_conversion(VncState
*vs
)
1991 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
1993 if (fmt
== VNC_SERVER_FB_FORMAT
) {
1994 vs
->write_pixels
= vnc_write_pixels_copy
;
1995 vnc_hextile_set_pixel_conversion(vs
, 0);
1997 vs
->write_pixels
= vnc_write_pixels_generic
;
1998 vnc_hextile_set_pixel_conversion(vs
, 1);
2002 static void set_pixel_format(VncState
*vs
,
2003 int bits_per_pixel
, int depth
,
2004 int big_endian_flag
, int true_color_flag
,
2005 int red_max
, int green_max
, int blue_max
,
2006 int red_shift
, int green_shift
, int blue_shift
)
2008 if (!true_color_flag
) {
2009 vnc_client_error(vs
);
2013 vs
->client_pf
.rmax
= red_max
;
2014 vs
->client_pf
.rbits
= hweight_long(red_max
);
2015 vs
->client_pf
.rshift
= red_shift
;
2016 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2017 vs
->client_pf
.gmax
= green_max
;
2018 vs
->client_pf
.gbits
= hweight_long(green_max
);
2019 vs
->client_pf
.gshift
= green_shift
;
2020 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2021 vs
->client_pf
.bmax
= blue_max
;
2022 vs
->client_pf
.bbits
= hweight_long(blue_max
);
2023 vs
->client_pf
.bshift
= blue_shift
;
2024 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2025 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2026 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2027 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2028 vs
->client_be
= big_endian_flag
;
2030 set_pixel_conversion(vs
);
2032 graphic_hw_invalidate(NULL
);
2033 graphic_hw_update(NULL
);
2036 static void pixel_format_message (VncState
*vs
) {
2037 char pad
[3] = { 0, 0, 0 };
2039 vs
->client_pf
= qemu_default_pixelformat(32);
2041 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2042 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2044 #ifdef HOST_WORDS_BIGENDIAN
2045 vnc_write_u8(vs
, 1); /* big-endian-flag */
2047 vnc_write_u8(vs
, 0); /* big-endian-flag */
2049 vnc_write_u8(vs
, 1); /* true-color-flag */
2050 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2051 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2052 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2053 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2054 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2055 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2056 vnc_write(vs
, pad
, 3); /* padding */
2058 vnc_hextile_set_pixel_conversion(vs
, 0);
2059 vs
->write_pixels
= vnc_write_pixels_copy
;
2062 static void vnc_colordepth(VncState
*vs
)
2064 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2065 /* Sending a WMVi message to notify the client*/
2066 vnc_lock_output(vs
);
2067 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2068 vnc_write_u8(vs
, 0);
2069 vnc_write_u16(vs
, 1); /* number of rects */
2070 vnc_framebuffer_update(vs
, 0, 0,
2071 surface_width(vs
->vd
->ds
),
2072 surface_height(vs
->vd
->ds
),
2074 pixel_format_message(vs
);
2075 vnc_unlock_output(vs
);
2078 set_pixel_conversion(vs
);
2082 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2086 VncDisplay
*vd
= vs
->vd
;
2089 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2093 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2097 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
2098 read_u8(data
, 6), read_u8(data
, 7),
2099 read_u16(data
, 8), read_u16(data
, 10),
2100 read_u16(data
, 12), read_u8(data
, 14),
2101 read_u8(data
, 15), read_u8(data
, 16));
2103 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2108 limit
= read_u16(data
, 2);
2110 return 4 + (limit
* 4);
2112 limit
= read_u16(data
, 2);
2114 for (i
= 0; i
< limit
; i
++) {
2115 int32_t val
= read_s32(data
, 4 + (i
* 4));
2116 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2119 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2121 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2125 framebuffer_update_request(vs
,
2126 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2127 read_u16(data
, 6), read_u16(data
, 8));
2129 case VNC_MSG_CLIENT_KEY_EVENT
:
2133 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2135 case VNC_MSG_CLIENT_POINTER_EVENT
:
2139 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2141 case VNC_MSG_CLIENT_CUT_TEXT
:
2146 uint32_t dlen
= read_u32(data
, 4);
2151 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2153 case VNC_MSG_CLIENT_QEMU
:
2157 switch (read_u8(data
, 1)) {
2158 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2162 ext_key_event(vs
, read_u16(data
, 2),
2163 read_u32(data
, 4), read_u32(data
, 8));
2165 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2169 switch (read_u16 (data
, 2)) {
2170 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2173 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2176 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2179 switch (read_u8(data
, 4)) {
2180 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2181 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2182 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2183 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2184 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2185 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2187 printf("Invalid audio format %d\n", read_u8(data
, 4));
2188 vnc_client_error(vs
);
2191 vs
->as
.nchannels
= read_u8(data
, 5);
2192 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2193 printf("Invalid audio channel coount %d\n",
2195 vnc_client_error(vs
);
2198 vs
->as
.freq
= read_u32(data
, 6);
2201 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2202 vnc_client_error(vs
);
2208 printf("Msg: %d\n", read_u16(data
, 0));
2209 vnc_client_error(vs
);
2214 printf("Msg: %d\n", data
[0]);
2215 vnc_client_error(vs
);
2219 vnc_read_when(vs
, protocol_client_msg
, 1);
2223 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2229 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2230 switch (vs
->vd
->share_policy
) {
2231 case VNC_SHARE_POLICY_IGNORE
:
2233 * Ignore the shared flag. Nothing to do here.
2235 * Doesn't conform to the rfb spec but is traditional qemu
2236 * behavior, thus left here as option for compatibility
2240 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2242 * Policy: Allow clients ask for exclusive access.
2244 * Implementation: When a client asks for exclusive access,
2245 * disconnect all others. Shared connects are allowed as long
2246 * as no exclusive connection exists.
2248 * This is how the rfb spec suggests to handle the shared flag.
2250 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2252 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2256 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2257 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2260 vnc_disconnect_start(client
);
2263 if (mode
== VNC_SHARE_MODE_SHARED
) {
2264 if (vs
->vd
->num_exclusive
> 0) {
2265 vnc_disconnect_start(vs
);
2270 case VNC_SHARE_POLICY_FORCE_SHARED
:
2272 * Policy: Shared connects only.
2273 * Implementation: Disallow clients asking for exclusive access.
2275 * Useful for shared desktop sessions where you don't want
2276 * someone forgetting to say -shared when running the vnc
2277 * client disconnect everybody else.
2279 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2280 vnc_disconnect_start(vs
);
2285 vnc_set_share_mode(vs
, mode
);
2287 vs
->client_width
= surface_width(vs
->vd
->ds
);
2288 vs
->client_height
= surface_height(vs
->vd
->ds
);
2289 vnc_write_u16(vs
, vs
->client_width
);
2290 vnc_write_u16(vs
, vs
->client_height
);
2292 pixel_format_message(vs
);
2295 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2297 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2299 vnc_write_u32(vs
, size
);
2300 vnc_write(vs
, buf
, size
);
2303 vnc_client_cache_auth(vs
);
2304 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2306 vnc_read_when(vs
, protocol_client_msg
, 1);
2311 void start_client_init(VncState
*vs
)
2313 vnc_read_when(vs
, protocol_client_init
, 1);
2316 static void make_challenge(VncState
*vs
)
2320 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2322 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2323 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2326 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2328 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2330 unsigned char key
[8];
2331 time_t now
= time(NULL
);
2333 if (!vs
->vd
->password
) {
2334 VNC_DEBUG("No password configured on server");
2337 if (vs
->vd
->expires
< now
) {
2338 VNC_DEBUG("Password is expired");
2342 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2344 /* Calculate the expected challenge response */
2345 pwlen
= strlen(vs
->vd
->password
);
2346 for (i
=0; i
<sizeof(key
); i
++)
2347 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2349 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2350 des(response
+j
, response
+j
);
2352 /* Compare expected vs actual challenge response */
2353 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2354 VNC_DEBUG("Client challenge response did not match\n");
2357 VNC_DEBUG("Accepting VNC challenge response\n");
2358 vnc_write_u32(vs
, 0); /* Accept auth */
2361 start_client_init(vs
);
2366 vnc_write_u32(vs
, 1); /* Reject auth */
2367 if (vs
->minor
>= 8) {
2368 static const char err
[] = "Authentication failed";
2369 vnc_write_u32(vs
, sizeof(err
));
2370 vnc_write(vs
, err
, sizeof(err
));
2373 vnc_client_error(vs
);
2377 void start_auth_vnc(VncState
*vs
)
2380 /* Send client a 'random' challenge */
2381 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2384 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2388 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2390 /* We only advertise 1 auth scheme at a time, so client
2391 * must pick the one we sent. Verify this */
2392 if (data
[0] != vs
->auth
) { /* Reject auth */
2393 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2394 vnc_write_u32(vs
, 1);
2395 if (vs
->minor
>= 8) {
2396 static const char err
[] = "Authentication failed";
2397 vnc_write_u32(vs
, sizeof(err
));
2398 vnc_write(vs
, err
, sizeof(err
));
2400 vnc_client_error(vs
);
2401 } else { /* Accept requested auth */
2402 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2405 VNC_DEBUG("Accept auth none\n");
2406 if (vs
->minor
>= 8) {
2407 vnc_write_u32(vs
, 0); /* Accept auth completion */
2410 start_client_init(vs
);
2414 VNC_DEBUG("Start VNC auth\n");
2418 #ifdef CONFIG_VNC_TLS
2419 case VNC_AUTH_VENCRYPT
:
2420 VNC_DEBUG("Accept VeNCrypt auth\n");
2421 start_auth_vencrypt(vs
);
2423 #endif /* CONFIG_VNC_TLS */
2425 #ifdef CONFIG_VNC_SASL
2427 VNC_DEBUG("Accept SASL auth\n");
2428 start_auth_sasl(vs
);
2430 #endif /* CONFIG_VNC_SASL */
2432 default: /* Should not be possible, but just in case */
2433 VNC_DEBUG("Reject auth %d server code bug\n", vs
->auth
);
2434 vnc_write_u8(vs
, 1);
2435 if (vs
->minor
>= 8) {
2436 static const char err
[] = "Authentication failed";
2437 vnc_write_u32(vs
, sizeof(err
));
2438 vnc_write(vs
, err
, sizeof(err
));
2440 vnc_client_error(vs
);
2446 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2450 memcpy(local
, version
, 12);
2453 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2454 VNC_DEBUG("Malformed protocol version %s\n", local
);
2455 vnc_client_error(vs
);
2458 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2459 if (vs
->major
!= 3 ||
2465 VNC_DEBUG("Unsupported client version\n");
2466 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2468 vnc_client_error(vs
);
2471 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2472 * as equivalent to v3.3 by servers
2474 if (vs
->minor
== 4 || vs
->minor
== 5)
2477 if (vs
->minor
== 3) {
2478 if (vs
->auth
== VNC_AUTH_NONE
) {
2479 VNC_DEBUG("Tell client auth none\n");
2480 vnc_write_u32(vs
, vs
->auth
);
2482 start_client_init(vs
);
2483 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2484 VNC_DEBUG("Tell client VNC auth\n");
2485 vnc_write_u32(vs
, vs
->auth
);
2489 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2490 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2492 vnc_client_error(vs
);
2495 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2496 vnc_write_u8(vs
, 1); /* num auth */
2497 vnc_write_u8(vs
, vs
->auth
);
2498 vnc_read_when(vs
, protocol_client_auth
, 1);
2505 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2507 struct VncSurface
*vs
= &vd
->guest
;
2509 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2512 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2516 w
= (x
+ w
) / VNC_STAT_RECT
;
2517 h
= (y
+ h
) / VNC_STAT_RECT
;
2521 for (j
= y
; j
<= h
; j
++) {
2522 for (i
= x
; i
<= w
; i
++) {
2523 vs
->lossy_rect
[j
][i
] = 1;
2528 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2531 int sty
= y
/ VNC_STAT_RECT
;
2532 int stx
= x
/ VNC_STAT_RECT
;
2535 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2536 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2538 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2541 /* kernel send buffers are full -> refresh later */
2542 if (vs
->output
.offset
) {
2546 if (!vs
->lossy_rect
[sty
][stx
]) {
2550 vs
->lossy_rect
[sty
][stx
] = 0;
2551 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2552 bitmap_set(vs
->dirty
[y
+ j
],
2553 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2554 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2562 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2564 int width
= pixman_image_get_width(vd
->guest
.fb
);
2565 int height
= pixman_image_get_height(vd
->guest
.fb
);
2570 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2571 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2572 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2574 rect
->updated
= false;
2578 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2580 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2583 vd
->guest
.last_freq_check
= *tv
;
2585 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2586 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2587 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2588 int count
= ARRAY_SIZE(rect
->times
);
2589 struct timeval min
, max
;
2591 if (!timerisset(&rect
->times
[count
- 1])) {
2595 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2596 qemu_timersub(tv
, &max
, &res
);
2598 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2600 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2601 memset(rect
->times
, 0, sizeof (rect
->times
));
2605 min
= rect
->times
[rect
->idx
];
2606 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2607 qemu_timersub(&max
, &min
, &res
);
2609 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2610 rect
->freq
/= count
;
2611 rect
->freq
= 1. / rect
->freq
;
2617 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2623 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2624 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2626 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2627 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2628 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2640 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2644 rect
= vnc_stat_rect(vd
, x
, y
);
2645 if (rect
->updated
) {
2648 rect
->times
[rect
->idx
] = *tv
;
2649 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2650 rect
->updated
= true;
2653 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2655 int width
= pixman_image_get_width(vd
->guest
.fb
);
2656 int height
= pixman_image_get_height(vd
->guest
.fb
);
2658 uint8_t *guest_row0
= NULL
, *server_row0
;
2659 int guest_stride
= 0, server_stride
;
2663 pixman_image_t
*tmpbuf
= NULL
;
2665 struct timeval tv
= { 0, 0 };
2667 if (!vd
->non_adaptive
) {
2668 gettimeofday(&tv
, NULL
);
2669 has_dirty
= vnc_update_stats(vd
, &tv
);
2673 * Walk through the guest dirty map.
2674 * Check and copy modified bits from guest to server surface.
2675 * Update server dirty map.
2677 cmp_bytes
= VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
;
2678 if (cmp_bytes
> vnc_server_fb_stride(vd
)) {
2679 cmp_bytes
= vnc_server_fb_stride(vd
);
2681 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2682 int width
= pixman_image_get_width(vd
->server
);
2683 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2685 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2686 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
2688 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
2689 server_stride
= pixman_image_get_stride(vd
->server
);
2694 uint8_t *guest_ptr
, *server_ptr
;
2695 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
2696 height
* VNC_DIRTY_BPL(&vd
->guest
),
2697 y
* VNC_DIRTY_BPL(&vd
->guest
));
2698 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
2699 /* no more dirty bits */
2702 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
2703 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
2705 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
2707 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2708 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2709 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2711 guest_ptr
= guest_row0
+ y
* guest_stride
;
2713 guest_ptr
+= x
* cmp_bytes
;
2715 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
2716 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2717 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
2720 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0) {
2723 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2724 if (!vd
->non_adaptive
) {
2725 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
2728 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2729 set_bit(x
, vs
->dirty
[y
]);
2736 qemu_pixman_image_unref(tmpbuf
);
2740 static void vnc_refresh(DisplayChangeListener
*dcl
)
2742 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2744 int has_dirty
, rects
= 0;
2746 graphic_hw_update(NULL
);
2748 if (vnc_trylock_display(vd
)) {
2749 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2753 has_dirty
= vnc_refresh_server_surface(vd
);
2754 vnc_unlock_display(vd
);
2756 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2757 rects
+= vnc_update_client(vs
, has_dirty
, false);
2758 /* vs might be free()ed here */
2761 if (QTAILQ_EMPTY(&vd
->clients
)) {
2762 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
2766 if (has_dirty
&& rects
) {
2767 vd
->dcl
.update_interval
/= 2;
2768 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
2769 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
2772 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
2773 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
2774 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
2779 static void vnc_connect(VncDisplay
*vd
, int csock
,
2780 bool skipauth
, bool websocket
)
2782 VncState
*vs
= g_malloc0(sizeof(VncState
));
2788 vs
->auth
= VNC_AUTH_NONE
;
2789 #ifdef CONFIG_VNC_TLS
2790 vs
->subauth
= VNC_AUTH_INVALID
;
2793 vs
->auth
= vd
->auth
;
2794 #ifdef CONFIG_VNC_TLS
2795 vs
->subauth
= vd
->subauth
;
2799 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
2800 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
2801 vs
->lossy_rect
[i
] = g_malloc0(VNC_STAT_COLS
* sizeof (uint8_t));
2804 VNC_DEBUG("New client on socket %d\n", csock
);
2805 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2806 qemu_set_nonblock(vs
->csock
);
2807 #ifdef CONFIG_VNC_WS
2810 #ifdef CONFIG_VNC_TLS
2811 if (vd
->tls
.x509cert
) {
2812 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_tls_handshake_peek
,
2815 #endif /* CONFIG_VNC_TLS */
2817 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
,
2821 #endif /* CONFIG_VNC_WS */
2823 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2826 vnc_client_cache_addr(vs
);
2827 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2828 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
2832 #ifdef CONFIG_VNC_WS
2840 void vnc_init_state(VncState
*vs
)
2842 vs
->initialized
= true;
2843 VncDisplay
*vd
= vs
->vd
;
2848 vs
->as
.freq
= 44100;
2849 vs
->as
.nchannels
= 2;
2850 vs
->as
.fmt
= AUD_FMT_S16
;
2851 vs
->as
.endianness
= 0;
2853 qemu_mutex_init(&vs
->output_mutex
);
2854 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
2856 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2858 graphic_hw_update(NULL
);
2860 vnc_write(vs
, "RFB 003.008\n", 12);
2862 vnc_read_when(vs
, protocol_version
, 12);
2864 if (vs
->vd
->lock_key_sync
)
2865 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2867 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2868 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2870 /* vs might be free()ed here */
2873 static void vnc_listen_read(void *opaque
, bool websocket
)
2875 VncDisplay
*vs
= opaque
;
2876 struct sockaddr_in addr
;
2877 socklen_t addrlen
= sizeof(addr
);
2881 graphic_hw_update(NULL
);
2882 #ifdef CONFIG_VNC_WS
2884 csock
= qemu_accept(vs
->lwebsock
, (struct sockaddr
*)&addr
, &addrlen
);
2886 #endif /* CONFIG_VNC_WS */
2888 csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2892 vnc_connect(vs
, csock
, false, websocket
);
2896 static void vnc_listen_regular_read(void *opaque
)
2898 vnc_listen_read(opaque
, false);
2901 #ifdef CONFIG_VNC_WS
2902 static void vnc_listen_websocket_read(void *opaque
)
2904 vnc_listen_read(opaque
, true);
2906 #endif /* CONFIG_VNC_WS */
2908 static const DisplayChangeListenerOps dcl_ops
= {
2910 .dpy_refresh
= vnc_refresh
,
2911 .dpy_gfx_copy
= vnc_dpy_copy
,
2912 .dpy_gfx_update
= vnc_dpy_update
,
2913 .dpy_gfx_switch
= vnc_dpy_switch
,
2914 .dpy_mouse_set
= vnc_mouse_set
,
2915 .dpy_cursor_define
= vnc_dpy_cursor_define
,
2918 void vnc_display_init(DisplayState
*ds
)
2920 VncDisplay
*vs
= g_malloc0(sizeof(*vs
));
2925 #ifdef CONFIG_VNC_WS
2929 QTAILQ_INIT(&vs
->clients
);
2930 vs
->expires
= TIME_MAX
;
2932 if (keyboard_layout
)
2933 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2935 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2937 if (!vs
->kbd_layout
)
2940 qemu_mutex_init(&vs
->mutex
);
2941 vnc_start_worker_thread();
2943 vs
->dcl
.ops
= &dcl_ops
;
2944 register_displaychangelistener(&vs
->dcl
);
2948 static void vnc_display_close(DisplayState
*ds
)
2950 VncDisplay
*vs
= vnc_display
;
2955 g_free(vs
->display
);
2958 if (vs
->lsock
!= -1) {
2959 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2963 #ifdef CONFIG_VNC_WS
2964 g_free(vs
->ws_display
);
2965 vs
->ws_display
= NULL
;
2966 if (vs
->lwebsock
!= -1) {
2967 qemu_set_fd_handler2(vs
->lwebsock
, NULL
, NULL
, NULL
, NULL
);
2968 close(vs
->lwebsock
);
2971 #endif /* CONFIG_VNC_WS */
2972 vs
->auth
= VNC_AUTH_INVALID
;
2973 #ifdef CONFIG_VNC_TLS
2974 vs
->subauth
= VNC_AUTH_INVALID
;
2975 vs
->tls
.x509verify
= 0;
2979 static int vnc_display_disable_login(DisplayState
*ds
)
2981 VncDisplay
*vs
= vnc_display
;
2988 g_free(vs
->password
);
2991 vs
->password
= NULL
;
2992 if (vs
->auth
== VNC_AUTH_NONE
) {
2993 vs
->auth
= VNC_AUTH_VNC
;
2999 int vnc_display_password(DisplayState
*ds
, const char *password
)
3001 VncDisplay
*vs
= vnc_display
;
3008 /* This is not the intention of this interface but err on the side
3010 return vnc_display_disable_login(ds
);
3014 g_free(vs
->password
);
3015 vs
->password
= NULL
;
3017 vs
->password
= g_strdup(password
);
3018 if (vs
->auth
== VNC_AUTH_NONE
) {
3019 vs
->auth
= VNC_AUTH_VNC
;
3025 int vnc_display_pw_expire(DisplayState
*ds
, time_t expires
)
3027 VncDisplay
*vs
= vnc_display
;
3033 vs
->expires
= expires
;
3037 char *vnc_display_local_addr(DisplayState
*ds
)
3039 VncDisplay
*vs
= vnc_display
;
3041 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
3044 void vnc_display_open(DisplayState
*ds
, const char *display
, Error
**errp
)
3046 VncDisplay
*vs
= vnc_display
;
3047 const char *options
;
3050 #ifdef CONFIG_VNC_TLS
3051 int tls
= 0, x509
= 0;
3053 #ifdef CONFIG_VNC_SASL
3057 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3060 int lock_key_sync
= 1;
3063 error_setg(errp
, "VNC display not active");
3066 vnc_display_close(ds
);
3067 if (strcmp(display
, "none") == 0)
3070 vs
->display
= g_strdup(display
);
3071 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3074 while ((options
= strchr(options
, ','))) {
3076 if (strncmp(options
, "password", 8) == 0) {
3077 if (fips_get_state()) {
3079 "VNC password auth disabled due to FIPS mode, "
3080 "consider using the VeNCrypt or SASL authentication "
3081 "methods as an alternative");
3084 password
= 1; /* Require password auth */
3085 } else if (strncmp(options
, "reverse", 7) == 0) {
3087 } else if (strncmp(options
, "no-lock-key-sync", 16) == 0) {
3089 #ifdef CONFIG_VNC_SASL
3090 } else if (strncmp(options
, "sasl", 4) == 0) {
3091 sasl
= 1; /* Require SASL auth */
3093 #ifdef CONFIG_VNC_WS
3094 } else if (strncmp(options
, "websocket", 9) == 0) {
3098 /* Check for 'websocket=<port>' */
3099 start
= strchr(options
, '=');
3100 end
= strchr(options
, ',');
3101 if (start
&& (!end
|| (start
< end
))) {
3102 int len
= end
? end
-(start
+1) : strlen(start
+1);
3104 /* extract the host specification from display */
3105 char *host
= NULL
, *port
= NULL
, *host_end
= NULL
;
3106 port
= g_strndup(start
+ 1, len
);
3108 /* ipv6 hosts have colons */
3109 end
= strchr(display
, ',');
3110 host_end
= g_strrstr_len(display
, end
- display
, ":");
3113 host
= g_strndup(display
, host_end
- display
+ 1);
3115 host
= g_strndup(":", 1);
3117 vs
->ws_display
= g_strconcat(host
, port
, NULL
);
3122 #endif /* CONFIG_VNC_WS */
3123 #ifdef CONFIG_VNC_TLS
3124 } else if (strncmp(options
, "tls", 3) == 0) {
3125 tls
= 1; /* Require TLS */
3126 } else if (strncmp(options
, "x509", 4) == 0) {
3128 x509
= 1; /* Require x509 certificates */
3129 if (strncmp(options
, "x509verify", 10) == 0)
3130 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
3132 /* Now check for 'x509=/some/path' postfix
3133 * and use that to setup x509 certificate/key paths */
3134 start
= strchr(options
, '=');
3135 end
= strchr(options
, ',');
3136 if (start
&& (!end
|| (start
< end
))) {
3137 int len
= end
? end
-(start
+1) : strlen(start
+1);
3138 char *path
= g_strndup(start
+ 1, len
);
3140 VNC_DEBUG("Trying certificate path '%s'\n", path
);
3141 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
3142 error_setg(errp
, "Failed to find x509 certificates/keys in %s", path
);
3148 error_setg(errp
, "No certificate path provided");
3152 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3153 } else if (strncmp(options
, "acl", 3) == 0) {
3156 } else if (strncmp(options
, "lossy", 5) == 0) {
3157 #ifdef CONFIG_VNC_JPEG
3160 } else if (strncmp(options
, "non-adaptive", 12) == 0) {
3161 vs
->non_adaptive
= true;
3162 } else if (strncmp(options
, "share=", 6) == 0) {
3163 if (strncmp(options
+6, "ignore", 6) == 0) {
3164 vs
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3165 } else if (strncmp(options
+6, "allow-exclusive", 15) == 0) {
3166 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3167 } else if (strncmp(options
+6, "force-shared", 12) == 0) {
3168 vs
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3170 error_setg(errp
, "unknown vnc share= option");
3176 /* adaptive updates are only used with tight encoding and
3177 * if lossy updates are enabled so we can disable all the
3178 * calculations otherwise */
3180 vs
->non_adaptive
= true;
3183 #ifdef CONFIG_VNC_TLS
3184 if (acl
&& x509
&& vs
->tls
.x509verify
) {
3185 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
3186 fprintf(stderr
, "Failed to create x509 dname ACL\n");
3191 #ifdef CONFIG_VNC_SASL
3193 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
3194 fprintf(stderr
, "Failed to create username ACL\n");
3201 * Combinations we support here:
3203 * - no-auth (clear text, no auth)
3204 * - password (clear text, weak auth)
3205 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3206 * - tls (encrypt, weak anonymous creds, no auth)
3207 * - tls + password (encrypt, weak anonymous creds, weak auth)
3208 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3209 * - tls + x509 (encrypt, good x509 creds, no auth)
3210 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3211 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3213 * NB1. TLS is a stackable auth scheme.
3214 * NB2. the x509 schemes have option to validate a client cert dname
3217 #ifdef CONFIG_VNC_TLS
3219 vs
->auth
= VNC_AUTH_VENCRYPT
;
3221 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3222 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3224 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3225 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3228 #endif /* CONFIG_VNC_TLS */
3229 VNC_DEBUG("Initializing VNC server with password auth\n");
3230 vs
->auth
= VNC_AUTH_VNC
;
3231 #ifdef CONFIG_VNC_TLS
3232 vs
->subauth
= VNC_AUTH_INVALID
;
3234 #endif /* CONFIG_VNC_TLS */
3235 #ifdef CONFIG_VNC_SASL
3237 #ifdef CONFIG_VNC_TLS
3239 vs
->auth
= VNC_AUTH_VENCRYPT
;
3241 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3242 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3244 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3245 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3248 #endif /* CONFIG_VNC_TLS */
3249 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3250 vs
->auth
= VNC_AUTH_SASL
;
3251 #ifdef CONFIG_VNC_TLS
3252 vs
->subauth
= VNC_AUTH_INVALID
;
3254 #endif /* CONFIG_VNC_TLS */
3255 #endif /* CONFIG_VNC_SASL */
3257 #ifdef CONFIG_VNC_TLS
3259 vs
->auth
= VNC_AUTH_VENCRYPT
;
3261 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3262 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3264 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3265 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3269 VNC_DEBUG("Initializing VNC server with no auth\n");
3270 vs
->auth
= VNC_AUTH_NONE
;
3271 #ifdef CONFIG_VNC_TLS
3272 vs
->subauth
= VNC_AUTH_INVALID
;
3277 #ifdef CONFIG_VNC_SASL
3278 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
3279 error_setg(errp
, "Failed to initialize SASL auth: %s",
3280 sasl_errstring(saslErr
, NULL
, NULL
));
3284 vs
->lock_key_sync
= lock_key_sync
;
3287 /* connect to viewer */
3290 #ifdef CONFIG_VNC_WS
3293 if (strncmp(display
, "unix:", 5) == 0) {
3294 csock
= unix_connect(display
+5, errp
);
3296 csock
= inet_connect(display
, errp
);
3301 vnc_connect(vs
, csock
, false, false);
3303 /* listen for connects */
3305 dpy
= g_malloc(256);
3306 if (strncmp(display
, "unix:", 5) == 0) {
3307 pstrcpy(dpy
, 256, "unix:");
3308 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5, errp
);
3310 vs
->lsock
= inet_listen(display
, dpy
, 256,
3311 SOCK_STREAM
, 5900, errp
);
3312 if (vs
->lsock
< 0) {
3316 #ifdef CONFIG_VNC_WS
3317 if (vs
->websocket
) {
3318 if (vs
->ws_display
) {
3319 vs
->lwebsock
= inet_listen(vs
->ws_display
, NULL
, 256,
3320 SOCK_STREAM
, 0, errp
);
3322 vs
->lwebsock
= inet_listen(vs
->display
, NULL
, 256,
3323 SOCK_STREAM
, 5700, errp
);
3326 if (vs
->lwebsock
< 0) {
3335 #endif /* CONFIG_VNC_WS */
3337 g_free(vs
->display
);
3339 qemu_set_fd_handler2(vs
->lsock
, NULL
,
3340 vnc_listen_regular_read
, NULL
, vs
);
3341 #ifdef CONFIG_VNC_WS
3342 if (vs
->websocket
) {
3343 qemu_set_fd_handler2(vs
->lwebsock
, NULL
,
3344 vnc_listen_websocket_read
, NULL
, vs
);
3346 #endif /* CONFIG_VNC_WS */
3351 g_free(vs
->display
);
3353 #ifdef CONFIG_VNC_WS
3354 g_free(vs
->ws_display
);
3355 vs
->ws_display
= NULL
;
3356 #endif /* CONFIG_VNC_WS */
3359 void vnc_display_add_client(DisplayState
*ds
, int csock
, bool skipauth
)
3361 VncDisplay
*vs
= vnc_display
;
3363 vnc_connect(vs
, csock
, skipauth
, false);