monitor/qmp: Update comment for commit 4eaca8de268
[qemu/armbru.git] / ui / vnc.c
blob4812ed29d0fa15fcfed709839c4cb36a585d7b63
1 /*
2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qemu/option.h"
37 #include "qemu/sockets.h"
38 #include "qemu/timer.h"
39 #include "authz/list.h"
40 #include "qemu/config-file.h"
41 #include "qapi/qapi-emit-events.h"
42 #include "qapi/qapi-events-ui.h"
43 #include "qapi/error.h"
44 #include "qapi/qapi-commands-ui.h"
45 #include "ui/input.h"
46 #include "crypto/hash.h"
47 #include "crypto/tlscredsanon.h"
48 #include "crypto/tlscredsx509.h"
49 #include "crypto/random.h"
50 #include "qom/object_interfaces.h"
51 #include "qemu/cutils.h"
52 #include "io/dns-resolver.h"
54 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
55 #define VNC_REFRESH_INTERVAL_INC 50
56 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
57 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
58 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
60 #include "vnc_keysym.h"
61 #include "crypto/cipher.h"
63 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
64 QTAILQ_HEAD_INITIALIZER(vnc_displays);
66 static int vnc_cursor_define(VncState *vs);
67 static void vnc_update_throttle_offset(VncState *vs);
69 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
71 #ifdef _VNC_DEBUG
72 static const char *mn[] = {
73 [0] = "undefined",
74 [VNC_SHARE_MODE_CONNECTING] = "connecting",
75 [VNC_SHARE_MODE_SHARED] = "shared",
76 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
77 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
79 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
80 vs->ioc, mn[vs->share_mode], mn[mode]);
81 #endif
83 switch (vs->share_mode) {
84 case VNC_SHARE_MODE_CONNECTING:
85 vs->vd->num_connecting--;
86 break;
87 case VNC_SHARE_MODE_SHARED:
88 vs->vd->num_shared--;
89 break;
90 case VNC_SHARE_MODE_EXCLUSIVE:
91 vs->vd->num_exclusive--;
92 break;
93 default:
94 break;
97 vs->share_mode = mode;
99 switch (vs->share_mode) {
100 case VNC_SHARE_MODE_CONNECTING:
101 vs->vd->num_connecting++;
102 break;
103 case VNC_SHARE_MODE_SHARED:
104 vs->vd->num_shared++;
105 break;
106 case VNC_SHARE_MODE_EXCLUSIVE:
107 vs->vd->num_exclusive++;
108 break;
109 default:
110 break;
115 static void vnc_init_basic_info(SocketAddress *addr,
116 VncBasicInfo *info,
117 Error **errp)
119 switch (addr->type) {
120 case SOCKET_ADDRESS_TYPE_INET:
121 info->host = g_strdup(addr->u.inet.host);
122 info->service = g_strdup(addr->u.inet.port);
123 if (addr->u.inet.ipv6) {
124 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
125 } else {
126 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
128 break;
130 case SOCKET_ADDRESS_TYPE_UNIX:
131 info->host = g_strdup("");
132 info->service = g_strdup(addr->u.q_unix.path);
133 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
134 break;
136 case SOCKET_ADDRESS_TYPE_VSOCK:
137 case SOCKET_ADDRESS_TYPE_FD:
138 error_setg(errp, "Unsupported socket address type %s",
139 SocketAddressType_str(addr->type));
140 break;
141 default:
142 abort();
145 return;
148 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
149 VncBasicInfo *info,
150 Error **errp)
152 SocketAddress *addr = NULL;
154 if (!ioc) {
155 error_setg(errp, "No listener socket available");
156 return;
159 addr = qio_channel_socket_get_local_address(ioc, errp);
160 if (!addr) {
161 return;
164 vnc_init_basic_info(addr, info, errp);
165 qapi_free_SocketAddress(addr);
168 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
169 VncBasicInfo *info,
170 Error **errp)
172 SocketAddress *addr = NULL;
174 addr = qio_channel_socket_get_remote_address(ioc, errp);
175 if (!addr) {
176 return;
179 vnc_init_basic_info(addr, info, errp);
180 qapi_free_SocketAddress(addr);
183 static const char *vnc_auth_name(VncDisplay *vd) {
184 switch (vd->auth) {
185 case VNC_AUTH_INVALID:
186 return "invalid";
187 case VNC_AUTH_NONE:
188 return "none";
189 case VNC_AUTH_VNC:
190 return "vnc";
191 case VNC_AUTH_RA2:
192 return "ra2";
193 case VNC_AUTH_RA2NE:
194 return "ra2ne";
195 case VNC_AUTH_TIGHT:
196 return "tight";
197 case VNC_AUTH_ULTRA:
198 return "ultra";
199 case VNC_AUTH_TLS:
200 return "tls";
201 case VNC_AUTH_VENCRYPT:
202 switch (vd->subauth) {
203 case VNC_AUTH_VENCRYPT_PLAIN:
204 return "vencrypt+plain";
205 case VNC_AUTH_VENCRYPT_TLSNONE:
206 return "vencrypt+tls+none";
207 case VNC_AUTH_VENCRYPT_TLSVNC:
208 return "vencrypt+tls+vnc";
209 case VNC_AUTH_VENCRYPT_TLSPLAIN:
210 return "vencrypt+tls+plain";
211 case VNC_AUTH_VENCRYPT_X509NONE:
212 return "vencrypt+x509+none";
213 case VNC_AUTH_VENCRYPT_X509VNC:
214 return "vencrypt+x509+vnc";
215 case VNC_AUTH_VENCRYPT_X509PLAIN:
216 return "vencrypt+x509+plain";
217 case VNC_AUTH_VENCRYPT_TLSSASL:
218 return "vencrypt+tls+sasl";
219 case VNC_AUTH_VENCRYPT_X509SASL:
220 return "vencrypt+x509+sasl";
221 default:
222 return "vencrypt";
224 case VNC_AUTH_SASL:
225 return "sasl";
227 return "unknown";
230 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
232 VncServerInfo *info;
233 Error *err = NULL;
235 if (!vd->listener || !vd->listener->nsioc) {
236 return NULL;
239 info = g_malloc0(sizeof(*info));
240 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
241 qapi_VncServerInfo_base(info), &err);
242 info->has_auth = true;
243 info->auth = g_strdup(vnc_auth_name(vd));
244 if (err) {
245 qapi_free_VncServerInfo(info);
246 info = NULL;
247 error_free(err);
249 return info;
252 static void vnc_client_cache_auth(VncState *client)
254 if (!client->info) {
255 return;
258 if (client->tls) {
259 client->info->x509_dname =
260 qcrypto_tls_session_get_peer_name(client->tls);
261 client->info->has_x509_dname =
262 client->info->x509_dname != NULL;
264 #ifdef CONFIG_VNC_SASL
265 if (client->sasl.conn &&
266 client->sasl.username) {
267 client->info->has_sasl_username = true;
268 client->info->sasl_username = g_strdup(client->sasl.username);
270 #endif
273 static void vnc_client_cache_addr(VncState *client)
275 Error *err = NULL;
277 client->info = g_malloc0(sizeof(*client->info));
278 vnc_init_basic_info_from_remote_addr(client->sioc,
279 qapi_VncClientInfo_base(client->info),
280 &err);
281 if (err) {
282 qapi_free_VncClientInfo(client->info);
283 client->info = NULL;
284 error_free(err);
288 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
290 VncServerInfo *si;
292 if (!vs->info) {
293 return;
296 si = vnc_server_info_get(vs->vd);
297 if (!si) {
298 return;
301 switch (event) {
302 case QAPI_EVENT_VNC_CONNECTED:
303 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
304 break;
305 case QAPI_EVENT_VNC_INITIALIZED:
306 qapi_event_send_vnc_initialized(si, vs->info);
307 break;
308 case QAPI_EVENT_VNC_DISCONNECTED:
309 qapi_event_send_vnc_disconnected(si, vs->info);
310 break;
311 default:
312 break;
315 qapi_free_VncServerInfo(si);
318 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
320 VncClientInfo *info;
321 Error *err = NULL;
323 info = g_malloc0(sizeof(*info));
325 vnc_init_basic_info_from_remote_addr(client->sioc,
326 qapi_VncClientInfo_base(info),
327 &err);
328 if (err) {
329 error_free(err);
330 qapi_free_VncClientInfo(info);
331 return NULL;
334 info->websocket = client->websocket;
336 if (client->tls) {
337 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
338 info->has_x509_dname = info->x509_dname != NULL;
340 #ifdef CONFIG_VNC_SASL
341 if (client->sasl.conn && client->sasl.username) {
342 info->has_sasl_username = true;
343 info->sasl_username = g_strdup(client->sasl.username);
345 #endif
347 return info;
350 static VncDisplay *vnc_display_find(const char *id)
352 VncDisplay *vd;
354 if (id == NULL) {
355 return QTAILQ_FIRST(&vnc_displays);
357 QTAILQ_FOREACH(vd, &vnc_displays, next) {
358 if (strcmp(id, vd->id) == 0) {
359 return vd;
362 return NULL;
365 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
367 VncClientInfoList *cinfo, *prev = NULL;
368 VncState *client;
370 QTAILQ_FOREACH(client, &vd->clients, next) {
371 cinfo = g_new0(VncClientInfoList, 1);
372 cinfo->value = qmp_query_vnc_client(client);
373 cinfo->next = prev;
374 prev = cinfo;
376 return prev;
379 VncInfo *qmp_query_vnc(Error **errp)
381 VncInfo *info = g_malloc0(sizeof(*info));
382 VncDisplay *vd = vnc_display_find(NULL);
383 SocketAddress *addr = NULL;
385 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
386 info->enabled = false;
387 } else {
388 info->enabled = true;
390 /* for compatibility with the original command */
391 info->has_clients = true;
392 info->clients = qmp_query_client_list(vd);
394 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
395 errp);
396 if (!addr) {
397 goto out_error;
400 switch (addr->type) {
401 case SOCKET_ADDRESS_TYPE_INET:
402 info->host = g_strdup(addr->u.inet.host);
403 info->service = g_strdup(addr->u.inet.port);
404 if (addr->u.inet.ipv6) {
405 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
406 } else {
407 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
409 break;
411 case SOCKET_ADDRESS_TYPE_UNIX:
412 info->host = g_strdup("");
413 info->service = g_strdup(addr->u.q_unix.path);
414 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
415 break;
417 case SOCKET_ADDRESS_TYPE_VSOCK:
418 case SOCKET_ADDRESS_TYPE_FD:
419 error_setg(errp, "Unsupported socket address type %s",
420 SocketAddressType_str(addr->type));
421 goto out_error;
422 default:
423 abort();
426 info->has_host = true;
427 info->has_service = true;
428 info->has_family = true;
430 info->has_auth = true;
431 info->auth = g_strdup(vnc_auth_name(vd));
434 qapi_free_SocketAddress(addr);
435 return info;
437 out_error:
438 qapi_free_SocketAddress(addr);
439 qapi_free_VncInfo(info);
440 return NULL;
444 static void qmp_query_auth(int auth, int subauth,
445 VncPrimaryAuth *qmp_auth,
446 VncVencryptSubAuth *qmp_vencrypt,
447 bool *qmp_has_vencrypt);
449 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
450 bool websocket,
451 int auth,
452 int subauth,
453 VncServerInfo2List *prev)
455 VncServerInfo2List *list;
456 VncServerInfo2 *info;
457 Error *err = NULL;
458 SocketAddress *addr;
460 addr = qio_channel_socket_get_local_address(ioc, &err);
461 if (!addr) {
462 error_free(err);
463 return prev;
466 info = g_new0(VncServerInfo2, 1);
467 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
468 qapi_free_SocketAddress(addr);
469 if (err) {
470 qapi_free_VncServerInfo2(info);
471 error_free(err);
472 return prev;
474 info->websocket = websocket;
476 qmp_query_auth(auth, subauth, &info->auth,
477 &info->vencrypt, &info->has_vencrypt);
479 list = g_new0(VncServerInfo2List, 1);
480 list->value = info;
481 list->next = prev;
482 return list;
485 static void qmp_query_auth(int auth, int subauth,
486 VncPrimaryAuth *qmp_auth,
487 VncVencryptSubAuth *qmp_vencrypt,
488 bool *qmp_has_vencrypt)
490 switch (auth) {
491 case VNC_AUTH_VNC:
492 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
493 break;
494 case VNC_AUTH_RA2:
495 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
496 break;
497 case VNC_AUTH_RA2NE:
498 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
499 break;
500 case VNC_AUTH_TIGHT:
501 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
502 break;
503 case VNC_AUTH_ULTRA:
504 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
505 break;
506 case VNC_AUTH_TLS:
507 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
508 break;
509 case VNC_AUTH_VENCRYPT:
510 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
511 *qmp_has_vencrypt = true;
512 switch (subauth) {
513 case VNC_AUTH_VENCRYPT_PLAIN:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
515 break;
516 case VNC_AUTH_VENCRYPT_TLSNONE:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
518 break;
519 case VNC_AUTH_VENCRYPT_TLSVNC:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
521 break;
522 case VNC_AUTH_VENCRYPT_TLSPLAIN:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
524 break;
525 case VNC_AUTH_VENCRYPT_X509NONE:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
527 break;
528 case VNC_AUTH_VENCRYPT_X509VNC:
529 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
530 break;
531 case VNC_AUTH_VENCRYPT_X509PLAIN:
532 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
533 break;
534 case VNC_AUTH_VENCRYPT_TLSSASL:
535 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
536 break;
537 case VNC_AUTH_VENCRYPT_X509SASL:
538 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
539 break;
540 default:
541 *qmp_has_vencrypt = false;
542 break;
544 break;
545 case VNC_AUTH_SASL:
546 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
547 break;
548 case VNC_AUTH_NONE:
549 default:
550 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
551 break;
555 VncInfo2List *qmp_query_vnc_servers(Error **errp)
557 VncInfo2List *item, *prev = NULL;
558 VncInfo2 *info;
559 VncDisplay *vd;
560 DeviceState *dev;
561 size_t i;
563 QTAILQ_FOREACH(vd, &vnc_displays, next) {
564 info = g_new0(VncInfo2, 1);
565 info->id = g_strdup(vd->id);
566 info->clients = qmp_query_client_list(vd);
567 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
568 &info->vencrypt, &info->has_vencrypt);
569 if (vd->dcl.con) {
570 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
571 "device", NULL));
572 info->has_display = true;
573 info->display = g_strdup(dev->id);
575 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
576 info->server = qmp_query_server_entry(
577 vd->listener->sioc[i], false, vd->auth, vd->subauth,
578 info->server);
580 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
581 info->server = qmp_query_server_entry(
582 vd->wslistener->sioc[i], true, vd->ws_auth,
583 vd->ws_subauth, info->server);
586 item = g_new0(VncInfo2List, 1);
587 item->value = info;
588 item->next = prev;
589 prev = item;
591 return prev;
594 /* TODO
595 1) Get the queue working for IO.
596 2) there is some weirdness when using the -S option (the screen is grey
597 and not totally invalidated
598 3) resolutions > 1024
601 static int vnc_update_client(VncState *vs, int has_dirty);
602 static void vnc_disconnect_start(VncState *vs);
604 static void vnc_colordepth(VncState *vs);
605 static void framebuffer_update_request(VncState *vs, int incremental,
606 int x_position, int y_position,
607 int w, int h);
608 static void vnc_refresh(DisplayChangeListener *dcl);
609 static int vnc_refresh_server_surface(VncDisplay *vd);
611 static int vnc_width(VncDisplay *vd)
613 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
614 VNC_DIRTY_PIXELS_PER_BIT));
617 static int vnc_height(VncDisplay *vd)
619 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
622 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
623 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
624 VncDisplay *vd,
625 int x, int y, int w, int h)
627 int width = vnc_width(vd);
628 int height = vnc_height(vd);
630 /* this is needed this to ensure we updated all affected
631 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
632 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
633 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
635 x = MIN(x, width);
636 y = MIN(y, height);
637 w = MIN(x + w, width) - x;
638 h = MIN(y + h, height);
640 for (; y < h; y++) {
641 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
642 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
646 static void vnc_dpy_update(DisplayChangeListener *dcl,
647 int x, int y, int w, int h)
649 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
650 struct VncSurface *s = &vd->guest;
652 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
655 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
656 int32_t encoding)
658 vnc_write_u16(vs, x);
659 vnc_write_u16(vs, y);
660 vnc_write_u16(vs, w);
661 vnc_write_u16(vs, h);
663 vnc_write_s32(vs, encoding);
667 static void vnc_desktop_resize(VncState *vs)
669 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
670 return;
672 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
673 vs->client_height == pixman_image_get_height(vs->vd->server)) {
674 return;
677 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
678 pixman_image_get_width(vs->vd->server) >= 0);
679 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
680 pixman_image_get_height(vs->vd->server) >= 0);
681 vs->client_width = pixman_image_get_width(vs->vd->server);
682 vs->client_height = pixman_image_get_height(vs->vd->server);
683 vnc_lock_output(vs);
684 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
685 vnc_write_u8(vs, 0);
686 vnc_write_u16(vs, 1); /* number of rects */
687 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
688 VNC_ENCODING_DESKTOPRESIZE);
689 vnc_unlock_output(vs);
690 vnc_flush(vs);
693 static void vnc_abort_display_jobs(VncDisplay *vd)
695 VncState *vs;
697 QTAILQ_FOREACH(vs, &vd->clients, next) {
698 vnc_lock_output(vs);
699 vs->abort = true;
700 vnc_unlock_output(vs);
702 QTAILQ_FOREACH(vs, &vd->clients, next) {
703 vnc_jobs_join(vs);
705 QTAILQ_FOREACH(vs, &vd->clients, next) {
706 vnc_lock_output(vs);
707 if (vs->update == VNC_STATE_UPDATE_NONE &&
708 vs->job_update != VNC_STATE_UPDATE_NONE) {
709 /* job aborted before completion */
710 vs->update = vs->job_update;
711 vs->job_update = VNC_STATE_UPDATE_NONE;
713 vs->abort = false;
714 vnc_unlock_output(vs);
718 int vnc_server_fb_stride(VncDisplay *vd)
720 return pixman_image_get_stride(vd->server);
723 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
725 uint8_t *ptr;
727 ptr = (uint8_t *)pixman_image_get_data(vd->server);
728 ptr += y * vnc_server_fb_stride(vd);
729 ptr += x * VNC_SERVER_FB_BYTES;
730 return ptr;
733 static void vnc_update_server_surface(VncDisplay *vd)
735 int width, height;
737 qemu_pixman_image_unref(vd->server);
738 vd->server = NULL;
740 if (QTAILQ_EMPTY(&vd->clients)) {
741 return;
744 width = vnc_width(vd);
745 height = vnc_height(vd);
746 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
747 width, height,
748 NULL, 0);
750 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
751 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
752 width, height);
755 static bool vnc_check_pageflip(DisplaySurface *s1,
756 DisplaySurface *s2)
758 return (s1 != NULL &&
759 s2 != NULL &&
760 surface_width(s1) == surface_width(s2) &&
761 surface_height(s1) == surface_height(s2) &&
762 surface_format(s1) == surface_format(s2));
766 static void vnc_dpy_switch(DisplayChangeListener *dcl,
767 DisplaySurface *surface)
769 static const char placeholder_msg[] =
770 "Display output is not active.";
771 static DisplaySurface *placeholder;
772 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
773 bool pageflip = vnc_check_pageflip(vd->ds, surface);
774 VncState *vs;
776 if (surface == NULL) {
777 if (placeholder == NULL) {
778 placeholder = qemu_create_message_surface(640, 480, placeholder_msg);
780 surface = placeholder;
783 vnc_abort_display_jobs(vd);
784 vd->ds = surface;
786 /* guest surface */
787 qemu_pixman_image_unref(vd->guest.fb);
788 vd->guest.fb = pixman_image_ref(surface->image);
789 vd->guest.format = surface->format;
791 if (pageflip) {
792 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
793 surface_width(surface),
794 surface_height(surface));
795 return;
798 /* server surface */
799 vnc_update_server_surface(vd);
801 QTAILQ_FOREACH(vs, &vd->clients, next) {
802 vnc_colordepth(vs);
803 vnc_desktop_resize(vs);
804 if (vs->vd->cursor) {
805 vnc_cursor_define(vs);
807 memset(vs->dirty, 0x00, sizeof(vs->dirty));
808 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
809 vnc_width(vd),
810 vnc_height(vd));
811 vnc_update_throttle_offset(vs);
815 /* fastest code */
816 static void vnc_write_pixels_copy(VncState *vs,
817 void *pixels, int size)
819 vnc_write(vs, pixels, size);
822 /* slowest but generic code. */
823 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
825 uint8_t r, g, b;
827 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
828 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
829 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
830 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
831 #else
832 # error need some bits here if you change VNC_SERVER_FB_FORMAT
833 #endif
834 v = (r << vs->client_pf.rshift) |
835 (g << vs->client_pf.gshift) |
836 (b << vs->client_pf.bshift);
837 switch (vs->client_pf.bytes_per_pixel) {
838 case 1:
839 buf[0] = v;
840 break;
841 case 2:
842 if (vs->client_be) {
843 buf[0] = v >> 8;
844 buf[1] = v;
845 } else {
846 buf[1] = v >> 8;
847 buf[0] = v;
849 break;
850 default:
851 case 4:
852 if (vs->client_be) {
853 buf[0] = v >> 24;
854 buf[1] = v >> 16;
855 buf[2] = v >> 8;
856 buf[3] = v;
857 } else {
858 buf[3] = v >> 24;
859 buf[2] = v >> 16;
860 buf[1] = v >> 8;
861 buf[0] = v;
863 break;
867 static void vnc_write_pixels_generic(VncState *vs,
868 void *pixels1, int size)
870 uint8_t buf[4];
872 if (VNC_SERVER_FB_BYTES == 4) {
873 uint32_t *pixels = pixels1;
874 int n, i;
875 n = size >> 2;
876 for (i = 0; i < n; i++) {
877 vnc_convert_pixel(vs, buf, pixels[i]);
878 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
883 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
885 int i;
886 uint8_t *row;
887 VncDisplay *vd = vs->vd;
889 row = vnc_server_fb_ptr(vd, x, y);
890 for (i = 0; i < h; i++) {
891 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
892 row += vnc_server_fb_stride(vd);
894 return 1;
897 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
899 int n = 0;
900 bool encode_raw = false;
901 size_t saved_offs = vs->output.offset;
903 switch(vs->vnc_encoding) {
904 case VNC_ENCODING_ZLIB:
905 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
906 break;
907 case VNC_ENCODING_HEXTILE:
908 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
909 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
910 break;
911 case VNC_ENCODING_TIGHT:
912 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
913 break;
914 case VNC_ENCODING_TIGHT_PNG:
915 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
916 break;
917 case VNC_ENCODING_ZRLE:
918 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
919 break;
920 case VNC_ENCODING_ZYWRLE:
921 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
922 break;
923 default:
924 encode_raw = true;
925 break;
928 /* If the client has the same pixel format as our internal buffer and
929 * a RAW encoding would need less space fall back to RAW encoding to
930 * save bandwidth and processing power in the client. */
931 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
932 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
933 vs->output.offset = saved_offs;
934 encode_raw = true;
937 if (encode_raw) {
938 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
939 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
942 return n;
945 static void vnc_mouse_set(DisplayChangeListener *dcl,
946 int x, int y, int visible)
948 /* can we ask the client(s) to move the pointer ??? */
951 static int vnc_cursor_define(VncState *vs)
953 QEMUCursor *c = vs->vd->cursor;
954 int isize;
956 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
957 vnc_lock_output(vs);
958 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
959 vnc_write_u8(vs, 0); /* padding */
960 vnc_write_u16(vs, 1); /* # of rects */
961 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
962 VNC_ENCODING_RICH_CURSOR);
963 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
964 vnc_write_pixels_generic(vs, c->data, isize);
965 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
966 vnc_unlock_output(vs);
967 return 0;
969 return -1;
972 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
973 QEMUCursor *c)
975 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
976 VncState *vs;
978 cursor_put(vd->cursor);
979 g_free(vd->cursor_mask);
981 vd->cursor = c;
982 cursor_get(vd->cursor);
983 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
984 vd->cursor_mask = g_malloc0(vd->cursor_msize);
985 cursor_get_mono_mask(c, 0, vd->cursor_mask);
987 QTAILQ_FOREACH(vs, &vd->clients, next) {
988 vnc_cursor_define(vs);
992 static int find_and_clear_dirty_height(VncState *vs,
993 int y, int last_x, int x, int height)
995 int h;
997 for (h = 1; h < (height - y); h++) {
998 if (!test_bit(last_x, vs->dirty[y + h])) {
999 break;
1001 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1004 return h;
1008 * Figure out how much pending data we should allow in the output
1009 * buffer before we throttle incremental display updates, and/or
1010 * drop audio samples.
1012 * We allow for equiv of 1 full display's worth of FB updates,
1013 * and 1 second of audio samples. If audio backlog was larger
1014 * than that the client would already suffering awful audio
1015 * glitches, so dropping samples is no worse really).
1017 static void vnc_update_throttle_offset(VncState *vs)
1019 size_t offset =
1020 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1022 if (vs->audio_cap) {
1023 int bps;
1024 switch (vs->as.fmt) {
1025 default:
1026 case AUDIO_FORMAT_U8:
1027 case AUDIO_FORMAT_S8:
1028 bps = 1;
1029 break;
1030 case AUDIO_FORMAT_U16:
1031 case AUDIO_FORMAT_S16:
1032 bps = 2;
1033 break;
1034 case AUDIO_FORMAT_U32:
1035 case AUDIO_FORMAT_S32:
1036 bps = 4;
1037 break;
1039 offset += vs->as.freq * bps * vs->as.nchannels;
1042 /* Put a floor of 1MB on offset, so that if we have a large pending
1043 * buffer and the display is resized to a small size & back again
1044 * we don't suddenly apply a tiny send limit
1046 offset = MAX(offset, 1024 * 1024);
1048 if (vs->throttle_output_offset != offset) {
1049 trace_vnc_client_throttle_threshold(
1050 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1051 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1054 vs->throttle_output_offset = offset;
1057 static bool vnc_should_update(VncState *vs)
1059 switch (vs->update) {
1060 case VNC_STATE_UPDATE_NONE:
1061 break;
1062 case VNC_STATE_UPDATE_INCREMENTAL:
1063 /* Only allow incremental updates if the pending send queue
1064 * is less than the permitted threshold, and the job worker
1065 * is completely idle.
1067 if (vs->output.offset < vs->throttle_output_offset &&
1068 vs->job_update == VNC_STATE_UPDATE_NONE) {
1069 return true;
1071 trace_vnc_client_throttle_incremental(
1072 vs, vs->ioc, vs->job_update, vs->output.offset);
1073 break;
1074 case VNC_STATE_UPDATE_FORCE:
1075 /* Only allow forced updates if the pending send queue
1076 * does not contain a previous forced update, and the
1077 * job worker is completely idle.
1079 * Note this means we'll queue a forced update, even if
1080 * the output buffer size is otherwise over the throttle
1081 * output limit.
1083 if (vs->force_update_offset == 0 &&
1084 vs->job_update == VNC_STATE_UPDATE_NONE) {
1085 return true;
1087 trace_vnc_client_throttle_forced(
1088 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1089 break;
1091 return false;
1094 static int vnc_update_client(VncState *vs, int has_dirty)
1096 VncDisplay *vd = vs->vd;
1097 VncJob *job;
1098 int y;
1099 int height, width;
1100 int n = 0;
1102 if (vs->disconnecting) {
1103 vnc_disconnect_finish(vs);
1104 return 0;
1107 vs->has_dirty += has_dirty;
1108 if (!vnc_should_update(vs)) {
1109 return 0;
1112 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1113 return 0;
1117 * Send screen updates to the vnc client using the server
1118 * surface and server dirty map. guest surface updates
1119 * happening in parallel don't disturb us, the next pass will
1120 * send them to the client.
1122 job = vnc_job_new(vs);
1124 height = pixman_image_get_height(vd->server);
1125 width = pixman_image_get_width(vd->server);
1127 y = 0;
1128 for (;;) {
1129 int x, h;
1130 unsigned long x2;
1131 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1132 height * VNC_DIRTY_BPL(vs),
1133 y * VNC_DIRTY_BPL(vs));
1134 if (offset == height * VNC_DIRTY_BPL(vs)) {
1135 /* no more dirty bits */
1136 break;
1138 y = offset / VNC_DIRTY_BPL(vs);
1139 x = offset % VNC_DIRTY_BPL(vs);
1140 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1141 VNC_DIRTY_BPL(vs), x);
1142 bitmap_clear(vs->dirty[y], x, x2 - x);
1143 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1144 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1145 if (x2 > x) {
1146 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1147 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1149 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1150 y += h;
1151 if (y == height) {
1152 break;
1157 vs->job_update = vs->update;
1158 vs->update = VNC_STATE_UPDATE_NONE;
1159 vnc_job_push(job);
1160 vs->has_dirty = 0;
1161 return n;
1164 /* audio */
1165 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1167 VncState *vs = opaque;
1169 assert(vs->magic == VNC_MAGIC);
1170 switch (cmd) {
1171 case AUD_CNOTIFY_DISABLE:
1172 vnc_lock_output(vs);
1173 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1174 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1175 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1176 vnc_unlock_output(vs);
1177 vnc_flush(vs);
1178 break;
1180 case AUD_CNOTIFY_ENABLE:
1181 vnc_lock_output(vs);
1182 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1183 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1184 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1185 vnc_unlock_output(vs);
1186 vnc_flush(vs);
1187 break;
1191 static void audio_capture_destroy(void *opaque)
1195 static void audio_capture(void *opaque, void *buf, int size)
1197 VncState *vs = opaque;
1199 assert(vs->magic == VNC_MAGIC);
1200 vnc_lock_output(vs);
1201 if (vs->output.offset < vs->throttle_output_offset) {
1202 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1203 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1204 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1205 vnc_write_u32(vs, size);
1206 vnc_write(vs, buf, size);
1207 } else {
1208 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1210 vnc_unlock_output(vs);
1211 vnc_flush(vs);
1214 static void audio_add(VncState *vs)
1216 struct audio_capture_ops ops;
1218 if (vs->audio_cap) {
1219 error_report("audio already running");
1220 return;
1223 ops.notify = audio_capture_notify;
1224 ops.destroy = audio_capture_destroy;
1225 ops.capture = audio_capture;
1227 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1228 if (!vs->audio_cap) {
1229 error_report("Failed to add audio capture");
1233 static void audio_del(VncState *vs)
1235 if (vs->audio_cap) {
1236 AUD_del_capture(vs->audio_cap, vs);
1237 vs->audio_cap = NULL;
1241 static void vnc_disconnect_start(VncState *vs)
1243 if (vs->disconnecting) {
1244 return;
1246 trace_vnc_client_disconnect_start(vs, vs->ioc);
1247 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1248 if (vs->ioc_tag) {
1249 g_source_remove(vs->ioc_tag);
1250 vs->ioc_tag = 0;
1252 qio_channel_close(vs->ioc, NULL);
1253 vs->disconnecting = TRUE;
1256 void vnc_disconnect_finish(VncState *vs)
1258 int i;
1260 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1262 vnc_jobs_join(vs); /* Wait encoding jobs */
1264 vnc_lock_output(vs);
1265 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1267 buffer_free(&vs->input);
1268 buffer_free(&vs->output);
1270 qapi_free_VncClientInfo(vs->info);
1272 vnc_zlib_clear(vs);
1273 vnc_tight_clear(vs);
1274 vnc_zrle_clear(vs);
1276 #ifdef CONFIG_VNC_SASL
1277 vnc_sasl_client_cleanup(vs);
1278 #endif /* CONFIG_VNC_SASL */
1279 audio_del(vs);
1280 qkbd_state_lift_all_keys(vs->vd->kbd);
1282 if (vs->mouse_mode_notifier.notify != NULL) {
1283 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1285 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1286 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1287 /* last client gone */
1288 vnc_update_server_surface(vs->vd);
1291 vnc_unlock_output(vs);
1293 qemu_mutex_destroy(&vs->output_mutex);
1294 if (vs->bh != NULL) {
1295 qemu_bh_delete(vs->bh);
1297 buffer_free(&vs->jobs_buffer);
1299 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1300 g_free(vs->lossy_rect[i]);
1302 g_free(vs->lossy_rect);
1304 object_unref(OBJECT(vs->ioc));
1305 vs->ioc = NULL;
1306 object_unref(OBJECT(vs->sioc));
1307 vs->sioc = NULL;
1308 vs->magic = 0;
1309 g_free(vs);
1312 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1314 if (ret <= 0) {
1315 if (ret == 0) {
1316 trace_vnc_client_eof(vs, vs->ioc);
1317 vnc_disconnect_start(vs);
1318 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1319 trace_vnc_client_io_error(vs, vs->ioc,
1320 errp ? error_get_pretty(*errp) :
1321 "Unknown");
1322 vnc_disconnect_start(vs);
1325 if (errp) {
1326 error_free(*errp);
1327 *errp = NULL;
1329 return 0;
1331 return ret;
1335 void vnc_client_error(VncState *vs)
1337 VNC_DEBUG("Closing down client sock: protocol error\n");
1338 vnc_disconnect_start(vs);
1343 * Called to write a chunk of data to the client socket. The data may
1344 * be the raw data, or may have already been encoded by SASL.
1345 * The data will be written either straight onto the socket, or
1346 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1348 * NB, it is theoretically possible to have 2 layers of encryption,
1349 * both SASL, and this TLS layer. It is highly unlikely in practice
1350 * though, since SASL encryption will typically be a no-op if TLS
1351 * is active
1353 * Returns the number of bytes written, which may be less than
1354 * the requested 'datalen' if the socket would block. Returns
1355 * 0 on I/O error, and disconnects the client socket.
1357 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1359 Error *err = NULL;
1360 ssize_t ret;
1361 ret = qio_channel_write(
1362 vs->ioc, (const char *)data, datalen, &err);
1363 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1364 return vnc_client_io_error(vs, ret, &err);
1369 * Called to write buffered data to the client socket, when not
1370 * using any SASL SSF encryption layers. Will write as much data
1371 * as possible without blocking. If all buffered data is written,
1372 * will switch the FD poll() handler back to read monitoring.
1374 * Returns the number of bytes written, which may be less than
1375 * the buffered output data if the socket would block. Returns
1376 * 0 on I/O error, and disconnects the client socket.
1378 static size_t vnc_client_write_plain(VncState *vs)
1380 size_t offset;
1381 size_t ret;
1383 #ifdef CONFIG_VNC_SASL
1384 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1385 vs->output.buffer, vs->output.capacity, vs->output.offset,
1386 vs->sasl.waitWriteSSF);
1388 if (vs->sasl.conn &&
1389 vs->sasl.runSSF &&
1390 vs->sasl.waitWriteSSF) {
1391 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1392 if (ret)
1393 vs->sasl.waitWriteSSF -= ret;
1394 } else
1395 #endif /* CONFIG_VNC_SASL */
1396 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1397 if (!ret)
1398 return 0;
1400 if (ret >= vs->force_update_offset) {
1401 if (vs->force_update_offset != 0) {
1402 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1404 vs->force_update_offset = 0;
1405 } else {
1406 vs->force_update_offset -= ret;
1408 offset = vs->output.offset;
1409 buffer_advance(&vs->output, ret);
1410 if (offset >= vs->throttle_output_offset &&
1411 vs->output.offset < vs->throttle_output_offset) {
1412 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1415 if (vs->output.offset == 0) {
1416 if (vs->ioc_tag) {
1417 g_source_remove(vs->ioc_tag);
1419 vs->ioc_tag = qio_channel_add_watch(
1420 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1423 return ret;
1428 * First function called whenever there is data to be written to
1429 * the client socket. Will delegate actual work according to whether
1430 * SASL SSF layers are enabled (thus requiring encryption calls)
1432 static void vnc_client_write_locked(VncState *vs)
1434 #ifdef CONFIG_VNC_SASL
1435 if (vs->sasl.conn &&
1436 vs->sasl.runSSF &&
1437 !vs->sasl.waitWriteSSF) {
1438 vnc_client_write_sasl(vs);
1439 } else
1440 #endif /* CONFIG_VNC_SASL */
1442 vnc_client_write_plain(vs);
1446 static void vnc_client_write(VncState *vs)
1448 assert(vs->magic == VNC_MAGIC);
1449 vnc_lock_output(vs);
1450 if (vs->output.offset) {
1451 vnc_client_write_locked(vs);
1452 } else if (vs->ioc != NULL) {
1453 if (vs->ioc_tag) {
1454 g_source_remove(vs->ioc_tag);
1456 vs->ioc_tag = qio_channel_add_watch(
1457 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1459 vnc_unlock_output(vs);
1462 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1464 vs->read_handler = func;
1465 vs->read_handler_expect = expecting;
1470 * Called to read a chunk of data from the client socket. The data may
1471 * be the raw data, or may need to be further decoded by SASL.
1472 * The data will be read either straight from to the socket, or
1473 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1475 * NB, it is theoretically possible to have 2 layers of encryption,
1476 * both SASL, and this TLS layer. It is highly unlikely in practice
1477 * though, since SASL encryption will typically be a no-op if TLS
1478 * is active
1480 * Returns the number of bytes read, which may be less than
1481 * the requested 'datalen' if the socket would block. Returns
1482 * 0 on I/O error or EOF, and disconnects the client socket.
1484 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1486 ssize_t ret;
1487 Error *err = NULL;
1488 ret = qio_channel_read(
1489 vs->ioc, (char *)data, datalen, &err);
1490 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1491 return vnc_client_io_error(vs, ret, &err);
1496 * Called to read data from the client socket to the input buffer,
1497 * when not using any SASL SSF encryption layers. Will read as much
1498 * data as possible without blocking.
1500 * Returns the number of bytes read, which may be less than
1501 * the requested 'datalen' if the socket would block. Returns
1502 * 0 on I/O error or EOF, and disconnects the client socket.
1504 static size_t vnc_client_read_plain(VncState *vs)
1506 size_t ret;
1507 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1508 vs->input.buffer, vs->input.capacity, vs->input.offset);
1509 buffer_reserve(&vs->input, 4096);
1510 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1511 if (!ret)
1512 return 0;
1513 vs->input.offset += ret;
1514 return ret;
1517 static void vnc_jobs_bh(void *opaque)
1519 VncState *vs = opaque;
1521 assert(vs->magic == VNC_MAGIC);
1522 vnc_jobs_consume_buffer(vs);
1526 * First function called whenever there is more data to be read from
1527 * the client socket. Will delegate actual work according to whether
1528 * SASL SSF layers are enabled (thus requiring decryption calls)
1529 * Returns 0 on success, -1 if client disconnected
1531 static int vnc_client_read(VncState *vs)
1533 size_t ret;
1535 #ifdef CONFIG_VNC_SASL
1536 if (vs->sasl.conn && vs->sasl.runSSF)
1537 ret = vnc_client_read_sasl(vs);
1538 else
1539 #endif /* CONFIG_VNC_SASL */
1540 ret = vnc_client_read_plain(vs);
1541 if (!ret) {
1542 if (vs->disconnecting) {
1543 vnc_disconnect_finish(vs);
1544 return -1;
1546 return 0;
1549 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1550 size_t len = vs->read_handler_expect;
1551 int ret;
1553 ret = vs->read_handler(vs, vs->input.buffer, len);
1554 if (vs->disconnecting) {
1555 vnc_disconnect_finish(vs);
1556 return -1;
1559 if (!ret) {
1560 buffer_advance(&vs->input, len);
1561 } else {
1562 vs->read_handler_expect = ret;
1565 return 0;
1568 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1569 GIOCondition condition, void *opaque)
1571 VncState *vs = opaque;
1573 assert(vs->magic == VNC_MAGIC);
1574 if (condition & G_IO_IN) {
1575 if (vnc_client_read(vs) < 0) {
1576 /* vs is free()ed here */
1577 return TRUE;
1580 if (condition & G_IO_OUT) {
1581 vnc_client_write(vs);
1584 if (vs->disconnecting) {
1585 if (vs->ioc_tag != 0) {
1586 g_source_remove(vs->ioc_tag);
1588 vs->ioc_tag = 0;
1590 return TRUE;
1595 * Scale factor to apply to vs->throttle_output_offset when checking for
1596 * hard limit. Worst case normal usage could be x2, if we have a complete
1597 * incremental update and complete forced update in the output buffer.
1598 * So x3 should be good enough, but we pick x5 to be conservative and thus
1599 * (hopefully) never trigger incorrectly.
1601 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1603 void vnc_write(VncState *vs, const void *data, size_t len)
1605 assert(vs->magic == VNC_MAGIC);
1606 if (vs->disconnecting) {
1607 return;
1609 /* Protection against malicious client/guest to prevent our output
1610 * buffer growing without bound if client stops reading data. This
1611 * should rarely trigger, because we have earlier throttling code
1612 * which stops issuing framebuffer updates and drops audio data
1613 * if the throttle_output_offset value is exceeded. So we only reach
1614 * this higher level if a huge number of pseudo-encodings get
1615 * triggered while data can't be sent on the socket.
1617 * NB throttle_output_offset can be zero during early protocol
1618 * handshake, or from the job thread's VncState clone
1620 if (vs->throttle_output_offset != 0 &&
1621 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1622 vs->throttle_output_offset) {
1623 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1624 vs->throttle_output_offset);
1625 vnc_disconnect_start(vs);
1626 return;
1628 buffer_reserve(&vs->output, len);
1630 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1631 if (vs->ioc_tag) {
1632 g_source_remove(vs->ioc_tag);
1634 vs->ioc_tag = qio_channel_add_watch(
1635 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1638 buffer_append(&vs->output, data, len);
1641 void vnc_write_s32(VncState *vs, int32_t value)
1643 vnc_write_u32(vs, *(uint32_t *)&value);
1646 void vnc_write_u32(VncState *vs, uint32_t value)
1648 uint8_t buf[4];
1650 buf[0] = (value >> 24) & 0xFF;
1651 buf[1] = (value >> 16) & 0xFF;
1652 buf[2] = (value >> 8) & 0xFF;
1653 buf[3] = value & 0xFF;
1655 vnc_write(vs, buf, 4);
1658 void vnc_write_u16(VncState *vs, uint16_t value)
1660 uint8_t buf[2];
1662 buf[0] = (value >> 8) & 0xFF;
1663 buf[1] = value & 0xFF;
1665 vnc_write(vs, buf, 2);
1668 void vnc_write_u8(VncState *vs, uint8_t value)
1670 vnc_write(vs, (char *)&value, 1);
1673 void vnc_flush(VncState *vs)
1675 vnc_lock_output(vs);
1676 if (vs->ioc != NULL && vs->output.offset) {
1677 vnc_client_write_locked(vs);
1679 if (vs->disconnecting) {
1680 if (vs->ioc_tag != 0) {
1681 g_source_remove(vs->ioc_tag);
1683 vs->ioc_tag = 0;
1685 vnc_unlock_output(vs);
1688 static uint8_t read_u8(uint8_t *data, size_t offset)
1690 return data[offset];
1693 static uint16_t read_u16(uint8_t *data, size_t offset)
1695 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1698 static int32_t read_s32(uint8_t *data, size_t offset)
1700 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1701 (data[offset + 2] << 8) | data[offset + 3]);
1704 uint32_t read_u32(uint8_t *data, size_t offset)
1706 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1707 (data[offset + 2] << 8) | data[offset + 3]);
1710 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1714 static void check_pointer_type_change(Notifier *notifier, void *data)
1716 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1717 int absolute = qemu_input_is_absolute();
1719 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1720 vnc_lock_output(vs);
1721 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1722 vnc_write_u8(vs, 0);
1723 vnc_write_u16(vs, 1);
1724 vnc_framebuffer_update(vs, absolute, 0,
1725 pixman_image_get_width(vs->vd->server),
1726 pixman_image_get_height(vs->vd->server),
1727 VNC_ENCODING_POINTER_TYPE_CHANGE);
1728 vnc_unlock_output(vs);
1729 vnc_flush(vs);
1731 vs->absolute = absolute;
1734 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1736 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1737 [INPUT_BUTTON_LEFT] = 0x01,
1738 [INPUT_BUTTON_MIDDLE] = 0x02,
1739 [INPUT_BUTTON_RIGHT] = 0x04,
1740 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1741 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1743 QemuConsole *con = vs->vd->dcl.con;
1744 int width = pixman_image_get_width(vs->vd->server);
1745 int height = pixman_image_get_height(vs->vd->server);
1747 if (vs->last_bmask != button_mask) {
1748 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1749 vs->last_bmask = button_mask;
1752 if (vs->absolute) {
1753 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1754 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1755 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1756 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1757 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1758 } else {
1759 if (vs->last_x != -1) {
1760 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1761 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1763 vs->last_x = x;
1764 vs->last_y = y;
1766 qemu_input_event_sync();
1769 static void press_key(VncState *vs, QKeyCode qcode)
1771 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1772 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1775 static void vnc_led_state_change(VncState *vs)
1777 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1778 return;
1781 vnc_lock_output(vs);
1782 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1783 vnc_write_u8(vs, 0);
1784 vnc_write_u16(vs, 1);
1785 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1786 vnc_write_u8(vs, vs->vd->ledstate);
1787 vnc_unlock_output(vs);
1788 vnc_flush(vs);
1791 static void kbd_leds(void *opaque, int ledstate)
1793 VncDisplay *vd = opaque;
1794 VncState *client;
1796 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1797 (ledstate & QEMU_NUM_LOCK_LED),
1798 (ledstate & QEMU_SCROLL_LOCK_LED));
1800 if (ledstate == vd->ledstate) {
1801 return;
1804 vd->ledstate = ledstate;
1806 QTAILQ_FOREACH(client, &vd->clients, next) {
1807 vnc_led_state_change(client);
1811 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1813 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1815 /* QEMU console switch */
1816 switch (qcode) {
1817 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1818 if (vs->vd->dcl.con == NULL && down &&
1819 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1820 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1821 /* Reset the modifiers sent to the current console */
1822 qkbd_state_lift_all_keys(vs->vd->kbd);
1823 console_select(qcode - Q_KEY_CODE_1);
1824 return;
1826 default:
1827 break;
1830 /* Turn off the lock state sync logic if the client support the led
1831 state extension.
1833 if (down && vs->vd->lock_key_sync &&
1834 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1835 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1836 /* If the numlock state needs to change then simulate an additional
1837 keypress before sending this one. This will happen if the user
1838 toggles numlock away from the VNC window.
1840 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1841 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1842 trace_vnc_key_sync_numlock(true);
1843 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1845 } else {
1846 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1847 trace_vnc_key_sync_numlock(false);
1848 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1853 if (down && vs->vd->lock_key_sync &&
1854 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1855 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1856 /* If the capslock state needs to change then simulate an additional
1857 keypress before sending this one. This will happen if the user
1858 toggles capslock away from the VNC window.
1860 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1861 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1862 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1863 if (capslock) {
1864 if (uppercase == shift) {
1865 trace_vnc_key_sync_capslock(false);
1866 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1868 } else {
1869 if (uppercase != shift) {
1870 trace_vnc_key_sync_capslock(true);
1871 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1876 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1877 if (!qemu_console_is_graphic(NULL)) {
1878 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1879 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1880 /* QEMU console emulation */
1881 if (down) {
1882 switch (keycode) {
1883 case 0x2a: /* Left Shift */
1884 case 0x36: /* Right Shift */
1885 case 0x1d: /* Left CTRL */
1886 case 0x9d: /* Right CTRL */
1887 case 0x38: /* Left ALT */
1888 case 0xb8: /* Right ALT */
1889 break;
1890 case 0xc8:
1891 kbd_put_keysym(QEMU_KEY_UP);
1892 break;
1893 case 0xd0:
1894 kbd_put_keysym(QEMU_KEY_DOWN);
1895 break;
1896 case 0xcb:
1897 kbd_put_keysym(QEMU_KEY_LEFT);
1898 break;
1899 case 0xcd:
1900 kbd_put_keysym(QEMU_KEY_RIGHT);
1901 break;
1902 case 0xd3:
1903 kbd_put_keysym(QEMU_KEY_DELETE);
1904 break;
1905 case 0xc7:
1906 kbd_put_keysym(QEMU_KEY_HOME);
1907 break;
1908 case 0xcf:
1909 kbd_put_keysym(QEMU_KEY_END);
1910 break;
1911 case 0xc9:
1912 kbd_put_keysym(QEMU_KEY_PAGEUP);
1913 break;
1914 case 0xd1:
1915 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1916 break;
1918 case 0x47:
1919 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1920 break;
1921 case 0x48:
1922 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1923 break;
1924 case 0x49:
1925 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1926 break;
1927 case 0x4b:
1928 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1929 break;
1930 case 0x4c:
1931 kbd_put_keysym('5');
1932 break;
1933 case 0x4d:
1934 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1935 break;
1936 case 0x4f:
1937 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1938 break;
1939 case 0x50:
1940 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1941 break;
1942 case 0x51:
1943 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1944 break;
1945 case 0x52:
1946 kbd_put_keysym('0');
1947 break;
1948 case 0x53:
1949 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1950 break;
1952 case 0xb5:
1953 kbd_put_keysym('/');
1954 break;
1955 case 0x37:
1956 kbd_put_keysym('*');
1957 break;
1958 case 0x4a:
1959 kbd_put_keysym('-');
1960 break;
1961 case 0x4e:
1962 kbd_put_keysym('+');
1963 break;
1964 case 0x9c:
1965 kbd_put_keysym('\n');
1966 break;
1968 default:
1969 if (control) {
1970 kbd_put_keysym(sym & 0x1f);
1971 } else {
1972 kbd_put_keysym(sym);
1974 break;
1980 static const char *code2name(int keycode)
1982 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1985 static void key_event(VncState *vs, int down, uint32_t sym)
1987 int keycode;
1988 int lsym = sym;
1990 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1991 lsym = lsym - 'A' + 'a';
1994 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
1995 vs->vd->kbd, down) & SCANCODE_KEYMASK;
1996 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1997 do_key_event(vs, down, keycode, sym);
2000 static void ext_key_event(VncState *vs, int down,
2001 uint32_t sym, uint16_t keycode)
2003 /* if the user specifies a keyboard layout, always use it */
2004 if (keyboard_layout) {
2005 key_event(vs, down, sym);
2006 } else {
2007 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2008 do_key_event(vs, down, keycode, sym);
2012 static void framebuffer_update_request(VncState *vs, int incremental,
2013 int x, int y, int w, int h)
2015 if (incremental) {
2016 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2017 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2019 } else {
2020 vs->update = VNC_STATE_UPDATE_FORCE;
2021 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2025 static void send_ext_key_event_ack(VncState *vs)
2027 vnc_lock_output(vs);
2028 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2029 vnc_write_u8(vs, 0);
2030 vnc_write_u16(vs, 1);
2031 vnc_framebuffer_update(vs, 0, 0,
2032 pixman_image_get_width(vs->vd->server),
2033 pixman_image_get_height(vs->vd->server),
2034 VNC_ENCODING_EXT_KEY_EVENT);
2035 vnc_unlock_output(vs);
2036 vnc_flush(vs);
2039 static void send_ext_audio_ack(VncState *vs)
2041 vnc_lock_output(vs);
2042 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2043 vnc_write_u8(vs, 0);
2044 vnc_write_u16(vs, 1);
2045 vnc_framebuffer_update(vs, 0, 0,
2046 pixman_image_get_width(vs->vd->server),
2047 pixman_image_get_height(vs->vd->server),
2048 VNC_ENCODING_AUDIO);
2049 vnc_unlock_output(vs);
2050 vnc_flush(vs);
2053 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2055 int i;
2056 unsigned int enc = 0;
2058 vs->features = 0;
2059 vs->vnc_encoding = 0;
2060 vs->tight.compression = 9;
2061 vs->tight.quality = -1; /* Lossless by default */
2062 vs->absolute = -1;
2065 * Start from the end because the encodings are sent in order of preference.
2066 * This way the preferred encoding (first encoding defined in the array)
2067 * will be set at the end of the loop.
2069 for (i = n_encodings - 1; i >= 0; i--) {
2070 enc = encodings[i];
2071 switch (enc) {
2072 case VNC_ENCODING_RAW:
2073 vs->vnc_encoding = enc;
2074 break;
2075 case VNC_ENCODING_COPYRECT:
2076 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2077 break;
2078 case VNC_ENCODING_HEXTILE:
2079 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2080 vs->vnc_encoding = enc;
2081 break;
2082 case VNC_ENCODING_TIGHT:
2083 vs->features |= VNC_FEATURE_TIGHT_MASK;
2084 vs->vnc_encoding = enc;
2085 break;
2086 #ifdef CONFIG_VNC_PNG
2087 case VNC_ENCODING_TIGHT_PNG:
2088 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2089 vs->vnc_encoding = enc;
2090 break;
2091 #endif
2092 case VNC_ENCODING_ZLIB:
2093 vs->features |= VNC_FEATURE_ZLIB_MASK;
2094 vs->vnc_encoding = enc;
2095 break;
2096 case VNC_ENCODING_ZRLE:
2097 vs->features |= VNC_FEATURE_ZRLE_MASK;
2098 vs->vnc_encoding = enc;
2099 break;
2100 case VNC_ENCODING_ZYWRLE:
2101 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2102 vs->vnc_encoding = enc;
2103 break;
2104 case VNC_ENCODING_DESKTOPRESIZE:
2105 vs->features |= VNC_FEATURE_RESIZE_MASK;
2106 break;
2107 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2108 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2109 break;
2110 case VNC_ENCODING_RICH_CURSOR:
2111 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2112 if (vs->vd->cursor) {
2113 vnc_cursor_define(vs);
2115 break;
2116 case VNC_ENCODING_EXT_KEY_EVENT:
2117 send_ext_key_event_ack(vs);
2118 break;
2119 case VNC_ENCODING_AUDIO:
2120 send_ext_audio_ack(vs);
2121 break;
2122 case VNC_ENCODING_WMVi:
2123 vs->features |= VNC_FEATURE_WMVI_MASK;
2124 break;
2125 case VNC_ENCODING_LED_STATE:
2126 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2127 break;
2128 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2129 vs->tight.compression = (enc & 0x0F);
2130 break;
2131 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2132 if (vs->vd->lossy) {
2133 vs->tight.quality = (enc & 0x0F);
2135 break;
2136 default:
2137 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2138 break;
2141 vnc_desktop_resize(vs);
2142 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2143 vnc_led_state_change(vs);
2146 static void set_pixel_conversion(VncState *vs)
2148 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2150 if (fmt == VNC_SERVER_FB_FORMAT) {
2151 vs->write_pixels = vnc_write_pixels_copy;
2152 vnc_hextile_set_pixel_conversion(vs, 0);
2153 } else {
2154 vs->write_pixels = vnc_write_pixels_generic;
2155 vnc_hextile_set_pixel_conversion(vs, 1);
2159 static void send_color_map(VncState *vs)
2161 int i;
2163 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2164 vnc_write_u8(vs, 0); /* padding */
2165 vnc_write_u16(vs, 0); /* first color */
2166 vnc_write_u16(vs, 256); /* # of colors */
2168 for (i = 0; i < 256; i++) {
2169 PixelFormat *pf = &vs->client_pf;
2171 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2172 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2173 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2177 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2178 int big_endian_flag, int true_color_flag,
2179 int red_max, int green_max, int blue_max,
2180 int red_shift, int green_shift, int blue_shift)
2182 if (!true_color_flag) {
2183 /* Expose a reasonable default 256 color map */
2184 bits_per_pixel = 8;
2185 red_max = 7;
2186 green_max = 7;
2187 blue_max = 3;
2188 red_shift = 0;
2189 green_shift = 3;
2190 blue_shift = 6;
2193 switch (bits_per_pixel) {
2194 case 8:
2195 case 16:
2196 case 32:
2197 break;
2198 default:
2199 vnc_client_error(vs);
2200 return;
2203 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2204 vs->client_pf.rbits = ctpopl(red_max);
2205 vs->client_pf.rshift = red_shift;
2206 vs->client_pf.rmask = red_max << red_shift;
2207 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2208 vs->client_pf.gbits = ctpopl(green_max);
2209 vs->client_pf.gshift = green_shift;
2210 vs->client_pf.gmask = green_max << green_shift;
2211 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2212 vs->client_pf.bbits = ctpopl(blue_max);
2213 vs->client_pf.bshift = blue_shift;
2214 vs->client_pf.bmask = blue_max << blue_shift;
2215 vs->client_pf.bits_per_pixel = bits_per_pixel;
2216 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2217 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2218 vs->client_be = big_endian_flag;
2220 if (!true_color_flag) {
2221 send_color_map(vs);
2224 set_pixel_conversion(vs);
2226 graphic_hw_invalidate(vs->vd->dcl.con);
2227 graphic_hw_update(vs->vd->dcl.con);
2230 static void pixel_format_message (VncState *vs) {
2231 char pad[3] = { 0, 0, 0 };
2233 vs->client_pf = qemu_default_pixelformat(32);
2235 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2236 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2238 #ifdef HOST_WORDS_BIGENDIAN
2239 vnc_write_u8(vs, 1); /* big-endian-flag */
2240 #else
2241 vnc_write_u8(vs, 0); /* big-endian-flag */
2242 #endif
2243 vnc_write_u8(vs, 1); /* true-color-flag */
2244 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2245 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2246 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2247 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2248 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2249 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2250 vnc_write(vs, pad, 3); /* padding */
2252 vnc_hextile_set_pixel_conversion(vs, 0);
2253 vs->write_pixels = vnc_write_pixels_copy;
2256 static void vnc_colordepth(VncState *vs)
2258 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2259 /* Sending a WMVi message to notify the client*/
2260 vnc_lock_output(vs);
2261 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2262 vnc_write_u8(vs, 0);
2263 vnc_write_u16(vs, 1); /* number of rects */
2264 vnc_framebuffer_update(vs, 0, 0,
2265 pixman_image_get_width(vs->vd->server),
2266 pixman_image_get_height(vs->vd->server),
2267 VNC_ENCODING_WMVi);
2268 pixel_format_message(vs);
2269 vnc_unlock_output(vs);
2270 vnc_flush(vs);
2271 } else {
2272 set_pixel_conversion(vs);
2276 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2278 int i;
2279 uint16_t limit;
2280 uint32_t freq;
2281 VncDisplay *vd = vs->vd;
2283 if (data[0] > 3) {
2284 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2287 switch (data[0]) {
2288 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2289 if (len == 1)
2290 return 20;
2292 set_pixel_format(vs, read_u8(data, 4),
2293 read_u8(data, 6), read_u8(data, 7),
2294 read_u16(data, 8), read_u16(data, 10),
2295 read_u16(data, 12), read_u8(data, 14),
2296 read_u8(data, 15), read_u8(data, 16));
2297 break;
2298 case VNC_MSG_CLIENT_SET_ENCODINGS:
2299 if (len == 1)
2300 return 4;
2302 if (len == 4) {
2303 limit = read_u16(data, 2);
2304 if (limit > 0)
2305 return 4 + (limit * 4);
2306 } else
2307 limit = read_u16(data, 2);
2309 for (i = 0; i < limit; i++) {
2310 int32_t val = read_s32(data, 4 + (i * 4));
2311 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2314 set_encodings(vs, (int32_t *)(data + 4), limit);
2315 break;
2316 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2317 if (len == 1)
2318 return 10;
2320 framebuffer_update_request(vs,
2321 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2322 read_u16(data, 6), read_u16(data, 8));
2323 break;
2324 case VNC_MSG_CLIENT_KEY_EVENT:
2325 if (len == 1)
2326 return 8;
2328 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2329 break;
2330 case VNC_MSG_CLIENT_POINTER_EVENT:
2331 if (len == 1)
2332 return 6;
2334 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2335 break;
2336 case VNC_MSG_CLIENT_CUT_TEXT:
2337 if (len == 1) {
2338 return 8;
2340 if (len == 8) {
2341 uint32_t dlen = read_u32(data, 4);
2342 if (dlen > (1 << 20)) {
2343 error_report("vnc: client_cut_text msg payload has %u bytes"
2344 " which exceeds our limit of 1MB.", dlen);
2345 vnc_client_error(vs);
2346 break;
2348 if (dlen > 0) {
2349 return 8 + dlen;
2353 client_cut_text(vs, read_u32(data, 4), data + 8);
2354 break;
2355 case VNC_MSG_CLIENT_QEMU:
2356 if (len == 1)
2357 return 2;
2359 switch (read_u8(data, 1)) {
2360 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2361 if (len == 2)
2362 return 12;
2364 ext_key_event(vs, read_u16(data, 2),
2365 read_u32(data, 4), read_u32(data, 8));
2366 break;
2367 case VNC_MSG_CLIENT_QEMU_AUDIO:
2368 if (len == 2)
2369 return 4;
2371 switch (read_u16 (data, 2)) {
2372 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2373 audio_add(vs);
2374 break;
2375 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2376 audio_del(vs);
2377 break;
2378 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2379 if (len == 4)
2380 return 10;
2381 switch (read_u8(data, 4)) {
2382 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2383 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2384 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2385 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2386 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2387 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2388 default:
2389 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2390 vnc_client_error(vs);
2391 break;
2393 vs->as.nchannels = read_u8(data, 5);
2394 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2395 VNC_DEBUG("Invalid audio channel count %d\n",
2396 read_u8(data, 5));
2397 vnc_client_error(vs);
2398 break;
2400 freq = read_u32(data, 6);
2401 /* No official limit for protocol, but 48khz is a sensible
2402 * upper bound for trustworthy clients, and this limit
2403 * protects calculations involving 'vs->as.freq' later.
2405 if (freq > 48000) {
2406 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2407 vnc_client_error(vs);
2408 break;
2410 vs->as.freq = freq;
2411 break;
2412 default:
2413 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2414 vnc_client_error(vs);
2415 break;
2417 break;
2419 default:
2420 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2421 vnc_client_error(vs);
2422 break;
2424 break;
2425 default:
2426 VNC_DEBUG("Msg: %d\n", data[0]);
2427 vnc_client_error(vs);
2428 break;
2431 vnc_update_throttle_offset(vs);
2432 vnc_read_when(vs, protocol_client_msg, 1);
2433 return 0;
2436 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2438 char buf[1024];
2439 VncShareMode mode;
2440 int size;
2442 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2443 switch (vs->vd->share_policy) {
2444 case VNC_SHARE_POLICY_IGNORE:
2446 * Ignore the shared flag. Nothing to do here.
2448 * Doesn't conform to the rfb spec but is traditional qemu
2449 * behavior, thus left here as option for compatibility
2450 * reasons.
2452 break;
2453 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2455 * Policy: Allow clients ask for exclusive access.
2457 * Implementation: When a client asks for exclusive access,
2458 * disconnect all others. Shared connects are allowed as long
2459 * as no exclusive connection exists.
2461 * This is how the rfb spec suggests to handle the shared flag.
2463 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2464 VncState *client;
2465 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2466 if (vs == client) {
2467 continue;
2469 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2470 client->share_mode != VNC_SHARE_MODE_SHARED) {
2471 continue;
2473 vnc_disconnect_start(client);
2476 if (mode == VNC_SHARE_MODE_SHARED) {
2477 if (vs->vd->num_exclusive > 0) {
2478 vnc_disconnect_start(vs);
2479 return 0;
2482 break;
2483 case VNC_SHARE_POLICY_FORCE_SHARED:
2485 * Policy: Shared connects only.
2486 * Implementation: Disallow clients asking for exclusive access.
2488 * Useful for shared desktop sessions where you don't want
2489 * someone forgetting to say -shared when running the vnc
2490 * client disconnect everybody else.
2492 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2493 vnc_disconnect_start(vs);
2494 return 0;
2496 break;
2498 vnc_set_share_mode(vs, mode);
2500 if (vs->vd->num_shared > vs->vd->connections_limit) {
2501 vnc_disconnect_start(vs);
2502 return 0;
2505 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2506 pixman_image_get_width(vs->vd->server) >= 0);
2507 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2508 pixman_image_get_height(vs->vd->server) >= 0);
2509 vs->client_width = pixman_image_get_width(vs->vd->server);
2510 vs->client_height = pixman_image_get_height(vs->vd->server);
2511 vnc_write_u16(vs, vs->client_width);
2512 vnc_write_u16(vs, vs->client_height);
2514 pixel_format_message(vs);
2516 if (qemu_name) {
2517 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2518 if (size > sizeof(buf)) {
2519 size = sizeof(buf);
2521 } else {
2522 size = snprintf(buf, sizeof(buf), "QEMU");
2525 vnc_write_u32(vs, size);
2526 vnc_write(vs, buf, size);
2527 vnc_flush(vs);
2529 vnc_client_cache_auth(vs);
2530 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2532 vnc_read_when(vs, protocol_client_msg, 1);
2534 return 0;
2537 void start_client_init(VncState *vs)
2539 vnc_read_when(vs, protocol_client_init, 1);
2542 static void authentication_failed(VncState *vs)
2544 vnc_write_u32(vs, 1); /* Reject auth */
2545 if (vs->minor >= 8) {
2546 static const char err[] = "Authentication failed";
2547 vnc_write_u32(vs, sizeof(err));
2548 vnc_write(vs, err, sizeof(err));
2550 vnc_flush(vs);
2551 vnc_client_error(vs);
2554 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2556 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2557 size_t i, pwlen;
2558 unsigned char key[8];
2559 time_t now = time(NULL);
2560 QCryptoCipher *cipher = NULL;
2561 Error *err = NULL;
2563 if (!vs->vd->password) {
2564 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2565 goto reject;
2567 if (vs->vd->expires < now) {
2568 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2569 goto reject;
2572 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2574 /* Calculate the expected challenge response */
2575 pwlen = strlen(vs->vd->password);
2576 for (i=0; i<sizeof(key); i++)
2577 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2579 cipher = qcrypto_cipher_new(
2580 QCRYPTO_CIPHER_ALG_DES_RFB,
2581 QCRYPTO_CIPHER_MODE_ECB,
2582 key, G_N_ELEMENTS(key),
2583 &err);
2584 if (!cipher) {
2585 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2586 error_get_pretty(err));
2587 error_free(err);
2588 goto reject;
2591 if (qcrypto_cipher_encrypt(cipher,
2592 vs->challenge,
2593 response,
2594 VNC_AUTH_CHALLENGE_SIZE,
2595 &err) < 0) {
2596 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2597 error_get_pretty(err));
2598 error_free(err);
2599 goto reject;
2602 /* Compare expected vs actual challenge response */
2603 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2604 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2605 goto reject;
2606 } else {
2607 trace_vnc_auth_pass(vs, vs->auth);
2608 vnc_write_u32(vs, 0); /* Accept auth */
2609 vnc_flush(vs);
2611 start_client_init(vs);
2614 qcrypto_cipher_free(cipher);
2615 return 0;
2617 reject:
2618 authentication_failed(vs);
2619 qcrypto_cipher_free(cipher);
2620 return 0;
2623 void start_auth_vnc(VncState *vs)
2625 Error *err = NULL;
2627 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2628 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2629 error_get_pretty(err));
2630 error_free(err);
2631 authentication_failed(vs);
2632 return;
2635 /* Send client a 'random' challenge */
2636 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2637 vnc_flush(vs);
2639 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2643 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2645 /* We only advertise 1 auth scheme at a time, so client
2646 * must pick the one we sent. Verify this */
2647 if (data[0] != vs->auth) { /* Reject auth */
2648 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2649 authentication_failed(vs);
2650 } else { /* Accept requested auth */
2651 trace_vnc_auth_start(vs, vs->auth);
2652 switch (vs->auth) {
2653 case VNC_AUTH_NONE:
2654 if (vs->minor >= 8) {
2655 vnc_write_u32(vs, 0); /* Accept auth completion */
2656 vnc_flush(vs);
2658 trace_vnc_auth_pass(vs, vs->auth);
2659 start_client_init(vs);
2660 break;
2662 case VNC_AUTH_VNC:
2663 start_auth_vnc(vs);
2664 break;
2666 case VNC_AUTH_VENCRYPT:
2667 start_auth_vencrypt(vs);
2668 break;
2670 #ifdef CONFIG_VNC_SASL
2671 case VNC_AUTH_SASL:
2672 start_auth_sasl(vs);
2673 break;
2674 #endif /* CONFIG_VNC_SASL */
2676 default: /* Should not be possible, but just in case */
2677 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2678 authentication_failed(vs);
2681 return 0;
2684 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2686 char local[13];
2688 memcpy(local, version, 12);
2689 local[12] = 0;
2691 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2692 VNC_DEBUG("Malformed protocol version %s\n", local);
2693 vnc_client_error(vs);
2694 return 0;
2696 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2697 if (vs->major != 3 ||
2698 (vs->minor != 3 &&
2699 vs->minor != 4 &&
2700 vs->minor != 5 &&
2701 vs->minor != 7 &&
2702 vs->minor != 8)) {
2703 VNC_DEBUG("Unsupported client version\n");
2704 vnc_write_u32(vs, VNC_AUTH_INVALID);
2705 vnc_flush(vs);
2706 vnc_client_error(vs);
2707 return 0;
2709 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2710 * as equivalent to v3.3 by servers
2712 if (vs->minor == 4 || vs->minor == 5)
2713 vs->minor = 3;
2715 if (vs->minor == 3) {
2716 trace_vnc_auth_start(vs, vs->auth);
2717 if (vs->auth == VNC_AUTH_NONE) {
2718 vnc_write_u32(vs, vs->auth);
2719 vnc_flush(vs);
2720 trace_vnc_auth_pass(vs, vs->auth);
2721 start_client_init(vs);
2722 } else if (vs->auth == VNC_AUTH_VNC) {
2723 VNC_DEBUG("Tell client VNC auth\n");
2724 vnc_write_u32(vs, vs->auth);
2725 vnc_flush(vs);
2726 start_auth_vnc(vs);
2727 } else {
2728 trace_vnc_auth_fail(vs, vs->auth,
2729 "Unsupported auth method for v3.3", "");
2730 vnc_write_u32(vs, VNC_AUTH_INVALID);
2731 vnc_flush(vs);
2732 vnc_client_error(vs);
2734 } else {
2735 vnc_write_u8(vs, 1); /* num auth */
2736 vnc_write_u8(vs, vs->auth);
2737 vnc_read_when(vs, protocol_client_auth, 1);
2738 vnc_flush(vs);
2741 return 0;
2744 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2746 struct VncSurface *vs = &vd->guest;
2748 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2751 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2753 int i, j;
2755 w = (x + w) / VNC_STAT_RECT;
2756 h = (y + h) / VNC_STAT_RECT;
2757 x /= VNC_STAT_RECT;
2758 y /= VNC_STAT_RECT;
2760 for (j = y; j <= h; j++) {
2761 for (i = x; i <= w; i++) {
2762 vs->lossy_rect[j][i] = 1;
2767 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2769 VncState *vs;
2770 int sty = y / VNC_STAT_RECT;
2771 int stx = x / VNC_STAT_RECT;
2772 int has_dirty = 0;
2774 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2775 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2777 QTAILQ_FOREACH(vs, &vd->clients, next) {
2778 int j;
2780 /* kernel send buffers are full -> refresh later */
2781 if (vs->output.offset) {
2782 continue;
2785 if (!vs->lossy_rect[sty][stx]) {
2786 continue;
2789 vs->lossy_rect[sty][stx] = 0;
2790 for (j = 0; j < VNC_STAT_RECT; ++j) {
2791 bitmap_set(vs->dirty[y + j],
2792 x / VNC_DIRTY_PIXELS_PER_BIT,
2793 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2795 has_dirty++;
2798 return has_dirty;
2801 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2803 int width = MIN(pixman_image_get_width(vd->guest.fb),
2804 pixman_image_get_width(vd->server));
2805 int height = MIN(pixman_image_get_height(vd->guest.fb),
2806 pixman_image_get_height(vd->server));
2807 int x, y;
2808 struct timeval res;
2809 int has_dirty = 0;
2811 for (y = 0; y < height; y += VNC_STAT_RECT) {
2812 for (x = 0; x < width; x += VNC_STAT_RECT) {
2813 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2815 rect->updated = false;
2819 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2821 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2822 return has_dirty;
2824 vd->guest.last_freq_check = *tv;
2826 for (y = 0; y < height; y += VNC_STAT_RECT) {
2827 for (x = 0; x < width; x += VNC_STAT_RECT) {
2828 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2829 int count = ARRAY_SIZE(rect->times);
2830 struct timeval min, max;
2832 if (!timerisset(&rect->times[count - 1])) {
2833 continue ;
2836 max = rect->times[(rect->idx + count - 1) % count];
2837 qemu_timersub(tv, &max, &res);
2839 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2840 rect->freq = 0;
2841 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2842 memset(rect->times, 0, sizeof (rect->times));
2843 continue ;
2846 min = rect->times[rect->idx];
2847 max = rect->times[(rect->idx + count - 1) % count];
2848 qemu_timersub(&max, &min, &res);
2850 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2851 rect->freq /= count;
2852 rect->freq = 1. / rect->freq;
2855 return has_dirty;
2858 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2860 int i, j;
2861 double total = 0;
2862 int num = 0;
2864 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2865 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2867 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2868 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2869 total += vnc_stat_rect(vs->vd, i, j)->freq;
2870 num++;
2874 if (num) {
2875 return total / num;
2876 } else {
2877 return 0;
2881 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2883 VncRectStat *rect;
2885 rect = vnc_stat_rect(vd, x, y);
2886 if (rect->updated) {
2887 return ;
2889 rect->times[rect->idx] = *tv;
2890 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2891 rect->updated = true;
2894 static int vnc_refresh_server_surface(VncDisplay *vd)
2896 int width = MIN(pixman_image_get_width(vd->guest.fb),
2897 pixman_image_get_width(vd->server));
2898 int height = MIN(pixman_image_get_height(vd->guest.fb),
2899 pixman_image_get_height(vd->server));
2900 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2901 uint8_t *guest_row0 = NULL, *server_row0;
2902 VncState *vs;
2903 int has_dirty = 0;
2904 pixman_image_t *tmpbuf = NULL;
2906 struct timeval tv = { 0, 0 };
2908 if (!vd->non_adaptive) {
2909 gettimeofday(&tv, NULL);
2910 has_dirty = vnc_update_stats(vd, &tv);
2914 * Walk through the guest dirty map.
2915 * Check and copy modified bits from guest to server surface.
2916 * Update server dirty map.
2918 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2919 server_stride = guest_stride = guest_ll =
2920 pixman_image_get_stride(vd->server);
2921 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2922 server_stride);
2923 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2924 int width = pixman_image_get_width(vd->server);
2925 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2926 } else {
2927 int guest_bpp =
2928 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2929 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2930 guest_stride = pixman_image_get_stride(vd->guest.fb);
2931 guest_ll = pixman_image_get_width(vd->guest.fb)
2932 * DIV_ROUND_UP(guest_bpp, 8);
2934 line_bytes = MIN(server_stride, guest_ll);
2936 for (;;) {
2937 int x;
2938 uint8_t *guest_ptr, *server_ptr;
2939 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2940 height * VNC_DIRTY_BPL(&vd->guest),
2941 y * VNC_DIRTY_BPL(&vd->guest));
2942 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2943 /* no more dirty bits */
2944 break;
2946 y = offset / VNC_DIRTY_BPL(&vd->guest);
2947 x = offset % VNC_DIRTY_BPL(&vd->guest);
2949 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2951 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2952 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2953 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2954 } else {
2955 guest_ptr = guest_row0 + y * guest_stride;
2957 guest_ptr += x * cmp_bytes;
2959 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2960 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2961 int _cmp_bytes = cmp_bytes;
2962 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2963 continue;
2965 if ((x + 1) * cmp_bytes > line_bytes) {
2966 _cmp_bytes = line_bytes - x * cmp_bytes;
2968 assert(_cmp_bytes >= 0);
2969 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2970 continue;
2972 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2973 if (!vd->non_adaptive) {
2974 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2975 y, &tv);
2977 QTAILQ_FOREACH(vs, &vd->clients, next) {
2978 set_bit(x, vs->dirty[y]);
2980 has_dirty++;
2983 y++;
2985 qemu_pixman_image_unref(tmpbuf);
2986 return has_dirty;
2989 static void vnc_refresh(DisplayChangeListener *dcl)
2991 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2992 VncState *vs, *vn;
2993 int has_dirty, rects = 0;
2995 if (QTAILQ_EMPTY(&vd->clients)) {
2996 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2997 return;
3000 graphic_hw_update(vd->dcl.con);
3002 if (vnc_trylock_display(vd)) {
3003 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3004 return;
3007 has_dirty = vnc_refresh_server_surface(vd);
3008 vnc_unlock_display(vd);
3010 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3011 rects += vnc_update_client(vs, has_dirty);
3012 /* vs might be free()ed here */
3015 if (has_dirty && rects) {
3016 vd->dcl.update_interval /= 2;
3017 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3018 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3020 } else {
3021 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3022 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3023 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3028 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3029 bool skipauth, bool websocket)
3031 VncState *vs = g_new0(VncState, 1);
3032 bool first_client = QTAILQ_EMPTY(&vd->clients);
3033 int i;
3035 trace_vnc_client_connect(vs, sioc);
3036 vs->magic = VNC_MAGIC;
3037 vs->sioc = sioc;
3038 object_ref(OBJECT(vs->sioc));
3039 vs->ioc = QIO_CHANNEL(sioc);
3040 object_ref(OBJECT(vs->ioc));
3041 vs->vd = vd;
3043 buffer_init(&vs->input, "vnc-input/%p", sioc);
3044 buffer_init(&vs->output, "vnc-output/%p", sioc);
3045 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3047 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
3048 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
3049 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
3050 #ifdef CONFIG_VNC_JPEG
3051 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
3052 #endif
3053 #ifdef CONFIG_VNC_PNG
3054 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
3055 #endif
3056 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3057 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
3058 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
3059 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3061 if (skipauth) {
3062 vs->auth = VNC_AUTH_NONE;
3063 vs->subauth = VNC_AUTH_INVALID;
3064 } else {
3065 if (websocket) {
3066 vs->auth = vd->ws_auth;
3067 vs->subauth = VNC_AUTH_INVALID;
3068 } else {
3069 vs->auth = vd->auth;
3070 vs->subauth = vd->subauth;
3073 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3074 sioc, websocket, vs->auth, vs->subauth);
3076 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3077 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3078 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3081 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3082 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3083 qio_channel_set_blocking(vs->ioc, false, NULL);
3084 if (vs->ioc_tag) {
3085 g_source_remove(vs->ioc_tag);
3087 if (websocket) {
3088 vs->websocket = 1;
3089 if (vd->tlscreds) {
3090 vs->ioc_tag = qio_channel_add_watch(
3091 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3092 } else {
3093 vs->ioc_tag = qio_channel_add_watch(
3094 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3096 } else {
3097 vs->ioc_tag = qio_channel_add_watch(
3098 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3101 vnc_client_cache_addr(vs);
3102 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3103 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3105 vs->last_x = -1;
3106 vs->last_y = -1;
3108 vs->as.freq = 44100;
3109 vs->as.nchannels = 2;
3110 vs->as.fmt = AUDIO_FORMAT_S16;
3111 vs->as.endianness = 0;
3113 qemu_mutex_init(&vs->output_mutex);
3114 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3116 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3117 if (first_client) {
3118 vnc_update_server_surface(vd);
3121 graphic_hw_update(vd->dcl.con);
3123 if (!vs->websocket) {
3124 vnc_start_protocol(vs);
3127 if (vd->num_connecting > vd->connections_limit) {
3128 QTAILQ_FOREACH(vs, &vd->clients, next) {
3129 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3130 vnc_disconnect_start(vs);
3131 return;
3137 void vnc_start_protocol(VncState *vs)
3139 vnc_write(vs, "RFB 003.008\n", 12);
3140 vnc_flush(vs);
3141 vnc_read_when(vs, protocol_version, 12);
3143 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3144 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3147 static void vnc_listen_io(QIONetListener *listener,
3148 QIOChannelSocket *cioc,
3149 void *opaque)
3151 VncDisplay *vd = opaque;
3152 bool isWebsock = listener == vd->wslistener;
3154 qio_channel_set_name(QIO_CHANNEL(cioc),
3155 isWebsock ? "vnc-ws-server" : "vnc-server");
3156 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3157 vnc_connect(vd, cioc, false, isWebsock);
3160 static const DisplayChangeListenerOps dcl_ops = {
3161 .dpy_name = "vnc",
3162 .dpy_refresh = vnc_refresh,
3163 .dpy_gfx_update = vnc_dpy_update,
3164 .dpy_gfx_switch = vnc_dpy_switch,
3165 .dpy_gfx_check_format = qemu_pixman_check_format,
3166 .dpy_mouse_set = vnc_mouse_set,
3167 .dpy_cursor_define = vnc_dpy_cursor_define,
3170 void vnc_display_init(const char *id, Error **errp)
3172 VncDisplay *vd;
3174 if (vnc_display_find(id) != NULL) {
3175 return;
3177 vd = g_malloc0(sizeof(*vd));
3179 vd->id = strdup(id);
3180 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3182 QTAILQ_INIT(&vd->clients);
3183 vd->expires = TIME_MAX;
3185 if (keyboard_layout) {
3186 trace_vnc_key_map_init(keyboard_layout);
3187 vd->kbd_layout = init_keyboard_layout(name2keysym,
3188 keyboard_layout, errp);
3189 } else {
3190 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3193 if (!vd->kbd_layout) {
3194 return;
3197 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3198 vd->connections_limit = 32;
3200 qemu_mutex_init(&vd->mutex);
3201 vnc_start_worker_thread();
3203 vd->dcl.ops = &dcl_ops;
3204 register_displaychangelistener(&vd->dcl);
3205 vd->kbd = qkbd_state_init(vd->dcl.con);
3209 static void vnc_display_close(VncDisplay *vd)
3211 if (!vd) {
3212 return;
3214 vd->is_unix = false;
3216 if (vd->listener) {
3217 qio_net_listener_disconnect(vd->listener);
3218 object_unref(OBJECT(vd->listener));
3220 vd->listener = NULL;
3222 if (vd->wslistener) {
3223 qio_net_listener_disconnect(vd->wslistener);
3224 object_unref(OBJECT(vd->wslistener));
3226 vd->wslistener = NULL;
3228 vd->auth = VNC_AUTH_INVALID;
3229 vd->subauth = VNC_AUTH_INVALID;
3230 if (vd->tlscreds) {
3231 object_unparent(OBJECT(vd->tlscreds));
3232 vd->tlscreds = NULL;
3234 if (vd->tlsauthz) {
3235 object_unparent(OBJECT(vd->tlsauthz));
3236 vd->tlsauthz = NULL;
3238 g_free(vd->tlsauthzid);
3239 vd->tlsauthzid = NULL;
3240 if (vd->lock_key_sync) {
3241 qemu_remove_led_event_handler(vd->led);
3242 vd->led = NULL;
3244 #ifdef CONFIG_VNC_SASL
3245 if (vd->sasl.authz) {
3246 object_unparent(OBJECT(vd->sasl.authz));
3247 vd->sasl.authz = NULL;
3249 g_free(vd->sasl.authzid);
3250 vd->sasl.authzid = NULL;
3251 #endif
3254 int vnc_display_password(const char *id, const char *password)
3256 VncDisplay *vd = vnc_display_find(id);
3258 if (!vd) {
3259 return -EINVAL;
3261 if (vd->auth == VNC_AUTH_NONE) {
3262 error_printf_unless_qmp("If you want use passwords please enable "
3263 "password auth using '-vnc ${dpy},password'.\n");
3264 return -EINVAL;
3267 g_free(vd->password);
3268 vd->password = g_strdup(password);
3270 return 0;
3273 int vnc_display_pw_expire(const char *id, time_t expires)
3275 VncDisplay *vd = vnc_display_find(id);
3277 if (!vd) {
3278 return -EINVAL;
3281 vd->expires = expires;
3282 return 0;
3285 static void vnc_display_print_local_addr(VncDisplay *vd)
3287 SocketAddress *addr;
3288 Error *err = NULL;
3290 if (!vd->listener || !vd->listener->nsioc) {
3291 return;
3294 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err);
3295 if (!addr) {
3296 return;
3299 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3300 qapi_free_SocketAddress(addr);
3301 return;
3303 error_printf_unless_qmp("VNC server running on %s:%s\n",
3304 addr->u.inet.host,
3305 addr->u.inet.port);
3306 qapi_free_SocketAddress(addr);
3309 static QemuOptsList qemu_vnc_opts = {
3310 .name = "vnc",
3311 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3312 .implied_opt_name = "vnc",
3313 .desc = {
3315 .name = "vnc",
3316 .type = QEMU_OPT_STRING,
3318 .name = "websocket",
3319 .type = QEMU_OPT_STRING,
3321 .name = "tls-creds",
3322 .type = QEMU_OPT_STRING,
3324 .name = "share",
3325 .type = QEMU_OPT_STRING,
3327 .name = "display",
3328 .type = QEMU_OPT_STRING,
3330 .name = "head",
3331 .type = QEMU_OPT_NUMBER,
3333 .name = "connections",
3334 .type = QEMU_OPT_NUMBER,
3336 .name = "to",
3337 .type = QEMU_OPT_NUMBER,
3339 .name = "ipv4",
3340 .type = QEMU_OPT_BOOL,
3342 .name = "ipv6",
3343 .type = QEMU_OPT_BOOL,
3345 .name = "password",
3346 .type = QEMU_OPT_BOOL,
3348 .name = "reverse",
3349 .type = QEMU_OPT_BOOL,
3351 .name = "lock-key-sync",
3352 .type = QEMU_OPT_BOOL,
3354 .name = "key-delay-ms",
3355 .type = QEMU_OPT_NUMBER,
3357 .name = "sasl",
3358 .type = QEMU_OPT_BOOL,
3360 .name = "acl",
3361 .type = QEMU_OPT_BOOL,
3363 .name = "tls-authz",
3364 .type = QEMU_OPT_STRING,
3366 .name = "sasl-authz",
3367 .type = QEMU_OPT_STRING,
3369 .name = "lossy",
3370 .type = QEMU_OPT_BOOL,
3372 .name = "non-adaptive",
3373 .type = QEMU_OPT_BOOL,
3375 { /* end of list */ }
3380 static int
3381 vnc_display_setup_auth(int *auth,
3382 int *subauth,
3383 QCryptoTLSCreds *tlscreds,
3384 bool password,
3385 bool sasl,
3386 bool websocket,
3387 Error **errp)
3390 * We have a choice of 3 authentication options
3392 * 1. none
3393 * 2. vnc
3394 * 3. sasl
3396 * The channel can be run in 2 modes
3398 * 1. clear
3399 * 2. tls
3401 * And TLS can use 2 types of credentials
3403 * 1. anon
3404 * 2. x509
3406 * We thus have 9 possible logical combinations
3408 * 1. clear + none
3409 * 2. clear + vnc
3410 * 3. clear + sasl
3411 * 4. tls + anon + none
3412 * 5. tls + anon + vnc
3413 * 6. tls + anon + sasl
3414 * 7. tls + x509 + none
3415 * 8. tls + x509 + vnc
3416 * 9. tls + x509 + sasl
3418 * These need to be mapped into the VNC auth schemes
3419 * in an appropriate manner. In regular VNC, all the
3420 * TLS options get mapped into VNC_AUTH_VENCRYPT
3421 * sub-auth types.
3423 * In websockets, the https:// protocol already provides
3424 * TLS support, so there is no need to make use of the
3425 * VeNCrypt extension. Furthermore, websockets browser
3426 * clients could not use VeNCrypt even if they wanted to,
3427 * as they cannot control when the TLS handshake takes
3428 * place. Thus there is no option but to rely on https://,
3429 * meaning combinations 4->6 and 7->9 will be mapped to
3430 * VNC auth schemes in the same way as combos 1->3.
3432 * Regardless of fact that we have a different mapping to
3433 * VNC auth mechs for plain VNC vs websockets VNC, the end
3434 * result has the same security characteristics.
3436 if (websocket || !tlscreds) {
3437 if (password) {
3438 VNC_DEBUG("Initializing VNC server with password auth\n");
3439 *auth = VNC_AUTH_VNC;
3440 } else if (sasl) {
3441 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3442 *auth = VNC_AUTH_SASL;
3443 } else {
3444 VNC_DEBUG("Initializing VNC server with no auth\n");
3445 *auth = VNC_AUTH_NONE;
3447 *subauth = VNC_AUTH_INVALID;
3448 } else {
3449 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3450 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3451 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3452 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3454 if (!is_x509 && !is_anon) {
3455 error_setg(errp,
3456 "Unsupported TLS cred type %s",
3457 object_get_typename(OBJECT(tlscreds)));
3458 return -1;
3460 *auth = VNC_AUTH_VENCRYPT;
3461 if (password) {
3462 if (is_x509) {
3463 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3464 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3465 } else {
3466 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3467 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3470 } else if (sasl) {
3471 if (is_x509) {
3472 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3473 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3474 } else {
3475 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3476 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3478 } else {
3479 if (is_x509) {
3480 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3481 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3482 } else {
3483 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3484 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3488 return 0;
3492 static int vnc_display_get_address(const char *addrstr,
3493 bool websocket,
3494 bool reverse,
3495 int displaynum,
3496 int to,
3497 bool has_ipv4,
3498 bool has_ipv6,
3499 bool ipv4,
3500 bool ipv6,
3501 SocketAddress **retaddr,
3502 Error **errp)
3504 int ret = -1;
3505 SocketAddress *addr = NULL;
3507 addr = g_new0(SocketAddress, 1);
3509 if (strncmp(addrstr, "unix:", 5) == 0) {
3510 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3511 addr->u.q_unix.path = g_strdup(addrstr + 5);
3513 if (websocket) {
3514 error_setg(errp, "UNIX sockets not supported with websock");
3515 goto cleanup;
3518 if (to) {
3519 error_setg(errp, "Port range not support with UNIX socket");
3520 goto cleanup;
3522 ret = 0;
3523 } else {
3524 const char *port;
3525 size_t hostlen;
3526 unsigned long long baseport = 0;
3527 InetSocketAddress *inet;
3529 port = strrchr(addrstr, ':');
3530 if (!port) {
3531 if (websocket) {
3532 hostlen = 0;
3533 port = addrstr;
3534 } else {
3535 error_setg(errp, "no vnc port specified");
3536 goto cleanup;
3538 } else {
3539 hostlen = port - addrstr;
3540 port++;
3541 if (*port == '\0') {
3542 error_setg(errp, "vnc port cannot be empty");
3543 goto cleanup;
3547 addr->type = SOCKET_ADDRESS_TYPE_INET;
3548 inet = &addr->u.inet;
3549 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3550 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3551 } else {
3552 inet->host = g_strndup(addrstr, hostlen);
3554 /* plain VNC port is just an offset, for websocket
3555 * port is absolute */
3556 if (websocket) {
3557 if (g_str_equal(addrstr, "") ||
3558 g_str_equal(addrstr, "on")) {
3559 if (displaynum == -1) {
3560 error_setg(errp, "explicit websocket port is required");
3561 goto cleanup;
3563 inet->port = g_strdup_printf(
3564 "%d", displaynum + 5700);
3565 if (to) {
3566 inet->has_to = true;
3567 inet->to = to + 5700;
3569 } else {
3570 inet->port = g_strdup(port);
3572 } else {
3573 int offset = reverse ? 0 : 5900;
3574 if (parse_uint_full(port, &baseport, 10) < 0) {
3575 error_setg(errp, "can't convert to a number: %s", port);
3576 goto cleanup;
3578 if (baseport > 65535 ||
3579 baseport + offset > 65535) {
3580 error_setg(errp, "port %s out of range", port);
3581 goto cleanup;
3583 inet->port = g_strdup_printf(
3584 "%d", (int)baseport + offset);
3586 if (to) {
3587 inet->has_to = true;
3588 inet->to = to + offset;
3592 inet->ipv4 = ipv4;
3593 inet->has_ipv4 = has_ipv4;
3594 inet->ipv6 = ipv6;
3595 inet->has_ipv6 = has_ipv6;
3597 ret = baseport;
3600 *retaddr = addr;
3602 cleanup:
3603 if (ret < 0) {
3604 qapi_free_SocketAddress(addr);
3606 return ret;
3609 static void vnc_free_addresses(SocketAddress ***retsaddr,
3610 size_t *retnsaddr)
3612 size_t i;
3614 for (i = 0; i < *retnsaddr; i++) {
3615 qapi_free_SocketAddress((*retsaddr)[i]);
3617 g_free(*retsaddr);
3619 *retsaddr = NULL;
3620 *retnsaddr = 0;
3623 static int vnc_display_get_addresses(QemuOpts *opts,
3624 bool reverse,
3625 SocketAddress ***retsaddr,
3626 size_t *retnsaddr,
3627 SocketAddress ***retwsaddr,
3628 size_t *retnwsaddr,
3629 Error **errp)
3631 SocketAddress *saddr = NULL;
3632 SocketAddress *wsaddr = NULL;
3633 QemuOptsIter addriter;
3634 const char *addr;
3635 int to = qemu_opt_get_number(opts, "to", 0);
3636 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3637 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3638 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3639 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3640 int displaynum = -1;
3641 int ret = -1;
3643 *retsaddr = NULL;
3644 *retnsaddr = 0;
3645 *retwsaddr = NULL;
3646 *retnwsaddr = 0;
3648 addr = qemu_opt_get(opts, "vnc");
3649 if (addr == NULL || g_str_equal(addr, "none")) {
3650 ret = 0;
3651 goto cleanup;
3653 if (qemu_opt_get(opts, "websocket") &&
3654 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3655 error_setg(errp,
3656 "SHA1 hash support is required for websockets");
3657 goto cleanup;
3660 qemu_opt_iter_init(&addriter, opts, "vnc");
3661 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3662 int rv;
3663 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3664 has_ipv4, has_ipv6,
3665 ipv4, ipv6,
3666 &saddr, errp);
3667 if (rv < 0) {
3668 goto cleanup;
3670 /* Historical compat - first listen address can be used
3671 * to set the default websocket port
3673 if (displaynum == -1) {
3674 displaynum = rv;
3676 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3677 (*retsaddr)[(*retnsaddr)++] = saddr;
3680 /* If we had multiple primary displays, we don't do defaults
3681 * for websocket, and require explicit config instead. */
3682 if (*retnsaddr > 1) {
3683 displaynum = -1;
3686 qemu_opt_iter_init(&addriter, opts, "websocket");
3687 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3688 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3689 has_ipv4, has_ipv6,
3690 ipv4, ipv6,
3691 &wsaddr, errp) < 0) {
3692 goto cleanup;
3695 /* Historical compat - if only a single listen address was
3696 * provided, then this is used to set the default listen
3697 * address for websocket too
3699 if (*retnsaddr == 1 &&
3700 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3701 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3702 g_str_equal(wsaddr->u.inet.host, "") &&
3703 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3704 g_free(wsaddr->u.inet.host);
3705 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3708 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3709 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3712 ret = 0;
3713 cleanup:
3714 if (ret < 0) {
3715 vnc_free_addresses(retsaddr, retnsaddr);
3716 vnc_free_addresses(retwsaddr, retnwsaddr);
3718 return ret;
3721 static int vnc_display_connect(VncDisplay *vd,
3722 SocketAddress **saddr,
3723 size_t nsaddr,
3724 SocketAddress **wsaddr,
3725 size_t nwsaddr,
3726 Error **errp)
3728 /* connect to viewer */
3729 QIOChannelSocket *sioc = NULL;
3730 if (nwsaddr != 0) {
3731 error_setg(errp, "Cannot use websockets in reverse mode");
3732 return -1;
3734 if (nsaddr != 1) {
3735 error_setg(errp, "Expected a single address in reverse mode");
3736 return -1;
3738 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3739 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3740 sioc = qio_channel_socket_new();
3741 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3742 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3743 return -1;
3745 vnc_connect(vd, sioc, false, false);
3746 object_unref(OBJECT(sioc));
3747 return 0;
3751 static int vnc_display_listen(VncDisplay *vd,
3752 SocketAddress **saddr,
3753 size_t nsaddr,
3754 SocketAddress **wsaddr,
3755 size_t nwsaddr,
3756 Error **errp)
3758 size_t i;
3760 if (nsaddr) {
3761 vd->listener = qio_net_listener_new();
3762 qio_net_listener_set_name(vd->listener, "vnc-listen");
3763 for (i = 0; i < nsaddr; i++) {
3764 if (qio_net_listener_open_sync(vd->listener,
3765 saddr[i],
3766 errp) < 0) {
3767 return -1;
3771 qio_net_listener_set_client_func(vd->listener,
3772 vnc_listen_io, vd, NULL);
3775 if (nwsaddr) {
3776 vd->wslistener = qio_net_listener_new();
3777 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3778 for (i = 0; i < nwsaddr; i++) {
3779 if (qio_net_listener_open_sync(vd->wslistener,
3780 wsaddr[i],
3781 errp) < 0) {
3782 return -1;
3786 qio_net_listener_set_client_func(vd->wslistener,
3787 vnc_listen_io, vd, NULL);
3790 return 0;
3794 void vnc_display_open(const char *id, Error **errp)
3796 VncDisplay *vd = vnc_display_find(id);
3797 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3798 SocketAddress **saddr = NULL, **wsaddr = NULL;
3799 size_t nsaddr, nwsaddr;
3800 const char *share, *device_id;
3801 QemuConsole *con;
3802 bool password = false;
3803 bool reverse = false;
3804 const char *credid;
3805 bool sasl = false;
3806 int acl = 0;
3807 const char *tlsauthz;
3808 const char *saslauthz;
3809 int lock_key_sync = 1;
3810 int key_delay_ms;
3812 if (!vd) {
3813 error_setg(errp, "VNC display not active");
3814 return;
3816 vnc_display_close(vd);
3818 if (!opts) {
3819 return;
3822 reverse = qemu_opt_get_bool(opts, "reverse", false);
3823 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3824 &wsaddr, &nwsaddr, errp) < 0) {
3825 goto fail;
3828 password = qemu_opt_get_bool(opts, "password", false);
3829 if (password) {
3830 if (fips_get_state()) {
3831 error_setg(errp,
3832 "VNC password auth disabled due to FIPS mode, "
3833 "consider using the VeNCrypt or SASL authentication "
3834 "methods as an alternative");
3835 goto fail;
3837 if (!qcrypto_cipher_supports(
3838 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3839 error_setg(errp,
3840 "Cipher backend does not support DES RFB algorithm");
3841 goto fail;
3845 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3846 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3847 sasl = qemu_opt_get_bool(opts, "sasl", false);
3848 #ifndef CONFIG_VNC_SASL
3849 if (sasl) {
3850 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3851 goto fail;
3853 #endif /* CONFIG_VNC_SASL */
3854 credid = qemu_opt_get(opts, "tls-creds");
3855 if (credid) {
3856 Object *creds;
3857 creds = object_resolve_path_component(
3858 object_get_objects_root(), credid);
3859 if (!creds) {
3860 error_setg(errp, "No TLS credentials with id '%s'",
3861 credid);
3862 goto fail;
3864 vd->tlscreds = (QCryptoTLSCreds *)
3865 object_dynamic_cast(creds,
3866 TYPE_QCRYPTO_TLS_CREDS);
3867 if (!vd->tlscreds) {
3868 error_setg(errp, "Object with id '%s' is not TLS credentials",
3869 credid);
3870 goto fail;
3872 object_ref(OBJECT(vd->tlscreds));
3874 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3875 error_setg(errp,
3876 "Expecting TLS credentials with a server endpoint");
3877 goto fail;
3880 if (qemu_opt_get(opts, "acl")) {
3881 error_report("The 'acl' option to -vnc is deprecated. "
3882 "Please use the 'tls-authz' and 'sasl-authz' "
3883 "options instead");
3885 acl = qemu_opt_get_bool(opts, "acl", false);
3886 tlsauthz = qemu_opt_get(opts, "tls-authz");
3887 if (acl && tlsauthz) {
3888 error_setg(errp, "'acl' option is mutually exclusive with the "
3889 "'tls-authz' option");
3890 goto fail;
3892 if (tlsauthz && !vd->tlscreds) {
3893 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
3894 goto fail;
3897 saslauthz = qemu_opt_get(opts, "sasl-authz");
3898 if (acl && saslauthz) {
3899 error_setg(errp, "'acl' option is mutually exclusive with the "
3900 "'sasl-authz' option");
3901 goto fail;
3903 if (saslauthz && !sasl) {
3904 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
3905 goto fail;
3908 share = qemu_opt_get(opts, "share");
3909 if (share) {
3910 if (strcmp(share, "ignore") == 0) {
3911 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3912 } else if (strcmp(share, "allow-exclusive") == 0) {
3913 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3914 } else if (strcmp(share, "force-shared") == 0) {
3915 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3916 } else {
3917 error_setg(errp, "unknown vnc share= option");
3918 goto fail;
3920 } else {
3921 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3923 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3925 #ifdef CONFIG_VNC_JPEG
3926 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3927 #endif
3928 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3929 /* adaptive updates are only used with tight encoding and
3930 * if lossy updates are enabled so we can disable all the
3931 * calculations otherwise */
3932 if (!vd->lossy) {
3933 vd->non_adaptive = true;
3936 if (tlsauthz) {
3937 vd->tlsauthzid = g_strdup(tlsauthz);
3938 } else if (acl) {
3939 if (strcmp(vd->id, "default") == 0) {
3940 vd->tlsauthzid = g_strdup("vnc.x509dname");
3941 } else {
3942 vd->tlsauthzid = g_strdup_printf("vnc.%s.x509dname", vd->id);
3944 vd->tlsauthz = QAUTHZ(qauthz_list_new(vd->tlsauthzid,
3945 QAUTHZ_LIST_POLICY_DENY,
3946 &error_abort));
3948 #ifdef CONFIG_VNC_SASL
3949 if (sasl) {
3950 if (saslauthz) {
3951 vd->sasl.authzid = g_strdup(saslauthz);
3952 } else if (acl) {
3953 if (strcmp(vd->id, "default") == 0) {
3954 vd->sasl.authzid = g_strdup("vnc.username");
3955 } else {
3956 vd->sasl.authzid = g_strdup_printf("vnc.%s.username", vd->id);
3958 vd->sasl.authz = QAUTHZ(qauthz_list_new(vd->sasl.authzid,
3959 QAUTHZ_LIST_POLICY_DENY,
3960 &error_abort));
3963 #endif
3965 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
3966 vd->tlscreds, password,
3967 sasl, false, errp) < 0) {
3968 goto fail;
3970 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
3972 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
3973 vd->tlscreds, password,
3974 sasl, true, errp) < 0) {
3975 goto fail;
3977 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
3979 #ifdef CONFIG_VNC_SASL
3980 if (sasl) {
3981 int saslErr = sasl_server_init(NULL, "qemu");
3983 if (saslErr != SASL_OK) {
3984 error_setg(errp, "Failed to initialize SASL auth: %s",
3985 sasl_errstring(saslErr, NULL, NULL));
3986 goto fail;
3989 #endif
3990 vd->lock_key_sync = lock_key_sync;
3991 if (lock_key_sync) {
3992 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
3994 vd->ledstate = 0;
3996 device_id = qemu_opt_get(opts, "display");
3997 if (device_id) {
3998 int head = qemu_opt_get_number(opts, "head", 0);
3999 Error *err = NULL;
4001 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4002 if (err) {
4003 error_propagate(errp, err);
4004 goto fail;
4006 } else {
4007 con = NULL;
4010 if (con != vd->dcl.con) {
4011 qkbd_state_free(vd->kbd);
4012 unregister_displaychangelistener(&vd->dcl);
4013 vd->dcl.con = con;
4014 register_displaychangelistener(&vd->dcl);
4015 vd->kbd = qkbd_state_init(vd->dcl.con);
4017 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4019 if (saddr == NULL) {
4020 goto cleanup;
4023 if (reverse) {
4024 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4025 goto fail;
4027 } else {
4028 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4029 goto fail;
4033 if (qemu_opt_get(opts, "to")) {
4034 vnc_display_print_local_addr(vd);
4037 cleanup:
4038 vnc_free_addresses(&saddr, &nsaddr);
4039 vnc_free_addresses(&wsaddr, &nwsaddr);
4040 return;
4042 fail:
4043 vnc_display_close(vd);
4044 goto cleanup;
4047 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4049 VncDisplay *vd = vnc_display_find(id);
4050 QIOChannelSocket *sioc;
4052 if (!vd) {
4053 return;
4056 sioc = qio_channel_socket_new_fd(csock, NULL);
4057 if (sioc) {
4058 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4059 vnc_connect(vd, sioc, skipauth, false);
4060 object_unref(OBJECT(sioc));
4064 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4066 int i = 2;
4067 char *id;
4069 id = g_strdup("default");
4070 while (qemu_opts_find(olist, id)) {
4071 g_free(id);
4072 id = g_strdup_printf("vnc%d", i++);
4074 qemu_opts_set_id(opts, id);
4077 QemuOpts *vnc_parse(const char *str, Error **errp)
4079 QemuOptsList *olist = qemu_find_opts("vnc");
4080 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4081 const char *id;
4083 if (!opts) {
4084 return NULL;
4087 id = qemu_opts_id(opts);
4088 if (!id) {
4089 /* auto-assign id if not present */
4090 vnc_auto_assign_id(olist, opts);
4092 return opts;
4095 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4097 Error *local_err = NULL;
4098 char *id = (char *)qemu_opts_id(opts);
4100 assert(id);
4101 vnc_display_init(id, &local_err);
4102 if (local_err) {
4103 error_propagate(errp, local_err);
4104 return -1;
4106 vnc_display_open(id, &local_err);
4107 if (local_err != NULL) {
4108 error_propagate(errp, local_err);
4109 return -1;
4111 return 0;
4114 static void vnc_register_config(void)
4116 qemu_add_opts(&qemu_vnc_opts);
4118 opts_init(vnc_register_config);