2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
37 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
40 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
43 #include "vnc_keysym.h"
46 static VncDisplay
*vnc_display
; /* needed for info vnc */
48 static int vnc_cursor_define(VncState
*vs
);
49 static void vnc_release_modifiers(VncState
*vs
);
51 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
54 static const char *mn
[] = {
56 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
57 [VNC_SHARE_MODE_SHARED
] = "shared",
58 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
59 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
61 fprintf(stderr
, "%s/%d: %s -> %s\n", __func__
,
62 vs
->csock
, mn
[vs
->share_mode
], mn
[mode
]);
65 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
66 vs
->vd
->num_exclusive
--;
68 vs
->share_mode
= mode
;
69 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
70 vs
->vd
->num_exclusive
++;
74 static char *addr_to_string(const char *format
,
75 struct sockaddr_storage
*sa
,
78 char host
[NI_MAXHOST
];
79 char serv
[NI_MAXSERV
];
83 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
86 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
87 VNC_DEBUG("Cannot resolve address %d: %s\n",
88 err
, gai_strerror(err
));
92 /* Enough for the existing format + the 2 vars we're
94 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
95 addr
= g_malloc(addrlen
+ 1);
96 snprintf(addr
, addrlen
, format
, host
, serv
);
103 char *vnc_socket_local_addr(const char *format
, int fd
) {
104 struct sockaddr_storage sa
;
108 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
111 return addr_to_string(format
, &sa
, salen
);
114 char *vnc_socket_remote_addr(const char *format
, int fd
) {
115 struct sockaddr_storage sa
;
119 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
122 return addr_to_string(format
, &sa
, salen
);
125 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
128 char host
[NI_MAXHOST
];
129 char serv
[NI_MAXSERV
];
132 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
135 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
136 VNC_DEBUG("Cannot resolve address %d: %s\n",
137 err
, gai_strerror(err
));
141 qdict_put(qdict
, "host", qstring_from_str(host
));
142 qdict_put(qdict
, "service", qstring_from_str(serv
));
143 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
148 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
150 struct sockaddr_storage sa
;
154 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
158 return put_addr_qdict(qdict
, &sa
, salen
);
161 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
163 struct sockaddr_storage sa
;
167 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
171 return put_addr_qdict(qdict
, &sa
, salen
);
174 static const char *vnc_auth_name(VncDisplay
*vd
) {
176 case VNC_AUTH_INVALID
:
192 case VNC_AUTH_VENCRYPT
:
193 #ifdef CONFIG_VNC_TLS
194 switch (vd
->subauth
) {
195 case VNC_AUTH_VENCRYPT_PLAIN
:
196 return "vencrypt+plain";
197 case VNC_AUTH_VENCRYPT_TLSNONE
:
198 return "vencrypt+tls+none";
199 case VNC_AUTH_VENCRYPT_TLSVNC
:
200 return "vencrypt+tls+vnc";
201 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
202 return "vencrypt+tls+plain";
203 case VNC_AUTH_VENCRYPT_X509NONE
:
204 return "vencrypt+x509+none";
205 case VNC_AUTH_VENCRYPT_X509VNC
:
206 return "vencrypt+x509+vnc";
207 case VNC_AUTH_VENCRYPT_X509PLAIN
:
208 return "vencrypt+x509+plain";
209 case VNC_AUTH_VENCRYPT_TLSSASL
:
210 return "vencrypt+tls+sasl";
211 case VNC_AUTH_VENCRYPT_X509SASL
:
212 return "vencrypt+x509+sasl";
225 static int vnc_server_info_put(QDict
*qdict
)
227 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
231 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
235 static void vnc_client_cache_auth(VncState
*client
)
237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 qdict
= qobject_to_qdict(client
->info
);
249 #ifdef CONFIG_VNC_TLS
250 if (client
->tls
.session
&&
252 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
255 #ifdef CONFIG_VNC_SASL
256 if (client
->sasl
.conn
&&
257 client
->sasl
.username
) {
258 qdict_put(qdict
, "sasl_username",
259 qstring_from_str(client
->sasl
.username
));
264 static void vnc_client_cache_addr(VncState
*client
)
269 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
271 /* XXX: how to report the error? */
275 client
->info
= QOBJECT(qdict
);
278 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
287 server
= qdict_new();
288 if (vnc_server_info_put(server
) < 0) {
293 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
294 vs
->info
, QOBJECT(server
));
296 monitor_protocol_event(event
, data
);
298 qobject_incref(vs
->info
);
299 qobject_decref(data
);
302 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
304 struct sockaddr_storage sa
;
305 socklen_t salen
= sizeof(sa
);
306 char host
[NI_MAXHOST
];
307 char serv
[NI_MAXSERV
];
310 if (getpeername(client
->csock
, (struct sockaddr
*)&sa
, &salen
) < 0) {
314 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
317 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
321 info
= g_malloc0(sizeof(*info
));
322 info
->host
= g_strdup(host
);
323 info
->service
= g_strdup(serv
);
324 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
326 #ifdef CONFIG_VNC_TLS
327 if (client
->tls
.session
&& client
->tls
.dname
) {
328 info
->has_x509_dname
= true;
329 info
->x509_dname
= g_strdup(client
->tls
.dname
);
332 #ifdef CONFIG_VNC_SASL
333 if (client
->sasl
.conn
&& client
->sasl
.username
) {
334 info
->has_sasl_username
= true;
335 info
->sasl_username
= g_strdup(client
->sasl
.username
);
342 VncInfo
*qmp_query_vnc(Error
**errp
)
344 VncInfo
*info
= g_malloc0(sizeof(*info
));
346 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
347 info
->enabled
= false;
349 VncClientInfoList
*cur_item
= NULL
;
350 struct sockaddr_storage sa
;
351 socklen_t salen
= sizeof(sa
);
352 char host
[NI_MAXHOST
];
353 char serv
[NI_MAXSERV
];
356 info
->enabled
= true;
358 /* for compatibility with the original command */
359 info
->has_clients
= true;
361 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
362 VncClientInfoList
*cinfo
= g_malloc0(sizeof(*info
));
363 cinfo
->value
= qmp_query_vnc_client(client
);
365 /* XXX: waiting for the qapi to support GSList */
367 info
->clients
= cur_item
= cinfo
;
369 cur_item
->next
= cinfo
;
374 if (vnc_display
->lsock
== -1) {
378 if (getsockname(vnc_display
->lsock
, (struct sockaddr
*)&sa
,
380 error_set(errp
, QERR_UNDEFINED_ERROR
);
384 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
387 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
388 error_set(errp
, QERR_UNDEFINED_ERROR
);
392 info
->has_host
= true;
393 info
->host
= g_strdup(host
);
395 info
->has_service
= true;
396 info
->service
= g_strdup(serv
);
398 info
->has_family
= true;
399 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
401 info
->has_auth
= true;
402 info
->auth
= g_strdup(vnc_auth_name(vnc_display
));
408 qapi_free_VncInfo(info
);
413 1) Get the queue working for IO.
414 2) there is some weirdness when using the -S option (the screen is grey
415 and not totally invalidated
416 3) resolutions > 1024
419 static int vnc_update_client(VncState
*vs
, int has_dirty
);
420 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
);
421 static void vnc_disconnect_start(VncState
*vs
);
423 static void vnc_colordepth(VncState
*vs
);
424 static void framebuffer_update_request(VncState
*vs
, int incremental
,
425 int x_position
, int y_position
,
427 static void vnc_refresh(DisplayChangeListener
*dcl
);
428 static int vnc_refresh_server_surface(VncDisplay
*vd
);
430 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
431 int x
, int y
, int w
, int h
)
434 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
435 struct VncSurface
*s
= &vd
->guest
;
436 int width
= surface_width(vd
->ds
);
437 int height
= surface_height(vd
->ds
);
441 /* round x down to ensure the loop only spans one 16-pixel block per,
442 iteration. otherwise, if (x % 16) != 0, the last iteration may span
443 two 16-pixel blocks but we only mark the first as dirty
450 w
= MIN(x
+ w
, width
) - x
;
454 for (i
= 0; i
< w
; i
+= 16)
455 set_bit((x
+ i
) / 16, s
->dirty
[y
]);
458 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
461 vnc_write_u16(vs
, x
);
462 vnc_write_u16(vs
, y
);
463 vnc_write_u16(vs
, w
);
464 vnc_write_u16(vs
, h
);
466 vnc_write_s32(vs
, encoding
);
469 void buffer_reserve(Buffer
*buffer
, size_t len
)
471 if ((buffer
->capacity
- buffer
->offset
) < len
) {
472 buffer
->capacity
+= (len
+ 1024);
473 buffer
->buffer
= g_realloc(buffer
->buffer
, buffer
->capacity
);
474 if (buffer
->buffer
== NULL
) {
475 fprintf(stderr
, "vnc: out of memory\n");
481 static int buffer_empty(Buffer
*buffer
)
483 return buffer
->offset
== 0;
486 uint8_t *buffer_end(Buffer
*buffer
)
488 return buffer
->buffer
+ buffer
->offset
;
491 void buffer_reset(Buffer
*buffer
)
496 void buffer_free(Buffer
*buffer
)
498 g_free(buffer
->buffer
);
500 buffer
->capacity
= 0;
501 buffer
->buffer
= NULL
;
504 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
506 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
507 buffer
->offset
+= len
;
510 void buffer_advance(Buffer
*buf
, size_t len
)
512 memmove(buf
->buffer
, buf
->buffer
+ len
,
513 (buf
->offset
- len
));
517 static void vnc_desktop_resize(VncState
*vs
)
519 DisplaySurface
*ds
= vs
->vd
->ds
;
521 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
524 if (vs
->client_width
== surface_width(ds
) &&
525 vs
->client_height
== surface_height(ds
)) {
528 vs
->client_width
= surface_width(ds
);
529 vs
->client_height
= surface_height(ds
);
531 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
533 vnc_write_u16(vs
, 1); /* number of rects */
534 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
535 VNC_ENCODING_DESKTOPRESIZE
);
536 vnc_unlock_output(vs
);
540 static void vnc_abort_display_jobs(VncDisplay
*vd
)
544 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
547 vnc_unlock_output(vs
);
549 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
552 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
555 vnc_unlock_output(vs
);
559 int vnc_server_fb_stride(VncDisplay
*vd
)
561 return pixman_image_get_stride(vd
->server
);
564 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
568 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
569 ptr
+= y
* vnc_server_fb_stride(vd
);
570 ptr
+= x
* VNC_SERVER_FB_BYTES
;
574 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
575 DisplaySurface
*surface
)
577 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
580 vnc_abort_display_jobs(vd
);
583 qemu_pixman_image_unref(vd
->server
);
585 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
586 surface_width(vd
->ds
),
587 surface_height(vd
->ds
),
592 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
593 console_color_init(ds
);
595 qemu_pixman_image_unref(vd
->guest
.fb
);
596 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
597 vd
->guest
.format
= surface
->format
;
598 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
600 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
602 vnc_desktop_resize(vs
);
603 if (vs
->vd
->cursor
) {
604 vnc_cursor_define(vs
);
606 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
611 static void vnc_write_pixels_copy(VncState
*vs
,
612 void *pixels
, int size
)
614 vnc_write(vs
, pixels
, size
);
617 /* slowest but generic code. */
618 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
622 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
623 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
624 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
625 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
627 # error need some bits here if you change VNC_SERVER_FB_FORMAT
629 v
= (r
<< vs
->client_pf
.rshift
) |
630 (g
<< vs
->client_pf
.gshift
) |
631 (b
<< vs
->client_pf
.bshift
);
632 switch (vs
->client_pf
.bytes_per_pixel
) {
662 static void vnc_write_pixels_generic(VncState
*vs
,
663 void *pixels1
, int size
)
667 if (VNC_SERVER_FB_BYTES
== 4) {
668 uint32_t *pixels
= pixels1
;
671 for (i
= 0; i
< n
; i
++) {
672 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
673 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
678 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
682 VncDisplay
*vd
= vs
->vd
;
684 row
= vnc_server_fb_ptr(vd
, x
, y
);
685 for (i
= 0; i
< h
; i
++) {
686 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
687 row
+= vnc_server_fb_stride(vd
);
692 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
696 switch(vs
->vnc_encoding
) {
697 case VNC_ENCODING_ZLIB
:
698 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
700 case VNC_ENCODING_HEXTILE
:
701 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
702 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
704 case VNC_ENCODING_TIGHT
:
705 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
707 case VNC_ENCODING_TIGHT_PNG
:
708 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
710 case VNC_ENCODING_ZRLE
:
711 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
713 case VNC_ENCODING_ZYWRLE
:
714 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
717 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
718 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
724 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
726 /* send bitblit op to the vnc client */
728 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
730 vnc_write_u16(vs
, 1); /* number of rects */
731 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
732 vnc_write_u16(vs
, src_x
);
733 vnc_write_u16(vs
, src_y
);
734 vnc_unlock_output(vs
);
738 static void vnc_dpy_copy(DisplayChangeListener
*dcl
,
739 int src_x
, int src_y
,
740 int dst_x
, int dst_y
, int w
, int h
)
742 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
746 int i
, x
, y
, pitch
, inc
, w_lim
, s
;
749 vnc_refresh_server_surface(vd
);
750 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
751 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
752 vs
->force_update
= 1;
753 vnc_update_client_sync(vs
, 1);
754 /* vs might be free()ed here */
758 /* do bitblit op on the local surface too */
759 pitch
= vnc_server_fb_stride(vd
);
760 src_row
= vnc_server_fb_ptr(vd
, src_x
, src_y
);
761 dst_row
= vnc_server_fb_ptr(vd
, dst_x
, dst_y
);
766 src_row
+= pitch
* (h
-1);
767 dst_row
+= pitch
* (h
-1);
772 w_lim
= w
- (16 - (dst_x
% 16));
776 w_lim
= w
- (w_lim
% 16);
777 for (i
= 0; i
< h
; i
++) {
778 for (x
= 0; x
<= w_lim
;
779 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
781 if ((s
= w
- w_lim
) == 0)
784 s
= (16 - (dst_x
% 16));
789 cmp_bytes
= s
* VNC_SERVER_FB_BYTES
;
790 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
792 memmove(dst_row
, src_row
, cmp_bytes
);
793 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
794 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
795 set_bit(((x
+ dst_x
) / 16), vs
->dirty
[y
]);
799 src_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
800 dst_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
804 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
805 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
806 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
811 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
812 int x
, int y
, int visible
)
814 /* can we ask the client(s) to move the pointer ??? */
817 static int vnc_cursor_define(VncState
*vs
)
819 QEMUCursor
*c
= vs
->vd
->cursor
;
822 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
824 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
825 vnc_write_u8(vs
, 0); /* padding */
826 vnc_write_u16(vs
, 1); /* # of rects */
827 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
828 VNC_ENCODING_RICH_CURSOR
);
829 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
830 vnc_write_pixels_generic(vs
, c
->data
, isize
);
831 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
832 vnc_unlock_output(vs
);
838 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
841 VncDisplay
*vd
= vnc_display
;
844 cursor_put(vd
->cursor
);
845 g_free(vd
->cursor_mask
);
848 cursor_get(vd
->cursor
);
849 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
850 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
851 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
853 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
854 vnc_cursor_define(vs
);
858 static int find_and_clear_dirty_height(struct VncState
*vs
,
859 int y
, int last_x
, int x
, int height
)
863 for (h
= 1; h
< (height
- y
); h
++) {
865 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
868 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++) {
869 clear_bit(tmp_x
, vs
->dirty
[y
+ h
]);
876 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
878 int ret
= vnc_update_client(vs
, has_dirty
);
883 static int vnc_update_client(VncState
*vs
, int has_dirty
)
885 if (vs
->need_update
&& vs
->csock
!= -1) {
886 VncDisplay
*vd
= vs
->vd
;
893 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
894 /* kernel send buffers are full -> drop frames to throttle */
897 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
901 * Send screen updates to the vnc client using the server
902 * surface and server dirty map. guest surface updates
903 * happening in parallel don't disturb us, the next pass will
904 * send them to the client.
906 job
= vnc_job_new(vs
);
908 width
= MIN(pixman_image_get_width(vd
->server
), vs
->client_width
);
909 height
= MIN(pixman_image_get_height(vd
->server
), vs
->client_height
);
911 for (y
= 0; y
< height
; y
++) {
914 for (x
= 0; x
< width
/ 16; x
++) {
915 if (test_and_clear_bit(x
, vs
->dirty
[y
])) {
921 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
,
924 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
925 (x
- last_x
) * 16, h
);
931 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
, height
);
932 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
933 (x
- last_x
) * 16, h
);
938 vs
->force_update
= 0;
943 vnc_disconnect_finish(vs
);
949 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
951 VncState
*vs
= opaque
;
954 case AUD_CNOTIFY_DISABLE
:
956 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
957 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
958 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
959 vnc_unlock_output(vs
);
963 case AUD_CNOTIFY_ENABLE
:
965 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
966 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
967 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
968 vnc_unlock_output(vs
);
974 static void audio_capture_destroy(void *opaque
)
978 static void audio_capture(void *opaque
, void *buf
, int size
)
980 VncState
*vs
= opaque
;
983 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
984 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
985 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
986 vnc_write_u32(vs
, size
);
987 vnc_write(vs
, buf
, size
);
988 vnc_unlock_output(vs
);
992 static void audio_add(VncState
*vs
)
994 struct audio_capture_ops ops
;
997 monitor_printf(default_mon
, "audio already running\n");
1001 ops
.notify
= audio_capture_notify
;
1002 ops
.destroy
= audio_capture_destroy
;
1003 ops
.capture
= audio_capture
;
1005 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1006 if (!vs
->audio_cap
) {
1007 monitor_printf(default_mon
, "Failed to add audio capture\n");
1011 static void audio_del(VncState
*vs
)
1013 if (vs
->audio_cap
) {
1014 AUD_del_capture(vs
->audio_cap
, vs
);
1015 vs
->audio_cap
= NULL
;
1019 static void vnc_disconnect_start(VncState
*vs
)
1021 if (vs
->csock
== -1)
1023 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1024 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1025 closesocket(vs
->csock
);
1029 void vnc_disconnect_finish(VncState
*vs
)
1033 vnc_jobs_join(vs
); /* Wait encoding jobs */
1035 vnc_lock_output(vs
);
1036 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1038 buffer_free(&vs
->input
);
1039 buffer_free(&vs
->output
);
1040 #ifdef CONFIG_VNC_WS
1041 buffer_free(&vs
->ws_input
);
1042 buffer_free(&vs
->ws_output
);
1043 #endif /* CONFIG_VNC_WS */
1045 qobject_decref(vs
->info
);
1048 vnc_tight_clear(vs
);
1051 #ifdef CONFIG_VNC_TLS
1052 vnc_tls_client_cleanup(vs
);
1053 #endif /* CONFIG_VNC_TLS */
1054 #ifdef CONFIG_VNC_SASL
1055 vnc_sasl_client_cleanup(vs
);
1056 #endif /* CONFIG_VNC_SASL */
1058 vnc_release_modifiers(vs
);
1060 if (vs
->initialized
) {
1061 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1062 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1065 if (vs
->vd
->lock_key_sync
)
1066 qemu_remove_led_event_handler(vs
->led
);
1067 vnc_unlock_output(vs
);
1069 qemu_mutex_destroy(&vs
->output_mutex
);
1070 if (vs
->bh
!= NULL
) {
1071 qemu_bh_delete(vs
->bh
);
1073 buffer_free(&vs
->jobs_buffer
);
1075 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1076 g_free(vs
->lossy_rect
[i
]);
1078 g_free(vs
->lossy_rect
);
1082 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1084 if (ret
== 0 || ret
== -1) {
1086 switch (last_errno
) {
1090 case WSAEWOULDBLOCK
:
1098 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1099 ret
, ret
< 0 ? last_errno
: 0);
1100 vnc_disconnect_start(vs
);
1108 void vnc_client_error(VncState
*vs
)
1110 VNC_DEBUG("Closing down client sock: protocol error\n");
1111 vnc_disconnect_start(vs
);
1116 * Called to write a chunk of data to the client socket. The data may
1117 * be the raw data, or may have already been encoded by SASL.
1118 * The data will be written either straight onto the socket, or
1119 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1121 * NB, it is theoretically possible to have 2 layers of encryption,
1122 * both SASL, and this TLS layer. It is highly unlikely in practice
1123 * though, since SASL encryption will typically be a no-op if TLS
1126 * Returns the number of bytes written, which may be less than
1127 * the requested 'datalen' if the socket would block. Returns
1128 * -1 on error, and disconnects the client socket.
1130 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1133 #ifdef CONFIG_VNC_TLS
1134 if (vs
->tls
.session
) {
1135 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1137 if (ret
== GNUTLS_E_AGAIN
)
1144 #endif /* CONFIG_VNC_TLS */
1145 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1146 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1147 return vnc_client_io_error(vs
, ret
, socket_error());
1152 * Called to write buffered data to the client socket, when not
1153 * using any SASL SSF encryption layers. Will write as much data
1154 * as possible without blocking. If all buffered data is written,
1155 * will switch the FD poll() handler back to read monitoring.
1157 * Returns the number of bytes written, which may be less than
1158 * the buffered output data if the socket would block. Returns
1159 * -1 on error, and disconnects the client socket.
1161 static long vnc_client_write_plain(VncState
*vs
)
1165 #ifdef CONFIG_VNC_SASL
1166 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1167 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1168 vs
->sasl
.waitWriteSSF
);
1170 if (vs
->sasl
.conn
&&
1172 vs
->sasl
.waitWriteSSF
) {
1173 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1175 vs
->sasl
.waitWriteSSF
-= ret
;
1177 #endif /* CONFIG_VNC_SASL */
1178 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1182 buffer_advance(&vs
->output
, ret
);
1184 if (vs
->output
.offset
== 0) {
1185 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1193 * First function called whenever there is data to be written to
1194 * the client socket. Will delegate actual work according to whether
1195 * SASL SSF layers are enabled (thus requiring encryption calls)
1197 static void vnc_client_write_locked(void *opaque
)
1199 VncState
*vs
= opaque
;
1201 #ifdef CONFIG_VNC_SASL
1202 if (vs
->sasl
.conn
&&
1204 !vs
->sasl
.waitWriteSSF
) {
1205 vnc_client_write_sasl(vs
);
1207 #endif /* CONFIG_VNC_SASL */
1209 #ifdef CONFIG_VNC_WS
1210 if (vs
->encode_ws
) {
1211 vnc_client_write_ws(vs
);
1213 #endif /* CONFIG_VNC_WS */
1215 vnc_client_write_plain(vs
);
1220 void vnc_client_write(void *opaque
)
1222 VncState
*vs
= opaque
;
1224 vnc_lock_output(vs
);
1225 if (vs
->output
.offset
1226 #ifdef CONFIG_VNC_WS
1227 || vs
->ws_output
.offset
1230 vnc_client_write_locked(opaque
);
1231 } else if (vs
->csock
!= -1) {
1232 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1234 vnc_unlock_output(vs
);
1237 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1239 vs
->read_handler
= func
;
1240 vs
->read_handler_expect
= expecting
;
1245 * Called to read a chunk of data from the client socket. The data may
1246 * be the raw data, or may need to be further decoded by SASL.
1247 * The data will be read either straight from to the socket, or
1248 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1250 * NB, it is theoretically possible to have 2 layers of encryption,
1251 * both SASL, and this TLS layer. It is highly unlikely in practice
1252 * though, since SASL encryption will typically be a no-op if TLS
1255 * Returns the number of bytes read, which may be less than
1256 * the requested 'datalen' if the socket would block. Returns
1257 * -1 on error, and disconnects the client socket.
1259 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1262 #ifdef CONFIG_VNC_TLS
1263 if (vs
->tls
.session
) {
1264 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1266 if (ret
== GNUTLS_E_AGAIN
)
1273 #endif /* CONFIG_VNC_TLS */
1274 ret
= qemu_recv(vs
->csock
, data
, datalen
, 0);
1275 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1276 return vnc_client_io_error(vs
, ret
, socket_error());
1281 * Called to read data from the client socket to the input buffer,
1282 * when not using any SASL SSF encryption layers. Will read as much
1283 * data as possible without blocking.
1285 * Returns the number of bytes read. Returns -1 on error, and
1286 * disconnects the client socket.
1288 static long vnc_client_read_plain(VncState
*vs
)
1291 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1292 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1293 buffer_reserve(&vs
->input
, 4096);
1294 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1297 vs
->input
.offset
+= ret
;
1301 static void vnc_jobs_bh(void *opaque
)
1303 VncState
*vs
= opaque
;
1305 vnc_jobs_consume_buffer(vs
);
1309 * First function called whenever there is more data to be read from
1310 * the client socket. Will delegate actual work according to whether
1311 * SASL SSF layers are enabled (thus requiring decryption calls)
1313 void vnc_client_read(void *opaque
)
1315 VncState
*vs
= opaque
;
1318 #ifdef CONFIG_VNC_SASL
1319 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1320 ret
= vnc_client_read_sasl(vs
);
1322 #endif /* CONFIG_VNC_SASL */
1323 #ifdef CONFIG_VNC_WS
1324 if (vs
->encode_ws
) {
1325 ret
= vnc_client_read_ws(vs
);
1327 vnc_disconnect_start(vs
);
1329 } else if (ret
== -2) {
1330 vnc_client_error(vs
);
1334 #endif /* CONFIG_VNC_WS */
1336 ret
= vnc_client_read_plain(vs
);
1339 if (vs
->csock
== -1)
1340 vnc_disconnect_finish(vs
);
1344 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1345 size_t len
= vs
->read_handler_expect
;
1348 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1349 if (vs
->csock
== -1) {
1350 vnc_disconnect_finish(vs
);
1355 buffer_advance(&vs
->input
, len
);
1357 vs
->read_handler_expect
= ret
;
1362 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1364 buffer_reserve(&vs
->output
, len
);
1366 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1367 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1370 buffer_append(&vs
->output
, data
, len
);
1373 void vnc_write_s32(VncState
*vs
, int32_t value
)
1375 vnc_write_u32(vs
, *(uint32_t *)&value
);
1378 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1382 buf
[0] = (value
>> 24) & 0xFF;
1383 buf
[1] = (value
>> 16) & 0xFF;
1384 buf
[2] = (value
>> 8) & 0xFF;
1385 buf
[3] = value
& 0xFF;
1387 vnc_write(vs
, buf
, 4);
1390 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1394 buf
[0] = (value
>> 8) & 0xFF;
1395 buf
[1] = value
& 0xFF;
1397 vnc_write(vs
, buf
, 2);
1400 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1402 vnc_write(vs
, (char *)&value
, 1);
1405 void vnc_flush(VncState
*vs
)
1407 vnc_lock_output(vs
);
1408 if (vs
->csock
!= -1 && (vs
->output
.offset
1409 #ifdef CONFIG_VNC_WS
1410 || vs
->ws_output
.offset
1413 vnc_client_write_locked(vs
);
1415 vnc_unlock_output(vs
);
1418 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1420 return data
[offset
];
1423 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1425 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1428 static int32_t read_s32(uint8_t *data
, size_t offset
)
1430 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1431 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1434 uint32_t read_u32(uint8_t *data
, size_t offset
)
1436 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1437 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1440 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1444 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1446 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1447 int absolute
= kbd_mouse_is_absolute();
1449 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1450 vnc_lock_output(vs
);
1451 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1452 vnc_write_u8(vs
, 0);
1453 vnc_write_u16(vs
, 1);
1454 vnc_framebuffer_update(vs
, absolute
, 0,
1455 surface_width(vs
->vd
->ds
),
1456 surface_height(vs
->vd
->ds
),
1457 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1458 vnc_unlock_output(vs
);
1461 vs
->absolute
= absolute
;
1464 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1468 int width
= surface_width(vs
->vd
->ds
);
1469 int height
= surface_height(vs
->vd
->ds
);
1471 if (button_mask
& 0x01)
1472 buttons
|= MOUSE_EVENT_LBUTTON
;
1473 if (button_mask
& 0x02)
1474 buttons
|= MOUSE_EVENT_MBUTTON
;
1475 if (button_mask
& 0x04)
1476 buttons
|= MOUSE_EVENT_RBUTTON
;
1477 if (button_mask
& 0x08)
1479 if (button_mask
& 0x10)
1483 kbd_mouse_event(width
> 1 ? x
* 0x7FFF / (width
- 1) : 0x4000,
1484 height
> 1 ? y
* 0x7FFF / (height
- 1) : 0x4000,
1486 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1490 kbd_mouse_event(x
, y
, dz
, buttons
);
1492 if (vs
->last_x
!= -1)
1493 kbd_mouse_event(x
- vs
->last_x
,
1501 static void reset_keys(VncState
*vs
)
1504 for(i
= 0; i
< 256; i
++) {
1505 if (vs
->modifiers_state
[i
]) {
1506 if (i
& SCANCODE_GREY
)
1507 kbd_put_keycode(SCANCODE_EMUL0
);
1508 kbd_put_keycode(i
| SCANCODE_UP
);
1509 vs
->modifiers_state
[i
] = 0;
1514 static void press_key(VncState
*vs
, int keysym
)
1516 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1517 if (keycode
& SCANCODE_GREY
)
1518 kbd_put_keycode(SCANCODE_EMUL0
);
1519 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1520 if (keycode
& SCANCODE_GREY
)
1521 kbd_put_keycode(SCANCODE_EMUL0
);
1522 kbd_put_keycode(keycode
| SCANCODE_UP
);
1525 static int current_led_state(VncState
*vs
)
1529 if (vs
->modifiers_state
[0x46]) {
1530 ledstate
|= QEMU_SCROLL_LOCK_LED
;
1532 if (vs
->modifiers_state
[0x45]) {
1533 ledstate
|= QEMU_NUM_LOCK_LED
;
1535 if (vs
->modifiers_state
[0x3a]) {
1536 ledstate
|= QEMU_CAPS_LOCK_LED
;
1542 static void vnc_led_state_change(VncState
*vs
)
1546 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1550 ledstate
= current_led_state(vs
);
1551 vnc_lock_output(vs
);
1552 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1553 vnc_write_u8(vs
, 0);
1554 vnc_write_u16(vs
, 1);
1555 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1556 vnc_write_u8(vs
, ledstate
);
1557 vnc_unlock_output(vs
);
1561 static void kbd_leds(void *opaque
, int ledstate
)
1563 VncState
*vs
= opaque
;
1566 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1567 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1568 scr
= ledstate
& QEMU_SCROLL_LOCK_LED
? 1 : 0;
1570 if (vs
->modifiers_state
[0x3a] != caps
) {
1571 vs
->modifiers_state
[0x3a] = caps
;
1573 if (vs
->modifiers_state
[0x45] != num
) {
1574 vs
->modifiers_state
[0x45] = num
;
1576 if (vs
->modifiers_state
[0x46] != scr
) {
1577 vs
->modifiers_state
[0x46] = scr
;
1580 /* Sending the current led state message to the client */
1581 if (ledstate
!= current_led_state(vs
)) {
1582 vnc_led_state_change(vs
);
1586 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1588 /* QEMU console switch */
1590 case 0x2a: /* Left Shift */
1591 case 0x36: /* Right Shift */
1592 case 0x1d: /* Left CTRL */
1593 case 0x9d: /* Right CTRL */
1594 case 0x38: /* Left ALT */
1595 case 0xb8: /* Right ALT */
1597 vs
->modifiers_state
[keycode
] = 1;
1599 vs
->modifiers_state
[keycode
] = 0;
1601 case 0x02 ... 0x0a: /* '1' to '9' keys */
1602 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1603 /* Reset the modifiers sent to the current console */
1605 console_select(keycode
- 0x02);
1609 case 0x3a: /* CapsLock */
1610 case 0x45: /* NumLock */
1612 vs
->modifiers_state
[keycode
] ^= 1;
1616 /* Turn off the lock state sync logic if the client support the led
1619 if (down
&& vs
->vd
->lock_key_sync
&&
1620 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1621 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1622 /* If the numlock state needs to change then simulate an additional
1623 keypress before sending this one. This will happen if the user
1624 toggles numlock away from the VNC window.
1626 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1627 if (!vs
->modifiers_state
[0x45]) {
1628 vs
->modifiers_state
[0x45] = 1;
1629 press_key(vs
, 0xff7f);
1632 if (vs
->modifiers_state
[0x45]) {
1633 vs
->modifiers_state
[0x45] = 0;
1634 press_key(vs
, 0xff7f);
1639 if (down
&& vs
->vd
->lock_key_sync
&&
1640 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1641 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1642 /* If the capslock state needs to change then simulate an additional
1643 keypress before sending this one. This will happen if the user
1644 toggles capslock away from the VNC window.
1646 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1647 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1648 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1650 if (uppercase
== shift
) {
1651 vs
->modifiers_state
[0x3a] = 0;
1652 press_key(vs
, 0xffe5);
1655 if (uppercase
!= shift
) {
1656 vs
->modifiers_state
[0x3a] = 1;
1657 press_key(vs
, 0xffe5);
1662 if (qemu_console_is_graphic(NULL
)) {
1663 if (keycode
& SCANCODE_GREY
)
1664 kbd_put_keycode(SCANCODE_EMUL0
);
1666 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1668 kbd_put_keycode(keycode
| SCANCODE_UP
);
1670 bool numlock
= vs
->modifiers_state
[0x45];
1671 bool control
= (vs
->modifiers_state
[0x1d] ||
1672 vs
->modifiers_state
[0x9d]);
1673 /* QEMU console emulation */
1676 case 0x2a: /* Left Shift */
1677 case 0x36: /* Right Shift */
1678 case 0x1d: /* Left CTRL */
1679 case 0x9d: /* Right CTRL */
1680 case 0x38: /* Left ALT */
1681 case 0xb8: /* Right ALT */
1684 kbd_put_keysym(QEMU_KEY_UP
);
1687 kbd_put_keysym(QEMU_KEY_DOWN
);
1690 kbd_put_keysym(QEMU_KEY_LEFT
);
1693 kbd_put_keysym(QEMU_KEY_RIGHT
);
1696 kbd_put_keysym(QEMU_KEY_DELETE
);
1699 kbd_put_keysym(QEMU_KEY_HOME
);
1702 kbd_put_keysym(QEMU_KEY_END
);
1705 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1708 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1712 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1715 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1718 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1721 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1724 kbd_put_keysym('5');
1727 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1730 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1733 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1736 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1739 kbd_put_keysym('0');
1742 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1746 kbd_put_keysym('/');
1749 kbd_put_keysym('*');
1752 kbd_put_keysym('-');
1755 kbd_put_keysym('+');
1758 kbd_put_keysym('\n');
1763 kbd_put_keysym(sym
& 0x1f);
1765 kbd_put_keysym(sym
);
1773 static void vnc_release_modifiers(VncState
*vs
)
1775 static const int keycodes
[] = {
1776 /* shift, control, alt keys, both left & right */
1777 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1781 if (!qemu_console_is_graphic(NULL
)) {
1784 for (i
= 0; i
< ARRAY_SIZE(keycodes
); i
++) {
1785 keycode
= keycodes
[i
];
1786 if (!vs
->modifiers_state
[keycode
]) {
1789 if (keycode
& SCANCODE_GREY
) {
1790 kbd_put_keycode(SCANCODE_EMUL0
);
1792 kbd_put_keycode(keycode
| SCANCODE_UP
);
1796 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1801 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1802 lsym
= lsym
- 'A' + 'a';
1805 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1806 do_key_event(vs
, down
, keycode
, sym
);
1809 static void ext_key_event(VncState
*vs
, int down
,
1810 uint32_t sym
, uint16_t keycode
)
1812 /* if the user specifies a keyboard layout, always use it */
1813 if (keyboard_layout
)
1814 key_event(vs
, down
, sym
);
1816 do_key_event(vs
, down
, keycode
, sym
);
1819 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1820 int x_position
, int y_position
,
1824 const size_t width
= surface_width(vs
->vd
->ds
) / 16;
1825 const size_t height
= surface_height(vs
->vd
->ds
);
1827 if (y_position
> height
) {
1828 y_position
= height
;
1830 if (y_position
+ h
>= height
) {
1831 h
= height
- y_position
;
1834 vs
->need_update
= 1;
1836 vs
->force_update
= 1;
1837 for (i
= 0; i
< h
; i
++) {
1838 bitmap_set(vs
->dirty
[y_position
+ i
], 0, width
);
1839 bitmap_clear(vs
->dirty
[y_position
+ i
], width
,
1840 VNC_DIRTY_BITS
- width
);
1845 static void send_ext_key_event_ack(VncState
*vs
)
1847 vnc_lock_output(vs
);
1848 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1849 vnc_write_u8(vs
, 0);
1850 vnc_write_u16(vs
, 1);
1851 vnc_framebuffer_update(vs
, 0, 0,
1852 surface_width(vs
->vd
->ds
),
1853 surface_height(vs
->vd
->ds
),
1854 VNC_ENCODING_EXT_KEY_EVENT
);
1855 vnc_unlock_output(vs
);
1859 static void send_ext_audio_ack(VncState
*vs
)
1861 vnc_lock_output(vs
);
1862 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1863 vnc_write_u8(vs
, 0);
1864 vnc_write_u16(vs
, 1);
1865 vnc_framebuffer_update(vs
, 0, 0,
1866 surface_width(vs
->vd
->ds
),
1867 surface_height(vs
->vd
->ds
),
1868 VNC_ENCODING_AUDIO
);
1869 vnc_unlock_output(vs
);
1873 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1876 unsigned int enc
= 0;
1879 vs
->vnc_encoding
= 0;
1880 vs
->tight
.compression
= 9;
1881 vs
->tight
.quality
= -1; /* Lossless by default */
1885 * Start from the end because the encodings are sent in order of preference.
1886 * This way the preferred encoding (first encoding defined in the array)
1887 * will be set at the end of the loop.
1889 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1892 case VNC_ENCODING_RAW
:
1893 vs
->vnc_encoding
= enc
;
1895 case VNC_ENCODING_COPYRECT
:
1896 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1898 case VNC_ENCODING_HEXTILE
:
1899 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1900 vs
->vnc_encoding
= enc
;
1902 case VNC_ENCODING_TIGHT
:
1903 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1904 vs
->vnc_encoding
= enc
;
1906 #ifdef CONFIG_VNC_PNG
1907 case VNC_ENCODING_TIGHT_PNG
:
1908 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1909 vs
->vnc_encoding
= enc
;
1912 case VNC_ENCODING_ZLIB
:
1913 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1914 vs
->vnc_encoding
= enc
;
1916 case VNC_ENCODING_ZRLE
:
1917 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
1918 vs
->vnc_encoding
= enc
;
1920 case VNC_ENCODING_ZYWRLE
:
1921 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
1922 vs
->vnc_encoding
= enc
;
1924 case VNC_ENCODING_DESKTOPRESIZE
:
1925 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1927 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1928 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1930 case VNC_ENCODING_RICH_CURSOR
:
1931 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1933 case VNC_ENCODING_EXT_KEY_EVENT
:
1934 send_ext_key_event_ack(vs
);
1936 case VNC_ENCODING_AUDIO
:
1937 send_ext_audio_ack(vs
);
1939 case VNC_ENCODING_WMVi
:
1940 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1942 case VNC_ENCODING_LED_STATE
:
1943 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
1945 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1946 vs
->tight
.compression
= (enc
& 0x0F);
1948 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1949 if (vs
->vd
->lossy
) {
1950 vs
->tight
.quality
= (enc
& 0x0F);
1954 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1958 vnc_desktop_resize(vs
);
1959 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
1960 vnc_led_state_change(vs
);
1963 static void set_pixel_conversion(VncState
*vs
)
1965 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
1967 if (fmt
== VNC_SERVER_FB_FORMAT
) {
1968 vs
->write_pixels
= vnc_write_pixels_copy
;
1969 vnc_hextile_set_pixel_conversion(vs
, 0);
1971 vs
->write_pixels
= vnc_write_pixels_generic
;
1972 vnc_hextile_set_pixel_conversion(vs
, 1);
1976 static void set_pixel_format(VncState
*vs
,
1977 int bits_per_pixel
, int depth
,
1978 int big_endian_flag
, int true_color_flag
,
1979 int red_max
, int green_max
, int blue_max
,
1980 int red_shift
, int green_shift
, int blue_shift
)
1982 if (!true_color_flag
) {
1983 vnc_client_error(vs
);
1987 vs
->client_pf
.rmax
= red_max
;
1988 vs
->client_pf
.rbits
= hweight_long(red_max
);
1989 vs
->client_pf
.rshift
= red_shift
;
1990 vs
->client_pf
.rmask
= red_max
<< red_shift
;
1991 vs
->client_pf
.gmax
= green_max
;
1992 vs
->client_pf
.gbits
= hweight_long(green_max
);
1993 vs
->client_pf
.gshift
= green_shift
;
1994 vs
->client_pf
.gmask
= green_max
<< green_shift
;
1995 vs
->client_pf
.bmax
= blue_max
;
1996 vs
->client_pf
.bbits
= hweight_long(blue_max
);
1997 vs
->client_pf
.bshift
= blue_shift
;
1998 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
1999 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2000 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2001 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2002 vs
->client_be
= big_endian_flag
;
2004 set_pixel_conversion(vs
);
2006 graphic_hw_invalidate(NULL
);
2007 graphic_hw_update(NULL
);
2010 static void pixel_format_message (VncState
*vs
) {
2011 char pad
[3] = { 0, 0, 0 };
2013 vs
->client_pf
= qemu_default_pixelformat(32);
2015 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2016 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2018 #ifdef HOST_WORDS_BIGENDIAN
2019 vnc_write_u8(vs
, 1); /* big-endian-flag */
2021 vnc_write_u8(vs
, 0); /* big-endian-flag */
2023 vnc_write_u8(vs
, 1); /* true-color-flag */
2024 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2025 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2026 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2027 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2028 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2029 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2030 vnc_write(vs
, pad
, 3); /* padding */
2032 vnc_hextile_set_pixel_conversion(vs
, 0);
2033 vs
->write_pixels
= vnc_write_pixels_copy
;
2036 static void vnc_colordepth(VncState
*vs
)
2038 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2039 /* Sending a WMVi message to notify the client*/
2040 vnc_lock_output(vs
);
2041 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2042 vnc_write_u8(vs
, 0);
2043 vnc_write_u16(vs
, 1); /* number of rects */
2044 vnc_framebuffer_update(vs
, 0, 0,
2045 surface_width(vs
->vd
->ds
),
2046 surface_height(vs
->vd
->ds
),
2048 pixel_format_message(vs
);
2049 vnc_unlock_output(vs
);
2052 set_pixel_conversion(vs
);
2056 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2060 VncDisplay
*vd
= vs
->vd
;
2063 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2067 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2071 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
2072 read_u8(data
, 6), read_u8(data
, 7),
2073 read_u16(data
, 8), read_u16(data
, 10),
2074 read_u16(data
, 12), read_u8(data
, 14),
2075 read_u8(data
, 15), read_u8(data
, 16));
2077 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2082 limit
= read_u16(data
, 2);
2084 return 4 + (limit
* 4);
2086 limit
= read_u16(data
, 2);
2088 for (i
= 0; i
< limit
; i
++) {
2089 int32_t val
= read_s32(data
, 4 + (i
* 4));
2090 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2093 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2095 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2099 framebuffer_update_request(vs
,
2100 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2101 read_u16(data
, 6), read_u16(data
, 8));
2103 case VNC_MSG_CLIENT_KEY_EVENT
:
2107 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2109 case VNC_MSG_CLIENT_POINTER_EVENT
:
2113 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2115 case VNC_MSG_CLIENT_CUT_TEXT
:
2120 uint32_t dlen
= read_u32(data
, 4);
2125 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2127 case VNC_MSG_CLIENT_QEMU
:
2131 switch (read_u8(data
, 1)) {
2132 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2136 ext_key_event(vs
, read_u16(data
, 2),
2137 read_u32(data
, 4), read_u32(data
, 8));
2139 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2143 switch (read_u16 (data
, 2)) {
2144 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2147 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2150 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2153 switch (read_u8(data
, 4)) {
2154 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2155 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2156 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2157 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2158 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2159 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2161 printf("Invalid audio format %d\n", read_u8(data
, 4));
2162 vnc_client_error(vs
);
2165 vs
->as
.nchannels
= read_u8(data
, 5);
2166 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2167 printf("Invalid audio channel coount %d\n",
2169 vnc_client_error(vs
);
2172 vs
->as
.freq
= read_u32(data
, 6);
2175 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2176 vnc_client_error(vs
);
2182 printf("Msg: %d\n", read_u16(data
, 0));
2183 vnc_client_error(vs
);
2188 printf("Msg: %d\n", data
[0]);
2189 vnc_client_error(vs
);
2193 vnc_read_when(vs
, protocol_client_msg
, 1);
2197 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2203 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2204 switch (vs
->vd
->share_policy
) {
2205 case VNC_SHARE_POLICY_IGNORE
:
2207 * Ignore the shared flag. Nothing to do here.
2209 * Doesn't conform to the rfb spec but is traditional qemu
2210 * behavior, thus left here as option for compatibility
2214 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2216 * Policy: Allow clients ask for exclusive access.
2218 * Implementation: When a client asks for exclusive access,
2219 * disconnect all others. Shared connects are allowed as long
2220 * as no exclusive connection exists.
2222 * This is how the rfb spec suggests to handle the shared flag.
2224 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2226 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2230 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2231 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2234 vnc_disconnect_start(client
);
2237 if (mode
== VNC_SHARE_MODE_SHARED
) {
2238 if (vs
->vd
->num_exclusive
> 0) {
2239 vnc_disconnect_start(vs
);
2244 case VNC_SHARE_POLICY_FORCE_SHARED
:
2246 * Policy: Shared connects only.
2247 * Implementation: Disallow clients asking for exclusive access.
2249 * Useful for shared desktop sessions where you don't want
2250 * someone forgetting to say -shared when running the vnc
2251 * client disconnect everybody else.
2253 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2254 vnc_disconnect_start(vs
);
2259 vnc_set_share_mode(vs
, mode
);
2261 vs
->client_width
= surface_width(vs
->vd
->ds
);
2262 vs
->client_height
= surface_height(vs
->vd
->ds
);
2263 vnc_write_u16(vs
, vs
->client_width
);
2264 vnc_write_u16(vs
, vs
->client_height
);
2266 pixel_format_message(vs
);
2269 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2271 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2273 vnc_write_u32(vs
, size
);
2274 vnc_write(vs
, buf
, size
);
2277 vnc_client_cache_auth(vs
);
2278 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2280 vnc_read_when(vs
, protocol_client_msg
, 1);
2285 void start_client_init(VncState
*vs
)
2287 vnc_read_when(vs
, protocol_client_init
, 1);
2290 static void make_challenge(VncState
*vs
)
2294 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2296 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2297 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2300 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2302 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2304 unsigned char key
[8];
2305 time_t now
= time(NULL
);
2307 if (!vs
->vd
->password
) {
2308 VNC_DEBUG("No password configured on server");
2311 if (vs
->vd
->expires
< now
) {
2312 VNC_DEBUG("Password is expired");
2316 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2318 /* Calculate the expected challenge response */
2319 pwlen
= strlen(vs
->vd
->password
);
2320 for (i
=0; i
<sizeof(key
); i
++)
2321 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2323 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2324 des(response
+j
, response
+j
);
2326 /* Compare expected vs actual challenge response */
2327 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2328 VNC_DEBUG("Client challenge response did not match\n");
2331 VNC_DEBUG("Accepting VNC challenge response\n");
2332 vnc_write_u32(vs
, 0); /* Accept auth */
2335 start_client_init(vs
);
2340 vnc_write_u32(vs
, 1); /* Reject auth */
2341 if (vs
->minor
>= 8) {
2342 static const char err
[] = "Authentication failed";
2343 vnc_write_u32(vs
, sizeof(err
));
2344 vnc_write(vs
, err
, sizeof(err
));
2347 vnc_client_error(vs
);
2351 void start_auth_vnc(VncState
*vs
)
2354 /* Send client a 'random' challenge */
2355 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2358 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2362 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2364 /* We only advertise 1 auth scheme at a time, so client
2365 * must pick the one we sent. Verify this */
2366 if (data
[0] != vs
->auth
) { /* Reject auth */
2367 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2368 vnc_write_u32(vs
, 1);
2369 if (vs
->minor
>= 8) {
2370 static const char err
[] = "Authentication failed";
2371 vnc_write_u32(vs
, sizeof(err
));
2372 vnc_write(vs
, err
, sizeof(err
));
2374 vnc_client_error(vs
);
2375 } else { /* Accept requested auth */
2376 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2379 VNC_DEBUG("Accept auth none\n");
2380 if (vs
->minor
>= 8) {
2381 vnc_write_u32(vs
, 0); /* Accept auth completion */
2384 start_client_init(vs
);
2388 VNC_DEBUG("Start VNC auth\n");
2392 #ifdef CONFIG_VNC_TLS
2393 case VNC_AUTH_VENCRYPT
:
2394 VNC_DEBUG("Accept VeNCrypt auth\n");
2395 start_auth_vencrypt(vs
);
2397 #endif /* CONFIG_VNC_TLS */
2399 #ifdef CONFIG_VNC_SASL
2401 VNC_DEBUG("Accept SASL auth\n");
2402 start_auth_sasl(vs
);
2404 #endif /* CONFIG_VNC_SASL */
2406 default: /* Should not be possible, but just in case */
2407 VNC_DEBUG("Reject auth %d server code bug\n", vs
->auth
);
2408 vnc_write_u8(vs
, 1);
2409 if (vs
->minor
>= 8) {
2410 static const char err
[] = "Authentication failed";
2411 vnc_write_u32(vs
, sizeof(err
));
2412 vnc_write(vs
, err
, sizeof(err
));
2414 vnc_client_error(vs
);
2420 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2424 memcpy(local
, version
, 12);
2427 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2428 VNC_DEBUG("Malformed protocol version %s\n", local
);
2429 vnc_client_error(vs
);
2432 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2433 if (vs
->major
!= 3 ||
2439 VNC_DEBUG("Unsupported client version\n");
2440 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2442 vnc_client_error(vs
);
2445 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2446 * as equivalent to v3.3 by servers
2448 if (vs
->minor
== 4 || vs
->minor
== 5)
2451 if (vs
->minor
== 3) {
2452 if (vs
->auth
== VNC_AUTH_NONE
) {
2453 VNC_DEBUG("Tell client auth none\n");
2454 vnc_write_u32(vs
, vs
->auth
);
2456 start_client_init(vs
);
2457 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2458 VNC_DEBUG("Tell client VNC auth\n");
2459 vnc_write_u32(vs
, vs
->auth
);
2463 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2464 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2466 vnc_client_error(vs
);
2469 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2470 vnc_write_u8(vs
, 1); /* num auth */
2471 vnc_write_u8(vs
, vs
->auth
);
2472 vnc_read_when(vs
, protocol_client_auth
, 1);
2479 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2481 struct VncSurface
*vs
= &vd
->guest
;
2483 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2486 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2490 w
= (x
+ w
) / VNC_STAT_RECT
;
2491 h
= (y
+ h
) / VNC_STAT_RECT
;
2495 for (j
= y
; j
<= h
; j
++) {
2496 for (i
= x
; i
<= w
; i
++) {
2497 vs
->lossy_rect
[j
][i
] = 1;
2502 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2505 int sty
= y
/ VNC_STAT_RECT
;
2506 int stx
= x
/ VNC_STAT_RECT
;
2509 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2510 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2512 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2515 /* kernel send buffers are full -> refresh later */
2516 if (vs
->output
.offset
) {
2520 if (!vs
->lossy_rect
[sty
][stx
]) {
2524 vs
->lossy_rect
[sty
][stx
] = 0;
2525 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2526 bitmap_set(vs
->dirty
[y
+ j
], x
/ 16, VNC_STAT_RECT
/ 16);
2534 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2536 int width
= pixman_image_get_width(vd
->guest
.fb
);
2537 int height
= pixman_image_get_height(vd
->guest
.fb
);
2542 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2543 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2544 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2546 rect
->updated
= false;
2550 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2552 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2555 vd
->guest
.last_freq_check
= *tv
;
2557 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2558 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2559 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2560 int count
= ARRAY_SIZE(rect
->times
);
2561 struct timeval min
, max
;
2563 if (!timerisset(&rect
->times
[count
- 1])) {
2567 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2568 qemu_timersub(tv
, &max
, &res
);
2570 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2572 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2573 memset(rect
->times
, 0, sizeof (rect
->times
));
2577 min
= rect
->times
[rect
->idx
];
2578 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2579 qemu_timersub(&max
, &min
, &res
);
2581 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2582 rect
->freq
/= count
;
2583 rect
->freq
= 1. / rect
->freq
;
2589 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2595 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2596 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2598 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2599 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2600 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2612 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2616 rect
= vnc_stat_rect(vd
, x
, y
);
2617 if (rect
->updated
) {
2620 rect
->times
[rect
->idx
] = *tv
;
2621 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2622 rect
->updated
= true;
2625 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2627 int width
= pixman_image_get_width(vd
->guest
.fb
);
2628 int height
= pixman_image_get_height(vd
->guest
.fb
);
2631 uint8_t *server_row
;
2635 pixman_image_t
*tmpbuf
= NULL
;
2637 struct timeval tv
= { 0, 0 };
2639 if (!vd
->non_adaptive
) {
2640 gettimeofday(&tv
, NULL
);
2641 has_dirty
= vnc_update_stats(vd
, &tv
);
2645 * Walk through the guest dirty map.
2646 * Check and copy modified bits from guest to server surface.
2647 * Update server dirty map.
2650 if (cmp_bytes
> vnc_server_fb_stride(vd
)) {
2651 cmp_bytes
= vnc_server_fb_stride(vd
);
2653 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2654 int width
= pixman_image_get_width(vd
->server
);
2655 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2657 guest_row
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2658 server_row
= (uint8_t *)pixman_image_get_data(vd
->server
);
2659 for (y
= 0; y
< height
; y
++) {
2660 if (!bitmap_empty(vd
->guest
.dirty
[y
], VNC_DIRTY_BITS
)) {
2663 uint8_t *server_ptr
;
2665 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2666 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2667 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2669 guest_ptr
= guest_row
;
2671 server_ptr
= server_row
;
2673 for (x
= 0; x
+ 15 < width
;
2674 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2675 if (!test_and_clear_bit((x
/ 16), vd
->guest
.dirty
[y
]))
2677 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2679 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2680 if (!vd
->non_adaptive
)
2681 vnc_rect_updated(vd
, x
, y
, &tv
);
2682 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2683 set_bit((x
/ 16), vs
->dirty
[y
]);
2688 guest_row
+= pixman_image_get_stride(vd
->guest
.fb
);
2689 server_row
+= pixman_image_get_stride(vd
->server
);
2691 qemu_pixman_image_unref(tmpbuf
);
2695 static void vnc_refresh(DisplayChangeListener
*dcl
)
2697 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2699 int has_dirty
, rects
= 0;
2701 graphic_hw_update(NULL
);
2703 if (vnc_trylock_display(vd
)) {
2704 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2708 has_dirty
= vnc_refresh_server_surface(vd
);
2709 vnc_unlock_display(vd
);
2711 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2712 rects
+= vnc_update_client(vs
, has_dirty
);
2713 /* vs might be free()ed here */
2716 if (QTAILQ_EMPTY(&vd
->clients
)) {
2717 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
2721 if (has_dirty
&& rects
) {
2722 vd
->dcl
.update_interval
/= 2;
2723 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
2724 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
2727 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
2728 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
2729 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
2734 static void vnc_connect(VncDisplay
*vd
, int csock
, int skipauth
, bool websocket
)
2736 VncState
*vs
= g_malloc0(sizeof(VncState
));
2742 vs
->auth
= VNC_AUTH_NONE
;
2743 #ifdef CONFIG_VNC_TLS
2744 vs
->subauth
= VNC_AUTH_INVALID
;
2747 vs
->auth
= vd
->auth
;
2748 #ifdef CONFIG_VNC_TLS
2749 vs
->subauth
= vd
->subauth
;
2753 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
2754 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
2755 vs
->lossy_rect
[i
] = g_malloc0(VNC_STAT_COLS
* sizeof (uint8_t));
2758 VNC_DEBUG("New client on socket %d\n", csock
);
2759 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2760 qemu_set_nonblock(vs
->csock
);
2761 #ifdef CONFIG_VNC_WS
2764 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
, NULL
, vs
);
2766 #endif /* CONFIG_VNC_WS */
2768 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2771 vnc_client_cache_addr(vs
);
2772 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2773 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
2777 #ifdef CONFIG_VNC_WS
2785 void vnc_init_state(VncState
*vs
)
2787 vs
->initialized
= true;
2788 VncDisplay
*vd
= vs
->vd
;
2793 vs
->as
.freq
= 44100;
2794 vs
->as
.nchannels
= 2;
2795 vs
->as
.fmt
= AUD_FMT_S16
;
2796 vs
->as
.endianness
= 0;
2798 qemu_mutex_init(&vs
->output_mutex
);
2799 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
2801 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2803 graphic_hw_update(NULL
);
2805 vnc_write(vs
, "RFB 003.008\n", 12);
2807 vnc_read_when(vs
, protocol_version
, 12);
2809 if (vs
->vd
->lock_key_sync
)
2810 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2812 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2813 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2815 /* vs might be free()ed here */
2818 static void vnc_listen_read(void *opaque
, bool websocket
)
2820 VncDisplay
*vs
= opaque
;
2821 struct sockaddr_in addr
;
2822 socklen_t addrlen
= sizeof(addr
);
2826 graphic_hw_update(NULL
);
2827 #ifdef CONFIG_VNC_WS
2829 csock
= qemu_accept(vs
->lwebsock
, (struct sockaddr
*)&addr
, &addrlen
);
2831 #endif /* CONFIG_VNC_WS */
2833 csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2837 vnc_connect(vs
, csock
, 0, websocket
);
2841 static void vnc_listen_regular_read(void *opaque
)
2843 vnc_listen_read(opaque
, 0);
2846 #ifdef CONFIG_VNC_WS
2847 static void vnc_listen_websocket_read(void *opaque
)
2849 vnc_listen_read(opaque
, 1);
2851 #endif /* CONFIG_VNC_WS */
2853 static const DisplayChangeListenerOps dcl_ops
= {
2855 .dpy_refresh
= vnc_refresh
,
2856 .dpy_gfx_copy
= vnc_dpy_copy
,
2857 .dpy_gfx_update
= vnc_dpy_update
,
2858 .dpy_gfx_switch
= vnc_dpy_switch
,
2859 .dpy_mouse_set
= vnc_mouse_set
,
2860 .dpy_cursor_define
= vnc_dpy_cursor_define
,
2863 void vnc_display_init(DisplayState
*ds
)
2865 VncDisplay
*vs
= g_malloc0(sizeof(*vs
));
2870 #ifdef CONFIG_VNC_WS
2874 QTAILQ_INIT(&vs
->clients
);
2875 vs
->expires
= TIME_MAX
;
2877 if (keyboard_layout
)
2878 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2880 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2882 if (!vs
->kbd_layout
)
2885 qemu_mutex_init(&vs
->mutex
);
2886 vnc_start_worker_thread();
2888 vs
->dcl
.ops
= &dcl_ops
;
2889 register_displaychangelistener(&vs
->dcl
);
2893 static void vnc_display_close(DisplayState
*ds
)
2895 VncDisplay
*vs
= vnc_display
;
2900 g_free(vs
->display
);
2903 if (vs
->lsock
!= -1) {
2904 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2908 #ifdef CONFIG_VNC_WS
2909 g_free(vs
->ws_display
);
2910 vs
->ws_display
= NULL
;
2911 if (vs
->lwebsock
!= -1) {
2912 qemu_set_fd_handler2(vs
->lwebsock
, NULL
, NULL
, NULL
, NULL
);
2913 close(vs
->lwebsock
);
2916 #endif /* CONFIG_VNC_WS */
2917 vs
->auth
= VNC_AUTH_INVALID
;
2918 #ifdef CONFIG_VNC_TLS
2919 vs
->subauth
= VNC_AUTH_INVALID
;
2920 vs
->tls
.x509verify
= 0;
2924 static int vnc_display_disable_login(DisplayState
*ds
)
2926 VncDisplay
*vs
= vnc_display
;
2933 g_free(vs
->password
);
2936 vs
->password
= NULL
;
2937 if (vs
->auth
== VNC_AUTH_NONE
) {
2938 vs
->auth
= VNC_AUTH_VNC
;
2944 int vnc_display_password(DisplayState
*ds
, const char *password
)
2946 VncDisplay
*vs
= vnc_display
;
2953 /* This is not the intention of this interface but err on the side
2955 return vnc_display_disable_login(ds
);
2959 g_free(vs
->password
);
2960 vs
->password
= NULL
;
2962 vs
->password
= g_strdup(password
);
2963 if (vs
->auth
== VNC_AUTH_NONE
) {
2964 vs
->auth
= VNC_AUTH_VNC
;
2970 int vnc_display_pw_expire(DisplayState
*ds
, time_t expires
)
2972 VncDisplay
*vs
= vnc_display
;
2978 vs
->expires
= expires
;
2982 char *vnc_display_local_addr(DisplayState
*ds
)
2984 VncDisplay
*vs
= vnc_display
;
2986 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2989 void vnc_display_open(DisplayState
*ds
, const char *display
, Error
**errp
)
2991 VncDisplay
*vs
= vnc_display
;
2992 const char *options
;
2995 #ifdef CONFIG_VNC_TLS
2996 int tls
= 0, x509
= 0;
2998 #ifdef CONFIG_VNC_SASL
3002 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3005 int lock_key_sync
= 1;
3008 error_setg(errp
, "VNC display not active");
3011 vnc_display_close(ds
);
3012 if (strcmp(display
, "none") == 0)
3015 vs
->display
= g_strdup(display
);
3016 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3019 while ((options
= strchr(options
, ','))) {
3021 if (strncmp(options
, "password", 8) == 0) {
3022 if (fips_get_state()) {
3024 "VNC password auth disabled due to FIPS mode, "
3025 "consider using the VeNCrypt or SASL authentication "
3026 "methods as an alternative");
3029 password
= 1; /* Require password auth */
3030 } else if (strncmp(options
, "reverse", 7) == 0) {
3032 } else if (strncmp(options
, "no-lock-key-sync", 16) == 0) {
3034 #ifdef CONFIG_VNC_SASL
3035 } else if (strncmp(options
, "sasl", 4) == 0) {
3036 sasl
= 1; /* Require SASL auth */
3038 #ifdef CONFIG_VNC_WS
3039 } else if (strncmp(options
, "websocket", 9) == 0) {
3043 /* Check for 'websocket=<port>' */
3044 start
= strchr(options
, '=');
3045 end
= strchr(options
, ',');
3046 if (start
&& (!end
|| (start
< end
))) {
3047 int len
= end
? end
-(start
+1) : strlen(start
+1);
3049 /* extract the host specification from display */
3050 char *host
= NULL
, *port
= NULL
, *host_end
= NULL
;
3051 port
= g_strndup(start
+ 1, len
);
3053 /* ipv6 hosts have colons */
3054 end
= strchr(display
, ',');
3055 host_end
= g_strrstr_len(display
, end
- display
, ":");
3058 host
= g_strndup(display
, host_end
- display
+ 1);
3060 host
= g_strndup(":", 1);
3062 vs
->ws_display
= g_strconcat(host
, port
, NULL
);
3067 #endif /* CONFIG_VNC_WS */
3068 #ifdef CONFIG_VNC_TLS
3069 } else if (strncmp(options
, "tls", 3) == 0) {
3070 tls
= 1; /* Require TLS */
3071 } else if (strncmp(options
, "x509", 4) == 0) {
3073 x509
= 1; /* Require x509 certificates */
3074 if (strncmp(options
, "x509verify", 10) == 0)
3075 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
3077 /* Now check for 'x509=/some/path' postfix
3078 * and use that to setup x509 certificate/key paths */
3079 start
= strchr(options
, '=');
3080 end
= strchr(options
, ',');
3081 if (start
&& (!end
|| (start
< end
))) {
3082 int len
= end
? end
-(start
+1) : strlen(start
+1);
3083 char *path
= g_strndup(start
+ 1, len
);
3085 VNC_DEBUG("Trying certificate path '%s'\n", path
);
3086 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
3087 error_setg(errp
, "Failed to find x509 certificates/keys in %s", path
);
3093 error_setg(errp
, "No certificate path provided");
3097 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3098 } else if (strncmp(options
, "acl", 3) == 0) {
3101 } else if (strncmp(options
, "lossy", 5) == 0) {
3103 } else if (strncmp(options
, "non-adaptive", 12) == 0) {
3104 vs
->non_adaptive
= true;
3105 } else if (strncmp(options
, "share=", 6) == 0) {
3106 if (strncmp(options
+6, "ignore", 6) == 0) {
3107 vs
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3108 } else if (strncmp(options
+6, "allow-exclusive", 15) == 0) {
3109 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3110 } else if (strncmp(options
+6, "force-shared", 12) == 0) {
3111 vs
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3113 error_setg(errp
, "unknown vnc share= option");
3119 #ifdef CONFIG_VNC_TLS
3120 if (acl
&& x509
&& vs
->tls
.x509verify
) {
3121 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
3122 fprintf(stderr
, "Failed to create x509 dname ACL\n");
3127 #ifdef CONFIG_VNC_SASL
3129 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
3130 fprintf(stderr
, "Failed to create username ACL\n");
3137 * Combinations we support here:
3139 * - no-auth (clear text, no auth)
3140 * - password (clear text, weak auth)
3141 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3142 * - tls (encrypt, weak anonymous creds, no auth)
3143 * - tls + password (encrypt, weak anonymous creds, weak auth)
3144 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3145 * - tls + x509 (encrypt, good x509 creds, no auth)
3146 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3147 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3149 * NB1. TLS is a stackable auth scheme.
3150 * NB2. the x509 schemes have option to validate a client cert dname
3153 #ifdef CONFIG_VNC_TLS
3155 vs
->auth
= VNC_AUTH_VENCRYPT
;
3157 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3158 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3160 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3161 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3164 #endif /* CONFIG_VNC_TLS */
3165 VNC_DEBUG("Initializing VNC server with password auth\n");
3166 vs
->auth
= VNC_AUTH_VNC
;
3167 #ifdef CONFIG_VNC_TLS
3168 vs
->subauth
= VNC_AUTH_INVALID
;
3170 #endif /* CONFIG_VNC_TLS */
3171 #ifdef CONFIG_VNC_SASL
3173 #ifdef CONFIG_VNC_TLS
3175 vs
->auth
= VNC_AUTH_VENCRYPT
;
3177 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3178 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3180 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3181 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3184 #endif /* CONFIG_VNC_TLS */
3185 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3186 vs
->auth
= VNC_AUTH_SASL
;
3187 #ifdef CONFIG_VNC_TLS
3188 vs
->subauth
= VNC_AUTH_INVALID
;
3190 #endif /* CONFIG_VNC_TLS */
3191 #endif /* CONFIG_VNC_SASL */
3193 #ifdef CONFIG_VNC_TLS
3195 vs
->auth
= VNC_AUTH_VENCRYPT
;
3197 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3198 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3200 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3201 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3205 VNC_DEBUG("Initializing VNC server with no auth\n");
3206 vs
->auth
= VNC_AUTH_NONE
;
3207 #ifdef CONFIG_VNC_TLS
3208 vs
->subauth
= VNC_AUTH_INVALID
;
3213 #ifdef CONFIG_VNC_SASL
3214 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
3215 error_setg(errp
, "Failed to initialize SASL auth: %s",
3216 sasl_errstring(saslErr
, NULL
, NULL
));
3220 vs
->lock_key_sync
= lock_key_sync
;
3223 /* connect to viewer */
3226 #ifdef CONFIG_VNC_WS
3229 if (strncmp(display
, "unix:", 5) == 0) {
3230 csock
= unix_connect(display
+5, errp
);
3232 csock
= inet_connect(display
, errp
);
3237 vnc_connect(vs
, csock
, 0, 0);
3239 /* listen for connects */
3241 dpy
= g_malloc(256);
3242 if (strncmp(display
, "unix:", 5) == 0) {
3243 pstrcpy(dpy
, 256, "unix:");
3244 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5, errp
);
3246 vs
->lsock
= inet_listen(display
, dpy
, 256,
3247 SOCK_STREAM
, 5900, errp
);
3248 if (vs
->lsock
< 0) {
3252 #ifdef CONFIG_VNC_WS
3253 if (vs
->websocket
) {
3254 if (vs
->ws_display
) {
3255 vs
->lwebsock
= inet_listen(vs
->ws_display
, NULL
, 256,
3256 SOCK_STREAM
, 0, errp
);
3258 vs
->lwebsock
= inet_listen(vs
->display
, NULL
, 256,
3259 SOCK_STREAM
, 5700, errp
);
3262 if (vs
->lwebsock
< 0) {
3271 #endif /* CONFIG_VNC_WS */
3273 g_free(vs
->display
);
3275 qemu_set_fd_handler2(vs
->lsock
, NULL
,
3276 vnc_listen_regular_read
, NULL
, vs
);
3277 #ifdef CONFIG_VNC_WS
3278 if (vs
->websocket
) {
3279 qemu_set_fd_handler2(vs
->lwebsock
, NULL
,
3280 vnc_listen_websocket_read
, NULL
, vs
);
3282 #endif /* CONFIG_VNC_WS */
3287 g_free(vs
->display
);
3289 #ifdef CONFIG_VNC_WS
3290 g_free(vs
->ws_display
);
3291 vs
->ws_display
= NULL
;
3292 #endif /* CONFIG_VNC_WS */
3295 void vnc_display_add_client(DisplayState
*ds
, int csock
, int skipauth
)
3297 VncDisplay
*vs
= vnc_display
;
3299 vnc_connect(vs
, csock
, skipauth
, 0);