2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
37 #define VNC_REFRESH_INTERVAL_BASE 30
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX 2000
40 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
43 #include "vnc_keysym.h"
46 static VncDisplay
*vnc_display
; /* needed for info vnc */
47 static DisplayChangeListener
*dcl
;
49 static int vnc_cursor_define(VncState
*vs
);
50 static void vnc_release_modifiers(VncState
*vs
);
52 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
55 static const char *mn
[] = {
57 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
58 [VNC_SHARE_MODE_SHARED
] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
62 fprintf(stderr
, "%s/%d: %s -> %s\n", __func__
,
63 vs
->csock
, mn
[vs
->share_mode
], mn
[mode
]);
66 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
67 vs
->vd
->num_exclusive
--;
69 vs
->share_mode
= mode
;
70 if (vs
->share_mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
71 vs
->vd
->num_exclusive
++;
75 static char *addr_to_string(const char *format
,
76 struct sockaddr_storage
*sa
,
79 char host
[NI_MAXHOST
];
80 char serv
[NI_MAXSERV
];
84 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
87 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err
, gai_strerror(err
));
93 /* Enough for the existing format + the 2 vars we're
95 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
96 addr
= g_malloc(addrlen
+ 1);
97 snprintf(addr
, addrlen
, format
, host
, serv
);
104 char *vnc_socket_local_addr(const char *format
, int fd
) {
105 struct sockaddr_storage sa
;
109 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
112 return addr_to_string(format
, &sa
, salen
);
115 char *vnc_socket_remote_addr(const char *format
, int fd
) {
116 struct sockaddr_storage sa
;
120 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
123 return addr_to_string(format
, &sa
, salen
);
126 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
129 char host
[NI_MAXHOST
];
130 char serv
[NI_MAXSERV
];
133 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
136 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err
, gai_strerror(err
));
142 qdict_put(qdict
, "host", qstring_from_str(host
));
143 qdict_put(qdict
, "service", qstring_from_str(serv
));
144 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
149 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
151 struct sockaddr_storage sa
;
155 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
159 return put_addr_qdict(qdict
, &sa
, salen
);
162 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
164 struct sockaddr_storage sa
;
168 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
172 return put_addr_qdict(qdict
, &sa
, salen
);
175 static const char *vnc_auth_name(VncDisplay
*vd
) {
177 case VNC_AUTH_INVALID
:
193 case VNC_AUTH_VENCRYPT
:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd
->subauth
) {
196 case VNC_AUTH_VENCRYPT_PLAIN
:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE
:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC
:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE
:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC
:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN
:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL
:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL
:
213 return "vencrypt+x509+sasl";
226 static int vnc_server_info_put(QDict
*qdict
)
228 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
232 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
236 static void vnc_client_cache_auth(VncState
*client
)
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict
= qobject_to_qdict(client
->info
);
250 #ifdef CONFIG_VNC_TLS
251 if (client
->tls
.session
&&
253 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
256 #ifdef CONFIG_VNC_SASL
257 if (client
->sasl
.conn
&&
258 client
->sasl
.username
) {
259 qdict_put(qdict
, "sasl_username",
260 qstring_from_str(client
->sasl
.username
));
265 static void vnc_client_cache_addr(VncState
*client
)
270 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
272 /* XXX: how to report the error? */
276 client
->info
= QOBJECT(qdict
);
279 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
288 server
= qdict_new();
289 if (vnc_server_info_put(server
) < 0) {
294 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs
->info
, QOBJECT(server
));
297 monitor_protocol_event(event
, data
);
299 qobject_incref(vs
->info
);
300 qobject_decref(data
);
303 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
305 struct sockaddr_storage sa
;
306 socklen_t salen
= sizeof(sa
);
307 char host
[NI_MAXHOST
];
308 char serv
[NI_MAXSERV
];
311 if (getpeername(client
->csock
, (struct sockaddr
*)&sa
, &salen
) < 0) {
315 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
318 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
322 info
= g_malloc0(sizeof(*info
));
323 info
->host
= g_strdup(host
);
324 info
->service
= g_strdup(serv
);
325 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
327 #ifdef CONFIG_VNC_TLS
328 if (client
->tls
.session
&& client
->tls
.dname
) {
329 info
->has_x509_dname
= true;
330 info
->x509_dname
= g_strdup(client
->tls
.dname
);
333 #ifdef CONFIG_VNC_SASL
334 if (client
->sasl
.conn
&& client
->sasl
.username
) {
335 info
->has_sasl_username
= true;
336 info
->sasl_username
= g_strdup(client
->sasl
.username
);
343 VncInfo
*qmp_query_vnc(Error
**errp
)
345 VncInfo
*info
= g_malloc0(sizeof(*info
));
347 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
348 info
->enabled
= false;
350 VncClientInfoList
*cur_item
= NULL
;
351 struct sockaddr_storage sa
;
352 socklen_t salen
= sizeof(sa
);
353 char host
[NI_MAXHOST
];
354 char serv
[NI_MAXSERV
];
357 info
->enabled
= true;
359 /* for compatibility with the original command */
360 info
->has_clients
= true;
362 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
363 VncClientInfoList
*cinfo
= g_malloc0(sizeof(*info
));
364 cinfo
->value
= qmp_query_vnc_client(client
);
366 /* XXX: waiting for the qapi to support GSList */
368 info
->clients
= cur_item
= cinfo
;
370 cur_item
->next
= cinfo
;
375 if (vnc_display
->lsock
== -1) {
379 if (getsockname(vnc_display
->lsock
, (struct sockaddr
*)&sa
,
381 error_set(errp
, QERR_UNDEFINED_ERROR
);
385 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
388 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
389 error_set(errp
, QERR_UNDEFINED_ERROR
);
393 info
->has_host
= true;
394 info
->host
= g_strdup(host
);
396 info
->has_service
= true;
397 info
->service
= g_strdup(serv
);
399 info
->has_family
= true;
400 info
->family
= g_strdup(inet_strfamily(sa
.ss_family
));
402 info
->has_auth
= true;
403 info
->auth
= g_strdup(vnc_auth_name(vnc_display
));
409 qapi_free_VncInfo(info
);
414 1) Get the queue working for IO.
415 2) there is some weirdness when using the -S option (the screen is grey
416 and not totally invalidated
417 3) resolutions > 1024
420 static int vnc_update_client(VncState
*vs
, int has_dirty
);
421 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
);
422 static void vnc_disconnect_start(VncState
*vs
);
423 static void vnc_init_timer(VncDisplay
*vd
);
424 static void vnc_remove_timer(VncDisplay
*vd
);
426 static void vnc_colordepth(VncState
*vs
);
427 static void framebuffer_update_request(VncState
*vs
, int incremental
,
428 int x_position
, int y_position
,
430 static void vnc_refresh(void *opaque
);
431 static int vnc_refresh_server_surface(VncDisplay
*vd
);
433 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
435 int x
, int y
, int w
, int h
)
438 VncDisplay
*vd
= ds
->opaque
;
439 struct VncSurface
*s
= &vd
->guest
;
440 int width
= ds_get_width(ds
);
441 int height
= ds_get_height(ds
);
445 /* round x down to ensure the loop only spans one 16-pixel block per,
446 iteration. otherwise, if (x % 16) != 0, the last iteration may span
447 two 16-pixel blocks but we only mark the first as dirty
454 w
= MIN(x
+ w
, width
) - x
;
458 for (i
= 0; i
< w
; i
+= 16)
459 set_bit((x
+ i
) / 16, s
->dirty
[y
]);
462 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
465 vnc_write_u16(vs
, x
);
466 vnc_write_u16(vs
, y
);
467 vnc_write_u16(vs
, w
);
468 vnc_write_u16(vs
, h
);
470 vnc_write_s32(vs
, encoding
);
473 void buffer_reserve(Buffer
*buffer
, size_t len
)
475 if ((buffer
->capacity
- buffer
->offset
) < len
) {
476 buffer
->capacity
+= (len
+ 1024);
477 buffer
->buffer
= g_realloc(buffer
->buffer
, buffer
->capacity
);
478 if (buffer
->buffer
== NULL
) {
479 fprintf(stderr
, "vnc: out of memory\n");
485 static int buffer_empty(Buffer
*buffer
)
487 return buffer
->offset
== 0;
490 uint8_t *buffer_end(Buffer
*buffer
)
492 return buffer
->buffer
+ buffer
->offset
;
495 void buffer_reset(Buffer
*buffer
)
500 void buffer_free(Buffer
*buffer
)
502 g_free(buffer
->buffer
);
504 buffer
->capacity
= 0;
505 buffer
->buffer
= NULL
;
508 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
510 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
511 buffer
->offset
+= len
;
514 void buffer_advance(Buffer
*buf
, size_t len
)
516 memmove(buf
->buffer
, buf
->buffer
+ len
,
517 (buf
->offset
- len
));
521 static void vnc_desktop_resize(VncState
*vs
)
523 DisplayState
*ds
= vs
->ds
;
525 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
528 if (vs
->client_width
== ds_get_width(ds
) &&
529 vs
->client_height
== ds_get_height(ds
)) {
532 vs
->client_width
= ds_get_width(ds
);
533 vs
->client_height
= ds_get_height(ds
);
535 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
537 vnc_write_u16(vs
, 1); /* number of rects */
538 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
539 VNC_ENCODING_DESKTOPRESIZE
);
540 vnc_unlock_output(vs
);
544 static void vnc_abort_display_jobs(VncDisplay
*vd
)
548 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
551 vnc_unlock_output(vs
);
553 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
556 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
559 vnc_unlock_output(vs
);
563 int vnc_server_fb_stride(VncDisplay
*vd
)
565 return pixman_image_get_stride(vd
->server
);
568 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
572 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
573 ptr
+= y
* vnc_server_fb_stride(vd
);
574 ptr
+= x
* VNC_SERVER_FB_BYTES
;
578 static void vnc_dpy_resize(DisplayChangeListener
*dcl
,
581 VncDisplay
*vd
= ds
->opaque
;
584 vnc_abort_display_jobs(vd
);
587 qemu_pixman_image_unref(vd
->server
);
588 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
595 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
596 console_color_init(ds
);
598 qemu_pixman_image_unref(vd
->guest
.fb
);
599 vd
->guest
.fb
= pixman_image_ref(ds
->surface
->image
);
600 vd
->guest
.format
= ds
->surface
->format
;
601 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
603 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
605 vnc_desktop_resize(vs
);
606 if (vs
->vd
->cursor
) {
607 vnc_cursor_define(vs
);
609 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
614 static void vnc_write_pixels_copy(VncState
*vs
,
615 void *pixels
, int size
)
617 vnc_write(vs
, pixels
, size
);
620 /* slowest but generic code. */
621 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
625 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
626 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
627 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
628 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
630 # error need some bits here if you change VNC_SERVER_FB_FORMAT
632 v
= (r
<< vs
->client_pf
.rshift
) |
633 (g
<< vs
->client_pf
.gshift
) |
634 (b
<< vs
->client_pf
.bshift
);
635 switch (vs
->client_pf
.bytes_per_pixel
) {
665 static void vnc_write_pixels_generic(VncState
*vs
,
666 void *pixels1
, int size
)
670 if (VNC_SERVER_FB_BYTES
== 4) {
671 uint32_t *pixels
= pixels1
;
674 for (i
= 0; i
< n
; i
++) {
675 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
676 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
681 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
685 VncDisplay
*vd
= vs
->vd
;
687 row
= vnc_server_fb_ptr(vd
, x
, y
);
688 for (i
= 0; i
< h
; i
++) {
689 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
690 row
+= vnc_server_fb_stride(vd
);
695 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
699 switch(vs
->vnc_encoding
) {
700 case VNC_ENCODING_ZLIB
:
701 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
703 case VNC_ENCODING_HEXTILE
:
704 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
705 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
707 case VNC_ENCODING_TIGHT
:
708 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
710 case VNC_ENCODING_TIGHT_PNG
:
711 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
713 case VNC_ENCODING_ZRLE
:
714 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
716 case VNC_ENCODING_ZYWRLE
:
717 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
720 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
721 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
727 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
729 /* send bitblit op to the vnc client */
731 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
733 vnc_write_u16(vs
, 1); /* number of rects */
734 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
735 vnc_write_u16(vs
, src_x
);
736 vnc_write_u16(vs
, src_y
);
737 vnc_unlock_output(vs
);
741 static void vnc_dpy_copy(DisplayChangeListener
*dcl
,
743 int src_x
, int src_y
,
744 int dst_x
, int dst_y
, int w
, int h
)
746 VncDisplay
*vd
= ds
->opaque
;
750 int i
, x
, y
, pitch
, inc
, w_lim
, s
;
753 vnc_refresh_server_surface(vd
);
754 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
755 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
756 vs
->force_update
= 1;
757 vnc_update_client_sync(vs
, 1);
758 /* vs might be free()ed here */
762 /* do bitblit op on the local surface too */
763 pitch
= vnc_server_fb_stride(vd
);
764 src_row
= vnc_server_fb_ptr(vd
, src_x
, src_y
);
765 dst_row
= vnc_server_fb_ptr(vd
, dst_x
, dst_y
);
770 src_row
+= pitch
* (h
-1);
771 dst_row
+= pitch
* (h
-1);
776 w_lim
= w
- (16 - (dst_x
% 16));
780 w_lim
= w
- (w_lim
% 16);
781 for (i
= 0; i
< h
; i
++) {
782 for (x
= 0; x
<= w_lim
;
783 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
785 if ((s
= w
- w_lim
) == 0)
788 s
= (16 - (dst_x
% 16));
793 cmp_bytes
= s
* VNC_SERVER_FB_BYTES
;
794 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
796 memmove(dst_row
, src_row
, cmp_bytes
);
797 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
798 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
799 set_bit(((x
+ dst_x
) / 16), vs
->dirty
[y
]);
803 src_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
804 dst_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
808 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
809 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
810 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
815 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
817 int x
, int y
, int visible
)
819 /* can we ask the client(s) to move the pointer ??? */
822 static int vnc_cursor_define(VncState
*vs
)
824 QEMUCursor
*c
= vs
->vd
->cursor
;
827 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
829 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
830 vnc_write_u8(vs
, 0); /* padding */
831 vnc_write_u16(vs
, 1); /* # of rects */
832 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
833 VNC_ENCODING_RICH_CURSOR
);
834 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
835 vnc_write_pixels_generic(vs
, c
->data
, isize
);
836 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
837 vnc_unlock_output(vs
);
843 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
847 VncDisplay
*vd
= vnc_display
;
850 cursor_put(vd
->cursor
);
851 g_free(vd
->cursor_mask
);
854 cursor_get(vd
->cursor
);
855 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
856 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
857 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
859 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
860 vnc_cursor_define(vs
);
864 static int find_and_clear_dirty_height(struct VncState
*vs
,
865 int y
, int last_x
, int x
, int height
)
869 for (h
= 1; h
< (height
- y
); h
++) {
871 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
874 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++) {
875 clear_bit(tmp_x
, vs
->dirty
[y
+ h
]);
882 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
884 int ret
= vnc_update_client(vs
, has_dirty
);
889 static int vnc_update_client(VncState
*vs
, int has_dirty
)
891 if (vs
->need_update
&& vs
->csock
!= -1) {
892 VncDisplay
*vd
= vs
->vd
;
899 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
900 /* kernel send buffers are full -> drop frames to throttle */
903 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
907 * Send screen updates to the vnc client using the server
908 * surface and server dirty map. guest surface updates
909 * happening in parallel don't disturb us, the next pass will
910 * send them to the client.
912 job
= vnc_job_new(vs
);
914 width
= MIN(pixman_image_get_width(vd
->server
), vs
->client_width
);
915 height
= MIN(pixman_image_get_height(vd
->server
), vs
->client_height
);
917 for (y
= 0; y
< height
; y
++) {
920 for (x
= 0; x
< width
/ 16; x
++) {
921 if (test_and_clear_bit(x
, vs
->dirty
[y
])) {
927 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
,
930 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
931 (x
- last_x
) * 16, h
);
937 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
, height
);
938 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
939 (x
- last_x
) * 16, h
);
944 vs
->force_update
= 0;
949 vnc_disconnect_finish(vs
);
955 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
957 VncState
*vs
= opaque
;
960 case AUD_CNOTIFY_DISABLE
:
962 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
963 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
964 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
965 vnc_unlock_output(vs
);
969 case AUD_CNOTIFY_ENABLE
:
971 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
972 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
973 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
974 vnc_unlock_output(vs
);
980 static void audio_capture_destroy(void *opaque
)
984 static void audio_capture(void *opaque
, void *buf
, int size
)
986 VncState
*vs
= opaque
;
989 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
990 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
991 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
992 vnc_write_u32(vs
, size
);
993 vnc_write(vs
, buf
, size
);
994 vnc_unlock_output(vs
);
998 static void audio_add(VncState
*vs
)
1000 struct audio_capture_ops ops
;
1002 if (vs
->audio_cap
) {
1003 monitor_printf(default_mon
, "audio already running\n");
1007 ops
.notify
= audio_capture_notify
;
1008 ops
.destroy
= audio_capture_destroy
;
1009 ops
.capture
= audio_capture
;
1011 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1012 if (!vs
->audio_cap
) {
1013 monitor_printf(default_mon
, "Failed to add audio capture\n");
1017 static void audio_del(VncState
*vs
)
1019 if (vs
->audio_cap
) {
1020 AUD_del_capture(vs
->audio_cap
, vs
);
1021 vs
->audio_cap
= NULL
;
1025 static void vnc_disconnect_start(VncState
*vs
)
1027 if (vs
->csock
== -1)
1029 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1030 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1031 closesocket(vs
->csock
);
1035 void vnc_disconnect_finish(VncState
*vs
)
1039 vnc_jobs_join(vs
); /* Wait encoding jobs */
1041 vnc_lock_output(vs
);
1042 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1044 buffer_free(&vs
->input
);
1045 buffer_free(&vs
->output
);
1046 #ifdef CONFIG_VNC_WS
1047 buffer_free(&vs
->ws_input
);
1048 buffer_free(&vs
->ws_output
);
1049 #endif /* CONFIG_VNC_WS */
1051 qobject_decref(vs
->info
);
1054 vnc_tight_clear(vs
);
1057 #ifdef CONFIG_VNC_TLS
1058 vnc_tls_client_cleanup(vs
);
1059 #endif /* CONFIG_VNC_TLS */
1060 #ifdef CONFIG_VNC_SASL
1061 vnc_sasl_client_cleanup(vs
);
1062 #endif /* CONFIG_VNC_SASL */
1064 vnc_release_modifiers(vs
);
1066 if (vs
->initialized
) {
1067 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1068 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1071 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1075 vnc_remove_timer(vs
->vd
);
1076 if (vs
->vd
->lock_key_sync
)
1077 qemu_remove_led_event_handler(vs
->led
);
1078 vnc_unlock_output(vs
);
1080 qemu_mutex_destroy(&vs
->output_mutex
);
1081 if (vs
->bh
!= NULL
) {
1082 qemu_bh_delete(vs
->bh
);
1084 buffer_free(&vs
->jobs_buffer
);
1086 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1087 g_free(vs
->lossy_rect
[i
]);
1089 g_free(vs
->lossy_rect
);
1093 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1095 if (ret
== 0 || ret
== -1) {
1097 switch (last_errno
) {
1101 case WSAEWOULDBLOCK
:
1109 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1110 ret
, ret
< 0 ? last_errno
: 0);
1111 vnc_disconnect_start(vs
);
1119 void vnc_client_error(VncState
*vs
)
1121 VNC_DEBUG("Closing down client sock: protocol error\n");
1122 vnc_disconnect_start(vs
);
1127 * Called to write a chunk of data to the client socket. The data may
1128 * be the raw data, or may have already been encoded by SASL.
1129 * The data will be written either straight onto the socket, or
1130 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1132 * NB, it is theoretically possible to have 2 layers of encryption,
1133 * both SASL, and this TLS layer. It is highly unlikely in practice
1134 * though, since SASL encryption will typically be a no-op if TLS
1137 * Returns the number of bytes written, which may be less than
1138 * the requested 'datalen' if the socket would block. Returns
1139 * -1 on error, and disconnects the client socket.
1141 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1144 #ifdef CONFIG_VNC_TLS
1145 if (vs
->tls
.session
) {
1146 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1148 if (ret
== GNUTLS_E_AGAIN
)
1155 #endif /* CONFIG_VNC_TLS */
1156 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1157 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1158 return vnc_client_io_error(vs
, ret
, socket_error());
1163 * Called to write buffered data to the client socket, when not
1164 * using any SASL SSF encryption layers. Will write as much data
1165 * as possible without blocking. If all buffered data is written,
1166 * will switch the FD poll() handler back to read monitoring.
1168 * Returns the number of bytes written, which may be less than
1169 * the buffered output data if the socket would block. Returns
1170 * -1 on error, and disconnects the client socket.
1172 static long vnc_client_write_plain(VncState
*vs
)
1176 #ifdef CONFIG_VNC_SASL
1177 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1178 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1179 vs
->sasl
.waitWriteSSF
);
1181 if (vs
->sasl
.conn
&&
1183 vs
->sasl
.waitWriteSSF
) {
1184 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1186 vs
->sasl
.waitWriteSSF
-= ret
;
1188 #endif /* CONFIG_VNC_SASL */
1189 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1193 buffer_advance(&vs
->output
, ret
);
1195 if (vs
->output
.offset
== 0) {
1196 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1204 * First function called whenever there is data to be written to
1205 * the client socket. Will delegate actual work according to whether
1206 * SASL SSF layers are enabled (thus requiring encryption calls)
1208 static void vnc_client_write_locked(void *opaque
)
1210 VncState
*vs
= opaque
;
1212 #ifdef CONFIG_VNC_SASL
1213 if (vs
->sasl
.conn
&&
1215 !vs
->sasl
.waitWriteSSF
) {
1216 vnc_client_write_sasl(vs
);
1218 #endif /* CONFIG_VNC_SASL */
1220 #ifdef CONFIG_VNC_WS
1221 if (vs
->encode_ws
) {
1222 vnc_client_write_ws(vs
);
1224 #endif /* CONFIG_VNC_WS */
1226 vnc_client_write_plain(vs
);
1231 void vnc_client_write(void *opaque
)
1233 VncState
*vs
= opaque
;
1235 vnc_lock_output(vs
);
1236 if (vs
->output
.offset
1237 #ifdef CONFIG_VNC_WS
1238 || vs
->ws_output
.offset
1241 vnc_client_write_locked(opaque
);
1242 } else if (vs
->csock
!= -1) {
1243 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1245 vnc_unlock_output(vs
);
1248 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1250 vs
->read_handler
= func
;
1251 vs
->read_handler_expect
= expecting
;
1256 * Called to read a chunk of data from the client socket. The data may
1257 * be the raw data, or may need to be further decoded by SASL.
1258 * The data will be read either straight from to the socket, or
1259 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1261 * NB, it is theoretically possible to have 2 layers of encryption,
1262 * both SASL, and this TLS layer. It is highly unlikely in practice
1263 * though, since SASL encryption will typically be a no-op if TLS
1266 * Returns the number of bytes read, which may be less than
1267 * the requested 'datalen' if the socket would block. Returns
1268 * -1 on error, and disconnects the client socket.
1270 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1273 #ifdef CONFIG_VNC_TLS
1274 if (vs
->tls
.session
) {
1275 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1277 if (ret
== GNUTLS_E_AGAIN
)
1284 #endif /* CONFIG_VNC_TLS */
1285 ret
= qemu_recv(vs
->csock
, data
, datalen
, 0);
1286 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1287 return vnc_client_io_error(vs
, ret
, socket_error());
1292 * Called to read data from the client socket to the input buffer,
1293 * when not using any SASL SSF encryption layers. Will read as much
1294 * data as possible without blocking.
1296 * Returns the number of bytes read. Returns -1 on error, and
1297 * disconnects the client socket.
1299 static long vnc_client_read_plain(VncState
*vs
)
1302 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1303 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1304 buffer_reserve(&vs
->input
, 4096);
1305 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1308 vs
->input
.offset
+= ret
;
1312 static void vnc_jobs_bh(void *opaque
)
1314 VncState
*vs
= opaque
;
1316 vnc_jobs_consume_buffer(vs
);
1320 * First function called whenever there is more data to be read from
1321 * the client socket. Will delegate actual work according to whether
1322 * SASL SSF layers are enabled (thus requiring decryption calls)
1324 void vnc_client_read(void *opaque
)
1326 VncState
*vs
= opaque
;
1329 #ifdef CONFIG_VNC_SASL
1330 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1331 ret
= vnc_client_read_sasl(vs
);
1333 #endif /* CONFIG_VNC_SASL */
1334 #ifdef CONFIG_VNC_WS
1335 if (vs
->encode_ws
) {
1336 ret
= vnc_client_read_ws(vs
);
1338 vnc_disconnect_start(vs
);
1340 } else if (ret
== -2) {
1341 vnc_client_error(vs
);
1345 #endif /* CONFIG_VNC_WS */
1347 ret
= vnc_client_read_plain(vs
);
1350 if (vs
->csock
== -1)
1351 vnc_disconnect_finish(vs
);
1355 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1356 size_t len
= vs
->read_handler_expect
;
1359 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1360 if (vs
->csock
== -1) {
1361 vnc_disconnect_finish(vs
);
1366 buffer_advance(&vs
->input
, len
);
1368 vs
->read_handler_expect
= ret
;
1373 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1375 buffer_reserve(&vs
->output
, len
);
1377 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1378 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1381 buffer_append(&vs
->output
, data
, len
);
1384 void vnc_write_s32(VncState
*vs
, int32_t value
)
1386 vnc_write_u32(vs
, *(uint32_t *)&value
);
1389 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1393 buf
[0] = (value
>> 24) & 0xFF;
1394 buf
[1] = (value
>> 16) & 0xFF;
1395 buf
[2] = (value
>> 8) & 0xFF;
1396 buf
[3] = value
& 0xFF;
1398 vnc_write(vs
, buf
, 4);
1401 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1405 buf
[0] = (value
>> 8) & 0xFF;
1406 buf
[1] = value
& 0xFF;
1408 vnc_write(vs
, buf
, 2);
1411 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1413 vnc_write(vs
, (char *)&value
, 1);
1416 void vnc_flush(VncState
*vs
)
1418 vnc_lock_output(vs
);
1419 if (vs
->csock
!= -1 && (vs
->output
.offset
1420 #ifdef CONFIG_VNC_WS
1421 || vs
->ws_output
.offset
1424 vnc_client_write_locked(vs
);
1426 vnc_unlock_output(vs
);
1429 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1431 return data
[offset
];
1434 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1436 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1439 static int32_t read_s32(uint8_t *data
, size_t offset
)
1441 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1442 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1445 uint32_t read_u32(uint8_t *data
, size_t offset
)
1447 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1448 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1451 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1455 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1457 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1458 int absolute
= kbd_mouse_is_absolute();
1460 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1461 vnc_lock_output(vs
);
1462 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1463 vnc_write_u8(vs
, 0);
1464 vnc_write_u16(vs
, 1);
1465 vnc_framebuffer_update(vs
, absolute
, 0,
1466 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1467 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1468 vnc_unlock_output(vs
);
1471 vs
->absolute
= absolute
;
1474 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1479 if (button_mask
& 0x01)
1480 buttons
|= MOUSE_EVENT_LBUTTON
;
1481 if (button_mask
& 0x02)
1482 buttons
|= MOUSE_EVENT_MBUTTON
;
1483 if (button_mask
& 0x04)
1484 buttons
|= MOUSE_EVENT_RBUTTON
;
1485 if (button_mask
& 0x08)
1487 if (button_mask
& 0x10)
1491 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1492 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1493 ds_get_height(vs
->ds
) > 1 ?
1494 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1496 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1500 kbd_mouse_event(x
, y
, dz
, buttons
);
1502 if (vs
->last_x
!= -1)
1503 kbd_mouse_event(x
- vs
->last_x
,
1511 static void reset_keys(VncState
*vs
)
1514 for(i
= 0; i
< 256; i
++) {
1515 if (vs
->modifiers_state
[i
]) {
1516 if (i
& SCANCODE_GREY
)
1517 kbd_put_keycode(SCANCODE_EMUL0
);
1518 kbd_put_keycode(i
| SCANCODE_UP
);
1519 vs
->modifiers_state
[i
] = 0;
1524 static void press_key(VncState
*vs
, int keysym
)
1526 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1527 if (keycode
& SCANCODE_GREY
)
1528 kbd_put_keycode(SCANCODE_EMUL0
);
1529 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1530 if (keycode
& SCANCODE_GREY
)
1531 kbd_put_keycode(SCANCODE_EMUL0
);
1532 kbd_put_keycode(keycode
| SCANCODE_UP
);
1535 static void kbd_leds(void *opaque
, int ledstate
)
1537 VncState
*vs
= opaque
;
1540 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1541 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1543 if (vs
->modifiers_state
[0x3a] != caps
) {
1544 vs
->modifiers_state
[0x3a] = caps
;
1546 if (vs
->modifiers_state
[0x45] != num
) {
1547 vs
->modifiers_state
[0x45] = num
;
1551 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1553 /* QEMU console switch */
1555 case 0x2a: /* Left Shift */
1556 case 0x36: /* Right Shift */
1557 case 0x1d: /* Left CTRL */
1558 case 0x9d: /* Right CTRL */
1559 case 0x38: /* Left ALT */
1560 case 0xb8: /* Right ALT */
1562 vs
->modifiers_state
[keycode
] = 1;
1564 vs
->modifiers_state
[keycode
] = 0;
1566 case 0x02 ... 0x0a: /* '1' to '9' keys */
1567 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1568 /* Reset the modifiers sent to the current console */
1570 console_select(keycode
- 0x02);
1574 case 0x3a: /* CapsLock */
1575 case 0x45: /* NumLock */
1577 vs
->modifiers_state
[keycode
] ^= 1;
1581 if (down
&& vs
->vd
->lock_key_sync
&&
1582 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1583 /* If the numlock state needs to change then simulate an additional
1584 keypress before sending this one. This will happen if the user
1585 toggles numlock away from the VNC window.
1587 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1588 if (!vs
->modifiers_state
[0x45]) {
1589 vs
->modifiers_state
[0x45] = 1;
1590 press_key(vs
, 0xff7f);
1593 if (vs
->modifiers_state
[0x45]) {
1594 vs
->modifiers_state
[0x45] = 0;
1595 press_key(vs
, 0xff7f);
1600 if (down
&& vs
->vd
->lock_key_sync
&&
1601 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1602 /* If the capslock state needs to change then simulate an additional
1603 keypress before sending this one. This will happen if the user
1604 toggles capslock away from the VNC window.
1606 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1607 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1608 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1610 if (uppercase
== shift
) {
1611 vs
->modifiers_state
[0x3a] = 0;
1612 press_key(vs
, 0xffe5);
1615 if (uppercase
!= shift
) {
1616 vs
->modifiers_state
[0x3a] = 1;
1617 press_key(vs
, 0xffe5);
1622 if (is_graphic_console()) {
1623 if (keycode
& SCANCODE_GREY
)
1624 kbd_put_keycode(SCANCODE_EMUL0
);
1626 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1628 kbd_put_keycode(keycode
| SCANCODE_UP
);
1630 bool numlock
= vs
->modifiers_state
[0x45];
1631 bool control
= (vs
->modifiers_state
[0x1d] ||
1632 vs
->modifiers_state
[0x9d]);
1633 /* QEMU console emulation */
1636 case 0x2a: /* Left Shift */
1637 case 0x36: /* Right Shift */
1638 case 0x1d: /* Left CTRL */
1639 case 0x9d: /* Right CTRL */
1640 case 0x38: /* Left ALT */
1641 case 0xb8: /* Right ALT */
1644 kbd_put_keysym(QEMU_KEY_UP
);
1647 kbd_put_keysym(QEMU_KEY_DOWN
);
1650 kbd_put_keysym(QEMU_KEY_LEFT
);
1653 kbd_put_keysym(QEMU_KEY_RIGHT
);
1656 kbd_put_keysym(QEMU_KEY_DELETE
);
1659 kbd_put_keysym(QEMU_KEY_HOME
);
1662 kbd_put_keysym(QEMU_KEY_END
);
1665 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1668 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1672 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1675 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1678 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1681 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1684 kbd_put_keysym('5');
1687 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1690 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1693 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1696 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1699 kbd_put_keysym('0');
1702 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1706 kbd_put_keysym('/');
1709 kbd_put_keysym('*');
1712 kbd_put_keysym('-');
1715 kbd_put_keysym('+');
1718 kbd_put_keysym('\n');
1723 kbd_put_keysym(sym
& 0x1f);
1725 kbd_put_keysym(sym
);
1733 static void vnc_release_modifiers(VncState
*vs
)
1735 static const int keycodes
[] = {
1736 /* shift, control, alt keys, both left & right */
1737 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1741 if (!is_graphic_console()) {
1744 for (i
= 0; i
< ARRAY_SIZE(keycodes
); i
++) {
1745 keycode
= keycodes
[i
];
1746 if (!vs
->modifiers_state
[keycode
]) {
1749 if (keycode
& SCANCODE_GREY
) {
1750 kbd_put_keycode(SCANCODE_EMUL0
);
1752 kbd_put_keycode(keycode
| SCANCODE_UP
);
1756 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1761 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1762 lsym
= lsym
- 'A' + 'a';
1765 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1766 do_key_event(vs
, down
, keycode
, sym
);
1769 static void ext_key_event(VncState
*vs
, int down
,
1770 uint32_t sym
, uint16_t keycode
)
1772 /* if the user specifies a keyboard layout, always use it */
1773 if (keyboard_layout
)
1774 key_event(vs
, down
, sym
);
1776 do_key_event(vs
, down
, keycode
, sym
);
1779 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1780 int x_position
, int y_position
,
1784 const size_t width
= ds_get_width(vs
->ds
) / 16;
1786 if (y_position
> ds_get_height(vs
->ds
))
1787 y_position
= ds_get_height(vs
->ds
);
1788 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1789 h
= ds_get_height(vs
->ds
) - y_position
;
1791 vs
->need_update
= 1;
1793 vs
->force_update
= 1;
1794 for (i
= 0; i
< h
; i
++) {
1795 bitmap_set(vs
->dirty
[y_position
+ i
], 0, width
);
1796 bitmap_clear(vs
->dirty
[y_position
+ i
], width
,
1797 VNC_DIRTY_BITS
- width
);
1802 static void send_ext_key_event_ack(VncState
*vs
)
1804 vnc_lock_output(vs
);
1805 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1806 vnc_write_u8(vs
, 0);
1807 vnc_write_u16(vs
, 1);
1808 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1809 VNC_ENCODING_EXT_KEY_EVENT
);
1810 vnc_unlock_output(vs
);
1814 static void send_ext_audio_ack(VncState
*vs
)
1816 vnc_lock_output(vs
);
1817 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1818 vnc_write_u8(vs
, 0);
1819 vnc_write_u16(vs
, 1);
1820 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1821 VNC_ENCODING_AUDIO
);
1822 vnc_unlock_output(vs
);
1826 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1829 unsigned int enc
= 0;
1832 vs
->vnc_encoding
= 0;
1833 vs
->tight
.compression
= 9;
1834 vs
->tight
.quality
= -1; /* Lossless by default */
1838 * Start from the end because the encodings are sent in order of preference.
1839 * This way the preferred encoding (first encoding defined in the array)
1840 * will be set at the end of the loop.
1842 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1845 case VNC_ENCODING_RAW
:
1846 vs
->vnc_encoding
= enc
;
1848 case VNC_ENCODING_COPYRECT
:
1849 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1851 case VNC_ENCODING_HEXTILE
:
1852 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1853 vs
->vnc_encoding
= enc
;
1855 case VNC_ENCODING_TIGHT
:
1856 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1857 vs
->vnc_encoding
= enc
;
1859 #ifdef CONFIG_VNC_PNG
1860 case VNC_ENCODING_TIGHT_PNG
:
1861 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1862 vs
->vnc_encoding
= enc
;
1865 case VNC_ENCODING_ZLIB
:
1866 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1867 vs
->vnc_encoding
= enc
;
1869 case VNC_ENCODING_ZRLE
:
1870 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
1871 vs
->vnc_encoding
= enc
;
1873 case VNC_ENCODING_ZYWRLE
:
1874 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
1875 vs
->vnc_encoding
= enc
;
1877 case VNC_ENCODING_DESKTOPRESIZE
:
1878 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1880 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1881 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1883 case VNC_ENCODING_RICH_CURSOR
:
1884 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1886 case VNC_ENCODING_EXT_KEY_EVENT
:
1887 send_ext_key_event_ack(vs
);
1889 case VNC_ENCODING_AUDIO
:
1890 send_ext_audio_ack(vs
);
1892 case VNC_ENCODING_WMVi
:
1893 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1895 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1896 vs
->tight
.compression
= (enc
& 0x0F);
1898 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1899 if (vs
->vd
->lossy
) {
1900 vs
->tight
.quality
= (enc
& 0x0F);
1904 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1908 vnc_desktop_resize(vs
);
1909 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
1912 static void set_pixel_conversion(VncState
*vs
)
1914 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
1916 if (fmt
== VNC_SERVER_FB_FORMAT
) {
1917 vs
->write_pixels
= vnc_write_pixels_copy
;
1918 vnc_hextile_set_pixel_conversion(vs
, 0);
1920 vs
->write_pixels
= vnc_write_pixels_generic
;
1921 vnc_hextile_set_pixel_conversion(vs
, 1);
1925 static void set_pixel_format(VncState
*vs
,
1926 int bits_per_pixel
, int depth
,
1927 int big_endian_flag
, int true_color_flag
,
1928 int red_max
, int green_max
, int blue_max
,
1929 int red_shift
, int green_shift
, int blue_shift
)
1931 if (!true_color_flag
) {
1932 vnc_client_error(vs
);
1936 vs
->client_pf
.rmax
= red_max
;
1937 vs
->client_pf
.rbits
= hweight_long(red_max
);
1938 vs
->client_pf
.rshift
= red_shift
;
1939 vs
->client_pf
.rmask
= red_max
<< red_shift
;
1940 vs
->client_pf
.gmax
= green_max
;
1941 vs
->client_pf
.gbits
= hweight_long(green_max
);
1942 vs
->client_pf
.gshift
= green_shift
;
1943 vs
->client_pf
.gmask
= green_max
<< green_shift
;
1944 vs
->client_pf
.bmax
= blue_max
;
1945 vs
->client_pf
.bbits
= hweight_long(blue_max
);
1946 vs
->client_pf
.bshift
= blue_shift
;
1947 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
1948 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
1949 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1950 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1951 vs
->client_be
= big_endian_flag
;
1953 set_pixel_conversion(vs
);
1955 vga_hw_invalidate();
1959 static void pixel_format_message (VncState
*vs
) {
1960 char pad
[3] = { 0, 0, 0 };
1962 vs
->client_pf
= qemu_default_pixelformat(32);
1964 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
1965 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
1967 #ifdef HOST_WORDS_BIGENDIAN
1968 vnc_write_u8(vs
, 1); /* big-endian-flag */
1970 vnc_write_u8(vs
, 0); /* big-endian-flag */
1972 vnc_write_u8(vs
, 1); /* true-color-flag */
1973 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
1974 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
1975 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
1976 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
1977 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
1978 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
1979 vnc_write(vs
, pad
, 3); /* padding */
1981 vnc_hextile_set_pixel_conversion(vs
, 0);
1982 vs
->write_pixels
= vnc_write_pixels_copy
;
1985 static void vnc_dpy_setdata(DisplayChangeListener
*dcl
,
1988 VncDisplay
*vd
= ds
->opaque
;
1990 qemu_pixman_image_unref(vd
->guest
.fb
);
1991 vd
->guest
.fb
= pixman_image_ref(ds
->surface
->image
);
1992 vd
->guest
.format
= ds
->surface
->format
;
1993 vnc_dpy_update(dcl
, ds
, 0, 0, ds_get_width(ds
), ds_get_height(ds
));
1996 static void vnc_colordepth(VncState
*vs
)
1998 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1999 /* Sending a WMVi message to notify the client*/
2000 vnc_lock_output(vs
);
2001 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2002 vnc_write_u8(vs
, 0);
2003 vnc_write_u16(vs
, 1); /* number of rects */
2004 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
2005 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
2006 pixel_format_message(vs
);
2007 vnc_unlock_output(vs
);
2010 set_pixel_conversion(vs
);
2014 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2018 VncDisplay
*vd
= vs
->vd
;
2021 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2022 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock_ms(rt_clock
) + vd
->timer_interval
))
2023 qemu_mod_timer(vd
->timer
, qemu_get_clock_ms(rt_clock
) + vd
->timer_interval
);
2027 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2031 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
2032 read_u8(data
, 6), read_u8(data
, 7),
2033 read_u16(data
, 8), read_u16(data
, 10),
2034 read_u16(data
, 12), read_u8(data
, 14),
2035 read_u8(data
, 15), read_u8(data
, 16));
2037 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2042 limit
= read_u16(data
, 2);
2044 return 4 + (limit
* 4);
2046 limit
= read_u16(data
, 2);
2048 for (i
= 0; i
< limit
; i
++) {
2049 int32_t val
= read_s32(data
, 4 + (i
* 4));
2050 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2053 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2055 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2059 framebuffer_update_request(vs
,
2060 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2061 read_u16(data
, 6), read_u16(data
, 8));
2063 case VNC_MSG_CLIENT_KEY_EVENT
:
2067 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2069 case VNC_MSG_CLIENT_POINTER_EVENT
:
2073 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2075 case VNC_MSG_CLIENT_CUT_TEXT
:
2080 uint32_t dlen
= read_u32(data
, 4);
2085 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2087 case VNC_MSG_CLIENT_QEMU
:
2091 switch (read_u8(data
, 1)) {
2092 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2096 ext_key_event(vs
, read_u16(data
, 2),
2097 read_u32(data
, 4), read_u32(data
, 8));
2099 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2103 switch (read_u16 (data
, 2)) {
2104 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2107 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2110 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2113 switch (read_u8(data
, 4)) {
2114 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2115 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2116 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2117 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2118 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2119 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2121 printf("Invalid audio format %d\n", read_u8(data
, 4));
2122 vnc_client_error(vs
);
2125 vs
->as
.nchannels
= read_u8(data
, 5);
2126 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2127 printf("Invalid audio channel coount %d\n",
2129 vnc_client_error(vs
);
2132 vs
->as
.freq
= read_u32(data
, 6);
2135 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2136 vnc_client_error(vs
);
2142 printf("Msg: %d\n", read_u16(data
, 0));
2143 vnc_client_error(vs
);
2148 printf("Msg: %d\n", data
[0]);
2149 vnc_client_error(vs
);
2153 vnc_read_when(vs
, protocol_client_msg
, 1);
2157 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2163 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2164 switch (vs
->vd
->share_policy
) {
2165 case VNC_SHARE_POLICY_IGNORE
:
2167 * Ignore the shared flag. Nothing to do here.
2169 * Doesn't conform to the rfb spec but is traditional qemu
2170 * behavior, thus left here as option for compatibility
2174 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2176 * Policy: Allow clients ask for exclusive access.
2178 * Implementation: When a client asks for exclusive access,
2179 * disconnect all others. Shared connects are allowed as long
2180 * as no exclusive connection exists.
2182 * This is how the rfb spec suggests to handle the shared flag.
2184 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2186 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2190 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2191 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2194 vnc_disconnect_start(client
);
2197 if (mode
== VNC_SHARE_MODE_SHARED
) {
2198 if (vs
->vd
->num_exclusive
> 0) {
2199 vnc_disconnect_start(vs
);
2204 case VNC_SHARE_POLICY_FORCE_SHARED
:
2206 * Policy: Shared connects only.
2207 * Implementation: Disallow clients asking for exclusive access.
2209 * Useful for shared desktop sessions where you don't want
2210 * someone forgetting to say -shared when running the vnc
2211 * client disconnect everybody else.
2213 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2214 vnc_disconnect_start(vs
);
2219 vnc_set_share_mode(vs
, mode
);
2221 vs
->client_width
= ds_get_width(vs
->ds
);
2222 vs
->client_height
= ds_get_height(vs
->ds
);
2223 vnc_write_u16(vs
, vs
->client_width
);
2224 vnc_write_u16(vs
, vs
->client_height
);
2226 pixel_format_message(vs
);
2229 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2231 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2233 vnc_write_u32(vs
, size
);
2234 vnc_write(vs
, buf
, size
);
2237 vnc_client_cache_auth(vs
);
2238 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2240 vnc_read_when(vs
, protocol_client_msg
, 1);
2245 void start_client_init(VncState
*vs
)
2247 vnc_read_when(vs
, protocol_client_init
, 1);
2250 static void make_challenge(VncState
*vs
)
2254 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2256 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2257 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2260 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2262 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2264 unsigned char key
[8];
2265 time_t now
= time(NULL
);
2267 if (!vs
->vd
->password
) {
2268 VNC_DEBUG("No password configured on server");
2271 if (vs
->vd
->expires
< now
) {
2272 VNC_DEBUG("Password is expired");
2276 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2278 /* Calculate the expected challenge response */
2279 pwlen
= strlen(vs
->vd
->password
);
2280 for (i
=0; i
<sizeof(key
); i
++)
2281 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2283 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2284 des(response
+j
, response
+j
);
2286 /* Compare expected vs actual challenge response */
2287 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2288 VNC_DEBUG("Client challenge response did not match\n");
2291 VNC_DEBUG("Accepting VNC challenge response\n");
2292 vnc_write_u32(vs
, 0); /* Accept auth */
2295 start_client_init(vs
);
2300 vnc_write_u32(vs
, 1); /* Reject auth */
2301 if (vs
->minor
>= 8) {
2302 static const char err
[] = "Authentication failed";
2303 vnc_write_u32(vs
, sizeof(err
));
2304 vnc_write(vs
, err
, sizeof(err
));
2307 vnc_client_error(vs
);
2311 void start_auth_vnc(VncState
*vs
)
2314 /* Send client a 'random' challenge */
2315 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2318 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2322 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2324 /* We only advertise 1 auth scheme at a time, so client
2325 * must pick the one we sent. Verify this */
2326 if (data
[0] != vs
->auth
) { /* Reject auth */
2327 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2328 vnc_write_u32(vs
, 1);
2329 if (vs
->minor
>= 8) {
2330 static const char err
[] = "Authentication failed";
2331 vnc_write_u32(vs
, sizeof(err
));
2332 vnc_write(vs
, err
, sizeof(err
));
2334 vnc_client_error(vs
);
2335 } else { /* Accept requested auth */
2336 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2339 VNC_DEBUG("Accept auth none\n");
2340 if (vs
->minor
>= 8) {
2341 vnc_write_u32(vs
, 0); /* Accept auth completion */
2344 start_client_init(vs
);
2348 VNC_DEBUG("Start VNC auth\n");
2352 #ifdef CONFIG_VNC_TLS
2353 case VNC_AUTH_VENCRYPT
:
2354 VNC_DEBUG("Accept VeNCrypt auth\n");
2355 start_auth_vencrypt(vs
);
2357 #endif /* CONFIG_VNC_TLS */
2359 #ifdef CONFIG_VNC_SASL
2361 VNC_DEBUG("Accept SASL auth\n");
2362 start_auth_sasl(vs
);
2364 #endif /* CONFIG_VNC_SASL */
2366 default: /* Should not be possible, but just in case */
2367 VNC_DEBUG("Reject auth %d server code bug\n", vs
->auth
);
2368 vnc_write_u8(vs
, 1);
2369 if (vs
->minor
>= 8) {
2370 static const char err
[] = "Authentication failed";
2371 vnc_write_u32(vs
, sizeof(err
));
2372 vnc_write(vs
, err
, sizeof(err
));
2374 vnc_client_error(vs
);
2380 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2384 memcpy(local
, version
, 12);
2387 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2388 VNC_DEBUG("Malformed protocol version %s\n", local
);
2389 vnc_client_error(vs
);
2392 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2393 if (vs
->major
!= 3 ||
2399 VNC_DEBUG("Unsupported client version\n");
2400 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2402 vnc_client_error(vs
);
2405 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2406 * as equivalent to v3.3 by servers
2408 if (vs
->minor
== 4 || vs
->minor
== 5)
2411 if (vs
->minor
== 3) {
2412 if (vs
->auth
== VNC_AUTH_NONE
) {
2413 VNC_DEBUG("Tell client auth none\n");
2414 vnc_write_u32(vs
, vs
->auth
);
2416 start_client_init(vs
);
2417 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2418 VNC_DEBUG("Tell client VNC auth\n");
2419 vnc_write_u32(vs
, vs
->auth
);
2423 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2424 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2426 vnc_client_error(vs
);
2429 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2430 vnc_write_u8(vs
, 1); /* num auth */
2431 vnc_write_u8(vs
, vs
->auth
);
2432 vnc_read_when(vs
, protocol_client_auth
, 1);
2439 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2441 struct VncSurface
*vs
= &vd
->guest
;
2443 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2446 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2450 w
= (x
+ w
) / VNC_STAT_RECT
;
2451 h
= (y
+ h
) / VNC_STAT_RECT
;
2455 for (j
= y
; j
<= h
; j
++) {
2456 for (i
= x
; i
<= w
; i
++) {
2457 vs
->lossy_rect
[j
][i
] = 1;
2462 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2465 int sty
= y
/ VNC_STAT_RECT
;
2466 int stx
= x
/ VNC_STAT_RECT
;
2469 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2470 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2472 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2475 /* kernel send buffers are full -> refresh later */
2476 if (vs
->output
.offset
) {
2480 if (!vs
->lossy_rect
[sty
][stx
]) {
2484 vs
->lossy_rect
[sty
][stx
] = 0;
2485 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2486 bitmap_set(vs
->dirty
[y
+ j
], x
/ 16, VNC_STAT_RECT
/ 16);
2494 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2496 int width
= pixman_image_get_width(vd
->guest
.fb
);
2497 int height
= pixman_image_get_height(vd
->guest
.fb
);
2502 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2503 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2504 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2506 rect
->updated
= false;
2510 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2512 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2515 vd
->guest
.last_freq_check
= *tv
;
2517 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2518 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2519 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2520 int count
= ARRAY_SIZE(rect
->times
);
2521 struct timeval min
, max
;
2523 if (!timerisset(&rect
->times
[count
- 1])) {
2527 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2528 qemu_timersub(tv
, &max
, &res
);
2530 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2532 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2533 memset(rect
->times
, 0, sizeof (rect
->times
));
2537 min
= rect
->times
[rect
->idx
];
2538 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2539 qemu_timersub(&max
, &min
, &res
);
2541 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2542 rect
->freq
/= count
;
2543 rect
->freq
= 1. / rect
->freq
;
2549 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2555 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2556 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2558 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2559 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2560 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2572 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2576 rect
= vnc_stat_rect(vd
, x
, y
);
2577 if (rect
->updated
) {
2580 rect
->times
[rect
->idx
] = *tv
;
2581 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2582 rect
->updated
= true;
2585 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2587 int width
= pixman_image_get_width(vd
->guest
.fb
);
2588 int height
= pixman_image_get_height(vd
->guest
.fb
);
2591 uint8_t *server_row
;
2595 pixman_image_t
*tmpbuf
= NULL
;
2597 struct timeval tv
= { 0, 0 };
2599 if (!vd
->non_adaptive
) {
2600 gettimeofday(&tv
, NULL
);
2601 has_dirty
= vnc_update_stats(vd
, &tv
);
2605 * Walk through the guest dirty map.
2606 * Check and copy modified bits from guest to server surface.
2607 * Update server dirty map.
2610 if (cmp_bytes
> vnc_server_fb_stride(vd
)) {
2611 cmp_bytes
= vnc_server_fb_stride(vd
);
2613 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2614 int width
= pixman_image_get_width(vd
->server
);
2615 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2617 guest_row
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2618 server_row
= (uint8_t *)pixman_image_get_data(vd
->server
);
2619 for (y
= 0; y
< height
; y
++) {
2620 if (!bitmap_empty(vd
->guest
.dirty
[y
], VNC_DIRTY_BITS
)) {
2623 uint8_t *server_ptr
;
2625 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2626 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2627 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2629 guest_ptr
= guest_row
;
2631 server_ptr
= server_row
;
2633 for (x
= 0; x
+ 15 < width
;
2634 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2635 if (!test_and_clear_bit((x
/ 16), vd
->guest
.dirty
[y
]))
2637 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2639 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2640 if (!vd
->non_adaptive
)
2641 vnc_rect_updated(vd
, x
, y
, &tv
);
2642 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2643 set_bit((x
/ 16), vs
->dirty
[y
]);
2648 guest_row
+= pixman_image_get_stride(vd
->guest
.fb
);
2649 server_row
+= pixman_image_get_stride(vd
->server
);
2651 qemu_pixman_image_unref(tmpbuf
);
2655 static void vnc_refresh(void *opaque
)
2657 VncDisplay
*vd
= opaque
;
2659 int has_dirty
, rects
= 0;
2663 if (vnc_trylock_display(vd
)) {
2664 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2665 qemu_mod_timer(vd
->timer
, qemu_get_clock_ms(rt_clock
) +
2666 vd
->timer_interval
);
2670 has_dirty
= vnc_refresh_server_surface(vd
);
2671 vnc_unlock_display(vd
);
2673 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2674 rects
+= vnc_update_client(vs
, has_dirty
);
2675 /* vs might be free()ed here */
2678 /* vd->timer could be NULL now if the last client disconnected,
2679 * in this case don't update the timer */
2680 if (vd
->timer
== NULL
)
2683 if (has_dirty
&& rects
) {
2684 vd
->timer_interval
/= 2;
2685 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2686 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2688 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2689 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2690 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2692 qemu_mod_timer(vd
->timer
, qemu_get_clock_ms(rt_clock
) + vd
->timer_interval
);
2695 static void vnc_init_timer(VncDisplay
*vd
)
2697 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2698 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2699 vd
->timer
= qemu_new_timer_ms(rt_clock
, vnc_refresh
, vd
);
2700 vnc_dpy_resize(dcl
, vd
->ds
);
2705 static void vnc_remove_timer(VncDisplay
*vd
)
2707 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2708 qemu_del_timer(vd
->timer
);
2709 qemu_free_timer(vd
->timer
);
2714 static void vnc_connect(VncDisplay
*vd
, int csock
, int skipauth
, bool websocket
)
2716 VncState
*vs
= g_malloc0(sizeof(VncState
));
2722 vs
->auth
= VNC_AUTH_NONE
;
2723 #ifdef CONFIG_VNC_TLS
2724 vs
->subauth
= VNC_AUTH_INVALID
;
2727 vs
->auth
= vd
->auth
;
2728 #ifdef CONFIG_VNC_TLS
2729 vs
->subauth
= vd
->subauth
;
2733 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
2734 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
2735 vs
->lossy_rect
[i
] = g_malloc0(VNC_STAT_COLS
* sizeof (uint8_t));
2738 VNC_DEBUG("New client on socket %d\n", csock
);
2740 socket_set_nonblock(vs
->csock
);
2741 #ifdef CONFIG_VNC_WS
2744 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
, NULL
, vs
);
2746 #endif /* CONFIG_VNC_WS */
2748 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2751 vnc_client_cache_addr(vs
);
2752 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2753 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
2757 #ifdef CONFIG_VNC_WS
2765 void vnc_init_state(VncState
*vs
)
2767 vs
->initialized
= true;
2768 VncDisplay
*vd
= vs
->vd
;
2774 vs
->as
.freq
= 44100;
2775 vs
->as
.nchannels
= 2;
2776 vs
->as
.fmt
= AUD_FMT_S16
;
2777 vs
->as
.endianness
= 0;
2779 qemu_mutex_init(&vs
->output_mutex
);
2780 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
2782 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2786 vnc_write(vs
, "RFB 003.008\n", 12);
2788 vnc_read_when(vs
, protocol_version
, 12);
2790 if (vs
->vd
->lock_key_sync
)
2791 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2793 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2794 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2798 /* vs might be free()ed here */
2801 static void vnc_listen_read(void *opaque
, bool websocket
)
2803 VncDisplay
*vs
= opaque
;
2804 struct sockaddr_in addr
;
2805 socklen_t addrlen
= sizeof(addr
);
2810 #ifdef CONFIG_VNC_WS
2812 csock
= qemu_accept(vs
->lwebsock
, (struct sockaddr
*)&addr
, &addrlen
);
2814 #endif /* CONFIG_VNC_WS */
2816 csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2820 vnc_connect(vs
, csock
, 0, websocket
);
2824 static void vnc_listen_regular_read(void *opaque
)
2826 vnc_listen_read(opaque
, 0);
2829 #ifdef CONFIG_VNC_WS
2830 static void vnc_listen_websocket_read(void *opaque
)
2832 vnc_listen_read(opaque
, 1);
2834 #endif /* CONFIG_VNC_WS */
2836 static const DisplayChangeListenerOps dcl_ops
= {
2838 .dpy_gfx_copy
= vnc_dpy_copy
,
2839 .dpy_gfx_update
= vnc_dpy_update
,
2840 .dpy_gfx_resize
= vnc_dpy_resize
,
2841 .dpy_gfx_setdata
= vnc_dpy_setdata
,
2842 .dpy_mouse_set
= vnc_mouse_set
,
2843 .dpy_cursor_define
= vnc_dpy_cursor_define
,
2846 void vnc_display_init(DisplayState
*ds
)
2848 VncDisplay
*vs
= g_malloc0(sizeof(*vs
));
2850 dcl
= g_malloc0(sizeof(DisplayChangeListener
));
2857 #ifdef CONFIG_VNC_WS
2862 QTAILQ_INIT(&vs
->clients
);
2863 vs
->expires
= TIME_MAX
;
2865 if (keyboard_layout
)
2866 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2868 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2870 if (!vs
->kbd_layout
)
2873 qemu_mutex_init(&vs
->mutex
);
2874 vnc_start_worker_thread();
2876 dcl
->ops
= &dcl_ops
;
2877 register_displaychangelistener(ds
, dcl
);
2881 static void vnc_display_close(DisplayState
*ds
)
2883 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2888 g_free(vs
->display
);
2891 if (vs
->lsock
!= -1) {
2892 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2896 #ifdef CONFIG_VNC_WS
2897 g_free(vs
->ws_display
);
2898 vs
->ws_display
= NULL
;
2899 if (vs
->lwebsock
!= -1) {
2900 qemu_set_fd_handler2(vs
->lwebsock
, NULL
, NULL
, NULL
, NULL
);
2901 close(vs
->lwebsock
);
2904 #endif /* CONFIG_VNC_WS */
2905 vs
->auth
= VNC_AUTH_INVALID
;
2906 #ifdef CONFIG_VNC_TLS
2907 vs
->subauth
= VNC_AUTH_INVALID
;
2908 vs
->tls
.x509verify
= 0;
2912 static int vnc_display_disable_login(DisplayState
*ds
)
2914 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2921 g_free(vs
->password
);
2924 vs
->password
= NULL
;
2925 if (vs
->auth
== VNC_AUTH_NONE
) {
2926 vs
->auth
= VNC_AUTH_VNC
;
2932 int vnc_display_password(DisplayState
*ds
, const char *password
)
2934 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2941 /* This is not the intention of this interface but err on the side
2943 return vnc_display_disable_login(ds
);
2947 g_free(vs
->password
);
2948 vs
->password
= NULL
;
2950 vs
->password
= g_strdup(password
);
2951 if (vs
->auth
== VNC_AUTH_NONE
) {
2952 vs
->auth
= VNC_AUTH_VNC
;
2958 int vnc_display_pw_expire(DisplayState
*ds
, time_t expires
)
2960 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2966 vs
->expires
= expires
;
2970 char *vnc_display_local_addr(DisplayState
*ds
)
2972 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2974 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2977 void vnc_display_open(DisplayState
*ds
, const char *display
, Error
**errp
)
2979 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2980 const char *options
;
2983 #ifdef CONFIG_VNC_TLS
2984 int tls
= 0, x509
= 0;
2986 #ifdef CONFIG_VNC_SASL
2990 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2993 int lock_key_sync
= 1;
2996 error_setg(errp
, "VNC display not active");
2999 vnc_display_close(ds
);
3000 if (strcmp(display
, "none") == 0)
3003 vs
->display
= g_strdup(display
);
3004 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3007 while ((options
= strchr(options
, ','))) {
3009 if (strncmp(options
, "password", 8) == 0) {
3010 if (fips_get_state()) {
3012 "VNC password auth disabled due to FIPS mode, "
3013 "consider using the VeNCrypt or SASL authentication "
3014 "methods as an alternative");
3017 password
= 1; /* Require password auth */
3018 } else if (strncmp(options
, "reverse", 7) == 0) {
3020 } else if (strncmp(options
, "no-lock-key-sync", 16) == 0) {
3022 #ifdef CONFIG_VNC_SASL
3023 } else if (strncmp(options
, "sasl", 4) == 0) {
3024 sasl
= 1; /* Require SASL auth */
3026 #ifdef CONFIG_VNC_WS
3027 } else if (strncmp(options
, "websocket", 9) == 0) {
3031 /* Check for 'websocket=<port>' */
3032 start
= strchr(options
, '=');
3033 end
= strchr(options
, ',');
3034 if (start
&& (!end
|| (start
< end
))) {
3035 int len
= end
? end
-(start
+1) : strlen(start
+1);
3037 /* extract the host specification from display */
3038 char *host
= NULL
, *port
= NULL
, *host_end
= NULL
;
3039 port
= g_strndup(start
+ 1, len
);
3041 /* ipv6 hosts have colons */
3042 end
= strchr(display
, ',');
3043 host_end
= g_strrstr_len(display
, end
- display
, ":");
3046 host
= g_strndup(display
, host_end
- display
+ 1);
3048 host
= g_strndup(":", 1);
3050 vs
->ws_display
= g_strconcat(host
, port
, NULL
);
3055 #endif /* CONFIG_VNC_WS */
3056 #ifdef CONFIG_VNC_TLS
3057 } else if (strncmp(options
, "tls", 3) == 0) {
3058 tls
= 1; /* Require TLS */
3059 } else if (strncmp(options
, "x509", 4) == 0) {
3061 x509
= 1; /* Require x509 certificates */
3062 if (strncmp(options
, "x509verify", 10) == 0)
3063 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
3065 /* Now check for 'x509=/some/path' postfix
3066 * and use that to setup x509 certificate/key paths */
3067 start
= strchr(options
, '=');
3068 end
= strchr(options
, ',');
3069 if (start
&& (!end
|| (start
< end
))) {
3070 int len
= end
? end
-(start
+1) : strlen(start
+1);
3071 char *path
= g_strndup(start
+ 1, len
);
3073 VNC_DEBUG("Trying certificate path '%s'\n", path
);
3074 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
3075 error_setg(errp
, "Failed to find x509 certificates/keys in %s", path
);
3081 error_setg(errp
, "No certificate path provided");
3085 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3086 } else if (strncmp(options
, "acl", 3) == 0) {
3089 } else if (strncmp(options
, "lossy", 5) == 0) {
3091 } else if (strncmp(options
, "non-adaptive", 12) == 0) {
3092 vs
->non_adaptive
= true;
3093 } else if (strncmp(options
, "share=", 6) == 0) {
3094 if (strncmp(options
+6, "ignore", 6) == 0) {
3095 vs
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3096 } else if (strncmp(options
+6, "allow-exclusive", 15) == 0) {
3097 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3098 } else if (strncmp(options
+6, "force-shared", 12) == 0) {
3099 vs
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3101 error_setg(errp
, "unknown vnc share= option");
3107 #ifdef CONFIG_VNC_TLS
3108 if (acl
&& x509
&& vs
->tls
.x509verify
) {
3109 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
3110 fprintf(stderr
, "Failed to create x509 dname ACL\n");
3115 #ifdef CONFIG_VNC_SASL
3117 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
3118 fprintf(stderr
, "Failed to create username ACL\n");
3125 * Combinations we support here:
3127 * - no-auth (clear text, no auth)
3128 * - password (clear text, weak auth)
3129 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3130 * - tls (encrypt, weak anonymous creds, no auth)
3131 * - tls + password (encrypt, weak anonymous creds, weak auth)
3132 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3133 * - tls + x509 (encrypt, good x509 creds, no auth)
3134 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3135 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3137 * NB1. TLS is a stackable auth scheme.
3138 * NB2. the x509 schemes have option to validate a client cert dname
3141 #ifdef CONFIG_VNC_TLS
3143 vs
->auth
= VNC_AUTH_VENCRYPT
;
3145 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3146 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3148 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3149 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3152 #endif /* CONFIG_VNC_TLS */
3153 VNC_DEBUG("Initializing VNC server with password auth\n");
3154 vs
->auth
= VNC_AUTH_VNC
;
3155 #ifdef CONFIG_VNC_TLS
3156 vs
->subauth
= VNC_AUTH_INVALID
;
3158 #endif /* CONFIG_VNC_TLS */
3159 #ifdef CONFIG_VNC_SASL
3161 #ifdef CONFIG_VNC_TLS
3163 vs
->auth
= VNC_AUTH_VENCRYPT
;
3165 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3166 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3168 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3169 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3172 #endif /* CONFIG_VNC_TLS */
3173 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3174 vs
->auth
= VNC_AUTH_SASL
;
3175 #ifdef CONFIG_VNC_TLS
3176 vs
->subauth
= VNC_AUTH_INVALID
;
3178 #endif /* CONFIG_VNC_TLS */
3179 #endif /* CONFIG_VNC_SASL */
3181 #ifdef CONFIG_VNC_TLS
3183 vs
->auth
= VNC_AUTH_VENCRYPT
;
3185 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3186 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3188 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3189 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3193 VNC_DEBUG("Initializing VNC server with no auth\n");
3194 vs
->auth
= VNC_AUTH_NONE
;
3195 #ifdef CONFIG_VNC_TLS
3196 vs
->subauth
= VNC_AUTH_INVALID
;
3201 #ifdef CONFIG_VNC_SASL
3202 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
3203 error_setg(errp
, "Failed to initialize SASL auth: %s",
3204 sasl_errstring(saslErr
, NULL
, NULL
));
3208 vs
->lock_key_sync
= lock_key_sync
;
3211 /* connect to viewer */
3214 #ifdef CONFIG_VNC_WS
3217 if (strncmp(display
, "unix:", 5) == 0) {
3218 csock
= unix_connect(display
+5, errp
);
3220 csock
= inet_connect(display
, errp
);
3225 vnc_connect(vs
, csock
, 0, 0);
3227 /* listen for connects */
3229 dpy
= g_malloc(256);
3230 if (strncmp(display
, "unix:", 5) == 0) {
3231 pstrcpy(dpy
, 256, "unix:");
3232 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5, errp
);
3234 vs
->lsock
= inet_listen(display
, dpy
, 256,
3235 SOCK_STREAM
, 5900, errp
);
3236 if (vs
->lsock
< 0) {
3240 #ifdef CONFIG_VNC_WS
3241 if (vs
->websocket
) {
3242 if (vs
->ws_display
) {
3243 vs
->lwebsock
= inet_listen(vs
->ws_display
, NULL
, 256,
3244 SOCK_STREAM
, 0, errp
);
3246 vs
->lwebsock
= inet_listen(vs
->display
, NULL
, 256,
3247 SOCK_STREAM
, 5700, errp
);
3250 if (vs
->lwebsock
< 0) {
3259 #endif /* CONFIG_VNC_WS */
3261 g_free(vs
->display
);
3263 qemu_set_fd_handler2(vs
->lsock
, NULL
,
3264 vnc_listen_regular_read
, NULL
, vs
);
3265 #ifdef CONFIG_VNC_WS
3266 if (vs
->websocket
) {
3267 qemu_set_fd_handler2(vs
->lwebsock
, NULL
,
3268 vnc_listen_websocket_read
, NULL
, vs
);
3270 #endif /* CONFIG_VNC_WS */
3275 g_free(vs
->display
);
3277 #ifdef CONFIG_VNC_WS
3278 g_free(vs
->ws_display
);
3279 vs
->ws_display
= NULL
;
3280 #endif /* CONFIG_VNC_WS */
3283 void vnc_display_add_client(DisplayState
*ds
, int csock
, int skipauth
)
3285 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
3287 vnc_connect(vs
, csock
, skipauth
, 0);