2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #include "qemu-objects.h"
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
38 #include "vnc_keysym.h"
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
49 static VncDisplay
*vnc_display
; /* needed for info vnc */
50 static DisplayChangeListener
*dcl
;
52 static int vnc_cursor_define(VncState
*vs
);
54 static char *addr_to_string(const char *format
,
55 struct sockaddr_storage
*sa
,
58 char host
[NI_MAXHOST
];
59 char serv
[NI_MAXSERV
];
63 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
66 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err
, gai_strerror(err
));
72 /* Enough for the existing format + the 2 vars we're
74 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
75 addr
= qemu_malloc(addrlen
+ 1);
76 snprintf(addr
, addrlen
, format
, host
, serv
);
83 char *vnc_socket_local_addr(const char *format
, int fd
) {
84 struct sockaddr_storage sa
;
88 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
91 return addr_to_string(format
, &sa
, salen
);
94 char *vnc_socket_remote_addr(const char *format
, int fd
) {
95 struct sockaddr_storage sa
;
99 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
102 return addr_to_string(format
, &sa
, salen
);
105 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
108 char host
[NI_MAXHOST
];
109 char serv
[NI_MAXSERV
];
112 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
115 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err
, gai_strerror(err
));
121 qdict_put(qdict
, "host", qstring_from_str(host
));
122 qdict_put(qdict
, "service", qstring_from_str(serv
));
123 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
128 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
130 struct sockaddr_storage sa
;
134 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
138 return put_addr_qdict(qdict
, &sa
, salen
);
141 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
143 struct sockaddr_storage sa
;
147 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
151 return put_addr_qdict(qdict
, &sa
, salen
);
154 static const char *vnc_auth_name(VncDisplay
*vd
) {
156 case VNC_AUTH_INVALID
:
172 case VNC_AUTH_VENCRYPT
:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd
->subauth
) {
175 case VNC_AUTH_VENCRYPT_PLAIN
:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE
:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC
:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE
:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC
:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN
:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL
:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL
:
192 return "vencrypt+x509+sasl";
205 static int vnc_server_info_put(QDict
*qdict
)
207 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
211 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
215 static void vnc_client_cache_auth(VncState
*client
)
223 qdict
= qobject_to_qdict(client
->info
);
225 #ifdef CONFIG_VNC_TLS
226 if (client
->tls
.session
&&
228 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
231 #ifdef CONFIG_VNC_SASL
232 if (client
->sasl
.conn
&&
233 client
->sasl
.username
) {
234 qdict_put(qdict
, "sasl_username",
235 qstring_from_str(client
->sasl
.username
));
240 static void vnc_client_cache_addr(VncState
*client
)
245 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
247 /* XXX: how to report the error? */
251 client
->info
= QOBJECT(qdict
);
254 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
263 server
= qdict_new();
264 if (vnc_server_info_put(server
) < 0) {
269 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs
->info
, QOBJECT(server
));
272 monitor_protocol_event(event
, data
);
274 qobject_incref(vs
->info
);
275 qobject_decref(data
);
278 static void info_vnc_iter(QObject
*obj
, void *opaque
)
281 Monitor
*mon
= opaque
;
283 client
= qobject_to_qdict(obj
);
284 monitor_printf(mon
, "Client:\n");
285 monitor_printf(mon
, " address: %s:%s\n",
286 qdict_get_str(client
, "host"),
287 qdict_get_str(client
, "service"));
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon
, " x509_dname: %s\n",
291 qdict_haskey(client
, "x509_dname") ?
292 qdict_get_str(client
, "x509_dname") : "none");
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon
, " username: %s\n",
296 qdict_haskey(client
, "sasl_username") ?
297 qdict_get_str(client
, "sasl_username") : "none");
301 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
306 server
= qobject_to_qdict(data
);
307 if (qdict_get_bool(server
, "enabled") == 0) {
308 monitor_printf(mon
, "Server: disabled\n");
312 monitor_printf(mon
, "Server:\n");
313 monitor_printf(mon
, " address: %s:%s\n",
314 qdict_get_str(server
, "host"),
315 qdict_get_str(server
, "service"));
316 monitor_printf(mon
, " auth: %s\n", qdict_get_str(server
, "auth"));
318 clients
= qdict_get_qlist(server
, "clients");
319 if (qlist_empty(clients
)) {
320 monitor_printf(mon
, "Client: none\n");
322 qlist_iter(clients
, info_vnc_iter
, mon
);
327 * do_info_vnc(): Show VNC server information
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
332 * The main QDict contains the following:
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
341 * Clients are described by a QDict, with the following information:
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
355 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
357 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
358 *ret_data
= qobject_from_jsonf("{ 'enabled': false }");
364 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client
->info
);
368 qlist_append_obj(clist
, client
->info
);
372 *ret_data
= qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
374 assert(*ret_data
!= NULL
);
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data
)) < 0) {
377 qobject_decref(*ret_data
);
383 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
384 return (vs
->features
& (1 << feature
));
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
394 static int vnc_update_client(VncState
*vs
, int has_dirty
);
395 static void vnc_disconnect_start(VncState
*vs
);
396 static void vnc_disconnect_finish(VncState
*vs
);
397 static void vnc_init_timer(VncDisplay
*vd
);
398 static void vnc_remove_timer(VncDisplay
*vd
);
400 static void vnc_colordepth(VncState
*vs
);
401 static void framebuffer_update_request(VncState
*vs
, int incremental
,
402 int x_position
, int y_position
,
404 static void vnc_refresh(void *opaque
);
405 static int vnc_refresh_server_surface(VncDisplay
*vd
);
407 static inline void vnc_set_bit(uint32_t *d
, int k
)
409 d
[k
>> 5] |= 1 << (k
& 0x1f);
412 static inline void vnc_clear_bit(uint32_t *d
, int k
)
414 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
417 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
427 d
[j
++] = (1 << n
) - 1;
432 static inline int vnc_get_bit(const uint32_t *d
, int k
)
434 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
437 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
441 for(i
= 0; i
< nb_words
; i
++) {
442 if ((d1
[i
] & d2
[i
]) != 0)
448 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
451 VncDisplay
*vd
= ds
->opaque
;
452 struct VncSurface
*s
= &vd
->guest
;
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
463 x
= MIN(x
, s
->ds
->width
);
464 y
= MIN(y
, s
->ds
->height
);
465 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
466 h
= MIN(h
, s
->ds
->height
);
469 for (i
= 0; i
< w
; i
+= 16)
470 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
473 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
476 vnc_write_u16(vs
, x
);
477 vnc_write_u16(vs
, y
);
478 vnc_write_u16(vs
, w
);
479 vnc_write_u16(vs
, h
);
481 vnc_write_s32(vs
, encoding
);
484 void buffer_reserve(Buffer
*buffer
, size_t len
)
486 if ((buffer
->capacity
- buffer
->offset
) < len
) {
487 buffer
->capacity
+= (len
+ 1024);
488 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
489 if (buffer
->buffer
== NULL
) {
490 fprintf(stderr
, "vnc: out of memory\n");
496 int buffer_empty(Buffer
*buffer
)
498 return buffer
->offset
== 0;
501 uint8_t *buffer_end(Buffer
*buffer
)
503 return buffer
->buffer
+ buffer
->offset
;
506 void buffer_reset(Buffer
*buffer
)
511 void buffer_free(Buffer
*buffer
)
513 qemu_free(buffer
->buffer
);
515 buffer
->capacity
= 0;
516 buffer
->buffer
= NULL
;
519 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
521 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
522 buffer
->offset
+= len
;
525 static void vnc_desktop_resize(VncState
*vs
)
527 DisplayState
*ds
= vs
->ds
;
529 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
532 if (vs
->client_width
== ds_get_width(ds
) &&
533 vs
->client_height
== ds_get_height(ds
)) {
536 vs
->client_width
= ds_get_width(ds
);
537 vs
->client_height
= ds_get_height(ds
);
538 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
540 vnc_write_u16(vs
, 1); /* number of rects */
541 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
542 VNC_ENCODING_DESKTOPRESIZE
);
546 static void vnc_dpy_resize(DisplayState
*ds
)
548 VncDisplay
*vd
= ds
->opaque
;
553 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
554 if (vd
->server
->data
)
555 qemu_free(vd
->server
->data
);
556 *(vd
->server
) = *(ds
->surface
);
557 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
562 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
563 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
564 console_color_init(ds
);
565 *(vd
->guest
.ds
) = *(ds
->surface
);
566 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
568 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
570 vnc_desktop_resize(vs
);
571 if (vs
->vd
->cursor
) {
572 vnc_cursor_define(vs
);
574 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
579 static void vnc_write_pixels_copy(VncState
*vs
, struct PixelFormat
*pf
,
580 void *pixels
, int size
)
582 vnc_write(vs
, pixels
, size
);
585 /* slowest but generic code. */
586 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
589 VncDisplay
*vd
= vs
->vd
;
591 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
592 vd
->server
->pf
.rbits
);
593 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
594 vd
->server
->pf
.gbits
);
595 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
596 vd
->server
->pf
.bbits
);
597 v
= (r
<< vs
->clientds
.pf
.rshift
) |
598 (g
<< vs
->clientds
.pf
.gshift
) |
599 (b
<< vs
->clientds
.pf
.bshift
);
600 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
605 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
615 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
630 static void vnc_write_pixels_generic(VncState
*vs
, struct PixelFormat
*pf
,
631 void *pixels1
, int size
)
635 if (pf
->bytes_per_pixel
== 4) {
636 uint32_t *pixels
= pixels1
;
639 for(i
= 0; i
< n
; i
++) {
640 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
641 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
643 } else if (pf
->bytes_per_pixel
== 2) {
644 uint16_t *pixels
= pixels1
;
647 for(i
= 0; i
< n
; i
++) {
648 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
649 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
651 } else if (pf
->bytes_per_pixel
== 1) {
652 uint8_t *pixels
= pixels1
;
655 for(i
= 0; i
< n
; i
++) {
656 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
657 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
660 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
664 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
668 VncDisplay
*vd
= vs
->vd
;
670 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
671 for (i
= 0; i
< h
; i
++) {
672 vs
->write_pixels(vs
, &vd
->server
->pf
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
673 row
+= ds_get_linesize(vs
->ds
);
678 static int send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
682 switch(vs
->vnc_encoding
) {
683 case VNC_ENCODING_ZLIB
:
684 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
686 case VNC_ENCODING_HEXTILE
:
687 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
688 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
690 case VNC_ENCODING_TIGHT
:
691 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
694 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
695 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
701 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
703 /* send bitblit op to the vnc client */
704 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
706 vnc_write_u16(vs
, 1); /* number of rects */
707 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
708 vnc_write_u16(vs
, src_x
);
709 vnc_write_u16(vs
, src_y
);
713 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
715 VncDisplay
*vd
= ds
->opaque
;
719 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
722 vnc_refresh_server_surface(vd
);
723 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
724 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
725 vs
->force_update
= 1;
726 vnc_update_client(vs
, 1);
727 /* vs might be free()ed here */
731 /* do bitblit op on the local surface too */
732 pitch
= ds_get_linesize(vd
->ds
);
733 depth
= ds_get_bytes_per_pixel(vd
->ds
);
734 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
735 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
740 src_row
+= pitch
* (h
-1);
741 dst_row
+= pitch
* (h
-1);
746 w_lim
= w
- (16 - (dst_x
% 16));
750 w_lim
= w
- (w_lim
% 16);
751 for (i
= 0; i
< h
; i
++) {
752 for (x
= 0; x
<= w_lim
;
753 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
755 if ((s
= w
- w_lim
) == 0)
758 s
= (16 - (dst_x
% 16));
763 cmp_bytes
= s
* depth
;
764 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
766 memmove(dst_row
, src_row
, cmp_bytes
);
767 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
768 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
769 vnc_set_bit(vs
->dirty
[y
], ((x
+ dst_x
) / 16));
773 src_row
+= pitch
- w
* depth
;
774 dst_row
+= pitch
- w
* depth
;
778 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
779 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
780 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
785 static void vnc_mouse_set(int x
, int y
, int visible
)
787 /* can we ask the client(s) to move the pointer ??? */
790 static int vnc_cursor_define(VncState
*vs
)
792 QEMUCursor
*c
= vs
->vd
->cursor
;
793 PixelFormat pf
= qemu_default_pixelformat(32);
796 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
797 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
798 vnc_write_u8(vs
, 0); /* padding */
799 vnc_write_u16(vs
, 1); /* # of rects */
800 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
801 VNC_ENCODING_RICH_CURSOR
);
802 isize
= c
->width
* c
->height
* vs
->clientds
.pf
.bytes_per_pixel
;
803 vnc_write_pixels_generic(vs
, &pf
, c
->data
, isize
);
804 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
810 static void vnc_dpy_cursor_define(QEMUCursor
*c
)
812 VncDisplay
*vd
= vnc_display
;
815 cursor_put(vd
->cursor
);
816 qemu_free(vd
->cursor_mask
);
819 cursor_get(vd
->cursor
);
820 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
821 vd
->cursor_mask
= qemu_mallocz(vd
->cursor_msize
);
822 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
824 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
825 vnc_cursor_define(vs
);
829 static int find_and_clear_dirty_height(struct VncState
*vs
,
830 int y
, int last_x
, int x
)
833 VncDisplay
*vd
= vs
->vd
;
835 for (h
= 1; h
< (vd
->server
->height
- y
); h
++) {
837 if (!vnc_get_bit(vs
->dirty
[y
+ h
], last_x
))
839 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
840 vnc_clear_bit(vs
->dirty
[y
+ h
], tmp_x
);
846 static int vnc_update_client(VncState
*vs
, int has_dirty
)
848 if (vs
->need_update
&& vs
->csock
!= -1) {
849 VncDisplay
*vd
= vs
->vd
;
856 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
857 /* kernel send buffers are full -> drop frames to throttle */
860 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
864 * Send screen updates to the vnc client using the server
865 * surface and server dirty map. guest surface updates
866 * happening in parallel don't disturb us, the next pass will
867 * send them to the client.
870 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
872 saved_offset
= vs
->output
.offset
;
873 vnc_write_u16(vs
, 0);
875 width
= MIN(vd
->server
->width
, vs
->client_width
);
876 height
= MIN(vd
->server
->height
, vs
->client_height
);
878 for (y
= 0; y
< height
; y
++) {
881 for (x
= 0; x
< width
/ 16; x
++) {
882 if (vnc_get_bit(vs
->dirty
[y
], x
)) {
886 vnc_clear_bit(vs
->dirty
[y
], x
);
889 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
890 n
= send_framebuffer_update(vs
, last_x
* 16, y
,
891 (x
- last_x
) * 16, h
);
898 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
899 n
= send_framebuffer_update(vs
, last_x
* 16, y
,
900 (x
- last_x
) * 16, h
);
904 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
905 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
907 vs
->force_update
= 0;
912 vnc_disconnect_finish(vs
);
918 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
920 VncState
*vs
= opaque
;
923 case AUD_CNOTIFY_DISABLE
:
924 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
925 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
926 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
930 case AUD_CNOTIFY_ENABLE
:
931 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
932 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
933 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
939 static void audio_capture_destroy(void *opaque
)
943 static void audio_capture(void *opaque
, void *buf
, int size
)
945 VncState
*vs
= opaque
;
947 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
948 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
949 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
950 vnc_write_u32(vs
, size
);
951 vnc_write(vs
, buf
, size
);
955 static void audio_add(VncState
*vs
)
957 struct audio_capture_ops ops
;
960 monitor_printf(default_mon
, "audio already running\n");
964 ops
.notify
= audio_capture_notify
;
965 ops
.destroy
= audio_capture_destroy
;
966 ops
.capture
= audio_capture
;
968 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
969 if (!vs
->audio_cap
) {
970 monitor_printf(default_mon
, "Failed to add audio capture\n");
974 static void audio_del(VncState
*vs
)
977 AUD_del_capture(vs
->audio_cap
, vs
);
978 vs
->audio_cap
= NULL
;
982 static void vnc_disconnect_start(VncState
*vs
)
986 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
987 closesocket(vs
->csock
);
991 static void vnc_disconnect_finish(VncState
*vs
)
993 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
995 buffer_free(&vs
->input
);
996 buffer_free(&vs
->output
);
998 qobject_decref(vs
->info
);
1001 vnc_tight_clear(vs
);
1003 #ifdef CONFIG_VNC_TLS
1004 vnc_tls_client_cleanup(vs
);
1005 #endif /* CONFIG_VNC_TLS */
1006 #ifdef CONFIG_VNC_SASL
1007 vnc_sasl_client_cleanup(vs
);
1008 #endif /* CONFIG_VNC_SASL */
1011 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1013 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1017 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1018 vnc_remove_timer(vs
->vd
);
1019 if (vs
->vd
->lock_key_sync
)
1020 qemu_remove_led_event_handler(vs
->led
);
1024 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1026 if (ret
== 0 || ret
== -1) {
1028 switch (last_errno
) {
1032 case WSAEWOULDBLOCK
:
1040 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1041 ret
, ret
< 0 ? last_errno
: 0);
1042 vnc_disconnect_start(vs
);
1050 void vnc_client_error(VncState
*vs
)
1052 VNC_DEBUG("Closing down client sock: protocol error\n");
1053 vnc_disconnect_start(vs
);
1058 * Called to write a chunk of data to the client socket. The data may
1059 * be the raw data, or may have already been encoded by SASL.
1060 * The data will be written either straight onto the socket, or
1061 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1063 * NB, it is theoretically possible to have 2 layers of encryption,
1064 * both SASL, and this TLS layer. It is highly unlikely in practice
1065 * though, since SASL encryption will typically be a no-op if TLS
1068 * Returns the number of bytes written, which may be less than
1069 * the requested 'datalen' if the socket would block. Returns
1070 * -1 on error, and disconnects the client socket.
1072 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1075 #ifdef CONFIG_VNC_TLS
1076 if (vs
->tls
.session
) {
1077 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1079 if (ret
== GNUTLS_E_AGAIN
)
1086 #endif /* CONFIG_VNC_TLS */
1087 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1088 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1089 return vnc_client_io_error(vs
, ret
, socket_error());
1094 * Called to write buffered data to the client socket, when not
1095 * using any SASL SSF encryption layers. Will write as much data
1096 * as possible without blocking. If all buffered data is written,
1097 * will switch the FD poll() handler back to read monitoring.
1099 * Returns the number of bytes written, which may be less than
1100 * the buffered output data if the socket would block. Returns
1101 * -1 on error, and disconnects the client socket.
1103 static long vnc_client_write_plain(VncState
*vs
)
1107 #ifdef CONFIG_VNC_SASL
1108 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1109 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1110 vs
->sasl
.waitWriteSSF
);
1112 if (vs
->sasl
.conn
&&
1114 vs
->sasl
.waitWriteSSF
) {
1115 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1117 vs
->sasl
.waitWriteSSF
-= ret
;
1119 #endif /* CONFIG_VNC_SASL */
1120 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1124 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1125 vs
->output
.offset
-= ret
;
1127 if (vs
->output
.offset
== 0) {
1128 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1136 * First function called whenever there is data to be written to
1137 * the client socket. Will delegate actual work according to whether
1138 * SASL SSF layers are enabled (thus requiring encryption calls)
1140 void vnc_client_write(void *opaque
)
1142 VncState
*vs
= opaque
;
1144 #ifdef CONFIG_VNC_SASL
1145 if (vs
->sasl
.conn
&&
1147 !vs
->sasl
.waitWriteSSF
) {
1148 vnc_client_write_sasl(vs
);
1150 #endif /* CONFIG_VNC_SASL */
1151 vnc_client_write_plain(vs
);
1154 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1156 vs
->read_handler
= func
;
1157 vs
->read_handler_expect
= expecting
;
1162 * Called to read a chunk of data from the client socket. The data may
1163 * be the raw data, or may need to be further decoded by SASL.
1164 * The data will be read either straight from to the socket, or
1165 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1167 * NB, it is theoretically possible to have 2 layers of encryption,
1168 * both SASL, and this TLS layer. It is highly unlikely in practice
1169 * though, since SASL encryption will typically be a no-op if TLS
1172 * Returns the number of bytes read, which may be less than
1173 * the requested 'datalen' if the socket would block. Returns
1174 * -1 on error, and disconnects the client socket.
1176 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1179 #ifdef CONFIG_VNC_TLS
1180 if (vs
->tls
.session
) {
1181 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1183 if (ret
== GNUTLS_E_AGAIN
)
1190 #endif /* CONFIG_VNC_TLS */
1191 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1192 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1193 return vnc_client_io_error(vs
, ret
, socket_error());
1198 * Called to read data from the client socket to the input buffer,
1199 * when not using any SASL SSF encryption layers. Will read as much
1200 * data as possible without blocking.
1202 * Returns the number of bytes read. Returns -1 on error, and
1203 * disconnects the client socket.
1205 static long vnc_client_read_plain(VncState
*vs
)
1208 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1209 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1210 buffer_reserve(&vs
->input
, 4096);
1211 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1214 vs
->input
.offset
+= ret
;
1220 * First function called whenever there is more data to be read from
1221 * the client socket. Will delegate actual work according to whether
1222 * SASL SSF layers are enabled (thus requiring decryption calls)
1224 void vnc_client_read(void *opaque
)
1226 VncState
*vs
= opaque
;
1229 #ifdef CONFIG_VNC_SASL
1230 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1231 ret
= vnc_client_read_sasl(vs
);
1233 #endif /* CONFIG_VNC_SASL */
1234 ret
= vnc_client_read_plain(vs
);
1236 if (vs
->csock
== -1)
1237 vnc_disconnect_finish(vs
);
1241 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1242 size_t len
= vs
->read_handler_expect
;
1245 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1246 if (vs
->csock
== -1) {
1247 vnc_disconnect_finish(vs
);
1252 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1253 vs
->input
.offset
-= len
;
1255 vs
->read_handler_expect
= ret
;
1260 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1262 buffer_reserve(&vs
->output
, len
);
1264 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1265 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1268 buffer_append(&vs
->output
, data
, len
);
1271 void vnc_write_s32(VncState
*vs
, int32_t value
)
1273 vnc_write_u32(vs
, *(uint32_t *)&value
);
1276 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1280 buf
[0] = (value
>> 24) & 0xFF;
1281 buf
[1] = (value
>> 16) & 0xFF;
1282 buf
[2] = (value
>> 8) & 0xFF;
1283 buf
[3] = value
& 0xFF;
1285 vnc_write(vs
, buf
, 4);
1288 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1292 buf
[0] = (value
>> 8) & 0xFF;
1293 buf
[1] = value
& 0xFF;
1295 vnc_write(vs
, buf
, 2);
1298 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1300 vnc_write(vs
, (char *)&value
, 1);
1303 void vnc_flush(VncState
*vs
)
1305 if (vs
->csock
!= -1 && vs
->output
.offset
)
1306 vnc_client_write(vs
);
1309 uint8_t read_u8(uint8_t *data
, size_t offset
)
1311 return data
[offset
];
1314 uint16_t read_u16(uint8_t *data
, size_t offset
)
1316 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1319 int32_t read_s32(uint8_t *data
, size_t offset
)
1321 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1322 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1325 uint32_t read_u32(uint8_t *data
, size_t offset
)
1327 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1328 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1331 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1335 static void check_pointer_type_change(Notifier
*notifier
)
1337 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1338 int absolute
= kbd_mouse_is_absolute();
1340 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1341 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1342 vnc_write_u8(vs
, 0);
1343 vnc_write_u16(vs
, 1);
1344 vnc_framebuffer_update(vs
, absolute
, 0,
1345 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1346 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1349 vs
->absolute
= absolute
;
1352 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1357 if (button_mask
& 0x01)
1358 buttons
|= MOUSE_EVENT_LBUTTON
;
1359 if (button_mask
& 0x02)
1360 buttons
|= MOUSE_EVENT_MBUTTON
;
1361 if (button_mask
& 0x04)
1362 buttons
|= MOUSE_EVENT_RBUTTON
;
1363 if (button_mask
& 0x08)
1365 if (button_mask
& 0x10)
1369 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1370 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1371 ds_get_height(vs
->ds
) > 1 ?
1372 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1374 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1378 kbd_mouse_event(x
, y
, dz
, buttons
);
1380 if (vs
->last_x
!= -1)
1381 kbd_mouse_event(x
- vs
->last_x
,
1389 static void reset_keys(VncState
*vs
)
1392 for(i
= 0; i
< 256; i
++) {
1393 if (vs
->modifiers_state
[i
]) {
1394 if (i
& SCANCODE_GREY
)
1395 kbd_put_keycode(SCANCODE_EMUL0
);
1396 kbd_put_keycode(i
| SCANCODE_UP
);
1397 vs
->modifiers_state
[i
] = 0;
1402 static void press_key(VncState
*vs
, int keysym
)
1404 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1405 if (keycode
& SCANCODE_GREY
)
1406 kbd_put_keycode(SCANCODE_EMUL0
);
1407 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1408 if (keycode
& SCANCODE_GREY
)
1409 kbd_put_keycode(SCANCODE_EMUL0
);
1410 kbd_put_keycode(keycode
| SCANCODE_UP
);
1413 static void kbd_leds(void *opaque
, int ledstate
)
1415 VncState
*vs
= opaque
;
1418 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1419 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1421 if (vs
->modifiers_state
[0x3a] != caps
) {
1422 vs
->modifiers_state
[0x3a] = caps
;
1424 if (vs
->modifiers_state
[0x45] != num
) {
1425 vs
->modifiers_state
[0x45] = num
;
1429 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1431 /* QEMU console switch */
1433 case 0x2a: /* Left Shift */
1434 case 0x36: /* Right Shift */
1435 case 0x1d: /* Left CTRL */
1436 case 0x9d: /* Right CTRL */
1437 case 0x38: /* Left ALT */
1438 case 0xb8: /* Right ALT */
1440 vs
->modifiers_state
[keycode
] = 1;
1442 vs
->modifiers_state
[keycode
] = 0;
1444 case 0x02 ... 0x0a: /* '1' to '9' keys */
1445 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1446 /* Reset the modifiers sent to the current console */
1448 console_select(keycode
- 0x02);
1452 case 0x3a: /* CapsLock */
1453 case 0x45: /* NumLock */
1455 vs
->modifiers_state
[keycode
] ^= 1;
1459 if (vs
->vd
->lock_key_sync
&&
1460 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1461 /* If the numlock state needs to change then simulate an additional
1462 keypress before sending this one. This will happen if the user
1463 toggles numlock away from the VNC window.
1465 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1466 if (!vs
->modifiers_state
[0x45]) {
1467 vs
->modifiers_state
[0x45] = 1;
1468 press_key(vs
, 0xff7f);
1471 if (vs
->modifiers_state
[0x45]) {
1472 vs
->modifiers_state
[0x45] = 0;
1473 press_key(vs
, 0xff7f);
1478 if (vs
->vd
->lock_key_sync
&&
1479 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1480 /* If the capslock state needs to change then simulate an additional
1481 keypress before sending this one. This will happen if the user
1482 toggles capslock away from the VNC window.
1484 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1485 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1486 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1488 if (uppercase
== shift
) {
1489 vs
->modifiers_state
[0x3a] = 0;
1490 press_key(vs
, 0xffe5);
1493 if (uppercase
!= shift
) {
1494 vs
->modifiers_state
[0x3a] = 1;
1495 press_key(vs
, 0xffe5);
1500 if (is_graphic_console()) {
1501 if (keycode
& SCANCODE_GREY
)
1502 kbd_put_keycode(SCANCODE_EMUL0
);
1504 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1506 kbd_put_keycode(keycode
| SCANCODE_UP
);
1508 /* QEMU console emulation */
1510 int numlock
= vs
->modifiers_state
[0x45];
1512 case 0x2a: /* Left Shift */
1513 case 0x36: /* Right Shift */
1514 case 0x1d: /* Left CTRL */
1515 case 0x9d: /* Right CTRL */
1516 case 0x38: /* Left ALT */
1517 case 0xb8: /* Right ALT */
1520 kbd_put_keysym(QEMU_KEY_UP
);
1523 kbd_put_keysym(QEMU_KEY_DOWN
);
1526 kbd_put_keysym(QEMU_KEY_LEFT
);
1529 kbd_put_keysym(QEMU_KEY_RIGHT
);
1532 kbd_put_keysym(QEMU_KEY_DELETE
);
1535 kbd_put_keysym(QEMU_KEY_HOME
);
1538 kbd_put_keysym(QEMU_KEY_END
);
1541 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1544 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1548 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1551 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1554 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1557 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1560 kbd_put_keysym('5');
1563 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1566 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1569 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1572 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1575 kbd_put_keysym('0');
1578 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1582 kbd_put_keysym('/');
1585 kbd_put_keysym('*');
1588 kbd_put_keysym('-');
1591 kbd_put_keysym('+');
1594 kbd_put_keysym('\n');
1598 kbd_put_keysym(sym
);
1605 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1610 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1611 lsym
= lsym
- 'A' + 'a';
1614 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1615 do_key_event(vs
, down
, keycode
, sym
);
1618 static void ext_key_event(VncState
*vs
, int down
,
1619 uint32_t sym
, uint16_t keycode
)
1621 /* if the user specifies a keyboard layout, always use it */
1622 if (keyboard_layout
)
1623 key_event(vs
, down
, sym
);
1625 do_key_event(vs
, down
, keycode
, sym
);
1628 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1629 int x_position
, int y_position
,
1632 if (y_position
> ds_get_height(vs
->ds
))
1633 y_position
= ds_get_height(vs
->ds
);
1634 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1635 h
= ds_get_height(vs
->ds
) - y_position
;
1638 vs
->need_update
= 1;
1640 vs
->force_update
= 1;
1641 for (i
= 0; i
< h
; i
++) {
1642 vnc_set_bits(vs
->dirty
[y_position
+ i
],
1643 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1648 static void send_ext_key_event_ack(VncState
*vs
)
1650 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1651 vnc_write_u8(vs
, 0);
1652 vnc_write_u16(vs
, 1);
1653 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1654 VNC_ENCODING_EXT_KEY_EVENT
);
1658 static void send_ext_audio_ack(VncState
*vs
)
1660 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1661 vnc_write_u8(vs
, 0);
1662 vnc_write_u16(vs
, 1);
1663 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1664 VNC_ENCODING_AUDIO
);
1668 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1671 unsigned int enc
= 0;
1674 vs
->vnc_encoding
= 0;
1675 vs
->tight_compression
= 9;
1676 vs
->tight_quality
= 9;
1680 * Start from the end because the encodings are sent in order of preference.
1681 * This way the prefered encoding (first encoding defined in the array)
1682 * will be set at the end of the loop.
1684 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1687 case VNC_ENCODING_RAW
:
1688 vs
->vnc_encoding
= enc
;
1690 case VNC_ENCODING_COPYRECT
:
1691 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1693 case VNC_ENCODING_HEXTILE
:
1694 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1695 vs
->vnc_encoding
= enc
;
1697 case VNC_ENCODING_TIGHT
:
1698 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1699 vs
->vnc_encoding
= enc
;
1701 case VNC_ENCODING_ZLIB
:
1702 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1703 vs
->vnc_encoding
= enc
;
1705 case VNC_ENCODING_DESKTOPRESIZE
:
1706 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1708 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1709 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1711 case VNC_ENCODING_RICH_CURSOR
:
1712 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1714 case VNC_ENCODING_EXT_KEY_EVENT
:
1715 send_ext_key_event_ack(vs
);
1717 case VNC_ENCODING_AUDIO
:
1718 send_ext_audio_ack(vs
);
1720 case VNC_ENCODING_WMVi
:
1721 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1723 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1724 vs
->tight_compression
= (enc
& 0x0F);
1726 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1727 vs
->tight_quality
= (enc
& 0x0F);
1730 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1734 vnc_desktop_resize(vs
);
1735 check_pointer_type_change(&vs
->mouse_mode_notifier
);
1738 static void set_pixel_conversion(VncState
*vs
)
1740 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1741 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1742 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1743 vs
->write_pixels
= vnc_write_pixels_copy
;
1744 vnc_hextile_set_pixel_conversion(vs
, 0);
1746 vs
->write_pixels
= vnc_write_pixels_generic
;
1747 vnc_hextile_set_pixel_conversion(vs
, 1);
1751 static void set_pixel_format(VncState
*vs
,
1752 int bits_per_pixel
, int depth
,
1753 int big_endian_flag
, int true_color_flag
,
1754 int red_max
, int green_max
, int blue_max
,
1755 int red_shift
, int green_shift
, int blue_shift
)
1757 if (!true_color_flag
) {
1758 vnc_client_error(vs
);
1762 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1763 vs
->clientds
.pf
.rmax
= red_max
;
1764 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1765 vs
->clientds
.pf
.rshift
= red_shift
;
1766 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1767 vs
->clientds
.pf
.gmax
= green_max
;
1768 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1769 vs
->clientds
.pf
.gshift
= green_shift
;
1770 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1771 vs
->clientds
.pf
.bmax
= blue_max
;
1772 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1773 vs
->clientds
.pf
.bshift
= blue_shift
;
1774 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1775 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1776 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1777 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1778 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1780 set_pixel_conversion(vs
);
1782 vga_hw_invalidate();
1786 static void pixel_format_message (VncState
*vs
) {
1787 char pad
[3] = { 0, 0, 0 };
1789 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1790 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1792 #ifdef HOST_WORDS_BIGENDIAN
1793 vnc_write_u8(vs
, 1); /* big-endian-flag */
1795 vnc_write_u8(vs
, 0); /* big-endian-flag */
1797 vnc_write_u8(vs
, 1); /* true-color-flag */
1798 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1799 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1800 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1801 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1802 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1803 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1805 vnc_hextile_set_pixel_conversion(vs
, 0);
1807 vs
->clientds
= *(vs
->ds
->surface
);
1808 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1809 vs
->write_pixels
= vnc_write_pixels_copy
;
1811 vnc_write(vs
, pad
, 3); /* padding */
1814 static void vnc_dpy_setdata(DisplayState
*ds
)
1816 /* We don't have to do anything */
1819 static void vnc_colordepth(VncState
*vs
)
1821 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1822 /* Sending a WMVi message to notify the client*/
1823 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1824 vnc_write_u8(vs
, 0);
1825 vnc_write_u16(vs
, 1); /* number of rects */
1826 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1827 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1828 pixel_format_message(vs
);
1831 set_pixel_conversion(vs
);
1835 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1839 VncDisplay
*vd
= vs
->vd
;
1842 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1843 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
))
1844 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
1848 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
1852 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1853 read_u8(data
, 6), read_u8(data
, 7),
1854 read_u16(data
, 8), read_u16(data
, 10),
1855 read_u16(data
, 12), read_u8(data
, 14),
1856 read_u8(data
, 15), read_u8(data
, 16));
1858 case VNC_MSG_CLIENT_SET_ENCODINGS
:
1863 limit
= read_u16(data
, 2);
1865 return 4 + (limit
* 4);
1867 limit
= read_u16(data
, 2);
1869 for (i
= 0; i
< limit
; i
++) {
1870 int32_t val
= read_s32(data
, 4 + (i
* 4));
1871 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1874 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1876 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
1880 framebuffer_update_request(vs
,
1881 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1882 read_u16(data
, 6), read_u16(data
, 8));
1884 case VNC_MSG_CLIENT_KEY_EVENT
:
1888 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1890 case VNC_MSG_CLIENT_POINTER_EVENT
:
1894 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1896 case VNC_MSG_CLIENT_CUT_TEXT
:
1901 uint32_t dlen
= read_u32(data
, 4);
1906 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1908 case VNC_MSG_CLIENT_QEMU
:
1912 switch (read_u8(data
, 1)) {
1913 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
1917 ext_key_event(vs
, read_u16(data
, 2),
1918 read_u32(data
, 4), read_u32(data
, 8));
1920 case VNC_MSG_CLIENT_QEMU_AUDIO
:
1924 switch (read_u16 (data
, 2)) {
1925 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
1928 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
1931 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
1934 switch (read_u8(data
, 4)) {
1935 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1936 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1937 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1938 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1939 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1940 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1942 printf("Invalid audio format %d\n", read_u8(data
, 4));
1943 vnc_client_error(vs
);
1946 vs
->as
.nchannels
= read_u8(data
, 5);
1947 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1948 printf("Invalid audio channel coount %d\n",
1950 vnc_client_error(vs
);
1953 vs
->as
.freq
= read_u32(data
, 6);
1956 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1957 vnc_client_error(vs
);
1963 printf("Msg: %d\n", read_u16(data
, 0));
1964 vnc_client_error(vs
);
1969 printf("Msg: %d\n", data
[0]);
1970 vnc_client_error(vs
);
1974 vnc_read_when(vs
, protocol_client_msg
, 1);
1978 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1983 vs
->client_width
= ds_get_width(vs
->ds
);
1984 vs
->client_height
= ds_get_height(vs
->ds
);
1985 vnc_write_u16(vs
, vs
->client_width
);
1986 vnc_write_u16(vs
, vs
->client_height
);
1988 pixel_format_message(vs
);
1991 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1993 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1995 vnc_write_u32(vs
, size
);
1996 vnc_write(vs
, buf
, size
);
1999 vnc_client_cache_auth(vs
);
2000 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2002 vnc_read_when(vs
, protocol_client_msg
, 1);
2007 void start_client_init(VncState
*vs
)
2009 vnc_read_when(vs
, protocol_client_init
, 1);
2012 static void make_challenge(VncState
*vs
)
2016 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2018 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2019 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2022 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2024 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2026 unsigned char key
[8];
2028 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
2029 VNC_DEBUG("No password configured on server");
2030 vnc_write_u32(vs
, 1); /* Reject auth */
2031 if (vs
->minor
>= 8) {
2032 static const char err
[] = "Authentication failed";
2033 vnc_write_u32(vs
, sizeof(err
));
2034 vnc_write(vs
, err
, sizeof(err
));
2037 vnc_client_error(vs
);
2041 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2043 /* Calculate the expected challenge response */
2044 pwlen
= strlen(vs
->vd
->password
);
2045 for (i
=0; i
<sizeof(key
); i
++)
2046 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2048 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2049 des(response
+j
, response
+j
);
2051 /* Compare expected vs actual challenge response */
2052 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2053 VNC_DEBUG("Client challenge reponse did not match\n");
2054 vnc_write_u32(vs
, 1); /* Reject auth */
2055 if (vs
->minor
>= 8) {
2056 static const char err
[] = "Authentication failed";
2057 vnc_write_u32(vs
, sizeof(err
));
2058 vnc_write(vs
, err
, sizeof(err
));
2061 vnc_client_error(vs
);
2063 VNC_DEBUG("Accepting VNC challenge response\n");
2064 vnc_write_u32(vs
, 0); /* Accept auth */
2067 start_client_init(vs
);
2072 void start_auth_vnc(VncState
*vs
)
2075 /* Send client a 'random' challenge */
2076 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2079 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2083 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2085 /* We only advertise 1 auth scheme at a time, so client
2086 * must pick the one we sent. Verify this */
2087 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
2088 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2089 vnc_write_u32(vs
, 1);
2090 if (vs
->minor
>= 8) {
2091 static const char err
[] = "Authentication failed";
2092 vnc_write_u32(vs
, sizeof(err
));
2093 vnc_write(vs
, err
, sizeof(err
));
2095 vnc_client_error(vs
);
2096 } else { /* Accept requested auth */
2097 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2098 switch (vs
->vd
->auth
) {
2100 VNC_DEBUG("Accept auth none\n");
2101 if (vs
->minor
>= 8) {
2102 vnc_write_u32(vs
, 0); /* Accept auth completion */
2105 start_client_init(vs
);
2109 VNC_DEBUG("Start VNC auth\n");
2113 #ifdef CONFIG_VNC_TLS
2114 case VNC_AUTH_VENCRYPT
:
2115 VNC_DEBUG("Accept VeNCrypt auth\n");;
2116 start_auth_vencrypt(vs
);
2118 #endif /* CONFIG_VNC_TLS */
2120 #ifdef CONFIG_VNC_SASL
2122 VNC_DEBUG("Accept SASL auth\n");
2123 start_auth_sasl(vs
);
2125 #endif /* CONFIG_VNC_SASL */
2127 default: /* Should not be possible, but just in case */
2128 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
2129 vnc_write_u8(vs
, 1);
2130 if (vs
->minor
>= 8) {
2131 static const char err
[] = "Authentication failed";
2132 vnc_write_u32(vs
, sizeof(err
));
2133 vnc_write(vs
, err
, sizeof(err
));
2135 vnc_client_error(vs
);
2141 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2145 memcpy(local
, version
, 12);
2148 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2149 VNC_DEBUG("Malformed protocol version %s\n", local
);
2150 vnc_client_error(vs
);
2153 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2154 if (vs
->major
!= 3 ||
2160 VNC_DEBUG("Unsupported client version\n");
2161 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2163 vnc_client_error(vs
);
2166 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2167 * as equivalent to v3.3 by servers
2169 if (vs
->minor
== 4 || vs
->minor
== 5)
2172 if (vs
->minor
== 3) {
2173 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
2174 VNC_DEBUG("Tell client auth none\n");
2175 vnc_write_u32(vs
, vs
->vd
->auth
);
2177 start_client_init(vs
);
2178 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
2179 VNC_DEBUG("Tell client VNC auth\n");
2180 vnc_write_u32(vs
, vs
->vd
->auth
);
2184 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2185 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2187 vnc_client_error(vs
);
2190 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2191 vnc_write_u8(vs
, 1); /* num auth */
2192 vnc_write_u8(vs
, vs
->vd
->auth
);
2193 vnc_read_when(vs
, protocol_client_auth
, 1);
2200 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2204 uint8_t *server_row
;
2206 uint32_t width_mask
[VNC_DIRTY_WORDS
];
2211 * Walk through the guest dirty map.
2212 * Check and copy modified bits from guest to server surface.
2213 * Update server dirty map.
2215 vnc_set_bits(width_mask
, (ds_get_width(vd
->ds
) / 16), VNC_DIRTY_WORDS
);
2216 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2217 guest_row
= vd
->guest
.ds
->data
;
2218 server_row
= vd
->server
->data
;
2219 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2220 if (vnc_and_bits(vd
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
2223 uint8_t *server_ptr
;
2225 guest_ptr
= guest_row
;
2226 server_ptr
= server_row
;
2228 for (x
= 0; x
< vd
->guest
.ds
->width
;
2229 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2230 if (!vnc_get_bit(vd
->guest
.dirty
[y
], (x
/ 16)))
2232 vnc_clear_bit(vd
->guest
.dirty
[y
], (x
/ 16));
2233 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2235 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2236 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2237 vnc_set_bit(vs
->dirty
[y
], (x
/ 16));
2242 guest_row
+= ds_get_linesize(vd
->ds
);
2243 server_row
+= ds_get_linesize(vd
->ds
);
2248 static void vnc_refresh(void *opaque
)
2250 VncDisplay
*vd
= opaque
;
2252 int has_dirty
, rects
= 0;
2256 has_dirty
= vnc_refresh_server_surface(vd
);
2258 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2259 rects
+= vnc_update_client(vs
, has_dirty
);
2260 /* vs might be free()ed here */
2262 /* vd->timer could be NULL now if the last client disconnected,
2263 * in this case don't update the timer */
2264 if (vd
->timer
== NULL
)
2267 if (has_dirty
&& rects
) {
2268 vd
->timer_interval
/= 2;
2269 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2270 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2272 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2273 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2274 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2276 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
2279 static void vnc_init_timer(VncDisplay
*vd
)
2281 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2282 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2283 vd
->timer
= qemu_new_timer(rt_clock
, vnc_refresh
, vd
);
2288 static void vnc_remove_timer(VncDisplay
*vd
)
2290 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2291 qemu_del_timer(vd
->timer
);
2292 qemu_free_timer(vd
->timer
);
2297 static void vnc_connect(VncDisplay
*vd
, int csock
)
2299 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2302 VNC_DEBUG("New client on socket %d\n", csock
);
2304 socket_set_nonblock(vs
->csock
);
2305 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2307 vnc_client_cache_addr(vs
);
2308 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2315 vs
->as
.freq
= 44100;
2316 vs
->as
.nchannels
= 2;
2317 vs
->as
.fmt
= AUD_FMT_S16
;
2318 vs
->as
.endianness
= 0;
2320 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2324 vnc_write(vs
, "RFB 003.008\n", 12);
2326 vnc_read_when(vs
, protocol_version
, 12);
2328 if (vs
->vd
->lock_key_sync
)
2329 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2331 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2332 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2336 /* vs might be free()ed here */
2339 static void vnc_listen_read(void *opaque
)
2341 VncDisplay
*vs
= opaque
;
2342 struct sockaddr_in addr
;
2343 socklen_t addrlen
= sizeof(addr
);
2348 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2350 vnc_connect(vs
, csock
);
2354 void vnc_display_init(DisplayState
*ds
)
2356 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2358 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2367 QTAILQ_INIT(&vs
->clients
);
2369 if (keyboard_layout
)
2370 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2372 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2374 if (!vs
->kbd_layout
)
2377 dcl
->dpy_copy
= vnc_dpy_copy
;
2378 dcl
->dpy_update
= vnc_dpy_update
;
2379 dcl
->dpy_resize
= vnc_dpy_resize
;
2380 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2381 register_displaychangelistener(ds
, dcl
);
2382 ds
->mouse_set
= vnc_mouse_set
;
2383 ds
->cursor_define
= vnc_dpy_cursor_define
;
2387 void vnc_display_close(DisplayState
*ds
)
2389 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2394 qemu_free(vs
->display
);
2397 if (vs
->lsock
!= -1) {
2398 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2402 vs
->auth
= VNC_AUTH_INVALID
;
2403 #ifdef CONFIG_VNC_TLS
2404 vs
->subauth
= VNC_AUTH_INVALID
;
2405 vs
->tls
.x509verify
= 0;
2409 int vnc_display_password(DisplayState
*ds
, const char *password
)
2411 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2418 qemu_free(vs
->password
);
2419 vs
->password
= NULL
;
2421 if (password
&& password
[0]) {
2422 if (!(vs
->password
= qemu_strdup(password
)))
2424 if (vs
->auth
== VNC_AUTH_NONE
) {
2425 vs
->auth
= VNC_AUTH_VNC
;
2428 vs
->auth
= VNC_AUTH_NONE
;
2434 char *vnc_display_local_addr(DisplayState
*ds
)
2436 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2438 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2441 int vnc_display_open(DisplayState
*ds
, const char *display
)
2443 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2444 const char *options
;
2447 #ifdef CONFIG_VNC_TLS
2448 int tls
= 0, x509
= 0;
2450 #ifdef CONFIG_VNC_SASL
2455 int lock_key_sync
= 1;
2459 vnc_display_close(ds
);
2460 if (strcmp(display
, "none") == 0)
2463 if (!(vs
->display
= strdup(display
)))
2467 while ((options
= strchr(options
, ','))) {
2469 if (strncmp(options
, "password", 8) == 0) {
2470 password
= 1; /* Require password auth */
2471 } else if (strncmp(options
, "reverse", 7) == 0) {
2473 } else if (strncmp(options
, "no-lock-key-sync", 9) == 0) {
2475 #ifdef CONFIG_VNC_SASL
2476 } else if (strncmp(options
, "sasl", 4) == 0) {
2477 sasl
= 1; /* Require SASL auth */
2479 #ifdef CONFIG_VNC_TLS
2480 } else if (strncmp(options
, "tls", 3) == 0) {
2481 tls
= 1; /* Require TLS */
2482 } else if (strncmp(options
, "x509", 4) == 0) {
2484 x509
= 1; /* Require x509 certificates */
2485 if (strncmp(options
, "x509verify", 10) == 0)
2486 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2488 /* Now check for 'x509=/some/path' postfix
2489 * and use that to setup x509 certificate/key paths */
2490 start
= strchr(options
, '=');
2491 end
= strchr(options
, ',');
2492 if (start
&& (!end
|| (start
< end
))) {
2493 int len
= end
? end
-(start
+1) : strlen(start
+1);
2494 char *path
= qemu_strndup(start
+ 1, len
);
2496 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2497 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2498 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2500 qemu_free(vs
->display
);
2506 fprintf(stderr
, "No certificate path provided\n");
2507 qemu_free(vs
->display
);
2512 } else if (strncmp(options
, "acl", 3) == 0) {
2517 #ifdef CONFIG_VNC_TLS
2518 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2519 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2520 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2525 #ifdef CONFIG_VNC_SASL
2527 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2528 fprintf(stderr
, "Failed to create username ACL\n");
2535 * Combinations we support here:
2537 * - no-auth (clear text, no auth)
2538 * - password (clear text, weak auth)
2539 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2540 * - tls (encrypt, weak anonymous creds, no auth)
2541 * - tls + password (encrypt, weak anonymous creds, weak auth)
2542 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2543 * - tls + x509 (encrypt, good x509 creds, no auth)
2544 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2545 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2547 * NB1. TLS is a stackable auth scheme.
2548 * NB2. the x509 schemes have option to validate a client cert dname
2551 #ifdef CONFIG_VNC_TLS
2553 vs
->auth
= VNC_AUTH_VENCRYPT
;
2555 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2556 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2558 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2559 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2562 #endif /* CONFIG_VNC_TLS */
2563 VNC_DEBUG("Initializing VNC server with password auth\n");
2564 vs
->auth
= VNC_AUTH_VNC
;
2565 #ifdef CONFIG_VNC_TLS
2566 vs
->subauth
= VNC_AUTH_INVALID
;
2568 #endif /* CONFIG_VNC_TLS */
2569 #ifdef CONFIG_VNC_SASL
2571 #ifdef CONFIG_VNC_TLS
2573 vs
->auth
= VNC_AUTH_VENCRYPT
;
2575 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2576 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2578 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2579 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2582 #endif /* CONFIG_VNC_TLS */
2583 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2584 vs
->auth
= VNC_AUTH_SASL
;
2585 #ifdef CONFIG_VNC_TLS
2586 vs
->subauth
= VNC_AUTH_INVALID
;
2588 #endif /* CONFIG_VNC_TLS */
2589 #endif /* CONFIG_VNC_SASL */
2591 #ifdef CONFIG_VNC_TLS
2593 vs
->auth
= VNC_AUTH_VENCRYPT
;
2595 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2596 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2598 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2599 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2603 VNC_DEBUG("Initializing VNC server with no auth\n");
2604 vs
->auth
= VNC_AUTH_NONE
;
2605 #ifdef CONFIG_VNC_TLS
2606 vs
->subauth
= VNC_AUTH_INVALID
;
2611 #ifdef CONFIG_VNC_SASL
2612 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2613 fprintf(stderr
, "Failed to initialize SASL auth %s",
2614 sasl_errstring(saslErr
, NULL
, NULL
));
2620 vs
->lock_key_sync
= lock_key_sync
;
2623 /* connect to viewer */
2624 if (strncmp(display
, "unix:", 5) == 0)
2625 vs
->lsock
= unix_connect(display
+5);
2627 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2628 if (-1 == vs
->lsock
) {
2633 int csock
= vs
->lsock
;
2635 vnc_connect(vs
, csock
);
2640 /* listen for connects */
2642 dpy
= qemu_malloc(256);
2643 if (strncmp(display
, "unix:", 5) == 0) {
2644 pstrcpy(dpy
, 256, "unix:");
2645 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2647 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2649 if (-1 == vs
->lsock
) {
2657 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);