2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qemu/option.h"
37 #include "qemu/sockets.h"
38 #include "qemu/timer.h"
39 #include "authz/list.h"
40 #include "qemu/config-file.h"
41 #include "qapi/qapi-emit-events.h"
42 #include "qapi/qapi-events-ui.h"
43 #include "qapi/error.h"
44 #include "qapi/qapi-commands-ui.h"
46 #include "crypto/hash.h"
47 #include "crypto/tlscredsanon.h"
48 #include "crypto/tlscredsx509.h"
49 #include "crypto/random.h"
50 #include "qom/object_interfaces.h"
51 #include "qemu/cutils.h"
52 #include "io/dns-resolver.h"
54 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
55 #define VNC_REFRESH_INTERVAL_INC 50
56 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
57 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
58 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
60 #include "vnc_keysym.h"
61 #include "crypto/cipher.h"
63 static QTAILQ_HEAD(, VncDisplay
) vnc_displays
=
64 QTAILQ_HEAD_INITIALIZER(vnc_displays
);
66 static int vnc_cursor_define(VncState
*vs
);
67 static void vnc_update_throttle_offset(VncState
*vs
);
69 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
72 static const char *mn
[] = {
74 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
75 [VNC_SHARE_MODE_SHARED
] = "shared",
76 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
77 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
79 fprintf(stderr
, "%s/%p: %s -> %s\n", __func__
,
80 vs
->ioc
, mn
[vs
->share_mode
], mn
[mode
]);
83 switch (vs
->share_mode
) {
84 case VNC_SHARE_MODE_CONNECTING
:
85 vs
->vd
->num_connecting
--;
87 case VNC_SHARE_MODE_SHARED
:
90 case VNC_SHARE_MODE_EXCLUSIVE
:
91 vs
->vd
->num_exclusive
--;
97 vs
->share_mode
= mode
;
99 switch (vs
->share_mode
) {
100 case VNC_SHARE_MODE_CONNECTING
:
101 vs
->vd
->num_connecting
++;
103 case VNC_SHARE_MODE_SHARED
:
104 vs
->vd
->num_shared
++;
106 case VNC_SHARE_MODE_EXCLUSIVE
:
107 vs
->vd
->num_exclusive
++;
115 static void vnc_init_basic_info(SocketAddress
*addr
,
119 switch (addr
->type
) {
120 case SOCKET_ADDRESS_TYPE_INET
:
121 info
->host
= g_strdup(addr
->u
.inet
.host
);
122 info
->service
= g_strdup(addr
->u
.inet
.port
);
123 if (addr
->u
.inet
.ipv6
) {
124 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
126 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
130 case SOCKET_ADDRESS_TYPE_UNIX
:
131 info
->host
= g_strdup("");
132 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
133 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
136 case SOCKET_ADDRESS_TYPE_VSOCK
:
137 case SOCKET_ADDRESS_TYPE_FD
:
138 error_setg(errp
, "Unsupported socket address type %s",
139 SocketAddressType_str(addr
->type
));
148 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket
*ioc
,
152 SocketAddress
*addr
= NULL
;
155 error_setg(errp
, "No listener socket available");
159 addr
= qio_channel_socket_get_local_address(ioc
, errp
);
164 vnc_init_basic_info(addr
, info
, errp
);
165 qapi_free_SocketAddress(addr
);
168 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket
*ioc
,
172 SocketAddress
*addr
= NULL
;
174 addr
= qio_channel_socket_get_remote_address(ioc
, errp
);
179 vnc_init_basic_info(addr
, info
, errp
);
180 qapi_free_SocketAddress(addr
);
183 static const char *vnc_auth_name(VncDisplay
*vd
) {
185 case VNC_AUTH_INVALID
:
201 case VNC_AUTH_VENCRYPT
:
202 switch (vd
->subauth
) {
203 case VNC_AUTH_VENCRYPT_PLAIN
:
204 return "vencrypt+plain";
205 case VNC_AUTH_VENCRYPT_TLSNONE
:
206 return "vencrypt+tls+none";
207 case VNC_AUTH_VENCRYPT_TLSVNC
:
208 return "vencrypt+tls+vnc";
209 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
210 return "vencrypt+tls+plain";
211 case VNC_AUTH_VENCRYPT_X509NONE
:
212 return "vencrypt+x509+none";
213 case VNC_AUTH_VENCRYPT_X509VNC
:
214 return "vencrypt+x509+vnc";
215 case VNC_AUTH_VENCRYPT_X509PLAIN
:
216 return "vencrypt+x509+plain";
217 case VNC_AUTH_VENCRYPT_TLSSASL
:
218 return "vencrypt+tls+sasl";
219 case VNC_AUTH_VENCRYPT_X509SASL
:
220 return "vencrypt+x509+sasl";
230 static VncServerInfo
*vnc_server_info_get(VncDisplay
*vd
)
235 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
239 info
= g_malloc0(sizeof(*info
));
240 vnc_init_basic_info_from_server_addr(vd
->listener
->sioc
[0],
241 qapi_VncServerInfo_base(info
), &err
);
242 info
->has_auth
= true;
243 info
->auth
= g_strdup(vnc_auth_name(vd
));
245 qapi_free_VncServerInfo(info
);
252 static void vnc_client_cache_auth(VncState
*client
)
259 client
->info
->x509_dname
=
260 qcrypto_tls_session_get_peer_name(client
->tls
);
261 client
->info
->has_x509_dname
=
262 client
->info
->x509_dname
!= NULL
;
264 #ifdef CONFIG_VNC_SASL
265 if (client
->sasl
.conn
&&
266 client
->sasl
.username
) {
267 client
->info
->has_sasl_username
= true;
268 client
->info
->sasl_username
= g_strdup(client
->sasl
.username
);
273 static void vnc_client_cache_addr(VncState
*client
)
277 client
->info
= g_malloc0(sizeof(*client
->info
));
278 vnc_init_basic_info_from_remote_addr(client
->sioc
,
279 qapi_VncClientInfo_base(client
->info
),
281 client
->info
->websocket
= client
->websocket
;
283 qapi_free_VncClientInfo(client
->info
);
289 static void vnc_qmp_event(VncState
*vs
, QAPIEvent event
)
297 si
= vnc_server_info_get(vs
->vd
);
303 case QAPI_EVENT_VNC_CONNECTED
:
304 qapi_event_send_vnc_connected(si
, qapi_VncClientInfo_base(vs
->info
));
306 case QAPI_EVENT_VNC_INITIALIZED
:
307 qapi_event_send_vnc_initialized(si
, vs
->info
);
309 case QAPI_EVENT_VNC_DISCONNECTED
:
310 qapi_event_send_vnc_disconnected(si
, vs
->info
);
316 qapi_free_VncServerInfo(si
);
319 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
324 info
= g_malloc0(sizeof(*info
));
326 vnc_init_basic_info_from_remote_addr(client
->sioc
,
327 qapi_VncClientInfo_base(info
),
331 qapi_free_VncClientInfo(info
);
335 info
->websocket
= client
->websocket
;
338 info
->x509_dname
= qcrypto_tls_session_get_peer_name(client
->tls
);
339 info
->has_x509_dname
= info
->x509_dname
!= NULL
;
341 #ifdef CONFIG_VNC_SASL
342 if (client
->sasl
.conn
&& client
->sasl
.username
) {
343 info
->has_sasl_username
= true;
344 info
->sasl_username
= g_strdup(client
->sasl
.username
);
351 static VncDisplay
*vnc_display_find(const char *id
)
356 return QTAILQ_FIRST(&vnc_displays
);
358 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
359 if (strcmp(id
, vd
->id
) == 0) {
366 static VncClientInfoList
*qmp_query_client_list(VncDisplay
*vd
)
368 VncClientInfoList
*cinfo
, *prev
= NULL
;
371 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
372 cinfo
= g_new0(VncClientInfoList
, 1);
373 cinfo
->value
= qmp_query_vnc_client(client
);
380 VncInfo
*qmp_query_vnc(Error
**errp
)
382 VncInfo
*info
= g_malloc0(sizeof(*info
));
383 VncDisplay
*vd
= vnc_display_find(NULL
);
384 SocketAddress
*addr
= NULL
;
386 if (vd
== NULL
|| !vd
->listener
|| !vd
->listener
->nsioc
) {
387 info
->enabled
= false;
389 info
->enabled
= true;
391 /* for compatibility with the original command */
392 info
->has_clients
= true;
393 info
->clients
= qmp_query_client_list(vd
);
395 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0],
401 switch (addr
->type
) {
402 case SOCKET_ADDRESS_TYPE_INET
:
403 info
->host
= g_strdup(addr
->u
.inet
.host
);
404 info
->service
= g_strdup(addr
->u
.inet
.port
);
405 if (addr
->u
.inet
.ipv6
) {
406 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
408 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
412 case SOCKET_ADDRESS_TYPE_UNIX
:
413 info
->host
= g_strdup("");
414 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
415 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
418 case SOCKET_ADDRESS_TYPE_VSOCK
:
419 case SOCKET_ADDRESS_TYPE_FD
:
420 error_setg(errp
, "Unsupported socket address type %s",
421 SocketAddressType_str(addr
->type
));
427 info
->has_host
= true;
428 info
->has_service
= true;
429 info
->has_family
= true;
431 info
->has_auth
= true;
432 info
->auth
= g_strdup(vnc_auth_name(vd
));
435 qapi_free_SocketAddress(addr
);
439 qapi_free_SocketAddress(addr
);
440 qapi_free_VncInfo(info
);
445 static void qmp_query_auth(int auth
, int subauth
,
446 VncPrimaryAuth
*qmp_auth
,
447 VncVencryptSubAuth
*qmp_vencrypt
,
448 bool *qmp_has_vencrypt
);
450 static VncServerInfo2List
*qmp_query_server_entry(QIOChannelSocket
*ioc
,
454 VncServerInfo2List
*prev
)
456 VncServerInfo2List
*list
;
457 VncServerInfo2
*info
;
461 addr
= qio_channel_socket_get_local_address(ioc
, NULL
);
466 info
= g_new0(VncServerInfo2
, 1);
467 vnc_init_basic_info(addr
, qapi_VncServerInfo2_base(info
), &err
);
468 qapi_free_SocketAddress(addr
);
470 qapi_free_VncServerInfo2(info
);
474 info
->websocket
= websocket
;
476 qmp_query_auth(auth
, subauth
, &info
->auth
,
477 &info
->vencrypt
, &info
->has_vencrypt
);
479 list
= g_new0(VncServerInfo2List
, 1);
485 static void qmp_query_auth(int auth
, int subauth
,
486 VncPrimaryAuth
*qmp_auth
,
487 VncVencryptSubAuth
*qmp_vencrypt
,
488 bool *qmp_has_vencrypt
)
492 *qmp_auth
= VNC_PRIMARY_AUTH_VNC
;
495 *qmp_auth
= VNC_PRIMARY_AUTH_RA2
;
498 *qmp_auth
= VNC_PRIMARY_AUTH_RA2NE
;
501 *qmp_auth
= VNC_PRIMARY_AUTH_TIGHT
;
504 *qmp_auth
= VNC_PRIMARY_AUTH_ULTRA
;
507 *qmp_auth
= VNC_PRIMARY_AUTH_TLS
;
509 case VNC_AUTH_VENCRYPT
:
510 *qmp_auth
= VNC_PRIMARY_AUTH_VENCRYPT
;
511 *qmp_has_vencrypt
= true;
513 case VNC_AUTH_VENCRYPT_PLAIN
:
514 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_PLAIN
;
516 case VNC_AUTH_VENCRYPT_TLSNONE
:
517 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_NONE
;
519 case VNC_AUTH_VENCRYPT_TLSVNC
:
520 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_VNC
;
522 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
523 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN
;
525 case VNC_AUTH_VENCRYPT_X509NONE
:
526 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_NONE
;
528 case VNC_AUTH_VENCRYPT_X509VNC
:
529 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_VNC
;
531 case VNC_AUTH_VENCRYPT_X509PLAIN
:
532 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_PLAIN
;
534 case VNC_AUTH_VENCRYPT_TLSSASL
:
535 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_SASL
;
537 case VNC_AUTH_VENCRYPT_X509SASL
:
538 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_SASL
;
541 *qmp_has_vencrypt
= false;
546 *qmp_auth
= VNC_PRIMARY_AUTH_SASL
;
550 *qmp_auth
= VNC_PRIMARY_AUTH_NONE
;
555 VncInfo2List
*qmp_query_vnc_servers(Error
**errp
)
557 VncInfo2List
*item
, *prev
= NULL
;
563 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
564 info
= g_new0(VncInfo2
, 1);
565 info
->id
= g_strdup(vd
->id
);
566 info
->clients
= qmp_query_client_list(vd
);
567 qmp_query_auth(vd
->auth
, vd
->subauth
, &info
->auth
,
568 &info
->vencrypt
, &info
->has_vencrypt
);
570 dev
= DEVICE(object_property_get_link(OBJECT(vd
->dcl
.con
),
572 info
->has_display
= true;
573 info
->display
= g_strdup(dev
->id
);
575 for (i
= 0; vd
->listener
!= NULL
&& i
< vd
->listener
->nsioc
; i
++) {
576 info
->server
= qmp_query_server_entry(
577 vd
->listener
->sioc
[i
], false, vd
->auth
, vd
->subauth
,
580 for (i
= 0; vd
->wslistener
!= NULL
&& i
< vd
->wslistener
->nsioc
; i
++) {
581 info
->server
= qmp_query_server_entry(
582 vd
->wslistener
->sioc
[i
], true, vd
->ws_auth
,
583 vd
->ws_subauth
, info
->server
);
586 item
= g_new0(VncInfo2List
, 1);
595 1) Get the queue working for IO.
596 2) there is some weirdness when using the -S option (the screen is grey
597 and not totally invalidated
598 3) resolutions > 1024
601 static int vnc_update_client(VncState
*vs
, int has_dirty
);
602 static void vnc_disconnect_start(VncState
*vs
);
604 static void vnc_colordepth(VncState
*vs
);
605 static void framebuffer_update_request(VncState
*vs
, int incremental
,
606 int x_position
, int y_position
,
608 static void vnc_refresh(DisplayChangeListener
*dcl
);
609 static int vnc_refresh_server_surface(VncDisplay
*vd
);
611 static int vnc_width(VncDisplay
*vd
)
613 return MIN(VNC_MAX_WIDTH
, ROUND_UP(surface_width(vd
->ds
),
614 VNC_DIRTY_PIXELS_PER_BIT
));
617 static int vnc_height(VncDisplay
*vd
)
619 return MIN(VNC_MAX_HEIGHT
, surface_height(vd
->ds
));
622 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty
[VNC_MAX_HEIGHT
],
623 VNC_MAX_WIDTH
/ VNC_DIRTY_PIXELS_PER_BIT
),
625 int x
, int y
, int w
, int h
)
627 int width
= vnc_width(vd
);
628 int height
= vnc_height(vd
);
630 /* this is needed this to ensure we updated all affected
631 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
632 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
633 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
637 w
= MIN(x
+ w
, width
) - x
;
638 h
= MIN(y
+ h
, height
);
641 bitmap_set(dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
642 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
646 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
647 int x
, int y
, int w
, int h
)
649 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
650 struct VncSurface
*s
= &vd
->guest
;
652 vnc_set_area_dirty(s
->dirty
, vd
, x
, y
, w
, h
);
655 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
658 vnc_write_u16(vs
, x
);
659 vnc_write_u16(vs
, y
);
660 vnc_write_u16(vs
, w
);
661 vnc_write_u16(vs
, h
);
663 vnc_write_s32(vs
, encoding
);
667 static void vnc_desktop_resize(VncState
*vs
)
669 if (vs
->ioc
== NULL
|| !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
672 if (vs
->client_width
== pixman_image_get_width(vs
->vd
->server
) &&
673 vs
->client_height
== pixman_image_get_height(vs
->vd
->server
)) {
677 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
678 pixman_image_get_width(vs
->vd
->server
) >= 0);
679 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
680 pixman_image_get_height(vs
->vd
->server
) >= 0);
681 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
682 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
684 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
686 vnc_write_u16(vs
, 1); /* number of rects */
687 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
688 VNC_ENCODING_DESKTOPRESIZE
);
689 vnc_unlock_output(vs
);
693 static void vnc_abort_display_jobs(VncDisplay
*vd
)
697 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
700 vnc_unlock_output(vs
);
702 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
705 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
707 if (vs
->update
== VNC_STATE_UPDATE_NONE
&&
708 vs
->job_update
!= VNC_STATE_UPDATE_NONE
) {
709 /* job aborted before completion */
710 vs
->update
= vs
->job_update
;
711 vs
->job_update
= VNC_STATE_UPDATE_NONE
;
714 vnc_unlock_output(vs
);
718 int vnc_server_fb_stride(VncDisplay
*vd
)
720 return pixman_image_get_stride(vd
->server
);
723 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
727 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
728 ptr
+= y
* vnc_server_fb_stride(vd
);
729 ptr
+= x
* VNC_SERVER_FB_BYTES
;
733 static void vnc_update_server_surface(VncDisplay
*vd
)
737 qemu_pixman_image_unref(vd
->server
);
740 if (QTAILQ_EMPTY(&vd
->clients
)) {
744 width
= vnc_width(vd
);
745 height
= vnc_height(vd
);
746 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
750 memset(vd
->guest
.dirty
, 0x00, sizeof(vd
->guest
.dirty
));
751 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
755 static bool vnc_check_pageflip(DisplaySurface
*s1
,
758 return (s1
!= NULL
&&
760 surface_width(s1
) == surface_width(s2
) &&
761 surface_height(s1
) == surface_height(s2
) &&
762 surface_format(s1
) == surface_format(s2
));
766 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
767 DisplaySurface
*surface
)
769 static const char placeholder_msg
[] =
770 "Display output is not active.";
771 static DisplaySurface
*placeholder
;
772 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
773 bool pageflip
= vnc_check_pageflip(vd
->ds
, surface
);
776 if (surface
== NULL
) {
777 if (placeholder
== NULL
) {
778 placeholder
= qemu_create_message_surface(640, 480, placeholder_msg
);
780 surface
= placeholder
;
783 vnc_abort_display_jobs(vd
);
787 qemu_pixman_image_unref(vd
->guest
.fb
);
788 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
789 vd
->guest
.format
= surface
->format
;
792 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
793 surface_width(surface
),
794 surface_height(surface
));
799 vnc_update_server_surface(vd
);
801 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
803 vnc_desktop_resize(vs
);
804 if (vs
->vd
->cursor
) {
805 vnc_cursor_define(vs
);
807 memset(vs
->dirty
, 0x00, sizeof(vs
->dirty
));
808 vnc_set_area_dirty(vs
->dirty
, vd
, 0, 0,
811 vnc_update_throttle_offset(vs
);
816 static void vnc_write_pixels_copy(VncState
*vs
,
817 void *pixels
, int size
)
819 vnc_write(vs
, pixels
, size
);
822 /* slowest but generic code. */
823 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
827 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
828 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
829 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
830 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
832 # error need some bits here if you change VNC_SERVER_FB_FORMAT
834 v
= (r
<< vs
->client_pf
.rshift
) |
835 (g
<< vs
->client_pf
.gshift
) |
836 (b
<< vs
->client_pf
.bshift
);
837 switch (vs
->client_pf
.bytes_per_pixel
) {
867 static void vnc_write_pixels_generic(VncState
*vs
,
868 void *pixels1
, int size
)
872 if (VNC_SERVER_FB_BYTES
== 4) {
873 uint32_t *pixels
= pixels1
;
876 for (i
= 0; i
< n
; i
++) {
877 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
878 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
883 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
887 VncDisplay
*vd
= vs
->vd
;
889 row
= vnc_server_fb_ptr(vd
, x
, y
);
890 for (i
= 0; i
< h
; i
++) {
891 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
892 row
+= vnc_server_fb_stride(vd
);
897 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
901 switch(vs
->vnc_encoding
) {
902 case VNC_ENCODING_ZLIB
:
903 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
905 case VNC_ENCODING_HEXTILE
:
906 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
907 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
909 case VNC_ENCODING_TIGHT
:
910 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
912 case VNC_ENCODING_TIGHT_PNG
:
913 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
915 case VNC_ENCODING_ZRLE
:
916 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
918 case VNC_ENCODING_ZYWRLE
:
919 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
922 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
923 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
929 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
930 int x
, int y
, int visible
)
932 /* can we ask the client(s) to move the pointer ??? */
935 static int vnc_cursor_define(VncState
*vs
)
937 QEMUCursor
*c
= vs
->vd
->cursor
;
940 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
942 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
943 vnc_write_u8(vs
, 0); /* padding */
944 vnc_write_u16(vs
, 1); /* # of rects */
945 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
946 VNC_ENCODING_RICH_CURSOR
);
947 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
948 vnc_write_pixels_generic(vs
, c
->data
, isize
);
949 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
950 vnc_unlock_output(vs
);
956 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
959 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
962 cursor_put(vd
->cursor
);
963 g_free(vd
->cursor_mask
);
966 cursor_get(vd
->cursor
);
967 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
968 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
969 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
971 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
972 vnc_cursor_define(vs
);
976 static int find_and_clear_dirty_height(VncState
*vs
,
977 int y
, int last_x
, int x
, int height
)
981 for (h
= 1; h
< (height
- y
); h
++) {
982 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
985 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
992 * Figure out how much pending data we should allow in the output
993 * buffer before we throttle incremental display updates, and/or
994 * drop audio samples.
996 * We allow for equiv of 1 full display's worth of FB updates,
997 * and 1 second of audio samples. If audio backlog was larger
998 * than that the client would already suffering awful audio
999 * glitches, so dropping samples is no worse really).
1001 static void vnc_update_throttle_offset(VncState
*vs
)
1004 vs
->client_width
* vs
->client_height
* vs
->client_pf
.bytes_per_pixel
;
1006 if (vs
->audio_cap
) {
1008 switch (vs
->as
.fmt
) {
1010 case AUDIO_FORMAT_U8
:
1011 case AUDIO_FORMAT_S8
:
1014 case AUDIO_FORMAT_U16
:
1015 case AUDIO_FORMAT_S16
:
1018 case AUDIO_FORMAT_U32
:
1019 case AUDIO_FORMAT_S32
:
1023 offset
+= vs
->as
.freq
* bps
* vs
->as
.nchannels
;
1026 /* Put a floor of 1MB on offset, so that if we have a large pending
1027 * buffer and the display is resized to a small size & back again
1028 * we don't suddenly apply a tiny send limit
1030 offset
= MAX(offset
, 1024 * 1024);
1032 if (vs
->throttle_output_offset
!= offset
) {
1033 trace_vnc_client_throttle_threshold(
1034 vs
, vs
->ioc
, vs
->throttle_output_offset
, offset
, vs
->client_width
,
1035 vs
->client_height
, vs
->client_pf
.bytes_per_pixel
, vs
->audio_cap
);
1038 vs
->throttle_output_offset
= offset
;
1041 static bool vnc_should_update(VncState
*vs
)
1043 switch (vs
->update
) {
1044 case VNC_STATE_UPDATE_NONE
:
1046 case VNC_STATE_UPDATE_INCREMENTAL
:
1047 /* Only allow incremental updates if the pending send queue
1048 * is less than the permitted threshold, and the job worker
1049 * is completely idle.
1051 if (vs
->output
.offset
< vs
->throttle_output_offset
&&
1052 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1055 trace_vnc_client_throttle_incremental(
1056 vs
, vs
->ioc
, vs
->job_update
, vs
->output
.offset
);
1058 case VNC_STATE_UPDATE_FORCE
:
1059 /* Only allow forced updates if the pending send queue
1060 * does not contain a previous forced update, and the
1061 * job worker is completely idle.
1063 * Note this means we'll queue a forced update, even if
1064 * the output buffer size is otherwise over the throttle
1067 if (vs
->force_update_offset
== 0 &&
1068 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1071 trace_vnc_client_throttle_forced(
1072 vs
, vs
->ioc
, vs
->job_update
, vs
->force_update_offset
);
1078 static int vnc_update_client(VncState
*vs
, int has_dirty
)
1080 VncDisplay
*vd
= vs
->vd
;
1086 if (vs
->disconnecting
) {
1087 vnc_disconnect_finish(vs
);
1091 vs
->has_dirty
+= has_dirty
;
1092 if (!vnc_should_update(vs
)) {
1096 if (!vs
->has_dirty
&& vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
1101 * Send screen updates to the vnc client using the server
1102 * surface and server dirty map. guest surface updates
1103 * happening in parallel don't disturb us, the next pass will
1104 * send them to the client.
1106 job
= vnc_job_new(vs
);
1108 height
= pixman_image_get_height(vd
->server
);
1109 width
= pixman_image_get_width(vd
->server
);
1115 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
1116 height
* VNC_DIRTY_BPL(vs
),
1117 y
* VNC_DIRTY_BPL(vs
));
1118 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
1119 /* no more dirty bits */
1122 y
= offset
/ VNC_DIRTY_BPL(vs
);
1123 x
= offset
% VNC_DIRTY_BPL(vs
);
1124 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
1125 VNC_DIRTY_BPL(vs
), x
);
1126 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
1127 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
1128 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
1130 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
1131 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
1133 if (!x
&& x2
== width
/ VNC_DIRTY_PIXELS_PER_BIT
) {
1141 vs
->job_update
= vs
->update
;
1142 vs
->update
= VNC_STATE_UPDATE_NONE
;
1149 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1151 VncState
*vs
= opaque
;
1153 assert(vs
->magic
== VNC_MAGIC
);
1155 case AUD_CNOTIFY_DISABLE
:
1156 vnc_lock_output(vs
);
1157 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1158 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1159 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
1160 vnc_unlock_output(vs
);
1164 case AUD_CNOTIFY_ENABLE
:
1165 vnc_lock_output(vs
);
1166 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1167 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1168 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
1169 vnc_unlock_output(vs
);
1175 static void audio_capture_destroy(void *opaque
)
1179 static void audio_capture(void *opaque
, const void *buf
, int size
)
1181 VncState
*vs
= opaque
;
1183 assert(vs
->magic
== VNC_MAGIC
);
1184 vnc_lock_output(vs
);
1185 if (vs
->output
.offset
< vs
->throttle_output_offset
) {
1186 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1187 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1188 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
1189 vnc_write_u32(vs
, size
);
1190 vnc_write(vs
, buf
, size
);
1192 trace_vnc_client_throttle_audio(vs
, vs
->ioc
, vs
->output
.offset
);
1194 vnc_unlock_output(vs
);
1198 static void audio_add(VncState
*vs
)
1200 struct audio_capture_ops ops
;
1202 if (vs
->audio_cap
) {
1203 error_report("audio already running");
1207 ops
.notify
= audio_capture_notify
;
1208 ops
.destroy
= audio_capture_destroy
;
1209 ops
.capture
= audio_capture
;
1211 vs
->audio_cap
= AUD_add_capture(vs
->vd
->audio_state
, &vs
->as
, &ops
, vs
);
1212 if (!vs
->audio_cap
) {
1213 error_report("Failed to add audio capture");
1217 static void audio_del(VncState
*vs
)
1219 if (vs
->audio_cap
) {
1220 AUD_del_capture(vs
->audio_cap
, vs
);
1221 vs
->audio_cap
= NULL
;
1225 static void vnc_disconnect_start(VncState
*vs
)
1227 if (vs
->disconnecting
) {
1230 trace_vnc_client_disconnect_start(vs
, vs
->ioc
);
1231 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1233 g_source_remove(vs
->ioc_tag
);
1236 qio_channel_close(vs
->ioc
, NULL
);
1237 vs
->disconnecting
= TRUE
;
1240 void vnc_disconnect_finish(VncState
*vs
)
1244 trace_vnc_client_disconnect_finish(vs
, vs
->ioc
);
1246 vnc_jobs_join(vs
); /* Wait encoding jobs */
1248 vnc_lock_output(vs
);
1249 vnc_qmp_event(vs
, QAPI_EVENT_VNC_DISCONNECTED
);
1251 buffer_free(&vs
->input
);
1252 buffer_free(&vs
->output
);
1254 qapi_free_VncClientInfo(vs
->info
);
1257 vnc_tight_clear(vs
);
1260 #ifdef CONFIG_VNC_SASL
1261 vnc_sasl_client_cleanup(vs
);
1262 #endif /* CONFIG_VNC_SASL */
1264 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1266 if (vs
->mouse_mode_notifier
.notify
!= NULL
) {
1267 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1269 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1270 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1271 /* last client gone */
1272 vnc_update_server_surface(vs
->vd
);
1275 vnc_unlock_output(vs
);
1277 qemu_mutex_destroy(&vs
->output_mutex
);
1278 if (vs
->bh
!= NULL
) {
1279 qemu_bh_delete(vs
->bh
);
1281 buffer_free(&vs
->jobs_buffer
);
1283 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1284 g_free(vs
->lossy_rect
[i
]);
1286 g_free(vs
->lossy_rect
);
1288 object_unref(OBJECT(vs
->ioc
));
1290 object_unref(OBJECT(vs
->sioc
));
1298 size_t vnc_client_io_error(VncState
*vs
, ssize_t ret
, Error
*err
)
1302 trace_vnc_client_eof(vs
, vs
->ioc
);
1303 vnc_disconnect_start(vs
);
1304 } else if (ret
!= QIO_CHANNEL_ERR_BLOCK
) {
1305 trace_vnc_client_io_error(vs
, vs
->ioc
,
1306 err
? error_get_pretty(err
) : "Unknown");
1307 vnc_disconnect_start(vs
);
1317 void vnc_client_error(VncState
*vs
)
1319 VNC_DEBUG("Closing down client sock: protocol error\n");
1320 vnc_disconnect_start(vs
);
1325 * Called to write a chunk of data to the client socket. The data may
1326 * be the raw data, or may have already been encoded by SASL.
1327 * The data will be written either straight onto the socket, or
1328 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1330 * NB, it is theoretically possible to have 2 layers of encryption,
1331 * both SASL, and this TLS layer. It is highly unlikely in practice
1332 * though, since SASL encryption will typically be a no-op if TLS
1335 * Returns the number of bytes written, which may be less than
1336 * the requested 'datalen' if the socket would block. Returns
1337 * 0 on I/O error, and disconnects the client socket.
1339 size_t vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1343 ret
= qio_channel_write(vs
->ioc
, (const char *)data
, datalen
, &err
);
1344 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1345 return vnc_client_io_error(vs
, ret
, err
);
1350 * Called to write buffered data to the client socket, when not
1351 * using any SASL SSF encryption layers. Will write as much data
1352 * as possible without blocking. If all buffered data is written,
1353 * will switch the FD poll() handler back to read monitoring.
1355 * Returns the number of bytes written, which may be less than
1356 * the buffered output data if the socket would block. Returns
1357 * 0 on I/O error, and disconnects the client socket.
1359 static size_t vnc_client_write_plain(VncState
*vs
)
1364 #ifdef CONFIG_VNC_SASL
1365 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1366 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1367 vs
->sasl
.waitWriteSSF
);
1369 if (vs
->sasl
.conn
&&
1371 vs
->sasl
.waitWriteSSF
) {
1372 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1374 vs
->sasl
.waitWriteSSF
-= ret
;
1376 #endif /* CONFIG_VNC_SASL */
1377 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1381 if (ret
>= vs
->force_update_offset
) {
1382 if (vs
->force_update_offset
!= 0) {
1383 trace_vnc_client_unthrottle_forced(vs
, vs
->ioc
);
1385 vs
->force_update_offset
= 0;
1387 vs
->force_update_offset
-= ret
;
1389 offset
= vs
->output
.offset
;
1390 buffer_advance(&vs
->output
, ret
);
1391 if (offset
>= vs
->throttle_output_offset
&&
1392 vs
->output
.offset
< vs
->throttle_output_offset
) {
1393 trace_vnc_client_unthrottle_incremental(vs
, vs
->ioc
, vs
->output
.offset
);
1396 if (vs
->output
.offset
== 0) {
1398 g_source_remove(vs
->ioc_tag
);
1400 vs
->ioc_tag
= qio_channel_add_watch(
1401 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1409 * First function called whenever there is data to be written to
1410 * the client socket. Will delegate actual work according to whether
1411 * SASL SSF layers are enabled (thus requiring encryption calls)
1413 static void vnc_client_write_locked(VncState
*vs
)
1415 #ifdef CONFIG_VNC_SASL
1416 if (vs
->sasl
.conn
&&
1418 !vs
->sasl
.waitWriteSSF
) {
1419 vnc_client_write_sasl(vs
);
1421 #endif /* CONFIG_VNC_SASL */
1423 vnc_client_write_plain(vs
);
1427 static void vnc_client_write(VncState
*vs
)
1429 assert(vs
->magic
== VNC_MAGIC
);
1430 vnc_lock_output(vs
);
1431 if (vs
->output
.offset
) {
1432 vnc_client_write_locked(vs
);
1433 } else if (vs
->ioc
!= NULL
) {
1435 g_source_remove(vs
->ioc_tag
);
1437 vs
->ioc_tag
= qio_channel_add_watch(
1438 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1440 vnc_unlock_output(vs
);
1443 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1445 vs
->read_handler
= func
;
1446 vs
->read_handler_expect
= expecting
;
1451 * Called to read a chunk of data from the client socket. The data may
1452 * be the raw data, or may need to be further decoded by SASL.
1453 * The data will be read either straight from to the socket, or
1454 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1456 * NB, it is theoretically possible to have 2 layers of encryption,
1457 * both SASL, and this TLS layer. It is highly unlikely in practice
1458 * though, since SASL encryption will typically be a no-op if TLS
1461 * Returns the number of bytes read, which may be less than
1462 * the requested 'datalen' if the socket would block. Returns
1463 * 0 on I/O error or EOF, and disconnects the client socket.
1465 size_t vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1469 ret
= qio_channel_read(vs
->ioc
, (char *)data
, datalen
, &err
);
1470 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1471 return vnc_client_io_error(vs
, ret
, err
);
1476 * Called to read data from the client socket to the input buffer,
1477 * when not using any SASL SSF encryption layers. Will read as much
1478 * data as possible without blocking.
1480 * Returns the number of bytes read, which may be less than
1481 * the requested 'datalen' if the socket would block. Returns
1482 * 0 on I/O error or EOF, and disconnects the client socket.
1484 static size_t vnc_client_read_plain(VncState
*vs
)
1487 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1488 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1489 buffer_reserve(&vs
->input
, 4096);
1490 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1493 vs
->input
.offset
+= ret
;
1497 static void vnc_jobs_bh(void *opaque
)
1499 VncState
*vs
= opaque
;
1501 assert(vs
->magic
== VNC_MAGIC
);
1502 vnc_jobs_consume_buffer(vs
);
1506 * First function called whenever there is more data to be read from
1507 * the client socket. Will delegate actual work according to whether
1508 * SASL SSF layers are enabled (thus requiring decryption calls)
1509 * Returns 0 on success, -1 if client disconnected
1511 static int vnc_client_read(VncState
*vs
)
1515 #ifdef CONFIG_VNC_SASL
1516 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1517 ret
= vnc_client_read_sasl(vs
);
1519 #endif /* CONFIG_VNC_SASL */
1520 ret
= vnc_client_read_plain(vs
);
1522 if (vs
->disconnecting
) {
1523 vnc_disconnect_finish(vs
);
1529 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1530 size_t len
= vs
->read_handler_expect
;
1533 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1534 if (vs
->disconnecting
) {
1535 vnc_disconnect_finish(vs
);
1540 buffer_advance(&vs
->input
, len
);
1542 vs
->read_handler_expect
= ret
;
1548 gboolean
vnc_client_io(QIOChannel
*ioc G_GNUC_UNUSED
,
1549 GIOCondition condition
, void *opaque
)
1551 VncState
*vs
= opaque
;
1553 assert(vs
->magic
== VNC_MAGIC
);
1554 if (condition
& G_IO_IN
) {
1555 if (vnc_client_read(vs
) < 0) {
1556 /* vs is free()ed here */
1560 if (condition
& G_IO_OUT
) {
1561 vnc_client_write(vs
);
1564 if (vs
->disconnecting
) {
1565 if (vs
->ioc_tag
!= 0) {
1566 g_source_remove(vs
->ioc_tag
);
1575 * Scale factor to apply to vs->throttle_output_offset when checking for
1576 * hard limit. Worst case normal usage could be x2, if we have a complete
1577 * incremental update and complete forced update in the output buffer.
1578 * So x3 should be good enough, but we pick x5 to be conservative and thus
1579 * (hopefully) never trigger incorrectly.
1581 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1583 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1585 assert(vs
->magic
== VNC_MAGIC
);
1586 if (vs
->disconnecting
) {
1589 /* Protection against malicious client/guest to prevent our output
1590 * buffer growing without bound if client stops reading data. This
1591 * should rarely trigger, because we have earlier throttling code
1592 * which stops issuing framebuffer updates and drops audio data
1593 * if the throttle_output_offset value is exceeded. So we only reach
1594 * this higher level if a huge number of pseudo-encodings get
1595 * triggered while data can't be sent on the socket.
1597 * NB throttle_output_offset can be zero during early protocol
1598 * handshake, or from the job thread's VncState clone
1600 if (vs
->throttle_output_offset
!= 0 &&
1601 (vs
->output
.offset
/ VNC_THROTTLE_OUTPUT_LIMIT_SCALE
) >
1602 vs
->throttle_output_offset
) {
1603 trace_vnc_client_output_limit(vs
, vs
->ioc
, vs
->output
.offset
,
1604 vs
->throttle_output_offset
);
1605 vnc_disconnect_start(vs
);
1608 buffer_reserve(&vs
->output
, len
);
1610 if (vs
->ioc
!= NULL
&& buffer_empty(&vs
->output
)) {
1612 g_source_remove(vs
->ioc_tag
);
1614 vs
->ioc_tag
= qio_channel_add_watch(
1615 vs
->ioc
, G_IO_IN
| G_IO_OUT
, vnc_client_io
, vs
, NULL
);
1618 buffer_append(&vs
->output
, data
, len
);
1621 void vnc_write_s32(VncState
*vs
, int32_t value
)
1623 vnc_write_u32(vs
, *(uint32_t *)&value
);
1626 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1630 buf
[0] = (value
>> 24) & 0xFF;
1631 buf
[1] = (value
>> 16) & 0xFF;
1632 buf
[2] = (value
>> 8) & 0xFF;
1633 buf
[3] = value
& 0xFF;
1635 vnc_write(vs
, buf
, 4);
1638 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1642 buf
[0] = (value
>> 8) & 0xFF;
1643 buf
[1] = value
& 0xFF;
1645 vnc_write(vs
, buf
, 2);
1648 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1650 vnc_write(vs
, (char *)&value
, 1);
1653 void vnc_flush(VncState
*vs
)
1655 vnc_lock_output(vs
);
1656 if (vs
->ioc
!= NULL
&& vs
->output
.offset
) {
1657 vnc_client_write_locked(vs
);
1659 if (vs
->disconnecting
) {
1660 if (vs
->ioc_tag
!= 0) {
1661 g_source_remove(vs
->ioc_tag
);
1665 vnc_unlock_output(vs
);
1668 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1670 return data
[offset
];
1673 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1675 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1678 static int32_t read_s32(uint8_t *data
, size_t offset
)
1680 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1681 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1684 uint32_t read_u32(uint8_t *data
, size_t offset
)
1686 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1687 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1690 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1694 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1696 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1697 int absolute
= qemu_input_is_absolute();
1699 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1700 vnc_lock_output(vs
);
1701 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1702 vnc_write_u8(vs
, 0);
1703 vnc_write_u16(vs
, 1);
1704 vnc_framebuffer_update(vs
, absolute
, 0,
1705 pixman_image_get_width(vs
->vd
->server
),
1706 pixman_image_get_height(vs
->vd
->server
),
1707 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1708 vnc_unlock_output(vs
);
1711 vs
->absolute
= absolute
;
1714 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1716 static uint32_t bmap
[INPUT_BUTTON__MAX
] = {
1717 [INPUT_BUTTON_LEFT
] = 0x01,
1718 [INPUT_BUTTON_MIDDLE
] = 0x02,
1719 [INPUT_BUTTON_RIGHT
] = 0x04,
1720 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1721 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1723 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1724 int width
= pixman_image_get_width(vs
->vd
->server
);
1725 int height
= pixman_image_get_height(vs
->vd
->server
);
1727 if (vs
->last_bmask
!= button_mask
) {
1728 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1729 vs
->last_bmask
= button_mask
;
1733 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, 0, width
);
1734 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, 0, height
);
1735 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1736 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1737 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1739 if (vs
->last_x
!= -1) {
1740 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1741 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1746 qemu_input_event_sync();
1749 static void press_key(VncState
*vs
, QKeyCode qcode
)
1751 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, true);
1752 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, false);
1755 static void vnc_led_state_change(VncState
*vs
)
1757 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1761 vnc_lock_output(vs
);
1762 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1763 vnc_write_u8(vs
, 0);
1764 vnc_write_u16(vs
, 1);
1765 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1766 vnc_write_u8(vs
, vs
->vd
->ledstate
);
1767 vnc_unlock_output(vs
);
1771 static void kbd_leds(void *opaque
, int ledstate
)
1773 VncDisplay
*vd
= opaque
;
1776 trace_vnc_key_guest_leds((ledstate
& QEMU_CAPS_LOCK_LED
),
1777 (ledstate
& QEMU_NUM_LOCK_LED
),
1778 (ledstate
& QEMU_SCROLL_LOCK_LED
));
1780 if (ledstate
== vd
->ledstate
) {
1784 vd
->ledstate
= ledstate
;
1786 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
1787 vnc_led_state_change(client
);
1791 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1793 QKeyCode qcode
= qemu_input_key_number_to_qcode(keycode
);
1795 /* QEMU console switch */
1797 case Q_KEY_CODE_1
... Q_KEY_CODE_9
: /* '1' to '9' keys */
1798 if (vs
->vd
->dcl
.con
== NULL
&& down
&&
1799 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
) &&
1800 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_ALT
)) {
1801 /* Reset the modifiers sent to the current console */
1802 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1803 console_select(qcode
- Q_KEY_CODE_1
);
1810 /* Turn off the lock state sync logic if the client support the led
1813 if (down
&& vs
->vd
->lock_key_sync
&&
1814 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1815 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1816 /* If the numlock state needs to change then simulate an additional
1817 keypress before sending this one. This will happen if the user
1818 toggles numlock away from the VNC window.
1820 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1821 if (!qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1822 trace_vnc_key_sync_numlock(true);
1823 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1826 if (qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1827 trace_vnc_key_sync_numlock(false);
1828 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1833 if (down
&& vs
->vd
->lock_key_sync
&&
1834 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1835 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1836 /* If the capslock state needs to change then simulate an additional
1837 keypress before sending this one. This will happen if the user
1838 toggles capslock away from the VNC window.
1840 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1841 bool shift
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_SHIFT
);
1842 bool capslock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CAPSLOCK
);
1844 if (uppercase
== shift
) {
1845 trace_vnc_key_sync_capslock(false);
1846 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1849 if (uppercase
!= shift
) {
1850 trace_vnc_key_sync_capslock(true);
1851 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1856 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, down
);
1857 if (!qemu_console_is_graphic(NULL
)) {
1858 bool numlock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
);
1859 bool control
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
);
1860 /* QEMU console emulation */
1863 case 0x2a: /* Left Shift */
1864 case 0x36: /* Right Shift */
1865 case 0x1d: /* Left CTRL */
1866 case 0x9d: /* Right CTRL */
1867 case 0x38: /* Left ALT */
1868 case 0xb8: /* Right ALT */
1871 kbd_put_keysym(QEMU_KEY_UP
);
1874 kbd_put_keysym(QEMU_KEY_DOWN
);
1877 kbd_put_keysym(QEMU_KEY_LEFT
);
1880 kbd_put_keysym(QEMU_KEY_RIGHT
);
1883 kbd_put_keysym(QEMU_KEY_DELETE
);
1886 kbd_put_keysym(QEMU_KEY_HOME
);
1889 kbd_put_keysym(QEMU_KEY_END
);
1892 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1895 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1899 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1902 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1905 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1908 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1911 kbd_put_keysym('5');
1914 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1917 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1920 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1923 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1926 kbd_put_keysym('0');
1929 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1933 kbd_put_keysym('/');
1936 kbd_put_keysym('*');
1939 kbd_put_keysym('-');
1942 kbd_put_keysym('+');
1945 kbd_put_keysym('\n');
1950 kbd_put_keysym(sym
& 0x1f);
1952 kbd_put_keysym(sym
);
1960 static const char *code2name(int keycode
)
1962 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode
));
1965 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1970 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1971 lsym
= lsym
- 'A' + 'a';
1974 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF,
1975 vs
->vd
->kbd
, down
) & SCANCODE_KEYMASK
;
1976 trace_vnc_key_event_map(down
, sym
, keycode
, code2name(keycode
));
1977 do_key_event(vs
, down
, keycode
, sym
);
1980 static void ext_key_event(VncState
*vs
, int down
,
1981 uint32_t sym
, uint16_t keycode
)
1983 /* if the user specifies a keyboard layout, always use it */
1984 if (keyboard_layout
) {
1985 key_event(vs
, down
, sym
);
1987 trace_vnc_key_event_ext(down
, sym
, keycode
, code2name(keycode
));
1988 do_key_event(vs
, down
, keycode
, sym
);
1992 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1993 int x
, int y
, int w
, int h
)
1996 if (vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
1997 vs
->update
= VNC_STATE_UPDATE_INCREMENTAL
;
2000 vs
->update
= VNC_STATE_UPDATE_FORCE
;
2001 vnc_set_area_dirty(vs
->dirty
, vs
->vd
, x
, y
, w
, h
);
2005 static void send_ext_key_event_ack(VncState
*vs
)
2007 vnc_lock_output(vs
);
2008 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2009 vnc_write_u8(vs
, 0);
2010 vnc_write_u16(vs
, 1);
2011 vnc_framebuffer_update(vs
, 0, 0,
2012 pixman_image_get_width(vs
->vd
->server
),
2013 pixman_image_get_height(vs
->vd
->server
),
2014 VNC_ENCODING_EXT_KEY_EVENT
);
2015 vnc_unlock_output(vs
);
2019 static void send_ext_audio_ack(VncState
*vs
)
2021 vnc_lock_output(vs
);
2022 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2023 vnc_write_u8(vs
, 0);
2024 vnc_write_u16(vs
, 1);
2025 vnc_framebuffer_update(vs
, 0, 0,
2026 pixman_image_get_width(vs
->vd
->server
),
2027 pixman_image_get_height(vs
->vd
->server
),
2028 VNC_ENCODING_AUDIO
);
2029 vnc_unlock_output(vs
);
2033 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
2036 unsigned int enc
= 0;
2039 vs
->vnc_encoding
= 0;
2040 vs
->tight
->compression
= 9;
2041 vs
->tight
->quality
= -1; /* Lossless by default */
2045 * Start from the end because the encodings are sent in order of preference.
2046 * This way the preferred encoding (first encoding defined in the array)
2047 * will be set at the end of the loop.
2049 for (i
= n_encodings
- 1; i
>= 0; i
--) {
2052 case VNC_ENCODING_RAW
:
2053 vs
->vnc_encoding
= enc
;
2055 case VNC_ENCODING_COPYRECT
:
2056 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
2058 case VNC_ENCODING_HEXTILE
:
2059 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
2060 vs
->vnc_encoding
= enc
;
2062 case VNC_ENCODING_TIGHT
:
2063 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
2064 vs
->vnc_encoding
= enc
;
2066 #ifdef CONFIG_VNC_PNG
2067 case VNC_ENCODING_TIGHT_PNG
:
2068 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
2069 vs
->vnc_encoding
= enc
;
2072 case VNC_ENCODING_ZLIB
:
2074 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2075 * So prioritize ZRLE, even if the client hints that it prefers
2078 if ((vs
->features
& VNC_FEATURE_ZRLE_MASK
) == 0) {
2079 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
2080 vs
->vnc_encoding
= enc
;
2083 case VNC_ENCODING_ZRLE
:
2084 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
2085 vs
->vnc_encoding
= enc
;
2087 case VNC_ENCODING_ZYWRLE
:
2088 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
2089 vs
->vnc_encoding
= enc
;
2091 case VNC_ENCODING_DESKTOPRESIZE
:
2092 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
2094 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
2095 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
2097 case VNC_ENCODING_RICH_CURSOR
:
2098 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
2099 if (vs
->vd
->cursor
) {
2100 vnc_cursor_define(vs
);
2103 case VNC_ENCODING_EXT_KEY_EVENT
:
2104 send_ext_key_event_ack(vs
);
2106 case VNC_ENCODING_AUDIO
:
2107 send_ext_audio_ack(vs
);
2109 case VNC_ENCODING_WMVi
:
2110 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
2112 case VNC_ENCODING_LED_STATE
:
2113 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
2115 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
2116 vs
->tight
->compression
= (enc
& 0x0F);
2118 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
2119 if (vs
->vd
->lossy
) {
2120 vs
->tight
->quality
= (enc
& 0x0F);
2124 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
2128 vnc_desktop_resize(vs
);
2129 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
2130 vnc_led_state_change(vs
);
2133 static void set_pixel_conversion(VncState
*vs
)
2135 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
2137 if (fmt
== VNC_SERVER_FB_FORMAT
) {
2138 vs
->write_pixels
= vnc_write_pixels_copy
;
2139 vnc_hextile_set_pixel_conversion(vs
, 0);
2141 vs
->write_pixels
= vnc_write_pixels_generic
;
2142 vnc_hextile_set_pixel_conversion(vs
, 1);
2146 static void send_color_map(VncState
*vs
)
2150 vnc_write_u8(vs
, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES
);
2151 vnc_write_u8(vs
, 0); /* padding */
2152 vnc_write_u16(vs
, 0); /* first color */
2153 vnc_write_u16(vs
, 256); /* # of colors */
2155 for (i
= 0; i
< 256; i
++) {
2156 PixelFormat
*pf
= &vs
->client_pf
;
2158 vnc_write_u16(vs
, (((i
>> pf
->rshift
) & pf
->rmax
) << (16 - pf
->rbits
)));
2159 vnc_write_u16(vs
, (((i
>> pf
->gshift
) & pf
->gmax
) << (16 - pf
->gbits
)));
2160 vnc_write_u16(vs
, (((i
>> pf
->bshift
) & pf
->bmax
) << (16 - pf
->bbits
)));
2164 static void set_pixel_format(VncState
*vs
, int bits_per_pixel
,
2165 int big_endian_flag
, int true_color_flag
,
2166 int red_max
, int green_max
, int blue_max
,
2167 int red_shift
, int green_shift
, int blue_shift
)
2169 if (!true_color_flag
) {
2170 /* Expose a reasonable default 256 color map */
2180 switch (bits_per_pixel
) {
2186 vnc_client_error(vs
);
2190 vs
->client_pf
.rmax
= red_max
? red_max
: 0xFF;
2191 vs
->client_pf
.rbits
= ctpopl(red_max
);
2192 vs
->client_pf
.rshift
= red_shift
;
2193 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2194 vs
->client_pf
.gmax
= green_max
? green_max
: 0xFF;
2195 vs
->client_pf
.gbits
= ctpopl(green_max
);
2196 vs
->client_pf
.gshift
= green_shift
;
2197 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2198 vs
->client_pf
.bmax
= blue_max
? blue_max
: 0xFF;
2199 vs
->client_pf
.bbits
= ctpopl(blue_max
);
2200 vs
->client_pf
.bshift
= blue_shift
;
2201 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2202 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2203 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2204 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2205 vs
->client_be
= big_endian_flag
;
2207 if (!true_color_flag
) {
2211 set_pixel_conversion(vs
);
2213 graphic_hw_invalidate(vs
->vd
->dcl
.con
);
2214 graphic_hw_update(vs
->vd
->dcl
.con
);
2217 static void pixel_format_message (VncState
*vs
) {
2218 char pad
[3] = { 0, 0, 0 };
2220 vs
->client_pf
= qemu_default_pixelformat(32);
2222 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2223 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2225 #ifdef HOST_WORDS_BIGENDIAN
2226 vnc_write_u8(vs
, 1); /* big-endian-flag */
2228 vnc_write_u8(vs
, 0); /* big-endian-flag */
2230 vnc_write_u8(vs
, 1); /* true-color-flag */
2231 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2232 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2233 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2234 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2235 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2236 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2237 vnc_write(vs
, pad
, 3); /* padding */
2239 vnc_hextile_set_pixel_conversion(vs
, 0);
2240 vs
->write_pixels
= vnc_write_pixels_copy
;
2243 static void vnc_colordepth(VncState
*vs
)
2245 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2246 /* Sending a WMVi message to notify the client*/
2247 vnc_lock_output(vs
);
2248 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2249 vnc_write_u8(vs
, 0);
2250 vnc_write_u16(vs
, 1); /* number of rects */
2251 vnc_framebuffer_update(vs
, 0, 0,
2252 pixman_image_get_width(vs
->vd
->server
),
2253 pixman_image_get_height(vs
->vd
->server
),
2255 pixel_format_message(vs
);
2256 vnc_unlock_output(vs
);
2259 set_pixel_conversion(vs
);
2263 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2268 VncDisplay
*vd
= vs
->vd
;
2271 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2275 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2279 set_pixel_format(vs
, read_u8(data
, 4),
2280 read_u8(data
, 6), read_u8(data
, 7),
2281 read_u16(data
, 8), read_u16(data
, 10),
2282 read_u16(data
, 12), read_u8(data
, 14),
2283 read_u8(data
, 15), read_u8(data
, 16));
2285 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2290 limit
= read_u16(data
, 2);
2292 return 4 + (limit
* 4);
2294 limit
= read_u16(data
, 2);
2296 for (i
= 0; i
< limit
; i
++) {
2297 int32_t val
= read_s32(data
, 4 + (i
* 4));
2298 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2301 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2303 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2307 framebuffer_update_request(vs
,
2308 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2309 read_u16(data
, 6), read_u16(data
, 8));
2311 case VNC_MSG_CLIENT_KEY_EVENT
:
2315 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2317 case VNC_MSG_CLIENT_POINTER_EVENT
:
2321 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2323 case VNC_MSG_CLIENT_CUT_TEXT
:
2328 uint32_t dlen
= read_u32(data
, 4);
2329 if (dlen
> (1 << 20)) {
2330 error_report("vnc: client_cut_text msg payload has %u bytes"
2331 " which exceeds our limit of 1MB.", dlen
);
2332 vnc_client_error(vs
);
2340 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2342 case VNC_MSG_CLIENT_QEMU
:
2346 switch (read_u8(data
, 1)) {
2347 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2351 ext_key_event(vs
, read_u16(data
, 2),
2352 read_u32(data
, 4), read_u32(data
, 8));
2354 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2358 switch (read_u16 (data
, 2)) {
2359 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2362 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2365 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2368 switch (read_u8(data
, 4)) {
2369 case 0: vs
->as
.fmt
= AUDIO_FORMAT_U8
; break;
2370 case 1: vs
->as
.fmt
= AUDIO_FORMAT_S8
; break;
2371 case 2: vs
->as
.fmt
= AUDIO_FORMAT_U16
; break;
2372 case 3: vs
->as
.fmt
= AUDIO_FORMAT_S16
; break;
2373 case 4: vs
->as
.fmt
= AUDIO_FORMAT_U32
; break;
2374 case 5: vs
->as
.fmt
= AUDIO_FORMAT_S32
; break;
2376 VNC_DEBUG("Invalid audio format %d\n", read_u8(data
, 4));
2377 vnc_client_error(vs
);
2380 vs
->as
.nchannels
= read_u8(data
, 5);
2381 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2382 VNC_DEBUG("Invalid audio channel count %d\n",
2384 vnc_client_error(vs
);
2387 freq
= read_u32(data
, 6);
2388 /* No official limit for protocol, but 48khz is a sensible
2389 * upper bound for trustworthy clients, and this limit
2390 * protects calculations involving 'vs->as.freq' later.
2393 VNC_DEBUG("Invalid audio frequency %u > 48000", freq
);
2394 vnc_client_error(vs
);
2400 VNC_DEBUG("Invalid audio message %d\n", read_u8(data
, 4));
2401 vnc_client_error(vs
);
2407 VNC_DEBUG("Msg: %d\n", read_u16(data
, 0));
2408 vnc_client_error(vs
);
2413 VNC_DEBUG("Msg: %d\n", data
[0]);
2414 vnc_client_error(vs
);
2418 vnc_update_throttle_offset(vs
);
2419 vnc_read_when(vs
, protocol_client_msg
, 1);
2423 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2429 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2430 switch (vs
->vd
->share_policy
) {
2431 case VNC_SHARE_POLICY_IGNORE
:
2433 * Ignore the shared flag. Nothing to do here.
2435 * Doesn't conform to the rfb spec but is traditional qemu
2436 * behavior, thus left here as option for compatibility
2440 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2442 * Policy: Allow clients ask for exclusive access.
2444 * Implementation: When a client asks for exclusive access,
2445 * disconnect all others. Shared connects are allowed as long
2446 * as no exclusive connection exists.
2448 * This is how the rfb spec suggests to handle the shared flag.
2450 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2452 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2456 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2457 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2460 vnc_disconnect_start(client
);
2463 if (mode
== VNC_SHARE_MODE_SHARED
) {
2464 if (vs
->vd
->num_exclusive
> 0) {
2465 vnc_disconnect_start(vs
);
2470 case VNC_SHARE_POLICY_FORCE_SHARED
:
2472 * Policy: Shared connects only.
2473 * Implementation: Disallow clients asking for exclusive access.
2475 * Useful for shared desktop sessions where you don't want
2476 * someone forgetting to say -shared when running the vnc
2477 * client disconnect everybody else.
2479 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2480 vnc_disconnect_start(vs
);
2485 vnc_set_share_mode(vs
, mode
);
2487 if (vs
->vd
->num_shared
> vs
->vd
->connections_limit
) {
2488 vnc_disconnect_start(vs
);
2492 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
2493 pixman_image_get_width(vs
->vd
->server
) >= 0);
2494 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
2495 pixman_image_get_height(vs
->vd
->server
) >= 0);
2496 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
2497 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
2498 vnc_write_u16(vs
, vs
->client_width
);
2499 vnc_write_u16(vs
, vs
->client_height
);
2501 pixel_format_message(vs
);
2504 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2505 if (size
> sizeof(buf
)) {
2509 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2512 vnc_write_u32(vs
, size
);
2513 vnc_write(vs
, buf
, size
);
2516 vnc_client_cache_auth(vs
);
2517 vnc_qmp_event(vs
, QAPI_EVENT_VNC_INITIALIZED
);
2519 vnc_read_when(vs
, protocol_client_msg
, 1);
2524 void start_client_init(VncState
*vs
)
2526 vnc_read_when(vs
, protocol_client_init
, 1);
2529 static void authentication_failed(VncState
*vs
)
2531 vnc_write_u32(vs
, 1); /* Reject auth */
2532 if (vs
->minor
>= 8) {
2533 static const char err
[] = "Authentication failed";
2534 vnc_write_u32(vs
, sizeof(err
));
2535 vnc_write(vs
, err
, sizeof(err
));
2538 vnc_client_error(vs
);
2541 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2543 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2545 unsigned char key
[8];
2546 time_t now
= time(NULL
);
2547 QCryptoCipher
*cipher
= NULL
;
2550 if (!vs
->vd
->password
) {
2551 trace_vnc_auth_fail(vs
, vs
->auth
, "password is not set", "");
2554 if (vs
->vd
->expires
< now
) {
2555 trace_vnc_auth_fail(vs
, vs
->auth
, "password is expired", "");
2559 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2561 /* Calculate the expected challenge response */
2562 pwlen
= strlen(vs
->vd
->password
);
2563 for (i
=0; i
<sizeof(key
); i
++)
2564 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2566 cipher
= qcrypto_cipher_new(
2567 QCRYPTO_CIPHER_ALG_DES_RFB
,
2568 QCRYPTO_CIPHER_MODE_ECB
,
2569 key
, G_N_ELEMENTS(key
),
2572 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot create cipher",
2573 error_get_pretty(err
));
2578 if (qcrypto_cipher_encrypt(cipher
,
2581 VNC_AUTH_CHALLENGE_SIZE
,
2583 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot encrypt challenge response",
2584 error_get_pretty(err
));
2589 /* Compare expected vs actual challenge response */
2590 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2591 trace_vnc_auth_fail(vs
, vs
->auth
, "mis-matched challenge response", "");
2594 trace_vnc_auth_pass(vs
, vs
->auth
);
2595 vnc_write_u32(vs
, 0); /* Accept auth */
2598 start_client_init(vs
);
2601 qcrypto_cipher_free(cipher
);
2605 authentication_failed(vs
);
2606 qcrypto_cipher_free(cipher
);
2610 void start_auth_vnc(VncState
*vs
)
2614 if (qcrypto_random_bytes(vs
->challenge
, sizeof(vs
->challenge
), &err
)) {
2615 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot get random bytes",
2616 error_get_pretty(err
));
2618 authentication_failed(vs
);
2622 /* Send client a 'random' challenge */
2623 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2626 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2630 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2632 /* We only advertise 1 auth scheme at a time, so client
2633 * must pick the one we sent. Verify this */
2634 if (data
[0] != vs
->auth
) { /* Reject auth */
2635 trace_vnc_auth_reject(vs
, vs
->auth
, (int)data
[0]);
2636 authentication_failed(vs
);
2637 } else { /* Accept requested auth */
2638 trace_vnc_auth_start(vs
, vs
->auth
);
2641 if (vs
->minor
>= 8) {
2642 vnc_write_u32(vs
, 0); /* Accept auth completion */
2645 trace_vnc_auth_pass(vs
, vs
->auth
);
2646 start_client_init(vs
);
2653 case VNC_AUTH_VENCRYPT
:
2654 start_auth_vencrypt(vs
);
2657 #ifdef CONFIG_VNC_SASL
2659 start_auth_sasl(vs
);
2661 #endif /* CONFIG_VNC_SASL */
2663 default: /* Should not be possible, but just in case */
2664 trace_vnc_auth_fail(vs
, vs
->auth
, "Unhandled auth method", "");
2665 authentication_failed(vs
);
2671 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2675 memcpy(local
, version
, 12);
2678 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2679 VNC_DEBUG("Malformed protocol version %s\n", local
);
2680 vnc_client_error(vs
);
2683 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2684 if (vs
->major
!= 3 ||
2690 VNC_DEBUG("Unsupported client version\n");
2691 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2693 vnc_client_error(vs
);
2696 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2697 * as equivalent to v3.3 by servers
2699 if (vs
->minor
== 4 || vs
->minor
== 5)
2702 if (vs
->minor
== 3) {
2703 trace_vnc_auth_start(vs
, vs
->auth
);
2704 if (vs
->auth
== VNC_AUTH_NONE
) {
2705 vnc_write_u32(vs
, vs
->auth
);
2707 trace_vnc_auth_pass(vs
, vs
->auth
);
2708 start_client_init(vs
);
2709 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2710 VNC_DEBUG("Tell client VNC auth\n");
2711 vnc_write_u32(vs
, vs
->auth
);
2715 trace_vnc_auth_fail(vs
, vs
->auth
,
2716 "Unsupported auth method for v3.3", "");
2717 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2719 vnc_client_error(vs
);
2722 vnc_write_u8(vs
, 1); /* num auth */
2723 vnc_write_u8(vs
, vs
->auth
);
2724 vnc_read_when(vs
, protocol_client_auth
, 1);
2731 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2733 struct VncSurface
*vs
= &vd
->guest
;
2735 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2738 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2742 w
= (x
+ w
) / VNC_STAT_RECT
;
2743 h
= (y
+ h
) / VNC_STAT_RECT
;
2747 for (j
= y
; j
<= h
; j
++) {
2748 for (i
= x
; i
<= w
; i
++) {
2749 vs
->lossy_rect
[j
][i
] = 1;
2754 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2757 int sty
= y
/ VNC_STAT_RECT
;
2758 int stx
= x
/ VNC_STAT_RECT
;
2761 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2762 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2764 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2767 /* kernel send buffers are full -> refresh later */
2768 if (vs
->output
.offset
) {
2772 if (!vs
->lossy_rect
[sty
][stx
]) {
2776 vs
->lossy_rect
[sty
][stx
] = 0;
2777 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2778 bitmap_set(vs
->dirty
[y
+ j
],
2779 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2780 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2788 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2790 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2791 pixman_image_get_width(vd
->server
));
2792 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2793 pixman_image_get_height(vd
->server
));
2798 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2799 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2800 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2802 rect
->updated
= false;
2806 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2808 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2811 vd
->guest
.last_freq_check
= *tv
;
2813 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2814 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2815 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2816 int count
= ARRAY_SIZE(rect
->times
);
2817 struct timeval min
, max
;
2819 if (!timerisset(&rect
->times
[count
- 1])) {
2823 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2824 qemu_timersub(tv
, &max
, &res
);
2826 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2828 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2829 memset(rect
->times
, 0, sizeof (rect
->times
));
2833 min
= rect
->times
[rect
->idx
];
2834 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2835 qemu_timersub(&max
, &min
, &res
);
2837 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2838 rect
->freq
/= count
;
2839 rect
->freq
= 1. / rect
->freq
;
2845 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2851 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2852 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2854 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2855 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2856 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2868 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2872 rect
= vnc_stat_rect(vd
, x
, y
);
2873 if (rect
->updated
) {
2876 rect
->times
[rect
->idx
] = *tv
;
2877 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2878 rect
->updated
= true;
2881 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2883 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2884 pixman_image_get_width(vd
->server
));
2885 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2886 pixman_image_get_height(vd
->server
));
2887 int cmp_bytes
, server_stride
, line_bytes
, guest_ll
, guest_stride
, y
= 0;
2888 uint8_t *guest_row0
= NULL
, *server_row0
;
2891 pixman_image_t
*tmpbuf
= NULL
;
2893 struct timeval tv
= { 0, 0 };
2895 if (!vd
->non_adaptive
) {
2896 gettimeofday(&tv
, NULL
);
2897 has_dirty
= vnc_update_stats(vd
, &tv
);
2901 * Walk through the guest dirty map.
2902 * Check and copy modified bits from guest to server surface.
2903 * Update server dirty map.
2905 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
2906 server_stride
= guest_stride
= guest_ll
=
2907 pixman_image_get_stride(vd
->server
);
2908 cmp_bytes
= MIN(VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
,
2910 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2911 int width
= pixman_image_get_width(vd
->server
);
2912 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2915 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd
->guest
.fb
));
2916 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2917 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
2918 guest_ll
= pixman_image_get_width(vd
->guest
.fb
)
2919 * DIV_ROUND_UP(guest_bpp
, 8);
2921 line_bytes
= MIN(server_stride
, guest_ll
);
2925 uint8_t *guest_ptr
, *server_ptr
;
2926 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
2927 height
* VNC_DIRTY_BPL(&vd
->guest
),
2928 y
* VNC_DIRTY_BPL(&vd
->guest
));
2929 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
2930 /* no more dirty bits */
2933 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
2934 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
2936 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
2938 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2939 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2940 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2942 guest_ptr
= guest_row0
+ y
* guest_stride
;
2944 guest_ptr
+= x
* cmp_bytes
;
2946 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
2947 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2948 int _cmp_bytes
= cmp_bytes
;
2949 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
2952 if ((x
+ 1) * cmp_bytes
> line_bytes
) {
2953 _cmp_bytes
= line_bytes
- x
* cmp_bytes
;
2955 assert(_cmp_bytes
>= 0);
2956 if (memcmp(server_ptr
, guest_ptr
, _cmp_bytes
) == 0) {
2959 memcpy(server_ptr
, guest_ptr
, _cmp_bytes
);
2960 if (!vd
->non_adaptive
) {
2961 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
2964 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2965 set_bit(x
, vs
->dirty
[y
]);
2972 qemu_pixman_image_unref(tmpbuf
);
2976 static void vnc_refresh(DisplayChangeListener
*dcl
)
2978 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2980 int has_dirty
, rects
= 0;
2982 if (QTAILQ_EMPTY(&vd
->clients
)) {
2983 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
2987 graphic_hw_update(vd
->dcl
.con
);
2989 if (vnc_trylock_display(vd
)) {
2990 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2994 has_dirty
= vnc_refresh_server_surface(vd
);
2995 vnc_unlock_display(vd
);
2997 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2998 rects
+= vnc_update_client(vs
, has_dirty
);
2999 /* vs might be free()ed here */
3002 if (has_dirty
&& rects
) {
3003 vd
->dcl
.update_interval
/= 2;
3004 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
3005 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
3008 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
3009 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
3010 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
3015 static void vnc_connect(VncDisplay
*vd
, QIOChannelSocket
*sioc
,
3016 bool skipauth
, bool websocket
)
3018 VncState
*vs
= g_new0(VncState
, 1);
3019 bool first_client
= QTAILQ_EMPTY(&vd
->clients
);
3022 trace_vnc_client_connect(vs
, sioc
);
3023 vs
->zrle
= g_new0(VncZrle
, 1);
3024 vs
->tight
= g_new0(VncTight
, 1);
3025 vs
->magic
= VNC_MAGIC
;
3027 object_ref(OBJECT(vs
->sioc
));
3028 vs
->ioc
= QIO_CHANNEL(sioc
);
3029 object_ref(OBJECT(vs
->ioc
));
3032 buffer_init(&vs
->input
, "vnc-input/%p", sioc
);
3033 buffer_init(&vs
->output
, "vnc-output/%p", sioc
);
3034 buffer_init(&vs
->jobs_buffer
, "vnc-jobs_buffer/%p", sioc
);
3036 buffer_init(&vs
->tight
->tight
, "vnc-tight/%p", sioc
);
3037 buffer_init(&vs
->tight
->zlib
, "vnc-tight-zlib/%p", sioc
);
3038 buffer_init(&vs
->tight
->gradient
, "vnc-tight-gradient/%p", sioc
);
3039 #ifdef CONFIG_VNC_JPEG
3040 buffer_init(&vs
->tight
->jpeg
, "vnc-tight-jpeg/%p", sioc
);
3042 #ifdef CONFIG_VNC_PNG
3043 buffer_init(&vs
->tight
->png
, "vnc-tight-png/%p", sioc
);
3045 buffer_init(&vs
->zlib
.zlib
, "vnc-zlib/%p", sioc
);
3046 buffer_init(&vs
->zrle
->zrle
, "vnc-zrle/%p", sioc
);
3047 buffer_init(&vs
->zrle
->fb
, "vnc-zrle-fb/%p", sioc
);
3048 buffer_init(&vs
->zrle
->zlib
, "vnc-zrle-zlib/%p", sioc
);
3051 vs
->auth
= VNC_AUTH_NONE
;
3052 vs
->subauth
= VNC_AUTH_INVALID
;
3055 vs
->auth
= vd
->ws_auth
;
3056 vs
->subauth
= VNC_AUTH_INVALID
;
3058 vs
->auth
= vd
->auth
;
3059 vs
->subauth
= vd
->subauth
;
3062 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3063 sioc
, websocket
, vs
->auth
, vs
->subauth
);
3065 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
3066 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
3067 vs
->lossy_rect
[i
] = g_new0(uint8_t, VNC_STAT_COLS
);
3070 VNC_DEBUG("New client on socket %p\n", vs
->sioc
);
3071 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3072 qio_channel_set_blocking(vs
->ioc
, false, NULL
);
3074 g_source_remove(vs
->ioc_tag
);
3079 vs
->ioc_tag
= qio_channel_add_watch(
3080 vs
->ioc
, G_IO_IN
, vncws_tls_handshake_io
, vs
, NULL
);
3082 vs
->ioc_tag
= qio_channel_add_watch(
3083 vs
->ioc
, G_IO_IN
, vncws_handshake_io
, vs
, NULL
);
3086 vs
->ioc_tag
= qio_channel_add_watch(
3087 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
3090 vnc_client_cache_addr(vs
);
3091 vnc_qmp_event(vs
, QAPI_EVENT_VNC_CONNECTED
);
3092 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
3097 vs
->as
.freq
= 44100;
3098 vs
->as
.nchannels
= 2;
3099 vs
->as
.fmt
= AUDIO_FORMAT_S16
;
3100 vs
->as
.endianness
= 0;
3102 qemu_mutex_init(&vs
->output_mutex
);
3103 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
3105 QTAILQ_INSERT_TAIL(&vd
->clients
, vs
, next
);
3107 vnc_update_server_surface(vd
);
3110 graphic_hw_update(vd
->dcl
.con
);
3112 if (!vs
->websocket
) {
3113 vnc_start_protocol(vs
);
3116 if (vd
->num_connecting
> vd
->connections_limit
) {
3117 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3118 if (vs
->share_mode
== VNC_SHARE_MODE_CONNECTING
) {
3119 vnc_disconnect_start(vs
);
3126 void vnc_start_protocol(VncState
*vs
)
3128 vnc_write(vs
, "RFB 003.008\n", 12);
3130 vnc_read_when(vs
, protocol_version
, 12);
3132 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
3133 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
3136 static void vnc_listen_io(QIONetListener
*listener
,
3137 QIOChannelSocket
*cioc
,
3140 VncDisplay
*vd
= opaque
;
3141 bool isWebsock
= listener
== vd
->wslistener
;
3143 qio_channel_set_name(QIO_CHANNEL(cioc
),
3144 isWebsock
? "vnc-ws-server" : "vnc-server");
3145 qio_channel_set_delay(QIO_CHANNEL(cioc
), false);
3146 vnc_connect(vd
, cioc
, false, isWebsock
);
3149 static const DisplayChangeListenerOps dcl_ops
= {
3151 .dpy_refresh
= vnc_refresh
,
3152 .dpy_gfx_update
= vnc_dpy_update
,
3153 .dpy_gfx_switch
= vnc_dpy_switch
,
3154 .dpy_gfx_check_format
= qemu_pixman_check_format
,
3155 .dpy_mouse_set
= vnc_mouse_set
,
3156 .dpy_cursor_define
= vnc_dpy_cursor_define
,
3159 void vnc_display_init(const char *id
, Error
**errp
)
3163 if (vnc_display_find(id
) != NULL
) {
3166 vd
= g_malloc0(sizeof(*vd
));
3168 vd
->id
= strdup(id
);
3169 QTAILQ_INSERT_TAIL(&vnc_displays
, vd
, next
);
3171 QTAILQ_INIT(&vd
->clients
);
3172 vd
->expires
= TIME_MAX
;
3174 if (keyboard_layout
) {
3175 trace_vnc_key_map_init(keyboard_layout
);
3176 vd
->kbd_layout
= init_keyboard_layout(name2keysym
,
3177 keyboard_layout
, errp
);
3179 vd
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us", errp
);
3182 if (!vd
->kbd_layout
) {
3186 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3187 vd
->connections_limit
= 32;
3189 qemu_mutex_init(&vd
->mutex
);
3190 vnc_start_worker_thread();
3192 vd
->dcl
.ops
= &dcl_ops
;
3193 register_displaychangelistener(&vd
->dcl
);
3194 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
3198 static void vnc_display_close(VncDisplay
*vd
)
3203 vd
->is_unix
= false;
3206 qio_net_listener_disconnect(vd
->listener
);
3207 object_unref(OBJECT(vd
->listener
));
3209 vd
->listener
= NULL
;
3211 if (vd
->wslistener
) {
3212 qio_net_listener_disconnect(vd
->wslistener
);
3213 object_unref(OBJECT(vd
->wslistener
));
3215 vd
->wslistener
= NULL
;
3217 vd
->auth
= VNC_AUTH_INVALID
;
3218 vd
->subauth
= VNC_AUTH_INVALID
;
3220 object_unparent(OBJECT(vd
->tlscreds
));
3221 vd
->tlscreds
= NULL
;
3224 object_unparent(OBJECT(vd
->tlsauthz
));
3225 vd
->tlsauthz
= NULL
;
3227 g_free(vd
->tlsauthzid
);
3228 vd
->tlsauthzid
= NULL
;
3229 if (vd
->lock_key_sync
) {
3230 qemu_remove_led_event_handler(vd
->led
);
3233 #ifdef CONFIG_VNC_SASL
3234 if (vd
->sasl
.authz
) {
3235 object_unparent(OBJECT(vd
->sasl
.authz
));
3236 vd
->sasl
.authz
= NULL
;
3238 g_free(vd
->sasl
.authzid
);
3239 vd
->sasl
.authzid
= NULL
;
3243 int vnc_display_password(const char *id
, const char *password
)
3245 VncDisplay
*vd
= vnc_display_find(id
);
3250 if (vd
->auth
== VNC_AUTH_NONE
) {
3251 error_printf_unless_qmp("If you want use passwords please enable "
3252 "password auth using '-vnc ${dpy},password'.\n");
3256 g_free(vd
->password
);
3257 vd
->password
= g_strdup(password
);
3262 int vnc_display_pw_expire(const char *id
, time_t expires
)
3264 VncDisplay
*vd
= vnc_display_find(id
);
3270 vd
->expires
= expires
;
3274 static void vnc_display_print_local_addr(VncDisplay
*vd
)
3276 SocketAddress
*addr
;
3278 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
3282 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0], NULL
);
3287 if (addr
->type
!= SOCKET_ADDRESS_TYPE_INET
) {
3288 qapi_free_SocketAddress(addr
);
3291 error_printf_unless_qmp("VNC server running on %s:%s\n",
3294 qapi_free_SocketAddress(addr
);
3297 static QemuOptsList qemu_vnc_opts
= {
3299 .head
= QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts
.head
),
3300 .implied_opt_name
= "vnc",
3304 .type
= QEMU_OPT_STRING
,
3306 .name
= "websocket",
3307 .type
= QEMU_OPT_STRING
,
3309 .name
= "tls-creds",
3310 .type
= QEMU_OPT_STRING
,
3313 .type
= QEMU_OPT_STRING
,
3316 .type
= QEMU_OPT_STRING
,
3319 .type
= QEMU_OPT_NUMBER
,
3321 .name
= "connections",
3322 .type
= QEMU_OPT_NUMBER
,
3325 .type
= QEMU_OPT_NUMBER
,
3328 .type
= QEMU_OPT_BOOL
,
3331 .type
= QEMU_OPT_BOOL
,
3334 .type
= QEMU_OPT_BOOL
,
3337 .type
= QEMU_OPT_BOOL
,
3339 .name
= "lock-key-sync",
3340 .type
= QEMU_OPT_BOOL
,
3342 .name
= "key-delay-ms",
3343 .type
= QEMU_OPT_NUMBER
,
3346 .type
= QEMU_OPT_BOOL
,
3349 .type
= QEMU_OPT_BOOL
,
3351 .name
= "tls-authz",
3352 .type
= QEMU_OPT_STRING
,
3354 .name
= "sasl-authz",
3355 .type
= QEMU_OPT_STRING
,
3358 .type
= QEMU_OPT_BOOL
,
3360 .name
= "non-adaptive",
3361 .type
= QEMU_OPT_BOOL
,
3364 .type
= QEMU_OPT_STRING
,
3366 { /* end of list */ }
3372 vnc_display_setup_auth(int *auth
,
3374 QCryptoTLSCreds
*tlscreds
,
3381 * We have a choice of 3 authentication options
3387 * The channel can be run in 2 modes
3392 * And TLS can use 2 types of credentials
3397 * We thus have 9 possible logical combinations
3402 * 4. tls + anon + none
3403 * 5. tls + anon + vnc
3404 * 6. tls + anon + sasl
3405 * 7. tls + x509 + none
3406 * 8. tls + x509 + vnc
3407 * 9. tls + x509 + sasl
3409 * These need to be mapped into the VNC auth schemes
3410 * in an appropriate manner. In regular VNC, all the
3411 * TLS options get mapped into VNC_AUTH_VENCRYPT
3414 * In websockets, the https:// protocol already provides
3415 * TLS support, so there is no need to make use of the
3416 * VeNCrypt extension. Furthermore, websockets browser
3417 * clients could not use VeNCrypt even if they wanted to,
3418 * as they cannot control when the TLS handshake takes
3419 * place. Thus there is no option but to rely on https://,
3420 * meaning combinations 4->6 and 7->9 will be mapped to
3421 * VNC auth schemes in the same way as combos 1->3.
3423 * Regardless of fact that we have a different mapping to
3424 * VNC auth mechs for plain VNC vs websockets VNC, the end
3425 * result has the same security characteristics.
3427 if (websocket
|| !tlscreds
) {
3429 VNC_DEBUG("Initializing VNC server with password auth\n");
3430 *auth
= VNC_AUTH_VNC
;
3432 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3433 *auth
= VNC_AUTH_SASL
;
3435 VNC_DEBUG("Initializing VNC server with no auth\n");
3436 *auth
= VNC_AUTH_NONE
;
3438 *subauth
= VNC_AUTH_INVALID
;
3440 bool is_x509
= object_dynamic_cast(OBJECT(tlscreds
),
3441 TYPE_QCRYPTO_TLS_CREDS_X509
) != NULL
;
3442 bool is_anon
= object_dynamic_cast(OBJECT(tlscreds
),
3443 TYPE_QCRYPTO_TLS_CREDS_ANON
) != NULL
;
3445 if (!is_x509
&& !is_anon
) {
3447 "Unsupported TLS cred type %s",
3448 object_get_typename(OBJECT(tlscreds
)));
3451 *auth
= VNC_AUTH_VENCRYPT
;
3454 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3455 *subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3457 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3458 *subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3463 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3464 *subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3466 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3467 *subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3471 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3472 *subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3474 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3475 *subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3483 static int vnc_display_get_address(const char *addrstr
,
3492 SocketAddress
**retaddr
,
3496 SocketAddress
*addr
= NULL
;
3498 addr
= g_new0(SocketAddress
, 1);
3500 if (strncmp(addrstr
, "unix:", 5) == 0) {
3501 addr
->type
= SOCKET_ADDRESS_TYPE_UNIX
;
3502 addr
->u
.q_unix
.path
= g_strdup(addrstr
+ 5);
3505 error_setg(errp
, "UNIX sockets not supported with websock");
3510 error_setg(errp
, "Port range not support with UNIX socket");
3517 unsigned long long baseport
= 0;
3518 InetSocketAddress
*inet
;
3520 port
= strrchr(addrstr
, ':');
3526 error_setg(errp
, "no vnc port specified");
3530 hostlen
= port
- addrstr
;
3532 if (*port
== '\0') {
3533 error_setg(errp
, "vnc port cannot be empty");
3538 addr
->type
= SOCKET_ADDRESS_TYPE_INET
;
3539 inet
= &addr
->u
.inet
;
3540 if (addrstr
[0] == '[' && addrstr
[hostlen
- 1] == ']') {
3541 inet
->host
= g_strndup(addrstr
+ 1, hostlen
- 2);
3543 inet
->host
= g_strndup(addrstr
, hostlen
);
3545 /* plain VNC port is just an offset, for websocket
3546 * port is absolute */
3548 if (g_str_equal(addrstr
, "") ||
3549 g_str_equal(addrstr
, "on")) {
3550 if (displaynum
== -1) {
3551 error_setg(errp
, "explicit websocket port is required");
3554 inet
->port
= g_strdup_printf(
3555 "%d", displaynum
+ 5700);
3557 inet
->has_to
= true;
3558 inet
->to
= to
+ 5700;
3561 inet
->port
= g_strdup(port
);
3564 int offset
= reverse
? 0 : 5900;
3565 if (parse_uint_full(port
, &baseport
, 10) < 0) {
3566 error_setg(errp
, "can't convert to a number: %s", port
);
3569 if (baseport
> 65535 ||
3570 baseport
+ offset
> 65535) {
3571 error_setg(errp
, "port %s out of range", port
);
3574 inet
->port
= g_strdup_printf(
3575 "%d", (int)baseport
+ offset
);
3578 inet
->has_to
= true;
3579 inet
->to
= to
+ offset
;
3584 inet
->has_ipv4
= has_ipv4
;
3586 inet
->has_ipv6
= has_ipv6
;
3595 qapi_free_SocketAddress(addr
);
3600 static void vnc_free_addresses(SocketAddress
***retsaddr
,
3605 for (i
= 0; i
< *retnsaddr
; i
++) {
3606 qapi_free_SocketAddress((*retsaddr
)[i
]);
3614 static int vnc_display_get_addresses(QemuOpts
*opts
,
3616 SocketAddress
***retsaddr
,
3618 SocketAddress
***retwsaddr
,
3622 SocketAddress
*saddr
= NULL
;
3623 SocketAddress
*wsaddr
= NULL
;
3624 QemuOptsIter addriter
;
3626 int to
= qemu_opt_get_number(opts
, "to", 0);
3627 bool has_ipv4
= qemu_opt_get(opts
, "ipv4");
3628 bool has_ipv6
= qemu_opt_get(opts
, "ipv6");
3629 bool ipv4
= qemu_opt_get_bool(opts
, "ipv4", false);
3630 bool ipv6
= qemu_opt_get_bool(opts
, "ipv6", false);
3631 int displaynum
= -1;
3639 addr
= qemu_opt_get(opts
, "vnc");
3640 if (addr
== NULL
|| g_str_equal(addr
, "none")) {
3644 if (qemu_opt_get(opts
, "websocket") &&
3645 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1
)) {
3647 "SHA1 hash support is required for websockets");
3651 qemu_opt_iter_init(&addriter
, opts
, "vnc");
3652 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3654 rv
= vnc_display_get_address(addr
, false, reverse
, 0, to
,
3661 /* Historical compat - first listen address can be used
3662 * to set the default websocket port
3664 if (displaynum
== -1) {
3667 *retsaddr
= g_renew(SocketAddress
*, *retsaddr
, *retnsaddr
+ 1);
3668 (*retsaddr
)[(*retnsaddr
)++] = saddr
;
3671 /* If we had multiple primary displays, we don't do defaults
3672 * for websocket, and require explicit config instead. */
3673 if (*retnsaddr
> 1) {
3677 qemu_opt_iter_init(&addriter
, opts
, "websocket");
3678 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3679 if (vnc_display_get_address(addr
, true, reverse
, displaynum
, to
,
3682 &wsaddr
, errp
) < 0) {
3686 /* Historical compat - if only a single listen address was
3687 * provided, then this is used to set the default listen
3688 * address for websocket too
3690 if (*retnsaddr
== 1 &&
3691 (*retsaddr
)[0]->type
== SOCKET_ADDRESS_TYPE_INET
&&
3692 wsaddr
->type
== SOCKET_ADDRESS_TYPE_INET
&&
3693 g_str_equal(wsaddr
->u
.inet
.host
, "") &&
3694 !g_str_equal((*retsaddr
)[0]->u
.inet
.host
, "")) {
3695 g_free(wsaddr
->u
.inet
.host
);
3696 wsaddr
->u
.inet
.host
= g_strdup((*retsaddr
)[0]->u
.inet
.host
);
3699 *retwsaddr
= g_renew(SocketAddress
*, *retwsaddr
, *retnwsaddr
+ 1);
3700 (*retwsaddr
)[(*retnwsaddr
)++] = wsaddr
;
3706 vnc_free_addresses(retsaddr
, retnsaddr
);
3707 vnc_free_addresses(retwsaddr
, retnwsaddr
);
3712 static int vnc_display_connect(VncDisplay
*vd
,
3713 SocketAddress
**saddr
,
3715 SocketAddress
**wsaddr
,
3719 /* connect to viewer */
3720 QIOChannelSocket
*sioc
= NULL
;
3722 error_setg(errp
, "Cannot use websockets in reverse mode");
3726 error_setg(errp
, "Expected a single address in reverse mode");
3729 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3730 vd
->is_unix
= saddr
[0]->type
== SOCKET_ADDRESS_TYPE_UNIX
;
3731 sioc
= qio_channel_socket_new();
3732 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-reverse");
3733 if (qio_channel_socket_connect_sync(sioc
, saddr
[0], errp
) < 0) {
3736 vnc_connect(vd
, sioc
, false, false);
3737 object_unref(OBJECT(sioc
));
3742 static int vnc_display_listen(VncDisplay
*vd
,
3743 SocketAddress
**saddr
,
3745 SocketAddress
**wsaddr
,
3752 vd
->listener
= qio_net_listener_new();
3753 qio_net_listener_set_name(vd
->listener
, "vnc-listen");
3754 for (i
= 0; i
< nsaddr
; i
++) {
3755 if (qio_net_listener_open_sync(vd
->listener
,
3762 qio_net_listener_set_client_func(vd
->listener
,
3763 vnc_listen_io
, vd
, NULL
);
3767 vd
->wslistener
= qio_net_listener_new();
3768 qio_net_listener_set_name(vd
->wslistener
, "vnc-ws-listen");
3769 for (i
= 0; i
< nwsaddr
; i
++) {
3770 if (qio_net_listener_open_sync(vd
->wslistener
,
3777 qio_net_listener_set_client_func(vd
->wslistener
,
3778 vnc_listen_io
, vd
, NULL
);
3785 void vnc_display_open(const char *id
, Error
**errp
)
3787 VncDisplay
*vd
= vnc_display_find(id
);
3788 QemuOpts
*opts
= qemu_opts_find(&qemu_vnc_opts
, id
);
3789 SocketAddress
**saddr
= NULL
, **wsaddr
= NULL
;
3790 size_t nsaddr
, nwsaddr
;
3791 const char *share
, *device_id
;
3793 bool password
= false;
3794 bool reverse
= false;
3798 const char *tlsauthz
;
3799 const char *saslauthz
;
3800 int lock_key_sync
= 1;
3802 const char *audiodev
;
3805 error_setg(errp
, "VNC display not active");
3808 vnc_display_close(vd
);
3814 reverse
= qemu_opt_get_bool(opts
, "reverse", false);
3815 if (vnc_display_get_addresses(opts
, reverse
, &saddr
, &nsaddr
,
3816 &wsaddr
, &nwsaddr
, errp
) < 0) {
3820 password
= qemu_opt_get_bool(opts
, "password", false);
3822 if (fips_get_state()) {
3824 "VNC password auth disabled due to FIPS mode, "
3825 "consider using the VeNCrypt or SASL authentication "
3826 "methods as an alternative");
3829 if (!qcrypto_cipher_supports(
3830 QCRYPTO_CIPHER_ALG_DES_RFB
, QCRYPTO_CIPHER_MODE_ECB
)) {
3832 "Cipher backend does not support DES RFB algorithm");
3837 lock_key_sync
= qemu_opt_get_bool(opts
, "lock-key-sync", true);
3838 key_delay_ms
= qemu_opt_get_number(opts
, "key-delay-ms", 10);
3839 sasl
= qemu_opt_get_bool(opts
, "sasl", false);
3840 #ifndef CONFIG_VNC_SASL
3842 error_setg(errp
, "VNC SASL auth requires cyrus-sasl support");
3845 #endif /* CONFIG_VNC_SASL */
3846 credid
= qemu_opt_get(opts
, "tls-creds");
3849 creds
= object_resolve_path_component(
3850 object_get_objects_root(), credid
);
3852 error_setg(errp
, "No TLS credentials with id '%s'",
3856 vd
->tlscreds
= (QCryptoTLSCreds
*)
3857 object_dynamic_cast(creds
,
3858 TYPE_QCRYPTO_TLS_CREDS
);
3859 if (!vd
->tlscreds
) {
3860 error_setg(errp
, "Object with id '%s' is not TLS credentials",
3864 object_ref(OBJECT(vd
->tlscreds
));
3866 if (vd
->tlscreds
->endpoint
!= QCRYPTO_TLS_CREDS_ENDPOINT_SERVER
) {
3868 "Expecting TLS credentials with a server endpoint");
3872 if (qemu_opt_get(opts
, "acl")) {
3873 error_report("The 'acl' option to -vnc is deprecated. "
3874 "Please use the 'tls-authz' and 'sasl-authz' "
3877 acl
= qemu_opt_get_bool(opts
, "acl", false);
3878 tlsauthz
= qemu_opt_get(opts
, "tls-authz");
3879 if (acl
&& tlsauthz
) {
3880 error_setg(errp
, "'acl' option is mutually exclusive with the "
3881 "'tls-authz' option");
3884 if (tlsauthz
&& !vd
->tlscreds
) {
3885 error_setg(errp
, "'tls-authz' provided but TLS is not enabled");
3889 saslauthz
= qemu_opt_get(opts
, "sasl-authz");
3890 if (acl
&& saslauthz
) {
3891 error_setg(errp
, "'acl' option is mutually exclusive with the "
3892 "'sasl-authz' option");
3895 if (saslauthz
&& !sasl
) {
3896 error_setg(errp
, "'sasl-authz' provided but SASL auth is not enabled");
3900 share
= qemu_opt_get(opts
, "share");
3902 if (strcmp(share
, "ignore") == 0) {
3903 vd
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3904 } else if (strcmp(share
, "allow-exclusive") == 0) {
3905 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3906 } else if (strcmp(share
, "force-shared") == 0) {
3907 vd
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3909 error_setg(errp
, "unknown vnc share= option");
3913 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3915 vd
->connections_limit
= qemu_opt_get_number(opts
, "connections", 32);
3917 #ifdef CONFIG_VNC_JPEG
3918 vd
->lossy
= qemu_opt_get_bool(opts
, "lossy", false);
3920 vd
->non_adaptive
= qemu_opt_get_bool(opts
, "non-adaptive", false);
3921 /* adaptive updates are only used with tight encoding and
3922 * if lossy updates are enabled so we can disable all the
3923 * calculations otherwise */
3925 vd
->non_adaptive
= true;
3929 vd
->tlsauthzid
= g_strdup(tlsauthz
);
3931 if (strcmp(vd
->id
, "default") == 0) {
3932 vd
->tlsauthzid
= g_strdup("vnc.x509dname");
3934 vd
->tlsauthzid
= g_strdup_printf("vnc.%s.x509dname", vd
->id
);
3936 vd
->tlsauthz
= QAUTHZ(qauthz_list_new(vd
->tlsauthzid
,
3937 QAUTHZ_LIST_POLICY_DENY
,
3940 #ifdef CONFIG_VNC_SASL
3943 vd
->sasl
.authzid
= g_strdup(saslauthz
);
3945 if (strcmp(vd
->id
, "default") == 0) {
3946 vd
->sasl
.authzid
= g_strdup("vnc.username");
3948 vd
->sasl
.authzid
= g_strdup_printf("vnc.%s.username", vd
->id
);
3950 vd
->sasl
.authz
= QAUTHZ(qauthz_list_new(vd
->sasl
.authzid
,
3951 QAUTHZ_LIST_POLICY_DENY
,
3957 if (vnc_display_setup_auth(&vd
->auth
, &vd
->subauth
,
3958 vd
->tlscreds
, password
,
3959 sasl
, false, errp
) < 0) {
3962 trace_vnc_auth_init(vd
, 0, vd
->auth
, vd
->subauth
);
3964 if (vnc_display_setup_auth(&vd
->ws_auth
, &vd
->ws_subauth
,
3965 vd
->tlscreds
, password
,
3966 sasl
, true, errp
) < 0) {
3969 trace_vnc_auth_init(vd
, 1, vd
->ws_auth
, vd
->ws_subauth
);
3971 #ifdef CONFIG_VNC_SASL
3973 int saslErr
= sasl_server_init(NULL
, "qemu");
3975 if (saslErr
!= SASL_OK
) {
3976 error_setg(errp
, "Failed to initialize SASL auth: %s",
3977 sasl_errstring(saslErr
, NULL
, NULL
));
3982 vd
->lock_key_sync
= lock_key_sync
;
3983 if (lock_key_sync
) {
3984 vd
->led
= qemu_add_led_event_handler(kbd_leds
, vd
);
3988 audiodev
= qemu_opt_get(opts
, "audiodev");
3990 vd
->audio_state
= audio_state_by_name(audiodev
);
3991 if (!vd
->audio_state
) {
3992 error_setg(errp
, "Audiodev '%s' not found", audiodev
);
3997 device_id
= qemu_opt_get(opts
, "display");
3999 int head
= qemu_opt_get_number(opts
, "head", 0);
4002 con
= qemu_console_lookup_by_device_name(device_id
, head
, &err
);
4004 error_propagate(errp
, err
);
4011 if (con
!= vd
->dcl
.con
) {
4012 qkbd_state_free(vd
->kbd
);
4013 unregister_displaychangelistener(&vd
->dcl
);
4015 register_displaychangelistener(&vd
->dcl
);
4016 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
4018 qkbd_state_set_delay(vd
->kbd
, key_delay_ms
);
4020 if (saddr
== NULL
) {
4025 if (vnc_display_connect(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4029 if (vnc_display_listen(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4034 if (qemu_opt_get(opts
, "to")) {
4035 vnc_display_print_local_addr(vd
);
4039 vnc_free_addresses(&saddr
, &nsaddr
);
4040 vnc_free_addresses(&wsaddr
, &nwsaddr
);
4044 vnc_display_close(vd
);
4048 void vnc_display_add_client(const char *id
, int csock
, bool skipauth
)
4050 VncDisplay
*vd
= vnc_display_find(id
);
4051 QIOChannelSocket
*sioc
;
4057 sioc
= qio_channel_socket_new_fd(csock
, NULL
);
4059 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-server");
4060 vnc_connect(vd
, sioc
, skipauth
, false);
4061 object_unref(OBJECT(sioc
));
4065 static void vnc_auto_assign_id(QemuOptsList
*olist
, QemuOpts
*opts
)
4070 id
= g_strdup("default");
4071 while (qemu_opts_find(olist
, id
)) {
4073 id
= g_strdup_printf("vnc%d", i
++);
4075 qemu_opts_set_id(opts
, id
);
4078 QemuOpts
*vnc_parse(const char *str
, Error
**errp
)
4080 QemuOptsList
*olist
= qemu_find_opts("vnc");
4081 QemuOpts
*opts
= qemu_opts_parse(olist
, str
, true, errp
);
4088 id
= qemu_opts_id(opts
);
4090 /* auto-assign id if not present */
4091 vnc_auto_assign_id(olist
, opts
);
4096 int vnc_init_func(void *opaque
, QemuOpts
*opts
, Error
**errp
)
4098 Error
*local_err
= NULL
;
4099 char *id
= (char *)qemu_opts_id(opts
);
4102 vnc_display_init(id
, &local_err
);
4104 error_propagate(errp
, local_err
);
4107 vnc_display_open(id
, &local_err
);
4108 if (local_err
!= NULL
) {
4109 error_propagate(errp
, local_err
);
4115 static void vnc_register_config(void)
4117 qemu_add_opts(&qemu_vnc_opts
);
4119 opts_init(vnc_register_config
);