mmu-hash*: Don't keep looking for PTEs after we find a match
[qemu/agraf.git] / ui / vnc.c
blobbbe1e0f179c46ac05a0567b34c80145969c911cf
1 /*
2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
27 #include "vnc.h"
28 #include "vnc-jobs.h"
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
32 #include "qemu/acl.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
37 #define VNC_REFRESH_INTERVAL_BASE 30
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX 2000
40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
43 #include "vnc_keysym.h"
44 #include "d3des.h"
46 static VncDisplay *vnc_display; /* needed for info vnc */
48 static int vnc_cursor_define(VncState *vs);
49 static void vnc_release_modifiers(VncState *vs);
51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
53 #ifdef _VNC_DEBUG
54 static const char *mn[] = {
55 [0] = "undefined",
56 [VNC_SHARE_MODE_CONNECTING] = "connecting",
57 [VNC_SHARE_MODE_SHARED] = "shared",
58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
62 vs->csock, mn[vs->share_mode], mn[mode]);
63 #endif
65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
66 vs->vd->num_exclusive--;
68 vs->share_mode = mode;
69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
70 vs->vd->num_exclusive++;
74 static char *addr_to_string(const char *format,
75 struct sockaddr_storage *sa,
76 socklen_t salen) {
77 char *addr;
78 char host[NI_MAXHOST];
79 char serv[NI_MAXSERV];
80 int err;
81 size_t addrlen;
83 if ((err = getnameinfo((struct sockaddr *)sa, salen,
84 host, sizeof(host),
85 serv, sizeof(serv),
86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
87 VNC_DEBUG("Cannot resolve address %d: %s\n",
88 err, gai_strerror(err));
89 return NULL;
92 /* Enough for the existing format + the 2 vars we're
93 * substituting in. */
94 addrlen = strlen(format) + strlen(host) + strlen(serv);
95 addr = g_malloc(addrlen + 1);
96 snprintf(addr, addrlen, format, host, serv);
97 addr[addrlen] = '\0';
99 return addr;
103 char *vnc_socket_local_addr(const char *format, int fd) {
104 struct sockaddr_storage sa;
105 socklen_t salen;
107 salen = sizeof(sa);
108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
109 return NULL;
111 return addr_to_string(format, &sa, salen);
114 char *vnc_socket_remote_addr(const char *format, int fd) {
115 struct sockaddr_storage sa;
116 socklen_t salen;
118 salen = sizeof(sa);
119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
120 return NULL;
122 return addr_to_string(format, &sa, salen);
125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
126 socklen_t salen)
128 char host[NI_MAXHOST];
129 char serv[NI_MAXSERV];
130 int err;
132 if ((err = getnameinfo((struct sockaddr *)sa, salen,
133 host, sizeof(host),
134 serv, sizeof(serv),
135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
136 VNC_DEBUG("Cannot resolve address %d: %s\n",
137 err, gai_strerror(err));
138 return -1;
141 qdict_put(qdict, "host", qstring_from_str(host));
142 qdict_put(qdict, "service", qstring_from_str(serv));
143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
145 return 0;
148 static int vnc_server_addr_put(QDict *qdict, int fd)
150 struct sockaddr_storage sa;
151 socklen_t salen;
153 salen = sizeof(sa);
154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
155 return -1;
158 return put_addr_qdict(qdict, &sa, salen);
161 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
163 struct sockaddr_storage sa;
164 socklen_t salen;
166 salen = sizeof(sa);
167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
168 return -1;
171 return put_addr_qdict(qdict, &sa, salen);
174 static const char *vnc_auth_name(VncDisplay *vd) {
175 switch (vd->auth) {
176 case VNC_AUTH_INVALID:
177 return "invalid";
178 case VNC_AUTH_NONE:
179 return "none";
180 case VNC_AUTH_VNC:
181 return "vnc";
182 case VNC_AUTH_RA2:
183 return "ra2";
184 case VNC_AUTH_RA2NE:
185 return "ra2ne";
186 case VNC_AUTH_TIGHT:
187 return "tight";
188 case VNC_AUTH_ULTRA:
189 return "ultra";
190 case VNC_AUTH_TLS:
191 return "tls";
192 case VNC_AUTH_VENCRYPT:
193 #ifdef CONFIG_VNC_TLS
194 switch (vd->subauth) {
195 case VNC_AUTH_VENCRYPT_PLAIN:
196 return "vencrypt+plain";
197 case VNC_AUTH_VENCRYPT_TLSNONE:
198 return "vencrypt+tls+none";
199 case VNC_AUTH_VENCRYPT_TLSVNC:
200 return "vencrypt+tls+vnc";
201 case VNC_AUTH_VENCRYPT_TLSPLAIN:
202 return "vencrypt+tls+plain";
203 case VNC_AUTH_VENCRYPT_X509NONE:
204 return "vencrypt+x509+none";
205 case VNC_AUTH_VENCRYPT_X509VNC:
206 return "vencrypt+x509+vnc";
207 case VNC_AUTH_VENCRYPT_X509PLAIN:
208 return "vencrypt+x509+plain";
209 case VNC_AUTH_VENCRYPT_TLSSASL:
210 return "vencrypt+tls+sasl";
211 case VNC_AUTH_VENCRYPT_X509SASL:
212 return "vencrypt+x509+sasl";
213 default:
214 return "vencrypt";
216 #else
217 return "vencrypt";
218 #endif
219 case VNC_AUTH_SASL:
220 return "sasl";
222 return "unknown";
225 static int vnc_server_info_put(QDict *qdict)
227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
228 return -1;
231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
232 return 0;
235 static void vnc_client_cache_auth(VncState *client)
237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
238 QDict *qdict;
239 #endif
241 if (!client->info) {
242 return;
245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 qdict = qobject_to_qdict(client->info);
247 #endif
249 #ifdef CONFIG_VNC_TLS
250 if (client->tls.session &&
251 client->tls.dname) {
252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
254 #endif
255 #ifdef CONFIG_VNC_SASL
256 if (client->sasl.conn &&
257 client->sasl.username) {
258 qdict_put(qdict, "sasl_username",
259 qstring_from_str(client->sasl.username));
261 #endif
264 static void vnc_client_cache_addr(VncState *client)
266 QDict *qdict;
268 qdict = qdict_new();
269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
270 QDECREF(qdict);
271 /* XXX: how to report the error? */
272 return;
275 client->info = QOBJECT(qdict);
278 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
280 QDict *server;
281 QObject *data;
283 if (!vs->info) {
284 return;
287 server = qdict_new();
288 if (vnc_server_info_put(server) < 0) {
289 QDECREF(server);
290 return;
293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
294 vs->info, QOBJECT(server));
296 monitor_protocol_event(event, data);
298 qobject_incref(vs->info);
299 qobject_decref(data);
302 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
304 struct sockaddr_storage sa;
305 socklen_t salen = sizeof(sa);
306 char host[NI_MAXHOST];
307 char serv[NI_MAXSERV];
308 VncClientInfo *info;
310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
311 return NULL;
314 if (getnameinfo((struct sockaddr *)&sa, salen,
315 host, sizeof(host),
316 serv, sizeof(serv),
317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
318 return NULL;
321 info = g_malloc0(sizeof(*info));
322 info->host = g_strdup(host);
323 info->service = g_strdup(serv);
324 info->family = g_strdup(inet_strfamily(sa.ss_family));
326 #ifdef CONFIG_VNC_TLS
327 if (client->tls.session && client->tls.dname) {
328 info->has_x509_dname = true;
329 info->x509_dname = g_strdup(client->tls.dname);
331 #endif
332 #ifdef CONFIG_VNC_SASL
333 if (client->sasl.conn && client->sasl.username) {
334 info->has_sasl_username = true;
335 info->sasl_username = g_strdup(client->sasl.username);
337 #endif
339 return info;
342 VncInfo *qmp_query_vnc(Error **errp)
344 VncInfo *info = g_malloc0(sizeof(*info));
346 if (vnc_display == NULL || vnc_display->display == NULL) {
347 info->enabled = false;
348 } else {
349 VncClientInfoList *cur_item = NULL;
350 struct sockaddr_storage sa;
351 socklen_t salen = sizeof(sa);
352 char host[NI_MAXHOST];
353 char serv[NI_MAXSERV];
354 VncState *client;
356 info->enabled = true;
358 /* for compatibility with the original command */
359 info->has_clients = true;
361 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
363 cinfo->value = qmp_query_vnc_client(client);
365 /* XXX: waiting for the qapi to support GSList */
366 if (!cur_item) {
367 info->clients = cur_item = cinfo;
368 } else {
369 cur_item->next = cinfo;
370 cur_item = cinfo;
374 if (vnc_display->lsock == -1) {
375 return info;
378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
379 &salen) == -1) {
380 error_set(errp, QERR_UNDEFINED_ERROR);
381 goto out_error;
384 if (getnameinfo((struct sockaddr *)&sa, salen,
385 host, sizeof(host),
386 serv, sizeof(serv),
387 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
388 error_set(errp, QERR_UNDEFINED_ERROR);
389 goto out_error;
392 info->has_host = true;
393 info->host = g_strdup(host);
395 info->has_service = true;
396 info->service = g_strdup(serv);
398 info->has_family = true;
399 info->family = g_strdup(inet_strfamily(sa.ss_family));
401 info->has_auth = true;
402 info->auth = g_strdup(vnc_auth_name(vnc_display));
405 return info;
407 out_error:
408 qapi_free_VncInfo(info);
409 return NULL;
412 /* TODO
413 1) Get the queue working for IO.
414 2) there is some weirdness when using the -S option (the screen is grey
415 and not totally invalidated
416 3) resolutions > 1024
419 static int vnc_update_client(VncState *vs, int has_dirty);
420 static int vnc_update_client_sync(VncState *vs, int has_dirty);
421 static void vnc_disconnect_start(VncState *vs);
422 static void vnc_init_timer(VncDisplay *vd);
423 static void vnc_remove_timer(VncDisplay *vd);
425 static void vnc_colordepth(VncState *vs);
426 static void framebuffer_update_request(VncState *vs, int incremental,
427 int x_position, int y_position,
428 int w, int h);
429 static void vnc_refresh(void *opaque);
430 static int vnc_refresh_server_surface(VncDisplay *vd);
432 static void vnc_dpy_update(DisplayChangeListener *dcl,
433 int x, int y, int w, int h)
435 int i;
436 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
437 struct VncSurface *s = &vd->guest;
438 int width = surface_width(vd->ds);
439 int height = surface_height(vd->ds);
441 h += y;
443 /* round x down to ensure the loop only spans one 16-pixel block per,
444 iteration. otherwise, if (x % 16) != 0, the last iteration may span
445 two 16-pixel blocks but we only mark the first as dirty
447 w += (x % 16);
448 x -= (x % 16);
450 x = MIN(x, width);
451 y = MIN(y, height);
452 w = MIN(x + w, width) - x;
453 h = MIN(h, height);
455 for (; y < h; y++)
456 for (i = 0; i < w; i += 16)
457 set_bit((x + i) / 16, s->dirty[y]);
460 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
461 int32_t encoding)
463 vnc_write_u16(vs, x);
464 vnc_write_u16(vs, y);
465 vnc_write_u16(vs, w);
466 vnc_write_u16(vs, h);
468 vnc_write_s32(vs, encoding);
471 void buffer_reserve(Buffer *buffer, size_t len)
473 if ((buffer->capacity - buffer->offset) < len) {
474 buffer->capacity += (len + 1024);
475 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
476 if (buffer->buffer == NULL) {
477 fprintf(stderr, "vnc: out of memory\n");
478 exit(1);
483 static int buffer_empty(Buffer *buffer)
485 return buffer->offset == 0;
488 uint8_t *buffer_end(Buffer *buffer)
490 return buffer->buffer + buffer->offset;
493 void buffer_reset(Buffer *buffer)
495 buffer->offset = 0;
498 void buffer_free(Buffer *buffer)
500 g_free(buffer->buffer);
501 buffer->offset = 0;
502 buffer->capacity = 0;
503 buffer->buffer = NULL;
506 void buffer_append(Buffer *buffer, const void *data, size_t len)
508 memcpy(buffer->buffer + buffer->offset, data, len);
509 buffer->offset += len;
512 void buffer_advance(Buffer *buf, size_t len)
514 memmove(buf->buffer, buf->buffer + len,
515 (buf->offset - len));
516 buf->offset -= len;
519 static void vnc_desktop_resize(VncState *vs)
521 DisplaySurface *ds = vs->vd->ds;
523 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
524 return;
526 if (vs->client_width == surface_width(ds) &&
527 vs->client_height == surface_height(ds)) {
528 return;
530 vs->client_width = surface_width(ds);
531 vs->client_height = surface_height(ds);
532 vnc_lock_output(vs);
533 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
534 vnc_write_u8(vs, 0);
535 vnc_write_u16(vs, 1); /* number of rects */
536 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
537 VNC_ENCODING_DESKTOPRESIZE);
538 vnc_unlock_output(vs);
539 vnc_flush(vs);
542 static void vnc_abort_display_jobs(VncDisplay *vd)
544 VncState *vs;
546 QTAILQ_FOREACH(vs, &vd->clients, next) {
547 vnc_lock_output(vs);
548 vs->abort = true;
549 vnc_unlock_output(vs);
551 QTAILQ_FOREACH(vs, &vd->clients, next) {
552 vnc_jobs_join(vs);
554 QTAILQ_FOREACH(vs, &vd->clients, next) {
555 vnc_lock_output(vs);
556 vs->abort = false;
557 vnc_unlock_output(vs);
561 int vnc_server_fb_stride(VncDisplay *vd)
563 return pixman_image_get_stride(vd->server);
566 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
568 uint8_t *ptr;
570 ptr = (uint8_t *)pixman_image_get_data(vd->server);
571 ptr += y * vnc_server_fb_stride(vd);
572 ptr += x * VNC_SERVER_FB_BYTES;
573 return ptr;
576 static void vnc_dpy_switch(DisplayChangeListener *dcl,
577 DisplaySurface *surface)
579 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
580 VncState *vs;
582 vnc_abort_display_jobs(vd);
584 /* server surface */
585 qemu_pixman_image_unref(vd->server);
586 vd->ds = surface;
587 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
588 surface_width(vd->ds),
589 surface_height(vd->ds),
590 NULL, 0);
592 /* guest surface */
593 #if 0 /* FIXME */
594 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
595 console_color_init(ds);
596 #endif
597 qemu_pixman_image_unref(vd->guest.fb);
598 vd->guest.fb = pixman_image_ref(surface->image);
599 vd->guest.format = surface->format;
600 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
602 QTAILQ_FOREACH(vs, &vd->clients, next) {
603 vnc_colordepth(vs);
604 vnc_desktop_resize(vs);
605 if (vs->vd->cursor) {
606 vnc_cursor_define(vs);
608 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
612 /* fastest code */
613 static void vnc_write_pixels_copy(VncState *vs,
614 void *pixels, int size)
616 vnc_write(vs, pixels, size);
619 /* slowest but generic code. */
620 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
622 uint8_t r, g, b;
624 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
625 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
626 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
627 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
628 #else
629 # error need some bits here if you change VNC_SERVER_FB_FORMAT
630 #endif
631 v = (r << vs->client_pf.rshift) |
632 (g << vs->client_pf.gshift) |
633 (b << vs->client_pf.bshift);
634 switch (vs->client_pf.bytes_per_pixel) {
635 case 1:
636 buf[0] = v;
637 break;
638 case 2:
639 if (vs->client_be) {
640 buf[0] = v >> 8;
641 buf[1] = v;
642 } else {
643 buf[1] = v >> 8;
644 buf[0] = v;
646 break;
647 default:
648 case 4:
649 if (vs->client_be) {
650 buf[0] = v >> 24;
651 buf[1] = v >> 16;
652 buf[2] = v >> 8;
653 buf[3] = v;
654 } else {
655 buf[3] = v >> 24;
656 buf[2] = v >> 16;
657 buf[1] = v >> 8;
658 buf[0] = v;
660 break;
664 static void vnc_write_pixels_generic(VncState *vs,
665 void *pixels1, int size)
667 uint8_t buf[4];
669 if (VNC_SERVER_FB_BYTES == 4) {
670 uint32_t *pixels = pixels1;
671 int n, i;
672 n = size >> 2;
673 for (i = 0; i < n; i++) {
674 vnc_convert_pixel(vs, buf, pixels[i]);
675 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
680 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
682 int i;
683 uint8_t *row;
684 VncDisplay *vd = vs->vd;
686 row = vnc_server_fb_ptr(vd, x, y);
687 for (i = 0; i < h; i++) {
688 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
689 row += vnc_server_fb_stride(vd);
691 return 1;
694 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
696 int n = 0;
698 switch(vs->vnc_encoding) {
699 case VNC_ENCODING_ZLIB:
700 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
701 break;
702 case VNC_ENCODING_HEXTILE:
703 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
704 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
705 break;
706 case VNC_ENCODING_TIGHT:
707 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
708 break;
709 case VNC_ENCODING_TIGHT_PNG:
710 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
711 break;
712 case VNC_ENCODING_ZRLE:
713 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
714 break;
715 case VNC_ENCODING_ZYWRLE:
716 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
717 break;
718 default:
719 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
720 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
721 break;
723 return n;
726 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
728 /* send bitblit op to the vnc client */
729 vnc_lock_output(vs);
730 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
731 vnc_write_u8(vs, 0);
732 vnc_write_u16(vs, 1); /* number of rects */
733 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
734 vnc_write_u16(vs, src_x);
735 vnc_write_u16(vs, src_y);
736 vnc_unlock_output(vs);
737 vnc_flush(vs);
740 static void vnc_dpy_copy(DisplayChangeListener *dcl,
741 int src_x, int src_y,
742 int dst_x, int dst_y, int w, int h)
744 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
745 VncState *vs, *vn;
746 uint8_t *src_row;
747 uint8_t *dst_row;
748 int i, x, y, pitch, inc, w_lim, s;
749 int cmp_bytes;
751 vnc_refresh_server_surface(vd);
752 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
753 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
754 vs->force_update = 1;
755 vnc_update_client_sync(vs, 1);
756 /* vs might be free()ed here */
760 /* do bitblit op on the local surface too */
761 pitch = vnc_server_fb_stride(vd);
762 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
763 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
764 y = dst_y;
765 inc = 1;
766 if (dst_y > src_y) {
767 /* copy backwards */
768 src_row += pitch * (h-1);
769 dst_row += pitch * (h-1);
770 pitch = -pitch;
771 y = dst_y + h - 1;
772 inc = -1;
774 w_lim = w - (16 - (dst_x % 16));
775 if (w_lim < 0)
776 w_lim = w;
777 else
778 w_lim = w - (w_lim % 16);
779 for (i = 0; i < h; i++) {
780 for (x = 0; x <= w_lim;
781 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
782 if (x == w_lim) {
783 if ((s = w - w_lim) == 0)
784 break;
785 } else if (!x) {
786 s = (16 - (dst_x % 16));
787 s = MIN(s, w_lim);
788 } else {
789 s = 16;
791 cmp_bytes = s * VNC_SERVER_FB_BYTES;
792 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
793 continue;
794 memmove(dst_row, src_row, cmp_bytes);
795 QTAILQ_FOREACH(vs, &vd->clients, next) {
796 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
797 set_bit(((x + dst_x) / 16), vs->dirty[y]);
801 src_row += pitch - w * VNC_SERVER_FB_BYTES;
802 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
803 y += inc;
806 QTAILQ_FOREACH(vs, &vd->clients, next) {
807 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
808 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
813 static void vnc_mouse_set(DisplayChangeListener *dcl,
814 int x, int y, int visible)
816 /* can we ask the client(s) to move the pointer ??? */
819 static int vnc_cursor_define(VncState *vs)
821 QEMUCursor *c = vs->vd->cursor;
822 int isize;
824 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
825 vnc_lock_output(vs);
826 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
827 vnc_write_u8(vs, 0); /* padding */
828 vnc_write_u16(vs, 1); /* # of rects */
829 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
830 VNC_ENCODING_RICH_CURSOR);
831 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
832 vnc_write_pixels_generic(vs, c->data, isize);
833 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
834 vnc_unlock_output(vs);
835 return 0;
837 return -1;
840 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
841 QEMUCursor *c)
843 VncDisplay *vd = vnc_display;
844 VncState *vs;
846 cursor_put(vd->cursor);
847 g_free(vd->cursor_mask);
849 vd->cursor = c;
850 cursor_get(vd->cursor);
851 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
852 vd->cursor_mask = g_malloc0(vd->cursor_msize);
853 cursor_get_mono_mask(c, 0, vd->cursor_mask);
855 QTAILQ_FOREACH(vs, &vd->clients, next) {
856 vnc_cursor_define(vs);
860 static int find_and_clear_dirty_height(struct VncState *vs,
861 int y, int last_x, int x, int height)
863 int h;
865 for (h = 1; h < (height - y); h++) {
866 int tmp_x;
867 if (!test_bit(last_x, vs->dirty[y + h])) {
868 break;
870 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
871 clear_bit(tmp_x, vs->dirty[y + h]);
875 return h;
878 static int vnc_update_client_sync(VncState *vs, int has_dirty)
880 int ret = vnc_update_client(vs, has_dirty);
881 vnc_jobs_join(vs);
882 return ret;
885 static int vnc_update_client(VncState *vs, int has_dirty)
887 if (vs->need_update && vs->csock != -1) {
888 VncDisplay *vd = vs->vd;
889 VncJob *job;
890 int y;
891 int width, height;
892 int n = 0;
895 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
896 /* kernel send buffers are full -> drop frames to throttle */
897 return 0;
899 if (!has_dirty && !vs->audio_cap && !vs->force_update)
900 return 0;
903 * Send screen updates to the vnc client using the server
904 * surface and server dirty map. guest surface updates
905 * happening in parallel don't disturb us, the next pass will
906 * send them to the client.
908 job = vnc_job_new(vs);
910 width = MIN(pixman_image_get_width(vd->server), vs->client_width);
911 height = MIN(pixman_image_get_height(vd->server), vs->client_height);
913 for (y = 0; y < height; y++) {
914 int x;
915 int last_x = -1;
916 for (x = 0; x < width / 16; x++) {
917 if (test_and_clear_bit(x, vs->dirty[y])) {
918 if (last_x == -1) {
919 last_x = x;
921 } else {
922 if (last_x != -1) {
923 int h = find_and_clear_dirty_height(vs, y, last_x, x,
924 height);
926 n += vnc_job_add_rect(job, last_x * 16, y,
927 (x - last_x) * 16, h);
929 last_x = -1;
932 if (last_x != -1) {
933 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
934 n += vnc_job_add_rect(job, last_x * 16, y,
935 (x - last_x) * 16, h);
939 vnc_job_push(job);
940 vs->force_update = 0;
941 return n;
944 if (vs->csock == -1)
945 vnc_disconnect_finish(vs);
947 return 0;
950 /* audio */
951 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
953 VncState *vs = opaque;
955 switch (cmd) {
956 case AUD_CNOTIFY_DISABLE:
957 vnc_lock_output(vs);
958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
959 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
960 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
961 vnc_unlock_output(vs);
962 vnc_flush(vs);
963 break;
965 case AUD_CNOTIFY_ENABLE:
966 vnc_lock_output(vs);
967 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
968 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
969 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
970 vnc_unlock_output(vs);
971 vnc_flush(vs);
972 break;
976 static void audio_capture_destroy(void *opaque)
980 static void audio_capture(void *opaque, void *buf, int size)
982 VncState *vs = opaque;
984 vnc_lock_output(vs);
985 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
986 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
987 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
988 vnc_write_u32(vs, size);
989 vnc_write(vs, buf, size);
990 vnc_unlock_output(vs);
991 vnc_flush(vs);
994 static void audio_add(VncState *vs)
996 struct audio_capture_ops ops;
998 if (vs->audio_cap) {
999 monitor_printf(default_mon, "audio already running\n");
1000 return;
1003 ops.notify = audio_capture_notify;
1004 ops.destroy = audio_capture_destroy;
1005 ops.capture = audio_capture;
1007 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1008 if (!vs->audio_cap) {
1009 monitor_printf(default_mon, "Failed to add audio capture\n");
1013 static void audio_del(VncState *vs)
1015 if (vs->audio_cap) {
1016 AUD_del_capture(vs->audio_cap, vs);
1017 vs->audio_cap = NULL;
1021 static void vnc_disconnect_start(VncState *vs)
1023 if (vs->csock == -1)
1024 return;
1025 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1026 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1027 closesocket(vs->csock);
1028 vs->csock = -1;
1031 void vnc_disconnect_finish(VncState *vs)
1033 int i;
1035 vnc_jobs_join(vs); /* Wait encoding jobs */
1037 vnc_lock_output(vs);
1038 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1040 buffer_free(&vs->input);
1041 buffer_free(&vs->output);
1042 #ifdef CONFIG_VNC_WS
1043 buffer_free(&vs->ws_input);
1044 buffer_free(&vs->ws_output);
1045 #endif /* CONFIG_VNC_WS */
1047 qobject_decref(vs->info);
1049 vnc_zlib_clear(vs);
1050 vnc_tight_clear(vs);
1051 vnc_zrle_clear(vs);
1053 #ifdef CONFIG_VNC_TLS
1054 vnc_tls_client_cleanup(vs);
1055 #endif /* CONFIG_VNC_TLS */
1056 #ifdef CONFIG_VNC_SASL
1057 vnc_sasl_client_cleanup(vs);
1058 #endif /* CONFIG_VNC_SASL */
1059 audio_del(vs);
1060 vnc_release_modifiers(vs);
1062 if (vs->initialized) {
1063 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1064 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1067 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1068 vs->vd->dcl.idle = 1;
1071 vnc_remove_timer(vs->vd);
1072 if (vs->vd->lock_key_sync)
1073 qemu_remove_led_event_handler(vs->led);
1074 vnc_unlock_output(vs);
1076 qemu_mutex_destroy(&vs->output_mutex);
1077 if (vs->bh != NULL) {
1078 qemu_bh_delete(vs->bh);
1080 buffer_free(&vs->jobs_buffer);
1082 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1083 g_free(vs->lossy_rect[i]);
1085 g_free(vs->lossy_rect);
1086 g_free(vs);
1089 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1091 if (ret == 0 || ret == -1) {
1092 if (ret == -1) {
1093 switch (last_errno) {
1094 case EINTR:
1095 case EAGAIN:
1096 #ifdef _WIN32
1097 case WSAEWOULDBLOCK:
1098 #endif
1099 return 0;
1100 default:
1101 break;
1105 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1106 ret, ret < 0 ? last_errno : 0);
1107 vnc_disconnect_start(vs);
1109 return 0;
1111 return ret;
1115 void vnc_client_error(VncState *vs)
1117 VNC_DEBUG("Closing down client sock: protocol error\n");
1118 vnc_disconnect_start(vs);
1123 * Called to write a chunk of data to the client socket. The data may
1124 * be the raw data, or may have already been encoded by SASL.
1125 * The data will be written either straight onto the socket, or
1126 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1128 * NB, it is theoretically possible to have 2 layers of encryption,
1129 * both SASL, and this TLS layer. It is highly unlikely in practice
1130 * though, since SASL encryption will typically be a no-op if TLS
1131 * is active
1133 * Returns the number of bytes written, which may be less than
1134 * the requested 'datalen' if the socket would block. Returns
1135 * -1 on error, and disconnects the client socket.
1137 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1139 long ret;
1140 #ifdef CONFIG_VNC_TLS
1141 if (vs->tls.session) {
1142 ret = gnutls_write(vs->tls.session, data, datalen);
1143 if (ret < 0) {
1144 if (ret == GNUTLS_E_AGAIN)
1145 errno = EAGAIN;
1146 else
1147 errno = EIO;
1148 ret = -1;
1150 } else
1151 #endif /* CONFIG_VNC_TLS */
1152 ret = send(vs->csock, (const void *)data, datalen, 0);
1153 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1154 return vnc_client_io_error(vs, ret, socket_error());
1159 * Called to write buffered data to the client socket, when not
1160 * using any SASL SSF encryption layers. Will write as much data
1161 * as possible without blocking. If all buffered data is written,
1162 * will switch the FD poll() handler back to read monitoring.
1164 * Returns the number of bytes written, which may be less than
1165 * the buffered output data if the socket would block. Returns
1166 * -1 on error, and disconnects the client socket.
1168 static long vnc_client_write_plain(VncState *vs)
1170 long ret;
1172 #ifdef CONFIG_VNC_SASL
1173 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1174 vs->output.buffer, vs->output.capacity, vs->output.offset,
1175 vs->sasl.waitWriteSSF);
1177 if (vs->sasl.conn &&
1178 vs->sasl.runSSF &&
1179 vs->sasl.waitWriteSSF) {
1180 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1181 if (ret)
1182 vs->sasl.waitWriteSSF -= ret;
1183 } else
1184 #endif /* CONFIG_VNC_SASL */
1185 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1186 if (!ret)
1187 return 0;
1189 buffer_advance(&vs->output, ret);
1191 if (vs->output.offset == 0) {
1192 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1195 return ret;
1200 * First function called whenever there is data to be written to
1201 * the client socket. Will delegate actual work according to whether
1202 * SASL SSF layers are enabled (thus requiring encryption calls)
1204 static void vnc_client_write_locked(void *opaque)
1206 VncState *vs = opaque;
1208 #ifdef CONFIG_VNC_SASL
1209 if (vs->sasl.conn &&
1210 vs->sasl.runSSF &&
1211 !vs->sasl.waitWriteSSF) {
1212 vnc_client_write_sasl(vs);
1213 } else
1214 #endif /* CONFIG_VNC_SASL */
1216 #ifdef CONFIG_VNC_WS
1217 if (vs->encode_ws) {
1218 vnc_client_write_ws(vs);
1219 } else
1220 #endif /* CONFIG_VNC_WS */
1222 vnc_client_write_plain(vs);
1227 void vnc_client_write(void *opaque)
1229 VncState *vs = opaque;
1231 vnc_lock_output(vs);
1232 if (vs->output.offset
1233 #ifdef CONFIG_VNC_WS
1234 || vs->ws_output.offset
1235 #endif
1237 vnc_client_write_locked(opaque);
1238 } else if (vs->csock != -1) {
1239 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1241 vnc_unlock_output(vs);
1244 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1246 vs->read_handler = func;
1247 vs->read_handler_expect = expecting;
1252 * Called to read a chunk of data from the client socket. The data may
1253 * be the raw data, or may need to be further decoded by SASL.
1254 * The data will be read either straight from to the socket, or
1255 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1257 * NB, it is theoretically possible to have 2 layers of encryption,
1258 * both SASL, and this TLS layer. It is highly unlikely in practice
1259 * though, since SASL encryption will typically be a no-op if TLS
1260 * is active
1262 * Returns the number of bytes read, which may be less than
1263 * the requested 'datalen' if the socket would block. Returns
1264 * -1 on error, and disconnects the client socket.
1266 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1268 long ret;
1269 #ifdef CONFIG_VNC_TLS
1270 if (vs->tls.session) {
1271 ret = gnutls_read(vs->tls.session, data, datalen);
1272 if (ret < 0) {
1273 if (ret == GNUTLS_E_AGAIN)
1274 errno = EAGAIN;
1275 else
1276 errno = EIO;
1277 ret = -1;
1279 } else
1280 #endif /* CONFIG_VNC_TLS */
1281 ret = qemu_recv(vs->csock, data, datalen, 0);
1282 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1283 return vnc_client_io_error(vs, ret, socket_error());
1288 * Called to read data from the client socket to the input buffer,
1289 * when not using any SASL SSF encryption layers. Will read as much
1290 * data as possible without blocking.
1292 * Returns the number of bytes read. Returns -1 on error, and
1293 * disconnects the client socket.
1295 static long vnc_client_read_plain(VncState *vs)
1297 int ret;
1298 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1299 vs->input.buffer, vs->input.capacity, vs->input.offset);
1300 buffer_reserve(&vs->input, 4096);
1301 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1302 if (!ret)
1303 return 0;
1304 vs->input.offset += ret;
1305 return ret;
1308 static void vnc_jobs_bh(void *opaque)
1310 VncState *vs = opaque;
1312 vnc_jobs_consume_buffer(vs);
1316 * First function called whenever there is more data to be read from
1317 * the client socket. Will delegate actual work according to whether
1318 * SASL SSF layers are enabled (thus requiring decryption calls)
1320 void vnc_client_read(void *opaque)
1322 VncState *vs = opaque;
1323 long ret;
1325 #ifdef CONFIG_VNC_SASL
1326 if (vs->sasl.conn && vs->sasl.runSSF)
1327 ret = vnc_client_read_sasl(vs);
1328 else
1329 #endif /* CONFIG_VNC_SASL */
1330 #ifdef CONFIG_VNC_WS
1331 if (vs->encode_ws) {
1332 ret = vnc_client_read_ws(vs);
1333 if (ret == -1) {
1334 vnc_disconnect_start(vs);
1335 return;
1336 } else if (ret == -2) {
1337 vnc_client_error(vs);
1338 return;
1340 } else
1341 #endif /* CONFIG_VNC_WS */
1343 ret = vnc_client_read_plain(vs);
1345 if (!ret) {
1346 if (vs->csock == -1)
1347 vnc_disconnect_finish(vs);
1348 return;
1351 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1352 size_t len = vs->read_handler_expect;
1353 int ret;
1355 ret = vs->read_handler(vs, vs->input.buffer, len);
1356 if (vs->csock == -1) {
1357 vnc_disconnect_finish(vs);
1358 return;
1361 if (!ret) {
1362 buffer_advance(&vs->input, len);
1363 } else {
1364 vs->read_handler_expect = ret;
1369 void vnc_write(VncState *vs, const void *data, size_t len)
1371 buffer_reserve(&vs->output, len);
1373 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1374 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1377 buffer_append(&vs->output, data, len);
1380 void vnc_write_s32(VncState *vs, int32_t value)
1382 vnc_write_u32(vs, *(uint32_t *)&value);
1385 void vnc_write_u32(VncState *vs, uint32_t value)
1387 uint8_t buf[4];
1389 buf[0] = (value >> 24) & 0xFF;
1390 buf[1] = (value >> 16) & 0xFF;
1391 buf[2] = (value >> 8) & 0xFF;
1392 buf[3] = value & 0xFF;
1394 vnc_write(vs, buf, 4);
1397 void vnc_write_u16(VncState *vs, uint16_t value)
1399 uint8_t buf[2];
1401 buf[0] = (value >> 8) & 0xFF;
1402 buf[1] = value & 0xFF;
1404 vnc_write(vs, buf, 2);
1407 void vnc_write_u8(VncState *vs, uint8_t value)
1409 vnc_write(vs, (char *)&value, 1);
1412 void vnc_flush(VncState *vs)
1414 vnc_lock_output(vs);
1415 if (vs->csock != -1 && (vs->output.offset
1416 #ifdef CONFIG_VNC_WS
1417 || vs->ws_output.offset
1418 #endif
1419 )) {
1420 vnc_client_write_locked(vs);
1422 vnc_unlock_output(vs);
1425 static uint8_t read_u8(uint8_t *data, size_t offset)
1427 return data[offset];
1430 static uint16_t read_u16(uint8_t *data, size_t offset)
1432 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1435 static int32_t read_s32(uint8_t *data, size_t offset)
1437 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1438 (data[offset + 2] << 8) | data[offset + 3]);
1441 uint32_t read_u32(uint8_t *data, size_t offset)
1443 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1444 (data[offset + 2] << 8) | data[offset + 3]);
1447 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1451 static void check_pointer_type_change(Notifier *notifier, void *data)
1453 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1454 int absolute = kbd_mouse_is_absolute();
1456 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1457 vnc_lock_output(vs);
1458 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1459 vnc_write_u8(vs, 0);
1460 vnc_write_u16(vs, 1);
1461 vnc_framebuffer_update(vs, absolute, 0,
1462 surface_width(vs->vd->ds),
1463 surface_height(vs->vd->ds),
1464 VNC_ENCODING_POINTER_TYPE_CHANGE);
1465 vnc_unlock_output(vs);
1466 vnc_flush(vs);
1468 vs->absolute = absolute;
1471 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1473 int buttons = 0;
1474 int dz = 0;
1475 int width = surface_width(vs->vd->ds);
1476 int height = surface_height(vs->vd->ds);
1478 if (button_mask & 0x01)
1479 buttons |= MOUSE_EVENT_LBUTTON;
1480 if (button_mask & 0x02)
1481 buttons |= MOUSE_EVENT_MBUTTON;
1482 if (button_mask & 0x04)
1483 buttons |= MOUSE_EVENT_RBUTTON;
1484 if (button_mask & 0x08)
1485 dz = -1;
1486 if (button_mask & 0x10)
1487 dz = 1;
1489 if (vs->absolute) {
1490 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000,
1491 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000,
1492 dz, buttons);
1493 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1494 x -= 0x7FFF;
1495 y -= 0x7FFF;
1497 kbd_mouse_event(x, y, dz, buttons);
1498 } else {
1499 if (vs->last_x != -1)
1500 kbd_mouse_event(x - vs->last_x,
1501 y - vs->last_y,
1502 dz, buttons);
1503 vs->last_x = x;
1504 vs->last_y = y;
1508 static void reset_keys(VncState *vs)
1510 int i;
1511 for(i = 0; i < 256; i++) {
1512 if (vs->modifiers_state[i]) {
1513 if (i & SCANCODE_GREY)
1514 kbd_put_keycode(SCANCODE_EMUL0);
1515 kbd_put_keycode(i | SCANCODE_UP);
1516 vs->modifiers_state[i] = 0;
1521 static void press_key(VncState *vs, int keysym)
1523 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1524 if (keycode & SCANCODE_GREY)
1525 kbd_put_keycode(SCANCODE_EMUL0);
1526 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1527 if (keycode & SCANCODE_GREY)
1528 kbd_put_keycode(SCANCODE_EMUL0);
1529 kbd_put_keycode(keycode | SCANCODE_UP);
1532 static void kbd_leds(void *opaque, int ledstate)
1534 VncState *vs = opaque;
1535 int caps, num;
1537 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1538 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1540 if (vs->modifiers_state[0x3a] != caps) {
1541 vs->modifiers_state[0x3a] = caps;
1543 if (vs->modifiers_state[0x45] != num) {
1544 vs->modifiers_state[0x45] = num;
1548 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1550 /* QEMU console switch */
1551 switch(keycode) {
1552 case 0x2a: /* Left Shift */
1553 case 0x36: /* Right Shift */
1554 case 0x1d: /* Left CTRL */
1555 case 0x9d: /* Right CTRL */
1556 case 0x38: /* Left ALT */
1557 case 0xb8: /* Right ALT */
1558 if (down)
1559 vs->modifiers_state[keycode] = 1;
1560 else
1561 vs->modifiers_state[keycode] = 0;
1562 break;
1563 case 0x02 ... 0x0a: /* '1' to '9' keys */
1564 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1565 /* Reset the modifiers sent to the current console */
1566 reset_keys(vs);
1567 console_select(keycode - 0x02);
1568 return;
1570 break;
1571 case 0x3a: /* CapsLock */
1572 case 0x45: /* NumLock */
1573 if (down)
1574 vs->modifiers_state[keycode] ^= 1;
1575 break;
1578 if (down && vs->vd->lock_key_sync &&
1579 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1580 /* If the numlock state needs to change then simulate an additional
1581 keypress before sending this one. This will happen if the user
1582 toggles numlock away from the VNC window.
1584 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1585 if (!vs->modifiers_state[0x45]) {
1586 vs->modifiers_state[0x45] = 1;
1587 press_key(vs, 0xff7f);
1589 } else {
1590 if (vs->modifiers_state[0x45]) {
1591 vs->modifiers_state[0x45] = 0;
1592 press_key(vs, 0xff7f);
1597 if (down && vs->vd->lock_key_sync &&
1598 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1599 /* If the capslock state needs to change then simulate an additional
1600 keypress before sending this one. This will happen if the user
1601 toggles capslock away from the VNC window.
1603 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1604 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1605 int capslock = !!(vs->modifiers_state[0x3a]);
1606 if (capslock) {
1607 if (uppercase == shift) {
1608 vs->modifiers_state[0x3a] = 0;
1609 press_key(vs, 0xffe5);
1611 } else {
1612 if (uppercase != shift) {
1613 vs->modifiers_state[0x3a] = 1;
1614 press_key(vs, 0xffe5);
1619 if (is_graphic_console()) {
1620 if (keycode & SCANCODE_GREY)
1621 kbd_put_keycode(SCANCODE_EMUL0);
1622 if (down)
1623 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1624 else
1625 kbd_put_keycode(keycode | SCANCODE_UP);
1626 } else {
1627 bool numlock = vs->modifiers_state[0x45];
1628 bool control = (vs->modifiers_state[0x1d] ||
1629 vs->modifiers_state[0x9d]);
1630 /* QEMU console emulation */
1631 if (down) {
1632 switch (keycode) {
1633 case 0x2a: /* Left Shift */
1634 case 0x36: /* Right Shift */
1635 case 0x1d: /* Left CTRL */
1636 case 0x9d: /* Right CTRL */
1637 case 0x38: /* Left ALT */
1638 case 0xb8: /* Right ALT */
1639 break;
1640 case 0xc8:
1641 kbd_put_keysym(QEMU_KEY_UP);
1642 break;
1643 case 0xd0:
1644 kbd_put_keysym(QEMU_KEY_DOWN);
1645 break;
1646 case 0xcb:
1647 kbd_put_keysym(QEMU_KEY_LEFT);
1648 break;
1649 case 0xcd:
1650 kbd_put_keysym(QEMU_KEY_RIGHT);
1651 break;
1652 case 0xd3:
1653 kbd_put_keysym(QEMU_KEY_DELETE);
1654 break;
1655 case 0xc7:
1656 kbd_put_keysym(QEMU_KEY_HOME);
1657 break;
1658 case 0xcf:
1659 kbd_put_keysym(QEMU_KEY_END);
1660 break;
1661 case 0xc9:
1662 kbd_put_keysym(QEMU_KEY_PAGEUP);
1663 break;
1664 case 0xd1:
1665 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1666 break;
1668 case 0x47:
1669 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1670 break;
1671 case 0x48:
1672 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1673 break;
1674 case 0x49:
1675 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1676 break;
1677 case 0x4b:
1678 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1679 break;
1680 case 0x4c:
1681 kbd_put_keysym('5');
1682 break;
1683 case 0x4d:
1684 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1685 break;
1686 case 0x4f:
1687 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1688 break;
1689 case 0x50:
1690 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1691 break;
1692 case 0x51:
1693 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1694 break;
1695 case 0x52:
1696 kbd_put_keysym('0');
1697 break;
1698 case 0x53:
1699 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1700 break;
1702 case 0xb5:
1703 kbd_put_keysym('/');
1704 break;
1705 case 0x37:
1706 kbd_put_keysym('*');
1707 break;
1708 case 0x4a:
1709 kbd_put_keysym('-');
1710 break;
1711 case 0x4e:
1712 kbd_put_keysym('+');
1713 break;
1714 case 0x9c:
1715 kbd_put_keysym('\n');
1716 break;
1718 default:
1719 if (control) {
1720 kbd_put_keysym(sym & 0x1f);
1721 } else {
1722 kbd_put_keysym(sym);
1724 break;
1730 static void vnc_release_modifiers(VncState *vs)
1732 static const int keycodes[] = {
1733 /* shift, control, alt keys, both left & right */
1734 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1736 int i, keycode;
1738 if (!is_graphic_console()) {
1739 return;
1741 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1742 keycode = keycodes[i];
1743 if (!vs->modifiers_state[keycode]) {
1744 continue;
1746 if (keycode & SCANCODE_GREY) {
1747 kbd_put_keycode(SCANCODE_EMUL0);
1749 kbd_put_keycode(keycode | SCANCODE_UP);
1753 static void key_event(VncState *vs, int down, uint32_t sym)
1755 int keycode;
1756 int lsym = sym;
1758 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1759 lsym = lsym - 'A' + 'a';
1762 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1763 do_key_event(vs, down, keycode, sym);
1766 static void ext_key_event(VncState *vs, int down,
1767 uint32_t sym, uint16_t keycode)
1769 /* if the user specifies a keyboard layout, always use it */
1770 if (keyboard_layout)
1771 key_event(vs, down, sym);
1772 else
1773 do_key_event(vs, down, keycode, sym);
1776 static void framebuffer_update_request(VncState *vs, int incremental,
1777 int x_position, int y_position,
1778 int w, int h)
1780 int i;
1781 const size_t width = surface_width(vs->vd->ds) / 16;
1782 const size_t height = surface_height(vs->vd->ds);
1784 if (y_position > height) {
1785 y_position = height;
1787 if (y_position + h >= height) {
1788 h = height - y_position;
1791 vs->need_update = 1;
1792 if (!incremental) {
1793 vs->force_update = 1;
1794 for (i = 0; i < h; i++) {
1795 bitmap_set(vs->dirty[y_position + i], 0, width);
1796 bitmap_clear(vs->dirty[y_position + i], width,
1797 VNC_DIRTY_BITS - width);
1802 static void send_ext_key_event_ack(VncState *vs)
1804 vnc_lock_output(vs);
1805 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1806 vnc_write_u8(vs, 0);
1807 vnc_write_u16(vs, 1);
1808 vnc_framebuffer_update(vs, 0, 0,
1809 surface_width(vs->vd->ds),
1810 surface_height(vs->vd->ds),
1811 VNC_ENCODING_EXT_KEY_EVENT);
1812 vnc_unlock_output(vs);
1813 vnc_flush(vs);
1816 static void send_ext_audio_ack(VncState *vs)
1818 vnc_lock_output(vs);
1819 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1820 vnc_write_u8(vs, 0);
1821 vnc_write_u16(vs, 1);
1822 vnc_framebuffer_update(vs, 0, 0,
1823 surface_width(vs->vd->ds),
1824 surface_height(vs->vd->ds),
1825 VNC_ENCODING_AUDIO);
1826 vnc_unlock_output(vs);
1827 vnc_flush(vs);
1830 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1832 int i;
1833 unsigned int enc = 0;
1835 vs->features = 0;
1836 vs->vnc_encoding = 0;
1837 vs->tight.compression = 9;
1838 vs->tight.quality = -1; /* Lossless by default */
1839 vs->absolute = -1;
1842 * Start from the end because the encodings are sent in order of preference.
1843 * This way the preferred encoding (first encoding defined in the array)
1844 * will be set at the end of the loop.
1846 for (i = n_encodings - 1; i >= 0; i--) {
1847 enc = encodings[i];
1848 switch (enc) {
1849 case VNC_ENCODING_RAW:
1850 vs->vnc_encoding = enc;
1851 break;
1852 case VNC_ENCODING_COPYRECT:
1853 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1854 break;
1855 case VNC_ENCODING_HEXTILE:
1856 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1857 vs->vnc_encoding = enc;
1858 break;
1859 case VNC_ENCODING_TIGHT:
1860 vs->features |= VNC_FEATURE_TIGHT_MASK;
1861 vs->vnc_encoding = enc;
1862 break;
1863 #ifdef CONFIG_VNC_PNG
1864 case VNC_ENCODING_TIGHT_PNG:
1865 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1866 vs->vnc_encoding = enc;
1867 break;
1868 #endif
1869 case VNC_ENCODING_ZLIB:
1870 vs->features |= VNC_FEATURE_ZLIB_MASK;
1871 vs->vnc_encoding = enc;
1872 break;
1873 case VNC_ENCODING_ZRLE:
1874 vs->features |= VNC_FEATURE_ZRLE_MASK;
1875 vs->vnc_encoding = enc;
1876 break;
1877 case VNC_ENCODING_ZYWRLE:
1878 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1879 vs->vnc_encoding = enc;
1880 break;
1881 case VNC_ENCODING_DESKTOPRESIZE:
1882 vs->features |= VNC_FEATURE_RESIZE_MASK;
1883 break;
1884 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1885 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1886 break;
1887 case VNC_ENCODING_RICH_CURSOR:
1888 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1889 break;
1890 case VNC_ENCODING_EXT_KEY_EVENT:
1891 send_ext_key_event_ack(vs);
1892 break;
1893 case VNC_ENCODING_AUDIO:
1894 send_ext_audio_ack(vs);
1895 break;
1896 case VNC_ENCODING_WMVi:
1897 vs->features |= VNC_FEATURE_WMVI_MASK;
1898 break;
1899 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1900 vs->tight.compression = (enc & 0x0F);
1901 break;
1902 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1903 if (vs->vd->lossy) {
1904 vs->tight.quality = (enc & 0x0F);
1906 break;
1907 default:
1908 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1909 break;
1912 vnc_desktop_resize(vs);
1913 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1916 static void set_pixel_conversion(VncState *vs)
1918 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
1920 if (fmt == VNC_SERVER_FB_FORMAT) {
1921 vs->write_pixels = vnc_write_pixels_copy;
1922 vnc_hextile_set_pixel_conversion(vs, 0);
1923 } else {
1924 vs->write_pixels = vnc_write_pixels_generic;
1925 vnc_hextile_set_pixel_conversion(vs, 1);
1929 static void set_pixel_format(VncState *vs,
1930 int bits_per_pixel, int depth,
1931 int big_endian_flag, int true_color_flag,
1932 int red_max, int green_max, int blue_max,
1933 int red_shift, int green_shift, int blue_shift)
1935 if (!true_color_flag) {
1936 vnc_client_error(vs);
1937 return;
1940 vs->client_pf.rmax = red_max;
1941 vs->client_pf.rbits = hweight_long(red_max);
1942 vs->client_pf.rshift = red_shift;
1943 vs->client_pf.rmask = red_max << red_shift;
1944 vs->client_pf.gmax = green_max;
1945 vs->client_pf.gbits = hweight_long(green_max);
1946 vs->client_pf.gshift = green_shift;
1947 vs->client_pf.gmask = green_max << green_shift;
1948 vs->client_pf.bmax = blue_max;
1949 vs->client_pf.bbits = hweight_long(blue_max);
1950 vs->client_pf.bshift = blue_shift;
1951 vs->client_pf.bmask = blue_max << blue_shift;
1952 vs->client_pf.bits_per_pixel = bits_per_pixel;
1953 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
1954 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1955 vs->client_be = big_endian_flag;
1957 set_pixel_conversion(vs);
1959 vga_hw_invalidate();
1960 vga_hw_update();
1963 static void pixel_format_message (VncState *vs) {
1964 char pad[3] = { 0, 0, 0 };
1966 vs->client_pf = qemu_default_pixelformat(32);
1968 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
1969 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
1971 #ifdef HOST_WORDS_BIGENDIAN
1972 vnc_write_u8(vs, 1); /* big-endian-flag */
1973 #else
1974 vnc_write_u8(vs, 0); /* big-endian-flag */
1975 #endif
1976 vnc_write_u8(vs, 1); /* true-color-flag */
1977 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
1978 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
1979 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
1980 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
1981 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
1982 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
1983 vnc_write(vs, pad, 3); /* padding */
1985 vnc_hextile_set_pixel_conversion(vs, 0);
1986 vs->write_pixels = vnc_write_pixels_copy;
1989 static void vnc_colordepth(VncState *vs)
1991 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1992 /* Sending a WMVi message to notify the client*/
1993 vnc_lock_output(vs);
1994 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1995 vnc_write_u8(vs, 0);
1996 vnc_write_u16(vs, 1); /* number of rects */
1997 vnc_framebuffer_update(vs, 0, 0,
1998 surface_width(vs->vd->ds),
1999 surface_height(vs->vd->ds),
2000 VNC_ENCODING_WMVi);
2001 pixel_format_message(vs);
2002 vnc_unlock_output(vs);
2003 vnc_flush(vs);
2004 } else {
2005 set_pixel_conversion(vs);
2009 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2011 int i;
2012 uint16_t limit;
2013 VncDisplay *vd = vs->vd;
2015 if (data[0] > 3) {
2016 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2017 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
2018 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2021 switch (data[0]) {
2022 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2023 if (len == 1)
2024 return 20;
2026 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2027 read_u8(data, 6), read_u8(data, 7),
2028 read_u16(data, 8), read_u16(data, 10),
2029 read_u16(data, 12), read_u8(data, 14),
2030 read_u8(data, 15), read_u8(data, 16));
2031 break;
2032 case VNC_MSG_CLIENT_SET_ENCODINGS:
2033 if (len == 1)
2034 return 4;
2036 if (len == 4) {
2037 limit = read_u16(data, 2);
2038 if (limit > 0)
2039 return 4 + (limit * 4);
2040 } else
2041 limit = read_u16(data, 2);
2043 for (i = 0; i < limit; i++) {
2044 int32_t val = read_s32(data, 4 + (i * 4));
2045 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2048 set_encodings(vs, (int32_t *)(data + 4), limit);
2049 break;
2050 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2051 if (len == 1)
2052 return 10;
2054 framebuffer_update_request(vs,
2055 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2056 read_u16(data, 6), read_u16(data, 8));
2057 break;
2058 case VNC_MSG_CLIENT_KEY_EVENT:
2059 if (len == 1)
2060 return 8;
2062 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2063 break;
2064 case VNC_MSG_CLIENT_POINTER_EVENT:
2065 if (len == 1)
2066 return 6;
2068 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2069 break;
2070 case VNC_MSG_CLIENT_CUT_TEXT:
2071 if (len == 1)
2072 return 8;
2074 if (len == 8) {
2075 uint32_t dlen = read_u32(data, 4);
2076 if (dlen > 0)
2077 return 8 + dlen;
2080 client_cut_text(vs, read_u32(data, 4), data + 8);
2081 break;
2082 case VNC_MSG_CLIENT_QEMU:
2083 if (len == 1)
2084 return 2;
2086 switch (read_u8(data, 1)) {
2087 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2088 if (len == 2)
2089 return 12;
2091 ext_key_event(vs, read_u16(data, 2),
2092 read_u32(data, 4), read_u32(data, 8));
2093 break;
2094 case VNC_MSG_CLIENT_QEMU_AUDIO:
2095 if (len == 2)
2096 return 4;
2098 switch (read_u16 (data, 2)) {
2099 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2100 audio_add(vs);
2101 break;
2102 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2103 audio_del(vs);
2104 break;
2105 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2106 if (len == 4)
2107 return 10;
2108 switch (read_u8(data, 4)) {
2109 case 0: vs->as.fmt = AUD_FMT_U8; break;
2110 case 1: vs->as.fmt = AUD_FMT_S8; break;
2111 case 2: vs->as.fmt = AUD_FMT_U16; break;
2112 case 3: vs->as.fmt = AUD_FMT_S16; break;
2113 case 4: vs->as.fmt = AUD_FMT_U32; break;
2114 case 5: vs->as.fmt = AUD_FMT_S32; break;
2115 default:
2116 printf("Invalid audio format %d\n", read_u8(data, 4));
2117 vnc_client_error(vs);
2118 break;
2120 vs->as.nchannels = read_u8(data, 5);
2121 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2122 printf("Invalid audio channel coount %d\n",
2123 read_u8(data, 5));
2124 vnc_client_error(vs);
2125 break;
2127 vs->as.freq = read_u32(data, 6);
2128 break;
2129 default:
2130 printf ("Invalid audio message %d\n", read_u8(data, 4));
2131 vnc_client_error(vs);
2132 break;
2134 break;
2136 default:
2137 printf("Msg: %d\n", read_u16(data, 0));
2138 vnc_client_error(vs);
2139 break;
2141 break;
2142 default:
2143 printf("Msg: %d\n", data[0]);
2144 vnc_client_error(vs);
2145 break;
2148 vnc_read_when(vs, protocol_client_msg, 1);
2149 return 0;
2152 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2154 char buf[1024];
2155 VncShareMode mode;
2156 int size;
2158 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2159 switch (vs->vd->share_policy) {
2160 case VNC_SHARE_POLICY_IGNORE:
2162 * Ignore the shared flag. Nothing to do here.
2164 * Doesn't conform to the rfb spec but is traditional qemu
2165 * behavior, thus left here as option for compatibility
2166 * reasons.
2168 break;
2169 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2171 * Policy: Allow clients ask for exclusive access.
2173 * Implementation: When a client asks for exclusive access,
2174 * disconnect all others. Shared connects are allowed as long
2175 * as no exclusive connection exists.
2177 * This is how the rfb spec suggests to handle the shared flag.
2179 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2180 VncState *client;
2181 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2182 if (vs == client) {
2183 continue;
2185 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2186 client->share_mode != VNC_SHARE_MODE_SHARED) {
2187 continue;
2189 vnc_disconnect_start(client);
2192 if (mode == VNC_SHARE_MODE_SHARED) {
2193 if (vs->vd->num_exclusive > 0) {
2194 vnc_disconnect_start(vs);
2195 return 0;
2198 break;
2199 case VNC_SHARE_POLICY_FORCE_SHARED:
2201 * Policy: Shared connects only.
2202 * Implementation: Disallow clients asking for exclusive access.
2204 * Useful for shared desktop sessions where you don't want
2205 * someone forgetting to say -shared when running the vnc
2206 * client disconnect everybody else.
2208 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2209 vnc_disconnect_start(vs);
2210 return 0;
2212 break;
2214 vnc_set_share_mode(vs, mode);
2216 vs->client_width = surface_width(vs->vd->ds);
2217 vs->client_height = surface_height(vs->vd->ds);
2218 vnc_write_u16(vs, vs->client_width);
2219 vnc_write_u16(vs, vs->client_height);
2221 pixel_format_message(vs);
2223 if (qemu_name)
2224 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2225 else
2226 size = snprintf(buf, sizeof(buf), "QEMU");
2228 vnc_write_u32(vs, size);
2229 vnc_write(vs, buf, size);
2230 vnc_flush(vs);
2232 vnc_client_cache_auth(vs);
2233 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2235 vnc_read_when(vs, protocol_client_msg, 1);
2237 return 0;
2240 void start_client_init(VncState *vs)
2242 vnc_read_when(vs, protocol_client_init, 1);
2245 static void make_challenge(VncState *vs)
2247 int i;
2249 srand(time(NULL)+getpid()+getpid()*987654+rand());
2251 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2252 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2255 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2257 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2258 int i, j, pwlen;
2259 unsigned char key[8];
2260 time_t now = time(NULL);
2262 if (!vs->vd->password) {
2263 VNC_DEBUG("No password configured on server");
2264 goto reject;
2266 if (vs->vd->expires < now) {
2267 VNC_DEBUG("Password is expired");
2268 goto reject;
2271 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2273 /* Calculate the expected challenge response */
2274 pwlen = strlen(vs->vd->password);
2275 for (i=0; i<sizeof(key); i++)
2276 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2277 deskey(key, EN0);
2278 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2279 des(response+j, response+j);
2281 /* Compare expected vs actual challenge response */
2282 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2283 VNC_DEBUG("Client challenge response did not match\n");
2284 goto reject;
2285 } else {
2286 VNC_DEBUG("Accepting VNC challenge response\n");
2287 vnc_write_u32(vs, 0); /* Accept auth */
2288 vnc_flush(vs);
2290 start_client_init(vs);
2292 return 0;
2294 reject:
2295 vnc_write_u32(vs, 1); /* Reject auth */
2296 if (vs->minor >= 8) {
2297 static const char err[] = "Authentication failed";
2298 vnc_write_u32(vs, sizeof(err));
2299 vnc_write(vs, err, sizeof(err));
2301 vnc_flush(vs);
2302 vnc_client_error(vs);
2303 return 0;
2306 void start_auth_vnc(VncState *vs)
2308 make_challenge(vs);
2309 /* Send client a 'random' challenge */
2310 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2311 vnc_flush(vs);
2313 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2317 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2319 /* We only advertise 1 auth scheme at a time, so client
2320 * must pick the one we sent. Verify this */
2321 if (data[0] != vs->auth) { /* Reject auth */
2322 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2323 vnc_write_u32(vs, 1);
2324 if (vs->minor >= 8) {
2325 static const char err[] = "Authentication failed";
2326 vnc_write_u32(vs, sizeof(err));
2327 vnc_write(vs, err, sizeof(err));
2329 vnc_client_error(vs);
2330 } else { /* Accept requested auth */
2331 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2332 switch (vs->auth) {
2333 case VNC_AUTH_NONE:
2334 VNC_DEBUG("Accept auth none\n");
2335 if (vs->minor >= 8) {
2336 vnc_write_u32(vs, 0); /* Accept auth completion */
2337 vnc_flush(vs);
2339 start_client_init(vs);
2340 break;
2342 case VNC_AUTH_VNC:
2343 VNC_DEBUG("Start VNC auth\n");
2344 start_auth_vnc(vs);
2345 break;
2347 #ifdef CONFIG_VNC_TLS
2348 case VNC_AUTH_VENCRYPT:
2349 VNC_DEBUG("Accept VeNCrypt auth\n");
2350 start_auth_vencrypt(vs);
2351 break;
2352 #endif /* CONFIG_VNC_TLS */
2354 #ifdef CONFIG_VNC_SASL
2355 case VNC_AUTH_SASL:
2356 VNC_DEBUG("Accept SASL auth\n");
2357 start_auth_sasl(vs);
2358 break;
2359 #endif /* CONFIG_VNC_SASL */
2361 default: /* Should not be possible, but just in case */
2362 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2363 vnc_write_u8(vs, 1);
2364 if (vs->minor >= 8) {
2365 static const char err[] = "Authentication failed";
2366 vnc_write_u32(vs, sizeof(err));
2367 vnc_write(vs, err, sizeof(err));
2369 vnc_client_error(vs);
2372 return 0;
2375 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2377 char local[13];
2379 memcpy(local, version, 12);
2380 local[12] = 0;
2382 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2383 VNC_DEBUG("Malformed protocol version %s\n", local);
2384 vnc_client_error(vs);
2385 return 0;
2387 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2388 if (vs->major != 3 ||
2389 (vs->minor != 3 &&
2390 vs->minor != 4 &&
2391 vs->minor != 5 &&
2392 vs->minor != 7 &&
2393 vs->minor != 8)) {
2394 VNC_DEBUG("Unsupported client version\n");
2395 vnc_write_u32(vs, VNC_AUTH_INVALID);
2396 vnc_flush(vs);
2397 vnc_client_error(vs);
2398 return 0;
2400 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2401 * as equivalent to v3.3 by servers
2403 if (vs->minor == 4 || vs->minor == 5)
2404 vs->minor = 3;
2406 if (vs->minor == 3) {
2407 if (vs->auth == VNC_AUTH_NONE) {
2408 VNC_DEBUG("Tell client auth none\n");
2409 vnc_write_u32(vs, vs->auth);
2410 vnc_flush(vs);
2411 start_client_init(vs);
2412 } else if (vs->auth == VNC_AUTH_VNC) {
2413 VNC_DEBUG("Tell client VNC auth\n");
2414 vnc_write_u32(vs, vs->auth);
2415 vnc_flush(vs);
2416 start_auth_vnc(vs);
2417 } else {
2418 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2419 vnc_write_u32(vs, VNC_AUTH_INVALID);
2420 vnc_flush(vs);
2421 vnc_client_error(vs);
2423 } else {
2424 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2425 vnc_write_u8(vs, 1); /* num auth */
2426 vnc_write_u8(vs, vs->auth);
2427 vnc_read_when(vs, protocol_client_auth, 1);
2428 vnc_flush(vs);
2431 return 0;
2434 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2436 struct VncSurface *vs = &vd->guest;
2438 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2441 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2443 int i, j;
2445 w = (x + w) / VNC_STAT_RECT;
2446 h = (y + h) / VNC_STAT_RECT;
2447 x /= VNC_STAT_RECT;
2448 y /= VNC_STAT_RECT;
2450 for (j = y; j <= h; j++) {
2451 for (i = x; i <= w; i++) {
2452 vs->lossy_rect[j][i] = 1;
2457 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2459 VncState *vs;
2460 int sty = y / VNC_STAT_RECT;
2461 int stx = x / VNC_STAT_RECT;
2462 int has_dirty = 0;
2464 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2465 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2467 QTAILQ_FOREACH(vs, &vd->clients, next) {
2468 int j;
2470 /* kernel send buffers are full -> refresh later */
2471 if (vs->output.offset) {
2472 continue;
2475 if (!vs->lossy_rect[sty][stx]) {
2476 continue;
2479 vs->lossy_rect[sty][stx] = 0;
2480 for (j = 0; j < VNC_STAT_RECT; ++j) {
2481 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2483 has_dirty++;
2486 return has_dirty;
2489 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2491 int width = pixman_image_get_width(vd->guest.fb);
2492 int height = pixman_image_get_height(vd->guest.fb);
2493 int x, y;
2494 struct timeval res;
2495 int has_dirty = 0;
2497 for (y = 0; y < height; y += VNC_STAT_RECT) {
2498 for (x = 0; x < width; x += VNC_STAT_RECT) {
2499 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2501 rect->updated = false;
2505 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2507 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2508 return has_dirty;
2510 vd->guest.last_freq_check = *tv;
2512 for (y = 0; y < height; y += VNC_STAT_RECT) {
2513 for (x = 0; x < width; x += VNC_STAT_RECT) {
2514 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2515 int count = ARRAY_SIZE(rect->times);
2516 struct timeval min, max;
2518 if (!timerisset(&rect->times[count - 1])) {
2519 continue ;
2522 max = rect->times[(rect->idx + count - 1) % count];
2523 qemu_timersub(tv, &max, &res);
2525 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2526 rect->freq = 0;
2527 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2528 memset(rect->times, 0, sizeof (rect->times));
2529 continue ;
2532 min = rect->times[rect->idx];
2533 max = rect->times[(rect->idx + count - 1) % count];
2534 qemu_timersub(&max, &min, &res);
2536 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2537 rect->freq /= count;
2538 rect->freq = 1. / rect->freq;
2541 return has_dirty;
2544 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2546 int i, j;
2547 double total = 0;
2548 int num = 0;
2550 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2551 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2553 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2554 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2555 total += vnc_stat_rect(vs->vd, i, j)->freq;
2556 num++;
2560 if (num) {
2561 return total / num;
2562 } else {
2563 return 0;
2567 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2569 VncRectStat *rect;
2571 rect = vnc_stat_rect(vd, x, y);
2572 if (rect->updated) {
2573 return ;
2575 rect->times[rect->idx] = *tv;
2576 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2577 rect->updated = true;
2580 static int vnc_refresh_server_surface(VncDisplay *vd)
2582 int width = pixman_image_get_width(vd->guest.fb);
2583 int height = pixman_image_get_height(vd->guest.fb);
2584 int y;
2585 uint8_t *guest_row;
2586 uint8_t *server_row;
2587 int cmp_bytes;
2588 VncState *vs;
2589 int has_dirty = 0;
2590 pixman_image_t *tmpbuf = NULL;
2592 struct timeval tv = { 0, 0 };
2594 if (!vd->non_adaptive) {
2595 gettimeofday(&tv, NULL);
2596 has_dirty = vnc_update_stats(vd, &tv);
2600 * Walk through the guest dirty map.
2601 * Check and copy modified bits from guest to server surface.
2602 * Update server dirty map.
2604 cmp_bytes = 64;
2605 if (cmp_bytes > vnc_server_fb_stride(vd)) {
2606 cmp_bytes = vnc_server_fb_stride(vd);
2608 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2609 int width = pixman_image_get_width(vd->server);
2610 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2612 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2613 server_row = (uint8_t *)pixman_image_get_data(vd->server);
2614 for (y = 0; y < height; y++) {
2615 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2616 int x;
2617 uint8_t *guest_ptr;
2618 uint8_t *server_ptr;
2620 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2621 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2622 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2623 } else {
2624 guest_ptr = guest_row;
2626 server_ptr = server_row;
2628 for (x = 0; x + 15 < width;
2629 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2630 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2631 continue;
2632 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2633 continue;
2634 memcpy(server_ptr, guest_ptr, cmp_bytes);
2635 if (!vd->non_adaptive)
2636 vnc_rect_updated(vd, x, y, &tv);
2637 QTAILQ_FOREACH(vs, &vd->clients, next) {
2638 set_bit((x / 16), vs->dirty[y]);
2640 has_dirty++;
2643 guest_row += pixman_image_get_stride(vd->guest.fb);
2644 server_row += pixman_image_get_stride(vd->server);
2646 qemu_pixman_image_unref(tmpbuf);
2647 return has_dirty;
2650 static void vnc_refresh(void *opaque)
2652 VncDisplay *vd = opaque;
2653 VncState *vs, *vn;
2654 int has_dirty, rects = 0;
2656 vga_hw_update();
2658 if (vnc_trylock_display(vd)) {
2659 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2660 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2661 vd->timer_interval);
2662 return;
2665 has_dirty = vnc_refresh_server_surface(vd);
2666 vnc_unlock_display(vd);
2668 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2669 rects += vnc_update_client(vs, has_dirty);
2670 /* vs might be free()ed here */
2673 /* vd->timer could be NULL now if the last client disconnected,
2674 * in this case don't update the timer */
2675 if (vd->timer == NULL)
2676 return;
2678 if (has_dirty && rects) {
2679 vd->timer_interval /= 2;
2680 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2681 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2682 } else {
2683 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2684 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2685 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2687 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2690 static void vnc_init_timer(VncDisplay *vd)
2692 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2693 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2694 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2695 vga_hw_update();
2696 vnc_refresh(vd);
2700 static void vnc_remove_timer(VncDisplay *vd)
2702 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2703 qemu_del_timer(vd->timer);
2704 qemu_free_timer(vd->timer);
2705 vd->timer = NULL;
2709 static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket)
2711 VncState *vs = g_malloc0(sizeof(VncState));
2712 int i;
2714 vs->csock = csock;
2716 if (skipauth) {
2717 vs->auth = VNC_AUTH_NONE;
2718 #ifdef CONFIG_VNC_TLS
2719 vs->subauth = VNC_AUTH_INVALID;
2720 #endif
2721 } else {
2722 vs->auth = vd->auth;
2723 #ifdef CONFIG_VNC_TLS
2724 vs->subauth = vd->subauth;
2725 #endif
2728 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2729 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2730 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2733 VNC_DEBUG("New client on socket %d\n", csock);
2734 vd->dcl.idle = 0;
2735 socket_set_nonblock(vs->csock);
2736 #ifdef CONFIG_VNC_WS
2737 if (websocket) {
2738 vs->websocket = 1;
2739 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
2740 } else
2741 #endif /* CONFIG_VNC_WS */
2743 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2746 vnc_client_cache_addr(vs);
2747 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2748 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2750 vs->vd = vd;
2752 #ifdef CONFIG_VNC_WS
2753 if (!vs->websocket)
2754 #endif
2756 vnc_init_state(vs);
2760 void vnc_init_state(VncState *vs)
2762 vs->initialized = true;
2763 VncDisplay *vd = vs->vd;
2765 vs->last_x = -1;
2766 vs->last_y = -1;
2768 vs->as.freq = 44100;
2769 vs->as.nchannels = 2;
2770 vs->as.fmt = AUD_FMT_S16;
2771 vs->as.endianness = 0;
2773 qemu_mutex_init(&vs->output_mutex);
2774 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2776 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2778 vga_hw_update();
2780 vnc_write(vs, "RFB 003.008\n", 12);
2781 vnc_flush(vs);
2782 vnc_read_when(vs, protocol_version, 12);
2783 reset_keys(vs);
2784 if (vs->vd->lock_key_sync)
2785 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2787 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2788 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2790 vnc_init_timer(vd);
2792 /* vs might be free()ed here */
2795 static void vnc_listen_read(void *opaque, bool websocket)
2797 VncDisplay *vs = opaque;
2798 struct sockaddr_in addr;
2799 socklen_t addrlen = sizeof(addr);
2800 int csock;
2802 /* Catch-up */
2803 vga_hw_update();
2804 #ifdef CONFIG_VNC_WS
2805 if (websocket) {
2806 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen);
2807 } else
2808 #endif /* CONFIG_VNC_WS */
2810 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2813 if (csock != -1) {
2814 vnc_connect(vs, csock, 0, websocket);
2818 static void vnc_listen_regular_read(void *opaque)
2820 vnc_listen_read(opaque, 0);
2823 #ifdef CONFIG_VNC_WS
2824 static void vnc_listen_websocket_read(void *opaque)
2826 vnc_listen_read(opaque, 1);
2828 #endif /* CONFIG_VNC_WS */
2830 static const DisplayChangeListenerOps dcl_ops = {
2831 .dpy_name = "vnc",
2832 .dpy_gfx_copy = vnc_dpy_copy,
2833 .dpy_gfx_update = vnc_dpy_update,
2834 .dpy_gfx_switch = vnc_dpy_switch,
2835 .dpy_mouse_set = vnc_mouse_set,
2836 .dpy_cursor_define = vnc_dpy_cursor_define,
2839 void vnc_display_init(DisplayState *ds)
2841 VncDisplay *vs = g_malloc0(sizeof(*vs));
2843 vs->dcl.idle = 1;
2844 vnc_display = vs;
2846 vs->lsock = -1;
2847 #ifdef CONFIG_VNC_WS
2848 vs->lwebsock = -1;
2849 #endif
2851 QTAILQ_INIT(&vs->clients);
2852 vs->expires = TIME_MAX;
2854 if (keyboard_layout)
2855 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2856 else
2857 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2859 if (!vs->kbd_layout)
2860 exit(1);
2862 qemu_mutex_init(&vs->mutex);
2863 vnc_start_worker_thread();
2865 vs->dcl.ops = &dcl_ops;
2866 register_displaychangelistener(ds, &vs->dcl);
2870 static void vnc_display_close(DisplayState *ds)
2872 VncDisplay *vs = vnc_display;
2874 if (!vs)
2875 return;
2876 if (vs->display) {
2877 g_free(vs->display);
2878 vs->display = NULL;
2880 if (vs->lsock != -1) {
2881 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2882 close(vs->lsock);
2883 vs->lsock = -1;
2885 #ifdef CONFIG_VNC_WS
2886 g_free(vs->ws_display);
2887 vs->ws_display = NULL;
2888 if (vs->lwebsock != -1) {
2889 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL);
2890 close(vs->lwebsock);
2891 vs->lwebsock = -1;
2893 #endif /* CONFIG_VNC_WS */
2894 vs->auth = VNC_AUTH_INVALID;
2895 #ifdef CONFIG_VNC_TLS
2896 vs->subauth = VNC_AUTH_INVALID;
2897 vs->tls.x509verify = 0;
2898 #endif
2901 static int vnc_display_disable_login(DisplayState *ds)
2903 VncDisplay *vs = vnc_display;
2905 if (!vs) {
2906 return -1;
2909 if (vs->password) {
2910 g_free(vs->password);
2913 vs->password = NULL;
2914 if (vs->auth == VNC_AUTH_NONE) {
2915 vs->auth = VNC_AUTH_VNC;
2918 return 0;
2921 int vnc_display_password(DisplayState *ds, const char *password)
2923 VncDisplay *vs = vnc_display;
2925 if (!vs) {
2926 return -EINVAL;
2929 if (!password) {
2930 /* This is not the intention of this interface but err on the side
2931 of being safe */
2932 return vnc_display_disable_login(ds);
2935 if (vs->password) {
2936 g_free(vs->password);
2937 vs->password = NULL;
2939 vs->password = g_strdup(password);
2940 if (vs->auth == VNC_AUTH_NONE) {
2941 vs->auth = VNC_AUTH_VNC;
2944 return 0;
2947 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2949 VncDisplay *vs = vnc_display;
2951 if (!vs) {
2952 return -EINVAL;
2955 vs->expires = expires;
2956 return 0;
2959 char *vnc_display_local_addr(DisplayState *ds)
2961 VncDisplay *vs = vnc_display;
2963 return vnc_socket_local_addr("%s:%s", vs->lsock);
2966 void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
2968 VncDisplay *vs = vnc_display;
2969 const char *options;
2970 int password = 0;
2971 int reverse = 0;
2972 #ifdef CONFIG_VNC_TLS
2973 int tls = 0, x509 = 0;
2974 #endif
2975 #ifdef CONFIG_VNC_SASL
2976 int sasl = 0;
2977 int saslErr;
2978 #endif
2979 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2980 int acl = 0;
2981 #endif
2982 int lock_key_sync = 1;
2984 if (!vnc_display) {
2985 error_setg(errp, "VNC display not active");
2986 return;
2988 vnc_display_close(ds);
2989 if (strcmp(display, "none") == 0)
2990 return;
2992 vs->display = g_strdup(display);
2993 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2995 options = display;
2996 while ((options = strchr(options, ','))) {
2997 options++;
2998 if (strncmp(options, "password", 8) == 0) {
2999 if (fips_get_state()) {
3000 error_setg(errp,
3001 "VNC password auth disabled due to FIPS mode, "
3002 "consider using the VeNCrypt or SASL authentication "
3003 "methods as an alternative");
3004 goto fail;
3006 password = 1; /* Require password auth */
3007 } else if (strncmp(options, "reverse", 7) == 0) {
3008 reverse = 1;
3009 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
3010 lock_key_sync = 0;
3011 #ifdef CONFIG_VNC_SASL
3012 } else if (strncmp(options, "sasl", 4) == 0) {
3013 sasl = 1; /* Require SASL auth */
3014 #endif
3015 #ifdef CONFIG_VNC_WS
3016 } else if (strncmp(options, "websocket", 9) == 0) {
3017 char *start, *end;
3018 vs->websocket = 1;
3020 /* Check for 'websocket=<port>' */
3021 start = strchr(options, '=');
3022 end = strchr(options, ',');
3023 if (start && (!end || (start < end))) {
3024 int len = end ? end-(start+1) : strlen(start+1);
3025 if (len < 6) {
3026 /* extract the host specification from display */
3027 char *host = NULL, *port = NULL, *host_end = NULL;
3028 port = g_strndup(start + 1, len);
3030 /* ipv6 hosts have colons */
3031 end = strchr(display, ',');
3032 host_end = g_strrstr_len(display, end - display, ":");
3034 if (host_end) {
3035 host = g_strndup(display, host_end - display + 1);
3036 } else {
3037 host = g_strndup(":", 1);
3039 vs->ws_display = g_strconcat(host, port, NULL);
3040 g_free(host);
3041 g_free(port);
3044 #endif /* CONFIG_VNC_WS */
3045 #ifdef CONFIG_VNC_TLS
3046 } else if (strncmp(options, "tls", 3) == 0) {
3047 tls = 1; /* Require TLS */
3048 } else if (strncmp(options, "x509", 4) == 0) {
3049 char *start, *end;
3050 x509 = 1; /* Require x509 certificates */
3051 if (strncmp(options, "x509verify", 10) == 0)
3052 vs->tls.x509verify = 1; /* ...and verify client certs */
3054 /* Now check for 'x509=/some/path' postfix
3055 * and use that to setup x509 certificate/key paths */
3056 start = strchr(options, '=');
3057 end = strchr(options, ',');
3058 if (start && (!end || (start < end))) {
3059 int len = end ? end-(start+1) : strlen(start+1);
3060 char *path = g_strndup(start + 1, len);
3062 VNC_DEBUG("Trying certificate path '%s'\n", path);
3063 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
3064 error_setg(errp, "Failed to find x509 certificates/keys in %s", path);
3065 g_free(path);
3066 goto fail;
3068 g_free(path);
3069 } else {
3070 error_setg(errp, "No certificate path provided");
3071 goto fail;
3073 #endif
3074 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3075 } else if (strncmp(options, "acl", 3) == 0) {
3076 acl = 1;
3077 #endif
3078 } else if (strncmp(options, "lossy", 5) == 0) {
3079 vs->lossy = true;
3080 } else if (strncmp(options, "non-adaptive", 12) == 0) {
3081 vs->non_adaptive = true;
3082 } else if (strncmp(options, "share=", 6) == 0) {
3083 if (strncmp(options+6, "ignore", 6) == 0) {
3084 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3085 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
3086 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3087 } else if (strncmp(options+6, "force-shared", 12) == 0) {
3088 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3089 } else {
3090 error_setg(errp, "unknown vnc share= option");
3091 goto fail;
3096 #ifdef CONFIG_VNC_TLS
3097 if (acl && x509 && vs->tls.x509verify) {
3098 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
3099 fprintf(stderr, "Failed to create x509 dname ACL\n");
3100 exit(1);
3103 #endif
3104 #ifdef CONFIG_VNC_SASL
3105 if (acl && sasl) {
3106 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
3107 fprintf(stderr, "Failed to create username ACL\n");
3108 exit(1);
3111 #endif
3114 * Combinations we support here:
3116 * - no-auth (clear text, no auth)
3117 * - password (clear text, weak auth)
3118 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3119 * - tls (encrypt, weak anonymous creds, no auth)
3120 * - tls + password (encrypt, weak anonymous creds, weak auth)
3121 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3122 * - tls + x509 (encrypt, good x509 creds, no auth)
3123 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3124 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3126 * NB1. TLS is a stackable auth scheme.
3127 * NB2. the x509 schemes have option to validate a client cert dname
3129 if (password) {
3130 #ifdef CONFIG_VNC_TLS
3131 if (tls) {
3132 vs->auth = VNC_AUTH_VENCRYPT;
3133 if (x509) {
3134 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3135 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3136 } else {
3137 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3138 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3140 } else {
3141 #endif /* CONFIG_VNC_TLS */
3142 VNC_DEBUG("Initializing VNC server with password auth\n");
3143 vs->auth = VNC_AUTH_VNC;
3144 #ifdef CONFIG_VNC_TLS
3145 vs->subauth = VNC_AUTH_INVALID;
3147 #endif /* CONFIG_VNC_TLS */
3148 #ifdef CONFIG_VNC_SASL
3149 } else if (sasl) {
3150 #ifdef CONFIG_VNC_TLS
3151 if (tls) {
3152 vs->auth = VNC_AUTH_VENCRYPT;
3153 if (x509) {
3154 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3155 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3156 } else {
3157 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3158 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3160 } else {
3161 #endif /* CONFIG_VNC_TLS */
3162 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3163 vs->auth = VNC_AUTH_SASL;
3164 #ifdef CONFIG_VNC_TLS
3165 vs->subauth = VNC_AUTH_INVALID;
3167 #endif /* CONFIG_VNC_TLS */
3168 #endif /* CONFIG_VNC_SASL */
3169 } else {
3170 #ifdef CONFIG_VNC_TLS
3171 if (tls) {
3172 vs->auth = VNC_AUTH_VENCRYPT;
3173 if (x509) {
3174 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3175 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3176 } else {
3177 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3178 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3180 } else {
3181 #endif
3182 VNC_DEBUG("Initializing VNC server with no auth\n");
3183 vs->auth = VNC_AUTH_NONE;
3184 #ifdef CONFIG_VNC_TLS
3185 vs->subauth = VNC_AUTH_INVALID;
3187 #endif
3190 #ifdef CONFIG_VNC_SASL
3191 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3192 error_setg(errp, "Failed to initialize SASL auth: %s",
3193 sasl_errstring(saslErr, NULL, NULL));
3194 goto fail;
3196 #endif
3197 vs->lock_key_sync = lock_key_sync;
3199 if (reverse) {
3200 /* connect to viewer */
3201 int csock;
3202 vs->lsock = -1;
3203 #ifdef CONFIG_VNC_WS
3204 vs->lwebsock = -1;
3205 #endif
3206 if (strncmp(display, "unix:", 5) == 0) {
3207 csock = unix_connect(display+5, errp);
3208 } else {
3209 csock = inet_connect(display, errp);
3211 if (csock < 0) {
3212 goto fail;
3214 vnc_connect(vs, csock, 0, 0);
3215 } else {
3216 /* listen for connects */
3217 char *dpy;
3218 dpy = g_malloc(256);
3219 if (strncmp(display, "unix:", 5) == 0) {
3220 pstrcpy(dpy, 256, "unix:");
3221 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp);
3222 } else {
3223 vs->lsock = inet_listen(display, dpy, 256,
3224 SOCK_STREAM, 5900, errp);
3225 if (vs->lsock < 0) {
3226 g_free(dpy);
3227 goto fail;
3229 #ifdef CONFIG_VNC_WS
3230 if (vs->websocket) {
3231 if (vs->ws_display) {
3232 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256,
3233 SOCK_STREAM, 0, errp);
3234 } else {
3235 vs->lwebsock = inet_listen(vs->display, NULL, 256,
3236 SOCK_STREAM, 5700, errp);
3239 if (vs->lwebsock < 0) {
3240 if (vs->lsock) {
3241 close(vs->lsock);
3242 vs->lsock = -1;
3244 g_free(dpy);
3245 goto fail;
3248 #endif /* CONFIG_VNC_WS */
3250 g_free(vs->display);
3251 vs->display = dpy;
3252 qemu_set_fd_handler2(vs->lsock, NULL,
3253 vnc_listen_regular_read, NULL, vs);
3254 #ifdef CONFIG_VNC_WS
3255 if (vs->websocket) {
3256 qemu_set_fd_handler2(vs->lwebsock, NULL,
3257 vnc_listen_websocket_read, NULL, vs);
3259 #endif /* CONFIG_VNC_WS */
3261 return;
3263 fail:
3264 g_free(vs->display);
3265 vs->display = NULL;
3266 #ifdef CONFIG_VNC_WS
3267 g_free(vs->ws_display);
3268 vs->ws_display = NULL;
3269 #endif /* CONFIG_VNC_WS */
3272 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3274 VncDisplay *vs = vnc_display;
3276 vnc_connect(vs, csock, skipauth, 0);