2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
38 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
39 #define VNC_REFRESH_INTERVAL_INC 50
40 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
41 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
42 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
44 #include "vnc_keysym.h"
47 static VncDisplay
*vnc_display
; /* needed for info vnc */
49 static int vnc_cursor_define(VncState
*vs
);
50 static void vnc_release_modifiers(VncState
*vs
);
52 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
55 static const char *mn
[] = {
57 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
58 [VNC_SHARE_MODE_SHARED
] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
62 fprintf(stderr
, "%s/%d: %s -> %s\n", __func__
,
63 vs
->csock
, mn
[vs
->share_mode
], mn
[mode
]);
66 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
67 vs
->vd
->num_exclusive
--;
69 vs
->share_mode
= mode
;
70 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
71 vs
->vd
->num_exclusive
++;
75 static char *addr_to_string(const char *format
,
76 struct sockaddr_storage
*sa
,
79 char host
[NI_MAXHOST
];
80 char serv
[NI_MAXSERV
];
84 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
87 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err
, gai_strerror(err
));
93 /* Enough for the existing format + the 2 vars we're
95 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
96 addr
= g_malloc(addrlen
+ 1);
97 snprintf(addr
, addrlen
, format
, host
, serv
);
104 char *vnc_socket_local_addr(const char *format
, int fd
) {
105 struct sockaddr_storage sa
;
109 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
112 return addr_to_string(format
, &sa
, salen
);
115 char *vnc_socket_remote_addr(const char *format
, int fd
) {
116 struct sockaddr_storage sa
;
120 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
123 return addr_to_string(format
, &sa
, salen
);
126 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
129 char host
[NI_MAXHOST
];
130 char serv
[NI_MAXSERV
];
133 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
136 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err
, gai_strerror(err
));
142 qdict_put(qdict
, "host", qstring_from_str(host
));
143 qdict_put(qdict
, "service", qstring_from_str(serv
));
144 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
149 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
151 struct sockaddr_storage sa
;
155 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
159 return put_addr_qdict(qdict
, &sa
, salen
);
162 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
164 struct sockaddr_storage sa
;
168 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
172 return put_addr_qdict(qdict
, &sa
, salen
);
175 static const char *vnc_auth_name(VncDisplay
*vd
) {
177 case VNC_AUTH_INVALID
:
193 case VNC_AUTH_VENCRYPT
:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd
->subauth
) {
196 case VNC_AUTH_VENCRYPT_PLAIN
:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE
:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC
:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE
:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC
:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN
:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL
:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL
:
213 return "vencrypt+x509+sasl";
226 static int vnc_server_info_put(QDict
*qdict
)
228 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
232 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
236 static void vnc_client_cache_auth(VncState
*client
)
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict
= qobject_to_qdict(client
->info
);
250 #ifdef CONFIG_VNC_TLS
251 if (client
->tls
.session
&&
253 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
256 #ifdef CONFIG_VNC_SASL
257 if (client
->sasl
.conn
&&
258 client
->sasl
.username
) {
259 qdict_put(qdict
, "sasl_username",
260 qstring_from_str(client
->sasl
.username
));
265 static void vnc_client_cache_addr(VncState
*client
)
270 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
272 /* XXX: how to report the error? */
276 client
->info
= QOBJECT(qdict
);
279 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
288 server
= qdict_new();
289 if (vnc_server_info_put(server
) < 0) {
294 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs
->info
, QOBJECT(server
));
297 monitor_protocol_event(event
, data
);
299 qobject_incref(vs
->info
);
300 qobject_decref(data
);
303 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
305 struct sockaddr_storage sa
;
306 socklen_t salen
= sizeof(sa
);
307 char host
[NI_MAXHOST
];
308 char serv
[NI_MAXSERV
];
311 if (getpeername(client
->csock
, (struct sockaddr
*)&sa
, &salen
) < 0) {
315 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
318 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
322 info
= g_malloc0(sizeof(*info
));
323 info
->host
= g_strdup(host
);
324 info
->service
= g_strdup(serv
);
325 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
327 #ifdef CONFIG_VNC_TLS
328 if (client
->tls
.session
&& client
->tls
.dname
) {
329 info
->has_x509_dname
= true;
330 info
->x509_dname
= g_strdup(client
->tls
.dname
);
333 #ifdef CONFIG_VNC_SASL
334 if (client
->sasl
.conn
&& client
->sasl
.username
) {
335 info
->has_sasl_username
= true;
336 info
->sasl_username
= g_strdup(client
->sasl
.username
);
343 VncInfo
*qmp_query_vnc(Error
**errp
)
345 VncInfo
*info
= g_malloc0(sizeof(*info
));
347 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
348 info
->enabled
= false;
350 VncClientInfoList
*cur_item
= NULL
;
351 struct sockaddr_storage sa
;
352 socklen_t salen
= sizeof(sa
);
353 char host
[NI_MAXHOST
];
354 char serv
[NI_MAXSERV
];
357 info
->enabled
= true;
359 /* for compatibility with the original command */
360 info
->has_clients
= true;
362 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
363 VncClientInfoList
*cinfo
= g_malloc0(sizeof(*info
));
364 cinfo
->value
= qmp_query_vnc_client(client
);
366 /* XXX: waiting for the qapi to support GSList */
368 info
->clients
= cur_item
= cinfo
;
370 cur_item
->next
= cinfo
;
375 if (vnc_display
->lsock
== -1) {
379 if (getsockname(vnc_display
->lsock
, (struct sockaddr
*)&sa
,
381 error_set(errp
, QERR_UNDEFINED_ERROR
);
385 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
388 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
389 error_set(errp
, QERR_UNDEFINED_ERROR
);
393 info
->has_host
= true;
394 info
->host
= g_strdup(host
);
396 info
->has_service
= true;
397 info
->service
= g_strdup(serv
);
399 info
->has_family
= true;
400 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
402 info
->has_auth
= true;
403 info
->auth
= g_strdup(vnc_auth_name(vnc_display
));
409 qapi_free_VncInfo(info
);
414 1) Get the queue working for IO.
415 2) there is some weirdness when using the -S option (the screen is grey
416 and not totally invalidated
417 3) resolutions > 1024
420 static int vnc_update_client(VncState
*vs
, int has_dirty
);
421 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
);
422 static void vnc_disconnect_start(VncState
*vs
);
424 static void vnc_colordepth(VncState
*vs
);
425 static void framebuffer_update_request(VncState
*vs
, int incremental
,
426 int x_position
, int y_position
,
428 static void vnc_refresh(DisplayChangeListener
*dcl
);
429 static int vnc_refresh_server_surface(VncDisplay
*vd
);
431 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
432 int x
, int y
, int w
, int h
)
435 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
436 struct VncSurface
*s
= &vd
->guest
;
437 int width
= surface_width(vd
->ds
);
438 int height
= surface_height(vd
->ds
);
442 /* round x down to ensure the loop only spans one 16-pixel block per,
443 iteration. otherwise, if (x % 16) != 0, the last iteration may span
444 two 16-pixel blocks but we only mark the first as dirty
451 w
= MIN(x
+ w
, width
) - x
;
455 for (i
= 0; i
< w
; i
+= 16)
456 set_bit((x
+ i
) / 16, s
->dirty
[y
]);
459 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
462 vnc_write_u16(vs
, x
);
463 vnc_write_u16(vs
, y
);
464 vnc_write_u16(vs
, w
);
465 vnc_write_u16(vs
, h
);
467 vnc_write_s32(vs
, encoding
);
470 void buffer_reserve(Buffer
*buffer
, size_t len
)
472 if ((buffer
->capacity
- buffer
->offset
) < len
) {
473 buffer
->capacity
+= (len
+ 1024);
474 buffer
->buffer
= g_realloc(buffer
->buffer
, buffer
->capacity
);
475 if (buffer
->buffer
== NULL
) {
476 fprintf(stderr
, "vnc: out of memory\n");
482 static int buffer_empty(Buffer
*buffer
)
484 return buffer
->offset
== 0;
487 uint8_t *buffer_end(Buffer
*buffer
)
489 return buffer
->buffer
+ buffer
->offset
;
492 void buffer_reset(Buffer
*buffer
)
497 void buffer_free(Buffer
*buffer
)
499 g_free(buffer
->buffer
);
501 buffer
->capacity
= 0;
502 buffer
->buffer
= NULL
;
505 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
507 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
508 buffer
->offset
+= len
;
511 void buffer_advance(Buffer
*buf
, size_t len
)
513 memmove(buf
->buffer
, buf
->buffer
+ len
,
514 (buf
->offset
- len
));
518 static void vnc_desktop_resize(VncState
*vs
)
520 DisplaySurface
*ds
= vs
->vd
->ds
;
522 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
525 if (vs
->client_width
== surface_width(ds
) &&
526 vs
->client_height
== surface_height(ds
)) {
529 vs
->client_width
= surface_width(ds
);
530 vs
->client_height
= surface_height(ds
);
532 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
534 vnc_write_u16(vs
, 1); /* number of rects */
535 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
536 VNC_ENCODING_DESKTOPRESIZE
);
537 vnc_unlock_output(vs
);
541 static void vnc_abort_display_jobs(VncDisplay
*vd
)
545 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
548 vnc_unlock_output(vs
);
550 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
553 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
556 vnc_unlock_output(vs
);
560 int vnc_server_fb_stride(VncDisplay
*vd
)
562 return pixman_image_get_stride(vd
->server
);
565 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
569 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
570 ptr
+= y
* vnc_server_fb_stride(vd
);
571 ptr
+= x
* VNC_SERVER_FB_BYTES
;
575 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
576 DisplaySurface
*surface
)
578 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
581 vnc_abort_display_jobs(vd
);
584 qemu_pixman_image_unref(vd
->server
);
586 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
587 surface_width(vd
->ds
),
588 surface_height(vd
->ds
),
593 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
594 console_color_init(ds
);
596 qemu_pixman_image_unref(vd
->guest
.fb
);
597 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
598 vd
->guest
.format
= surface
->format
;
599 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
601 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
603 vnc_desktop_resize(vs
);
604 if (vs
->vd
->cursor
) {
605 vnc_cursor_define(vs
);
607 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
612 static void vnc_write_pixels_copy(VncState
*vs
,
613 void *pixels
, int size
)
615 vnc_write(vs
, pixels
, size
);
618 /* slowest but generic code. */
619 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
623 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
624 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
625 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
626 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
628 # error need some bits here if you change VNC_SERVER_FB_FORMAT
630 v
= (r
<< vs
->client_pf
.rshift
) |
631 (g
<< vs
->client_pf
.gshift
) |
632 (b
<< vs
->client_pf
.bshift
);
633 switch (vs
->client_pf
.bytes_per_pixel
) {
663 static void vnc_write_pixels_generic(VncState
*vs
,
664 void *pixels1
, int size
)
668 if (VNC_SERVER_FB_BYTES
== 4) {
669 uint32_t *pixels
= pixels1
;
672 for (i
= 0; i
< n
; i
++) {
673 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
674 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
679 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
683 VncDisplay
*vd
= vs
->vd
;
685 row
= vnc_server_fb_ptr(vd
, x
, y
);
686 for (i
= 0; i
< h
; i
++) {
687 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
688 row
+= vnc_server_fb_stride(vd
);
693 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
697 switch(vs
->vnc_encoding
) {
698 case VNC_ENCODING_ZLIB
:
699 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
701 case VNC_ENCODING_HEXTILE
:
702 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
703 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
705 case VNC_ENCODING_TIGHT
:
706 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
708 case VNC_ENCODING_TIGHT_PNG
:
709 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
711 case VNC_ENCODING_ZRLE
:
712 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
714 case VNC_ENCODING_ZYWRLE
:
715 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
718 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
719 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
725 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
727 /* send bitblit op to the vnc client */
729 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
731 vnc_write_u16(vs
, 1); /* number of rects */
732 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
733 vnc_write_u16(vs
, src_x
);
734 vnc_write_u16(vs
, src_y
);
735 vnc_unlock_output(vs
);
739 static void vnc_dpy_copy(DisplayChangeListener
*dcl
,
740 int src_x
, int src_y
,
741 int dst_x
, int dst_y
, int w
, int h
)
743 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
747 int i
, x
, y
, pitch
, inc
, w_lim
, s
;
750 vnc_refresh_server_surface(vd
);
751 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
752 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
753 vs
->force_update
= 1;
754 vnc_update_client_sync(vs
, 1);
755 /* vs might be free()ed here */
759 /* do bitblit op on the local surface too */
760 pitch
= vnc_server_fb_stride(vd
);
761 src_row
= vnc_server_fb_ptr(vd
, src_x
, src_y
);
762 dst_row
= vnc_server_fb_ptr(vd
, dst_x
, dst_y
);
767 src_row
+= pitch
* (h
-1);
768 dst_row
+= pitch
* (h
-1);
773 w_lim
= w
- (16 - (dst_x
% 16));
777 w_lim
= w
- (w_lim
% 16);
778 for (i
= 0; i
< h
; i
++) {
779 for (x
= 0; x
<= w_lim
;
780 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
782 if ((s
= w
- w_lim
) == 0)
785 s
= (16 - (dst_x
% 16));
790 cmp_bytes
= s
* VNC_SERVER_FB_BYTES
;
791 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
793 memmove(dst_row
, src_row
, cmp_bytes
);
794 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
795 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
796 set_bit(((x
+ dst_x
) / 16), vs
->dirty
[y
]);
800 src_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
801 dst_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
805 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
806 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
807 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
812 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
813 int x
, int y
, int visible
)
815 /* can we ask the client(s) to move the pointer ??? */
818 static int vnc_cursor_define(VncState
*vs
)
820 QEMUCursor
*c
= vs
->vd
->cursor
;
823 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
825 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
826 vnc_write_u8(vs
, 0); /* padding */
827 vnc_write_u16(vs
, 1); /* # of rects */
828 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
829 VNC_ENCODING_RICH_CURSOR
);
830 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
831 vnc_write_pixels_generic(vs
, c
->data
, isize
);
832 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
833 vnc_unlock_output(vs
);
839 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
842 VncDisplay
*vd
= vnc_display
;
845 cursor_put(vd
->cursor
);
846 g_free(vd
->cursor_mask
);
849 cursor_get(vd
->cursor
);
850 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
851 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
852 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
854 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
855 vnc_cursor_define(vs
);
859 static int find_and_clear_dirty_height(struct VncState
*vs
,
860 int y
, int last_x
, int x
, int height
)
864 for (h
= 1; h
< (height
- y
); h
++) {
866 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
869 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++) {
870 clear_bit(tmp_x
, vs
->dirty
[y
+ h
]);
877 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
879 int ret
= vnc_update_client(vs
, has_dirty
);
884 static int vnc_update_client(VncState
*vs
, int has_dirty
)
886 if (vs
->need_update
&& vs
->csock
!= -1) {
887 VncDisplay
*vd
= vs
->vd
;
894 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
895 /* kernel send buffers are full -> drop frames to throttle */
898 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
902 * Send screen updates to the vnc client using the server
903 * surface and server dirty map. guest surface updates
904 * happening in parallel don't disturb us, the next pass will
905 * send them to the client.
907 job
= vnc_job_new(vs
);
909 width
= MIN(pixman_image_get_width(vd
->server
), vs
->client_width
);
910 height
= MIN(pixman_image_get_height(vd
->server
), vs
->client_height
);
912 for (y
= 0; y
< height
; y
++) {
915 for (x
= 0; x
< width
/ 16; x
++) {
916 if (test_and_clear_bit(x
, vs
->dirty
[y
])) {
922 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
,
925 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
926 (x
- last_x
) * 16, h
);
932 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
, height
);
933 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
934 (x
- last_x
) * 16, h
);
939 vs
->force_update
= 0;
944 vnc_disconnect_finish(vs
);
950 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
952 VncState
*vs
= opaque
;
955 case AUD_CNOTIFY_DISABLE
:
957 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
958 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
959 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
960 vnc_unlock_output(vs
);
964 case AUD_CNOTIFY_ENABLE
:
966 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
967 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
968 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
969 vnc_unlock_output(vs
);
975 static void audio_capture_destroy(void *opaque
)
979 static void audio_capture(void *opaque
, void *buf
, int size
)
981 VncState
*vs
= opaque
;
984 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
985 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
986 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
987 vnc_write_u32(vs
, size
);
988 vnc_write(vs
, buf
, size
);
989 vnc_unlock_output(vs
);
993 static void audio_add(VncState
*vs
)
995 struct audio_capture_ops ops
;
998 monitor_printf(default_mon
, "audio already running\n");
1002 ops
.notify
= audio_capture_notify
;
1003 ops
.destroy
= audio_capture_destroy
;
1004 ops
.capture
= audio_capture
;
1006 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1007 if (!vs
->audio_cap
) {
1008 monitor_printf(default_mon
, "Failed to add audio capture\n");
1012 static void audio_del(VncState
*vs
)
1014 if (vs
->audio_cap
) {
1015 AUD_del_capture(vs
->audio_cap
, vs
);
1016 vs
->audio_cap
= NULL
;
1020 static void vnc_disconnect_start(VncState
*vs
)
1022 if (vs
->csock
== -1)
1024 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1025 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1026 closesocket(vs
->csock
);
1030 void vnc_disconnect_finish(VncState
*vs
)
1034 vnc_jobs_join(vs
); /* Wait encoding jobs */
1036 vnc_lock_output(vs
);
1037 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1039 buffer_free(&vs
->input
);
1040 buffer_free(&vs
->output
);
1041 #ifdef CONFIG_VNC_WS
1042 buffer_free(&vs
->ws_input
);
1043 buffer_free(&vs
->ws_output
);
1044 #endif /* CONFIG_VNC_WS */
1046 qobject_decref(vs
->info
);
1049 vnc_tight_clear(vs
);
1052 #ifdef CONFIG_VNC_TLS
1053 vnc_tls_client_cleanup(vs
);
1054 #endif /* CONFIG_VNC_TLS */
1055 #ifdef CONFIG_VNC_SASL
1056 vnc_sasl_client_cleanup(vs
);
1057 #endif /* CONFIG_VNC_SASL */
1059 vnc_release_modifiers(vs
);
1061 if (vs
->initialized
) {
1062 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1063 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1066 if (vs
->vd
->lock_key_sync
)
1067 qemu_remove_led_event_handler(vs
->led
);
1068 vnc_unlock_output(vs
);
1070 qemu_mutex_destroy(&vs
->output_mutex
);
1071 if (vs
->bh
!= NULL
) {
1072 qemu_bh_delete(vs
->bh
);
1074 buffer_free(&vs
->jobs_buffer
);
1076 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1077 g_free(vs
->lossy_rect
[i
]);
1079 g_free(vs
->lossy_rect
);
1083 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1085 if (ret
== 0 || ret
== -1) {
1087 switch (last_errno
) {
1091 case WSAEWOULDBLOCK
:
1099 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1100 ret
, ret
< 0 ? last_errno
: 0);
1101 vnc_disconnect_start(vs
);
1109 void vnc_client_error(VncState
*vs
)
1111 VNC_DEBUG("Closing down client sock: protocol error\n");
1112 vnc_disconnect_start(vs
);
1115 #ifdef CONFIG_VNC_TLS
1116 static long vnc_client_write_tls(gnutls_session_t
*session
,
1117 const uint8_t *data
,
1120 long ret
= gnutls_write(*session
, data
, datalen
);
1122 if (ret
== GNUTLS_E_AGAIN
) {
1131 #endif /* CONFIG_VNC_TLS */
1134 * Called to write a chunk of data to the client socket. The data may
1135 * be the raw data, or may have already been encoded by SASL.
1136 * The data will be written either straight onto the socket, or
1137 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1139 * NB, it is theoretically possible to have 2 layers of encryption,
1140 * both SASL, and this TLS layer. It is highly unlikely in practice
1141 * though, since SASL encryption will typically be a no-op if TLS
1144 * Returns the number of bytes written, which may be less than
1145 * the requested 'datalen' if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1148 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1151 #ifdef CONFIG_VNC_TLS
1152 if (vs
->tls
.session
) {
1153 ret
= vnc_client_write_tls(&vs
->tls
.session
, data
, datalen
);
1155 #ifdef CONFIG_VNC_WS
1156 if (vs
->ws_tls
.session
) {
1157 ret
= vnc_client_write_tls(&vs
->ws_tls
.session
, data
, datalen
);
1159 #endif /* CONFIG_VNC_WS */
1160 #endif /* CONFIG_VNC_TLS */
1162 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1164 #ifdef CONFIG_VNC_TLS
1166 #endif /* CONFIG_VNC_TLS */
1167 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1168 return vnc_client_io_error(vs
, ret
, socket_error());
1173 * Called to write buffered data to the client socket, when not
1174 * using any SASL SSF encryption layers. Will write as much data
1175 * as possible without blocking. If all buffered data is written,
1176 * will switch the FD poll() handler back to read monitoring.
1178 * Returns the number of bytes written, which may be less than
1179 * the buffered output data if the socket would block. Returns
1180 * -1 on error, and disconnects the client socket.
1182 static long vnc_client_write_plain(VncState
*vs
)
1186 #ifdef CONFIG_VNC_SASL
1187 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1188 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1189 vs
->sasl
.waitWriteSSF
);
1191 if (vs
->sasl
.conn
&&
1193 vs
->sasl
.waitWriteSSF
) {
1194 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1196 vs
->sasl
.waitWriteSSF
-= ret
;
1198 #endif /* CONFIG_VNC_SASL */
1199 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1203 buffer_advance(&vs
->output
, ret
);
1205 if (vs
->output
.offset
== 0) {
1206 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1214 * First function called whenever there is data to be written to
1215 * the client socket. Will delegate actual work according to whether
1216 * SASL SSF layers are enabled (thus requiring encryption calls)
1218 static void vnc_client_write_locked(void *opaque
)
1220 VncState
*vs
= opaque
;
1222 #ifdef CONFIG_VNC_SASL
1223 if (vs
->sasl
.conn
&&
1225 !vs
->sasl
.waitWriteSSF
) {
1226 vnc_client_write_sasl(vs
);
1228 #endif /* CONFIG_VNC_SASL */
1230 #ifdef CONFIG_VNC_WS
1231 if (vs
->encode_ws
) {
1232 vnc_client_write_ws(vs
);
1234 #endif /* CONFIG_VNC_WS */
1236 vnc_client_write_plain(vs
);
1241 void vnc_client_write(void *opaque
)
1243 VncState
*vs
= opaque
;
1245 vnc_lock_output(vs
);
1246 if (vs
->output
.offset
1247 #ifdef CONFIG_VNC_WS
1248 || vs
->ws_output
.offset
1251 vnc_client_write_locked(opaque
);
1252 } else if (vs
->csock
!= -1) {
1253 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1255 vnc_unlock_output(vs
);
1258 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1260 vs
->read_handler
= func
;
1261 vs
->read_handler_expect
= expecting
;
1264 #ifdef CONFIG_VNC_TLS
1265 static long vnc_client_read_tls(gnutls_session_t
*session
, uint8_t *data
,
1268 long ret
= gnutls_read(*session
, data
, datalen
);
1270 if (ret
== GNUTLS_E_AGAIN
) {
1279 #endif /* CONFIG_VNC_TLS */
1282 * Called to read a chunk of data from the client socket. The data may
1283 * be the raw data, or may need to be further decoded by SASL.
1284 * The data will be read either straight from to the socket, or
1285 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1287 * NB, it is theoretically possible to have 2 layers of encryption,
1288 * both SASL, and this TLS layer. It is highly unlikely in practice
1289 * though, since SASL encryption will typically be a no-op if TLS
1292 * Returns the number of bytes read, which may be less than
1293 * the requested 'datalen' if the socket would block. Returns
1294 * -1 on error, and disconnects the client socket.
1296 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1299 #ifdef CONFIG_VNC_TLS
1300 if (vs
->tls
.session
) {
1301 ret
= vnc_client_read_tls(&vs
->tls
.session
, data
, datalen
);
1303 #ifdef CONFIG_VNC_WS
1304 if (vs
->ws_tls
.session
) {
1305 ret
= vnc_client_read_tls(&vs
->ws_tls
.session
, data
, datalen
);
1307 #endif /* CONFIG_VNC_WS */
1308 #endif /* CONFIG_VNC_TLS */
1310 ret
= qemu_recv(vs
->csock
, data
, datalen
, 0);
1312 #ifdef CONFIG_VNC_TLS
1314 #endif /* CONFIG_VNC_TLS */
1315 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1316 return vnc_client_io_error(vs
, ret
, socket_error());
1321 * Called to read data from the client socket to the input buffer,
1322 * when not using any SASL SSF encryption layers. Will read as much
1323 * data as possible without blocking.
1325 * Returns the number of bytes read. Returns -1 on error, and
1326 * disconnects the client socket.
1328 static long vnc_client_read_plain(VncState
*vs
)
1331 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1332 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1333 buffer_reserve(&vs
->input
, 4096);
1334 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1337 vs
->input
.offset
+= ret
;
1341 static void vnc_jobs_bh(void *opaque
)
1343 VncState
*vs
= opaque
;
1345 vnc_jobs_consume_buffer(vs
);
1349 * First function called whenever there is more data to be read from
1350 * the client socket. Will delegate actual work according to whether
1351 * SASL SSF layers are enabled (thus requiring decryption calls)
1353 void vnc_client_read(void *opaque
)
1355 VncState
*vs
= opaque
;
1358 #ifdef CONFIG_VNC_SASL
1359 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1360 ret
= vnc_client_read_sasl(vs
);
1362 #endif /* CONFIG_VNC_SASL */
1363 #ifdef CONFIG_VNC_WS
1364 if (vs
->encode_ws
) {
1365 ret
= vnc_client_read_ws(vs
);
1367 vnc_disconnect_start(vs
);
1369 } else if (ret
== -2) {
1370 vnc_client_error(vs
);
1374 #endif /* CONFIG_VNC_WS */
1376 ret
= vnc_client_read_plain(vs
);
1379 if (vs
->csock
== -1)
1380 vnc_disconnect_finish(vs
);
1384 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1385 size_t len
= vs
->read_handler_expect
;
1388 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1389 if (vs
->csock
== -1) {
1390 vnc_disconnect_finish(vs
);
1395 buffer_advance(&vs
->input
, len
);
1397 vs
->read_handler_expect
= ret
;
1402 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1404 buffer_reserve(&vs
->output
, len
);
1406 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1407 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1410 buffer_append(&vs
->output
, data
, len
);
1413 void vnc_write_s32(VncState
*vs
, int32_t value
)
1415 vnc_write_u32(vs
, *(uint32_t *)&value
);
1418 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1422 buf
[0] = (value
>> 24) & 0xFF;
1423 buf
[1] = (value
>> 16) & 0xFF;
1424 buf
[2] = (value
>> 8) & 0xFF;
1425 buf
[3] = value
& 0xFF;
1427 vnc_write(vs
, buf
, 4);
1430 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1434 buf
[0] = (value
>> 8) & 0xFF;
1435 buf
[1] = value
& 0xFF;
1437 vnc_write(vs
, buf
, 2);
1440 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1442 vnc_write(vs
, (char *)&value
, 1);
1445 void vnc_flush(VncState
*vs
)
1447 vnc_lock_output(vs
);
1448 if (vs
->csock
!= -1 && (vs
->output
.offset
1449 #ifdef CONFIG_VNC_WS
1450 || vs
->ws_output
.offset
1453 vnc_client_write_locked(vs
);
1455 vnc_unlock_output(vs
);
1458 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1460 return data
[offset
];
1463 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1465 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1468 static int32_t read_s32(uint8_t *data
, size_t offset
)
1470 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1471 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1474 uint32_t read_u32(uint8_t *data
, size_t offset
)
1476 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1477 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1480 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1484 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1486 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1487 int absolute
= qemu_input_is_absolute();
1489 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1490 vnc_lock_output(vs
);
1491 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1492 vnc_write_u8(vs
, 0);
1493 vnc_write_u16(vs
, 1);
1494 vnc_framebuffer_update(vs
, absolute
, 0,
1495 surface_width(vs
->vd
->ds
),
1496 surface_height(vs
->vd
->ds
),
1497 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1498 vnc_unlock_output(vs
);
1501 vs
->absolute
= absolute
;
1504 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1506 static uint32_t bmap
[INPUT_BUTTON_MAX
] = {
1507 [INPUT_BUTTON_LEFT
] = 0x01,
1508 [INPUT_BUTTON_MIDDLE
] = 0x02,
1509 [INPUT_BUTTON_RIGHT
] = 0x04,
1510 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1511 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1513 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1514 int width
= surface_width(vs
->vd
->ds
);
1515 int height
= surface_height(vs
->vd
->ds
);
1517 if (vs
->last_bmask
!= button_mask
) {
1518 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1519 vs
->last_bmask
= button_mask
;
1523 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, width
);
1524 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, height
);
1525 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1526 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1527 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1529 if (vs
->last_x
!= -1) {
1530 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1531 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1536 qemu_input_event_sync();
1539 static void reset_keys(VncState
*vs
)
1542 for(i
= 0; i
< 256; i
++) {
1543 if (vs
->modifiers_state
[i
]) {
1544 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, i
, false);
1545 vs
->modifiers_state
[i
] = 0;
1550 static void press_key(VncState
*vs
, int keysym
)
1552 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1553 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, true);
1554 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1557 static int current_led_state(VncState
*vs
)
1561 if (vs
->modifiers_state
[0x46]) {
1562 ledstate
|= QEMU_SCROLL_LOCK_LED
;
1564 if (vs
->modifiers_state
[0x45]) {
1565 ledstate
|= QEMU_NUM_LOCK_LED
;
1567 if (vs
->modifiers_state
[0x3a]) {
1568 ledstate
|= QEMU_CAPS_LOCK_LED
;
1574 static void vnc_led_state_change(VncState
*vs
)
1578 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1582 ledstate
= current_led_state(vs
);
1583 vnc_lock_output(vs
);
1584 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1585 vnc_write_u8(vs
, 0);
1586 vnc_write_u16(vs
, 1);
1587 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1588 vnc_write_u8(vs
, ledstate
);
1589 vnc_unlock_output(vs
);
1593 static void kbd_leds(void *opaque
, int ledstate
)
1595 VncState
*vs
= opaque
;
1597 bool has_changed
= (ledstate
!= current_led_state(vs
));
1599 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1600 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1601 scr
= ledstate
& QEMU_SCROLL_LOCK_LED
? 1 : 0;
1603 if (vs
->modifiers_state
[0x3a] != caps
) {
1604 vs
->modifiers_state
[0x3a] = caps
;
1606 if (vs
->modifiers_state
[0x45] != num
) {
1607 vs
->modifiers_state
[0x45] = num
;
1609 if (vs
->modifiers_state
[0x46] != scr
) {
1610 vs
->modifiers_state
[0x46] = scr
;
1613 /* Sending the current led state message to the client */
1615 vnc_led_state_change(vs
);
1619 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1621 /* QEMU console switch */
1623 case 0x2a: /* Left Shift */
1624 case 0x36: /* Right Shift */
1625 case 0x1d: /* Left CTRL */
1626 case 0x9d: /* Right CTRL */
1627 case 0x38: /* Left ALT */
1628 case 0xb8: /* Right ALT */
1630 vs
->modifiers_state
[keycode
] = 1;
1632 vs
->modifiers_state
[keycode
] = 0;
1634 case 0x02 ... 0x0a: /* '1' to '9' keys */
1635 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1636 /* Reset the modifiers sent to the current console */
1638 console_select(keycode
- 0x02);
1642 case 0x3a: /* CapsLock */
1643 case 0x45: /* NumLock */
1645 vs
->modifiers_state
[keycode
] ^= 1;
1649 /* Turn off the lock state sync logic if the client support the led
1652 if (down
&& vs
->vd
->lock_key_sync
&&
1653 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1654 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1655 /* If the numlock state needs to change then simulate an additional
1656 keypress before sending this one. This will happen if the user
1657 toggles numlock away from the VNC window.
1659 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1660 if (!vs
->modifiers_state
[0x45]) {
1661 vs
->modifiers_state
[0x45] = 1;
1662 press_key(vs
, 0xff7f);
1665 if (vs
->modifiers_state
[0x45]) {
1666 vs
->modifiers_state
[0x45] = 0;
1667 press_key(vs
, 0xff7f);
1672 if (down
&& vs
->vd
->lock_key_sync
&&
1673 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1674 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1675 /* If the capslock state needs to change then simulate an additional
1676 keypress before sending this one. This will happen if the user
1677 toggles capslock away from the VNC window.
1679 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1680 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1681 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1683 if (uppercase
== shift
) {
1684 vs
->modifiers_state
[0x3a] = 0;
1685 press_key(vs
, 0xffe5);
1688 if (uppercase
!= shift
) {
1689 vs
->modifiers_state
[0x3a] = 1;
1690 press_key(vs
, 0xffe5);
1695 if (qemu_console_is_graphic(NULL
)) {
1696 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, down
);
1698 bool numlock
= vs
->modifiers_state
[0x45];
1699 bool control
= (vs
->modifiers_state
[0x1d] ||
1700 vs
->modifiers_state
[0x9d]);
1701 /* QEMU console emulation */
1704 case 0x2a: /* Left Shift */
1705 case 0x36: /* Right Shift */
1706 case 0x1d: /* Left CTRL */
1707 case 0x9d: /* Right CTRL */
1708 case 0x38: /* Left ALT */
1709 case 0xb8: /* Right ALT */
1712 kbd_put_keysym(QEMU_KEY_UP
);
1715 kbd_put_keysym(QEMU_KEY_DOWN
);
1718 kbd_put_keysym(QEMU_KEY_LEFT
);
1721 kbd_put_keysym(QEMU_KEY_RIGHT
);
1724 kbd_put_keysym(QEMU_KEY_DELETE
);
1727 kbd_put_keysym(QEMU_KEY_HOME
);
1730 kbd_put_keysym(QEMU_KEY_END
);
1733 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1736 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1740 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1743 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1746 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1749 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1752 kbd_put_keysym('5');
1755 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1758 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1761 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1764 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1767 kbd_put_keysym('0');
1770 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1774 kbd_put_keysym('/');
1777 kbd_put_keysym('*');
1780 kbd_put_keysym('-');
1783 kbd_put_keysym('+');
1786 kbd_put_keysym('\n');
1791 kbd_put_keysym(sym
& 0x1f);
1793 kbd_put_keysym(sym
);
1801 static void vnc_release_modifiers(VncState
*vs
)
1803 static const int keycodes
[] = {
1804 /* shift, control, alt keys, both left & right */
1805 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1809 if (!qemu_console_is_graphic(NULL
)) {
1812 for (i
= 0; i
< ARRAY_SIZE(keycodes
); i
++) {
1813 keycode
= keycodes
[i
];
1814 if (!vs
->modifiers_state
[keycode
]) {
1817 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1821 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1826 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1827 lsym
= lsym
- 'A' + 'a';
1830 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1831 do_key_event(vs
, down
, keycode
, sym
);
1834 static void ext_key_event(VncState
*vs
, int down
,
1835 uint32_t sym
, uint16_t keycode
)
1837 /* if the user specifies a keyboard layout, always use it */
1838 if (keyboard_layout
)
1839 key_event(vs
, down
, sym
);
1841 do_key_event(vs
, down
, keycode
, sym
);
1844 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1845 int x_position
, int y_position
,
1849 const size_t width
= surface_width(vs
->vd
->ds
) / 16;
1850 const size_t height
= surface_height(vs
->vd
->ds
);
1852 if (y_position
> height
) {
1853 y_position
= height
;
1855 if (y_position
+ h
>= height
) {
1856 h
= height
- y_position
;
1859 vs
->need_update
= 1;
1861 vs
->force_update
= 1;
1862 for (i
= 0; i
< h
; i
++) {
1863 bitmap_set(vs
->dirty
[y_position
+ i
], 0, width
);
1864 bitmap_clear(vs
->dirty
[y_position
+ i
], width
,
1865 VNC_DIRTY_BITS
- width
);
1870 static void send_ext_key_event_ack(VncState
*vs
)
1872 vnc_lock_output(vs
);
1873 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1874 vnc_write_u8(vs
, 0);
1875 vnc_write_u16(vs
, 1);
1876 vnc_framebuffer_update(vs
, 0, 0,
1877 surface_width(vs
->vd
->ds
),
1878 surface_height(vs
->vd
->ds
),
1879 VNC_ENCODING_EXT_KEY_EVENT
);
1880 vnc_unlock_output(vs
);
1884 static void send_ext_audio_ack(VncState
*vs
)
1886 vnc_lock_output(vs
);
1887 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1888 vnc_write_u8(vs
, 0);
1889 vnc_write_u16(vs
, 1);
1890 vnc_framebuffer_update(vs
, 0, 0,
1891 surface_width(vs
->vd
->ds
),
1892 surface_height(vs
->vd
->ds
),
1893 VNC_ENCODING_AUDIO
);
1894 vnc_unlock_output(vs
);
1898 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1901 unsigned int enc
= 0;
1904 vs
->vnc_encoding
= 0;
1905 vs
->tight
.compression
= 9;
1906 vs
->tight
.quality
= -1; /* Lossless by default */
1910 * Start from the end because the encodings are sent in order of preference.
1911 * This way the preferred encoding (first encoding defined in the array)
1912 * will be set at the end of the loop.
1914 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1917 case VNC_ENCODING_RAW
:
1918 vs
->vnc_encoding
= enc
;
1920 case VNC_ENCODING_COPYRECT
:
1921 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1923 case VNC_ENCODING_HEXTILE
:
1924 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1925 vs
->vnc_encoding
= enc
;
1927 case VNC_ENCODING_TIGHT
:
1928 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1929 vs
->vnc_encoding
= enc
;
1931 #ifdef CONFIG_VNC_PNG
1932 case VNC_ENCODING_TIGHT_PNG
:
1933 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1934 vs
->vnc_encoding
= enc
;
1937 case VNC_ENCODING_ZLIB
:
1938 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1939 vs
->vnc_encoding
= enc
;
1941 case VNC_ENCODING_ZRLE
:
1942 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
1943 vs
->vnc_encoding
= enc
;
1945 case VNC_ENCODING_ZYWRLE
:
1946 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
1947 vs
->vnc_encoding
= enc
;
1949 case VNC_ENCODING_DESKTOPRESIZE
:
1950 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1952 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1953 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1955 case VNC_ENCODING_RICH_CURSOR
:
1956 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1958 case VNC_ENCODING_EXT_KEY_EVENT
:
1959 send_ext_key_event_ack(vs
);
1961 case VNC_ENCODING_AUDIO
:
1962 send_ext_audio_ack(vs
);
1964 case VNC_ENCODING_WMVi
:
1965 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1967 case VNC_ENCODING_LED_STATE
:
1968 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
1970 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1971 vs
->tight
.compression
= (enc
& 0x0F);
1973 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1974 if (vs
->vd
->lossy
) {
1975 vs
->tight
.quality
= (enc
& 0x0F);
1979 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1983 vnc_desktop_resize(vs
);
1984 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
1985 vnc_led_state_change(vs
);
1988 static void set_pixel_conversion(VncState
*vs
)
1990 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
1992 if (fmt
== VNC_SERVER_FB_FORMAT
) {
1993 vs
->write_pixels
= vnc_write_pixels_copy
;
1994 vnc_hextile_set_pixel_conversion(vs
, 0);
1996 vs
->write_pixels
= vnc_write_pixels_generic
;
1997 vnc_hextile_set_pixel_conversion(vs
, 1);
2001 static void set_pixel_format(VncState
*vs
,
2002 int bits_per_pixel
, int depth
,
2003 int big_endian_flag
, int true_color_flag
,
2004 int red_max
, int green_max
, int blue_max
,
2005 int red_shift
, int green_shift
, int blue_shift
)
2007 if (!true_color_flag
) {
2008 vnc_client_error(vs
);
2012 vs
->client_pf
.rmax
= red_max
;
2013 vs
->client_pf
.rbits
= hweight_long(red_max
);
2014 vs
->client_pf
.rshift
= red_shift
;
2015 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2016 vs
->client_pf
.gmax
= green_max
;
2017 vs
->client_pf
.gbits
= hweight_long(green_max
);
2018 vs
->client_pf
.gshift
= green_shift
;
2019 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2020 vs
->client_pf
.bmax
= blue_max
;
2021 vs
->client_pf
.bbits
= hweight_long(blue_max
);
2022 vs
->client_pf
.bshift
= blue_shift
;
2023 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2024 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2025 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2026 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2027 vs
->client_be
= big_endian_flag
;
2029 set_pixel_conversion(vs
);
2031 graphic_hw_invalidate(NULL
);
2032 graphic_hw_update(NULL
);
2035 static void pixel_format_message (VncState
*vs
) {
2036 char pad
[3] = { 0, 0, 0 };
2038 vs
->client_pf
= qemu_default_pixelformat(32);
2040 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2041 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2043 #ifdef HOST_WORDS_BIGENDIAN
2044 vnc_write_u8(vs
, 1); /* big-endian-flag */
2046 vnc_write_u8(vs
, 0); /* big-endian-flag */
2048 vnc_write_u8(vs
, 1); /* true-color-flag */
2049 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2050 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2051 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2052 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2053 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2054 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2055 vnc_write(vs
, pad
, 3); /* padding */
2057 vnc_hextile_set_pixel_conversion(vs
, 0);
2058 vs
->write_pixels
= vnc_write_pixels_copy
;
2061 static void vnc_colordepth(VncState
*vs
)
2063 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2064 /* Sending a WMVi message to notify the client*/
2065 vnc_lock_output(vs
);
2066 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2067 vnc_write_u8(vs
, 0);
2068 vnc_write_u16(vs
, 1); /* number of rects */
2069 vnc_framebuffer_update(vs
, 0, 0,
2070 surface_width(vs
->vd
->ds
),
2071 surface_height(vs
->vd
->ds
),
2073 pixel_format_message(vs
);
2074 vnc_unlock_output(vs
);
2077 set_pixel_conversion(vs
);
2081 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2085 VncDisplay
*vd
= vs
->vd
;
2088 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2092 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2096 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
2097 read_u8(data
, 6), read_u8(data
, 7),
2098 read_u16(data
, 8), read_u16(data
, 10),
2099 read_u16(data
, 12), read_u8(data
, 14),
2100 read_u8(data
, 15), read_u8(data
, 16));
2102 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2107 limit
= read_u16(data
, 2);
2109 return 4 + (limit
* 4);
2111 limit
= read_u16(data
, 2);
2113 for (i
= 0; i
< limit
; i
++) {
2114 int32_t val
= read_s32(data
, 4 + (i
* 4));
2115 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2118 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2120 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2124 framebuffer_update_request(vs
,
2125 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2126 read_u16(data
, 6), read_u16(data
, 8));
2128 case VNC_MSG_CLIENT_KEY_EVENT
:
2132 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2134 case VNC_MSG_CLIENT_POINTER_EVENT
:
2138 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2140 case VNC_MSG_CLIENT_CUT_TEXT
:
2145 uint32_t dlen
= read_u32(data
, 4);
2150 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2152 case VNC_MSG_CLIENT_QEMU
:
2156 switch (read_u8(data
, 1)) {
2157 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2161 ext_key_event(vs
, read_u16(data
, 2),
2162 read_u32(data
, 4), read_u32(data
, 8));
2164 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2168 switch (read_u16 (data
, 2)) {
2169 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2172 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2175 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2178 switch (read_u8(data
, 4)) {
2179 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2180 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2181 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2182 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2183 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2184 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2186 printf("Invalid audio format %d\n", read_u8(data
, 4));
2187 vnc_client_error(vs
);
2190 vs
->as
.nchannels
= read_u8(data
, 5);
2191 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2192 printf("Invalid audio channel coount %d\n",
2194 vnc_client_error(vs
);
2197 vs
->as
.freq
= read_u32(data
, 6);
2200 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2201 vnc_client_error(vs
);
2207 printf("Msg: %d\n", read_u16(data
, 0));
2208 vnc_client_error(vs
);
2213 printf("Msg: %d\n", data
[0]);
2214 vnc_client_error(vs
);
2218 vnc_read_when(vs
, protocol_client_msg
, 1);
2222 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2228 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2229 switch (vs
->vd
->share_policy
) {
2230 case VNC_SHARE_POLICY_IGNORE
:
2232 * Ignore the shared flag. Nothing to do here.
2234 * Doesn't conform to the rfb spec but is traditional qemu
2235 * behavior, thus left here as option for compatibility
2239 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2241 * Policy: Allow clients ask for exclusive access.
2243 * Implementation: When a client asks for exclusive access,
2244 * disconnect all others. Shared connects are allowed as long
2245 * as no exclusive connection exists.
2247 * This is how the rfb spec suggests to handle the shared flag.
2249 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2251 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2255 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2256 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2259 vnc_disconnect_start(client
);
2262 if (mode
== VNC_SHARE_MODE_SHARED
) {
2263 if (vs
->vd
->num_exclusive
> 0) {
2264 vnc_disconnect_start(vs
);
2269 case VNC_SHARE_POLICY_FORCE_SHARED
:
2271 * Policy: Shared connects only.
2272 * Implementation: Disallow clients asking for exclusive access.
2274 * Useful for shared desktop sessions where you don't want
2275 * someone forgetting to say -shared when running the vnc
2276 * client disconnect everybody else.
2278 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2279 vnc_disconnect_start(vs
);
2284 vnc_set_share_mode(vs
, mode
);
2286 vs
->client_width
= surface_width(vs
->vd
->ds
);
2287 vs
->client_height
= surface_height(vs
->vd
->ds
);
2288 vnc_write_u16(vs
, vs
->client_width
);
2289 vnc_write_u16(vs
, vs
->client_height
);
2291 pixel_format_message(vs
);
2294 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2296 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2298 vnc_write_u32(vs
, size
);
2299 vnc_write(vs
, buf
, size
);
2302 vnc_client_cache_auth(vs
);
2303 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2305 vnc_read_when(vs
, protocol_client_msg
, 1);
2310 void start_client_init(VncState
*vs
)
2312 vnc_read_when(vs
, protocol_client_init
, 1);
2315 static void make_challenge(VncState
*vs
)
2319 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2321 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2322 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2325 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2327 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2329 unsigned char key
[8];
2330 time_t now
= time(NULL
);
2332 if (!vs
->vd
->password
) {
2333 VNC_DEBUG("No password configured on server");
2336 if (vs
->vd
->expires
< now
) {
2337 VNC_DEBUG("Password is expired");
2341 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2343 /* Calculate the expected challenge response */
2344 pwlen
= strlen(vs
->vd
->password
);
2345 for (i
=0; i
<sizeof(key
); i
++)
2346 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2348 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2349 des(response
+j
, response
+j
);
2351 /* Compare expected vs actual challenge response */
2352 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2353 VNC_DEBUG("Client challenge response did not match\n");
2356 VNC_DEBUG("Accepting VNC challenge response\n");
2357 vnc_write_u32(vs
, 0); /* Accept auth */
2360 start_client_init(vs
);
2365 vnc_write_u32(vs
, 1); /* Reject auth */
2366 if (vs
->minor
>= 8) {
2367 static const char err
[] = "Authentication failed";
2368 vnc_write_u32(vs
, sizeof(err
));
2369 vnc_write(vs
, err
, sizeof(err
));
2372 vnc_client_error(vs
);
2376 void start_auth_vnc(VncState
*vs
)
2379 /* Send client a 'random' challenge */
2380 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2383 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2387 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2389 /* We only advertise 1 auth scheme at a time, so client
2390 * must pick the one we sent. Verify this */
2391 if (data
[0] != vs
->auth
) { /* Reject auth */
2392 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2393 vnc_write_u32(vs
, 1);
2394 if (vs
->minor
>= 8) {
2395 static const char err
[] = "Authentication failed";
2396 vnc_write_u32(vs
, sizeof(err
));
2397 vnc_write(vs
, err
, sizeof(err
));
2399 vnc_client_error(vs
);
2400 } else { /* Accept requested auth */
2401 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2404 VNC_DEBUG("Accept auth none\n");
2405 if (vs
->minor
>= 8) {
2406 vnc_write_u32(vs
, 0); /* Accept auth completion */
2409 start_client_init(vs
);
2413 VNC_DEBUG("Start VNC auth\n");
2417 #ifdef CONFIG_VNC_TLS
2418 case VNC_AUTH_VENCRYPT
:
2419 VNC_DEBUG("Accept VeNCrypt auth\n");
2420 start_auth_vencrypt(vs
);
2422 #endif /* CONFIG_VNC_TLS */
2424 #ifdef CONFIG_VNC_SASL
2426 VNC_DEBUG("Accept SASL auth\n");
2427 start_auth_sasl(vs
);
2429 #endif /* CONFIG_VNC_SASL */
2431 default: /* Should not be possible, but just in case */
2432 VNC_DEBUG("Reject auth %d server code bug\n", vs
->auth
);
2433 vnc_write_u8(vs
, 1);
2434 if (vs
->minor
>= 8) {
2435 static const char err
[] = "Authentication failed";
2436 vnc_write_u32(vs
, sizeof(err
));
2437 vnc_write(vs
, err
, sizeof(err
));
2439 vnc_client_error(vs
);
2445 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2449 memcpy(local
, version
, 12);
2452 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2453 VNC_DEBUG("Malformed protocol version %s\n", local
);
2454 vnc_client_error(vs
);
2457 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2458 if (vs
->major
!= 3 ||
2464 VNC_DEBUG("Unsupported client version\n");
2465 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2467 vnc_client_error(vs
);
2470 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2471 * as equivalent to v3.3 by servers
2473 if (vs
->minor
== 4 || vs
->minor
== 5)
2476 if (vs
->minor
== 3) {
2477 if (vs
->auth
== VNC_AUTH_NONE
) {
2478 VNC_DEBUG("Tell client auth none\n");
2479 vnc_write_u32(vs
, vs
->auth
);
2481 start_client_init(vs
);
2482 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2483 VNC_DEBUG("Tell client VNC auth\n");
2484 vnc_write_u32(vs
, vs
->auth
);
2488 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2489 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2491 vnc_client_error(vs
);
2494 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2495 vnc_write_u8(vs
, 1); /* num auth */
2496 vnc_write_u8(vs
, vs
->auth
);
2497 vnc_read_when(vs
, protocol_client_auth
, 1);
2504 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2506 struct VncSurface
*vs
= &vd
->guest
;
2508 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2511 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2515 w
= (x
+ w
) / VNC_STAT_RECT
;
2516 h
= (y
+ h
) / VNC_STAT_RECT
;
2520 for (j
= y
; j
<= h
; j
++) {
2521 for (i
= x
; i
<= w
; i
++) {
2522 vs
->lossy_rect
[j
][i
] = 1;
2527 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2530 int sty
= y
/ VNC_STAT_RECT
;
2531 int stx
= x
/ VNC_STAT_RECT
;
2534 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2535 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2537 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2540 /* kernel send buffers are full -> refresh later */
2541 if (vs
->output
.offset
) {
2545 if (!vs
->lossy_rect
[sty
][stx
]) {
2549 vs
->lossy_rect
[sty
][stx
] = 0;
2550 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2551 bitmap_set(vs
->dirty
[y
+ j
], x
/ 16, VNC_STAT_RECT
/ 16);
2559 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2561 int width
= pixman_image_get_width(vd
->guest
.fb
);
2562 int height
= pixman_image_get_height(vd
->guest
.fb
);
2567 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2568 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2569 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2571 rect
->updated
= false;
2575 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2577 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2580 vd
->guest
.last_freq_check
= *tv
;
2582 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2583 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2584 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2585 int count
= ARRAY_SIZE(rect
->times
);
2586 struct timeval min
, max
;
2588 if (!timerisset(&rect
->times
[count
- 1])) {
2592 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2593 qemu_timersub(tv
, &max
, &res
);
2595 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2597 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2598 memset(rect
->times
, 0, sizeof (rect
->times
));
2602 min
= rect
->times
[rect
->idx
];
2603 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2604 qemu_timersub(&max
, &min
, &res
);
2606 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2607 rect
->freq
/= count
;
2608 rect
->freq
= 1. / rect
->freq
;
2614 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2620 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2621 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2623 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2624 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2625 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2637 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2641 rect
= vnc_stat_rect(vd
, x
, y
);
2642 if (rect
->updated
) {
2645 rect
->times
[rect
->idx
] = *tv
;
2646 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2647 rect
->updated
= true;
2650 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2652 int width
= pixman_image_get_width(vd
->guest
.fb
);
2653 int height
= pixman_image_get_height(vd
->guest
.fb
);
2656 uint8_t *server_row
;
2660 pixman_image_t
*tmpbuf
= NULL
;
2662 struct timeval tv
= { 0, 0 };
2664 if (!vd
->non_adaptive
) {
2665 gettimeofday(&tv
, NULL
);
2666 has_dirty
= vnc_update_stats(vd
, &tv
);
2670 * Walk through the guest dirty map.
2671 * Check and copy modified bits from guest to server surface.
2672 * Update server dirty map.
2675 if (cmp_bytes
> vnc_server_fb_stride(vd
)) {
2676 cmp_bytes
= vnc_server_fb_stride(vd
);
2678 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2679 int width
= pixman_image_get_width(vd
->server
);
2680 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2682 guest_row
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2683 server_row
= (uint8_t *)pixman_image_get_data(vd
->server
);
2684 for (y
= 0; y
< height
; y
++) {
2685 if (!bitmap_empty(vd
->guest
.dirty
[y
], VNC_DIRTY_BITS
)) {
2688 uint8_t *server_ptr
;
2690 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2691 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2692 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2694 guest_ptr
= guest_row
;
2696 server_ptr
= server_row
;
2698 for (x
= 0; x
+ 15 < width
;
2699 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2700 if (!test_and_clear_bit((x
/ 16), vd
->guest
.dirty
[y
]))
2702 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2704 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2705 if (!vd
->non_adaptive
)
2706 vnc_rect_updated(vd
, x
, y
, &tv
);
2707 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2708 set_bit((x
/ 16), vs
->dirty
[y
]);
2713 guest_row
+= pixman_image_get_stride(vd
->guest
.fb
);
2714 server_row
+= pixman_image_get_stride(vd
->server
);
2716 qemu_pixman_image_unref(tmpbuf
);
2720 static void vnc_refresh(DisplayChangeListener
*dcl
)
2722 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2724 int has_dirty
, rects
= 0;
2726 graphic_hw_update(NULL
);
2728 if (vnc_trylock_display(vd
)) {
2729 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2733 has_dirty
= vnc_refresh_server_surface(vd
);
2734 vnc_unlock_display(vd
);
2736 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2737 rects
+= vnc_update_client(vs
, has_dirty
);
2738 /* vs might be free()ed here */
2741 if (QTAILQ_EMPTY(&vd
->clients
)) {
2742 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
2746 if (has_dirty
&& rects
) {
2747 vd
->dcl
.update_interval
/= 2;
2748 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
2749 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
2752 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
2753 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
2754 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
2759 static void vnc_connect(VncDisplay
*vd
, int csock
,
2760 bool skipauth
, bool websocket
)
2762 VncState
*vs
= g_malloc0(sizeof(VncState
));
2768 vs
->auth
= VNC_AUTH_NONE
;
2769 #ifdef CONFIG_VNC_TLS
2770 vs
->subauth
= VNC_AUTH_INVALID
;
2773 vs
->auth
= vd
->auth
;
2774 #ifdef CONFIG_VNC_TLS
2775 vs
->subauth
= vd
->subauth
;
2779 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
2780 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
2781 vs
->lossy_rect
[i
] = g_malloc0(VNC_STAT_COLS
* sizeof (uint8_t));
2784 VNC_DEBUG("New client on socket %d\n", csock
);
2785 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2786 qemu_set_nonblock(vs
->csock
);
2787 #ifdef CONFIG_VNC_WS
2790 #ifdef CONFIG_VNC_TLS
2791 if (vd
->tls
.x509cert
) {
2792 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_tls_handshake_peek
,
2795 #endif /* CONFIG_VNC_TLS */
2797 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
,
2801 #endif /* CONFIG_VNC_WS */
2803 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2806 vnc_client_cache_addr(vs
);
2807 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2808 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
2812 #ifdef CONFIG_VNC_WS
2820 void vnc_init_state(VncState
*vs
)
2822 vs
->initialized
= true;
2823 VncDisplay
*vd
= vs
->vd
;
2828 vs
->as
.freq
= 44100;
2829 vs
->as
.nchannels
= 2;
2830 vs
->as
.fmt
= AUD_FMT_S16
;
2831 vs
->as
.endianness
= 0;
2833 qemu_mutex_init(&vs
->output_mutex
);
2834 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
2836 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2838 graphic_hw_update(NULL
);
2840 vnc_write(vs
, "RFB 003.008\n", 12);
2842 vnc_read_when(vs
, protocol_version
, 12);
2844 if (vs
->vd
->lock_key_sync
)
2845 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2847 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2848 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2850 /* vs might be free()ed here */
2853 static void vnc_listen_read(void *opaque
, bool websocket
)
2855 VncDisplay
*vs
= opaque
;
2856 struct sockaddr_in addr
;
2857 socklen_t addrlen
= sizeof(addr
);
2861 graphic_hw_update(NULL
);
2862 #ifdef CONFIG_VNC_WS
2864 csock
= qemu_accept(vs
->lwebsock
, (struct sockaddr
*)&addr
, &addrlen
);
2866 #endif /* CONFIG_VNC_WS */
2868 csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2872 vnc_connect(vs
, csock
, false, websocket
);
2876 static void vnc_listen_regular_read(void *opaque
)
2878 vnc_listen_read(opaque
, false);
2881 #ifdef CONFIG_VNC_WS
2882 static void vnc_listen_websocket_read(void *opaque
)
2884 vnc_listen_read(opaque
, true);
2886 #endif /* CONFIG_VNC_WS */
2888 static const DisplayChangeListenerOps dcl_ops
= {
2890 .dpy_refresh
= vnc_refresh
,
2891 .dpy_gfx_copy
= vnc_dpy_copy
,
2892 .dpy_gfx_update
= vnc_dpy_update
,
2893 .dpy_gfx_switch
= vnc_dpy_switch
,
2894 .dpy_mouse_set
= vnc_mouse_set
,
2895 .dpy_cursor_define
= vnc_dpy_cursor_define
,
2898 void vnc_display_init(DisplayState
*ds
)
2900 VncDisplay
*vs
= g_malloc0(sizeof(*vs
));
2905 #ifdef CONFIG_VNC_WS
2909 QTAILQ_INIT(&vs
->clients
);
2910 vs
->expires
= TIME_MAX
;
2912 if (keyboard_layout
)
2913 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2915 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2917 if (!vs
->kbd_layout
)
2920 qemu_mutex_init(&vs
->mutex
);
2921 vnc_start_worker_thread();
2923 vs
->dcl
.ops
= &dcl_ops
;
2924 register_displaychangelistener(&vs
->dcl
);
2928 static void vnc_display_close(DisplayState
*ds
)
2930 VncDisplay
*vs
= vnc_display
;
2935 g_free(vs
->display
);
2938 if (vs
->lsock
!= -1) {
2939 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2943 #ifdef CONFIG_VNC_WS
2944 g_free(vs
->ws_display
);
2945 vs
->ws_display
= NULL
;
2946 if (vs
->lwebsock
!= -1) {
2947 qemu_set_fd_handler2(vs
->lwebsock
, NULL
, NULL
, NULL
, NULL
);
2948 close(vs
->lwebsock
);
2951 #endif /* CONFIG_VNC_WS */
2952 vs
->auth
= VNC_AUTH_INVALID
;
2953 #ifdef CONFIG_VNC_TLS
2954 vs
->subauth
= VNC_AUTH_INVALID
;
2955 vs
->tls
.x509verify
= 0;
2959 static int vnc_display_disable_login(DisplayState
*ds
)
2961 VncDisplay
*vs
= vnc_display
;
2968 g_free(vs
->password
);
2971 vs
->password
= NULL
;
2972 if (vs
->auth
== VNC_AUTH_NONE
) {
2973 vs
->auth
= VNC_AUTH_VNC
;
2979 int vnc_display_password(DisplayState
*ds
, const char *password
)
2981 VncDisplay
*vs
= vnc_display
;
2988 /* This is not the intention of this interface but err on the side
2990 return vnc_display_disable_login(ds
);
2994 g_free(vs
->password
);
2995 vs
->password
= NULL
;
2997 vs
->password
= g_strdup(password
);
2998 if (vs
->auth
== VNC_AUTH_NONE
) {
2999 vs
->auth
= VNC_AUTH_VNC
;
3005 int vnc_display_pw_expire(DisplayState
*ds
, time_t expires
)
3007 VncDisplay
*vs
= vnc_display
;
3013 vs
->expires
= expires
;
3017 char *vnc_display_local_addr(DisplayState
*ds
)
3019 VncDisplay
*vs
= vnc_display
;
3021 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
3024 void vnc_display_open(DisplayState
*ds
, const char *display
, Error
**errp
)
3026 VncDisplay
*vs
= vnc_display
;
3027 const char *options
;
3030 #ifdef CONFIG_VNC_TLS
3031 int tls
= 0, x509
= 0;
3033 #ifdef CONFIG_VNC_SASL
3037 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3040 int lock_key_sync
= 1;
3043 error_setg(errp
, "VNC display not active");
3046 vnc_display_close(ds
);
3047 if (strcmp(display
, "none") == 0)
3050 vs
->display
= g_strdup(display
);
3051 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3054 while ((options
= strchr(options
, ','))) {
3056 if (strncmp(options
, "password", 8) == 0) {
3057 if (fips_get_state()) {
3059 "VNC password auth disabled due to FIPS mode, "
3060 "consider using the VeNCrypt or SASL authentication "
3061 "methods as an alternative");
3064 password
= 1; /* Require password auth */
3065 } else if (strncmp(options
, "reverse", 7) == 0) {
3067 } else if (strncmp(options
, "no-lock-key-sync", 16) == 0) {
3069 #ifdef CONFIG_VNC_SASL
3070 } else if (strncmp(options
, "sasl", 4) == 0) {
3071 sasl
= 1; /* Require SASL auth */
3073 #ifdef CONFIG_VNC_WS
3074 } else if (strncmp(options
, "websocket", 9) == 0) {
3078 /* Check for 'websocket=<port>' */
3079 start
= strchr(options
, '=');
3080 end
= strchr(options
, ',');
3081 if (start
&& (!end
|| (start
< end
))) {
3082 int len
= end
? end
-(start
+1) : strlen(start
+1);
3084 /* extract the host specification from display */
3085 char *host
= NULL
, *port
= NULL
, *host_end
= NULL
;
3086 port
= g_strndup(start
+ 1, len
);
3088 /* ipv6 hosts have colons */
3089 end
= strchr(display
, ',');
3090 host_end
= g_strrstr_len(display
, end
- display
, ":");
3093 host
= g_strndup(display
, host_end
- display
+ 1);
3095 host
= g_strndup(":", 1);
3097 vs
->ws_display
= g_strconcat(host
, port
, NULL
);
3102 #endif /* CONFIG_VNC_WS */
3103 #ifdef CONFIG_VNC_TLS
3104 } else if (strncmp(options
, "tls", 3) == 0) {
3105 tls
= 1; /* Require TLS */
3106 } else if (strncmp(options
, "x509", 4) == 0) {
3108 x509
= 1; /* Require x509 certificates */
3109 if (strncmp(options
, "x509verify", 10) == 0)
3110 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
3112 /* Now check for 'x509=/some/path' postfix
3113 * and use that to setup x509 certificate/key paths */
3114 start
= strchr(options
, '=');
3115 end
= strchr(options
, ',');
3116 if (start
&& (!end
|| (start
< end
))) {
3117 int len
= end
? end
-(start
+1) : strlen(start
+1);
3118 char *path
= g_strndup(start
+ 1, len
);
3120 VNC_DEBUG("Trying certificate path '%s'\n", path
);
3121 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
3122 error_setg(errp
, "Failed to find x509 certificates/keys in %s", path
);
3128 error_setg(errp
, "No certificate path provided");
3132 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3133 } else if (strncmp(options
, "acl", 3) == 0) {
3136 } else if (strncmp(options
, "lossy", 5) == 0) {
3138 } else if (strncmp(options
, "non-adaptive", 12) == 0) {
3139 vs
->non_adaptive
= true;
3140 } else if (strncmp(options
, "share=", 6) == 0) {
3141 if (strncmp(options
+6, "ignore", 6) == 0) {
3142 vs
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3143 } else if (strncmp(options
+6, "allow-exclusive", 15) == 0) {
3144 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3145 } else if (strncmp(options
+6, "force-shared", 12) == 0) {
3146 vs
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3148 error_setg(errp
, "unknown vnc share= option");
3154 #ifdef CONFIG_VNC_TLS
3155 if (acl
&& x509
&& vs
->tls
.x509verify
) {
3156 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
3157 fprintf(stderr
, "Failed to create x509 dname ACL\n");
3162 #ifdef CONFIG_VNC_SASL
3164 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
3165 fprintf(stderr
, "Failed to create username ACL\n");
3172 * Combinations we support here:
3174 * - no-auth (clear text, no auth)
3175 * - password (clear text, weak auth)
3176 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3177 * - tls (encrypt, weak anonymous creds, no auth)
3178 * - tls + password (encrypt, weak anonymous creds, weak auth)
3179 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3180 * - tls + x509 (encrypt, good x509 creds, no auth)
3181 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3182 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3184 * NB1. TLS is a stackable auth scheme.
3185 * NB2. the x509 schemes have option to validate a client cert dname
3188 #ifdef CONFIG_VNC_TLS
3190 vs
->auth
= VNC_AUTH_VENCRYPT
;
3192 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3193 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3195 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3196 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3199 #endif /* CONFIG_VNC_TLS */
3200 VNC_DEBUG("Initializing VNC server with password auth\n");
3201 vs
->auth
= VNC_AUTH_VNC
;
3202 #ifdef CONFIG_VNC_TLS
3203 vs
->subauth
= VNC_AUTH_INVALID
;
3205 #endif /* CONFIG_VNC_TLS */
3206 #ifdef CONFIG_VNC_SASL
3208 #ifdef CONFIG_VNC_TLS
3210 vs
->auth
= VNC_AUTH_VENCRYPT
;
3212 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3213 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3215 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3216 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3219 #endif /* CONFIG_VNC_TLS */
3220 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3221 vs
->auth
= VNC_AUTH_SASL
;
3222 #ifdef CONFIG_VNC_TLS
3223 vs
->subauth
= VNC_AUTH_INVALID
;
3225 #endif /* CONFIG_VNC_TLS */
3226 #endif /* CONFIG_VNC_SASL */
3228 #ifdef CONFIG_VNC_TLS
3230 vs
->auth
= VNC_AUTH_VENCRYPT
;
3232 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3233 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3235 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3236 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3240 VNC_DEBUG("Initializing VNC server with no auth\n");
3241 vs
->auth
= VNC_AUTH_NONE
;
3242 #ifdef CONFIG_VNC_TLS
3243 vs
->subauth
= VNC_AUTH_INVALID
;
3248 #ifdef CONFIG_VNC_SASL
3249 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
3250 error_setg(errp
, "Failed to initialize SASL auth: %s",
3251 sasl_errstring(saslErr
, NULL
, NULL
));
3255 vs
->lock_key_sync
= lock_key_sync
;
3258 /* connect to viewer */
3261 #ifdef CONFIG_VNC_WS
3264 if (strncmp(display
, "unix:", 5) == 0) {
3265 csock
= unix_connect(display
+5, errp
);
3267 csock
= inet_connect(display
, errp
);
3272 vnc_connect(vs
, csock
, false, false);
3274 /* listen for connects */
3276 dpy
= g_malloc(256);
3277 if (strncmp(display
, "unix:", 5) == 0) {
3278 pstrcpy(dpy
, 256, "unix:");
3279 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5, errp
);
3281 vs
->lsock
= inet_listen(display
, dpy
, 256,
3282 SOCK_STREAM
, 5900, errp
);
3283 if (vs
->lsock
< 0) {
3287 #ifdef CONFIG_VNC_WS
3288 if (vs
->websocket
) {
3289 if (vs
->ws_display
) {
3290 vs
->lwebsock
= inet_listen(vs
->ws_display
, NULL
, 256,
3291 SOCK_STREAM
, 0, errp
);
3293 vs
->lwebsock
= inet_listen(vs
->display
, NULL
, 256,
3294 SOCK_STREAM
, 5700, errp
);
3297 if (vs
->lwebsock
< 0) {
3306 #endif /* CONFIG_VNC_WS */
3308 g_free(vs
->display
);
3310 qemu_set_fd_handler2(vs
->lsock
, NULL
,
3311 vnc_listen_regular_read
, NULL
, vs
);
3312 #ifdef CONFIG_VNC_WS
3313 if (vs
->websocket
) {
3314 qemu_set_fd_handler2(vs
->lwebsock
, NULL
,
3315 vnc_listen_websocket_read
, NULL
, vs
);
3317 #endif /* CONFIG_VNC_WS */
3322 g_free(vs
->display
);
3324 #ifdef CONFIG_VNC_WS
3325 g_free(vs
->ws_display
);
3326 vs
->ws_display
= NULL
;
3327 #endif /* CONFIG_VNC_WS */
3330 void vnc_display_add_client(DisplayState
*ds
, int csock
, bool skipauth
)
3332 VncDisplay
*vs
= vnc_display
;
3334 vnc_connect(vs
, csock
, skipauth
, false);