2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #include "qemu-objects.h"
34 #define VNC_REFRESH_INTERVAL_BASE 30
35 #define VNC_REFRESH_INTERVAL_INC 50
36 #define VNC_REFRESH_INTERVAL_MAX 2000
38 #include "vnc_keysym.h"
41 #define count_bits(c, v) { \
42 for (c = 0; v; v >>= 1) \
49 static VncDisplay
*vnc_display
; /* needed for info vnc */
50 static DisplayChangeListener
*dcl
;
52 static int vnc_cursor_define(VncState
*vs
);
54 static char *addr_to_string(const char *format
,
55 struct sockaddr_storage
*sa
,
58 char host
[NI_MAXHOST
];
59 char serv
[NI_MAXSERV
];
63 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
66 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err
, gai_strerror(err
));
72 /* Enough for the existing format + the 2 vars we're
74 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
75 addr
= qemu_malloc(addrlen
+ 1);
76 snprintf(addr
, addrlen
, format
, host
, serv
);
83 char *vnc_socket_local_addr(const char *format
, int fd
) {
84 struct sockaddr_storage sa
;
88 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
91 return addr_to_string(format
, &sa
, salen
);
94 char *vnc_socket_remote_addr(const char *format
, int fd
) {
95 struct sockaddr_storage sa
;
99 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
102 return addr_to_string(format
, &sa
, salen
);
105 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
108 char host
[NI_MAXHOST
];
109 char serv
[NI_MAXSERV
];
112 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
115 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err
, gai_strerror(err
));
121 qdict_put(qdict
, "host", qstring_from_str(host
));
122 qdict_put(qdict
, "service", qstring_from_str(serv
));
123 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
128 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
130 struct sockaddr_storage sa
;
134 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
138 return put_addr_qdict(qdict
, &sa
, salen
);
141 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
143 struct sockaddr_storage sa
;
147 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
151 return put_addr_qdict(qdict
, &sa
, salen
);
154 static const char *vnc_auth_name(VncDisplay
*vd
) {
156 case VNC_AUTH_INVALID
:
172 case VNC_AUTH_VENCRYPT
:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd
->subauth
) {
175 case VNC_AUTH_VENCRYPT_PLAIN
:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE
:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC
:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE
:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC
:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN
:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL
:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL
:
192 return "vencrypt+x509+sasl";
205 static int vnc_server_info_put(QDict
*qdict
)
207 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
211 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
215 static void vnc_client_cache_auth(VncState
*client
)
223 qdict
= qobject_to_qdict(client
->info
);
225 #ifdef CONFIG_VNC_TLS
226 if (client
->tls
.session
&&
228 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
231 #ifdef CONFIG_VNC_SASL
232 if (client
->sasl
.conn
&&
233 client
->sasl
.username
) {
234 qdict_put(qdict
, "sasl_username",
235 qstring_from_str(client
->sasl
.username
));
240 static void vnc_client_cache_addr(VncState
*client
)
245 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
247 /* XXX: how to report the error? */
251 client
->info
= QOBJECT(qdict
);
254 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
263 server
= qdict_new();
264 if (vnc_server_info_put(server
) < 0) {
269 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
270 vs
->info
, QOBJECT(server
));
272 monitor_protocol_event(event
, data
);
274 qobject_incref(vs
->info
);
275 qobject_decref(data
);
278 static void info_vnc_iter(QObject
*obj
, void *opaque
)
281 Monitor
*mon
= opaque
;
283 client
= qobject_to_qdict(obj
);
284 monitor_printf(mon
, "Client:\n");
285 monitor_printf(mon
, " address: %s:%s\n",
286 qdict_get_str(client
, "host"),
287 qdict_get_str(client
, "service"));
289 #ifdef CONFIG_VNC_TLS
290 monitor_printf(mon
, " x509_dname: %s\n",
291 qdict_haskey(client
, "x509_dname") ?
292 qdict_get_str(client
, "x509_dname") : "none");
294 #ifdef CONFIG_VNC_SASL
295 monitor_printf(mon
, " username: %s\n",
296 qdict_haskey(client
, "sasl_username") ?
297 qdict_get_str(client
, "sasl_username") : "none");
301 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
306 server
= qobject_to_qdict(data
);
307 if (qdict_get_bool(server
, "enabled") == 0) {
308 monitor_printf(mon
, "Server: disabled\n");
312 monitor_printf(mon
, "Server:\n");
313 monitor_printf(mon
, " address: %s:%s\n",
314 qdict_get_str(server
, "host"),
315 qdict_get_str(server
, "service"));
316 monitor_printf(mon
, " auth: %s\n", qdict_get_str(server
, "auth"));
318 clients
= qdict_get_qlist(server
, "clients");
319 if (qlist_empty(clients
)) {
320 monitor_printf(mon
, "Client: none\n");
322 qlist_iter(clients
, info_vnc_iter
, mon
);
327 * do_info_vnc(): Show VNC server information
329 * Return a QDict with server information. Connected clients are returned
330 * as a QList of QDicts.
332 * The main QDict contains the following:
334 * - "enabled": true or false
335 * - "host": server's IP address
336 * - "family": address family ("ipv4" or "ipv6")
337 * - "service": server's port number
338 * - "auth": authentication method
339 * - "clients": a QList of all connected clients
341 * Clients are described by a QDict, with the following information:
343 * - "host": client's IP address
344 * - "family": address family ("ipv4" or "ipv6")
345 * - "service": client's port number
346 * - "x509_dname": TLS dname (optional)
347 * - "sasl_username": SASL username (optional)
351 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",
353 * "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}
355 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
357 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
358 *ret_data
= qobject_from_jsonf("{ 'enabled': false }");
364 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
366 /* incref so that it's not freed by upper layers */
367 qobject_incref(client
->info
);
368 qlist_append_obj(clist
, client
->info
);
372 *ret_data
= qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
374 assert(*ret_data
!= NULL
);
376 if (vnc_server_info_put(qobject_to_qdict(*ret_data
)) < 0) {
377 qobject_decref(*ret_data
);
383 static inline uint32_t vnc_has_feature(VncState
*vs
, int feature
) {
384 return (vs
->features
& (1 << feature
));
388 1) Get the queue working for IO.
389 2) there is some weirdness when using the -S option (the screen is grey
390 and not totally invalidated
391 3) resolutions > 1024
394 static int vnc_update_client(VncState
*vs
, int has_dirty
);
395 static void vnc_disconnect_start(VncState
*vs
);
396 static void vnc_disconnect_finish(VncState
*vs
);
397 static void vnc_init_timer(VncDisplay
*vd
);
398 static void vnc_remove_timer(VncDisplay
*vd
);
400 static void vnc_colordepth(VncState
*vs
);
401 static void framebuffer_update_request(VncState
*vs
, int incremental
,
402 int x_position
, int y_position
,
404 static void vnc_refresh(void *opaque
);
405 static int vnc_refresh_server_surface(VncDisplay
*vd
);
407 static inline void vnc_set_bit(uint32_t *d
, int k
)
409 d
[k
>> 5] |= 1 << (k
& 0x1f);
412 static inline void vnc_clear_bit(uint32_t *d
, int k
)
414 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
417 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
427 d
[j
++] = (1 << n
) - 1;
432 static inline int vnc_get_bit(const uint32_t *d
, int k
)
434 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
437 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
441 for(i
= 0; i
< nb_words
; i
++) {
442 if ((d1
[i
] & d2
[i
]) != 0)
448 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
451 VncDisplay
*vd
= ds
->opaque
;
452 struct VncSurface
*s
= &vd
->guest
;
456 /* round x down to ensure the loop only spans one 16-pixel block per,
457 iteration. otherwise, if (x % 16) != 0, the last iteration may span
458 two 16-pixel blocks but we only mark the first as dirty
463 x
= MIN(x
, s
->ds
->width
);
464 y
= MIN(y
, s
->ds
->height
);
465 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
466 h
= MIN(h
, s
->ds
->height
);
469 for (i
= 0; i
< w
; i
+= 16)
470 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
473 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
476 vnc_write_u16(vs
, x
);
477 vnc_write_u16(vs
, y
);
478 vnc_write_u16(vs
, w
);
479 vnc_write_u16(vs
, h
);
481 vnc_write_s32(vs
, encoding
);
484 void buffer_reserve(Buffer
*buffer
, size_t len
)
486 if ((buffer
->capacity
- buffer
->offset
) < len
) {
487 buffer
->capacity
+= (len
+ 1024);
488 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
489 if (buffer
->buffer
== NULL
) {
490 fprintf(stderr
, "vnc: out of memory\n");
496 int buffer_empty(Buffer
*buffer
)
498 return buffer
->offset
== 0;
501 uint8_t *buffer_end(Buffer
*buffer
)
503 return buffer
->buffer
+ buffer
->offset
;
506 void buffer_reset(Buffer
*buffer
)
511 void buffer_free(Buffer
*buffer
)
513 qemu_free(buffer
->buffer
);
515 buffer
->capacity
= 0;
516 buffer
->buffer
= NULL
;
519 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
521 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
522 buffer
->offset
+= len
;
525 static void vnc_dpy_resize(DisplayState
*ds
)
528 VncDisplay
*vd
= ds
->opaque
;
533 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
534 if (vd
->server
->data
)
535 qemu_free(vd
->server
->data
);
536 *(vd
->server
) = *(ds
->surface
);
537 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
542 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
543 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
544 console_color_init(ds
);
545 size_changed
= ds_get_width(ds
) != vd
->guest
.ds
->width
||
546 ds_get_height(ds
) != vd
->guest
.ds
->height
;
547 *(vd
->guest
.ds
) = *(ds
->surface
);
548 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
550 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
553 if (vs
->csock
!= -1 && vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
554 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
556 vnc_write_u16(vs
, 1); /* number of rects */
557 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
),
558 VNC_ENCODING_DESKTOPRESIZE
);
562 if (vs
->vd
->cursor
) {
563 vnc_cursor_define(vs
);
565 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
570 static void vnc_write_pixels_copy(VncState
*vs
, struct PixelFormat
*pf
,
571 void *pixels
, int size
)
573 vnc_write(vs
, pixels
, size
);
576 /* slowest but generic code. */
577 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
580 VncDisplay
*vd
= vs
->vd
;
582 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
583 vd
->server
->pf
.rbits
);
584 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
585 vd
->server
->pf
.gbits
);
586 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
587 vd
->server
->pf
.bbits
);
588 v
= (r
<< vs
->clientds
.pf
.rshift
) |
589 (g
<< vs
->clientds
.pf
.gshift
) |
590 (b
<< vs
->clientds
.pf
.bshift
);
591 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
596 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
606 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
621 static void vnc_write_pixels_generic(VncState
*vs
, struct PixelFormat
*pf
,
622 void *pixels1
, int size
)
626 if (pf
->bytes_per_pixel
== 4) {
627 uint32_t *pixels
= pixels1
;
630 for(i
= 0; i
< n
; i
++) {
631 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
632 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
634 } else if (pf
->bytes_per_pixel
== 2) {
635 uint16_t *pixels
= pixels1
;
638 for(i
= 0; i
< n
; i
++) {
639 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
640 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
642 } else if (pf
->bytes_per_pixel
== 1) {
643 uint8_t *pixels
= pixels1
;
646 for(i
= 0; i
< n
; i
++) {
647 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
648 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
651 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
655 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
659 VncDisplay
*vd
= vs
->vd
;
661 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
662 for (i
= 0; i
< h
; i
++) {
663 vs
->write_pixels(vs
, &vd
->server
->pf
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
664 row
+= ds_get_linesize(vs
->ds
);
669 static int send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
673 switch(vs
->vnc_encoding
) {
674 case VNC_ENCODING_ZLIB
:
675 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
677 case VNC_ENCODING_HEXTILE
:
678 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
679 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
682 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
683 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
689 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
691 /* send bitblit op to the vnc client */
692 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
694 vnc_write_u16(vs
, 1); /* number of rects */
695 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
696 vnc_write_u16(vs
, src_x
);
697 vnc_write_u16(vs
, src_y
);
701 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
703 VncDisplay
*vd
= ds
->opaque
;
707 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
710 vnc_refresh_server_surface(vd
);
711 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
712 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
713 vs
->force_update
= 1;
714 vnc_update_client(vs
, 1);
715 /* vs might be free()ed here */
719 /* do bitblit op on the local surface too */
720 pitch
= ds_get_linesize(vd
->ds
);
721 depth
= ds_get_bytes_per_pixel(vd
->ds
);
722 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
723 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
728 src_row
+= pitch
* (h
-1);
729 dst_row
+= pitch
* (h
-1);
734 w_lim
= w
- (16 - (dst_x
% 16));
738 w_lim
= w
- (w_lim
% 16);
739 for (i
= 0; i
< h
; i
++) {
740 for (x
= 0; x
<= w_lim
;
741 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
743 if ((s
= w
- w_lim
) == 0)
746 s
= (16 - (dst_x
% 16));
751 cmp_bytes
= s
* depth
;
752 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
754 memmove(dst_row
, src_row
, cmp_bytes
);
755 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
756 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
757 vnc_set_bit(vs
->dirty
[y
], ((x
+ dst_x
) / 16));
761 src_row
+= pitch
- w
* depth
;
762 dst_row
+= pitch
- w
* depth
;
766 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
767 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
768 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
773 static void vnc_mouse_set(int x
, int y
, int visible
)
775 /* can we ask the client(s) to move the pointer ??? */
778 static int vnc_cursor_define(VncState
*vs
)
780 QEMUCursor
*c
= vs
->vd
->cursor
;
781 PixelFormat pf
= qemu_default_pixelformat(32);
784 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
785 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
786 vnc_write_u8(vs
, 0); /* padding */
787 vnc_write_u16(vs
, 1); /* # of rects */
788 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
789 VNC_ENCODING_RICH_CURSOR
);
790 isize
= c
->width
* c
->height
* vs
->clientds
.pf
.bytes_per_pixel
;
791 vnc_write_pixels_generic(vs
, &pf
, c
->data
, isize
);
792 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
798 static void vnc_dpy_cursor_define(QEMUCursor
*c
)
800 VncDisplay
*vd
= vnc_display
;
803 cursor_put(vd
->cursor
);
804 qemu_free(vd
->cursor_mask
);
807 cursor_get(vd
->cursor
);
808 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
809 vd
->cursor_mask
= qemu_mallocz(vd
->cursor_msize
);
810 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
812 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
813 vnc_cursor_define(vs
);
817 static int find_and_clear_dirty_height(struct VncState
*vs
,
818 int y
, int last_x
, int x
)
821 VncDisplay
*vd
= vs
->vd
;
823 for (h
= 1; h
< (vd
->server
->height
- y
); h
++) {
825 if (!vnc_get_bit(vs
->dirty
[y
+ h
], last_x
))
827 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
828 vnc_clear_bit(vs
->dirty
[y
+ h
], tmp_x
);
834 static int vnc_update_client(VncState
*vs
, int has_dirty
)
836 if (vs
->need_update
&& vs
->csock
!= -1) {
837 VncDisplay
*vd
= vs
->vd
;
843 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
844 /* kernel send buffers are full -> drop frames to throttle */
847 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
851 * Send screen updates to the vnc client using the server
852 * surface and server dirty map. guest surface updates
853 * happening in parallel don't disturb us, the next pass will
854 * send them to the client.
857 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
859 saved_offset
= vs
->output
.offset
;
860 vnc_write_u16(vs
, 0);
862 for (y
= 0; y
< vd
->server
->height
; y
++) {
865 for (x
= 0; x
< vd
->server
->width
/ 16; x
++) {
866 if (vnc_get_bit(vs
->dirty
[y
], x
)) {
870 vnc_clear_bit(vs
->dirty
[y
], x
);
873 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
874 n
= send_framebuffer_update(vs
, last_x
* 16, y
,
875 (x
- last_x
) * 16, h
);
882 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
883 n
= send_framebuffer_update(vs
, last_x
* 16, y
,
884 (x
- last_x
) * 16, h
);
888 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
889 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
891 vs
->force_update
= 0;
896 vnc_disconnect_finish(vs
);
902 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
904 VncState
*vs
= opaque
;
907 case AUD_CNOTIFY_DISABLE
:
908 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
909 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
910 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
914 case AUD_CNOTIFY_ENABLE
:
915 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
916 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
917 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
923 static void audio_capture_destroy(void *opaque
)
927 static void audio_capture(void *opaque
, void *buf
, int size
)
929 VncState
*vs
= opaque
;
931 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
932 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
933 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
934 vnc_write_u32(vs
, size
);
935 vnc_write(vs
, buf
, size
);
939 static void audio_add(VncState
*vs
)
941 struct audio_capture_ops ops
;
944 monitor_printf(default_mon
, "audio already running\n");
948 ops
.notify
= audio_capture_notify
;
949 ops
.destroy
= audio_capture_destroy
;
950 ops
.capture
= audio_capture
;
952 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
953 if (!vs
->audio_cap
) {
954 monitor_printf(default_mon
, "Failed to add audio capture\n");
958 static void audio_del(VncState
*vs
)
961 AUD_del_capture(vs
->audio_cap
, vs
);
962 vs
->audio_cap
= NULL
;
966 static void vnc_disconnect_start(VncState
*vs
)
970 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
971 closesocket(vs
->csock
);
975 static void vnc_disconnect_finish(VncState
*vs
)
977 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
979 buffer_free(&vs
->input
);
980 buffer_free(&vs
->output
);
982 qobject_decref(vs
->info
);
986 #ifdef CONFIG_VNC_TLS
987 vnc_tls_client_cleanup(vs
);
988 #endif /* CONFIG_VNC_TLS */
989 #ifdef CONFIG_VNC_SASL
990 vnc_sasl_client_cleanup(vs
);
991 #endif /* CONFIG_VNC_SASL */
994 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
996 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1000 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1001 vnc_remove_timer(vs
->vd
);
1002 if (vs
->vd
->lock_key_sync
)
1003 qemu_remove_led_event_handler(vs
->led
);
1007 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1009 if (ret
== 0 || ret
== -1) {
1011 switch (last_errno
) {
1015 case WSAEWOULDBLOCK
:
1023 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1024 ret
, ret
< 0 ? last_errno
: 0);
1025 vnc_disconnect_start(vs
);
1033 void vnc_client_error(VncState
*vs
)
1035 VNC_DEBUG("Closing down client sock: protocol error\n");
1036 vnc_disconnect_start(vs
);
1041 * Called to write a chunk of data to the client socket. The data may
1042 * be the raw data, or may have already been encoded by SASL.
1043 * The data will be written either straight onto the socket, or
1044 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1046 * NB, it is theoretically possible to have 2 layers of encryption,
1047 * both SASL, and this TLS layer. It is highly unlikely in practice
1048 * though, since SASL encryption will typically be a no-op if TLS
1051 * Returns the number of bytes written, which may be less than
1052 * the requested 'datalen' if the socket would block. Returns
1053 * -1 on error, and disconnects the client socket.
1055 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1058 #ifdef CONFIG_VNC_TLS
1059 if (vs
->tls
.session
) {
1060 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1062 if (ret
== GNUTLS_E_AGAIN
)
1069 #endif /* CONFIG_VNC_TLS */
1070 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1071 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1072 return vnc_client_io_error(vs
, ret
, socket_error());
1077 * Called to write buffered data to the client socket, when not
1078 * using any SASL SSF encryption layers. Will write as much data
1079 * as possible without blocking. If all buffered data is written,
1080 * will switch the FD poll() handler back to read monitoring.
1082 * Returns the number of bytes written, which may be less than
1083 * the buffered output data if the socket would block. Returns
1084 * -1 on error, and disconnects the client socket.
1086 static long vnc_client_write_plain(VncState
*vs
)
1090 #ifdef CONFIG_VNC_SASL
1091 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1092 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1093 vs
->sasl
.waitWriteSSF
);
1095 if (vs
->sasl
.conn
&&
1097 vs
->sasl
.waitWriteSSF
) {
1098 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1100 vs
->sasl
.waitWriteSSF
-= ret
;
1102 #endif /* CONFIG_VNC_SASL */
1103 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1107 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1108 vs
->output
.offset
-= ret
;
1110 if (vs
->output
.offset
== 0) {
1111 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1119 * First function called whenever there is data to be written to
1120 * the client socket. Will delegate actual work according to whether
1121 * SASL SSF layers are enabled (thus requiring encryption calls)
1123 void vnc_client_write(void *opaque
)
1125 VncState
*vs
= opaque
;
1127 #ifdef CONFIG_VNC_SASL
1128 if (vs
->sasl
.conn
&&
1130 !vs
->sasl
.waitWriteSSF
) {
1131 vnc_client_write_sasl(vs
);
1133 #endif /* CONFIG_VNC_SASL */
1134 vnc_client_write_plain(vs
);
1137 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1139 vs
->read_handler
= func
;
1140 vs
->read_handler_expect
= expecting
;
1145 * Called to read a chunk of data from the client socket. The data may
1146 * be the raw data, or may need to be further decoded by SASL.
1147 * The data will be read either straight from to the socket, or
1148 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1150 * NB, it is theoretically possible to have 2 layers of encryption,
1151 * both SASL, and this TLS layer. It is highly unlikely in practice
1152 * though, since SASL encryption will typically be a no-op if TLS
1155 * Returns the number of bytes read, which may be less than
1156 * the requested 'datalen' if the socket would block. Returns
1157 * -1 on error, and disconnects the client socket.
1159 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1162 #ifdef CONFIG_VNC_TLS
1163 if (vs
->tls
.session
) {
1164 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1166 if (ret
== GNUTLS_E_AGAIN
)
1173 #endif /* CONFIG_VNC_TLS */
1174 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1175 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1176 return vnc_client_io_error(vs
, ret
, socket_error());
1181 * Called to read data from the client socket to the input buffer,
1182 * when not using any SASL SSF encryption layers. Will read as much
1183 * data as possible without blocking.
1185 * Returns the number of bytes read. Returns -1 on error, and
1186 * disconnects the client socket.
1188 static long vnc_client_read_plain(VncState
*vs
)
1191 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1192 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1193 buffer_reserve(&vs
->input
, 4096);
1194 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1197 vs
->input
.offset
+= ret
;
1203 * First function called whenever there is more data to be read from
1204 * the client socket. Will delegate actual work according to whether
1205 * SASL SSF layers are enabled (thus requiring decryption calls)
1207 void vnc_client_read(void *opaque
)
1209 VncState
*vs
= opaque
;
1212 #ifdef CONFIG_VNC_SASL
1213 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1214 ret
= vnc_client_read_sasl(vs
);
1216 #endif /* CONFIG_VNC_SASL */
1217 ret
= vnc_client_read_plain(vs
);
1219 if (vs
->csock
== -1)
1220 vnc_disconnect_finish(vs
);
1224 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1225 size_t len
= vs
->read_handler_expect
;
1228 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1229 if (vs
->csock
== -1) {
1230 vnc_disconnect_finish(vs
);
1235 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1236 vs
->input
.offset
-= len
;
1238 vs
->read_handler_expect
= ret
;
1243 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1245 buffer_reserve(&vs
->output
, len
);
1247 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1248 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1251 buffer_append(&vs
->output
, data
, len
);
1254 void vnc_write_s32(VncState
*vs
, int32_t value
)
1256 vnc_write_u32(vs
, *(uint32_t *)&value
);
1259 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1263 buf
[0] = (value
>> 24) & 0xFF;
1264 buf
[1] = (value
>> 16) & 0xFF;
1265 buf
[2] = (value
>> 8) & 0xFF;
1266 buf
[3] = value
& 0xFF;
1268 vnc_write(vs
, buf
, 4);
1271 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1275 buf
[0] = (value
>> 8) & 0xFF;
1276 buf
[1] = value
& 0xFF;
1278 vnc_write(vs
, buf
, 2);
1281 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1283 vnc_write(vs
, (char *)&value
, 1);
1286 void vnc_flush(VncState
*vs
)
1288 if (vs
->csock
!= -1 && vs
->output
.offset
)
1289 vnc_client_write(vs
);
1292 uint8_t read_u8(uint8_t *data
, size_t offset
)
1294 return data
[offset
];
1297 uint16_t read_u16(uint8_t *data
, size_t offset
)
1299 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1302 int32_t read_s32(uint8_t *data
, size_t offset
)
1304 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1305 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1308 uint32_t read_u32(uint8_t *data
, size_t offset
)
1310 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1311 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1314 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1318 static void check_pointer_type_change(Notifier
*notifier
)
1320 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1321 int absolute
= kbd_mouse_is_absolute();
1323 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1324 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1325 vnc_write_u8(vs
, 0);
1326 vnc_write_u16(vs
, 1);
1327 vnc_framebuffer_update(vs
, absolute
, 0,
1328 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1329 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1332 vs
->absolute
= absolute
;
1335 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1340 if (button_mask
& 0x01)
1341 buttons
|= MOUSE_EVENT_LBUTTON
;
1342 if (button_mask
& 0x02)
1343 buttons
|= MOUSE_EVENT_MBUTTON
;
1344 if (button_mask
& 0x04)
1345 buttons
|= MOUSE_EVENT_RBUTTON
;
1346 if (button_mask
& 0x08)
1348 if (button_mask
& 0x10)
1352 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1353 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1354 ds_get_height(vs
->ds
) > 1 ?
1355 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1357 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1361 kbd_mouse_event(x
, y
, dz
, buttons
);
1363 if (vs
->last_x
!= -1)
1364 kbd_mouse_event(x
- vs
->last_x
,
1372 static void reset_keys(VncState
*vs
)
1375 for(i
= 0; i
< 256; i
++) {
1376 if (vs
->modifiers_state
[i
]) {
1377 if (i
& SCANCODE_GREY
)
1378 kbd_put_keycode(SCANCODE_EMUL0
);
1379 kbd_put_keycode(i
| SCANCODE_UP
);
1380 vs
->modifiers_state
[i
] = 0;
1385 static void press_key(VncState
*vs
, int keysym
)
1387 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1388 if (keycode
& SCANCODE_GREY
)
1389 kbd_put_keycode(SCANCODE_EMUL0
);
1390 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1391 if (keycode
& SCANCODE_GREY
)
1392 kbd_put_keycode(SCANCODE_EMUL0
);
1393 kbd_put_keycode(keycode
| SCANCODE_UP
);
1396 static void kbd_leds(void *opaque
, int ledstate
)
1398 VncState
*vs
= opaque
;
1401 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1402 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1404 if (vs
->modifiers_state
[0x3a] != caps
) {
1405 vs
->modifiers_state
[0x3a] = caps
;
1407 if (vs
->modifiers_state
[0x45] != num
) {
1408 vs
->modifiers_state
[0x45] = num
;
1412 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1414 /* QEMU console switch */
1416 case 0x2a: /* Left Shift */
1417 case 0x36: /* Right Shift */
1418 case 0x1d: /* Left CTRL */
1419 case 0x9d: /* Right CTRL */
1420 case 0x38: /* Left ALT */
1421 case 0xb8: /* Right ALT */
1423 vs
->modifiers_state
[keycode
] = 1;
1425 vs
->modifiers_state
[keycode
] = 0;
1427 case 0x02 ... 0x0a: /* '1' to '9' keys */
1428 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1429 /* Reset the modifiers sent to the current console */
1431 console_select(keycode
- 0x02);
1435 case 0x3a: /* CapsLock */
1436 case 0x45: /* NumLock */
1438 vs
->modifiers_state
[keycode
] ^= 1;
1442 if (vs
->vd
->lock_key_sync
&&
1443 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1444 /* If the numlock state needs to change then simulate an additional
1445 keypress before sending this one. This will happen if the user
1446 toggles numlock away from the VNC window.
1448 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1449 if (!vs
->modifiers_state
[0x45]) {
1450 vs
->modifiers_state
[0x45] = 1;
1451 press_key(vs
, 0xff7f);
1454 if (vs
->modifiers_state
[0x45]) {
1455 vs
->modifiers_state
[0x45] = 0;
1456 press_key(vs
, 0xff7f);
1461 if (vs
->vd
->lock_key_sync
&&
1462 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1463 /* If the capslock state needs to change then simulate an additional
1464 keypress before sending this one. This will happen if the user
1465 toggles capslock away from the VNC window.
1467 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1468 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1469 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1471 if (uppercase
== shift
) {
1472 vs
->modifiers_state
[0x3a] = 0;
1473 press_key(vs
, 0xffe5);
1476 if (uppercase
!= shift
) {
1477 vs
->modifiers_state
[0x3a] = 1;
1478 press_key(vs
, 0xffe5);
1483 if (is_graphic_console()) {
1484 if (keycode
& SCANCODE_GREY
)
1485 kbd_put_keycode(SCANCODE_EMUL0
);
1487 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1489 kbd_put_keycode(keycode
| SCANCODE_UP
);
1491 /* QEMU console emulation */
1493 int numlock
= vs
->modifiers_state
[0x45];
1495 case 0x2a: /* Left Shift */
1496 case 0x36: /* Right Shift */
1497 case 0x1d: /* Left CTRL */
1498 case 0x9d: /* Right CTRL */
1499 case 0x38: /* Left ALT */
1500 case 0xb8: /* Right ALT */
1503 kbd_put_keysym(QEMU_KEY_UP
);
1506 kbd_put_keysym(QEMU_KEY_DOWN
);
1509 kbd_put_keysym(QEMU_KEY_LEFT
);
1512 kbd_put_keysym(QEMU_KEY_RIGHT
);
1515 kbd_put_keysym(QEMU_KEY_DELETE
);
1518 kbd_put_keysym(QEMU_KEY_HOME
);
1521 kbd_put_keysym(QEMU_KEY_END
);
1524 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1527 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1531 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1534 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1537 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1540 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1543 kbd_put_keysym('5');
1546 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1549 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1552 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1555 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1558 kbd_put_keysym('0');
1561 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1565 kbd_put_keysym('/');
1568 kbd_put_keysym('*');
1571 kbd_put_keysym('-');
1574 kbd_put_keysym('+');
1577 kbd_put_keysym('\n');
1581 kbd_put_keysym(sym
);
1588 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1593 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1594 lsym
= lsym
- 'A' + 'a';
1597 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1598 do_key_event(vs
, down
, keycode
, sym
);
1601 static void ext_key_event(VncState
*vs
, int down
,
1602 uint32_t sym
, uint16_t keycode
)
1604 /* if the user specifies a keyboard layout, always use it */
1605 if (keyboard_layout
)
1606 key_event(vs
, down
, sym
);
1608 do_key_event(vs
, down
, keycode
, sym
);
1611 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1612 int x_position
, int y_position
,
1615 if (y_position
> ds_get_height(vs
->ds
))
1616 y_position
= ds_get_height(vs
->ds
);
1617 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1618 h
= ds_get_height(vs
->ds
) - y_position
;
1621 vs
->need_update
= 1;
1623 vs
->force_update
= 1;
1624 for (i
= 0; i
< h
; i
++) {
1625 vnc_set_bits(vs
->dirty
[y_position
+ i
],
1626 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1631 static void send_ext_key_event_ack(VncState
*vs
)
1633 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1634 vnc_write_u8(vs
, 0);
1635 vnc_write_u16(vs
, 1);
1636 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1637 VNC_ENCODING_EXT_KEY_EVENT
);
1641 static void send_ext_audio_ack(VncState
*vs
)
1643 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1644 vnc_write_u8(vs
, 0);
1645 vnc_write_u16(vs
, 1);
1646 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1647 VNC_ENCODING_AUDIO
);
1651 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1654 unsigned int enc
= 0;
1657 vs
->vnc_encoding
= 0;
1658 vs
->tight_compression
= 9;
1659 vs
->tight_quality
= 9;
1663 * Start from the end because the encodings are sent in order of preference.
1664 * This way the prefered encoding (first encoding defined in the array)
1665 * will be set at the end of the loop.
1667 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1670 case VNC_ENCODING_RAW
:
1671 vs
->vnc_encoding
= enc
;
1673 case VNC_ENCODING_COPYRECT
:
1674 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1676 case VNC_ENCODING_HEXTILE
:
1677 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1678 vs
->vnc_encoding
= enc
;
1680 case VNC_ENCODING_ZLIB
:
1681 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1682 vs
->vnc_encoding
= enc
;
1684 case VNC_ENCODING_DESKTOPRESIZE
:
1685 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1687 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1688 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1690 case VNC_ENCODING_RICH_CURSOR
:
1691 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1693 case VNC_ENCODING_EXT_KEY_EVENT
:
1694 send_ext_key_event_ack(vs
);
1696 case VNC_ENCODING_AUDIO
:
1697 send_ext_audio_ack(vs
);
1699 case VNC_ENCODING_WMVi
:
1700 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1702 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1703 vs
->tight_compression
= (enc
& 0x0F);
1705 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1706 vs
->tight_quality
= (enc
& 0x0F);
1709 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1713 check_pointer_type_change(&vs
->mouse_mode_notifier
);
1716 static void set_pixel_conversion(VncState
*vs
)
1718 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1719 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1720 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1721 vs
->write_pixels
= vnc_write_pixels_copy
;
1722 vnc_hextile_set_pixel_conversion(vs
, 0);
1724 vs
->write_pixels
= vnc_write_pixels_generic
;
1725 vnc_hextile_set_pixel_conversion(vs
, 1);
1729 static void set_pixel_format(VncState
*vs
,
1730 int bits_per_pixel
, int depth
,
1731 int big_endian_flag
, int true_color_flag
,
1732 int red_max
, int green_max
, int blue_max
,
1733 int red_shift
, int green_shift
, int blue_shift
)
1735 if (!true_color_flag
) {
1736 vnc_client_error(vs
);
1740 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1741 vs
->clientds
.pf
.rmax
= red_max
;
1742 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1743 vs
->clientds
.pf
.rshift
= red_shift
;
1744 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1745 vs
->clientds
.pf
.gmax
= green_max
;
1746 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1747 vs
->clientds
.pf
.gshift
= green_shift
;
1748 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1749 vs
->clientds
.pf
.bmax
= blue_max
;
1750 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1751 vs
->clientds
.pf
.bshift
= blue_shift
;
1752 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1753 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1754 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1755 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1756 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1758 set_pixel_conversion(vs
);
1760 vga_hw_invalidate();
1764 static void pixel_format_message (VncState
*vs
) {
1765 char pad
[3] = { 0, 0, 0 };
1767 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1768 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1770 #ifdef HOST_WORDS_BIGENDIAN
1771 vnc_write_u8(vs
, 1); /* big-endian-flag */
1773 vnc_write_u8(vs
, 0); /* big-endian-flag */
1775 vnc_write_u8(vs
, 1); /* true-color-flag */
1776 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1777 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1778 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1779 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1780 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1781 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1783 vnc_hextile_set_pixel_conversion(vs
, 0);
1785 vs
->clientds
= *(vs
->ds
->surface
);
1786 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1787 vs
->write_pixels
= vnc_write_pixels_copy
;
1789 vnc_write(vs
, pad
, 3); /* padding */
1792 static void vnc_dpy_setdata(DisplayState
*ds
)
1794 /* We don't have to do anything */
1797 static void vnc_colordepth(VncState
*vs
)
1799 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1800 /* Sending a WMVi message to notify the client*/
1801 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1802 vnc_write_u8(vs
, 0);
1803 vnc_write_u16(vs
, 1); /* number of rects */
1804 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1805 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1806 pixel_format_message(vs
);
1809 set_pixel_conversion(vs
);
1813 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1817 VncDisplay
*vd
= vs
->vd
;
1820 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1821 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
))
1822 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
1826 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
1830 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1831 read_u8(data
, 6), read_u8(data
, 7),
1832 read_u16(data
, 8), read_u16(data
, 10),
1833 read_u16(data
, 12), read_u8(data
, 14),
1834 read_u8(data
, 15), read_u8(data
, 16));
1836 case VNC_MSG_CLIENT_SET_ENCODINGS
:
1841 limit
= read_u16(data
, 2);
1843 return 4 + (limit
* 4);
1845 limit
= read_u16(data
, 2);
1847 for (i
= 0; i
< limit
; i
++) {
1848 int32_t val
= read_s32(data
, 4 + (i
* 4));
1849 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1852 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1854 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
1858 framebuffer_update_request(vs
,
1859 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1860 read_u16(data
, 6), read_u16(data
, 8));
1862 case VNC_MSG_CLIENT_KEY_EVENT
:
1866 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1868 case VNC_MSG_CLIENT_POINTER_EVENT
:
1872 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1874 case VNC_MSG_CLIENT_CUT_TEXT
:
1879 uint32_t dlen
= read_u32(data
, 4);
1884 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1886 case VNC_MSG_CLIENT_QEMU
:
1890 switch (read_u8(data
, 1)) {
1891 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
1895 ext_key_event(vs
, read_u16(data
, 2),
1896 read_u32(data
, 4), read_u32(data
, 8));
1898 case VNC_MSG_CLIENT_QEMU_AUDIO
:
1902 switch (read_u16 (data
, 2)) {
1903 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
1906 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
1909 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
1912 switch (read_u8(data
, 4)) {
1913 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1914 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1915 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1916 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1917 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1918 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1920 printf("Invalid audio format %d\n", read_u8(data
, 4));
1921 vnc_client_error(vs
);
1924 vs
->as
.nchannels
= read_u8(data
, 5);
1925 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1926 printf("Invalid audio channel coount %d\n",
1928 vnc_client_error(vs
);
1931 vs
->as
.freq
= read_u32(data
, 6);
1934 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1935 vnc_client_error(vs
);
1941 printf("Msg: %d\n", read_u16(data
, 0));
1942 vnc_client_error(vs
);
1947 printf("Msg: %d\n", data
[0]);
1948 vnc_client_error(vs
);
1952 vnc_read_when(vs
, protocol_client_msg
, 1);
1956 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1961 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
1962 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
1964 pixel_format_message(vs
);
1967 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1969 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1971 vnc_write_u32(vs
, size
);
1972 vnc_write(vs
, buf
, size
);
1975 vnc_client_cache_auth(vs
);
1976 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
1978 vnc_read_when(vs
, protocol_client_msg
, 1);
1983 void start_client_init(VncState
*vs
)
1985 vnc_read_when(vs
, protocol_client_init
, 1);
1988 static void make_challenge(VncState
*vs
)
1992 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1994 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1995 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1998 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2000 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2002 unsigned char key
[8];
2004 if (!vs
->vd
->password
|| !vs
->vd
->password
[0]) {
2005 VNC_DEBUG("No password configured on server");
2006 vnc_write_u32(vs
, 1); /* Reject auth */
2007 if (vs
->minor
>= 8) {
2008 static const char err
[] = "Authentication failed";
2009 vnc_write_u32(vs
, sizeof(err
));
2010 vnc_write(vs
, err
, sizeof(err
));
2013 vnc_client_error(vs
);
2017 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2019 /* Calculate the expected challenge response */
2020 pwlen
= strlen(vs
->vd
->password
);
2021 for (i
=0; i
<sizeof(key
); i
++)
2022 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2024 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2025 des(response
+j
, response
+j
);
2027 /* Compare expected vs actual challenge response */
2028 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2029 VNC_DEBUG("Client challenge reponse did not match\n");
2030 vnc_write_u32(vs
, 1); /* Reject auth */
2031 if (vs
->minor
>= 8) {
2032 static const char err
[] = "Authentication failed";
2033 vnc_write_u32(vs
, sizeof(err
));
2034 vnc_write(vs
, err
, sizeof(err
));
2037 vnc_client_error(vs
);
2039 VNC_DEBUG("Accepting VNC challenge response\n");
2040 vnc_write_u32(vs
, 0); /* Accept auth */
2043 start_client_init(vs
);
2048 void start_auth_vnc(VncState
*vs
)
2051 /* Send client a 'random' challenge */
2052 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2055 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2059 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2061 /* We only advertise 1 auth scheme at a time, so client
2062 * must pick the one we sent. Verify this */
2063 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
2064 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2065 vnc_write_u32(vs
, 1);
2066 if (vs
->minor
>= 8) {
2067 static const char err
[] = "Authentication failed";
2068 vnc_write_u32(vs
, sizeof(err
));
2069 vnc_write(vs
, err
, sizeof(err
));
2071 vnc_client_error(vs
);
2072 } else { /* Accept requested auth */
2073 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2074 switch (vs
->vd
->auth
) {
2076 VNC_DEBUG("Accept auth none\n");
2077 if (vs
->minor
>= 8) {
2078 vnc_write_u32(vs
, 0); /* Accept auth completion */
2081 start_client_init(vs
);
2085 VNC_DEBUG("Start VNC auth\n");
2089 #ifdef CONFIG_VNC_TLS
2090 case VNC_AUTH_VENCRYPT
:
2091 VNC_DEBUG("Accept VeNCrypt auth\n");;
2092 start_auth_vencrypt(vs
);
2094 #endif /* CONFIG_VNC_TLS */
2096 #ifdef CONFIG_VNC_SASL
2098 VNC_DEBUG("Accept SASL auth\n");
2099 start_auth_sasl(vs
);
2101 #endif /* CONFIG_VNC_SASL */
2103 default: /* Should not be possible, but just in case */
2104 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
2105 vnc_write_u8(vs
, 1);
2106 if (vs
->minor
>= 8) {
2107 static const char err
[] = "Authentication failed";
2108 vnc_write_u32(vs
, sizeof(err
));
2109 vnc_write(vs
, err
, sizeof(err
));
2111 vnc_client_error(vs
);
2117 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2121 memcpy(local
, version
, 12);
2124 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2125 VNC_DEBUG("Malformed protocol version %s\n", local
);
2126 vnc_client_error(vs
);
2129 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2130 if (vs
->major
!= 3 ||
2136 VNC_DEBUG("Unsupported client version\n");
2137 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2139 vnc_client_error(vs
);
2142 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2143 * as equivalent to v3.3 by servers
2145 if (vs
->minor
== 4 || vs
->minor
== 5)
2148 if (vs
->minor
== 3) {
2149 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
2150 VNC_DEBUG("Tell client auth none\n");
2151 vnc_write_u32(vs
, vs
->vd
->auth
);
2153 start_client_init(vs
);
2154 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
2155 VNC_DEBUG("Tell client VNC auth\n");
2156 vnc_write_u32(vs
, vs
->vd
->auth
);
2160 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2161 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2163 vnc_client_error(vs
);
2166 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2167 vnc_write_u8(vs
, 1); /* num auth */
2168 vnc_write_u8(vs
, vs
->vd
->auth
);
2169 vnc_read_when(vs
, protocol_client_auth
, 1);
2176 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2180 uint8_t *server_row
;
2182 uint32_t width_mask
[VNC_DIRTY_WORDS
];
2187 * Walk through the guest dirty map.
2188 * Check and copy modified bits from guest to server surface.
2189 * Update server dirty map.
2191 vnc_set_bits(width_mask
, (ds_get_width(vd
->ds
) / 16), VNC_DIRTY_WORDS
);
2192 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2193 guest_row
= vd
->guest
.ds
->data
;
2194 server_row
= vd
->server
->data
;
2195 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2196 if (vnc_and_bits(vd
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
2199 uint8_t *server_ptr
;
2201 guest_ptr
= guest_row
;
2202 server_ptr
= server_row
;
2204 for (x
= 0; x
< vd
->guest
.ds
->width
;
2205 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2206 if (!vnc_get_bit(vd
->guest
.dirty
[y
], (x
/ 16)))
2208 vnc_clear_bit(vd
->guest
.dirty
[y
], (x
/ 16));
2209 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2211 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2212 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2213 vnc_set_bit(vs
->dirty
[y
], (x
/ 16));
2218 guest_row
+= ds_get_linesize(vd
->ds
);
2219 server_row
+= ds_get_linesize(vd
->ds
);
2224 static void vnc_refresh(void *opaque
)
2226 VncDisplay
*vd
= opaque
;
2228 int has_dirty
, rects
= 0;
2232 has_dirty
= vnc_refresh_server_surface(vd
);
2234 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2235 rects
+= vnc_update_client(vs
, has_dirty
);
2236 /* vs might be free()ed here */
2238 /* vd->timer could be NULL now if the last client disconnected,
2239 * in this case don't update the timer */
2240 if (vd
->timer
== NULL
)
2243 if (has_dirty
&& rects
) {
2244 vd
->timer_interval
/= 2;
2245 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2246 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2248 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2249 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2250 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2252 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
2255 static void vnc_init_timer(VncDisplay
*vd
)
2257 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2258 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2259 vd
->timer
= qemu_new_timer(rt_clock
, vnc_refresh
, vd
);
2264 static void vnc_remove_timer(VncDisplay
*vd
)
2266 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2267 qemu_del_timer(vd
->timer
);
2268 qemu_free_timer(vd
->timer
);
2273 static void vnc_connect(VncDisplay
*vd
, int csock
)
2275 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2278 VNC_DEBUG("New client on socket %d\n", csock
);
2280 socket_set_nonblock(vs
->csock
);
2281 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2283 vnc_client_cache_addr(vs
);
2284 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2291 vs
->as
.freq
= 44100;
2292 vs
->as
.nchannels
= 2;
2293 vs
->as
.fmt
= AUD_FMT_S16
;
2294 vs
->as
.endianness
= 0;
2296 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2300 vnc_write(vs
, "RFB 003.008\n", 12);
2302 vnc_read_when(vs
, protocol_version
, 12);
2304 if (vs
->vd
->lock_key_sync
)
2305 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2307 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2308 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2312 /* vs might be free()ed here */
2315 static void vnc_listen_read(void *opaque
)
2317 VncDisplay
*vs
= opaque
;
2318 struct sockaddr_in addr
;
2319 socklen_t addrlen
= sizeof(addr
);
2324 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2326 vnc_connect(vs
, csock
);
2330 void vnc_display_init(DisplayState
*ds
)
2332 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2334 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2343 QTAILQ_INIT(&vs
->clients
);
2345 if (keyboard_layout
)
2346 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2348 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2350 if (!vs
->kbd_layout
)
2353 dcl
->dpy_copy
= vnc_dpy_copy
;
2354 dcl
->dpy_update
= vnc_dpy_update
;
2355 dcl
->dpy_resize
= vnc_dpy_resize
;
2356 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2357 register_displaychangelistener(ds
, dcl
);
2358 ds
->mouse_set
= vnc_mouse_set
;
2359 ds
->cursor_define
= vnc_dpy_cursor_define
;
2363 void vnc_display_close(DisplayState
*ds
)
2365 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2370 qemu_free(vs
->display
);
2373 if (vs
->lsock
!= -1) {
2374 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2378 vs
->auth
= VNC_AUTH_INVALID
;
2379 #ifdef CONFIG_VNC_TLS
2380 vs
->subauth
= VNC_AUTH_INVALID
;
2381 vs
->tls
.x509verify
= 0;
2385 int vnc_display_password(DisplayState
*ds
, const char *password
)
2387 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2394 qemu_free(vs
->password
);
2395 vs
->password
= NULL
;
2397 if (password
&& password
[0]) {
2398 if (!(vs
->password
= qemu_strdup(password
)))
2400 if (vs
->auth
== VNC_AUTH_NONE
) {
2401 vs
->auth
= VNC_AUTH_VNC
;
2404 vs
->auth
= VNC_AUTH_NONE
;
2410 char *vnc_display_local_addr(DisplayState
*ds
)
2412 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2414 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2417 int vnc_display_open(DisplayState
*ds
, const char *display
)
2419 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2420 const char *options
;
2423 #ifdef CONFIG_VNC_TLS
2424 int tls
= 0, x509
= 0;
2426 #ifdef CONFIG_VNC_SASL
2431 int lock_key_sync
= 1;
2435 vnc_display_close(ds
);
2436 if (strcmp(display
, "none") == 0)
2439 if (!(vs
->display
= strdup(display
)))
2443 while ((options
= strchr(options
, ','))) {
2445 if (strncmp(options
, "password", 8) == 0) {
2446 password
= 1; /* Require password auth */
2447 } else if (strncmp(options
, "reverse", 7) == 0) {
2449 } else if (strncmp(options
, "no-lock-key-sync", 9) == 0) {
2451 #ifdef CONFIG_VNC_SASL
2452 } else if (strncmp(options
, "sasl", 4) == 0) {
2453 sasl
= 1; /* Require SASL auth */
2455 #ifdef CONFIG_VNC_TLS
2456 } else if (strncmp(options
, "tls", 3) == 0) {
2457 tls
= 1; /* Require TLS */
2458 } else if (strncmp(options
, "x509", 4) == 0) {
2460 x509
= 1; /* Require x509 certificates */
2461 if (strncmp(options
, "x509verify", 10) == 0)
2462 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2464 /* Now check for 'x509=/some/path' postfix
2465 * and use that to setup x509 certificate/key paths */
2466 start
= strchr(options
, '=');
2467 end
= strchr(options
, ',');
2468 if (start
&& (!end
|| (start
< end
))) {
2469 int len
= end
? end
-(start
+1) : strlen(start
+1);
2470 char *path
= qemu_strndup(start
+ 1, len
);
2472 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2473 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2474 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2476 qemu_free(vs
->display
);
2482 fprintf(stderr
, "No certificate path provided\n");
2483 qemu_free(vs
->display
);
2488 } else if (strncmp(options
, "acl", 3) == 0) {
2493 #ifdef CONFIG_VNC_TLS
2494 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2495 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2496 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2501 #ifdef CONFIG_VNC_SASL
2503 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2504 fprintf(stderr
, "Failed to create username ACL\n");
2511 * Combinations we support here:
2513 * - no-auth (clear text, no auth)
2514 * - password (clear text, weak auth)
2515 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2516 * - tls (encrypt, weak anonymous creds, no auth)
2517 * - tls + password (encrypt, weak anonymous creds, weak auth)
2518 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2519 * - tls + x509 (encrypt, good x509 creds, no auth)
2520 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2521 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2523 * NB1. TLS is a stackable auth scheme.
2524 * NB2. the x509 schemes have option to validate a client cert dname
2527 #ifdef CONFIG_VNC_TLS
2529 vs
->auth
= VNC_AUTH_VENCRYPT
;
2531 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2532 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2534 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2535 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2538 #endif /* CONFIG_VNC_TLS */
2539 VNC_DEBUG("Initializing VNC server with password auth\n");
2540 vs
->auth
= VNC_AUTH_VNC
;
2541 #ifdef CONFIG_VNC_TLS
2542 vs
->subauth
= VNC_AUTH_INVALID
;
2544 #endif /* CONFIG_VNC_TLS */
2545 #ifdef CONFIG_VNC_SASL
2547 #ifdef CONFIG_VNC_TLS
2549 vs
->auth
= VNC_AUTH_VENCRYPT
;
2551 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2552 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2554 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2555 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2558 #endif /* CONFIG_VNC_TLS */
2559 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2560 vs
->auth
= VNC_AUTH_SASL
;
2561 #ifdef CONFIG_VNC_TLS
2562 vs
->subauth
= VNC_AUTH_INVALID
;
2564 #endif /* CONFIG_VNC_TLS */
2565 #endif /* CONFIG_VNC_SASL */
2567 #ifdef CONFIG_VNC_TLS
2569 vs
->auth
= VNC_AUTH_VENCRYPT
;
2571 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2572 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2574 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2575 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2579 VNC_DEBUG("Initializing VNC server with no auth\n");
2580 vs
->auth
= VNC_AUTH_NONE
;
2581 #ifdef CONFIG_VNC_TLS
2582 vs
->subauth
= VNC_AUTH_INVALID
;
2587 #ifdef CONFIG_VNC_SASL
2588 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2589 fprintf(stderr
, "Failed to initialize SASL auth %s",
2590 sasl_errstring(saslErr
, NULL
, NULL
));
2596 vs
->lock_key_sync
= lock_key_sync
;
2599 /* connect to viewer */
2600 if (strncmp(display
, "unix:", 5) == 0)
2601 vs
->lsock
= unix_connect(display
+5);
2603 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2604 if (-1 == vs
->lsock
) {
2609 int csock
= vs
->lsock
;
2611 vnc_connect(vs
, csock
);
2616 /* listen for connects */
2618 dpy
= qemu_malloc(256);
2619 if (strncmp(display
, "unix:", 5) == 0) {
2620 pstrcpy(dpy
, 256, "unix:");
2621 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2623 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2625 if (-1 == vs
->lsock
) {
2633 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);