2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "hw/qdev-core.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qemu/option.h"
37 #include "qemu/sockets.h"
38 #include "qemu/timer.h"
39 #include "authz/list.h"
40 #include "qemu/config-file.h"
41 #include "qapi/qapi-emit-events.h"
42 #include "qapi/qapi-events-ui.h"
43 #include "qapi/error.h"
44 #include "qapi/qapi-commands-ui.h"
46 #include "crypto/hash.h"
47 #include "crypto/tlscredsanon.h"
48 #include "crypto/tlscredsx509.h"
49 #include "crypto/random.h"
50 #include "qom/object_interfaces.h"
51 #include "qemu/cutils.h"
52 #include "io/dns-resolver.h"
54 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
55 #define VNC_REFRESH_INTERVAL_INC 50
56 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
57 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
58 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
60 #include "vnc_keysym.h"
61 #include "crypto/cipher.h"
63 static QTAILQ_HEAD(, VncDisplay
) vnc_displays
=
64 QTAILQ_HEAD_INITIALIZER(vnc_displays
);
66 static int vnc_cursor_define(VncState
*vs
);
67 static void vnc_update_throttle_offset(VncState
*vs
);
69 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
72 static const char *mn
[] = {
74 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
75 [VNC_SHARE_MODE_SHARED
] = "shared",
76 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
77 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
79 fprintf(stderr
, "%s/%p: %s -> %s\n", __func__
,
80 vs
->ioc
, mn
[vs
->share_mode
], mn
[mode
]);
83 switch (vs
->share_mode
) {
84 case VNC_SHARE_MODE_CONNECTING
:
85 vs
->vd
->num_connecting
--;
87 case VNC_SHARE_MODE_SHARED
:
90 case VNC_SHARE_MODE_EXCLUSIVE
:
91 vs
->vd
->num_exclusive
--;
97 vs
->share_mode
= mode
;
99 switch (vs
->share_mode
) {
100 case VNC_SHARE_MODE_CONNECTING
:
101 vs
->vd
->num_connecting
++;
103 case VNC_SHARE_MODE_SHARED
:
104 vs
->vd
->num_shared
++;
106 case VNC_SHARE_MODE_EXCLUSIVE
:
107 vs
->vd
->num_exclusive
++;
115 static void vnc_init_basic_info(SocketAddress
*addr
,
119 switch (addr
->type
) {
120 case SOCKET_ADDRESS_TYPE_INET
:
121 info
->host
= g_strdup(addr
->u
.inet
.host
);
122 info
->service
= g_strdup(addr
->u
.inet
.port
);
123 if (addr
->u
.inet
.ipv6
) {
124 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
126 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
130 case SOCKET_ADDRESS_TYPE_UNIX
:
131 info
->host
= g_strdup("");
132 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
133 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
136 case SOCKET_ADDRESS_TYPE_VSOCK
:
137 case SOCKET_ADDRESS_TYPE_FD
:
138 error_setg(errp
, "Unsupported socket address type %s",
139 SocketAddressType_str(addr
->type
));
148 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket
*ioc
,
152 SocketAddress
*addr
= NULL
;
155 error_setg(errp
, "No listener socket available");
159 addr
= qio_channel_socket_get_local_address(ioc
, errp
);
164 vnc_init_basic_info(addr
, info
, errp
);
165 qapi_free_SocketAddress(addr
);
168 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket
*ioc
,
172 SocketAddress
*addr
= NULL
;
174 addr
= qio_channel_socket_get_remote_address(ioc
, errp
);
179 vnc_init_basic_info(addr
, info
, errp
);
180 qapi_free_SocketAddress(addr
);
183 static const char *vnc_auth_name(VncDisplay
*vd
) {
185 case VNC_AUTH_INVALID
:
201 case VNC_AUTH_VENCRYPT
:
202 switch (vd
->subauth
) {
203 case VNC_AUTH_VENCRYPT_PLAIN
:
204 return "vencrypt+plain";
205 case VNC_AUTH_VENCRYPT_TLSNONE
:
206 return "vencrypt+tls+none";
207 case VNC_AUTH_VENCRYPT_TLSVNC
:
208 return "vencrypt+tls+vnc";
209 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
210 return "vencrypt+tls+plain";
211 case VNC_AUTH_VENCRYPT_X509NONE
:
212 return "vencrypt+x509+none";
213 case VNC_AUTH_VENCRYPT_X509VNC
:
214 return "vencrypt+x509+vnc";
215 case VNC_AUTH_VENCRYPT_X509PLAIN
:
216 return "vencrypt+x509+plain";
217 case VNC_AUTH_VENCRYPT_TLSSASL
:
218 return "vencrypt+tls+sasl";
219 case VNC_AUTH_VENCRYPT_X509SASL
:
220 return "vencrypt+x509+sasl";
230 static VncServerInfo
*vnc_server_info_get(VncDisplay
*vd
)
235 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
239 info
= g_malloc0(sizeof(*info
));
240 vnc_init_basic_info_from_server_addr(vd
->listener
->sioc
[0],
241 qapi_VncServerInfo_base(info
), &err
);
242 info
->has_auth
= true;
243 info
->auth
= g_strdup(vnc_auth_name(vd
));
245 qapi_free_VncServerInfo(info
);
252 static void vnc_client_cache_auth(VncState
*client
)
259 client
->info
->x509_dname
=
260 qcrypto_tls_session_get_peer_name(client
->tls
);
261 client
->info
->has_x509_dname
=
262 client
->info
->x509_dname
!= NULL
;
264 #ifdef CONFIG_VNC_SASL
265 if (client
->sasl
.conn
&&
266 client
->sasl
.username
) {
267 client
->info
->has_sasl_username
= true;
268 client
->info
->sasl_username
= g_strdup(client
->sasl
.username
);
273 static void vnc_client_cache_addr(VncState
*client
)
277 client
->info
= g_malloc0(sizeof(*client
->info
));
278 vnc_init_basic_info_from_remote_addr(client
->sioc
,
279 qapi_VncClientInfo_base(client
->info
),
282 qapi_free_VncClientInfo(client
->info
);
288 static void vnc_qmp_event(VncState
*vs
, QAPIEvent event
)
296 si
= vnc_server_info_get(vs
->vd
);
302 case QAPI_EVENT_VNC_CONNECTED
:
303 qapi_event_send_vnc_connected(si
, qapi_VncClientInfo_base(vs
->info
));
305 case QAPI_EVENT_VNC_INITIALIZED
:
306 qapi_event_send_vnc_initialized(si
, vs
->info
);
308 case QAPI_EVENT_VNC_DISCONNECTED
:
309 qapi_event_send_vnc_disconnected(si
, vs
->info
);
315 qapi_free_VncServerInfo(si
);
318 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
323 info
= g_malloc0(sizeof(*info
));
325 vnc_init_basic_info_from_remote_addr(client
->sioc
,
326 qapi_VncClientInfo_base(info
),
330 qapi_free_VncClientInfo(info
);
334 info
->websocket
= client
->websocket
;
337 info
->x509_dname
= qcrypto_tls_session_get_peer_name(client
->tls
);
338 info
->has_x509_dname
= info
->x509_dname
!= NULL
;
340 #ifdef CONFIG_VNC_SASL
341 if (client
->sasl
.conn
&& client
->sasl
.username
) {
342 info
->has_sasl_username
= true;
343 info
->sasl_username
= g_strdup(client
->sasl
.username
);
350 static VncDisplay
*vnc_display_find(const char *id
)
355 return QTAILQ_FIRST(&vnc_displays
);
357 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
358 if (strcmp(id
, vd
->id
) == 0) {
365 static VncClientInfoList
*qmp_query_client_list(VncDisplay
*vd
)
367 VncClientInfoList
*cinfo
, *prev
= NULL
;
370 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
371 cinfo
= g_new0(VncClientInfoList
, 1);
372 cinfo
->value
= qmp_query_vnc_client(client
);
379 VncInfo
*qmp_query_vnc(Error
**errp
)
381 VncInfo
*info
= g_malloc0(sizeof(*info
));
382 VncDisplay
*vd
= vnc_display_find(NULL
);
383 SocketAddress
*addr
= NULL
;
385 if (vd
== NULL
|| !vd
->listener
|| !vd
->listener
->nsioc
) {
386 info
->enabled
= false;
388 info
->enabled
= true;
390 /* for compatibility with the original command */
391 info
->has_clients
= true;
392 info
->clients
= qmp_query_client_list(vd
);
394 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0],
400 switch (addr
->type
) {
401 case SOCKET_ADDRESS_TYPE_INET
:
402 info
->host
= g_strdup(addr
->u
.inet
.host
);
403 info
->service
= g_strdup(addr
->u
.inet
.port
);
404 if (addr
->u
.inet
.ipv6
) {
405 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
407 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
411 case SOCKET_ADDRESS_TYPE_UNIX
:
412 info
->host
= g_strdup("");
413 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
414 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
417 case SOCKET_ADDRESS_TYPE_VSOCK
:
418 case SOCKET_ADDRESS_TYPE_FD
:
419 error_setg(errp
, "Unsupported socket address type %s",
420 SocketAddressType_str(addr
->type
));
426 info
->has_host
= true;
427 info
->has_service
= true;
428 info
->has_family
= true;
430 info
->has_auth
= true;
431 info
->auth
= g_strdup(vnc_auth_name(vd
));
434 qapi_free_SocketAddress(addr
);
438 qapi_free_SocketAddress(addr
);
439 qapi_free_VncInfo(info
);
444 static void qmp_query_auth(int auth
, int subauth
,
445 VncPrimaryAuth
*qmp_auth
,
446 VncVencryptSubAuth
*qmp_vencrypt
,
447 bool *qmp_has_vencrypt
);
449 static VncServerInfo2List
*qmp_query_server_entry(QIOChannelSocket
*ioc
,
453 VncServerInfo2List
*prev
)
455 VncServerInfo2List
*list
;
456 VncServerInfo2
*info
;
460 addr
= qio_channel_socket_get_local_address(ioc
, &err
);
466 info
= g_new0(VncServerInfo2
, 1);
467 vnc_init_basic_info(addr
, qapi_VncServerInfo2_base(info
), &err
);
468 qapi_free_SocketAddress(addr
);
470 qapi_free_VncServerInfo2(info
);
474 info
->websocket
= websocket
;
476 qmp_query_auth(auth
, subauth
, &info
->auth
,
477 &info
->vencrypt
, &info
->has_vencrypt
);
479 list
= g_new0(VncServerInfo2List
, 1);
485 static void qmp_query_auth(int auth
, int subauth
,
486 VncPrimaryAuth
*qmp_auth
,
487 VncVencryptSubAuth
*qmp_vencrypt
,
488 bool *qmp_has_vencrypt
)
492 *qmp_auth
= VNC_PRIMARY_AUTH_VNC
;
495 *qmp_auth
= VNC_PRIMARY_AUTH_RA2
;
498 *qmp_auth
= VNC_PRIMARY_AUTH_RA2NE
;
501 *qmp_auth
= VNC_PRIMARY_AUTH_TIGHT
;
504 *qmp_auth
= VNC_PRIMARY_AUTH_ULTRA
;
507 *qmp_auth
= VNC_PRIMARY_AUTH_TLS
;
509 case VNC_AUTH_VENCRYPT
:
510 *qmp_auth
= VNC_PRIMARY_AUTH_VENCRYPT
;
511 *qmp_has_vencrypt
= true;
513 case VNC_AUTH_VENCRYPT_PLAIN
:
514 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_PLAIN
;
516 case VNC_AUTH_VENCRYPT_TLSNONE
:
517 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_NONE
;
519 case VNC_AUTH_VENCRYPT_TLSVNC
:
520 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_VNC
;
522 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
523 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN
;
525 case VNC_AUTH_VENCRYPT_X509NONE
:
526 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_NONE
;
528 case VNC_AUTH_VENCRYPT_X509VNC
:
529 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_VNC
;
531 case VNC_AUTH_VENCRYPT_X509PLAIN
:
532 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_PLAIN
;
534 case VNC_AUTH_VENCRYPT_TLSSASL
:
535 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_SASL
;
537 case VNC_AUTH_VENCRYPT_X509SASL
:
538 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_SASL
;
541 *qmp_has_vencrypt
= false;
546 *qmp_auth
= VNC_PRIMARY_AUTH_SASL
;
550 *qmp_auth
= VNC_PRIMARY_AUTH_NONE
;
555 VncInfo2List
*qmp_query_vnc_servers(Error
**errp
)
557 VncInfo2List
*item
, *prev
= NULL
;
563 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
564 info
= g_new0(VncInfo2
, 1);
565 info
->id
= g_strdup(vd
->id
);
566 info
->clients
= qmp_query_client_list(vd
);
567 qmp_query_auth(vd
->auth
, vd
->subauth
, &info
->auth
,
568 &info
->vencrypt
, &info
->has_vencrypt
);
570 dev
= DEVICE(object_property_get_link(OBJECT(vd
->dcl
.con
),
572 info
->has_display
= true;
573 info
->display
= g_strdup(dev
->id
);
575 for (i
= 0; vd
->listener
!= NULL
&& i
< vd
->listener
->nsioc
; i
++) {
576 info
->server
= qmp_query_server_entry(
577 vd
->listener
->sioc
[i
], false, vd
->auth
, vd
->subauth
,
580 for (i
= 0; vd
->wslistener
!= NULL
&& i
< vd
->wslistener
->nsioc
; i
++) {
581 info
->server
= qmp_query_server_entry(
582 vd
->wslistener
->sioc
[i
], true, vd
->ws_auth
,
583 vd
->ws_subauth
, info
->server
);
586 item
= g_new0(VncInfo2List
, 1);
595 1) Get the queue working for IO.
596 2) there is some weirdness when using the -S option (the screen is grey
597 and not totally invalidated
598 3) resolutions > 1024
601 static int vnc_update_client(VncState
*vs
, int has_dirty
);
602 static void vnc_disconnect_start(VncState
*vs
);
604 static void vnc_colordepth(VncState
*vs
);
605 static void framebuffer_update_request(VncState
*vs
, int incremental
,
606 int x_position
, int y_position
,
608 static void vnc_refresh(DisplayChangeListener
*dcl
);
609 static int vnc_refresh_server_surface(VncDisplay
*vd
);
611 static int vnc_width(VncDisplay
*vd
)
613 return MIN(VNC_MAX_WIDTH
, ROUND_UP(surface_width(vd
->ds
),
614 VNC_DIRTY_PIXELS_PER_BIT
));
617 static int vnc_height(VncDisplay
*vd
)
619 return MIN(VNC_MAX_HEIGHT
, surface_height(vd
->ds
));
622 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty
[VNC_MAX_HEIGHT
],
623 VNC_MAX_WIDTH
/ VNC_DIRTY_PIXELS_PER_BIT
),
625 int x
, int y
, int w
, int h
)
627 int width
= vnc_width(vd
);
628 int height
= vnc_height(vd
);
630 /* this is needed this to ensure we updated all affected
631 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
632 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
633 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
637 w
= MIN(x
+ w
, width
) - x
;
638 h
= MIN(y
+ h
, height
);
641 bitmap_set(dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
642 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
646 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
647 int x
, int y
, int w
, int h
)
649 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
650 struct VncSurface
*s
= &vd
->guest
;
652 vnc_set_area_dirty(s
->dirty
, vd
, x
, y
, w
, h
);
655 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
658 vnc_write_u16(vs
, x
);
659 vnc_write_u16(vs
, y
);
660 vnc_write_u16(vs
, w
);
661 vnc_write_u16(vs
, h
);
663 vnc_write_s32(vs
, encoding
);
667 static void vnc_desktop_resize(VncState
*vs
)
669 if (vs
->ioc
== NULL
|| !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
672 if (vs
->client_width
== pixman_image_get_width(vs
->vd
->server
) &&
673 vs
->client_height
== pixman_image_get_height(vs
->vd
->server
)) {
677 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
678 pixman_image_get_width(vs
->vd
->server
) >= 0);
679 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
680 pixman_image_get_height(vs
->vd
->server
) >= 0);
681 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
682 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
684 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
686 vnc_write_u16(vs
, 1); /* number of rects */
687 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
688 VNC_ENCODING_DESKTOPRESIZE
);
689 vnc_unlock_output(vs
);
693 static void vnc_abort_display_jobs(VncDisplay
*vd
)
697 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
700 vnc_unlock_output(vs
);
702 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
705 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
707 if (vs
->update
== VNC_STATE_UPDATE_NONE
&&
708 vs
->job_update
!= VNC_STATE_UPDATE_NONE
) {
709 /* job aborted before completion */
710 vs
->update
= vs
->job_update
;
711 vs
->job_update
= VNC_STATE_UPDATE_NONE
;
714 vnc_unlock_output(vs
);
718 int vnc_server_fb_stride(VncDisplay
*vd
)
720 return pixman_image_get_stride(vd
->server
);
723 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
727 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
728 ptr
+= y
* vnc_server_fb_stride(vd
);
729 ptr
+= x
* VNC_SERVER_FB_BYTES
;
733 static void vnc_update_server_surface(VncDisplay
*vd
)
737 qemu_pixman_image_unref(vd
->server
);
740 if (QTAILQ_EMPTY(&vd
->clients
)) {
744 width
= vnc_width(vd
);
745 height
= vnc_height(vd
);
746 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
750 memset(vd
->guest
.dirty
, 0x00, sizeof(vd
->guest
.dirty
));
751 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
755 static bool vnc_check_pageflip(DisplaySurface
*s1
,
758 return (s1
!= NULL
&&
760 surface_width(s1
) == surface_width(s2
) &&
761 surface_height(s1
) == surface_height(s2
) &&
762 surface_format(s1
) == surface_format(s2
));
766 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
767 DisplaySurface
*surface
)
769 static const char placeholder_msg
[] =
770 "Display output is not active.";
771 static DisplaySurface
*placeholder
;
772 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
773 bool pageflip
= vnc_check_pageflip(vd
->ds
, surface
);
776 if (surface
== NULL
) {
777 if (placeholder
== NULL
) {
778 placeholder
= qemu_create_message_surface(640, 480, placeholder_msg
);
780 surface
= placeholder
;
783 vnc_abort_display_jobs(vd
);
787 qemu_pixman_image_unref(vd
->guest
.fb
);
788 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
789 vd
->guest
.format
= surface
->format
;
792 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
793 surface_width(surface
),
794 surface_height(surface
));
799 vnc_update_server_surface(vd
);
801 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
803 vnc_desktop_resize(vs
);
804 if (vs
->vd
->cursor
) {
805 vnc_cursor_define(vs
);
807 memset(vs
->dirty
, 0x00, sizeof(vs
->dirty
));
808 vnc_set_area_dirty(vs
->dirty
, vd
, 0, 0,
811 vnc_update_throttle_offset(vs
);
816 static void vnc_write_pixels_copy(VncState
*vs
,
817 void *pixels
, int size
)
819 vnc_write(vs
, pixels
, size
);
822 /* slowest but generic code. */
823 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
827 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
828 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
829 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
830 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
832 # error need some bits here if you change VNC_SERVER_FB_FORMAT
834 v
= (r
<< vs
->client_pf
.rshift
) |
835 (g
<< vs
->client_pf
.gshift
) |
836 (b
<< vs
->client_pf
.bshift
);
837 switch (vs
->client_pf
.bytes_per_pixel
) {
867 static void vnc_write_pixels_generic(VncState
*vs
,
868 void *pixels1
, int size
)
872 if (VNC_SERVER_FB_BYTES
== 4) {
873 uint32_t *pixels
= pixels1
;
876 for (i
= 0; i
< n
; i
++) {
877 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
878 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
883 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
887 VncDisplay
*vd
= vs
->vd
;
889 row
= vnc_server_fb_ptr(vd
, x
, y
);
890 for (i
= 0; i
< h
; i
++) {
891 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
892 row
+= vnc_server_fb_stride(vd
);
897 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
900 bool encode_raw
= false;
901 size_t saved_offs
= vs
->output
.offset
;
903 switch(vs
->vnc_encoding
) {
904 case VNC_ENCODING_ZLIB
:
905 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
907 case VNC_ENCODING_HEXTILE
:
908 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
909 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
911 case VNC_ENCODING_TIGHT
:
912 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
914 case VNC_ENCODING_TIGHT_PNG
:
915 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
917 case VNC_ENCODING_ZRLE
:
918 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
920 case VNC_ENCODING_ZYWRLE
:
921 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
928 /* If the client has the same pixel format as our internal buffer and
929 * a RAW encoding would need less space fall back to RAW encoding to
930 * save bandwidth and processing power in the client. */
931 if (!encode_raw
&& vs
->write_pixels
== vnc_write_pixels_copy
&&
932 12 + h
* w
* VNC_SERVER_FB_BYTES
<= (vs
->output
.offset
- saved_offs
)) {
933 vs
->output
.offset
= saved_offs
;
938 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
939 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
945 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
946 int x
, int y
, int visible
)
948 /* can we ask the client(s) to move the pointer ??? */
951 static int vnc_cursor_define(VncState
*vs
)
953 QEMUCursor
*c
= vs
->vd
->cursor
;
956 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
958 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
959 vnc_write_u8(vs
, 0); /* padding */
960 vnc_write_u16(vs
, 1); /* # of rects */
961 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
962 VNC_ENCODING_RICH_CURSOR
);
963 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
964 vnc_write_pixels_generic(vs
, c
->data
, isize
);
965 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
966 vnc_unlock_output(vs
);
972 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
975 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
978 cursor_put(vd
->cursor
);
979 g_free(vd
->cursor_mask
);
982 cursor_get(vd
->cursor
);
983 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
984 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
985 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
987 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
988 vnc_cursor_define(vs
);
992 static int find_and_clear_dirty_height(VncState
*vs
,
993 int y
, int last_x
, int x
, int height
)
997 for (h
= 1; h
< (height
- y
); h
++) {
998 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
1001 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
1008 * Figure out how much pending data we should allow in the output
1009 * buffer before we throttle incremental display updates, and/or
1010 * drop audio samples.
1012 * We allow for equiv of 1 full display's worth of FB updates,
1013 * and 1 second of audio samples. If audio backlog was larger
1014 * than that the client would already suffering awful audio
1015 * glitches, so dropping samples is no worse really).
1017 static void vnc_update_throttle_offset(VncState
*vs
)
1020 vs
->client_width
* vs
->client_height
* vs
->client_pf
.bytes_per_pixel
;
1022 if (vs
->audio_cap
) {
1024 switch (vs
->as
.fmt
) {
1026 case AUDIO_FORMAT_U8
:
1027 case AUDIO_FORMAT_S8
:
1030 case AUDIO_FORMAT_U16
:
1031 case AUDIO_FORMAT_S16
:
1034 case AUDIO_FORMAT_U32
:
1035 case AUDIO_FORMAT_S32
:
1039 offset
+= vs
->as
.freq
* bps
* vs
->as
.nchannels
;
1042 /* Put a floor of 1MB on offset, so that if we have a large pending
1043 * buffer and the display is resized to a small size & back again
1044 * we don't suddenly apply a tiny send limit
1046 offset
= MAX(offset
, 1024 * 1024);
1048 if (vs
->throttle_output_offset
!= offset
) {
1049 trace_vnc_client_throttle_threshold(
1050 vs
, vs
->ioc
, vs
->throttle_output_offset
, offset
, vs
->client_width
,
1051 vs
->client_height
, vs
->client_pf
.bytes_per_pixel
, vs
->audio_cap
);
1054 vs
->throttle_output_offset
= offset
;
1057 static bool vnc_should_update(VncState
*vs
)
1059 switch (vs
->update
) {
1060 case VNC_STATE_UPDATE_NONE
:
1062 case VNC_STATE_UPDATE_INCREMENTAL
:
1063 /* Only allow incremental updates if the pending send queue
1064 * is less than the permitted threshold, and the job worker
1065 * is completely idle.
1067 if (vs
->output
.offset
< vs
->throttle_output_offset
&&
1068 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1071 trace_vnc_client_throttle_incremental(
1072 vs
, vs
->ioc
, vs
->job_update
, vs
->output
.offset
);
1074 case VNC_STATE_UPDATE_FORCE
:
1075 /* Only allow forced updates if the pending send queue
1076 * does not contain a previous forced update, and the
1077 * job worker is completely idle.
1079 * Note this means we'll queue a forced update, even if
1080 * the output buffer size is otherwise over the throttle
1083 if (vs
->force_update_offset
== 0 &&
1084 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1087 trace_vnc_client_throttle_forced(
1088 vs
, vs
->ioc
, vs
->job_update
, vs
->force_update_offset
);
1094 static int vnc_update_client(VncState
*vs
, int has_dirty
)
1096 VncDisplay
*vd
= vs
->vd
;
1102 if (vs
->disconnecting
) {
1103 vnc_disconnect_finish(vs
);
1107 vs
->has_dirty
+= has_dirty
;
1108 if (!vnc_should_update(vs
)) {
1112 if (!vs
->has_dirty
&& vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
1117 * Send screen updates to the vnc client using the server
1118 * surface and server dirty map. guest surface updates
1119 * happening in parallel don't disturb us, the next pass will
1120 * send them to the client.
1122 job
= vnc_job_new(vs
);
1124 height
= pixman_image_get_height(vd
->server
);
1125 width
= pixman_image_get_width(vd
->server
);
1131 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
1132 height
* VNC_DIRTY_BPL(vs
),
1133 y
* VNC_DIRTY_BPL(vs
));
1134 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
1135 /* no more dirty bits */
1138 y
= offset
/ VNC_DIRTY_BPL(vs
);
1139 x
= offset
% VNC_DIRTY_BPL(vs
);
1140 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
1141 VNC_DIRTY_BPL(vs
), x
);
1142 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
1143 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
1144 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
1146 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
1147 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
1149 if (!x
&& x2
== width
/ VNC_DIRTY_PIXELS_PER_BIT
) {
1157 vs
->job_update
= vs
->update
;
1158 vs
->update
= VNC_STATE_UPDATE_NONE
;
1165 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1167 VncState
*vs
= opaque
;
1169 assert(vs
->magic
== VNC_MAGIC
);
1171 case AUD_CNOTIFY_DISABLE
:
1172 vnc_lock_output(vs
);
1173 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1174 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1175 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
1176 vnc_unlock_output(vs
);
1180 case AUD_CNOTIFY_ENABLE
:
1181 vnc_lock_output(vs
);
1182 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1183 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1184 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
1185 vnc_unlock_output(vs
);
1191 static void audio_capture_destroy(void *opaque
)
1195 static void audio_capture(void *opaque
, void *buf
, int size
)
1197 VncState
*vs
= opaque
;
1199 assert(vs
->magic
== VNC_MAGIC
);
1200 vnc_lock_output(vs
);
1201 if (vs
->output
.offset
< vs
->throttle_output_offset
) {
1202 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1203 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1204 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
1205 vnc_write_u32(vs
, size
);
1206 vnc_write(vs
, buf
, size
);
1208 trace_vnc_client_throttle_audio(vs
, vs
->ioc
, vs
->output
.offset
);
1210 vnc_unlock_output(vs
);
1214 static void audio_add(VncState
*vs
)
1216 struct audio_capture_ops ops
;
1218 if (vs
->audio_cap
) {
1219 error_report("audio already running");
1223 ops
.notify
= audio_capture_notify
;
1224 ops
.destroy
= audio_capture_destroy
;
1225 ops
.capture
= audio_capture
;
1227 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1228 if (!vs
->audio_cap
) {
1229 error_report("Failed to add audio capture");
1233 static void audio_del(VncState
*vs
)
1235 if (vs
->audio_cap
) {
1236 AUD_del_capture(vs
->audio_cap
, vs
);
1237 vs
->audio_cap
= NULL
;
1241 static void vnc_disconnect_start(VncState
*vs
)
1243 if (vs
->disconnecting
) {
1246 trace_vnc_client_disconnect_start(vs
, vs
->ioc
);
1247 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1249 g_source_remove(vs
->ioc_tag
);
1252 qio_channel_close(vs
->ioc
, NULL
);
1253 vs
->disconnecting
= TRUE
;
1256 void vnc_disconnect_finish(VncState
*vs
)
1260 trace_vnc_client_disconnect_finish(vs
, vs
->ioc
);
1262 vnc_jobs_join(vs
); /* Wait encoding jobs */
1264 vnc_lock_output(vs
);
1265 vnc_qmp_event(vs
, QAPI_EVENT_VNC_DISCONNECTED
);
1267 buffer_free(&vs
->input
);
1268 buffer_free(&vs
->output
);
1270 qapi_free_VncClientInfo(vs
->info
);
1273 vnc_tight_clear(vs
);
1276 #ifdef CONFIG_VNC_SASL
1277 vnc_sasl_client_cleanup(vs
);
1278 #endif /* CONFIG_VNC_SASL */
1280 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1282 if (vs
->mouse_mode_notifier
.notify
!= NULL
) {
1283 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1285 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1286 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1287 /* last client gone */
1288 vnc_update_server_surface(vs
->vd
);
1291 vnc_unlock_output(vs
);
1293 qemu_mutex_destroy(&vs
->output_mutex
);
1294 if (vs
->bh
!= NULL
) {
1295 qemu_bh_delete(vs
->bh
);
1297 buffer_free(&vs
->jobs_buffer
);
1299 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1300 g_free(vs
->lossy_rect
[i
]);
1302 g_free(vs
->lossy_rect
);
1304 object_unref(OBJECT(vs
->ioc
));
1306 object_unref(OBJECT(vs
->sioc
));
1312 size_t vnc_client_io_error(VncState
*vs
, ssize_t ret
, Error
**errp
)
1316 trace_vnc_client_eof(vs
, vs
->ioc
);
1317 vnc_disconnect_start(vs
);
1318 } else if (ret
!= QIO_CHANNEL_ERR_BLOCK
) {
1319 trace_vnc_client_io_error(vs
, vs
->ioc
,
1320 errp
? error_get_pretty(*errp
) :
1322 vnc_disconnect_start(vs
);
1335 void vnc_client_error(VncState
*vs
)
1337 VNC_DEBUG("Closing down client sock: protocol error\n");
1338 vnc_disconnect_start(vs
);
1343 * Called to write a chunk of data to the client socket. The data may
1344 * be the raw data, or may have already been encoded by SASL.
1345 * The data will be written either straight onto the socket, or
1346 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1348 * NB, it is theoretically possible to have 2 layers of encryption,
1349 * both SASL, and this TLS layer. It is highly unlikely in practice
1350 * though, since SASL encryption will typically be a no-op if TLS
1353 * Returns the number of bytes written, which may be less than
1354 * the requested 'datalen' if the socket would block. Returns
1355 * 0 on I/O error, and disconnects the client socket.
1357 size_t vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1361 ret
= qio_channel_write(
1362 vs
->ioc
, (const char *)data
, datalen
, &err
);
1363 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1364 return vnc_client_io_error(vs
, ret
, &err
);
1369 * Called to write buffered data to the client socket, when not
1370 * using any SASL SSF encryption layers. Will write as much data
1371 * as possible without blocking. If all buffered data is written,
1372 * will switch the FD poll() handler back to read monitoring.
1374 * Returns the number of bytes written, which may be less than
1375 * the buffered output data if the socket would block. Returns
1376 * 0 on I/O error, and disconnects the client socket.
1378 static size_t vnc_client_write_plain(VncState
*vs
)
1383 #ifdef CONFIG_VNC_SASL
1384 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1385 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1386 vs
->sasl
.waitWriteSSF
);
1388 if (vs
->sasl
.conn
&&
1390 vs
->sasl
.waitWriteSSF
) {
1391 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1393 vs
->sasl
.waitWriteSSF
-= ret
;
1395 #endif /* CONFIG_VNC_SASL */
1396 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1400 if (ret
>= vs
->force_update_offset
) {
1401 if (vs
->force_update_offset
!= 0) {
1402 trace_vnc_client_unthrottle_forced(vs
, vs
->ioc
);
1404 vs
->force_update_offset
= 0;
1406 vs
->force_update_offset
-= ret
;
1408 offset
= vs
->output
.offset
;
1409 buffer_advance(&vs
->output
, ret
);
1410 if (offset
>= vs
->throttle_output_offset
&&
1411 vs
->output
.offset
< vs
->throttle_output_offset
) {
1412 trace_vnc_client_unthrottle_incremental(vs
, vs
->ioc
, vs
->output
.offset
);
1415 if (vs
->output
.offset
== 0) {
1417 g_source_remove(vs
->ioc_tag
);
1419 vs
->ioc_tag
= qio_channel_add_watch(
1420 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1428 * First function called whenever there is data to be written to
1429 * the client socket. Will delegate actual work according to whether
1430 * SASL SSF layers are enabled (thus requiring encryption calls)
1432 static void vnc_client_write_locked(VncState
*vs
)
1434 #ifdef CONFIG_VNC_SASL
1435 if (vs
->sasl
.conn
&&
1437 !vs
->sasl
.waitWriteSSF
) {
1438 vnc_client_write_sasl(vs
);
1440 #endif /* CONFIG_VNC_SASL */
1442 vnc_client_write_plain(vs
);
1446 static void vnc_client_write(VncState
*vs
)
1448 assert(vs
->magic
== VNC_MAGIC
);
1449 vnc_lock_output(vs
);
1450 if (vs
->output
.offset
) {
1451 vnc_client_write_locked(vs
);
1452 } else if (vs
->ioc
!= NULL
) {
1454 g_source_remove(vs
->ioc_tag
);
1456 vs
->ioc_tag
= qio_channel_add_watch(
1457 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1459 vnc_unlock_output(vs
);
1462 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1464 vs
->read_handler
= func
;
1465 vs
->read_handler_expect
= expecting
;
1470 * Called to read a chunk of data from the client socket. The data may
1471 * be the raw data, or may need to be further decoded by SASL.
1472 * The data will be read either straight from to the socket, or
1473 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1475 * NB, it is theoretically possible to have 2 layers of encryption,
1476 * both SASL, and this TLS layer. It is highly unlikely in practice
1477 * though, since SASL encryption will typically be a no-op if TLS
1480 * Returns the number of bytes read, which may be less than
1481 * the requested 'datalen' if the socket would block. Returns
1482 * 0 on I/O error or EOF, and disconnects the client socket.
1484 size_t vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1488 ret
= qio_channel_read(
1489 vs
->ioc
, (char *)data
, datalen
, &err
);
1490 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1491 return vnc_client_io_error(vs
, ret
, &err
);
1496 * Called to read data from the client socket to the input buffer,
1497 * when not using any SASL SSF encryption layers. Will read as much
1498 * data as possible without blocking.
1500 * Returns the number of bytes read, which may be less than
1501 * the requested 'datalen' if the socket would block. Returns
1502 * 0 on I/O error or EOF, and disconnects the client socket.
1504 static size_t vnc_client_read_plain(VncState
*vs
)
1507 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1508 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1509 buffer_reserve(&vs
->input
, 4096);
1510 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1513 vs
->input
.offset
+= ret
;
1517 static void vnc_jobs_bh(void *opaque
)
1519 VncState
*vs
= opaque
;
1521 assert(vs
->magic
== VNC_MAGIC
);
1522 vnc_jobs_consume_buffer(vs
);
1526 * First function called whenever there is more data to be read from
1527 * the client socket. Will delegate actual work according to whether
1528 * SASL SSF layers are enabled (thus requiring decryption calls)
1529 * Returns 0 on success, -1 if client disconnected
1531 static int vnc_client_read(VncState
*vs
)
1535 #ifdef CONFIG_VNC_SASL
1536 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1537 ret
= vnc_client_read_sasl(vs
);
1539 #endif /* CONFIG_VNC_SASL */
1540 ret
= vnc_client_read_plain(vs
);
1542 if (vs
->disconnecting
) {
1543 vnc_disconnect_finish(vs
);
1549 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1550 size_t len
= vs
->read_handler_expect
;
1553 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1554 if (vs
->disconnecting
) {
1555 vnc_disconnect_finish(vs
);
1560 buffer_advance(&vs
->input
, len
);
1562 vs
->read_handler_expect
= ret
;
1568 gboolean
vnc_client_io(QIOChannel
*ioc G_GNUC_UNUSED
,
1569 GIOCondition condition
, void *opaque
)
1571 VncState
*vs
= opaque
;
1573 assert(vs
->magic
== VNC_MAGIC
);
1574 if (condition
& G_IO_IN
) {
1575 if (vnc_client_read(vs
) < 0) {
1576 /* vs is free()ed here */
1580 if (condition
& G_IO_OUT
) {
1581 vnc_client_write(vs
);
1584 if (vs
->disconnecting
) {
1585 if (vs
->ioc_tag
!= 0) {
1586 g_source_remove(vs
->ioc_tag
);
1595 * Scale factor to apply to vs->throttle_output_offset when checking for
1596 * hard limit. Worst case normal usage could be x2, if we have a complete
1597 * incremental update and complete forced update in the output buffer.
1598 * So x3 should be good enough, but we pick x5 to be conservative and thus
1599 * (hopefully) never trigger incorrectly.
1601 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1603 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1605 assert(vs
->magic
== VNC_MAGIC
);
1606 if (vs
->disconnecting
) {
1609 /* Protection against malicious client/guest to prevent our output
1610 * buffer growing without bound if client stops reading data. This
1611 * should rarely trigger, because we have earlier throttling code
1612 * which stops issuing framebuffer updates and drops audio data
1613 * if the throttle_output_offset value is exceeded. So we only reach
1614 * this higher level if a huge number of pseudo-encodings get
1615 * triggered while data can't be sent on the socket.
1617 * NB throttle_output_offset can be zero during early protocol
1618 * handshake, or from the job thread's VncState clone
1620 if (vs
->throttle_output_offset
!= 0 &&
1621 (vs
->output
.offset
/ VNC_THROTTLE_OUTPUT_LIMIT_SCALE
) >
1622 vs
->throttle_output_offset
) {
1623 trace_vnc_client_output_limit(vs
, vs
->ioc
, vs
->output
.offset
,
1624 vs
->throttle_output_offset
);
1625 vnc_disconnect_start(vs
);
1628 buffer_reserve(&vs
->output
, len
);
1630 if (vs
->ioc
!= NULL
&& buffer_empty(&vs
->output
)) {
1632 g_source_remove(vs
->ioc_tag
);
1634 vs
->ioc_tag
= qio_channel_add_watch(
1635 vs
->ioc
, G_IO_IN
| G_IO_OUT
, vnc_client_io
, vs
, NULL
);
1638 buffer_append(&vs
->output
, data
, len
);
1641 void vnc_write_s32(VncState
*vs
, int32_t value
)
1643 vnc_write_u32(vs
, *(uint32_t *)&value
);
1646 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1650 buf
[0] = (value
>> 24) & 0xFF;
1651 buf
[1] = (value
>> 16) & 0xFF;
1652 buf
[2] = (value
>> 8) & 0xFF;
1653 buf
[3] = value
& 0xFF;
1655 vnc_write(vs
, buf
, 4);
1658 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1662 buf
[0] = (value
>> 8) & 0xFF;
1663 buf
[1] = value
& 0xFF;
1665 vnc_write(vs
, buf
, 2);
1668 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1670 vnc_write(vs
, (char *)&value
, 1);
1673 void vnc_flush(VncState
*vs
)
1675 vnc_lock_output(vs
);
1676 if (vs
->ioc
!= NULL
&& vs
->output
.offset
) {
1677 vnc_client_write_locked(vs
);
1679 if (vs
->disconnecting
) {
1680 if (vs
->ioc_tag
!= 0) {
1681 g_source_remove(vs
->ioc_tag
);
1685 vnc_unlock_output(vs
);
1688 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1690 return data
[offset
];
1693 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1695 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1698 static int32_t read_s32(uint8_t *data
, size_t offset
)
1700 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1701 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1704 uint32_t read_u32(uint8_t *data
, size_t offset
)
1706 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1707 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1710 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1714 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1716 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1717 int absolute
= qemu_input_is_absolute();
1719 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1720 vnc_lock_output(vs
);
1721 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1722 vnc_write_u8(vs
, 0);
1723 vnc_write_u16(vs
, 1);
1724 vnc_framebuffer_update(vs
, absolute
, 0,
1725 pixman_image_get_width(vs
->vd
->server
),
1726 pixman_image_get_height(vs
->vd
->server
),
1727 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1728 vnc_unlock_output(vs
);
1731 vs
->absolute
= absolute
;
1734 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1736 static uint32_t bmap
[INPUT_BUTTON__MAX
] = {
1737 [INPUT_BUTTON_LEFT
] = 0x01,
1738 [INPUT_BUTTON_MIDDLE
] = 0x02,
1739 [INPUT_BUTTON_RIGHT
] = 0x04,
1740 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1741 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1743 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1744 int width
= pixman_image_get_width(vs
->vd
->server
);
1745 int height
= pixman_image_get_height(vs
->vd
->server
);
1747 if (vs
->last_bmask
!= button_mask
) {
1748 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1749 vs
->last_bmask
= button_mask
;
1753 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, 0, width
);
1754 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, 0, height
);
1755 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1756 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1757 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1759 if (vs
->last_x
!= -1) {
1760 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1761 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1766 qemu_input_event_sync();
1769 static void press_key(VncState
*vs
, QKeyCode qcode
)
1771 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, true);
1772 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, false);
1775 static void vnc_led_state_change(VncState
*vs
)
1777 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1781 vnc_lock_output(vs
);
1782 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1783 vnc_write_u8(vs
, 0);
1784 vnc_write_u16(vs
, 1);
1785 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1786 vnc_write_u8(vs
, vs
->vd
->ledstate
);
1787 vnc_unlock_output(vs
);
1791 static void kbd_leds(void *opaque
, int ledstate
)
1793 VncDisplay
*vd
= opaque
;
1796 trace_vnc_key_guest_leds((ledstate
& QEMU_CAPS_LOCK_LED
),
1797 (ledstate
& QEMU_NUM_LOCK_LED
),
1798 (ledstate
& QEMU_SCROLL_LOCK_LED
));
1800 if (ledstate
== vd
->ledstate
) {
1804 vd
->ledstate
= ledstate
;
1806 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
1807 vnc_led_state_change(client
);
1811 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1813 QKeyCode qcode
= qemu_input_key_number_to_qcode(keycode
);
1815 /* QEMU console switch */
1817 case Q_KEY_CODE_1
... Q_KEY_CODE_9
: /* '1' to '9' keys */
1818 if (vs
->vd
->dcl
.con
== NULL
&& down
&&
1819 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
) &&
1820 qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_ALT
)) {
1821 /* Reset the modifiers sent to the current console */
1822 qkbd_state_lift_all_keys(vs
->vd
->kbd
);
1823 console_select(qcode
- Q_KEY_CODE_1
);
1830 /* Turn off the lock state sync logic if the client support the led
1833 if (down
&& vs
->vd
->lock_key_sync
&&
1834 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1835 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1836 /* If the numlock state needs to change then simulate an additional
1837 keypress before sending this one. This will happen if the user
1838 toggles numlock away from the VNC window.
1840 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1841 if (!qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1842 trace_vnc_key_sync_numlock(true);
1843 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1846 if (qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
)) {
1847 trace_vnc_key_sync_numlock(false);
1848 press_key(vs
, Q_KEY_CODE_NUM_LOCK
);
1853 if (down
&& vs
->vd
->lock_key_sync
&&
1854 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1855 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1856 /* If the capslock state needs to change then simulate an additional
1857 keypress before sending this one. This will happen if the user
1858 toggles capslock away from the VNC window.
1860 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1861 bool shift
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_SHIFT
);
1862 bool capslock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CAPSLOCK
);
1864 if (uppercase
== shift
) {
1865 trace_vnc_key_sync_capslock(false);
1866 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1869 if (uppercase
!= shift
) {
1870 trace_vnc_key_sync_capslock(true);
1871 press_key(vs
, Q_KEY_CODE_CAPS_LOCK
);
1876 qkbd_state_key_event(vs
->vd
->kbd
, qcode
, down
);
1877 if (!qemu_console_is_graphic(NULL
)) {
1878 bool numlock
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_NUMLOCK
);
1879 bool control
= qkbd_state_modifier_get(vs
->vd
->kbd
, QKBD_MOD_CTRL
);
1880 /* QEMU console emulation */
1883 case 0x2a: /* Left Shift */
1884 case 0x36: /* Right Shift */
1885 case 0x1d: /* Left CTRL */
1886 case 0x9d: /* Right CTRL */
1887 case 0x38: /* Left ALT */
1888 case 0xb8: /* Right ALT */
1891 kbd_put_keysym(QEMU_KEY_UP
);
1894 kbd_put_keysym(QEMU_KEY_DOWN
);
1897 kbd_put_keysym(QEMU_KEY_LEFT
);
1900 kbd_put_keysym(QEMU_KEY_RIGHT
);
1903 kbd_put_keysym(QEMU_KEY_DELETE
);
1906 kbd_put_keysym(QEMU_KEY_HOME
);
1909 kbd_put_keysym(QEMU_KEY_END
);
1912 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1915 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1919 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1922 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1925 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1928 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1931 kbd_put_keysym('5');
1934 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1937 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1940 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1943 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1946 kbd_put_keysym('0');
1949 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1953 kbd_put_keysym('/');
1956 kbd_put_keysym('*');
1959 kbd_put_keysym('-');
1962 kbd_put_keysym('+');
1965 kbd_put_keysym('\n');
1970 kbd_put_keysym(sym
& 0x1f);
1972 kbd_put_keysym(sym
);
1980 static const char *code2name(int keycode
)
1982 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode
));
1985 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1990 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
1991 lsym
= lsym
- 'A' + 'a';
1994 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF,
1995 vs
->vd
->kbd
, down
) & SCANCODE_KEYMASK
;
1996 trace_vnc_key_event_map(down
, sym
, keycode
, code2name(keycode
));
1997 do_key_event(vs
, down
, keycode
, sym
);
2000 static void ext_key_event(VncState
*vs
, int down
,
2001 uint32_t sym
, uint16_t keycode
)
2003 /* if the user specifies a keyboard layout, always use it */
2004 if (keyboard_layout
) {
2005 key_event(vs
, down
, sym
);
2007 trace_vnc_key_event_ext(down
, sym
, keycode
, code2name(keycode
));
2008 do_key_event(vs
, down
, keycode
, sym
);
2012 static void framebuffer_update_request(VncState
*vs
, int incremental
,
2013 int x
, int y
, int w
, int h
)
2016 if (vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
2017 vs
->update
= VNC_STATE_UPDATE_INCREMENTAL
;
2020 vs
->update
= VNC_STATE_UPDATE_FORCE
;
2021 vnc_set_area_dirty(vs
->dirty
, vs
->vd
, x
, y
, w
, h
);
2025 static void send_ext_key_event_ack(VncState
*vs
)
2027 vnc_lock_output(vs
);
2028 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2029 vnc_write_u8(vs
, 0);
2030 vnc_write_u16(vs
, 1);
2031 vnc_framebuffer_update(vs
, 0, 0,
2032 pixman_image_get_width(vs
->vd
->server
),
2033 pixman_image_get_height(vs
->vd
->server
),
2034 VNC_ENCODING_EXT_KEY_EVENT
);
2035 vnc_unlock_output(vs
);
2039 static void send_ext_audio_ack(VncState
*vs
)
2041 vnc_lock_output(vs
);
2042 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2043 vnc_write_u8(vs
, 0);
2044 vnc_write_u16(vs
, 1);
2045 vnc_framebuffer_update(vs
, 0, 0,
2046 pixman_image_get_width(vs
->vd
->server
),
2047 pixman_image_get_height(vs
->vd
->server
),
2048 VNC_ENCODING_AUDIO
);
2049 vnc_unlock_output(vs
);
2053 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
2056 unsigned int enc
= 0;
2059 vs
->vnc_encoding
= 0;
2060 vs
->tight
.compression
= 9;
2061 vs
->tight
.quality
= -1; /* Lossless by default */
2065 * Start from the end because the encodings are sent in order of preference.
2066 * This way the preferred encoding (first encoding defined in the array)
2067 * will be set at the end of the loop.
2069 for (i
= n_encodings
- 1; i
>= 0; i
--) {
2072 case VNC_ENCODING_RAW
:
2073 vs
->vnc_encoding
= enc
;
2075 case VNC_ENCODING_COPYRECT
:
2076 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
2078 case VNC_ENCODING_HEXTILE
:
2079 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
2080 vs
->vnc_encoding
= enc
;
2082 case VNC_ENCODING_TIGHT
:
2083 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
2084 vs
->vnc_encoding
= enc
;
2086 #ifdef CONFIG_VNC_PNG
2087 case VNC_ENCODING_TIGHT_PNG
:
2088 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
2089 vs
->vnc_encoding
= enc
;
2092 case VNC_ENCODING_ZLIB
:
2093 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
2094 vs
->vnc_encoding
= enc
;
2096 case VNC_ENCODING_ZRLE
:
2097 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
2098 vs
->vnc_encoding
= enc
;
2100 case VNC_ENCODING_ZYWRLE
:
2101 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
2102 vs
->vnc_encoding
= enc
;
2104 case VNC_ENCODING_DESKTOPRESIZE
:
2105 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
2107 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
2108 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
2110 case VNC_ENCODING_RICH_CURSOR
:
2111 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
2112 if (vs
->vd
->cursor
) {
2113 vnc_cursor_define(vs
);
2116 case VNC_ENCODING_EXT_KEY_EVENT
:
2117 send_ext_key_event_ack(vs
);
2119 case VNC_ENCODING_AUDIO
:
2120 send_ext_audio_ack(vs
);
2122 case VNC_ENCODING_WMVi
:
2123 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
2125 case VNC_ENCODING_LED_STATE
:
2126 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
2128 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
2129 vs
->tight
.compression
= (enc
& 0x0F);
2131 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
2132 if (vs
->vd
->lossy
) {
2133 vs
->tight
.quality
= (enc
& 0x0F);
2137 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
2141 vnc_desktop_resize(vs
);
2142 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
2143 vnc_led_state_change(vs
);
2146 static void set_pixel_conversion(VncState
*vs
)
2148 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
2150 if (fmt
== VNC_SERVER_FB_FORMAT
) {
2151 vs
->write_pixels
= vnc_write_pixels_copy
;
2152 vnc_hextile_set_pixel_conversion(vs
, 0);
2154 vs
->write_pixels
= vnc_write_pixels_generic
;
2155 vnc_hextile_set_pixel_conversion(vs
, 1);
2159 static void send_color_map(VncState
*vs
)
2163 vnc_write_u8(vs
, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES
);
2164 vnc_write_u8(vs
, 0); /* padding */
2165 vnc_write_u16(vs
, 0); /* first color */
2166 vnc_write_u16(vs
, 256); /* # of colors */
2168 for (i
= 0; i
< 256; i
++) {
2169 PixelFormat
*pf
= &vs
->client_pf
;
2171 vnc_write_u16(vs
, (((i
>> pf
->rshift
) & pf
->rmax
) << (16 - pf
->rbits
)));
2172 vnc_write_u16(vs
, (((i
>> pf
->gshift
) & pf
->gmax
) << (16 - pf
->gbits
)));
2173 vnc_write_u16(vs
, (((i
>> pf
->bshift
) & pf
->bmax
) << (16 - pf
->bbits
)));
2177 static void set_pixel_format(VncState
*vs
, int bits_per_pixel
,
2178 int big_endian_flag
, int true_color_flag
,
2179 int red_max
, int green_max
, int blue_max
,
2180 int red_shift
, int green_shift
, int blue_shift
)
2182 if (!true_color_flag
) {
2183 /* Expose a reasonable default 256 color map */
2193 switch (bits_per_pixel
) {
2199 vnc_client_error(vs
);
2203 vs
->client_pf
.rmax
= red_max
? red_max
: 0xFF;
2204 vs
->client_pf
.rbits
= ctpopl(red_max
);
2205 vs
->client_pf
.rshift
= red_shift
;
2206 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2207 vs
->client_pf
.gmax
= green_max
? green_max
: 0xFF;
2208 vs
->client_pf
.gbits
= ctpopl(green_max
);
2209 vs
->client_pf
.gshift
= green_shift
;
2210 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2211 vs
->client_pf
.bmax
= blue_max
? blue_max
: 0xFF;
2212 vs
->client_pf
.bbits
= ctpopl(blue_max
);
2213 vs
->client_pf
.bshift
= blue_shift
;
2214 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2215 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2216 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2217 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2218 vs
->client_be
= big_endian_flag
;
2220 if (!true_color_flag
) {
2224 set_pixel_conversion(vs
);
2226 graphic_hw_invalidate(vs
->vd
->dcl
.con
);
2227 graphic_hw_update(vs
->vd
->dcl
.con
);
2230 static void pixel_format_message (VncState
*vs
) {
2231 char pad
[3] = { 0, 0, 0 };
2233 vs
->client_pf
= qemu_default_pixelformat(32);
2235 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2236 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2238 #ifdef HOST_WORDS_BIGENDIAN
2239 vnc_write_u8(vs
, 1); /* big-endian-flag */
2241 vnc_write_u8(vs
, 0); /* big-endian-flag */
2243 vnc_write_u8(vs
, 1); /* true-color-flag */
2244 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2245 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2246 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2247 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2248 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2249 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2250 vnc_write(vs
, pad
, 3); /* padding */
2252 vnc_hextile_set_pixel_conversion(vs
, 0);
2253 vs
->write_pixels
= vnc_write_pixels_copy
;
2256 static void vnc_colordepth(VncState
*vs
)
2258 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2259 /* Sending a WMVi message to notify the client*/
2260 vnc_lock_output(vs
);
2261 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2262 vnc_write_u8(vs
, 0);
2263 vnc_write_u16(vs
, 1); /* number of rects */
2264 vnc_framebuffer_update(vs
, 0, 0,
2265 pixman_image_get_width(vs
->vd
->server
),
2266 pixman_image_get_height(vs
->vd
->server
),
2268 pixel_format_message(vs
);
2269 vnc_unlock_output(vs
);
2272 set_pixel_conversion(vs
);
2276 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2281 VncDisplay
*vd
= vs
->vd
;
2284 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2288 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2292 set_pixel_format(vs
, read_u8(data
, 4),
2293 read_u8(data
, 6), read_u8(data
, 7),
2294 read_u16(data
, 8), read_u16(data
, 10),
2295 read_u16(data
, 12), read_u8(data
, 14),
2296 read_u8(data
, 15), read_u8(data
, 16));
2298 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2303 limit
= read_u16(data
, 2);
2305 return 4 + (limit
* 4);
2307 limit
= read_u16(data
, 2);
2309 for (i
= 0; i
< limit
; i
++) {
2310 int32_t val
= read_s32(data
, 4 + (i
* 4));
2311 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2314 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2316 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2320 framebuffer_update_request(vs
,
2321 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2322 read_u16(data
, 6), read_u16(data
, 8));
2324 case VNC_MSG_CLIENT_KEY_EVENT
:
2328 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2330 case VNC_MSG_CLIENT_POINTER_EVENT
:
2334 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2336 case VNC_MSG_CLIENT_CUT_TEXT
:
2341 uint32_t dlen
= read_u32(data
, 4);
2342 if (dlen
> (1 << 20)) {
2343 error_report("vnc: client_cut_text msg payload has %u bytes"
2344 " which exceeds our limit of 1MB.", dlen
);
2345 vnc_client_error(vs
);
2353 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2355 case VNC_MSG_CLIENT_QEMU
:
2359 switch (read_u8(data
, 1)) {
2360 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2364 ext_key_event(vs
, read_u16(data
, 2),
2365 read_u32(data
, 4), read_u32(data
, 8));
2367 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2371 switch (read_u16 (data
, 2)) {
2372 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2375 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2378 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2381 switch (read_u8(data
, 4)) {
2382 case 0: vs
->as
.fmt
= AUDIO_FORMAT_U8
; break;
2383 case 1: vs
->as
.fmt
= AUDIO_FORMAT_S8
; break;
2384 case 2: vs
->as
.fmt
= AUDIO_FORMAT_U16
; break;
2385 case 3: vs
->as
.fmt
= AUDIO_FORMAT_S16
; break;
2386 case 4: vs
->as
.fmt
= AUDIO_FORMAT_U32
; break;
2387 case 5: vs
->as
.fmt
= AUDIO_FORMAT_S32
; break;
2389 VNC_DEBUG("Invalid audio format %d\n", read_u8(data
, 4));
2390 vnc_client_error(vs
);
2393 vs
->as
.nchannels
= read_u8(data
, 5);
2394 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2395 VNC_DEBUG("Invalid audio channel count %d\n",
2397 vnc_client_error(vs
);
2400 freq
= read_u32(data
, 6);
2401 /* No official limit for protocol, but 48khz is a sensible
2402 * upper bound for trustworthy clients, and this limit
2403 * protects calculations involving 'vs->as.freq' later.
2406 VNC_DEBUG("Invalid audio frequency %u > 48000", freq
);
2407 vnc_client_error(vs
);
2413 VNC_DEBUG("Invalid audio message %d\n", read_u8(data
, 4));
2414 vnc_client_error(vs
);
2420 VNC_DEBUG("Msg: %d\n", read_u16(data
, 0));
2421 vnc_client_error(vs
);
2426 VNC_DEBUG("Msg: %d\n", data
[0]);
2427 vnc_client_error(vs
);
2431 vnc_update_throttle_offset(vs
);
2432 vnc_read_when(vs
, protocol_client_msg
, 1);
2436 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2442 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2443 switch (vs
->vd
->share_policy
) {
2444 case VNC_SHARE_POLICY_IGNORE
:
2446 * Ignore the shared flag. Nothing to do here.
2448 * Doesn't conform to the rfb spec but is traditional qemu
2449 * behavior, thus left here as option for compatibility
2453 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2455 * Policy: Allow clients ask for exclusive access.
2457 * Implementation: When a client asks for exclusive access,
2458 * disconnect all others. Shared connects are allowed as long
2459 * as no exclusive connection exists.
2461 * This is how the rfb spec suggests to handle the shared flag.
2463 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2465 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2469 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2470 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2473 vnc_disconnect_start(client
);
2476 if (mode
== VNC_SHARE_MODE_SHARED
) {
2477 if (vs
->vd
->num_exclusive
> 0) {
2478 vnc_disconnect_start(vs
);
2483 case VNC_SHARE_POLICY_FORCE_SHARED
:
2485 * Policy: Shared connects only.
2486 * Implementation: Disallow clients asking for exclusive access.
2488 * Useful for shared desktop sessions where you don't want
2489 * someone forgetting to say -shared when running the vnc
2490 * client disconnect everybody else.
2492 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2493 vnc_disconnect_start(vs
);
2498 vnc_set_share_mode(vs
, mode
);
2500 if (vs
->vd
->num_shared
> vs
->vd
->connections_limit
) {
2501 vnc_disconnect_start(vs
);
2505 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
2506 pixman_image_get_width(vs
->vd
->server
) >= 0);
2507 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
2508 pixman_image_get_height(vs
->vd
->server
) >= 0);
2509 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
2510 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
2511 vnc_write_u16(vs
, vs
->client_width
);
2512 vnc_write_u16(vs
, vs
->client_height
);
2514 pixel_format_message(vs
);
2517 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2518 if (size
> sizeof(buf
)) {
2522 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2525 vnc_write_u32(vs
, size
);
2526 vnc_write(vs
, buf
, size
);
2529 vnc_client_cache_auth(vs
);
2530 vnc_qmp_event(vs
, QAPI_EVENT_VNC_INITIALIZED
);
2532 vnc_read_when(vs
, protocol_client_msg
, 1);
2537 void start_client_init(VncState
*vs
)
2539 vnc_read_when(vs
, protocol_client_init
, 1);
2542 static void authentication_failed(VncState
*vs
)
2544 vnc_write_u32(vs
, 1); /* Reject auth */
2545 if (vs
->minor
>= 8) {
2546 static const char err
[] = "Authentication failed";
2547 vnc_write_u32(vs
, sizeof(err
));
2548 vnc_write(vs
, err
, sizeof(err
));
2551 vnc_client_error(vs
);
2554 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2556 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2558 unsigned char key
[8];
2559 time_t now
= time(NULL
);
2560 QCryptoCipher
*cipher
= NULL
;
2563 if (!vs
->vd
->password
) {
2564 trace_vnc_auth_fail(vs
, vs
->auth
, "password is not set", "");
2567 if (vs
->vd
->expires
< now
) {
2568 trace_vnc_auth_fail(vs
, vs
->auth
, "password is expired", "");
2572 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2574 /* Calculate the expected challenge response */
2575 pwlen
= strlen(vs
->vd
->password
);
2576 for (i
=0; i
<sizeof(key
); i
++)
2577 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2579 cipher
= qcrypto_cipher_new(
2580 QCRYPTO_CIPHER_ALG_DES_RFB
,
2581 QCRYPTO_CIPHER_MODE_ECB
,
2582 key
, G_N_ELEMENTS(key
),
2585 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot create cipher",
2586 error_get_pretty(err
));
2591 if (qcrypto_cipher_encrypt(cipher
,
2594 VNC_AUTH_CHALLENGE_SIZE
,
2596 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot encrypt challenge response",
2597 error_get_pretty(err
));
2602 /* Compare expected vs actual challenge response */
2603 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2604 trace_vnc_auth_fail(vs
, vs
->auth
, "mis-matched challenge response", "");
2607 trace_vnc_auth_pass(vs
, vs
->auth
);
2608 vnc_write_u32(vs
, 0); /* Accept auth */
2611 start_client_init(vs
);
2614 qcrypto_cipher_free(cipher
);
2618 authentication_failed(vs
);
2619 qcrypto_cipher_free(cipher
);
2623 void start_auth_vnc(VncState
*vs
)
2627 if (qcrypto_random_bytes(vs
->challenge
, sizeof(vs
->challenge
), &err
)) {
2628 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot get random bytes",
2629 error_get_pretty(err
));
2631 authentication_failed(vs
);
2635 /* Send client a 'random' challenge */
2636 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2639 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2643 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2645 /* We only advertise 1 auth scheme at a time, so client
2646 * must pick the one we sent. Verify this */
2647 if (data
[0] != vs
->auth
) { /* Reject auth */
2648 trace_vnc_auth_reject(vs
, vs
->auth
, (int)data
[0]);
2649 authentication_failed(vs
);
2650 } else { /* Accept requested auth */
2651 trace_vnc_auth_start(vs
, vs
->auth
);
2654 if (vs
->minor
>= 8) {
2655 vnc_write_u32(vs
, 0); /* Accept auth completion */
2658 trace_vnc_auth_pass(vs
, vs
->auth
);
2659 start_client_init(vs
);
2666 case VNC_AUTH_VENCRYPT
:
2667 start_auth_vencrypt(vs
);
2670 #ifdef CONFIG_VNC_SASL
2672 start_auth_sasl(vs
);
2674 #endif /* CONFIG_VNC_SASL */
2676 default: /* Should not be possible, but just in case */
2677 trace_vnc_auth_fail(vs
, vs
->auth
, "Unhandled auth method", "");
2678 authentication_failed(vs
);
2684 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2688 memcpy(local
, version
, 12);
2691 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2692 VNC_DEBUG("Malformed protocol version %s\n", local
);
2693 vnc_client_error(vs
);
2696 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2697 if (vs
->major
!= 3 ||
2703 VNC_DEBUG("Unsupported client version\n");
2704 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2706 vnc_client_error(vs
);
2709 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2710 * as equivalent to v3.3 by servers
2712 if (vs
->minor
== 4 || vs
->minor
== 5)
2715 if (vs
->minor
== 3) {
2716 trace_vnc_auth_start(vs
, vs
->auth
);
2717 if (vs
->auth
== VNC_AUTH_NONE
) {
2718 vnc_write_u32(vs
, vs
->auth
);
2720 trace_vnc_auth_pass(vs
, vs
->auth
);
2721 start_client_init(vs
);
2722 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2723 VNC_DEBUG("Tell client VNC auth\n");
2724 vnc_write_u32(vs
, vs
->auth
);
2728 trace_vnc_auth_fail(vs
, vs
->auth
,
2729 "Unsupported auth method for v3.3", "");
2730 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2732 vnc_client_error(vs
);
2735 vnc_write_u8(vs
, 1); /* num auth */
2736 vnc_write_u8(vs
, vs
->auth
);
2737 vnc_read_when(vs
, protocol_client_auth
, 1);
2744 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2746 struct VncSurface
*vs
= &vd
->guest
;
2748 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2751 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2755 w
= (x
+ w
) / VNC_STAT_RECT
;
2756 h
= (y
+ h
) / VNC_STAT_RECT
;
2760 for (j
= y
; j
<= h
; j
++) {
2761 for (i
= x
; i
<= w
; i
++) {
2762 vs
->lossy_rect
[j
][i
] = 1;
2767 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2770 int sty
= y
/ VNC_STAT_RECT
;
2771 int stx
= x
/ VNC_STAT_RECT
;
2774 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2775 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2777 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2780 /* kernel send buffers are full -> refresh later */
2781 if (vs
->output
.offset
) {
2785 if (!vs
->lossy_rect
[sty
][stx
]) {
2789 vs
->lossy_rect
[sty
][stx
] = 0;
2790 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2791 bitmap_set(vs
->dirty
[y
+ j
],
2792 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2793 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2801 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2803 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2804 pixman_image_get_width(vd
->server
));
2805 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2806 pixman_image_get_height(vd
->server
));
2811 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2812 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2813 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2815 rect
->updated
= false;
2819 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2821 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2824 vd
->guest
.last_freq_check
= *tv
;
2826 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2827 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2828 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2829 int count
= ARRAY_SIZE(rect
->times
);
2830 struct timeval min
, max
;
2832 if (!timerisset(&rect
->times
[count
- 1])) {
2836 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2837 qemu_timersub(tv
, &max
, &res
);
2839 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2841 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2842 memset(rect
->times
, 0, sizeof (rect
->times
));
2846 min
= rect
->times
[rect
->idx
];
2847 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2848 qemu_timersub(&max
, &min
, &res
);
2850 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2851 rect
->freq
/= count
;
2852 rect
->freq
= 1. / rect
->freq
;
2858 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2864 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2865 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2867 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2868 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2869 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2881 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2885 rect
= vnc_stat_rect(vd
, x
, y
);
2886 if (rect
->updated
) {
2889 rect
->times
[rect
->idx
] = *tv
;
2890 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2891 rect
->updated
= true;
2894 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2896 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2897 pixman_image_get_width(vd
->server
));
2898 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2899 pixman_image_get_height(vd
->server
));
2900 int cmp_bytes
, server_stride
, line_bytes
, guest_ll
, guest_stride
, y
= 0;
2901 uint8_t *guest_row0
= NULL
, *server_row0
;
2904 pixman_image_t
*tmpbuf
= NULL
;
2906 struct timeval tv
= { 0, 0 };
2908 if (!vd
->non_adaptive
) {
2909 gettimeofday(&tv
, NULL
);
2910 has_dirty
= vnc_update_stats(vd
, &tv
);
2914 * Walk through the guest dirty map.
2915 * Check and copy modified bits from guest to server surface.
2916 * Update server dirty map.
2918 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
2919 server_stride
= guest_stride
= guest_ll
=
2920 pixman_image_get_stride(vd
->server
);
2921 cmp_bytes
= MIN(VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
,
2923 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2924 int width
= pixman_image_get_width(vd
->server
);
2925 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2928 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd
->guest
.fb
));
2929 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2930 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
2931 guest_ll
= pixman_image_get_width(vd
->guest
.fb
)
2932 * DIV_ROUND_UP(guest_bpp
, 8);
2934 line_bytes
= MIN(server_stride
, guest_ll
);
2938 uint8_t *guest_ptr
, *server_ptr
;
2939 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
2940 height
* VNC_DIRTY_BPL(&vd
->guest
),
2941 y
* VNC_DIRTY_BPL(&vd
->guest
));
2942 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
2943 /* no more dirty bits */
2946 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
2947 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
2949 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
2951 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2952 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2953 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2955 guest_ptr
= guest_row0
+ y
* guest_stride
;
2957 guest_ptr
+= x
* cmp_bytes
;
2959 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
2960 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2961 int _cmp_bytes
= cmp_bytes
;
2962 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
2965 if ((x
+ 1) * cmp_bytes
> line_bytes
) {
2966 _cmp_bytes
= line_bytes
- x
* cmp_bytes
;
2968 assert(_cmp_bytes
>= 0);
2969 if (memcmp(server_ptr
, guest_ptr
, _cmp_bytes
) == 0) {
2972 memcpy(server_ptr
, guest_ptr
, _cmp_bytes
);
2973 if (!vd
->non_adaptive
) {
2974 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
2977 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2978 set_bit(x
, vs
->dirty
[y
]);
2985 qemu_pixman_image_unref(tmpbuf
);
2989 static void vnc_refresh(DisplayChangeListener
*dcl
)
2991 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2993 int has_dirty
, rects
= 0;
2995 if (QTAILQ_EMPTY(&vd
->clients
)) {
2996 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
3000 graphic_hw_update(vd
->dcl
.con
);
3002 if (vnc_trylock_display(vd
)) {
3003 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3007 has_dirty
= vnc_refresh_server_surface(vd
);
3008 vnc_unlock_display(vd
);
3010 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
3011 rects
+= vnc_update_client(vs
, has_dirty
);
3012 /* vs might be free()ed here */
3015 if (has_dirty
&& rects
) {
3016 vd
->dcl
.update_interval
/= 2;
3017 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
3018 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
3021 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
3022 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
3023 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
3028 static void vnc_connect(VncDisplay
*vd
, QIOChannelSocket
*sioc
,
3029 bool skipauth
, bool websocket
)
3031 VncState
*vs
= g_new0(VncState
, 1);
3032 bool first_client
= QTAILQ_EMPTY(&vd
->clients
);
3035 trace_vnc_client_connect(vs
, sioc
);
3036 vs
->magic
= VNC_MAGIC
;
3038 object_ref(OBJECT(vs
->sioc
));
3039 vs
->ioc
= QIO_CHANNEL(sioc
);
3040 object_ref(OBJECT(vs
->ioc
));
3043 buffer_init(&vs
->input
, "vnc-input/%p", sioc
);
3044 buffer_init(&vs
->output
, "vnc-output/%p", sioc
);
3045 buffer_init(&vs
->jobs_buffer
, "vnc-jobs_buffer/%p", sioc
);
3047 buffer_init(&vs
->tight
.tight
, "vnc-tight/%p", sioc
);
3048 buffer_init(&vs
->tight
.zlib
, "vnc-tight-zlib/%p", sioc
);
3049 buffer_init(&vs
->tight
.gradient
, "vnc-tight-gradient/%p", sioc
);
3050 #ifdef CONFIG_VNC_JPEG
3051 buffer_init(&vs
->tight
.jpeg
, "vnc-tight-jpeg/%p", sioc
);
3053 #ifdef CONFIG_VNC_PNG
3054 buffer_init(&vs
->tight
.png
, "vnc-tight-png/%p", sioc
);
3056 buffer_init(&vs
->zlib
.zlib
, "vnc-zlib/%p", sioc
);
3057 buffer_init(&vs
->zrle
.zrle
, "vnc-zrle/%p", sioc
);
3058 buffer_init(&vs
->zrle
.fb
, "vnc-zrle-fb/%p", sioc
);
3059 buffer_init(&vs
->zrle
.zlib
, "vnc-zrle-zlib/%p", sioc
);
3062 vs
->auth
= VNC_AUTH_NONE
;
3063 vs
->subauth
= VNC_AUTH_INVALID
;
3066 vs
->auth
= vd
->ws_auth
;
3067 vs
->subauth
= VNC_AUTH_INVALID
;
3069 vs
->auth
= vd
->auth
;
3070 vs
->subauth
= vd
->subauth
;
3073 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3074 sioc
, websocket
, vs
->auth
, vs
->subauth
);
3076 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
3077 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
3078 vs
->lossy_rect
[i
] = g_new0(uint8_t, VNC_STAT_COLS
);
3081 VNC_DEBUG("New client on socket %p\n", vs
->sioc
);
3082 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3083 qio_channel_set_blocking(vs
->ioc
, false, NULL
);
3085 g_source_remove(vs
->ioc_tag
);
3090 vs
->ioc_tag
= qio_channel_add_watch(
3091 vs
->ioc
, G_IO_IN
, vncws_tls_handshake_io
, vs
, NULL
);
3093 vs
->ioc_tag
= qio_channel_add_watch(
3094 vs
->ioc
, G_IO_IN
, vncws_handshake_io
, vs
, NULL
);
3097 vs
->ioc_tag
= qio_channel_add_watch(
3098 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
3101 vnc_client_cache_addr(vs
);
3102 vnc_qmp_event(vs
, QAPI_EVENT_VNC_CONNECTED
);
3103 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
3108 vs
->as
.freq
= 44100;
3109 vs
->as
.nchannels
= 2;
3110 vs
->as
.fmt
= AUDIO_FORMAT_S16
;
3111 vs
->as
.endianness
= 0;
3113 qemu_mutex_init(&vs
->output_mutex
);
3114 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
3116 QTAILQ_INSERT_TAIL(&vd
->clients
, vs
, next
);
3118 vnc_update_server_surface(vd
);
3121 graphic_hw_update(vd
->dcl
.con
);
3123 if (!vs
->websocket
) {
3124 vnc_start_protocol(vs
);
3127 if (vd
->num_connecting
> vd
->connections_limit
) {
3128 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3129 if (vs
->share_mode
== VNC_SHARE_MODE_CONNECTING
) {
3130 vnc_disconnect_start(vs
);
3137 void vnc_start_protocol(VncState
*vs
)
3139 vnc_write(vs
, "RFB 003.008\n", 12);
3141 vnc_read_when(vs
, protocol_version
, 12);
3143 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
3144 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
3147 static void vnc_listen_io(QIONetListener
*listener
,
3148 QIOChannelSocket
*cioc
,
3151 VncDisplay
*vd
= opaque
;
3152 bool isWebsock
= listener
== vd
->wslistener
;
3154 qio_channel_set_name(QIO_CHANNEL(cioc
),
3155 isWebsock
? "vnc-ws-server" : "vnc-server");
3156 qio_channel_set_delay(QIO_CHANNEL(cioc
), false);
3157 vnc_connect(vd
, cioc
, false, isWebsock
);
3160 static const DisplayChangeListenerOps dcl_ops
= {
3162 .dpy_refresh
= vnc_refresh
,
3163 .dpy_gfx_update
= vnc_dpy_update
,
3164 .dpy_gfx_switch
= vnc_dpy_switch
,
3165 .dpy_gfx_check_format
= qemu_pixman_check_format
,
3166 .dpy_mouse_set
= vnc_mouse_set
,
3167 .dpy_cursor_define
= vnc_dpy_cursor_define
,
3170 void vnc_display_init(const char *id
, Error
**errp
)
3174 if (vnc_display_find(id
) != NULL
) {
3177 vd
= g_malloc0(sizeof(*vd
));
3179 vd
->id
= strdup(id
);
3180 QTAILQ_INSERT_TAIL(&vnc_displays
, vd
, next
);
3182 QTAILQ_INIT(&vd
->clients
);
3183 vd
->expires
= TIME_MAX
;
3185 if (keyboard_layout
) {
3186 trace_vnc_key_map_init(keyboard_layout
);
3187 vd
->kbd_layout
= init_keyboard_layout(name2keysym
,
3188 keyboard_layout
, errp
);
3190 vd
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us", errp
);
3193 if (!vd
->kbd_layout
) {
3197 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3198 vd
->connections_limit
= 32;
3200 qemu_mutex_init(&vd
->mutex
);
3201 vnc_start_worker_thread();
3203 vd
->dcl
.ops
= &dcl_ops
;
3204 register_displaychangelistener(&vd
->dcl
);
3205 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
3209 static void vnc_display_close(VncDisplay
*vd
)
3214 vd
->is_unix
= false;
3217 qio_net_listener_disconnect(vd
->listener
);
3218 object_unref(OBJECT(vd
->listener
));
3220 vd
->listener
= NULL
;
3222 if (vd
->wslistener
) {
3223 qio_net_listener_disconnect(vd
->wslistener
);
3224 object_unref(OBJECT(vd
->wslistener
));
3226 vd
->wslistener
= NULL
;
3228 vd
->auth
= VNC_AUTH_INVALID
;
3229 vd
->subauth
= VNC_AUTH_INVALID
;
3231 object_unparent(OBJECT(vd
->tlscreds
));
3232 vd
->tlscreds
= NULL
;
3235 object_unparent(OBJECT(vd
->tlsauthz
));
3236 vd
->tlsauthz
= NULL
;
3238 g_free(vd
->tlsauthzid
);
3239 vd
->tlsauthzid
= NULL
;
3240 if (vd
->lock_key_sync
) {
3241 qemu_remove_led_event_handler(vd
->led
);
3244 #ifdef CONFIG_VNC_SASL
3245 if (vd
->sasl
.authz
) {
3246 object_unparent(OBJECT(vd
->sasl
.authz
));
3247 vd
->sasl
.authz
= NULL
;
3249 g_free(vd
->sasl
.authzid
);
3250 vd
->sasl
.authzid
= NULL
;
3254 int vnc_display_password(const char *id
, const char *password
)
3256 VncDisplay
*vd
= vnc_display_find(id
);
3261 if (vd
->auth
== VNC_AUTH_NONE
) {
3262 error_printf_unless_qmp("If you want use passwords please enable "
3263 "password auth using '-vnc ${dpy},password'.\n");
3267 g_free(vd
->password
);
3268 vd
->password
= g_strdup(password
);
3273 int vnc_display_pw_expire(const char *id
, time_t expires
)
3275 VncDisplay
*vd
= vnc_display_find(id
);
3281 vd
->expires
= expires
;
3285 static void vnc_display_print_local_addr(VncDisplay
*vd
)
3287 SocketAddress
*addr
;
3290 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
3294 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0], &err
);
3299 if (addr
->type
!= SOCKET_ADDRESS_TYPE_INET
) {
3300 qapi_free_SocketAddress(addr
);
3303 error_printf_unless_qmp("VNC server running on %s:%s\n",
3306 qapi_free_SocketAddress(addr
);
3309 static QemuOptsList qemu_vnc_opts
= {
3311 .head
= QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts
.head
),
3312 .implied_opt_name
= "vnc",
3316 .type
= QEMU_OPT_STRING
,
3318 .name
= "websocket",
3319 .type
= QEMU_OPT_STRING
,
3321 .name
= "tls-creds",
3322 .type
= QEMU_OPT_STRING
,
3325 .type
= QEMU_OPT_STRING
,
3328 .type
= QEMU_OPT_STRING
,
3331 .type
= QEMU_OPT_NUMBER
,
3333 .name
= "connections",
3334 .type
= QEMU_OPT_NUMBER
,
3337 .type
= QEMU_OPT_NUMBER
,
3340 .type
= QEMU_OPT_BOOL
,
3343 .type
= QEMU_OPT_BOOL
,
3346 .type
= QEMU_OPT_BOOL
,
3349 .type
= QEMU_OPT_BOOL
,
3351 .name
= "lock-key-sync",
3352 .type
= QEMU_OPT_BOOL
,
3354 .name
= "key-delay-ms",
3355 .type
= QEMU_OPT_NUMBER
,
3358 .type
= QEMU_OPT_BOOL
,
3361 .type
= QEMU_OPT_BOOL
,
3363 .name
= "tls-authz",
3364 .type
= QEMU_OPT_STRING
,
3366 .name
= "sasl-authz",
3367 .type
= QEMU_OPT_STRING
,
3370 .type
= QEMU_OPT_BOOL
,
3372 .name
= "non-adaptive",
3373 .type
= QEMU_OPT_BOOL
,
3375 { /* end of list */ }
3381 vnc_display_setup_auth(int *auth
,
3383 QCryptoTLSCreds
*tlscreds
,
3390 * We have a choice of 3 authentication options
3396 * The channel can be run in 2 modes
3401 * And TLS can use 2 types of credentials
3406 * We thus have 9 possible logical combinations
3411 * 4. tls + anon + none
3412 * 5. tls + anon + vnc
3413 * 6. tls + anon + sasl
3414 * 7. tls + x509 + none
3415 * 8. tls + x509 + vnc
3416 * 9. tls + x509 + sasl
3418 * These need to be mapped into the VNC auth schemes
3419 * in an appropriate manner. In regular VNC, all the
3420 * TLS options get mapped into VNC_AUTH_VENCRYPT
3423 * In websockets, the https:// protocol already provides
3424 * TLS support, so there is no need to make use of the
3425 * VeNCrypt extension. Furthermore, websockets browser
3426 * clients could not use VeNCrypt even if they wanted to,
3427 * as they cannot control when the TLS handshake takes
3428 * place. Thus there is no option but to rely on https://,
3429 * meaning combinations 4->6 and 7->9 will be mapped to
3430 * VNC auth schemes in the same way as combos 1->3.
3432 * Regardless of fact that we have a different mapping to
3433 * VNC auth mechs for plain VNC vs websockets VNC, the end
3434 * result has the same security characteristics.
3436 if (websocket
|| !tlscreds
) {
3438 VNC_DEBUG("Initializing VNC server with password auth\n");
3439 *auth
= VNC_AUTH_VNC
;
3441 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3442 *auth
= VNC_AUTH_SASL
;
3444 VNC_DEBUG("Initializing VNC server with no auth\n");
3445 *auth
= VNC_AUTH_NONE
;
3447 *subauth
= VNC_AUTH_INVALID
;
3449 bool is_x509
= object_dynamic_cast(OBJECT(tlscreds
),
3450 TYPE_QCRYPTO_TLS_CREDS_X509
) != NULL
;
3451 bool is_anon
= object_dynamic_cast(OBJECT(tlscreds
),
3452 TYPE_QCRYPTO_TLS_CREDS_ANON
) != NULL
;
3454 if (!is_x509
&& !is_anon
) {
3456 "Unsupported TLS cred type %s",
3457 object_get_typename(OBJECT(tlscreds
)));
3460 *auth
= VNC_AUTH_VENCRYPT
;
3463 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3464 *subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3466 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3467 *subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3472 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3473 *subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3475 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3476 *subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3480 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3481 *subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3483 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3484 *subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3492 static int vnc_display_get_address(const char *addrstr
,
3501 SocketAddress
**retaddr
,
3505 SocketAddress
*addr
= NULL
;
3507 addr
= g_new0(SocketAddress
, 1);
3509 if (strncmp(addrstr
, "unix:", 5) == 0) {
3510 addr
->type
= SOCKET_ADDRESS_TYPE_UNIX
;
3511 addr
->u
.q_unix
.path
= g_strdup(addrstr
+ 5);
3514 error_setg(errp
, "UNIX sockets not supported with websock");
3519 error_setg(errp
, "Port range not support with UNIX socket");
3526 unsigned long long baseport
= 0;
3527 InetSocketAddress
*inet
;
3529 port
= strrchr(addrstr
, ':');
3535 error_setg(errp
, "no vnc port specified");
3539 hostlen
= port
- addrstr
;
3541 if (*port
== '\0') {
3542 error_setg(errp
, "vnc port cannot be empty");
3547 addr
->type
= SOCKET_ADDRESS_TYPE_INET
;
3548 inet
= &addr
->u
.inet
;
3549 if (addrstr
[0] == '[' && addrstr
[hostlen
- 1] == ']') {
3550 inet
->host
= g_strndup(addrstr
+ 1, hostlen
- 2);
3552 inet
->host
= g_strndup(addrstr
, hostlen
);
3554 /* plain VNC port is just an offset, for websocket
3555 * port is absolute */
3557 if (g_str_equal(addrstr
, "") ||
3558 g_str_equal(addrstr
, "on")) {
3559 if (displaynum
== -1) {
3560 error_setg(errp
, "explicit websocket port is required");
3563 inet
->port
= g_strdup_printf(
3564 "%d", displaynum
+ 5700);
3566 inet
->has_to
= true;
3567 inet
->to
= to
+ 5700;
3570 inet
->port
= g_strdup(port
);
3573 int offset
= reverse
? 0 : 5900;
3574 if (parse_uint_full(port
, &baseport
, 10) < 0) {
3575 error_setg(errp
, "can't convert to a number: %s", port
);
3578 if (baseport
> 65535 ||
3579 baseport
+ offset
> 65535) {
3580 error_setg(errp
, "port %s out of range", port
);
3583 inet
->port
= g_strdup_printf(
3584 "%d", (int)baseport
+ offset
);
3587 inet
->has_to
= true;
3588 inet
->to
= to
+ offset
;
3593 inet
->has_ipv4
= has_ipv4
;
3595 inet
->has_ipv6
= has_ipv6
;
3604 qapi_free_SocketAddress(addr
);
3609 static void vnc_free_addresses(SocketAddress
***retsaddr
,
3614 for (i
= 0; i
< *retnsaddr
; i
++) {
3615 qapi_free_SocketAddress((*retsaddr
)[i
]);
3623 static int vnc_display_get_addresses(QemuOpts
*opts
,
3625 SocketAddress
***retsaddr
,
3627 SocketAddress
***retwsaddr
,
3631 SocketAddress
*saddr
= NULL
;
3632 SocketAddress
*wsaddr
= NULL
;
3633 QemuOptsIter addriter
;
3635 int to
= qemu_opt_get_number(opts
, "to", 0);
3636 bool has_ipv4
= qemu_opt_get(opts
, "ipv4");
3637 bool has_ipv6
= qemu_opt_get(opts
, "ipv6");
3638 bool ipv4
= qemu_opt_get_bool(opts
, "ipv4", false);
3639 bool ipv6
= qemu_opt_get_bool(opts
, "ipv6", false);
3640 int displaynum
= -1;
3648 addr
= qemu_opt_get(opts
, "vnc");
3649 if (addr
== NULL
|| g_str_equal(addr
, "none")) {
3653 if (qemu_opt_get(opts
, "websocket") &&
3654 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1
)) {
3656 "SHA1 hash support is required for websockets");
3660 qemu_opt_iter_init(&addriter
, opts
, "vnc");
3661 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3663 rv
= vnc_display_get_address(addr
, false, reverse
, 0, to
,
3670 /* Historical compat - first listen address can be used
3671 * to set the default websocket port
3673 if (displaynum
== -1) {
3676 *retsaddr
= g_renew(SocketAddress
*, *retsaddr
, *retnsaddr
+ 1);
3677 (*retsaddr
)[(*retnsaddr
)++] = saddr
;
3680 /* If we had multiple primary displays, we don't do defaults
3681 * for websocket, and require explicit config instead. */
3682 if (*retnsaddr
> 1) {
3686 qemu_opt_iter_init(&addriter
, opts
, "websocket");
3687 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3688 if (vnc_display_get_address(addr
, true, reverse
, displaynum
, to
,
3691 &wsaddr
, errp
) < 0) {
3695 /* Historical compat - if only a single listen address was
3696 * provided, then this is used to set the default listen
3697 * address for websocket too
3699 if (*retnsaddr
== 1 &&
3700 (*retsaddr
)[0]->type
== SOCKET_ADDRESS_TYPE_INET
&&
3701 wsaddr
->type
== SOCKET_ADDRESS_TYPE_INET
&&
3702 g_str_equal(wsaddr
->u
.inet
.host
, "") &&
3703 !g_str_equal((*retsaddr
)[0]->u
.inet
.host
, "")) {
3704 g_free(wsaddr
->u
.inet
.host
);
3705 wsaddr
->u
.inet
.host
= g_strdup((*retsaddr
)[0]->u
.inet
.host
);
3708 *retwsaddr
= g_renew(SocketAddress
*, *retwsaddr
, *retnwsaddr
+ 1);
3709 (*retwsaddr
)[(*retnwsaddr
)++] = wsaddr
;
3715 vnc_free_addresses(retsaddr
, retnsaddr
);
3716 vnc_free_addresses(retwsaddr
, retnwsaddr
);
3721 static int vnc_display_connect(VncDisplay
*vd
,
3722 SocketAddress
**saddr
,
3724 SocketAddress
**wsaddr
,
3728 /* connect to viewer */
3729 QIOChannelSocket
*sioc
= NULL
;
3731 error_setg(errp
, "Cannot use websockets in reverse mode");
3735 error_setg(errp
, "Expected a single address in reverse mode");
3738 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3739 vd
->is_unix
= saddr
[0]->type
== SOCKET_ADDRESS_TYPE_UNIX
;
3740 sioc
= qio_channel_socket_new();
3741 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-reverse");
3742 if (qio_channel_socket_connect_sync(sioc
, saddr
[0], errp
) < 0) {
3745 vnc_connect(vd
, sioc
, false, false);
3746 object_unref(OBJECT(sioc
));
3751 static int vnc_display_listen(VncDisplay
*vd
,
3752 SocketAddress
**saddr
,
3754 SocketAddress
**wsaddr
,
3761 vd
->listener
= qio_net_listener_new();
3762 qio_net_listener_set_name(vd
->listener
, "vnc-listen");
3763 for (i
= 0; i
< nsaddr
; i
++) {
3764 if (qio_net_listener_open_sync(vd
->listener
,
3771 qio_net_listener_set_client_func(vd
->listener
,
3772 vnc_listen_io
, vd
, NULL
);
3776 vd
->wslistener
= qio_net_listener_new();
3777 qio_net_listener_set_name(vd
->wslistener
, "vnc-ws-listen");
3778 for (i
= 0; i
< nwsaddr
; i
++) {
3779 if (qio_net_listener_open_sync(vd
->wslistener
,
3786 qio_net_listener_set_client_func(vd
->wslistener
,
3787 vnc_listen_io
, vd
, NULL
);
3794 void vnc_display_open(const char *id
, Error
**errp
)
3796 VncDisplay
*vd
= vnc_display_find(id
);
3797 QemuOpts
*opts
= qemu_opts_find(&qemu_vnc_opts
, id
);
3798 SocketAddress
**saddr
= NULL
, **wsaddr
= NULL
;
3799 size_t nsaddr
, nwsaddr
;
3800 const char *share
, *device_id
;
3802 bool password
= false;
3803 bool reverse
= false;
3807 const char *tlsauthz
;
3808 const char *saslauthz
;
3809 int lock_key_sync
= 1;
3813 error_setg(errp
, "VNC display not active");
3816 vnc_display_close(vd
);
3822 reverse
= qemu_opt_get_bool(opts
, "reverse", false);
3823 if (vnc_display_get_addresses(opts
, reverse
, &saddr
, &nsaddr
,
3824 &wsaddr
, &nwsaddr
, errp
) < 0) {
3828 password
= qemu_opt_get_bool(opts
, "password", false);
3830 if (fips_get_state()) {
3832 "VNC password auth disabled due to FIPS mode, "
3833 "consider using the VeNCrypt or SASL authentication "
3834 "methods as an alternative");
3837 if (!qcrypto_cipher_supports(
3838 QCRYPTO_CIPHER_ALG_DES_RFB
, QCRYPTO_CIPHER_MODE_ECB
)) {
3840 "Cipher backend does not support DES RFB algorithm");
3845 lock_key_sync
= qemu_opt_get_bool(opts
, "lock-key-sync", true);
3846 key_delay_ms
= qemu_opt_get_number(opts
, "key-delay-ms", 10);
3847 sasl
= qemu_opt_get_bool(opts
, "sasl", false);
3848 #ifndef CONFIG_VNC_SASL
3850 error_setg(errp
, "VNC SASL auth requires cyrus-sasl support");
3853 #endif /* CONFIG_VNC_SASL */
3854 credid
= qemu_opt_get(opts
, "tls-creds");
3857 creds
= object_resolve_path_component(
3858 object_get_objects_root(), credid
);
3860 error_setg(errp
, "No TLS credentials with id '%s'",
3864 vd
->tlscreds
= (QCryptoTLSCreds
*)
3865 object_dynamic_cast(creds
,
3866 TYPE_QCRYPTO_TLS_CREDS
);
3867 if (!vd
->tlscreds
) {
3868 error_setg(errp
, "Object with id '%s' is not TLS credentials",
3872 object_ref(OBJECT(vd
->tlscreds
));
3874 if (vd
->tlscreds
->endpoint
!= QCRYPTO_TLS_CREDS_ENDPOINT_SERVER
) {
3876 "Expecting TLS credentials with a server endpoint");
3880 if (qemu_opt_get(opts
, "acl")) {
3881 error_report("The 'acl' option to -vnc is deprecated. "
3882 "Please use the 'tls-authz' and 'sasl-authz' "
3885 acl
= qemu_opt_get_bool(opts
, "acl", false);
3886 tlsauthz
= qemu_opt_get(opts
, "tls-authz");
3887 if (acl
&& tlsauthz
) {
3888 error_setg(errp
, "'acl' option is mutually exclusive with the "
3889 "'tls-authz' option");
3892 if (tlsauthz
&& !vd
->tlscreds
) {
3893 error_setg(errp
, "'tls-authz' provided but TLS is not enabled");
3897 saslauthz
= qemu_opt_get(opts
, "sasl-authz");
3898 if (acl
&& saslauthz
) {
3899 error_setg(errp
, "'acl' option is mutually exclusive with the "
3900 "'sasl-authz' option");
3903 if (saslauthz
&& !sasl
) {
3904 error_setg(errp
, "'sasl-authz' provided but SASL auth is not enabled");
3908 share
= qemu_opt_get(opts
, "share");
3910 if (strcmp(share
, "ignore") == 0) {
3911 vd
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3912 } else if (strcmp(share
, "allow-exclusive") == 0) {
3913 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3914 } else if (strcmp(share
, "force-shared") == 0) {
3915 vd
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3917 error_setg(errp
, "unknown vnc share= option");
3921 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3923 vd
->connections_limit
= qemu_opt_get_number(opts
, "connections", 32);
3925 #ifdef CONFIG_VNC_JPEG
3926 vd
->lossy
= qemu_opt_get_bool(opts
, "lossy", false);
3928 vd
->non_adaptive
= qemu_opt_get_bool(opts
, "non-adaptive", false);
3929 /* adaptive updates are only used with tight encoding and
3930 * if lossy updates are enabled so we can disable all the
3931 * calculations otherwise */
3933 vd
->non_adaptive
= true;
3937 vd
->tlsauthzid
= g_strdup(tlsauthz
);
3939 if (strcmp(vd
->id
, "default") == 0) {
3940 vd
->tlsauthzid
= g_strdup("vnc.x509dname");
3942 vd
->tlsauthzid
= g_strdup_printf("vnc.%s.x509dname", vd
->id
);
3944 vd
->tlsauthz
= QAUTHZ(qauthz_list_new(vd
->tlsauthzid
,
3945 QAUTHZ_LIST_POLICY_DENY
,
3948 #ifdef CONFIG_VNC_SASL
3951 vd
->sasl
.authzid
= g_strdup(saslauthz
);
3953 if (strcmp(vd
->id
, "default") == 0) {
3954 vd
->sasl
.authzid
= g_strdup("vnc.username");
3956 vd
->sasl
.authzid
= g_strdup_printf("vnc.%s.username", vd
->id
);
3958 vd
->sasl
.authz
= QAUTHZ(qauthz_list_new(vd
->sasl
.authzid
,
3959 QAUTHZ_LIST_POLICY_DENY
,
3965 if (vnc_display_setup_auth(&vd
->auth
, &vd
->subauth
,
3966 vd
->tlscreds
, password
,
3967 sasl
, false, errp
) < 0) {
3970 trace_vnc_auth_init(vd
, 0, vd
->auth
, vd
->subauth
);
3972 if (vnc_display_setup_auth(&vd
->ws_auth
, &vd
->ws_subauth
,
3973 vd
->tlscreds
, password
,
3974 sasl
, true, errp
) < 0) {
3977 trace_vnc_auth_init(vd
, 1, vd
->ws_auth
, vd
->ws_subauth
);
3979 #ifdef CONFIG_VNC_SASL
3981 int saslErr
= sasl_server_init(NULL
, "qemu");
3983 if (saslErr
!= SASL_OK
) {
3984 error_setg(errp
, "Failed to initialize SASL auth: %s",
3985 sasl_errstring(saslErr
, NULL
, NULL
));
3990 vd
->lock_key_sync
= lock_key_sync
;
3991 if (lock_key_sync
) {
3992 vd
->led
= qemu_add_led_event_handler(kbd_leds
, vd
);
3996 device_id
= qemu_opt_get(opts
, "display");
3998 int head
= qemu_opt_get_number(opts
, "head", 0);
4001 con
= qemu_console_lookup_by_device_name(device_id
, head
, &err
);
4003 error_propagate(errp
, err
);
4010 if (con
!= vd
->dcl
.con
) {
4011 qkbd_state_free(vd
->kbd
);
4012 unregister_displaychangelistener(&vd
->dcl
);
4014 register_displaychangelistener(&vd
->dcl
);
4015 vd
->kbd
= qkbd_state_init(vd
->dcl
.con
);
4017 qkbd_state_set_delay(vd
->kbd
, key_delay_ms
);
4019 if (saddr
== NULL
) {
4024 if (vnc_display_connect(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4028 if (vnc_display_listen(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4033 if (qemu_opt_get(opts
, "to")) {
4034 vnc_display_print_local_addr(vd
);
4038 vnc_free_addresses(&saddr
, &nsaddr
);
4039 vnc_free_addresses(&wsaddr
, &nwsaddr
);
4043 vnc_display_close(vd
);
4047 void vnc_display_add_client(const char *id
, int csock
, bool skipauth
)
4049 VncDisplay
*vd
= vnc_display_find(id
);
4050 QIOChannelSocket
*sioc
;
4056 sioc
= qio_channel_socket_new_fd(csock
, NULL
);
4058 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-server");
4059 vnc_connect(vd
, sioc
, skipauth
, false);
4060 object_unref(OBJECT(sioc
));
4064 static void vnc_auto_assign_id(QemuOptsList
*olist
, QemuOpts
*opts
)
4069 id
= g_strdup("default");
4070 while (qemu_opts_find(olist
, id
)) {
4072 id
= g_strdup_printf("vnc%d", i
++);
4074 qemu_opts_set_id(opts
, id
);
4077 QemuOpts
*vnc_parse(const char *str
, Error
**errp
)
4079 QemuOptsList
*olist
= qemu_find_opts("vnc");
4080 QemuOpts
*opts
= qemu_opts_parse(olist
, str
, true, errp
);
4087 id
= qemu_opts_id(opts
);
4089 /* auto-assign id if not present */
4090 vnc_auto_assign_id(olist
, opts
);
4095 int vnc_init_func(void *opaque
, QemuOpts
*opts
, Error
**errp
)
4097 Error
*local_err
= NULL
;
4098 char *id
= (char *)qemu_opts_id(opts
);
4101 vnc_display_init(id
, &local_err
);
4103 error_propagate(errp
, local_err
);
4106 vnc_display_open(id
, &local_err
);
4107 if (local_err
!= NULL
) {
4108 error_propagate(errp
, local_err
);
4114 static void vnc_register_config(void)
4116 qemu_add_opts(&qemu_vnc_opts
);
4118 opts_init(vnc_register_config
);