2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qemu/option.h"
37 #include "qemu/sockets.h"
38 #include "qemu/timer.h"
39 #include "authz/list.h"
40 #include "qemu/config-file.h"
41 #include "qapi/qapi-emit-events.h"
42 #include "qapi/qapi-events-ui.h"
43 #include "qapi/error.h"
44 #include "qapi/qapi-commands-ui.h"
46 #include "crypto/hash.h"
47 #include "crypto/tlscredsanon.h"
48 #include "crypto/tlscredsx509.h"
49 #include "crypto/random.h"
50 #include "qom/object_interfaces.h"
51 #include "qemu/cutils.h"
52 #include "io/dns-resolver.h"
54 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
55 #define VNC_REFRESH_INTERVAL_INC 50
56 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
57 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
58 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
60 #include "vnc_keysym.h"
61 #include "crypto/cipher.h"
63 static QTAILQ_HEAD(, VncDisplay
) vnc_displays
=
64 QTAILQ_HEAD_INITIALIZER(vnc_displays
);
66 static int vnc_cursor_define(VncState
*vs
);
67 static void vnc_update_throttle_offset(VncState
*vs
);
69 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
72 static const char *mn
[] = {
74 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
75 [VNC_SHARE_MODE_SHARED
] = "shared",
76 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
77 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
79 fprintf(stderr
, "%s/%p: %s -> %s\n", __func__
,
80 vs
->ioc
, mn
[vs
->share_mode
], mn
[mode
]);
83 switch (vs
->share_mode
) {
84 case VNC_SHARE_MODE_CONNECTING
:
85 vs
->vd
->num_connecting
--;
87 case VNC_SHARE_MODE_SHARED
:
90 case VNC_SHARE_MODE_EXCLUSIVE
:
91 vs
->vd
->num_exclusive
--;
97 vs
->share_mode
= mode
;
99 switch (vs
->share_mode
) {
100 case VNC_SHARE_MODE_CONNECTING
:
101 vs
->vd
->num_connecting
++;
103 case VNC_SHARE_MODE_SHARED
:
104 vs
->vd
->num_shared
++;
106 case VNC_SHARE_MODE_EXCLUSIVE
:
107 vs
->vd
->num_exclusive
++;
115 static void vnc_init_basic_info(SocketAddress
*addr
,
119 switch (addr
->type
) {
120 case SOCKET_ADDRESS_TYPE_INET
:
121 info
->host
= g_strdup(addr
->u
.inet
.host
);
122 info
->service
= g_strdup(addr
->u
.inet
.port
);
123 if (addr
->u
.inet
.ipv6
) {
124 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
126 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
130 case SOCKET_ADDRESS_TYPE_UNIX
:
131 info
->host
= g_strdup("");
132 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
133 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
136 case SOCKET_ADDRESS_TYPE_VSOCK
:
137 case SOCKET_ADDRESS_TYPE_FD
:
138 error_setg(errp
, "Unsupported socket address type %s",
139 SocketAddressType_str(addr
->type
));
148 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket
*ioc
,
152 SocketAddress
*addr
= NULL
;
155 error_setg(errp
, "No listener socket available");
159 addr
= qio_channel_socket_get_local_address(ioc
, errp
);
164 vnc_init_basic_info(addr
, info
, errp
);
165 qapi_free_SocketAddress(addr
);
168 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket
*ioc
,
172 SocketAddress
*addr
= NULL
;
174 addr
= qio_channel_socket_get_remote_address(ioc
, errp
);
179 vnc_init_basic_info(addr
, info
, errp
);
180 qapi_free_SocketAddress(addr
);
183 static const char *vnc_auth_name(VncDisplay
*vd
) {
185 case VNC_AUTH_INVALID
:
201 case VNC_AUTH_VENCRYPT
:
202 switch (vd
->subauth
) {
203 case VNC_AUTH_VENCRYPT_PLAIN
:
204 return "vencrypt+plain";
205 case VNC_AUTH_VENCRYPT_TLSNONE
:
206 return "vencrypt+tls+none";
207 case VNC_AUTH_VENCRYPT_TLSVNC
:
208 return "vencrypt+tls+vnc";
209 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
210 return "vencrypt+tls+plain";
211 case VNC_AUTH_VENCRYPT_X509NONE
:
212 return "vencrypt+x509+none";
213 case VNC_AUTH_VENCRYPT_X509VNC
:
214 return "vencrypt+x509+vnc";
215 case VNC_AUTH_VENCRYPT_X509PLAIN
:
216 return "vencrypt+x509+plain";
217 case VNC_AUTH_VENCRYPT_TLSSASL
:
218 return "vencrypt+tls+sasl";
219 case VNC_AUTH_VENCRYPT_X509SASL
:
220 return "vencrypt+x509+sasl";
230 static VncServerInfo
*vnc_server_info_get(VncDisplay
*vd
)
235 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
239 info
= g_malloc0(sizeof(*info
));
240 vnc_init_basic_info_from_server_addr(vd
->listener
->sioc
[0],
241 qapi_VncServerInfo_base(info
), &err
);
242 info
->has_auth
= true;
243 info
->auth
= g_strdup(vnc_auth_name(vd
));
245 qapi_free_VncServerInfo(info
);
252 static void vnc_client_cache_auth(VncState
*client
)
259 client
->info
->x509_dname
=
260 qcrypto_tls_session_get_peer_name(client
->tls
);
261 client
->info
->has_x509_dname
=
262 client
->info
->x509_dname
!= NULL
;
264 #ifdef CONFIG_VNC_SASL
265 if (client
->sasl
.conn
&&
266 client
->sasl
.username
) {
267 client
->info
->has_sasl_username
= true;
268 client
->info
->sasl_username
= g_strdup(client
->sasl
.username
);
273 static void vnc_client_cache_addr(VncState
*client
)
277 client
->info
= g_malloc0(sizeof(*client
->info
));
278 vnc_init_basic_info_from_remote_addr(client
->sioc
,
279 qapi_VncClientInfo_base(client
->info
),
281 client
->info
->websocket
= client
->websocket
;
283 qapi_free_VncClientInfo(client
->info
);
289 static void vnc_qmp_event(VncState
*vs
, QAPIEvent event
)
297 si
= vnc_server_info_get(vs
->vd
);
303 case QAPI_EVENT_VNC_CONNECTED
:
304 qapi_event_send_vnc_connected(si
, qapi_VncClientInfo_base(vs
->info
));
306 case QAPI_EVENT_VNC_INITIALIZED
:
307 qapi_event_send_vnc_initialized(si
, vs
->info
);
309 case QAPI_EVENT_VNC_DISCONNECTED
:
310 qapi_event_send_vnc_disconnected(si
, vs
->info
);
316 qapi_free_VncServerInfo(si
);
319 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
324 info
= g_malloc0(sizeof(*info
));
326 vnc_init_basic_info_from_remote_addr(client
->sioc
,
327 qapi_VncClientInfo_base(info
),
331 qapi_free_VncClientInfo(info
);
335 info
->websocket
= client
->websocket
;
338 info
->x509_dname
= qcrypto_tls_session_get_peer_name(client
->tls
);
339 info
->has_x509_dname
= info
->x509_dname
!= NULL
;
341 #ifdef CONFIG_VNC_SASL
342 if (client
->sasl
.conn
&& client
->sasl
.username
) {
343 info
->has_sasl_username
= true;
344 info
->sasl_username
= g_strdup(client
->sasl
.username
);
351 static VncDisplay
*vnc_display_find(const char *id
)
356 return QTAILQ_FIRST(&vnc_displays
);
358 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
359 if (strcmp(id
, vd
->id
) == 0) {
366 static VncClientInfoList
*qmp_query_client_list(VncDisplay
*vd
)
368 VncClientInfoList
*cinfo
, *prev
= NULL
;
371 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
372 cinfo
= g_new0(VncClientInfoList
, 1);
373 cinfo
->value
= qmp_query_vnc_client(client
);
380 VncInfo
*qmp_query_vnc(Error
**errp
)
382 VncInfo
*info
= g_malloc0(sizeof(*info
));
383 VncDisplay
*vd
= vnc_display_find(NULL
);
384 SocketAddress
*addr
= NULL
;
386 if (vd
== NULL
|| !vd
->listener
|| !vd
->listener
->nsioc
) {
387 info
->enabled
= false;
389 info
->enabled
= true;
391 /* for compatibility with the original command */
392 info
->has_clients
= true;
393 info
->clients
= qmp_query_client_list(vd
);
395 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0],
401 switch (addr
->type
) {
402 case SOCKET_ADDRESS_TYPE_INET
:
403 info
->host
= g_strdup(addr
->u
.inet
.host
);
404 info
->service
= g_strdup(addr
->u
.inet
.port
);
405 if (addr
->u
.inet
.ipv6
) {
406 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
408 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
412 case SOCKET_ADDRESS_TYPE_UNIX
:
413 info
->host
= g_strdup("");
414 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
415 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
418 case SOCKET_ADDRESS_TYPE_VSOCK
:
419 case SOCKET_ADDRESS_TYPE_FD
:
420 error_setg(errp
, "Unsupported socket address type %s",
421 SocketAddressType_str(addr
->type
));
427 info
->has_host
= true;
428 info
->has_service
= true;
429 info
->has_family
= true;
431 info
->has_auth
= true;
432 info
->auth
= g_strdup(vnc_auth_name(vd
));
435 qapi_free_SocketAddress(addr
);
439 qapi_free_SocketAddress(addr
);
440 qapi_free_VncInfo(info
);
445 static void qmp_query_auth(int auth
, int subauth
,
446 VncPrimaryAuth
*qmp_auth
,
447 VncVencryptSubAuth
*qmp_vencrypt
,
448 bool *qmp_has_vencrypt
);
450 static VncServerInfo2List
*qmp_query_server_entry(QIOChannelSocket
*ioc
,
454 VncServerInfo2List
*prev
)
456 VncServerInfo2List
*list
;
457 VncServerInfo2
*info
;
461 addr
= qio_channel_socket_get_local_address(ioc
, &err
);
467 info
= g_new0(VncServerInfo2
, 1);
468 vnc_init_basic_info(addr
, qapi_VncServerInfo2_base(info
), &err
);
469 qapi_free_SocketAddress(addr
);
471 qapi_free_VncServerInfo2(info
);
475 info
->websocket
= websocket
;
477 qmp_query_auth(auth
, subauth
, &info
->auth
,
478 &info
->vencrypt
, &info
->has_vencrypt
);
480 list
= g_new0(VncServerInfo2List
, 1);
486 static void qmp_query_auth(int auth
, int subauth
,
487 VncPrimaryAuth
*qmp_auth
,
488 VncVencryptSubAuth
*qmp_vencrypt
,
489 bool *qmp_has_vencrypt
)
493 *qmp_auth
= VNC_PRIMARY_AUTH_VNC
;
496 *qmp_auth
= VNC_PRIMARY_AUTH_RA2
;
499 *qmp_auth
= VNC_PRIMARY_AUTH_RA2NE
;
502 *qmp_auth
= VNC_PRIMARY_AUTH_TIGHT
;
505 *qmp_auth
= VNC_PRIMARY_AUTH_ULTRA
;
508 *qmp_auth
= VNC_PRIMARY_AUTH_TLS
;
510 case VNC_AUTH_VENCRYPT
:
511 *qmp_auth
= VNC_PRIMARY_AUTH_VENCRYPT
;
512 *qmp_has_vencrypt
= true;
514 case VNC_AUTH_VENCRYPT_PLAIN
:
515 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_PLAIN
;
517 case VNC_AUTH_VENCRYPT_TLSNONE
:
518 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_NONE
;
520 case VNC_AUTH_VENCRYPT_TLSVNC
:
521 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_VNC
;
523 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
524 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN
;
526 case VNC_AUTH_VENCRYPT_X509NONE
:
527 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_NONE
;
529 case VNC_AUTH_VENCRYPT_X509VNC
:
530 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_VNC
;
532 case VNC_AUTH_VENCRYPT_X509PLAIN
:
533 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_PLAIN
;
535 case VNC_AUTH_VENCRYPT_TLSSASL
:
536 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_SASL
;
538 case VNC_AUTH_VENCRYPT_X509SASL
:
539 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_SASL
;
542 *qmp_has_vencrypt
= false;
547 *qmp_auth
= VNC_PRIMARY_AUTH_SASL
;
551 *qmp_auth
= VNC_PRIMARY_AUTH_NONE
;
556 VncInfo2List
*qmp_query_vnc_servers(Error
**errp
)
558 VncInfo2List
*item
, *prev
= NULL
;
564 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
565 info
= g_new0(VncInfo2
, 1);
566 info
->id
= g_strdup(vd
->id
);
567 info
->clients
= qmp_query_client_list(vd
);
568 qmp_query_auth(vd
->auth
, vd
->subauth
, &info
->auth
,
569 &info
->vencrypt
, &info
->has_vencrypt
);
571 dev
= DEVICE(object_property_get_link(OBJECT(vd
->dcl
.con
),
573 info
->has_display
= true;
574 info
->display
= g_strdup(dev
->id
);
576 for (i
= 0; vd
->listener
!= NULL
&& i
< vd
->listener
->nsioc
; i
++) {
577 info
->server
= qmp_query_server_entry(
578 vd
->listener
->sioc
[i
], false, vd
->auth
, vd
->subauth
,
581 for (i
= 0; vd
->wslistener
!= NULL
&& i
< vd
->wslistener
->nsioc
; i
++) {
582 info
->server
= qmp_query_server_entry(
583 vd
->wslistener
->sioc
[i
], true, vd
->ws_auth
,
584 vd
->ws_subauth
, info
->server
);
587 item
= g_new0(VncInfo2List
, 1);
596 1) Get the queue working for IO.
597 2) there is some weirdness when using the -S option (the screen is grey
598 and not totally invalidated
599 3) resolutions > 1024
602 static int vnc_update_client(VncState
*vs
, int has_dirty
);
603 static void vnc_disconnect_start(VncState
*vs
);
605 static void vnc_colordepth(VncState
*vs
);
606 static void framebuffer_update_request(VncState
*vs
, int incremental
,
607 int x_position
, int y_position
,
609 static void vnc_refresh(DisplayChangeListener
*dcl
);
610 static int vnc_refresh_server_surface(VncDisplay
*vd
);
612 static int vnc_width(VncDisplay
*vd
)
614 return MIN(VNC_MAX_WIDTH
, ROUND_UP(surface_width(vd
->ds
),
615 VNC_DIRTY_PIXELS_PER_BIT
));
618 static int vnc_height(VncDisplay
*vd
)
620 return MIN(VNC_MAX_HEIGHT
, surface_height(vd
->ds
));
623 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty
[VNC_MAX_HEIGHT
],
624 VNC_MAX_WIDTH
/ VNC_DIRTY_PIXELS_PER_BIT
),
626 int x
, int y
, int w
, int h
)
628 int width
= vnc_width(vd
);
629 int height
= vnc_height(vd
);
631 /* this is needed this to ensure we updated all affected
632 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
633 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
634 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
638 w
= MIN(x
+ w
, width
) - x
;
639 h
= MIN(y
+ h
, height
);
642 bitmap_set(dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
643 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
647 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
648 int x
, int y
, int w
, int h
)
650 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
651 struct VncSurface
*s
= &vd
->guest
;
653 vnc_set_area_dirty(s
->dirty
, vd
, x
, y
, w
, h
);
656 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
659 vnc_write_u16(vs
, x
);
660 vnc_write_u16(vs
, y
);
661 vnc_write_u16(vs
, w
);
662 vnc_write_u16(vs
, h
);
664 vnc_write_s32(vs
, encoding
);
668 static void vnc_desktop_resize(VncState
*vs
)
670 if (vs
->ioc
== NULL
|| !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
673 if (vs
->client_width
== pixman_image_get_width(vs
->vd
->server
) &&
674 vs
->client_height
== pixman_image_get_height(vs
->vd
->server
)) {
678 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
679 pixman_image_get_width(vs
->vd
->server
) >= 0);
680 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
681 pixman_image_get_height(vs
->vd
->server
) >= 0);
682 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
683 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
685 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
687 vnc_write_u16(vs
, 1); /* number of rects */
688 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
689 VNC_ENCODING_DESKTOPRESIZE
);
690 vnc_unlock_output(vs
);
694 static void vnc_abort_display_jobs(VncDisplay
*vd
)
698 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
701 vnc_unlock_output(vs
);
703 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
706 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
708 if (vs
->update
== VNC_STATE_UPDATE_NONE
&&
709 vs
->job_update
!= VNC_STATE_UPDATE_NONE
) {
710 /* job aborted before completion */
711 vs
->update
= vs
->job_update
;
712 vs
->job_update
= VNC_STATE_UPDATE_NONE
;
715 vnc_unlock_output(vs
);
719 int vnc_server_fb_stride(VncDisplay
*vd
)
721 return pixman_image_get_stride(vd
->server
);
724 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
728 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
729 ptr
+= y
* vnc_server_fb_stride(vd
);
730 ptr
+= x
* VNC_SERVER_FB_BYTES
;
734 static void vnc_update_server_surface(VncDisplay
*vd
)
738 qemu_pixman_image_unref(vd
->server
);
741 if (QTAILQ_EMPTY(&vd
->clients
)) {
745 width
= vnc_width(vd
);
746 height
= vnc_height(vd
);
747 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
751 memset(vd
->guest
.dirty
, 0x00, sizeof(vd
->guest
.dirty
));
752 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
756 static bool vnc_check_pageflip(DisplaySurface
*s1
,
759 return (s1
!= NULL
&&
761 surface_width(s1
) == surface_width(s2
) &&
762 surface_height(s1
) == surface_height(s2
) &&
763 surface_format(s1
) == surface_format(s2
));
767 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
768 DisplaySurface
*surface
)
770 static const char placeholder_msg
[] =
771 "Display output is not active.";
772 static DisplaySurface
*placeholder
;
773 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
774 bool pageflip
= vnc_check_pageflip(vd
->ds
, surface
);
777 if (surface
== NULL
) {
778 if (placeholder
== NULL
) {
779 placeholder
= qemu_create_message_surface(640, 480, placeholder_msg
);
781 surface
= placeholder
;
784 vnc_abort_display_jobs(vd
);
788 qemu_pixman_image_unref(vd
->guest
.fb
);
789 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
790 vd
->guest
.format
= surface
->format
;
793 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
794 surface_width(surface
),
795 surface_height(surface
));
800 vnc_update_server_surface(vd
);
802 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
804 vnc_desktop_resize(vs
);
805 if (vs
->vd
->cursor
) {
806 vnc_cursor_define(vs
);
808 memset(vs
->dirty
, 0x00, sizeof(vs
->dirty
));
809 vnc_set_area_dirty(vs
->dirty
, vd
, 0, 0,
812 vnc_update_throttle_offset(vs
);
817 static void vnc_write_pixels_copy(VncState
*vs
,
818 void *pixels
, int size
)
820 vnc_write(vs
, pixels
, size
);
823 /* slowest but generic code. */
824 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
828 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
829 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
830 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
831 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
833 # error need some bits here if you change VNC_SERVER_FB_FORMAT
835 v
= (r
<< vs
->client_pf
.rshift
) |
836 (g
<< vs
->client_pf
.gshift
) |
837 (b
<< vs
->client_pf
.bshift
);
838 switch (vs
->client_pf
.bytes_per_pixel
) {
868 static void vnc_write_pixels_generic(VncState
*vs
,
869 void *pixels1
, int size
)
873 if (VNC_SERVER_FB_BYTES
== 4) {
874 uint32_t *pixels
= pixels1
;
877 for (i
= 0; i
< n
; i
++) {
878 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
879 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
884 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
888 VncDisplay
*vd
= vs
->vd
;
890 row
= vnc_server_fb_ptr(vd
, x
, y
);
891 for (i
= 0; i
< h
; i
++) {
892 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
893 row
+= vnc_server_fb_stride(vd
);
898 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
901 bool encode_raw
= false;
902 size_t saved_offs
= vs
->output
.offset
;
904 switch(vs
->vnc_encoding
) {
905 case VNC_ENCODING_ZLIB
:
906 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
908 case VNC_ENCODING_HEXTILE
:
909 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
910 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
912 case VNC_ENCODING_TIGHT
:
913 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
915 case VNC_ENCODING_TIGHT_PNG
:
916 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
918 case VNC_ENCODING_ZRLE
:
919 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
921 case VNC_ENCODING_ZYWRLE
:
922 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
929 /* If the client has the same pixel format as our internal buffer and
930 * a RAW encoding would need less space fall back to RAW encoding to
931 * save bandwidth and processing power in the client. */
932 if (!encode_raw
&& vs
->write_pixels
== vnc_write_pixels_copy
&&
933 12 + h
* w
* VNC_SERVER_FB_BYTES
<= (vs
->output
.offset
- saved_offs
)) {
934 vs
->output
.offset
= saved_offs
;
939 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
940 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
946 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
947 int x
, int y
, int visible
)
949 /* can we ask the client(s) to move the pointer ??? */
952 static int vnc_cursor_define(VncState
*vs
)
954 QEMUCursor
*c
= vs
->vd
->cursor
;
957 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
959 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
960 vnc_write_u8(vs
, 0); /* padding */
961 vnc_write_u16(vs
, 1); /* # of rects */
962 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
963 VNC_ENCODING_RICH_CURSOR
);
964 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
965 vnc_write_pixels_generic(vs
, c
->data
, isize
);
966 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
967 vnc_unlock_output(vs
);
973 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
976 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
979 cursor_put(vd
->cursor
);
980 g_free(vd
->cursor_mask
);
983 cursor_get(vd
->cursor
);
984 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
985 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
986 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
988 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
989 vnc_cursor_define(vs
);
993 static int find_and_clear_dirty_height(VncState
*vs
,
994 int y
, int last_x
, int x
, int height
)
998 for (h
= 1; h
< (height
- y
); h
++) {
999 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
1002 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
1009 * Figure out how much pending data we should allow in the output
1010 * buffer before we throttle incremental display updates, and/or
1011 * drop audio samples.
1013 * We allow for equiv of 1 full display's worth of FB updates,
1014 * and 1 second of audio samples. If audio backlog was larger
1015 * than that the client would already suffering awful audio
1016 * glitches, so dropping samples is no worse really).
1018 static void vnc_update_throttle_offset(VncState
*vs
)
1021 vs
->client_width
* vs
->client_height
* vs
->client_pf
.bytes_per_pixel
;
1023 if (vs
->audio_cap
) {
1025 switch (vs
->as
.fmt
) {
1027 case AUDIO_FORMAT_U8
:
1028 case AUDIO_FORMAT_S8
:
1031 case AUDIO_FORMAT_U16
:
1032 case AUDIO_FORMAT_S16
:
1035 case AUDIO_FORMAT_U32
:
1036 case AUDIO_FORMAT_S32
:
1040 offset
+= vs
->as
.freq
* bps
* vs
->as
.nchannels
;
1043 /* Put a floor of 1MB on offset, so that if we have a large pending
1044 * buffer and the display is resized to a small size & back again
1045 * we don't suddenly apply a tiny send limit
1047 offset
= MAX(offset
, 1024 * 1024);
1049 if (vs
->throttle_output_offset
!= offset
) {
1050 trace_vnc_client_throttle_threshold(
1051 vs
, vs
->ioc
, vs
->throttle_output_offset
, offset
, vs
->client_width
,
1052 vs
->client_height
, vs
->client_pf
.bytes_per_pixel
, vs
->audio_cap
);
1055 vs
->throttle_output_offset
= offset
;
1058 static bool vnc_should_update(VncState
*vs
)
1060 switch (vs
->update
) {
1061 case VNC_STATE_UPDATE_NONE
:
1063 case VNC_STATE_UPDATE_INCREMENTAL
:
1064 /* Only allow incremental updates if the pending send queue
1065 * is less than the permitted threshold, and the job worker
1066 * is completely idle.
1068 if (vs
->output
.offset
< vs
->throttle_output_offset
&&
1069 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1072 trace_vnc_client_throttle_incremental(
1073 vs
, vs
->ioc
, vs
->job_update
, vs
->output
.offset
);
1075 case VNC_STATE_UPDATE_FORCE
:
1076 /* Only allow forced updates if the pending send queue
1077 * does not contain a previous forced update, and the
1078 * job worker is completely idle.
1080 * Note this means we'll queue a forced update, even if
1081 * the output buffer size is otherwise over the throttle
1084 if (vs
->force_update_offset
== 0 &&
1085 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1088 trace_vnc_client_throttle_forced(
1089 vs
, vs
->ioc
, vs
->job_update
, vs
->force_update_offset
);
1095 static int vnc_update_client(VncState
*vs
, int has_dirty
)
1097 VncDisplay
*vd
= vs
->vd
;
1103 if (vs
->disconnecting
) {
1104 vnc_disconnect_finish(vs
);
1108 vs
->has_dirty
+= has_dirty
;
1109 if (!vnc_should_update(vs
)) {
1113 if (!vs
->has_dirty
&& vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
1118 * Send screen updates to the vnc client using the server
1119 * surface and server dirty map. guest surface updates
1120 * happening in parallel don't disturb us, the next pass will
1121 * send them to the client.
1123 job
= vnc_job_new(vs
);
1125 height
= pixman_image_get_height(vd
->server
);
1126 width
= pixman_image_get_width(vd
->server
);
1132 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
1133 height
* VNC_DIRTY_BPL(vs
),
1134 y
* VNC_DIRTY_BPL(vs
));
1135 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
1136 /* no more dirty bits */
1139 y
= offset
/ VNC_DIRTY_BPL(vs
);
1140 x
= offset
% VNC_DIRTY_BPL(vs
);
1141 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
1142 VNC_DIRTY_BPL(vs
), x
);
1143 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
1144 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
1145 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
1147 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
1148 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
1150 if (!x
&& x2
== width
/ VNC_DIRTY_PIXELS_PER_BIT
) {
1158 vs
->job_update
= vs
->update
;
1159 vs
->update
= VNC_STATE_UPDATE_NONE
;
1166 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1168 VncState
*vs
= opaque
;
1170 assert(vs
->magic
== VNC_MAGIC
);
1172 case AUD_CNOTIFY_DISABLE
:
1173 vnc_lock_output(vs
);
1174 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1175 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1176 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
1177 vnc_unlock_output(vs
);
1181 case AUD_CNOTIFY_ENABLE
:
1182 vnc_lock_output(vs
);
1183 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1184 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1185 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
1186 vnc_unlock_output(vs
);
1192 static void audio_capture_destroy(void *opaque
)
1196 static void audio_capture(void *opaque
, void *buf
, int size
)
1198 VncState
*vs
= opaque
;
1200 assert(vs
->magic
== VNC_MAGIC
);
1201 vnc_lock_output(vs
);
1202 if (vs
->output
.offset
< vs
->throttle_output_offset
) {
1203 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1204 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1205 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
1206 vnc_write_u32(vs
, size
);
1207 vnc_write(vs
, buf
, size
);
1209 trace_vnc_client_throttle_audio(vs
, vs
->ioc
, vs
->output
.offset
);
1211 vnc_unlock_output(vs
);
1215 static void audio_add(VncState
*vs
)
1217 struct audio_capture_ops ops
;
1219 if (vs
->audio_cap
) {
1220 error_report("audio already running");
1224 ops
.notify
= audio_capture_notify
;
1225 ops
.destroy
= audio_capture_destroy
;
1226 ops
.capture
= audio_capture
;
1228 vs
->audio_cap
= AUD_add_capture(vs
->vd
->audio_state
, &vs
->as
, &ops
, vs
);
1229 if (!vs
->audio_cap
) {
1230 error_report("Failed to add audio capture");
1234 static void audio_del(VncState
*vs
)
1236 if (vs
->audio_cap
) {
1237 AUD_del_capture(vs
->audio_cap
, vs
);
1238 vs
->audio_cap
= NULL
;
1242 static void vnc_disconnect_start(VncState
*vs
)
1244 if (vs
->disconnecting
) {
1247 trace_vnc_client_disconnect_start(vs
, vs
->ioc
);
1248 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1250 g_source_remove(vs
->ioc_tag
);
1253 qio_channel_close(vs
->ioc
, NULL
);
1254 vs
->disconnecting
= TRUE
;
1257 void vnc_disconnect_finish(VncState
*vs
)
1261 trace_vnc_client_disconnect_finish(vs
, vs
->ioc
);
1263 vnc_jobs_join(vs
); /* Wait encoding jobs */
1265 vnc_lock_output(vs
);
1266 vnc_qmp_event(vs
, QAPI_EVENT_VNC_DISCONNECTED
);
1268 buffer_free(&vs
->input
);
1269 buffer_free(&vs
->output
);
1271 qapi_free_VncClientInfo(vs
->info
);
1274 vnc_tight_clear(vs
);
1277 #ifdef CONFIG_VNC_SASL
1278 vnc_sasl_client_cleanup(vs
);
1279 #endif /* CONFIG_VNC_SASL */
1281 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1283 if (vs
->mouse_mode_notifier
.notify
!= NULL
) {
1284 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1286 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1287 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1288 /* last client gone */
1289 vnc_update_server_surface(vs
->vd
);
1292 vnc_unlock_output(vs
);
1294 qemu_mutex_destroy(&vs
->output_mutex
);
1295 if (vs
->bh
!= NULL
) {
1296 qemu_bh_delete(vs
->bh
);
1298 buffer_free(&vs
->jobs_buffer
);
1300 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1301 g_free(vs
->lossy_rect
[i
]);
1303 g_free(vs
->lossy_rect
);
1305 object_unref(OBJECT(vs
->ioc
));
1307 object_unref(OBJECT(vs
->sioc
));
1315 size_t vnc_client_io_error(VncState
*vs
, ssize_t ret
, Error
**errp
)
1319 trace_vnc_client_eof(vs
, vs
->ioc
);
1320 vnc_disconnect_start(vs
);
1321 } else if (ret
!= QIO_CHANNEL_ERR_BLOCK
) {
1322 trace_vnc_client_io_error(vs
, vs
->ioc
,
1323 errp
? error_get_pretty(*errp
) :
1325 vnc_disconnect_start(vs
);
1338 void vnc_client_error(VncState
*vs
)
1340 VNC_DEBUG("Closing down client sock: protocol error\n");
1341 vnc_disconnect_start(vs
);
1346 * Called to write a chunk of data to the client socket. The data may
1347 * be the raw data, or may have already been encoded by SASL.
1348 * The data will be written either straight onto the socket, or
1349 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1351 * NB, it is theoretically possible to have 2 layers of encryption,
1352 * both SASL, and this TLS layer. It is highly unlikely in practice
1353 * though, since SASL encryption will typically be a no-op if TLS
1356 * Returns the number of bytes written, which may be less than
1357 * the requested 'datalen' if the socket would block. Returns
1358 * 0 on I/O error, and disconnects the client socket.
1360 size_t vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1364 ret
= qio_channel_write(
1365 vs
->ioc
, (const char *)data
, datalen
, &err
);
1366 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1367 return vnc_client_io_error(vs
, ret
, &err
);
1372 * Called to write buffered data to the client socket, when not
1373 * using any SASL SSF encryption layers. Will write as much data
1374 * as possible without blocking. If all buffered data is written,
1375 * will switch the FD poll() handler back to read monitoring.
1377 * Returns the number of bytes written, which may be less than
1378 * the buffered output data if the socket would block. Returns
1379 * 0 on I/O error, and disconnects the client socket.
1381 static size_t vnc_client_write_plain(VncState
*vs
)
1386 #ifdef CONFIG_VNC_SASL
1387 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1388 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1389 vs
->sasl
.waitWriteSSF
);
1391 if (vs
->sasl
.conn
&&
1393 vs
->sasl
.waitWriteSSF
) {
1394 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1396 vs
->sasl
.waitWriteSSF
-= ret
;
1398 #endif /* CONFIG_VNC_SASL */
1399 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1403 if (ret
>= vs
->force_update_offset
) {
1404 if (vs
->force_update_offset
!= 0) {
1405 trace_vnc_client_unthrottle_forced(vs
, vs
->ioc
);
1407 vs
->force_update_offset
= 0;
1409 vs
->force_update_offset
-= ret
;
1411 offset
= vs
->output
.offset
;
1412 buffer_advance(&vs
->output
, ret
);
1413 if (offset
>= vs
->throttle_output_offset
&&
1414 vs
->output
.offset
< vs
->throttle_output_offset
) {
1415 trace_vnc_client_unthrottle_incremental(vs
, vs
->ioc
, vs
->output
.offset
);
1418 if (vs
->output
.offset
== 0) {
1420 g_source_remove(vs
->ioc_tag
);
1422 vs
->ioc_tag
= qio_channel_add_watch(
1423 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1431 * First function called whenever there is data to be written to
1432 * the client socket. Will delegate actual work according to whether
1433 * SASL SSF layers are enabled (thus requiring encryption calls)
1435 static void vnc_client_write_locked(VncState
*vs
)
1437 #ifdef CONFIG_VNC_SASL
1438 if (vs
->sasl
.conn
&&
1440 !vs
->sasl
.waitWriteSSF
) {
1441 vnc_client_write_sasl(vs
);
1443 #endif /* CONFIG_VNC_SASL */
1445 vnc_client_write_plain(vs
);
1449 static void vnc_client_write(VncState
*vs
)
1451 assert(vs
->magic
== VNC_MAGIC
);
1452 vnc_lock_output(vs
);
1453 if (vs
->output
.offset
) {
1454 vnc_client_write_locked(vs
);
1455 } else if (vs
->ioc
!= NULL
) {
1457 g_source_remove(vs
->ioc_tag
);
1459 vs
->ioc_tag
= qio_channel_add_watch(
1460 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1462 vnc_unlock_output(vs
);
1465 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1467 vs
->read_handler
= func
;
1468 vs
->read_handler_expect
= expecting
;
1473 * Called to read a chunk of data from the client socket. The data may
1474 * be the raw data, or may need to be further decoded by SASL.
1475 * The data will be read either straight from to the socket, or
1476 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1478 * NB, it is theoretically possible to have 2 layers of encryption,
1479 * both SASL, and this TLS layer. It is highly unlikely in practice
1480 * though, since SASL encryption will typically be a no-op if TLS
1483 * Returns the number of bytes read, which may be less than
1484 * the requested 'datalen' if the socket would block. Returns
1485 * 0 on I/O error or EOF, and disconnects the client socket.
1487 size_t vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1491 ret
= qio_channel_read(
1492 vs
->ioc
, (char *)data
, datalen
, &err
);
1493 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1494 return vnc_client_io_error(vs
, ret
, &err
);
1499 * Called to read data from the client socket to the input buffer,
1500 * when not using any SASL SSF encryption layers. Will read as much
1501 * data as possible without blocking.
1503 * Returns the number of bytes read, which may be less than
1504 * the requested 'datalen' if the socket would block. Returns
1505 * 0 on I/O error or EOF, and disconnects the client socket.
1507 static size_t vnc_client_read_plain(VncState
*vs
)
1510 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1511 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1512 buffer_reserve(&vs
->input
, 4096);
1513 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1516 vs
->input
.offset
+= ret
;
1520 static void vnc_jobs_bh(void *opaque
)
1522 VncState
*vs
= opaque
;
1524 assert(vs
->magic
== VNC_MAGIC
);
1525 vnc_jobs_consume_buffer(vs
);
1529 * First function called whenever there is more data to be read from
1530 * the client socket. Will delegate actual work according to whether
1531 * SASL SSF layers are enabled (thus requiring decryption calls)
1532 * Returns 0 on success, -1 if client disconnected
1534 static int vnc_client_read(VncState
*vs
)
1538 #ifdef CONFIG_VNC_SASL
1539 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1540 ret
= vnc_client_read_sasl(vs
);
1542 #endif /* CONFIG_VNC_SASL */
1543 ret
= vnc_client_read_plain(vs
);
1545 if (vs
->disconnecting
) {
1546 vnc_disconnect_finish(vs
);
1552 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1553 size_t len
= vs
->read_handler_expect
;
1556 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1557 if (vs
->disconnecting
) {
1558 vnc_disconnect_finish(vs
);
1563 buffer_advance(&vs
->input
, len
);
1565 vs
->read_handler_expect
= ret
;
1571 gboolean
vnc_client_io(QIOChannel
*ioc G_GNUC_UNUSED
,
1572 GIOCondition condition
, void *opaque
)
1574 VncState
*vs
= opaque
;
1576 assert(vs
->magic
== VNC_MAGIC
);
1577 if (condition
& G_IO_IN
) {
1578 if (vnc_client_read(vs
) < 0) {
1579 /* vs is free()ed here */
1583 if (condition
& G_IO_OUT
) {
1584 vnc_client_write(vs
);
1587 if (vs
->disconnecting
) {
1588 if (vs
->ioc_tag
!= 0) {
1589 g_source_remove(vs
->ioc_tag
);
1598 * Scale factor to apply to vs->throttle_output_offset when checking for
1599 * hard limit. Worst case normal usage could be x2, if we have a complete
1600 * incremental update and complete forced update in the output buffer.
1601 * So x3 should be good enough, but we pick x5 to be conservative and thus
1602 * (hopefully) never trigger incorrectly.
1604 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1606 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1608 assert(vs
->magic
== VNC_MAGIC
);
1609 if (vs
->disconnecting
) {
1612 /* Protection against malicious client/guest to prevent our output
1613 * buffer growing without bound if client stops reading data. This
1614 * should rarely trigger, because we have earlier throttling code
1615 * which stops issuing framebuffer updates and drops audio data
1616 * if the throttle_output_offset value is exceeded. So we only reach
1617 * this higher level if a huge number of pseudo-encodings get
1618 * triggered while data can't be sent on the socket.
1620 * NB throttle_output_offset can be zero during early protocol
1621 * handshake, or from the job thread's VncState clone
1623 if (vs
->throttle_output_offset
!= 0 &&
1624 (vs
->output
.offset
/ VNC_THROTTLE_OUTPUT_LIMIT_SCALE
) >
1625 vs
->throttle_output_offset
) {
1626 trace_vnc_client_output_limit(vs
, vs
->ioc
, vs
->output
.offset
,
1627 vs
->throttle_output_offset
);
1628 vnc_disconnect_start(vs
);
1631 buffer_reserve(&vs
->output
, len
);
1633 if (vs
->ioc
!= NULL
&& buffer_empty(&vs
->output
)) {
1635 g_source_remove(vs
->ioc_tag
);
1637 vs
->ioc_tag
= qio_channel_add_watch(
1638 vs
->ioc
, G_IO_IN
| G_IO_OUT
, vnc_client_io
, vs
, NULL
);
1641 buffer_append(&vs
->output
, data
, len
);
1644 void vnc_write_s32(VncState
*vs
, int32_t value
)
1646 vnc_write_u32(vs
, *(uint32_t *)&value
);
1649 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1653 buf
[0] = (value
>> 24) & 0xFF;
1654 buf
[1] = (value
>> 16) & 0xFF;
1655 buf
[2] = (value
>> 8) & 0xFF;
1656 buf
[3] = value
& 0xFF;
1658 vnc_write(vs
, buf
, 4);
1661 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1665 buf
[0] = (value
>> 8) & 0xFF;
1666 buf
[1] = value
& 0xFF;
1668 vnc_write(vs
, buf
, 2);
1671 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1673 vnc_write(vs
, (char *)&value
, 1);
1676 void vnc_flush(VncState
*vs
)
1678 vnc_lock_output(vs
);
1679 if (vs
->ioc
!= NULL
&& vs
->output
.offset
) {
1680 vnc_client_write_locked(vs
);
1682 if (vs
->disconnecting
) {
1683 if (vs
->ioc_tag
!= 0) {
1684 g_source_remove(vs
->ioc_tag
);
1688 vnc_unlock_output(vs
);
1691 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1693 return data
[offset
];
1696 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1698 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1701 static int32_t read_s32(uint8_t *data
, size_t offset
)
1703 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1704 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1707 uint32_t read_u32(uint8_t *data
, size_t offset
)
1709 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1710 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1713 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1717 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1719 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1720 int absolute
= qemu_input_is_absolute();
1722 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1723 vnc_lock_output(vs
);
1724 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1725 vnc_write_u8(vs
, 0);
1726 vnc_write_u16(vs
, 1);
1727 vnc_framebuffer_update(vs
, absolute
, 0,
1728 pixman_image_get_width(vs
->vd
->server
),
1729 pixman_image_get_height(vs
->vd
->server
),
1730 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1731 vnc_unlock_output(vs
);
1734 vs
->absolute
= absolute
;
1737 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1739 static uint32_t bmap
[INPUT_BUTTON__MAX
] = {
1740 [INPUT_BUTTON_LEFT
] = 0x01,
1741 [INPUT_BUTTON_MIDDLE
] = 0x02,
1742 [INPUT_BUTTON_RIGHT
] = 0x04,
1743 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1744 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1746 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1747 int width
= pixman_image_get_width(vs
->vd
->server
);
1748 int height
= pixman_image_get_height(vs
->vd
->server
);
1750 if (vs
->last_bmask
!= button_mask
) {
1751 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1752 vs
->last_bmask
= button_mask
;
1756 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, 0, width
);
1757 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, 0, height
);
1758 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1759 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1760 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1762 if (vs
->last_x
!= -1) {
1763 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1764 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1769 qemu_input_event_sync();
1772 static void press_key(VncState
*vs
, QKeyCode qcode
)
1774 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, true);
1775 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, false);
1778 static void vnc_led_state_change(VncState
*vs
)
1780 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1784 vnc_lock_output(vs
);
1785 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1786 vnc_write_u8(vs
, 0);
1787 vnc_write_u16(vs
, 1);
1788 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1789 vnc_write_u8(vs
, vs
->vd
->ledstate
);
1790 vnc_unlock_output(vs
);
1794 static void kbd_leds(void *opaque
, int ledstate
)
1796 VncDisplay
*vd
= opaque
;
1799 trace_vnc_key_guest_leds((ledstate
& QEMU_CAPS_LOCK_LED
),
1800 (ledstate
& QEMU_NUM_LOCK_LED
),
1801 (ledstate
& QEMU_SCROLL_LOCK_LED
));
1803 if (ledstate
== vd
->ledstate
) {
1807 vd
->ledstate
= ledstate
;
1809 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
1810 vnc_led_state_change(client
);
1814 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1816 QKeyCode qcode
= qemu_input_key_number_to_qcode(keycode
);
1818 /* QEMU console switch */
1820 case Q_KEY_CODE_1
... Q_KEY_CODE_9
: /* '1' to '9' keys */
1821 if (vs
->vd
->dcl
.con
== NULL
&& down
&&
1822 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
) &&
1823 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_ALT
)) {
1824 /* Reset the modifiers sent to the current console */
1825 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1826 console_select(qcode
- Q_KEY_CODE_1
);
1833 /* Turn off the lock state sync logic if the client support the led
1836 if (down
&& vs
->vd
->lock_key_sync
&&
1837 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1838 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1839 /* If the numlock state needs to change then simulate an additional
1840 keypress before sending this one. This will happen if the user
1841 toggles numlock away from the VNC window.
1843 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1844 if (!qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1845 trace_vnc_key_sync_numlock(true);
1846 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1849 if (qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1850 trace_vnc_key_sync_numlock(false);
1851 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1856 if (down
&& vs
->vd
->lock_key_sync
&&
1857 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1858 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1859 /* If the capslock state needs to change then simulate an additional
1860 keypress before sending this one. This will happen if the user
1861 toggles capslock away from the VNC window.
1863 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1864 bool shift
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_SHIFT
);
1865 bool capslock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CAPSLOCK
);
1867 if (uppercase
== shift
) {
1868 trace_vnc_key_sync_capslock(false);
1869 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1872 if (uppercase
!= shift
) {
1873 trace_vnc_key_sync_capslock(true);
1874 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1879 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, down
);
1880 if (!qemu_console_is_graphic(NULL
)) {
1881 bool numlock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
);
1882 bool control
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
);
1883 /* QEMU console emulation */
1886 case 0x2a: /* Left Shift */
1887 case 0x36: /* Right Shift */
1888 case 0x1d: /* Left CTRL */
1889 case 0x9d: /* Right CTRL */
1890 case 0x38: /* Left ALT */
1891 case 0xb8: /* Right ALT */
1894 kbd_put_keysym(QEMU_KEY_UP
);
1897 kbd_put_keysym(QEMU_KEY_DOWN
);
1900 kbd_put_keysym(QEMU_KEY_LEFT
);
1903 kbd_put_keysym(QEMU_KEY_RIGHT
);
1906 kbd_put_keysym(QEMU_KEY_DELETE
);
1909 kbd_put_keysym(QEMU_KEY_HOME
);
1912 kbd_put_keysym(QEMU_KEY_END
);
1915 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1918 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1922 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1925 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1928 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1931 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1934 kbd_put_keysym('5');
1937 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1940 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1943 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1946 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1949 kbd_put_keysym('0');
1952 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1956 kbd_put_keysym('/');
1959 kbd_put_keysym('*');
1962 kbd_put_keysym('-');
1965 kbd_put_keysym('+');
1968 kbd_put_keysym('\n');
1973 kbd_put_keysym(sym
& 0x1f);
1975 kbd_put_keysym(sym
);
1983 static const char *code2name(int keycode
)
1985 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode
));
1988 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1993 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1994 lsym
= lsym
- 'A' + 'a';
1997 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF,
1998 vs
->vd
->kbd
, down
) & SCANCODE_KEYMASK
;
1999 trace_vnc_key_event_map(down
, sym
, keycode
, code2name(keycode
));
2000 do_key_event(vs
, down
, keycode
, sym
);
2003 static void ext_key_event(VncState
*vs
, int down
,
2004 uint32_t sym
, uint16_t keycode
)
2006 /* if the user specifies a keyboard layout, always use it */
2007 if (keyboard_layout
) {
2008 key_event(vs
, down
, sym
);
2010 trace_vnc_key_event_ext(down
, sym
, keycode
, code2name(keycode
));
2011 do_key_event(vs
, down
, keycode
, sym
);
2015 static void framebuffer_update_request(VncState
*vs
, int incremental
,
2016 int x
, int y
, int w
, int h
)
2019 if (vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
2020 vs
->update
= VNC_STATE_UPDATE_INCREMENTAL
;
2023 vs
->update
= VNC_STATE_UPDATE_FORCE
;
2024 vnc_set_area_dirty(vs
->dirty
, vs
->vd
, x
, y
, w
, h
);
2028 static void send_ext_key_event_ack(VncState
*vs
)
2030 vnc_lock_output(vs
);
2031 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2032 vnc_write_u8(vs
, 0);
2033 vnc_write_u16(vs
, 1);
2034 vnc_framebuffer_update(vs
, 0, 0,
2035 pixman_image_get_width(vs
->vd
->server
),
2036 pixman_image_get_height(vs
->vd
->server
),
2037 VNC_ENCODING_EXT_KEY_EVENT
);
2038 vnc_unlock_output(vs
);
2042 static void send_ext_audio_ack(VncState
*vs
)
2044 vnc_lock_output(vs
);
2045 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2046 vnc_write_u8(vs
, 0);
2047 vnc_write_u16(vs
, 1);
2048 vnc_framebuffer_update(vs
, 0, 0,
2049 pixman_image_get_width(vs
->vd
->server
),
2050 pixman_image_get_height(vs
->vd
->server
),
2051 VNC_ENCODING_AUDIO
);
2052 vnc_unlock_output(vs
);
2056 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
2059 unsigned int enc
= 0;
2062 vs
->vnc_encoding
= 0;
2063 vs
->tight
->compression
= 9;
2064 vs
->tight
->quality
= -1; /* Lossless by default */
2068 * Start from the end because the encodings are sent in order of preference.
2069 * This way the preferred encoding (first encoding defined in the array)
2070 * will be set at the end of the loop.
2072 for (i
= n_encodings
- 1; i
>= 0; i
--) {
2075 case VNC_ENCODING_RAW
:
2076 vs
->vnc_encoding
= enc
;
2078 case VNC_ENCODING_COPYRECT
:
2079 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
2081 case VNC_ENCODING_HEXTILE
:
2082 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
2083 vs
->vnc_encoding
= enc
;
2085 case VNC_ENCODING_TIGHT
:
2086 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
2087 vs
->vnc_encoding
= enc
;
2089 #ifdef CONFIG_VNC_PNG
2090 case VNC_ENCODING_TIGHT_PNG
:
2091 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
2092 vs
->vnc_encoding
= enc
;
2095 case VNC_ENCODING_ZLIB
:
2096 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
2097 vs
->vnc_encoding
= enc
;
2099 case VNC_ENCODING_ZRLE
:
2100 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
2101 vs
->vnc_encoding
= enc
;
2103 case VNC_ENCODING_ZYWRLE
:
2104 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
2105 vs
->vnc_encoding
= enc
;
2107 case VNC_ENCODING_DESKTOPRESIZE
:
2108 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
2110 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
2111 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
2113 case VNC_ENCODING_RICH_CURSOR
:
2114 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
2115 if (vs
->vd
->cursor
) {
2116 vnc_cursor_define(vs
);
2119 case VNC_ENCODING_EXT_KEY_EVENT
:
2120 send_ext_key_event_ack(vs
);
2122 case VNC_ENCODING_AUDIO
:
2123 send_ext_audio_ack(vs
);
2125 case VNC_ENCODING_WMVi
:
2126 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
2128 case VNC_ENCODING_LED_STATE
:
2129 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
2131 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
2132 vs
->tight
->compression
= (enc
& 0x0F);
2134 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
2135 if (vs
->vd
->lossy
) {
2136 vs
->tight
->quality
= (enc
& 0x0F);
2140 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
2144 vnc_desktop_resize(vs
);
2145 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
2146 vnc_led_state_change(vs
);
2149 static void set_pixel_conversion(VncState
*vs
)
2151 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
2153 if (fmt
== VNC_SERVER_FB_FORMAT
) {
2154 vs
->write_pixels
= vnc_write_pixels_copy
;
2155 vnc_hextile_set_pixel_conversion(vs
, 0);
2157 vs
->write_pixels
= vnc_write_pixels_generic
;
2158 vnc_hextile_set_pixel_conversion(vs
, 1);
2162 static void send_color_map(VncState
*vs
)
2166 vnc_write_u8(vs
, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES
);
2167 vnc_write_u8(vs
, 0); /* padding */
2168 vnc_write_u16(vs
, 0); /* first color */
2169 vnc_write_u16(vs
, 256); /* # of colors */
2171 for (i
= 0; i
< 256; i
++) {
2172 PixelFormat
*pf
= &vs
->client_pf
;
2174 vnc_write_u16(vs
, (((i
>> pf
->rshift
) & pf
->rmax
) << (16 - pf
->rbits
)));
2175 vnc_write_u16(vs
, (((i
>> pf
->gshift
) & pf
->gmax
) << (16 - pf
->gbits
)));
2176 vnc_write_u16(vs
, (((i
>> pf
->bshift
) & pf
->bmax
) << (16 - pf
->bbits
)));
2180 static void set_pixel_format(VncState
*vs
, int bits_per_pixel
,
2181 int big_endian_flag
, int true_color_flag
,
2182 int red_max
, int green_max
, int blue_max
,
2183 int red_shift
, int green_shift
, int blue_shift
)
2185 if (!true_color_flag
) {
2186 /* Expose a reasonable default 256 color map */
2196 switch (bits_per_pixel
) {
2202 vnc_client_error(vs
);
2206 vs
->client_pf
.rmax
= red_max
? red_max
: 0xFF;
2207 vs
->client_pf
.rbits
= ctpopl(red_max
);
2208 vs
->client_pf
.rshift
= red_shift
;
2209 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2210 vs
->client_pf
.gmax
= green_max
? green_max
: 0xFF;
2211 vs
->client_pf
.gbits
= ctpopl(green_max
);
2212 vs
->client_pf
.gshift
= green_shift
;
2213 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2214 vs
->client_pf
.bmax
= blue_max
? blue_max
: 0xFF;
2215 vs
->client_pf
.bbits
= ctpopl(blue_max
);
2216 vs
->client_pf
.bshift
= blue_shift
;
2217 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2218 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2219 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2220 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2221 vs
->client_be
= big_endian_flag
;
2223 if (!true_color_flag
) {
2227 set_pixel_conversion(vs
);
2229 graphic_hw_invalidate(vs
->vd
->dcl
.con
);
2230 graphic_hw_update(vs
->vd
->dcl
.con
);
2233 static void pixel_format_message (VncState
*vs
) {
2234 char pad
[3] = { 0, 0, 0 };
2236 vs
->client_pf
= qemu_default_pixelformat(32);
2238 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2239 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2241 #ifdef HOST_WORDS_BIGENDIAN
2242 vnc_write_u8(vs
, 1); /* big-endian-flag */
2244 vnc_write_u8(vs
, 0); /* big-endian-flag */
2246 vnc_write_u8(vs
, 1); /* true-color-flag */
2247 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2248 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2249 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2250 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2251 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2252 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2253 vnc_write(vs
, pad
, 3); /* padding */
2255 vnc_hextile_set_pixel_conversion(vs
, 0);
2256 vs
->write_pixels
= vnc_write_pixels_copy
;
2259 static void vnc_colordepth(VncState
*vs
)
2261 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2262 /* Sending a WMVi message to notify the client*/
2263 vnc_lock_output(vs
);
2264 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2265 vnc_write_u8(vs
, 0);
2266 vnc_write_u16(vs
, 1); /* number of rects */
2267 vnc_framebuffer_update(vs
, 0, 0,
2268 pixman_image_get_width(vs
->vd
->server
),
2269 pixman_image_get_height(vs
->vd
->server
),
2271 pixel_format_message(vs
);
2272 vnc_unlock_output(vs
);
2275 set_pixel_conversion(vs
);
2279 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2284 VncDisplay
*vd
= vs
->vd
;
2287 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2291 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2295 set_pixel_format(vs
, read_u8(data
, 4),
2296 read_u8(data
, 6), read_u8(data
, 7),
2297 read_u16(data
, 8), read_u16(data
, 10),
2298 read_u16(data
, 12), read_u8(data
, 14),
2299 read_u8(data
, 15), read_u8(data
, 16));
2301 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2306 limit
= read_u16(data
, 2);
2308 return 4 + (limit
* 4);
2310 limit
= read_u16(data
, 2);
2312 for (i
= 0; i
< limit
; i
++) {
2313 int32_t val
= read_s32(data
, 4 + (i
* 4));
2314 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2317 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2319 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2323 framebuffer_update_request(vs
,
2324 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2325 read_u16(data
, 6), read_u16(data
, 8));
2327 case VNC_MSG_CLIENT_KEY_EVENT
:
2331 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2333 case VNC_MSG_CLIENT_POINTER_EVENT
:
2337 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2339 case VNC_MSG_CLIENT_CUT_TEXT
:
2344 uint32_t dlen
= read_u32(data
, 4);
2345 if (dlen
> (1 << 20)) {
2346 error_report("vnc: client_cut_text msg payload has %u bytes"
2347 " which exceeds our limit of 1MB.", dlen
);
2348 vnc_client_error(vs
);
2356 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2358 case VNC_MSG_CLIENT_QEMU
:
2362 switch (read_u8(data
, 1)) {
2363 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2367 ext_key_event(vs
, read_u16(data
, 2),
2368 read_u32(data
, 4), read_u32(data
, 8));
2370 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2374 switch (read_u16 (data
, 2)) {
2375 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2378 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2381 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2384 switch (read_u8(data
, 4)) {
2385 case 0: vs
->as
.fmt
= AUDIO_FORMAT_U8
; break;
2386 case 1: vs
->as
.fmt
= AUDIO_FORMAT_S8
; break;
2387 case 2: vs
->as
.fmt
= AUDIO_FORMAT_U16
; break;
2388 case 3: vs
->as
.fmt
= AUDIO_FORMAT_S16
; break;
2389 case 4: vs
->as
.fmt
= AUDIO_FORMAT_U32
; break;
2390 case 5: vs
->as
.fmt
= AUDIO_FORMAT_S32
; break;
2392 VNC_DEBUG("Invalid audio format %d\n", read_u8(data
, 4));
2393 vnc_client_error(vs
);
2396 vs
->as
.nchannels
= read_u8(data
, 5);
2397 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2398 VNC_DEBUG("Invalid audio channel count %d\n",
2400 vnc_client_error(vs
);
2403 freq
= read_u32(data
, 6);
2404 /* No official limit for protocol, but 48khz is a sensible
2405 * upper bound for trustworthy clients, and this limit
2406 * protects calculations involving 'vs->as.freq' later.
2409 VNC_DEBUG("Invalid audio frequency %u > 48000", freq
);
2410 vnc_client_error(vs
);
2416 VNC_DEBUG("Invalid audio message %d\n", read_u8(data
, 4));
2417 vnc_client_error(vs
);
2423 VNC_DEBUG("Msg: %d\n", read_u16(data
, 0));
2424 vnc_client_error(vs
);
2429 VNC_DEBUG("Msg: %d\n", data
[0]);
2430 vnc_client_error(vs
);
2434 vnc_update_throttle_offset(vs
);
2435 vnc_read_when(vs
, protocol_client_msg
, 1);
2439 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2445 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2446 switch (vs
->vd
->share_policy
) {
2447 case VNC_SHARE_POLICY_IGNORE
:
2449 * Ignore the shared flag. Nothing to do here.
2451 * Doesn't conform to the rfb spec but is traditional qemu
2452 * behavior, thus left here as option for compatibility
2456 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2458 * Policy: Allow clients ask for exclusive access.
2460 * Implementation: When a client asks for exclusive access,
2461 * disconnect all others. Shared connects are allowed as long
2462 * as no exclusive connection exists.
2464 * This is how the rfb spec suggests to handle the shared flag.
2466 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2468 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2472 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2473 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2476 vnc_disconnect_start(client
);
2479 if (mode
== VNC_SHARE_MODE_SHARED
) {
2480 if (vs
->vd
->num_exclusive
> 0) {
2481 vnc_disconnect_start(vs
);
2486 case VNC_SHARE_POLICY_FORCE_SHARED
:
2488 * Policy: Shared connects only.
2489 * Implementation: Disallow clients asking for exclusive access.
2491 * Useful for shared desktop sessions where you don't want
2492 * someone forgetting to say -shared when running the vnc
2493 * client disconnect everybody else.
2495 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2496 vnc_disconnect_start(vs
);
2501 vnc_set_share_mode(vs
, mode
);
2503 if (vs
->vd
->num_shared
> vs
->vd
->connections_limit
) {
2504 vnc_disconnect_start(vs
);
2508 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
2509 pixman_image_get_width(vs
->vd
->server
) >= 0);
2510 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
2511 pixman_image_get_height(vs
->vd
->server
) >= 0);
2512 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
2513 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
2514 vnc_write_u16(vs
, vs
->client_width
);
2515 vnc_write_u16(vs
, vs
->client_height
);
2517 pixel_format_message(vs
);
2520 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2521 if (size
> sizeof(buf
)) {
2525 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2528 vnc_write_u32(vs
, size
);
2529 vnc_write(vs
, buf
, size
);
2532 vnc_client_cache_auth(vs
);
2533 vnc_qmp_event(vs
, QAPI_EVENT_VNC_INITIALIZED
);
2535 vnc_read_when(vs
, protocol_client_msg
, 1);
2540 void start_client_init(VncState
*vs
)
2542 vnc_read_when(vs
, protocol_client_init
, 1);
2545 static void authentication_failed(VncState
*vs
)
2547 vnc_write_u32(vs
, 1); /* Reject auth */
2548 if (vs
->minor
>= 8) {
2549 static const char err
[] = "Authentication failed";
2550 vnc_write_u32(vs
, sizeof(err
));
2551 vnc_write(vs
, err
, sizeof(err
));
2554 vnc_client_error(vs
);
2557 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2559 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2561 unsigned char key
[8];
2562 time_t now
= time(NULL
);
2563 QCryptoCipher
*cipher
= NULL
;
2566 if (!vs
->vd
->password
) {
2567 trace_vnc_auth_fail(vs
, vs
->auth
, "password is not set", "");
2570 if (vs
->vd
->expires
< now
) {
2571 trace_vnc_auth_fail(vs
, vs
->auth
, "password is expired", "");
2575 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2577 /* Calculate the expected challenge response */
2578 pwlen
= strlen(vs
->vd
->password
);
2579 for (i
=0; i
<sizeof(key
); i
++)
2580 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2582 cipher
= qcrypto_cipher_new(
2583 QCRYPTO_CIPHER_ALG_DES_RFB
,
2584 QCRYPTO_CIPHER_MODE_ECB
,
2585 key
, G_N_ELEMENTS(key
),
2588 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot create cipher",
2589 error_get_pretty(err
));
2594 if (qcrypto_cipher_encrypt(cipher
,
2597 VNC_AUTH_CHALLENGE_SIZE
,
2599 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot encrypt challenge response",
2600 error_get_pretty(err
));
2605 /* Compare expected vs actual challenge response */
2606 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2607 trace_vnc_auth_fail(vs
, vs
->auth
, "mis-matched challenge response", "");
2610 trace_vnc_auth_pass(vs
, vs
->auth
);
2611 vnc_write_u32(vs
, 0); /* Accept auth */
2614 start_client_init(vs
);
2617 qcrypto_cipher_free(cipher
);
2621 authentication_failed(vs
);
2622 qcrypto_cipher_free(cipher
);
2626 void start_auth_vnc(VncState
*vs
)
2630 if (qcrypto_random_bytes(vs
->challenge
, sizeof(vs
->challenge
), &err
)) {
2631 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot get random bytes",
2632 error_get_pretty(err
));
2634 authentication_failed(vs
);
2638 /* Send client a 'random' challenge */
2639 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2642 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2646 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2648 /* We only advertise 1 auth scheme at a time, so client
2649 * must pick the one we sent. Verify this */
2650 if (data
[0] != vs
->auth
) { /* Reject auth */
2651 trace_vnc_auth_reject(vs
, vs
->auth
, (int)data
[0]);
2652 authentication_failed(vs
);
2653 } else { /* Accept requested auth */
2654 trace_vnc_auth_start(vs
, vs
->auth
);
2657 if (vs
->minor
>= 8) {
2658 vnc_write_u32(vs
, 0); /* Accept auth completion */
2661 trace_vnc_auth_pass(vs
, vs
->auth
);
2662 start_client_init(vs
);
2669 case VNC_AUTH_VENCRYPT
:
2670 start_auth_vencrypt(vs
);
2673 #ifdef CONFIG_VNC_SASL
2675 start_auth_sasl(vs
);
2677 #endif /* CONFIG_VNC_SASL */
2679 default: /* Should not be possible, but just in case */
2680 trace_vnc_auth_fail(vs
, vs
->auth
, "Unhandled auth method", "");
2681 authentication_failed(vs
);
2687 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2691 memcpy(local
, version
, 12);
2694 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2695 VNC_DEBUG("Malformed protocol version %s\n", local
);
2696 vnc_client_error(vs
);
2699 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2700 if (vs
->major
!= 3 ||
2706 VNC_DEBUG("Unsupported client version\n");
2707 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2709 vnc_client_error(vs
);
2712 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2713 * as equivalent to v3.3 by servers
2715 if (vs
->minor
== 4 || vs
->minor
== 5)
2718 if (vs
->minor
== 3) {
2719 trace_vnc_auth_start(vs
, vs
->auth
);
2720 if (vs
->auth
== VNC_AUTH_NONE
) {
2721 vnc_write_u32(vs
, vs
->auth
);
2723 trace_vnc_auth_pass(vs
, vs
->auth
);
2724 start_client_init(vs
);
2725 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2726 VNC_DEBUG("Tell client VNC auth\n");
2727 vnc_write_u32(vs
, vs
->auth
);
2731 trace_vnc_auth_fail(vs
, vs
->auth
,
2732 "Unsupported auth method for v3.3", "");
2733 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2735 vnc_client_error(vs
);
2738 vnc_write_u8(vs
, 1); /* num auth */
2739 vnc_write_u8(vs
, vs
->auth
);
2740 vnc_read_when(vs
, protocol_client_auth
, 1);
2747 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2749 struct VncSurface
*vs
= &vd
->guest
;
2751 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2754 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2758 w
= (x
+ w
) / VNC_STAT_RECT
;
2759 h
= (y
+ h
) / VNC_STAT_RECT
;
2763 for (j
= y
; j
<= h
; j
++) {
2764 for (i
= x
; i
<= w
; i
++) {
2765 vs
->lossy_rect
[j
][i
] = 1;
2770 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2773 int sty
= y
/ VNC_STAT_RECT
;
2774 int stx
= x
/ VNC_STAT_RECT
;
2777 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2778 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2780 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2783 /* kernel send buffers are full -> refresh later */
2784 if (vs
->output
.offset
) {
2788 if (!vs
->lossy_rect
[sty
][stx
]) {
2792 vs
->lossy_rect
[sty
][stx
] = 0;
2793 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2794 bitmap_set(vs
->dirty
[y
+ j
],
2795 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2796 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2804 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2806 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2807 pixman_image_get_width(vd
->server
));
2808 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2809 pixman_image_get_height(vd
->server
));
2814 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2815 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2816 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2818 rect
->updated
= false;
2822 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2824 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2827 vd
->guest
.last_freq_check
= *tv
;
2829 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2830 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2831 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2832 int count
= ARRAY_SIZE(rect
->times
);
2833 struct timeval min
, max
;
2835 if (!timerisset(&rect
->times
[count
- 1])) {
2839 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2840 qemu_timersub(tv
, &max
, &res
);
2842 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2844 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2845 memset(rect
->times
, 0, sizeof (rect
->times
));
2849 min
= rect
->times
[rect
->idx
];
2850 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2851 qemu_timersub(&max
, &min
, &res
);
2853 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2854 rect
->freq
/= count
;
2855 rect
->freq
= 1. / rect
->freq
;
2861 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2867 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2868 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2870 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2871 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2872 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2884 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2888 rect
= vnc_stat_rect(vd
, x
, y
);
2889 if (rect
->updated
) {
2892 rect
->times
[rect
->idx
] = *tv
;
2893 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2894 rect
->updated
= true;
2897 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2899 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2900 pixman_image_get_width(vd
->server
));
2901 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2902 pixman_image_get_height(vd
->server
));
2903 int cmp_bytes
, server_stride
, line_bytes
, guest_ll
, guest_stride
, y
= 0;
2904 uint8_t *guest_row0
= NULL
, *server_row0
;
2907 pixman_image_t
*tmpbuf
= NULL
;
2909 struct timeval tv
= { 0, 0 };
2911 if (!vd
->non_adaptive
) {
2912 gettimeofday(&tv
, NULL
);
2913 has_dirty
= vnc_update_stats(vd
, &tv
);
2917 * Walk through the guest dirty map.
2918 * Check and copy modified bits from guest to server surface.
2919 * Update server dirty map.
2921 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
2922 server_stride
= guest_stride
= guest_ll
=
2923 pixman_image_get_stride(vd
->server
);
2924 cmp_bytes
= MIN(VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
,
2926 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2927 int width
= pixman_image_get_width(vd
->server
);
2928 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2931 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd
->guest
.fb
));
2932 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2933 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
2934 guest_ll
= pixman_image_get_width(vd
->guest
.fb
)
2935 * DIV_ROUND_UP(guest_bpp
, 8);
2937 line_bytes
= MIN(server_stride
, guest_ll
);
2941 uint8_t *guest_ptr
, *server_ptr
;
2942 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
2943 height
* VNC_DIRTY_BPL(&vd
->guest
),
2944 y
* VNC_DIRTY_BPL(&vd
->guest
));
2945 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
2946 /* no more dirty bits */
2949 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
2950 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
2952 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
2954 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2955 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2956 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2958 guest_ptr
= guest_row0
+ y
* guest_stride
;
2960 guest_ptr
+= x
* cmp_bytes
;
2962 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
2963 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2964 int _cmp_bytes
= cmp_bytes
;
2965 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
2968 if ((x
+ 1) * cmp_bytes
> line_bytes
) {
2969 _cmp_bytes
= line_bytes
- x
* cmp_bytes
;
2971 assert(_cmp_bytes
>= 0);
2972 if (memcmp(server_ptr
, guest_ptr
, _cmp_bytes
) == 0) {
2975 memcpy(server_ptr
, guest_ptr
, _cmp_bytes
);
2976 if (!vd
->non_adaptive
) {
2977 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
2980 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2981 set_bit(x
, vs
->dirty
[y
]);
2988 qemu_pixman_image_unref(tmpbuf
);
2992 static void vnc_refresh(DisplayChangeListener
*dcl
)
2994 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2996 int has_dirty
, rects
= 0;
2998 if (QTAILQ_EMPTY(&vd
->clients
)) {
2999 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
3003 graphic_hw_update(vd
->dcl
.con
);
3005 if (vnc_trylock_display(vd
)) {
3006 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3010 has_dirty
= vnc_refresh_server_surface(vd
);
3011 vnc_unlock_display(vd
);
3013 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
3014 rects
+= vnc_update_client(vs
, has_dirty
);
3015 /* vs might be free()ed here */
3018 if (has_dirty
&& rects
) {
3019 vd
->dcl
.update_interval
/= 2;
3020 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
3021 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
3024 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
3025 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
3026 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
3031 static void vnc_connect(VncDisplay
*vd
, QIOChannelSocket
*sioc
,
3032 bool skipauth
, bool websocket
)
3034 VncState
*vs
= g_new0(VncState
, 1);
3035 bool first_client
= QTAILQ_EMPTY(&vd
->clients
);
3038 trace_vnc_client_connect(vs
, sioc
);
3039 vs
->zrle
= g_new0(VncZrle
, 1);
3040 vs
->tight
= g_new0(VncTight
, 1);
3041 vs
->magic
= VNC_MAGIC
;
3043 object_ref(OBJECT(vs
->sioc
));
3044 vs
->ioc
= QIO_CHANNEL(sioc
);
3045 object_ref(OBJECT(vs
->ioc
));
3048 buffer_init(&vs
->input
, "vnc-input/%p", sioc
);
3049 buffer_init(&vs
->output
, "vnc-output/%p", sioc
);
3050 buffer_init(&vs
->jobs_buffer
, "vnc-jobs_buffer/%p", sioc
);
3052 buffer_init(&vs
->tight
->tight
, "vnc-tight/%p", sioc
);
3053 buffer_init(&vs
->tight
->zlib
, "vnc-tight-zlib/%p", sioc
);
3054 buffer_init(&vs
->tight
->gradient
, "vnc-tight-gradient/%p", sioc
);
3055 #ifdef CONFIG_VNC_JPEG
3056 buffer_init(&vs
->tight
->jpeg
, "vnc-tight-jpeg/%p", sioc
);
3058 #ifdef CONFIG_VNC_PNG
3059 buffer_init(&vs
->tight
->png
, "vnc-tight-png/%p", sioc
);
3061 buffer_init(&vs
->zlib
.zlib
, "vnc-zlib/%p", sioc
);
3062 buffer_init(&vs
->zrle
->zrle
, "vnc-zrle/%p", sioc
);
3063 buffer_init(&vs
->zrle
->fb
, "vnc-zrle-fb/%p", sioc
);
3064 buffer_init(&vs
->zrle
->zlib
, "vnc-zrle-zlib/%p", sioc
);
3067 vs
->auth
= VNC_AUTH_NONE
;
3068 vs
->subauth
= VNC_AUTH_INVALID
;
3071 vs
->auth
= vd
->ws_auth
;
3072 vs
->subauth
= VNC_AUTH_INVALID
;
3074 vs
->auth
= vd
->auth
;
3075 vs
->subauth
= vd
->subauth
;
3078 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3079 sioc
, websocket
, vs
->auth
, vs
->subauth
);
3081 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
3082 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
3083 vs
->lossy_rect
[i
] = g_new0(uint8_t, VNC_STAT_COLS
);
3086 VNC_DEBUG("New client on socket %p\n", vs
->sioc
);
3087 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3088 qio_channel_set_blocking(vs
->ioc
, false, NULL
);
3090 g_source_remove(vs
->ioc_tag
);
3095 vs
->ioc_tag
= qio_channel_add_watch(
3096 vs
->ioc
, G_IO_IN
, vncws_tls_handshake_io
, vs
, NULL
);
3098 vs
->ioc_tag
= qio_channel_add_watch(
3099 vs
->ioc
, G_IO_IN
, vncws_handshake_io
, vs
, NULL
);
3102 vs
->ioc_tag
= qio_channel_add_watch(
3103 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
3106 vnc_client_cache_addr(vs
);
3107 vnc_qmp_event(vs
, QAPI_EVENT_VNC_CONNECTED
);
3108 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
3113 vs
->as
.freq
= 44100;
3114 vs
->as
.nchannels
= 2;
3115 vs
->as
.fmt
= AUDIO_FORMAT_S16
;
3116 vs
->as
.endianness
= 0;
3118 qemu_mutex_init(&vs
->output_mutex
);
3119 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
3121 QTAILQ_INSERT_TAIL(&vd
->clients
, vs
, next
);
3123 vnc_update_server_surface(vd
);
3126 graphic_hw_update(vd
->dcl
.con
);
3128 if (!vs
->websocket
) {
3129 vnc_start_protocol(vs
);
3132 if (vd
->num_connecting
> vd
->connections_limit
) {
3133 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3134 if (vs
->share_mode
== VNC_SHARE_MODE_CONNECTING
) {
3135 vnc_disconnect_start(vs
);
3142 void vnc_start_protocol(VncState
*vs
)
3144 vnc_write(vs
, "RFB 003.008\n", 12);
3146 vnc_read_when(vs
, protocol_version
, 12);
3148 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
3149 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
3152 static void vnc_listen_io(QIONetListener
*listener
,
3153 QIOChannelSocket
*cioc
,
3156 VncDisplay
*vd
= opaque
;
3157 bool isWebsock
= listener
== vd
->wslistener
;
3159 qio_channel_set_name(QIO_CHANNEL(cioc
),
3160 isWebsock
? "vnc-ws-server" : "vnc-server");
3161 qio_channel_set_delay(QIO_CHANNEL(cioc
), false);
3162 vnc_connect(vd
, cioc
, false, isWebsock
);
3165 static const DisplayChangeListenerOps dcl_ops
= {
3167 .dpy_refresh
= vnc_refresh
,
3168 .dpy_gfx_update
= vnc_dpy_update
,
3169 .dpy_gfx_switch
= vnc_dpy_switch
,
3170 .dpy_gfx_check_format
= qemu_pixman_check_format
,
3171 .dpy_mouse_set
= vnc_mouse_set
,
3172 .dpy_cursor_define
= vnc_dpy_cursor_define
,
3175 void vnc_display_init(const char *id
, Error
**errp
)
3179 if (vnc_display_find(id
) != NULL
) {
3182 vd
= g_malloc0(sizeof(*vd
));
3184 vd
->id
= strdup(id
);
3185 QTAILQ_INSERT_TAIL(&vnc_displays
, vd
, next
);
3187 QTAILQ_INIT(&vd
->clients
);
3188 vd
->expires
= TIME_MAX
;
3190 if (keyboard_layout
) {
3191 trace_vnc_key_map_init(keyboard_layout
);
3192 vd
->kbd_layout
= init_keyboard_layout(name2keysym
,
3193 keyboard_layout
, errp
);
3195 vd
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us", errp
);
3198 if (!vd
->kbd_layout
) {
3202 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3203 vd
->connections_limit
= 32;
3205 qemu_mutex_init(&vd
->mutex
);
3206 vnc_start_worker_thread();
3208 vd
->dcl
.ops
= &dcl_ops
;
3209 register_displaychangelistener(&vd
->dcl
);
3210 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
3214 static void vnc_display_close(VncDisplay
*vd
)
3219 vd
->is_unix
= false;
3222 qio_net_listener_disconnect(vd
->listener
);
3223 object_unref(OBJECT(vd
->listener
));
3225 vd
->listener
= NULL
;
3227 if (vd
->wslistener
) {
3228 qio_net_listener_disconnect(vd
->wslistener
);
3229 object_unref(OBJECT(vd
->wslistener
));
3231 vd
->wslistener
= NULL
;
3233 vd
->auth
= VNC_AUTH_INVALID
;
3234 vd
->subauth
= VNC_AUTH_INVALID
;
3236 object_unparent(OBJECT(vd
->tlscreds
));
3237 vd
->tlscreds
= NULL
;
3240 object_unparent(OBJECT(vd
->tlsauthz
));
3241 vd
->tlsauthz
= NULL
;
3243 g_free(vd
->tlsauthzid
);
3244 vd
->tlsauthzid
= NULL
;
3245 if (vd
->lock_key_sync
) {
3246 qemu_remove_led_event_handler(vd
->led
);
3249 #ifdef CONFIG_VNC_SASL
3250 if (vd
->sasl
.authz
) {
3251 object_unparent(OBJECT(vd
->sasl
.authz
));
3252 vd
->sasl
.authz
= NULL
;
3254 g_free(vd
->sasl
.authzid
);
3255 vd
->sasl
.authzid
= NULL
;
3259 int vnc_display_password(const char *id
, const char *password
)
3261 VncDisplay
*vd
= vnc_display_find(id
);
3266 if (vd
->auth
== VNC_AUTH_NONE
) {
3267 error_printf_unless_qmp("If you want use passwords please enable "
3268 "password auth using '-vnc ${dpy},password'.\n");
3272 g_free(vd
->password
);
3273 vd
->password
= g_strdup(password
);
3278 int vnc_display_pw_expire(const char *id
, time_t expires
)
3280 VncDisplay
*vd
= vnc_display_find(id
);
3286 vd
->expires
= expires
;
3290 static void vnc_display_print_local_addr(VncDisplay
*vd
)
3292 SocketAddress
*addr
;
3295 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
3299 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0], &err
);
3304 if (addr
->type
!= SOCKET_ADDRESS_TYPE_INET
) {
3305 qapi_free_SocketAddress(addr
);
3308 error_printf_unless_qmp("VNC server running on %s:%s\n",
3311 qapi_free_SocketAddress(addr
);
3314 static QemuOptsList qemu_vnc_opts
= {
3316 .head
= QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts
.head
),
3317 .implied_opt_name
= "vnc",
3321 .type
= QEMU_OPT_STRING
,
3323 .name
= "websocket",
3324 .type
= QEMU_OPT_STRING
,
3326 .name
= "tls-creds",
3327 .type
= QEMU_OPT_STRING
,
3330 .type
= QEMU_OPT_STRING
,
3333 .type
= QEMU_OPT_STRING
,
3336 .type
= QEMU_OPT_NUMBER
,
3338 .name
= "connections",
3339 .type
= QEMU_OPT_NUMBER
,
3342 .type
= QEMU_OPT_NUMBER
,
3345 .type
= QEMU_OPT_BOOL
,
3348 .type
= QEMU_OPT_BOOL
,
3351 .type
= QEMU_OPT_BOOL
,
3354 .type
= QEMU_OPT_BOOL
,
3356 .name
= "lock-key-sync",
3357 .type
= QEMU_OPT_BOOL
,
3359 .name
= "key-delay-ms",
3360 .type
= QEMU_OPT_NUMBER
,
3363 .type
= QEMU_OPT_BOOL
,
3366 .type
= QEMU_OPT_BOOL
,
3368 .name
= "tls-authz",
3369 .type
= QEMU_OPT_STRING
,
3371 .name
= "sasl-authz",
3372 .type
= QEMU_OPT_STRING
,
3375 .type
= QEMU_OPT_BOOL
,
3377 .name
= "non-adaptive",
3378 .type
= QEMU_OPT_BOOL
,
3381 .type
= QEMU_OPT_STRING
,
3383 { /* end of list */ }
3389 vnc_display_setup_auth(int *auth
,
3391 QCryptoTLSCreds
*tlscreds
,
3398 * We have a choice of 3 authentication options
3404 * The channel can be run in 2 modes
3409 * And TLS can use 2 types of credentials
3414 * We thus have 9 possible logical combinations
3419 * 4. tls + anon + none
3420 * 5. tls + anon + vnc
3421 * 6. tls + anon + sasl
3422 * 7. tls + x509 + none
3423 * 8. tls + x509 + vnc
3424 * 9. tls + x509 + sasl
3426 * These need to be mapped into the VNC auth schemes
3427 * in an appropriate manner. In regular VNC, all the
3428 * TLS options get mapped into VNC_AUTH_VENCRYPT
3431 * In websockets, the https:// protocol already provides
3432 * TLS support, so there is no need to make use of the
3433 * VeNCrypt extension. Furthermore, websockets browser
3434 * clients could not use VeNCrypt even if they wanted to,
3435 * as they cannot control when the TLS handshake takes
3436 * place. Thus there is no option but to rely on https://,
3437 * meaning combinations 4->6 and 7->9 will be mapped to
3438 * VNC auth schemes in the same way as combos 1->3.
3440 * Regardless of fact that we have a different mapping to
3441 * VNC auth mechs for plain VNC vs websockets VNC, the end
3442 * result has the same security characteristics.
3444 if (websocket
|| !tlscreds
) {
3446 VNC_DEBUG("Initializing VNC server with password auth\n");
3447 *auth
= VNC_AUTH_VNC
;
3449 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3450 *auth
= VNC_AUTH_SASL
;
3452 VNC_DEBUG("Initializing VNC server with no auth\n");
3453 *auth
= VNC_AUTH_NONE
;
3455 *subauth
= VNC_AUTH_INVALID
;
3457 bool is_x509
= object_dynamic_cast(OBJECT(tlscreds
),
3458 TYPE_QCRYPTO_TLS_CREDS_X509
) != NULL
;
3459 bool is_anon
= object_dynamic_cast(OBJECT(tlscreds
),
3460 TYPE_QCRYPTO_TLS_CREDS_ANON
) != NULL
;
3462 if (!is_x509
&& !is_anon
) {
3464 "Unsupported TLS cred type %s",
3465 object_get_typename(OBJECT(tlscreds
)));
3468 *auth
= VNC_AUTH_VENCRYPT
;
3471 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3472 *subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3474 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3475 *subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3480 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3481 *subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3483 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3484 *subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3488 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3489 *subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3491 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3492 *subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3500 static int vnc_display_get_address(const char *addrstr
,
3509 SocketAddress
**retaddr
,
3513 SocketAddress
*addr
= NULL
;
3515 addr
= g_new0(SocketAddress
, 1);
3517 if (strncmp(addrstr
, "unix:", 5) == 0) {
3518 addr
->type
= SOCKET_ADDRESS_TYPE_UNIX
;
3519 addr
->u
.q_unix
.path
= g_strdup(addrstr
+ 5);
3522 error_setg(errp
, "UNIX sockets not supported with websock");
3527 error_setg(errp
, "Port range not support with UNIX socket");
3534 unsigned long long baseport
= 0;
3535 InetSocketAddress
*inet
;
3537 port
= strrchr(addrstr
, ':');
3543 error_setg(errp
, "no vnc port specified");
3547 hostlen
= port
- addrstr
;
3549 if (*port
== '\0') {
3550 error_setg(errp
, "vnc port cannot be empty");
3555 addr
->type
= SOCKET_ADDRESS_TYPE_INET
;
3556 inet
= &addr
->u
.inet
;
3557 if (addrstr
[0] == '[' && addrstr
[hostlen
- 1] == ']') {
3558 inet
->host
= g_strndup(addrstr
+ 1, hostlen
- 2);
3560 inet
->host
= g_strndup(addrstr
, hostlen
);
3562 /* plain VNC port is just an offset, for websocket
3563 * port is absolute */
3565 if (g_str_equal(addrstr
, "") ||
3566 g_str_equal(addrstr
, "on")) {
3567 if (displaynum
== -1) {
3568 error_setg(errp
, "explicit websocket port is required");
3571 inet
->port
= g_strdup_printf(
3572 "%d", displaynum
+ 5700);
3574 inet
->has_to
= true;
3575 inet
->to
= to
+ 5700;
3578 inet
->port
= g_strdup(port
);
3581 int offset
= reverse
? 0 : 5900;
3582 if (parse_uint_full(port
, &baseport
, 10) < 0) {
3583 error_setg(errp
, "can't convert to a number: %s", port
);
3586 if (baseport
> 65535 ||
3587 baseport
+ offset
> 65535) {
3588 error_setg(errp
, "port %s out of range", port
);
3591 inet
->port
= g_strdup_printf(
3592 "%d", (int)baseport
+ offset
);
3595 inet
->has_to
= true;
3596 inet
->to
= to
+ offset
;
3601 inet
->has_ipv4
= has_ipv4
;
3603 inet
->has_ipv6
= has_ipv6
;
3612 qapi_free_SocketAddress(addr
);
3617 static void vnc_free_addresses(SocketAddress
***retsaddr
,
3622 for (i
= 0; i
< *retnsaddr
; i
++) {
3623 qapi_free_SocketAddress((*retsaddr
)[i
]);
3631 static int vnc_display_get_addresses(QemuOpts
*opts
,
3633 SocketAddress
***retsaddr
,
3635 SocketAddress
***retwsaddr
,
3639 SocketAddress
*saddr
= NULL
;
3640 SocketAddress
*wsaddr
= NULL
;
3641 QemuOptsIter addriter
;
3643 int to
= qemu_opt_get_number(opts
, "to", 0);
3644 bool has_ipv4
= qemu_opt_get(opts
, "ipv4");
3645 bool has_ipv6
= qemu_opt_get(opts
, "ipv6");
3646 bool ipv4
= qemu_opt_get_bool(opts
, "ipv4", false);
3647 bool ipv6
= qemu_opt_get_bool(opts
, "ipv6", false);
3648 int displaynum
= -1;
3656 addr
= qemu_opt_get(opts
, "vnc");
3657 if (addr
== NULL
|| g_str_equal(addr
, "none")) {
3661 if (qemu_opt_get(opts
, "websocket") &&
3662 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1
)) {
3664 "SHA1 hash support is required for websockets");
3668 qemu_opt_iter_init(&addriter
, opts
, "vnc");
3669 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3671 rv
= vnc_display_get_address(addr
, false, reverse
, 0, to
,
3678 /* Historical compat - first listen address can be used
3679 * to set the default websocket port
3681 if (displaynum
== -1) {
3684 *retsaddr
= g_renew(SocketAddress
*, *retsaddr
, *retnsaddr
+ 1);
3685 (*retsaddr
)[(*retnsaddr
)++] = saddr
;
3688 /* If we had multiple primary displays, we don't do defaults
3689 * for websocket, and require explicit config instead. */
3690 if (*retnsaddr
> 1) {
3694 qemu_opt_iter_init(&addriter
, opts
, "websocket");
3695 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3696 if (vnc_display_get_address(addr
, true, reverse
, displaynum
, to
,
3699 &wsaddr
, errp
) < 0) {
3703 /* Historical compat - if only a single listen address was
3704 * provided, then this is used to set the default listen
3705 * address for websocket too
3707 if (*retnsaddr
== 1 &&
3708 (*retsaddr
)[0]->type
== SOCKET_ADDRESS_TYPE_INET
&&
3709 wsaddr
->type
== SOCKET_ADDRESS_TYPE_INET
&&
3710 g_str_equal(wsaddr
->u
.inet
.host
, "") &&
3711 !g_str_equal((*retsaddr
)[0]->u
.inet
.host
, "")) {
3712 g_free(wsaddr
->u
.inet
.host
);
3713 wsaddr
->u
.inet
.host
= g_strdup((*retsaddr
)[0]->u
.inet
.host
);
3716 *retwsaddr
= g_renew(SocketAddress
*, *retwsaddr
, *retnwsaddr
+ 1);
3717 (*retwsaddr
)[(*retnwsaddr
)++] = wsaddr
;
3723 vnc_free_addresses(retsaddr
, retnsaddr
);
3724 vnc_free_addresses(retwsaddr
, retnwsaddr
);
3729 static int vnc_display_connect(VncDisplay
*vd
,
3730 SocketAddress
**saddr
,
3732 SocketAddress
**wsaddr
,
3736 /* connect to viewer */
3737 QIOChannelSocket
*sioc
= NULL
;
3739 error_setg(errp
, "Cannot use websockets in reverse mode");
3743 error_setg(errp
, "Expected a single address in reverse mode");
3746 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3747 vd
->is_unix
= saddr
[0]->type
== SOCKET_ADDRESS_TYPE_UNIX
;
3748 sioc
= qio_channel_socket_new();
3749 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-reverse");
3750 if (qio_channel_socket_connect_sync(sioc
, saddr
[0], errp
) < 0) {
3753 vnc_connect(vd
, sioc
, false, false);
3754 object_unref(OBJECT(sioc
));
3759 static int vnc_display_listen(VncDisplay
*vd
,
3760 SocketAddress
**saddr
,
3762 SocketAddress
**wsaddr
,
3769 vd
->listener
= qio_net_listener_new();
3770 qio_net_listener_set_name(vd
->listener
, "vnc-listen");
3771 for (i
= 0; i
< nsaddr
; i
++) {
3772 if (qio_net_listener_open_sync(vd
->listener
,
3779 qio_net_listener_set_client_func(vd
->listener
,
3780 vnc_listen_io
, vd
, NULL
);
3784 vd
->wslistener
= qio_net_listener_new();
3785 qio_net_listener_set_name(vd
->wslistener
, "vnc-ws-listen");
3786 for (i
= 0; i
< nwsaddr
; i
++) {
3787 if (qio_net_listener_open_sync(vd
->wslistener
,
3794 qio_net_listener_set_client_func(vd
->wslistener
,
3795 vnc_listen_io
, vd
, NULL
);
3802 void vnc_display_open(const char *id
, Error
**errp
)
3804 VncDisplay
*vd
= vnc_display_find(id
);
3805 QemuOpts
*opts
= qemu_opts_find(&qemu_vnc_opts
, id
);
3806 SocketAddress
**saddr
= NULL
, **wsaddr
= NULL
;
3807 size_t nsaddr
, nwsaddr
;
3808 const char *share
, *device_id
;
3810 bool password
= false;
3811 bool reverse
= false;
3815 const char *tlsauthz
;
3816 const char *saslauthz
;
3817 int lock_key_sync
= 1;
3819 const char *audiodev
;
3822 error_setg(errp
, "VNC display not active");
3825 vnc_display_close(vd
);
3831 reverse
= qemu_opt_get_bool(opts
, "reverse", false);
3832 if (vnc_display_get_addresses(opts
, reverse
, &saddr
, &nsaddr
,
3833 &wsaddr
, &nwsaddr
, errp
) < 0) {
3837 password
= qemu_opt_get_bool(opts
, "password", false);
3839 if (fips_get_state()) {
3841 "VNC password auth disabled due to FIPS mode, "
3842 "consider using the VeNCrypt or SASL authentication "
3843 "methods as an alternative");
3846 if (!qcrypto_cipher_supports(
3847 QCRYPTO_CIPHER_ALG_DES_RFB
, QCRYPTO_CIPHER_MODE_ECB
)) {
3849 "Cipher backend does not support DES RFB algorithm");
3854 lock_key_sync
= qemu_opt_get_bool(opts
, "lock-key-sync", true);
3855 key_delay_ms
= qemu_opt_get_number(opts
, "key-delay-ms", 10);
3856 sasl
= qemu_opt_get_bool(opts
, "sasl", false);
3857 #ifndef CONFIG_VNC_SASL
3859 error_setg(errp
, "VNC SASL auth requires cyrus-sasl support");
3862 #endif /* CONFIG_VNC_SASL */
3863 credid
= qemu_opt_get(opts
, "tls-creds");
3866 creds
= object_resolve_path_component(
3867 object_get_objects_root(), credid
);
3869 error_setg(errp
, "No TLS credentials with id '%s'",
3873 vd
->tlscreds
= (QCryptoTLSCreds
*)
3874 object_dynamic_cast(creds
,
3875 TYPE_QCRYPTO_TLS_CREDS
);
3876 if (!vd
->tlscreds
) {
3877 error_setg(errp
, "Object with id '%s' is not TLS credentials",
3881 object_ref(OBJECT(vd
->tlscreds
));
3883 if (vd
->tlscreds
->endpoint
!= QCRYPTO_TLS_CREDS_ENDPOINT_SERVER
) {
3885 "Expecting TLS credentials with a server endpoint");
3889 if (qemu_opt_get(opts
, "acl")) {
3890 error_report("The 'acl' option to -vnc is deprecated. "
3891 "Please use the 'tls-authz' and 'sasl-authz' "
3894 acl
= qemu_opt_get_bool(opts
, "acl", false);
3895 tlsauthz
= qemu_opt_get(opts
, "tls-authz");
3896 if (acl
&& tlsauthz
) {
3897 error_setg(errp
, "'acl' option is mutually exclusive with the "
3898 "'tls-authz' option");
3901 if (tlsauthz
&& !vd
->tlscreds
) {
3902 error_setg(errp
, "'tls-authz' provided but TLS is not enabled");
3906 saslauthz
= qemu_opt_get(opts
, "sasl-authz");
3907 if (acl
&& saslauthz
) {
3908 error_setg(errp
, "'acl' option is mutually exclusive with the "
3909 "'sasl-authz' option");
3912 if (saslauthz
&& !sasl
) {
3913 error_setg(errp
, "'sasl-authz' provided but SASL auth is not enabled");
3917 share
= qemu_opt_get(opts
, "share");
3919 if (strcmp(share
, "ignore") == 0) {
3920 vd
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3921 } else if (strcmp(share
, "allow-exclusive") == 0) {
3922 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3923 } else if (strcmp(share
, "force-shared") == 0) {
3924 vd
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3926 error_setg(errp
, "unknown vnc share= option");
3930 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3932 vd
->connections_limit
= qemu_opt_get_number(opts
, "connections", 32);
3934 #ifdef CONFIG_VNC_JPEG
3935 vd
->lossy
= qemu_opt_get_bool(opts
, "lossy", false);
3937 vd
->non_adaptive
= qemu_opt_get_bool(opts
, "non-adaptive", false);
3938 /* adaptive updates are only used with tight encoding and
3939 * if lossy updates are enabled so we can disable all the
3940 * calculations otherwise */
3942 vd
->non_adaptive
= true;
3946 vd
->tlsauthzid
= g_strdup(tlsauthz
);
3948 if (strcmp(vd
->id
, "default") == 0) {
3949 vd
->tlsauthzid
= g_strdup("vnc.x509dname");
3951 vd
->tlsauthzid
= g_strdup_printf("vnc.%s.x509dname", vd
->id
);
3953 vd
->tlsauthz
= QAUTHZ(qauthz_list_new(vd
->tlsauthzid
,
3954 QAUTHZ_LIST_POLICY_DENY
,
3957 #ifdef CONFIG_VNC_SASL
3960 vd
->sasl
.authzid
= g_strdup(saslauthz
);
3962 if (strcmp(vd
->id
, "default") == 0) {
3963 vd
->sasl
.authzid
= g_strdup("vnc.username");
3965 vd
->sasl
.authzid
= g_strdup_printf("vnc.%s.username", vd
->id
);
3967 vd
->sasl
.authz
= QAUTHZ(qauthz_list_new(vd
->sasl
.authzid
,
3968 QAUTHZ_LIST_POLICY_DENY
,
3974 if (vnc_display_setup_auth(&vd
->auth
, &vd
->subauth
,
3975 vd
->tlscreds
, password
,
3976 sasl
, false, errp
) < 0) {
3979 trace_vnc_auth_init(vd
, 0, vd
->auth
, vd
->subauth
);
3981 if (vnc_display_setup_auth(&vd
->ws_auth
, &vd
->ws_subauth
,
3982 vd
->tlscreds
, password
,
3983 sasl
, true, errp
) < 0) {
3986 trace_vnc_auth_init(vd
, 1, vd
->ws_auth
, vd
->ws_subauth
);
3988 #ifdef CONFIG_VNC_SASL
3990 int saslErr
= sasl_server_init(NULL
, "qemu");
3992 if (saslErr
!= SASL_OK
) {
3993 error_setg(errp
, "Failed to initialize SASL auth: %s",
3994 sasl_errstring(saslErr
, NULL
, NULL
));
3999 vd
->lock_key_sync
= lock_key_sync
;
4000 if (lock_key_sync
) {
4001 vd
->led
= qemu_add_led_event_handler(kbd_leds
, vd
);
4005 audiodev
= qemu_opt_get(opts
, "audiodev");
4007 vd
->audio_state
= audio_state_by_name(audiodev
);
4008 if (!vd
->audio_state
) {
4009 error_setg(errp
, "Audiodev '%s' not found", audiodev
);
4014 device_id
= qemu_opt_get(opts
, "display");
4016 int head
= qemu_opt_get_number(opts
, "head", 0);
4019 con
= qemu_console_lookup_by_device_name(device_id
, head
, &err
);
4021 error_propagate(errp
, err
);
4028 if (con
!= vd
->dcl
.con
) {
4029 qkbd_state_free(vd
->kbd
);
4030 unregister_displaychangelistener(&vd
->dcl
);
4032 register_displaychangelistener(&vd
->dcl
);
4033 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
4035 qkbd_state_set_delay(vd
->kbd
, key_delay_ms
);
4037 if (saddr
== NULL
) {
4042 if (vnc_display_connect(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4046 if (vnc_display_listen(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4051 if (qemu_opt_get(opts
, "to")) {
4052 vnc_display_print_local_addr(vd
);
4056 vnc_free_addresses(&saddr
, &nsaddr
);
4057 vnc_free_addresses(&wsaddr
, &nwsaddr
);
4061 vnc_display_close(vd
);
4065 void vnc_display_add_client(const char *id
, int csock
, bool skipauth
)
4067 VncDisplay
*vd
= vnc_display_find(id
);
4068 QIOChannelSocket
*sioc
;
4074 sioc
= qio_channel_socket_new_fd(csock
, NULL
);
4076 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-server");
4077 vnc_connect(vd
, sioc
, skipauth
, false);
4078 object_unref(OBJECT(sioc
));
4082 static void vnc_auto_assign_id(QemuOptsList
*olist
, QemuOpts
*opts
)
4087 id
= g_strdup("default");
4088 while (qemu_opts_find(olist
, id
)) {
4090 id
= g_strdup_printf("vnc%d", i
++);
4092 qemu_opts_set_id(opts
, id
);
4095 QemuOpts
*vnc_parse(const char *str
, Error
**errp
)
4097 QemuOptsList
*olist
= qemu_find_opts("vnc");
4098 QemuOpts
*opts
= qemu_opts_parse(olist
, str
, true, errp
);
4105 id
= qemu_opts_id(opts
);
4107 /* auto-assign id if not present */
4108 vnc_auto_assign_id(olist
, opts
);
4113 int vnc_init_func(void *opaque
, QemuOpts
*opts
, Error
**errp
)
4115 Error
*local_err
= NULL
;
4116 char *id
= (char *)qemu_opts_id(opts
);
4119 vnc_display_init(id
, &local_err
);
4121 error_propagate(errp
, local_err
);
4124 vnc_display_open(id
, &local_err
);
4125 if (local_err
!= NULL
) {
4126 error_propagate(errp
, local_err
);
4132 static void vnc_register_config(void)
4134 qemu_add_opts(&qemu_vnc_opts
);
4136 opts_init(vnc_register_config
);